ldap3-2.4.1/0000777000000000000000000000000013231031760010647 5ustar 00000000000000ldap3-2.4.1/COPYING.LESSER.txt0000666000000000000000000001720612767320326013536 0ustar 00000000000000 GNU LESSER GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright (C) 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. This version of the GNU Lesser General Public License incorporates the terms and conditions of version 3 of the GNU General Public License, supplemented by the additional permissions listed below. 0. Additional Definitions. As used herein, "this License" refers to version 3 of the GNU Lesser General Public License, and the "GNU GPL" refers to version 3 of the GNU General Public License. "The Library" refers to a covered work governed by this License, other than an Application or a Combined Work as defined below. An "Application" is any work that makes use of an interface provided by the Library, but which is not otherwise based on the Library. Defining a subclass of a class defined by the Library is deemed a mode of using an interface provided by the Library. A "Combined Work" is a work produced by combining or linking an Application with the Library. The particular version of the Library with which the Combined Work was made is also called the "Linked Version". The "Minimal Corresponding Source" for a Combined Work means the Corresponding Source for the Combined Work, excluding any source code for portions of the Combined Work that, considered in isolation, are based on the Application, and not on the Linked Version. The "Corresponding Application Code" for a Combined Work means the object code and/or source code for the Application, including any data and utility programs needed for reproducing the Combined Work from the Application, but excluding the System Libraries of the Combined Work. 1. Exception to Section 3 of the GNU GPL. You may convey a covered work under sections 3 and 4 of this License without being bound by section 3 of the GNU GPL. 2. Conveying Modified Versions. If you modify a copy of the Library, and, in your modifications, a facility refers to a function or data to be supplied by an Application that uses the facility (other than as an argument passed when the facility is invoked), then you may convey a copy of the modified version: a) under this License, provided that you make a good faith effort to ensure that, in the event an Application does not supply the function or data, the facility still operates, and performs whatever part of its purpose remains meaningful, or b) under the GNU GPL, with none of the additional permissions of this License applicable to that copy. 3. Object Code Incorporating Material from Library Header Files. The object code form of an Application may incorporate material from a header file that is part of the Library. You may convey such object code under terms of your choice, provided that, if the incorporated material is not limited to numerical parameters, data structure layouts and accessors, or small macros, inline functions and templates (ten or fewer lines in length), you do both of the following: a) Give prominent notice with each copy of the object code that the Library is used in it and that the Library and its use are covered by this License. b) Accompany the object code with a copy of the GNU GPL and this license document. 4. Combined Works. You may convey a Combined Work under terms of your choice that, taken together, effectively do not restrict modification of the portions of the Library contained in the Combined Work and reverse engineering for debugging such modifications, if you also do each of the following: a) Give prominent notice with each copy of the Combined Work that the Library is used in it and that the Library and its use are covered by this License. b) Accompany the Combined Work with a copy of the GNU GPL and this license document. c) For a Combined Work that displays copyright notices during execution, include the copyright notice for the Library among these notices, as well as a reference directing the user to the copies of the GNU GPL and this license document. d) Do one of the following: 0) Convey the Minimal Corresponding Source under the terms of this License, and the Corresponding Application Code in a form suitable for, and under terms that permit, the user to recombine or relink the Application with a modified version of the Linked Version to produce a modified Combined Work, in the manner specified by section 6 of the GNU GPL for conveying Corresponding Source. 1) Use a suitable shared library mechanism for linking with the Library. A suitable mechanism is one that (a) uses at run time a copy of the Library already present on the user's computer system, and (b) will operate properly with a modified version of the Library that is interface-compatible with the Linked Version. e) Provide Installation Information, but only if you would otherwise be required to provide such information under section 6 of the GNU GPL, and only to the extent that such information is necessary to install and execute a modified version of the Combined Work produced by recombining or relinking the Application with a modified version of the Linked Version. (If you use option 4d0, the Installation Information must accompany the Minimal Corresponding Source and Corresponding Application Code. If you use option 4d1, you must provide the Installation Information in the manner specified by section 6 of the GNU GPL for conveying Corresponding Source.) 5. Combined Libraries. You may place library facilities that are a work based on the Library side by side in a single library together with other library facilities that are not Applications and are not covered by this License, and convey such a combined library under terms of your choice, if you do both of the following: a) Accompany the combined library with a copy of the same work based on the Library, uncombined with any other library facilities, conveyed under the terms of this License. b) Give prominent notice with the combined library that part of it is a work based on the Library, and explaining where to find the accompanying uncombined form of the same work. 6. Revised Versions of the GNU Lesser General Public License. The Free Software Foundation may publish revised and/or new versions of the GNU Lesser General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Library as you received it specifies that a certain numbered version of the GNU Lesser General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that published version or of any later version published by the Free Software Foundation. If the Library as you received it does not specify a version number of the GNU Lesser General Public License, you may choose any version of the GNU Lesser General Public License ever published by the Free Software Foundation. If the Library as you received it specifies that a proxy can decide whether future versions of the GNU Lesser General Public License shall apply, that proxy's public statement of acceptance of any version is permanent authorization for you to choose that version for the Library.ldap3-2.4.1/COPYING.txt0000666000000000000000000010575412767713032012550 0ustar 00000000000000 GNU GENERAL PUBLIC LICENSE Version 3, 29 June 2007 Copyright (C) 2007 Free Software Foundation, Inc. Everyone is permitted to copy and distribute verbatim copies of this license document, but changing it is not allowed. Preamble The GNU General Public License is a free, copyleft license for software and other kinds of works. The licenses for most software and other practical works are designed to take away your freedom to share and change the works. By contrast, the GNU General Public License is intended to guarantee your freedom to share and change all versions of a program--to make sure it remains free software for all its users. We, the Free Software Foundation, use the GNU General Public License for most of our software; it applies also to any other work released this way by its authors. You can apply it to your programs, too. When we speak of free software, we are referring to freedom, not price. Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software (and charge for them if you wish), that you receive source code or can get it if you want it, that you can change the software or use pieces of it in new free programs, and that you know you can do these things. To protect your rights, we need to prevent others from denying you these rights or asking you to surrender the rights. Therefore, you have certain responsibilities if you distribute copies of the software, or if you modify it: responsibilities to respect the freedom of others. For example, if you distribute copies of such a program, whether gratis or for a fee, you must pass on to the recipients the same freedoms that you received. You must make sure that they, too, receive or can get the source code. And you must show them these terms so they know their rights. Developers that use the GNU GPL protect your rights with two steps: (1) assert copyright on the software, and (2) offer you this License giving you legal permission to copy, distribute and/or modify it. For the developers' and authors' protection, the GPL clearly explains that there is no warranty for this free software. For both users' and authors' sake, the GPL requires that modified versions be marked as changed, so that their problems will not be attributed erroneously to authors of previous versions. Some devices are designed to deny users access to install or run modified versions of the software inside them, although the manufacturer can do so. This is fundamentally incompatible with the aim of protecting users' freedom to change the software. The systematic pattern of such abuse occurs in the area of products for individuals to use, which is precisely where it is most unacceptable. Therefore, we have designed this version of the GPL to prohibit the practice for those products. If such problems arise substantially in other domains, we stand ready to extend this provision to those domains in future versions of the GPL, as needed to protect the freedom of users. Finally, every program is threatened constantly by software patents. States should not allow patents to restrict development and use of software on general-purpose computers, but in those that do, we wish to avoid the special danger that patents applied to a free program could make it effectively proprietary. To prevent this, the GPL assures that patents cannot be used to render the program non-free. The precise terms and conditions for copying, distribution and modification follow. TERMS AND CONDITIONS 0. Definitions. "This License" refers to version 3 of the GNU General Public License. "Copyright" also means copyright-like laws that apply to other kinds of works, such as semiconductor masks. "The Program" refers to any copyrightable work licensed under this License. Each licensee is addressed as "you". "Licensees" and "recipients" may be individuals or organizations. To "modify" a work means to copy from or adapt all or part of the work in a fashion requiring copyright permission, other than the making of an exact copy. The resulting work is called a "modified version" of the earlier work or a work "based on" the earlier work. A "covered work" means either the unmodified Program or a work based on the Program. To "propagate" a work means to do anything with it that, without permission, would make you directly or secondarily liable for infringement under applicable copyright law, except executing it on a computer or modifying a private copy. Propagation includes copying, distribution (with or without modification), making available to the public, and in some countries other activities as well. To "convey" a work means any kind of propagation that enables other parties to make or receive copies. Mere interaction with a user through a computer network, with no transfer of a copy, is not conveying. An interactive user interface displays "Appropriate Legal Notices" to the extent that it includes a convenient and prominently visible feature that (1) displays an appropriate copyright notice, and (2) tells the user that there is no warranty for the work (except to the extent that warranties are provided), that licensees may convey the work under this License, and how to view a copy of this License. If the interface presents a list of user commands or options, such as a menu, a prominent item in the list meets this criterion. 1. Source Code. The "source code" for a work means the preferred form of the work for making modifications to it. "Object code" means any non-source form of a work. A "Standard Interface" means an interface that either is an official standard defined by a recognized standards body, or, in the case of interfaces specified for a particular programming language, one that is widely used among developers working in that language. The "System Libraries" of an executable work include anything, other than the work as a whole, that (a) is included in the normal form of packaging a Major Component, but which is not part of that Major Component, and (b) serves only to enable use of the work with that Major Component, or to implement a Standard Interface for which an implementation is available to the public in source code form. A "Major Component", in this context, means a major essential component (kernel, window system, and so on) of the specific operating system (if any) on which the executable work runs, or a compiler used to produce the work, or an object code interpreter used to run it. The "Corresponding Source" for a work in object code form means all the source code needed to generate, install, and (for an executable work) run the object code and to modify the work, including scripts to control those activities. However, it does not include the work's System Libraries, or general-purpose tools or generally available free programs which are used unmodified in performing those activities but which are not part of the work. For example, Corresponding Source includes interface definition files associated with source files for the work, and the source code for shared libraries and dynamically linked subprograms that the work is specifically designed to require, such as by intimate data communication or control flow between those subprograms and other parts of the work. The Corresponding Source need not include anything that users can regenerate automatically from other parts of the Corresponding Source. The Corresponding Source for a work in source code form is that same work. 2. Basic Permissions. All rights granted under this License are granted for the term of copyright on the Program, and are irrevocable provided the stated conditions are met. This License explicitly affirms your unlimited permission to run the unmodified Program. The output from running a covered work is covered by this License only if the output, given its content, constitutes a covered work. This License acknowledges your rights of fair use or other equivalent, as provided by copyright law. You may make, run and propagate covered works that you do not convey, without conditions so long as your license otherwise remains in force. You may convey covered works to others for the sole purpose of having them make modifications exclusively for you, or provide you with facilities for running those works, provided that you comply with the terms of this License in conveying all material for which you do not control copyright. Those thus making or running the covered works for you must do so exclusively on your behalf, under your direction and control, on terms that prohibit them from making any copies of your copyrighted material outside their relationship with you. Conveying under any other circumstances is permitted solely under the conditions stated below. Sublicensing is not allowed; section 10 makes it unnecessary. 3. Protecting Users' Legal Rights From Anti-Circumvention Law. No covered work shall be deemed part of an effective technological measure under any applicable law fulfilling obligations under article 11 of the WIPO copyright treaty adopted on 20 December 1996, or similar laws prohibiting or restricting circumvention of such measures. When you convey a covered work, you waive any legal power to forbid circumvention of technological measures to the extent such circumvention is effected by exercising rights under this License with respect to the covered work, and you disclaim any intention to limit operation or modification of the work as a means of enforcing, against the work's users, your or third parties' legal rights to forbid circumvention of technological measures. 4. Conveying Verbatim Copies. You may convey verbatim copies of the Program's source code as you receive it, in any medium, provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice; keep intact all notices stating that this License and any non-permissive terms added in accord with section 7 apply to the code; keep intact all notices of the absence of any warranty; and give all recipients a copy of this License along with the Program. You may charge any price or no price for each copy that you convey, and you may offer support or warranty protection for a fee. 5. Conveying Modified Source Versions. You may convey a work based on the Program, or the modifications to produce it from the Program, in the form of source code under the terms of section 4, provided that you also meet all of these conditions: a) The work must carry prominent notices stating that you modified it, and giving a relevant date. b) The work must carry prominent notices stating that it is released under this License and any conditions added under section 7. This requirement modifies the requirement in section 4 to "keep intact all notices". c) You must license the entire work, as a whole, under this License to anyone who comes into possession of a copy. This License will therefore apply, along with any applicable section 7 additional terms, to the whole of the work, and all its parts, regardless of how they are packaged. This License gives no permission to license the work in any other way, but it does not invalidate such permission if you have separately received it. d) If the work has interactive user interfaces, each must display Appropriate Legal Notices; however, if the Program has interactive interfaces that do not display Appropriate Legal Notices, your work need not make them do so. A compilation of a covered work with other separate and independent works, which are not by their nature extensions of the covered work, and which are not combined with it such as to form a larger program, in or on a volume of a storage or distribution medium, is called an "aggregate" if the compilation and its resulting copyright are not used to limit the access or legal rights of the compilation's users beyond what the individual works permit. Inclusion of a covered work in an aggregate does not cause this License to apply to the other parts of the aggregate. 6. Conveying Non-Source Forms. You may convey a covered work in object code form under the terms of sections 4 and 5, provided that you also convey the machine-readable Corresponding Source under the terms of this License, in one of these ways: a) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by the Corresponding Source fixed on a durable physical medium customarily used for software interchange. b) Convey the object code in, or embodied in, a physical product (including a physical distribution medium), accompanied by a written offer, valid for at least three years and valid for as long as you offer spare parts or customer support for that product model, to give anyone who possesses the object code either (1) a copy of the Corresponding Source for all the software in the product that is covered by this License, on a durable physical medium customarily used for software interchange, for a price no more than your reasonable cost of physically performing this conveying of source, or (2) access to copy the Corresponding Source from a network server at no charge. c) Convey individual copies of the object code with a copy of the written offer to provide the Corresponding Source. This alternative is allowed only occasionally and noncommercially, and only if you received the object code with such an offer, in accord with subsection 6b. d) Convey the object code by offering access from a designated place (gratis or for a charge), and offer equivalent access to the Corresponding Source in the same way through the same place at no further charge. You need not require recipients to copy the Corresponding Source along with the object code. If the place to copy the object code is a network server, the Corresponding Source may be on a different server (operated by you or a third party) that supports equivalent copying facilities, provided you maintain _clear directions next to the object code saying where to find the Corresponding Source. Regardless of what server hosts the Corresponding Source, you remain obligated to ensure that it is available for as long as needed to satisfy these requirements. e) Convey the object code using peer-to-peer transmission, provided you inform other peers where the object code and Corresponding Source of the work are being offered to the general public at no charge under subsection 6d. A separable portion of the object code, whose source code is excluded from the Corresponding Source as a System Library, need not be included in conveying the object code work. A "User Product" is either (1) a "consumer product", which means any tangible personal property which is normally used for personal, family, or household purposes, or (2) anything designed or sold for incorporation into a dwelling. In determining whether a product is a consumer product, doubtful cases shall be resolved in favor of coverage. For a particular product received by a particular user, "normally used" refers to a typical or common use of that class of product, regardless of the status of the particular user or of the way in which the particular user actually uses, or expects or is expected to use, the product. A product is a consumer product regardless of whether the product has substantial commercial, industrial or non-consumer uses, unless such uses represent the only significant mode of use of the product. "Installation Information" for a User Product means any methods, procedures, authorization keys, or other information required to install and execute modified versions of a covered work in that User Product from a modified version of its Corresponding Source. The information must suffice to ensure that the continued functioning of the modified object code is in no case prevented or interfered with solely because modification has been made. If you convey an object code work under this section in, or with, or specifically for use in, a User Product, and the conveying occurs as part of a transaction in which the right of possession and use of the User Product is transferred to the recipient in perpetuity or for a fixed term (regardless of how the transaction is characterized), the Corresponding Source conveyed under this section must be accompanied by the Installation Information. But this requirement does not apply if neither you nor any third party retains the ability to install modified object code on the User Product (for example, the work has been installed in ROM). The requirement to provide Installation Information does not include a requirement to continue to provide support service, warranty, or updates for a work that has been modified or installed by the recipient, or for the User Product in which it has been modified or installed. Access to a network may be denied when the modification itself materially and adversely affects the operation of the network or violates the rules and protocols for communication across the network. Corresponding Source conveyed, and Installation Information provided, in accord with this section must be in a format that is publicly documented (and with an implementation available to the public in source code form), and must require no special password or key for unpacking, reading or copying. 7. Additional Terms. "Additional permissions" are terms that supplement the terms of this License by making exceptions from one or more of its conditions. Additional permissions that are applicable to the entire Program shall be treated as though they were included in this License, to the extent that they are valid under applicable law. If additional permissions apply only to part of the Program, that part may be used separately under those permissions, but the entire Program remains governed by this License without regard to the additional permissions. When you convey a copy of a covered work, you may at your option remove any additional permissions from that copy, or from any part of it. (Additional permissions may be written to require their own removal in certain cases when you modify the work.) You may place additional permissions on material, added by you to a covered work, for which you have or can give appropriate copyright permission. Notwithstanding any other provision of this License, for material you add to a covered work, you may (if authorized by the copyright holders of that material) supplement the terms of this License with terms: a) Disclaiming warranty or limiting liability differently from the terms of sections 15 and 16 of this License; or b) Requiring preservation of specified reasonable legal notices or author attributions in that material or in the Appropriate Legal Notices displayed by works containing it; or c) Prohibiting misrepresentation of the origin of that material, or requiring that modified versions of such material be marked in reasonable ways as different from the original version; or d) Limiting the use for publicity purposes of names of licensors or authors of the material; or e) Declining to grant rights under trademark law for use of some trade names, trademarks, or service marks; or f) Requiring indemnification of licensors and authors of that material by anyone who conveys the material (or modified versions of it) with contractual assumptions of liability to the recipient, for any liability that these contractual assumptions directly impose on those licensors and authors. All other non-permissive additional terms are considered "further restrictions" within the meaning of section 10. If the Program as you received it, or any part of it, contains a notice stating that it is governed by this License along with a term that is a further restriction, you may remove that term. If a license document contains a further restriction but permits relicensing or conveying under this License, you may add to a covered work material governed by the terms of that license document, provided that the further restriction does not survive such relicensing or conveying. If you add terms to a covered work in accord with this section, you must place, in the relevant source files, a statement of the additional terms that apply to those files, or a notice indicating where to find the applicable terms. Additional terms, permissive or non-permissive, may be stated in the form of a separately written license, or stated as exceptions; the above requirements apply either way. 8. Termination. You may not propagate or modify a covered work except as expressly provided under this License. Any attempt otherwise to propagate or modify it is void, and will automatically terminate your rights under this License (including any patent licenses granted under the third paragraph of section 11). However, if you cease all violation of this License, then your license from a particular copyright holder is reinstated (a) provisionally, unless and until the copyright holder explicitly and finally terminates your license, and (b) permanently, if the copyright holder fails to notify you of the violation by some reasonable means prior to 60 days after the cessation. Moreover, your license from a particular copyright holder is reinstated permanently if the copyright holder notifies you of the violation by some reasonable means, this is the first time you have received notice of violation of this License (for any work) from that copyright holder, and you cure the violation prior to 30 days after your receipt of the notice. Termination of your rights under this section does not terminate the licenses of parties who have received copies or rights from you under this License. If your rights have been terminated and not permanently reinstated, you do not qualify to receive new licenses for the same material under section 10. 9. Acceptance Not Required for Having Copies. You are not required to accept this License in order to receive or run a copy of the Program. Ancillary propagation of a covered work occurring solely as a consequence of using peer-to-peer transmission to receive a copy likewise does not require acceptance. However, nothing other than this License grants you permission to propagate or modify any covered work. These actions infringe copyright if you do not accept this License. Therefore, by modifying or propagating a covered work, you indicate your acceptance of this License to do so. 10. Automatic Licensing of Downstream Recipients. Each time you convey a covered work, the recipient automatically receives a license from the original licensors, to run, modify and propagate that work, subject to this License. You are not responsible for enforcing compliance by third parties with this License. An "entity transaction" is a transaction transferring control of an organization, or substantially all assets of one, or subdividing an organization, or merging organizations. If propagation of a covered work results from an entity transaction, each party to that transaction who receives a copy of the work also receives whatever licenses to the work the party's predecessor in interest had or could give under the previous paragraph, plus a right to possession of the Corresponding Source of the work from the predecessor in interest, if the predecessor has it or can get it with reasonable efforts. You may not impose any further restrictions on the exercise of the rights granted or affirmed under this License. For example, you may not impose a license fee, royalty, or other charge for exercise of rights granted under this License, and you may not initiate litigation (including a cross-claim or counterclaim in a lawsuit) alleging that any patent claim is infringed by making, using, selling, offering for sale, or importing the Program or any portion of it. 11. Patents. A "contributor" is a copyright holder who authorizes use under this License of the Program or a work on which the Program is based. The work thus licensed is called the contributor's "contributor version". A contributor's "essential patent claims" are all patent claims owned or controlled by the contributor, whether already acquired or hereafter acquired, that would be infringed by some manner, permitted by this License, of making, using, or selling its contributor version, but do not include claims that would be infringed only as a consequence of further modification of the contributor version. For purposes of this definition, "control" includes the right to grant patent sublicenses in a manner consistent with the requirements of this License. Each contributor grants you a non-exclusive, worldwide, royalty-free patent license under the contributor's essential patent claims, to make, use, sell, offer for sale, import and otherwise run, modify and propagate the contents of its contributor version. In the following three paragraphs, a "patent license" is any express agreement or commitment, however denominated, not to enforce a patent (such as an express permission to practice a patent or covenant not to sue for patent infringement). To "grant" such a patent license to a party means to make such an agreement or commitment not to enforce a patent against the party. If you convey a covered work, knowingly relying on a patent license, and the Corresponding Source of the work is not available for anyone to copy, free of charge and under the terms of this License, through a publicly available network server or other readily accessible means, then you must either (1) cause the Corresponding Source to be so available, or (2) arrange to deprive yourself of the benefit of the patent license for this particular work, or (3) arrange, in a manner consistent with the requirements of this License, to extend the patent license to downstream recipients. "Knowingly relying" means you have actual knowledge that, but for the patent license, your conveying the covered work in a country, or your recipient's use of the covered work in a country, would infringe one or more identifiable patents in that country that you have reason to believe are valid. If, pursuant to or in connection with a single transaction or arrangement, you convey, or propagate by procuring conveyance of, a covered work, and grant a patent license to some of the parties receiving the covered work authorizing them to use, propagate, modify or convey a specific copy of the covered work, then the patent license you grant is automatically extended to all recipients of the covered work and works based on it. A patent license is "discriminatory" if it does not include within the scope of its coverage, prohibits the exercise of, or is conditioned on the non-exercise of one or more of the rights that are specifically granted under this License. You may not convey a covered work if you are a party to an arrangement with a third party that is in the business of distributing software, under which you make payment to the third party based on the extent of your activity of conveying the work, and under which the third party grants, to any of the parties who would receive the covered work from you, a discriminatory patent license (a) in connection with copies of the covered work conveyed by you (or copies made from those copies), or (b) primarily for and in connection with specific products or compilations that contain the covered work, unless you entered into that arrangement, or that patent license was granted, prior to 28 March 2007. Nothing in this License shall be construed as excluding or limiting any implied license or other defenses to infringement that may otherwise be available to you under applicable patent law. 12. No Surrender of Others' Freedom. If conditions are imposed on you (whether by court order, agreement or otherwise) that contradict the conditions of this License, they do not excuse you from the conditions of this License. If you cannot convey a covered work so as to satisfy simultaneously your obligations under this License and any other pertinent obligations, then as a consequence you may not convey it at all. For example, if you agree to terms that obligate you to collect a royalty for further conveying from those to whom you convey the Program, the only way you could satisfy both those terms and this License would be to refrain entirely from conveying the Program. 13. Use with the GNU Affero General Public License. Notwithstanding any other provision of this License, you have permission to link or combine any covered work with a work licensed under version 3 of the GNU Affero General Public License into a single combined work, and to convey the resulting work. The terms of this License will continue to apply to the part which is the covered work, but the special requirements of the GNU Affero General Public License, section 13, concerning interaction through a network will apply to the combination as such. 14. Revised Versions of this License. The Free Software Foundation may publish revised and/or new versions of the GNU General Public License from time to time. Such new versions will be similar in spirit to the present version, but may differ in detail to address new problems or concerns. Each version is given a distinguishing version number. If the Program specifies that a certain numbered version of the GNU General Public License "or any later version" applies to it, you have the option of following the terms and conditions either of that numbered version or of any later version published by the Free Software Foundation. If the Program does not specify a version number of the GNU General Public License, you may choose any version ever published by the Free Software Foundation. If the Program specifies that a proxy can decide which future versions of the GNU General Public License can be used, that proxy's public statement of acceptance of a version permanently authorizes you to choose that version for the Program. Later license versions may give you additional or different permissions. However, no additional obligations are imposed on any author or copyright holder as a result of your choosing to follow a later version. 15. Disclaimer of Warranty. THERE IS NO WARRANTY FOR THE PROGRAM, TO THE EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY SERVICING, REPAIR OR CORRECTION. 16. Limitation of Liability. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MODIFIES AND/OR CONVEYS THE PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM (INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. 17. Interpretation of Sections 15 and 16. If the disclaimer of warranty and limitation of liability provided above cannot be given local legal effect according to their terms, reviewing courts shall apply local law that most closely approximates an absolute waiver of all civil liability in connection with the Program, unless a warranty or assumption of liability accompanies a copy of the Program in return for a fee. END OF TERMS AND CONDITIONS How to Apply These Terms to Your New Programs If you develop a new program, and you want it to be of the greatest possible use to the public, the best way to achieve this is to make it free software which everyone can redistribute and change under these terms. To do so, attach the following notices to the program. It is safest to attach them to the start of each source file to most effectively state the exclusion of warranty; and each file should have at least the "copyright" line and a pointer to where the full notice is found. Copyright (C) This program is free software: you can redistribute it and/or modify it under the terms of the GNU General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General Public License for more details. You should have received a copy of the GNU General Public License along with this program. If not, see . Also add information on how to contact you by electronic and paper mail. If the program does terminal interaction, make it output a short notice like this when it starts in an interactive mode: Copyright (C) This program comes with ABSOLUTELY NO WARRANTY; for details type `show w'. This is free software, and you are welcome to redistribute it under certain conditions; type `show c' for details. The hypothetical commands `show w' and `show c' should show the appropriate parts of the General Public License. Of course, your program's commands might be different; for a GUI interface, you would use an "about box". You should also get your employer (if you work as a programmer) or school, if any, to sign a "copyright disclaimer" for the program, if necessary. For more information on this, and how to apply and follow the GNU GPL, see . The GNU General Public License does not permit incorporating your program into proprietary programs. If your program is a subroutine library, you may consider it more useful to permit linking proprietary applications with the library. If this is what you want to do, use the GNU Lesser General Public License instead of this License. But first, please read .ldap3-2.4.1/ldap3/0000777000000000000000000000000013231031760011652 5ustar 00000000000000ldap3-2.4.1/ldap3/abstract/0000777000000000000000000000000013231031760013455 5ustar 00000000000000ldap3-2.4.1/ldap3/abstract/attrDef.py0000666000000000000000000001156713226436321015440 0ustar 00000000000000""" """ # Created on 2014.01.11 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from os import linesep from .. import SEQUENCE_TYPES from ..core.exceptions import LDAPKeyError from ..utils.log import log, log_enabled, ERROR, BASIC, PROTOCOL, EXTENDED class AttrDef(object): """Hold the definition of an attribute :param name: the real attribute name :type name: string :param key: the friendly name to use in queries and when accessing the attribute, default to the real attribute name :type key: string :param validate: called to check if the value in the query is valid, the callable is called with the value parameter :type validate: callable :param pre_query: called to transform values returned by search :type pre_query: callable :param post_query: called to transform values returned by search :type post_query: callable :param default: value returned when the attribute is absent (defaults to NotImplemented to allow use of None as default) :type default: string, integer :param dereference_dn: reference to an ObjectDef instance. When the attribute value contains a dn it will be searched and substituted in the entry :type dereference_dn: ObjectDef :param description: custom attribute description :type description: string :param mandatory: specify if attribute is defined as mandatory in LDAP schema :type mandatory: boolean """ def __init__(self, name, key=None, validate=None, pre_query=None, post_query=None, default=NotImplemented, dereference_dn=None, description=None, mandatory=False, single_value=None, alias=None): self.name = name self.key = ''.join(key.split()) if key else name # key set to name if not present self.validate = validate self.pre_query = pre_query self.post_query = post_query self.default = default self.dereference_dn = dereference_dn self.description = description self.mandatory = mandatory self.single_value = single_value self.oid_info = None if not alias: self.other_names = None elif isinstance(alias, SEQUENCE_TYPES): # multiple aliases self.\ other_names = set(alias) else: # single alias self.other_names = set([alias]) # python 2 compatibility if log_enabled(BASIC): log(BASIC, 'instantiated AttrDef: <%r>', self) def __repr__(self): r = 'ATTR: ' + ', '.join([self.key] + list(self.other_names)) if self.other_names else self.key r += '' if self.name == self.key else ' [' + self.name + ']' r += '' if self.default is NotImplemented else ' - default: ' + str(self.default) r += '' if self.mandatory is None else ' - mandatory: ' + str(self.mandatory) r += '' if self.single_value is None else ' - single_value: ' + str(self.single_value) r += '' if not self.dereference_dn else ' - dereference_dn: ' + str(self.dereference_dn) r += '' if not self.description else ' - description: ' + str(self.description) if self.oid_info: for line in str(self.oid_info).split(linesep): r += linesep + ' ' + line return r def __str__(self): return self.__repr__() def __eq__(self, other): if isinstance(other, AttrDef): return self.key == other.key return False def __lt__(self, other): if isinstance(other, AttrDef): return self.key < other.key return False def __hash__(self): if self.key: return hash(self.key) else: return id(self) # unique for each instance def __setattr__(self, key, value): if hasattr(self, 'key') and key == 'key': # key cannot be changed because is being used for __hash__ error_message = 'key \'%s\' already set' % key if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPKeyError(error_message) else: object.__setattr__(self, key, value) ldap3-2.4.1/ldap3/abstract/attribute.py0000666000000000000000000003053413226436321016045 0ustar 00000000000000""" """ # Created on 2014.01.06 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from os import linesep from .. import MODIFY_ADD, MODIFY_REPLACE, MODIFY_DELETE, SEQUENCE_TYPES from ..core.exceptions import LDAPCursorError from ..utils.repr import to_stdout_encoding from . import STATUS_PENDING_CHANGES, STATUS_VIRTUAL, STATUS_READY_FOR_DELETION, STATUS_READY_FOR_MOVING, STATUS_READY_FOR_RENAMING from ..utils.log import log, log_enabled, ERROR, BASIC, PROTOCOL, EXTENDED # noinspection PyUnresolvedReferences class Attribute(object): """Attribute/values object, it includes the search result (after post_query transformation) of each attribute in an entry Attribute object is read only - values: contain the processed attribute values - raw_values': contain the unprocessed attribute values """ def __init__(self, attr_def, entry, cursor): self.key = attr_def.key self.definition = attr_def self.values = [] self.raw_values = [] self.response = None self.entry = entry self.cursor = cursor other_names = [name for name in attr_def.oid_info.name if self.key.lower() != name.lower()] if attr_def.oid_info else None self.other_names = set(other_names) if other_names else None # self.other_names is None if there are no short names, else is a set of secondary names def __repr__(self): if len(self.values) == 1: r = to_stdout_encoding(self.key) + ': ' + to_stdout_encoding(self.values[0]) elif len(self.values) > 1: r = to_stdout_encoding(self.key) + ': ' + to_stdout_encoding(self.values[0]) filler = ' ' * (len(self.key) + 6) for value in self.values[1:]: r += linesep + filler + to_stdout_encoding(value) else: r = to_stdout_encoding(self.key) + ': ' + to_stdout_encoding('') return r def __str__(self): if len(self.values) == 1: return to_stdout_encoding(self.values[0]) else: return to_stdout_encoding(self.values) def __len__(self): return len(self.values) def __iter__(self): return self.values.__iter__() def __getitem__(self, item): return self.values[item] def __eq__(self, other): try: if self.value == other: return True except Exception: return False def __ne__(self, other): return not self == other @property def value(self): """ :return: The single value or a list of values of the attribute. """ if not self.values: return None return self.values[0] if len(self.values) == 1 else self.values class OperationalAttribute(Attribute): """Operational attribute/values object. Include the search result of an operational attribute in an entry OperationalAttribute object is read only - values: contains the processed attribute values - raw_values: contains the unprocessed attribute values It may not have an AttrDef """ def __repr__(self): if len(self.values) == 1: r = to_stdout_encoding(self.key) + ' [OPERATIONAL]: ' + to_stdout_encoding(self.values[0]) elif len(self.values) > 1: r = to_stdout_encoding(self.key) + ' [OPERATIONAL]: ' + to_stdout_encoding(self.values[0]) filler = ' ' * (len(self.key) + 6) for value in sorted(self.values[1:]): r += linesep + filler + to_stdout_encoding(value) else: r = '' return r class WritableAttribute(Attribute): def __repr__(self): filler = ' ' * (len(self.key) + 6) if len(self.values) == 1: r = to_stdout_encoding(self.key) + ': ' + to_stdout_encoding(self.values[0]) elif len(self.values) > 1: r = to_stdout_encoding(self.key) + ': ' + to_stdout_encoding(self.values[0]) for value in self.values[1:]: r += linesep + filler + to_stdout_encoding(value) else: r = to_stdout_encoding(self.key) + to_stdout_encoding(': ') if self.definition.name in self.entry._changes: r += linesep + filler + 'CHANGES: ' + str(self.entry._changes[self.definition.name]) return r def __iadd__(self, other): self.add(other) return Ellipsis # hack to avoid calling set() in entry __setattr__ def __isub__(self, other): self.delete(other) return Ellipsis # hack to avoid calling set_value in entry __setattr__ def _update_changes(self, changes, remove_old=False): # checks for friendly key in AttrDef and uses the real attribute name if self.definition and self.definition.name: key = self.definition.name else: key = self.key if key not in self.entry._changes: self.entry._changes[key] = [] elif remove_old: self.entry._changes[key] = [] # remove old changes (for removing attribute) self.entry._changes[key].append(changes) if log_enabled(PROTOCOL): log(PROTOCOL, 'updated changes <%r> for <%s> attribute in <%s> entry', changes, self.key, self.entry.entry_dn) self.entry._state.set_status(STATUS_PENDING_CHANGES) def add(self, values): if log_enabled(PROTOCOL): log(PROTOCOL, 'adding %r to <%s> attribute in <%s> entry', values, self.key, self.entry.entry_dn) # new value for attribute to commit with a MODIFY_ADD if self.entry._state._initial_status == STATUS_VIRTUAL: error_message = 'cannot add an attribute value in a new entry' if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) if self.entry.entry_status in [STATUS_READY_FOR_DELETION, STATUS_READY_FOR_MOVING, STATUS_READY_FOR_RENAMING]: error_message = self.entry.entry_status + ' - cannot add attributes' if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) if values is None: error_message = 'value to add cannot be None' if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) if values is not None: validated = self.definition.validate(values) # returns True, False or a value to substitute to the actual values if validated is False: error_message = 'value \'%s\' non valid for attribute \'%s\'' % (values, self.key) if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) elif validated is not True: # a valid LDAP value equivalent to the actual values values = validated self._update_changes((MODIFY_ADD, values if isinstance(values, SEQUENCE_TYPES) else [values])) def set(self, values): # new value for attribute to commit with a MODIFY_REPLACE, old values are deleted if log_enabled(PROTOCOL): log(PROTOCOL, 'setting %r to <%s> attribute in <%s> entry', values, self.key, self.entry.entry_dn) if self.entry.entry_status in [STATUS_READY_FOR_DELETION, STATUS_READY_FOR_MOVING, STATUS_READY_FOR_RENAMING]: error_message = self.entry.entry_status + ' - cannot set attributes' if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) if values is None: error_message = 'new value cannot be None' if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) validated = self.definition.validate(values) # returns True, False or a value to substitute to the actual values if validated is False: error_message = 'value \'%s\' non valid for attribute \'%s\'' % (values, self.key) if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) elif validated is not True: # a valid LDAP value equivalent to the actual values values = validated self._update_changes((MODIFY_REPLACE, values if isinstance(values, SEQUENCE_TYPES) else [values])) def delete(self, values): # value for attribute to delete in commit with a MODIFY_DELETE if log_enabled(PROTOCOL): log(PROTOCOL, 'deleting %r from <%s> attribute in <%s> entry', values, self.key, self.entry.entry_dn) if self.entry._state._initial_status == STATUS_VIRTUAL: error_message = 'cannot delete an attribute value in a new entry' if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) if self.entry.entry_status in [STATUS_READY_FOR_DELETION, STATUS_READY_FOR_MOVING, STATUS_READY_FOR_RENAMING]: error_message = self.entry.entry_status + ' - cannot delete attributes' if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) if values is None: error_message = 'value to delete cannot be None' if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) if not isinstance(values, SEQUENCE_TYPES): values = [values] for single_value in values: if single_value not in self.values: error_message = 'value \'%s\' not present in \'%s\'' % (single_value, ', '.join(self.values)) if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) self._update_changes((MODIFY_DELETE, values)) def remove(self): if log_enabled(PROTOCOL): log(PROTOCOL, 'removing <%s> attribute in <%s> entry', self.key, self.entry.entry_dn) if self.entry._state._initial_status == STATUS_VIRTUAL: error_message = 'cannot remove an attribute in a new entry' if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) if self.entry.entry_status in [STATUS_READY_FOR_DELETION, STATUS_READY_FOR_MOVING, STATUS_READY_FOR_RENAMING]: error_message = self.entry.entry_status + ' - cannot remove attributes' if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) self._update_changes((MODIFY_REPLACE, []), True) def discard(self): if log_enabled(PROTOCOL): log(PROTOCOL, 'discarding <%s> attribute in <%s> entry', self.key, self.entry.entry_dn) del self.entry._changes[self.key] if not self.entry._changes: self.entry._state.set_status(self.entry._state._initial_status) @property def virtual(self): return False if len(self.values) else True @property def changes(self): if self.key in self.entry._changes: return self.entry._changes[self.key] return None ldap3-2.4.1/ldap3/abstract/cursor.py0000666000000000000000000012377713226436321015373 0ustar 00000000000000""" """ # Created on 2014.01.06 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from collections import namedtuple from copy import deepcopy from datetime import datetime from os import linesep from time import sleep from . import STATUS_VIRTUAL, STATUS_READ, STATUS_WRITABLE from .. import SUBTREE, LEVEL, DEREF_ALWAYS, DEREF_NEVER, BASE, SEQUENCE_TYPES, STRING_TYPES, get_config_parameter from ..abstract import STATUS_PENDING_CHANGES from .attribute import Attribute, OperationalAttribute, WritableAttribute from .attrDef import AttrDef from .objectDef import ObjectDef from .entry import Entry, WritableEntry from ..core.exceptions import LDAPCursorError, LDAPObjectDereferenceError from ..core.results import RESULT_SUCCESS from ..utils.ciDict import CaseInsensitiveWithAliasDict from ..utils.dn import safe_dn, safe_rdn from ..utils.conv import to_raw from ..utils.config import get_config_parameter from ..utils.log import log, log_enabled, ERROR, BASIC, PROTOCOL, EXTENDED from ..protocol.oid import ATTRIBUTE_DIRECTORY_OPERATION, ATTRIBUTE_DISTRIBUTED_OPERATION, ATTRIBUTE_DSA_OPERATION Operation = namedtuple('Operation', ('request', 'result', 'response')) def _ret_search_value(value): return value[0] + '=' + value[1:] if value[0] in '<>~' and value[1] != '=' else value def _create_query_dict(query_text): """ Create a dictionary with query key:value definitions query_text is a comma delimited key:value sequence """ query_dict = dict() if query_text: for arg_value_str in query_text.split(','): if ':' in arg_value_str: arg_value_list = arg_value_str.split(':') query_dict[arg_value_list[0].strip()] = arg_value_list[1].strip() return query_dict class Cursor(object): # entry_class and attribute_class define the type of entry and attribute used by the cursor # entry_initial_status defines the initial status of a entry # entry_class = Entry, must be defined in subclasses # attribute_class = Attribute, must be defined in subclasses # entry_initial_status = STATUS, must be defined in subclasses def __init__(self, connection, object_def, get_operational_attributes=False, attributes=None, controls=None): conf_attributes_excluded_from_object_def = [v.lower() for v in get_config_parameter('ATTRIBUTES_EXCLUDED_FROM_OBJECT_DEF')] self.connection = connection if connection._deferred_bind or connection._deferred_open: # probably a lazy connection, tries to bind connection._fire_deferred() if isinstance(object_def, STRING_TYPES): object_def = ObjectDef(object_def, connection.server.schema) self.definition = object_def if attributes: # checks if requested attributes are defined in ObjectDef not_defined_attributes = [] if isinstance(attributes, STRING_TYPES): attributes = [attributes] for attribute in attributes: if attribute not in self.definition._attributes and attribute.lower() not in conf_attributes_excluded_from_object_def: not_defined_attributes.append(attribute) if not_defined_attributes: error_message = 'Attributes \'%s\' non in definition' % ', '.join(not_defined_attributes) if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) self.attributes = set(attributes) if attributes else set([attr.name for attr in self.definition]) self.get_operational_attributes = get_operational_attributes self.controls = controls self.execution_time = None self.entries = [] self.schema = self.connection.server.schema self._do_not_reset = False # used for refreshing entry in entry_refresh() without removing all entries from the Cursor self._operation_history = list() # a list storing all the requests, results and responses for the last cursor operation def __repr__(self): r = 'CURSOR : ' + self.__class__.__name__ + linesep r += 'CONN : ' + str(self.connection) + linesep r += 'DEFS : ' + repr(self.definition._object_class) + ' [' for attr_def in sorted(self.definition): r += (attr_def.key if attr_def.key == attr_def.name else (attr_def.key + ' <' + attr_def.name + '>')) + ', ' if r[-2] == ',': r = r[:-2] r += ']' + linesep r += 'ATTRS : ' + repr(sorted(self.attributes)) + (' [OPERATIONAL]' if self.get_operational_attributes else '') + linesep if isinstance(self, Reader): r += 'BASE : ' + repr(self.base) + (' [SUB]' if self.sub_tree else ' [LEVEL]') + linesep if self._query: r += 'QUERY : ' + repr(self._query) + ('' if '(' in self._query else (' [AND]' if self.components_in_and else ' [OR]')) + linesep if self.validated_query: r += 'PARSED : ' + repr(self.validated_query) + ('' if '(' in self._query else (' [AND]' if self.components_in_and else ' [OR]')) + linesep if self.query_filter: r += 'FILTER : ' + repr(self.query_filter) + linesep if self.execution_time: r += 'ENTRIES: ' + str(len(self.entries)) r += ' [executed at: ' + str(self.execution_time.isoformat()) + ']' + linesep if self.failed: r += 'LAST OPERATION FAILED [' + str(len(self.errors)) + ' failure' + ('s' if len(self.errors) > 1 else '') + ' at operation' + ('s ' if len(self.errors) > 1 else ' ') + ', '.join([str(i) for i, error in enumerate(self.operations) if error.result['result'] != RESULT_SUCCESS]) + ']' return r def __str__(self): return self.__repr__() def __iter__(self): return self.entries.__iter__() def __getitem__(self, item): """Return indexed item, if index is not found then try to sequentially search in DN of entries. If only one entry is found return it else raise a KeyError exception. The exception message includes the number of entries that matches, if less than 10 entries match then show the DNs in the exception message. """ try: return self.entries[item] except TypeError: pass if isinstance(item, STRING_TYPES): found = self.match_dn(item) if len(found) == 1: return found[0] elif len(found) > 1: error_message = 'Multiple entries found: %d entries match the text in dn' % len(found) + ('' if len(found) > 10 else (' [' + '; '.join([e.entry_dn for e in found]) + ']')) if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise KeyError(error_message) error_message = 'no entry found' if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise KeyError(error_message) def __len__(self): return len(self.entries) if str is not bytes: # Python 3 def __bool__(self): # needed to make the cursor appears as existing in "if cursor:" even if there are no entries return True else: # Python 2 def __nonzero__(self): return True def _get_attributes(self, response, attr_defs, entry): """Assign the result of the LDAP query to the Entry object dictionary. If the optional 'post_query' callable is present in the AttrDef it is called with each value of the attribute and the callable result is stored in the attribute. Returns the default value for missing attributes. If the 'dereference_dn' in AttrDef is a ObjectDef then the attribute values are treated as distinguished name and the relevant entry is retrieved and stored in the attribute value. """ conf_operational_attribute_prefix = get_config_parameter('ABSTRACTION_OPERATIONAL_ATTRIBUTE_PREFIX') conf_attributes_excluded_from_object_def = [v.lower() for v in get_config_parameter('ATTRIBUTES_EXCLUDED_FROM_OBJECT_DEF')] attributes = CaseInsensitiveWithAliasDict() used_attribute_names = set() for attr in attr_defs: attr_def = attr_defs[attr] attribute_name = None for attr_name in response['attributes']: if attr_def.name.lower() == attr_name.lower(): attribute_name = attr_name break if attribute_name or attr_def.default is not NotImplemented: # attribute value found in result or default value present - NotImplemented allows use of None as default attribute = self.attribute_class(attr_def, entry, self) attribute.response = response attribute.raw_values = response['raw_attributes'][attribute_name] if attribute_name else None if attr_def.post_query and attr_def.name in response['attributes'] and response['raw_attributes'] != list(): attribute.values = attr_def.post_query(attr_def.key, response['attributes'][attribute_name]) else: if attr_def.default is NotImplemented or (attribute_name and response['raw_attributes'][attribute_name] != list()): attribute.values = response['attributes'][attribute_name] else: attribute.values = attr_def.default if isinstance(attr_def.default, SEQUENCE_TYPES) else [attr_def.default] if not isinstance(attribute.values, list): # force attribute values to list (if attribute is single-valued) attribute.values = [attribute.values] if attr_def.dereference_dn: # try to get object referenced in value if attribute.values: temp_reader = Reader(self.connection, attr_def.dereference_dn, base='', get_operational_attributes=self.get_operational_attributes, controls=self.controls) temp_values = [] for element in attribute.values: if entry.entry_dn != element: temp_values.append(temp_reader.search_object(element)) else: error_message = 'object %s is referencing itself in the \'%s\' attribute' % (entry.entry_dn, attribute.definition.name) if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPObjectDereferenceError(error_message) del temp_reader # remove the temporary Reader attribute.values = temp_values attributes[attribute.key] = attribute if attribute.other_names: attributes.set_alias(attribute.key, attribute.other_names) if attr_def.other_names: attributes.set_alias(attribute.key, attr_def.other_names) used_attribute_names.add(attribute_name) if self.attributes: used_attribute_names.update(self.attributes) for attribute_name in response['attributes']: if attribute_name not in used_attribute_names: operational_attribute = False # check if the type is an operational attribute if attribute_name in self.schema.attribute_types: if self.schema.attribute_types[attribute_name].no_user_modification or self.schema.attribute_types[attribute_name].usage in [ATTRIBUTE_DIRECTORY_OPERATION, ATTRIBUTE_DISTRIBUTED_OPERATION, ATTRIBUTE_DSA_OPERATION]: operational_attribute = True else: operational_attribute = True if not operational_attribute and attribute_name not in attr_defs and attribute_name.lower() not in conf_attributes_excluded_from_object_def: error_message = 'attribute \'%s\' not in object class \'%s\' for entry %s' % (attribute_name, ', '.join(entry.entry_definition._object_class), entry.entry_dn) if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) attribute = OperationalAttribute(AttrDef(conf_operational_attribute_prefix + attribute_name), entry, self) attribute.raw_values = response['raw_attributes'][attribute_name] attribute.values = response['attributes'][attribute_name] if isinstance(response['attributes'][attribute_name], SEQUENCE_TYPES) else [response['attributes'][attribute_name]] if (conf_operational_attribute_prefix + attribute_name) not in attributes: attributes[conf_operational_attribute_prefix + attribute_name] = attribute return attributes def match_dn(self, dn): """Return entries with text in DN""" matched = [] for entry in self.entries: if dn.lower() in entry.entry_dn.lower(): matched.append(entry) return matched def match(self, attributes, value): """Return entries with text in one of the specified attributes""" matched = [] if not isinstance(attributes, SEQUENCE_TYPES): attributes = [attributes] for entry in self.entries: found = False for attribute in attributes: if attribute in entry: for attr_value in entry[attribute].values: if hasattr(attr_value, 'lower') and hasattr(value, 'lower') and value.lower() in attr_value.lower(): found = True elif value == attr_value: found = True if found: matched.append(entry) break if found: break # checks raw values, tries to convert value to byte raw_value = to_raw(value) if isinstance(raw_value, (bytes, bytearray)): for attr_value in entry[attribute].raw_values: if hasattr(attr_value, 'lower') and hasattr(raw_value, 'lower') and raw_value.lower() in attr_value.lower(): found = True elif raw_value == attr_value: found = True if found: matched.append(entry) break if found: break return matched def _create_entry(self, response): if not response['type'] == 'searchResEntry': return None entry = self.entry_class(response['dn'], self) # define an Entry (writable or readonly), as specified in the cursor definition entry._state.attributes = self._get_attributes(response, self.definition._attributes, entry) entry._state.entry_raw_attributes = deepcopy(response['raw_attributes']) entry._state.response = response entry._state.read_time = datetime.now() entry._state.set_status(self.entry_initial_status) for attr in entry: # returns the whole attribute object entry.__dict__[attr.key] = attr return entry def _execute_query(self, query_scope, attributes): if not self.connection: error_message = 'no connection established' if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) old_query_filter = None if query_scope == BASE: # requesting a single object so an always-valid filter is set if hasattr(self, 'query_filter'): # only Reader has a query filter old_query_filter = self.query_filter self.query_filter = '(objectclass=*)' else: self._create_query_filter() if log_enabled(PROTOCOL): log(PROTOCOL, 'executing query - base: %s - filter: %s - scope: %s for <%s>', self.base, self.query_filter, query_scope, self) with self.connection: result = self.connection.search(search_base=self.base, search_filter=self.query_filter, search_scope=query_scope, dereference_aliases=self.dereference_aliases, attributes=attributes if attributes else list(self.attributes), get_operational_attributes=self.get_operational_attributes, controls=self.controls) if not self.connection.strategy.sync: response, result, request = self.connection.get_response(result, get_request=True) else: response = self.connection.response result = self.connection.result request = self.connection.request self._store_operation_in_history(request, result, response) if self._do_not_reset: # trick to not remove entries when using _refresh() return self._create_entry(response[0]) self.entries = [] for r in response: entry = self._create_entry(r) if entry is not None: self.entries.append(entry) self.execution_time = datetime.now() if old_query_filter: # requesting a single object so an always-valid filter is set self.query_filter = old_query_filter def remove(self, entry): if log_enabled(PROTOCOL): log(PROTOCOL, 'removing entry <%s> in <%s>', entry, self) self.entries.remove(entry) def _reset_history(self): self._operation_history = list() def _store_operation_in_history(self, request, result, response): self._operation_history.append(Operation(request, result, response)) @property def operations(self): return self._operation_history @property def errors(self): return [error for error in self._operation_history if error.result['result'] != RESULT_SUCCESS] @property def failed(self): return any([error.result['result'] != RESULT_SUCCESS for error in self._operation_history]) class Reader(Cursor): """Reader object to perform searches: :param connection: the LDAP connection object to use :type connection: LDAPConnection :param object_def: the ObjectDef of the LDAP object returned :type object_def: ObjectDef :param query: the simplified query (will be transformed in an LDAP filter) :type query: str :param base: starting base of the search :type base: str :param components_in_and: specify if assertions in the query must all be satisfied or not (AND/OR) :type components_in_and: bool :param sub_tree: specify if the search must be performed ad Single Level (False) or Whole SubTree (True) :type sub_tree: bool :param get_operational_attributes: specify if operational attributes are returned or not :type get_operational_attributes: bool :param controls: controls to be used in search :type controls: tuple """ entry_class = Entry # entries are read_only attribute_class = Attribute # attributes are read_only entry_initial_status = STATUS_READ def __init__(self, connection, object_def, base, query='', components_in_and=True, sub_tree=True, get_operational_attributes=False, attributes=None, controls=None): Cursor.__init__(self, connection, object_def, get_operational_attributes, attributes, controls) self._components_in_and = components_in_and self.sub_tree = sub_tree self._query = query self.base = base self.dereference_aliases = DEREF_ALWAYS self.validated_query = None self._query_dict = dict() self._validated_query_dict = dict() self.query_filter = None self.reset() if log_enabled(BASIC): log(BASIC, 'instantiated Reader Cursor: <%r>', self) @property def query(self): return self._query @query.setter def query(self, value): self._query = value self.reset() @property def components_in_and(self): return self._components_in_and @components_in_and.setter def components_in_and(self, value): self._components_in_and = value self.reset() def clear(self): """Clear the Reader search parameters """ self.dereference_aliases = DEREF_ALWAYS self._reset_history() def reset(self): """Clear all the Reader parameters """ self.clear() self.validated_query = None self._query_dict = dict() self._validated_query_dict = dict() self.execution_time = None self.query_filter = None self.entries = [] self._create_query_filter() def _validate_query(self): """Processes the text query and verifies that the requested friendly names are in the Reader dictionary If the AttrDef has a 'validate' property the callable is executed and if it returns False an Exception is raised """ if not self._query_dict: self._query_dict = _create_query_dict(self._query) query = '' for d in sorted(self._query_dict): attr = d[1:] if d[0] in '&|' else d for attr_def in self.definition: if ''.join(attr.split()).lower() == attr_def.key.lower(): attr = attr_def.key break if attr in self.definition: vals = sorted(self._query_dict[d].split(';')) query += (d[0] + attr if d[0] in '&|' else attr) + ': ' for val in vals: val = val.strip() val_not = True if val[0] == '!' else False val_search_operator = '=' # default if val_not: if val[1:].lstrip()[0] not in '=<>~': value = val[1:].lstrip() else: val_search_operator = val[1:].lstrip()[0] value = val[1:].lstrip()[1:] else: if val[0] not in '=<>~': value = val.lstrip() else: val_search_operator = val[0] value = val[1:].lstrip() if self.definition[attr].validate: validated = self.definition[attr].validate(value) # returns True, False or a value to substitute to the actual values if validated is False: error_message = 'validation failed for attribute %s and value %s' % (d, val) if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) elif validated is not True: # a valid LDAP value equivalent to the actual values value = validated if val_not: query += '!' + val_search_operator + str(value) else: query += val_search_operator + str(value) query += ';' query = query[:-1] + ', ' else: error_message = 'attribute \'%s\' not in definition' % attr if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) self.validated_query = query[:-2] self._validated_query_dict = _create_query_dict(self.validated_query) def _create_query_filter(self): """Converts the query dictionary to the filter text""" self.query_filter = '' if self.definition._object_class: self.query_filter += '(&' if isinstance(self.definition._object_class, SEQUENCE_TYPES) and len(self.definition._object_class) == 1: self.query_filter += '(objectClass=' + self.definition._object_class[0] + ')' elif isinstance(self.definition._object_class, SEQUENCE_TYPES): self.query_filter += '(&' for object_class in self.definition._object_class: self.query_filter += '(objectClass=' + object_class + ')' self.query_filter += ')' else: error_message = 'object class must be a string or a list' if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) if self._query and self._query.startswith('(') and self._query.endswith(')'): # query is already an LDAP filter if 'objectclass' not in self._query.lower(): self.query_filter += self._query + ')' # if objectclass not in filter adds from definition else: self.query_filter = self._query return elif self._query: # if a simplified filter is present if not self.components_in_and: self.query_filter += '(|' elif not self.definition._object_class: self.query_filter += '(&' self._validate_query() attr_counter = 0 for attr in sorted(self._validated_query_dict): attr_counter += 1 multi = True if ';' in self._validated_query_dict[attr] else False vals = sorted(self._validated_query_dict[attr].split(';')) attr_def = self.definition[attr[1:]] if attr[0] in '&|' else self.definition[attr] if attr_def.pre_query: modvals = [] for val in vals: modvals.append(val[0] + attr_def.pre_query(attr_def.key, val[1:])) vals = modvals if multi: if attr[0] in '&|': self.query_filter += '(' + attr[0] else: self.query_filter += '(|' for val in vals: if val[0] == '!': self.query_filter += '(!(' + attr_def.name + _ret_search_value(val[1:]) + '))' else: self.query_filter += '(' + attr_def.name + _ret_search_value(val) + ')' if multi: self.query_filter += ')' if not self.components_in_and: self.query_filter += '))' else: self.query_filter += ')' if not self.definition._object_class and attr_counter == 1: # remove unneeded starting filter self.query_filter = self.query_filter[2: -1] if self.query_filter == '(|)' or self.query_filter == '(&)': # remove empty filter self.query_filter = '' else: # no query, remove unneeded leading (& self.query_filter = self.query_filter[2:] def search(self, attributes=None): """Perform the LDAP search :return: Entries found in search """ self.clear() query_scope = SUBTREE if self.sub_tree else LEVEL if log_enabled(PROTOCOL): log(PROTOCOL, 'performing search in <%s>', self) self._execute_query(query_scope, attributes) return self.entries def search_object(self, entry_dn=None, attributes=None): # base must be a single dn """Perform the LDAP search operation SINGLE_OBJECT scope :return: Entry found in search """ if log_enabled(PROTOCOL): log(PROTOCOL, 'performing object search in <%s>', self) self.clear() if entry_dn: old_base = self.base self.base = entry_dn self._execute_query(BASE, attributes) self.base = old_base else: self._execute_query(BASE, attributes) return self.entries[0] if len(self.entries) > 0 else None def search_level(self, attributes=None): """Perform the LDAP search operation with SINGLE_LEVEL scope :return: Entries found in search """ if log_enabled(PROTOCOL): log(PROTOCOL, 'performing single level search in <%s>', self) self.clear() self._execute_query(LEVEL, attributes) return self.entries def search_subtree(self, attributes=None): """Perform the LDAP search operation WHOLE_SUBTREE scope :return: Entries found in search """ if log_enabled(PROTOCOL): log(PROTOCOL, 'performing whole subtree search in <%s>', self) self.clear() self._execute_query(SUBTREE, attributes) return self.entries def _entries_generator(self, responses): for response in responses: yield self._create_entry(response) def search_paged(self, paged_size, paged_criticality=True, generator=True, attributes=None): """Perform a paged search, can be called as an Iterator :param attributes: optional attributes to search :param paged_size: number of entries returned in each search :type paged_size: int :param paged_criticality: specify if server must not execute the search if it is not capable of paging searches :type paged_criticality: bool :param generator: if True the paged searches are executed while generating the entries, if False all the paged searches are execute before returning the generator :type generator: bool :return: Entries found in search """ if log_enabled(PROTOCOL): log(PROTOCOL, 'performing paged search in <%s> with paged size %s', self, str(paged_size)) if not self.connection: error_message = 'no connection established' if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) self.clear() self._create_query_filter() self.entries = [] self.execution_time = datetime.now() response = self.connection.extend.standard.paged_search(search_base=self.base, search_filter=self.query_filter, search_scope=SUBTREE if self.sub_tree else LEVEL, dereference_aliases=self.dereference_aliases, attributes=attributes if attributes else self.attributes, get_operational_attributes=self.get_operational_attributes, controls=self.controls, paged_size=paged_size, paged_criticality=paged_criticality, generator=generator) if generator: return self._entries_generator(response) else: return list(self._entries_generator(response)) class Writer(Cursor): entry_class = WritableEntry attribute_class = WritableAttribute entry_initial_status = STATUS_WRITABLE @staticmethod def from_cursor(cursor, connection=None, object_def=None, custom_validator=None): if connection is None: connection = cursor.connection if object_def is None: object_def = cursor.definition writer = Writer(connection, object_def, attributes=cursor.attributes) for entry in cursor.entries: if isinstance(cursor, Reader): entry.entry_writable(object_def, writer, custom_validator=custom_validator) elif isinstance(cursor, Writer): pass else: error_message = 'unknown cursor type %s' % str(type(cursor)) if log_enabled(ERROR): log(ERROR, '%s', error_message) raise LDAPCursorError(error_message) writer.execution_time = cursor.execution_time if log_enabled(BASIC): log(BASIC, 'instantiated Writer Cursor <%r> from cursor <%r>', writer, cursor) return writer @staticmethod def from_response(connection, object_def, response=None): if response is None: if not connection.strategy.sync: error_message = 'with asynchronous strategies response must be specified' if log_enabled(ERROR): log(ERROR, '%s', error_message) raise LDAPCursorError(error_message) elif connection.response: response = connection.response else: error_message = 'response not present' if log_enabled(ERROR): log(ERROR, '%s', error_message) raise LDAPCursorError(error_message) writer = Writer(connection, object_def) for resp in response: if resp['type'] == 'searchResEntry': entry = writer._create_entry(resp) writer.entries.append(entry) if log_enabled(BASIC): log(BASIC, 'instantiated Writer Cursor <%r> from response', writer) return writer def __init__(self, connection, object_def, get_operational_attributes=False, attributes=None, controls=None): Cursor.__init__(self, connection, object_def, get_operational_attributes, attributes, controls) self.dereference_aliases = DEREF_NEVER if log_enabled(BASIC): log(BASIC, 'instantiated Writer Cursor: <%r>', self) def commit(self, refresh=True): if log_enabled(PROTOCOL): log(PROTOCOL, 'committed changes for <%s>', self) self._reset_history() successful = True for entry in self.entries: if not entry.entry_commit_changes(refresh=refresh, controls=self.controls, clear_history=False): successful = False self.execution_time = datetime.now() return successful def discard(self): if log_enabled(PROTOCOL): log(PROTOCOL, 'discarded changes for <%s>', self) for entry in self.entries: entry.entry_discard_changes() def _refresh_object(self, entry_dn, attributes=None, tries=4, seconds=2, controls=None): # base must be a single dn """Performs the LDAP search operation SINGLE_OBJECT scope :return: Entry found in search """ if log_enabled(PROTOCOL): log(PROTOCOL, 'refreshing object <%s> for <%s>', entry_dn, self) if not self.connection: error_message = 'no connection established' if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) response = [] with self.connection: counter = 0 while counter < tries: result = self.connection.search(search_base=entry_dn, search_filter='(objectclass=*)', search_scope=BASE, dereference_aliases=DEREF_NEVER, attributes=attributes if attributes else self.attributes, get_operational_attributes=self.get_operational_attributes, controls=controls) if not self.connection.strategy.sync: response, result, request = self.connection.get_response(result, get_request=True) else: response = self.connection.response result = self.connection.result request = self.connection.request if result['result'] in [RESULT_SUCCESS]: break sleep(seconds) counter += 1 self._store_operation_in_history(request, result, response) if len(response) == 1: return self._create_entry(response[0]) elif len(response) == 0: return None error_message = 'more than 1 entry returned for a single object search' if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) def new(self, dn): if log_enabled(BASIC): log(BASIC, 'creating new entry <%s> for <%s>', dn, self) dn = safe_dn(dn) for entry in self.entries: # checks if dn is already used in an cursor entry if entry.entry_dn == dn: error_message = 'dn already present in cursor' if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) rdns = safe_rdn(dn, decompose=True) entry = self.entry_class(dn, self) # defines a new empty Entry for attr in entry.entry_mandatory_attributes: # defines all mandatory attributes as virtual entry._state.attributes[attr] = self.attribute_class(entry._state.definition[attr], entry, self) entry.__dict__[attr] = entry._state.attributes[attr] entry.objectclass.set(self.definition._object_class) for rdn in rdns: # adds virtual attributes from rdns in entry name (should be more than one with + syntax) if rdn[0] in entry._state.definition._attributes: rdn_name = entry._state.definition._attributes[rdn[0]].name # normalize case folding if rdn_name not in entry._state.attributes: entry._state.attributes[rdn_name] = self.attribute_class(entry._state.definition[rdn_name], entry, self) entry.__dict__[rdn_name] = entry._state.attributes[rdn_name] entry.__dict__[rdn_name].set(rdn[1]) else: error_message = 'rdn type \'%s\' not in object class definition' % rdn[0] if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) entry._state.set_status(STATUS_VIRTUAL) # set intial status entry._state.set_status(STATUS_PENDING_CHANGES) # tries to change status to PENDING_CHANGES. If mandatory attributes are missing status is reverted to MANDATORY_MISSING self.entries.append(entry) return entry def refresh_entry(self, entry, tries=4, seconds=2): conf_operational_attribute_prefix = get_config_parameter('ABSTRACTION_OPERATIONAL_ATTRIBUTE_PREFIX') self._do_not_reset = True attr_list = [] if log_enabled(PROTOCOL): log(PROTOCOL, 'refreshing entry <%s> for <%s>', entry, self) for attr in entry._state.attributes: # check friendly attribute name in AttrDef, do not check operational attributes if attr.lower().startswith(conf_operational_attribute_prefix.lower()): continue if entry._state.definition[attr].name: attr_list.append(entry._state.definition[attr].name) else: attr_list.append(entry._state.definition[attr].key) temp_entry = self._refresh_object(entry.entry_dn, attr_list, tries, seconds=seconds) # if any attributes is added adds only to the entry not to the definition self._do_not_reset = False if temp_entry: temp_entry._state.origin = entry._state.origin entry.__dict__.clear() entry.__dict__['_state'] = temp_entry._state for attr in entry._state.attributes: # returns the attribute key entry.__dict__[attr] = entry._state.attributes[attr] for attr in entry.entry_attributes: # if any attribute of the class was deleted make it virtual if attr not in entry._state.attributes and attr in entry.entry_definition._attributes: entry._state.attributes[attr] = WritableAttribute(entry.entry_definition[attr], entry, self) entry.__dict__[attr] = entry._state.attributes[attr] entry._state.set_status(entry._state._initial_status) return True return False ldap3-2.4.1/ldap3/abstract/entry.py0000666000000000000000000010040113226436321015172 0ustar 00000000000000""" """ # Created on 2016.08.19 # # Author: Giovanni Cannata # # Copyright 2016 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import json try: from collections import OrderedDict except ImportError: from ..utils.ordDict import OrderedDict # for Python 2.6 from os import linesep from .. import STRING_TYPES, SEQUENCE_TYPES from .attribute import WritableAttribute from .objectDef import ObjectDef from .attrDef import AttrDef from ..core.exceptions import LDAPKeyError, LDAPCursorError from ..utils.conv import check_json_dict, format_json, prepare_for_stream from ..protocol.rfc2849 import operation_to_ldif, add_ldif_header from ..utils.dn import safe_dn, safe_rdn, to_dn from ..utils.repr import to_stdout_encoding from ..utils.ciDict import CaseInsensitiveWithAliasDict from ..utils.config import get_config_parameter from . import STATUS_VIRTUAL, STATUS_WRITABLE, STATUS_PENDING_CHANGES, STATUS_COMMITTED, STATUS_DELETED,\ STATUS_INIT, STATUS_READY_FOR_DELETION, STATUS_READY_FOR_MOVING, STATUS_READY_FOR_RENAMING, STATUS_MANDATORY_MISSING, STATUSES, INITIAL_STATUSES from ..core.results import RESULT_SUCCESS from ..utils.log import log, log_enabled, ERROR, BASIC, PROTOCOL, EXTENDED class EntryState(object): """Contains data on the status of the entry. Does not pollute the Entry __dict__. """ def __init__(self, dn, cursor): self.dn = dn self._initial_status = None self._to = None # used for move and rename self.status = STATUS_INIT self.attributes = CaseInsensitiveWithAliasDict() self.raw_attributes = CaseInsensitiveWithAliasDict() self.response = None self.cursor = cursor self.origin = None # reference to the original read-only entry (set when made writable). Needed to update attributes in read-only when modified (only if both refer the same server) self.read_time = None self.changes = OrderedDict() # includes changes to commit in a writable entry if cursor.definition: self.definition = cursor.definition else: self.definition = None def __repr__(self): if self.__dict__ and self.dn is not None: r = 'DN: ' + to_stdout_encoding(self.dn) + ' - STATUS: ' + ((self._initial_status + ', ') if self._initial_status != self.status else '') + self.status + ' - READ TIME: ' + (self.read_time.isoformat() if self.read_time else '') + linesep r += 'attributes: ' + ', '.join(sorted(self.attributes.keys())) + linesep r += 'object def: ' + (', '.join(sorted(self.definition._object_class)) if self.definition._object_class else '') + linesep r += 'attr defs: ' + ', '.join(sorted(self.definition._attributes.keys())) + linesep r += 'response: ' + ('present' if self.response else '') + linesep r += 'cursor: ' + (self.cursor.__class__.__name__ if self.cursor else '') + linesep return r else: return object.__repr__(self) def __str__(self): return self.__repr__() def set_status(self, status): conf_ignored_mandatory_attributes_in_object_def = [v.lower() for v in get_config_parameter('IGNORED_MANDATORY_ATTRIBUTES_IN_OBJECT_DEF')] if status not in STATUSES: error_message = 'invalid entry status ' + str(status) if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) if status in INITIAL_STATUSES: self._initial_status = status self.status = status if status == STATUS_DELETED: self._initial_status = STATUS_VIRTUAL if status == STATUS_COMMITTED: self._initial_status = STATUS_WRITABLE if self.status == STATUS_VIRTUAL or (self.status == STATUS_PENDING_CHANGES and self._initial_status == STATUS_VIRTUAL): # checks if all mandatory attributes are present in new entries for attr in self.definition._attributes: if self.definition._attributes[attr].mandatory and attr.lower() not in conf_ignored_mandatory_attributes_in_object_def: if (attr not in self.attributes or self.attributes[attr].virtual) and attr not in self.changes: self.status = STATUS_MANDATORY_MISSING break class EntryBase(object): """The Entry object contains a single LDAP entry. Attributes can be accessed either by sequence, by assignment or as dictionary keys. Keys are not case sensitive. The Entry object is read only - The DN is retrieved by _dn - The cursor reference is in _cursor - Raw attributes values are retrieved with _raw_attributes and the _raw_attribute() methods """ def __init__(self, dn, cursor): self.__dict__['_state'] = EntryState(dn, cursor) def __repr__(self): if self.__dict__ and self.entry_dn is not None: r = 'DN: ' + to_stdout_encoding(self.entry_dn) + ' - STATUS: ' + ((self._state._initial_status + ', ') if self._state._initial_status != self.entry_status else '') + self.entry_status + ' - READ TIME: ' + (self.entry_read_time.isoformat() if self.entry_read_time else '') + linesep if self._state.attributes: for attr in sorted(self._state.attributes): if self._state.attributes[attr] or (hasattr(self._state.attributes[attr], 'changes') and self._state.attributes[attr].changes): r += ' ' + repr(self._state.attributes[attr]) + linesep return r else: return object.__repr__(self) def __str__(self): return self.__repr__() def __iter__(self): for attribute in self._state.attributes: yield self._state.attributes[attribute] # raise StopIteration # deprecated in PEP 479 return def __contains__(self, item): try: self.__getitem__(item) return True except LDAPKeyError: return False def __getattr__(self, item): if isinstance(item, STRING_TYPES): if item == '_state': return self.__dict__['_state'] item = ''.join(item.split()).lower() attr_found = None for attr in self._state.attributes.keys(): if item == attr.lower(): attr_found = attr break if not attr_found: for attr in self._state.attributes.aliases(): if item == attr.lower(): attr_found = attr break if not attr_found: for attr in self._state.attributes.keys(): if item + ';binary' == attr.lower(): attr_found = attr break if not attr_found: for attr in self._state.attributes.aliases(): if item + ';binary' == attr.lower(): attr_found = attr break if not attr_found: for attr in self._state.attributes.keys(): if item + ';range' in attr.lower(): attr_found = attr break if not attr_found: for attr in self._state.attributes.aliases(): if item + ';range' in attr.lower(): attr_found = attr break if not attr_found: error_message = 'attribute \'%s\' not found' % item if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) return self._state.attributes[attr] error_message = 'attribute name must be a string' if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) def __setattr__(self, item, value): if item in self._state.attributes: error_message = 'attribute \'%s\' is read only' % item if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) else: error_message = 'entry \'%s\' is read only' % item if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) def __getitem__(self, item): if isinstance(item, STRING_TYPES): item = ''.join(item.split()).lower() attr_found = None for attr in self._state.attributes.keys(): if item == attr.lower(): attr_found = attr break if not attr_found: for attr in self._state.attributes.aliases(): if item == attr.lower(): attr_found = attr break if not attr_found: for attr in self._state.attributes.keys(): if item + ';binary' == attr.lower(): attr_found = attr break if not attr_found: for attr in self._state.attributes.aliases(): if item + ';binary' == attr.lower(): attr_found = attr break if not attr_found: error_message = 'key \'%s\' not found' % item if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) return self._state.attributes[attr] error_message = 'key must be a string' if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPKeyError(error_message) def __eq__(self, other): if isinstance(other, EntryBase): return self.entry_dn == other.entry_dn return False def __lt__(self, other): if isinstance(other, EntryBase): return self.entry_dn <= other.entry_dn return False @property def entry_dn(self): return self._state.dn @property def entry_cursor(self): return self._state.cursor @property def entry_status(self): return self._state.status @property def entry_definition(self): return self._state.definition @property def entry_raw_attributes(self): return self._state.entry_raw_attributes def entry_raw_attribute(self, name): """ :param name: name of the attribute :return: raw (unencoded) value of the attribute, None if attribute is not found """ return self._state.entry_raw_attributes[name] if name in self._state.entry_raw_attributes else None @property def entry_mandatory_attributes(self): return [attribute for attribute in self.entry_definition._attributes if self.entry_definition._attributes[attribute].mandatory] @property def entry_attributes(self): # attr_list = list() # for attr in self._state.attributes: # if self._state.definition[attr].name: # attr_list.append(self._state.definition[attr].name) # else: # attr_list.append(self._state.definition[attr].key) # return attr_list return list(self._state.attributes.keys()) @property def entry_attributes_as_dict(self): return dict((attribute_key, attribute_value.values) for (attribute_key, attribute_value) in self._state.attributes.items()) @property def entry_read_time(self): return self._state.read_time @property def _changes(self): return self._state.changes def entry_to_json(self, raw=False, indent=4, sort=True, stream=None, checked_attributes=True, include_empty=True): json_entry = dict() json_entry['dn'] = self.entry_dn if checked_attributes: if not include_empty: # needed for python 2.6 compatibility json_entry['attributes'] = dict((key, self.entry_attributes_as_dict[key]) for key in self.entry_attributes_as_dict if self.entry_attributes_as_dict[key]) else: json_entry['attributes'] = self.entry_attributes_as_dict if raw: if not include_empty: # needed for python 2.6 compatibility json_entry['raw'] = dict((key, self.entry_raw_attributes[key]) for key in self.entry_raw_attributes if self.entry_raw_attributes[key]) else: json_entry['raw'] = dict(self.entry_raw_attributes) if str is bytes: # Python 2 check_json_dict(json_entry) json_output = json.dumps(json_entry, ensure_ascii=True, sort_keys=sort, indent=indent, check_circular=True, default=format_json, separators=(',', ': ')) if stream: stream.write(json_output) return json_output def entry_to_ldif(self, all_base64=False, line_separator=None, sort_order=None, stream=None): ldif_lines = operation_to_ldif('searchResponse', [self._state.response], all_base64, sort_order=sort_order) ldif_lines = add_ldif_header(ldif_lines) line_separator = line_separator or linesep ldif_output = line_separator.join(ldif_lines) if stream: if stream.tell() == 0: header = add_ldif_header(['-'])[0] stream.write(prepare_for_stream(header + line_separator + line_separator)) stream.write(prepare_for_stream(ldif_output + line_separator + line_separator)) return ldif_output class Entry(EntryBase): """The Entry object contains a single LDAP entry. Attributes can be accessed either by sequence, by assignment or as dictionary keys. Keys are not case sensitive. The Entry object is read only - The DN is retrieved by _dn() - The Reader reference is in _cursor() - Raw attributes values are retrieved by the _ra_attributes and _raw_attribute() methods """ def entry_writable(self, object_def=None, writer_cursor=None, attributes=None, custom_validator=None): if not self.entry_cursor.schema: error_message = 'schema must be available to make an entry writable' if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) # returns a new WritableEntry and its Writer cursor if object_def is None: if self.entry_cursor.definition._object_class: object_def = self.entry_cursor.definition._object_class elif 'objectclass' in self: object_def = self.objectclass.values if not object_def: error_message = 'object class must be specified to make an entry writable' if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) if not isinstance(object_def, ObjectDef): object_def = ObjectDef(object_def, self.entry_cursor.schema, custom_validator) if attributes: if isinstance(attributes, STRING_TYPES): attributes = [attributes] if isinstance(attributes, SEQUENCE_TYPES): for attribute in attributes: if attribute not in object_def._attributes: error_message = 'attribute \'%s\' not in schema for \'%s\'' % (attribute, object_def) if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) else: attributes = [] if not writer_cursor: from .cursor import Writer # local import to avoid circular reference in import at startup writable_cursor = Writer(self.entry_cursor.connection, object_def) else: writable_cursor = writer_cursor if attributes: # force reading of attributes writable_entry = writable_cursor._refresh_object(self.entry_dn, list(attributes) + self.entry_attributes) else: writable_entry = writable_cursor._create_entry(self._state.response) writable_cursor.entries.append(writable_entry) writable_entry._state.read_time = self.entry_read_time writable_entry._state.origin = self # reference to the original read-only entry # checks original entry for custom definitions in AttrDefs for attr in writable_entry._state.origin.entry_definition._attributes: original_attr = writable_entry._state.origin.entry_definition._attributes[attr] if attr != original_attr.name and attr not in writable_entry._state.attributes: old_attr_def = writable_entry.entry_definition._attributes[original_attr.name] new_attr_def = AttrDef(original_attr.name, key=attr, validate=original_attr.validate, pre_query=original_attr.pre_query, post_query=original_attr.post_query, default=original_attr.default, dereference_dn=original_attr.dereference_dn, description=original_attr.description, mandatory=old_attr_def.mandatory, # keeps value read from schema single_value=old_attr_def.single_value, # keeps value read from schema alias=original_attr.other_names) object_def = writable_entry.entry_definition object_def -= old_attr_def object_def += new_attr_def # updates attribute name in entry attributes new_attr = WritableAttribute(new_attr_def, writable_entry, writable_cursor) if original_attr.name in writable_entry._state.attributes: new_attr.other_names = writable_entry._state.attributes[original_attr.name].other_names new_attr.raw_values = writable_entry._state.attributes[original_attr.name].raw_values new_attr.values = writable_entry._state.attributes[original_attr.name].values new_attr.response = writable_entry._state.attributes[original_attr.name].response writable_entry._state.attributes[attr] = new_attr # writable_entry._state.attributes.set_alias(attr, new_attr.other_names) del writable_entry._state.attributes[original_attr.name] writable_entry._state.set_status(STATUS_WRITABLE) return writable_entry class WritableEntry(EntryBase): def __setitem__(self, key, value): if value is not Ellipsis: # hack for using implicit operators in writable attributes self.__setattr__(key, value) def __setattr__(self, item, value): conf_attributes_excluded_from_object_def = [v.lower() for v in get_config_parameter('ATTRIBUTES_EXCLUDED_FROM_OBJECT_DEF')] if item == '_state' and isinstance(value, EntryState): self.__dict__['_state'] = value return if value is not Ellipsis: # hack for using implicit operators in writable attributes # checks if using an alias if item in self.entry_cursor.definition._attributes or item.lower() in conf_attributes_excluded_from_object_def: if item not in self._state.attributes: # setting value to an attribute still without values new_attribute = WritableAttribute(self.entry_cursor.definition._attributes[item], self, cursor=self.entry_cursor) self._state.attributes[str(item)] = new_attribute # force item to a string for key in attributes dict self._state.attributes[item].set(value) # try to add to new_values else: error_message = 'attribute \'%s\' not defined' % item if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) def __getattr__(self, item): if isinstance(item, STRING_TYPES): if item == '_state': return self.__dict__['_state'] item = ''.join(item.split()).lower() for attr in self._state.attributes.keys(): if item == attr.lower(): return self._state.attributes[attr] for attr in self._state.attributes.aliases(): if item == attr.lower(): return self._state.attributes[attr] if item in self.entry_definition._attributes: # item is a new attribute to commit, creates the AttrDef and add to the attributes to retrive self._state.attributes[item] = WritableAttribute(self.entry_definition._attributes[item], self, self.entry_cursor) self.entry_cursor.attributes.add(item) return self._state.attributes[item] error_message = 'attribute \'%s\' not defined' % item if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) else: error_message = 'attribute name must be a string' if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) @property def entry_virtual_attributes(self): return [attr for attr in self.entry_attributes if self[attr].virtual] def entry_commit_changes(self, refresh=True, controls=None, clear_history=True): if clear_history: self.entry_cursor._reset_history() if self.entry_status == STATUS_READY_FOR_DELETION: result = self.entry_cursor.connection.delete(self.entry_dn, controls) if not self.entry_cursor.connection.strategy.sync: response, result, request = self.entry_cursor.connection.get_response(result, get_request=True) else: response = self.entry_cursor.connection.response result = self.entry_cursor.connection.result request = self.entry_cursor.connection.request self.entry_cursor._store_operation_in_history(request, result, response) if result['result'] == RESULT_SUCCESS: dn = self.entry_dn if self._state.origin and self.entry_cursor.connection.server == self._state.origin.entry_cursor.connection.server: # deletes original read-only Entry cursor = self._state.origin.entry_cursor self._state.origin.__dict__.clear() self._state.origin.__dict__['_state'] = EntryState(dn, cursor) self._state.origin._state.set_status(STATUS_DELETED) cursor = self.entry_cursor self.__dict__.clear() self._state = EntryState(dn, cursor) self._state.set_status(STATUS_DELETED) return True return False elif self.entry_status == STATUS_READY_FOR_MOVING: result = self.entry_cursor.connection.modify_dn(self.entry_dn, '+'.join(safe_rdn(self.entry_dn)), new_superior=self._state._to) if not self.entry_cursor.connection.strategy.sync: response, result, request = self.entry_cursor.connection.get_response(result, get_request=True) else: response = self.entry_cursor.connection.response result = self.entry_cursor.connection.result request = self.entry_cursor.connection.request self.entry_cursor._store_operation_in_history(request, result, response) if result['result'] == RESULT_SUCCESS: self._state.dn = safe_dn('+'.join(safe_rdn(self.entry_dn)) + ',' + self._state._to) if refresh: if self.entry_refresh(): if self._state.origin and self.entry_cursor.connection.server == self._state.origin.entry_cursor.connection.server: # refresh dn of origin self._state.origin._state.dn = self.entry_dn self._state.set_status(STATUS_COMMITTED) self._state._to = None return True return False elif self.entry_status == STATUS_READY_FOR_RENAMING: rdn = '+'.join(safe_rdn(self._state._to)) result = self.entry_cursor.connection.modify_dn(self.entry_dn, rdn) if not self.entry_cursor.connection.strategy.sync: response, result, request = self.entry_cursor.connection.get_response(result, get_request=True) else: response = self.entry_cursor.connection.response result = self.entry_cursor.connection.result request = self.entry_cursor.connection.request self.entry_cursor._store_operation_in_history(request, result, response) if result['result'] == RESULT_SUCCESS: self._state.dn = rdn + ',' + ','.join(to_dn(self.entry_dn)[1:]) if refresh: if self.entry_refresh(): if self._state.origin and self.entry_cursor.connection.server == self._state.origin.entry_cursor.connection.server: # refresh dn of origin self._state.origin._state.dn = self.entry_dn self._state.set_status(STATUS_COMMITTED) self._state._to = None return True return False elif self.entry_status in [STATUS_VIRTUAL, STATUS_MANDATORY_MISSING]: missing_attributes = [] for attr in self.entry_mandatory_attributes: if (attr not in self._state.attributes or self._state.attributes[attr].virtual) and attr not in self._changes: missing_attributes.append('\'' + attr + '\'') error_message = 'mandatory attributes %s missing in entry %s' % (', '.join(missing_attributes), self.entry_dn) if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) elif self.entry_status == STATUS_PENDING_CHANGES: if self._changes: if self._state._initial_status == STATUS_VIRTUAL: new_attributes = dict() for attr in self._changes: new_attributes[attr] = self._changes[attr][0][1] result = self.entry_cursor.connection.add(self.entry_dn, None, new_attributes, controls) else: result = self.entry_cursor.connection.modify(self.entry_dn, self._changes, controls) if not self.entry_cursor.connection.strategy.sync: # asynchronous request response, result, request = self.entry_cursor.connection.get_response(result, get_request=True) else: response = self.entry_cursor.connection.response result = self.entry_cursor.connection.result request = self.entry_cursor.connection.request self.entry_cursor._store_operation_in_history(request, result, response) if result['result'] == RESULT_SUCCESS: if refresh: if self.entry_refresh(): if self._state.origin and self.entry_cursor.connection.server == self._state.origin.entry_cursor.connection.server: # updates original read-only entry if present for attr in self: # adds AttrDefs from writable entry to origin entry definition if some is missing if attr.key in self.entry_definition._attributes and attr.key not in self._state.origin.entry_definition._attributes: self._state.origin.entry_cursor.definition.add_attribute(self.entry_cursor.definition._attributes[attr.key]) # adds AttrDef from writable entry to original entry if missing temp_entry = self._state.origin.entry_cursor._create_entry(self._state.response) self._state.origin.__dict__.clear() self._state.origin.__dict__['_state'] = temp_entry._state for attr in self: # returns the whole attribute object if not attr.virtual: self._state.origin.__dict__[attr.key] = self._state.origin._state.attributes[attr.key] self._state.origin._state.read_time = self.entry_read_time else: self.entry_discard_changes() # if not refreshed remove committed changes self._state.set_status(STATUS_COMMITTED) return True return False def entry_discard_changes(self): self._changes.clear() self._state.set_status(self._state._initial_status) def entry_delete(self): if self.entry_status not in [STATUS_WRITABLE, STATUS_COMMITTED, STATUS_READY_FOR_DELETION]: error_message = 'cannot delete entry, invalid status: ' + self.entry_status if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) self._state.set_status(STATUS_READY_FOR_DELETION) def entry_refresh(self, tries=4, seconds=2): """ Refreshes the entry from the LDAP Server """ if self.entry_cursor.connection: if self.entry_cursor.refresh_entry(self, tries, seconds): return True return False def entry_move(self, destination_dn): if self.entry_status not in [STATUS_WRITABLE, STATUS_COMMITTED, STATUS_READY_FOR_MOVING]: error_message = 'cannot move entry, invalid status: ' + self.entry_status if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) self._state._to = safe_dn(destination_dn) self._state.set_status(STATUS_READY_FOR_MOVING) def entry_rename(self, new_name): if self.entry_status not in [STATUS_WRITABLE, STATUS_COMMITTED, STATUS_READY_FOR_RENAMING]: error_message = 'cannot rename entry, invalid status: ' + self.entry_status if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPCursorError(error_message) self._state._to = new_name self._state.set_status(STATUS_READY_FOR_RENAMING) @property def entry_changes(self): return self._changes ldap3-2.4.1/ldap3/abstract/objectDef.py0000666000000000000000000002551013226436321015725 0ustar 00000000000000""" """ # Created on 2014.02.02 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from os import linesep from .attrDef import AttrDef from ..core.exceptions import LDAPKeyError, LDAPObjectError, LDAPAttributeError, LDAPSchemaError from .. import STRING_TYPES, SEQUENCE_TYPES, Server, Connection from ..protocol.rfc4512 import SchemaInfo, constant_to_class_kind from ..protocol.formatters.standard import find_attribute_validator from ..utils.ciDict import CaseInsensitiveWithAliasDict from ..utils.config import get_config_parameter from ..utils.log import log, log_enabled, ERROR, BASIC, PROTOCOL, EXTENDED class ObjectDef(object): """Represent an object in the LDAP server. AttrDefs are stored in a dictionary; the key is the friendly name defined in AttrDef. AttrDefs can be added and removed using the += ad -= operators ObjectDef can be accessed either as a sequence and a dictionary. When accessed the whole AttrDef instance is returned """ def __init__(self, object_class=None, schema=None, custom_validator=None): if object_class is None: object_class = [] if not isinstance(object_class, SEQUENCE_TYPES): object_class = [object_class] self.__dict__['_attributes'] = CaseInsensitiveWithAliasDict() self.__dict__['_custom_validator'] = custom_validator self.__dict__['_oid_info'] = [] if isinstance(schema, Connection) and (schema._deferred_bind or schema._deferred_open): # probably a lazy connection, tries to bind schema._fire_deferred() if schema is not None: if isinstance(schema, Server): schema = schema.schema elif isinstance(schema, Connection): schema = schema.server.schema elif isinstance(schema, SchemaInfo): schema = schema elif schema: error_message = 'unable to read schema' if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPSchemaError(error_message) if schema is None: error_message = 'schema not present' if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPSchemaError(error_message) self.__dict__['_schema'] = schema if self._schema: object_class = [schema.object_classes[name].name[0] for name in object_class] # uses object class names capitalized as in schema for object_name in object_class: if object_name: self._populate_attr_defs(object_name) self.__dict__['_object_class'] = object_class if log_enabled(BASIC): log(BASIC, 'instantiated ObjectDef: <%r>', self) def _populate_attr_defs(self, object_name): if object_name in self._schema.object_classes: object_schema = self._schema.object_classes[object_name] self.__dict__['_oid_info'].append(object_name + " (" + constant_to_class_kind(object_schema.kind) + ") " + str(object_schema.oid)) if object_schema.superior: for sup in object_schema.superior: self._populate_attr_defs(sup) for attribute_name in object_schema.must_contain: self.add_from_schema(attribute_name, True) for attribute_name in object_schema.may_contain: if attribute_name not in self._attributes: # the attribute could already be defined as "mandatory" in a superclass self.add_from_schema(attribute_name, False) else: error_message = 'object class \'%s\' not defined in schema' % object_name if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPObjectError(error_message) def __repr__(self): if self._object_class: r = 'OBJ : ' + ', '.join(self._object_class) else: r = 'OBJ : ' r += ' [' + ', '.join([oid for oid in self._oid_info]) + ']' + linesep r += 'MUST: ' + ', '.join(sorted([attr for attr in self._attributes if self._attributes[attr].mandatory])) + linesep r += 'MAY : ' + ', '.join(sorted([attr for attr in self._attributes if not self._attributes[attr].mandatory])) + linesep return r def __str__(self): return self.__repr__() def __getitem__(self, item): return self.__getattr__(item) def __getattr__(self, item): item = ''.join(item.split()).lower() if '_attributes' in self.__dict__: try: return self._attributes[item] except KeyError: error_message = 'key \'%s\' not present' % item if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPKeyError(error_message) else: error_message = 'internal _attributes property not defined' if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPKeyError(error_message) def __setattr__(self, key, value): error_message = 'object \'%s\' is read only' % key if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPObjectError(error_message) def __iadd__(self, other): self.add_attribute(other) return self def __isub__(self, other): if isinstance(other, AttrDef): self.remove_attribute(other.key) elif isinstance(other, STRING_TYPES): self.remove_attribute(other) return self def __iter__(self): for attribute in self._attributes: yield self._attributes[attribute] def __len__(self): return len(self._attributes) if str is not bytes: # Python 3 def __bool__(self): # needed to make the objectDef appears as existing in "if cursor:" even if there are no entries return True else: # Python 2 def __nonzero__(self): return True def __contains__(self, item): try: self.__getitem__(item) except KeyError: return False return True def add_from_schema(self, attribute_name, mandatory=False): attr_def = AttrDef(attribute_name) attr_def.validate = find_attribute_validator(self._schema, attribute_name, self._custom_validator) attr_def.mandatory = mandatory # in schema mandatory is specified in the object class, not in the attribute class if self._schema and self._schema.attribute_types and attribute_name in self._schema.attribute_types: attr_def.single_value = self._schema.attribute_types[attribute_name].single_value attr_def.oid_info = self._schema.attribute_types[attribute_name] self.add_attribute(attr_def) def add_attribute(self, definition=None): """Add an AttrDef to the ObjectDef. Can be called with the += operator. :param definition: the AttrDef object to add, can also be a string containing the name of attribute to add. Can be a list of both """ conf_attributes_excluded_from_object_def = [v.lower() for v in get_config_parameter('ATTRIBUTES_EXCLUDED_FROM_OBJECT_DEF')] if isinstance(definition, STRING_TYPES): self.add_from_schema(definition) elif isinstance(definition, AttrDef): if definition.key.lower() not in conf_attributes_excluded_from_object_def: if definition.key not in self._attributes: self._attributes[definition.key] = definition if definition.name and definition.name != definition.key: self._attributes.set_alias(definition.key, definition.name) other_names = [name for name in definition.oid_info.name if definition.key.lower() != name.lower()] if definition.oid_info else None if other_names: self._attributes.set_alias(definition.key, other_names) if not definition.validate: validator = find_attribute_validator(self._schema, definition.key, self._custom_validator) self._attributes[definition.key].validate = validator elif isinstance(definition, SEQUENCE_TYPES): for element in definition: self.add_attribute(element) else: error_message = 'unable to add element to object definition' if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPObjectError(error_message) def remove_attribute(self, item): """Remove an AttrDef from the ObjectDef. Can be called with the -= operator. :param item: the AttrDef to remove, can also be a string containing the name of attribute to remove """ key = None if isinstance(item, STRING_TYPES): key = ''.join(item.split()).lower() elif isinstance(item, AttrDef): key = item.key.lower() if key: for attr in self._attributes: if key == attr.lower(): del self._attributes[attr] break else: error_message = 'key \'%s\' not present' % key if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPKeyError(error_message) else: error_message = 'key type must be str or AttrDef not ' + str(type(item)) if log_enabled(ERROR): log(ERROR, '%s for <%s>', error_message, self) raise LDAPAttributeError(error_message) def clear_attributes(self): """Empty the ObjectDef attribute list """ self.__dict__['object_class'] = None self.__dict__['_attributes'] = dict() ldap3-2.4.1/ldap3/abstract/__init__.py0000666000000000000000000000416613226436321015603 0ustar 00000000000000""" """ # Created on 2016.08.31 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . STATUS_INIT = 'Initialized' # The entry object is initialized STATUS_VIRTUAL = 'Virtual' # The entry is a new writable entry, still empty STATUS_MANDATORY_MISSING = 'Missing mandatory attributes' # The entry has some mandatory attributes missing STATUS_READ = 'Read' # The entry has been read STATUS_WRITABLE = 'Writable' # The entry has been made writable, still no changes STATUS_PENDING_CHANGES = 'Pending changes' # The entry has some changes to commit, mandatory attributes are present STATUS_COMMITTED = 'Committed' # The entry changes has been committed STATUS_READY_FOR_DELETION = 'Ready for deletion' # The entry is set to be deleted STATUS_READY_FOR_MOVING = 'Ready for moving' # The entry is set to be moved in the DIT STATUS_READY_FOR_RENAMING = 'Ready for renaming' # The entry is set to be renamed STATUS_DELETED = 'Deleted' # The entry has been deleted STATUSES = [STATUS_INIT, STATUS_VIRTUAL, STATUS_MANDATORY_MISSING, STATUS_READ, STATUS_WRITABLE, STATUS_PENDING_CHANGES, STATUS_COMMITTED, STATUS_READY_FOR_DELETION, STATUS_READY_FOR_MOVING, STATUS_READY_FOR_RENAMING, STATUS_DELETED] INITIAL_STATUSES = [STATUS_READ, STATUS_WRITABLE, STATUS_VIRTUAL] ldap3-2.4.1/ldap3/core/0000777000000000000000000000000013231031760012602 5ustar 00000000000000ldap3-2.4.1/ldap3/core/connection.py0000666000000000000000000022626213230573433015334 0ustar 00000000000000""" """ # Created on 2014.05.31 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from os import linesep from threading import RLock from functools import reduce import json from .. import ANONYMOUS, SIMPLE, SASL, MODIFY_ADD, MODIFY_DELETE, MODIFY_REPLACE, get_config_parameter, DEREF_ALWAYS, \ SUBTREE, ASYNC, SYNC, NO_ATTRIBUTES, ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTES, MODIFY_INCREMENT, LDIF, ASYNC_STREAM, \ RESTARTABLE, ROUND_ROBIN, REUSABLE, AUTO_BIND_NONE, AUTO_BIND_TLS_BEFORE_BIND, AUTO_BIND_TLS_AFTER_BIND, AUTO_BIND_NO_TLS, \ STRING_TYPES, SEQUENCE_TYPES, MOCK_SYNC, MOCK_ASYNC, NTLM, EXTERNAL, DIGEST_MD5, GSSAPI, PLAIN from .results import RESULT_SUCCESS, RESULT_COMPARE_TRUE, RESULT_COMPARE_FALSE from ..extend import ExtendedOperationsRoot from .pooling import ServerPool from .server import Server from ..operation.abandon import abandon_operation, abandon_request_to_dict from ..operation.add import add_operation, add_request_to_dict from ..operation.bind import bind_operation, bind_request_to_dict from ..operation.compare import compare_operation, compare_request_to_dict from ..operation.delete import delete_operation, delete_request_to_dict from ..operation.extended import extended_operation, extended_request_to_dict from ..operation.modify import modify_operation, modify_request_to_dict from ..operation.modifyDn import modify_dn_operation, modify_dn_request_to_dict from ..operation.search import search_operation, search_request_to_dict from ..protocol.rfc2849 import operation_to_ldif, add_ldif_header from ..protocol.sasl.digestMd5 import sasl_digest_md5 from ..protocol.sasl.external import sasl_external from ..protocol.sasl.plain import sasl_plain from ..strategy.sync import SyncStrategy from ..strategy.mockAsync import MockAsyncStrategy from ..strategy.asynchronous import AsyncStrategy from ..strategy.reusable import ReusableStrategy from ..strategy.restartable import RestartableStrategy from ..strategy.ldifProducer import LdifProducerStrategy from ..strategy.mockSync import MockSyncStrategy from ..strategy.asyncStream import AsyncStreamStrategy from ..operation.unbind import unbind_operation from ..protocol.rfc2696 import paged_search_control from .usage import ConnectionUsage from .tls import Tls from .exceptions import LDAPUnknownStrategyError, LDAPBindError, LDAPUnknownAuthenticationMethodError, \ LDAPSASLMechanismNotSupportedError, LDAPObjectClassError, LDAPConnectionIsReadOnlyError, LDAPChangeError, LDAPExceptionError, \ LDAPObjectError, LDAPSocketReceiveError, LDAPAttributeError, LDAPInvalidValueError, LDAPConfigurationError from ..utils.conv import escape_bytes, prepare_for_stream, check_json_dict, format_json, to_unicode from ..utils.log import log, log_enabled, ERROR, BASIC, PROTOCOL, EXTENDED, get_library_log_hide_sensitive_data from ..utils.dn import safe_dn SASL_AVAILABLE_MECHANISMS = [EXTERNAL, DIGEST_MD5, GSSAPI, PLAIN] CLIENT_STRATEGIES = [SYNC, ASYNC, LDIF, RESTARTABLE, REUSABLE, MOCK_SYNC, MOCK_ASYNC, ASYNC_STREAM] def _format_socket_endpoint(endpoint): if endpoint and len(endpoint) == 2: # IPv4 return str(endpoint[0]) + ':' + str(endpoint[1]) elif endpoint and len(endpoint) == 4: # IPv6 return '[' + str(endpoint[0]) + ']:' + str(endpoint[1]) try: return str(endpoint) except Exception: return '?' def _format_socket_endpoints(sock): if sock: try: local = sock.getsockname() except Exception: local = (None, None, None, None) try: remote = sock.getpeername() except Exception: remote = (None, None, None, None) return '' return '' # noinspection PyProtectedMember class Connection(object): """Main ldap connection class. Controls, if used, must be a list of tuples. Each tuple must have 3 elements, the control OID, a boolean meaning if the control is critical, a value. If the boolean is set to True the server must honor the control or refuse the operation Mixing controls must be defined in controls specification (as per RFC 4511) :param server: the Server object to connect to :type server: Server, str :param user: the user name for simple authentication :type user: str :param password: the password for simple authentication :type password: str :param auto_bind: specify if the bind will be performed automatically when defining the Connection object :type auto_bind: int, can be one of AUTO_BIND_NONE, AUTO_BIND_NO_TLS, AUTO_BIND_TLS_BEFORE_BIND, AUTO_BIND_TLS_AFTER_BIND as specified in ldap3 :param version: LDAP version, default to 3 :type version: int :param authentication: type of authentication :type authentication: int, can be one of AUTH_ANONYMOUS, AUTH_SIMPLE or AUTH_SASL, as specified in ldap3 :param client_strategy: communication strategy used in the Connection :type client_strategy: can be one of STRATEGY_SYNC, STRATEGY_ASYNC_THREADED, STRATEGY_LDIF_PRODUCER, STRATEGY_SYNC_RESTARTABLE, STRATEGY_REUSABLE_THREADED as specified in ldap3 :param auto_referrals: specify if the connection object must automatically follow referrals :type auto_referrals: bool :param sasl_mechanism: mechanism for SASL authentication, can be one of 'EXTERNAL', 'DIGEST-MD5', 'GSSAPI', 'PLAIN' :type sasl_mechanism: str :param sasl_credentials: credentials for SASL mechanism :type sasl_credentials: tuple :param check_names: if True the library will check names of attributes and object classes against the schema. Also values found in entries will be formatted as indicated by the schema :type check_names: bool :param collect_usage: collect usage metrics in the usage attribute :type collect_usage: bool :param read_only: disable operations that modify data in the LDAP server :type read_only: bool :param lazy: open and bind the connection only when an actual operation is performed :type lazy: bool :param raise_exceptions: raise exceptions when operations are not successful, if False operations return False if not successful but not raise exceptions :type raise_exceptions: bool :param pool_name: pool name for pooled strategies :type pool_name: str :param pool_size: pool size for pooled strategies :type pool_size: int :param pool_lifetime: pool lifetime for pooled strategies :type pool_lifetime: int :param use_referral_cache: keep referral connections open and reuse them :type use_referral_cache: bool :param auto_escape: automatic escaping of filter values :param auto_encode: automatic encoding of attribute values :type use_referral_cache: bool """ def __init__(self, server, user=None, password=None, auto_bind=AUTO_BIND_NONE, version=3, authentication=None, client_strategy=SYNC, auto_referrals=True, auto_range=True, sasl_mechanism=None, sasl_credentials=None, check_names=True, collect_usage=False, read_only=False, lazy=False, raise_exceptions=False, pool_name=None, pool_size=None, pool_lifetime=None, fast_decoder=True, receive_timeout=None, return_empty_attributes=True, use_referral_cache=False, auto_escape=True, auto_encode=True, pool_keepalive=None): conf_default_pool_name = get_config_parameter('DEFAULT_THREADED_POOL_NAME') self.connection_lock = RLock() # re-entrant lock to ensure that operations in the Connection object are executed atomically in the same thread with self.connection_lock: if client_strategy not in CLIENT_STRATEGIES: self.last_error = 'unknown client connection strategy' if log_enabled(ERROR): log(ERROR, '%s for <%s>', self.last_error, self) raise LDAPUnknownStrategyError(self.last_error) self.strategy_type = client_strategy self.user = user self.password = password if not authentication and self.user: self.authentication = SIMPLE elif not authentication: self.authentication = ANONYMOUS elif authentication in [SIMPLE, ANONYMOUS, SASL, NTLM]: self.authentication = authentication else: self.last_error = 'unknown authentication method' if log_enabled(ERROR): log(ERROR, '%s for <%s>', self.last_error, self) raise LDAPUnknownAuthenticationMethodError(self.last_error) self.version = version self.auto_referrals = True if auto_referrals else False self.request = None self.response = None self.result = None self.bound = False self.listening = False self.closed = True self.last_error = None if auto_bind is False: # compatibility with older version where auto_bind was a boolean self.auto_bind = AUTO_BIND_NONE elif auto_bind is True: self.auto_bind = AUTO_BIND_NO_TLS else: self.auto_bind = auto_bind self.sasl_mechanism = sasl_mechanism self.sasl_credentials = sasl_credentials self._usage = ConnectionUsage() if collect_usage else None self.socket = None self.tls_started = False self.sasl_in_progress = False self.read_only = read_only self._context_state = [] self._deferred_open = False self._deferred_bind = False self._deferred_start_tls = False self._bind_controls = None self._executing_deferred = False self.lazy = lazy self.pool_name = pool_name if pool_name else conf_default_pool_name self.pool_size = pool_size self.pool_lifetime = pool_lifetime self.pool_keepalive = pool_keepalive self.starting_tls = False self.check_names = check_names self.raise_exceptions = raise_exceptions self.auto_range = True if auto_range else False self.extend = ExtendedOperationsRoot(self) self._entries = [] self.fast_decoder = fast_decoder self.receive_timeout = receive_timeout self.empty_attributes = return_empty_attributes self.use_referral_cache = use_referral_cache self.auto_escape = auto_escape self.auto_encode = auto_encode if isinstance(server, STRING_TYPES): server = Server(server) if isinstance(server, SEQUENCE_TYPES): server = ServerPool(server, ROUND_ROBIN, active=True, exhaust=True) if isinstance(server, ServerPool): self.server_pool = server self.server_pool.initialize(self) self.server = self.server_pool.get_current_server(self) else: self.server_pool = None self.server = server # if self.authentication == SIMPLE and self.user and self.check_names: # self.user = safe_dn(self.user) # if log_enabled(EXTENDED): # log(EXTENDED, 'user name sanitized to <%s> for simple authentication via <%s>', self.user, self) if self.strategy_type == SYNC: self.strategy = SyncStrategy(self) elif self.strategy_type == ASYNC: self.strategy = AsyncStrategy(self) elif self.strategy_type == LDIF: self.strategy = LdifProducerStrategy(self) elif self.strategy_type == RESTARTABLE: self.strategy = RestartableStrategy(self) elif self.strategy_type == REUSABLE: self.strategy = ReusableStrategy(self) self.lazy = False elif self.strategy_type == MOCK_SYNC: self.strategy = MockSyncStrategy(self) elif self.strategy_type == MOCK_ASYNC: self.strategy = MockAsyncStrategy(self) elif self.strategy_type == ASYNC_STREAM: self.strategy = AsyncStreamStrategy(self) else: self.last_error = 'unknown strategy' if log_enabled(ERROR): log(ERROR, '%s for <%s>', self.last_error, self) raise LDAPUnknownStrategyError(self.last_error) # maps strategy functions to connection functions self.send = self.strategy.send self.open = self.strategy.open self.get_response = self.strategy.get_response self.post_send_single_response = self.strategy.post_send_single_response self.post_send_search = self.strategy.post_send_search if not self.strategy.no_real_dsa: self.do_auto_bind() # else: # for strategies with a fake server set get_info to NONE if server hasn't a schema # if self.server and not self.server.schema: # self.server.get_info = NONE if log_enabled(BASIC): if get_library_log_hide_sensitive_data(): log(BASIC, 'instantiated Connection: <%s>', self.repr_with_sensitive_data_stripped()) else: log(BASIC, 'instantiated Connection: <%r>', self) def do_auto_bind(self): if self.auto_bind and self.auto_bind != AUTO_BIND_NONE: if log_enabled(BASIC): log(BASIC, 'performing automatic bind for <%s>', self) if self.closed: self.open(read_server_info=False) if self.auto_bind == AUTO_BIND_NO_TLS: self.bind(read_server_info=True) elif self.auto_bind == AUTO_BIND_TLS_BEFORE_BIND: self.start_tls(read_server_info=False) self.bind(read_server_info=True) elif self.auto_bind == AUTO_BIND_TLS_AFTER_BIND: self.bind(read_server_info=False) self.start_tls(read_server_info=True) if not self.bound: self.last_error = 'automatic bind not successful' + (' - ' + self.last_error if self.last_error else '') if log_enabled(ERROR): log(ERROR, '%s for <%s>', self.last_error, self) raise LDAPBindError(self.last_error) def __str__(self): s = [ str(self.server) if self.server else 'None', 'user: ' + str(self.user), 'lazy' if self.lazy else 'not lazy', 'unbound' if not self.bound else ('deferred bind' if self._deferred_bind else 'bound'), 'closed' if self.closed else ('deferred open' if self._deferred_open else 'open'), _format_socket_endpoints(self.socket), 'tls not started' if not self.tls_started else('deferred start_tls' if self._deferred_start_tls else 'tls started'), 'listening' if self.listening else 'not listening', self.strategy.__class__.__name__ if hasattr(self, 'strategy') else 'No strategy', 'internal decoder' if self.fast_decoder else 'pyasn1 decoder' ] return ' - '.join(s) def __repr__(self): conf_default_pool_name = get_config_parameter('DEFAULT_THREADED_POOL_NAME') if self.server_pool: r = 'Connection(server={0.server_pool!r}'.format(self) else: r = 'Connection(server={0.server!r}'.format(self) r += '' if self.user is None else ', user={0.user!r}'.format(self) r += '' if self.password is None else ', password={0.password!r}'.format(self) r += '' if self.auto_bind is None else ', auto_bind={0.auto_bind!r}'.format(self) r += '' if self.version is None else ', version={0.version!r}'.format(self) r += '' if self.authentication is None else ', authentication={0.authentication!r}'.format(self) r += '' if self.strategy_type is None else ', client_strategy={0.strategy_type!r}'.format(self) r += '' if self.auto_referrals is None else ', auto_referrals={0.auto_referrals!r}'.format(self) r += '' if self.sasl_mechanism is None else ', sasl_mechanism={0.sasl_mechanism!r}'.format(self) r += '' if self.sasl_credentials is None else ', sasl_credentials={0.sasl_credentials!r}'.format(self) r += '' if self.check_names is None else ', check_names={0.check_names!r}'.format(self) r += '' if self.usage is None else (', collect_usage=' + ('True' if self.usage else 'False')) r += '' if self.read_only is None else ', read_only={0.read_only!r}'.format(self) r += '' if self.lazy is None else ', lazy={0.lazy!r}'.format(self) r += '' if self.raise_exceptions is None else ', raise_exceptions={0.raise_exceptions!r}'.format(self) r += '' if (self.pool_name is None or self.pool_name == conf_default_pool_name) else ', pool_name={0.pool_name!r}'.format(self) r += '' if self.pool_size is None else ', pool_size={0.pool_size!r}'.format(self) r += '' if self.pool_lifetime is None else ', pool_lifetime={0.pool_lifetime!r}'.format(self) r += '' if self.pool_keepalive is None else ', pool_keepalive={0.pool_keepalive!r}'.format(self) r += '' if self.fast_decoder is None else (', fast_decoder=' + ('True' if self.fast_decoder else 'False')) r += '' if self.auto_range is None else (', auto_range=' + ('True' if self.auto_range else 'False')) r += '' if self.receive_timeout is None else ', receive_timeout={0.receive_timeout!r}'.format(self) r += '' if self.empty_attributes is None else (', return_empty_attributes=' + ('True' if self.empty_attributes else 'False')) r += '' if self.auto_encode is None else (', auto_encode=' + ('True' if self.auto_encode else 'False')) r += '' if self.auto_escape is None else (', auto_escape=' + ('True' if self.auto_escape else 'False')) r += '' if self.use_referral_cache is None else (', use_referral_cache=' + ('True' if self.use_referral_cache else 'False')) r += ')' return r def repr_with_sensitive_data_stripped(self): conf_default_pool_name = get_config_parameter('DEFAULT_THREADED_POOL_NAME') if self.server_pool: r = 'Connection(server={0.server_pool!r}'.format(self) else: r = 'Connection(server={0.server!r}'.format(self) r += '' if self.user is None else ', user={0.user!r}'.format(self) r += '' if self.password is None else ", password='{0}'".format('' % len(self.password)) r += '' if self.auto_bind is None else ', auto_bind={0.auto_bind!r}'.format(self) r += '' if self.version is None else ', version={0.version!r}'.format(self) r += '' if self.authentication is None else ', authentication={0.authentication!r}'.format(self) r += '' if self.strategy_type is None else ', client_strategy={0.strategy_type!r}'.format(self) r += '' if self.auto_referrals is None else ', auto_referrals={0.auto_referrals!r}'.format(self) r += '' if self.sasl_mechanism is None else ', sasl_mechanism={0.sasl_mechanism!r}'.format(self) if self.sasl_mechanism == DIGEST_MD5: r += '' if self.sasl_credentials is None else ", sasl_credentials=({0!r}, {1!r}, '{2}', {3!r})".format(self.sasl_credentials[0], self.sasl_credentials[1], '*' * len(self.sasl_credentials[2]), self.sasl_credentials[3]) else: r += '' if self.sasl_credentials is None else ', sasl_credentials={0.sasl_credentials!r}'.format(self) r += '' if self.check_names is None else ', check_names={0.check_names!r}'.format(self) r += '' if self.usage is None else (', collect_usage=' + 'True' if self.usage else 'False') r += '' if self.read_only is None else ', read_only={0.read_only!r}'.format(self) r += '' if self.lazy is None else ', lazy={0.lazy!r}'.format(self) r += '' if self.raise_exceptions is None else ', raise_exceptions={0.raise_exceptions!r}'.format(self) r += '' if (self.pool_name is None or self.pool_name == conf_default_pool_name) else ', pool_name={0.pool_name!r}'.format(self) r += '' if self.pool_size is None else ', pool_size={0.pool_size!r}'.format(self) r += '' if self.pool_lifetime is None else ', pool_lifetime={0.pool_lifetime!r}'.format(self) r += '' if self.pool_keepalive is None else ', pool_keepalive={0.pool_keepalive!r}'.format(self) r += '' if self.fast_decoder is None else (', fast_decoder=' + 'True' if self.fast_decoder else 'False') r += '' if self.auto_range is None else (', auto_range=' + ('True' if self.auto_range else 'False')) r += '' if self.receive_timeout is None else ', receive_timeout={0.receive_timeout!r}'.format(self) r += '' if self.empty_attributes is None else (', return_empty_attributes=' + 'True' if self.empty_attributes else 'False') r += '' if self.auto_encode is None else (', auto_encode=' + ('True' if self.auto_encode else 'False')) r += '' if self.auto_escape is None else (', auto_escape=' + ('True' if self.auto_escape else 'False')) r += '' if self.use_referral_cache is None else (', use_referral_cache=' + ('True' if self.use_referral_cache else 'False')) r += ')' return r @property def stream(self): """Used by the LDIFProducer strategy to accumulate the ldif-change operations with a single LDIF header :return: reference to the response stream if defined in the strategy. """ return self.strategy.get_stream() if self.strategy.can_stream else None @stream.setter def stream(self, value): with self.connection_lock: if self.strategy.can_stream: self.strategy.set_stream(value) @property def usage(self): """Usage statistics for the connection. :return: Usage object """ if not self._usage: return None if self.strategy.pooled: # update master connection usage from pooled connections self._usage.reset() for worker in self.strategy.pool.workers: self._usage += worker.connection.usage self._usage += self.strategy.pool.terminated_usage return self._usage def __enter__(self): with self.connection_lock: self._context_state.append((self.bound, self.closed)) # save status out of context as a tuple in a list if self.closed: self.open() if not self.bound: self.bind() return self # noinspection PyUnusedLocal def __exit__(self, exc_type, exc_val, exc_tb): with self.connection_lock: context_bound, context_closed = self._context_state.pop() if (not context_bound and self.bound) or self.stream: # restore status prior to entering context try: self.unbind() except LDAPExceptionError: pass if not context_closed and self.closed: self.open() if exc_type is not None: if log_enabled(ERROR): log(ERROR, '%s for <%s>', exc_type, self) return False # re-raise LDAPExceptionError def bind(self, read_server_info=True, controls=None): """Bind to ldap Server with the authentication method and the user defined in the connection :param read_server_info: reads info from server :param controls: LDAP controls to send along with the bind operation :type controls: list of tuple :return: bool """ if log_enabled(BASIC): log(BASIC, 'start BIND operation via <%s>', self) self.last_error = None with self.connection_lock: if self.lazy and not self._executing_deferred: if self.strategy.pooled: self.strategy.validate_bind(controls) self._deferred_bind = True self._bind_controls = controls self.bound = True if log_enabled(BASIC): log(BASIC, 'deferring bind for <%s>', self) else: self._deferred_bind = False self._bind_controls = None if self.closed: # try to open connection if closed self.open(read_server_info=False) if self.authentication == ANONYMOUS: if log_enabled(PROTOCOL): log(PROTOCOL, 'performing anonymous BIND for <%s>', self) if not self.strategy.pooled: request = bind_operation(self.version, self.authentication, self.user, '', auto_encode=self.auto_encode) if log_enabled(PROTOCOL): log(PROTOCOL, 'anonymous BIND request <%s> sent via <%s>', bind_request_to_dict(request), self) response = self.post_send_single_response(self.send('bindRequest', request, controls)) else: response = self.strategy.validate_bind(controls) # only for REUSABLE elif self.authentication == SIMPLE: if log_enabled(PROTOCOL): log(PROTOCOL, 'performing simple BIND for <%s>', self) if not self.strategy.pooled: request = bind_operation(self.version, self.authentication, self.user, self.password, auto_encode=self.auto_encode) if log_enabled(PROTOCOL): log(PROTOCOL, 'simple BIND request <%s> sent via <%s>', bind_request_to_dict(request), self) response = self.post_send_single_response(self.send('bindRequest', request, controls)) else: response = self.strategy.validate_bind(controls) # only for REUSABLE elif self.authentication == SASL: if self.sasl_mechanism in SASL_AVAILABLE_MECHANISMS: if log_enabled(PROTOCOL): log(PROTOCOL, 'performing SASL BIND for <%s>', self) if not self.strategy.pooled: response = self.do_sasl_bind(controls) else: response = self.strategy.validate_bind(controls) # only for REUSABLE else: self.last_error = 'requested SASL mechanism not supported' if log_enabled(ERROR): log(ERROR, '%s for <%s>', self.last_error, self) raise LDAPSASLMechanismNotSupportedError(self.last_error) elif self.authentication == NTLM: if self.user and self.password and len(self.user.split('\\')) == 2: if log_enabled(PROTOCOL): log(PROTOCOL, 'performing NTLM BIND for <%s>', self) if not self.strategy.pooled: response = self.do_ntlm_bind(controls) else: response = self.strategy.validate_bind(controls) # only for REUSABLE else: # user or password missing self.last_error = 'NTLM needs domain\\username and a password' if log_enabled(ERROR): log(ERROR, '%s for <%s>', self.last_error, self) raise LDAPUnknownAuthenticationMethodError(self.last_error) else: self.last_error = 'unknown authentication method' if log_enabled(ERROR): log(ERROR, '%s for <%s>', self.last_error, self) raise LDAPUnknownAuthenticationMethodError(self.last_error) if not self.strategy.sync and not self.strategy.pooled and self.authentication not in (SASL, NTLM): # get response if asynchronous except for SASL and NTLM that return the bind result even for asynchronous strategy _, result = self.get_response(response) if log_enabled(PROTOCOL): log(PROTOCOL, 'async BIND response id <%s> received via <%s>', result, self) elif self.strategy.sync: result = self.result if log_enabled(PROTOCOL): log(PROTOCOL, 'BIND response <%s> received via <%s>', result, self) elif self.strategy.pooled or self.authentication in (SASL, NTLM): # asynchronous SASL and NTLM or reusable strtegy get the bind result synchronously result = response else: self.last_error = 'unknown authentication method' if log_enabled(ERROR): log(ERROR, '%s for <%s>', self.last_error, self) raise LDAPUnknownAuthenticationMethodError(self.last_error) if result is None: # self.bound = True if self.strategy_type == REUSABLE else False self.bound = False elif result is True: self.bound = True elif result is False: self.bound = False else: self.bound = True if result['result'] == RESULT_SUCCESS else False if not self.bound and result and result['description'] and not self.last_error: self.last_error = result['description'] if read_server_info and self.bound: self.refresh_server_info() self._entries = [] if log_enabled(BASIC): log(BASIC, 'done BIND operation, result <%s>', self.bound) return self.bound def rebind(self, user=None, password=None, authentication=None, sasl_mechanism=None, sasl_credentials=None, read_server_info=True, controls=None ): if log_enabled(BASIC): log(BASIC, 'start (RE)BIND operation via <%s>', self) self.last_error = None with self.connection_lock: if user: self.user = user if password is not None: self.password = password if not authentication and user: self.authentication = SIMPLE if authentication in [SIMPLE, ANONYMOUS, SASL, NTLM]: self.authentication = authentication elif authentication is not None: self.last_error = 'unknown authentication method' if log_enabled(ERROR): log(ERROR, '%s for <%s>', self.last_error, self) raise LDAPUnknownAuthenticationMethodError(self.last_error) if sasl_mechanism: self.sasl_mechanism = sasl_mechanism if sasl_credentials: self.sasl_credentials = sasl_credentials # if self.authentication == SIMPLE and self.user and self.check_names: # self.user = safe_dn(self.user) # if log_enabled(EXTENDED): # log(EXTENDED, 'user name sanitized to <%s> for rebind via <%s>', self.user, self) if not self.strategy.pooled: try: return self.bind(read_server_info, controls) except LDAPSocketReceiveError: raise LDAPBindError('Unable to rebind as a different user, furthermore the server abruptly closed the connection') else: self.strategy.pool.rebind_pool() return True def unbind(self, controls=None): """Unbind the connected user. Unbind implies closing session as per RFC4511 (4.3) :param controls: LDAP controls to send along with the bind operation """ if log_enabled(BASIC): log(BASIC, 'start UNBIND operation via <%s>', self) if self.use_referral_cache: self.strategy.unbind_referral_cache() self.last_error = None with self.connection_lock: if self.lazy and not self._executing_deferred and (self._deferred_bind or self._deferred_open): # _clear deferred status self.strategy.close() self._deferred_open = False self._deferred_bind = False self._deferred_start_tls = False elif not self.closed: request = unbind_operation() if log_enabled(PROTOCOL): log(PROTOCOL, 'UNBIND request sent via <%s>', self) self.send('unbindRequest', request, controls) self.strategy.close() if log_enabled(BASIC): log(BASIC, 'done UNBIND operation, result <%s>', True) return True def search(self, search_base, search_filter, search_scope=SUBTREE, dereference_aliases=DEREF_ALWAYS, attributes=None, size_limit=0, time_limit=0, types_only=False, get_operational_attributes=False, controls=None, paged_size=None, paged_criticality=False, paged_cookie=None, auto_escape=None): """ Perform an ldap search: - If attributes is empty noRFC2696 with the specified size - If paged is 0 and cookie is present the search is abandoned on server attribute is returned - If attributes is ALL_ATTRIBUTES all attributes are returned - If paged_size is an int greater than 0 a simple paged search is tried as described in - Cookie is an opaque string received in the last paged search and must be used on the next paged search response - If lazy == True open and bind will be deferred until another LDAP operation is performed - If mssing_attributes == True then an attribute not returned by the server is set to None - If auto_escape is set it overrides the Connection auto_escape """ conf_attributes_excluded_from_check = [v.lower() for v in get_config_parameter('ATTRIBUTES_EXCLUDED_FROM_CHECK')] if log_enabled(BASIC): log(BASIC, 'start SEARCH operation via <%s>', self) if self.check_names and search_base: search_base = safe_dn(search_base) if log_enabled(EXTENDED): log(EXTENDED, 'search base sanitized to <%s> for SEARCH operation via <%s>', search_base, self) with self.connection_lock: self._fire_deferred() if not attributes: attributes = [NO_ATTRIBUTES] elif attributes == ALL_ATTRIBUTES: attributes = [ALL_ATTRIBUTES] if isinstance(attributes, STRING_TYPES): attributes = [attributes] if get_operational_attributes and isinstance(attributes, list): attributes.append(ALL_OPERATIONAL_ATTRIBUTES) elif get_operational_attributes and isinstance(attributes, tuple): attributes += (ALL_OPERATIONAL_ATTRIBUTES, ) # concatenate tuple if isinstance(paged_size, int): if log_enabled(PROTOCOL): log(PROTOCOL, 'performing paged search for %d items with cookie <%s> for <%s>', paged_size, escape_bytes(paged_cookie), self) if controls is None: controls = [] controls.append(paged_search_control(paged_criticality, paged_size, paged_cookie)) if self.server and self.server.schema and self.check_names: for attribute_name in attributes: if ';' in attribute_name: # remove tags attribute_name_to_check = attribute_name.split(';')[0] else: attribute_name_to_check = attribute_name if self.server.schema and attribute_name_to_check.lower() not in conf_attributes_excluded_from_check and attribute_name_to_check not in self.server.schema.attribute_types: raise LDAPAttributeError('invalid attribute type ' + attribute_name_to_check) request = search_operation(search_base, search_filter, search_scope, dereference_aliases, attributes, size_limit, time_limit, types_only, self.auto_escape if auto_escape is None else auto_escape, self.auto_encode, self.server.schema if self.server else None, check_names=self.check_names) if log_enabled(PROTOCOL): log(PROTOCOL, 'SEARCH request <%s> sent via <%s>', search_request_to_dict(request), self) response = self.post_send_search(self.send('searchRequest', request, controls)) self._entries = [] if isinstance(response, int): # asynchronous strategy return_value = response if log_enabled(PROTOCOL): log(PROTOCOL, 'async SEARCH response id <%s> received via <%s>', return_value, self) else: return_value = True if self.result['type'] == 'searchResDone' and len(response) > 0 else False if not return_value and self.result['result'] not in [RESULT_SUCCESS] and not self.last_error: self.last_error = self.result['description'] if log_enabled(PROTOCOL): for entry in response: if entry['type'] == 'searchResEntry': log(PROTOCOL, 'SEARCH response entry <%s> received via <%s>', entry, self) elif entry['type'] == 'searchResRef': log(PROTOCOL, 'SEARCH response reference <%s> received via <%s>', entry, self) if log_enabled(BASIC): log(BASIC, 'done SEARCH operation, result <%s>', return_value) return return_value def compare(self, dn, attribute, value, controls=None): """ Perform a compare operation """ conf_attributes_excluded_from_check = [v.lower() for v in get_config_parameter('ATTRIBUTES_EXCLUDED_FROM_CHECK')] if log_enabled(BASIC): log(BASIC, 'start COMPARE operation via <%s>', self) self.last_error = None if self.check_names: dn = safe_dn(dn) if log_enabled(EXTENDED): log(EXTENDED, 'dn sanitized to <%s> for COMPARE operation via <%s>', dn, self) if self.server and self.server.schema and self.check_names: if ';' in attribute: # remove tags for checking attribute_name_to_check = attribute.split(';')[0] else: attribute_name_to_check = attribute if self.server.schema.attribute_types and attribute_name_to_check.lower() not in conf_attributes_excluded_from_check and attribute_name_to_check not in self.server.schema.attribute_types: raise LDAPAttributeError('invalid attribute type ' + attribute_name_to_check) if isinstance(value, SEQUENCE_TYPES): # value can't be a sequence raise LDAPInvalidValueError('value cannot be a sequence') with self.connection_lock: self._fire_deferred() request = compare_operation(dn, attribute, value, self.auto_encode, self.server.schema if self.server else None, validator=self.server.custom_validator if self.server else None, check_names=self.check_names) if log_enabled(PROTOCOL): log(PROTOCOL, 'COMPARE request <%s> sent via <%s>', compare_request_to_dict(request), self) response = self.post_send_single_response(self.send('compareRequest', request, controls)) self._entries = [] if isinstance(response, int): return_value = response if log_enabled(PROTOCOL): log(PROTOCOL, 'async COMPARE response id <%s> received via <%s>', return_value, self) else: return_value = True if self.result['type'] == 'compareResponse' and self.result['result'] == RESULT_COMPARE_TRUE else False if not return_value and self.result['result'] not in [RESULT_COMPARE_TRUE, RESULT_COMPARE_FALSE] and not self.last_error: self.last_error = self.result['description'] if log_enabled(PROTOCOL): log(PROTOCOL, 'COMPARE response <%s> received via <%s>', response, self) if log_enabled(BASIC): log(BASIC, 'done COMPARE operation, result <%s>', return_value) return return_value def add(self, dn, object_class=None, attributes=None, controls=None): """ Add dn to the DIT, object_class is None, a class name or a list of class names. Attributes is a dictionary in the form 'attr': 'val' or 'attr': ['val1', 'val2', ...] for multivalued attributes """ conf_attributes_excluded_from_check = [v.lower() for v in get_config_parameter('ATTRIBUTES_EXCLUDED_FROM_CHECK')] conf_classes_excluded_from_check = [v.lower() for v in get_config_parameter('CLASSES_EXCLUDED_FROM_CHECK')] if log_enabled(BASIC): log(BASIC, 'start ADD operation via <%s>', self) self.last_error = None if self.check_names: dn = safe_dn(dn) if log_enabled(EXTENDED): log(EXTENDED, 'dn sanitized to <%s> for ADD operation via <%s>', dn, self) with self.connection_lock: self._fire_deferred() attr_object_class = [] if object_class is None: parm_object_class = [] else: parm_object_class = list(object_class) if isinstance(object_class, SEQUENCE_TYPES) else [object_class] object_class_attr_name = '' if attributes: for attr in attributes: if attr.lower() == 'objectclass': object_class_attr_name = attr attr_object_class = list(attributes[object_class_attr_name]) if isinstance(attributes[object_class_attr_name], SEQUENCE_TYPES) else [attributes[object_class_attr_name]] break else: attributes = dict() if not object_class_attr_name: object_class_attr_name = 'objectClass' attr_object_class = [to_unicode(object_class) for object_class in attr_object_class] # converts objectclass to unicode in case of bytes value attributes[object_class_attr_name] = reduce(lambda x, y: x + [y] if y not in x else x, parm_object_class + attr_object_class, []) # remove duplicate ObjectClasses if not attributes[object_class_attr_name]: self.last_error = 'objectClass attribute is mandatory' if log_enabled(ERROR): log(ERROR, '%s for <%s>', self.last_error, self) raise LDAPObjectClassError(self.last_error) if self.server and self.server.schema and self.check_names: for object_class_name in attributes[object_class_attr_name]: if object_class_name.lower() not in conf_classes_excluded_from_check and object_class_name not in self.server.schema.object_classes: raise LDAPObjectClassError('invalid object class ' + str(object_class_name)) for attribute_name in attributes: if ';' in attribute_name: # remove tags for checking attribute_name_to_check = attribute_name.split(';')[0] else: attribute_name_to_check = attribute_name if attribute_name_to_check.lower() not in conf_attributes_excluded_from_check and attribute_name_to_check not in self.server.schema.attribute_types: raise LDAPAttributeError('invalid attribute type ' + attribute_name_to_check) request = add_operation(dn, attributes, self.auto_encode, self.server.schema if self.server else None, validator=self.server.custom_validator if self.server else None, check_names=self.check_names) if log_enabled(PROTOCOL): log(PROTOCOL, 'ADD request <%s> sent via <%s>', add_request_to_dict(request), self) response = self.post_send_single_response(self.send('addRequest', request, controls)) self._entries = [] if isinstance(response, STRING_TYPES + (int, )): return_value = response if log_enabled(PROTOCOL): log(PROTOCOL, 'async ADD response id <%s> received via <%s>', return_value, self) else: if log_enabled(PROTOCOL): log(PROTOCOL, 'ADD response <%s> received via <%s>', response, self) return_value = True if self.result['type'] == 'addResponse' and self.result['result'] == RESULT_SUCCESS else False if not return_value and self.result['result'] not in [RESULT_SUCCESS] and not self.last_error: self.last_error = self.result['description'] if log_enabled(BASIC): log(BASIC, 'done ADD operation, result <%s>', return_value) return return_value def delete(self, dn, controls=None): """ Delete the entry identified by the DN from the DIB. """ if log_enabled(BASIC): log(BASIC, 'start DELETE operation via <%s>', self) self.last_error = None if self.check_names: dn = safe_dn(dn) if log_enabled(EXTENDED): log(EXTENDED, 'dn sanitized to <%s> for DELETE operation via <%s>', dn, self) with self.connection_lock: self._fire_deferred() if self.read_only: self.last_error = 'connection is read-only' if log_enabled(ERROR): log(ERROR, '%s for <%s>', self.last_error, self) raise LDAPConnectionIsReadOnlyError(self.last_error) request = delete_operation(dn) if log_enabled(PROTOCOL): log(PROTOCOL, 'DELETE request <%s> sent via <%s>', delete_request_to_dict(request), self) response = self.post_send_single_response(self.send('delRequest', request, controls)) self._entries = [] if isinstance(response, STRING_TYPES + (int, )): return_value = response if log_enabled(PROTOCOL): log(PROTOCOL, 'async DELETE response id <%s> received via <%s>', return_value, self) else: if log_enabled(PROTOCOL): log(PROTOCOL, 'DELETE response <%s> received via <%s>', response, self) return_value = True if self.result['type'] == 'delResponse' and self.result['result'] == RESULT_SUCCESS else False if not return_value and self.result['result'] not in [RESULT_SUCCESS] and not self.last_error: self.last_error = self.result['description'] if log_enabled(BASIC): log(BASIC, 'done DELETE operation, result <%s>', return_value) return return_value def modify(self, dn, changes, controls=None): """ Modify attributes of entry - changes is a dictionary in the form {'attribute1': change), 'attribute2': [change, change, ...], ...} - change is (operation, [value1, value2, ...]) - operation is 0 (MODIFY_ADD), 1 (MODIFY_DELETE), 2 (MODIFY_REPLACE), 3 (MODIFY_INCREMENT) """ conf_attributes_excluded_from_check = [v.lower() for v in get_config_parameter('ATTRIBUTES_EXCLUDED_FROM_CHECK')] if log_enabled(BASIC): log(BASIC, 'start MODIFY operation via <%s>', self) self.last_error = None if self.check_names: dn = safe_dn(dn) if log_enabled(EXTENDED): log(EXTENDED, 'dn sanitized to <%s> for MODIFY operation via <%s>', dn, self) with self.connection_lock: self._fire_deferred() if self.read_only: self.last_error = 'connection is read-only' if log_enabled(ERROR): log(ERROR, '%s for <%s>', self.last_error, self) raise LDAPConnectionIsReadOnlyError(self.last_error) if not isinstance(changes, dict): self.last_error = 'changes must be a dictionary' if log_enabled(ERROR): log(ERROR, '%s for <%s>', self.last_error, self) raise LDAPChangeError(self.last_error) if not changes: self.last_error = 'no changes in modify request' if log_enabled(ERROR): log(ERROR, '%s for <%s>', self.last_error, self) raise LDAPChangeError(self.last_error) for attribute_name in changes: if self.server and self.server.schema and self.check_names: if ';' in attribute_name: # remove tags for checking attribute_name_to_check = attribute_name.split(';')[0] else: attribute_name_to_check = attribute_name if self.server.schema.attribute_types and attribute_name_to_check.lower() not in conf_attributes_excluded_from_check and attribute_name_to_check not in self.server.schema.attribute_types: raise LDAPAttributeError('invalid attribute type ' + attribute_name_to_check) change = changes[attribute_name] if isinstance(change, SEQUENCE_TYPES) and change[0] in [MODIFY_ADD, MODIFY_DELETE, MODIFY_REPLACE, MODIFY_INCREMENT, 0, 1, 2, 3]: if len(change) != 2: self.last_error = 'malformed change' if log_enabled(ERROR): log(ERROR, '%s for <%s>', self.last_error, self) raise LDAPChangeError(self.last_error) changes[attribute_name] = [change] # insert change in a tuple else: for change_operation in change: if len(change_operation) != 2 or change_operation[0] not in [MODIFY_ADD, MODIFY_DELETE, MODIFY_REPLACE, MODIFY_INCREMENT, 0, 1, 2, 3]: self.last_error = 'invalid change list' if log_enabled(ERROR): log(ERROR, '%s for <%s>', self.last_error, self) raise LDAPChangeError(self.last_error) request = modify_operation(dn, changes, self.auto_encode, self.server.schema if self.server else None, validator=self.server.custom_validator if self.server else None, check_names=self.check_names) if log_enabled(PROTOCOL): log(PROTOCOL, 'MODIFY request <%s> sent via <%s>', modify_request_to_dict(request), self) response = self.post_send_single_response(self.send('modifyRequest', request, controls)) self._entries = [] if isinstance(response, STRING_TYPES + (int, )): return_value = response if log_enabled(PROTOCOL): log(PROTOCOL, 'async MODIFY response id <%s> received via <%s>', return_value, self) else: if log_enabled(PROTOCOL): log(PROTOCOL, 'MODIFY response <%s> received via <%s>', response, self) return_value = True if self.result['type'] == 'modifyResponse' and self.result['result'] == RESULT_SUCCESS else False if not return_value and self.result['result'] not in [RESULT_SUCCESS] and not self.last_error: self.last_error = self.result['description'] if log_enabled(BASIC): log(BASIC, 'done MODIFY operation, result <%s>', return_value) return return_value def modify_dn(self, dn, relative_dn, delete_old_dn=True, new_superior=None, controls=None): """ Modify DN of the entry or performs a move of the entry in the DIT. """ if log_enabled(BASIC): log(BASIC, 'start MODIFY DN operation via <%s>', self) self.last_error = None if self.check_names: dn = safe_dn(dn) if log_enabled(EXTENDED): log(EXTENDED, 'dn sanitized to <%s> for MODIFY DN operation via <%s>', dn, self) relative_dn = safe_dn(relative_dn) if log_enabled(EXTENDED): log(EXTENDED, 'relative dn sanitized to <%s> for MODIFY DN operation via <%s>', relative_dn, self) with self.connection_lock: self._fire_deferred() if self.read_only: self.last_error = 'connection is read-only' if log_enabled(ERROR): log(ERROR, '%s for <%s>', self.last_error, self) raise LDAPConnectionIsReadOnlyError(self.last_error) if new_superior and not dn.startswith(relative_dn): # as per RFC4511 (4.9) self.last_error = 'DN cannot change while performing moving' if log_enabled(ERROR): log(ERROR, '%s for <%s>', self.last_error, self) raise LDAPChangeError(self.last_error) request = modify_dn_operation(dn, relative_dn, delete_old_dn, new_superior) if log_enabled(PROTOCOL): log(PROTOCOL, 'MODIFY DN request <%s> sent via <%s>', modify_dn_request_to_dict(request), self) response = self.post_send_single_response(self.send('modDNRequest', request, controls)) self._entries = [] if isinstance(response, STRING_TYPES + (int, )): return_value = response if log_enabled(PROTOCOL): log(PROTOCOL, 'async MODIFY DN response id <%s> received via <%s>', return_value, self) else: if log_enabled(PROTOCOL): log(PROTOCOL, 'MODIFY DN response <%s> received via <%s>', response, self) return_value = True if self.result['type'] == 'modDNResponse' and self.result['result'] == RESULT_SUCCESS else False if not return_value and self.result['result'] not in [RESULT_SUCCESS] and not self.last_error: self.last_error = self.result['description'] if log_enabled(BASIC): log(BASIC, 'done MODIFY DN operation, result <%s>', return_value) return return_value def abandon(self, message_id, controls=None): """ Abandon the operation indicated by message_id """ if log_enabled(BASIC): log(BASIC, 'start ABANDON operation via <%s>', self) self.last_error = None with self.connection_lock: self._fire_deferred() return_value = False if self.strategy._outstanding or message_id == 0: # only current operation should be abandoned, abandon, bind and unbind cannot ever be abandoned, # messagiId 0 is invalid and should be used as a "ping" to keep alive the connection if (self.strategy._outstanding and message_id in self.strategy._outstanding and self.strategy._outstanding[message_id]['type'] not in ['abandonRequest', 'bindRequest', 'unbindRequest']) or message_id == 0: request = abandon_operation(message_id) if log_enabled(PROTOCOL): log(PROTOCOL, 'ABANDON request: <%s> sent via <%s>', abandon_request_to_dict(request), self) self.send('abandonRequest', request, controls) self.result = None self.response = None self._entries = [] return_value = True else: if log_enabled(ERROR): log(ERROR, 'cannot abandon a Bind, an Unbind or an Abandon operation or message ID %s not found via <%s>', str(message_id), self) if log_enabled(BASIC): log(BASIC, 'done ABANDON operation, result <%s>', return_value) return return_value def extended(self, request_name, request_value=None, controls=None, no_encode=None): """ Performs an extended operation """ if log_enabled(BASIC): log(BASIC, 'start EXTENDED operation via <%s>', self) self.last_error = None with self.connection_lock: self._fire_deferred() request = extended_operation(request_name, request_value, no_encode=no_encode) if log_enabled(PROTOCOL): log(PROTOCOL, 'EXTENDED request <%s> sent via <%s>', extended_request_to_dict(request), self) response = self.post_send_single_response(self.send('extendedReq', request, controls)) self._entries = [] if isinstance(response, int): return_value = response if log_enabled(PROTOCOL): log(PROTOCOL, 'async EXTENDED response id <%s> received via <%s>', return_value, self) else: if log_enabled(PROTOCOL): log(PROTOCOL, 'EXTENDED response <%s> received via <%s>', response, self) return_value = True if self.result['type'] == 'extendedResp' and self.result['result'] == RESULT_SUCCESS else False if not return_value and self.result['result'] not in [RESULT_SUCCESS] and not self.last_error: self.last_error = self.result['description'] if log_enabled(BASIC): log(BASIC, 'done EXTENDED operation, result <%s>', return_value) return return_value def start_tls(self, read_server_info=True): # as per RFC4511. Removal of TLS is defined as MAY in RFC4511 so the client can't implement a generic stop_tls method0 if log_enabled(BASIC): log(BASIC, 'start START TLS operation via <%s>', self) with self.connection_lock: return_value = False if not self.server.tls: self.server.tls = Tls() if self.lazy and not self._executing_deferred: self._deferred_start_tls = True self.tls_started = True return_value = True if log_enabled(BASIC): log(BASIC, 'deferring START TLS for <%s>', self) else: self._deferred_start_tls = False if self.server.tls.start_tls(self) and self.strategy.sync: # for asynchronous connections _start_tls is run by the strategy if read_server_info: self.refresh_server_info() # refresh server info as per RFC4515 (3.1.5) return_value = True elif not self.strategy.sync: return_value = True if log_enabled(BASIC): log(BASIC, 'done START TLS operation, result <%s>', return_value) return return_value def do_sasl_bind(self, controls): if log_enabled(BASIC): log(BASIC, 'start SASL BIND operation via <%s>', self) self.last_error = None with self.connection_lock: result = None if not self.sasl_in_progress: self.sasl_in_progress = True try: if self.sasl_mechanism == EXTERNAL: result = sasl_external(self, controls) elif self.sasl_mechanism == DIGEST_MD5: result = sasl_digest_md5(self, controls) elif self.sasl_mechanism == GSSAPI: from ..protocol.sasl.kerberos import sasl_gssapi # needs the gssapi package result = sasl_gssapi(self, controls) elif self.sasl_mechanism == 'PLAIN': result = sasl_plain(self, controls) finally: self.sasl_in_progress = False if log_enabled(BASIC): log(BASIC, 'done SASL BIND operation, result <%s>', result) return result def do_ntlm_bind(self, controls): if log_enabled(BASIC): log(BASIC, 'start NTLM BIND operation via <%s>', self) self.last_error = None with self.connection_lock: result = None if not self.sasl_in_progress: self.sasl_in_progress = True # ntlm is same of sasl authentication # additional import for NTLM from ..utils.ntlm import NtlmClient domain_name, user_name = self.user.split('\\', 1) ntlm_client = NtlmClient(user_name=user_name, domain=domain_name, password=self.password) # as per https://msdn.microsoft.com/en-us/library/cc223501.aspx # send a sicilyPackageDiscovery request (in the bindRequest) request = bind_operation(self.version, 'SICILY_PACKAGE_DISCOVERY', ntlm_client) if log_enabled(PROTOCOL): log(PROTOCOL, 'NTLM SICILY PACKAGE DISCOVERY request sent via <%s>', self) response = self.post_send_single_response(self.send('bindRequest', request, controls)) if not self.strategy.sync: _, result = self.get_response(response) else: result = response[0] if 'server_creds' in result: sicily_packages = result['server_creds'].decode('ascii').split(';') if 'NTLM' in sicily_packages: # NTLM available on server request = bind_operation(self.version, 'SICILY_NEGOTIATE_NTLM', ntlm_client) if log_enabled(PROTOCOL): log(PROTOCOL, 'NTLM SICILY NEGOTIATE request sent via <%s>', self) response = self.post_send_single_response(self.send('bindRequest', request, controls)) if not self.strategy.sync: _, result = self.get_response(response) else: if log_enabled(PROTOCOL): log(PROTOCOL, 'NTLM SICILY NEGOTIATE response <%s> received via <%s>', response[0], self) result = response[0] if result['result'] == RESULT_SUCCESS: request = bind_operation(self.version, 'SICILY_RESPONSE_NTLM', ntlm_client, result['server_creds']) if log_enabled(PROTOCOL): log(PROTOCOL, 'NTLM SICILY RESPONSE NTLM request sent via <%s>', self) response = self.post_send_single_response(self.send('bindRequest', request, controls)) if not self.strategy.sync: _, result = self.get_response(response) else: if log_enabled(PROTOCOL): log(PROTOCOL, 'NTLM BIND response <%s> received via <%s>', response[0], self) result = response[0] else: result = None self.sasl_in_progress = False if log_enabled(BASIC): log(BASIC, 'done SASL NTLM operation, result <%s>', result) return result def refresh_server_info(self): # if self.strategy.no_real_dsa: # do not refresh for mock strategies # return if not self.strategy.pooled: with self.connection_lock: if not self.closed: if log_enabled(BASIC): log(BASIC, 'refreshing server info for <%s>', self) previous_response = self.response previous_result = self.result previous_entries = self._entries self.server.get_info_from_server(self) self.response = previous_response self.result = previous_result self._entries = previous_entries else: if log_enabled(BASIC): log(BASIC, 'refreshing server info from pool for <%s>', self) self.strategy.pool.get_info_from_server() def response_to_ldif(self, search_result=None, all_base64=False, line_separator=None, sort_order=None, stream=None): with self.connection_lock: if search_result is None: search_result = self.response if isinstance(search_result, SEQUENCE_TYPES): ldif_lines = operation_to_ldif('searchResponse', search_result, all_base64, sort_order=sort_order) ldif_lines = add_ldif_header(ldif_lines) line_separator = line_separator or linesep ldif_output = line_separator.join(ldif_lines) if stream: if stream.tell() == 0: header = add_ldif_header(['-'])[0] stream.write(prepare_for_stream(header + line_separator + line_separator)) stream.write(prepare_for_stream(ldif_output + line_separator + line_separator)) if log_enabled(BASIC): log(BASIC, 'building LDIF output <%s> for <%s>', ldif_output, self) return ldif_output return None def response_to_json(self, raw=False, search_result=None, indent=4, sort=True, stream=None, checked_attributes=True, include_empty=True): with self.connection_lock: if search_result is None: search_result = self.response if isinstance(search_result, SEQUENCE_TYPES): json_dict = dict() json_dict['entries'] = [] for response in search_result: if response['type'] == 'searchResEntry': entry = dict() entry['dn'] = response['dn'] if checked_attributes: if not include_empty: # needed for python 2.6 compatibility entry['attributes'] = dict((key, response['attributes'][key]) for key in response['attributes'] if response['attributes'][key]) else: entry['attributes'] = dict(response['attributes']) if raw: if not include_empty: # needed for python 2.6 compatibility entry['raw_attributes'] = dict((key, response['raw_attributes'][key]) for key in response['raw_attributes'] if response['raw:attributes'][key]) else: entry['raw'] = dict(response['raw_attributes']) json_dict['entries'].append(entry) if str is bytes: # Python 2 check_json_dict(json_dict) json_output = json.dumps(json_dict, ensure_ascii=True, sort_keys=sort, indent=indent, check_circular=True, default=format_json, separators=(',', ': ')) if log_enabled(BASIC): log(BASIC, 'building JSON output <%s> for <%s>', json_output, self) if stream: stream.write(json_output) return json_output def response_to_file(self, target, raw=False, indent=4, sort=True): with self.connection_lock: if self.response: if isinstance(target, STRING_TYPES): target = open(target, 'w+') if log_enabled(BASIC): log(BASIC, 'writing response to file for <%s>', self) target.writelines(self.response_to_json(raw=raw, indent=indent, sort=sort)) target.close() def _fire_deferred(self, read_info=True): with self.connection_lock: if self.lazy and not self._executing_deferred: self._executing_deferred = True if log_enabled(BASIC): log(BASIC, 'executing deferred (open: %s, start_tls: %s, bind: %s) for <%s>', self._deferred_open, self._deferred_start_tls, self._deferred_bind, self) try: if self._deferred_open: self.open(read_server_info=False) if self._deferred_start_tls: self.start_tls(read_server_info=False) if self._deferred_bind: self.bind(read_server_info=False, controls=self._bind_controls) if read_info: self.refresh_server_info() except LDAPExceptionError as e: if log_enabled(ERROR): log(ERROR, '%s for <%s>', e, self) raise # re-raise LDAPExceptionError finally: self._executing_deferred = False @property def entries(self): if self.response: if not self._entries: self._entries = self._get_entries(self.response) return self._entries def _get_entries(self, search_response): with self.connection_lock: from .. import ObjectDef, Reader # build a table of ObjectDefs, grouping the entries found in search_response for their attributes set, subset will be included in superset attr_sets = [] for response in search_response: if response['type'] == 'searchResEntry': resp_attr_set = set(response['attributes'].keys()) if resp_attr_set not in attr_sets: attr_sets.append(resp_attr_set) attr_sets.sort(key=lambda x: -len(x)) # sorts the list in descending length order unique_attr_sets = [] for attr_set in attr_sets: for unique_set in unique_attr_sets: if unique_set >= attr_set: # checks if unique set is a superset of attr_set break else: # the attr_set is not a subset of any element in unique_attr_sets unique_attr_sets.append(attr_set) object_defs = [] for attr_set in unique_attr_sets: object_def = ObjectDef(schema=self.server.schema) object_def += list(attr_set) # converts the set in a list to be added to the object definition object_defs.append((attr_set, object_def, Reader(self, object_def, self.request['base'], self.request['filter'], attributes=attr_set) if self.strategy.sync else Reader(self, object_def, '', '', attributes=attr_set)) ) # objects_defs contains a tuple with the set, the ObjectDef and a cursor entries = [] for response in search_response: if response['type'] == 'searchResEntry': resp_attr_set = set(response['attributes'].keys()) for object_def in object_defs: if resp_attr_set <= object_def[0]: # finds the ObjectDef for the attribute set of this entry entry = object_def[2]._create_entry(response) entries.append(entry) break else: if log_enabled(ERROR): log(ERROR, 'attribute set not found for %s in <%s>', resp_attr_set, self) raise LDAPObjectError('attribute set not found for ' + str(resp_attr_set)) return entries ldap3-2.4.1/ldap3/core/exceptions.py0000666000000000000000000004124313226436321015347 0ustar 00000000000000""" """ # Created on 2014.05.14 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from os import sep from .results import RESULT_OPERATIONS_ERROR, RESULT_PROTOCOL_ERROR, RESULT_TIME_LIMIT_EXCEEDED, RESULT_SIZE_LIMIT_EXCEEDED, \ RESULT_STRONGER_AUTH_REQUIRED, RESULT_REFERRAL, RESULT_ADMIN_LIMIT_EXCEEDED, RESULT_UNAVAILABLE_CRITICAL_EXTENSION, \ RESULT_AUTH_METHOD_NOT_SUPPORTED, RESULT_UNDEFINED_ATTRIBUTE_TYPE, RESULT_NO_SUCH_ATTRIBUTE, \ RESULT_SASL_BIND_IN_PROGRESS, RESULT_CONFIDENTIALITY_REQUIRED, RESULT_INAPPROPRIATE_MATCHING, \ RESULT_CONSTRAINT_VIOLATION, \ RESULT_ATTRIBUTE_OR_VALUE_EXISTS, RESULT_INVALID_ATTRIBUTE_SYNTAX, RESULT_NO_SUCH_OBJECT, RESULT_ALIAS_PROBLEM, \ RESULT_INVALID_DN_SYNTAX, RESULT_ALIAS_DEREFERENCING_PROBLEM, RESULT_INVALID_CREDENTIALS, RESULT_LOOP_DETECTED, \ RESULT_ENTRY_ALREADY_EXISTS, RESULT_LCUP_SECURITY_VIOLATION, RESULT_CANCELED, RESULT_E_SYNC_REFRESH_REQUIRED, \ RESULT_NO_SUCH_OPERATION, RESULT_LCUP_INVALID_DATA, RESULT_OBJECT_CLASS_MODS_PROHIBITED, RESULT_NAMING_VIOLATION, \ RESULT_INSUFFICIENT_ACCESS_RIGHTS, RESULT_OBJECT_CLASS_VIOLATION, RESULT_TOO_LATE, RESULT_CANNOT_CANCEL, \ RESULT_LCUP_UNSUPPORTED_SCHEME, RESULT_BUSY, RESULT_AFFECT_MULTIPLE_DSAS, RESULT_UNAVAILABLE, \ RESULT_NOT_ALLOWED_ON_NON_LEAF, \ RESULT_UNWILLING_TO_PERFORM, RESULT_OTHER, RESULT_LCUP_RELOAD_REQUIRED, RESULT_ASSERTION_FAILED, \ RESULT_AUTHORIZATION_DENIED, RESULT_LCUP_RESOURCES_EXHAUSTED, RESULT_NOT_ALLOWED_ON_RDN, \ RESULT_INAPPROPRIATE_AUTHENTICATION import socket # LDAPException hierarchy class LDAPException(Exception): pass class LDAPOperationResult(LDAPException): def __new__(cls, result=None, description=None, dn=None, message=None, response_type=None, response=None): if cls is LDAPOperationResult and result and result in exception_table: exc = super(LDAPOperationResult, exception_table[result]).__new__( exception_table[result]) # create an exception of the required result error exc.result = result exc.description = description exc.dn = dn exc.message = message exc.type = response_type exc.response = response else: exc = super(LDAPOperationResult, cls).__new__(cls) return exc def __init__(self, result=None, description=None, dn=None, message=None, response_type=None, response=None): self.result = result self.description = description self.dn = dn self.message = message self.type = response_type self.response = response def __str__(self): s = [self.__class__.__name__, str(self.result) if self.result else None, self.description if self.description else None, self.dn if self.dn else None, self.message if self.message else None, self.type if self.type else None, self.response if self.response else None] return ' - '.join([str(item) for item in s if s is not None]) def __repr__(self): return self.__str__() class LDAPOperationsErrorResult(LDAPOperationResult): pass class LDAPProtocolErrorResult(LDAPOperationResult): pass class LDAPTimeLimitExceededResult(LDAPOperationResult): pass class LDAPSizeLimitExceededResult(LDAPOperationResult): pass class LDAPAuthMethodNotSupportedResult(LDAPOperationResult): pass class LDAPStrongerAuthRequiredResult(LDAPOperationResult): pass class LDAPReferralResult(LDAPOperationResult): pass class LDAPAdminLimitExceededResult(LDAPOperationResult): pass class LDAPUnavailableCriticalExtensionResult(LDAPOperationResult): pass class LDAPConfidentialityRequiredResult(LDAPOperationResult): pass class LDAPSASLBindInProgressResult(LDAPOperationResult): pass class LDAPNoSuchAttributeResult(LDAPOperationResult): pass class LDAPUndefinedAttributeTypeResult(LDAPOperationResult): pass class LDAPInappropriateMatchingResult(LDAPOperationResult): pass class LDAPConstraintViolationResult(LDAPOperationResult): pass class LDAPAttributeOrValueExistsResult(LDAPOperationResult): pass class LDAPInvalidAttributeSyntaxResult(LDAPOperationResult): pass class LDAPNoSuchObjectResult(LDAPOperationResult): pass class LDAPAliasProblemResult(LDAPOperationResult): pass class LDAPInvalidDNSyntaxResult(LDAPOperationResult): pass class LDAPAliasDereferencingProblemResult(LDAPOperationResult): pass class LDAPInappropriateAuthenticationResult(LDAPOperationResult): pass class LDAPInvalidCredentialsResult(LDAPOperationResult): pass class LDAPInsufficientAccessRightsResult(LDAPOperationResult): pass class LDAPBusyResult(LDAPOperationResult): pass class LDAPUnavailableResult(LDAPOperationResult): pass class LDAPUnwillingToPerformResult(LDAPOperationResult): pass class LDAPLoopDetectedResult(LDAPOperationResult): pass class LDAPNamingViolationResult(LDAPOperationResult): pass class LDAPObjectClassViolationResult(LDAPOperationResult): pass class LDAPNotAllowedOnNotLeafResult(LDAPOperationResult): pass class LDAPNotAllowedOnRDNResult(LDAPOperationResult): pass class LDAPEntryAlreadyExistsResult(LDAPOperationResult): pass class LDAPObjectClassModsProhibitedResult(LDAPOperationResult): pass class LDAPAffectMultipleDSASResult(LDAPOperationResult): pass class LDAPOtherResult(LDAPOperationResult): pass class LDAPLCUPResourcesExhaustedResult(LDAPOperationResult): pass class LDAPLCUPSecurityViolationResult(LDAPOperationResult): pass class LDAPLCUPInvalidDataResult(LDAPOperationResult): pass class LDAPLCUPUnsupportedSchemeResult(LDAPOperationResult): pass class LDAPLCUPReloadRequiredResult(LDAPOperationResult): pass class LDAPCanceledResult(LDAPOperationResult): pass class LDAPNoSuchOperationResult(LDAPOperationResult): pass class LDAPTooLateResult(LDAPOperationResult): pass class LDAPCannotCancelResult(LDAPOperationResult): pass class LDAPAssertionFailedResult(LDAPOperationResult): pass class LDAPAuthorizationDeniedResult(LDAPOperationResult): pass class LDAPESyncRefreshRequiredResult(LDAPOperationResult): pass exception_table = {RESULT_OPERATIONS_ERROR: LDAPOperationsErrorResult, RESULT_PROTOCOL_ERROR: LDAPProtocolErrorResult, RESULT_TIME_LIMIT_EXCEEDED: LDAPTimeLimitExceededResult, RESULT_SIZE_LIMIT_EXCEEDED: LDAPSizeLimitExceededResult, RESULT_AUTH_METHOD_NOT_SUPPORTED: LDAPAuthMethodNotSupportedResult, RESULT_STRONGER_AUTH_REQUIRED: LDAPStrongerAuthRequiredResult, RESULT_REFERRAL: LDAPReferralResult, RESULT_ADMIN_LIMIT_EXCEEDED: LDAPAdminLimitExceededResult, RESULT_UNAVAILABLE_CRITICAL_EXTENSION: LDAPUnavailableCriticalExtensionResult, RESULT_CONFIDENTIALITY_REQUIRED: LDAPConfidentialityRequiredResult, RESULT_SASL_BIND_IN_PROGRESS: LDAPSASLBindInProgressResult, RESULT_NO_SUCH_ATTRIBUTE: LDAPNoSuchAttributeResult, RESULT_UNDEFINED_ATTRIBUTE_TYPE: LDAPUndefinedAttributeTypeResult, RESULT_INAPPROPRIATE_MATCHING: LDAPInappropriateMatchingResult, RESULT_CONSTRAINT_VIOLATION: LDAPConstraintViolationResult, RESULT_ATTRIBUTE_OR_VALUE_EXISTS: LDAPAttributeOrValueExistsResult, RESULT_INVALID_ATTRIBUTE_SYNTAX: LDAPInvalidAttributeSyntaxResult, RESULT_NO_SUCH_OBJECT: LDAPNoSuchObjectResult, RESULT_ALIAS_PROBLEM: LDAPAliasProblemResult, RESULT_INVALID_DN_SYNTAX: LDAPInvalidDNSyntaxResult, RESULT_ALIAS_DEREFERENCING_PROBLEM: LDAPAliasDereferencingProblemResult, RESULT_INAPPROPRIATE_AUTHENTICATION: LDAPInappropriateAuthenticationResult, RESULT_INVALID_CREDENTIALS: LDAPInvalidCredentialsResult, RESULT_INSUFFICIENT_ACCESS_RIGHTS: LDAPInsufficientAccessRightsResult, RESULT_BUSY: LDAPBusyResult, RESULT_UNAVAILABLE: LDAPUnavailableResult, RESULT_UNWILLING_TO_PERFORM: LDAPUnwillingToPerformResult, RESULT_LOOP_DETECTED: LDAPLoopDetectedResult, RESULT_NAMING_VIOLATION: LDAPNamingViolationResult, RESULT_OBJECT_CLASS_VIOLATION: LDAPObjectClassViolationResult, RESULT_NOT_ALLOWED_ON_NON_LEAF: LDAPNotAllowedOnNotLeafResult, RESULT_NOT_ALLOWED_ON_RDN: LDAPNotAllowedOnRDNResult, RESULT_ENTRY_ALREADY_EXISTS: LDAPEntryAlreadyExistsResult, RESULT_OBJECT_CLASS_MODS_PROHIBITED: LDAPObjectClassModsProhibitedResult, RESULT_AFFECT_MULTIPLE_DSAS: LDAPAffectMultipleDSASResult, RESULT_OTHER: LDAPOtherResult, RESULT_LCUP_RESOURCES_EXHAUSTED: LDAPLCUPResourcesExhaustedResult, RESULT_LCUP_SECURITY_VIOLATION: LDAPLCUPSecurityViolationResult, RESULT_LCUP_INVALID_DATA: LDAPLCUPInvalidDataResult, RESULT_LCUP_UNSUPPORTED_SCHEME: LDAPLCUPUnsupportedSchemeResult, RESULT_LCUP_RELOAD_REQUIRED: LDAPLCUPReloadRequiredResult, RESULT_CANCELED: LDAPCanceledResult, RESULT_NO_SUCH_OPERATION: LDAPNoSuchOperationResult, RESULT_TOO_LATE: LDAPTooLateResult, RESULT_CANNOT_CANCEL: LDAPCannotCancelResult, RESULT_ASSERTION_FAILED: LDAPAssertionFailedResult, RESULT_AUTHORIZATION_DENIED: LDAPAuthorizationDeniedResult, RESULT_E_SYNC_REFRESH_REQUIRED: LDAPESyncRefreshRequiredResult} class LDAPExceptionError(LDAPException): pass # configuration exceptions class LDAPConfigurationError(LDAPExceptionError): pass class LDAPUnknownStrategyError(LDAPConfigurationError): pass class LDAPUnknownAuthenticationMethodError(LDAPConfigurationError): pass class LDAPSSLConfigurationError(LDAPConfigurationError): pass class LDAPDefinitionError(LDAPConfigurationError): pass class LDAPPackageUnavailableError(LDAPConfigurationError, ImportError): pass class LDAPConfigurationParameterError(LDAPConfigurationError): pass # abstract layer exceptions class LDAPKeyError(LDAPExceptionError, KeyError, AttributeError): pass class LDAPObjectError(LDAPExceptionError, ValueError): pass class LDAPAttributeError(LDAPExceptionError, ValueError, TypeError): pass class LDAPCursorError(LDAPExceptionError): pass class LDAPObjectDereferenceError(LDAPExceptionError): pass # security exceptions class LDAPSSLNotSupportedError(LDAPExceptionError, ImportError): pass class LDAPInvalidTlsSpecificationError(LDAPExceptionError): pass class LDAPInvalidHashAlgorithmError(LDAPExceptionError, ValueError): pass # connection exceptions class LDAPBindError(LDAPExceptionError): pass class LDAPInvalidServerError(LDAPExceptionError): pass class LDAPSASLMechanismNotSupportedError(LDAPExceptionError): pass class LDAPConnectionIsReadOnlyError(LDAPExceptionError): pass class LDAPChangeError(LDAPExceptionError, ValueError): pass class LDAPServerPoolError(LDAPExceptionError): pass class LDAPServerPoolExhaustedError(LDAPExceptionError): pass class LDAPInvalidPortError(LDAPExceptionError): pass class LDAPStartTLSError(LDAPExceptionError): pass class LDAPCertificateError(LDAPExceptionError): pass class LDAPUserNameNotAllowedError(LDAPExceptionError): pass class LDAPUserNameIsMandatoryError(LDAPExceptionError): pass class LDAPPasswordIsMandatoryError(LDAPExceptionError): pass class LDAPInvalidFilterError(LDAPExceptionError): pass class LDAPInvalidScopeError(LDAPExceptionError, ValueError): pass class LDAPInvalidDereferenceAliasesError(LDAPExceptionError, ValueError): pass class LDAPInvalidValueError(LDAPExceptionError, ValueError): pass class LDAPControlError(LDAPExceptionError, ValueError): pass class LDAPExtensionError(LDAPExceptionError, ValueError): pass class LDAPLDIFError(LDAPExceptionError): pass class LDAPSchemaError(LDAPExceptionError): pass class LDAPSASLPrepError(LDAPExceptionError): pass class LDAPSASLBindInProgressError(LDAPExceptionError): pass class LDAPMetricsError(LDAPExceptionError): pass class LDAPObjectClassError(LDAPExceptionError): pass class LDAPInvalidDnError(LDAPExceptionError): pass class LDAPResponseTimeoutError(LDAPExceptionError): pass class LDAPTransactionError(LDAPExceptionError): pass # communication exceptions class LDAPCommunicationError(LDAPExceptionError): pass class LDAPSocketOpenError(LDAPCommunicationError): pass class LDAPSocketCloseError(LDAPCommunicationError): pass class LDAPSocketReceiveError(LDAPCommunicationError, socket.error): pass class LDAPSocketSendError(LDAPCommunicationError, socket.error): pass class LDAPSessionTerminatedByServerError(LDAPCommunicationError): pass class LDAPUnknownResponseError(LDAPCommunicationError): pass class LDAPUnknownRequestError(LDAPCommunicationError): pass class LDAPReferralError(LDAPCommunicationError): pass # pooling exceptions class LDAPConnectionPoolNameIsMandatoryError(LDAPExceptionError): pass class LDAPConnectionPoolNotStartedError(LDAPExceptionError): pass # restartable strategy class LDAPMaximumRetriesError(LDAPExceptionError): def __str__(self): s = [] if self.args: if isinstance(self.args, tuple): if len(self.args) > 0: s.append('LDAPMaximumRetriesError: ' + str(self.args[0])) if len(self.args) > 1: s.append('Exception history:') prev_exc = '' for i, exc in enumerate(self.args[1]): # args[1] contains exception history if str(exc[1]) != prev_exc: s.append((str(i).rjust(5) + ' ' + str(exc[0]) + ': ' + str(exc[1]) + ' - ' + str(exc[2]))) prev_exc = str(exc[1]) if len(self.args) > 2: s.append('Maximum number of retries reached: ' + str(self.args[2])) else: s = [LDAPExceptionError.__str__(self)] return sep.join(s) # exception factories def communication_exception_factory(exc_to_raise, exc): """ Generates a new exception class of the requested type (subclass of LDAPCommunication) merged with the exception raised by the interpreter """ if exc_to_raise.__name__ in [cls.__name__ for cls in LDAPCommunicationError.__subclasses__()]: return type(exc_to_raise.__name__, (exc_to_raise, type(exc)), dict()) else: raise LDAPExceptionError('unable to generate exception type ' + str(exc_to_raise)) def start_tls_exception_factory(exc_to_raise, exc): """ Generates a new exception class of the requested type (subclass of LDAPCommunication) merged with the exception raised by the interpreter """ if exc_to_raise.__name__ == 'LDAPStartTLSError': return type(exc_to_raise.__name__, (exc_to_raise, type(exc)), dict()) else: raise LDAPExceptionError('unable to generate exception type ' + str(exc_to_raise)) ldap3-2.4.1/ldap3/core/pooling.py0000666000000000000000000003346313226436321014642 0ustar 00000000000000""" """ # Created on 2014.03.14 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from datetime import datetime, MINYEAR from os import linesep from random import randint from time import sleep from .. import FIRST, ROUND_ROBIN, RANDOM, SEQUENCE_TYPES, STRING_TYPES, get_config_parameter from .exceptions import LDAPUnknownStrategyError, LDAPServerPoolError, LDAPServerPoolExhaustedError from .server import Server from ..utils.log import log, log_enabled, ERROR, BASIC, NETWORK POOLING_STRATEGIES = [FIRST, ROUND_ROBIN, RANDOM] class ServerPoolState(object): def __init__(self, server_pool): self.servers = [] # each element is a list: [server, last_checked_time, available] self.strategy = server_pool.strategy self.server_pool = server_pool self.last_used_server = 0 self.refresh() self.initialize_time = datetime.now() if log_enabled(BASIC): log(BASIC, 'instantiated ServerPoolState: <%r>', self) def __str__(self): s = 'servers: ' + linesep if self.servers: for server in self.servers: s += str(server[0]) + linesep else: s += 'None' + linesep s += 'Pool strategy: ' + str(self.strategy) + linesep s += ' - Last used server: ' + ('None' if self.last_used_server == -1 else str(self.servers[self.last_used_server][0])) return s def refresh(self): self.servers = [] for server in self.server_pool.servers: self.servers.append([server, datetime(MINYEAR, 1, 1), True]) # server, smallest date ever, supposed available self.last_used_server = randint(0, len(self.servers) - 1) def get_current_server(self): return self.servers[self.last_used_server][0] def get_server(self): if self.servers: if self.server_pool.strategy == FIRST: if self.server_pool.active: # returns the first active server self.last_used_server = self.find_active_server(starting=0) else: # returns always the first server - no pooling self.last_used_server = 0 elif self.server_pool.strategy == ROUND_ROBIN: if self.server_pool.active: # returns the next active server in a circular range self.last_used_server = self.find_active_server(self.last_used_server + 1) else: # returns the next server in a circular range self.last_used_server = self.last_used_server + 1 if (self.last_used_server + 1) < len(self.servers) else 0 elif self.server_pool.strategy == RANDOM: if self.server_pool.active: self.last_used_server = self.find_active_random_server() else: # returns a random server in the pool self.last_used_server = randint(0, len(self.servers) - 1) else: if log_enabled(ERROR): log(ERROR, 'unknown server pooling strategy <%s>', self.server_pool.strategy) raise LDAPUnknownStrategyError('unknown server pooling strategy') if log_enabled(BASIC): log(BASIC, 'server returned from Server Pool: <%s>', self.last_used_server) return self.servers[self.last_used_server][0] else: if log_enabled(ERROR): log(ERROR, 'no servers in Server Pool <%s>', self) raise LDAPServerPoolError('no servers in server pool') def find_active_random_server(self): counter = self.server_pool.active # can be True for "forever" or the number of cycles to try while counter: if log_enabled(NETWORK): log(NETWORK, 'entering loop for finding active server in pool <%s>', self) temp_list = self.servers[:] # copy while temp_list: # pops a random server from a temp list and checks its # availability, if not available tries another one server = temp_list.pop(randint(0, len(temp_list) - 1)) if not server[2]: # server is offline if (isinstance(self.server_pool.exhaust, bool) and self.server_pool.exhaust) or (datetime.now() - server[1]).seconds < self.server_pool.exhaust: # keeps server offline if log_enabled(NETWORK): log(NETWORK, 'server <%s> excluded from checking because it is offline', server[0]) continue if log_enabled(NETWORK): log(NETWORK, 'server <%s> reinserted in pool', server[0]) server[1] = datetime.now() if log_enabled(NETWORK): log(NETWORK, 'checking server <%s> for availability', server[0]) if server[0].check_availability(): # returns a random active server in the pool server[2] = True return self.servers.index(server) else: server[2] = False if not isinstance(self.server_pool.active, bool): counter -= 1 if log_enabled(ERROR): log(ERROR, 'no random active server available in Server Pool <%s> after maximum number of tries', self) raise LDAPServerPoolExhaustedError('no random active server available in server pool after maximum number of tries') def find_active_server(self, starting): conf_pool_timeout = get_config_parameter('POOLING_LOOP_TIMEOUT') counter = self.server_pool.active # can be True for "forever" or the number of cycles to try if starting >= len(self.servers): starting = 0 while counter: if log_enabled(NETWORK): log(NETWORK, 'entering loop number <%s> for finding active server in pool <%s>', counter, self) index = -1 pool_size = len(self.servers) while index < pool_size - 1: index += 1 offset = index + starting if index + starting < pool_size else index + starting - pool_size if not self.servers[offset][2]: # server is offline if (isinstance(self.server_pool.exhaust, bool) and self.server_pool.exhaust) or (datetime.now() - self.servers[offset][1]).seconds < self.server_pool.exhaust: # keeps server offline if log_enabled(NETWORK): if isinstance(self.server_pool.exhaust, bool): log(NETWORK, 'server <%s> excluded from checking because is offline', self.servers[offset][0]) else: log(NETWORK, 'server <%s> excluded from checking because is offline for %d seconds', self.servers[offset][0], (self.server_pool.exhaust - (datetime.now() - self.servers[offset][1]).seconds)) continue if log_enabled(NETWORK): log(NETWORK, 'server <%s> reinserted in pool', self.servers[offset][0]) self.servers[offset][1] = datetime.now() if log_enabled(NETWORK): log(NETWORK, 'checking server <%s> for availability', self.servers[offset][0]) if self.servers[offset][0].check_availability(): self.servers[offset][2] = True return offset else: self.servers[offset][2] = False # sets server offline if not isinstance(self.server_pool.active, bool): counter -= 1 if log_enabled(NETWORK): log(NETWORK, 'waiting for %d seconds before retrying pool servers cycle', conf_pool_timeout) sleep(conf_pool_timeout) if log_enabled(ERROR): log(ERROR, 'no active server available in Server Pool <%s> after maximum number of tries', self) raise LDAPServerPoolExhaustedError('no active server available in server pool after maximum number of tries') def __len__(self): return len(self.servers) class ServerPool(object): def __init__(self, servers=None, pool_strategy=ROUND_ROBIN, active=True, exhaust=False): if pool_strategy not in POOLING_STRATEGIES: if log_enabled(ERROR): log(ERROR, 'unknown pooling strategy <%s>', pool_strategy) raise LDAPUnknownStrategyError('unknown pooling strategy') if exhaust and not active: if log_enabled(ERROR): log(ERROR, 'cannot instantiate pool with exhaust and not active') raise LDAPServerPoolError('pools can be exhausted only when checking for active servers') self.servers = [] self.pool_states = dict() self.active = active self.exhaust = exhaust if isinstance(servers, SEQUENCE_TYPES + (Server, )): self.add(servers) elif isinstance(servers, STRING_TYPES): self.add(Server(servers)) self.strategy = pool_strategy if log_enabled(BASIC): log(BASIC, 'instantiated ServerPool: <%r>', self) def __str__(self): s = 'servers: ' + linesep if self.servers: for server in self.servers: s += str(server) + linesep else: s += 'None' + linesep s += 'Pool strategy: ' + str(self.strategy) s += ' - ' + 'active: ' + (str(self.active) if self.active else 'False') s += ' - ' + 'exhaust pool: ' + (str(self.exhaust) if self.exhaust else 'False') return s def __repr__(self): r = 'ServerPool(servers=' if self.servers: r += '[' for server in self.servers: r += server.__repr__() + ', ' r = r[:-2] + ']' else: r += 'None' r += ', pool_strategy={0.strategy!r}'.format(self) r += ', active={0.active!r}'.format(self) r += ', exhaust={0.exhaust!r}'.format(self) r += ')' return r def __len__(self): return len(self.servers) def __getitem__(self, item): return self.servers[item] def __iter__(self): return self.servers.__iter__() def add(self, servers): if isinstance(servers, Server): if servers not in self.servers: self.servers.append(servers) elif isinstance(servers, STRING_TYPES): self.servers.append(Server(servers)) elif isinstance(servers, SEQUENCE_TYPES): for server in servers: if isinstance(server, Server): self.servers.append(server) elif isinstance(server, STRING_TYPES): self.servers.append(Server(server)) else: if log_enabled(ERROR): log(ERROR, 'element must be a server in Server Pool <%s>', self) raise LDAPServerPoolError('server in ServerPool must be a Server') else: if log_enabled(ERROR): log(ERROR, 'server must be a Server of a list of Servers when adding to Server Pool <%s>', self) raise LDAPServerPoolError('server must be a Server or a list of Server') for connection in self.pool_states: # notifies connections using this pool to refresh self.pool_states[connection].refresh() def remove(self, server): if server in self.servers: self.servers.remove(server) else: if log_enabled(ERROR): log(ERROR, 'server %s to be removed not in Server Pool <%s>', server, self) raise LDAPServerPoolError('server not in server pool') for connection in self.pool_states: # notifies connections using this pool to refresh self.pool_states[connection].refresh() def initialize(self, connection): pool_state = ServerPoolState(self) # registers pool_state in ServerPool object self.pool_states[connection] = pool_state def get_server(self, connection): if connection in self.pool_states: return self.pool_states[connection].get_server() else: if log_enabled(ERROR): log(ERROR, 'connection <%s> not in Server Pool State <%s>', connection, self) raise LDAPServerPoolError('connection not in ServerPoolState') def get_current_server(self, connection): if connection in self.pool_states: return self.pool_states[connection].get_current_server() else: if log_enabled(ERROR): log(ERROR, 'connection <%s> not in Server Pool State <%s>', connection, self) raise LDAPServerPoolError('connection not in ServerPoolState') ldap3-2.4.1/ldap3/core/results.py0000666000000000000000000001260413226436321014666 0ustar 00000000000000""" """ # Created on 2016.08.31 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . # result codes RESULT_SUCCESS = 0 RESULT_OPERATIONS_ERROR = 1 RESULT_PROTOCOL_ERROR = 2 RESULT_TIME_LIMIT_EXCEEDED = 3 RESULT_SIZE_LIMIT_EXCEEDED = 4 RESULT_COMPARE_FALSE = 5 RESULT_COMPARE_TRUE = 6 RESULT_AUTH_METHOD_NOT_SUPPORTED = 7 RESULT_STRONGER_AUTH_REQUIRED = 8 RESULT_RESERVED = 9 RESULT_REFERRAL = 10 RESULT_ADMIN_LIMIT_EXCEEDED = 11 RESULT_UNAVAILABLE_CRITICAL_EXTENSION = 12 RESULT_CONFIDENTIALITY_REQUIRED = 13 RESULT_SASL_BIND_IN_PROGRESS = 14 RESULT_NO_SUCH_ATTRIBUTE = 16 RESULT_UNDEFINED_ATTRIBUTE_TYPE = 17 RESULT_INAPPROPRIATE_MATCHING = 18 RESULT_CONSTRAINT_VIOLATION = 19 RESULT_ATTRIBUTE_OR_VALUE_EXISTS = 20 RESULT_INVALID_ATTRIBUTE_SYNTAX = 21 RESULT_NO_SUCH_OBJECT = 32 RESULT_ALIAS_PROBLEM = 33 RESULT_INVALID_DN_SYNTAX = 34 RESULT_ALIAS_DEREFERENCING_PROBLEM = 36 RESULT_INAPPROPRIATE_AUTHENTICATION = 48 RESULT_INVALID_CREDENTIALS = 49 RESULT_INSUFFICIENT_ACCESS_RIGHTS = 50 RESULT_BUSY = 51 RESULT_UNAVAILABLE = 52 RESULT_UNWILLING_TO_PERFORM = 53 RESULT_LOOP_DETECTED = 54 RESULT_NAMING_VIOLATION = 64 RESULT_OBJECT_CLASS_VIOLATION = 65 RESULT_NOT_ALLOWED_ON_NON_LEAF = 66 RESULT_NOT_ALLOWED_ON_RDN = 67 RESULT_ENTRY_ALREADY_EXISTS = 68 RESULT_OBJECT_CLASS_MODS_PROHIBITED = 69 RESULT_AFFECT_MULTIPLE_DSAS = 71 RESULT_OTHER = 80 RESULT_LCUP_RESOURCES_EXHAUSTED = 113 RESULT_LCUP_SECURITY_VIOLATION = 114 RESULT_LCUP_INVALID_DATA = 115 RESULT_LCUP_UNSUPPORTED_SCHEME = 116 RESULT_LCUP_RELOAD_REQUIRED = 117 RESULT_CANCELED = 118 RESULT_NO_SUCH_OPERATION = 119 RESULT_TOO_LATE = 120 RESULT_CANNOT_CANCEL = 121 RESULT_ASSERTION_FAILED = 122 RESULT_AUTHORIZATION_DENIED = 123 RESULT_E_SYNC_REFRESH_REQUIRED = 4096 RESULT_CODES = { RESULT_SUCCESS: 'success', RESULT_OPERATIONS_ERROR: 'operationsError', RESULT_PROTOCOL_ERROR: 'protocolError', RESULT_TIME_LIMIT_EXCEEDED: 'timeLimitExceeded', RESULT_SIZE_LIMIT_EXCEEDED: 'sizeLimitExceeded', RESULT_COMPARE_FALSE: 'compareFalse', RESULT_COMPARE_TRUE: 'compareTrue', RESULT_AUTH_METHOD_NOT_SUPPORTED: 'authMethodNotSupported', RESULT_RESERVED: 'reserved', RESULT_STRONGER_AUTH_REQUIRED: 'strongerAuthRequired', RESULT_REFERRAL: 'referral', RESULT_ADMIN_LIMIT_EXCEEDED: 'adminLimitExceeded', RESULT_UNAVAILABLE_CRITICAL_EXTENSION: 'unavailableCriticalExtension', RESULT_CONFIDENTIALITY_REQUIRED: 'confidentialityRequired', RESULT_SASL_BIND_IN_PROGRESS: 'saslBindInProgress', RESULT_NO_SUCH_ATTRIBUTE: 'noSuchAttribute', RESULT_UNDEFINED_ATTRIBUTE_TYPE: 'undefinedAttributeType', RESULT_INAPPROPRIATE_MATCHING: 'inappropriateMatching', RESULT_CONSTRAINT_VIOLATION: 'constraintViolation', RESULT_ATTRIBUTE_OR_VALUE_EXISTS: 'attributeOrValueExists', RESULT_INVALID_ATTRIBUTE_SYNTAX: 'invalidAttributeSyntax', RESULT_NO_SUCH_OBJECT: 'noSuchObject', RESULT_ALIAS_PROBLEM: 'aliasProblem', RESULT_INVALID_DN_SYNTAX: 'invalidDNSyntax', RESULT_ALIAS_DEREFERENCING_PROBLEM: 'aliasDereferencingProblem', RESULT_INAPPROPRIATE_AUTHENTICATION: 'inappropriateAuthentication', RESULT_INVALID_CREDENTIALS: 'invalidCredentials', RESULT_INSUFFICIENT_ACCESS_RIGHTS: 'insufficientAccessRights', RESULT_BUSY: 'busy', RESULT_UNAVAILABLE: 'unavailable', RESULT_UNWILLING_TO_PERFORM: 'unwillingToPerform', RESULT_LOOP_DETECTED: 'loopDetected', RESULT_NAMING_VIOLATION: 'namingViolation', RESULT_OBJECT_CLASS_VIOLATION: 'objectClassViolation', RESULT_NOT_ALLOWED_ON_NON_LEAF: 'notAllowedOnNonLeaf', RESULT_NOT_ALLOWED_ON_RDN: 'notAllowedOnRDN', RESULT_ENTRY_ALREADY_EXISTS: 'entryAlreadyExists', RESULT_OBJECT_CLASS_MODS_PROHIBITED: 'objectClassModsProhibited', RESULT_AFFECT_MULTIPLE_DSAS: 'affectMultipleDSAs', RESULT_OTHER: 'other', RESULT_LCUP_RESOURCES_EXHAUSTED: 'lcupResourcesExhausted', RESULT_LCUP_SECURITY_VIOLATION: 'lcupSecurityViolation', RESULT_LCUP_INVALID_DATA: 'lcupInvalidData', RESULT_LCUP_UNSUPPORTED_SCHEME: 'lcupUnsupportedScheme', RESULT_LCUP_RELOAD_REQUIRED: 'lcupReloadRequired', RESULT_CANCELED: 'canceled', RESULT_NO_SUCH_OPERATION: 'noSuchOperation', RESULT_TOO_LATE: 'tooLate', RESULT_CANNOT_CANCEL: 'cannotCancel', RESULT_ASSERTION_FAILED: 'assertionFailed', RESULT_AUTHORIZATION_DENIED: 'authorizationDenied', RESULT_E_SYNC_REFRESH_REQUIRED: 'e-syncRefreshRequired' } # do not raise exception for (in raise_exceptions connection mode) DO_NOT_RAISE_EXCEPTIONS = [RESULT_SUCCESS, RESULT_COMPARE_FALSE, RESULT_COMPARE_TRUE, RESULT_REFERRAL, RESULT_SASL_BIND_IN_PROGRESS] ldap3-2.4.1/ldap3/core/server.py0000666000000000000000000006761313231027211014473 0ustar 00000000000000""" """ # Created on 2014.05.31 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import socket from threading import Lock from datetime import datetime, MINYEAR from .. import DSA, SCHEMA, ALL, BASE, get_config_parameter, OFFLINE_EDIR_8_8_8, OFFLINE_AD_2012_R2, OFFLINE_SLAPD_2_4, OFFLINE_DS389_1_3_3, SEQUENCE_TYPES, IP_SYSTEM_DEFAULT, IP_V4_ONLY, IP_V6_ONLY, IP_V4_PREFERRED, IP_V6_PREFERRED, STRING_TYPES from .exceptions import LDAPInvalidServerError, LDAPDefinitionError, LDAPInvalidPortError, LDAPInvalidTlsSpecificationError, LDAPSocketOpenError from ..protocol.formatters.standard import format_attribute_values from ..protocol.rfc4511 import LDAP_MAX_INT from ..protocol.rfc4512 import SchemaInfo, DsaInfo from .tls import Tls from ..utils.log import log, log_enabled, ERROR, BASIC, PROTOCOL from ..utils.conv import to_unicode try: from urllib.parse import unquote # Python 3 except ImportError: from urllib import unquote # Python 2 try: # try to discover if unix sockets are available for LDAP over IPC (ldapi:// scheme) # noinspection PyUnresolvedReferences from socket import AF_UNIX unix_socket_available = True except ImportError: unix_socket_available = False class Server(object): """ LDAP Server definition class Allowed_referral_hosts can be None (default), or a list of tuples of allowed servers ip address or names to contact while redirecting search to referrals. The second element of the tuple is a boolean to indicate if authentication to that server is allowed; if False only anonymous bind will be used. Per RFC 4516. Use [('*', False)] to allow any host with anonymous bind, use [('*', True)] to allow any host with same authentication of Server. """ _message_counter = 0 _message_id_lock = Lock() # global lock for message_id shared by all Server objects def __init__(self, host, port=None, use_ssl=False, allowed_referral_hosts=None, get_info=SCHEMA, tls=None, formatter=None, connect_timeout=None, mode=IP_V6_PREFERRED, validator=None): self.ipc = False url_given = False host = host.strip() if host.lower().startswith('ldap://'): self.host = host[7:] use_ssl = False url_given = True elif host.lower().startswith('ldaps://'): self.host = host[8:] use_ssl = True url_given = True elif host.lower().startswith('ldapi://') and unix_socket_available: self.ipc = True use_ssl = False url_given = True elif host.lower().startswith('ldapi://') and not unix_socket_available: raise LDAPSocketOpenError('LDAP over IPC not available - UNIX sockets non present') else: self.host = host if self.ipc: if str is bytes: # Python 2 self.host = unquote(host[7:]).decode('utf-8') else: # Python 3 self.host = unquote(host[7:]) # encoding defaults to utf-8 in python3 self.port = None elif ':' in self.host and self.host.count(':') == 1: hostname, _, hostport = self.host.partition(':') try: port = int(hostport) or port except ValueError: if log_enabled(ERROR): log(ERROR, 'port <%s> must be an integer', port) raise LDAPInvalidPortError('port must be an integer') self.host = hostname elif url_given and self.host.startswith('['): hostname, sep, hostport = self.host[1:].partition(']') if sep != ']' or not self._is_ipv6(hostname): if log_enabled(ERROR): log(ERROR, 'invalid IPv6 server address for <%s>', self.host) raise LDAPInvalidServerError() if len(hostport): if not hostport.startswith(':'): if log_enabled(ERROR): log(ERROR, 'invalid URL in server name for <%s>', self.host) raise LDAPInvalidServerError('invalid URL in server name') if not hostport[1:].isdecimal(): if log_enabled(ERROR): log(ERROR, 'port must be an integer for <%s>', self.host) raise LDAPInvalidPortError('port must be an integer') port = int(hostport[1:]) self.host = hostname elif not url_given and self._is_ipv6(self.host): pass elif self.host.count(':') > 1: if log_enabled(ERROR): log(ERROR, 'invalid server address for <%s>', self.host) raise LDAPInvalidServerError() if not self.ipc: self.host.rstrip('/') if not use_ssl and not port: port = 389 elif use_ssl and not port: port = 636 if isinstance(port, int): if port in range(0, 65535): self.port = port else: if log_enabled(ERROR): log(ERROR, 'port <%s> must be in range from 0 to 65535', port) raise LDAPInvalidPortError('port must in range from 0 to 65535') else: if log_enabled(ERROR): log(ERROR, 'port <%s> must be an integer', port) raise LDAPInvalidPortError('port must be an integer') if allowed_referral_hosts is None: # defaults to any server with authentication allowed_referral_hosts = [('*', True)] if isinstance(allowed_referral_hosts, SEQUENCE_TYPES): self.allowed_referral_hosts = [] for referral_host in allowed_referral_hosts: if isinstance(referral_host, tuple): if isinstance(referral_host[1], bool): self.allowed_referral_hosts.append(referral_host) elif isinstance(allowed_referral_hosts, tuple): if isinstance(allowed_referral_hosts[1], bool): self.allowed_referral_hosts = [allowed_referral_hosts] else: self.allowed_referral_hosts = [] self.ssl = True if use_ssl else False if tls and not isinstance(tls, Tls): if log_enabled(ERROR): log(ERROR, 'invalid tls specification: <%s>', tls) raise LDAPInvalidTlsSpecificationError('invalid Tls object') self.tls = Tls() if self.ssl and not tls else tls if not self.ipc: if self._is_ipv6(self.host): self.name = ('ldaps' if self.ssl else 'ldap') + '://[' + self.host + ']:' + str(self.port) else: self.name = ('ldaps' if self.ssl else 'ldap') + '://' + self.host + ':' + str(self.port) else: self.name = host self.get_info = get_info self._dsa_info = None self._schema_info = None self.dit_lock = Lock() self.custom_formatter = formatter self.custom_validator = validator self._address_info = [] # property self.address_info resolved at open time (or when check_availability is called) self._address_info_resolved_time = datetime(MINYEAR, 1, 1) # smallest date ever self.current_address = None self.connect_timeout = connect_timeout self.mode = mode self.get_info_from_server(None) # load offline schema if needed if log_enabled(BASIC): log(BASIC, 'instantiated Server: <%r>', self) @staticmethod def _is_ipv6(host): try: socket.inet_pton(socket.AF_INET6, host) except (socket.error, AttributeError, ValueError): return False return True def __str__(self): if self.host: s = self.name + (' - ssl' if self.ssl else ' - cleartext') + (' - unix socket' if self.ipc else '') else: s = object.__str__(self) return s def __repr__(self): r = 'Server(host={0.host!r}, port={0.port!r}, use_ssl={0.ssl!r}'.format(self) r += '' if not self.allowed_referral_hosts else ', allowed_referral_hosts={0.allowed_referral_hosts!r}'.format(self) r += '' if self.tls is None else ', tls={0.tls!r}'.format(self) r += '' if not self.get_info else ', get_info={0.get_info!r}'.format(self) r += '' if not self.connect_timeout else ', connect_timeout={0.connect_timeout!r}'.format(self) r += '' if not self.mode else ', mode={0.mode!r}'.format(self) r += ')' return r @property def address_info(self): conf_refresh_interval = get_config_parameter('ADDRESS_INFO_REFRESH_TIME') if not self._address_info or (datetime.now() - self._address_info_resolved_time).seconds > conf_refresh_interval: # converts addresses tuple to list and adds a 6th parameter for availability (None = not checked, True = available, False=not available) and a 7th parameter for the checking time addresses = None try: if self.ipc: addresses = [(socket.AF_UNIX, socket.SOCK_STREAM, 0, None, self.host, None)] else: addresses = socket.getaddrinfo(self.host, self.port, socket.AF_UNSPEC, socket.SOCK_STREAM, socket.IPPROTO_TCP, socket.AI_ADDRCONFIG | socket.AI_V4MAPPED) except (socket.gaierror, AttributeError): pass if not addresses: # if addresses not found or raised an exception (for example for bad flags) tries again without flags try: addresses = socket.getaddrinfo(self.host, self.port, socket.AF_UNSPEC, socket.SOCK_STREAM, socket.IPPROTO_TCP) except socket.gaierror: pass if addresses: self._address_info = [list(address) + [None, None] for address in addresses] self._address_info_resolved_time = datetime.now() else: self._address_info = [] self._address_info_resolved_time = datetime(MINYEAR, 1, 1) # smallest date if log_enabled(BASIC): for address in self._address_info: log(BASIC, 'address for <%s> resolved as <%r>', self, address[:-2]) return self._address_info def update_availability(self, address, available): cont = 0 while cont < len(self._address_info): if self.address_info[cont] == address: self._address_info[cont][5] = True if available else False self._address_info[cont][6] = datetime.now() break cont += 1 def reset_availability(self): for address in self._address_info: address[5] = None address[6] = None def check_availability(self): """ Tries to open, connect and close a socket to specified address and port to check availability. Timeout in seconds is specified in CHECK_AVAILABITY_TIMEOUT if not specified in the Server object """ conf_availability_timeout = get_config_parameter('CHECK_AVAILABILITY_TIMEOUT') available = False self.reset_availability() for address in self.candidate_addresses(): available = True try: temp_socket = socket.socket(*address[:3]) if self.connect_timeout: temp_socket.settimeout(self.connect_timeout) else: temp_socket.settimeout(conf_availability_timeout) # set timeout for checking availability to default try: temp_socket.connect(address[4]) except socket.error: available = False finally: try: temp_socket.shutdown(socket.SHUT_RDWR) except socket.error: available = False finally: temp_socket.close() except socket.gaierror: available = False if available: if log_enabled(BASIC): log(BASIC, 'server <%s> available at <%r>', self, address) self.update_availability(address, True) break # if an available address is found exits immediately else: self.update_availability(address, False) if log_enabled(ERROR): log(ERROR, 'server <%s> not available at <%r>', self, address) return available @staticmethod def next_message_id(): """ LDAP messageId is unique for all connections to same server """ with Server._message_id_lock: Server._message_counter += 1 if Server._message_counter >= LDAP_MAX_INT: Server._message_counter = 1 if log_enabled(PROTOCOL): log(PROTOCOL, 'new message id <%d> generated', Server._message_counter) return Server._message_counter def _get_dsa_info(self, connection): """ Retrieve DSE operational attribute as per RFC4512 (5.1). """ if connection.strategy.no_real_dsa: # do not try for mock strategies return if not connection.strategy.pooled: # in pooled strategies get_dsa_info is performed by the worker threads result = connection.search(search_base='', search_filter='(objectClass=*)', search_scope=BASE, attributes=['altServer', # requests specific dsa info attributes 'namingContexts', 'supportedControl', 'supportedExtension', 'supportedFeatures', 'supportedCapabilities', 'supportedLdapVersion', 'supportedSASLMechanisms', 'vendorName', 'vendorVersion', 'subschemaSubentry', '*', '+'], # requests all remaining attributes (other), get_operational_attributes=True) with self.dit_lock: if isinstance(result, bool): # sync request self._dsa_info = DsaInfo(connection.response[0]['attributes'], connection.response[0]['raw_attributes']) if result else self._dsa_info elif result: # asynchronous request, must check if attributes in response results, _ = connection.get_response(result) if len(results) == 1 and 'attributes' in results[0] and 'raw_attributes' in results[0]: self._dsa_info = DsaInfo(results[0]['attributes'], results[0]['raw_attributes']) if log_enabled(BASIC): log(BASIC, 'DSA info read for <%s> via <%s>', self, connection) def _get_schema_info(self, connection, entry=''): """ Retrieve schema from subschemaSubentry DSE attribute, per RFC 4512 (4.4 and 5.1); entry = '' means DSE. """ if connection.strategy.no_real_dsa: # do not try for mock strategies return schema_entry = None if self._dsa_info and entry == '': # subschemaSubentry already present in dsaInfo if isinstance(self._dsa_info.schema_entry, SEQUENCE_TYPES): schema_entry = self._dsa_info.schema_entry[0] if self._dsa_info.schema_entry else None else: schema_entry = self._dsa_info.schema_entry if self._dsa_info.schema_entry else None else: result = connection.search(entry, '(objectClass=*)', BASE, attributes=['subschemaSubentry'], get_operational_attributes=True) if isinstance(result, bool): # sync request if result and 'subschemaSubentry' in connection.response[0]['raw_attributes']: if len(connection.response[0]['raw_attributes']['subschemaSubentry']) > 0: schema_entry = connection.response[0]['raw_attributes']['subschemaSubentry'][0] else: # asynchronous request, must check if subschemaSubentry in attributes results, _ = connection.get_response(result) if len(results) == 1 and 'raw_attributes' in results[0] and 'subschemaSubentry' in results[0]['attributes']: if len(results[0]['raw_attributes']['subschemaSubentry']) > 0: schema_entry = results[0]['raw_attributes']['subschemaSubentry'][0] if schema_entry and not connection.strategy.pooled: # in pooled strategies get_schema_info is performed by the worker threads if isinstance(schema_entry, bytes) and str is not bytes: # Python 3 schema_entry = to_unicode(schema_entry, from_server=True) result = connection.search(schema_entry, search_filter='(objectClass=subschema)', search_scope=BASE, attributes=['objectClasses', # requests specific subschema attributes 'attributeTypes', 'ldapSyntaxes', 'matchingRules', 'matchingRuleUse', 'dITContentRules', 'dITStructureRules', 'nameForms', 'createTimestamp', 'modifyTimestamp', '*'], # requests all remaining attributes (other) get_operational_attributes=True ) with self.dit_lock: self._schema_info = None if result: if isinstance(result, bool): # sync request self._schema_info = SchemaInfo(schema_entry, connection.response[0]['attributes'], connection.response[0]['raw_attributes']) if result else None else: # asynchronous request, must check if attributes in response results, result = connection.get_response(result) if len(results) == 1 and 'attributes' in results[0] and 'raw_attributes' in results[0]: self._schema_info = SchemaInfo(schema_entry, results[0]['attributes'], results[0]['raw_attributes']) if self._schema_info and not self._schema_info.is_valid(): # flaky servers can return an empty schema, checks if it is so and set schema to None self._schema_info = None if self._schema_info: # if schema is valid tries to apply formatter to the "other" dict with raw values for schema and info for attribute in self._schema_info.other: self._schema_info.other[attribute] = format_attribute_values(self._schema_info, attribute, self._schema_info.raw[attribute], self.custom_formatter) if self._dsa_info: # try to apply formatter to the "other" dict with dsa info raw values for attribute in self._dsa_info.other: self._dsa_info.other[attribute] = format_attribute_values(self._schema_info, attribute, self._dsa_info.raw[attribute], self.custom_formatter) if log_enabled(BASIC): log(BASIC, 'schema read for <%s> via <%s>', self, connection) def get_info_from_server(self, connection): """ reads info from DSE and from subschema """ if connection and not connection.closed: if self.get_info in [DSA, ALL]: self._get_dsa_info(connection) if self.get_info in [SCHEMA, ALL]: self._get_schema_info(connection) elif self.get_info == OFFLINE_EDIR_8_8_8: from ..protocol.schemas.edir888 import edir_8_8_8_schema, edir_8_8_8_dsa_info self.attach_schema_info(SchemaInfo.from_json(edir_8_8_8_schema)) self.attach_dsa_info(DsaInfo.from_json(edir_8_8_8_dsa_info)) elif self.get_info == OFFLINE_AD_2012_R2: from ..protocol.schemas.ad2012R2 import ad_2012_r2_schema, ad_2012_r2_dsa_info self.attach_schema_info(SchemaInfo.from_json(ad_2012_r2_schema)) self.attach_dsa_info(DsaInfo.from_json(ad_2012_r2_dsa_info)) elif self.get_info == OFFLINE_SLAPD_2_4: from ..protocol.schemas.slapd24 import slapd_2_4_schema, slapd_2_4_dsa_info self.attach_schema_info(SchemaInfo.from_json(slapd_2_4_schema)) self.attach_dsa_info(DsaInfo.from_json(slapd_2_4_dsa_info)) elif self.get_info == OFFLINE_DS389_1_3_3: from ..protocol.schemas.ds389 import ds389_1_3_3_schema, ds389_1_3_3_dsa_info self.attach_schema_info(SchemaInfo.from_json(ds389_1_3_3_schema)) self.attach_dsa_info(DsaInfo.from_json(ds389_1_3_3_dsa_info)) def attach_dsa_info(self, dsa_info=None): if isinstance(dsa_info, DsaInfo): self._dsa_info = dsa_info if log_enabled(BASIC): log(BASIC, 'attached DSA info to Server <%s>', self) def attach_schema_info(self, dsa_schema=None): if isinstance(dsa_schema, SchemaInfo): self._schema_info = dsa_schema if log_enabled(BASIC): log(BASIC, 'attached schema info to Server <%s>', self) @property def info(self): return self._dsa_info @property def schema(self): return self._schema_info @staticmethod def from_definition(host, dsa_info, dsa_schema, port=None, use_ssl=False, formatter=None, validator=None): """ Define a dummy server with preloaded schema and info :param host: host name :param dsa_info: DsaInfo preloaded object or a json formatted string or a file name :param dsa_schema: SchemaInfo preloaded object or a json formatted string or a file name :param port: dummy port :param use_ssl: use_ssl :param formatter: custom formatter :return: Server object """ if isinstance(host, SEQUENCE_TYPES): dummy = Server(host=host[0], port=port, use_ssl=use_ssl, formatter=formatter, validator=validator, tget_info=ALL) # for ServerPool object else: dummy = Server(host=host, port=port, use_ssl=use_ssl, formatter=formatter, validator=validator, get_info=ALL) if isinstance(dsa_info, DsaInfo): dummy._dsa_info = dsa_info elif isinstance(dsa_info, STRING_TYPES): try: dummy._dsa_info = DsaInfo.from_json(dsa_info) # tries to use dsa_info as a json configuration string except Exception: dummy._dsa_info = DsaInfo.from_file(dsa_info) # tries to use dsa_info as a file name if not dummy.info: if log_enabled(ERROR): log(ERROR, 'invalid DSA info for %s', host) raise LDAPDefinitionError('invalid dsa info') if isinstance(dsa_schema, SchemaInfo): dummy._schema_info = dsa_schema elif isinstance(dsa_schema, STRING_TYPES): try: dummy._schema_info = SchemaInfo.from_json(dsa_schema) except Exception: dummy._schema_info = SchemaInfo.from_file(dsa_schema) if not dummy.schema: if log_enabled(ERROR): log(ERROR, 'invalid schema info for %s', host) raise LDAPDefinitionError('invalid schema info') if log_enabled(BASIC): log(BASIC, 'created server <%s> from definition', dummy) return dummy def candidate_addresses(self): conf_reset_availability_timeout = get_config_parameter('RESET_AVAILABILITY_TIMEOUT') if self.ipc: candidates = self.address_info if log_enabled(BASIC): log(BASIC, 'candidate address for <%s>: <%s> with mode UNIX_SOCKET', self, self.name) else: # checks reset availability timeout for address in self.address_info: if address[6] and ((datetime.now() - address[6]).seconds > conf_reset_availability_timeout): address[5] = None address[6] = None # selects server address based on server mode and availability (in address[5]) addresses = self.address_info[:] # copy to avoid refreshing while searching candidates candidates = [] if addresses: if self.mode == IP_SYSTEM_DEFAULT: candidates.append(addresses[0]) elif self.mode == IP_V4_ONLY: candidates = [address for address in addresses if address[0] == socket.AF_INET and (address[5] or address[5] is None)] elif self.mode == IP_V6_ONLY: candidates = [address for address in addresses if address[0] == socket.AF_INET6 and (address[5] or address[5] is None)] elif self.mode == IP_V4_PREFERRED: candidates = [address for address in addresses if address[0] == socket.AF_INET and (address[5] or address[5] is None)] candidates += [address for address in addresses if address[0] == socket.AF_INET6 and (address[5] or address[5] is None)] elif self.mode == IP_V6_PREFERRED: candidates = [address for address in addresses if address[0] == socket.AF_INET6 and (address[5] or address[5] is None)] candidates += [address for address in addresses if address[0] == socket.AF_INET and (address[5] or address[5] is None)] else: if log_enabled(ERROR): log(ERROR, 'invalid server mode for <%s>', self) raise LDAPInvalidServerError('invalid server mode') if log_enabled(BASIC): for candidate in candidates: log(BASIC, 'obtained candidate address for <%s>: <%r> with mode %s', self, candidate[:-2], self.mode) return candidates ldap3-2.4.1/ldap3/core/timezone.py0000666000000000000000000000312413226436321015014 0ustar 00000000000000""" """ # Created on 2015.01.07 # # Author: Giovanni Cannata # # Copyright 2015 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from datetime import timedelta, tzinfo # from python standard library docs class OffsetTzInfo(tzinfo): """Fixed offset in minutes east from UTC""" def __init__(self, offset, name): self.offset = offset self.name = name self._offset = timedelta(minutes=offset) def __str__(self): return self.name def __repr__(self): return 'OffsetTzInfo(offset={0.offset!r}, name={0.name!r})'.format(self) def utcoffset(self, dt): return self._offset def tzname(self, dt): return self.name # noinspection PyMethodMayBeStatic def dst(self, dt): return timedelta(0) def __getinitargs__(self): # for pickling/unpickling return self.offset, self.name ldap3-2.4.1/ldap3/core/tls.py0000666000000000000000000003621113226436321013767 0ustar 00000000000000""" """ # Created on 2013.08.05 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from .exceptions import LDAPSSLNotSupportedError, LDAPSSLConfigurationError, LDAPStartTLSError, LDAPCertificateError, start_tls_exception_factory from .. import SEQUENCE_TYPES from ..utils.log import log, log_enabled, ERROR, BASIC, NETWORK try: # noinspection PyUnresolvedReferences import ssl except ImportError: if log_enabled(ERROR): log(ERROR, 'SSL not supported in this Python interpreter') raise LDAPSSLNotSupportedError('SSL not supported in this Python interpreter') try: from ssl import match_hostname, CertificateError # backport for python2 missing ssl functionalities except ImportError: from ..utils.tls_backport import CertificateError from ..utils.tls_backport import match_hostname if log_enabled(BASIC): log(BASIC, 'using tls_backport') try: # try to use SSLContext # noinspection PyUnresolvedReferences from ssl import create_default_context, Purpose # defined in Python 3.4 and Python 2.7.9 use_ssl_context = True except ImportError: use_ssl_context = False if log_enabled(BASIC): log(BASIC, 'SSLContext unavailable') from os import path # noinspection PyProtectedMember class Tls(object): """ tls/ssl configuration for Server object Starting from python 2.7.9 and python 3.4 uses the SSLContext object that tries to read the CAs defined at system level ca_certs_path and ca_certs_data are valid only when using SSLContext local_private_key_password is valid only when using SSLContext sni is the server name for Server Name Indication (when available) """ def __init__(self, local_private_key_file=None, local_certificate_file=None, validate=ssl.CERT_NONE, version=None, ca_certs_file=None, valid_names=None, ca_certs_path=None, ca_certs_data=None, local_private_key_password=None, ciphers=None, sni=None): if validate in [ssl.CERT_NONE, ssl.CERT_OPTIONAL, ssl.CERT_REQUIRED]: self.validate = validate elif validate: if log_enabled(ERROR): log(ERROR, 'invalid validate parameter <%s>', validate) raise LDAPSSLConfigurationError('invalid validate parameter') if ca_certs_file and path.exists(ca_certs_file): self.ca_certs_file = ca_certs_file elif ca_certs_file: if log_enabled(ERROR): log(ERROR, 'invalid CA public key file <%s>', ca_certs_file) raise LDAPSSLConfigurationError('invalid CA public key file') else: self.ca_certs_file = None if ca_certs_path and use_ssl_context and path.exists(ca_certs_path): self.ca_certs_path = ca_certs_path elif ca_certs_path and not use_ssl_context: if log_enabled(ERROR): log(ERROR, 'cannot use CA public keys path, SSLContext not available') raise LDAPSSLNotSupportedError('cannot use CA public keys path, SSLContext not available') elif ca_certs_path: if log_enabled(ERROR): log(ERROR, 'invalid CA public keys path <%s>', ca_certs_path) raise LDAPSSLConfigurationError('invalid CA public keys path') else: self.ca_certs_path = None if ca_certs_data and use_ssl_context: self.ca_certs_data = ca_certs_data elif ca_certs_data: if log_enabled(ERROR): log(ERROR, 'cannot use CA data, SSLContext not available') raise LDAPSSLNotSupportedError('cannot use CA data, SSLContext not available') else: self.ca_certs_data = None if local_private_key_password and use_ssl_context: self.private_key_password = local_private_key_password elif local_private_key_password: if log_enabled(ERROR): log(ERROR, 'cannot use local private key password, SSLContext not available') raise LDAPSSLNotSupportedError('cannot use local private key password, SSLContext is not available') else: self.private_key_password = None self.version = version self.private_key_file = local_private_key_file self.certificate_file = local_certificate_file self.valid_names = valid_names self.ciphers = ciphers self.sni = sni if log_enabled(BASIC): log(BASIC, 'instantiated Tls: <%r>' % self) def __str__(self): s = [ 'protocol: ' + str(self.version), 'client private key: ' + ('present ' if self.private_key_file else 'not present'), 'client certificate: ' + ('present ' if self.certificate_file else 'not present'), 'private key password: ' + ('present ' if self.private_key_password else 'not present'), 'CA certificates file: ' + ('present ' if self.ca_certs_file else 'not present'), 'CA certificates path: ' + ('present ' if self.ca_certs_path else 'not present'), 'CA certificates data: ' + ('present ' if self.ca_certs_data else 'not present'), 'verify mode: ' + str(self.validate), 'valid names: ' + str(self.valid_names), 'ciphers: ' + str(self.ciphers), 'sni: ' + str(self.sni) ] return ' - '.join(s) def __repr__(self): r = '' if self.private_key_file is None else ', local_private_key_file={0.private_key_file!r}'.format(self) r += '' if self.certificate_file is None else ', local_certificate_file={0.certificate_file!r}'.format(self) r += '' if self.validate is None else ', validate={0.validate!r}'.format(self) r += '' if self.version is None else ', version={0.version!r}'.format(self) r += '' if self.ca_certs_file is None else ', ca_certs_file={0.ca_certs_file!r}'.format(self) r += '' if self.ca_certs_path is None else ', ca_certs_path={0.ca_certs_path!r}'.format(self) r += '' if self.ca_certs_data is None else ', ca_certs_data={0.ca_certs_data!r}'.format(self) r += '' if self.ciphers is None else ', ciphers={0.ciphers!r}'.format(self) r += '' if self.sni is None else ', sni={0.sni!r}'.format(self) r = 'Tls(' + r[2:] + ')' return r def wrap_socket(self, connection, do_handshake=False): """ Adds TLS to the connection socket """ if use_ssl_context: if self.version is None: # uses the default ssl context for reasonable security ssl_context = create_default_context(purpose=Purpose.SERVER_AUTH, cafile=self.ca_certs_file, capath=self.ca_certs_path, cadata=self.ca_certs_data) else: # code from create_default_context in the Python standard library 3.5.1, creates a ssl context with the specificd protocol version ssl_context = ssl.SSLContext(self.version) if self.ca_certs_file or self.ca_certs_path or self.ca_certs_data: ssl_context.load_verify_locations(self.ca_certs_file, self.ca_certs_path, self.ca_certs_data) elif self.validate != ssl.CERT_NONE: ssl_context.load_default_certs(Purpose.SERVER_AUTH) if self.certificate_file: ssl_context.load_cert_chain(self.certificate_file, keyfile=self.private_key_file, password=self.private_key_password) ssl_context.check_hostname = False ssl_context.verify_mode = self.validate if self.ciphers: try: ssl_context.set_ciphers(self.ciphers) except ssl.SSLError: pass if self.sni: wrapped_socket = ssl_context.wrap_socket(connection.socket, server_side=False, do_handshake_on_connect=do_handshake, server_hostname=self.sni) else: wrapped_socket = ssl_context.wrap_socket(connection.socket, server_side=False, do_handshake_on_connect=do_handshake) if log_enabled(NETWORK): log(NETWORK, 'socket wrapped with SSL using SSLContext for <%s>', connection) else: if self.version is None and hasattr(ssl, 'PROTOCOL_SSLv23'): self.version = ssl.PROTOCOL_SSLv23 if self.ciphers: try: wrapped_socket = ssl.wrap_socket(connection.socket, keyfile=self.private_key_file, certfile=self.certificate_file, server_side=False, cert_reqs=self.validate, ssl_version=self.version, ca_certs=self.ca_certs_file, do_handshake_on_connect=do_handshake, ciphers=self.ciphers) except ssl.SSLError: raise except TypeError: # in python2.6 no ciphers argument is present, failback to self.ciphers=None self.ciphers = None if not self.ciphers: wrapped_socket = ssl.wrap_socket(connection.socket, keyfile=self.private_key_file, certfile=self.certificate_file, server_side=False, cert_reqs=self.validate, ssl_version=self.version, ca_certs=self.ca_certs_file, do_handshake_on_connect=do_handshake) if log_enabled(NETWORK): log(NETWORK, 'socket wrapped with SSL for <%s>', connection) if do_handshake and (self.validate == ssl.CERT_REQUIRED or self.validate == ssl.CERT_OPTIONAL): check_hostname(wrapped_socket, connection.server.host, self.valid_names) connection.socket = wrapped_socket return def start_tls(self, connection): if connection.server.ssl: # ssl already established at server level return False if (connection.tls_started and not connection._executing_deferred) or connection.strategy._outstanding or connection.sasl_in_progress: # Per RFC 4513 (3.1.1) if log_enabled(ERROR): log(ERROR, "can't start tls because operations are in progress for <%s>", self) return False connection.starting_tls = True if log_enabled(BASIC): log(BASIC, 'starting tls for <%s>', connection) if not connection.strategy.sync: connection._awaiting_for_async_start_tls = True # some flaky servers (OpenLDAP) doesn't return the extended response name in response result = connection.extended('1.3.6.1.4.1.1466.20037') if not connection.strategy.sync: # asynchronous - _start_tls must be executed by the strategy response = connection.get_response(result) if response != (None, None): if log_enabled(BASIC): log(BASIC, 'tls started for <%s>', connection) return True else: if log_enabled(BASIC): log(BASIC, 'tls not started for <%s>', connection) return False else: if connection.result['description'] not in ['success']: # startTLS failed connection.last_error = 'startTLS failed - ' + str(connection.result['description']) if log_enabled(ERROR): log(ERROR, '%s for <%s>', connection.last_error, connection) raise LDAPStartTLSError(connection.last_error) if log_enabled(BASIC): log(BASIC, 'tls started for <%s>', connection) return self._start_tls(connection) def _start_tls(self, connection): exc = None try: self.wrap_socket(connection, do_handshake=True) except Exception as e: connection.last_error = 'wrap socket error: ' + str(e) exc = e connection.starting_tls = False if exc: if log_enabled(ERROR): log(ERROR, 'error <%s> wrapping socket for TLS in <%s>', connection.last_error, connection) raise start_tls_exception_factory(LDAPStartTLSError, exc)(connection.last_error) if connection.usage: connection._usage.wrapped_sockets += 1 connection.tls_started = True return True def check_hostname(sock, server_name, additional_names): server_certificate = sock.getpeercert() if log_enabled(NETWORK): log(NETWORK, 'certificate found for %s: %s', sock, server_certificate) if additional_names: host_names = [server_name] + (additional_names if isinstance(additional_names, SEQUENCE_TYPES) else [additional_names]) else: host_names = [server_name] for host_name in host_names: if not host_name: continue elif host_name == '*': if log_enabled(NETWORK): log(NETWORK, 'certificate matches * wildcard') return # valid try: match_hostname(server_certificate, host_name) # raise CertificateError if certificate doesn't match server name if log_enabled(NETWORK): log(NETWORK, 'certificate matches host name <%s>', host_name) return # valid except CertificateError as e: if log_enabled(NETWORK): log(NETWORK, str(e)) if log_enabled(ERROR): log(ERROR, "hostname doesn't match certificate") raise LDAPCertificateError("certificate %s doesn't match any name in %s " % (server_certificate, str(host_names))) ldap3-2.4.1/ldap3/core/usage.py0000666000000000000000000002470213226436321014273 0ustar 00000000000000""" """ # Created on 2014.03.15 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from datetime import datetime, timedelta from os import linesep from .exceptions import LDAPMetricsError from ..utils.log import log, log_enabled, ERROR, BASIC class ConnectionUsage(object): """ Collect statistics on connection usage """ def reset(self): self.open_sockets = 0 self.closed_sockets = 0 self.wrapped_sockets = 0 self.bytes_transmitted = 0 self.bytes_received = 0 self.messages_transmitted = 0 self.messages_received = 0 self.operations = 0 self.abandon_operations = 0 self.add_operations = 0 self.bind_operations = 0 self.compare_operations = 0 self.delete_operations = 0 self.extended_operations = 0 self.modify_operations = 0 self.modify_dn_operations = 0 self.search_operations = 0 self.unbind_operations = 0 self.referrals_received = 0 self.referrals_followed = 0 self.referrals_connections = 0 self.restartable_failures = 0 self.restartable_successes = 0 self.servers_from_pool = 0 if log_enabled(BASIC): log(BASIC, 'reset usage metrics') def __init__(self): self.initial_connection_start_time = None self.open_socket_start_time = None self.connection_stop_time = None self.last_transmitted_time = None self.last_received_time = None self.open_sockets = 0 self.closed_sockets = 0 self.wrapped_sockets = 0 self.bytes_transmitted = 0 self.bytes_received = 0 self.messages_transmitted = 0 self.messages_received = 0 self.operations = 0 self.abandon_operations = 0 self.add_operations = 0 self.bind_operations = 0 self.compare_operations = 0 self.delete_operations = 0 self.extended_operations = 0 self.modify_operations = 0 self.modify_dn_operations = 0 self.search_operations = 0 self.unbind_operations = 0 self.referrals_received = 0 self.referrals_followed = 0 self.referrals_connections = 0 self.restartable_failures = 0 self.restartable_successes = 0 self.servers_from_pool = 0 if log_enabled(BASIC): log(BASIC, 'instantiated Usage object') def __repr__(self): r = 'Connection Usage:' + linesep r += ' Time: [elapsed: ' + str(self.elapsed_time) + ']' + linesep r += ' Initial start time: ' + (str(self.initial_connection_start_time.isoformat()) if self.initial_connection_start_time else '') + linesep r += ' Open socket time: ' + (str(self.open_socket_start_time.isoformat()) if self.open_socket_start_time else '') + linesep r += ' Last transmitted time: ' + (str(self.last_transmitted_time.isoformat()) if self.last_transmitted_time else '') + linesep r += ' Last received time: ' + (str(self.last_received_time.isoformat()) if self.last_received_time else '') + linesep r += ' Close socket time: ' + (str(self.connection_stop_time.isoformat()) if self.connection_stop_time else '') + linesep r += ' Server:' + linesep r += ' Servers from pool: ' + str(self.servers_from_pool) + linesep r += ' Sockets open: ' + str(self.open_sockets) + linesep r += ' Sockets closed: ' + str(self.closed_sockets) + linesep r += ' Sockets wrapped: ' + str(self.wrapped_sockets) + linesep r += ' Bytes: ' + str(self.bytes_transmitted + self.bytes_received) + linesep r += ' Transmitted: ' + str(self.bytes_transmitted) + linesep r += ' Received: ' + str(self.bytes_received) + linesep r += ' Messages: ' + str(self.messages_transmitted + self.messages_received) + linesep r += ' Transmitted: ' + str(self.messages_transmitted) + linesep r += ' Received: ' + str(self.messages_received) + linesep r += ' Operations: ' + str(self.operations) + linesep r += ' Abandon: ' + str(self.abandon_operations) + linesep r += ' Bind: ' + str(self.bind_operations) + linesep r += ' Add: ' + str(self.add_operations) + linesep r += ' Compare: ' + str(self.compare_operations) + linesep r += ' Delete: ' + str(self.delete_operations) + linesep r += ' Extended: ' + str(self.extended_operations) + linesep r += ' Modify: ' + str(self.modify_operations) + linesep r += ' ModifyDn: ' + str(self.modify_dn_operations) + linesep r += ' Search: ' + str(self.search_operations) + linesep r += ' Unbind: ' + str(self.unbind_operations) + linesep r += ' Referrals: ' + linesep r += ' Received: ' + str(self.referrals_received) + linesep r += ' Followed: ' + str(self.referrals_followed) + linesep r += ' Connections: ' + str(self.referrals_connections) + linesep r += ' Restartable tries: ' + str(self.restartable_failures + self.restartable_successes) + linesep r += ' Failed restarts: ' + str(self.restartable_failures) + linesep r += ' Successful restarts: ' + str(self.restartable_successes) + linesep return r def __str__(self): return self.__repr__() def __iadd__(self, other): if not isinstance(other, ConnectionUsage): raise LDAPMetricsError('unable to add to ConnectionUsage') self.open_sockets += other.open_sockets self.closed_sockets += other.closed_sockets self.wrapped_sockets += other.wrapped_sockets self.bytes_transmitted += other.bytes_transmitted self.bytes_received += other.bytes_received self.messages_transmitted += other.messages_transmitted self.messages_received += other.messages_received self.operations += other.operations self.abandon_operations += other.abandon_operations self.add_operations += other.add_operations self.bind_operations += other.bind_operations self.compare_operations += other.compare_operations self.delete_operations += other.delete_operations self.extended_operations += other.extended_operations self.modify_operations += other.modify_operations self.modify_dn_operations += other.modify_dn_operations self.search_operations += other.search_operations self.unbind_operations += other.unbind_operations self.referrals_received += other.referrals_received self.referrals_followed += other.referrals_followed self.referrals_connections += other.referrals_connections self.restartable_failures += other.restartable_failures self.restartable_successes += other.restartable_successes self.servers_from_pool += other.servers_from_pool return self def update_transmitted_message(self, message, length): self.last_transmitted_time = datetime.now() self.bytes_transmitted += length self.operations += 1 self.messages_transmitted += 1 if message['type'] == 'abandonRequest': self.abandon_operations += 1 elif message['type'] == 'addRequest': self.add_operations += 1 elif message['type'] == 'bindRequest': self.bind_operations += 1 elif message['type'] == 'compareRequest': self.compare_operations += 1 elif message['type'] == 'delRequest': self.delete_operations += 1 elif message['type'] == 'extendedReq': self.extended_operations += 1 elif message['type'] == 'modifyRequest': self.modify_operations += 1 elif message['type'] == 'modDNRequest': self.modify_dn_operations += 1 elif message['type'] == 'searchRequest': self.search_operations += 1 elif message['type'] == 'unbindRequest': self.unbind_operations += 1 else: if log_enabled(ERROR): log(ERROR, 'unable to collect usage for unknown message type <%s>', message['type']) raise LDAPMetricsError('unable to collect usage for unknown message type') def update_received_message(self, length): self.last_received_time = datetime.now() self.bytes_received += length self.messages_received += 1 def start(self, reset=True): if reset: self.reset() self.open_socket_start_time = datetime.now() self.connection_stop_time = None if not self.initial_connection_start_time: self.initial_connection_start_time = self.open_socket_start_time if log_enabled(BASIC): log(BASIC, 'start collecting usage metrics') def stop(self): if self.open_socket_start_time: self.connection_stop_time = datetime.now() if log_enabled(BASIC): log(BASIC, 'stop collecting usage metrics') @property def elapsed_time(self): if self.connection_stop_time: return self.connection_stop_time - self.open_socket_start_time else: return (datetime.now() - self.open_socket_start_time) if self.open_socket_start_time else timedelta(0) ldap3-2.4.1/ldap3/core/__init__.py0000666000000000000000000000000012767320327014716 0ustar 00000000000000ldap3-2.4.1/ldap3/extend/0000777000000000000000000000000013231031760013141 5ustar 00000000000000ldap3-2.4.1/ldap3/extend/microsoft/0000777000000000000000000000000013231031760015146 5ustar 00000000000000ldap3-2.4.1/ldap3/extend/microsoft/addMembersToGroups.py0000666000000000000000000000650013226436321021275 0ustar 00000000000000""" """ # Created on 2016.12.26 # # Author: Giovanni Cannata # # Copyright 2016 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from ...core.exceptions import LDAPInvalidDnError from ... import SEQUENCE_TYPES, MODIFY_ADD, BASE, DEREF_NEVER def ad_add_members_to_groups(connection, members_dn, groups_dn, fix=True): """ :param connection: a bound Connection object :param members_dn: the list of members to add to groups :param groups_dn: the list of groups where members are to be added :param fix: checks for group existence and already assigned members :return: a boolean where True means that the operation was successful and False means an error has happened Establishes users-groups relations following the Active Directory rules: users are added to the member attribute of groups. Raises LDAPInvalidDnError if members or groups are not found in the DIT. """ if not isinstance(members_dn, SEQUENCE_TYPES): members_dn = [members_dn] if not isinstance(groups_dn, SEQUENCE_TYPES): groups_dn = [groups_dn] error = False for group in groups_dn: if fix: # checks for existance of group and for already assigned members result = connection.search(group, '(objectclass=*)', BASE, dereference_aliases=DEREF_NEVER, attributes=['member']) if not connection.strategy.sync: response, result = connection.get_response(result) else: response, result = connection.response, connection.result if not result['description'] == 'success': raise LDAPInvalidDnError(group + ' not found') existing_members = response[0]['attributes']['member'] if 'member' in response[0]['attributes'] else [] existing_members = [element.lower() for element in existing_members] else: existing_members = [] changes = dict() member_to_add = [element for element in members_dn if element.lower() not in existing_members] if member_to_add: changes['member'] = (MODIFY_ADD, member_to_add) if changes: result = connection.modify(group, changes) if not connection.strategy.sync: _, result = connection.get_response(result) else: result = connection.result if result['description'] != 'success': error = True break return not error # returns True if no error is raised in the LDAP operations ldap3-2.4.1/ldap3/extend/microsoft/dirSync.py0000666000000000000000000001001413226436321017135 0ustar 00000000000000""" """ # Created on 2015.10.21 # # Author: Giovanni Cannata # # Copyright 2015 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from ...core.exceptions import LDAPExtensionError from ...protocol.microsoft import dir_sync_control, extended_dn_control, show_deleted_control from ... import SUBTREE, DEREF_NEVER from ...utils.dn import safe_dn class DirSync(object): def __init__(self, connection, sync_base, sync_filter, attributes, cookie, object_security, ancestors_first, public_data_only, incremental_values, max_length, hex_guid ): self.connection = connection if self.connection.check_names and sync_base: self. base = safe_dn(sync_base) else: self.base = sync_base self.filter = sync_filter self.attributes = attributes self.cookie = cookie self.object_security = object_security self.ancestors_first = ancestors_first self.public_data_only = public_data_only self.incremental_values = incremental_values self.max_length = max_length self.hex_guid = hex_guid self.more_results = True def loop(self): result = self.connection.search(search_base=self.base, search_filter=self.filter, search_scope=SUBTREE, attributes=self.attributes, dereference_aliases=DEREF_NEVER, controls=[dir_sync_control(criticality=True, object_security=self.object_security, ancestors_first=self.ancestors_first, public_data_only=self.public_data_only, incremental_values=self.incremental_values, max_length=self.max_length, cookie=self.cookie), extended_dn_control(criticality=False, hex_format=self.hex_guid), show_deleted_control(criticality=False)] ) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response result = self.connection.result if result['description'] == 'success' and 'controls' in result and '1.2.840.113556.1.4.841' in result['controls']: self.more_results = result['controls']['1.2.840.113556.1.4.841']['value']['more_results'] self.cookie = result['controls']['1.2.840.113556.1.4.841']['value']['cookie'] return response elif 'controls' in result: raise LDAPExtensionError('Missing DirSync control in response from server') else: raise LDAPExtensionError('error %r in DirSync' % result) ldap3-2.4.1/ldap3/extend/microsoft/modifyPassword.py0000666000000000000000000000576213226436321020552 0ustar 00000000000000""" """ # Created on 2015.11.27 # # Author: Giovanni Cannata # # Copyright 2015 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from ... import MODIFY_REPLACE, MODIFY_DELETE, MODIFY_ADD from ...utils.log import log, log_enabled, PROTOCOL from ...core.results import RESULT_SUCCESS from ...utils.dn import safe_dn from ...utils.conv import to_unicode def ad_modify_password(connection, user_dn, new_password, old_password, controls=None): # old password must be None to reset password with sufficient privileges if connection.check_names: user_dn = safe_dn(user_dn) if str is bytes: # python2, converts to unicode new_password = to_unicode(new_password) if old_password: old_password = to_unicode(old_password) encoded_new_password = ('"%s"' % new_password).encode('utf-16-le') if old_password: # normal users must specify old and new password encoded_old_password = ('"%s"' % old_password).encode('utf-16-le') result = connection.modify(user_dn, {'unicodePwd': [(MODIFY_DELETE, [encoded_old_password]), (MODIFY_ADD, [encoded_new_password])]}, controls) else: # admin users can reset password without sending the old one result = connection.modify(user_dn, {'unicodePwd': [(MODIFY_REPLACE, [encoded_new_password])]}, controls) if not connection.strategy.sync: _, result = connection.get_response(result) else: result = connection.result # change successful, returns True if result['result'] == RESULT_SUCCESS: return True # change was not successful, raises exception if raise_exception = True in connection or returns the operation result, error code is in result['result'] if connection.raise_exceptions: from ...core.exceptions import LDAPOperationResult if log_enabled(PROTOCOL): log(PROTOCOL, 'operation result <%s> for <%s>', result, connection) raise LDAPOperationResult(result=result['result'], description=result['description'], dn=result['dn'], message=result['message'], response_type=result['type']) return False ldap3-2.4.1/ldap3/extend/microsoft/removeMembersFromGroups.py0000666000000000000000000000716613226436321022374 0ustar 00000000000000""" """ # Created on 2016.12.26 # # Author: Giovanni Cannata # # Copyright 2016 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from ...core.exceptions import LDAPInvalidDnError from ... import SEQUENCE_TYPES, MODIFY_DELETE, BASE, DEREF_NEVER from ...utils.dn import safe_dn def ad_remove_members_from_groups(connection, members_dn, groups_dn, fix): """ :param connection: a bound Connection object :param members_dn: the list of members to remove from groups :param groups_dn: the list of groups where members are to be removed :param fix: checks for group existence and existing members :return: a boolean where True means that the operation was successful and False means an error has happened Removes users-groups relations following the Activwe Directory rules: users are removed from groups' member attribute """ if not isinstance(members_dn, SEQUENCE_TYPES): members_dn = [members_dn] if not isinstance(groups_dn, SEQUENCE_TYPES): groups_dn = [groups_dn] if connection.check_names: # builds new lists with sanitized dn safe_members_dn = [] safe_groups_dn = [] for member_dn in members_dn: safe_members_dn.append(safe_dn(member_dn)) for group_dn in groups_dn: safe_groups_dn.append(safe_dn(group_dn)) members_dn = safe_members_dn groups_dn = safe_groups_dn error = False for group in groups_dn: if fix: # checks for existance of group and for already assigned members result = connection.search(group, '(objectclass=*)', BASE, dereference_aliases=DEREF_NEVER, attributes=['member']) if not connection.strategy.sync: response, result = connection.get_response(result) else: response, result = connection.response, connection.result if not result['description'] == 'success': raise LDAPInvalidDnError(group + ' not found') existing_members = response[0]['attributes']['member'] if 'member' in response[0]['attributes'] else [] else: existing_members = members_dn existing_members = [element.lower() for element in existing_members] changes = dict() member_to_remove = [element for element in members_dn if element.lower() in existing_members] if member_to_remove: changes['member'] = (MODIFY_DELETE, member_to_remove) if changes: result = connection.modify(group, changes) if not connection.strategy.sync: _, result = connection.get_response(result) else: result = connection.result if result['description'] != 'success': error = True break return not error ldap3-2.4.1/ldap3/extend/microsoft/unlockAccount.py0000666000000000000000000000406613226436321020344 0ustar 00000000000000""" """ # Created on 2016.11.01 # # Author: Giovanni Cannata # # Copyright 2015 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from ... import MODIFY_REPLACE from ...utils.log import log, log_enabled, PROTOCOL from ...core.results import RESULT_SUCCESS from ...utils.dn import safe_dn def ad_unlock_account(connection, user_dn, controls=None): if connection.check_names: user_dn = safe_dn(user_dn) result = connection.modify(user_dn, {'lockoutTime': [(MODIFY_REPLACE, [0])]}, controls) if not connection.strategy.sync: _, result = connection.get_response(result) else: result = connection.result # change successful, returns True if result['result'] == RESULT_SUCCESS: return True # change was not successful, raises exception if raise_exception = True in connection or returns the operation result, error code is in result['result'] if connection.raise_exceptions: from ...core.exceptions import LDAPOperationResult if log_enabled(PROTOCOL): log(PROTOCOL, 'operation result <%s> for <%s>', result, connection) raise LDAPOperationResult(result=result['result'], description=result['description'], dn=result['dn'], message=result['message'], response_type=result['type']) return result ldap3-2.4.1/ldap3/extend/microsoft/__init__.py0000666000000000000000000000000012767320327017262 0ustar 00000000000000ldap3-2.4.1/ldap3/extend/novell/0000777000000000000000000000000013231031760014440 5ustar 00000000000000ldap3-2.4.1/ldap3/extend/novell/addMembersToGroups.py0000666000000000000000000001665113226436321020577 0ustar 00000000000000""" """ # Created on 2016.04.16 # # Author: Giovanni Cannata # # Copyright 2016 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from ...core.exceptions import LDAPInvalidDnError from ... import SEQUENCE_TYPES, MODIFY_ADD, BASE, DEREF_NEVER from ...utils.dn import safe_dn def edir_add_members_to_groups(connection, members_dn, groups_dn, fix, transaction): """ :param connection: a bound Connection object :param members_dn: the list of members to add to groups :param groups_dn: the list of groups where members are to be added :param fix: checks for inconsistences in the users-groups relation and fixes them :param transaction: activates an LDAP transaction :return: a boolean where True means that the operation was successful and False means an error has happened Establishes users-groups relations following the eDirectory rules: groups are added to securityEquals and groupMembership attributes in the member object while members are added to member and equivalentToMe attributes in the group object. Raises LDAPInvalidDnError if members or groups are not found in the DIT. """ if not isinstance(members_dn, SEQUENCE_TYPES): members_dn = [members_dn] if not isinstance(groups_dn, SEQUENCE_TYPES): groups_dn = [groups_dn] transaction_control = None error = False if connection.check_names: # builds new lists with sanitized dn safe_members_dn = [] safe_groups_dn = [] for member_dn in members_dn: safe_members_dn.append(safe_dn(member_dn)) for group_dn in groups_dn: safe_groups_dn.append(safe_dn(group_dn)) members_dn = safe_members_dn groups_dn = safe_groups_dn if transaction: transaction_control = connection.extend.novell.start_transaction() if not error: for member in members_dn: if fix: # checks for existance of member and for already assigned groups result = connection.search(member, '(objectclass=*)', BASE, dereference_aliases=DEREF_NEVER, attributes=['securityEquals', 'groupMembership']) if not connection.strategy.sync: response, result = connection.get_response(result) else: response, result = connection.response, connection.result if not result['description'] == 'success': raise LDAPInvalidDnError(member + ' not found') existing_security_equals = response[0]['attributes']['securityEquals'] if 'securityEquals' in response[0]['attributes'] else [] existing_group_membership = response[0]['attributes']['groupMembership'] if 'groupMembership' in response[0]['attributes'] else [] existing_security_equals = [element.lower() for element in existing_security_equals] existing_group_membership = [element.lower() for element in existing_group_membership] else: existing_security_equals = [] existing_group_membership = [] changes = dict() security_equals_to_add = [element for element in groups_dn if element.lower() not in existing_security_equals] group_membership_to_add = [element for element in groups_dn if element.lower() not in existing_group_membership] if security_equals_to_add: changes['securityEquals'] = (MODIFY_ADD, security_equals_to_add) if group_membership_to_add: changes['groupMembership'] = (MODIFY_ADD, group_membership_to_add) if changes: result = connection.modify(member, changes, controls=[transaction_control] if transaction else None) if not connection.strategy.sync: _, result = connection.get_response(result) else: result = connection.result if result['description'] != 'success': error = True break if not error: for group in groups_dn: if fix: # checks for existance of group and for already assigned members result = connection.search(group, '(objectclass=*)', BASE, dereference_aliases=DEREF_NEVER, attributes=['member', 'equivalentToMe']) if not connection.strategy.sync: response, result = connection.get_response(result) else: response, result = connection.response, connection.result if not result['description'] == 'success': raise LDAPInvalidDnError(group + ' not found') existing_members = response[0]['attributes']['member'] if 'member' in response[0]['attributes'] else [] existing_equivalent_to_me = response[0]['attributes']['equivalentToMe'] if 'equivalentToMe' in response[0]['attributes'] else [] existing_members = [element.lower() for element in existing_members] existing_equivalent_to_me = [element.lower() for element in existing_equivalent_to_me] else: existing_members = [] existing_equivalent_to_me = [] changes = dict() member_to_add = [element for element in members_dn if element.lower() not in existing_members] equivalent_to_me_to_add = [element for element in members_dn if element.lower() not in existing_equivalent_to_me] if member_to_add: changes['member'] = (MODIFY_ADD, member_to_add) if equivalent_to_me_to_add: changes['equivalentToMe'] = (MODIFY_ADD, equivalent_to_me_to_add) if changes: result = connection.modify(group, changes, controls=[transaction_control] if transaction else None) if not connection.strategy.sync: _, result = connection.get_response(result) else: result = connection.result if result['description'] != 'success': error = True break if transaction: if error: # aborts transaction in case of error in the modify operations result = connection.extend.novell.end_transaction(commit=False, controls=[transaction_control]) else: result = connection.extend.novell.end_transaction(commit=True, controls=[transaction_control]) if result['description'] != 'success': error = True return not error # returns True if no error is raised in the LDAP operations ldap3-2.4.1/ldap3/extend/novell/checkGroupsMemberships.py0000666000000000000000000001706213226436321021502 0ustar 00000000000000""" """ # Created on 2016.05.14 # # Author: Giovanni Cannata # # Copyright 2016 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from .addMembersToGroups import edir_add_members_to_groups from ...core.exceptions import LDAPInvalidDnError from ... import SEQUENCE_TYPES, BASE, DEREF_NEVER from ...utils.dn import safe_dn def _check_members_have_memberships(connection, members_dn, groups_dn): """ :param connection: a bound Connection object :param members_dn: the list of members to add to groups :param groups_dn: the list of groups where members are to be added :return: two booleans. The first when True means that all members have membership in all groups, The second when True means that there are inconsistences in the securityEquals attribute Checks user's group membership. Raises LDAPInvalidDNError if member is not found in the DIT. """ if not isinstance(members_dn, SEQUENCE_TYPES): members_dn = [members_dn] if not isinstance(groups_dn, SEQUENCE_TYPES): groups_dn = [groups_dn] partial = False # True when a member has groupMembership but doesn't have securityEquals for member in members_dn: result = connection.search(member, '(objectclass=*)', BASE, dereference_aliases=DEREF_NEVER, attributes=['groupMembership', 'securityEquals']) if not connection.strategy.sync: response, result = connection.get_response(result) else: response, result = connection.response, connection.result if not result['description'] == 'success': # member not found in DIT raise LDAPInvalidDnError(member + ' not found') existing_security_equals = response[0]['attributes']['securityEquals'] if 'securityEquals' in response[0]['attributes'] else [] existing_group_membership = response[0]['attributes']['groupMembership'] if 'groupMembership' in response[0]['attributes'] else [] existing_security_equals = [element.lower() for element in existing_security_equals] existing_group_membership = [element.lower() for element in existing_group_membership] for group in groups_dn: if group.lower() not in existing_group_membership: return False, False if group.lower() not in existing_security_equals: partial = True return True, partial def _check_groups_contain_members(connection, groups_dn, members_dn): """ :param connection: a bound Connection object :param members_dn: the list of members to add to groups :param groups_dn: the list of groups where members are to be added :return: two booleans. The first when True means that all members have membership in all groups, The second when True means that there are inconsistences in the EquivalentToMe attribute Checks if groups have members in their 'member' attribute. Raises LDAPInvalidDNError if member is not found in the DIT. """ if not isinstance(groups_dn, SEQUENCE_TYPES): groups_dn = [groups_dn] if not isinstance(members_dn, SEQUENCE_TYPES): members_dn = [members_dn] partial = False # True when a group has member but doesn't have equivalentToMe for group in groups_dn: result = connection.search(group, '(objectclass=*)', BASE, dereference_aliases=DEREF_NEVER, attributes=['member', 'equivalentToMe']) if not connection.strategy.sync: response, result = connection.get_response(result) else: response, result = connection.response, connection.result if not result['description'] == 'success': raise LDAPInvalidDnError(group + ' not found') existing_members = response[0]['attributes']['member'] if 'member' in response[0]['attributes'] else [] existing_equivalent_to_me = response[0]['attributes']['equivalentToMe'] if 'equivalentToMe' in response[0]['attributes'] else [] existing_members = [element.lower() for element in existing_members] existing_equivalent_to_me = [element.lower() for element in existing_equivalent_to_me] for member in members_dn: if member.lower() not in existing_members: return False, False if member.lower() not in existing_equivalent_to_me: partial = True return True, partial def edir_check_groups_memberships(connection, members_dn, groups_dn, fix, transaction): """ :param connection: a bound Connection object :param members_dn: the list of members to check :param groups_dn: the list of groups to check :param fix: checks for inconsistences in the users-groups relation and fixes them :param transaction: activates an LDAP transaction when fixing :return: a boolean where True means that the operation was successful and False means an error has happened Checks and fixes users-groups relations following the eDirectory rules: groups are checked against 'groupMembership' attribute in the member object while members are checked against 'member' attribute in the group object. Raises LDAPInvalidDnError if members or groups are not found in the DIT. """ if not isinstance(groups_dn, SEQUENCE_TYPES): groups_dn = [groups_dn] if not isinstance(members_dn, SEQUENCE_TYPES): members_dn = [members_dn] if connection.check_names: # builds new lists with sanitized dn safe_members_dn = [] safe_groups_dn = [] for member_dn in members_dn: safe_members_dn.append(safe_dn(member_dn)) for group_dn in groups_dn: safe_groups_dn.append(safe_dn(group_dn)) members_dn = safe_members_dn groups_dn = safe_groups_dn try: members_have_memberships, partial_member_security = _check_members_have_memberships(connection, members_dn, groups_dn) groups_contain_members, partial_group_security = _check_groups_contain_members(connection, groups_dn, members_dn) except LDAPInvalidDnError: return False if not members_have_memberships and not groups_contain_members: return False if fix: # fix any inconsistences if (members_have_memberships and not groups_contain_members) \ or (groups_contain_members and not members_have_memberships) \ or partial_group_security \ or partial_member_security: for member in members_dn: for group in groups_dn: edir_add_members_to_groups(connection, member, group, True, transaction) return True ldap3-2.4.1/ldap3/extend/novell/endTransaction.py0000666000000000000000000000431413226436321017776 0ustar 00000000000000""" """ # Created on 2016.04.14 # # Author: Giovanni Cannata # # Copyright 2016 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from ...extend.operation import ExtendedOperation from ...protocol.novell import EndGroupTypeRequestValue, EndGroupTypeResponseValue, Sequence from ...utils.asn1 import decoder class EndTransaction(ExtendedOperation): def config(self): self.request_name = '2.16.840.1.113719.1.27.103.2' self.response_name = '2.16.840.1.113719.1.27.103.2' self.request_value = EndGroupTypeRequestValue() self.asn1_spec = EndGroupTypeResponseValue() def __init__(self, connection, commit=True, controls=None): if controls and len(controls) == 1: group_cookie = decoder.decode(controls[0][2], asn1Spec=Sequence())[0][0] # get the cookie from the built groupingControl else: group_cookie = None controls = None ExtendedOperation.__init__(self, connection, controls) # calls super __init__() if group_cookie: self.request_value['endGroupCookie'] = group_cookie # transactionGroupingType if not commit: self.request_value['endGroupValue'] = '' # an empty endGroupValue means abort transaction def populate_result(self): try: self.result['value'] = self.decoded_response['endGroupValue'] except TypeError: self.result['value'] = None def set_response(self): self.response_value = self.result ldap3-2.4.1/ldap3/extend/novell/getBindDn.py0000666000000000000000000000261613226436321016663 0ustar 00000000000000""" """ # Created on 2014.04.30 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from ...protocol.novell import Identity from ...extend.operation import ExtendedOperation class GetBindDn(ExtendedOperation): def config(self): self.request_name = '2.16.840.1.113719.1.27.100.31' self.response_name = '2.16.840.1.113719.1.27.100.32' self.response_attribute = 'identity' self.asn1_spec = Identity() def populate_result(self): try: self.result['identity'] = str(self.decoded_response) if self.decoded_response else None except TypeError: self.result['identity'] = None ldap3-2.4.1/ldap3/extend/novell/listReplicas.py0000666000000000000000000000350013226436321017454 0ustar 00000000000000""" """ # Created on 2014.07.03 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from ...extend.operation import ExtendedOperation from ...protocol.novell import ReplicaList from ...protocol.rfc4511 import LDAPDN from ...utils.dn import safe_dn class ListReplicas(ExtendedOperation): def config(self): self.request_name = '2.16.840.1.113719.1.27.100.19' self.response_name = '2.16.840.1.113719.1.27.100.20' self.request_value = LDAPDN() self.asn1_spec = ReplicaList() self.response_attribute = 'replicas' def __init__(self, connection, server_dn, controls=None): ExtendedOperation.__init__(self, connection, controls) # calls super __init__() if connection.check_names: server_dn = safe_dn(server_dn) self.request_value = LDAPDN(server_dn) def populate_result(self): try: self.result['replicas'] = str(self.decoded_response['replicaList']) if self.decoded_response['replicaList'] else None except TypeError: self.result['replicas'] = None ldap3-2.4.1/ldap3/extend/novell/nmasGetUniversalPassword.py0000666000000000000000000000415113226436321022033 0ustar 00000000000000""" """ # Created on 2014.07.03 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from ...extend.operation import ExtendedOperation from ...protocol.novell import NmasGetUniversalPasswordRequestValue, NmasGetUniversalPasswordResponseValue, NMAS_LDAP_EXT_VERSION from ...utils.dn import safe_dn class NmasGetUniversalPassword(ExtendedOperation): def config(self): self.request_name = '2.16.840.1.113719.1.39.42.100.13' self.response_name = '2.16.840.1.113719.1.39.42.100.14' self.request_value = NmasGetUniversalPasswordRequestValue() self.asn1_spec = NmasGetUniversalPasswordResponseValue() self.response_attribute = 'password' def __init__(self, connection, user, controls=None): ExtendedOperation.__init__(self, connection, controls) # calls super __init__() if connection.check_names: user = safe_dn(user) self.request_value['nmasver'] = NMAS_LDAP_EXT_VERSION self.request_value['reqdn'] = user def populate_result(self): self.result['nmasver'] = int(self.decoded_response['nmasver']) self.result['error'] = int(self.decoded_response['err']) try: self.result['password'] = str(self.decoded_response['passwd']) if self.decoded_response['passwd'] else None except TypeError: self.result['password'] = None ldap3-2.4.1/ldap3/extend/novell/nmasSetUniversalPassword.py0000666000000000000000000000403513226436321022050 0ustar 00000000000000""" """ # Created on 2014.07.03 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from ...extend.operation import ExtendedOperation from ...protocol.novell import NmasSetUniversalPasswordRequestValue, NmasSetUniversalPasswordResponseValue, NMAS_LDAP_EXT_VERSION from ...utils.dn import safe_dn class NmasSetUniversalPassword(ExtendedOperation): def config(self): self.request_name = '2.16.840.1.113719.1.39.42.100.11' self.response_name = '2.16.840.1.113719.1.39.42.100.12' self.request_value = NmasSetUniversalPasswordRequestValue() self.asn1_spec = NmasSetUniversalPasswordResponseValue() self.response_attribute = 'password' def __init__(self, connection, user, new_password, controls=None): ExtendedOperation.__init__(self, connection, controls) # calls super __init__() if connection.check_names and user: user = safe_dn(user) self.request_value['nmasver'] = NMAS_LDAP_EXT_VERSION if user: self.request_value['reqdn'] = user if new_password: self.request_value['new_passwd'] = new_password def populate_result(self): self.result['nmasver'] = int(self.decoded_response['nmasver']) self.result['error'] = int(self.decoded_response['err']) ldap3-2.4.1/ldap3/extend/novell/partition_entry_count.py0000666000000000000000000000403513226436321021464 0ustar 00000000000000""" """ # Created on 2014.08.05 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from pyasn1.type.univ import Integer from ...core.exceptions import LDAPExtensionError from ..operation import ExtendedOperation from ...protocol.rfc4511 import LDAPDN from ...utils.asn1 import decoder from ...utils.dn import safe_dn class PartitionEntryCount(ExtendedOperation): def config(self): self.request_name = '2.16.840.1.113719.1.27.100.13' self.response_name = '2.16.840.1.113719.1.27.100.14' self.request_value = LDAPDN() self.response_attribute = 'entry_count' def __init__(self, connection, partition_dn, controls=None): ExtendedOperation.__init__(self, connection, controls) # calls super __init__() if connection.check_names: partition_dn = safe_dn(partition_dn) self.request_value = LDAPDN(partition_dn) def populate_result(self): substrate = self.decoded_response try: decoded, substrate = decoder.decode(substrate, asn1Spec=Integer()) self.result['entry_count'] = int(decoded) except Exception: raise LDAPExtensionError('unable to decode substrate') if substrate: raise LDAPExtensionError('unknown substrate remaining') ldap3-2.4.1/ldap3/extend/novell/removeMembersFromGroups.py0000666000000000000000000001700313226436321021655 0ustar 00000000000000""" """ # Created on 2016.04.17 # # Author: Giovanni Cannata # # Copyright 2016 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from ...core.exceptions import LDAPInvalidDnError from ... import SEQUENCE_TYPES, MODIFY_DELETE, BASE, DEREF_NEVER from ...utils.dn import safe_dn def edir_remove_members_from_groups(connection, members_dn, groups_dn, fix, transaction): """ :param connection: a bound Connection object :param members_dn: the list of members to remove from groups :param groups_dn: the list of groups where members are to be removed :param fix: checks for inconsistences in the users-groups relation and fixes them :param transaction: activates an LDAP transaction :return: a boolean where True means that the operation was successful and False means an error has happened Removes users-groups relations following the eDirectory rules: groups are removed from securityEquals and groupMembership attributes in the member object while members are removed from member and equivalentToMe attributes in the group object. Raises LDAPInvalidDnError if members or groups are not found in the DIT. """ if not isinstance(members_dn, SEQUENCE_TYPES): members_dn = [members_dn] if not isinstance(groups_dn, SEQUENCE_TYPES): groups_dn = [groups_dn] if connection.check_names: # builds new lists with sanitized dn safe_members_dn = [] safe_groups_dn = [] for member_dn in members_dn: safe_members_dn.append(safe_dn(member_dn)) for group_dn in groups_dn: safe_groups_dn.append(safe_dn(group_dn)) members_dn = safe_members_dn groups_dn = safe_groups_dn transaction_control = None error = False if transaction: transaction_control = connection.extend.novell.start_transaction() if not error: for member in members_dn: if fix: # checks for existance of member and for already assigned groups result = connection.search(member, '(objectclass=*)', BASE, dereference_aliases=DEREF_NEVER, attributes=['securityEquals', 'groupMembership']) if not connection.strategy.sync: response, result = connection.get_response(result) else: response, result = connection.response, connection.result if not result['description'] == 'success': raise LDAPInvalidDnError(member + ' not found') existing_security_equals = response[0]['attributes']['securityEquals'] if 'securityEquals' in response[0]['attributes'] else [] existing_group_membership = response[0]['attributes']['groupMembership'] if 'groupMembership' in response[0]['attributes'] else [] else: existing_security_equals = groups_dn existing_group_membership = groups_dn existing_security_equals = [element.lower() for element in existing_security_equals] existing_group_membership = [element.lower() for element in existing_group_membership] changes = dict() security_equals_to_remove = [element for element in groups_dn if element.lower() in existing_security_equals] group_membership_to_remove = [element for element in groups_dn if element.lower() in existing_group_membership] if security_equals_to_remove: changes['securityEquals'] = (MODIFY_DELETE, security_equals_to_remove) if group_membership_to_remove: changes['groupMembership'] = (MODIFY_DELETE, group_membership_to_remove) if changes: result = connection.modify(member, changes, controls=[transaction_control] if transaction else None) if not connection.strategy.sync: _, result = connection.get_response(result) else: result = connection.result if result['description'] != 'success': error = True break if not error: for group in groups_dn: if fix: # checks for existance of group and for already assigned members result = connection.search(group, '(objectclass=*)', BASE, dereference_aliases=DEREF_NEVER, attributes=['member', 'equivalentToMe']) if not connection.strategy.sync: response, result = connection.get_response(result) else: response, result = connection.response, connection.result if not result['description'] == 'success': raise LDAPInvalidDnError(group + ' not found') existing_members = response[0]['attributes']['member'] if 'member' in response[0]['attributes'] else [] existing_equivalent_to_me = response[0]['attributes']['equivalentToMe'] if 'equivalentToMe' in response[0]['attributes'] else [] else: existing_members = members_dn existing_equivalent_to_me = members_dn existing_members = [element.lower() for element in existing_members] existing_equivalent_to_me = [element.lower() for element in existing_equivalent_to_me] changes = dict() member_to_remove = [element for element in members_dn if element.lower() in existing_members] equivalent_to_me_to_remove = [element for element in members_dn if element.lower() in existing_equivalent_to_me] if member_to_remove: changes['member'] = (MODIFY_DELETE, member_to_remove) if equivalent_to_me_to_remove: changes['equivalentToMe'] = (MODIFY_DELETE, equivalent_to_me_to_remove) if changes: result = connection.modify(group, changes, controls=[transaction_control] if transaction else None) if not connection.strategy.sync: _, result = connection.get_response(result) else: result = connection.result if result['description'] != 'success': error = True break if transaction: if error: # aborts transaction in case of error in the modify operations result = connection.extend.novell.end_transaction(commit=False, controls=[transaction_control]) else: result = connection.extend.novell.end_transaction(commit=True, controls=[transaction_control]) if result['description'] != 'success': error = True return not error # return True if no error is raised in the LDAP operations ldap3-2.4.1/ldap3/extend/novell/replicaInfo.py0000666000000000000000000000647713226436321017271 0ustar 00000000000000""" """ # Created on 2014.08.07 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from datetime import datetime from pyasn1.type.univ import Integer from ...core.exceptions import LDAPExtensionError from ...protocol.novell import LDAPDN, ReplicaInfoRequestValue from ..operation import ExtendedOperation from ...utils.asn1 import decoder from ...utils.dn import safe_dn class ReplicaInfo(ExtendedOperation): def config(self): self.request_name = '2.16.840.1.113719.1.27.100.17' self.response_name = '2.16.840.1.113719.1.27.100.18' # self.asn1_spec = ReplicaInfoResponseValue() self.request_value = ReplicaInfoRequestValue() self.response_attribute = 'partition_dn' def __init__(self, connection, server_dn, partition_dn, controls=None): if connection.check_names: if server_dn: server_dn = safe_dn(server_dn) if partition_dn: partition_dn = safe_dn(partition_dn) ExtendedOperation.__init__(self, connection, controls) # calls super __init__() self.request_value['server_dn'] = server_dn self.request_value['partition_dn'] = partition_dn def populate_result(self): substrate = self.decoded_response try: decoded, substrate = decoder.decode(substrate, asn1Spec=Integer()) self.result['partition_id'] = int(decoded) decoded, substrate = decoder.decode(substrate, asn1Spec=Integer()) self.result['replica_state'] = int(decoded) decoded, substrate = decoder.decode(substrate, asn1Spec=Integer()) self.result['modification_time'] = datetime.utcfromtimestamp(int(decoded)) decoded, substrate = decoder.decode(substrate, asn1Spec=Integer()) self.result['purge_time'] = datetime.utcfromtimestamp(int(decoded)) decoded, substrate = decoder.decode(substrate, asn1Spec=Integer()) self.result['local_partition_id'] = int(decoded) decoded, substrate = decoder.decode(substrate, asn1Spec=LDAPDN()) self.result['partition_dn'] = str(decoded) decoded, substrate = decoder.decode(substrate, asn1Spec=Integer()) self.result['replica_type'] = int(decoded) decoded, substrate = decoder.decode(substrate, asn1Spec=Integer()) self.result['flags'] = int(decoded) except Exception: raise LDAPExtensionError('unable to decode substrate') if substrate: raise LDAPExtensionError('unknown substrate remaining') ldap3-2.4.1/ldap3/extend/novell/startTransaction.py0000666000000000000000000000436513226436321020373 0ustar 00000000000000""" """ # Created on 2016.04.14 # # Author: Giovanni Cannata # # Copyright 2016 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from ...extend.operation import ExtendedOperation from ...protocol.novell import CreateGroupTypeRequestValue, CreateGroupTypeResponseValue, GroupingControlValue from ...protocol.controls import build_control class StartTransaction(ExtendedOperation): def config(self): self.request_name = '2.16.840.1.113719.1.27.103.1' self.response_name = '2.16.840.1.113719.1.27.103.1' self.request_value = CreateGroupTypeRequestValue() self.asn1_spec = CreateGroupTypeResponseValue() def __init__(self, connection, controls=None): ExtendedOperation.__init__(self, connection, controls) # calls super __init__() self.request_value['createGroupType'] = '2.16.840.1.113719.1.27.103.7' # transactionGroupingType def populate_result(self): self.result['cookie'] = int(self.decoded_response['createGroupCookie']) try: self.result['value'] = self.decoded_response['createGroupValue'] except TypeError: self.result['value'] = None def set_response(self): try: grouping_cookie_value = GroupingControlValue() grouping_cookie_value['groupingCookie'] = self.result['cookie'] self.response_value = build_control('2.16.840.1.113719.1.27.103.7', True, grouping_cookie_value, encode_control_value=True) # groupingControl except TypeError: self.response_value = None ldap3-2.4.1/ldap3/extend/novell/__init__.py0000666000000000000000000000000012767320327016554 0ustar 00000000000000ldap3-2.4.1/ldap3/extend/operation.py0000666000000000000000000000722613226436321015530 0ustar 00000000000000""" """ # Created on 2014.07.04 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from ..core.results import RESULT_SUCCESS from ..core.exceptions import LDAPExtensionError from ..utils.asn1 import decoder class ExtendedOperation(object): def __init__(self, connection, controls=None): self.connection = connection self.decoded_response = None self.result = None self.asn1_spec = None # if None the response_value is returned without encoding self.request_name = None self.response_name = None self.request_value = None self.response_value = None self.response_attribute = None self.controls = controls self.config() def send(self): if self.connection.check_names and self.connection.server.info is not None and self.connection.server.info.supported_extensions is not None: # checks if extension is supported for request_name in self.connection.server.info.supported_extensions: if request_name[0] == self.request_name: break else: raise LDAPExtensionError('extension not in DSA list of supported extensions') resp = self.connection.extended(self.request_name, self.request_value, self.controls) if not self.connection.strategy.sync: _, self.result = self.connection.get_response(resp) else: self.result = self.connection.result self.decode_response() self.populate_result() self.set_response() return self.response_value def populate_result(self): pass def decode_response(self): if not self.result: return None if self.result['result'] not in [RESULT_SUCCESS]: if self.connection.raise_exceptions: raise LDAPExtensionError('extended operation error: ' + self.result['description'] + ' - ' + self.result['message']) else: return None if not self.response_name or self.result['responseName'] == self.response_name: if self.result['responseValue']: if self.asn1_spec is not None: decoded, unprocessed = decoder.decode(self.result['responseValue'], asn1Spec=self.asn1_spec) if unprocessed: raise LDAPExtensionError('error decoding extended response value') self.decoded_response = decoded else: self.decoded_response = self.result['responseValue'] else: raise LDAPExtensionError('invalid response name received') def set_response(self): self.response_value = self.result[self.response_attribute] if self.result and self.response_attribute in self.result else None self.connection.response = self.response_value def config(self): pass ldap3-2.4.1/ldap3/extend/standard/0000777000000000000000000000000013231031760014741 5ustar 00000000000000ldap3-2.4.1/ldap3/extend/standard/modifyPassword.py0000666000000000000000000000667413227456344020360 0ustar 00000000000000""" """ # Created on 2014.04.30 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from ... import HASHED_NONE from ...extend.operation import ExtendedOperation from ...protocol.rfc3062 import PasswdModifyRequestValue, PasswdModifyResponseValue from ...utils.hashed import hashed from ...protocol.sasl.sasl import validate_simple_password from ...utils.dn import safe_dn from ...core.results import RESULT_SUCCESS # implements RFC3062 class ModifyPassword(ExtendedOperation): def config(self): self.request_name = '1.3.6.1.4.1.4203.1.11.1' self.request_value = PasswdModifyRequestValue() self.asn1_spec = PasswdModifyResponseValue() self.response_attribute = 'new_password' def __init__(self, connection, user=None, old_password=None, new_password=None, hash_algorithm=None, salt=None, controls=None): ExtendedOperation.__init__(self, connection, controls) # calls super __init__() if user: if connection.check_names: user = safe_dn(user) self.request_value['userIdentity'] = user if old_password: if not isinstance(old_password, bytes): # bytes are returned raw, as per RFC (4.2) old_password = validate_simple_password(old_password, True) self.request_value['oldPasswd'] = old_password if new_password: if not isinstance(new_password, bytes): # bytes are returned raw, as per RFC (4.2) new_password = validate_simple_password(new_password, True) if hash_algorithm is None or hash_algorithm == HASHED_NONE: self.request_value['newPasswd'] = new_password else: self.request_value['newPasswd'] = hashed(hash_algorithm, new_password, salt) def populate_result(self): try: self.result[self.response_attribute] = str(self.decoded_response['genPasswd']) except TypeError: # optional field can be absent, so returns True if operation is successful else False if self.result['result'] == RESULT_SUCCESS: self.result[self.response_attribute] = True else: # change was not successful, raises exception if raise_exception = True in connection or returns the operation result, error code is in result['result'] self.result[self.response_attribute] = False if not self.connection.raise_exceptions: from ...core.exceptions import LDAPOperationResult raise LDAPOperationResult(result=self.result['result'], description=self.result['description'], dn=self.result['dn'], message=self.result['message'], response_type=self.result['type']) ldap3-2.4.1/ldap3/extend/standard/PagedSearch.py0000666000000000000000000001174513226436321017477 0ustar 00000000000000""" """ # Created on 2014.07.08 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from ... import SUBTREE, DEREF_ALWAYS from ...utils.dn import safe_dn from ...core.results import DO_NOT_RAISE_EXCEPTIONS from ...core.exceptions import LDAPOperationResult from ...utils.log import log, log_enabled, ERROR, BASIC, PROTOCOL, NETWORK, EXTENDED def paged_search_generator(connection, search_base, search_filter, search_scope=SUBTREE, dereference_aliases=DEREF_ALWAYS, attributes=None, size_limit=0, time_limit=0, types_only=False, get_operational_attributes=False, controls=None, paged_size=100, paged_criticality=False): if connection.check_names and search_base: search_base = safe_dn(search_base) responses = [] cookie = True # performs search at least one time while cookie: result = connection.search(search_base, search_filter, search_scope, dereference_aliases, attributes, size_limit, time_limit, types_only, get_operational_attributes, controls, paged_size, paged_criticality, None if cookie is True else cookie) if not isinstance(result, bool): response, result = connection.get_response(result) else: response = connection.response result = connection.result if result and result['result'] not in DO_NOT_RAISE_EXCEPTIONS: if log_enabled(PROTOCOL): log(PROTOCOL, 'paged search operation result <%s> for <%s>', result, connection) raise LDAPOperationResult(result=result['result'], description=result['description'], dn=result['dn'], message=result['message'], response_type=result['type']) responses.extend(response) try: cookie = result['controls']['1.2.840.113556.1.4.319']['value']['cookie'] except KeyError: cookie = None while responses: yield responses.pop() connection.response = None def paged_search_accumulator(connection, search_base, search_filter, search_scope=SUBTREE, dereference_aliases=DEREF_ALWAYS, attributes=None, size_limit=0, time_limit=0, types_only=False, get_operational_attributes=False, controls=None, paged_size=100, paged_criticality=False): if connection.check_names and search_base: search_base = safe_dn(search_base) responses = [] for response in paged_search_generator(connection, search_base, search_filter, search_scope, dereference_aliases, attributes, size_limit, time_limit, types_only, get_operational_attributes, controls, paged_size, paged_criticality): responses.append(response) connection.response = responses return responses ldap3-2.4.1/ldap3/extend/standard/PersistentSearch.py0000666000000000000000000001134013231023721020576 0ustar 00000000000000""" """ # Created on 2016.07.08 # # Author: Giovanni Cannata # # Copyright 2016 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . try: from queue import Empty except ImportError: # Python 2 # noinspection PyUnresolvedReferences from Queue import Empty from ...core.exceptions import LDAPExtensionError from ...protocol.persistentSearch import persistent_search_control from ... import SEQUENCE_TYPES from ...utils.dn import safe_dn class PersistentSearch(object): def __init__(self, connection, search_base, search_filter, search_scope, dereference_aliases, attributes, size_limit, time_limit, controls, changes_only, events_type, notifications, streaming, callback ): if connection.strategy.sync: raise LDAPExtensionError('Persistent Search needs an asynchronous streaming connection') if connection.check_names and search_base: search_base = safe_dn(search_base) self.connection = connection self.changes_only = changes_only self.notifications = notifications self.message_id = None self.base = search_base self.filter = search_filter self.scope = search_scope self.dereference_aliases = dereference_aliases self.attributes = attributes self.size_limit = size_limit self.time_limit = time_limit self.connection.strategy.streaming = streaming if callback and callable(callback): self.connection.strategy.callback = callback elif callback: raise LDAPExtensionError('callback is not callable') if not isinstance(controls, SEQUENCE_TYPES): self.controls = [] else: self.controls = controls self.controls.append(persistent_search_control(events_type, changes_only, notifications)) self.start() def start(self): if self.message_id: # persistent search already started return if not self.connection.bound: self.connection.bind() with self.connection.strategy.async_lock: self.message_id = self.connection.search(search_base=self.base, search_filter=self.filter, search_scope=self.scope, dereference_aliases=self.dereference_aliases, attributes=self.attributes, size_limit=self.size_limit, time_limit=self.time_limit, controls=self.controls) self.connection.strategy.persistent_search_message_id = self.message_id def stop(self): self.connection.abandon(self.message_id) self.connection.unbind() if self.message_id in self.connection.strategy._responses: del self.connection.strategy._responses[self.message_id] if hasattr(self.connection.strategy, '_requests') and self.message_id in self.connection.strategy._requests: # asynchronous strategy has a dict of request that could be returned by get_response() del self.connection.strategy._requests[self.message_id] self.connection.strategy.persistent_search_message_id = None self.message_id = None def next(self): if not self.connection.strategy.streaming and not self.connection.strategy.callback: try: return self.connection.strategy.events.get_nowait() except Empty: return None raise LDAPExtensionError('Persistent search is not accumulating events in queue') ldap3-2.4.1/ldap3/extend/standard/whoAmI.py0000666000000000000000000000255513226436321016514 0ustar 00000000000000""" """ # Created on 2014.04.30 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . # implements RFC4532 from ...extend.operation import ExtendedOperation from ...utils.conv import to_unicode class WhoAmI(ExtendedOperation): def config(self): self.request_name = '1.3.6.1.4.1.4203.1.11.3' self.response_attribute = 'authzid' def populate_result(self): try: self.result['authzid'] = to_unicode(self.decoded_response) if self.decoded_response else None except TypeError: self.result['authzid'] = self.decoded_response if self.decoded_response else None ldap3-2.4.1/ldap3/extend/standard/__init__.py0000666000000000000000000000000012767320327017055 0ustar 00000000000000ldap3-2.4.1/ldap3/extend/__init__.py0000666000000000000000000003060513226436321015264 0ustar 00000000000000""" """ # Created on 2014.04.28 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from os import linesep from .. import SUBTREE, DEREF_ALWAYS, ALL_ATTRIBUTES, DEREF_NEVER from .microsoft.dirSync import DirSync from .microsoft.modifyPassword import ad_modify_password from .microsoft.unlockAccount import ad_unlock_account from .microsoft.addMembersToGroups import ad_add_members_to_groups from .microsoft.removeMembersFromGroups import ad_remove_members_from_groups from .novell.partition_entry_count import PartitionEntryCount from .novell.replicaInfo import ReplicaInfo from .novell.listReplicas import ListReplicas from .novell.getBindDn import GetBindDn from .novell.nmasGetUniversalPassword import NmasGetUniversalPassword from .novell.nmasSetUniversalPassword import NmasSetUniversalPassword from .novell.startTransaction import StartTransaction from .novell.endTransaction import EndTransaction from .novell.addMembersToGroups import edir_add_members_to_groups from .novell.removeMembersFromGroups import edir_remove_members_from_groups from .novell.checkGroupsMemberships import edir_check_groups_memberships from .standard.whoAmI import WhoAmI from .standard.modifyPassword import ModifyPassword from .standard.PagedSearch import paged_search_generator, paged_search_accumulator from .standard.PersistentSearch import PersistentSearch class ExtendedOperationContainer(object): def __init__(self, connection): self._connection = connection def __repr__(self): return linesep.join([' ' + element for element in dir(self) if element[0] != '_']) def __str__(self): return self.__repr__() class StandardExtendedOperations(ExtendedOperationContainer): def who_am_i(self, controls=None): return WhoAmI(self._connection, controls).send() def modify_password(self, user=None, old_password=None, new_password=None, hash_algorithm=None, salt=None, controls=None): return ModifyPassword(self._connection, user, old_password, new_password, hash_algorithm, salt, controls).send() def paged_search(self, search_base, search_filter, search_scope=SUBTREE, dereference_aliases=DEREF_ALWAYS, attributes=None, size_limit=0, time_limit=0, types_only=False, get_operational_attributes=False, controls=None, paged_size=100, paged_criticality=False, generator=True): if generator: return paged_search_generator(self._connection, search_base, search_filter, search_scope, dereference_aliases, attributes, size_limit, time_limit, types_only, get_operational_attributes, controls, paged_size, paged_criticality) else: return paged_search_accumulator(self._connection, search_base, search_filter, search_scope, dereference_aliases, attributes, size_limit, time_limit, types_only, get_operational_attributes, controls, paged_size, paged_criticality) def persistent_search(self, search_base='', search_filter='(objectclass=*)', search_scope=SUBTREE, dereference_aliases=DEREF_NEVER, attributes=ALL_ATTRIBUTES, size_limit=0, time_limit=0, controls=None, changes_only=True, show_additions=True, show_deletions=True, show_modifications=True, show_dn_modifications=True, notifications=True, streaming=True, callback=None ): events_type = 0 if show_additions: events_type += 1 if show_deletions: events_type += 2 if show_modifications: events_type += 4 if show_dn_modifications: events_type += 8 if callback: streaming = False return PersistentSearch(self._connection, search_base, search_filter, search_scope, dereference_aliases, attributes, size_limit, time_limit, controls, changes_only, events_type, notifications, streaming, callback) class NovellExtendedOperations(ExtendedOperationContainer): def get_bind_dn(self, controls=None): return GetBindDn(self._connection, controls).send() def get_universal_password(self, user, controls=None): return NmasGetUniversalPassword(self._connection, user, controls).send() def set_universal_password(self, user, new_password=None, controls=None): return NmasSetUniversalPassword(self._connection, user, new_password, controls).send() def list_replicas(self, server_dn, controls=None): return ListReplicas(self._connection, server_dn, controls).send() def partition_entry_count(self, partition_dn, controls=None): return PartitionEntryCount(self._connection, partition_dn, controls).send() def replica_info(self, server_dn, partition_dn, controls=None): return ReplicaInfo(self._connection, server_dn, partition_dn, controls).send() def start_transaction(self, controls=None): return StartTransaction(self._connection, controls).send() def end_transaction(self, commit=True, controls=None): # attach the groupingControl to commit, None to abort transaction return EndTransaction(self._connection, commit, controls).send() def add_members_to_groups(self, members, groups, fix=True, transaction=True): return edir_add_members_to_groups(self._connection, members_dn=members, groups_dn=groups, fix=fix, transaction=transaction) def remove_members_from_groups(self, members, groups, fix=True, transaction=True): return edir_remove_members_from_groups(self._connection, members_dn=members, groups_dn=groups, fix=fix, transaction=transaction) def check_groups_memberships(self, members, groups, fix=False, transaction=True): return edir_check_groups_memberships(self._connection, members_dn=members, groups_dn=groups, fix=fix, transaction=transaction) class MicrosoftExtendedOperations(ExtendedOperationContainer): def dir_sync(self, sync_base, sync_filter='(objectclass=*)', attributes=ALL_ATTRIBUTES, cookie=None, object_security=False, ancestors_first=True, public_data_only=False, incremental_values=True, max_length=2147483647, hex_guid=False): return DirSync(self._connection, sync_base=sync_base, sync_filter=sync_filter, attributes=attributes, cookie=cookie, object_security=object_security, ancestors_first=ancestors_first, public_data_only=public_data_only, incremental_values=incremental_values, max_length=max_length, hex_guid=hex_guid) def modify_password(self, user, new_password, old_password=None, controls=None): return ad_modify_password(self._connection, user, new_password, old_password, controls) def unlock_account(self, user): return ad_unlock_account(self._connection, user) def add_members_to_groups(self, members, groups, fix=True): return ad_add_members_to_groups(self._connection, members_dn=members, groups_dn=groups, fix=fix) def remove_members_from_groups(self, members, groups, fix=True): return ad_remove_members_from_groups(self._connection, members_dn=members, groups_dn=groups, fix=fix) class ExtendedOperationsRoot(ExtendedOperationContainer): def __init__(self, connection): ExtendedOperationContainer.__init__(self, connection) # calls super self.standard = StandardExtendedOperations(self._connection) self.novell = NovellExtendedOperations(self._connection) self.microsoft = MicrosoftExtendedOperations(self._connection) ldap3-2.4.1/ldap3/operation/0000777000000000000000000000000013231031760013652 5ustar 00000000000000ldap3-2.4.1/ldap3/operation/abandon.py0000666000000000000000000000216313226436321015636 0ustar 00000000000000""" """ # Created on 2013.05.31 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from ..protocol.rfc4511 import AbandonRequest, MessageID def abandon_operation(msg_id): # AbandonRequest ::= [APPLICATION 16] MessageID request = AbandonRequest(MessageID(msg_id)) return request def abandon_request_to_dict(request): return {'messageId': str(request)} ldap3-2.4.1/ldap3/operation/add.py0000666000000000000000000000564713230271417014774 0ustar 00000000000000""" """ # Created on 2013.05.31 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from .. import SEQUENCE_TYPES from ..protocol.rfc4511 import AddRequest, LDAPDN, AttributeList, Attribute, AttributeDescription, ResultCode, Vals from ..protocol.convert import referrals_to_list, attributes_to_dict, validate_attribute_value, prepare_for_sending def add_operation(dn, attributes, auto_encode, schema=None, validator=None, check_names=False): # AddRequest ::= [APPLICATION 8] SEQUENCE { # entry LDAPDN, # attributes AttributeList } # # attributes is a dictionary in the form 'attribute': ['val1', 'val2', 'valN'] attribute_list = AttributeList() for pos, attribute in enumerate(attributes): attribute_list[pos] = Attribute() attribute_list[pos]['type'] = AttributeDescription(attribute) vals = Vals() # changed from ValsAtLeast1() for allowing empty member value in groups if isinstance(attributes[attribute], SEQUENCE_TYPES): for index, value in enumerate(attributes[attribute]): vals.setComponentByPosition(index, prepare_for_sending(validate_attribute_value(schema, attribute, value, auto_encode, validator, check_names))) else: vals.setComponentByPosition(0, prepare_for_sending(validate_attribute_value(schema, attribute, attributes[attribute], auto_encode, validator, check_names))) attribute_list[pos]['vals'] = vals request = AddRequest() request['entry'] = LDAPDN(dn) request['attributes'] = attribute_list return request def add_request_to_dict(request): return {'entry': str(request['entry']), 'attributes': attributes_to_dict(request['attributes'])} def add_response_to_dict(response): return {'result': int(response['resultCode']), 'description': ResultCode().getNamedValues().getName(response['resultCode']), 'dn': str(response['matchedDN']), 'message': str(response['diagnosticMessage']), 'referrals': referrals_to_list(response['referral'])} ldap3-2.4.1/ldap3/operation/bind.py0000666000000000000000000001701413230271173015146 0ustar 00000000000000""" """ # Created on 2013.05.31 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from .. import SIMPLE, ANONYMOUS, SASL, STRING_TYPES from ..core.results import RESULT_CODES from ..core.exceptions import LDAPPasswordIsMandatoryError, LDAPUnknownAuthenticationMethodError, LDAPUserNameNotAllowedError from ..protocol.sasl.sasl import validate_simple_password from ..protocol.rfc4511 import Version, AuthenticationChoice, Simple, BindRequest, ResultCode, SaslCredentials, BindResponse, \ LDAPDN, LDAPString, Referral, ServerSaslCreds, SicilyPackageDiscovery, SicilyNegotiate, SicilyResponse from ..protocol.convert import authentication_choice_to_dict, referrals_to_list from ..utils.conv import to_unicode, to_raw # noinspection PyUnresolvedReferences def bind_operation(version, authentication, name='', password=None, sasl_mechanism=None, sasl_credentials=None, auto_encode=False): # BindRequest ::= [APPLICATION 0] SEQUENCE { # version INTEGER (1 .. 127), # name LDAPDN, # authentication AuthenticationChoice } request = BindRequest() request['version'] = Version(version) if name is None: name = '' if isinstance(name, STRING_TYPES): request['name'] = to_unicode(name) if auto_encode else name if authentication == SIMPLE: if not name: raise LDAPPasswordIsMandatoryError('user name is mandatory in simple bind') if password: request['authentication'] = AuthenticationChoice().setComponentByName('simple', Simple(validate_simple_password(password))) else: raise LDAPPasswordIsMandatoryError('password is mandatory in simple bind') elif authentication == SASL: sasl_creds = SaslCredentials() sasl_creds['mechanism'] = sasl_mechanism if sasl_credentials is not None: sasl_creds['credentials'] = sasl_credentials # else: # sasl_creds['credentials'] = None request['authentication'] = AuthenticationChoice().setComponentByName('sasl', sasl_creds) elif authentication == ANONYMOUS: if name: raise LDAPUserNameNotAllowedError('user name not allowed in anonymous bind') request['name'] = '' request['authentication'] = AuthenticationChoice().setComponentByName('simple', Simple('')) elif authentication == 'SICILY_PACKAGE_DISCOVERY': # https://msdn.microsoft.com/en-us/library/cc223501.aspx request['name'] = '' request['authentication'] = AuthenticationChoice().setComponentByName('sicilyPackageDiscovery', SicilyPackageDiscovery('')) elif authentication == 'SICILY_NEGOTIATE_NTLM': # https://msdn.microsoft.com/en-us/library/cc223501.aspx request['name'] = 'NTLM' request['authentication'] = AuthenticationChoice().setComponentByName('sicilyNegotiate', SicilyNegotiate(name.create_negotiate_message())) # ntlm client in self.name elif authentication == 'SICILY_RESPONSE_NTLM': # https://msdn.microsoft.com/en-us/library/cc223501.aspx name.parse_challenge_message(password) # server_creds returned by server in password server_creds = name.create_authenticate_message() if server_creds: request['name'] = '' request['authentication'] = AuthenticationChoice().setComponentByName('sicilyResponse', SicilyResponse(server_creds)) else: request = None else: raise LDAPUnknownAuthenticationMethodError('unknown authentication method') return request def bind_request_to_dict(request): return {'version': int(request['version']), 'name': str(request['name']), 'authentication': authentication_choice_to_dict(request['authentication'])} def bind_response_operation(result_code, matched_dn='', diagnostic_message='', referral=None, server_sasl_credentials=None): # BindResponse ::= [APPLICATION 1] SEQUENCE { # COMPONENTS OF LDAPResult, # serverSaslCreds [7] OCTET STRING OPTIONAL } response = BindResponse() response['resultCode'] = ResultCode(result_code) response['matchedDN'] = LDAPDN(matched_dn) response['diagnosticMessage'] = LDAPString(diagnostic_message) if referral: response['referral'] = Referral(referral) if server_sasl_credentials: response['serverSaslCreds'] = ServerSaslCreds(server_sasl_credentials) return response def bind_response_to_dict(response): return {'result': int(response['resultCode']), 'description': ResultCode().getNamedValues().getName(response['resultCode']), 'dn': str(response['matchedDN']), 'message': str(response['diagnosticMessage']), 'referrals': referrals_to_list(response['referral']), 'saslCreds': bytes(response['serverSaslCreds']) if response['serverSaslCreds'] is not None and response['serverSaslCreds'].hasValue() else None} def sicily_bind_response_to_dict(response): return {'result': int(response['resultCode']), 'description': ResultCode().getNamedValues().getName(response['resultCode']), 'server_creds': bytes(response['matchedDN']), 'error_message': str(response['diagnosticMessage'])} def bind_response_to_dict_fast(response): response_dict = dict() response_dict['result'] = int(response[0][3]) # resultCode response_dict['description'] = RESULT_CODES[response_dict['result']] response_dict['dn'] = to_unicode(response[1][3], from_server=True) # matchedDN response_dict['message'] = to_unicode(response[2][3], from_server=True) # diagnosticMessage response_dict['referrals'] = None # referrals response_dict['saslCreds'] = None # saslCreds for r in response[3:]: if r[2] == 3: # referrals response_dict['referrals'] = referrals_to_list(r[3]) # referrals else: response_dict['saslCreds'] = bytes(r[3]) # saslCreds return response_dict def sicily_bind_response_to_dict_fast(response): response_dict = dict() response_dict['result'] = int(response[0][3]) # resultCode response_dict['description'] = RESULT_CODES[response_dict['result']] response_dict['server_creds'] = bytes(response[1][3]) # server_creds response_dict['error_message'] = to_unicode(response[2][3], from_server=True) # error_message return response_dict ldap3-2.4.1/ldap3/operation/compare.py0000666000000000000000000000464313230271704015664 0ustar 00000000000000""" """ # Created on 2013.05.31 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from ..protocol.convert import validate_attribute_value, prepare_for_sending from ..protocol.rfc4511 import CompareRequest, AttributeValueAssertion, AttributeDescription, LDAPDN, AssertionValue, ResultCode from ..operation.search import ava_to_dict from ..operation.bind import referrals_to_list def compare_operation(dn, attribute, value, auto_encode, schema=None, validator=None, check_names=False): # CompareRequest ::= [APPLICATION 14] SEQUENCE { # entry LDAPDN, # ava AttributeValueAssertion } ava = AttributeValueAssertion() ava['attributeDesc'] = AttributeDescription(attribute) ava['assertionValue'] = AssertionValue(prepare_for_sending(validate_attribute_value(schema, attribute, value, auto_encode, validator, check_names=check_names))) request = CompareRequest() request['entry'] = LDAPDN(dn) request['ava'] = ava return request def compare_request_to_dict(request): ava = ava_to_dict(request['ava']) return {'entry': str(request['entry']), 'attribute': ava['attribute'], 'value': ava['value']} def compare_response_to_dict(response): return {'result': int(response['resultCode']), 'description': ResultCode().getNamedValues().getName(response['resultCode']), 'dn': str(response['matchedDN']), 'message': str(response['diagnosticMessage']), 'referrals': referrals_to_list(response['referral'])} ldap3-2.4.1/ldap3/operation/delete.py0000666000000000000000000000276713226436321015510 0ustar 00000000000000""" """ # Created on 2013.05.31 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from ..protocol.rfc4511 import DelRequest, LDAPDN, ResultCode from ..operation.bind import referrals_to_list def delete_operation(dn): # DelRequest ::= [APPLICATION 10] LDAPDN request = DelRequest(LDAPDN(dn)) return request def delete_request_to_dict(request): return {'entry': str(request)} def delete_response_to_dict(response): return {'result': int(response['resultCode']), 'description': ResultCode().getNamedValues().getName(response['resultCode']), 'dn': str(response['matchedDN']), 'message': str(response['diagnosticMessage']), 'referrals': referrals_to_list(response['referral'])} ldap3-2.4.1/ldap3/operation/extended.py0000666000000000000000000001137513226436321016041 0ustar 00000000000000""" """ # Created on 2013.05.31 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from pyasn1.type.univ import OctetString from pyasn1.type.base import Asn1Item from ..core.results import RESULT_CODES from ..protocol.rfc4511 import ExtendedRequest, RequestName, ResultCode, RequestValue from ..protocol.convert import referrals_to_list from ..utils.asn1 import encode from ..utils.conv import to_unicode # ExtendedRequest ::= [APPLICATION 23] SEQUENCE { # requestName [0] LDAPOID, # requestValue [1] OCTET STRING OPTIONAL } def extended_operation(request_name, request_value=None, no_encode=None): request = ExtendedRequest() request['requestName'] = RequestName(request_name) if request_value and isinstance(request_value, Asn1Item): request['requestValue'] = RequestValue(encode(request_value)) elif str is not bytes and isinstance(request_value, (bytes, bytearray)): # in Python 3 doesn't try to encode a byte value request['requestValue'] = request_value elif request_value and no_encode: # doesn't encode the value request['requestValue'] = request_value elif request_value: # tries to encode as a octet string request['requestValue'] = RequestValue(encode(OctetString(str(request_value)))) # elif request_value is not None: # raise LDAPExtensionError('unable to encode value for extended operation') return request def extended_request_to_dict(request): # return {'name': str(request['requestName']), 'value': bytes(request['requestValue']) if request['requestValue'] else None} return {'name': str(request['requestName']), 'value': bytes(request['requestValue']) if 'requestValue' in request and request['requestValue'] is not None and request['requestValue'].hasValue() else None} def extended_response_to_dict(response): return {'result': int(response['resultCode']), 'dn': str(response['matchedDN']), 'message': str(response['diagnosticMessage']), 'description': ResultCode().getNamedValues().getName(response['resultCode']), 'referrals': referrals_to_list(response['referral']), 'responseName': str(response['responseName']) if response['responseName'] else None, 'responseValue': bytes(response['responseValue']) if response['responseValue'] is not None and response['responseValue'].hasValue() else bytes()} def intermediate_response_to_dict(response): return {'responseName': str(response['responseName']), 'responseValue': bytes(response['responseValue']) if response['responseValue'] else bytes()} def extended_response_to_dict_fast(response): response_dict = dict() response_dict['result'] = int(response[0][3]) # resultCode response_dict['description'] = RESULT_CODES[response_dict['result']] response_dict['dn'] = to_unicode(response[1][3], from_server=True) # matchedDN response_dict['message'] = to_unicode(response[2][3], from_server=True) # diagnosticMessage response_dict['referrals'] = None # referrals response_dict['responseName'] = None # referrals response_dict['responseValue'] = None # responseValue for r in response[3:]: if r[2] == 3: # referrals response_dict['referrals'] = referrals_to_list(r[3]) # referrals elif r[2] == 10: # responseName response_dict['responseName'] = to_unicode(r[3], from_server=True) response_dict['responseValue'] = b'' # responseValue could be empty else: # responseValue (11) response_dict['responseValue'] = bytes(r[3]) return response_dict def intermediate_response_to_dict_fast(response): response_dict = dict() for r in response: if r[2] == 0: # responseName response_dict['responseName'] = to_unicode(r[3], from_server=True) else: # responseValue (1) response_dict['responseValue'] = bytes(r[3]) return response_dict ldap3-2.4.1/ldap3/operation/modify.py0000666000000000000000000000752713230271704015531 0ustar 00000000000000""" """ # Created on 2013.05.31 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from .. import SEQUENCE_TYPES, MODIFY_ADD, MODIFY_DELETE, MODIFY_REPLACE, MODIFY_INCREMENT from ..protocol.rfc4511 import ModifyRequest, LDAPDN, Changes, Change, Operation, PartialAttribute, AttributeDescription, Vals, ResultCode from ..operation.bind import referrals_to_list from ..protocol.convert import changes_to_list, validate_attribute_value, prepare_for_sending # ModifyRequest ::= [APPLICATION 6] SEQUENCE { # object LDAPDN, # changes SEQUENCE OF change SEQUENCE { # operation ENUMERATED { # add (0), # delete (1), # replace (2), # ... }, # modification PartialAttribute } } change_table = {MODIFY_ADD: 0, # accepts actual values too MODIFY_DELETE: 1, MODIFY_REPLACE: 2, MODIFY_INCREMENT: 3, 0: 0, 1: 1, 2: 2, 3: 3} def modify_operation(dn, changes, auto_encode, schema=None, validator=None, check_names=False): # changes is a dictionary in the form {'attribute': [(operation, [val1, ...]), ...], ...} # operation is 0 (add), 1 (delete), 2 (replace), 3 (increment) # increment as per RFC4525 change_list = Changes() pos = 0 for attribute in changes: for change_operation in changes[attribute]: partial_attribute = PartialAttribute() partial_attribute['type'] = AttributeDescription(attribute) partial_attribute['vals'] = Vals() if isinstance(change_operation[1], SEQUENCE_TYPES): for index, value in enumerate(change_operation[1]): partial_attribute['vals'].setComponentByPosition(index, prepare_for_sending(validate_attribute_value(schema, attribute, value, auto_encode, validator, check_names=check_names))) else: partial_attribute['vals'].setComponentByPosition(0, prepare_for_sending(validate_attribute_value(schema, attribute, change_operation[1], auto_encode, validator, check_names=check_names))) change = Change() change['operation'] = Operation(change_table[change_operation[0]]) change['modification'] = partial_attribute change_list[pos] = change pos += 1 request = ModifyRequest() request['object'] = LDAPDN(dn) request['changes'] = change_list return request def modify_request_to_dict(request): return {'entry': str(request['object']), 'changes': changes_to_list(request['changes'])} def modify_response_to_dict(response): return {'result': int(response['resultCode']), 'description': ResultCode().getNamedValues().getName(response['resultCode']), 'message': str(response['diagnosticMessage']), 'dn': str(response['matchedDN']), 'referrals': referrals_to_list(response['referral'])} ldap3-2.4.1/ldap3/operation/modifyDn.py0000666000000000000000000000446613226436321016015 0ustar 00000000000000""" """ # Created on 2013.05.31 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from ..protocol.rfc4511 import ModifyDNRequest, LDAPDN, RelativeLDAPDN, DeleteOldRDN, NewSuperior, ResultCode from ..operation.bind import referrals_to_list # ModifyDNRequest ::= [APPLICATION 12] SEQUENCE { # entry LDAPDN, # newrdn RelativeLDAPDN, # deleteoldrdn BOOLEAN, # newSuperior [0] LDAPDN OPTIONAL } def modify_dn_operation(dn, new_relative_dn, delete_old_rdn=True, new_superior=None): request = ModifyDNRequest() request['entry'] = LDAPDN(dn) request['newrdn'] = RelativeLDAPDN(new_relative_dn) request['deleteoldrdn'] = DeleteOldRDN(delete_old_rdn) if new_superior: request['newSuperior'] = NewSuperior(new_superior) return request def modify_dn_request_to_dict(request): return {'entry': str(request['entry']), 'newRdn': str(request['newrdn']), 'deleteOldRdn': bool(request['deleteoldrdn']), 'newSuperior': str(request['newSuperior']) if request['newSuperior'] is not None and request['newSuperior'].hasValue() else None} def modify_dn_response_to_dict(response): return {'result': int(response['resultCode']), 'description': ResultCode().getNamedValues().getName(response['resultCode']), 'dn': str(response['matchedDN']), 'referrals': referrals_to_list(response['referral']), 'message': str(response['diagnosticMessage'])} ldap3-2.4.1/ldap3/operation/search.py0000666000000000000000000006616213230273275015514 0ustar 00000000000000""" """ # Created on 2013.06.02 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from string import whitespace from os import linesep from .. import DEREF_NEVER, BASE, LEVEL, SUBTREE, DEREF_SEARCH, DEREF_BASE, DEREF_ALWAYS, NO_ATTRIBUTES, SEQUENCE_TYPES, get_config_parameter, STRING_TYPES from ..core.exceptions import LDAPInvalidFilterError, LDAPAttributeError, LDAPInvalidScopeError, LDAPInvalidDereferenceAliasesError from ..utils.ciDict import CaseInsensitiveDict from ..protocol.rfc4511 import SearchRequest, LDAPDN, Scope, DerefAliases, Integer0ToMax, TypesOnly, \ AttributeSelection, Selector, EqualityMatch, AttributeDescription, AssertionValue, Filter, \ Not, And, Or, ApproxMatch, GreaterOrEqual, LessOrEqual, ExtensibleMatch, Present, SubstringFilter, \ Substrings, Final, Initial, Any, ResultCode, Substring, MatchingRule, Type, MatchValue, DnAttributes from ..operation.bind import referrals_to_list from ..protocol.convert import ava_to_dict, attributes_to_list, search_refs_to_list, validate_assertion_value, prepare_filter_for_sending, search_refs_to_list_fast from ..protocol.formatters.standard import format_attribute_values from ..utils.conv import to_unicode, to_raw ROOT = 0 AND = 1 OR = 2 NOT = 3 MATCH_APPROX = 4 MATCH_GREATER_OR_EQUAL = 5 MATCH_LESS_OR_EQUAL = 6 MATCH_EXTENSIBLE = 7 MATCH_PRESENT = 8 MATCH_SUBSTRING = 9 MATCH_EQUAL = 10 SEARCH_OPEN = 20 SEARCH_OPEN_OR_CLOSE = 21 SEARCH_MATCH_OR_CLOSE = 22 SEARCH_MATCH_OR_CONTROL = 23 class FilterNode(object): def __init__(self, tag=None, assertion=None): self.tag = tag self.parent = None self.assertion = assertion self.elements = [] def append(self, filter_node): filter_node.parent = self self.elements.append(filter_node) return filter_node def __str__(self, pos=0): self.__repr__(pos) def __repr__(self, pos=0): node_tags = ['ROOT', 'AND', 'OR', 'NOT', 'MATCH_APPROX', 'MATCH_GREATER_OR_EQUAL', 'MATCH_LESS_OR_EQUAL', 'MATCH_EXTENSIBLE', 'MATCH_PRESENT', 'MATCH_SUBSTRING', 'MATCH_EQUAL'] representation = ' ' * pos + 'tag: ' + node_tags[self.tag] + ' - assertion: ' + str(self.assertion) if self.elements: representation += ' - elements: ' + str(len(self.elements)) for element in self.elements: representation += linesep + ' ' * pos + element.__repr__(pos + 2) return representation def evaluate_match(match, schema, auto_escape, auto_encode, check_names): left_part, equal_sign, right_part = match.strip().partition('=') if not equal_sign: raise LDAPInvalidFilterError('invalid matching assertion') if left_part.endswith('~'): # approximate match '~=' tag = MATCH_APPROX left_part = left_part[:-1].strip() right_part = right_part.strip() assertion = {'attr': left_part, 'value': validate_assertion_value(schema, left_part, right_part, auto_escape, auto_encode, check_names)} elif left_part.endswith('>'): # greater or equal match '>=' tag = MATCH_GREATER_OR_EQUAL left_part = left_part[:-1].strip() right_part = right_part.strip() assertion = {'attr': left_part, 'value': validate_assertion_value(schema, left_part, right_part, auto_escape, auto_encode, check_names)} elif left_part.endswith('<'): # less or equal match '<=' tag = MATCH_LESS_OR_EQUAL left_part = left_part[:-1].strip() right_part = right_part.strip() assertion = {'attr': left_part, 'value': validate_assertion_value(schema, left_part, right_part, auto_escape, auto_encode, check_names)} elif left_part.endswith(':'): # extensible match ':=' tag = MATCH_EXTENSIBLE left_part = left_part[:-1].strip() right_part = right_part.strip() extended_filter_list = left_part.split(':') matching_rule = False dn_attributes = False attribute_name = False if extended_filter_list[0] == '': # extensible filter format [:dn]:matchingRule:=assertionValue if len(extended_filter_list) == 2 and extended_filter_list[1].lower().strip() != 'dn': matching_rule = extended_filter_list[1] elif len(extended_filter_list) == 3 and extended_filter_list[1].lower().strip() == 'dn': dn_attributes = True matching_rule = extended_filter_list[2] else: raise LDAPInvalidFilterError('invalid extensible filter') elif len(extended_filter_list) <= 3: # extensible filter format attr[:dn][:matchingRule]:=assertionValue if len(extended_filter_list) == 1: attribute_name = extended_filter_list[0] elif len(extended_filter_list) == 2: attribute_name = extended_filter_list[0] if extended_filter_list[1].lower().strip() == 'dn': dn_attributes = True else: matching_rule = extended_filter_list[1] elif len(extended_filter_list) == 3 and extended_filter_list[1].lower().strip() == 'dn': attribute_name = extended_filter_list[0] dn_attributes = True matching_rule = extended_filter_list[2] else: raise LDAPInvalidFilterError('invalid extensible filter') if not attribute_name and not matching_rule: raise LDAPInvalidFilterError('invalid extensible filter') attribute_name = attribute_name.strip() if attribute_name else False matching_rule = matching_rule.strip() if matching_rule else False assertion = {'attr': attribute_name, 'value': validate_assertion_value(schema, attribute_name, right_part, auto_escape, auto_encode, check_names), 'matchingRule': matching_rule, 'dnAttributes': dn_attributes} elif right_part == '*': # attribute present match '=*' tag = MATCH_PRESENT left_part = left_part.strip() assertion = {'attr': left_part} elif '*' in right_part: # substring match '=initial*substring*substring*final' tag = MATCH_SUBSTRING left_part = left_part.strip() right_part = right_part.strip() substrings = right_part.split('*') initial = validate_assertion_value(schema, left_part, substrings[0], auto_escape, auto_encode, check_names) if substrings[0] else None final = validate_assertion_value(schema, left_part, substrings[-1], auto_escape, auto_encode, check_names) if substrings[-1] else None any_string = [validate_assertion_value(schema, left_part, substring, auto_escape, auto_encode, check_names) for substring in substrings[1:-1] if substring] #assertion = {'attr': left_part, 'initial': initial, 'any': any_string, 'final': final} assertion = {'attr': left_part} if initial: assertion['initial'] = initial if any_string: assertion['any'] = any_string if final: assertion['final'] = final else: # equality match '=' tag = MATCH_EQUAL left_part = left_part.strip() right_part = right_part.strip() assertion = {'attr': left_part, 'value': validate_assertion_value(schema, left_part, right_part, auto_escape, auto_encode, check_names)} return FilterNode(tag, assertion) def parse_filter(search_filter, schema, auto_escape, auto_encode, check_names): if str != bytes and isinstance(search_filter, bytes): # python 3 with byte filter search_filter = to_unicode(search_filter) search_filter = search_filter.strip() if search_filter and search_filter.count('(') == search_filter.count(')') and search_filter.startswith('(') and search_filter.endswith(')'): state = SEARCH_OPEN_OR_CLOSE root = FilterNode(ROOT) current_node = root start_pos = None skip_white_space = True just_closed = False for pos, c in enumerate(search_filter): if skip_white_space and c in whitespace: continue elif (state == SEARCH_OPEN or state == SEARCH_OPEN_OR_CLOSE) and c == '(': state = SEARCH_MATCH_OR_CONTROL just_closed = False elif state == SEARCH_MATCH_OR_CONTROL and c in '&!|': if c == '&': current_node = current_node.append(FilterNode(AND)) elif c == '|': current_node = current_node.append(FilterNode(OR)) elif c == '!': current_node = current_node.append(FilterNode(NOT)) state = SEARCH_OPEN elif (state == SEARCH_MATCH_OR_CLOSE or state == SEARCH_OPEN_OR_CLOSE) and c == ')': if just_closed: current_node = current_node.parent else: just_closed = True skip_white_space = True end_pos = pos if start_pos: if current_node.tag == NOT and len(current_node.elements) > 0: raise LDAPInvalidFilterError('NOT (!) clause in filter cannot be multiple') current_node.append(evaluate_match(search_filter[start_pos:end_pos], schema, auto_escape, auto_encode, check_names)) start_pos = None state = SEARCH_OPEN_OR_CLOSE elif (state == SEARCH_MATCH_OR_CLOSE or state == SEARCH_MATCH_OR_CONTROL) and c not in '()': skip_white_space = False if not start_pos: start_pos = pos state = SEARCH_MATCH_OR_CLOSE else: raise LDAPInvalidFilterError('malformed filter') if len(root.elements) != 1: raise LDAPInvalidFilterError('missing boolean operator in filter') return root else: raise LDAPInvalidFilterError('invalid filter') def compile_filter(filter_node): """Builds ASN1 structure for filter, converts from filter LDAP escaping to bytes""" compiled_filter = Filter() if filter_node.tag == AND: boolean_filter = And() pos = 0 for element in filter_node.elements: boolean_filter[pos] = compile_filter(element) pos += 1 compiled_filter['and'] = boolean_filter elif filter_node.tag == OR: boolean_filter = Or() pos = 0 for element in filter_node.elements: boolean_filter[pos] = compile_filter(element) pos += 1 compiled_filter['or'] = boolean_filter elif filter_node.tag == NOT: boolean_filter = Not() boolean_filter['innerNotFilter'] = compile_filter(filter_node.elements[0]) compiled_filter.setComponentByName('notFilter', boolean_filter, verifyConstraints=False) # do not verify constraints because of hack for recursive filters in rfc4511 elif filter_node.tag == MATCH_APPROX: matching_filter = ApproxMatch() matching_filter['attributeDesc'] = AttributeDescription(filter_node.assertion['attr']) matching_filter['assertionValue'] = AssertionValue(prepare_filter_for_sending(filter_node.assertion['value'])) compiled_filter['approxMatch'] = matching_filter elif filter_node.tag == MATCH_GREATER_OR_EQUAL: matching_filter = GreaterOrEqual() matching_filter['attributeDesc'] = AttributeDescription(filter_node.assertion['attr']) matching_filter['assertionValue'] = AssertionValue(prepare_filter_for_sending(filter_node.assertion['value'])) compiled_filter['greaterOrEqual'] = matching_filter elif filter_node.tag == MATCH_LESS_OR_EQUAL: matching_filter = LessOrEqual() matching_filter['attributeDesc'] = AttributeDescription(filter_node.assertion['attr']) matching_filter['assertionValue'] = AssertionValue(prepare_filter_for_sending(filter_node.assertion['value'])) compiled_filter['lessOrEqual'] = matching_filter elif filter_node.tag == MATCH_EXTENSIBLE: matching_filter = ExtensibleMatch() if filter_node.assertion['matchingRule']: matching_filter['matchingRule'] = MatchingRule(filter_node.assertion['matchingRule']) if filter_node.assertion['attr']: matching_filter['type'] = Type(filter_node.assertion['attr']) matching_filter['matchValue'] = MatchValue(prepare_filter_for_sending(filter_node.assertion['value'])) matching_filter['dnAttributes'] = DnAttributes(filter_node.assertion['dnAttributes']) compiled_filter['extensibleMatch'] = matching_filter elif filter_node.tag == MATCH_PRESENT: matching_filter = Present(AttributeDescription(filter_node.assertion['attr'])) compiled_filter['present'] = matching_filter elif filter_node.tag == MATCH_SUBSTRING: matching_filter = SubstringFilter() matching_filter['type'] = AttributeDescription(filter_node.assertion['attr']) substrings = Substrings() pos = 0 if 'initial' in filter_node.assertion and filter_node.assertion['initial']: substrings[pos] = Substring().setComponentByName('initial', Initial(prepare_filter_for_sending(filter_node.assertion['initial']))) pos += 1 if 'any' in filter_node.assertion and filter_node.assertion['any']: for substring in filter_node.assertion['any']: substrings[pos] = Substring().setComponentByName('any', Any(prepare_filter_for_sending(substring))) pos += 1 if 'final' in filter_node.assertion and filter_node.assertion['final']: substrings[pos] = Substring().setComponentByName('final', Final(prepare_filter_for_sending(filter_node.assertion['final']))) matching_filter['substrings'] = substrings compiled_filter['substringFilter'] = matching_filter elif filter_node.tag == MATCH_EQUAL: matching_filter = EqualityMatch() matching_filter['attributeDesc'] = AttributeDescription(filter_node.assertion['attr']) matching_filter['assertionValue'] = AssertionValue(prepare_filter_for_sending(filter_node.assertion['value'])) compiled_filter.setComponentByName('equalityMatch', matching_filter) else: raise LDAPInvalidFilterError('unknown filter node tag') return compiled_filter def build_attribute_selection(attribute_list, schema): conf_attributes_excluded_from_check = [v.lower() for v in get_config_parameter('ATTRIBUTES_EXCLUDED_FROM_CHECK')] attribute_selection = AttributeSelection() for index, attribute in enumerate(attribute_list): if schema and schema.attribute_types: if ';' in attribute: # exclude tags from validation if not attribute[0:attribute.index(';')] in schema.attribute_types and attribute.lower() not in conf_attributes_excluded_from_check: raise LDAPAttributeError('invalid attribute type in attribute list: ' + attribute) else: if attribute not in schema.attribute_types and attribute.lower() not in conf_attributes_excluded_from_check: raise LDAPAttributeError('invalid attribute type in attribute list: ' + attribute) attribute_selection[index] = Selector(attribute) return attribute_selection def search_operation(search_base, search_filter, search_scope, dereference_aliases, attributes, size_limit, time_limit, types_only, auto_escape, auto_encode, schema=None, check_names=False): # SearchRequest ::= [APPLICATION 3] SEQUENCE { # baseObject LDAPDN, # scope ENUMERATED { # baseObject (0), # singleLevel (1), # wholeSubtree (2), # ... }, # derefAliases ENUMERATED { # neverDerefAliases (0), # derefInSearching (1), # derefFindingBaseObj (2), # derefAlways (3) }, # sizeLimit INTEGER (0 .. maxInt), # timeLimit INTEGER (0 .. maxInt), # typesOnly BOOLEAN, # filter Filter, # attributes AttributeSelection } request = SearchRequest() request['baseObject'] = LDAPDN(search_base) if search_scope == BASE or search_scope == 0: request['scope'] = Scope('baseObject') elif search_scope == LEVEL or search_scope == 1: request['scope'] = Scope('singleLevel') elif search_scope == SUBTREE or search_scope == 2: request['scope'] = Scope('wholeSubtree') else: raise LDAPInvalidScopeError('invalid scope type') if dereference_aliases == DEREF_NEVER or dereference_aliases == 0: request['derefAliases'] = DerefAliases('neverDerefAliases') elif dereference_aliases == DEREF_SEARCH or dereference_aliases == 1: request['derefAliases'] = DerefAliases('derefInSearching') elif dereference_aliases == DEREF_BASE or dereference_aliases == 2: request['derefAliases'] = DerefAliases('derefFindingBaseObj') elif dereference_aliases == DEREF_ALWAYS or dereference_aliases == 3: request['derefAliases'] = DerefAliases('derefAlways') else: raise LDAPInvalidDereferenceAliasesError('invalid dereference aliases type') request['sizeLimit'] = Integer0ToMax(size_limit) request['timeLimit'] = Integer0ToMax(time_limit) request['typesOnly'] = TypesOnly(True) if types_only else TypesOnly(False) request['filter'] = compile_filter(parse_filter(search_filter, schema, auto_escape, auto_encode, check_names).elements[0]) # parse the searchFilter string and compile it starting from the root node if not isinstance(attributes, SEQUENCE_TYPES): attributes = [NO_ATTRIBUTES] request['attributes'] = build_attribute_selection(attributes, schema) return request def decode_vals(vals): return [str(val) for val in vals if val] if vals else None def decode_vals_fast(vals): try: return [to_unicode(val[3], from_server=True) for val in vals if val] if vals else None except UnicodeDecodeError: return [val[3] for val in vals if val] if vals else None def attributes_to_dict(attribute_list): conf_case_insensitive_attributes = get_config_parameter('CASE_INSENSITIVE_ATTRIBUTE_NAMES') attributes = CaseInsensitiveDict() if conf_case_insensitive_attributes else dict() for attribute in attribute_list: attributes[str(attribute['type'])] = decode_vals(attribute['vals']) return attributes def attributes_to_dict_fast(attribute_list): conf_case_insensitive_attributes = get_config_parameter('CASE_INSENSITIVE_ATTRIBUTE_NAMES') attributes = CaseInsensitiveDict() if conf_case_insensitive_attributes else dict() for attribute in attribute_list: attributes[to_unicode(attribute[3][0][3], from_server=True)] = decode_vals_fast(attribute[3][1][3]) return attributes def decode_raw_vals(vals): return [bytes(val) for val in vals] if vals else None def decode_raw_vals_fast(vals): return [bytes(val[3]) for val in vals] if vals else None def raw_attributes_to_dict(attribute_list): conf_case_insensitive_attributes = get_config_parameter('CASE_INSENSITIVE_ATTRIBUTE_NAMES') attributes = CaseInsensitiveDict() if conf_case_insensitive_attributes else dict() for attribute in attribute_list: attributes[str(attribute['type'])] = decode_raw_vals(attribute['vals']) return attributes def raw_attributes_to_dict_fast(attribute_list): conf_case_insensitive_attributes = get_config_parameter('CASE_INSENSITIVE_ATTRIBUTE_NAMES') attributes = CaseInsensitiveDict() if conf_case_insensitive_attributes else dict() for attribute in attribute_list: attributes[to_unicode(attribute[3][0][3], from_server=True)] = decode_raw_vals_fast(attribute[3][1][3]) return attributes def checked_attributes_to_dict(attribute_list, schema=None, custom_formatter=None): conf_case_insensitive_attributes = get_config_parameter('CASE_INSENSITIVE_ATTRIBUTE_NAMES') checked_attributes = CaseInsensitiveDict() if conf_case_insensitive_attributes else dict() for attribute in attribute_list: name = str(attribute['type']) checked_attributes[name] = format_attribute_values(schema, name, decode_raw_vals(attribute['vals']) or [], custom_formatter) return checked_attributes def checked_attributes_to_dict_fast(attribute_list, schema=None, custom_formatter=None): conf_case_insensitive_attributes = get_config_parameter('CASE_INSENSITIVE_ATTRIBUTE_NAMES') checked_attributes = CaseInsensitiveDict() if conf_case_insensitive_attributes else dict() for attribute in attribute_list: name = to_unicode(attribute[3][0][3], from_server=True) checked_attributes[name] = format_attribute_values(schema, name, decode_raw_vals_fast(attribute[3][1][3]) or [], custom_formatter) return checked_attributes def matching_rule_assertion_to_string(matching_rule_assertion): return str(matching_rule_assertion) def filter_to_string(filter_object): filter_type = filter_object.getName() filter_string = '(' if filter_type == 'and': filter_string += '&' for f in filter_object['and']: filter_string += filter_to_string(f) elif filter_type == 'or': filter_string += '|' for f in filter_object['or']: filter_string += filter_to_string(f) elif filter_type == 'notFilter': filter_string += '!' + filter_to_string(filter_object['notFilter']['innerNotFilter']) elif filter_type == 'equalityMatch': ava = ava_to_dict(filter_object['equalityMatch']) filter_string += ava['attribute'] + '=' + ava['value'] elif filter_type == 'substringFilter': attribute = filter_object['substringFilter']['type'] filter_string += str(attribute) + '=' for substring in filter_object['substringFilter']['substrings']: component = substring.getName() if substring[component] is not None and substring[component].hasValue(): if component == 'initial': filter_string += str(substring['initial']) + '*' elif component == 'any': filter_string += str(substring['any']) if filter_string.endswith('*') else '*' + str(substring['any']) filter_string += '*' elif component == 'final': filter_string += '*' + str(substring['final']) elif filter_type == 'greaterOrEqual': ava = ava_to_dict(filter_object['greaterOrEqual']) filter_string += ava['attribute'] + '>=' + ava['value'] elif filter_type == 'lessOrEqual': ava = ava_to_dict(filter_object['lessOrEqual']) filter_string += ava['attribute'] + '<=' + ava['value'] elif filter_type == 'present': filter_string += str(filter_object['present']) + '=*' elif filter_type == 'approxMatch': ava = ava_to_dict(filter_object['approxMatch']) filter_string += ava['attribute'] + '~=' + ava['value'] elif filter_type == 'extensibleMatch': filter_string += matching_rule_assertion_to_string(filter_object['extensibleMatch']) else: raise LDAPInvalidFilterError('error converting filter to string') filter_string += ')' return filter_string def search_request_to_dict(request): return {'base': str(request['baseObject']), 'scope': int(request['scope']), 'dereferenceAlias': int(request['derefAliases']), 'sizeLimit': int(request['sizeLimit']), 'timeLimit': int(request['timeLimit']), 'typesOnly': bool(request['typesOnly']), 'filter': filter_to_string(request['filter']), 'attributes': attributes_to_list(request['attributes'])} def search_result_entry_response_to_dict(response, schema, custom_formatter, check_names): entry = dict() # entry['dn'] = str(response['object']) if response['object']: entry['raw_dn'] = to_raw(response['object']) if isinstance(response['object'], STRING_TYPES): # mock strategies return string not a PyAsn1 object entry['dn'] = to_unicode(response['object']) else: entry['dn'] = to_unicode(bytes(response['object']), from_server=True) else: entry['raw_dn'] = b'' entry['dn'] = '' entry['raw_attributes'] = raw_attributes_to_dict(response['attributes']) if check_names: entry['attributes'] = checked_attributes_to_dict(response['attributes'], schema, custom_formatter) else: entry['attributes'] = attributes_to_dict(response['attributes']) return entry def search_result_done_response_to_dict(response): result = {'result': int(response['resultCode']), 'description': ResultCode().getNamedValues().getName(response['resultCode']), 'message': str(response['diagnosticMessage']), 'dn': str(response['matchedDN']), 'referrals': referrals_to_list(response['referral'])} if 'controls' in response: # used for returning controls in Mock strategies result['controls'] = dict() for control in response['controls']: result['controls'][control[0]] = control[1] return result def search_result_reference_response_to_dict(response): return {'uri': search_refs_to_list(response)} def search_result_entry_response_to_dict_fast(response, schema, custom_formatter, check_names): entry_dict = dict() entry_dict['raw_dn'] = response[0][3] entry_dict['dn'] = to_unicode(response[0][3], from_server=True) entry_dict['raw_attributes'] = raw_attributes_to_dict_fast(response[1][3]) # attributes if check_names: entry_dict['attributes'] = checked_attributes_to_dict_fast(response[1][3], schema, custom_formatter) # attributes else: entry_dict['attributes'] = attributes_to_dict_fast(response[1][3]) # attributes return entry_dict def search_result_reference_response_to_dict_fast(response): return {'uri': search_refs_to_list_fast([r[3] for r in response])} ldap3-2.4.1/ldap3/operation/unbind.py0000666000000000000000000000176413226436321015521 0ustar 00000000000000""" """ # Created on 2013.09.03 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from ..protocol.rfc4511 import UnbindRequest def unbind_operation(): # UnbindRequest ::= [APPLICATION 2] NULL request = UnbindRequest() return request ldap3-2.4.1/ldap3/operation/__init__.py0000666000000000000000000000000012767320327015766 0ustar 00000000000000ldap3-2.4.1/ldap3/protocol/0000777000000000000000000000000013231031760013513 5ustar 00000000000000ldap3-2.4.1/ldap3/protocol/controls.py0000666000000000000000000000256013226436321015741 0ustar 00000000000000""" """ # Created on 2015.10.20 # # Author: Giovanni Cannata # # Copyright 2015 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from .rfc4511 import Control, Criticality, LDAPOID from ..utils.asn1 import encode def build_control(oid, criticality, value, encode_control_value=True): control = Control() control.setComponentByName('controlType', LDAPOID(oid)) control.setComponentByName('criticality', Criticality(criticality)) if value is not None: if encode_control_value: control.setComponentByName('controlValue', encode(value)) else: control.setComponentByName('controlValue', value) return control ldap3-2.4.1/ldap3/protocol/convert.py0000666000000000000000000002057713230273275015570 0ustar 00000000000000""" """ # Created on 2013.07.24 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from pyasn1.error import PyAsn1Error from .. import SEQUENCE_TYPES, STRING_TYPES, get_config_parameter from ..core.exceptions import LDAPControlError, LDAPAttributeError, LDAPObjectClassError, LDAPInvalidValueError from ..protocol.rfc4511 import Controls, Control from ..utils.conv import to_raw, to_unicode, escape_filter_chars, is_filter_escaped from ..protocol.formatters.standard import find_attribute_validator def attribute_to_dict(attribute): return {'type': str(attribute['type']), 'values': [str(val) for val in attribute['vals']]} def attributes_to_dict(attributes): attributes_dict = dict() for attribute in attributes: attribute_dict = attribute_to_dict(attribute) attributes_dict[attribute_dict['type']] = attribute_dict['values'] return attributes_dict def referrals_to_list(referrals): return [str(referral) for referral in referrals if referral] if referrals else None def search_refs_to_list(search_refs): return [str(search_ref) for search_ref in search_refs if search_ref] if search_refs else None def search_refs_to_list_fast(search_refs): return [to_unicode(search_ref) for search_ref in search_refs if search_ref] if search_refs else None def sasl_to_dict(sasl): return {'mechanism': str(sasl['mechanism']), 'credentials': bytes(sasl['credentials']) if sasl['credentials'] is not None and sasl['credentials'].hasValue() else None} def authentication_choice_to_dict(authentication_choice): return {'simple': str(authentication_choice['simple']) if authentication_choice.getName() == 'simple' else None, 'sasl': sasl_to_dict(authentication_choice['sasl']) if authentication_choice.getName() == 'sasl' else None} def partial_attribute_to_dict(modification): try: return {'type': str(modification['type']), 'value': [str(value) for value in modification['vals']]} except PyAsn1Error: # invalid encoding, return bytes value return {'type': str(modification['type']), 'value': [bytes(value) for value in modification['vals']]} def change_to_dict(change): return {'operation': int(change['operation']), 'attribute': partial_attribute_to_dict(change['modification'])} def changes_to_list(changes): return [change_to_dict(change) for change in changes] def attributes_to_list(attributes): return [str(attribute) for attribute in attributes] def ava_to_dict(ava): try: return {'attribute': str(ava['attributeDesc']), 'value': escape_filter_chars(str(ava['assertionValue']))} except PyAsn1Error: # invalid encoding, return bytes value return {'attribute': str(ava['attributeDesc']), 'value': escape_filter_chars(str(bytes(ava['assertionValue'])))} def substring_to_dict(substring): return {'initial': substring['initial'] if substring['initial'] else '', 'any': [middle for middle in substring['any']] if substring['any'] else '', 'final': substring['final'] if substring['final'] else ''} def prepare_changes_for_request(changes): prepared = dict() for change in changes: attribute_name = change['attribute']['type'] if attribute_name not in prepared: prepared[attribute_name] = [] prepared[attribute_name].append((change['operation'], change['attribute']['value'])) return prepared def build_controls_list(controls): """controls is a sequence of Control() or sequences each sequence must have 3 elements: the control OID, the criticality, the value criticality must be a boolean """ if not controls: return None if not isinstance(controls, SEQUENCE_TYPES): raise LDAPControlError('controls must be a sequence') built_controls = Controls() for idx, control in enumerate(controls): if isinstance(control, Control): built_controls.setComponentByPosition(idx, control) elif len(control) == 3 and isinstance(control[1], bool): built_control = Control() built_control['controlType'] = control[0] built_control['criticality'] = control[1] if control[2] is not None: built_control['controlValue'] = control[2] built_controls.setComponentByPosition(idx, built_control) else: raise LDAPControlError('control must be a sequence of 3 elements: controlType, criticality (boolean) and controlValue (None if not provided)') return built_controls def validate_assertion_value(schema, name, value, auto_escape, auto_encode, check_names): value = to_unicode(value) if auto_escape: if '\\' in value and not is_filter_escaped(value): value = escape_filter_chars(value) value = validate_attribute_value(schema, name, value, auto_encode, check_names=check_names) return value def validate_attribute_value(schema, name, value, auto_encode, validator=None, check_names=False): conf_classes_excluded_from_check = [v.lower() for v in get_config_parameter('CLASSES_EXCLUDED_FROM_CHECK')] conf_attributes_excluded_from_check = [v.lower() for v in get_config_parameter('ATTRIBUTES_EXCLUDED_FROM_CHECK')] conf_utf8_syntaxes = get_config_parameter('UTF8_ENCODED_SYNTAXES') conf_utf8_types = [v.lower() for v in get_config_parameter('UTF8_ENCODED_TYPES')] if schema and schema.attribute_types: if ';' in name: name = name.split(';')[0] if check_names and schema.object_classes and name.lower() == 'objectclass': if to_unicode(value).lower() not in conf_classes_excluded_from_check and to_unicode(value) not in schema.object_classes: raise LDAPObjectClassError('invalid class in objectClass attribute: ' + str(value)) elif check_names and name not in schema.attribute_types and name.lower() not in conf_attributes_excluded_from_check: raise LDAPAttributeError('invalid attribute ' + name) else: # try standard validators validator = find_attribute_validator(schema, name, validator) validated = validator(value) if validated is False: raise LDAPInvalidValueError('value \'%s\' non valid for attribute \'%s\'' % (value, name)) elif validated is not True: # a valid LDAP value equivalent to the actual value value = validated # converts to utf-8 for well known Unicode LDAP syntaxes if auto_encode and ((name in schema.attribute_types and schema.attribute_types[name].syntax in conf_utf8_syntaxes) or name.lower() in conf_utf8_types): value = to_unicode(value) # tries to convert from local encoding to Unicode return to_raw(value) def prepare_filter_for_sending(raw_string): i = 0 ints = [] raw_string = to_raw(raw_string) while i < len(raw_string): if (raw_string[i] == 92 or raw_string[i] == '\\') and i < len(raw_string) - 2: # 92 is backslash try: ints.append(int(raw_string[i + 1: i + 3], 16)) i += 2 except ValueError: # not an ldap escaped value, sends as is ints.append(92) # adds backslash else: if str is not bytes: # Python 3 ints.append(raw_string[i]) else: # Python 2 ints.append(ord(raw_string[i])) i += 1 if str is not bytes: # Python 3 return bytes(ints) else: # Python 2 return ''.join(chr(x) for x in ints) def prepare_for_sending(raw_string): return to_raw(raw_string) if isinstance(raw_string, STRING_TYPES) else raw_string ldap3-2.4.1/ldap3/protocol/formatters/0000777000000000000000000000000013231031760015701 5ustar 00000000000000ldap3-2.4.1/ldap3/protocol/formatters/formatters.py0000666000000000000000000002572213226436321020457 0ustar 00000000000000""" """ # Created on 2014.10.28 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from binascii import hexlify from uuid import UUID from datetime import datetime, timedelta from ...core.timezone import OffsetTzInfo def format_unicode(raw_value): try: if str is not bytes: # Python 3 return str(raw_value, 'utf-8', errors='strict') else: # Python 2 return unicode(raw_value, 'utf-8', errors='strict') except (TypeError, UnicodeDecodeError): pass return raw_value def format_integer(raw_value): try: return int(raw_value) except (TypeError, ValueError): pass return raw_value def format_binary(raw_value): try: return bytes(raw_value) except TypeError: pass return raw_value def format_uuid(raw_value): try: return str(UUID(bytes=raw_value)) except (TypeError, ValueError): return format_unicode(raw_value) except Exception: pass return raw_value def format_uuid_le(raw_value): try: return str(UUID(bytes_le=raw_value)) except (TypeError, ValueError): return format_unicode(raw_value) except Exception: pass return raw_value def format_boolean(raw_value): if raw_value in [b'TRUE', b'true', b'True']: return True if raw_value in [b'FALSE', b'false', b'False']: return False return raw_value def format_ad_timestamp(raw_value): """ Active Directory stores date/time values as the number of 100-nanosecond intervals that have elapsed since the 0 hour on January 1, 1601 till the date/time that is being stored. The time is always stored in Greenwich Mean Time (GMT) in the Active Directory. """ if raw_value == b'9223372036854775807': # max value to be stored in a 64 bit signed int return datetime.max # returns datetime.datetime(9999, 12, 31, 23, 59, 59, 999999) timestamp = int(raw_value) try: return datetime.fromtimestamp(timestamp / 10000000.0 - 11644473600, tz=OffsetTzInfo(0, 'UTC')) # forces true division in python 2 except (OSError, OverflowError, ValueError): # on Windows backwards timestamps are not allowed unix_epoch = datetime.fromtimestamp(0, tz=OffsetTzInfo(0, 'UTC')) diff_seconds = timedelta(seconds=timestamp/10000000.0 - 11644473600) return unix_epoch + diff_seconds except Exception as e: pass return raw_value def format_time(raw_value): """ """ ''' From RFC4517: A value of the Generalized Time syntax is a character string representing a date and time. The LDAP-specific encoding of a value of this syntax is a restriction of the format defined in [ISO8601], and is described by the following ABNF: GeneralizedTime = century year month day hour [ minute [ second / leap-second ] ] [ fraction ] g-time-zone century = 2(%x30-39) ; "00" to "99" year = 2(%x30-39) ; "00" to "99" month = ( %x30 %x31-39 ) ; "01" (January) to "09" / ( %x31 %x30-32 ) ; "10" to "12" day = ( %x30 %x31-39 ) ; "01" to "09" / ( %x31-32 %x30-39 ) ; "10" to "29" / ( %x33 %x30-31 ) ; "30" to "31" hour = ( %x30-31 %x30-39 ) / ( %x32 %x30-33 ) ; "00" to "23" minute = %x30-35 %x30-39 ; "00" to "59" second = ( %x30-35 %x30-39 ) ; "00" to "59" leap-second = ( %x36 %x30 ) ; "60" fraction = ( DOT / COMMA ) 1*(%x30-39) g-time-zone = %x5A ; "Z" / g-differential g-differential = ( MINUS / PLUS ) hour [ minute ] MINUS = %x2D ; minus sign ("-") ''' # if len(raw_value) < 10 or not all((c in b'0123456789+-,.Z' for c in raw_value)) or (b'Z' in raw_value and not raw_value.endswith(b'Z')): # first ten characters are mandatory and must be numeric or timezone or fraction if len(raw_value) < 10 or not all((c in b'0123456789+-,.Z' for c in raw_value)) or (b'Z' in raw_value and not raw_value.endswith(b'Z')): # first ten characters are mandatory and must be numeric or timezone or fraction return raw_value # sets position for fixed values year = int(raw_value[0: 4]) month = int(raw_value[4: 6]) day = int(raw_value[6: 8]) hour = int(raw_value[8: 10]) minute = 0 second = 0 microsecond = 0 remain = raw_value[10:] if remain and remain.endswith(b'Z'): # uppercase 'Z' sep = b'Z' elif b'+' in remain: # timezone can be specified with +hh[mm] or -hh[mm] sep = b'+' elif b'-' in remain: sep = b'-' else: # timezone not specified return raw_value time, _, offset = remain.partition(sep) if time and (b'.' in time or b',' in time): # fraction time if time[0] in b',.': minute = 6 * int(time[1] if str is bytes else chr(time[1])) # Python 2 / Python 3 elif time[2] in b',.': minute = int(raw_value[10: 12]) second = 6 * int(time[3] if str is bytes else chr(time[3])) # Python 2 / Python 3 elif time[4] in b',.': minute = int(raw_value[10: 12]) second = int(raw_value[12: 14]) microsecond = 100000 * int(time[5] if str is bytes else chr(time[5])) # Python 2 / Python 3 elif len(time) == 2: # mmZ format minute = int(raw_value[10: 12]) elif len(time) == 0: # Z format pass elif len(time) == 4: # mmssZ minute = int(raw_value[10: 12]) second = int(raw_value[12: 14]) else: return raw_value if sep == b'Z': # UTC timezone = OffsetTzInfo(0, 'UTC') else: # build timezone try: if len(offset) == 2: timezone_hour = int(offset[:2]) timezone_minute = 0 elif len(offset) == 4: timezone_hour = int(offset[:2]) timezone_minute = int(offset[2:4]) else: # malformed timezone raise ValueError except ValueError: return raw_value if timezone_hour > 23 or timezone_minute > 59: # invalid timezone return raw_value if str is not bytes: # Python 3 timezone = OffsetTzInfo((timezone_hour * 60 + timezone_minute) * (1 if sep == b'+' else -1), 'UTC' + str(sep + offset, encoding='utf-8')) else: # Python 2 timezone = OffsetTzInfo((timezone_hour * 60 + timezone_minute) * (1 if sep == b'+' else -1), unicode('UTC' + sep + offset, encoding='utf-8')) try: return datetime(year=year, month=month, day=day, hour=hour, minute=minute, second=second, microsecond=microsecond, tzinfo=timezone) except (TypeError, ValueError): pass return raw_value def format_sid(raw_value): """ """ ''' SID= "S-1-" IdentifierAuthority 1*SubAuthority IdentifierAuthority= IdentifierAuthorityDec / IdentifierAuthorityHex ; If the identifier authority is < 2^32, the ; identifier authority is represented as a decimal ; number ; If the identifier authority is >= 2^32, ; the identifier authority is represented in ; hexadecimal IdentifierAuthorityDec = 1*10DIGIT ; IdentifierAuthorityDec, top level authority of a ; security identifier is represented as a decimal number IdentifierAuthorityHex = "0x" 12HEXDIG ; IdentifierAuthorityHex, the top-level authority of a ; security identifier is represented as a hexadecimal number SubAuthority= "-" 1*10DIGIT ; Sub-Authority is always represented as a decimal number ; No leading "0" characters are allowed when IdentifierAuthority ; or SubAuthority is represented as a decimal number ; All hexadecimal digits must be output in string format, ; pre-pended by "0x" Revision (1 byte): An 8-bit unsigned integer that specifies the revision level of the SID. This value MUST be set to 0x01. SubAuthorityCount (1 byte): An 8-bit unsigned integer that specifies the number of elements in the SubAuthority array. The maximum number of elements allowed is 15. IdentifierAuthority (6 bytes): A SID_IDENTIFIER_AUTHORITY structure that indicates the authority under which the SID was created. It describes the entity that created the SID. The Identifier Authority value {0,0,0,0,0,5} denotes SIDs created by the NT SID authority. SubAuthority (variable): A variable length array of unsigned 32-bit integers that uniquely identifies a principal relative to the IdentifierAuthority. Its length is determined by SubAuthorityCount. ''' if str is not bytes: # Python 3 revision = int(raw_value[0]) sub_authority_count = int(raw_value[1]) identifier_authority = int.from_bytes(raw_value[2:8], byteorder='big') if identifier_authority >= 4294967296: # 2 ^ 32 identifier_authority = hex(identifier_authority) sub_authority = '' i = 0 while i < sub_authority_count: sub_authority += '-' + str(int.from_bytes(raw_value[8 + (i * 4): 12 + (i * 4)], byteorder='little')) # little endian i += 1 else: # Python 2 revision = int(ord(raw_value[0])) sub_authority_count = int(ord(raw_value[1])) identifier_authority = int(hexlify(raw_value[2:8]), 16) if identifier_authority >= 4294967296: # 2 ^ 32 identifier_authority = hex(identifier_authority) sub_authority = '' i = 0 while i < sub_authority_count: sub_authority += '-' + str(int(hexlify(raw_value[11 + (i * 4): 7 + (i * 4): -1]), 16)) # little endian i += 1 return 'S-' + str(revision) + '-' + str(identifier_authority) + sub_authority ldap3-2.4.1/ldap3/protocol/formatters/standard.py0000666000000000000000000003435413226436321020072 0ustar 00000000000000""" """ # Created on 2014.10.28 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from ... import SEQUENCE_TYPES from .formatters import format_ad_timestamp, format_binary, format_boolean,\ format_integer, format_sid, format_time, format_unicode, format_uuid, format_uuid_le from .validators import validate_integer, validate_time, always_valid,\ validate_generic_single_value, validate_boolean, validate_ad_timestamp,\ validate_uuid_le, validate_uuid, validate_minus_one # for each syntax can be specified a format function and a input validation function standard_formatter = { '1.2.840.113556.1.4.903': (format_binary, None), # Object (DN-binary) - Microsoft '1.2.840.113556.1.4.904': (format_unicode, None), # Object (DN-string) - Microsoft '1.2.840.113556.1.4.905': (format_unicode, None), # String (Teletex) - Microsoft '1.2.840.113556.1.4.906': (format_integer, validate_integer), # Large integer - Microsoft '1.2.840.113556.1.4.907': (format_binary, None), # String (NT-sec-desc) - Microsoft '1.2.840.113556.1.4.1221': (format_binary, None), # Object (OR-name) - Microsoft '1.2.840.113556.1.4.1362': (format_unicode, None), # String (Case) - Microsoft '1.3.6.1.4.1.1466.115.121.1.1': (format_binary, None), # ACI item [OBSOLETE] '1.3.6.1.4.1.1466.115.121.1.2': (format_binary, None), # Access point [OBSOLETE] '1.3.6.1.4.1.1466.115.121.1.3': (format_unicode, None), # Attribute type description '1.3.6.1.4.1.1466.115.121.1.4': (format_binary, None), # Audio [OBSOLETE] '1.3.6.1.4.1.1466.115.121.1.5': (format_binary, None), # Binary [OBSOLETE] '1.3.6.1.4.1.1466.115.121.1.6': (format_unicode, None), # Bit String '1.3.6.1.4.1.1466.115.121.1.7': (format_boolean, validate_boolean), # Boolean '1.3.6.1.4.1.1466.115.121.1.8': (format_binary, None), # Certificate [OBSOLETE] '1.3.6.1.4.1.1466.115.121.1.9': (format_binary, None), # Certificate List [OBSOLETE] '1.3.6.1.4.1.1466.115.121.1.10': (format_binary, None), # Certificate Pair [OBSOLETE] '1.3.6.1.4.1.1466.115.121.1.11': (format_unicode, None), # Country String '1.3.6.1.4.1.1466.115.121.1.12': (format_unicode, None), # Distinguished name (DN) '1.3.6.1.4.1.1466.115.121.1.13': (format_binary, None), # Data Quality Syntax [OBSOLETE] '1.3.6.1.4.1.1466.115.121.1.14': (format_unicode, None), # Delivery method '1.3.6.1.4.1.1466.115.121.1.15': (format_unicode, None), # Directory string '1.3.6.1.4.1.1466.115.121.1.16': (format_unicode, None), # DIT Content Rule Description '1.3.6.1.4.1.1466.115.121.1.17': (format_unicode, None), # DIT Structure Rule Description '1.3.6.1.4.1.1466.115.121.1.18': (format_binary, None), # DL Submit Permission [OBSOLETE] '1.3.6.1.4.1.1466.115.121.1.19': (format_binary, None), # DSA Quality Syntax [OBSOLETE] '1.3.6.1.4.1.1466.115.121.1.20': (format_binary, None), # DSE Type [OBSOLETE] '1.3.6.1.4.1.1466.115.121.1.21': (format_binary, None), # Enhanced Guide '1.3.6.1.4.1.1466.115.121.1.22': (format_unicode, None), # Facsimile Telephone Number '1.3.6.1.4.1.1466.115.121.1.23': (format_binary, None), # Fax '1.3.6.1.4.1.1466.115.121.1.24': (format_time, validate_time), # Generalized time '1.3.6.1.4.1.1466.115.121.1.25': (format_binary, None), # Guide [OBSOLETE] '1.3.6.1.4.1.1466.115.121.1.26': (format_unicode, None), # IA5 string '1.3.6.1.4.1.1466.115.121.1.27': (format_integer, validate_integer), # Integer '1.3.6.1.4.1.1466.115.121.1.28': (format_binary, None), # JPEG '1.3.6.1.4.1.1466.115.121.1.29': (format_binary, None), # Master and Shadow Access Points [OBSOLETE] '1.3.6.1.4.1.1466.115.121.1.30': (format_unicode, None), # Matching rule description '1.3.6.1.4.1.1466.115.121.1.31': (format_unicode, None), # Matching rule use description '1.3.6.1.4.1.1466.115.121.1.32': (format_unicode, None), # Mail Preference [OBSOLETE] '1.3.6.1.4.1.1466.115.121.1.33': (format_unicode, None), # MHS OR Address [OBSOLETE] '1.3.6.1.4.1.1466.115.121.1.34': (format_unicode, None), # Name and optional UID '1.3.6.1.4.1.1466.115.121.1.35': (format_unicode, None), # Name form description '1.3.6.1.4.1.1466.115.121.1.36': (format_unicode, None), # Numeric string '1.3.6.1.4.1.1466.115.121.1.37': (format_unicode, None), # Object class description '1.3.6.1.4.1.1466.115.121.1.38': (format_unicode, None), # OID '1.3.6.1.4.1.1466.115.121.1.39': (format_unicode, None), # Other mailbox '1.3.6.1.4.1.1466.115.121.1.40': (format_binary, None), # Octet string '1.3.6.1.4.1.1466.115.121.1.41': (format_unicode, None), # Postal address '1.3.6.1.4.1.1466.115.121.1.42': (format_binary, None), # Protocol Information [OBSOLETE] '1.3.6.1.4.1.1466.115.121.1.43': (format_binary, None), # Presentation Address [OBSOLETE] '1.3.6.1.4.1.1466.115.121.1.44': (format_unicode, None), # Printable string '1.3.6.1.4.1.1466.115.121.1.45': (format_binary, None), # Subtree specification [OBSOLETE '1.3.6.1.4.1.1466.115.121.1.46': (format_binary, None), # Supplier Information [OBSOLETE] '1.3.6.1.4.1.1466.115.121.1.47': (format_binary, None), # Supplier Or Consumer [OBSOLETE] '1.3.6.1.4.1.1466.115.121.1.48': (format_binary, None), # Supplier And Consumer [OBSOLETE] '1.3.6.1.4.1.1466.115.121.1.49': (format_binary, None), # Supported Algorithm [OBSOLETE] '1.3.6.1.4.1.1466.115.121.1.50': (format_unicode, None), # Telephone number '1.3.6.1.4.1.1466.115.121.1.51': (format_unicode, None), # Teletex terminal identifier '1.3.6.1.4.1.1466.115.121.1.52': (format_unicode, None), # Teletex number '1.3.6.1.4.1.1466.115.121.1.53': (format_time, validate_time), # Utc time (deprecated) '1.3.6.1.4.1.1466.115.121.1.54': (format_unicode, None), # LDAP syntax description '1.3.6.1.4.1.1466.115.121.1.55': (format_binary, None), # Modify rights [OBSOLETE] '1.3.6.1.4.1.1466.115.121.1.56': (format_binary, None), # LDAP Schema Definition [OBSOLETE] '1.3.6.1.4.1.1466.115.121.1.57': (format_unicode, None), # LDAP Schema Description [OBSOLETE] '1.3.6.1.4.1.1466.115.121.1.58': (format_unicode, None), # Substring assertion '1.3.6.1.1.16.1': (format_uuid, validate_uuid), # UUID '2.16.840.1.113719.1.1.4.1.501': (format_uuid, None), # GUID (Novell) '2.16.840.1.113719.1.1.5.1.0': (format_binary, None), # Unknown (Novell) '2.16.840.1.113719.1.1.5.1.6': (format_unicode, None), # Case Ignore List (Novell) '2.16.840.1.113719.1.1.5.1.12': (format_binary, None), # Tagged Data (Novell) '2.16.840.1.113719.1.1.5.1.13': (format_binary, None), # Octet List (Novell) '2.16.840.1.113719.1.1.5.1.14': (format_unicode, None), # Tagged String (Novell) '2.16.840.1.113719.1.1.5.1.15': (format_unicode, None), # Tagged Name And String (Novell) '2.16.840.1.113719.1.1.5.1.16': (format_binary, None), # NDS Replica Pointer (Novell) '2.16.840.1.113719.1.1.5.1.17': (format_unicode, None), # NDS ACL (Novell) '2.16.840.1.113719.1.1.5.1.19': (format_time, validate_time), # NDS Timestamp (Novell) '2.16.840.1.113719.1.1.5.1.22': (format_integer, validate_integer), # Counter (Novell) '2.16.840.1.113719.1.1.5.1.23': (format_unicode, None), # Tagged Name (Novell) '2.16.840.1.113719.1.1.5.1.25': (format_unicode, None), # Typed Name (Novell) 'supportedldapversion': (format_integer, None), # supportedLdapVersion (Microsoft) 'octetstring': (format_binary, validate_uuid_le), # octect string (Microsoft) '1.2.840.113556.1.4.2': (format_uuid_le, None), # object guid (Microsoft) '1.2.840.113556.1.4.13': (format_ad_timestamp, validate_ad_timestamp), # builtinCreationTime (Microsoft) '1.2.840.113556.1.4.26': (format_ad_timestamp, validate_ad_timestamp), # creationTime (Microsoft) '1.2.840.113556.1.4.49': (format_ad_timestamp, validate_ad_timestamp), # badPasswordTime (Microsoft) '1.2.840.113556.1.4.51': (format_ad_timestamp, validate_ad_timestamp), # lastLogoff (Microsoft) '1.2.840.113556.1.4.52': (format_ad_timestamp, validate_ad_timestamp), # lastLogon (Microsoft) '1.2.840.113556.1.4.96': (format_ad_timestamp, validate_minus_one), # pwdLastSet (Microsoft, can be set to -1 only) '1.2.840.113556.1.4.146': (format_sid, None), # objectSid (Microsoft) '1.2.840.113556.1.4.159': (format_ad_timestamp, validate_ad_timestamp), # accountExpires (Microsoft) '1.2.840.113556.1.4.662': (format_ad_timestamp, validate_ad_timestamp), # lockoutTime (Microsoft) '1.2.840.113556.1.4.1696': (format_ad_timestamp, validate_ad_timestamp) # lastLogonTimestamp (Microsoft) } def find_attribute_helpers(attr_type, name, custom_formatter): """ Tries to format following the OIDs info and format_helper specification. Search for attribute oid, then attribute name (can be multiple), then attribute syntax Precedence is: 1. attribute name 2. attribute oid(from schema) 3. attribute names (from oid_info) 4. attribute syntax (from schema) Custom formatters can be defined in Server object and have precedence over the standard_formatters If no formatter is found the raw_value is returned as bytes. Attributes defined as SINGLE_VALUE in schema are returned as a single object, otherwise are returned as a list of object Formatter functions can return any kind of object return a tuple (formatter, validator) """ formatter = None if custom_formatter and isinstance(custom_formatter, dict): # if custom formatters are defined they have precedence over the standard formatters if name in custom_formatter: # search for attribute name, as returned by the search operation formatter = custom_formatter[name] if not formatter and attr_type and attr_type.oid in custom_formatter: # search for attribute oid as returned by schema formatter = custom_formatter[attr_type.oid] if not formatter and attr_type and attr_type.oid_info: if isinstance(attr_type.oid_info[2], SEQUENCE_TYPES): # search for multiple names defined in oid_info for attr_name in attr_type.oid_info[2]: if attr_name in custom_formatter: formatter = custom_formatter[attr_name] break elif attr_type.oid_info[2] in custom_formatter: # search for name defined in oid_info formatter = custom_formatter[attr_type.oid_info[2]] if not formatter and attr_type and attr_type.syntax in custom_formatter: # search for syntax defined in schema formatter = custom_formatter[attr_type.syntax] if not formatter and name in standard_formatter: # search for attribute name, as returned by the search operation formatter = standard_formatter[name] if not formatter and attr_type and attr_type.oid in standard_formatter: # search for attribute oid as returned by schema formatter = standard_formatter[attr_type.oid] if not formatter and attr_type and attr_type.oid_info: if isinstance(attr_type.oid_info[2], SEQUENCE_TYPES): # search for multiple names defined in oid_info for attr_name in attr_type.oid_info[2]: if attr_name in standard_formatter: formatter = standard_formatter[attr_name] break elif attr_type.oid_info[2] in standard_formatter: # search for name defined in oid_info formatter = standard_formatter[attr_type.oid_info[2]] if not formatter and attr_type and attr_type.syntax in standard_formatter: # search for syntax defined in schema formatter = standard_formatter[attr_type.syntax] if formatter is None: return None, None return formatter def format_attribute_values(schema, name, values, custom_formatter): if not values: # RFCs states that attributes must always have values, but a flaky server returns empty values too return [] if schema and schema.attribute_types and name in schema.attribute_types: attr_type = schema.attribute_types[name] else: attr_type = None attribute_helpers = find_attribute_helpers(attr_type, name, custom_formatter) if not isinstance(attribute_helpers, tuple): # custom formatter formatter = attribute_helpers else: formatter = format_unicode if not attribute_helpers[0] else attribute_helpers[0] formatted_values = [formatter(raw_value) for raw_value in values] # executes formatter if formatted_values: return formatted_values[0] if (attr_type and attr_type.single_value) else formatted_values else: # RFCs states that attributes must always have values, but AD return empty values in DirSync return [] def find_attribute_validator(schema, name, custom_validator): if schema and schema.attribute_types and name in schema.attribute_types: attr_type = schema.attribute_types[name] else: attr_type = None attribute_helpers = find_attribute_helpers(attr_type, name, custom_validator) if not isinstance(attribute_helpers, tuple): # custom validator validator = attribute_helpers else: if not attribute_helpers[1]: if attr_type and attr_type.single_value: validator = validate_generic_single_value # validate only single value else: validator = always_valid # unknown syntax, accepts single and multi value else: validator = attribute_helpers[1] return validator ldap3-2.4.1/ldap3/protocol/formatters/validators.py0000666000000000000000000002233113226436321020432 0ustar 00000000000000""" """ # Created on 2016.08.09 # # Author: Giovanni Cannata # # Copyright 2016 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from datetime import datetime from calendar import timegm from uuid import UUID from ... import SEQUENCE_TYPES, STRING_TYPES from .formatters import format_time, format_ad_timestamp from ...utils.conv import to_raw, to_unicode # Validators return True if value is valid, False if value is not valid, # or a value different from True and False that is a valid value to substitute to the input value def check_type(input_value, value_type): if isinstance(input_value, value_type): return True if isinstance(input_value, SEQUENCE_TYPES): for value in input_value: if not isinstance(value, value_type): return False return True return False def always_valid(input_value): return True def validate_generic_single_value(input_value): if not isinstance(input_value, SEQUENCE_TYPES): return True try: # object couldn't have a __len__ method if len(input_value) == 1: return True except Exception: pass return False def validate_minus_one(input_value): """Accept -1 only (used by pwdLastSet in AD) """ if not isinstance(input_value, SEQUENCE_TYPES): if input_value == -1 or input_value == '-1': return True try: # object couldn't have a __len__ method if len(input_value) == 1 and input_value == -1 or input_value == '-1': return True except Exception: pass return False def validate_integer(input_value): if check_type(input_value, (float, bool)): return False if str is bytes: # Python 2, check for long too if check_type(input_value, (int, long)): return True else: # Python 3, int only if check_type(input_value, int): return True sequence = True # indicates if a sequence must be returned if not isinstance(input_value, SEQUENCE_TYPES): sequence = False input_value = [input_value] else: sequence = True # indicates if a sequence must be returned valid_values = [] # builds a list of valid int values from decimal import Decimal, InvalidOperation for element in input_value: try: # try to convert any type to int, an invalid conversion raise TypeError or ValueError, doublecheck with Decimal type, if both are valid and equal then then int() value is used value = to_unicode(element) if isinstance(element, bytes) else element decimal_value = Decimal(value) int_value = int(value) if decimal_value == int_value: valid_values.append(int_value) else: return False except (ValueError, TypeError, InvalidOperation): return False if sequence: return valid_values else: return valid_values[0] def validate_bytes(input_value): return check_type(input_value, bytes) def validate_boolean(input_value): # it could be a real bool or the string TRUE or FALSE, # only a single valued is allowed if validate_generic_single_value(input_value): # valid only if a single value or a sequence with a single element if isinstance(input_value, SEQUENCE_TYPES): input_value = input_value[0] if isinstance(input_value, bool): if input_value: return 'TRUE' else: return 'FALSE' if isinstance(input_value, STRING_TYPES): if input_value.lower() == 'true': return 'TRUE' elif input_value.lower() == 'false': return 'FALSE' return False def validate_time(input_value): # if datetime object doesn't have a timezone it's considered local time and is adjusted to UTC if not isinstance(input_value, SEQUENCE_TYPES): sequence = False input_value = [input_value] else: sequence = True # indicates if a sequence must be returned valid_values = [] changed = False for element in input_value: if isinstance(element, STRING_TYPES): # tries to check if it is already be a Generalized Time if isinstance(format_time(to_raw(element)), datetime): # valid Generalized Time string valid_values.append(element) else: return False elif isinstance(element, datetime): changed = True if element.tzinfo: # a datetime with a timezone valid_values.append(element.strftime('%Y%m%d%H%M%S%z')) else: # datetime without timezone, assumed local and adjusted to UTC offset = datetime.now() - datetime.utcnow() valid_values.append((element - offset).strftime('%Y%m%d%H%M%SZ')) else: return False if changed: if sequence: return valid_values else: return valid_values[0] else: return True def validate_ad_timestamp(input_value): """ Active Directory stores date/time values as the number of 100-nanosecond intervals that have elapsed since the 0 hour on January 1, 1601 till the date/time that is being stored. The time is always stored in Greenwich Mean Time (GMT) in the Active Directory. """ if not isinstance(input_value, SEQUENCE_TYPES): sequence = False input_value = [input_value] else: sequence = True # indicates if a sequence must be returned valid_values = [] changed = False for element in input_value: if isinstance(element, STRING_TYPES): # tries to check if it is already be a AD timestamp if isinstance(format_ad_timestamp(to_raw(element)), datetime): # valid Generalized Time string valid_values.append(element) else: return False elif isinstance(element, datetime): changed = True if element.tzinfo: # a datetime with a timezone valid_values.append(to_raw((timegm((element).utctimetuple()) + 11644473600) * 10000000, encoding='ascii')) else: # datetime without timezone, assumed local and adjusted to UTC offset = datetime.now() - datetime.utcnow() valid_values.append(to_raw((timegm((element - offset).timetuple()) + 11644473600) * 10000000, encoding='ascii')) else: return False if changed: if sequence: return valid_values else: return valid_values[0] else: return True def validate_uuid(input_value): """ object guid in uuid format """ if not isinstance(input_value, SEQUENCE_TYPES): sequence = False input_value = [input_value] else: sequence = True # indicates if a sequence must be returned valid_values = [] changed = False for element in input_value: if isinstance(element, (bytes, bytearray)): # assumes bytes are valid valid_values.append(element) elif isinstance(element, STRING_TYPES): try: valid_values.append(UUID(element).bytes) changed = True except ValueError: return False else: return False if changed: if sequence: return valid_values else: return valid_values[0] else: return True def validate_uuid_le(input_value): """ Active Directory stores objectGUID in uuid_le format """ if not isinstance(input_value, SEQUENCE_TYPES): sequence = False input_value = [input_value] else: sequence = True # indicates if a sequence must be returned valid_values = [] changed = False for element in input_value: if isinstance(element, (bytes, bytearray)): # assumes bytes are valid valid_values.append(element) elif isinstance(element, STRING_TYPES): try: valid_values.append(UUID(element).bytes_le) changed = True except ValueError: return False else: return False if changed: if sequence: return valid_values else: return valid_values[0] else: return True ldap3-2.4.1/ldap3/protocol/formatters/__init__.py0000666000000000000000000000000012767320327020015 0ustar 00000000000000ldap3-2.4.1/ldap3/protocol/microsoft.py0000666000000000000000000001160413226436321016102 0ustar 00000000000000""" """ # Created on 2015.03.27 # # Author: Giovanni Cannata # # Copyright 2015 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import ctypes from pyasn1.type.namedtype import NamedTypes, NamedType from pyasn1.type.tag import Tag, tagClassApplication, tagFormatConstructed from pyasn1.type.univ import Sequence, OctetString, Integer from .rfc4511 import ResultCode, LDAPString from .controls import build_control class SicilyBindResponse(Sequence): # SicilyBindResponse ::= [APPLICATION 1] SEQUENCE { # # resultCode ENUMERATED { # success (0), # protocolError (2), # adminLimitExceeded (11), # inappropriateAuthentication (48), # invalidCredentials (49), # busy (51), # unavailable (52), # unwillingToPerform (53), # other (80) }, # # serverCreds OCTET STRING, # errorMessage LDAPString } # BindResponse ::= [APPLICATION 1] SEQUENCE { # COMPONENTS OF LDAPResult, # serverSaslCreds [7] OCTET STRING OPTIONAL } tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 1)) componentType = NamedTypes(NamedType('resultCode', ResultCode()), NamedType('serverCreds', OctetString()), NamedType('errorMessage', LDAPString()) ) class DirSyncControlRequestValue(Sequence): # DirSyncRequestValue ::= SEQUENCE { # Flags integer # MaxBytes integer # Cookie OCTET STRING } componentType = NamedTypes(NamedType('Flags', Integer()), NamedType('MaxBytes', Integer()), NamedType('Cookie', OctetString()) ) class DirSyncControlResponseValue(Sequence): # DirSyncResponseValue ::= SEQUENCE { # MoreResults INTEGER # unused INTEGER # CookieServer OCTET STRING # } componentType = NamedTypes(NamedType('MoreResults', Integer()), NamedType('unused', Integer()), NamedType('CookieServer', OctetString()) ) class ExtendedDN(Sequence): # A flag value 0 specifies that the GUID and SID values be returned in hexadecimal string # A flag value of 1 will return the GUID and SID values in standard string format componentType = NamedTypes(NamedType('option', Integer()) ) def dir_sync_control(criticality, object_security, ancestors_first, public_data_only, incremental_values, max_length, cookie): control_value = DirSyncControlRequestValue() flags = 0x0 if object_security: flags |= 0x00000001 if ancestors_first: flags |= 0x00000800 if public_data_only: flags |= 0x00002000 if incremental_values: flags |= 0x80000000 # converts flags to signed 32 bit (AD expects a 4 bytes long unsigned integer, but ASN.1 Integer type is signed # so the BER encoder gives back a 5 bytes long signed integer flags = ctypes.c_long(flags & 0xFFFFFFFF).value control_value.setComponentByName('Flags', flags) control_value.setComponentByName('MaxBytes', max_length) if cookie: control_value.setComponentByName('Cookie', cookie) else: control_value.setComponentByName('Cookie', OctetString('')) return build_control('1.2.840.113556.1.4.841', criticality, control_value) def extended_dn_control(criticality=False, hex_format=False): control_value = ExtendedDN() control_value.setComponentByName('option', Integer(not hex_format)) return build_control('1.2.840.113556.1.4.529', criticality, control_value) def show_deleted_control(criticality=False): return build_control('1.2.840.113556.1.4.417', criticality, value=None) ldap3-2.4.1/ldap3/protocol/novell.py0000666000000000000000000001204513226436321015374 0ustar 00000000000000""" """ # Created on 2014.06.27 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from pyasn1.type.univ import OctetString, Integer, Sequence, SequenceOf from pyasn1.type.namedtype import NamedType, NamedTypes, OptionalNamedType from pyasn1.type.tag import Tag, tagFormatSimple, tagClassUniversal, TagSet NMAS_LDAP_EXT_VERSION = 1 class Identity(OctetString): encoding = 'utf-8' class LDAPDN(OctetString): tagSet = OctetString.tagSet.tagImplicitly(Tag(tagClassUniversal, tagFormatSimple, 4)) encoding = 'utf-8' class Password(OctetString): tagSet = OctetString.tagSet.tagImplicitly(Tag(tagClassUniversal, tagFormatSimple, 4)) encoding = 'utf-8' class LDAPOID(OctetString): tagSet = OctetString.tagSet.tagImplicitly(Tag(tagClassUniversal, tagFormatSimple, 4)) encoding = 'utf-8' class GroupCookie(Integer): tagSet = Integer.tagSet.tagImplicitly(Tag(tagClassUniversal, tagFormatSimple, 2)) class NmasVer(Integer): tagSet = Integer.tagSet.tagImplicitly(Tag(tagClassUniversal, tagFormatSimple, 2)) class Error(Integer): tagSet = Integer.tagSet.tagImplicitly(Tag(tagClassUniversal, tagFormatSimple, 2)) class NmasGetUniversalPasswordRequestValue(Sequence): componentType = NamedTypes(NamedType('nmasver', NmasVer()), NamedType('reqdn', Identity()) ) class NmasGetUniversalPasswordResponseValue(Sequence): componentType = NamedTypes(NamedType('nmasver', NmasVer()), NamedType('err', Error()), OptionalNamedType('passwd', Password()) ) class NmasSetUniversalPasswordRequestValue(Sequence): componentType = NamedTypes(NamedType('nmasver', NmasVer()), NamedType('reqdn', Identity()), NamedType('new_passwd', Password()) ) class NmasSetUniversalPasswordResponseValue(Sequence): componentType = NamedTypes(NamedType('nmasver', NmasVer()), NamedType('err', Error()) ) class ReplicaList(SequenceOf): componentType = OctetString() class ReplicaInfoRequestValue(Sequence): tagSet = TagSet() componentType = NamedTypes(NamedType('server_dn', LDAPDN()), NamedType('partition_dn', LDAPDN()) ) class ReplicaInfoResponseValue(Sequence): # tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatConstructed, 3)) tagSet = TagSet() componentType = NamedTypes(NamedType('partition_id', Integer()), NamedType('replica_state', Integer()), NamedType('modification_time', Integer()), NamedType('purge_time', Integer()), NamedType('local_partition_id', Integer()), NamedType('partition_dn', LDAPDN()), NamedType('replica_type', Integer()), NamedType('flags', Integer()) ) class CreateGroupTypeRequestValue(Sequence): componentType = NamedTypes(NamedType('createGroupType', LDAPOID()), OptionalNamedType('createGroupValue', OctetString()) ) class CreateGroupTypeResponseValue(Sequence): componentType = NamedTypes(NamedType('createGroupCookie', GroupCookie()), OptionalNamedType('createGroupValue', OctetString()) ) class EndGroupTypeRequestValue(Sequence): componentType = NamedTypes(NamedType('endGroupCookie', GroupCookie()), OptionalNamedType('endGroupValue', OctetString()) ) class EndGroupTypeResponseValue(Sequence): componentType = NamedTypes(OptionalNamedType('endGroupValue', OctetString()) ) class GroupingControlValue(Sequence): componentType = NamedTypes(NamedType('groupingCookie', GroupCookie()), OptionalNamedType('groupValue', OctetString()) ) ldap3-2.4.1/ldap3/protocol/oid.py0000666000000000000000000037124613226436321014663 0ustar 00000000000000""" """ # Created on 2013.08.30 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from .. import SEQUENCE_TYPES # Holds info about OIDs. # Each OID info is a named tuple with the following attributes: # oid - the OID number # type - type of OID # name - description of OID # doc - reference document of OID # # Source of information is IANA ldap-parameters.txt, oid-registry and products documentation as of 2013.08.21 # OID database definition OID_CONTROL = 'CONTROL' OID_EXTENSION = 'EXTENSION' OID_FEATURE = 'FEATURE' OID_UNSOLICITED_NOTICE = 'UNSOLICITED_NOTICE' OID_ATTRIBUTE_TYPE = 'ATTRIBUTE_TYPE' OID_DIT_CONTENT_RULE = 'DIT_CONTENT_RULE' OID_LDAP_URL_EXTENSION = 'LDAP_URL_EXTENSION' OID_FAMILY = 'FAMILY' OID_MATCHING_RULE = 'MATCHING_RULE' OID_NAME_FORM = 'NAME_FORM' OID_OBJECT_CLASS = 'OBJECT_CLASS' OID_ADMINISTRATIVE_ROLE = 'ADMINISTRATIVE_ROLE' OID_LDAP_SYNTAX = 'LDAP_SYNTAX' # class kind CLASS_STRUCTURAL = 'STRUCTURAL' CLASS_ABSTRACT = 'ABSTRACT' CLASS_AUXILIARY = 'AUXILIARY' # attribute kind ATTRIBUTE_USER_APPLICATION = 'USER_APPLICATION' ATTRIBUTE_DIRECTORY_OPERATION = 'DIRECTORY_OPERATION' ATTRIBUTE_DISTRIBUTED_OPERATION = 'DISTRIBUTED_OPERATION' ATTRIBUTE_DSA_OPERATION = 'DSA_OPERATION' def constant_to_oid_kind(oid_kind): if oid_kind == OID_CONTROL: return 'Control' elif oid_kind == OID_EXTENSION: return 'Extension' elif oid_kind == OID_FEATURE: return 'Feature' elif oid_kind == OID_UNSOLICITED_NOTICE: return 'Unsolicited Notice' elif oid_kind == OID_ATTRIBUTE_TYPE: return 'Attribute Type' elif oid_kind == OID_DIT_CONTENT_RULE: return 'DIT Content Rule' elif oid_kind == OID_LDAP_URL_EXTENSION: return 'LDAP URL Extension' elif oid_kind == OID_FAMILY: return 'Family' elif oid_kind == OID_MATCHING_RULE: return 'Matching Rule' elif oid_kind == OID_NAME_FORM: return 'Name Form' elif oid_kind == OID_OBJECT_CLASS: return 'Object Class' elif oid_kind == OID_ADMINISTRATIVE_ROLE: return 'Administrative Role' elif oid_kind == OID_LDAP_SYNTAX: return 'LDAP Syntax' else: return 'Unknown' def decode_oids(sequence): if sequence: return sorted([Oids.get(oid, (oid, None, None, None)) for oid in sequence if oid]) return list() def decode_syntax(syntax): if not syntax: return None return Oids.get(syntax, None) def oid_to_string(oid): s = oid[0] if oid[2]: s += ' - ' + ((', '.join(oid[2])) if isinstance(oid[2], SEQUENCE_TYPES) else oid[2]) s += (' - ' + constant_to_oid_kind(oid[1])) if oid[1] is not None else '' s += (' - ' + oid[3]) if oid[3] else '' return s # tuple structure: (oid, kind, name, docs) # noinspection PyPep8 Oids = { # administrative role '2.5.23.1': ('2.5.23.1', OID_ADMINISTRATIVE_ROLE, 'autonomousArea', 'RFC3672'), '2.5.23.2': ('2.5.23.2', OID_ADMINISTRATIVE_ROLE, 'accessControlSpecificArea', 'RFC3672'), '2.5.23.3': ('2.5.23.3', OID_ADMINISTRATIVE_ROLE, 'accessControlInnerArea', 'RFC3672'), '2.5.23.4': ('2.5.23.4', OID_ADMINISTRATIVE_ROLE, 'subschemaAdminSpecificArea', 'RFC3672'), '2.5.23.5': ('2.5.23.5', OID_ADMINISTRATIVE_ROLE, 'collectiveAttributeSpecificArea', 'RFC3672'), '2.5.23.6': ('2.5.23.6', OID_ADMINISTRATIVE_ROLE, 'collectiveAttributeInnerArea', 'RFC3672'), # attributes type '0.9.2342.19200300.100.1.1': ('0.9.2342.19200300.100.1.1', OID_ATTRIBUTE_TYPE, ['uid', 'userId'], 'RFC4519'), '0.9.2342.19200300.100.1.2': ('0.9.2342.19200300.100.1.2', OID_ATTRIBUTE_TYPE, 'textEncodedORAddress', 'RFC1274'), '0.9.2342.19200300.100.1.3': ('0.9.2342.19200300.100.1.3', OID_ATTRIBUTE_TYPE, ['mail', 'RFC822Mailbox'], 'RFC4524'), '0.9.2342.19200300.100.1.4': ('0.9.2342.19200300.100.1.4', OID_ATTRIBUTE_TYPE, 'info', 'RFC4524'), '0.9.2342.19200300.100.1.5': ('0.9.2342.19200300.100.1.5', OID_ATTRIBUTE_TYPE, ['drink', 'favouriteDrink'], 'RFC4524'), '0.9.2342.19200300.100.1.6': ('0.9.2342.19200300.100.1.6', OID_ATTRIBUTE_TYPE, 'roomNumber', 'RFC4524'), '0.9.2342.19200300.100.1.7': ('0.9.2342.19200300.100.1.7', OID_ATTRIBUTE_TYPE, 'photo', 'RFC1274'), '0.9.2342.19200300.100.1.8': ('0.9.2342.19200300.100.1.8', OID_ATTRIBUTE_TYPE, 'userClass', 'RFC4524'), '0.9.2342.19200300.100.1.9': ('0.9.2342.19200300.100.1.9', OID_ATTRIBUTE_TYPE, 'host', 'RFC4524'), '0.9.2342.19200300.100.1.10': ('0.9.2342.19200300.100.1.10', OID_ATTRIBUTE_TYPE, 'manager', 'RFC4524'), '0.9.2342.19200300.100.1.11': ('0.9.2342.19200300.100.1.11', OID_ATTRIBUTE_TYPE, 'documentIdentifier', 'RFC4524'), '0.9.2342.19200300.100.1.12': ('0.9.2342.19200300.100.1.12', OID_ATTRIBUTE_TYPE, 'documentTitle', 'RFC4524'), '0.9.2342.19200300.100.1.13': ('0.9.2342.19200300.100.1.13', OID_ATTRIBUTE_TYPE, 'documentVersion', 'RFC4524'), '0.9.2342.19200300.100.1.14': ('0.9.2342.19200300.100.1.14', OID_ATTRIBUTE_TYPE, 'documentAuthor', 'RFC4524'), '0.9.2342.19200300.100.1.15': ('0.9.2342.19200300.100.1.15', OID_ATTRIBUTE_TYPE, 'documentLocation', 'RFC4524'), '0.9.2342.19200300.100.1.20': ('0.9.2342.19200300.100.1.20', OID_ATTRIBUTE_TYPE, ['homePhone', 'homeTelephone'], 'RFC4524'), '0.9.2342.19200300.100.1.21': ('0.9.2342.19200300.100.1.21', OID_ATTRIBUTE_TYPE, 'secretary', 'RFC4524'), '0.9.2342.19200300.100.1.22': ('0.9.2342.19200300.100.1.22', OID_ATTRIBUTE_TYPE, 'otherMailbox', 'RFC1274'), '0.9.2342.19200300.100.1.23': ('0.9.2342.19200300.100.1.23', OID_ATTRIBUTE_TYPE, 'lastModifiedTime', 'RFC1274'), '0.9.2342.19200300.100.1.24': ('0.9.2342.19200300.100.1.24', OID_ATTRIBUTE_TYPE, 'lastModifiedBy', 'RFC1274'), '0.9.2342.19200300.100.1.25': ('0.9.2342.19200300.100.1.25', OID_ATTRIBUTE_TYPE, ['DC', 'domainComponent'], 'RFC4519'), '0.9.2342.19200300.100.1.26': ('0.9.2342.19200300.100.1.26', OID_ATTRIBUTE_TYPE, 'aRecord', 'RFC1274'), '0.9.2342.19200300.100.1.27': ('0.9.2342.19200300.100.1.27', OID_ATTRIBUTE_TYPE, 'mDRecord', 'RFC1274'), '0.9.2342.19200300.100.1.28': ('0.9.2342.19200300.100.1.28', OID_ATTRIBUTE_TYPE, 'mXRecord', 'RFC1274'), '0.9.2342.19200300.100.1.29': ('0.9.2342.19200300.100.1.29', OID_ATTRIBUTE_TYPE, 'nSRecord', 'RFC1274'), '0.9.2342.19200300.100.1.30': ('0.9.2342.19200300.100.1.30', OID_ATTRIBUTE_TYPE, 'sOARecord', 'RFC1274'), '0.9.2342.19200300.100.1.31': ('0.9.2342.19200300.100.1.31', OID_ATTRIBUTE_TYPE, 'cNAMERecord', 'RFC1274'), '0.9.2342.19200300.100.1.37': ('0.9.2342.19200300.100.1.37', OID_ATTRIBUTE_TYPE, 'associatedDomain', 'RFC4524'), '0.9.2342.19200300.100.1.38': ('0.9.2342.19200300.100.1.38', OID_ATTRIBUTE_TYPE, 'associatedName', 'RFC4524'), '0.9.2342.19200300.100.1.39': ('0.9.2342.19200300.100.1.39', OID_ATTRIBUTE_TYPE, 'homePostalAddress', 'RFC4524'), '0.9.2342.19200300.100.1.40': ('0.9.2342.19200300.100.1.40', OID_ATTRIBUTE_TYPE, 'personalTitle', 'RFC4524'), '0.9.2342.19200300.100.1.41': ('0.9.2342.19200300.100.1.41', OID_ATTRIBUTE_TYPE, ['mobile', 'mobileTelephoneNumber'], 'RFC4524'), '0.9.2342.19200300.100.1.42': ('0.9.2342.19200300.100.1.42', OID_ATTRIBUTE_TYPE, ['pager', 'pagerTelephoneNumber'], 'RFC4524'), '0.9.2342.19200300.100.1.43': ('0.9.2342.19200300.100.1.43', OID_ATTRIBUTE_TYPE, ['co', 'friendlyCountryName'], 'RFC4524'), '0.9.2342.19200300.100.1.44': ('0.9.2342.19200300.100.1.44', OID_ATTRIBUTE_TYPE, 'uniqueIdentifier', 'RFC4524'), '0.9.2342.19200300.100.1.45': ('0.9.2342.19200300.100.1.45', OID_ATTRIBUTE_TYPE, 'organizationalStatus', 'RFC4524'), '0.9.2342.19200300.100.1.46': ('0.9.2342.19200300.100.1.46', OID_ATTRIBUTE_TYPE, 'janetMailbox', 'RFC1274'), '0.9.2342.19200300.100.1.47': ('0.9.2342.19200300.100.1.47', OID_ATTRIBUTE_TYPE, 'mailPreferenceOption', 'RFC1274'), '0.9.2342.19200300.100.1.48': ('0.9.2342.19200300.100.1.48', OID_ATTRIBUTE_TYPE, 'buildingName', 'RFC4524'), '0.9.2342.19200300.100.1.49': ('0.9.2342.19200300.100.1.49', OID_ATTRIBUTE_TYPE, 'dSAQuality', 'RFC1274'), '0.9.2342.19200300.100.1.50': ('0.9.2342.19200300.100.1.50', OID_ATTRIBUTE_TYPE, 'singleLevelQuality', 'RFC4524'), '0.9.2342.19200300.100.1.51': ('0.9.2342.19200300.100.1.51', OID_ATTRIBUTE_TYPE, 'subtreeMinimumQuality', 'RFC1274'), '0.9.2342.19200300.100.1.52': ('0.9.2342.19200300.100.1.52', OID_ATTRIBUTE_TYPE, 'subtreeMaximumQuality', 'RFC1274'), '0.9.2342.19200300.100.1.53': ('0.9.2342.19200300.100.1.53', OID_ATTRIBUTE_TYPE, 'personalSignature', 'RFC1274'), '0.9.2342.19200300.100.1.54': ('0.9.2342.19200300.100.1.54', OID_ATTRIBUTE_TYPE, 'dITRedirect', 'RFC1274'), '0.9.2342.19200300.100.1.55': ('0.9.2342.19200300.100.1.55', OID_ATTRIBUTE_TYPE, 'audio', 'RFC1274'), '0.9.2342.19200300.100.1.56': ('0.9.2342.19200300.100.1.56', OID_ATTRIBUTE_TYPE, 'documentPublisher', 'RFC4524'), '0.9.2342.19200300.100.1.60': ('0.9.2342.19200300.100.1.60', OID_ATTRIBUTE_TYPE, 'jpegPhoto', 'RFC2798'), '1.2.840.113549.1.9.1': ('1.2.840.113549.1.9.1', OID_ATTRIBUTE_TYPE, ['email', 'emailAddress'], 'RFC3280'), '1.2.840.113556.1.4.478': ('1.2.840.113556.1.4.478', OID_ATTRIBUTE_TYPE, 'calCalURI', 'RFC2739'), '1.2.840.113556.1.4.479': ('1.2.840.113556.1.4.479', OID_ATTRIBUTE_TYPE, 'calFBURL', 'RFC2739'), '1.2.840.113556.1.4.480': ('1.2.840.113556.1.4.480', OID_ATTRIBUTE_TYPE, 'calCAPURI', 'RFC2739'), '1.2.840.113556.1.4.481': ('1.2.840.113556.1.4.481', OID_ATTRIBUTE_TYPE, 'calCalAdrURI', 'RFC2739'), '1.2.840.113556.1.4.482': ('1.2.840.113556.1.4.482', OID_ATTRIBUTE_TYPE, 'calOtherCalURIs', 'RFC2739'), '1.2.840.113556.1.4.483': ('1.2.840.113556.1.4.483', OID_ATTRIBUTE_TYPE, 'calOtherFBURLs', 'RFC2739'), '1.2.840.113556.1.4.484': ('1.2.840.113556.1.4.484', OID_ATTRIBUTE_TYPE, 'calOtherCAPURIs', 'RFC2739'), '1.2.840.113556.1.4.485': ('1.2.840.113556.1.4.485', OID_ATTRIBUTE_TYPE, 'calOtherCalAdrURIs', 'RFC2739'), '1.3.18.0.2.4.1107': ('1.3.18.0.2.4.1107', OID_ATTRIBUTE_TYPE, 'printer-xri-supported', 'RFC3712'), '1.3.18.0.2.4.1108': ('1.3.18.0.2.4.1108', OID_ATTRIBUTE_TYPE, 'printer-aliases', 'RFC3712'), '1.3.18.0.2.4.1109': ('1.3.18.0.2.4.1109', OID_ATTRIBUTE_TYPE, 'printer-charset-configured', 'RFC3712'), '1.3.18.0.2.4.1110': ('1.3.18.0.2.4.1110', OID_ATTRIBUTE_TYPE, 'printer-job-priority-supported', 'RFC3712'), '1.3.18.0.2.4.1111': ('1.3.18.0.2.4.1111', OID_ATTRIBUTE_TYPE, 'printer-job-k-octets-supported', 'RFC3712'), '1.3.18.0.2.4.1112': ('1.3.18.0.2.4.1112', OID_ATTRIBUTE_TYPE, 'printer-current-operator', 'RFC3712'), '1.3.18.0.2.4.1113': ('1.3.18.0.2.4.1113', OID_ATTRIBUTE_TYPE, 'printer-service-person', 'RFC3712'), '1.3.18.0.2.4.1114': ('1.3.18.0.2.4.1114', OID_ATTRIBUTE_TYPE, 'printer-delivery-orientation-supported', 'RFC3712'), '1.3.18.0.2.4.1115': ('1.3.18.0.2.4.1115', OID_ATTRIBUTE_TYPE, 'printer-stacking-order-supported', 'RFC3712'), '1.3.18.0.2.4.1116': ('1.3.18.0.2.4.1116', OID_ATTRIBUTE_TYPE, 'printer-output-features-supported', 'RFC3712'), '1.3.18.0.2.4.1117': ('1.3.18.0.2.4.1117', OID_ATTRIBUTE_TYPE, 'printer-media-local-supported', 'RFC3712'), '1.3.18.0.2.4.1118': ('1.3.18.0.2.4.1118', OID_ATTRIBUTE_TYPE, 'printer-copies-supported', 'RFC3712'), '1.3.18.0.2.4.1119': ('1.3.18.0.2.4.1119', OID_ATTRIBUTE_TYPE, 'printer-natural-language-configured', 'RFC3712'), '1.3.18.0.2.4.1120': ('1.3.18.0.2.4.1120', OID_ATTRIBUTE_TYPE, 'printer-print-quality-supported', 'RFC3712'), '1.3.18.0.2.4.1121': ('1.3.18.0.2.4.1121', OID_ATTRIBUTE_TYPE, 'printer-resolution-supported', 'RFC3712'), '1.3.18.0.2.4.1122': ('1.3.18.0.2.4.1122', OID_ATTRIBUTE_TYPE, 'printer-media-supported', 'RFC3712'), '1.3.18.0.2.4.1123': ('1.3.18.0.2.4.1123', OID_ATTRIBUTE_TYPE, 'printer-sides-supported', 'RFC3712'), '1.3.18.0.2.4.1124': ('1.3.18.0.2.4.1124', OID_ATTRIBUTE_TYPE, 'printer-number-up-supported', 'RFC3712'), '1.3.18.0.2.4.1125': ('1.3.18.0.2.4.1125', OID_ATTRIBUTE_TYPE, 'printer-finishings-supported', 'RFC3712'), '1.3.18.0.2.4.1126': ('1.3.18.0.2.4.1126', OID_ATTRIBUTE_TYPE, 'printer-pages-per-minute-color', 'RFC3712'), '1.3.18.0.2.4.1127': ('1.3.18.0.2.4.1127', OID_ATTRIBUTE_TYPE, 'printer-pages-per-minute', 'RFC3712'), '1.3.18.0.2.4.1128': ('1.3.18.0.2.4.1128', OID_ATTRIBUTE_TYPE, 'printer-compression-supported', 'RFC3712'), '1.3.18.0.2.4.1129': ('1.3.18.0.2.4.1129', OID_ATTRIBUTE_TYPE, 'printer-color-supported', 'RFC3712'), '1.3.18.0.2.4.1130': ('1.3.18.0.2.4.1130', OID_ATTRIBUTE_TYPE, 'printer-document-format-supported', 'RFC3712'), '1.3.18.0.2.4.1131': ('1.3.18.0.2.4.1131', OID_ATTRIBUTE_TYPE, 'printer-charset-supported', 'RFC3712'), '1.3.18.0.2.4.1132': ('1.3.18.0.2.4.1132', OID_ATTRIBUTE_TYPE, 'printer-multiple-document-jobs-supported', 'RFC3712'), '1.3.18.0.2.4.1133': ('1.3.18.0.2.4.1133', OID_ATTRIBUTE_TYPE, 'printer-ipp-versions-supported', 'RFC3712'), '1.3.18.0.2.4.1134': ('1.3.18.0.2.4.1134', OID_ATTRIBUTE_TYPE, 'printer-more-info', 'RFC3712'), '1.3.18.0.2.4.1135': ('1.3.18.0.2.4.1135', OID_ATTRIBUTE_TYPE, 'printer-name', 'RFC3712'), '1.3.18.0.2.4.1136': ('1.3.18.0.2.4.1136', OID_ATTRIBUTE_TYPE, 'printer-location', 'RFC3712'), '1.3.18.0.2.4.1137': ('1.3.18.0.2.4.1137', OID_ATTRIBUTE_TYPE, 'printer-generated-natural-language-supported', 'RFC3712'), '1.3.18.0.2.4.1138': ('1.3.18.0.2.4.1138', OID_ATTRIBUTE_TYPE, 'printer-make-and-model', 'RFC3712'), '1.3.18.0.2.4.1139': ('1.3.18.0.2.4.1139', OID_ATTRIBUTE_TYPE, 'printer-info', 'RFC3712'), '1.3.18.0.2.4.1140': ('1.3.18.0.2.4.1140', OID_ATTRIBUTE_TYPE, 'printer-uri', 'RFC3712'), '1.3.6.1.1.10.4.1': ('1.3.6.1.1.10.4.1', OID_ATTRIBUTE_TYPE, 'uddiBusinessKey', 'RFC4403'), '1.3.6.1.1.10.4.2': ('1.3.6.1.1.10.4.2', OID_ATTRIBUTE_TYPE, 'uddiAuthorizedName', 'RFC4403'), '1.3.6.1.1.10.4.3': ('1.3.6.1.1.10.4.3', OID_ATTRIBUTE_TYPE, 'uddiOperator', 'RFC4403'), '1.3.6.1.1.10.4.4': ('1.3.6.1.1.10.4.4', OID_ATTRIBUTE_TYPE, 'uddiName', 'RFC4403'), '1.3.6.1.1.10.4.5': ('1.3.6.1.1.10.4.5', OID_ATTRIBUTE_TYPE, 'uddiDescription', 'RFC4403'), '1.3.6.1.1.10.4.6': ('1.3.6.1.1.10.4.6', OID_ATTRIBUTE_TYPE, 'uddiDiscoveryURLs', 'RFC4403'), '1.3.6.1.1.10.4.7': ('1.3.6.1.1.10.4.7', OID_ATTRIBUTE_TYPE, 'uddiUseType', 'RFC4403'), '1.3.6.1.1.10.4.8': ('1.3.6.1.1.10.4.8', OID_ATTRIBUTE_TYPE, 'uddiPersonName', 'RFC4403'), '1.3.6.1.1.10.4.9': ('1.3.6.1.1.10.4.9', OID_ATTRIBUTE_TYPE, 'uddiPhone', 'RFC4403'), '1.3.6.1.1.10.4.10': ('1.3.6.1.1.10.4.10', OID_ATTRIBUTE_TYPE, 'uddiEMail', 'RFC4403'), '1.3.6.1.1.10.4.11': ('1.3.6.1.1.10.4.11', OID_ATTRIBUTE_TYPE, 'uddiSortCode', 'RFC4403'), '1.3.6.1.1.10.4.12': ('1.3.6.1.1.10.4.12', OID_ATTRIBUTE_TYPE, 'uddiTModelKey', 'RFC4403'), '1.3.6.1.1.10.4.13': ('1.3.6.1.1.10.4.13', OID_ATTRIBUTE_TYPE, 'uddiAddressLine', 'RFC4403'), '1.3.6.1.1.10.4.14': ('1.3.6.1.1.10.4.14', OID_ATTRIBUTE_TYPE, 'uddiIdentifierBag', 'RFC4403'), '1.3.6.1.1.10.4.15': ('1.3.6.1.1.10.4.15', OID_ATTRIBUTE_TYPE, 'uddiCategoryBag', 'RFC4403'), '1.3.6.1.1.10.4.16': ('1.3.6.1.1.10.4.16', OID_ATTRIBUTE_TYPE, 'uddiKeyedReference', 'RFC4403'), '1.3.6.1.1.10.4.17': ('1.3.6.1.1.10.4.17', OID_ATTRIBUTE_TYPE, 'uddiServiceKey', 'RFC4403'), '1.3.6.1.1.10.4.18': ('1.3.6.1.1.10.4.18', OID_ATTRIBUTE_TYPE, 'uddiBindingKey', 'RFC4403'), '1.3.6.1.1.10.4.19': ('1.3.6.1.1.10.4.19', OID_ATTRIBUTE_TYPE, 'uddiAccessPoint', 'RFC4403'), '1.3.6.1.1.10.4.20': ('1.3.6.1.1.10.4.20', OID_ATTRIBUTE_TYPE, 'uddiHostingRedirector', 'RFC4403'), '1.3.6.1.1.10.4.21': ('1.3.6.1.1.10.4.21', OID_ATTRIBUTE_TYPE, 'uddiInstanceDescription', 'RFC4403'), '1.3.6.1.1.10.4.22': ('1.3.6.1.1.10.4.22', OID_ATTRIBUTE_TYPE, 'uddiInstanceParms', 'RFC4403'), '1.3.6.1.1.10.4.23': ('1.3.6.1.1.10.4.23', OID_ATTRIBUTE_TYPE, 'uddiOverviewDescription', 'RFC4403'), '1.3.6.1.1.10.4.24': ('1.3.6.1.1.10.4.24', OID_ATTRIBUTE_TYPE, 'uddiOverviewURL', 'RFC4403'), '1.3.6.1.1.10.4.25': ('1.3.6.1.1.10.4.25', OID_ATTRIBUTE_TYPE, 'uddiFromKey', 'RFC4403'), '1.3.6.1.1.10.4.26': ('1.3.6.1.1.10.4.26', OID_ATTRIBUTE_TYPE, 'uddiToKey', 'RFC4403'), '1.3.6.1.1.10.4.27': ('1.3.6.1.1.10.4.27', OID_ATTRIBUTE_TYPE, 'uddiUUID', 'RFC4403'), '1.3.6.1.1.10.4.28': ('1.3.6.1.1.10.4.28', OID_ATTRIBUTE_TYPE, 'uddiIsHidden', 'RFC4403'), '1.3.6.1.1.10.4.29': ('1.3.6.1.1.10.4.29', OID_ATTRIBUTE_TYPE, 'uddiIsProjection', 'RFC4403'), '1.3.6.1.1.10.4.30': ('1.3.6.1.1.10.4.30', OID_ATTRIBUTE_TYPE, 'uddiLang', 'RFC4403'), '1.3.6.1.1.10.4.31': ('1.3.6.1.1.10.4.31', OID_ATTRIBUTE_TYPE, 'uddiv3BusinessKey', 'RFC4403'), '1.3.6.1.1.10.4.32': ('1.3.6.1.1.10.4.32', OID_ATTRIBUTE_TYPE, 'uddiv3ServiceKey', 'RFC4403'), '1.3.6.1.1.10.4.33': ('1.3.6.1.1.10.4.33', OID_ATTRIBUTE_TYPE, 'uddiv3BindingKey', 'RFC4403'), '1.3.6.1.1.10.4.34': ('1.3.6.1.1.10.4.34', OID_ATTRIBUTE_TYPE, 'uddiv3TmodelKey', 'RFC4403'), '1.3.6.1.1.10.4.35': ('1.3.6.1.1.10.4.35', OID_ATTRIBUTE_TYPE, 'uddiv3DigitalSignature', 'RFC4403'), '1.3.6.1.1.10.4.36': ('1.3.6.1.1.10.4.36', OID_ATTRIBUTE_TYPE, 'uddiv3NodeId', 'RFC4403'), '1.3.6.1.1.10.4.37': ('1.3.6.1.1.10.4.37', OID_ATTRIBUTE_TYPE, 'uddiv3EntityModificationTime', 'RFC4403'), '1.3.6.1.1.10.4.38': ('1.3.6.1.1.10.4.38', OID_ATTRIBUTE_TYPE, 'uddiv3SubscriptionKey', 'RFC4403'), '1.3.6.1.1.10.4.39': ('1.3.6.1.1.10.4.39', OID_ATTRIBUTE_TYPE, 'uddiv3SubscriptionFilter', 'RFC4403'), '1.3.6.1.1.10.4.40': ('1.3.6.1.1.10.4.40', OID_ATTRIBUTE_TYPE, 'uddiv3NotificationInterval', 'RFC4403'), '1.3.6.1.1.10.4.41': ('1.3.6.1.1.10.4.41', OID_ATTRIBUTE_TYPE, 'uddiv3MaxEntities', 'RFC4403'), '1.3.6.1.1.10.4.42': ('1.3.6.1.1.10.4.42', OID_ATTRIBUTE_TYPE, 'uddiv3ExpiresAfter', 'RFC4403'), '1.3.6.1.1.10.4.43': ('1.3.6.1.1.10.4.43', OID_ATTRIBUTE_TYPE, 'uddiv3BriefResponse', 'RFC4403'), '1.3.6.1.1.10.4.44': ('1.3.6.1.1.10.4.44', OID_ATTRIBUTE_TYPE, 'uddiv3EntityKey', 'RFC4403'), '1.3.6.1.1.10.4.45': ('1.3.6.1.1.10.4.45', OID_ATTRIBUTE_TYPE, 'uddiv3EntityCreationTime', 'RFC4403'), '1.3.6.1.1.10.4.46': ('1.3.6.1.1.10.4.46', OID_ATTRIBUTE_TYPE, 'uddiv3EntityDeletionTime', 'RFC4403'), '1.3.6.1.1.11.2.1': ('1.3.6.1.1.11.2.1', OID_ATTRIBUTE_TYPE, 'vPIMTelephoneNumber', 'RFC4237'), '1.3.6.1.1.11.2.2': ('1.3.6.1.1.11.2.2', OID_ATTRIBUTE_TYPE, 'vPIMRfc822Mailbox', 'RFC4237'), '1.3.6.1.1.11.2.3': ('1.3.6.1.1.11.2.3', OID_ATTRIBUTE_TYPE, 'vPIMSpokenName', 'RFC4237'), '1.3.6.1.1.11.2.4': ('1.3.6.1.1.11.2.4', OID_ATTRIBUTE_TYPE, 'vPIMSupportedUABehaviors', 'RFC4237'), '1.3.6.1.1.11.2.5': ('1.3.6.1.1.11.2.5', OID_ATTRIBUTE_TYPE, 'vPIMSupportedAudioMediaTypes', 'RFC4237'), '1.3.6.1.1.11.2.6': ('1.3.6.1.1.11.2.6', OID_ATTRIBUTE_TYPE, 'vPIMSupportedMessageContext', 'RFC4237'), '1.3.6.1.1.11.2.7': ('1.3.6.1.1.11.2.7', OID_ATTRIBUTE_TYPE, 'vPIMTextName', 'RFC4237'), '1.3.6.1.1.11.2.8': ('1.3.6.1.1.11.2.8', OID_ATTRIBUTE_TYPE, 'vPIMExtendedAbsenceStatus', 'RFC4237'), '1.3.6.1.1.11.2.9': ('1.3.6.1.1.11.2.9', OID_ATTRIBUTE_TYPE, 'vPIMMaxMessageSize', 'RFC4237'), '1.3.6.1.1.11.2.10': ('1.3.6.1.1.11.2.10', OID_ATTRIBUTE_TYPE, 'vPIMSubMailboxes', 'RFC4237'), '1.3.6.1.1.16.4': ('1.3.6.1.1.16.4', OID_ATTRIBUTE_TYPE, 'entryUUID', 'RFC4530'), '1.3.6.1.1.20': ('1.3.6.1.1.20', OID_ATTRIBUTE_TYPE, 'entryDN', 'RFC5020'), '1.3.6.1.1.6.2.3': ('1.3.6.1.1.6.2.3', OID_ATTRIBUTE_TYPE, 'pcimKeywords', 'RFC3703'), '1.3.6.1.1.6.2.4': ('1.3.6.1.1.6.2.4', OID_ATTRIBUTE_TYPE, 'pcimGroupName', 'RFC3703'), '1.3.6.1.1.6.2.5': ('1.3.6.1.1.6.2.5', OID_ATTRIBUTE_TYPE, 'pcimRuleName', 'RFC3703'), '1.3.6.1.1.6.2.6': ('1.3.6.1.1.6.2.6', OID_ATTRIBUTE_TYPE, 'pcimRuleEnabled', 'RFC3703'), '1.3.6.1.1.6.2.7': ('1.3.6.1.1.6.2.7', OID_ATTRIBUTE_TYPE, 'pcimRuleConditionListType', 'RFC3703'), '1.3.6.1.1.6.2.8': ('1.3.6.1.1.6.2.8', OID_ATTRIBUTE_TYPE, 'pcimRuleConditionList', 'RFC3703'), '1.3.6.1.1.6.2.9': ('1.3.6.1.1.6.2.9', OID_ATTRIBUTE_TYPE, 'pcimRuleActionList', 'RFC3703'), '1.3.6.1.1.6.2.10': ('1.3.6.1.1.6.2.10', OID_ATTRIBUTE_TYPE, 'pcimRuleValidityPeriodList', 'RFC3703'), '1.3.6.1.1.6.2.11': ('1.3.6.1.1.6.2.11', OID_ATTRIBUTE_TYPE, 'pcimRuleUsage', 'RFC3703'), '1.3.6.1.1.6.2.12': ('1.3.6.1.1.6.2.12', OID_ATTRIBUTE_TYPE, 'pcimRulePriority', 'RFC3703'), '1.3.6.1.1.6.2.13': ('1.3.6.1.1.6.2.13', OID_ATTRIBUTE_TYPE, 'pcimRuleMandatory', 'RFC3703'), '1.3.6.1.1.6.2.14': ('1.3.6.1.1.6.2.14', OID_ATTRIBUTE_TYPE, 'pcimRuleSequencedActions', 'RFC3703'), '1.3.6.1.1.6.2.15': ('1.3.6.1.1.6.2.15', OID_ATTRIBUTE_TYPE, 'pcimRoles', 'RFC3703'), '1.3.6.1.1.6.2.16': ('1.3.6.1.1.6.2.16', OID_ATTRIBUTE_TYPE, 'pcimConditionGroupNumber', 'RFC3703'), '1.3.6.1.1.6.2.17': ('1.3.6.1.1.6.2.17', OID_ATTRIBUTE_TYPE, 'pcimConditionNegated', 'RFC3703'), '1.3.6.1.1.6.2.18': ('1.3.6.1.1.6.2.18', OID_ATTRIBUTE_TYPE, 'pcimConditionName', 'RFC3703'), '1.3.6.1.1.6.2.19': ('1.3.6.1.1.6.2.19', OID_ATTRIBUTE_TYPE, 'pcimConditionDN', 'RFC3703'), '1.3.6.1.1.6.2.20': ('1.3.6.1.1.6.2.20', OID_ATTRIBUTE_TYPE, 'pcimValidityConditionName', 'RFC3703'), '1.3.6.1.1.6.2.21': ('1.3.6.1.1.6.2.21', OID_ATTRIBUTE_TYPE, 'pcimTimePeriodConditionDN', 'RFC3703'), '1.3.6.1.1.6.2.22': ('1.3.6.1.1.6.2.22', OID_ATTRIBUTE_TYPE, 'pcimActionName', 'RFC3703'), '1.3.6.1.1.6.2.23': ('1.3.6.1.1.6.2.23', OID_ATTRIBUTE_TYPE, 'pcimActionOrder', 'RFC3703'), '1.3.6.1.1.6.2.24': ('1.3.6.1.1.6.2.24', OID_ATTRIBUTE_TYPE, 'pcimActionDN', 'RFC3703'), '1.3.6.1.1.6.2.25': ('1.3.6.1.1.6.2.25', OID_ATTRIBUTE_TYPE, 'pcimTPCTime', 'RFC3703'), '1.3.6.1.1.6.2.26': ('1.3.6.1.1.6.2.26', OID_ATTRIBUTE_TYPE, 'pcimTPCMonthOfYearMask', 'RFC3703'), '1.3.6.1.1.6.2.27': ('1.3.6.1.1.6.2.27', OID_ATTRIBUTE_TYPE, 'pcimTPCDayOfMonthMask', 'RFC3703'), '1.3.6.1.1.6.2.28': ('1.3.6.1.1.6.2.28', OID_ATTRIBUTE_TYPE, 'pcimTPCDayOfWeekMask', 'RFC3703'), '1.3.6.1.1.6.2.29': ('1.3.6.1.1.6.2.29', OID_ATTRIBUTE_TYPE, 'pcimTPCTimeOfDayMask', 'RFC3703'), '1.3.6.1.1.6.2.30': ('1.3.6.1.1.6.2.30', OID_ATTRIBUTE_TYPE, 'pcimTPCLocalOrUtcTime', 'RFC3703'), '1.3.6.1.1.6.2.31': ('1.3.6.1.1.6.2.31', OID_ATTRIBUTE_TYPE, 'pcimVendorConstraintData', 'RFC3703'), '1.3.6.1.1.6.2.32': ('1.3.6.1.1.6.2.32', OID_ATTRIBUTE_TYPE, 'pcimVendorConstraintEncoding', 'RFC3703'), '1.3.6.1.1.6.2.33': ('1.3.6.1.1.6.2.33', OID_ATTRIBUTE_TYPE, 'pcimVendorActionData', 'RFC3703'), '1.3.6.1.1.6.2.34': ('1.3.6.1.1.6.2.34', OID_ATTRIBUTE_TYPE, 'pcimVendorActionEncoding', 'RFC3703'), '1.3.6.1.1.6.2.35': ('1.3.6.1.1.6.2.35', OID_ATTRIBUTE_TYPE, 'pcimPolicyInstanceName', 'RFC3703'), '1.3.6.1.1.6.2.36': ('1.3.6.1.1.6.2.36', OID_ATTRIBUTE_TYPE, 'pcimRepositoryName', 'RFC3703'), '1.3.6.1.1.6.2.37': ('1.3.6.1.1.6.2.37', OID_ATTRIBUTE_TYPE, 'pcimSubtreesAuxContainedSet', 'RFC3703'), '1.3.6.1.1.6.2.38': ('1.3.6.1.1.6.2.38', OID_ATTRIBUTE_TYPE, 'pcimGroupsAuxContainedSet', 'RFC3703'), '1.3.6.1.1.6.2.39': ('1.3.6.1.1.6.2.39', OID_ATTRIBUTE_TYPE, 'pcimRulesAuxContainedSet', 'RFC3703'), '1.3.6.1.1.9.2.1': ('1.3.6.1.1.9.2.1', OID_ATTRIBUTE_TYPE, 'pcelsPolicySetName', 'RFC4104'), '1.3.6.1.1.9.2.2': ('1.3.6.1.1.9.2.2', OID_ATTRIBUTE_TYPE, 'pcelsDecisionStrategy', 'RFC4104'), '1.3.6.1.1.9.2.3': ('1.3.6.1.1.9.2.3', OID_ATTRIBUTE_TYPE, 'pcelsPolicySetList', 'RFC4104'), '1.3.6.1.1.9.2.4': ('1.3.6.1.1.9.2.4', OID_ATTRIBUTE_TYPE, 'pcelsPriority', 'RFC4104'), '1.3.6.1.1.9.2.5': ('1.3.6.1.1.9.2.5', OID_ATTRIBUTE_TYPE, 'pcelsPolicySetDN', 'RFC4104'), '1.3.6.1.1.9.2.6': ('1.3.6.1.1.9.2.6', OID_ATTRIBUTE_TYPE, 'pcelsConditionListType', 'RFC4104'), '1.3.6.1.1.9.2.7': ('1.3.6.1.1.9.2.7', OID_ATTRIBUTE_TYPE, 'pcelsConditionList', 'RFC4104'), '1.3.6.1.1.9.2.8': ('1.3.6.1.1.9.2.8', OID_ATTRIBUTE_TYPE, 'pcelsActionList', 'RFC4104'), '1.3.6.1.1.9.2.9': ('1.3.6.1.1.9.2.9', OID_ATTRIBUTE_TYPE, 'pcelsSequencedActions', 'RFC4104'), '1.3.6.1.1.9.2.10': ('1.3.6.1.1.9.2.10', OID_ATTRIBUTE_TYPE, 'pcelsExecutionStrategy', 'RFC4104'), '1.3.6.1.1.9.2.11': ('1.3.6.1.1.9.2.11', OID_ATTRIBUTE_TYPE, 'pcelsVariableDN', 'RFC4104'), '1.3.6.1.1.9.2.12': ('1.3.6.1.1.9.2.12', OID_ATTRIBUTE_TYPE, 'pcelsValueDN', 'RFC4104'), '1.3.6.1.1.9.2.13': ('1.3.6.1.1.9.2.13', OID_ATTRIBUTE_TYPE, 'pcelsIsMirrored', 'RFC4104'), '1.3.6.1.1.9.2.14': ('1.3.6.1.1.9.2.14', OID_ATTRIBUTE_TYPE, 'pcelsVariableName', 'RFC4104'), '1.3.6.1.1.9.2.15': ('1.3.6.1.1.9.2.15', OID_ATTRIBUTE_TYPE, 'pcelsExpectedValueList', 'RFC4104'), '1.3.6.1.1.9.2.16': ('1.3.6.1.1.9.2.16', OID_ATTRIBUTE_TYPE, 'pcelsVariableModelClass', 'RFC4104'), '1.3.6.1.1.9.2.17': ('1.3.6.1.1.9.2.17', OID_ATTRIBUTE_TYPE, 'pcelsVariableModelProperty', 'RFC4104'), '1.3.6.1.1.9.2.18': ('1.3.6.1.1.9.2.18', OID_ATTRIBUTE_TYPE, 'pcelsExpectedValueTypes', 'RFC4104'), '1.3.6.1.1.9.2.19': ('1.3.6.1.1.9.2.19', OID_ATTRIBUTE_TYPE, 'pcelsValueName', 'RFC4104'), '1.3.6.1.1.9.2.20': ('1.3.6.1.1.9.2.20', OID_ATTRIBUTE_TYPE, 'pcelsIPv4AddrList', 'RFC4104'), '1.3.6.1.1.9.2.21': ('1.3.6.1.1.9.2.21', OID_ATTRIBUTE_TYPE, 'pcelsIPv6AddrList', 'RFC4104'), '1.3.6.1.1.9.2.22': ('1.3.6.1.1.9.2.22', OID_ATTRIBUTE_TYPE, 'pcelsMACAddrList', 'RFC4104'), '1.3.6.1.1.9.2.23': ('1.3.6.1.1.9.2.23', OID_ATTRIBUTE_TYPE, 'pcelsStringList', 'RFC4104'), '1.3.6.1.1.9.2.24': ('1.3.6.1.1.9.2.24', OID_ATTRIBUTE_TYPE, 'pcelsBitStringList', 'RFC4104'), '1.3.6.1.1.9.2.25': ('1.3.6.1.1.9.2.25', OID_ATTRIBUTE_TYPE, 'pcelsIntegerList', 'RFC4104'), '1.3.6.1.1.9.2.26': ('1.3.6.1.1.9.2.26', OID_ATTRIBUTE_TYPE, 'pcelsBoolean', 'RFC4104'), '1.3.6.1.1.9.2.27': ('1.3.6.1.1.9.2.27', OID_ATTRIBUTE_TYPE, 'pcelsReusableContainerName', 'RFC4104'), '1.3.6.1.1.9.2.28': ('1.3.6.1.1.9.2.28', OID_ATTRIBUTE_TYPE, 'pcelsReusableContainerList', 'RFC4104'), '1.3.6.1.1.9.2.29': ('1.3.6.1.1.9.2.29', OID_ATTRIBUTE_TYPE, 'pcelsRole', 'RFC4104'), '1.3.6.1.1.9.2.30': ('1.3.6.1.1.9.2.30', OID_ATTRIBUTE_TYPE, 'pcelsRoleCollectionName', 'RFC4104'), '1.3.6.1.1.9.2.31': ('1.3.6.1.1.9.2.31', OID_ATTRIBUTE_TYPE, 'pcelsElementList', 'RFC4104'), '1.3.6.1.1.9.2.32': ('1.3.6.1.1.9.2.32', OID_ATTRIBUTE_TYPE, 'pcelsFilterName', 'RFC4104'), '1.3.6.1.1.9.2.33': ('1.3.6.1.1.9.2.33', OID_ATTRIBUTE_TYPE, 'pcelsFilterIsNegated', 'RFC4104'), '1.3.6.1.1.9.2.34': ('1.3.6.1.1.9.2.34', OID_ATTRIBUTE_TYPE, 'pcelsIPHdrVersion', 'RFC4104'), '1.3.6.1.1.9.2.35': ('1.3.6.1.1.9.2.35', OID_ATTRIBUTE_TYPE, 'pcelsIPHdrSourceAddress', 'RFC4104'), '1.3.6.1.1.9.2.36': ('1.3.6.1.1.9.2.36', OID_ATTRIBUTE_TYPE, 'pcelsIPHdrSourceAddressEndOfRange', 'RFC4104'), '1.3.6.1.1.9.2.37': ('1.3.6.1.1.9.2.37', OID_ATTRIBUTE_TYPE, 'pcelsIPHdrSourceMask', 'RFC4104'), '1.3.6.1.1.9.2.38': ('1.3.6.1.1.9.2.38', OID_ATTRIBUTE_TYPE, 'pcelsIPHdrDestAddress', 'RFC4104'), '1.3.6.1.1.9.2.39': ('1.3.6.1.1.9.2.39', OID_ATTRIBUTE_TYPE, 'pcelsIPHdrDestAddressEndOfRange', 'RFC4104'), '1.3.6.1.1.9.2.40': ('1.3.6.1.1.9.2.40', OID_ATTRIBUTE_TYPE, 'pcelsIPHdrDestMask', 'RFC4104'), '1.3.6.1.1.9.2.41': ('1.3.6.1.1.9.2.41', OID_ATTRIBUTE_TYPE, 'pcelsIPHdrProtocolID', 'RFC4104'), '1.3.6.1.1.9.2.42': ('1.3.6.1.1.9.2.42', OID_ATTRIBUTE_TYPE, 'pcelsIPHdrSourcePortStart', 'RFC4104'), '1.3.6.1.1.9.2.43': ('1.3.6.1.1.9.2.43', OID_ATTRIBUTE_TYPE, 'pcelsIPHdrSourcePortEnd', 'RFC4104'), '1.3.6.1.1.9.2.44': ('1.3.6.1.1.9.2.44', OID_ATTRIBUTE_TYPE, 'pcelsIPHdrDestPortStart', 'RFC4104'), '1.3.6.1.1.9.2.45': ('1.3.6.1.1.9.2.45', OID_ATTRIBUTE_TYPE, 'pcelsIPHdrDestPortEnd', 'RFC4104'), '1.3.6.1.1.9.2.46': ('1.3.6.1.1.9.2.46', OID_ATTRIBUTE_TYPE, 'pcelsIPHdrDSCPList', 'RFC4104'), '1.3.6.1.1.9.2.47': ('1.3.6.1.1.9.2.47', OID_ATTRIBUTE_TYPE, 'pcelsIPHdrFlowLabel', 'RFC4104'), '1.3.6.1.1.9.2.48': ('1.3.6.1.1.9.2.48', OID_ATTRIBUTE_TYPE, 'pcels8021HdrSourceMACAddress', 'RFC4104'), '1.3.6.1.1.9.2.49': ('1.3.6.1.1.9.2.49', OID_ATTRIBUTE_TYPE, 'pcels8021HdrSourceMACMask', 'RFC4104'), '1.3.6.1.1.9.2.50': ('1.3.6.1.1.9.2.50', OID_ATTRIBUTE_TYPE, 'pcels8021HdrDestMACAddress', 'RFC4104'), '1.3.6.1.1.9.2.51': ('1.3.6.1.1.9.2.51', OID_ATTRIBUTE_TYPE, 'pcels8021HdrDestMACMask', 'RFC4104'), '1.3.6.1.1.9.2.52': ('1.3.6.1.1.9.2.52', OID_ATTRIBUTE_TYPE, 'pcels8021HdrProtocolID', 'RFC4104'), '1.3.6.1.1.9.2.53': ('1.3.6.1.1.9.2.53', OID_ATTRIBUTE_TYPE, 'pcels8021HdrPriority', 'RFC4104'), '1.3.6.1.1.9.2.54': ('1.3.6.1.1.9.2.54', OID_ATTRIBUTE_TYPE, 'pcels8021HdrVLANID', 'RFC4104'), '1.3.6.1.1.9.2.55': ('1.3.6.1.1.9.2.55', OID_ATTRIBUTE_TYPE, 'pcelsFilterListName', 'RFC4104'), '1.3.6.1.1.9.2.56': ('1.3.6.1.1.9.2.56', OID_ATTRIBUTE_TYPE, 'pcelsFilterDirection', 'RFC4104'), '1.3.6.1.1.9.2.57': ('1.3.6.1.1.9.2.57', OID_ATTRIBUTE_TYPE, 'pcelsFilterEntryList', 'RFC4104'), '1.3.6.1.1.9.2.58': ('1.3.6.1.1.9.2.58', OID_ATTRIBUTE_TYPE, 'pcelsVendorVariableData', 'RFC4104'), '1.3.6.1.1.9.2.59': ('1.3.6.1.1.9.2.59', OID_ATTRIBUTE_TYPE, 'pcelsVendorVariableEncoding', 'RFC4104'), '1.3.6.1.1.9.2.60': ('1.3.6.1.1.9.2.60', OID_ATTRIBUTE_TYPE, 'pcelsVendorValueData', 'RFC4104'), '1.3.6.1.1.9.2.61': ('1.3.6.1.1.9.2.61', OID_ATTRIBUTE_TYPE, 'pcelsVendorValueEncoding', 'RFC4104'), '1.3.6.1.1.9.2.62': ('1.3.6.1.1.9.2.62', OID_ATTRIBUTE_TYPE, 'pcelsRuleValidityPeriodList', 'RFC4104'), '1.3.6.1.4.1.11.1.3.1.1.0': ('1.3.6.1.4.1.11.1.3.1.1.0', OID_ATTRIBUTE_TYPE, 'defaultServerList', 'RFC4876'), '1.3.6.1.4.1.11.1.3.1.1.1': ('1.3.6.1.4.1.11.1.3.1.1.1', OID_ATTRIBUTE_TYPE, 'defaultSearchBase', 'RFC4876'), '1.3.6.1.4.1.11.1.3.1.1.2': ('1.3.6.1.4.1.11.1.3.1.1.2', OID_ATTRIBUTE_TYPE, 'preferredServerList', 'RFC4876'), '1.3.6.1.4.1.11.1.3.1.1.3': ('1.3.6.1.4.1.11.1.3.1.1.3', OID_ATTRIBUTE_TYPE, 'search_time_limit', 'RFC4876'), '1.3.6.1.4.1.11.1.3.1.1.4': ('1.3.6.1.4.1.11.1.3.1.1.4', OID_ATTRIBUTE_TYPE, 'bindTimeLimit', 'RFC4876'), '1.3.6.1.4.1.11.1.3.1.1.5': ('1.3.6.1.4.1.11.1.3.1.1.5', OID_ATTRIBUTE_TYPE, 'followReferrals', 'RFC4876'), '1.3.6.1.4.1.11.1.3.1.1.6': ('1.3.6.1.4.1.11.1.3.1.1.6', OID_ATTRIBUTE_TYPE, 'authenticationMethod', 'RFC4876'), '1.3.6.1.4.1.11.1.3.1.1.7': ('1.3.6.1.4.1.11.1.3.1.1.7', OID_ATTRIBUTE_TYPE, 'profileTTL', 'RFC4876'), '1.3.6.1.4.1.11.1.3.1.1.9': ('1.3.6.1.4.1.11.1.3.1.1.9', OID_ATTRIBUTE_TYPE, 'attributeMap', 'RFC4876'), '1.3.6.1.4.1.11.1.3.1.1.10': ('1.3.6.1.4.1.11.1.3.1.1.10', OID_ATTRIBUTE_TYPE, 'credentialLevel', 'RFC4876'), '1.3.6.1.4.1.11.1.3.1.1.11': ('1.3.6.1.4.1.11.1.3.1.1.11', OID_ATTRIBUTE_TYPE, 'objectclassMap', 'RFC4876'), '1.3.6.1.4.1.11.1.3.1.1.12': ('1.3.6.1.4.1.11.1.3.1.1.12', OID_ATTRIBUTE_TYPE, 'defaultSearchScope', 'RFC4876'), '1.3.6.1.4.1.11.1.3.1.1.13': ('1.3.6.1.4.1.11.1.3.1.1.13', OID_ATTRIBUTE_TYPE, 'serviceCredentialLevel', 'RFC4876'), '1.3.6.1.4.1.11.1.3.1.1.14': ('1.3.6.1.4.1.11.1.3.1.1.14', OID_ATTRIBUTE_TYPE, 'serviceSearchDescriptor', 'RFC4876'), '1.3.6.1.4.1.11.1.3.1.1.15': ('1.3.6.1.4.1.11.1.3.1.1.15', OID_ATTRIBUTE_TYPE, 'serviceAuthenticationMethod', 'RFC4876'), '1.3.6.1.4.1.11.1.3.1.1.16': ('1.3.6.1.4.1.11.1.3.1.1.16', OID_ATTRIBUTE_TYPE, 'dereferenceAliases', 'RFC4876'), '1.3.6.1.4.1.1466.101.119.3': ('1.3.6.1.4.1.1466.101.119.3', OID_ATTRIBUTE_TYPE, 'entryTtl', 'RFC2589'), '1.3.6.1.4.1.1466.101.119.4': ('1.3.6.1.4.1.1466.101.119.4', OID_ATTRIBUTE_TYPE, 'dynamicSubtrees', 'RFC2589'), '1.3.6.1.4.1.1466.101.120.1': ('1.3.6.1.4.1.1466.101.120.1', OID_ATTRIBUTE_TYPE, 'administratorsAddress', 'Mark_Wahl'), '1.3.6.1.4.1.1466.101.120.5': ('1.3.6.1.4.1.1466.101.120.5', OID_ATTRIBUTE_TYPE, 'namingContexts', 'RFC4512'), '1.3.6.1.4.1.1466.101.120.6': ('1.3.6.1.4.1.1466.101.120.6', OID_ATTRIBUTE_TYPE, 'altServer', 'RFC4512'), '1.3.6.1.4.1.1466.101.120.7': ('1.3.6.1.4.1.1466.101.120.7', OID_ATTRIBUTE_TYPE, 'supportedExtension', 'RFC4512'), '1.3.6.1.4.1.1466.101.120.13': ('1.3.6.1.4.1.1466.101.120.13', OID_ATTRIBUTE_TYPE, 'supportedControl', 'RFC4512'), '1.3.6.1.4.1.1466.101.120.14': ('1.3.6.1.4.1.1466.101.120.14', OID_ATTRIBUTE_TYPE, 'supportedSASLMechanisms', 'RFC4512'), '1.3.6.1.4.1.1466.101.120.15': ('1.3.6.1.4.1.1466.101.120.15', OID_ATTRIBUTE_TYPE, 'supportedLDAPVersion', 'RFC4512'), '1.3.6.1.4.1.1466.101.120.16': ('1.3.6.1.4.1.1466.101.120.16', OID_ATTRIBUTE_TYPE, 'ldapSyntaxes', 'RFC4512'), '1.3.6.1.4.1.16572.2.2.1': ('1.3.6.1.4.1.16572.2.2.1', OID_ATTRIBUTE_TYPE, 'providerCertificateHash', 'RFC6109'), '1.3.6.1.4.1.16572.2.2.2': ('1.3.6.1.4.1.16572.2.2.2', OID_ATTRIBUTE_TYPE, 'providerCertificate', 'RFC6109'), '1.3.6.1.4.1.16572.2.2.3': ('1.3.6.1.4.1.16572.2.2.3', OID_ATTRIBUTE_TYPE, 'providerName', 'RFC6109'), '1.3.6.1.4.1.16572.2.2.4': ('1.3.6.1.4.1.16572.2.2.4', OID_ATTRIBUTE_TYPE, 'mailReceipt', 'RFC6109'), '1.3.6.1.4.1.16572.2.2.5': ('1.3.6.1.4.1.16572.2.2.5', OID_ATTRIBUTE_TYPE, 'managedDomains', 'RFC6109'), '1.3.6.1.4.1.16572.2.2.6': ('1.3.6.1.4.1.16572.2.2.6', OID_ATTRIBUTE_TYPE, 'LDIFLocationURL', 'RFC6109'), '1.3.6.1.4.1.16572.2.2.7': ('1.3.6.1.4.1.16572.2.2.7', OID_ATTRIBUTE_TYPE, 'providerUnit', 'RFC6109'), '1.3.6.1.4.1.250.1.57': ('1.3.6.1.4.1.250.1.57', OID_ATTRIBUTE_TYPE, 'labeledURI', 'RFC2079'), '1.3.6.1.4.1.31103.1.1': ('1.3.6.1.4.1.31103.1.1', OID_ATTRIBUTE_TYPE, 'fedfsUuid', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.2': ('1.3.6.1.4.1.31103.1.2', OID_ATTRIBUTE_TYPE, 'fedfsNetAddr', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.3': ('1.3.6.1.4.1.31103.1.3', OID_ATTRIBUTE_TYPE, 'fedfsNetPort', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.4': ('1.3.6.1.4.1.31103.1.4', OID_ATTRIBUTE_TYPE, 'fedfsFsnUuid', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.5': ('1.3.6.1.4.1.31103.1.5', OID_ATTRIBUTE_TYPE, 'fedfsNsdbName', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.6': ('1.3.6.1.4.1.31103.1.6', OID_ATTRIBUTE_TYPE, 'fedfsNsdbPort', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.7': ('1.3.6.1.4.1.31103.1.7', OID_ATTRIBUTE_TYPE, 'fedfsNcePrefix', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.8': ('1.3.6.1.4.1.31103.1.8', OID_ATTRIBUTE_TYPE, 'fedfsFslUuid', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.9': ('1.3.6.1.4.1.31103.1.9', OID_ATTRIBUTE_TYPE, 'fedfsFslHost', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.10': ('1.3.6.1.4.1.31103.1.10', OID_ATTRIBUTE_TYPE, 'fedfsFslPort', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.11': ('1.3.6.1.4.1.31103.1.11', OID_ATTRIBUTE_TYPE, 'fedfsFslTTL', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.12': ('1.3.6.1.4.1.31103.1.12', OID_ATTRIBUTE_TYPE, 'fedfsAnnotation', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.13': ('1.3.6.1.4.1.31103.1.13', OID_ATTRIBUTE_TYPE, 'fedfsDescr', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.14': ('1.3.6.1.4.1.31103.1.14', OID_ATTRIBUTE_TYPE, 'fedfsNceDN', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.15': ('1.3.6.1.4.1.31103.1.15', OID_ATTRIBUTE_TYPE, 'fedfsFsnTTL', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.100': ('1.3.6.1.4.1.31103.1.100', OID_ATTRIBUTE_TYPE, 'fedfsNfsPath', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.101': ('1.3.6.1.4.1.31103.1.101', OID_ATTRIBUTE_TYPE, 'fedfsNfsMajorVer', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.102': ('1.3.6.1.4.1.31103.1.102', OID_ATTRIBUTE_TYPE, 'fedfsNfsMinorVer', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.103': ('1.3.6.1.4.1.31103.1.103', OID_ATTRIBUTE_TYPE, 'fedfsNfsCurrency', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.104': ('1.3.6.1.4.1.31103.1.104', OID_ATTRIBUTE_TYPE, 'fedfsNfsGenFlagWritable', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.105': ('1.3.6.1.4.1.31103.1.105', OID_ATTRIBUTE_TYPE, 'fedfsNfsGenFlagGoing', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.106': ('1.3.6.1.4.1.31103.1.106', OID_ATTRIBUTE_TYPE, 'fedfsNfsGenFlagSplit', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.107': ('1.3.6.1.4.1.31103.1.107', OID_ATTRIBUTE_TYPE, 'fedfsNfsTransFlagRdma', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.108': ('1.3.6.1.4.1.31103.1.108', OID_ATTRIBUTE_TYPE, 'fedfsNfsClassSimul', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.109': ('1.3.6.1.4.1.31103.1.109', OID_ATTRIBUTE_TYPE, 'fedfsNfsClassHandle', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.110': ('1.3.6.1.4.1.31103.1.110', OID_ATTRIBUTE_TYPE, 'fedfsNfsClassFileid', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.111': ('1.3.6.1.4.1.31103.1.111', OID_ATTRIBUTE_TYPE, 'fedfsNfsClassWritever', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.112': ('1.3.6.1.4.1.31103.1.112', OID_ATTRIBUTE_TYPE, 'fedfsNfsClassChange', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.113': ('1.3.6.1.4.1.31103.1.113', OID_ATTRIBUTE_TYPE, 'fedfsNfsClassReaddir', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.114': ('1.3.6.1.4.1.31103.1.114', OID_ATTRIBUTE_TYPE, 'fedfsNfsReadRank', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.115': ('1.3.6.1.4.1.31103.1.115', OID_ATTRIBUTE_TYPE, 'fedfsNfsReadOrder', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.116': ('1.3.6.1.4.1.31103.1.116', OID_ATTRIBUTE_TYPE, 'fedfsNfsWriteRank', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.117': ('1.3.6.1.4.1.31103.1.117', OID_ATTRIBUTE_TYPE, 'fedfsNfsWriteOrder', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.118': ('1.3.6.1.4.1.31103.1.118', OID_ATTRIBUTE_TYPE, 'fedfsNfsVarSub', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.119': ('1.3.6.1.4.1.31103.1.119', OID_ATTRIBUTE_TYPE, 'fedfsNfsValidFor', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.120': ('1.3.6.1.4.1.31103.1.120', OID_ATTRIBUTE_TYPE, 'fedfsNfsURI', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.4203.1.3.5': ('1.3.6.1.4.1.4203.1.3.5', OID_ATTRIBUTE_TYPE, 'supportedFeatures', 'RFC4512'), '1.3.6.1.4.1.453.7.2.1': ('1.3.6.1.4.1.453.7.2.1', OID_ATTRIBUTE_TYPE, 'textTableKey', 'RFC2293'), '1.3.6.1.4.1.453.7.2.2': ('1.3.6.1.4.1.453.7.2.2', OID_ATTRIBUTE_TYPE, 'textTableValue', 'RFC2293'), '1.3.6.1.4.1.453.7.2.3': ('1.3.6.1.4.1.453.7.2.3', OID_ATTRIBUTE_TYPE, ['associatedX400Gateway', 'distinguishedNameTableKey'], 'RFC2164-RFC2293'), '1.3.6.1.4.1.453.7.2.6': ('1.3.6.1.4.1.453.7.2.6', OID_ATTRIBUTE_TYPE, 'associatedORAddress', 'RFC2164'), '1.3.6.1.4.1.453.7.2.7': ('1.3.6.1.4.1.453.7.2.7', OID_ATTRIBUTE_TYPE, 'oRAddressComponentType', 'RFC2164'), '1.3.6.1.4.1.453.7.2.8': ('1.3.6.1.4.1.453.7.2.8', OID_ATTRIBUTE_TYPE, 'associatedInternetGateway', 'RFC2164'), '1.3.6.1.4.1.453.7.2.9': ('1.3.6.1.4.1.453.7.2.9', OID_ATTRIBUTE_TYPE, 'mcgamTables', 'RFC2164'), '2.16.840.1.113730.3.1.34': ('2.16.840.1.113730.3.1.34', OID_ATTRIBUTE_TYPE, 'ref', 'RFC3296'), '2.5.18.1': ('2.5.18.1', OID_ATTRIBUTE_TYPE, 'createTimestamp', 'RFC4512'), '2.5.18.2': ('2.5.18.2', OID_ATTRIBUTE_TYPE, 'modifyTimestamp', 'RFC4512'), '2.5.18.3': ('2.5.18.3', OID_ATTRIBUTE_TYPE, 'creatorsName', 'RFC4512'), '2.5.18.4': ('2.5.18.4', OID_ATTRIBUTE_TYPE, 'modifiersName', 'RFC4512'), '2.5.18.5': ('2.5.18.5', OID_ATTRIBUTE_TYPE, 'administrativeRole', 'RFC3672'), '2.5.18.6': ('2.5.18.6', OID_ATTRIBUTE_TYPE, 'subtreeSpecification', 'RFC3672'), '2.5.18.7': ('2.5.18.7', OID_ATTRIBUTE_TYPE, 'collectiveExclusions', 'RFC3671'), '2.5.18.10': ('2.5.18.10', OID_ATTRIBUTE_TYPE, 'subschemaSubentry', 'RFC4512'), '2.5.18.12': ('2.5.18.12', OID_ATTRIBUTE_TYPE, 'collectiveAttributeSubentries', 'RFC3671'), '2.5.21.1': ('2.5.21.1', OID_ATTRIBUTE_TYPE, 'dITStructureRules', 'RFC4512'), '2.5.21.2': ('2.5.21.2', OID_ATTRIBUTE_TYPE, 'dITContentRules', 'RFC4512'), '2.5.21.4': ('2.5.21.4', OID_ATTRIBUTE_TYPE, 'matchingRules', 'RFC4512'), '2.5.21.5': ('2.5.21.5', OID_ATTRIBUTE_TYPE, 'attributeTypes', 'RFC4512'), '2.5.21.6': ('2.5.21.6', OID_ATTRIBUTE_TYPE, 'objectClasses', 'RFC4512'), '2.5.21.7': ('2.5.21.7', OID_ATTRIBUTE_TYPE, 'nameForms', 'RFC4512'), '2.5.21.8': ('2.5.21.8', OID_ATTRIBUTE_TYPE, 'matchingRuleUse', 'RFC4512'), '2.5.21.9': ('2.5.21.9', OID_ATTRIBUTE_TYPE, 'structuralObjectClass', 'RFC4512'), '2.5.21.10': ('2.5.21.10', OID_ATTRIBUTE_TYPE, 'governingStructureRule', 'RFC4512'), '2.5.4.0': ('2.5.4.0', OID_ATTRIBUTE_TYPE, 'objectClass', 'RFC4512'), '2.5.4.1': ('2.5.4.1', OID_ATTRIBUTE_TYPE, ['aliasedEntryName', 'aliasedObjectName'], 'X.501-RFC4512'), '2.5.4.2': ('2.5.4.2', OID_ATTRIBUTE_TYPE, 'knowledgeInformation', 'RFC2256'), '2.5.4.3': ('2.5.4.3', OID_ATTRIBUTE_TYPE, ['cn', 'commonName'], 'RFC4519'), '2.5.4.4': ('2.5.4.4', OID_ATTRIBUTE_TYPE, ['sn', 'surname'], 'RFC4519'), '2.5.4.5': ('2.5.4.5', OID_ATTRIBUTE_TYPE, 'serialNumber', 'RFC4519'), '2.5.4.6': ('2.5.4.6', OID_ATTRIBUTE_TYPE, ['c', 'countryName'], 'RFC4519'), '2.5.4.7': ('2.5.4.7', OID_ATTRIBUTE_TYPE, ['L', 'localityName'], 'RFC4519'), '2.5.4.7.1': ('2.5.4.7.1', OID_ATTRIBUTE_TYPE, 'c-l', 'RFC3671'), '2.5.4.8': ('2.5.4.8', OID_ATTRIBUTE_TYPE, ['st', 'stateOrProvinceName'], 'RFC4519-RFC2256'), '2.5.4.8.1': ('2.5.4.8.1', OID_ATTRIBUTE_TYPE, 'c-st', 'RFC3671'), '2.5.4.9': ('2.5.4.9', OID_ATTRIBUTE_TYPE, ['street', 'streetAddress'], 'RFC4519-RFC2256'), '2.5.4.9.1': ('2.5.4.9.1', OID_ATTRIBUTE_TYPE, 'c-street', 'RFC3671'), '2.5.4.10': ('2.5.4.10', OID_ATTRIBUTE_TYPE, ['o', 'organizationName'], 'RFC4519'), '2.5.4.10.1': ('2.5.4.10.1', OID_ATTRIBUTE_TYPE, 'c-o', 'RFC3671'), '2.5.4.11': ('2.5.4.11', OID_ATTRIBUTE_TYPE, ['ou', 'organizationalUnitName'], 'RFC4519'), '2.5.4.11.1': ('2.5.4.11.1', OID_ATTRIBUTE_TYPE, 'c-ou', 'RFC3671'), '2.5.4.12': ('2.5.4.12', OID_ATTRIBUTE_TYPE, 'title', 'RFC4519'), '2.5.4.13': ('2.5.4.13', OID_ATTRIBUTE_TYPE, 'description', 'RFC4519'), '2.5.4.14': ('2.5.4.14', OID_ATTRIBUTE_TYPE, 'searchGuide', 'RFC4519'), '2.5.4.15': ('2.5.4.15', OID_ATTRIBUTE_TYPE, 'businessCategory', 'RFC4519'), '2.5.4.16': ('2.5.4.16', OID_ATTRIBUTE_TYPE, 'postalAddress', 'RFC4519'), '2.5.4.16.1': ('2.5.4.16.1', OID_ATTRIBUTE_TYPE, 'c-PostalAddress', 'RFC3671'), '2.5.4.17': ('2.5.4.17', OID_ATTRIBUTE_TYPE, 'postalCode', 'RFC4519'), '2.5.4.17.1': ('2.5.4.17.1', OID_ATTRIBUTE_TYPE, 'c-PostalCode', 'RFC3671'), '2.5.4.18': ('2.5.4.18', OID_ATTRIBUTE_TYPE, 'postOfficeBox', 'RFC4519'), '2.5.4.18.1': ('2.5.4.18.1', OID_ATTRIBUTE_TYPE, 'c-PostOfficeBox', 'RFC3671'), '2.5.4.19': ('2.5.4.19', OID_ATTRIBUTE_TYPE, 'physicalDeliveryOfficeName', 'RFC4519'), '2.5.4.19.1': ('2.5.4.19.1', OID_ATTRIBUTE_TYPE, 'c-PhysicalDeliveryOffice', 'RFC3671'), '2.5.4.20': ('2.5.4.20', OID_ATTRIBUTE_TYPE, 'telephoneNumber', 'RFC4519'), '2.5.4.20.1': ('2.5.4.20.1', OID_ATTRIBUTE_TYPE, 'c-TelephoneNumber', 'RFC3671'), '2.5.4.21': ('2.5.4.21', OID_ATTRIBUTE_TYPE, 'telexNumber', 'RFC4519'), '2.5.4.21.1': ('2.5.4.21.1', OID_ATTRIBUTE_TYPE, 'c-TelexNumber', 'RFC3671'), '2.5.4.22': ('2.5.4.22', OID_ATTRIBUTE_TYPE, 'teletexTerminalIdentifier', 'RFC4519'), '2.5.4.23': ('2.5.4.23', OID_ATTRIBUTE_TYPE, 'facsimileTelephoneNumber', 'RFC4519'), '2.5.4.23.1': ('2.5.4.23.1', OID_ATTRIBUTE_TYPE, 'c-FacsimileTelephoneNumber', 'RFC3671'), '2.5.4.24': ('2.5.4.24', OID_ATTRIBUTE_TYPE, 'x121Address', 'RFC4519'), '2.5.4.25': ('2.5.4.25', OID_ATTRIBUTE_TYPE, 'internationaliSDNNumber', 'RFC4519'), '2.5.4.25.1': ('2.5.4.25.1', OID_ATTRIBUTE_TYPE, 'c-InternationalISDNNumber', 'RFC3671'), '2.5.4.26': ('2.5.4.26', OID_ATTRIBUTE_TYPE, 'registeredAddress', 'RFC4519'), '2.5.4.27': ('2.5.4.27', OID_ATTRIBUTE_TYPE, 'destinationIndicator', 'RFC4519'), '2.5.4.28': ('2.5.4.28', OID_ATTRIBUTE_TYPE, 'preferredDeliveryMethod', 'RFC4519'), '2.5.4.29': ('2.5.4.29', OID_ATTRIBUTE_TYPE, 'presentationAddress', 'RFC2256'), '2.5.4.30': ('2.5.4.30', OID_ATTRIBUTE_TYPE, 'supportedApplicationContext', 'RFC2256'), '2.5.4.31': ('2.5.4.31', OID_ATTRIBUTE_TYPE, 'member', 'RFC4519'), '2.5.4.32': ('2.5.4.32', OID_ATTRIBUTE_TYPE, 'owner', 'RFC4519'), '2.5.4.33': ('2.5.4.33', OID_ATTRIBUTE_TYPE, 'roleOccupant', 'RFC4519'), '2.5.4.34': ('2.5.4.34', OID_ATTRIBUTE_TYPE, 'seeAlso', 'RFC4519'), '2.5.4.35': ('2.5.4.35', OID_ATTRIBUTE_TYPE, 'userPassword', 'RFC4519'), '2.5.4.36': ('2.5.4.36', OID_ATTRIBUTE_TYPE, 'userCertificate', 'RFC4523'), '2.5.4.37': ('2.5.4.37', OID_ATTRIBUTE_TYPE, 'cACertificate', 'RFC4523'), '2.5.4.38': ('2.5.4.38', OID_ATTRIBUTE_TYPE, 'authorityRevocationList', 'RFC4523'), '2.5.4.39': ('2.5.4.39', OID_ATTRIBUTE_TYPE, 'certificateRevocationList', 'RFC4523'), '2.5.4.40': ('2.5.4.40', OID_ATTRIBUTE_TYPE, 'crossCertificatePair', 'RFC4523'), '2.5.4.41': ('2.5.4.41', OID_ATTRIBUTE_TYPE, 'name', 'RFC4519'), '2.5.4.42': ('2.5.4.42', OID_ATTRIBUTE_TYPE, 'givenName', 'RFC4519'), '2.5.4.43': ('2.5.4.43', OID_ATTRIBUTE_TYPE, 'initials', 'RFC4519'), '2.5.4.44': ('2.5.4.44', OID_ATTRIBUTE_TYPE, 'generationQualifier', 'RFC4519'), '2.5.4.45': ('2.5.4.45', OID_ATTRIBUTE_TYPE, 'x500UniqueIdentifier', 'RFC4519'), '2.5.4.46': ('2.5.4.46', OID_ATTRIBUTE_TYPE, 'dnQualifier', 'RFC4519'), '2.5.4.47': ('2.5.4.47', OID_ATTRIBUTE_TYPE, 'enhancedSearchGuide', 'RFC4519'), '2.5.4.48': ('2.5.4.48', OID_ATTRIBUTE_TYPE, 'protocolInformation', 'RFC2256'), '2.5.4.49': ('2.5.4.49', OID_ATTRIBUTE_TYPE, 'distinguishedName', 'RFC4519'), '2.5.4.50': ('2.5.4.50', OID_ATTRIBUTE_TYPE, 'uniqueMember', 'RFC4519'), '2.5.4.51': ('2.5.4.51', OID_ATTRIBUTE_TYPE, 'houseIdentifier', 'RFC4519'), '2.5.4.52': ('2.5.4.52', OID_ATTRIBUTE_TYPE, 'supportedAlgorithms', 'RFC4523'), '2.5.4.53': ('2.5.4.53', OID_ATTRIBUTE_TYPE, 'deltaRevocationList', 'RFC4523'), '2.5.4.54': ('2.5.4.54', OID_ATTRIBUTE_TYPE, 'dmdName', 'RFC2256'), '2.5.4.65': ('2.5.4.65', OID_ATTRIBUTE_TYPE, 'pseudonym', 'RFC3280'), '2.16.840.1.113719.1.1.4.1.501': ('2.16.840.1.113719.1.1.4.1.501', OID_ATTRIBUTE_TYPE, 'GUID', 'NOVELL'), '2.16.840.1.113719.1.27.4.50': ('2.16.840.1.113719.1.27.4.50', OID_ATTRIBUTE_TYPE, 'localEntryID', 'NOVELL'), '2.16.840.1.113730.3.8.3.1': ('2.16.840.1.113730.3.8.3.1', OID_ATTRIBUTE_TYPE, 'ipaUniqueID', 'freeIPA'), '2.16.840.1.113730.3.8.3.2': ('2.16.840.1.113730.3.8.3.2', OID_ATTRIBUTE_TYPE, 'ipaClientVersion', 'freeIPA'), '2.16.840.1.113730.3.8.3.3': ('2.16.840.1.113730.3.8.3.3', OID_ATTRIBUTE_TYPE, 'enrolledBy', 'freeIPA'), '2.16.840.1.113730.3.8.3.4': ('2.16.840.1.113730.3.8.3.4', OID_ATTRIBUTE_TYPE, 'fqdn', 'freeIPA'), '2.16.840.1.113730.3.8.3.18': ('2.16.840.1.113730.3.8.3.18', OID_ATTRIBUTE_TYPE, 'managedBy', 'freeIPA'), '2.16.840.1.113730.3.8.3.24': ('2.16.840.1.113730.3.8.3.24', OID_ATTRIBUTE_TYPE, 'ipaEntitlementId', 'freeIPA'), # controls '1.2.826.0.1.3344810.2.3': ('1.2.826.0.1.3344810.2.3', OID_CONTROL, 'Matched Values', 'RFC3876'), '1.2.840.113556.1.4.319': ('1.2.840.113556.1.4.319', OID_CONTROL, 'LDAP Simple Paged Results', 'RFC2696'), '1.2.840.113556.1.4.417': ('1.2.840.113556.1.4.417', OID_CONTROL, 'LDAP server show deleted objects', 'MICROSOFT'), '1.2.840.113556.1.4.473': ('1.2.840.113556.1.4.473', OID_CONTROL, 'Sort Request', 'RFC2891'), '1.2.840.113556.1.4.474': ('1.2.840.113556.1.4.474', OID_CONTROL, 'Sort Response', 'RFC2891'), '1.2.840.113556.1.4.521': ('1.2.840.113556.1.4.521', OID_CONTROL, 'Cross-domain move', 'MICROSOFT'), '1.2.840.113556.1.4.528': ('1.2.840.113556.1.4.528', OID_CONTROL, 'Server search notification', 'MICROSOFT'), '1.2.840.113556.1.4.529': ('1.2.840.113556.1.4.529', OID_CONTROL, 'Extended DN', 'MICROSOFT'), '1.2.840.113556.1.4.619': ('1.2.840.113556.1.4.619', OID_CONTROL, 'Lazy commit', 'MICROSOFT'), '1.2.840.113556.1.4.801': ('1.2.840.113556.1.4.801', OID_CONTROL, 'Security descriptor flags', 'MICROSOFT'), '1.2.840.113556.1.4.802': ('1.2.840.113556.1.4.802', OID_CONTROL, 'Range option', 'MICROSOFT'), '1.2.840.113556.1.4.805': ('1.2.840.113556.1.4.805', OID_CONTROL, 'Tree delete', 'MICROSOFT'), '1.2.840.113556.1.4.841': ('1.2.840.113556.1.4.841', OID_CONTROL, 'Directory synchronization', 'MICROSOFT'), '1.2.840.113556.1.4.970': ('1.2.840.113556.1.4.970', OID_CONTROL, 'Get stats', 'MICROSOFT'), '1.2.840.113556.1.4.1338': ('1.2.840.113556.1.4.1338', OID_CONTROL, 'Verify name', 'MICROSOFT'), '1.2.840.113556.1.4.1339': ('1.2.840.113556.1.4.1339', OID_CONTROL, 'Domain scope', 'MICROSOFT'), '1.2.840.113556.1.4.1340': ('1.2.840.113556.1.4.1340', OID_CONTROL, 'Search options', 'MICROSOFT'), '1.2.840.113556.1.4.1341': ('1.2.840.113556.1.4.1341', OID_CONTROL, 'RODC DCPROMO', 'MICROSOFT'), '1.2.840.113556.1.4.1413': ('1.2.840.113556.1.4.1413', OID_CONTROL, 'Permissive modify', 'MICROSOFT'), '1.2.840.113556.1.4.1504': ('1.2.840.113556.1.4.1504', OID_CONTROL, 'Attribute scoped query', 'MICROSOFT'), '1.2.840.113556.1.4.1852': ('1.2.840.113556.1.4.1852', OID_CONTROL, 'User quota', 'MICROSOFT'), '1.2.840.113556.1.4.1907': ('1.2.840.113556.1.4.1907', OID_CONTROL, 'Server shutdown notify', 'MICROSOFT'), '1.2.840.113556.1.4.1948': ('1.2.840.113556.1.4.1948', OID_CONTROL, 'Range retrieval no error', 'MICROSOFT'), '1.2.840.113556.1.4.1974': ('1.2.840.113556.1.4.1974', OID_CONTROL, 'Server force update', 'MICROSOFT'), '1.2.840.113556.1.4.2026': ('1.2.840.113556.1.4.2026', OID_CONTROL, 'Input DN', 'MICROSOFT'), '1.2.840.113556.1.4.2064': ('1.2.840.113556.1.4.2064', OID_CONTROL, 'Show recycled', 'MICROSOFT'), '1.2.840.113556.1.4.2065': ('1.2.840.113556.1.4.2065', OID_CONTROL, 'Show deactivated link', 'MICROSOFT'), '1.2.840.113556.1.4.2066': ('1.2.840.113556.1.4.2066', OID_CONTROL, 'Policy hints [DEPRECATED]', 'MICROSOFT'), '1.2.840.113556.1.4.2090': ('1.2.840.113556.1.4.2090', OID_CONTROL, 'DirSync EX', 'MICROSOFT'), '1.2.840.113556.1.4.2204': ('1.2.840.113556.1.4.2204', OID_CONTROL, 'Tree deleted EX', 'MICROSOFT'), '1.2.840.113556.1.4.2205': ('1.2.840.113556.1.4.2205', OID_CONTROL, 'Updates stats', 'MICROSOFT'), '1.2.840.113556.1.4.2206': ('1.2.840.113556.1.4.2206', OID_CONTROL, 'Search hints', 'MICROSOFT'), '1.2.840.113556.1.4.2211': ('1.2.840.113556.1.4.2211', OID_CONTROL, 'Expected entry count', 'MICROSOFT'), '1.2.840.113556.1.4.2239': ('1.2.840.113556.1.4.2239', OID_CONTROL, 'Policy hints', 'MICROSOFT'), '1.2.840.113556.1.4.2255': ('1.2.840.113556.1.4.2255', OID_CONTROL, 'Set owner', 'MICROSOFT'), '1.2.840.113556.1.4.2256': ('1.2.840.113556.1.4.2256', OID_CONTROL, 'Bypass quota', 'MICROSOFT'), '1.3.6.1.1.7.1': ('1.3.6.1.1.7.1', OID_CONTROL, 'LCUP Sync Request', 'RFC3928'), '1.3.6.1.1.7.2': ('1.3.6.1.1.7.2', OID_CONTROL, 'LCUP Sync Update', 'RFC3928'), '1.3.6.1.1.7.3': ('1.3.6.1.1.7.3', OID_CONTROL, 'LCUP Sync Done', 'RFC3928'), '1.3.6.1.1.12': ('1.3.6.1.1.12', OID_CONTROL, 'Assertion', 'RFC4528'), '1.3.6.1.1.13.1': ('1.3.6.1.1.13.1', OID_CONTROL, 'LDAP Pre-read', 'RFC4527'), '1.3.6.1.1.13.2': ('1.3.6.1.1.13.2', OID_CONTROL, 'LDAP Post-read', 'RFC4527'), '1.3.6.1.1.21.2': ('1.3.6.1.1.21.2', OID_CONTROL, 'Transaction Specification', 'RFC5805'), '1.3.6.1.1.22': ('1.3.6.1.1.22', OID_CONTROL, "LDAP Don't Use Copy", 'RFC6171'), '1.3.6.1.4.1.42.2.27.8.5.1': ('1.3.6.1.4.1.42.2.27.8.5.1', OID_CONTROL, 'Password policy', 'IETF DRAFT behera-ldap-password-policy'), '1.3.6.1.4.1.42.2.27.9.5.2': ('1.3.6.1.4.1.42.2.27.9.5.2', OID_CONTROL, 'Get effective rights', 'IETF DRAFT draft-ietf-ldapext-acl-model'), '1.3.6.1.4.1.42.2.27.9.5.8': ('1.3.6.1.4.1.42.2.27.9.5.8', OID_CONTROL, 'Account usability', 'SUN microsystems'), '1.3.6.1.4.1.1466.29539.12': ('1.3.6.1.4.1.1466.29539.12', OID_CONTROL, 'Chaining loop detect', 'SUN microsystems'), '1.3.6.1.4.1.4203.1.9.1.1': ('1.3.6.1.4.1.4203.1.9.1.1', OID_CONTROL, 'LDAP content synchronization', 'RFC4533'), '1.3.6.1.4.1.4203.1.10.1': ('1.3.6.1.4.1.4203.1.10.1', OID_CONTROL, 'Subentries', 'RFC3672'), '1.3.6.1.4.1.4203.1.10.2': ('1.3.6.1.4.1.4203.1.10.2', OID_CONTROL, 'No-Operation', 'IETF DRAFT draft-zeilenga-ldap-noop'), '1.3.6.1.4.1.4203.666.5.16': ('1.3.6.1.4.1.4203.666.5.16', OID_CONTROL, 'LDAP Dereference', 'IETF DRAFT draft-masarati-ldap-deref'), '1.3.6.1.4.1.7628.5.101.1': ('1.3.6.1.4.1.7628.5.101.1', OID_CONTROL, 'LDAP subentries', 'IETF DRAFT draft-ietf-ldup-subentry'), '1.3.6.1.4.1.26027.1.5.2': ('1.3.6.1.4.1.26027.1.5.2', OID_CONTROL, 'Replication repair', 'OpenDS'), '2.16.840.1.113719.1.27.101.5': ('2.16.840.1.113719.1.27.101.5', OID_CONTROL, 'Simple password', 'NOVELL'), '1.3.6.1.4.1.26027.1.6.1': ('1.3.6.1.4.1.26027.1.6.1', OID_CONTROL, 'Password policy state', 'OpenDS'), '1.3.6.1.4.1.26027.1.6.2': ('1.3.6.1.4.1.26027.1.6.2', OID_CONTROL, 'Get connection ID', 'OpenDS'), '1.3.6.1.4.1.26027.1.6.3': ('1.3.6.1.4.1.26027.1.6.3', OID_CONTROL, 'Get symmetric key', 'OpenDS'), '2.16.840.1.113719.1.27.101.6': ('2.16.840.1.113719.1.27.101.6', OID_CONTROL, 'Forward reference', 'NOVELL'), '2.16.840.1.113719.1.27.103.7': ('2.16.840.1.113719.1.27.103.7', OID_CONTROL, 'Grouping', 'NOVELL'), '2.16.840.1.113730.3.4.2': ('2.16.840.1.113730.3.4.2', OID_CONTROL, 'ManageDsaIT', 'RFC3296'), '2.16.840.1.113730.3.4.3': ('2.16.840.1.113730.3.4.3', OID_CONTROL, 'Persistent Search', 'IETF'), '2.16.840.1.113730.3.4.4': ('2.16.840.1.113730.3.4.4', OID_CONTROL, 'Netscape Password Expired', 'Netscape'), '2.16.840.1.113730.3.4.5': ('2.16.840.1.113730.3.4.5', OID_CONTROL, 'Netscape Password Expiring', 'Netscape'), '2.16.840.1.113730.3.4.6': ('2.16.840.1.113730.3.4.6', OID_CONTROL, 'Netscape NT Synchronization Client', 'Netscape'), '2.16.840.1.113730.3.4.7': ('2.16.840.1.113730.3.4.7', OID_CONTROL, 'Entry Change Notification', 'Netscape'), '2.16.840.1.113730.3.4.9': ('2.16.840.1.113730.3.4.9', OID_CONTROL, 'Virtual List View Request', 'IETF'), '2.16.840.1.113730.3.4.10': ('2.16.840.1.113730.3.4.10', OID_CONTROL, 'Virtual List View Response', 'IETF'), '2.16.840.1.113730.3.4.12': ('2.16.840.1.113730.3.4.12', OID_CONTROL, 'Proxied Authorization (old)', 'Netscape'), '2.16.840.1.113730.3.4.13': ('2.16.840.1.113730.3.4.13', OID_CONTROL, 'iPlanet Directory Server Replication Update Information', 'Netscape'), '2.16.840.1.113730.3.4.14': ('2.16.840.1.113730.3.4.14', OID_CONTROL, 'Search on specific database', 'Netscape'), '2.16.840.1.113730.3.4.15': ('2.16.840.1.113730.3.4.15', OID_CONTROL, 'Authorization Identity Response Control', 'RFC3829'), '2.16.840.1.113730.3.4.16': ('2.16.840.1.113730.3.4.16', OID_CONTROL, 'Authorization Identity Request Control', 'RFC3829'), '2.16.840.1.113730.3.4.17': ('2.16.840.1.113730.3.4.17', OID_CONTROL, 'Real attribute only request', 'Netscape'), '2.16.840.1.113730.3.4.18': ('2.16.840.1.113730.3.4.18', OID_CONTROL, 'Proxy Authorization Control', 'RFC6171'), '2.16.840.1.113730.3.4.19': ('2.16.840.1.113730.3.4.19', OID_CONTROL, 'Chaining loop detection', 'Netscape'), '2.16.840.1.113730.3.4.20': ('2.16.840.1.113730.3.4.20', OID_CONTROL, 'Mapping Tree Node - Use one backend [extended]', 'openLDAP'), '2.16.840.1.113730.3.8.10.6': ('2.16.840.1.113730.3.8.10.6', OID_CONTROL, 'OTP Sync Request', 'freeIPA'), # dit content rules # extensions '1.2.840.113556.1.4.1781': ('1.2.840.113556.1.4.1781', OID_EXTENSION, 'Fast concurrent bind', 'MICROSOFT'), '1.2.840.113556.1.4.2212': ('1.2.840.113556.1.4.2212', OID_EXTENSION, 'Batch request', 'MICROSOFT'), '1.3.6.1.1.8': ('1.3.6.1.1.8', OID_EXTENSION, 'Cancel Operation', 'RFC3909'), '1.3.6.1.1.21.1': ('1.3.6.1.1.21.1', OID_EXTENSION, 'Start Transaction Extended Request', 'RFC5805'), '1.3.6.1.1.21.3': ('1.3.6.1.1.21.3', OID_EXTENSION, 'End Transaction Extended Request', 'RFC5805'), '1.3.6.1.4.1.1466.101.119.1': ('1.3.6.1.4.1.1466.101.119.1', OID_EXTENSION, 'Dynamic Refresh', 'RFC2589'), '1.3.6.1.4.1.1466.20037': ('1.3.6.1.4.1.1466.20037', OID_EXTENSION, 'StartTLS', 'RFC4511-RFC4513'), '1.3.6.1.4.1.4203.1.11.1': ('1.3.6.1.4.1.4203.1.11.1', OID_EXTENSION, 'Modify Password', 'RFC3062'), '1.3.6.1.4.1.4203.1.11.3': ('1.3.6.1.4.1.4203.1.11.3', OID_EXTENSION, 'Who am I', 'RFC4532'), '1.3.6.1.1.17.1': ('1.3.6.1.1.17.1', OID_EXTENSION, 'StartLBURPRequest LDAP ExtendedRequest message', 'RFC4373'), '1.3.6.1.1.17.2': ('1.3.6.1.1.17.2', OID_EXTENSION, 'StartLBURPResponse LDAP ExtendedResponse message', 'RFC4373'), '1.3.6.1.1.17.3': ('1.3.6.1.1.17.3', OID_EXTENSION, 'EndLBURPRequest LDAP ExtendedRequest message', 'RFC4373'), '1.3.6.1.1.17.4': ('1.3.6.1.1.17.4', OID_EXTENSION, 'EndLBURPResponse LDAP ExtendedResponse message', 'RFC4373'), '1.3.6.1.1.17.5': ('1.3.6.1.1.17.5', OID_EXTENSION, 'LBURPUpdateRequest LDAP ExtendedRequest message', 'RFC4373'), '1.3.6.1.1.17.6': ('1.3.6.1.1.17.6', OID_EXTENSION, 'LBURPUpdateResponse LDAP ExtendedResponse message', 'RFC4373'), '1.3.6.1.1.19': ('1.3.6.1.1.19', OID_EXTENSION, 'LDAP Turn Operation', 'RFC4531'), '2.16.840.1.113719.1.14.100.1': ('2.16.840.1.113719.1.14.100.1', OID_EXTENSION, 'getDriverSetRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.2': ('2.16.840.1.113719.1.14.100.2', OID_EXTENSION, 'getDriverSetResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.3': ('2.16.840.1.113719.1.14.100.3', OID_EXTENSION, 'setDriverSetRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.4': ('2.16.840.1.113719.1.14.100.4', OID_EXTENSION, 'setDriverSetResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.5': ('2.16.840.1.113719.1.14.100.5', OID_EXTENSION, 'clearDriverSetRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.6': ('2.16.840.1.113719.1.14.100.6', OID_EXTENSION, 'clearDriverSetResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.7': ('2.16.840.1.113719.1.14.100.7', OID_EXTENSION, 'getDriverStartOptionRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.8': ('2.16.840.1.113719.1.14.100.8', OID_EXTENSION, 'getDriverStartOptionResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.9': ('2.16.840.1.113719.1.14.100.9', OID_EXTENSION, 'setDriverStartOptionRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.10': ('2.16.840.1.113719.1.14.100.10', OID_EXTENSION, 'setDriverStartOptionResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.11': ('2.16.840.1.113719.1.14.100.11', OID_EXTENSION, 'getVersionRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.12': ('2.16.840.1.113719.1.14.100.12', OID_EXTENSION, 'getVersionResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.13': ('2.16.840.1.113719.1.14.100.13', OID_EXTENSION, 'getDriverStateRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.14': ('2.16.840.1.113719.1.14.100.14', OID_EXTENSION, 'getDriverStateResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.15': ('2.16.840.1.113719.1.14.100.15', OID_EXTENSION, 'startDriverRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.16': ('2.16.840.1.113719.1.14.100.16', OID_EXTENSION, 'startDriverResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.17': ('2.16.840.1.113719.1.14.100.17', OID_EXTENSION, 'stopDriverRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.18': ('2.16.840.1.113719.1.14.100.18', OID_EXTENSION, 'stopDriverResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.19': ('2.16.840.1.113719.1.14.100.19', OID_EXTENSION, 'getDriverStatsRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.20': ('2.16.840.1.113719.1.14.100.20', OID_EXTENSION, 'getDriverStatsResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.21': ('2.16.840.1.113719.1.14.100.21', OID_EXTENSION, 'driverGetSchemaRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.22': ('2.16.840.1.113719.1.14.100.22', OID_EXTENSION, 'driverGetSchemaResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.23': ('2.16.840.1.113719.1.14.100.23', OID_EXTENSION, 'driverResyncRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.24': ('2.16.840.1.113719.1.14.100.24', OID_EXTENSION, 'driverResyncResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.25': ('2.16.840.1.113719.1.14.100.25', OID_EXTENSION, 'migrateAppRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.26': ('2.16.840.1.113719.1.14.100.26', OID_EXTENSION, 'migrateAppResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.27': ('2.16.840.1.113719.1.14.100.27', OID_EXTENSION, 'queueEventRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.28': ('2.16.840.1.113719.1.14.100.28', OID_EXTENSION, 'queueEventResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.29': ('2.16.840.1.113719.1.14.100.29', OID_EXTENSION, 'submitCommandRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.30': ('2.16.840.1.113719.1.14.100.30', OID_EXTENSION, 'submitCommandResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.31': ('2.16.840.1.113719.1.14.100.31', OID_EXTENSION, 'submitEventRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.32': ('2.16.840.1.113719.1.14.100.32', OID_EXTENSION, 'submitEventResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.33': ('2.16.840.1.113719.1.14.100.33', OID_EXTENSION, 'getChunkedResultRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.34': ('2.16.840.1.113719.1.14.100.34', OID_EXTENSION, 'getChunkedResultResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.35': ('2.16.840.1.113719.1.14.100.35', OID_EXTENSION, 'closeChunkedResultRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.36': ('2.16.840.1.113719.1.14.100.36', OID_EXTENSION, 'closeChunkedResultResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.37': ('2.16.840.1.113719.1.14.100.37', OID_EXTENSION, 'checkObjectPasswordRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.38': ('2.16.840.1.113719.1.14.100.38', OID_EXTENSION, 'checkObjectPasswordResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.39': ('2.16.840.1.113719.1.14.100.39', OID_EXTENSION, 'initDriverObjectRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.40': ('2.16.840.1.113719.1.14.100.40', OID_EXTENSION, 'initDriverObjectResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.41': ('2.16.840.1.113719.1.14.100.41', OID_EXTENSION, 'viewCacheEntriesRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.42': ('2.16.840.1.113719.1.14.100.42', OID_EXTENSION, 'viewCacheEntriesResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.43': ('2.16.840.1.113719.1.14.100.43', OID_EXTENSION, 'deleteCacheEntriesRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.44': ('2.16.840.1.113719.1.14.100.44', OID_EXTENSION, 'deleteCacheEntriesResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.45': ('2.16.840.1.113719.1.14.100.45', OID_EXTENSION, 'getPasswordsStateRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.46': ('2.16.840.1.113719.1.14.100.46', OID_EXTENSION, 'getPasswordsStateResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.47': ('2.16.840.1.113719.1.14.100.47', OID_EXTENSION, 'regenerateKeyRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.48': ('2.16.840.1.113719.1.14.100.48', OID_EXTENSION, 'regenerateKeyResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.49': ('2.16.840.1.113719.1.14.100.49', OID_EXTENSION, 'getServerCertRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.50': ('2.16.840.1.113719.1.14.100.50', OID_EXTENSION, 'getServerCertResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.51': ('2.16.840.1.113719.1.14.100.51', OID_EXTENSION, 'discoverJobsRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.52': ('2.16.840.1.113719.1.14.100.52', OID_EXTENSION, 'discoverJobsResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.53': ('2.16.840.1.113719.1.14.100.53', OID_EXTENSION, 'notifyJobUpdateRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.54': ('2.16.840.1.113719.1.14.100.54', OID_EXTENSION, 'notifyJobUpdateResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.55': ('2.16.840.1.113719.1.14.100.55', OID_EXTENSION, 'startJobRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.56': ('2.16.840.1.113719.1.14.100.56', OID_EXTENSION, 'startJobResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.57': ('2.16.840.1.113719.1.14.100.57', OID_EXTENSION, 'abortJobRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.58': ('2.16.840.1.113719.1.14.100.58', OID_EXTENSION, 'abortJobresponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.59': ('2.16.840.1.113719.1.14.100.59', OID_EXTENSION, 'getJobStateRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.60': ('2.16.840.1.113719.1.14.100.60', OID_EXTENSION, 'getJobStateResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.61': ('2.16.840.1.113719.1.14.100.61', OID_EXTENSION, 'checkJobConfigRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.62': ('2.16.840.1.113719.1.14.100.62', OID_EXTENSION, 'checkJobConfigResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.63': ('2.16.840.1.113719.1.14.100.63', OID_EXTENSION, 'setLogEventsRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.64': ('2.16.840.1.113719.1.14.100.64', OID_EXTENSION, 'setLogEventsResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.65': ('2.16.840.1.113719.1.14.100.65', OID_EXTENSION, 'clearLogEventsRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.66': ('2.16.840.1.113719.1.14.100.66', OID_EXTENSION, 'clearLogEventsResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.67': ('2.16.840.1.113719.1.14.100.67', OID_EXTENSION, 'setAppPasswordRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.68': ('2.16.840.1.113719.1.14.100.68', OID_EXTENSION, 'setAppPasswordResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.69': ('2.16.840.1.113719.1.14.100.69', OID_EXTENSION, 'clearAppPasswordRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.70': ('2.16.840.1.113719.1.14.100.70', OID_EXTENSION, 'clearAppPasswordResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.71': ('2.16.840.1.113719.1.14.100.71', OID_EXTENSION, 'setRemoteLoaderPasswordRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.72': ('2.16.840.1.113719.1.14.100.72', OID_EXTENSION, 'setRemoteLoaderPasswordResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.73': ('2.16.840.1.113719.1.14.100.73', OID_EXTENSION, 'clearRemoteLoaderPasswordRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.74': ('2.16.840.1.113719.1.14.100.74', OID_EXTENSION, 'clearRemoteLoaderPasswordResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.75': ('2.16.840.1.113719.1.14.100.75', OID_EXTENSION, 'setNamedPasswordRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.76': ('2.16.840.1.113719.1.14.100.76', OID_EXTENSION, 'setNamedPasswordResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.77': ('2.16.840.1.113719.1.14.100.77', OID_EXTENSION, 'removeNamedPasswordRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.78': ('2.16.840.1.113719.1.14.100.78', OID_EXTENSION, 'removeNamedPasswordResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.79': ('2.16.840.1.113719.1.14.100.79', OID_EXTENSION, 'removeAllNamedPasswordsRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.80': ('2.16.840.1.113719.1.14.100.80', OID_EXTENSION, 'removeAllNamedPasswordsResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.81': ('2.16.840.1.113719.1.14.100.81', OID_EXTENSION, 'listNamedPasswordsRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.82': ('2.16.840.1.113719.1.14.100.82', OID_EXTENSION, 'listNamedPasswordsResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.83': ('2.16.840.1.113719.1.14.100.83', OID_EXTENSION, 'getDefaultReciprocalAttrsMapRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.84': ('2.16.840.1.113719.1.14.100.84', OID_EXTENSION, 'getDefaultReciprocalAttrsMapResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.85': ('2.16.840.1.113719.1.14.100.85', OID_EXTENSION, 'resetDriverStatsRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.86': ('2.16.840.1.113719.1.14.100.86', OID_EXTENSION, 'resetDriverStatsResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.87': ('2.16.840.1.113719.1.14.100.87', OID_EXTENSION, 'regenerateAllKeysRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.88': ('2.16.840.1.113719.1.14.100.88', OID_EXTENSION, 'regenerateAllKeysResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.89': ('2.16.840.1.113719.1.14.100.89', OID_EXTENSION, 'getDriverGCVRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.90': ('2.16.840.1.113719.1.14.100.90', OID_EXTENSION, 'getDriverGCVResponse', 'NOVELL'), '2.16.840.1.113719.1.14.100.91': ('2.16.840.1.113719.1.14.100.91', OID_EXTENSION, 'getNamedPasswordRequest', 'NOVELL'), '2.16.840.1.113719.1.14.100.92': ('2.16.840.1.113719.1.14.100.92', OID_EXTENSION, 'getNamedPasswordResponse', 'NOVELL'), '2.16.840.1.113719.1.27.100.1': ('2.16.840.1.113719.1.27.100.1', OID_EXTENSION, 'ndsToLdapResponse', 'NOVELL'), '2.16.840.1.113719.1.27.100.2': ('2.16.840.1.113719.1.27.100.2', OID_EXTENSION, 'ndsToLdapRequest', 'NOVELL'), '2.16.840.1.113719.1.27.100.3': ('2.16.840.1.113719.1.27.100.3', OID_EXTENSION, 'splitPartitionRequest', 'NOVELL'), '2.16.840.1.113719.1.27.100.4': ('2.16.840.1.113719.1.27.100.4', OID_EXTENSION, 'splitPartitionResponse', 'NOVELL'), '2.16.840.1.113719.1.27.100.5': ('2.16.840.1.113719.1.27.100.5', OID_EXTENSION, 'mergePartitionRequest', 'NOVELL'), '2.16.840.1.113719.1.27.100.6': ('2.16.840.1.113719.1.27.100.6', OID_EXTENSION, 'mergePartitionResponse', 'NOVELL'), '2.16.840.1.113719.1.27.100.7': ('2.16.840.1.113719.1.27.100.7', OID_EXTENSION, 'addReplicaRequest', 'NOVELL'), '2.16.840.1.113719.1.27.100.8': ('2.16.840.1.113719.1.27.100.8', OID_EXTENSION, 'addReplicaResponse', 'NOVELL'), '2.16.840.1.113719.1.27.100.9': ('2.16.840.1.113719.1.27.100.9', OID_EXTENSION, 'refreshLDAPServerRequest', 'NOVELL'), '2.16.840.1.113719.1.27.100.10': ('2.16.840.1.113719.1.27.100.10', OID_EXTENSION, 'refreshLDAPServerResponse', 'NOVELL'), '2.16.840.1.113719.1.27.100.11': ('2.16.840.1.113719.1.27.100.11', OID_EXTENSION, 'removeReplicaRequest', 'NOVELL'), '2.16.840.1.113719.1.27.100.12': ('2.16.840.1.113719.1.27.100.12', OID_EXTENSION, 'removeReplicaResponse', 'NOVELL'), '2.16.840.1.113719.1.27.100.13': ('2.16.840.1.113719.1.27.100.13', OID_EXTENSION, 'partitionEntryCountRequest', 'NOVELL'), '2.16.840.1.113719.1.27.100.14': ('2.16.840.1.113719.1.27.100.14', OID_EXTENSION, 'partitionEntryCountResponse', 'NOVELL'), '2.16.840.1.113719.1.27.100.15': ('2.16.840.1.113719.1.27.100.15', OID_EXTENSION, 'changeReplicaTypeRequest', 'NOVELL'), '2.16.840.1.113719.1.27.100.16': ('2.16.840.1.113719.1.27.100.16', OID_EXTENSION, 'changeReplicaTypeResponse', 'NOVELL'), '2.16.840.1.113719.1.27.100.17': ('2.16.840.1.113719.1.27.100.17', OID_EXTENSION, 'getReplicaInfoRequest', 'NOVELL'), '2.16.840.1.113719.1.27.100.18': ('2.16.840.1.113719.1.27.100.18', OID_EXTENSION, 'getReplicaInfoResponse', 'NOVELL'), '2.16.840.1.113719.1.27.100.19': ('2.16.840.1.113719.1.27.100.19', OID_EXTENSION, 'listReplicaRequest', 'NOVELL'), '2.16.840.1.113719.1.27.100.20': ('2.16.840.1.113719.1.27.100.20', OID_EXTENSION, 'listReplicaResponse', 'NOVELL'), '2.16.840.1.113719.1.27.100.21': ('2.16.840.1.113719.1.27.100.21', OID_EXTENSION, 'receiveAllUpdatesRequest', 'NOVELL'), '2.16.840.1.113719.1.27.100.22': ('2.16.840.1.113719.1.27.100.22', OID_EXTENSION, 'receiveAllUpdatesResponse', 'NOVELL'), '2.16.840.1.113719.1.27.100.23': ('2.16.840.1.113719.1.27.100.23', OID_EXTENSION, 'sendAllUpdatesRequest', 'NOVELL'), '2.16.840.1.113719.1.27.100.24': ('2.16.840.1.113719.1.27.100.24', OID_EXTENSION, 'sendAllUpdatesResponse', 'NOVELL'), '2.16.840.1.113719.1.27.100.25': ('2.16.840.1.113719.1.27.100.25', OID_EXTENSION, 'requestPartitionSyncRequest', 'NOVELL'), '2.16.840.1.113719.1.27.100.26': ('2.16.840.1.113719.1.27.100.26', OID_EXTENSION, 'requestPartitionSyncResponse', 'NOVELL'), '2.16.840.1.113719.1.27.100.27': ('2.16.840.1.113719.1.27.100.27', OID_EXTENSION, 'requestSchemaSyncRequest', 'NOVELL'), '2.16.840.1.113719.1.27.100.28': ('2.16.840.1.113719.1.27.100.28', OID_EXTENSION, 'requestSchemaSyncResponse', 'NOVELL'), '2.16.840.1.113719.1.27.100.29': ('2.16.840.1.113719.1.27.100.29', OID_EXTENSION, 'abortPartitionOperationRequest', 'NOVELL'), '2.16.840.1.113719.1.27.100.30': ('2.16.840.1.113719.1.27.100.30', OID_EXTENSION, 'abortPartitionOperationResponse', 'NOVELL'), '2.16.840.1.113719.1.27.100.31': ('2.16.840.1.113719.1.27.100.31', OID_EXTENSION, 'getBindDNRequest', 'NOVELL'), '2.16.840.1.113719.1.27.100.32': ('2.16.840.1.113719.1.27.100.32', OID_EXTENSION, 'getBindDNResponse', 'NOVELL'), '2.16.840.1.113719.1.27.100.33': ('2.16.840.1.113719.1.27.100.33', OID_EXTENSION, 'getEffectivePrivilegesRequest', 'NOVELL'), '2.16.840.1.113719.1.27.100.34': ('2.16.840.1.113719.1.27.100.34', OID_EXTENSION, 'getEffectivePrivilegesResponse', 'NOVELL'), '2.16.840.1.113719.1.27.100.35': ('2.16.840.1.113719.1.27.100.35', OID_EXTENSION, 'setReplicationFilterRequest', 'NOVELL'), '2.16.840.1.113719.1.27.100.36': ('2.16.840.1.113719.1.27.100.36', OID_EXTENSION, 'setReplicationFilterResponse', 'NOVELL'), '2.16.840.1.113719.1.27.100.37': ('2.16.840.1.113719.1.27.100.37', OID_EXTENSION, 'getReplicationFilterRequest', 'NOVELL'), '2.16.840.1.113719.1.27.100.38': ('2.16.840.1.113719.1.27.100.38', OID_EXTENSION, 'getReplicationFilterResponse', 'NOVELL'), '2.16.840.1.113719.1.27.100.39': ('2.16.840.1.113719.1.27.100.39', OID_EXTENSION, 'splitOrphanPartitionRequest', 'NOVELL'), '2.16.840.1.113719.1.27.100.40': ('2.16.840.1.113719.1.27.100.40', OID_EXTENSION, 'splitOrphanPartitionResponse', 'NOVELL'), '2.16.840.1.113719.1.27.100.41': ('2.16.840.1.113719.1.27.100.41', OID_EXTENSION, 'removeOrphanPartitionRequest', 'NOVELL'), '2.16.840.1.113719.1.27.100.42': ('2.16.840.1.113719.1.27.100.42', OID_EXTENSION, 'removeOrphanPartitionResponse', 'NOVELL'), '2.16.840.1.113719.1.27.100.43': ('2.16.840.1.113719.1.27.100.43', OID_EXTENSION, 'triggerBKLinkerRequest', 'NOVELL'), '2.16.840.1.113719.1.27.100.44': ('2.16.840.1.113719.1.27.100.44', OID_EXTENSION, 'triggerBKLinkerResponse', 'NOVELL'), '2.16.840.1.113719.1.27.100.45': ('2.16.840.1.113719.1.27.100.45', OID_EXTENSION, 'triggerDRLProcessRequest', 'NOVELL'), '2.16.840.1.113719.1.27.100.46': ('2.16.840.1.113719.1.27.100.46', OID_EXTENSION, 'triggerDRLProcessResponse', 'NOVELL'), '2.16.840.1.113719.1.27.100.47': ('2.16.840.1.113719.1.27.100.47', OID_EXTENSION, 'triggerJanitorRequest', 'NOVELL'), '2.16.840.1.113719.1.27.100.48': ('2.16.840.1.113719.1.27.100.48', OID_EXTENSION, 'triggerJanitorResponse', 'NOVELL'), '2.16.840.1.113719.1.27.100.49': ('2.16.840.1.113719.1.27.100.49', OID_EXTENSION, 'triggerLimberRequest', 'NOVELL'), '2.16.840.1.113719.1.27.100.50': ('2.16.840.1.113719.1.27.100.50', OID_EXTENSION, 'triggerLimberResponse', 'NOVELL'), '2.16.840.1.113719.1.27.100.51': ('2.16.840.1.113719.1.27.100.51', OID_EXTENSION, 'triggerSkulkerRequest', 'NOVELL'), '2.16.840.1.113719.1.27.100.52': ('2.16.840.1.113719.1.27.100.52', OID_EXTENSION, 'triggerSkulkerResponse', 'NOVELL'), '2.16.840.1.113719.1.27.100.53': ('2.16.840.1.113719.1.27.100.53', OID_EXTENSION, 'triggerSchemaSyncRequest', 'NOVELL'), '2.16.840.1.113719.1.27.100.54': ('2.16.840.1.113719.1.27.100.54', OID_EXTENSION, 'triggerSchemaSyncResponse', 'NOVELL'), '2.16.840.1.113719.1.27.100.55': ('2.16.840.1.113719.1.27.100.55', OID_EXTENSION, 'triggerPartitionPurgeRequest', 'NOVELL'), '2.16.840.1.113719.1.27.100.56': ('2.16.840.1.113719.1.27.100.56', OID_EXTENSION, 'triggerPartitionPurgeResponse', 'NOVELL'), '2.16.840.1.113719.1.27.100.79': ('2.16.840.1.113719.1.27.100.79', OID_EXTENSION, 'eventMonitorRequest', 'NOVELL'), '2.16.840.1.113719.1.27.100.80': ('2.16.840.1.113719.1.27.100.80', OID_EXTENSION, 'eventMonitorResponse', 'NOVELL'), '2.16.840.1.113719.1.27.100.81': ('2.16.840.1.113719.1.27.100.81', OID_EXTENSION, 'nldapEventNotification', 'NOVELL'), '2.16.840.1.113719.1.27.100.84': ('2.16.840.1.113719.1.27.100.84', OID_EXTENSION, 'filteredEventMonitorRequest', 'NOVELL'), '2.16.840.1.113719.1.27.100.85': ('2.16.840.1.113719.1.27.100.85', OID_EXTENSION, 'filteredEventMonitorResponse', 'NOVELL'), '2.16.840.1.113719.1.27.100.96': ('2.16.840.1.113719.1.27.100.96', OID_EXTENSION, 'ldapBackupRequest', 'NOVELL'), '2.16.840.1.113719.1.27.100.97': ('2.16.840.1.113719.1.27.100.97', OID_EXTENSION, 'ldapBackupResponse', 'NOVELL'), '2.16.840.1.113719.1.27.100.98': ('2.16.840.1.113719.1.27.100.98', OID_EXTENSION, 'ldapRestoreRequest', 'NOVELL'), '2.16.840.1.113719.1.27.100.99': ('2.16.840.1.113719.1.27.100.99', OID_EXTENSION, 'ldapRestoreResponse', 'NOVELL'), '2.16.840.1.113719.1.27.100.101': ('2.16.840.1.113719.1.27.100.101', OID_EXTENSION, 'LDAPDNStoX500DNRequest', 'NOVELL'), '2.16.840.1.113719.1.27.100.102': ('2.16.840.1.113719.1.27.100.102', OID_EXTENSION, 'LDAPDNStoX500DNResponse', 'NOVELL'), '2.16.840.1.113719.1.27.100.103': ('2.16.840.1.113719.1.27.100.103', OID_EXTENSION, 'getPrivilegesListRequest', 'NOVELL'), '2.16.840.1.113719.1.27.100.104': ('2.16.840.1.113719.1.27.100.104', OID_EXTENSION, 'getPrivilegesListResponse', 'NOVELL'), '2.16.840.1.113719.1.27.103.1': ('2.16.840.1.113719.1.27.103.1', OID_EXTENSION, 'createGroupingRequest', 'NOVELL'), '2.16.840.1.113719.1.27.103.2': ('2.16.840.1.113719.1.27.103.2', OID_EXTENSION, 'endGroupingRequest', 'NOVELL'), '2.16.840.1.113719.1.39.42.100.1': ('2.16.840.1.113719.1.39.42.100.1', OID_EXTENSION, 'NMAS Put Login Configuration', 'NOVELL'), '2.16.840.1.113719.1.39.42.100.3': ('2.16.840.1.113719.1.39.42.100.3', OID_EXTENSION, 'NMAS Get Login Configuration', 'NOVELL'), '2.16.840.1.113719.1.39.42.100.5': ('2.16.840.1.113719.1.39.42.100.5', OID_EXTENSION, 'NMAS Delete Login Configuration', 'NOVELL'), '2.16.840.1.113719.1.39.42.100.7': ('2.16.840.1.113719.1.49.42.100.7', OID_EXTENSION, 'NMAS Put Login Secret', 'NOVELL'), '2.16.840.1.113719.1.39.42.100.9': ('2.16.840.1.113719.1.39.42.100.9', OID_EXTENSION, 'NMAS Delete Login Secret', 'NOVELL'), '2.16.840.1.113719.1.39.42.100.11': ('2.16.840.1.113719.1.39.42.100.11', OID_EXTENSION, 'NMAS Set Universal Password Request', 'NOVELL'), '2.16.840.1.113719.1.39.42.100.12': ('2.16.840.1.113719.1.39.42.100.12', OID_EXTENSION, 'NMAS Set Universal Password Response', 'NOVELL'), '2.16.840.1.113719.1.39.42.100.13': ('2.16.840.1.113719.1.39.42.100.13', OID_EXTENSION, 'NMAS Get Universal Password Request', 'NOVELL'), '2.16.840.1.113719.1.39.42.100.14': ('2.16.840.1.113719.1.39.42.100.14', OID_EXTENSION, 'NMAS Get Universal Password Response', 'NOVELL'), '2.16.840.1.113719.1.39.42.100.15': ('2.16.840.1.113719.1.39.42.100.15', OID_EXTENSION, 'NMAS Delete Universal Password', 'NOVELL'), '2.16.840.1.113719.1.39.42.100.17': ('2.16.840.1.113719.1.39.42.100.17', OID_EXTENSION, 'NMAS Check password against password policy', 'NOVELL'), '2.16.840.1.113719.1.39.42.100.19': ('2.16.840.1.113719.1.39.42.100.19', OID_EXTENSION, 'NMAS Get password policy information', 'NOVELL'), '2.16.840.1.113719.1.39.42.100.21': ('2.16.840.1.113719.1.39.42.100.21', OID_EXTENSION, 'NMAS Change Universal Password', 'NOVELL'), '2.16.840.1.113719.1.39.42.100.23': ('2.16.840.1.113719.1.39.42.100.23', OID_EXTENSION, 'NMAS Graded Authentication management', 'NOVELL'), '2.16.840.1.113719.1.39.42.100.25': ('2.16.840.1.113719.1.39.42.100.25', OID_EXTENSION, 'NMAS management (new with NMAS 3.1.0)', 'NOVELL'), '2.16.840.1.113719.1.142.1.4.1': ('2.16.840.1.113719.1.142.1.4.1', OID_EXTENSION, 'LBURPIncUpdate', 'NOVELL'), '2.16.840.1.113719.1.142.1.4.2': ('2.16.840.1.113719.1.142.1.4.2', OID_EXTENSION, 'LBURPFullUpdate', 'NOVELL'), '2.16.840.1.113719.1.142.100.1': ('2.16.840.1.113719.1.142.100.1', OID_EXTENSION, 'LBURPStartReplRequest', 'NOVELL'), '2.16.840.1.113719.1.142.100.2': ('2.16.840.1.113719.1.142.100.2', OID_EXTENSION, 'LBURPStartReplResponse', 'NOVELL'), '2.16.840.1.113719.1.142.100.4': ('2.16.840.1.113719.1.142.100.4', OID_EXTENSION, 'LBURPEndReplRequest', 'NOVELL'), '2.16.840.1.113719.1.142.100.5': ('2.16.840.1.113719.1.142.100.5', OID_EXTENSION, 'LBURPEndReplResponse', 'NOVELL'), '2.16.840.1.113719.1.142.100.6': ('2.16.840.1.113719.1.142.100.6', OID_EXTENSION, 'LBURPOperationRequest', 'NOVELL'), '2.16.840.1.113719.1.142.100.7': ('2.16.840.1.113719.1.142.100.7', OID_EXTENSION, 'LBURPOperationResponse', 'NOVELL'), '2.16.840.1.113719.1.148.100.1': ('2.16.840.1.113719.1.148.100.1', OID_EXTENSION, 'SSLDAP_GET_SERVICE_INFO_REQUEST', 'NOVELL'), '2.16.840.1.113719.1.148.100.2': ('2.16.840.1.113719.1.148.100.2', OID_EXTENSION, 'SSLDAP_GET_SERVICE_INFO_REPLY', 'NOVELL'), '2.16.840.1.113719.1.148.100.3': ('2.16.840.1.113719.1.148.100.3', OID_EXTENSION, 'SSLDAP_READ_SECRET_REQUEST', 'NOVELL'), '2.16.840.1.113719.1.148.100.4': ('2.16.840.1.113719.1.148.100.4', OID_EXTENSION, 'SSLDAP_READ_SECRET_REPLY', 'NOVELL'), '2.16.840.1.113719.1.148.100.5': ('2.16.840.1.113719.1.148.100.5', OID_EXTENSION, 'SSLDAP_WRITE_SECRET_REQUEST', 'NOVELL'), '2.16.840.1.113719.1.148.100.6': ('2.16.840.1.113719.1.148.100.6', OID_EXTENSION, 'SSLDAP_WRITE_SECRET_REPLY', 'NOVELL'), '2.16.840.1.113719.1.148.100.7': ('2.16.840.1.113719.1.148.100.7', OID_EXTENSION, 'SSLDAP_ADD_SECRET_ID_REQUEST', 'NOVELL'), '2.16.840.1.113719.1.148.100.8': ('2.16.840.1.113719.1.148.100.8', OID_EXTENSION, 'SSLDAP_ADD_SECRET_ID_REPLY', 'NOVELL'), '2.16.840.1.113719.1.148.100.9': ('2.16.840.1.113719.1.148.100.9', OID_EXTENSION, 'SSLDAP_REMOVE_SECRET_REQUEST', 'NOVELL'), '2.16.840.1.113719.1.148.100.10': ('2.16.840.1.113719.1.148.100.10', OID_EXTENSION, 'SSLDAP_REMOVE_SECRET_REPLY', 'NOVELL'), '2.16.840.1.113719.1.148.100.11': ('2.16.840.1.113719.1.148.100.11', OID_EXTENSION, 'SSLDAP_REMOVE_SECRET_STORE_REQUEST', 'NOVELL'), '2.16.840.1.113719.1.148.100.12': ('2.16.840.1.113719.1.148.100.12', OID_EXTENSION, 'SSLDAP_REMOVE_SECRET_STORE_REPLY', 'NOVELL'), '2.16.840.1.113719.1.148.100.13': ('2.16.840.1.113719.1.148.100.13', OID_EXTENSION, 'SSLDAP_ENUMERATE_SECRET_IDS_REQUEST', 'NOVELL'), '2.16.840.1.113719.1.148.100.14': ('2.16.840.1.113719.1.148.100.14', OID_EXTENSION, 'SSLDAP_ENUMERATE_SECRET_IDS_REPLY', 'NOVELL'), '2.16.840.1.113719.1.148.100.15': ('2.16.840.1.113719.1.148.100.15', OID_EXTENSION, 'SSLDAP_UNLOCK_SECRETS_REQUEST', 'NOVELL'), '2.16.840.1.113719.1.148.100.16': ('2.16.840.1.113719.1.148.100.16', OID_EXTENSION, 'SSLDAP_UNLOCK_SECRETS_REPLY', 'NOVELL'), '2.16.840.1.113719.1.148.100.17': ('2.16.840.1.113719.1.148.100.17', OID_EXTENSION, 'SSLDAP_SET_EP_MASTER_PASSWORD_REQUEST', 'NOVELL'), '2.16.840.1.113719.1.148.100.18': ('2.16.840.1.113719.1.148.100.18', OID_EXTENSION, 'SSLDAP_SET_EP_MASTER_PASSWORD_REPLY', 'NOVELL'), '2.16.840.1.113730.3.5.1': ('2.16.840.1.113730.3.5.1', OID_EXTENSION, 'Transaction Request Extended Operation', 'Netscape'), '2.16.840.1.113730.3.5.2': ('2.16.840.1.113730.3.5.2', OID_EXTENSION, 'Transaction Response Extended Operation', 'Netscape'), '2.16.840.1.113730.3.5.3': ('2.16.840.1.113730.3.5.3', OID_EXTENSION, 'Transaction Response Extended Operation', 'Netscape'), '2.16.840.1.113730.3.5.4': ('2.16.840.1.113730.3.5.4', OID_EXTENSION, 'iPlanet Replication Response Extended Operation', 'Netscape'), '2.16.840.1.113730.3.5.5': ('2.16.840.1.113730.3.5.5', OID_EXTENSION, 'iPlanet End Replication Request Extended Operation', 'Netscape'), '2.16.840.1.113730.3.5.6': ('2.16.840.1.113730.3.5.6', OID_EXTENSION, 'iPlanet Replication Entry Request Extended Operation', 'Netscape'), '2.16.840.1.113730.3.5.7': ('2.16.840.1.113730.3.5.7', OID_EXTENSION, 'iPlanet Bulk Import Start Extended Operation', 'Netscape'), '2.16.840.1.113730.3.5.8': ('2.16.840.1.113730.3.5.8', OID_EXTENSION, 'iPlanet Bulk Import Finished Extended Operation', 'Netscape'), '2.16.840.1.113730.3.5.9': ('2.16.840.1.113730.3.5.9', OID_EXTENSION, 'iPlanet Digest Authentication Calculation Extended Operation', 'Netscape'), '2.16.840.1.113730.3.5.10': ('2.16.840.1.113730.3.5.10', OID_EXTENSION, 'Distributed Numeric Assignment Extended Request', 'Netscape'), '2.16.840.1.113730.3.5.11': ('2.16.840.1.113730.3.5.11', OID_EXTENSION, 'Distributed Numeric Assignment Extended Response', 'Netscape'), '2.16.840.1.113730.3.5.12': ('2.16.840.1.113730.3.5.12', OID_EXTENSION, 'Start replication request', 'Netscape'), '2.16.840.1.113730.3.5.13': ('2.16.840.1.113730.3.5.13', OID_EXTENSION, 'Start replication response', 'Netscape'), '2.16.840.1.113730.3.6.5': ('2.16.840.1.113730.3.6.5', OID_EXTENSION, 'Replication CleanAllRUV', 'Netscape'), '2.16.840.1.113730.3.6.6': ('2.16.840.1.113730.3.6.6', OID_EXTENSION, 'Replication Abort CleanAllRUV', 'Netscape'), '2.16.840.1.113730.3.6.7': ('2.16.840.1.113730.3.6.7', OID_EXTENSION, 'Replication CleanAllRUV Retrieve MaxCSN', 'Netscape'), '2.16.840.1.113730.3.6.8': ('2.16.840.1.113730.3.6.8', OID_EXTENSION, 'Replication CleanAllRUV Check Status', 'Netscape'), '2.16.840.1.113730.3.8.10.1': ('2.16.840.1.113730.3.8.10.1', OID_EXTENSION, 'KeyTab set', 'FreeIPA'), '2.16.840.1.113730.3.8.10.2': ('2.16.840.1.113730.3.8.10.2', OID_EXTENSION, 'KeyTab ret', 'FreeIPA'), '2.16.840.1.113730.3.8.10.3': ('2.16.840.1.113730.3.8.10.3', OID_EXTENSION, 'Enrollment join', 'FreeIPA'), '2.16.840.1.113730.3.8.10.5': ('2.16.840.1.113730.3.8.10.5', OID_EXTENSION, 'KeyTab get', 'FreeIPA'), # features (capabilities) '1.2.840.113556.1.4.800': ('1.2.840.113556.1.4.800', OID_FEATURE, 'Active directory', 'MICROSOFT'), '1.2.840.113556.1.4.1670': ('1.2.840.113556.1.4.1670', OID_FEATURE, 'Active directory V51', 'MICROSOFT'), '1.2.840.113556.1.4.1791': ('1.2.840.113556.1.4.1791', OID_FEATURE, 'Active directory LDAP Integration', 'MICROSOFT'), '1.2.840.113556.1.4.1880': ('1.2.840.113556.1.4.1880', OID_FEATURE, 'Active directory ADAM digest', 'MICROSOFT'), '1.2.840.113556.1.4.1851': ('1.2.840.113556.1.4.1851', OID_FEATURE, 'Active directory ADAM', 'MICROSOFT'), '1.2.840.113556.1.4.1920': ('1.2.840.113556.1.4.1920', OID_FEATURE, 'Active directory partial secrets', 'MICROSOFT'), '1.2.840.113556.1.4.1935': ('1.2.840.113556.1.4.1935', OID_FEATURE, 'Active directory V60', 'MICROSOFT'), '1.2.840.113556.1.4.2080': ('1.2.840.113556.1.4.2080', OID_FEATURE, 'Active directory V61 R2', 'MICROSOFT'), '1.2.840.113556.1.4.2237': ('1.2.840.113556.1.4.2237', OID_FEATURE, 'Active directory W8', 'MICROSOFT'), '1.3.6.1.1.14': ('1.3.6.1.1.14', OID_FEATURE, 'Modify-Increment', 'RFC4525'), '1.3.6.1.1.17.7': ('1.3.6.1.1.17.7', OID_FEATURE, 'LBURP Incremental Update style OID', 'RFC4373'), '1.3.6.1.4.1.4203.1.5.1': ('1.3.6.1.4.1.4203.1.5.1', OID_FEATURE, 'All Op Attrs', 'RFC3673'), '1.3.6.1.4.1.4203.1.5.2': ('1.3.6.1.4.1.4203.1.5.2', OID_FEATURE, 'OC AD Lists', 'RFC4529'), '1.3.6.1.4.1.4203.1.5.3': ('1.3.6.1.4.1.4203.1.5.3', OID_FEATURE, 'True/False filters', 'RFC4526'), '1.3.6.1.4.1.4203.1.5.4': ('1.3.6.1.4.1.4203.1.5.4', OID_FEATURE, 'Language Tag Options', 'RFC3866'), '1.3.6.1.4.1.4203.1.5.5': ('1.3.6.1.4.1.4203.1.5.5', OID_FEATURE, 'language Range Options', 'RFC3866'), '2.16.840.1.113719.1.27.99.1': ('2.16.840.1.113719.1.27.99.1', OID_FEATURE, 'Superior References', 'NOVELL'), # ldap syntaxes '1.2.840.113556.1.4.903': ('1.2.840.113556.1.4.903', OID_LDAP_SYNTAX, 'Object (DN-binary)', 'MICROSOFT'), '1.2.840.113556.1.4.904': ('1.2.840.113556.1.4.904', OID_LDAP_SYNTAX, 'Object(DN-string)', 'MICROSOFT'), '1.2.840.113556.1.4.905': ('1.2.840.113556.1.4.905', OID_LDAP_SYNTAX, 'String (Teletex)', 'MICROSOFT'), '1.2.840.113556.1.4.906': ('1.2.840.113556.1.4.906', OID_LDAP_SYNTAX, 'Large Integer', 'MICROSOFT'), '1.2.840.113556.1.4.907': ('1.2.840.113556.1.4.907', OID_LDAP_SYNTAX, 'String (NT-Sec-Desc)', 'MICROSOFT'), '1.2.840.113556.1.4.1221': ('1.2.840.113556.1.4.1221', OID_LDAP_SYNTAX, 'Object (OR-Name)', 'MICROSOFT'), '1.2.840.113556.1.4.1362': ('1.2.840.113556.1.4.1362', OID_LDAP_SYNTAX, 'String (Case)', 'MICROSOFT'), '1.3.6.1.1.16.1': ('1.3.6.1.1.16.1', OID_LDAP_SYNTAX, 'Universally Unique Identifier (UUID)', 'RFC4530'), '1.3.6.1.4.1.1466.115.121.1.1': ('1.3.6.1.4.1.1466.115.121.1.1', OID_LDAP_SYNTAX, 'ACI item [OBSOLETE]', 'RFC2252'), '1.3.6.1.4.1.1466.115.121.1.2': ('1.3.6.1.4.1.1466.115.121.1.2', OID_LDAP_SYNTAX, 'Access point [OBSOLETE]', 'RFC2252'), '1.3.6.1.4.1.1466.115.121.1.3': ('1.3.6.1.4.1.1466.115.121.1.3', OID_LDAP_SYNTAX, 'Attribute Type Description', 'RFC4517'), '1.3.6.1.4.1.1466.115.121.1.4': ('1.3.6.1.4.1.1466.115.121.1.4', OID_LDAP_SYNTAX, 'Audio [OBSOLETE]', 'RFC2252'), '1.3.6.1.4.1.1466.115.121.1.5': ('1.3.6.1.4.1.1466.115.121.1.5', OID_LDAP_SYNTAX, 'Binary [OBSOLETE]', 'RFC2252'), '1.3.6.1.4.1.1466.115.121.1.6': ('1.3.6.1.4.1.1466.115.121.1.6', OID_LDAP_SYNTAX, 'Bit String', 'RFC4517'), '1.3.6.1.4.1.1466.115.121.1.7': ('1.3.6.1.4.1.1466.115.121.1.7', OID_LDAP_SYNTAX, 'Boolean', 'RFC4517'), '1.3.6.1.4.1.1466.115.121.1.8': ('1.3.6.1.4.1.1466.115.121.1.8', OID_LDAP_SYNTAX, 'Certificate [OBSOLETE]', 'RFC2252'), '1.3.6.1.4.1.1466.115.121.1.9': ('1.3.6.1.4.1.1466.115.121.1.9', OID_LDAP_SYNTAX, 'Certificate List [OBSOLETE]', 'RFC2252'), '1.3.6.1.4.1.1466.115.121.1.10': ('1.3.6.1.4.1.1466.115.121.1.10', OID_LDAP_SYNTAX, 'Certificate Pair [OBSOLETE]', 'RFC2252'), '1.3.6.1.4.1.1466.115.121.1.11': ('1.3.6.1.4.1.1466.115.121.1.11', OID_LDAP_SYNTAX, 'Country String', 'RFC4517'), '1.3.6.1.4.1.1466.115.121.1.12': ('1.3.6.1.4.1.1466.115.121.1.12', OID_LDAP_SYNTAX, 'DN', 'RFC4517'), '1.3.6.1.4.1.1466.115.121.1.13': ('1.3.6.1.4.1.1466.115.121.1.13', OID_LDAP_SYNTAX, 'Data Quality Syntax [OBSOLETE]', 'RFC2252'), '1.3.6.1.4.1.1466.115.121.1.14': ('1.3.6.1.4.1.1466.115.121.1.14', OID_LDAP_SYNTAX, 'Delivery Method', 'RFC4517'), '1.3.6.1.4.1.1466.115.121.1.15': ('1.3.6.1.4.1.1466.115.121.1.15', OID_LDAP_SYNTAX, 'Directory String', 'RFC4517'), '1.3.6.1.4.1.1466.115.121.1.16': ('1.3.6.1.4.1.1466.115.121.1.16', OID_LDAP_SYNTAX, 'DIT Content Rule Description', 'RFC4517'), '1.3.6.1.4.1.1466.115.121.1.17': ('1.3.6.1.4.1.1466.115.121.1.17', OID_LDAP_SYNTAX, 'DIT Structure Rule Description', 'RFC4517'), '1.3.6.1.4.1.1466.115.121.1.18': ('1.3.6.1.4.1.1466.115.121.1.18', OID_LDAP_SYNTAX, 'DL Submit Permission [OBSOLETE]', 'RFC2252'), '1.3.6.1.4.1.1466.115.121.1.19': ('1.3.6.1.4.1.1466.115.121.1.19', OID_LDAP_SYNTAX, 'DSA Quality Syntax [OBSOLETE]', 'RFC2252'), '1.3.6.1.4.1.1466.115.121.1.20': ('1.3.6.1.4.1.1466.115.121.1.20', OID_LDAP_SYNTAX, 'DSE Type [OBSOLETE]', 'RFC2252'), '1.3.6.1.4.1.1466.115.121.1.21': ('1.3.6.1.4.1.1466.115.121.1.21', OID_LDAP_SYNTAX, 'Enhanced Guide', 'RFC4517'), '1.3.6.1.4.1.1466.115.121.1.22': ('1.3.6.1.4.1.1466.115.121.1.22', OID_LDAP_SYNTAX, 'Facsimile Telephone Number', 'RFC4517'), '1.3.6.1.4.1.1466.115.121.1.23': ('1.3.6.1.4.1.1466.115.121.1.23', OID_LDAP_SYNTAX, 'Fax', 'RFC4517'), '1.3.6.1.4.1.1466.115.121.1.24': ('1.3.6.1.4.1.1466.115.121.1.24', OID_LDAP_SYNTAX, 'Generalized Time', 'RFC4517'), '1.3.6.1.4.1.1466.115.121.1.25': ('1.3.6.1.4.1.1466.115.121.1.25', OID_LDAP_SYNTAX, 'Guide [OBSOLETE]', 'RFC4517'), '1.3.6.1.4.1.1466.115.121.1.26': ('1.3.6.1.4.1.1466.115.121.1.26', OID_LDAP_SYNTAX, 'IA5 String', 'RFC4517'), '1.3.6.1.4.1.1466.115.121.1.27': ('1.3.6.1.4.1.1466.115.121.1.27', OID_LDAP_SYNTAX, 'Integer', 'RFC4517'), '1.3.6.1.4.1.1466.115.121.1.28': ('1.3.6.1.4.1.1466.115.121.1.28', OID_LDAP_SYNTAX, 'JPEG', 'RFC4517'), '1.3.6.1.4.1.1466.115.121.1.29': ('1.3.6.1.4.1.1466.115.121.1.29', OID_LDAP_SYNTAX, 'Master and Shadow Access Points [OBSOLETE]', 'RFC2252'), '1.3.6.1.4.1.1466.115.121.1.30': ('1.3.6.1.4.1.1466.115.121.1.30', OID_LDAP_SYNTAX, 'Matching Rule Description', 'RFC4517'), '1.3.6.1.4.1.1466.115.121.1.31': ('1.3.6.1.4.1.1466.115.121.1.31', OID_LDAP_SYNTAX, 'Matching Rule Use Description', 'RFC4517'), '1.3.6.1.4.1.1466.115.121.1.32': ('1.3.6.1.4.1.1466.115.121.1.32', OID_LDAP_SYNTAX, 'Mail Preference [OBSOLETE]', 'RFC2252'), '1.3.6.1.4.1.1466.115.121.1.33': ('1.3.6.1.4.1.1466.115.121.1.33', OID_LDAP_SYNTAX, 'MHS OR Address [OBSOLETE]', 'RFC2252'), '1.3.6.1.4.1.1466.115.121.1.34': ('1.3.6.1.4.1.1466.115.121.1.34', OID_LDAP_SYNTAX, 'Name And Optional UID', 'RFC4517'), '1.3.6.1.4.1.1466.115.121.1.35': ('1.3.6.1.4.1.1466.115.121.1.35', OID_LDAP_SYNTAX, 'Name Form Description', 'RFC4517'), '1.3.6.1.4.1.1466.115.121.1.36': ('1.3.6.1.4.1.1466.115.121.1.36', OID_LDAP_SYNTAX, 'Numeric String', 'RFC4517'), '1.3.6.1.4.1.1466.115.121.1.37': ('1.3.6.1.4.1.1466.115.121.1.37', OID_LDAP_SYNTAX, 'Object Class Description', 'RFC4517'), '1.3.6.1.4.1.1466.115.121.1.38': ('1.3.6.1.4.1.1466.115.121.1.38', OID_LDAP_SYNTAX, 'OID', 'RFC4517'), '1.3.6.1.4.1.1466.115.121.1.39': ('1.3.6.1.4.1.1466.115.121.1.39', OID_LDAP_SYNTAX, 'Other Mailbox', 'RFC4517'), '1.3.6.1.4.1.1466.115.121.1.40': ('1.3.6.1.4.1.1466.115.121.1.40', OID_LDAP_SYNTAX, 'Octet String', 'RFC4517'), '1.3.6.1.4.1.1466.115.121.1.41': ('1.3.6.1.4.1.1466.115.121.1.41', OID_LDAP_SYNTAX, 'Postal Address', 'RFC4517'), '1.3.6.1.4.1.1466.115.121.1.42': ('1.3.6.1.4.1.1466.115.121.1.42', OID_LDAP_SYNTAX, 'Protocol Information [OBSOLETE]', 'RFC2252'), '1.3.6.1.4.1.1466.115.121.1.43': ('1.3.6.1.4.1.1466.115.121.1.43', OID_LDAP_SYNTAX, 'Presentation Address [OBSOLETE]', 'RFC2252'), '1.3.6.1.4.1.1466.115.121.1.44': ('1.3.6.1.4.1.1466.115.121.1.44', OID_LDAP_SYNTAX, 'Printable String', 'RFC4517'), '1.3.6.1.4.1.1466.115.121.1.45': ('1.3.6.1.4.1.1466.115.121.1.45', OID_LDAP_SYNTAX, 'Subtree specification [OBSOLETE]', 'RFC2252'), '1.3.6.1.4.1.1466.115.121.1.46': ('1.3.6.1.4.1.1466.115.121.1.46', OID_LDAP_SYNTAX, 'Supplier Information [OBSOLETE]', 'RFC2252'), '1.3.6.1.4.1.1466.115.121.1.47': ('1.3.6.1.4.1.1466.115.121.1.47', OID_LDAP_SYNTAX, 'Supplier Or Consumer [OBSOLETE]', 'RFC2252'), '1.3.6.1.4.1.1466.115.121.1.48': ('1.3.6.1.4.1.1466.115.121.1.48', OID_LDAP_SYNTAX, 'Supplier And Consumer [OBSOLETE]', 'RFC2252'), '1.3.6.1.4.1.1466.115.121.1.49': ('1.3.6.1.4.1.1466.115.121.1.49', OID_LDAP_SYNTAX, 'Supported Algorithm [OBSOLETE]', 'RFC2252'), '1.3.6.1.4.1.1466.115.121.1.50': ('1.3.6.1.4.1.1466.115.121.1.50', OID_LDAP_SYNTAX, 'Telephone Number', 'RFC4517'), '1.3.6.1.4.1.1466.115.121.1.51': ('1.3.6.1.4.1.1466.115.121.1.51', OID_LDAP_SYNTAX, 'Teletex Terminal Identifier', 'RFC4517'), '1.3.6.1.4.1.1466.115.121.1.52': ('1.3.6.1.4.1.1466.115.121.1.52', OID_LDAP_SYNTAX, 'Telex Number', 'RFC4517'), '1.3.6.1.4.1.1466.115.121.1.53': ('1.3.6.1.4.1.1466.115.121.1.53', OID_LDAP_SYNTAX, 'UTC Time [DEPRECATED]', 'RFC4517'), '1.3.6.1.4.1.1466.115.121.1.54': ('1.3.6.1.4.1.1466.115.121.1.54', OID_LDAP_SYNTAX, 'LDAP Syntax Description', 'RFC4517'), '1.3.6.1.4.1.1466.115.121.1.55': ('1.3.6.1.4.1.1466.115.121.1.55', OID_LDAP_SYNTAX, 'Modify rights [OBSOLETE]', 'RFC2252'), '1.3.6.1.4.1.1466.115.121.1.56': ('1.3.6.1.4.1.1466.115.121.1.56', OID_LDAP_SYNTAX, 'LDAP Schema Definition [OBSOLETE]', 'RFC2252'), '1.3.6.1.4.1.1466.115.121.1.57': ('1.3.6.1.4.1.1466.115.121.1.57', OID_LDAP_SYNTAX, 'LDAP Schema Description [OBSOLETE]', 'RFC2252'), '1.3.6.1.4.1.1466.115.121.1.58': ('1.3.6.1.4.1.1466.115.121.1.58', OID_LDAP_SYNTAX, 'Substring Assertion', 'RFC4517'), '2.16.840.1.113719.1.1.5.1.0': ('2.16.840.1.113719.1.1.5.1.0', OID_LDAP_SYNTAX, 'Unknown', 'NOVELL'), '2.16.840.1.113719.1.1.5.1.6': ('2.16.840.1.113719.1.1.5.1.6', OID_LDAP_SYNTAX, 'Case Ignore List', 'NOVELL'), '2.16.840.1.113719.1.1.5.1.12': ('2.16.840.1.113719.1.1.5.1.12', OID_LDAP_SYNTAX, 'Tagged Data', 'NOVELL'), '2.16.840.1.113719.1.1.5.1.13': ('2.16.840.1.113719.1.1.5.1.13', OID_LDAP_SYNTAX, 'Octet List', 'NOVELL'), '2.16.840.1.113719.1.1.5.1.14': ('2.16.840.1.113719.1.1.5.1.14', OID_LDAP_SYNTAX, 'Tagged String', 'NOVELL'), '2.16.840.1.113719.1.1.5.1.15': ('2.16.840.1.113719.1.1.5.1.15', OID_LDAP_SYNTAX, 'Tagged Name And String', 'NOVELL'), '2.16.840.1.113719.1.1.5.1.16': ('2.16.840.1.113719.1.1.5.1.16', OID_LDAP_SYNTAX, 'NDS Replica Pointer', 'NOVELL'), '2.16.840.1.113719.1.1.5.1.17': ('2.16.840.1.113719.1.1.5.1.17', OID_LDAP_SYNTAX, 'NDS ACL', 'NOVELL'), '2.16.840.1.113719.1.1.5.1.19': ('2.16.840.1.113719.1.1.5.1.19', OID_LDAP_SYNTAX, 'NDS Timestamp', 'NOVELL'), '2.16.840.1.113719.1.1.5.1.22': ('2.16.840.1.113719.1.1.5.1.22', OID_LDAP_SYNTAX, 'Counter', 'NOVELL'), '2.16.840.1.113719.1.1.5.1.23': ('2.16.840.1.113719.1.1.5.1.23', OID_LDAP_SYNTAX, 'Tagged Name', 'NOVELL'), '2.16.840.1.113719.1.1.5.1.25': ('2.16.840.1.113719.1.1.5.1.25', OID_LDAP_SYNTAX, 'Typed Name', 'NOVELL'), # ldap url extensions # matching rules '1.2.36.79672281.1.13.2': ('1.2.36.79672281.1.13.2', OID_MATCHING_RULE, 'componentFilterMatch', 'RFC3687'), '1.2.36.79672281.1.13.3': ('1.2.36.79672281.1.13.3', OID_MATCHING_RULE, 'rdnMatch', 'RFC3687'), '1.2.36.79672281.1.13.5': ('1.2.36.79672281.1.13.5', OID_MATCHING_RULE, 'presentMatch', 'RFC3687'), '1.2.36.79672281.1.13.6': ('1.2.36.79672281.1.13.6', OID_MATCHING_RULE, 'allComponentsMatch', 'RFC3687'), '1.2.36.79672281.1.13.7': ('1.2.36.79672281.1.13.7', OID_MATCHING_RULE, 'directoryComponentsMatch', 'RFC3687'), '1.2.840.113556.1.4.803': ('1.2.840.113556.1.4.803', OID_MATCHING_RULE, 'Bit AND', 'MICROSOFT'), '1.2.840.113556.1.4.804': ('1.2.840.113556.1.4.804', OID_MATCHING_RULE, 'Bit OR', 'MICROSOFT'), '1.2.840.113556.1.4.1941': ('1.2.840.113556.1.4.1941', OID_MATCHING_RULE, 'Transitive Evaluation', 'MICROSOFT'), '1.2.840.113556.1.4.2253': ('1.2.840.113556.1.4.2253', OID_MATCHING_RULE, 'DN with data', 'MICROSOFT'), '1.3.6.1.1.16.2': ('1.3.6.1.1.16.2', OID_MATCHING_RULE, 'uuidMatch', 'RFC4530'), '1.3.6.1.1.16.3': ('1.3.6.1.1.16.3', OID_MATCHING_RULE, 'uuidOrderingMatch', 'RFC4530'), '1.3.6.1.4.1.1466.109.114.1': ('1.3.6.1.4.1.1466.109.114.1', OID_MATCHING_RULE, 'caseExactIA5Match', 'RFC4517'), '1.3.6.1.4.1.1466.109.114.2': ('1.3.6.1.4.1.1466.109.114.2', OID_MATCHING_RULE, 'caseIgnoreIA5Match', 'RFC4517'), '1.3.6.1.4.1.1466.109.114.3': ('1.3.6.1.4.1.1466.109.114.3', OID_MATCHING_RULE, 'caseIgnoreIA5SubstringsMatch', 'RFC4517'), '2.5.13.0': ('2.5.13.0', OID_MATCHING_RULE, 'objectIdentifierMatch', 'RFC4517'), '2.5.13.1': ('2.5.13.1', OID_MATCHING_RULE, 'distinguishedNameMatch', 'RFC4517'), '2.5.13.2': ('2.5.13.2', OID_MATCHING_RULE, 'caseIgnoreMatch', 'RFC4517'), '2.5.13.3': ('2.5.13.3', OID_MATCHING_RULE, 'caseIgnoreOrderingMatch', 'RFC4517'), '2.5.13.4': ('2.5.13.4', OID_MATCHING_RULE, 'caseIgnoreSubstringsMatch', 'RFC4517'), '2.5.13.5': ('2.5.13.5', OID_MATCHING_RULE, 'caseExactMatch', 'RFC4517'), '2.5.13.6': ('2.5.13.6', OID_MATCHING_RULE, 'caseExactOrderingMatch', 'RFC4517'), '2.5.13.7': ('2.5.13.7', OID_MATCHING_RULE, 'caseExactSubstringsMatch', 'RFC4517'), '2.5.13.8': ('2.5.13.8', OID_MATCHING_RULE, 'numericStringMatch', 'RFC4517'), '2.5.13.9': ('2.5.13.9', OID_MATCHING_RULE, 'numericStringOrderingMatch', 'RFC4517'), '2.5.13.10': ('2.5.13.10', OID_MATCHING_RULE, 'numericStringSubstringsMatch', 'RFC4517'), '2.5.13.11': ('2.5.13.11', OID_MATCHING_RULE, 'caseIgnoreListMatch', 'RFC4517'), '2.5.13.12': ('2.5.13.12', OID_MATCHING_RULE, 'caseIgnoreListSubstringsMatch', 'RFC4517'), '2.5.13.13': ('2.5.13.13', OID_MATCHING_RULE, 'booleanMatch', 'RFC4517'), '2.5.13.14': ('2.5.13.14', OID_MATCHING_RULE, 'integerMatch', 'RFC4517'), '2.5.13.15': ('2.5.13.15', OID_MATCHING_RULE, 'integerOrderingMatch', 'RFC4517'), '2.5.13.16': ('2.5.13.16', OID_MATCHING_RULE, 'bitStringMatch', 'RFC4517'), '2.5.13.17': ('2.5.13.17', OID_MATCHING_RULE, 'octetStringMatch', 'RFC4517'), '2.5.13.18': ('2.5.13.18', OID_MATCHING_RULE, 'octetStringOrderingMatch', 'RFC4517'), '2.5.13.20': ('2.5.13.20', OID_MATCHING_RULE, 'telephoneNumberMatch', 'RFC4517'), '2.5.13.21': ('2.5.13.21', OID_MATCHING_RULE, 'telephoneNumberSubstringsMatch', 'RFC4517'), '2.5.13.22': ('2.5.13.22', OID_MATCHING_RULE, 'presentationAddressMatch', 'RFC2252'), '2.5.13.23': ('2.5.13.23', OID_MATCHING_RULE, 'uniqueMemberMatch', 'RFC4517'), '2.5.13.24': ('2.5.13.24', OID_MATCHING_RULE, 'protocolInformationMatch', 'RFC2252'), '2.5.13.27': ('2.5.13.27', OID_MATCHING_RULE, 'generalizedTimeMatch', 'RFC4517'), '2.5.13.28': ('2.5.13.28', OID_MATCHING_RULE, 'generalizedTimeOrderingMatch', 'RFC4517'), '2.5.13.29': ('2.5.13.29', OID_MATCHING_RULE, 'integerFirstComponentMatch', 'RFC4517'), '2.5.13.30': ('2.5.13.30', OID_MATCHING_RULE, 'objectIdentifierFirstComponentMatch', 'RFC4517'), '2.5.13.31': ('2.5.13.31', OID_MATCHING_RULE, 'directoryStringFirstComponentMatch', 'RFC4517'), '2.5.13.32': ('2.5.13.32', OID_MATCHING_RULE, 'wordMatch', 'RFC4517'), '2.5.13.33': ('2.5.13.33', OID_MATCHING_RULE, 'keywordMatch', 'RFC4517'), '2.5.13.34': ('2.5.13.34', OID_MATCHING_RULE, 'certificateExactMatch', 'RFC4523'), '2.5.13.35': ('2.5.13.35', OID_MATCHING_RULE, 'certificateMatch', 'RFC4523'), '2.5.13.36': ('2.5.13.36', OID_MATCHING_RULE, 'certificatePairExactMatch', 'RFC4523'), '2.5.13.37': ('2.5.13.37', OID_MATCHING_RULE, 'certificatePairMatch', 'RFC4523'), '2.5.13.38': ('2.5.13.38', OID_MATCHING_RULE, 'certificateListExactMatch', 'RFC4523'), '2.5.13.39': ('2.5.13.39', OID_MATCHING_RULE, 'certificateListMatch', 'RFC4523'), '2.5.13.40': ('2.5.13.40', OID_MATCHING_RULE, 'algorithmIdentifierMatch', 'RFC4523'), '2.5.13.41': ('2.5.13.41', OID_MATCHING_RULE, 'storedPrefixMatch', 'RFC3698'), # name forms '1.3.6.1.1.10.15.1': ('1.3.6.1.1.10.15.1', OID_NAME_FORM, 'uddiBusinessEntityNameForm', 'RFC4403'), '1.3.6.1.1.10.15.2': ('1.3.6.1.1.10.15.2', OID_NAME_FORM, 'uddiContactNameForm', 'RFC4403'), '1.3.6.1.1.10.15.3': ('1.3.6.1.1.10.15.3', OID_NAME_FORM, 'uddiAddressNameForm', 'RFC4403'), '1.3.6.1.1.10.15.4': ('1.3.6.1.1.10.15.4', OID_NAME_FORM, 'uddiBusinessServiceNameForm', 'RFC4403'), '1.3.6.1.1.10.15.5': ('1.3.6.1.1.10.15.5', OID_NAME_FORM, 'uddiBindingTemplateNameForm', 'RFC4403'), '1.3.6.1.1.10.15.6': ('1.3.6.1.1.10.15.6', OID_NAME_FORM, 'uddiTModelInstanceInfoNameForm', 'RFC4403'), '1.3.6.1.1.10.15.7': ('1.3.6.1.1.10.15.7', OID_NAME_FORM, 'uddiTModelNameForm', 'RFC4403'), '1.3.6.1.1.10.15.8': ('1.3.6.1.1.10.15.8', OID_NAME_FORM, 'uddiPublisherAssertionNameForm', 'RFC4403'), '1.3.6.1.1.10.15.9': ('1.3.6.1.1.10.15.9', OID_NAME_FORM, 'uddiv3SubscriptionNameForm', 'RFC4403'), '1.3.6.1.1.10.15.10': ('1.3.6.1.1.10.15.10', OID_NAME_FORM, 'uddiv3EntityObituaryNameForm', 'RFC4403'), '1.3.6.1.4.1.1466.345': ('1.3.6.1.4.1.1466.345', OID_NAME_FORM, 'domainNameForm', 'RFC2247'), # object classes '0.9.2342.19200300.100.4.3': ('0.9.2342.19200300.100.4.3', OID_OBJECT_CLASS, 'pilotObject', 'RFC1274'), '0.9.2342.19200300.100.4.4': ('0.9.2342.19200300.100.4.4', OID_OBJECT_CLASS, 'pilotPerson', 'RFC1274'), '0.9.2342.19200300.100.4.5': ('0.9.2342.19200300.100.4.5', OID_OBJECT_CLASS, 'account', 'RFC4524'), '0.9.2342.19200300.100.4.6': ('0.9.2342.19200300.100.4.6', OID_OBJECT_CLASS, 'document', 'RFC4524'), '0.9.2342.19200300.100.4.7': ('0.9.2342.19200300.100.4.7', OID_OBJECT_CLASS, 'room', 'RFC4524'), '0.9.2342.19200300.100.4.8': ('0.9.2342.19200300.100.4.8', OID_OBJECT_CLASS, 'documentSeries', 'RFC4524'), '0.9.2342.19200300.100.4.13': ('0.9.2342.19200300.100.4.13', OID_OBJECT_CLASS, 'domain', 'RFC4524'), '0.9.2342.19200300.100.4.14': ('0.9.2342.19200300.100.4.14', OID_OBJECT_CLASS, 'RFC822LocalPart', 'RFC4524'), '0.9.2342.19200300.100.4.15': ('0.9.2342.19200300.100.4.15', OID_OBJECT_CLASS, 'dNSDomain', 'RFC1274'), '0.9.2342.19200300.100.4.17': ('0.9.2342.19200300.100.4.17', OID_OBJECT_CLASS, 'domainRelatedObject', 'RFC4524'), '0.9.2342.19200300.100.4.18': ('0.9.2342.19200300.100.4.18', OID_OBJECT_CLASS, 'friendlyCountry', 'RFC4524'), '0.9.2342.19200300.100.4.19': ('0.9.2342.19200300.100.4.19', OID_OBJECT_CLASS, 'simpleSecurityObject', 'RFC4524'), '0.9.2342.19200300.100.4.20': ('0.9.2342.19200300.100.4.20', OID_OBJECT_CLASS, 'pilotOrganization', 'RFC1274'), '0.9.2342.19200300.100.4.21': ('0.9.2342.19200300.100.4.21', OID_OBJECT_CLASS, 'pilotDSA', 'RFC1274'), '0.9.2342.19200300.100.4.22': ('0.9.2342.19200300.100.4.22', OID_OBJECT_CLASS, 'qualityLabelledData', 'RFC1274'), '1.2.840.113556.1.5.87': ('1.2.840.113556.1.5.87', OID_OBJECT_CLASS, 'calEntry', 'RFC2739'), '1.3.18.0.2.6.253': ('1.3.18.0.2.6.253', OID_OBJECT_CLASS, 'printerLPR', 'RFC3712'), '1.3.18.0.2.6.254': ('1.3.18.0.2.6.254', OID_OBJECT_CLASS, 'slpServicePrinter', 'RFC3712'), '1.3.18.0.2.6.255': ('1.3.18.0.2.6.255', OID_OBJECT_CLASS, 'printerService', 'RFC3712'), '1.3.18.0.2.6.256': ('1.3.18.0.2.6.256', OID_OBJECT_CLASS, 'printerIPP', 'RFC3712'), '1.3.18.0.2.6.257': ('1.3.18.0.2.6.257', OID_OBJECT_CLASS, 'printerServiceAuxClass', 'RFC3712'), '1.3.18.0.2.6.258': ('1.3.18.0.2.6.258', OID_OBJECT_CLASS, 'printerAbstract', 'RFC3712'), '1.3.6.1.1.10.6.1': ('1.3.6.1.1.10.6.1', OID_OBJECT_CLASS, 'uddiBusinessEntity', 'RFC4403'), '1.3.6.1.1.10.6.2': ('1.3.6.1.1.10.6.2', OID_OBJECT_CLASS, 'uddiContact', 'RFC4403'), '1.3.6.1.1.10.6.3': ('1.3.6.1.1.10.6.3', OID_OBJECT_CLASS, 'uddiAddress', 'RFC4403'), '1.3.6.1.1.10.6.4': ('1.3.6.1.1.10.6.4', OID_OBJECT_CLASS, 'uddiBusinessService', 'RFC4403'), '1.3.6.1.1.10.6.5': ('1.3.6.1.1.10.6.5', OID_OBJECT_CLASS, 'uddiBindingTemplate', 'RFC4403'), '1.3.6.1.1.10.6.6': ('1.3.6.1.1.10.6.6', OID_OBJECT_CLASS, 'uddiTModelInstanceInfo', 'RFC4403'), '1.3.6.1.1.10.6.7': ('1.3.6.1.1.10.6.7', OID_OBJECT_CLASS, 'uddiTModel', 'RFC4403'), '1.3.6.1.1.10.6.8': ('1.3.6.1.1.10.6.8', OID_OBJECT_CLASS, 'uddiPublisherAssertion', 'RFC4403'), '1.3.6.1.1.10.6.9': ('1.3.6.1.1.10.6.9', OID_OBJECT_CLASS, 'uddiv3Subscription', 'RFC4403'), '1.3.6.1.1.10.6.10': ('1.3.6.1.1.10.6.10', OID_OBJECT_CLASS, 'uddiv3EntityObituary', 'RFC4403'), '1.3.6.1.1.11.1.1': ('1.3.6.1.1.11.1.1', OID_OBJECT_CLASS, 'vPIMUser', 'RFC4237'), '1.3.6.1.1.3.1': ('1.3.6.1.1.3.1', OID_OBJECT_CLASS, 'uidObject', 'RFC4519'), '1.3.6.1.1.6.1.1': ('1.3.6.1.1.6.1.1', OID_OBJECT_CLASS, 'pcimPolicy', 'RFC3703'), '1.3.6.1.1.6.1.2': ('1.3.6.1.1.6.1.2', OID_OBJECT_CLASS, 'pcimGroup', 'RFC3703'), '1.3.6.1.1.6.1.3': ('1.3.6.1.1.6.1.3', OID_OBJECT_CLASS, 'pcimGroupAuxClass', 'RFC3703'), '1.3.6.1.1.6.1.4': ('1.3.6.1.1.6.1.4', OID_OBJECT_CLASS, 'pcimGroupInstance', 'RFC3703'), '1.3.6.1.1.6.1.5': ('1.3.6.1.1.6.1.5', OID_OBJECT_CLASS, 'pcimRule', 'RFC3703'), '1.3.6.1.1.6.1.6': ('1.3.6.1.1.6.1.6', OID_OBJECT_CLASS, 'pcimRuleAuxClass', 'RFC3703'), '1.3.6.1.1.6.1.7': ('1.3.6.1.1.6.1.7', OID_OBJECT_CLASS, 'pcimRuleInstance', 'RFC3703'), '1.3.6.1.1.6.1.8': ('1.3.6.1.1.6.1.8', OID_OBJECT_CLASS, 'pcimRuleConditionAssociation', 'RFC3703'), '1.3.6.1.1.6.1.9': ('1.3.6.1.1.6.1.9', OID_OBJECT_CLASS, 'pcimRuleValidityAssociation', 'RFC3703'), '1.3.6.1.1.6.1.10': ('1.3.6.1.1.6.1.10', OID_OBJECT_CLASS, 'pcimRuleActionAssociation', 'RFC3703'), '1.3.6.1.1.6.1.11': ('1.3.6.1.1.6.1.11', OID_OBJECT_CLASS, 'pcimConditionAuxClass', 'RFC3703'), '1.3.6.1.1.6.1.12': ('1.3.6.1.1.6.1.12', OID_OBJECT_CLASS, 'pcimTPCAuxClass', 'RFC3703'), '1.3.6.1.1.6.1.13': ('1.3.6.1.1.6.1.13', OID_OBJECT_CLASS, 'pcimConditionVendorAuxClass', 'RFC3703'), '1.3.6.1.1.6.1.14': ('1.3.6.1.1.6.1.14', OID_OBJECT_CLASS, 'pcimActionAuxClass', 'RFC3703'), '1.3.6.1.1.6.1.15': ('1.3.6.1.1.6.1.15', OID_OBJECT_CLASS, 'pcimActionVendorAuxClass', 'RFC3703'), '1.3.6.1.1.6.1.16': ('1.3.6.1.1.6.1.16', OID_OBJECT_CLASS, 'pcimPolicyInstance', 'RFC3703'), '1.3.6.1.1.6.1.17': ('1.3.6.1.1.6.1.17', OID_OBJECT_CLASS, 'pcimElementAuxClass', 'RFC3703'), '1.3.6.1.1.6.1.18': ('1.3.6.1.1.6.1.18', OID_OBJECT_CLASS, 'pcimRepository', 'RFC3703'), '1.3.6.1.1.6.1.19': ('1.3.6.1.1.6.1.19', OID_OBJECT_CLASS, 'pcimRepositoryAuxClass', 'RFC3703'), '1.3.6.1.1.6.1.20': ('1.3.6.1.1.6.1.20', OID_OBJECT_CLASS, 'pcimRepositoryInstance', 'RFC3703'), '1.3.6.1.1.6.1.21': ('1.3.6.1.1.6.1.21', OID_OBJECT_CLASS, 'pcimSubtreesPtrAuxClass', 'RFC3703'), '1.3.6.1.1.6.1.22': ('1.3.6.1.1.6.1.22', OID_OBJECT_CLASS, 'pcimGroupContainmentAuxClass', 'RFC3703'), '1.3.6.1.1.6.1.23': ('1.3.6.1.1.6.1.23', OID_OBJECT_CLASS, 'pcimRuleContainmentAuxClass', 'RFC3703'), '1.3.6.1.1.9.1.1': ('1.3.6.1.1.9.1.1', OID_OBJECT_CLASS, 'pcelsPolicySet', 'RFC4104'), '1.3.6.1.1.9.1.2': ('1.3.6.1.1.9.1.2', OID_OBJECT_CLASS, 'pcelsPolicySetAssociation', 'RFC4104'), '1.3.6.1.1.9.1.3': ('1.3.6.1.1.9.1.3', OID_OBJECT_CLASS, 'pcelsGroup', 'RFC4104'), '1.3.6.1.1.9.1.4': ('1.3.6.1.1.9.1.4', OID_OBJECT_CLASS, 'pcelsGroupAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.5': ('1.3.6.1.1.9.1.5', OID_OBJECT_CLASS, 'pcelsGroupInstance', 'RFC4104'), '1.3.6.1.1.9.1.6': ('1.3.6.1.1.9.1.6', OID_OBJECT_CLASS, 'pcelsRule', 'RFC4104'), '1.3.6.1.1.9.1.7': ('1.3.6.1.1.9.1.7', OID_OBJECT_CLASS, 'pcelsRuleAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.8': ('1.3.6.1.1.9.1.8', OID_OBJECT_CLASS, 'pcelsRuleInstance', 'RFC4104'), '1.3.6.1.1.9.1.9': ('1.3.6.1.1.9.1.9', OID_OBJECT_CLASS, 'pcelsConditionAssociation', 'RFC4104'), '1.3.6.1.1.9.1.10': ('1.3.6.1.1.9.1.10', OID_OBJECT_CLASS, 'pcelsActionAssociation', 'RFC4104'), '1.3.6.1.1.9.1.11': ('1.3.6.1.1.9.1.11', OID_OBJECT_CLASS, 'pcelsSimpleConditionAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.12': ('1.3.6.1.1.9.1.12', OID_OBJECT_CLASS, 'pcelsCompoundConditionAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.13': ('1.3.6.1.1.9.1.13', OID_OBJECT_CLASS, 'pcelsCompoundFilterConditionAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.14': ('1.3.6.1.1.9.1.14', OID_OBJECT_CLASS, 'pcelsSimpleActionAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.15': ('1.3.6.1.1.9.1.15', OID_OBJECT_CLASS, 'pcelsCompoundActionAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.16': ('1.3.6.1.1.9.1.16', OID_OBJECT_CLASS, 'pcelsVariable', 'RFC4104'), '1.3.6.1.1.9.1.17': ('1.3.6.1.1.9.1.17', OID_OBJECT_CLASS, 'pcelsExplicitVariableAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.18': ('1.3.6.1.1.9.1.18', OID_OBJECT_CLASS, 'pcelsImplicitVariableAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.19': ('1.3.6.1.1.9.1.19', OID_OBJECT_CLASS, 'pcelsSourceIPv4VariableAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.20': ('1.3.6.1.1.9.1.20', OID_OBJECT_CLASS, 'pcelsSourceIPv6VariableAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.21': ('1.3.6.1.1.9.1.21', OID_OBJECT_CLASS, 'pcelsDestinationIPv4VariableAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.22': ('1.3.6.1.1.9.1.22', OID_OBJECT_CLASS, 'pcelsDestinationIPv6VariableAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.23': ('1.3.6.1.1.9.1.23', OID_OBJECT_CLASS, 'pcelsSourcePortVariableAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.24': ('1.3.6.1.1.9.1.24', OID_OBJECT_CLASS, 'pcelsDestinationPortVariableAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.25': ('1.3.6.1.1.9.1.25', OID_OBJECT_CLASS, 'pcelsIPProtocolVariableAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.26': ('1.3.6.1.1.9.1.26', OID_OBJECT_CLASS, 'pcelsIPVersionVariableAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.27': ('1.3.6.1.1.9.1.27', OID_OBJECT_CLASS, 'pcelsIPToSVariableAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.28': ('1.3.6.1.1.9.1.28', OID_OBJECT_CLASS, 'pcelsDSCPVariableAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.29': ('1.3.6.1.1.9.1.29', OID_OBJECT_CLASS, 'pcelsFlowIdVariableAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.30': ('1.3.6.1.1.9.1.30', OID_OBJECT_CLASS, 'pcelsSourceMACVariableAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.31': ('1.3.6.1.1.9.1.31', OID_OBJECT_CLASS, 'pcelsDestinationMACVariableAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.32': ('1.3.6.1.1.9.1.32', OID_OBJECT_CLASS, 'pcelsVLANVariableAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.33': ('1.3.6.1.1.9.1.33', OID_OBJECT_CLASS, 'pcelsCoSVariableAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.34': ('1.3.6.1.1.9.1.34', OID_OBJECT_CLASS, 'pcelsEthertypeVariableAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.35': ('1.3.6.1.1.9.1.35', OID_OBJECT_CLASS, 'pcelsSourceSAPVariableAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.36': ('1.3.6.1.1.9.1.36', OID_OBJECT_CLASS, 'pcelsDestinationSAPVariableAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.37': ('1.3.6.1.1.9.1.37', OID_OBJECT_CLASS, 'pcelsSNAPOUIVariableAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.38': ('1.3.6.1.1.9.1.38', OID_OBJECT_CLASS, 'pcelsSNAPTypeVariableAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.39': ('1.3.6.1.1.9.1.39', OID_OBJECT_CLASS, 'pcelsFlowDirectionVariableAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.40': ('1.3.6.1.1.9.1.40', OID_OBJECT_CLASS, 'pcelsValueAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.41': ('1.3.6.1.1.9.1.41', OID_OBJECT_CLASS, 'pcelsIPv4AddrValueAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.42': ('1.3.6.1.1.9.1.42', OID_OBJECT_CLASS, 'pcelsIPv6AddrValueAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.43': ('1.3.6.1.1.9.1.43', OID_OBJECT_CLASS, 'pcelsMACAddrValueAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.44': ('1.3.6.1.1.9.1.44', OID_OBJECT_CLASS, 'pcelsStringValueAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.45': ('1.3.6.1.1.9.1.45', OID_OBJECT_CLASS, 'pcelsBitStringValueAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.46': ('1.3.6.1.1.9.1.46', OID_OBJECT_CLASS, 'pcelsIntegerValueAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.47': ('1.3.6.1.1.9.1.47', OID_OBJECT_CLASS, 'pcelsBooleanValueAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.48': ('1.3.6.1.1.9.1.48', OID_OBJECT_CLASS, 'pcelsReusableContainer', 'RFC4104'), '1.3.6.1.1.9.1.49': ('1.3.6.1.1.9.1.49', OID_OBJECT_CLASS, 'pcelsReusableContainerAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.50': ('1.3.6.1.1.9.1.50', OID_OBJECT_CLASS, 'pcelsReusableContainerInstance', 'RFC4104'), '1.3.6.1.1.9.1.51': ('1.3.6.1.1.9.1.51', OID_OBJECT_CLASS, 'pcelsRoleCollection', 'RFC4104'), '1.3.6.1.1.9.1.52': ('1.3.6.1.1.9.1.52', OID_OBJECT_CLASS, 'pcelsFilterEntryBase', 'RFC4104'), '1.3.6.1.1.9.1.53': ('1.3.6.1.1.9.1.53', OID_OBJECT_CLASS, 'pcelsIPHeadersFilter', 'RFC4104'), '1.3.6.1.1.9.1.54': ('1.3.6.1.1.9.1.54', OID_OBJECT_CLASS, 'pcels8021Filter', 'RFC4104'), '1.3.6.1.1.9.1.55': ('1.3.6.1.1.9.1.55', OID_OBJECT_CLASS, 'pcelsFilterListAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.56': ('1.3.6.1.1.9.1.56', OID_OBJECT_CLASS, 'pcelsVendorVariableAuxClass', 'RFC4104'), '1.3.6.1.1.9.1.57': ('1.3.6.1.1.9.1.57', OID_OBJECT_CLASS, 'pcelsVendorValueAuxClass', 'RFC4104'), '1.3.6.1.4.1.11.1.3.1.2.5': ('1.3.6.1.4.1.11.1.3.1.2.5', OID_OBJECT_CLASS, 'DUAConfigProfile', 'RFC4876'), '1.3.6.1.4.1.1466.101.119.2': ('1.3.6.1.4.1.1466.101.119.2', OID_OBJECT_CLASS, 'dynamicObject', 'RFC2589'), '1.3.6.1.4.1.1466.101.120.111': ('1.3.6.1.4.1.1466.101.120.111', OID_OBJECT_CLASS, 'extensibleObject', 'RFC4512'), '1.3.6.1.4.1.1466.344': ('1.3.6.1.4.1.1466.344', OID_OBJECT_CLASS, 'dcObject', 'RFC4519'), '1.3.6.1.4.1.16572.2.1.1': ('1.3.6.1.4.1.16572.2.1.1', OID_OBJECT_CLASS, 'LDIFLocationURLObject', 'RFC6109'), '1.3.6.1.4.1.16572.2.1.2': ('1.3.6.1.4.1.16572.2.1.2', OID_OBJECT_CLASS, 'provider', 'RFC6109'), '1.3.6.1.4.1.250.3.15': ('1.3.6.1.4.1.250.3.15', OID_OBJECT_CLASS, 'labeledURIObject', 'RFC2079'), '1.3.6.1.4.1.31103.1.1001': ('1.3.6.1.4.1.31103.1.1001', OID_OBJECT_CLASS, 'fedfsNsdbContainerInfo', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.1002': ('1.3.6.1.4.1.31103.1.1002', OID_OBJECT_CLASS, 'fedfsFsn', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.1003': ('1.3.6.1.4.1.31103.1.1003', OID_OBJECT_CLASS, 'fedfsFsl', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.31103.1.1004': ('1.3.6.1.4.1.31103.1.1004', OID_OBJECT_CLASS, 'fedfsNfsFsl', 'RFC-ietf-nfsv4-federated-fs-protocol-15'), '1.3.6.1.4.1.453.7.1.1': ('1.3.6.1.4.1.453.7.1.1', OID_OBJECT_CLASS, ['rFC822ToX400Mapping', 'subtree'], 'RFC2164-RFC2293'), '1.3.6.1.4.1.453.7.1.2': ('1.3.6.1.4.1.453.7.1.2', OID_OBJECT_CLASS, ['x400ToRFC822Mapping', 'table'], 'RFC2164-RFC2293'), '1.3.6.1.4.1.453.7.1.3': ('1.3.6.1.4.1.453.7.1.3', OID_OBJECT_CLASS, ['omittedORAddressComponent', 'tableEntry'], 'RFC2164-RFC2293'), '1.3.6.1.4.1.453.7.1.4': ('1.3.6.1.4.1.453.7.1.4', OID_OBJECT_CLASS, ['mixerGateway', 'textTableEntry'], 'RFC2164-RFC2293'), '1.3.6.1.4.1.453.7.1.5': ('1.3.6.1.4.1.453.7.1.5', OID_OBJECT_CLASS, 'distinguishedNameTableEntry', 'RFC2293'), '2.16.840.1.113730.3.2.6': ('2.16.840.1.113730.3.2.6', OID_OBJECT_CLASS, 'referral', 'RFC3296'), '2.5.17.0': ('2.5.17.0', OID_OBJECT_CLASS, 'subentry', 'RFC3672'), '2.5.20.1': ('2.5.20.1', OID_OBJECT_CLASS, 'subschema', 'RFC4512'), '2.5.20.2': ('2.5.20.2', OID_OBJECT_CLASS, 'collectiveAttributeSubentry', 'RFC3671'), '2.5.6.0': ('2.5.6.0', OID_OBJECT_CLASS, 'top', 'RFC4512'), '2.5.6.1': ('2.5.6.1', OID_OBJECT_CLASS, 'alias', 'RFC4512'), '2.5.6.2': ('2.5.6.2', OID_OBJECT_CLASS, 'country', 'RFC4519'), '2.5.6.3': ('2.5.6.3', OID_OBJECT_CLASS, 'locality', 'RFC4519'), '2.5.6.4': ('2.5.6.4', OID_OBJECT_CLASS, 'organization', 'RFC4519'), '2.5.6.5': ('2.5.6.5', OID_OBJECT_CLASS, 'organizationalUnit', 'RFC4519'), '2.5.6.6': ('2.5.6.6', OID_OBJECT_CLASS, 'person', 'RFC4519'), '2.5.6.7': ('2.5.6.7', OID_OBJECT_CLASS, 'organizationalPerson', 'RFC4519'), '2.5.6.8': ('2.5.6.8', OID_OBJECT_CLASS, 'organizationalRole', 'RFC4519'), '2.5.6.9': ('2.5.6.9', OID_OBJECT_CLASS, 'groupOfNames', 'RFC4519'), '2.5.6.10': ('2.5.6.10', OID_OBJECT_CLASS, 'residentialPerson', 'RFC4519'), '2.5.6.11': ('2.5.6.11', OID_OBJECT_CLASS, 'applicationProcess', 'RFC4519'), '2.5.6.12': ('2.5.6.12', OID_OBJECT_CLASS, 'applicationEntity', 'RFC2256'), '2.5.6.13': ('2.5.6.13', OID_OBJECT_CLASS, 'dSA', 'RFC2256'), '2.5.6.14': ('2.5.6.14', OID_OBJECT_CLASS, 'device', 'RFC4519'), '2.5.6.15': ('2.5.6.15', OID_OBJECT_CLASS, 'strongAuthenticationUser', 'RFC4523'), '2.5.6.16': ('2.5.6.16', OID_OBJECT_CLASS, 'certificationAuthority', 'RFC4523'), '2.5.6.16.2': ('2.5.6.16.2', OID_OBJECT_CLASS, 'certificationAuthority-V2', 'RFC4523'), '2.5.6.17': ('2.5.6.17', OID_OBJECT_CLASS, 'groupOfUniqueNames', 'RFC4519'), '2.5.6.18': ('2.5.6.18', OID_OBJECT_CLASS, 'userSecurityInformation', 'RFC4523'), '2.5.6.19': ('2.5.6.19', OID_OBJECT_CLASS, 'cRLDistributionPoint', 'RFC4523'), '2.5.6.20': ('2.5.6.20', OID_OBJECT_CLASS, 'dmd', 'RFC2256'), '2.5.6.21': ('2.5.6.21', OID_OBJECT_CLASS, 'pkiUser', 'RFC4523'), '2.5.6.22': ('2.5.6.22', OID_OBJECT_CLASS, 'pkiCA', 'RFC4523'), '2.5.6.23': ('2.5.6.23', OID_OBJECT_CLASS, 'deltaCRL', 'RFC4523'), # unsolicited notices '1.3.6.1.1.21.4': ('1.3.6.1.1.21.4', OID_UNSOLICITED_NOTICE, 'Aborted Transaction Notice', 'RFC5805'), '1.3.6.1.4.1.1466.20036': ('1.3.6.1.4.1.1466.20036', OID_UNSOLICITED_NOTICE, 'Notice of Disconnection', 'RFC4511')} ldap3-2.4.1/ldap3/protocol/persistentSearch.py0000666000000000000000000000615113226436321017424 0ustar 00000000000000""" """ # Created on 2016.07.09 # # Author: Giovanni Cannata # # Copyright 2016 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from pyasn1.type.namedtype import NamedTypes, NamedType, OptionalNamedType from pyasn1.type.namedval import NamedValues from pyasn1.type.univ import Sequence, Integer, Boolean, Enumerated from .rfc4511 import LDAPDN from .controls import build_control class PersistentSearchControl(Sequence): # PersistentSearch ::= SEQUENCE { # changeTypes INTEGER, # changesOnly BOOLEAN, # returnECs BOOLEAN # } componentType = NamedTypes(NamedType('changeTypes', Integer()), NamedType('changesOnly', Boolean()), NamedType('returnECs', Boolean()) ) class ChangeType(Enumerated): # changeType ENUMERATED { # add (1), # delete (2), # modify (4), # modDN (8) # } namedValues = NamedValues(('add', 1), ('delete', 2), ('modify', 4), ('modDN', 8)) class EntryChangeNotificationControl(Sequence): # EntryChangeNotification ::= SEQUENCE { # changeType ENUMERATED { # add (1), # delete (2), # modify (4), # modDN (8) # }, # previousDN LDAPDN OPTIONAL, -- modifyDN ops. only # changeNumber INTEGER OPTIONAL -- if supported # } # tagSet = TagSet() # tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassUniversal, tagFormatConstructed, 16)) componentType = NamedTypes(NamedType('changeType', ChangeType()), OptionalNamedType('previousDN', LDAPDN()), OptionalNamedType('changeNumber', Integer()) ) def persistent_search_control(change_types, changes_only=True, return_ecs=True, criticality=False): control_value = PersistentSearchControl() control_value.setComponentByName('changeTypes', Integer(change_types)) control_value.setComponentByName('changesOnly', Boolean(changes_only)) control_value.setComponentByName('returnECs', Boolean(return_ecs)) return build_control('2.16.840.1.113730.3.4.3', criticality, control_value) ldap3-2.4.1/ldap3/protocol/rfc2696.py0000666000000000000000000000433313226436321015177 0ustar 00000000000000""" """ # Created on 2013.10.15 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from pyasn1.type.univ import OctetString, Integer, Sequence from pyasn1.type.namedtype import NamedTypes, NamedType from pyasn1.type.constraint import ValueRangeConstraint from .controls import build_control # constants # maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) -- MAXINT = Integer(2147483647) # constraints rangeInt0ToMaxConstraint = ValueRangeConstraint(0, MAXINT) class Integer0ToMax(Integer): subtypeSpec = Integer.subtypeSpec + rangeInt0ToMaxConstraint class Size(Integer0ToMax): # Size INTEGER (0..maxInt) pass class Cookie(OctetString): # cookie OCTET STRING pass class RealSearchControlValue(Sequence): # realSearchControlValue ::= SEQUENCE { # size INTEGER (0..maxInt), # -- requested page size from client # -- result set size estimate from server # cookie OCTET STRING componentType = NamedTypes(NamedType('size', Size()), NamedType('cookie', Cookie())) def paged_search_control(criticality=False, size=10, cookie=None): control_value = RealSearchControlValue() control_value.setComponentByName('size', Size(size)) control_value.setComponentByName('cookie', Cookie(cookie if cookie else '')) return build_control('1.2.840.113556.1.4.319', criticality, control_value) ldap3-2.4.1/ldap3/protocol/rfc2849.py0000666000000000000000000002435513226436321015205 0ustar 00000000000000""" """ # Created on 2013.12.08 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from base64 import b64encode from datetime import datetime from .. import STRING_TYPES from ..core.exceptions import LDAPLDIFError, LDAPExtensionError from ..protocol.persistentSearch import EntryChangeNotificationControl from ..utils.asn1 import decoder # LDIF converter RFC 2849 compliant LDIF_LINE_LENGTH = 78 def safe_ldif_string(bytes_value): if not bytes_value: return True # check SAFE-INIT-CHAR: < 127, not NUL, LF, CR, SPACE, COLON, LESS-THAN if bytes_value[0] > 127 or bytes_value[0] in [0, 10, 13, 32, 58, 60]: return False # check SAFE-CHAR: < 127 not NUL, LF, CR if 0 in bytes_value or 10 in bytes_value or 13 in bytes_value: return False # check last char for SPACE if bytes_value[-1] == 32: return False for byte in bytes_value: if byte > 127: return False return True def _convert_to_ldif(descriptor, value, base64): if not value: value = '' if isinstance(value, STRING_TYPES): value = bytearray(value, encoding='utf-8') if base64 or not safe_ldif_string(value): try: encoded = b64encode(value) except TypeError: encoded = b64encode(str(value)) # patch for Python 2.6 if not isinstance(encoded, str): # in Python 3 b64encode returns bytes in Python 2 returns str encoded = str(encoded, encoding='ascii') # Python 3 line = descriptor + ':: ' + encoded else: if str is not bytes: # Python 3 value = str(value, encoding='ascii') else: # Python 2 value = str(value) line = descriptor + ': ' + value return line def add_controls(controls, all_base64): lines = [] if controls: for control in controls: line = 'control: ' + control[0] line += ' ' + ('true' if control[1] else 'false') if control[2]: lines.append(_convert_to_ldif(line, control[2], all_base64)) return lines def add_attributes(attributes, all_base64): lines = [] oc_attr = None # objectclass first, even if this is not specified in the RFC for attr in attributes: if attr.lower() == 'objectclass': for val in attributes[attr]: lines.append(_convert_to_ldif(attr, val, all_base64)) oc_attr = attr break # remaining attributes for attr in attributes: if attr != oc_attr: for val in attributes[attr]: lines.append(_convert_to_ldif(attr, val, all_base64)) return lines def sort_ldif_lines(lines, sort_order): # sort lines as per custom sort_order # sort order is a list of descriptors, lines will be sorted following the same sequence return sorted(lines, key=lambda x: ldif_sort(x, sort_order)) if sort_order else lines def search_response_to_ldif(entries, all_base64, sort_order=None): lines = [] for entry in entries: if 'dn' in entry: lines.append(_convert_to_ldif('dn', entry['dn'], all_base64)) lines.extend(add_attributes(entry['raw_attributes'], all_base64)) else: raise LDAPLDIFError('unable to convert to LDIF-CONTENT - missing DN') if sort_order: lines = sort_ldif_lines(lines, sort_order) lines.append('') if lines: lines.append('# total number of entries: ' + str(len(entries))) return lines def add_request_to_ldif(entry, all_base64, sort_order=None): lines = [] if 'entry' in entry: lines.append(_convert_to_ldif('dn', entry['entry'], all_base64)) lines.extend(add_controls(entry['controls'], all_base64)) lines.append('changetype: add') lines.extend(add_attributes(entry['attributes'], all_base64)) if sort_order: lines = sort_ldif_lines(lines, sort_order) else: raise LDAPLDIFError('unable to convert to LDIF-CHANGE-ADD - missing DN ') return lines def delete_request_to_ldif(entry, all_base64, sort_order=None): lines = [] if 'entry' in entry: lines.append(_convert_to_ldif('dn', entry['entry'], all_base64)) lines.append(add_controls(entry['controls'], all_base64)) lines.append('changetype: delete') if sort_order: lines = sort_ldif_lines(lines, sort_order) else: raise LDAPLDIFError('unable to convert to LDIF-CHANGE-DELETE - missing DN ') return lines def modify_request_to_ldif(entry, all_base64, sort_order=None): lines = [] if 'entry' in entry: lines.append(_convert_to_ldif('dn', entry['entry'], all_base64)) lines.extend(add_controls(entry['controls'], all_base64)) lines.append('changetype: modify') if 'changes' in entry: for change in entry['changes']: lines.append(['add', 'delete', 'replace', 'increment'][change['operation']] + ': ' + change['attribute']['type']) for value in change['attribute']['value']: lines.append(_convert_to_ldif(change['attribute']['type'], value, all_base64)) lines.append('-') if sort_order: lines = sort_ldif_lines(lines, sort_order) return lines def modify_dn_request_to_ldif(entry, all_base64, sort_order=None): lines = [] if 'entry' in entry: lines.append(_convert_to_ldif('dn', entry['entry'], all_base64)) lines.extend(add_controls(entry['controls'], all_base64)) lines.append('changetype: modrdn') if 'newSuperior' in entry and entry['newSuperior'] else lines.append('changetype: moddn') lines.append(_convert_to_ldif('newrdn', entry['newRdn'], all_base64)) lines.append('deleteoldrdn: ' + ('1' if entry['deleteOldRdn'] else '0')) if 'newSuperior' in entry and entry['newSuperior']: lines.append(_convert_to_ldif('newsuperior', entry['newSuperior'], all_base64)) if sort_order: lines = sort_ldif_lines(lines, sort_order) else: raise LDAPLDIFError('unable to convert to LDIF-CHANGE-MODDN - missing DN ') return lines def operation_to_ldif(operation_type, entries, all_base64=False, sort_order=None): if operation_type == 'searchResponse': lines = search_response_to_ldif(entries, all_base64, sort_order) elif operation_type == 'addRequest': lines = add_request_to_ldif(entries, all_base64, sort_order) elif operation_type == 'delRequest': lines = delete_request_to_ldif(entries, all_base64, sort_order) elif operation_type == 'modifyRequest': lines = modify_request_to_ldif(entries, all_base64, sort_order) elif operation_type == 'modDNRequest': lines = modify_dn_request_to_ldif(entries, all_base64, sort_order) else: lines = [] ldif_record = [] # check max line length and split as per note 2 of RFC 2849 for line in lines: if line: ldif_record.append(line[0:LDIF_LINE_LENGTH]) ldif_record.extend([' ' + line[i: i + LDIF_LINE_LENGTH - 1] for i in range(LDIF_LINE_LENGTH, len(line), LDIF_LINE_LENGTH - 1)] if len(line) > LDIF_LINE_LENGTH else []) else: ldif_record.append('') return ldif_record def add_ldif_header(ldif_lines): if ldif_lines: ldif_lines.insert(0, 'version: 1') return ldif_lines def ldif_sort(line, sort_order): for i, descriptor in enumerate(sort_order): if line and line.startswith(descriptor): return i return len(sort_order) + 1 def decode_persistent_search_control(change): if 'controls' in change and '2.16.840.1.113730.3.4.7' in change['controls']: decoded = dict() decoded_control, unprocessed = decoder.decode(change['controls']['2.16.840.1.113730.3.4.7']['value'], asn1Spec=EntryChangeNotificationControl()) if unprocessed: raise LDAPExtensionError('unprocessed value in EntryChangeNotificationControl') if decoded_control['changeType'] == 1: # add decoded['changeType'] = 'add' elif decoded_control['changeType'] == 2: # delete decoded['changeType'] = 'delete' elif decoded_control['changeType'] == 4: # modify decoded['changeType'] = 'modify' elif decoded_control['changeType'] == 8: # modify_dn decoded['changeType'] = 'modify dn' else: raise LDAPExtensionError('unknown Persistent Search changeType ' + str(decoded_control['changeType'])) decoded['changeNumber'] = decoded_control['changeNumber'] if 'changeNumber' in decoded_control else None decoded['previousDN'] = decoded_control['previousDN'] if 'previousDN' in decoded_control else None return decoded return None def persistent_search_response_to_ldif(change): ldif_lines = ['# ' + datetime.now().isoformat()] control = decode_persistent_search_control(change) if control: if control['changeNumber']: ldif_lines.append('# change number: ' + str(control['changeNumber'])) ldif_lines.append(control['changeType']) if control['previousDN']: ldif_lines.append('# previous dn: ' + str(control['previousDN'])) ldif_lines += operation_to_ldif('searchResponse', [change]) return ldif_lines[:-1] # removes "total number of entries" ldap3-2.4.1/ldap3/protocol/rfc3062.py0000666000000000000000000000561313226436321015165 0ustar 00000000000000""" """ # Created on 2014.04.28 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from pyasn1.type.univ import OctetString, Sequence from pyasn1.type.namedtype import NamedTypes, OptionalNamedType from pyasn1.type.tag import Tag, tagClassContext, tagFormatSimple # Modify password extended operation # passwdModifyOID OBJECT IDENTIFIER ::= 1.3.6.1.4.1.4203.1.11.1 # PasswdModifyRequestValue ::= SEQUENCE { # userIdentity [0] OCTET STRING OPTIONAL # oldPasswd [1] OCTET STRING OPTIONAL # newPasswd [2] OCTET STRING OPTIONAL } # # PasswdModifyResponseValue ::= SEQUENCE { # genPasswd [0] OCTET STRING OPTIONAL } class UserIdentity(OctetString): """ userIdentity [0] OCTET STRING OPTIONAL """ tagSet = OctetString.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 0)) encoding = 'utf-8' class OldPasswd(OctetString): """ oldPasswd [1] OCTET STRING OPTIONAL """ tagSet = OctetString.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 1)) encoding = 'utf-8' class NewPasswd(OctetString): """ newPasswd [2] OCTET STRING OPTIONAL """ tagSet = OctetString.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 2)) encoding = 'utf-8' class GenPasswd(OctetString): """ newPasswd [2] OCTET STRING OPTIONAL """ tagSet = OctetString.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 0)) encoding = 'utf-8' class PasswdModifyRequestValue(Sequence): """ PasswdModifyRequestValue ::= SEQUENCE { userIdentity [0] OCTET STRING OPTIONAL oldPasswd [1] OCTET STRING OPTIONAL newPasswd [2] OCTET STRING OPTIONAL } """ componentType = NamedTypes(OptionalNamedType('userIdentity', UserIdentity()), OptionalNamedType('oldPasswd', OldPasswd()), OptionalNamedType('newPasswd', NewPasswd())) class PasswdModifyResponseValue(Sequence): """ PasswdModifyResponseValue ::= SEQUENCE { genPasswd [0] OCTET STRING OPTIONAL } """ componentType = NamedTypes(OptionalNamedType('genPasswd', GenPasswd())) ldap3-2.4.1/ldap3/protocol/rfc4511.py0000666000000000000000000012306113226436321015163 0ustar 00000000000000""" """ # Created on 2013.05.15 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . ####################### # ldap ASN.1 Definition # from RFC4511 - Appendix B # extended with result codes from IANA ldap-parameters as of 2013.08.21 # extended with modify_increment from RFC4525 ######################################################### # Lightweight-Directory-Access-Protocol-V3 {1 3 6 1 1 18} # -- Copyright (C) The Internet Society (2006). This version of # -- this ASN.1 module is part of RFC 4511; see the RFC itself # -- for full legal notices. # DEFINITIONS # IMPLICIT TAGS # EXTENSIBILITY IMPLIED from pyasn1.type.univ import OctetString, Integer, Sequence, Choice, SequenceOf, Boolean, Null, Enumerated, SetOf from pyasn1.type.namedtype import NamedTypes, NamedType, OptionalNamedType, DefaultedNamedType from pyasn1.type.constraint import ValueRangeConstraint, SingleValueConstraint, ValueSizeConstraint from pyasn1.type.namedval import NamedValues from pyasn1.type.tag import tagClassApplication, tagFormatConstructed, Tag, tagClassContext, tagFormatSimple # constants # maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) -- LDAP_MAX_INT = 2147483647 MAXINT = Integer(LDAP_MAX_INT) # constraints rangeInt0ToMaxConstraint = ValueRangeConstraint(0, MAXINT) rangeInt1To127Constraint = ValueRangeConstraint(1, 127) size1ToMaxConstraint = ValueSizeConstraint(1, MAXINT) responseValueConstraint = SingleValueConstraint(0, 1, 2, 3, 4, 5, 6, 7, 8, 10, 11, 12, 13, 14, 16, 17, 18, 19, 20, 21, 32, 33, 34, 36, 48, 49, 50, 51, 52, 53, 54, 64, 65, 66, 67, 68, 69, 71, 80, 113, 114, 115, 116, 117, 118, 119, 120, 121, 122, 123, 4096) # custom constraints numericOIDConstraint = None # TODO distinguishedNameConstraint = None # TODO nameComponentConstraint = None # TODO attributeDescriptionConstraint = None # TODO uriConstraint = None # TODO attributeSelectorConstraint = None # TODO class Integer0ToMax(Integer): subtypeSpec = Integer.subtypeSpec + rangeInt0ToMaxConstraint class LDAPString(OctetString): # LDAPString ::= OCTET STRING -- UTF-8 encoded, -- [ISO10646] characters encoding = 'utf-8' class MessageID(Integer0ToMax): # MessageID ::= INTEGER (0 .. maxInt) pass class LDAPOID(OctetString): # LDAPOID ::= OCTET STRING -- Constrained to # -- [RFC4512] # subtypeSpec = numericOIDConstraint pass class LDAPDN(LDAPString): # LDAPDN ::= LDAPString -- Constrained to # -- [RFC4514] # subtypeSpec = distinguishedName pass class RelativeLDAPDN(LDAPString): # RelativeLDAPDN ::= LDAPString -- Constrained to # -- [RFC4514] # subtypeSpec = LDAPString.subtypeSpec + nameComponentConstraint pass class AttributeDescription(LDAPString): # AttributeDescription ::= LDAPString -- Constrained to # -- [RFC4512] # subtypeSpec = LDAPString.subtypeSpec + attributeDescriptionConstraint pass class AttributeValue(OctetString): # AttributeValue ::= OCTET STRING encoding = 'utf-8' class AssertionValue(OctetString): # AssertionValue ::= OCTET STRING encoding = 'utf-8' class AttributeValueAssertion(Sequence): # AttributeValueAssertion ::= SEQUENCE { # attributeDesc AttributeDescription, # assertionValue AssertionValue } componentType = NamedTypes(NamedType('attributeDesc', AttributeDescription()), NamedType('assertionValue', AssertionValue())) class MatchingRuleId(LDAPString): # MatchingRuleId ::= LDAPString pass class Vals(SetOf): # vals SET OF value AttributeValue } componentType = AttributeValue() class ValsAtLeast1(SetOf): # vals SET OF value AttributeValue } componentType = AttributeValue() subtypeSpec = SetOf.subtypeSpec + size1ToMaxConstraint class PartialAttribute(Sequence): # PartialAttribute ::= SEQUENCE { # type AttributeDescription, # vals SET OF value AttributeValue } componentType = NamedTypes(NamedType('type', AttributeDescription()), NamedType('vals', Vals())) class Attribute(Sequence): # Attribute ::= PartialAttribute(WITH COMPONENTS { # ..., # vals (SIZE(1..MAX))}) componentType = NamedTypes(NamedType('type', AttributeDescription()), # NamedType('vals', ValsAtLeast1())) NamedType('vals', Vals())) # changed from ValsAtLeast1() to allow empty member values in groups - this should not be as per rfc4511 4.1.7, but openldap accept it class AttributeList(SequenceOf): # AttributeList ::= SEQUENCE OF attribute Attribute componentType = Attribute() class Simple(OctetString): # simple [0] OCTET STRING, tagSet = OctetString.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 0)) encoding = 'utf-8' class Credentials(OctetString): # credentials OCTET STRING encoding = 'utf-8' class SaslCredentials(Sequence): # SaslCredentials ::= SEQUENCE { # mechanism LDAPString, # credentials OCTET STRING OPTIONAL } tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatConstructed, 3)) componentType = NamedTypes(NamedType('mechanism', LDAPString()), OptionalNamedType('credentials', Credentials())) # not in RFC4511 but used by Microsoft to embed the NTLM protocol in the BindRequest (Sicily Protocol) class SicilyPackageDiscovery(OctetString): # sicilyPackageDiscovery [9] OCTET STRING, tagSet = OctetString.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 9)) encoding = 'utf-8' # not in RFC4511 but used by Microsoft to embed the NTLM protocol in the BindRequest (Sicily Protocol) class SicilyNegotiate(OctetString): # sicilyNegotiate [10] OCTET STRING, tagSet = OctetString.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 10)) encoding = 'utf-8' # not in RFC4511 but used by Microsoft to embed the NTLM protocol in the BindRequest (Sicily Protocol) class SicilyResponse(OctetString): # sicilyResponse [11] OCTET STRING, tagSet = OctetString.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 11)) encoding = 'utf-8' class AuthenticationChoice(Choice): # AuthenticationChoice ::= CHOICE { # simple [0] OCTET STRING, # -- 1 and 2 reserved # sasl [3] SaslCredentials, # ... } # from https://msdn.microsoft.com/en-us/library/cc223498.aspx # legacy NTLM authentication for Windows Active Directory # sicilyPackageDiscovery [9] OCTET STRING # sicilyNegotiate [10] OCTET STRING # sicilyResponse [11] OCTET STRING } componentType = NamedTypes(NamedType('simple', Simple()), NamedType('sasl', SaslCredentials()), NamedType('sicilyPackageDiscovery', SicilyPackageDiscovery()), NamedType('sicilyNegotiate', SicilyNegotiate()), NamedType('sicilyResponse', SicilyResponse()), ) class Version(Integer): # version INTEGER (1 .. 127), subtypeSpec = Integer.subtypeSpec + rangeInt1To127Constraint class ResultCode(Enumerated): # resultCode ENUMERATED { # success (0), # operationsError (1), # protocolError (2), # timeLimitExceeded (3), # sizeLimitExceeded (4), # compareFalse (5), # compareTrue (6), # authMethodNotSupported (7), # strongerAuthRequired (8), # -- 9 reserved -- # referral (10), # adminLimitExceeded (11), # unavailableCriticalExtension (12), # confidentialityRequired (13), # saslBindInProgress (14), # noSuchAttribute (16), # undefinedAttributeType (17), # inappropriateMatching (18), # constraintViolation (19), # attributeOrValueExists (20), # invalidAttributeSyntax (21), # -- 22-31 unused -- # noSuchObject (32), # aliasProblem (33), # invalidDNSyntax (34), # -- 35 reserved for undefined isLeaf -- # aliasDereferencingProblem (36), # -- 37-47 unused -- # inappropriateAuthentication (48), # invalidCredentials (49), # insufficientAccessRights (50), # busy (51), # unavailable (52), # unwillingToPerform (53), # loopDetect (54), # -- 55-63 unused -- # namingViolation (64), # objectClassViolation (65), # notAllowedOnNonLeaf (66), # notAllowedOnRDN (67), # entryAlreadyExists (68), # objectClassModsProhibited (69), # -- 70 reserved for CLDAP -- # affectsMultipleDSAs (71), # -- 72-79 unused -- # other (80), # ... } # # from IANA ldap-parameters: # lcupResourcesExhausted 113 IESG [RFC3928] # lcupSecurityViolation 114 IESG [RFC3928] # lcupInvalidData 115 IESG [RFC3928] # lcupUnsupportedScheme 116 IESG [RFC3928] # lcupReloadRequired 117 IESG [RFC3928] # canceled 118 IESG [RFC3909] # noSuchOperation 119 IESG [RFC3909] # tooLate 120 IESG [RFC3909] # cannotCancel 121 IESG [RFC3909] # assertionFailed 122 IESG [RFC4528] # authorizationDenied 123 WELTMAN [RFC4370] # e-syncRefreshRequired 4096 [Kurt_Zeilenga] [Jong_Hyuk_Choi] [RFC4533] namedValues = NamedValues(('success', 0), ('operationsError', 1), ('protocolError', 2), ('timeLimitExceeded', 3), ('sizeLimitExceeded', 4), ('compareFalse', 5), ('compareTrue', 6), ('authMethodNotSupported', 7), ('strongerAuthRequired', 8), ('referral', 10), ('adminLimitExceeded', 11), ('unavailableCriticalExtension', 12), ('confidentialityRequired', 13), ('saslBindInProgress', 14), ('noSuchAttribute', 16), ('undefinedAttributeType', 17), ('inappropriateMatching', 18), ('constraintViolation', 19), ('attributeOrValueExists', 20), ('invalidAttributeSyntax', 21), ('noSuchObject', 32), ('aliasProblem', 33), ('invalidDNSyntax', 34), ('aliasDereferencingProblem', 36), ('inappropriateAuthentication', 48), ('invalidCredentials', 49), ('insufficientAccessRights', 50), ('busy', 51), ('unavailable', 52), ('unwillingToPerform', 53), ('loopDetected', 54), ('namingViolation', 64), ('objectClassViolation', 65), ('notAllowedOnNonLeaf', 66), ('notAllowedOnRDN', 67), ('entryAlreadyExists', 68), ('objectClassModsProhibited', 69), ('affectMultipleDSAs', 71), ('other', 80), ('lcupResourcesExhausted', 113), ('lcupSecurityViolation', 114), ('lcupInvalidData', 115), ('lcupUnsupportedScheme', 116), ('lcupReloadRequired', 117), ('canceled', 118), ('noSuchOperation', 119), ('tooLate', 120), ('cannotCancel', 121), ('assertionFailed', 122), ('authorizationDenied', 123), ('e-syncRefreshRequired', 4096)) subTypeSpec = Enumerated.subtypeSpec + responseValueConstraint class URI(LDAPString): # URI ::= LDAPString -- limited to characters permitted in # -- URIs # subtypeSpec = LDAPString.subTypeSpec + uriConstrain pass class Referral(SequenceOf): # Referral ::= SEQUENCE SIZE (1..MAX) OF uri URI tagSet = SequenceOf.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatConstructed, 3)) componentType = URI() class ServerSaslCreds(OctetString): # serverSaslCreds [7] OCTET STRING OPTIONAL tagSet = OctetString.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 7)) encoding = 'utf-8' class LDAPResult(Sequence): # LDAPResult ::= SEQUENCE { # resultCode ENUMERATED { # success (0), # operationsError (1), # protocolError (2), # timeLimitExceeded (3), # sizeLimitExceeded (4), # compareFalse (5), # compareTrue (6), # authMethodNotSupported (7), # strongerAuthRequired (8), # -- 9 reserved -- # referral (10), # adminLimitExceeded (11), # unavailableCriticalExtension (12), # confidentialityRequired (13), # saslBindInProgress (14), # noSuchAttribute (16), # undefinedAttributeType (17), # inappropriateMatching (18), # constraintViolation (19), # attributeOrValueExists (20), # invalidAttributeSyntax (21), # -- 22-31 unused -- # noSuchObject (32), # aliasProblem (33), # invalidDNSyntax (34), # -- 35 reserved for undefined isLeaf -- # aliasDereferencingProblem (36), # -- 37-47 unused -- # inappropriateAuthentication (48), # invalidCredentials (49), # insufficientAccessRights (50), # busy (51), # unavailable (52), # unwillingToPerform (53), # loopDetect (54), # -- 55-63 unused -- # namingViolation (64), # objectClassViolation (65), # notAllowedOnNonLeaf (66), # notAllowedOnRDN (67), # entryAlreadyExists (68), # objectClassModsProhibited (69), # -- 70 reserved for CLDAP -- # affectsMultipleDSAs (71), # -- 72-79 unused -- # other (80), # ... }, # matchedDN LDAPDN, # diagnosticMessage LDAPString, # referral [3] Referral OPTIONAL } componentType = NamedTypes(NamedType('resultCode', ResultCode()), NamedType('matchedDN', LDAPDN()), NamedType('diagnosticMessage', LDAPString()), OptionalNamedType('referral', Referral())) class Criticality(Boolean): # criticality BOOLEAN DEFAULT FALSE defaultValue = False class ControlValue(OctetString): # controlValue OCTET STRING encoding = 'utf-8' class Control(Sequence): # Control ::= SEQUENCE { # controlType LDAPOID, # criticality BOOLEAN DEFAULT FALSE, # controlValue OCTET STRING OPTIONAL } componentType = NamedTypes(NamedType('controlType', LDAPOID()), DefaultedNamedType('criticality', Criticality()), OptionalNamedType('controlValue', ControlValue())) class Controls(SequenceOf): # Controls ::= SEQUENCE OF control Control tagSet = SequenceOf.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatConstructed, 0)) componentType = Control() class Scope(Enumerated): # scope ENUMERATED { # baseObject (0), # singleLevel (1), # wholeSubtree (2), namedValues = NamedValues(('baseObject', 0), ('singleLevel', 1), ('wholeSubtree', 2)) class DerefAliases(Enumerated): # derefAliases ENUMERATED { # neverDerefAliases (0), # derefInSearching (1), # derefFindingBaseObj (2), # derefAlways (3) }, namedValues = NamedValues(('neverDerefAliases', 0), ('derefInSearching', 1), ('derefFindingBaseObj', 2), ('derefAlways', 3)) class TypesOnly(Boolean): # typesOnly BOOLEAN pass class Selector(LDAPString): # -- The LDAPString is constrained to # -- in Section 4.5.1.8 # subtypeSpec = LDAPString.subtypeSpec + attributeSelectorConstraint pass class AttributeSelection(SequenceOf): # AttributeSelection ::= SEQUENCE OF selector LDAPString # -- The LDAPString is constrained to # -- in Section 4.5.1.8 componentType = Selector() class MatchingRule(MatchingRuleId): # matchingRule [1] MatchingRuleId tagSet = MatchingRuleId.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 1)) class Type(AttributeDescription): # type [2] AttributeDescription tagSet = AttributeDescription.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 2)) class MatchValue(AssertionValue): # matchValue [3] AssertionValue, tagSet = AssertionValue.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 3)) class DnAttributes(Boolean): # dnAttributes [4] BOOLEAN DEFAULT FALSE } tagSet = Boolean.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 4)) defaultValue = Boolean(False) class MatchingRuleAssertion(Sequence): # MatchingRuleAssertion ::= SEQUENCE { # matchingRule [1] MatchingRuleId OPTIONAL, # type [2] AttributeDescription OPTIONAL, # matchValue [3] AssertionValue, # dnAttributes [4] BOOLEAN DEFAULT FALSE } componentType = NamedTypes(OptionalNamedType('matchingRule', MatchingRule()), OptionalNamedType('type', Type()), NamedType('matchValue', MatchValue()), DefaultedNamedType('dnAttributes', DnAttributes())) class Initial(AssertionValue): # initial [0] AssertionValue, -- can occur at most once tagSet = AssertionValue.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 0)) class Any(AssertionValue): # any [1] AssertionValue, tagSet = AssertionValue.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 1)) class Final(AssertionValue): # final [1] AssertionValue, -- can occur at most once tagSet = AssertionValue.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 2)) class Substring(Choice): # substring CHOICE { # initial [0] AssertionValue, -- can occur at most once # any [1] AssertionValue, # final [2] AssertionValue } -- can occur at most once # } componentType = NamedTypes(NamedType('initial', Initial()), NamedType('any', Any()), NamedType('final', Final())) class Substrings(SequenceOf): # substrings SEQUENCE SIZE (1..MAX) OF substring CHOICE { # ... # } subtypeSpec = SequenceOf.subtypeSpec + size1ToMaxConstraint componentType = Substring() class SubstringFilter(Sequence): # SubstringFilter ::= SEQUENCE { # type AttributeDescription, # substrings SEQUENCE SIZE (1..MAX) OF substring CHOICE { # initial [0] AssertionValue, -- can occur at most once # any [1] AssertionValue, # final [2] AssertionValue } -- can occur at most once # } tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatConstructed, 4)) componentType = NamedTypes(NamedType('type', AttributeDescription()), NamedType('substrings', Substrings())) class And(SetOf): # and [0] SET SIZE (1..MAX) OF filter Filter tagSet = SetOf.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatConstructed, 0)) subtypeSpec = SetOf.subtypeSpec + size1ToMaxConstraint class Or(SetOf): # or [1] SET SIZE (1..MAX) OF filter Filter tagSet = SetOf.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatConstructed, 1)) subtypeSpec = SetOf.subtypeSpec + size1ToMaxConstraint class Not(Choice): # not [2] Filter pass # defined after Filter definition to allow recursion class EqualityMatch(AttributeValueAssertion): # equalityMatch [3] AttributeValueAssertion tagSet = AttributeValueAssertion.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatConstructed, 3)) class GreaterOrEqual(AttributeValueAssertion): # greaterOrEqual [5] AttributeValueAssertion tagSet = AttributeValueAssertion.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatConstructed, 5)) class LessOrEqual(AttributeValueAssertion): # lessOrEqual [6] AttributeValueAssertion tagSet = AttributeValueAssertion.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatConstructed, 6)) class Present(AttributeDescription): # present [7] AttributeDescription tagSet = AttributeDescription.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatConstructed, 7)) class ApproxMatch(AttributeValueAssertion): # approxMatch [8] AttributeValueAssertion tagSet = AttributeValueAssertion.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatConstructed, 8)) class ExtensibleMatch(MatchingRuleAssertion): # extensibleMatch [9] MatchingRuleAssertion tagSet = MatchingRuleAssertion.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatConstructed, 9)) class Filter(Choice): # Filter ::= CHOICE { # and [0] SET SIZE (1..MAX) OF filter Filter, # or [1] SET SIZE (1..MAX) OF filter Filter, # not [2] Filter, # equalityMatch [3] AttributeValueAssertion, # substrings [4] SubstringFilter, # greaterOrEqual [5] AttributeValueAssertion, # lessOrEqual [6] AttributeValueAssertion, # present [7] AttributeDescription, # approxMatch [8] AttributeValueAssertion, # extensibleMatch [9] MatchingRuleAssertion, # ... } componentType = NamedTypes(NamedType('and', And()), NamedType('or', Or()), NamedType('notFilter', Not()), NamedType('equalityMatch', EqualityMatch()), NamedType('substringFilter', SubstringFilter()), NamedType('greaterOrEqual', GreaterOrEqual()), NamedType('lessOrEqual', LessOrEqual()), NamedType('present', Present()), NamedType('approxMatch', ApproxMatch()), NamedType('extensibleMatch', ExtensibleMatch())) And.componentType = Filter() Or.componentType = Filter() Not.componentType = NamedTypes(NamedType('innerNotFilter', Filter())) Not.tagSet = Filter.tagSet.tagExplicitly(Tag(tagClassContext, tagFormatConstructed, 2)) # as per RFC4511 page 23 class PartialAttributeList(SequenceOf): # PartialAttributeList ::= SEQUENCE OF # partialAttribute PartialAttribute componentType = PartialAttribute() class Operation(Enumerated): # operation ENUMERATED { # add (0), # delete (1), # replace (2), # ... } namedValues = NamedValues(('add', 0), ('delete', 1), ('replace', 2), ('increment', 3)) class Change(Sequence): # change SEQUENCE { # operation ENUMERATED { # add (0), # delete (1), # replace (2), # ... }, # modification PartialAttribute } } componentType = NamedTypes(NamedType('operation', Operation()), NamedType('modification', PartialAttribute())) class Changes(SequenceOf): # changes SEQUENCE OF change SEQUENCE componentType = Change() class DeleteOldRDN(Boolean): # deleteoldrdn BOOLEAN pass class NewSuperior(LDAPDN): # newSuperior [0] LDAPDN tagSet = LDAPDN.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 0)) class RequestName(LDAPOID): # requestName [0] LDAPOID tagSet = LDAPOID.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 0)) class RequestValue(OctetString): # requestValue [1] OCTET STRING tagSet = OctetString.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 1)) encoding = 'utf-8' class ResponseName(LDAPOID): # responseName [10] LDAPOID tagSet = LDAPOID.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 10)) class ResponseValue(OctetString): # responseValue [11] OCTET STRING tagSet = OctetString.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 11)) encoding = 'utf-8' class IntermediateResponseName(LDAPOID): # responseName [0] LDAPOID tagSet = LDAPOID.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 0)) class IntermediateResponseValue(OctetString): # responseValue [1] OCTET STRING tagSet = OctetString.tagSet.tagImplicitly(Tag(tagClassContext, tagFormatSimple, 1)) encoding = 'utf-8' # operations class BindRequest(Sequence): # BindRequest ::= [APPLICATION 0] SEQUENCE { # version INTEGER (1 .. 127), # name LDAPDN, # authentication AuthenticationChoice } tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 0)) componentType = NamedTypes(NamedType('version', Version()), NamedType('name', LDAPDN()), NamedType('authentication', AuthenticationChoice())) class BindResponse(Sequence): # BindResponse ::= [APPLICATION 1] SEQUENCE { # COMPONENTS OF LDAPResult, # serverSaslCreds [7] OCTET STRING OPTIONAL } tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 1)) componentType = NamedTypes(NamedType('resultCode', ResultCode()), NamedType('matchedDN', LDAPDN()), NamedType('diagnosticMessage', LDAPString()), OptionalNamedType('referral', Referral()), OptionalNamedType('serverSaslCreds', ServerSaslCreds())) class UnbindRequest(Null): # UnbindRequest ::= [APPLICATION 2] NULL tagSet = Null.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatSimple, 2)) class SearchRequest(Sequence): # SearchRequest ::= [APPLICATION 3] SEQUENCE { # baseObject LDAPDN, # scope ENUMERATED { # baseObject (0), # singleLevel (1), # wholeSubtree (2), # ... }, # derefAliases ENUMERATED { # neverDerefAliases (0), # derefInSearching (1), # derefFindingBaseObj (2), # derefAlways (3) }, # sizeLimit INTEGER (0 .. maxInt), # timeLimit INTEGER (0 .. maxInt), # typesOnly BOOLEAN, # filter Filter, # attributes AttributeSelection } tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 3)) componentType = NamedTypes(NamedType('baseObject', LDAPDN()), NamedType('scope', Scope()), NamedType('derefAliases', DerefAliases()), NamedType('sizeLimit', Integer0ToMax()), NamedType('timeLimit', Integer0ToMax()), NamedType('typesOnly', TypesOnly()), NamedType('filter', Filter()), NamedType('attributes', AttributeSelection())) class SearchResultReference(SequenceOf): # SearchResultReference ::= [APPLICATION 19] SEQUENCE # SIZE (1..MAX) OF uri URI tagSet = SequenceOf.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 19)) subtypeSpec = SequenceOf.subtypeSpec + size1ToMaxConstraint componentType = URI() class SearchResultEntry(Sequence): # SearchResultEntry ::= [APPLICATION 4] SEQUENCE { # objectName LDAPDN, # attributes PartialAttributeList } tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 4)) componentType = NamedTypes(NamedType('object', LDAPDN()), NamedType('attributes', PartialAttributeList())) class SearchResultDone(LDAPResult): # SearchResultDone ::= [APPLICATION 5] LDAPResult tagSet = LDAPResult.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 5)) class ModifyRequest(Sequence): # ModifyRequest ::= [APPLICATION 6] SEQUENCE { # object LDAPDN, # changes SEQUENCE OF change SEQUENCE { # operation ENUMERATED { # add (0), # delete (1), # replace (2), # ... }, # modification PartialAttribute } } tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 6)) componentType = NamedTypes(NamedType('object', LDAPDN()), NamedType('changes', Changes())) class ModifyResponse(LDAPResult): # ModifyResponse ::= [APPLICATION 7] LDAPResult tagSet = LDAPResult.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 7)) class AddRequest(Sequence): # AddRequest ::= [APPLICATION 8] SEQUENCE { # entry LDAPDN, # attributes AttributeList } tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 8)) componentType = NamedTypes(NamedType('entry', LDAPDN()), NamedType('attributes', AttributeList())) class AddResponse(LDAPResult): # AddResponse ::= [APPLICATION 9] LDAPResult tagSet = LDAPResult.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 9)) class DelRequest(LDAPDN): # DelRequest ::= [APPLICATION 10] LDAPDN tagSet = LDAPDN.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatSimple, 10)) class DelResponse(LDAPResult): # DelResponse ::= [APPLICATION 11] LDAPResult tagSet = LDAPResult.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 11)) class ModifyDNRequest(Sequence): # ModifyDNRequest ::= [APPLICATION 12] SEQUENCE { # entry LDAPDN, # newrdn RelativeLDAPDN, # deleteoldrdn BOOLEAN, # newSuperior [0] LDAPDN OPTIONAL } tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 12)) componentType = NamedTypes(NamedType('entry', LDAPDN()), NamedType('newrdn', RelativeLDAPDN()), NamedType('deleteoldrdn', DeleteOldRDN()), OptionalNamedType('newSuperior', NewSuperior())) class ModifyDNResponse(LDAPResult): # ModifyDNResponse ::= [APPLICATION 13] LDAPResult tagSet = LDAPResult.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 13)) class CompareRequest(Sequence): # CompareRequest ::= [APPLICATION 14] SEQUENCE { # entry LDAPDN, # ava AttributeValueAssertion } tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 14)) componentType = NamedTypes(NamedType('entry', LDAPDN()), NamedType('ava', AttributeValueAssertion())) class CompareResponse(LDAPResult): # CompareResponse ::= [APPLICATION 15] LDAPResult tagSet = LDAPResult.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 15)) class AbandonRequest(MessageID): # AbandonRequest ::= [APPLICATION 16] MessageID tagSet = MessageID.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatSimple, 16)) class ExtendedRequest(Sequence): # ExtendedRequest ::= [APPLICATION 23] SEQUENCE { # requestName [0] LDAPOID, # requestValue [1] OCTET STRING OPTIONAL } tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 23)) componentType = NamedTypes(NamedType('requestName', RequestName()), OptionalNamedType('requestValue', RequestValue())) class ExtendedResponse(Sequence): # ExtendedResponse ::= [APPLICATION 24] SEQUENCE { # COMPONENTS OF LDAPResult, # responseName [10] LDAPOID OPTIONAL, # responseValue [11] OCTET STRING OPTIONAL } tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 24)) componentType = NamedTypes(NamedType('resultCode', ResultCode()), NamedType('matchedDN', LDAPDN()), NamedType('diagnosticMessage', LDAPString()), OptionalNamedType('referral', Referral()), OptionalNamedType('responseName', ResponseName()), OptionalNamedType('responseValue', ResponseValue())) class IntermediateResponse(Sequence): # IntermediateResponse ::= [APPLICATION 25] SEQUENCE { # responseName [0] LDAPOID OPTIONAL, # responseValue [1] OCTET STRING OPTIONAL } tagSet = Sequence.tagSet.tagImplicitly(Tag(tagClassApplication, tagFormatConstructed, 25)) componentType = NamedTypes(OptionalNamedType('responseName', IntermediateResponseName()), OptionalNamedType('responseValue', IntermediateResponseValue())) class ProtocolOp(Choice): # protocolOp CHOICE { # bindRequest BindRequest, # bindResponse BindResponse, # unbindRequest UnbindRequest, # searchRequest SearchRequest, # searchResEntry SearchResultEntry, # searchResDone SearchResultDone, # searchResRef SearchResultReference, # modifyRequest ModifyRequest, # modifyResponse ModifyResponse, # addRequest AddRequest, # addResponse AddResponse, # delRequest DelRequest, # delResponse DelResponse, # modDNRequest ModifyDNRequest, # modDNResponse ModifyDNResponse, # compareRequest CompareRequest, # compareResponse CompareResponse, # abandonRequest AbandonRequest, # extendedReq ExtendedRequest, # extendedResp ExtendedResponse, # ..., # intermediateResponse IntermediateResponse } componentType = NamedTypes(NamedType('bindRequest', BindRequest()), NamedType('bindResponse', BindResponse()), NamedType('unbindRequest', UnbindRequest()), NamedType('searchRequest', SearchRequest()), NamedType('searchResEntry', SearchResultEntry()), NamedType('searchResDone', SearchResultDone()), NamedType('searchResRef', SearchResultReference()), NamedType('modifyRequest', ModifyRequest()), NamedType('modifyResponse', ModifyResponse()), NamedType('addRequest', AddRequest()), NamedType('addResponse', AddResponse()), NamedType('delRequest', DelRequest()), NamedType('delResponse', DelResponse()), NamedType('modDNRequest', ModifyDNRequest()), NamedType('modDNResponse', ModifyDNResponse()), NamedType('compareRequest', CompareRequest()), NamedType('compareResponse', CompareResponse()), NamedType('abandonRequest', AbandonRequest()), NamedType('extendedReq', ExtendedRequest()), NamedType('extendedResp', ExtendedResponse()), NamedType('intermediateResponse', IntermediateResponse())) class LDAPMessage(Sequence): # LDAPMessage ::= SEQUENCE { # messageID MessageID, # protocolOp CHOICE { # bindRequest BindRequest, # bindResponse BindResponse, # unbindRequest UnbindRequest, # searchRequest SearchRequest, # searchResEntry SearchResultEntry, # searchResDone SearchResultDone, # searchResRef SearchResultReference, # modifyRequest ModifyRequest, # modifyResponse ModifyResponse, # addRequest AddRequest, # addResponse AddResponse, # delRequest DelRequest, # delResponse DelResponse, # modDNRequest ModifyDNRequest, # modDNResponse ModifyDNResponse, # compareRequest CompareRequest, # compareResponse CompareResponse, # abandonRequest AbandonRequest, # extendedReq ExtendedRequest, # extendedResp ExtendedResponse, # ..., # intermediateResponse IntermediateResponse }, # controls [0] Controls OPTIONAL } componentType = NamedTypes(NamedType('messageID', MessageID()), NamedType('protocolOp', ProtocolOp()), OptionalNamedType('controls', Controls())) ldap3-2.4.1/ldap3/protocol/rfc4512.py0000666000000000000000000011352113226436321015164 0ustar 00000000000000""" """ # Created on 2013.09.11 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from os import linesep import re import json from .oid import CLASS_ABSTRACT, CLASS_STRUCTURAL, CLASS_AUXILIARY, ATTRIBUTE_USER_APPLICATION, \ ATTRIBUTE_DIRECTORY_OPERATION, ATTRIBUTE_DISTRIBUTED_OPERATION, ATTRIBUTE_DSA_OPERATION from .. import SEQUENCE_TYPES, STRING_TYPES, get_config_parameter from ..utils.conv import escape_bytes, json_hook, check_json_dict, format_json, to_unicode from ..utils.ciDict import CaseInsensitiveDict from ..protocol.formatters.standard import format_attribute_values from .oid import Oids, decode_oids, decode_syntax, oid_to_string from ..core.exceptions import LDAPSchemaError, LDAPDefinitionError def constant_to_class_kind(value): if value == CLASS_STRUCTURAL: return 'Structural' elif value == CLASS_ABSTRACT: return 'Abstract' elif value == CLASS_AUXILIARY: return 'Auxiliary' else: return '' def constant_to_attribute_usage(value): if value == ATTRIBUTE_USER_APPLICATION: return 'User Application' elif value == ATTRIBUTE_DIRECTORY_OPERATION: return "Directory operation" elif value == ATTRIBUTE_DISTRIBUTED_OPERATION: return 'Distributed operation' elif value == ATTRIBUTE_DSA_OPERATION: return 'DSA operation' else: return 'unknown' def attribute_usage_to_constant(value): if value == 'userApplications': return ATTRIBUTE_USER_APPLICATION elif value == 'directoryOperation': return ATTRIBUTE_DIRECTORY_OPERATION elif value == 'distributedOperation': return ATTRIBUTE_DISTRIBUTED_OPERATION elif value == 'dsaOperation': return ATTRIBUTE_DSA_OPERATION else: return 'unknown' def quoted_string_to_list(quoted_string): string = quoted_string.strip() if not string: return list() if string[0] == '(' and string[-1] == ')': string = string[1:-1] elements = string.split("'") # return [check_escape(element.strip("'").strip()) for element in elements if element.strip()] return [element.strip("'").strip() for element in elements if element.strip()] def oids_string_to_list(oid_string): string = oid_string.strip() if string[0] == '(' and string[-1] == ')': string = string[1:-1] elements = string.split('$') return [element.strip() for element in elements if element.strip()] def extension_to_tuple(extension_string): string = extension_string.strip() name, _, values = string.partition(' ') return name, quoted_string_to_list(values) def list_to_string(list_object): if not isinstance(list_object, SEQUENCE_TYPES): return list_object r = '' for element in list_object: r += (list_to_string(element) if isinstance(element, SEQUENCE_TYPES) else str(element)) + ', ' return r[:-2] if r else '' class BaseServerInfo(object): def __init__(self, raw_attributes): self.raw = dict(raw_attributes) @classmethod def from_json(cls, json_definition, schema=None, custom_formatter=None): conf_case_insensitive_schema = get_config_parameter('CASE_INSENSITIVE_SCHEMA_NAMES') definition = json.loads(json_definition, object_hook=json_hook) if 'raw' not in definition or 'type' not in definition: raise LDAPDefinitionError('invalid JSON definition') if conf_case_insensitive_schema: attributes = CaseInsensitiveDict() else: attributes = dict() if schema: for attribute in definition['raw']: # attributes[attribute] = format_attribute_values(schema, check_escape(attribute), [check_escape(value) for value in definition['raw'][attribute]], custom_formatter) attributes[attribute] = format_attribute_values(schema, attribute, [value for value in definition['raw'][attribute]], custom_formatter) else: for attribute in definition['raw']: # attributes[attribute] = [check_escape(value) for value in definition['raw'][attribute]] attributes[attribute] = [value for value in definition['raw'][attribute]] if cls.__name__ != definition['type']: raise LDAPDefinitionError('JSON info not of type ' + cls.__name__) if definition['type'] == 'DsaInfo': return DsaInfo(attributes, definition['raw']) elif definition['type'] == 'SchemaInfo': if 'schema_entry' not in definition: raise LDAPDefinitionError('invalid schema in JSON') return SchemaInfo(definition['schema_entry'], attributes, definition['raw']) raise LDAPDefinitionError('invalid Info type ' + str(definition['type']) + ' in JSON definition') @classmethod def from_file(cls, target, schema=None, custom_formatter=None): if isinstance(target, STRING_TYPES): target = open(target, 'r') new = cls.from_json(target.read(), schema=schema, custom_formatter=custom_formatter) target.close() return new def to_file(self, target, indent=4, sort=True): if isinstance(target, STRING_TYPES): target = open(target, 'w+') target.writelines(self.to_json(indent=indent, sort=sort)) target.close() def __str__(self): return self.__repr__() def to_json(self, indent=4, sort=True): json_dict = dict() json_dict['type'] = self.__class__.__name__ json_dict['raw'] = self.raw if isinstance(self, SchemaInfo): json_dict['schema_entry'] = self.schema_entry elif isinstance(self, DsaInfo): pass else: raise LDAPDefinitionError('unable to convert ' + str(self) + ' to JSON') if str is bytes: # Python 2 check_json_dict(json_dict) return json.dumps(json_dict, ensure_ascii=False, sort_keys=sort, indent=indent, check_circular=True, default=format_json, separators=(',', ': ')) class DsaInfo(BaseServerInfo): """ This class contains info about the ldap server (DSA) read from DSE as defined in RFC4512 and RFC3045. Unknown attributes are stored in the "other" dict """ def __init__(self, attributes, raw_attributes): BaseServerInfo.__init__(self, raw_attributes) self.alt_servers = attributes.pop('altServer', None) self.naming_contexts = attributes.pop('namingContexts', None) self.supported_controls = decode_oids(attributes.pop('supportedControl', None)) self.supported_extensions = decode_oids(attributes.pop('supportedExtension', None)) self.supported_features = decode_oids(attributes.pop('supportedFeatures', None)) + decode_oids(attributes.pop('supportedCapabilities', None)) self.supported_ldap_versions = attributes.pop('supportedLDAPVersion', None) self.supported_sasl_mechanisms = attributes.pop('supportedSASLMechanisms', None) self.vendor_name = attributes.pop('vendorName', None) self.vendor_version = attributes.pop('vendorVersion', None) self.schema_entry = attributes.pop('subschemaSubentry', None) self.other = attributes # remaining schema definition attributes not in RFC4512 def __repr__(self): r = 'DSA info (from DSE):' + linesep if self.supported_ldap_versions: if isinstance(self.supported_ldap_versions, SEQUENCE_TYPES): r += (' Supported LDAP versions: ' + ', '.join([str(s) for s in self.supported_ldap_versions])) if self.supported_ldap_versions else '' else: r += (' Supported LDAP versions: ' + str(self.supported_ldap_versions)) r += linesep if self.naming_contexts: if isinstance(self.naming_contexts, SEQUENCE_TYPES): r += (' Naming contexts: ' + linesep + linesep.join([' ' + str(s) for s in self.naming_contexts])) if self.naming_contexts else '' else: r += (' Naming contexts: ' + str(self.naming_contexts)) r += linesep if self.alt_servers: if isinstance(self.alt_servers, SEQUENCE_TYPES): r += (' Alternative servers: ' + linesep + linesep.join([' ' + str(s) for s in self.alt_servers])) if self.alt_servers else '' else: r += (' Alternative servers: ' + str(self.alt_servers)) r += linesep if self.supported_controls: if isinstance(self.supported_controls, SEQUENCE_TYPES): r += (' Supported controls: ' + linesep + linesep.join([' ' + oid_to_string(s) for s in self.supported_controls])) if self.supported_controls else '' else: r += (' Supported controls: ' + str(self.supported_controls)) r += linesep if self.supported_extensions: if isinstance(self.supported_extensions, SEQUENCE_TYPES): r += (' Supported extensions: ' + linesep + linesep.join([' ' + oid_to_string(s) for s in self.supported_extensions])) if self.supported_extensions else '' else: r += (' Supported extensions: ' + str(self.supported_extensions)) r += linesep if self.supported_features: if self.supported_features: if isinstance(self.supported_features, SEQUENCE_TYPES): r += (' Supported features: ' + linesep + linesep.join([' ' + oid_to_string(s) for s in self.supported_features])) if self.supported_features else '' else: r += (' Supported features: ' + str(self.supported_features)) r += linesep if self.supported_sasl_mechanisms: if isinstance(self.supported_sasl_mechanisms, SEQUENCE_TYPES): r += (' Supported SASL mechanisms: ' + linesep + ' ' + ', '.join([str(s) for s in self.supported_sasl_mechanisms])) if self.supported_sasl_mechanisms else '' else: r += (' Supported SASL mechanisms: ' + str(self.supported_sasl_mechanisms)) r += linesep if self.schema_entry: if isinstance(self.schema_entry, SEQUENCE_TYPES): r += (' Schema entry: ' + linesep + linesep.join([' ' + str(s) for s in self.schema_entry])) if self.schema_entry else '' else: r += (' Schema entry: ' + str(self.schema_entry)) r += linesep if self.vendor_name: if isinstance(self.vendor_name, SEQUENCE_TYPES) and len(self.vendor_name) == 1: r += 'Vendor name: ' + self.vendor_name[0] else: r += 'Vendor name: ' + str(self.vendor_name) r += linesep if self.vendor_version: if isinstance(self.vendor_version, SEQUENCE_TYPES) and len(self.vendor_version) == 1: r += 'Vendor version: ' + self.vendor_version[0] else: r += 'Vendor version: ' + str(self.vendor_version) r += linesep r += 'Other:' + linesep for k, v in self.other.items(): r += ' ' + str(k) + ': ' + linesep try: r += (linesep.join([' ' + str(s) for s in v])) if isinstance(v, SEQUENCE_TYPES) else str(v) except UnicodeDecodeError: r += (linesep.join([' ' + str(escape_bytes(s)) for s in v])) if isinstance(v, SEQUENCE_TYPES) else str(escape_bytes(v)) r += linesep return r class SchemaInfo(BaseServerInfo): """ This class contains info about the ldap server schema read from an entry (default entry is DSE) as defined in RFC4512. Unknown attributes are stored in the "other" dict """ def __init__(self, schema_entry, attributes, raw_attributes): BaseServerInfo.__init__(self, raw_attributes) self.schema_entry = schema_entry self.create_time_stamp = attributes.pop('createTimestamp', None) self.modify_time_stamp = attributes.pop('modifyTimestamp', None) self.attribute_types = AttributeTypeInfo.from_definition(attributes.pop('attributeTypes', [])) self.object_classes = ObjectClassInfo.from_definition(attributes.pop('objectClasses', [])) self.matching_rules = MatchingRuleInfo.from_definition(attributes.pop('matchingRules', [])) self.matching_rule_uses = MatchingRuleUseInfo.from_definition(attributes.pop('matchingRuleUse', [])) self.dit_content_rules = DitContentRuleInfo.from_definition(attributes.pop('dITContentRules', [])) self.dit_structure_rules = DitStructureRuleInfo.from_definition(attributes.pop('dITStructureRules', [])) self.name_forms = NameFormInfo.from_definition(attributes.pop('nameForms', [])) self.ldap_syntaxes = LdapSyntaxInfo.from_definition(attributes.pop('ldapSyntaxes', [])) self.other = attributes # remaining schema definition attributes not in RFC4512 # links attributes to class objects if self.object_classes and self.attribute_types: for object_class in self.object_classes: # CaseInsensitiveDict return keys while iterating for attribute in self.object_classes[object_class].must_contain: try: self.attribute_types[attribute].mandatory_in.append(object_class) except KeyError: pass for attribute in self.object_classes[object_class].may_contain: try: self.attribute_types[attribute].optional_in.append(object_class) except KeyError: pass def is_valid(self): if self.object_classes or self.attribute_types or self.matching_rules or self.matching_rule_uses or self.dit_content_rules or self.dit_structure_rules or self.name_forms or self.ldap_syntaxes: return True return False def __repr__(self): r = 'DSA Schema from: ' + self.schema_entry r += linesep if isinstance(self.attribute_types, SEQUENCE_TYPES): r += (' Attribute types:' + linesep + ' ' + ', '.join([str(self.attribute_types[s]) for s in self.attribute_types])) if self.attribute_types else '' else: r += (' Attribute types:' + str(self.attribute_types)) r += linesep if isinstance(self.object_classes, SEQUENCE_TYPES): r += (' Object classes:' + linesep + ' ' + ', '.join([str(self.object_classes[s]) for s in self.object_classes])) if self.object_classes else '' else: r += (' Object classes:' + str(self.object_classes)) r += linesep if isinstance(self.matching_rules, SEQUENCE_TYPES): r += (' Matching rules:' + linesep + ' ' + ', '.join([str(self.matching_rules[s]) for s in self.matching_rules])) if self.matching_rules else '' else: r += (' Matching rules:' + str(self.matching_rules)) r += linesep if isinstance(self.matching_rule_uses, SEQUENCE_TYPES): r += (' Matching rule uses:' + linesep + ' ' + ', '.join([str(self.matching_rule_uses[s]) for s in self.matching_rule_uses])) if self.matching_rule_uses else '' else: r += (' Matching rule uses:' + str(self.matching_rule_uses)) r += linesep if isinstance(self.dit_content_rules, SEQUENCE_TYPES): r += (' DIT content rules:' + linesep + ' ' + ', '.join([str(self.dit_content_rules[s]) for s in self.dit_content_rules])) if self.dit_content_rules else '' else: r += (' DIT content rules:' + str(self.dit_content_rules)) r += linesep if isinstance(self.dit_structure_rules, SEQUENCE_TYPES): r += (' DIT structure rules:' + linesep + ' ' + ', '.join([str(self.dit_structure_rules[s]) for s in self.dit_structure_rules])) if self.dit_structure_rules else '' else: r += (' DIT structure rules:' + str(self.dit_structure_rules)) r += linesep if isinstance(self.name_forms, SEQUENCE_TYPES): r += (' Name forms:' + linesep + ' ' + ', '.join([str(self.name_forms[s]) for s in self.name_forms])) if self.name_forms else '' else: r += (' Name forms:' + str(self.name_forms)) r += linesep if isinstance(self.ldap_syntaxes, SEQUENCE_TYPES): r += (' LDAP syntaxes:' + linesep + ' ' + ', '.join([str(self.ldap_syntaxes[s]) for s in self.ldap_syntaxes])) if self.ldap_syntaxes else '' else: r += (' LDAP syntaxes:' + str(self.ldap_syntaxes)) r += linesep r += 'Other:' + linesep for k, v in self.other.items(): r += ' ' + str(k) + ': ' + linesep try: r += (linesep.join([' ' + str(s) for s in v])) if isinstance(v, SEQUENCE_TYPES) else str(v) except UnicodeDecodeError: r += (linesep.join([' ' + str(escape_bytes(s)) for s in v])) if isinstance(v, SEQUENCE_TYPES) else str(escape_bytes(v)) r += linesep return r class BaseObjectInfo(object): """ Base class for objects defined in the schema as per RFC4512 """ def __init__(self, oid=None, name=None, description=None, obsolete=False, extensions=None, experimental=None, definition=None): self.oid = oid self.name = name self.description = description self.obsolete = obsolete self.extensions = extensions self.experimental = experimental self.raw_definition = definition self._oid_info = None @property def oid_info(self): if self._oid_info is None and self.oid: self._oid_info = Oids.get(self.oid, '') return self._oid_info if self._oid_info else None def __str__(self): return self.__repr__() def __repr__(self): r = ': ' + self.oid r += ' [OBSOLETE]' if self.obsolete else '' r += (linesep + ' Short name: ' + list_to_string(self.name)) if self.name else '' r += (linesep + ' Description: ' + self.description) if self.description else '' r += '<__desc__>' r += (linesep + ' Extensions:' + linesep + linesep.join([' ' + s[0] + ': ' + list_to_string(s[1]) for s in self.extensions])) if self.extensions else '' r += (linesep + ' Experimental:' + linesep + linesep.join([' ' + s[0] + ': ' + list_to_string(s[1]) for s in self.experimental])) if self.experimental else '' r += (linesep + ' OidInfo: ' + str(self.oid_info)) if self.oid_info else '' r += linesep return r @classmethod def from_definition(cls, definitions): conf_case_insensitive_schema = get_config_parameter('CASE_INSENSITIVE_SCHEMA_NAMES') conf_ignore_malformed_schema = get_config_parameter('IGNORE_MALFORMED_SCHEMA') ret_dict = CaseInsensitiveDict() if conf_case_insensitive_schema else dict() if not definitions: return CaseInsensitiveDict() if conf_case_insensitive_schema else dict() for object_definition in definitions: object_definition = to_unicode(object_definition.strip(), from_server=True) if object_definition[0] == '(' and object_definition[-1] == ')': if cls is MatchingRuleInfo: pattern = '| SYNTAX ' elif cls is ObjectClassInfo: pattern = '| SUP | ABSTRACT| STRUCTURAL| AUXILIARY| MUST | MAY ' elif cls is AttributeTypeInfo: pattern = '| SUP | EQUALITY | ORDERING | SUBSTR | SYNTAX | SINGLE-VALUE| COLLECTIVE| NO-USER-MODIFICATION| USAGE ' elif cls is MatchingRuleUseInfo: pattern = '| APPLIES ' elif cls is LdapSyntaxInfo: pattern = '' elif cls is DitContentRuleInfo: pattern = '| AUX | MUST | MAY | NOT ' elif cls is DitStructureRuleInfo: pattern = '| FORM | SUP ' elif cls is NameFormInfo: pattern = '| OC | MUST | MAY ' else: raise LDAPSchemaError('unknown schema definition class') splitted = re.split('( NAME | DESC | OBSOLETE| X-| E-' + pattern + ')', object_definition[1:-1]) values = splitted[::2] separators = splitted[1::2] separators.insert(0, 'OID') defs = list(zip(separators, values)) object_def = cls() for d in defs: key = d[0].strip() value = d[1].strip() if key == 'OID': object_def.oid = value elif key == 'NAME': object_def.name = quoted_string_to_list(value) elif key == 'DESC': object_def.description = value.strip("'") elif key == 'OBSOLETE': object_def.obsolete = True elif key == 'SYNTAX': object_def.syntax = oids_string_to_list(value) elif key == 'SUP': object_def.superior = oids_string_to_list(value) elif key == 'ABSTRACT': object_def.kind = CLASS_ABSTRACT elif key == 'STRUCTURAL': object_def.kind = CLASS_STRUCTURAL elif key == 'AUXILIARY': object_def.kind = CLASS_AUXILIARY elif key == 'MUST': object_def.must_contain = oids_string_to_list(value) elif key == 'MAY': object_def.may_contain = oids_string_to_list(value) elif key == 'EQUALITY': object_def.equality = oids_string_to_list(value) elif key == 'ORDERING': object_def.ordering = oids_string_to_list(value) elif key == 'SUBSTR': object_def.substr = oids_string_to_list(value) elif key == 'SINGLE-VALUE': object_def.single_value = True elif key == 'COLLECTIVE': object_def.collective = True elif key == 'NO-USER-MODIFICATION': object_def.no_user_modification = True elif key == 'USAGE': object_def.usage = attribute_usage_to_constant(value) elif key == 'APPLIES': object_def.apply_to = oids_string_to_list(value) elif key == 'AUX': object_def.auxiliary_classes = oids_string_to_list(value) elif key == 'FORM': object_def.name_form = oids_string_to_list(value) elif key == 'OC': object_def.object_class = oids_string_to_list(value) elif key == 'NOT': object_def.not_contains = oids_string_to_list(value) elif key == 'X-': if not object_def.extensions: object_def.extensions = [] object_def.extensions.append(extension_to_tuple('X-' + value)) elif key == 'E-': if not object_def.experimental: object_def.experimental = [] object_def.experimental.append(extension_to_tuple('E-' + value)) else: if not conf_ignore_malformed_schema: raise LDAPSchemaError('malformed schema definition key:' + key + ' - use get_info=NONE in Server definition') else: return CaseInsensitiveDict() if conf_case_insensitive_schema else dict() object_def.raw_definition = object_definition if hasattr(object_def, 'syntax') and object_def.syntax and len(object_def.syntax) == 1: object_def.min_length = None if object_def.syntax[0].endswith('}'): try: object_def.min_length = int(object_def.syntax[0][object_def.syntax[0].index('{') + 1:-1]) object_def.syntax[0] = object_def.syntax[0][:object_def.syntax[0].index('{')] except Exception: pass else: object_def.min_length = None object_def.syntax[0] = object_def.syntax[0].strip("'") object_def.syntax = object_def.syntax[0] if hasattr(object_def, 'name') and object_def.name: for name in object_def.name: ret_dict[name] = object_def else: ret_dict[object_def.oid] = object_def else: if not conf_ignore_malformed_schema: raise LDAPSchemaError('malformed schema definition, use get_info=NONE in Server definition') else: return CaseInsensitiveDict() if conf_case_insensitive_schema else dict() return ret_dict class MatchingRuleInfo(BaseObjectInfo): """ As per RFC 4512 (4.1.3) """ def __init__(self, oid=None, name=None, description=None, obsolete=False, syntax=None, extensions=None, experimental=None, definition=None): BaseObjectInfo.__init__(self, oid=oid, name=name, description=description, obsolete=obsolete, extensions=extensions, experimental=experimental, definition=definition) self.syntax = syntax def __repr__(self): r = (linesep + ' Syntax: ' + list_to_string(self.syntax)) if self.syntax else '' return 'Matching rule' + BaseObjectInfo.__repr__(self).replace('<__desc__>', r) class MatchingRuleUseInfo(BaseObjectInfo): """ As per RFC 4512 (4.1.4) """ def __init__(self, oid=None, name=None, description=None, obsolete=False, apply_to=None, extensions=None, experimental=None, definition=None): BaseObjectInfo.__init__(self, oid=oid, name=name, description=description, obsolete=obsolete, extensions=extensions, experimental=experimental, definition=definition) self.apply_to = apply_to def __repr__(self): r = (linesep + ' Apply to: ' + list_to_string(self.apply_to)) if self.apply_to else '' return 'Matching rule use' + BaseObjectInfo.__repr__(self).replace('<__desc__>', r) class ObjectClassInfo(BaseObjectInfo): """ As per RFC 4512 (4.1.1) """ def __init__(self, oid=None, name=None, description=None, obsolete=False, superior=None, kind=None, must_contain=None, may_contain=None, extensions=None, experimental=None, definition=None): BaseObjectInfo.__init__(self, oid=oid, name=name, description=description, obsolete=obsolete, extensions=extensions, experimental=experimental, definition=definition) self.superior = superior self.kind = kind self.must_contain = must_contain or [] self.may_contain = may_contain or [] def __repr__(self): r = '' r += (linesep + ' Type: ' + constant_to_class_kind(self.kind)) if self.kind else '' r += (linesep + ' Superior: ' + list_to_string(self.superior)) if self.superior else '' r += (linesep + ' Must contain attributes: ' + list_to_string(self.must_contain)) if self.must_contain else '' r += (linesep + ' May contain attributes: ' + list_to_string(self.may_contain)) if self.may_contain else '' return 'Object class' + BaseObjectInfo.__repr__(self).replace('<__desc__>', r) class AttributeTypeInfo(BaseObjectInfo): """ As per RFC 4512 (4.1.2) """ def __init__(self, oid=None, name=None, description=None, obsolete=False, superior=None, equality=None, ordering=None, substring=None, syntax=None, min_length=None, single_value=False, collective=False, no_user_modification=False, usage=None, extensions=None, experimental=None, definition=None): BaseObjectInfo.__init__(self, oid=oid, name=name, description=description, obsolete=obsolete, extensions=extensions, experimental=experimental, definition=definition) self.superior = superior self.equality = equality self.ordering = ordering self.substring = substring self.syntax = syntax self.min_length = min_length self.single_value = single_value self.collective = collective self.no_user_modification = no_user_modification self.usage = usage self.mandatory_in = [] self.optional_in = [] def __repr__(self): r = '' r += linesep + ' Single value: ' + str(self.single_value) r += linesep + ' Collective: True' if self.collective else '' r += (linesep + ' Superior: ' + list_to_string(self.superior)) if self.superior else '' r += linesep + ' No user modification: True' if self.no_user_modification else '' r += (linesep + ' Usage: ' + constant_to_attribute_usage(self.usage)) if self.usage else '' r += (linesep + ' Equality rule: ' + list_to_string(self.equality)) if self.equality else '' r += (linesep + ' Ordering rule: ' + list_to_string(self.ordering)) if self.ordering else '' r += (linesep + ' Substring rule: ' + list_to_string(self.substring)) if self.substring else '' r += (linesep + ' Syntax: ' + (self.syntax + (' [' + str(decode_syntax(self.syntax)))) + ']') if self.syntax else '' r += (linesep + ' Minimum length: ' + str(self.min_length)) if isinstance(self.min_length, int) else '' r += linesep + ' Mandatory in: ' + list_to_string(self.mandatory_in) if self.mandatory_in else '' r += linesep + ' Optional in: ' + list_to_string(self.optional_in) if self.optional_in else '' return 'Attribute type' + BaseObjectInfo.__repr__(self).replace('<__desc__>', r) class LdapSyntaxInfo(BaseObjectInfo): """ As per RFC 4512 (4.1.5) """ def __init__(self, oid=None, description=None, extensions=None, experimental=None, definition=None): BaseObjectInfo.__init__(self, oid=oid, name=None, description=description, obsolete=False, extensions=extensions, experimental=experimental, definition=definition) def __repr__(self): return 'LDAP syntax' + BaseObjectInfo.__repr__(self).replace('<__desc__>', '') class DitContentRuleInfo(BaseObjectInfo): """ As per RFC 4512 (4.1.6) """ def __init__(self, oid=None, name=None, description=None, obsolete=False, auxiliary_classes=None, must_contain=None, may_contain=None, not_contains=None, extensions=None, experimental=None, definition=None): BaseObjectInfo.__init__(self, oid=oid, name=name, description=description, obsolete=obsolete, extensions=extensions, experimental=experimental, definition=definition) self.auxiliary_classes = auxiliary_classes self.must_contain = must_contain self.may_contain = may_contain self.not_contains = not_contains def __repr__(self): r = (linesep + ' Auxiliary classes: ' + list_to_string(self.auxiliary_classes)) if self.auxiliary_classes else '' r += (linesep + ' Must contain: ' + list_to_string(self.must_contain)) if self.must_contain else '' r += (linesep + ' May contain: ' + list_to_string(self.may_contain)) if self.may_contain else '' r += (linesep + ' Not contains: ' + list_to_string(self.not_contains)) if self.not_contains else '' return 'DIT content rule' + BaseObjectInfo.__repr__(self).replace('<__desc__>', r) class DitStructureRuleInfo(BaseObjectInfo): """ As per RFC 4512 (4.1.7.1) """ def __init__(self, oid=None, name=None, description=None, obsolete=False, name_form=None, superior=None, extensions=None, experimental=None, definition=None): BaseObjectInfo.__init__(self, oid=oid, name=name, description=description, obsolete=obsolete, extensions=extensions, experimental=experimental, definition=definition) self.superior = superior self.name_form = name_form def __repr__(self): r = (linesep + ' Superior rules: ' + list_to_string(self.superior)) if self.superior else '' r += (linesep + ' Name form: ' + list_to_string(self.name_form)) if self.name_form else '' return 'DIT content rule' + BaseObjectInfo.__repr__(self).replace('<__desc__>', r) class NameFormInfo(BaseObjectInfo): """ As per RFC 4512 (4.1.7.2) """ def __init__(self, oid=None, name=None, description=None, obsolete=False, object_class=None, must_contain=None, may_contain=None, extensions=None, experimental=None, definition=None): BaseObjectInfo.__init__(self, oid=oid, name=name, description=description, obsolete=obsolete, extensions=extensions, experimental=experimental, definition=definition) self.object_class = object_class self.must_contain = must_contain self.may_contain = may_contain def __repr__(self): r = (linesep + ' Object class: ' + list_to_string(self.object_class)) if self.object_class else '' r += (linesep + ' Must contain: ' + list_to_string(self.must_contain)) if self.must_contain else '' r += (linesep + ' May contain: ' + list_to_string(self.may_contain)) if self.may_contain else '' return 'DIT content rule' + BaseObjectInfo.__repr__(self).replace('<__desc__>', r) ldap3-2.4.1/ldap3/protocol/rfc4527.py0000666000000000000000000000403613226436321015172 0ustar 00000000000000""" """ # Created on 2016.12.23 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from .. import NO_ATTRIBUTES, ALL_ATTRIBUTES, STRING_TYPES from ..operation.search import build_attribute_selection from .controls import build_control def _read_control(oid, attributes, criticality=False): if not attributes: attributes = [NO_ATTRIBUTES] elif attributes == ALL_ATTRIBUTES: attributes = [ALL_ATTRIBUTES] if isinstance(attributes, STRING_TYPES): attributes = [attributes] value = build_attribute_selection(attributes, None) return build_control(oid, criticality, value) def pre_read_control(attributes, criticality=False): """Create a pre-read control for a request. When passed as a control to the controls parameter of an operation, it will return the value in `Connection.result` before the operation took place. """ return _read_control('1.3.6.1.1.13.1', attributes, criticality) def post_read_control(attributes, criticality=False): """Create a post-read control for a request. When passed as a control to the controls parameter of an operation, it will return the value in `Connection.result` after the operation took place. """ return _read_control('1.3.6.1.1.13.2', attributes, criticality) ldap3-2.4.1/ldap3/protocol/sasl/0000777000000000000000000000000013231031760014455 5ustar 00000000000000ldap3-2.4.1/ldap3/protocol/sasl/digestMd5.py0000666000000000000000000001240613226436321016665 0ustar 00000000000000""" """ # Created on 2014.01.04 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from binascii import hexlify import hashlib import hmac from ... import SEQUENCE_TYPES from ...protocol.sasl.sasl import abort_sasl_negotiation, send_sasl_negotiation, random_hex_string STATE_KEY = 0 STATE_VALUE = 1 def md5_h(value): if not isinstance(value, bytes): value = value.encode() return hashlib.md5(value).digest() def md5_kd(k, s): if not isinstance(k, bytes): k = k.encode() if not isinstance(s, bytes): s = s.encode() return md5_h(k + b':' + s) def md5_hex(value): if not isinstance(value, bytes): value = value.encode() return hexlify(value) def md5_hmac(k, s): if not isinstance(k, bytes): k = k.encode() if not isinstance(s, bytes): s = s.encode() return hmac.new(k, s).hexdigest() def sasl_digest_md5(connection, controls): # sasl_credential must be a tuple made up of the following elements: (realm, user, password, authorization_id) # if realm is None will be used the realm received from the server, if available if not isinstance(connection.sasl_credentials, SEQUENCE_TYPES) or not len(connection.sasl_credentials) == 4: return None # step One of RFC2831 result = send_sasl_negotiation(connection, controls, None) if 'saslCreds' in result and result['saslCreds'] is not None: server_directives = decode_directives(result['saslCreds']) else: return None if 'realm' not in server_directives or 'nonce' not in server_directives or 'algorithm' not in server_directives: # mandatory directives, as per RFC2831 abort_sasl_negotiation(connection, controls) return None # step Two of RFC2831 charset = server_directives['charset'] if 'charset' in server_directives and server_directives['charset'].lower() == 'utf-8' else 'iso8859-1' user = connection.sasl_credentials[1].encode(charset) realm = (connection.sasl_credentials[0] if connection.sasl_credentials[0] else (server_directives['realm'] if 'realm' in server_directives else '')).encode(charset) password = connection.sasl_credentials[2].encode(charset) authz_id = connection.sasl_credentials[3].encode(charset) if connection.sasl_credentials[3] else b'' nonce = server_directives['nonce'].encode(charset) cnonce = random_hex_string(16).encode(charset) uri = b'ldap/' qop = b'auth' digest_response = b'username="' + user + b'",' digest_response += b'realm="' + realm + b'",' digest_response += (b'authzid="' + authz_id + b'",') if authz_id else b'' digest_response += b'nonce="' + nonce + b'",' digest_response += b'cnonce="' + cnonce + b'",' digest_response += b'digest-uri="' + uri + b'",' digest_response += b'qop=' + qop + b',' digest_response += b'nc=00000001' + b',' if charset == 'utf-8': digest_response += b'charset="utf-8",' a0 = md5_h(b':'.join([user, realm, password])) a1 = b':'.join([a0, nonce, cnonce, authz_id]) if authz_id else b':'.join([a0, nonce, cnonce]) a2 = b'AUTHENTICATE:' + uri + (':00000000000000000000000000000000' if qop in [b'auth-int', b'auth-conf'] else b'') digest_response += b'response="' + md5_hex(md5_kd(md5_hex(md5_h(a1)), b':'.join([nonce, b'00000001', cnonce, qop, md5_hex(md5_h(a2))]))) + b'"' result = send_sasl_negotiation(connection, controls, digest_response) return result def decode_directives(directives_string): """ converts directives to dict, unquote values """ # old_directives = dict((attr[0], attr[1].strip('"')) for attr in [line.split('=') for line in directives_string.split(',')]) state = STATE_KEY tmp_buffer = '' quoting = False key = '' directives = dict() for c in directives_string.decode('utf-8'): if state == STATE_KEY and c == '=': key = tmp_buffer tmp_buffer = '' state = STATE_VALUE elif state == STATE_VALUE and c == '"' and not quoting and not tmp_buffer: quoting = True elif state == STATE_VALUE and c == '"' and quoting: quoting = False elif state == STATE_VALUE and c == ',' and not quoting: directives[key] = tmp_buffer tmp_buffer = '' key = '' state = STATE_KEY else: tmp_buffer += c if key and tmp_buffer: directives[key] = tmp_buffer return directives ldap3-2.4.1/ldap3/protocol/sasl/external.py0000666000000000000000000000203313226436321016655 0ustar 00000000000000""" """ # Created on 2014.01.04 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from ...protocol.sasl.sasl import send_sasl_negotiation def sasl_external(connection, controls): result = send_sasl_negotiation(connection, controls, connection.sasl_credentials) return result ldap3-2.4.1/ldap3/protocol/sasl/kerberos.py0000666000000000000000000001165613226436321016662 0ustar 00000000000000""" """ # Created on 2015.04.08 # # Author: Giovanni Cannata # # Copyright 2015 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . # original code by Hugh Cole-Baker, modified by Peter Foley # it needs the gssapi package import socket from ...core.exceptions import LDAPPackageUnavailableError, LDAPCommunicationError try: # noinspection PyPackageRequirements,PyUnresolvedReferences import gssapi except ImportError: raise LDAPPackageUnavailableError('package gssapi missing') from .sasl import send_sasl_negotiation, abort_sasl_negotiation NO_SECURITY_LAYER = 1 INTEGRITY_PROTECTION = 2 CONFIDENTIALITY_PROTECTION = 4 def sasl_gssapi(connection, controls): """ Performs a bind using the Kerberos v5 ("GSSAPI") SASL mechanism from RFC 4752. Does not support any security layers, only authentication! sasl_credentials can be empty or a tuple with one or two elements. The first element determines which service principal to request a ticket for and can be one of the following: - None or False, to use the hostname from the Server object - True to perform a reverse DNS lookup to retrieve the canonical hostname for the hosts IP address - A string containing the hostname The optional second element is what authorization ID to request. - If omitted or None, the authentication ID is used as the authorization ID - If a string, the authorization ID to use. Should start with "dn:" or "user:". """ target_name = None authz_id = b"" if connection.sasl_credentials: if len(connection.sasl_credentials) >= 1 and connection.sasl_credentials[0]: if connection.sasl_credentials[0] is True: hostname = socket.gethostbyaddr(connection.socket.getpeername()[0])[0] target_name = gssapi.Name('ldap@' + hostname, gssapi.NameType.hostbased_service) else: target_name = gssapi.Name('ldap@' + connection.sasl_credentials[0], gssapi.NameType.hostbased_service) if len(connection.sasl_credentials) >= 2 and connection.sasl_credentials[1]: authz_id = connection.sasl_credentials[1].encode("utf-8") if target_name is None: target_name = gssapi.Name('ldap@' + connection.server.host, gssapi.NameType.hostbased_service) creds = gssapi.Credentials(name=gssapi.Name(connection.user), usage='initiate') if connection.user else None ctx = gssapi.SecurityContext(name=target_name, mech=gssapi.MechType.kerberos, creds=creds) in_token = None try: while True: out_token = ctx.step(in_token) if out_token is None: out_token = '' result = send_sasl_negotiation(connection, controls, out_token) in_token = result['saslCreds'] try: # This raised an exception in gssapi<1.1.2 if the context was # incomplete, but was fixed in # https://github.com/pythongssapi/python-gssapi/pull/70 if ctx.complete: break except gssapi.exceptions.MissingContextError: pass unwrapped_token = ctx.unwrap(in_token) if len(unwrapped_token.message) != 4: raise LDAPCommunicationError("Incorrect response from server") server_security_layers = unwrapped_token.message[0] if not isinstance(server_security_layers, int): server_security_layers = ord(server_security_layers) if server_security_layers in (0, NO_SECURITY_LAYER): if unwrapped_token.message[1:] != '\x00\x00\x00': raise LDAPCommunicationError("Server max buffer size must be 0 if no security layer") if not (server_security_layers & NO_SECURITY_LAYER): raise LDAPCommunicationError("Server requires a security layer, but this is not implemented") client_security_layers = bytearray([NO_SECURITY_LAYER, 0, 0, 0]) out_token = ctx.wrap(bytes(client_security_layers)+authz_id, False) return send_sasl_negotiation(connection, controls, out_token.message) except (gssapi.exceptions.GSSError, LDAPCommunicationError): abort_sasl_negotiation(connection, controls) raise ldap3-2.4.1/ldap3/protocol/sasl/plain.py0000666000000000000000000000427313226436321016146 0ustar 00000000000000""" """ # Created on 2014.01.04 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . # payload for PLAIN mechanism # message = [authzid] UTF8NUL authcid UTF8NUL passwd # authcid = 1*SAFE ; MUST accept up to 255 octets # authzid = 1*SAFE ; MUST accept up to 255 octets # passwd = 1*SAFE ; MUST accept up to 255 octets # UTF8NUL = %x00 ; UTF-8 encoded NUL character # # SAFE = UTF1 / UTF2 / UTF3 / UTF4 # ;; any UTF-8 encoded Unicode character except NUL # # UTF1 = %x01-7F ;; except NUL # UTF2 = %xC2-DF UTF0 # UTF3 = %xE0 %xA0-BF UTF0 / %xE1-EC 2(UTF0) / # %xED %x80-9F UTF0 / %xEE-EF 2(UTF0) # UTF4 = %xF0 %x90-BF 2(UTF0) / %xF1-F3 3(UTF0) / # %xF4 %x80-8F 2(UTF0) # UTF0 = %x80-BF from ...protocol.sasl.sasl import send_sasl_negotiation from .sasl import sasl_prep from ...utils.conv import to_raw, to_unicode def sasl_plain(connection, controls): authzid = connection.sasl_credentials[0] authcid = connection.sasl_credentials[1] passwd = connection.sasl_credentials[2] payload = b'' if authzid: payload += to_raw(sasl_prep(to_unicode(authzid))) payload += b'\0' if authcid: payload += to_raw(sasl_prep(to_unicode(authcid))) payload += b'\0' if passwd: payload += to_raw(sasl_prep(to_unicode(passwd))) result = send_sasl_negotiation(connection, controls, payload) return result ldap3-2.4.1/ldap3/protocol/sasl/sasl.py0000666000000000000000000001621513226436321016004 0ustar 00000000000000""" """ # Created on 2013.09.11 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import stringprep from unicodedata import ucd_3_2_0 as unicode32 from os import urandom from binascii import hexlify from ... import SASL from ...core.results import RESULT_AUTH_METHOD_NOT_SUPPORTED from ...core.exceptions import LDAPSASLPrepError, LDAPPasswordIsMandatoryError def sasl_prep(data): """ implement SASLPrep profile as per RFC4013: it defines the "SASLprep" profile of the "stringprep" algorithm [StringPrep]. The profile is designed for use in Simple Authentication and Security Layer ([SASL]) mechanisms, such as [PLAIN], [CRAM-MD5], and [DIGEST-MD5]. It may be applicable where simple user names and passwords are used. This profile is not intended for use in preparing identity strings that are not simple user names (e.g., email addresses, domain names, distinguished names), or where identity or password strings that are not character data, or require different handling (e.g., case folding). """ # mapping prepared_data = '' for c in data: if stringprep.in_table_c12(c): # non-ASCII space characters [StringPrep, C.1.2] that can be mapped to SPACE (U+0020) prepared_data += ' ' elif stringprep.in_table_b1(c): # the "commonly mapped to nothing" characters [StringPrep, B.1] that can be mapped to nothing. pass else: prepared_data += c # normalizing # This profile specifies using Unicode normalization form KC # The repertoire is Unicode 3.2 as per RFC 4013 (2) prepared_data = unicode32.normalize('NFKC', prepared_data) if not prepared_data: raise LDAPSASLPrepError('SASLprep error: unable to normalize string') # prohibit for c in prepared_data: if stringprep.in_table_c12(c): # Non-ASCII space characters [StringPrep, C.1.2] raise LDAPSASLPrepError('SASLprep error: non-ASCII space character present') elif stringprep.in_table_c21(c): # ASCII control characters [StringPrep, C.2.1] raise LDAPSASLPrepError('SASLprep error: ASCII control character present') elif stringprep.in_table_c22(c): # Non-ASCII control characters [StringPrep, C.2.2] raise LDAPSASLPrepError('SASLprep error: non-ASCII control character present') elif stringprep.in_table_c3(c): # Private Use characters [StringPrep, C.3] raise LDAPSASLPrepError('SASLprep error: private character present') elif stringprep.in_table_c4(c): # Non-character code points [StringPrep, C.4] raise LDAPSASLPrepError('SASLprep error: non-character code point present') elif stringprep.in_table_c5(c): # Surrogate code points [StringPrep, C.5] raise LDAPSASLPrepError('SASLprep error: surrogate code point present') elif stringprep.in_table_c6(c): # Inappropriate for plain text characters [StringPrep, C.6] raise LDAPSASLPrepError('SASLprep error: inappropriate for plain text character present') elif stringprep.in_table_c7(c): # Inappropriate for canonical representation characters [StringPrep, C.7] raise LDAPSASLPrepError('SASLprep error: inappropriate for canonical representation character present') elif stringprep.in_table_c8(c): # Change display properties or deprecated characters [StringPrep, C.8] raise LDAPSASLPrepError('SASLprep error: change display property or deprecated character present') elif stringprep.in_table_c9(c): # Tagging characters [StringPrep, C.9] raise LDAPSASLPrepError('SASLprep error: tagging character present') # check bidi # if a string contains any r_and_al_cat character, the string MUST NOT contain any l_cat character. flag_r_and_al_cat = False flag_l_cat = False for c in prepared_data: if stringprep.in_table_d1(c): flag_r_and_al_cat = True elif stringprep.in_table_d2(c): flag_l_cat = True if flag_r_and_al_cat and flag_l_cat: raise LDAPSASLPrepError('SASLprep error: string cannot contain (R or AL) and L bidirectional chars') # If a string contains any r_and_al_cat character, a r_and_al_cat character MUST be the first character of the string # and a r_and_al_cat character MUST be the last character of the string. if flag_r_and_al_cat and not stringprep.in_table_d1(prepared_data[0]) and not stringprep.in_table_d2(prepared_data[-1]): raise LDAPSASLPrepError('r_and_al_cat character present, must be first and last character of the string') return prepared_data def validate_simple_password(password, accept_empty=False): """ validate simple password as per RFC4013 using sasl_prep: """ if accept_empty and not password: return password elif not password: raise LDAPPasswordIsMandatoryError("simple password can't be empty") if not isinstance(password, bytes): # bytes are returned raw, as per RFC (4.2) password = sasl_prep(password) if not isinstance(password, bytes): password = password.encode('utf-8') return password def abort_sasl_negotiation(connection, controls): from ...operation.bind import bind_operation request = bind_operation(connection.version, SASL, None, None, '', None) response = connection.post_send_single_response(connection.send('bindRequest', request, controls)) if connection.strategy.sync: result = connection.result else: result = connection.get_response(response)[0][0] return True if result['result'] == RESULT_AUTH_METHOD_NOT_SUPPORTED else False def send_sasl_negotiation(connection, controls, payload): from ...operation.bind import bind_operation request = bind_operation(connection.version, SASL, None, None, connection.sasl_mechanism, payload) response = connection.post_send_single_response(connection.send('bindRequest', request, controls)) if connection.strategy.sync: result = connection.result else: _, result = connection.get_response(response) return result def random_hex_string(size): return str(hexlify(urandom(size)).decode('ascii')) # str fix for Python 2 ldap3-2.4.1/ldap3/protocol/sasl/__init__.py0000666000000000000000000000000012767320327016571 0ustar 00000000000000ldap3-2.4.1/ldap3/protocol/schemas/0000777000000000000000000000000013231031760015136 5ustar 00000000000000ldap3-2.4.1/ldap3/protocol/schemas/ad2012R2.py0000666000000000000000000121355013226436321016622 0ustar 00000000000000""" """ # Created on 2014.10.21 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . ad_2012_r2_schema = """ { "raw": { "attributeTypes": [ "( 1.2.840.113556.1.4.149 NAME 'attributeSecurityGUID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1703 NAME 'msDS-FilterContainers' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.655 NAME 'legacyExchangeDN' SYNTAX '1.2.840.113556.1.4.905' SINGLE-VALUE )", "( 1.2.840.113556.1.4.21 NAME 'cOMProgID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.2147 NAME 'msDNS-PropagationTime' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.6.18.1.301 NAME 'msSFU30KeyAttributes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.686 NAME 'domainID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.6.13.3.23 NAME 'msDFSR-ReplicationGroupGuid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.818 NAME 'productCode' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.221 NAME 'sAMAccountName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.375 NAME 'systemFlags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.814 NAME 'msiScript' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.880 NAME 'fRSTimeLastCommand' SYNTAX '1.3.6.1.4.1.1466.115.121.1.53' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1850 NAME 'msDS-TopQuotaUsage' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.2052 NAME 'msDS-OIDToGroupLinkBl' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.965 NAME 'mSMQSiteName' SYNTAX '1.2.840.113556.1.4.905' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1373 NAME 'mS-SQL-Clustered' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.624 NAME 'ipsecOwnersReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.1353 NAME 'localizationDisplayId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1637 NAME 'msWMI-StringValidValues' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.2103 NAME 'msDS-MembersOfResourcePropertyList' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.480 NAME 'defaultGroup' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.55 NAME 'dBCSPwd' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1330 NAME 'pKICriticalExtensions' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.93 NAME 'pwdProperties' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1840 NAME 'msDS-ObjectReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.2.7 NAME 'subRefs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.845 NAME 'msiScriptName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2242 NAME 'msDS-MaximumRegistrationInactivityPeriod' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 0.9.2342.19200300.100.1.7 NAME 'photo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.713 NAME 'optionsLocation' SYNTAX '1.3.6.1.4.1.1466.115.121.1.44' )", "( 1.2.840.113556.1.4.942 NAME 'mSMQVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2138 NAME 'msDNS-NSEC3Iterations' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.471 NAME 'trustParent' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1237 NAME 'mSMQRoutingService' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.649 NAME 'primaryInternationalISDNNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1627 NAME 'msWMI-ID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2006 NAME 'msTSExpireDate4' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2003 NAME 'msTSExpireDate3' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2000 NAME 'msTSExpireDate2' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE )", "( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113549.1.9.8 NAME 'unstructuredAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.6.18.1.340 NAME 'msSFU30Domains' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )", "( 1.2.840.113556.1.4.2069 NAME 'msDS-EnabledFeatureBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.3.6.1.1.1.1.6 NAME 'shadowMin' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1412 NAME 'primaryGroupToken' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.358 NAME 'netbootInitialization' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2136 NAME 'msDNS-NSEC3HashAlgorithm' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.2.1 NAME 'instanceType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.846 NAME 'msiScriptSize' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.6.13.3.20 NAME 'msDFSR-RdcMinFileSizeInKb' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.663 NAME 'partialAttributeDeletionList' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.2078 NAME 'msTSSecondaryDesktopBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1995 NAME 'msTSManagingLS' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.371 NAME 'rIDAllocationPool' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.677 NAME 'replTopologyStayOfExecution' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.3 NAME 'replPropertyMetaData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.2036 NAME 'msDFS-Commentv2' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.329 NAME 'versionNumberLo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.234 NAME 'printEndTime' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1673 NAME 'msPKI-OID-User-Notice' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.684 NAME 'certificateAuthorityObject' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.290 NAME 'printNumberUp' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1625 NAME 'msWMI-ClassDefinition' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1784 NAME 'msDS-LogonTimeSyncInterval' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1910 NAME 'unixUserPassword' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.129 NAME 'trustAuthIncoming' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1319 NAME 'aCSNonReservedTokenSize' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1628 NAME 'msWMI-IntDefault' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1249 NAME 'proxiedObjectName' SYNTAX '1.2.840.113556.1.4.903' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.2173 NAME 'msKds-PublicKeyLength' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 2.5.4.27 NAME 'destinationIndicator' SYNTAX '1.3.6.1.4.1.1466.115.121.1.44' )", "( 1.2.840.113556.1.4.2187 NAME 'msDS-ValueTypeReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.897 NAME 'aCSMaxAggregatePeakRatePerUser' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1335 NAME 'pKIEnrollmentAccess' SYNTAX '1.2.840.113556.1.4.907' )", "( 1.2.840.113556.1.4.1708 NAME 'msDS-ReplValueMetaData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1690 NAME 'adminMultiselectPropertyPages' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 2.5.4.35 NAME 'userPassword' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.2200 NAME 'msDS-GroupMSAMembership' SYNTAX '1.2.840.113556.1.4.907' SINGLE-VALUE )", "( 1.2.840.113556.1.4.500 NAME 'fRSServiceCommand' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 2.16.840.1.113730.3.1.1 NAME 'carLicense' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.2038 NAME 'msDFS-TargetListv2' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.6.13.3.27 NAME 'msDFSR-DeletedSizeInMb' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1648 NAME 'msWMI-TargetPath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1793 NAME 'msDS-NonMembers' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.3.6.1.1.1.1.22 NAME 'macAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )", "( 1.2.840.113556.1.4.265 NAME 'notes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2274 NAME 'msDS-CloudIssuerPublicCertificates' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.1982 NAME 'msTSMaxConnectionTime' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1959 NAME 'msDS-isGC' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1424 NAME 'msCOM-PartitionSetLink' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.516 NAME 'serverReferenceBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1977 NAME 'msTSHomeDirectory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1369 NAME 'mS-SQL-ServiceAccount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.530 NAME 'nonSecurityMember' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.506 NAME 'objectCount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1386 NAME 'mS-SQL-GPSLongitude' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1437 NAME 'msPKI-Supersede-Templates' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1707 NAME 'msDS-ReplAttributeMetaData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.652 NAME 'assistant' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1644 NAME 'msWMI-SourceOrganization' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1443 NAME 'msDS-Site-Affinity' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.286 NAME 'printRateUnit' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1444 NAME 'msDS-Preferred-GC-Site' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.589 NAME 'meetingBandwidth' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' )", "( 1.2.840.113556.1.4.1706 NAME 'msDS-NCReplOutboundNeighbors' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1709 NAME 'msDS-HasInstantiatedNCs' SYNTAX '1.2.840.113556.1.4.903' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.79 NAME 'minPwdLength' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1952 NAME 'ms-net-ieee-80211-GP-PolicyData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.865 NAME 'pekList' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 2.5.4.26 NAME 'registeredAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.2179 NAME 'msKds-CreateTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2149 NAME 'msDNS-NSEC3CurrentSalt' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1815 NAME 'msDS-TasksForAzRoleBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.2148 NAME 'msDNS-NSEC3UserSalt' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2197 NAME 'msDS-ManagedPasswordId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1407 NAME 'mS-SQL-ThirdParty' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.510 NAME 'serviceBindingInformation' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1416 NAME 'mSMQSiteNameEx' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1426 NAME 'msCOM-UserPartitionSetLink' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1303 NAME 'tokenGroupsNoGCAcceptable' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.2.596 NAME 'msExchHouseIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2233 NAME 'msDS-cloudExtensionAttribute20' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.335 NAME 'currentLocation' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 0.9.2342.19200300.100.1.20 NAME 'homePhone' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1441 NAME 'msDS-Cached-Membership' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.6.13.3.14 NAME 'msDFSR-Schedule' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.622 NAME 'ipsecDataType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.645 NAME 'userCert' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.367 NAME 'rpcNsCodeset' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.223 NAME 'serverName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.950 NAME 'mSMQServices' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2250 NAME 'msDS-DeviceOSVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.332 NAME 'birthLocation' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1440 NAME 'msDs-Schema-Extensions' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1348 NAME 'gPCMachineExtensionNames' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1833 NAME 'msDS-ExternalKey' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.858 NAME 'netbootTools' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1717 NAME 'msDS-AdditionalDnsHostName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.770 NAME 'aCSEnableACSService' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.170 NAME 'systemOnly' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.32 NAME 'domainPolicyObject' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.766 NAME 'aCSAllocableRSVPBandwidth' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.2.9 NAME 'helpData32' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1805 NAME 'msDS-AzGenerateAudits' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.276 NAME 'driverVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1317 NAME 'aCSMinimumDelayVariation' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.302 NAME 'sAMAccountType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.2.610 NAME 'employeeNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.2.30 NAME 'attributeID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.3.6.1.4.1.1466.101.119.3 NAME 'entryTTL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1843 NAME 'msDRM-IdentityCertificate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.6.13.3.103 NAME 'msDFSR-ComputerReferenceBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.1989 NAME 'msTSWorkDirectory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1674 NAME 'msPKI-Certificate-Application-Policy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.716 NAME 'mscopeId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.44' SINGLE-VALUE )", "( 1.2.840.113556.1.4.514 NAME 'physicalLocationObject' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.570 NAME 'meetingProtocol' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.2.370 NAME 'objectClassCategory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.6.13.3.15 NAME 'msDFSR-Keywords' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.812 NAME 'createWizardExt' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.61 NAME 'lockOutObservationWindow' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.750 NAME 'groupType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1459 NAME 'msDS-Behavior-Version' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.937 NAME 'mSMQSignKey' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.913 NAME 'allowedAttributes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.2.120 NAME 'uSNChanged' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.340 NAME 'rightsGuid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.2.277 NAME 'otherHomePhone' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1309 NAME 'mSMQInterval2' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1439 NAME 'msPKI-Certificate-Policy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1308 NAME 'mSMQInterval1' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1383 NAME 'mS-SQL-ConnectionURL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2176 NAME 'msKds-Version' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.859 NAME 'netbootLocallyInstalledOSes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.967 NAME 'mSMQSignCertificatesMig' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2232 NAME 'msDS-cloudExtensionAttribute19' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2231 NAME 'msDS-cloudExtensionAttribute18' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2230 NAME 'msDS-cloudExtensionAttribute17' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2229 NAME 'msDS-cloudExtensionAttribute16' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2228 NAME 'msDS-cloudExtensionAttribute15' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2227 NAME 'msDS-cloudExtensionAttribute14' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2226 NAME 'msDS-cloudExtensionAttribute13' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2225 NAME 'msDS-cloudExtensionAttribute12' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2142 NAME 'msDNS-SecureDelegationPollingPeriod' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2224 NAME 'msDS-cloudExtensionAttribute11' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.718 NAME 'dhcpProperties' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.2223 NAME 'msDS-cloudExtensionAttribute10' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.157 NAME 'serverRole' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1394 NAME 'mS-SQL-AllowAnonymousSubscription' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.563 NAME 'shellPropertyPages' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1315 NAME 'aCSMinimumPolicedSize' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.273 NAME 'printStatus' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.644 NAME 'showInAddressBook' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.626 NAME 'ipsecISAKMPReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1925 NAME 'msDS-hasFullReplicaNCs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.940 NAME 'mSMQCSPName' SYNTAX '1.2.840.113556.1.4.905' SINGLE-VALUE )", "( 1.2.840.113556.1.6.13.3.30 NAME 'msDFSR-MinDurationCacheInMin' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.243 NAME 'printColor' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2193 NAME 'msDS-TDOIngressBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.3.6.1.1.1.1.1 NAME 'gidNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1993 NAME 'msTSExpireDate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE )", "( 2.5.4.2 NAME 'knowledgeInformation' SYNTAX '1.2.840.113556.1.4.905' )", "( 1.2.840.113556.1.4.908 NAME 'extendedClassInfo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.953 NAME 'mSMQSiteID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2040 NAME 'msDFS-LinkSecurityDescriptorv2' SYNTAX '1.2.840.113556.1.4.907' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1343 NAME 'dSUIAdminNotification' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1700 NAME 'msTAPI-ConferenceBlob' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.486 NAME 'fRSWorkingPath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.62 NAME 'scriptPath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1810 NAME 'msDS-TasksForAzTask' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.6.13.3.31 NAME 'msDFSR-MaxAgeInCacheInMin' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.19 NAME 'cOMClassID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.108 NAME 'remoteSourceType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.704 NAME 'dhcpServers' SYNTAX '1.3.6.1.4.1.1466.115.121.1.44' )", "( 1.2.840.113556.1.4.876 NAME 'fRSMemberReferenceBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.2261 NAME 'msDS-DeviceLocation' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.82 NAME 'moniker' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.289 NAME 'printMediaReady' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1209 NAME 'shortServerName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.910 NAME 'fromEntry' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.636 NAME 'privilegeAttributes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2025 NAME 'msDS-IsUserCachableAtRodc' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1715 NAME 'msDS-SPNSuffixes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.562 NAME 'adminPropertyPages' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 0.9.2342.19200300.100.1.10 NAME 'manager' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 2.5.4.49 NAME 'distinguishedName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1356 NAME 'validAccesses' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2053 NAME 'msImaging-PSPIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.459 NAME 'machineWidePolicy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.1403 NAME 'mS-SQL-AllowKnownPullSubscription' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.283 NAME 'assetNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.885 NAME 'terminalServer' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2012 NAME 'msDS-MinimumPasswordAge' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.6.13.3.7 NAME 'msDFSR-ConflictPath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1831 NAME 'msDS-ByteArray' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.135 NAME 'trustAuthOutgoing' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2258 NAME 'msDS-RegisteredOwner' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.608 NAME 'queryPolicyBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.109 NAME 'replicaSource' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.2296 NAME 'msDS-AssignedAuthNPolicyBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.2.402 NAME 'helpData16' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.232 NAME 'defaultPriority' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1388 NAME 'mS-SQL-Version' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.364 NAME 'operatingSystemVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2284 NAME 'msDS-ServiceTGTLifetime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1460 NAME 'msDS-User-Account-Control-Computed' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.75 NAME 'maxRenewAge' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.285 NAME 'printRate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.911 NAME 'allowedChildClasses' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.2.615 NAME 'personalTitle' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1225 NAME 'mSMQPrevSiteGates' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.2131 NAME 'msDNS-SignWithNSEC3' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2007 NAME 'msTSLicenseVersion4' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 0.9.2342.19200300.100.1.3 NAME 'mail' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2004 NAME 'msTSLicenseVersion3' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2001 NAME 'msTSLicenseVersion2' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.507 NAME 'volumeCount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.137 NAME 'uNCName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2022 NAME 'msDS-ResultantPSO' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.168 NAME 'modifiedCount' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1809 NAME 'msDS-OperationsForAzTaskBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.328 NAME 'versionNumberHi' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2099 NAME 'msDS-ClaimAttributeSource' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.754 NAME 'rpcNsEntryFlags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.778 NAME 'aCSDSBMDeadTime' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.917 NAME 'mSMQQueueType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.326 NAME 'packageName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.422 NAME 'domainPolicyReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2241 NAME 'msDS-RegistrationQuota' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.6.13.3.3 NAME 'msDFSR-RootPath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1817 NAME 'msDS-AzApplicationVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.2.436 NAME 'directReports' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.240 NAME 'printOrientationsSupported' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.574 NAME 'meetingLanguage' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.43 NAME 'fRSVersionGUID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 2.5.4.30 NAME 'supportedApplicationContext' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.2.26 NAME 'rDNAttID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1409 NAME 'masteredBy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.752 NAME 'userSharedFolderOther' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.2199 NAME 'msDS-ManagedPasswordInterval' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1932 NAME 'msDS-IsFullReplicaFor' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.6.13.3.22 NAME 'msDFSR-RootFence' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.789 NAME 'transportDLLName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.499 NAME 'contextMenu' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.202 NAME 'auditingPolicy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.6.13.3.11 NAME 'msDFSR-TombstoneExpiryInMin' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1364 NAME 'mS-SQL-RegisteredOwner' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 0.9.2342.19200300.100.1.8 NAME 'userClass' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.775 NAME 'aCSMaxSizeOfRSVPLogFile' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.144 NAME 'operatorCount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1238 NAME 'mSMQDsService' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1984 NAME 'msTSReconnectionAction' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2286 NAME 'msDS-AssignedAuthNPolicySiloBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.2180 NAME 'msImaging-ThumbprintHash' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.68 NAME 'machineArchitecture' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' )", "( 1.2.840.113556.1.4.1311 NAME 'printDuplexSupported' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1795 NAME 'msDS-AzDomainTimeout' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1992 NAME 'msTSProperty02' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.583 NAME 'meetingURL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1991 NAME 'msTSProperty01' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.635 NAME 'privilegeValue' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2100 NAME 'msDS-ClaimTypeAppliesToClass' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.2.115 NAME 'invocationId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.2288 NAME 'msDS-AuthNPolicySiloMembersBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1681 NAME 'msWMI-intFlags4' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1680 NAME 'msWMI-intFlags3' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1679 NAME 'msWMI-intFlags2' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1678 NAME 'msWMI-intFlags1' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.6.13.3.100 NAME 'msDFSR-MemberReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.100 NAME 'priorValue' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1379 NAME 'mS-SQL-Vines' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1377 NAME 'mS-SQL-TCPIP' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2172 NAME 'msKds-SecretAgreementParam' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2222 NAME 'msDS-cloudExtensionAttribute9' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2221 NAME 'msDS-cloudExtensionAttribute8' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2220 NAME 'msDS-cloudExtensionAttribute7' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2219 NAME 'msDS-cloudExtensionAttribute6' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2218 NAME 'msDS-cloudExtensionAttribute5' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.661 NAME 'isDefunct' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2217 NAME 'msDS-cloudExtensionAttribute4' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.653 NAME 'managedBy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2216 NAME 'msDS-cloudExtensionAttribute3' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2215 NAME 'msDS-cloudExtensionAttribute2' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2214 NAME 'msDS-cloudExtensionAttribute1' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.588 NAME 'meetingEndTime' SYNTAX '1.3.6.1.4.1.1466.115.121.1.53' )", "( 1.2.840.113556.1.4.498 NAME 'creationWizard' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1915 NAME 'msRADIUS-FramedIpv6Prefix' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE )", "( 1.2.840.113556.1.6.13.3.12 NAME 'msDFSR-FileFilter' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 2.5.4.24 NAME 'x121Address' SYNTAX '1.3.6.1.4.1.1466.115.121.1.36' )", "( 1.2.840.113556.1.4.637 NAME 'privilegeHolder' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.2.214 NAME 'originalDisplayTableMSDOS' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.211 NAME 'schedule' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1228 NAME 'mSMQDsServices' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.64 NAME 'logonHours' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.883 NAME 'msRRASVendorAttributeEntry' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.58 NAME 'localeID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' )", "( 1.2.840.113556.1.4.97 NAME 'preferredOU' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2033 NAME 'msDFS-NamespaceIdentityGUIDv2' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1334 NAME 'pKIDefaultCSPs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1411 NAME 'ms-DS-MachineAccountQuota' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.891 NAME 'gPLink' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.2.617 NAME 'homePostalAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.320 NAME 'implementedCategories' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.2.19 NAME 'uSNCreated' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.651 NAME 'otherMailbox' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.6.18.1.345 NAME 'msSFU30NSMAPFieldPosition' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE )", "( 1.2.840.113556.1.4.618 NAME 'wellKnownObjects' SYNTAX '1.2.840.113556.1.4.903' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.2160 NAME 'msDS-ClaimIsSingleValued' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.6.13.3.1 NAME 'msDFSR-Version' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.874 NAME 'fRSFlags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1713 NAME 'MSMQ-SecuredSource' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.825 NAME 'enrollmentProviders' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.666 NAME 'syncAttributes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.665 NAME 'syncMembership' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.48 NAME 'keywords' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.2169 NAME 'msKds-KDFAlgorithmID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.370 NAME 'rIDAvailablePool' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.214 NAME 'nextLevelStore' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1145 NAME 'msRADIUSCallbackNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE )", "( 1.2.840.113556.1.6.18.1.303 NAME 'msSFU30IntraFieldSeparator' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.346 NAME 'desktopProfile' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.20 NAME 'cOMInterfaceID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.279 NAME 'printMinXExtent' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1213 NAME 'assocNTAccount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.671 NAME 'msiFileList' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.2032 NAME 'msDFS-GenerationGUIDv2' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2279 NAME 'msDS-UserTGTLifetime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.6.13.3.10 NAME 'msDFSR-ReplicationGroupType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1790 NAME 'msDS-PerUserTrustTombstonesQuota' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1124 NAME 'msNPCallingStationID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )", "( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.487 NAME 'fRSRootPath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1807 NAME 'msDS-MembersForAzRoleBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1823 NAME 'msieee80211-ID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.791 NAME 'transportType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.674 NAME 'rootTrust' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.1641 NAME 'msWMI-PropertyName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.2.25 NAME 'mayContain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' )", "( 1.2.840.113556.1.4.1438 NAME 'msPKI-RA-Policies' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.769 NAME 'aCSEventLogLevel' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.3.6.1.1.1.1.0 NAME 'uidNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.945 NAME 'mSMQSiteGates' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 2.5.4.25 NAME 'internationalISDNNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.36' )", "( 1.2.840.113556.1.4.1979 NAME 'msTSAllowLogon' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.274 NAME 'printSpooling' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.242 NAME 'printCollate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1345 NAME 'dSUIShellMaximum' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.693 NAME 'pendingCACertificates' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2257 NAME 'msDS-DeviceObjectVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.852 NAME 'netbootCurrentClientCount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.534 NAME 'fRSLevelLimit' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1685 NAME 'msWMI-Parm4' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1684 NAME 'msWMI-Parm3' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1988 NAME 'msTSDefaultToMainPrinter' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1913 NAME 'msRADIUS-FramedInterfaceId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE )", "( 1.2.840.113556.1.2.353 NAME 'displayNamePrintable' SYNTAX '1.3.6.1.4.1.1466.115.121.1.44' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1696 NAME 'lastLogonTimestamp' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1683 NAME 'msWMI-Parm2' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.330 NAME 'lastUpdateSequence' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.696 NAME 'currentParentCA' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.689 NAME 'cRLObject' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1682 NAME 'msWMI-Parm1' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.2.22 NAME 'governsID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1632 NAME 'msWMI-Int8Default' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.169 NAME 'logonCount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.772 NAME 'aCSPolicyName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 2.5.4.38 NAME 'authorityRevocationList' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.1212 NAME 'isEphemeral' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.324 NAME 'packageType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1435 NAME 'msPKI-Template-Minor-Revision' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2010 NAME 'msTSLSProperty02' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1961 NAME 'msDS-SiteName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2009 NAME 'msTSLSProperty01' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1336 NAME 'replInterval' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2066 NAME 'msDS-RequiredDomainBehaviorVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.2185 NAME 'msDS-GeoCoordinatesLongitude' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2182 NAME 'msDS-AllowedToActOnBehalfOfOtherIdentity' SYNTAX '1.2.840.113556.1.4.907' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.6.13.3.8 NAME 'msDFSR-ConflictSizeInMb' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.357 NAME 'nTMixedDomain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2191 NAME 'msDS-IngressClaimsTransformationPolicy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1892 NAME 'msPKIRoamingTimeStamp' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2174 NAME 'msKds-PrivateKeyLength' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.2.324 NAME 'addressEntryDisplayTable' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.218 NAME 'applicationName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1318 NAME 'aCSNonReservedPeakRate' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2023 NAME 'msDS-PasswordSettingsPrecedence' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.99 NAME 'priorSetTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.914 NAME 'allowedAttributesEffective' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.271 NAME 'printOwner' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1996 NAME 'msDS-UserPasswordExpiryTimeComputed' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.930 NAME 'mSMQServiceType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1780 NAME 'hideFromAB' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.578 NAME 'meetingContactInfo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2020 NAME 'msDS-PSOAppliesTo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.1944 NAME 'msDS-PhoneticDepartment' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1792 NAME 'msDS-AzLDAPQuery' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.251 NAME 'cOMTreatAsClassId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.14 NAME 'builtinModifiedCount' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.3.6.1.1.1.1.7 NAME 'shadowMax' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.325 NAME 'setupCommand' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1647 NAME 'msWMI-TargetObject' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.420 NAME 'publicKeyPolicy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1714 NAME 'MSMQ-MulticastAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1677 NAME 'msWMI-Genus' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2281 NAME 'msDS-ComputerTGTLifetime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1671 NAME 'msPKI-OID-Attribute' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.2.36 NAME 'dMDLocation' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.810 NAME 'createDialog' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2140 NAME 'msDNS-DSRecordSetTTL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1358 NAME 'schemaInfo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1624 NAME 'msWMI-ChangeDate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1975 NAME 'msDS-RevealedListBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1962 NAME 'msDS-PromotionSettings' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.229 NAME 'driverName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.378 NAME 'dnsAllowDynamic' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1246 NAME 'interSiteTopologyGenerator' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.817 NAME 'localizedDescription' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.2235 NAME 'msDS-ReplValueMetaDataExt' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1933 NAME 'msDS-IsDomainFor' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.2213 NAME 'msDS-RIDPoolAllocationEnabled' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.73 NAME 'lockoutThreshold' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.50 NAME 'lastContentIndexed' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.824 NAME 'signatureAlgorithms' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.860 NAME 'netbootServer' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.6.13.3.40 NAME 'msDFSR-StagingCleanupTriggerInPercent' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1695 NAME 'msMQ-Recipient-FormatName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1966 NAME 'msTPM-OwnerInformation' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.156 NAME 'comment' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.650 NAME 'mhsORAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.929 NAME 'mSMQInRoutingServers' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.1787 NAME 'msDS-AllowedToDelegateTo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1389 NAME 'mS-SQL-Language' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.6.13.3.18 NAME 'msDFSR-ContentSetGuid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.2.8 NAME 'possSuperiors' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' )", "( 1.2.840.113556.1.4.912 NAME 'allowedChildClassesEffective' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.2132 NAME 'msDNS-NSEC3OptOut' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.136 NAME 'trustType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1879 NAME 'msDS-SourceObjectDN' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.533 NAME 'fRSReplicaSetGUID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1434 NAME 'msPKI-Template-Schema-Version' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.241 NAME 'printMaxCopies' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.961 NAME 'mSMQSiteForeign' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' )", "( 1.2.840.113556.1.4.1808 NAME 'msDS-OperationsForAzTask' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.1242 NAME 'dNReferenceUpdate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 0.9.2342.19200300.100.1.5 NAME 'drink' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1923 NAME 'msDS-KrbTgtLink' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1402 NAME 'mS-SQL-Publisher' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2018 NAME 'msDS-LockoutDuration' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.688 NAME 'cAWEBURL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.3.6.1.1.1.1.23 NAME 'bootParameter' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )", "( 1.2.840.113556.1.4.536 NAME 'fRSExtensions' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.233 NAME 'printStartTime' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1788 NAME 'msDS-PerUserTrustQuota' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.159 NAME 'accountExpires' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )", "( 1.2.840.113556.1.4.1390 NAME 'mS-SQL-Description' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.224 NAME 'defaultSecurityDescriptor' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113549.1.9.2 NAME 'unstructuredName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )", "( 1.2.840.113556.1.4.695 NAME 'pendingParentCA' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.1375 NAME 'mS-SQL-MultiProtocol' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2152 NAME 'msAuthz-LastEffectiveSecurityPolicy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.56 NAME 'localPolicyFlags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1392 NAME 'mS-SQL-InformationDirectory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2159 NAME 'msDS-ClaimIsValueSpaceRestricted' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.708 NAME 'dhcpSites' SYNTAX '1.3.6.1.4.1.1466.115.121.1.44' )", "( 1.2.840.113556.1.4.717 NAME 'dhcpState' SYNTAX '1.3.6.1.4.1.1466.115.121.1.44' )", "( 1.2.840.113556.1.4.762 NAME 'aCSServiceType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.132 NAME 'trustDirection' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.312 NAME 'rpcNsObjectID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1395 NAME 'mS-SQL-Alias' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 2.5.18.2 NAME 'modifyTimeStamp' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.2145 NAME 'msDNS-DNSKEYRecords' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.301 NAME 'wbemPath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 2.5.4.0 NAME 'objectClass' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.6.13.3.21 NAME 'msDFSR-DfsPath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1429 NAME 'msPKI-RA-Signature' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1699 NAME 'msTAPI-ProtocolId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2086 NAME 'msSPP-PhoneLicense' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.120 NAME 'schemaFlagsEx' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1945 NAME 'msDS-PhoneticCompanyName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.916 NAME 'canonicalName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.702 NAME 'dhcpObjName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2238 NAME 'msds-memberTransitive' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.133 NAME 'trustPartner' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.927 NAME 'mSMQSites' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.867 NAME 'altSecurityIdentities' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.615 NAME 'shellContextMenu' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.866 NAME 'pekKeyChangeInterval' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2046 NAME 'addressBookRoots2' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.27 NAME 'currentValue' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.166 NAME 'groupMembershipSAM' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1926 NAME 'msDS-NeverRevealGroup' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.6.13.3.28 NAME 'msDFSR-ReadOnly' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1314 NAME 'aCSMaximumSDUSize' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.457 NAME 'localPolicyReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1189 NAME 'msRASSavedCallbackNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1918 NAME 'msRADIUS-SavedFramedIpv6Route' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )", "( 2.5.21.2 NAME 'dITContentRules' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.895 NAME 'transportAddressAttribute' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1418 NAME 'tokenGroupsGlobalAndUniversal' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.850 NAME 'netbootLimitClients' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.944 NAME 'mSMQSite2' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.943 NAME 'mSMQSite1' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1664 NAME 'msDS-Replication-Notify-Subsequent-DSA-Delay' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.537 NAME 'dynamicLDAPServer' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2249 NAME 'msDS-DeviceOSType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.35 NAME 'employeeID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2137 NAME 'msDNS-NSEC3RandomSaltLength' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2151 NAME 'msAuthz-ProposedSecurityPolicy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.2.267 NAME 'uSNDSALastObjRemoved' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.963 NAME 'mSMQQueueJournalQuota' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.607 NAME 'queryPolicyObject' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1978 NAME 'msTSHomeDrive' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.2.593 NAME 'msExchLabeledURI' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1329 NAME 'pKIMaxIssuingDepth' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2061 NAME 'msDS-EnabledFeature' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.278 NAME 'printMaxYExtent' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.16 NAME 'codePage' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1802 NAME 'msDS-AzBizRuleLanguage' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.363 NAME 'operatingSystem' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.761 NAME 'aCSMaxDurationPerFlow' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.921 NAME 'mSMQJournalQuota' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2106 NAME 'msSPP-CSVLKPartialProductKey' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1190 NAME 'msRASSavedFramedIPAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2171 NAME 'msKds-SecretAgreementAlgorithmID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.703 NAME 'dhcpObjDescription' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.890 NAME 'uPNSuffixes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1720 NAME 'msDS-ReplicationEpoch' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.3.6.1.1.1.1.24 NAME 'bootFile' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )", "( 1.2.840.113556.1.4.614 NAME 'adminContextMenu' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.2.231 NAME 'oMSyntax' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.8 NAME 'userAccountControl' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.621 NAME 'ipsecID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.511 NAME 'flatName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.784 NAME 'aCSIdentityName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.15 NAME 'msiScriptPath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.125 NAME 'supplementalCredentials' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.2287 NAME 'msDS-AuthNPolicySiloMembers' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.199 NAME 'serviceInstanceVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1347 NAME 'sPNMappings' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.933 NAME 'mSMQComputerType' SYNTAX '1.2.840.113556.1.4.905' SINGLE-VALUE )", "( 1.2.840.113556.1.4.780 NAME 'aCSNonReservedTxLimit' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1227 NAME 'mSMQRoutingServices' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2074 NAME 'msTSPrimaryDesktopBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 2.5.18.1 NAME 'createTimeStamp' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )", "( 1.2.840.113556.1.4.1130 NAME 'msNPSavedCallingStationID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )", "( 1.2.840.113556.1.4.700 NAME 'dhcpFlags' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.629 NAME 'ipsecFilterReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.40 NAME 'fromServer' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.568 NAME 'meetingKeyword' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.2178 NAME 'msKds-UseStartTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1321 NAME 'aCSNonReservedMinPolicedSize' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.246 NAME 'printLanguage' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.2.54 NAME 'tombstoneLifetime' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.765 NAME 'aCSPermissionBits' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1398 NAME 'mS-SQL-LastBackupDate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2 NAME 'objectGUID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.2.146 NAME 'company' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1710 NAME 'msDS-AllowedDNSSuffixes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1841 NAME 'msDS-ObjectReferenceBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 2.5.4.8 NAME 'st' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.6.18.1.341 NAME 'msSFU30YpServers' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )", "( 2.5.4.4 NAME 'sn' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.707 NAME 'dhcpRanges' SYNTAX '1.3.6.1.4.1.1466.115.121.1.44' )", "( 1.2.840.113556.1.4.282 NAME 'printMemory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.924 NAME 'mSMQPrivacyLevel' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.333 NAME 'oMTIndxGuid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.205 NAME 'pKTGuid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2251 NAME 'msDS-DevicePhysicalIDs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1410 NAME 'mS-DS-CreatorSID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.345 NAME 'groupPriority' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.2030 NAME 'msDFS-SchemaMajorVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.513 NAME 'siteObjectBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.87 NAME 'nETBIOSName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2175 NAME 'msKds-RootKeyData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.2.24 NAME 'mustContain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' )", "( 2.5.4.51 NAME 'houseIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.3.6.1.1.1.1.26 NAME 'nisMapName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1917 NAME 'msRADIUS-FramedIpv6Route' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )", "( 1.2.840.113556.1.6.18.1.307 NAME 'msSFU30MasterServerName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.98 NAME 'primaryGroupID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1837 NAME 'msDs-masteredBy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.200 NAME 'controlAccessRights' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.1158 NAME 'msRADIUSFramedRoute' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )", "( 1.2.840.113556.1.4.107 NAME 'remoteSource' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1971 NAME 'msDS-LastFailedInteractiveLogonTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1958 NAME 'msDS-AuthenticatedAtDC' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 2.5.4.5 NAME 'serialNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.44' )", "( 1.2.840.113556.1.4.509 NAME 'serviceClassName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2050 NAME 'msPKI-CredentialRoamingTokens' SYNTAX '1.2.840.113556.1.4.903' )", "( 1.2.840.113556.1.4.2008 NAME 'msTSManagingLS4' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2005 NAME 'msTSManagingLS3' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2002 NAME 'msTSManagingLS2' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1363 NAME 'mS-SQL-Name' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 0.9.2342.19200300.100.1.41 NAME 'mobile' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2108 NAME 'msTPM-OwnerInformationTemp' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.886 NAME 'purportedSearch' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1384 NAME 'mS-SQL-PublicationURL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2271 NAME 'msDS-CloudIsManaged' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.41 NAME 'generatedConnection' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.864 NAME 'netbootSCPBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1396 NAME 'mS-SQL-Size' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.115 NAME 'rpcNsInterfaceID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.619 NAME 'dNSHostName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2273 NAME 'msDS-CloudAnchor' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.939 NAME 'mSMQNameStyle' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.882 NAME 'fRSVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.777 NAME 'aCSDSBMRefresh' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.80 NAME 'minTicketAge' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1310 NAME 'mSMQSiteGatesMig' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.83 NAME 'monikerDisplayName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.2150 NAME 'msAuthz-EffectiveSecurityPolicy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.2.15 NAME 'hasPartialReplicaNCs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.2194 NAME 'msDS-TDOEgressBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1811 NAME 'msDS-TasksForAzTaskBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1987 NAME 'msTSConnectPrinterDrives' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1953 NAME 'ms-net-ieee-80211-GP-PolicyReserved' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1313 NAME 'aCSMaxTokenBucketPerFlow' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.579 NAME 'meetingOwner' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.12 NAME 'badPwdCount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.39 NAME 'forceLogoff' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.2.326 NAME 'perRecipDialogDisplayTable' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.51 NAME 'lastLogoff' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1796 NAME 'msDS-AzScriptEngineCacheMax' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2269 NAME 'msDS-IssuerPublicCertificates' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.1639 NAME 'msWMI-Name' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.4 NAME 'replUpToDateVector' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.470 NAME 'trustAttributes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.515 NAME 'serverReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.6.18.1.308 NAME 'msSFU30OrderNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1669 NAME 'msDS-Approx-Immed-Subordinates' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.2141 NAME 'msDNS-SignatureInceptionOffset' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2186 NAME 'msDS-IsPossibleValuesPresent' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.78 NAME 'minPwdAge' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.6.18.1.339 NAME 'msSFU30NisDomain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1701 NAME 'msTAPI-IpAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.249 NAME 'cOMCLSID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.774 NAME 'aCSMaxNoOfLogFiles' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.494 NAME 'siteServer' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.849 NAME 'netbootAllowNewClients' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1931 NAME 'msDS-KrbTgtLinkBl' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1789 NAME 'msDS-AllUsersTrustQuota' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2156 NAME 'msAuthz-MemberRulesInCentralAccessPolicyBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.721 NAME 'ipPhone' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.2.613 NAME 'employeeType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1634 NAME 'msWMI-Int8Min' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2248 NAME 'msDS-IsEnabled' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1950 NAME 'msDS-AzGenericData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1646 NAME 'msWMI-TargetNameSpace' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.816 NAME 'fileExtPriority' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.712 NAME 'optionDescription' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.321 NAME 'requiredCategories' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.2.255 NAME 'addressSyntax' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2110 NAME 'msTPM-TpmInformationForComputerBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1785 NAME 'msIIS-FTPRoot' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.518 NAME 'defaultHidingValue' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.946 NAME 'mSMQCost' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 2.5.4.44 NAME 'generationQualifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.681 NAME 'indexedScopes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1865 NAME 'msDS-PrincipalName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2073 NAME 'msTSPrimaryDesktop' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.697 NAME 'cACertificateDN' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1354 NAME 'scopeFlags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1942 NAME 'msDS-PhoneticFirstName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1997 NAME 'msDS-HABSeniorityIndex' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1307 NAME 'accountNameHistory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.893 NAME 'gPCFunctionalityVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2203 NAME 'msDS-parentdistname' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1687 NAME 'extraColumns' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1834 NAME 'msDS-ExternalStore' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1983 NAME 'msTSMaxIdleTime' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.687 NAME 'cAConnect' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2048 NAME 'templateRoots2' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.154 NAME 'serverState' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1224 NAME 'parentGUID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.926 NAME 'mSMQTransactional' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.925 NAME 'mSMQOwnerID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2035 NAME 'msDFS-Ttlv2' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.150 NAME 'adminCount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2041 NAME 'msDFS-LinkIdentityGUIDv2' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.490 NAME 'fRSDSPoll' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2015 NAME 'msDS-PasswordComplexityEnabled' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.105 NAME 'remoteServerName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.531 NAME 'nonSecurityMemberBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 2.16.840.1.113730.3.1.36 NAME 'thumbnailLogo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.586 NAME 'meetingRecurrence' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1643 NAME 'msWMI-QueryLanguage' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.962 NAME 'mSMQQueueQuota' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1415 NAME 'mSMQLabelEx' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.2.16 NAME 'nCName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.2170 NAME 'msKds-KDFParam' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.567 NAME 'meetingDescription' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1704 NAME 'msDS-NCReplCursors' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 2.5.4.23 NAME 'facsimileTelephoneNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.851 NAME 'netbootMaxClients' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2016 NAME 'msDS-PasswordReversibleEncryptionEnabled' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1635 NAME 'msWMI-Int8ValidValues' SYNTAX '1.2.840.113556.1.4.906' )", "( 1.2.840.113556.1.4.719 NAME 'dhcpMaxKey' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1835 NAME 'msDS-Integer' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' )", "( 1.2.840.113556.1.4.1208 NAME 'aNR' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1393 NAME 'mS-SQL-Database' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 0.9.2342.19200300.100.1.42 NAME 'pager' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1914 NAME 'msRADIUS-SavedFramedInterfaceId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1391 NAME 'mS-SQL-Type' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.566 NAME 'meetingName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.123 NAME 'serviceClassInfo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.26 NAME 'creationTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.103 NAME 'proxyLifetime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.660 NAME 'treeName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.892 NAME 'gPOptions' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.923 NAME 'mSMQAuthenticate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1432 NAME 'msPKI-Certificate-Name-Flag' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.206 NAME 'pKT' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.287 NAME 'printNetworkAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1431 NAME 'msPKI-Private-Key-Flag' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1346 NAME 'templateRoots' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.657 NAME 'serviceDNSName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.868 NAME 'isCriticalSystemObject' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.2.301 NAME 'garbageCollPeriod' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.288 NAME 'printMACAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1304 NAME 'sDRightsEffective' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.2.380 NAME 'extendedCharsAllowed' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.86 NAME 'userWorkstations' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1360 NAME 'mS-DS-ConsistencyGuid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1712 NAME 'msPKI-OIDLocalizedName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 2.5.21.5 NAME 'attributeTypes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.31 NAME 'fRSReplicaSetType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.341 NAME 'appliesTo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 2.5.4.11 NAME 'ou' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.2293 NAME 'msDS-ServiceAuthNPolicy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.6.18.1.346 NAME 'msSFU30PosixMember' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.1973 NAME 'msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION )", "( 2.5.18.10 NAME 'subSchemaSubEntry' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.2262 NAME 'msDS-ApproximateLastLogonTimeStamp' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.222 NAME 'location' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.854 NAME 'netbootAnswerOnlyValidClients' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1949 NAME 'msDS-AzObjectGuid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION )", "( 2.16.840.1.113730.3.1.34 NAME 'middleName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2158 NAME 'msDS-ClaimSourceType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.706 NAME 'dhcpMask' SYNTAX '1.3.6.1.4.1.1466.115.121.1.44' )", "( 1.2.840.113556.1.4.2109 NAME 'msTPM-TpmInformationForComputer' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.623 NAME 'ipsecData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1171 NAME 'msRADIUSServiceType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.705 NAME 'dhcpSubnets' SYNTAX '1.3.6.1.4.1.1466.115.121.1.44' )", "( 1.2.840.113556.1.4.1999 NAME 'msFVE-KeyPackage' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1968 NAME 'msDS-NC-RO-Replica-Locations-BL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.36 NAME 'enabledConnection' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.472 NAME 'domainCrossRef' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.52 NAME 'lastLogon' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.28 NAME 'dnsRoot' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.966 NAME 'mSMQDigestsMig' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.878 NAME 'fRSPrimaryMember' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1848 NAME 'msDS-QuotaEffective' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1372 NAME 'mS-SQL-UnicodeSortOrder' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.639 NAME 'isMemberOfPartialAttributeSet' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.2.464 NAME 'wWWHomePage' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.711 NAME 'superScopeDescription' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1631 NAME 'msWMI-IntValidValues' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' )", "( 1.3.6.1.1.1.1.2 NAME 'gecos' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2063 NAME 'msDS-OptionalFeatureFlags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.38 NAME 'flags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1240 NAME 'netbootSIFFile' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.690 NAME 'cAUsages' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.2104 NAME 'msDS-MembersOfResourcePropertyListBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.66 NAME 'lSACreationTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.709 NAME 'dhcpReservations' SYNTAX '1.3.6.1.4.1.1466.115.121.1.44' )", "( 1.2.840.113556.1.4.934 NAME 'mSMQForeign' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1963 NAME 'msDS-SupportedEncryptionTypes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1401 NAME 'mS-SQL-Keywords' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1705 NAME 'msDS-NCReplInboundNeighbors' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.2128 NAME 'msDNS-KeymasterZones' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 2.5.4.19 NAME 'physicalDeliveryOfficeName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1694 NAME 'gPCWQLFilter' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.195 NAME 'systemPossSuperiors' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.2.218 NAME 'oMObjectClass' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1226 NAME 'mSMQDependentClientServices' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1676 NAME 'msWMI-Class' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2144 NAME 'msDNS-SigningKeys' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.1630 NAME 'msWMI-IntMin' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.372 NAME 'rIDPreviousAllocationPool' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.848 NAME 'appSchemaVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1981 NAME 'msTSMaxDisconnectionTime' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1645 NAME 'msWMI-TargetClass' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.535 NAME 'fRSRootSecurity' SYNTAX '1.2.840.113556.1.4.907' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1423 NAME 'msCOM-PartitionLink' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 2.5.4.32 NAME 'owner' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1436 NAME 'msPKI-Cert-Template-OID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1716 NAME 'msDS-IntId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.6.18.1.309 NAME 'msSFU30Name' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE )", "( 1.2.840.113556.1.4.254 NAME 'cOMTypelibId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1642 NAME 'msWMI-Query' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.155 NAME 'uASCompat' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1623 NAME 'msWMI-Author' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1964 NAME 'msFVE-RecoveryPassword' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )", "( 1.2.840.113556.1.4.764 NAME 'aCSPriority' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.571 NAME 'meetingType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.783 NAME 'defaultObjectCategory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1365 NAME 'mS-SQL-Contact' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.679 NAME 'creator' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 2.5.4.39 NAME 'certificateRevocationList' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.699 NAME 'dhcpType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1405 NAME 'mS-SQL-AllowQueuedUpdatingSubscription' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.915 NAME 'possibleInferiors' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.2234 NAME 'netbootDUID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.899 NAME 'aCSEnableRSVPAccounting' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.881 NAME 'fRSTimeLastConfigChange' SYNTAX '1.3.6.1.4.1.1466.115.121.1.53' SINGLE-VALUE )", "( 0.9.2342.19200300.100.1.55 NAME 'audio' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )", "( 1.2.840.113556.1.4.898 NAME 'aCSNonReservedTxSize' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.771 NAME 'servicePrincipalName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1820 NAME 'msDS-HasDomainNCs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.2070 NAME 'msTSEndpointData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.620 NAME 'ipsecName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.458 NAME 'qualityOfService' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2042 NAME 'msDFS-ShortNameLinkPathv2' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1688 NAME 'msDS-Security-Group-Extra-Classes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.2289 NAME 'msDS-UserAuthNPolicy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.2.83 NAME 'repsTo' SYNTAX 'OctetString' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1357 NAME 'dSCorePropagationData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.2196 NAME 'msDS-ManagedPassword' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.647 NAME 'otherMobile' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.2072 NAME 'msTSEndpointPlugin' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.749 NAME 'url' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.701 NAME 'dhcpIdentification' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.122 NAME 'serviceClassID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2058 NAME 'isRecycled' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.213 NAME 'defaultClassStore' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.2252 NAME 'msDS-DeviceID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.633 NAME 'policyReplicationFlags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1693 NAME 'msFRS-Hub-Member' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1328 NAME 'pKIKeyUsage' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.2.459 NAME 'networkAddress' SYNTAX '1.2.840.113556.1.4.905' )", "( 1.2.840.113556.1.4.1786 NAME 'msIIS-FTPDir' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.806 NAME 'treatAsLeaf' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.820 NAME 'bridgeheadServerListBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.6.13.3.36 NAME 'msDFSR-OnDemandExclusionDirectoryFilter' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.640 NAME 'partialAttributeSet' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.853 NAME 'netbootAnswerRequests' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 2.5.4.31 NAME 'member' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.6.18.1.323 NAME 'msSFU30Aliases' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )", "( 1.2.840.113556.1.4.1243 NAME 'mSMQQueueNameExt' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1370 NAME 'mS-SQL-CharacterSet' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1622 NAME 'msDS-Entry-Time-To-Die' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.2.460 NAME 'lDAPDisplayName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2031 NAME 'msDFS-SchemaMinorVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.3.6.1.1.1.1.12 NAME 'memberUid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )", "( 1.2.840.113556.1.4.1800 NAME 'msDS-AzOperationID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.322 NAME 'categoryId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.60 NAME 'lockoutDuration' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.870 NAME 'frsComputerReferenceBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 2.5.4.45 NAME 'x500uniqueIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.6.13.3.25 NAME 'msDFSR-Priority' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.847 NAME 'installUiLevel' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1842 NAME 'msDs-MaxValues' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 2.5.4.9 NAME 'street' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2154 NAME 'msAuthz-CentralAccessPolicyID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.2.3 NAME 'whenChanged' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1433 NAME 'msPKI-Minimal-Key-Size' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1814 NAME 'msDS-TasksForAzRole' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.6.13.3.101 NAME 'msDFSR-ComputerReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.580 NAME 'meetingIP' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.539 NAME 'initialAuthIncoming' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.356 NAME 'foreignIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.565 NAME 'meetingID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.3.6.1.1.1.1.3 NAME 'unixHomeDirectory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1721 NAME 'msDS-UpdateScript' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.557 NAME 'parentCA' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.255 NAME 'vendor' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.900 NAME 'aCSRSVPAccountFilesLocation' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1320 NAME 'aCSNonReservedMaxSDUSize' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1956 NAME 'ms-net-ieee-8023-GP-PolicyReserved' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.773 NAME 'aCSRSVPLogFilesLocation' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.951 NAME 'mSMQQMID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.2.102 NAME 'memberOf' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1397 NAME 'mS-SQL-CreationDate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2146 NAME 'msDNS-ParentHasSecureDelegation' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.113 NAME 'rpcNsBindings' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.656 NAME 'userPrincipalName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1934 NAME 'msDS-IsPartialReplicaFor' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.2167 NAME 'msDS-PrimaryComputer' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.2.469 NAME 'USNIntersite' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1803 NAME 'msDS-AzLastImportedBizRulePath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2295 NAME 'msDS-AssignedAuthNPolicy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 2.5.4.13 NAME 'description' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.922 NAME 'mSMQLabel' SYNTAX '1.2.840.113556.1.4.905' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2024 NAME 'msDS-NcType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.2011 NAME 'msDS-MaximumPasswordAge' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2291 NAME 'msDS-ComputerAuthNPolicy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1832 NAME 'msDS-DateTime' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' )", "( 1.2.840.113556.1.2.281 NAME 'nTSecurityDescriptor' SYNTAX '1.2.840.113556.1.4.907' SINGLE-VALUE )", "( 1.2.840.113556.1.4.722 NAME 'otherIpPhone' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1368 NAME 'mS-SQL-Build' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.219 NAME 'iconPath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1417 NAME 'mSMQComputerTypeEx' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 0.9.2342.19200300.100.1.38 NAME 'associatedName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.1986 NAME 'msTSConnectClientDrives' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2285 NAME 'msDS-AssignedAuthNPolicySilo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1638 NAME 'msWMI-Mof' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.314 NAME 'rpcNsTransferSyntax' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1702 NAME 'msDS-TrustForestTrustInfo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.2.557 NAME 'Enabled' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.2.21 NAME 'subClassOf' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' SINGLE-VALUE NO-USER-MODIFICATION )", "( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1845 NAME 'msDS-QuotaAmount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1119 NAME 'msNPAllowDialin' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.2.33 NAME 'isSingleValued' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.782 NAME 'objectCategory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2177 NAME 'msKds-DomainID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2195 NAME 'msDS-AppliesToResourceTypes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.152 NAME 'groupAttributes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.334 NAME 'volTableIdxGUID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.272 NAME 'printNotify' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.2.334 NAME 'searchFlags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2298 NAME 'msDS-AuthNPolicySiloEnforced' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1428 NAME 'msCOM-ObjectId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.2.400 NAME 'addressEntryDisplayTableMSDOS' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.81 NAME 'modifiedCountAtLastProm' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.71 NAME 'machineRole' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1123 NAME 'msNPCalledStationID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )", "( 1.2.840.113556.1.4.654 NAME 'managedObjects' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.638 NAME 'isPrivilegeHolder' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.197 NAME 'systemMustContain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.91 NAME 'otherLoginWorkstations' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.6.13.3.32 NAME 'msDFSR-DisablePacketPrivacy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2297 NAME 'msDS-AuthNPolicyEnforced' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.576 NAME 'meetingMaxParticipants' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.3.6.1.1.1.1.4 NAME 'loginShell' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE )", "( 1.2.840.113556.1.4.779 NAME 'aCSCacheTimeout' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.751 NAME 'userSharedFolder' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.6.18.1.342 NAME 'msSFU30MaxGidNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1380 NAME 'mS-SQL-Status' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.13 NAME 'builtinCreationTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.277 NAME 'printMaxXExtent' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.230 NAME 'printSeparatorFile' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1387 NAME 'mS-SQL-GPSHeight' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2054 NAME 'msImaging-PSPString' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.235 NAME 'printFormName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 2.5.4.20 NAME 'telephoneNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1621 NAME 'msDS-Other-Settings' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.6.18.1.304 NAME 'msSFU30SearchAttributes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 2.5.21.9 NAME 'structuralObjectClass' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' )", "( 1.2.840.113556.1.4.659 NAME 'serviceDNSNameType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.902 NAME 'aCSMaxSizeOfRSVPAccountFile' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.569 NAME 'meetingLocation' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.261 NAME 'division' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1640 NAME 'msWMI-NormalizedClass' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.300 NAME 'printerName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1960 NAME 'msDS-isRODC' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.268 NAME 'eFSPolicy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.1824 NAME 'msDS-AzMajorVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2134 NAME 'msDNS-DSRecordAlgorithms' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.270 NAME 'printShareName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1400 NAME 'mS-SQL-Applications' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1312 NAME 'aCSServerList' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1376 NAME 'mS-SQL-SPX' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.368 NAME 'rIDManagerReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1371 NAME 'mS-SQL-SortOrder' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.2.118 NAME 'otherPager' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1894 NAME 'msPKIAccountCredentials' SYNTAX '1.2.840.113556.1.4.903' )", "( 1.2.840.113556.1.6.13.3.16 NAME 'msDFSR-Flags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1301 NAME 'tokenGroups' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.1626 NAME 'msWMI-CreationDate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.2.14 NAME 'hasMasterNCs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.153 NAME 'rid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2084 NAME 'msSPP-ConfirmationId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.6.13.3.2 NAME 'msDFSR-Extension' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1846 NAME 'msDS-DefaultQuota' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.2.35 NAME 'rangeUpper' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1633 NAME 'msWMI-Int8Max' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.2.48 NAME 'isDeleted' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1327 NAME 'pKIDefaultKeySpec' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1408 NAME 'mS-DS-ReplicatesNCReason' SYNTAX '1.2.840.113556.1.4.903' )", "( 1.2.840.113556.1.4.1816 NAME 'msDS-AzClassId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2088 NAME 'msSPP-IssuanceLicense' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1672 NAME 'msPKI-OID-CPS' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.590 NAME 'meetingBlob' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.72 NAME 'marshalledInterface' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.1385 NAME 'mS-SQL-GPSLatitude' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2097 NAME 'msDS-ClaimPossibleValues' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.6.13.3.26 NAME 'msDFSR-DeletedPath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1826 NAME 'msDS-RetiredReplNCSignatures' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.2143 NAME 'msDNS-SigningKeyDescriptors' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.491 NAME 'fRSFaultCondition' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2278 NAME 'msDS-UserAllowedToAuthenticateFrom' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2017 NAME 'msDS-LockoutObservationWindow' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2130 NAME 'msDNS-IsSigned' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2057 NAME 'msDS-HostServiceAccountBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.683 NAME 'cRLPartitionedRevocationList' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.481 NAME 'schemaUpdate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1332 NAME 'pKIOverlapPeriod' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.692 NAME 'previousCACertificates' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.573 NAME 'meetingApplication' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1849 NAME 'msDS-QuotaUsed' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE )", "( 1.2.840.113556.1.4.517 NAME 'ipsecPolicyReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1822 NAME 'msieee80211-DataType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.664 NAME 'syncWithObject' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2183 NAME 'msDS-GeoCoordinatesAltitude' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.284 NAME 'bytesPerMinute' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.139 NAME 'profilePath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 2.5.4.40 NAME 'crossCertificatePair' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.1929 NAME 'msDS-SecondaryKrbTgtNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.2294 NAME 'msDS-ServiceAuthNPolicyBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1414 NAME 'dNSTombstoned' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.2.104 NAME 'ownerBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1930 NAME 'msDS-RevealedDSAs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.2240 NAME 'msDS-IssuerCertificates' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.1692 NAME 'msFRS-Topology-Pref' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.158 NAME 'domainReplica' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.2.2 NAME 'whenCreated' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.76 NAME 'maxStorage' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.484 NAME 'fRSDirectoryFilter' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1916 NAME 'msRADIUS-SavedFramedIpv6Prefix' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2087 NAME 'msSPP-ConfigLicense' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.627 NAME 'ipsecNFAReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.2.351 NAME 'auxiliaryClass' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' )", "( 1.2.840.113556.1.2.50 NAME 'linkID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1718 NAME 'msDS-AdditionalSamAccountName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.6.13.3.35 NAME 'msDFSR-OnDemandExclusionFileFilter' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.577 NAME 'meetingOriginator' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.2.169 NAME 'showInAdvancedViewOnly' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.582 NAME 'meetingAdvertiseScope' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 0.9.2342.19200300.100.1.48 NAME 'buildingName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.2181 NAME 'msImaging-HashAlgorithm' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2101 NAME 'msDS-ClaimSharesPossibleValuesWith' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.24 NAME 'contentIndexingAllowed' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.6.13.3.39 NAME 'msDFSR-CommonStagingSizeInMb' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2135 NAME 'msDNS-RFC5011KeyRollovers' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.682 NAME 'friendlyNames' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.2071 NAME 'msTSEndpointType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2263 NAME 'msDS-RegisteredUsers' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.2062 NAME 'msDS-OptionalFeatureGUID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.767 NAME 'aCSMaxPeakBandwidth' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 2.5.4.28 NAME 'preferredDeliveryMethod' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' )", "( 1.2.840.113556.1.4.919 NAME 'mSMQQuota' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.327 NAME 'packageFlags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.382 NAME 'dnsRecord' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.755 NAME 'domainIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.872 NAME 'fRSControlInboundBacklog' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.928 NAME 'mSMQOutRoutingServers' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.768 NAME 'aCSEnableRSVPMessageLogging' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.585 NAME 'meetingIsEncrypted' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.2.34 NAME 'rangeLower' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1361 NAME 'mS-DS-ConsistencyChildCount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2192 NAME 'msDS-EgressClaimsTransformationPolicy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2292 NAME 'msDS-ComputerAuthNPolicyBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.843 NAME 'lDAPAdminLimits' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1847 NAME 'msDS-TombstoneQuotaFactor' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1355 NAME 'queryFilter' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 2.5.4.16 NAME 'postalAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.307 NAME 'options' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.2.74 NAME 'dSASignature' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.380 NAME 'dnsSecureSecondaries' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' )", "( 1.2.840.113556.1.4.634 NAME 'privilegeDisplayName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.2.598 NAME 'dmdName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1399 NAME 'mS-SQL-LastDiagnosticDate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2280 NAME 'msDS-ComputerAllowedToAuthenticateTo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.2.350 NAME 'addressType' SYNTAX '1.2.840.113556.1.4.905' SINGLE-VALUE )", "( 1.2.840.113556.1.6.13.3.38 NAME 'msDFSR-CommonStagingPath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.672 NAME 'categories' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1675 NAME 'msPKI-RA-Application-Policies' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1244 NAME 'addressBookRoots' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.336 NAME 'volTableGUID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.65 NAME 'logonWorkstation' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2153 NAME 'msAuthz-ResourceCondition' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.6.13.3.34 NAME 'msDFSR-DefaultCompressionExclusionFilter' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.756 NAME 'aCSTimeOfDay' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2276 NAME 'msDS-SyncServerUrl' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.710 NAME 'superScopes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.44' )", "( 1.2.840.113556.1.2.210 NAME 'proxyAddresses' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.6.18.1.348 NAME 'msSFU30NetgroupHostAtDomain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )", "( 1.2.840.113556.1.4.1306 NAME 'dNSProperty' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.2.141 NAME 'department' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.871 NAME 'fRSControlDataCreation' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.253 NAME 'cOMOtherProgId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1337 NAME 'mSMQUserSid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION )", "( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 2.5.4.37 NAME 'cACertificate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.698 NAME 'dhcpUniqueKey' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1980 NAME 'msTSRemoteControl' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 0.9.2342.19200300.100.1.9 NAME 'host' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.2081 NAME 'msSPP-CSVLKSkuId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.483 NAME 'fRSFileFilter' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2168 NAME 'msDS-IsPrimaryComputerFor' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.74 NAME 'maxPwdAge' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1374 NAME 'mS-SQL-NamedPipe' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1972 NAME 'msDS-FailedInteractiveLogonCount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1649 NAME 'msWMI-TargetType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.668 NAME 'domainCAs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.2021 NAME 'msDS-PSOApplied' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.25 NAME 'countryCode' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.160 NAME 'lmPwdHistory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.275 NAME 'printKeepPrintedJobs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2014 NAME 'msDS-PasswordHistoryLength' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1836 NAME 'msDS-hasMasterNCs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1813 NAME 'msDS-OperationsForAzRoleBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.2.212 NAME 'dSHeuristics' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.877 NAME 'fRSPartnerAuthLevel' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.2.13 NAME 'displayName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.269 NAME 'linkTrackSecret' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1239 NAME 'mSMQDependentClientService' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.238 NAME 'printMaxResolutionSupported' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.2.325 NAME 'perMsgDialogDisplayTable' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.819 NAME 'bridgeheadTransportList' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.540 NAME 'initialAuthOutgoing' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.2.523 NAME 'proxyGenerationEnabled' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.760 NAME 'aCSAggregateTokenRatePerUser' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.381 NAME 'dnsNotifySecondaries' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' )", "( 2.5.4.21 NAME 'telexNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.117 NAME 'rpcNsPriority' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' )", "( 1.2.840.113556.1.6.18.1.300 NAME 'msSFU30SearchContainer' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.960 NAME 'mSMQNt4Stub' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' )", "( 1.2.840.113556.1.4.844 NAME 'lDAPIPDenyList' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.918 NAME 'mSMQJournal' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.6.18.1.343 NAME 'msSFU30MaxUidNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1442 NAME 'msDS-Cached-Membership-Time-Stamp' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1458 NAME 'msDS-Auxiliary-Classes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.821 NAME 'siteList' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.1782 NAME 'msDS-KeyVersionNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION )", "( 2.5.4.50 NAME 'uniqueMember' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.1797 NAME 'msDS-AzScriptTimeout' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1812 NAME 'msDS-OperationsForAzRole' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.809 NAME 'remoteStorageGUID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.231 NAME 'priority' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.6.13.3.37 NAME 'msDFSR-Options2' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2083 NAME 'msSPP-InstallationId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 2.5.4.58 NAME 'attributeCertificateAttribute' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.6.18.1.302 NAME 'msSFU30FieldSeparator' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.532 NAME 'superiorDNSRoot' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.822 NAME 'siteLinkList' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.1366 NAME 'mS-SQL-Location' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.94 NAME 'ntPwdHistory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.1 NAME 'name' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1629 NAME 'msWMI-IntMax' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.118 NAME 'rpcNsProfileEntry' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2049 NAME 'msDS-BridgeHeadServersUsed' SYNTAX '1.2.840.113556.1.4.903' )", "( 1.2.840.113556.1.4.1969 NAME 'samDomainUpdates' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.889 NAME 'additionalTrustedServiceNames' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.77 NAME 'maxTicketAge' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1661 NAME 'msDS-NC-Replica-Locations' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.1783 NAME 'msDS-ExecuteScriptPassword' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.2.49 NAME 'mAPIID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.6.13.3.9 NAME 'msDFSR-Enabled' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.250 NAME 'cOMUniqueLIBID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 2.5.4.18 NAME 'postOfficeBox' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.2067 NAME 'msDS-LastKnownRDN' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1344 NAME 'dSUIAdminMaximum' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1153 NAME 'msRADIUSFramedIPAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1799 NAME 'msDS-AzScopeName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2013 NAME 'msDS-MinimumPasswordLength' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.114 NAME 'rpcNsGroup' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.146 NAME 'objectSid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.6.13.3.6 NAME 'msDFSR-StagingSizeInMb' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.365 NAME 'operatingSystemServicePack' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 2.5.21.6 NAME 'objectClasses' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1698 NAME 'msTAPI-uid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.2.256 NAME 'streetAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1191 NAME 'msRASSavedFramedRoute' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )", "( 1.2.840.113556.1.4.1965 NAME 'msFVE-RecoveryGuid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2166 NAME 'msDS-GenerationId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1359 NAME 'otherWellKnownObjects' SYNTAX '1.2.840.113556.1.4.903' )", "( 1.2.840.113556.1.4.1940 NAME 'msDS-RevealedList' SYNTAX '1.2.840.113556.1.4.904' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.2282 NAME 'msDS-ServiceAllowedToAuthenticateTo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.379 NAME 'dnsAllowXFR' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.628 NAME 'ipsecNegotiationPolicyReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1976 NAME 'msTSProfilePath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2076 NAME 'msPKI-Enrollment-Servers' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 2.5.4.53 NAME 'deltaRevocationList' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.2.18 NAME 'otherTelephone' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.2077 NAME 'msPKI-Site-Name' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1316 NAME 'aCSMinimumLatency' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2157 NAME 'msDS-ClaimSource' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1970 NAME 'msDS-LastSuccessfulInteractiveLogonTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.280 NAME 'printMinYExtent' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.415 NAME 'operatingSystemHotfix' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.6.18.1.306 NAME 'msSFU30MapFilter' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.610 NAME 'classDisplayName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1381 NAME 'mS-SQL-LastUpdatedDate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1957 NAME 'msDS-AuthenticatedToAccountlist' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1825 NAME 'msDS-AzMinorVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2198 NAME 'msDS-ManagedPasswordPreviousId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.2068 NAME 'msDS-DeletedObjectLifetime' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2095 NAME 'msDS-IsUsedAsResourceSecurityAttribute' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.786 NAME 'mailAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.373 NAME 'rIDUsedPool' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.6.13.3.19 NAME 'msDFSR-RdcEnabled' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.44 NAME 'homeDirectory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.538 NAME 'prefixMap' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.2034 NAME 'msDFS-LastModifiedv2' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2155 NAME 'msAuthz-MemberRulesInCentralAccessPolicy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.947 NAME 'mSMQSignCertificates' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.714 NAME 'dhcpOptions' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.2060 NAME 'msDS-LocalEffectiveRecycleTime' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.675 NAME 'catalogs' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.134 NAME 'trustPosixOffset' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1404 NAME 'mS-SQL-AllowImmediateUpdatingSubscription' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2047 NAME 'globalAddressList2' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.2.135 NAME 'cost' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1331 NAME 'pKIExpirationPeriod' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 2.5.4.15 NAME 'businessCategory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.6.13.3.4 NAME 'msDFSR-RootSizeInMb' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.869 NAME 'frsComputerReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1893 NAME 'msPKIDPAPIMasterKeys' SYNTAX '1.2.840.113556.1.4.903' )", "( 1.2.840.113556.1.4.1430 NAME 'msPKI-Enrollment-Flag' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.45 NAME 'homeDrive' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2085 NAME 'msSPP-OnlineLicense' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.196 NAME 'systemMayContain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.90 NAME 'unicodePwd' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.763 NAME 'aCSTotalNoOfFlows' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1806 NAME 'msDS-MembersForAzRole' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.873 NAME 'fRSControlOutboundBacklog' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.89 NAME 'nTGroupMembers' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.815 NAME 'canUpgradeScript' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.96 NAME 'pwdLastSet' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.228 NAME 'portName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1821 NAME 'msieee80211-Data' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.720 NAME 'dhcpUpdateTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 2.5.4.33 NAME 'roleOccupant' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.1818 NAME 'msDS-AzTaskIsRoleDefinition' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )", "( 1.2.840.113556.1.4.488 NAME 'fRSStagingPath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 0.9.2342.19200300.100.1.25 NAME 'dc' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.502 NAME 'timeVolChange' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.303 NAME 'notificationList' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.952 NAME 'mSMQMigrated' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2290 NAME 'msDS-UserAuthNPolicyBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.53 NAME 'lastSetTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.894 NAME 'gPCFileSysPath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 2.5.4.22 NAME 'teletexTerminalIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.2.471 NAME 'schemaVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' )", "( 1.2.840.113556.1.2.91 NAME 'repsFrom' SYNTAX 'OctetString' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.6.13.3.5 NAME 'msDFSR-StagingPath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.781 NAME 'lastKnownParent' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 2.5.4.43 NAME 'initials' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.901 NAME 'aCSMaxNoOfAccountFiles' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1928 NAME 'msDS-RevealOnDemandGroup' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.1689 NAME 'msDS-Non-Security-Group-Extra-Classes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.344 NAME 'groupsToIgnore' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.896 NAME 'uSNSource' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.964 NAME 'mSMQNt4Flags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2102 NAME 'msDS-ClaimSharesPossibleValuesWithBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 2.5.4.29 NAME 'presentationAddress' SYNTAX '1.3.6.1.4.1.1466.115.121.1.43' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2051 NAME 'msDS-OIDToGroupLink' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.369 NAME 'fSMORoleOwner' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1954 NAME 'ms-net-ieee-8023-GP-PolicyGUID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.648 NAME 'primaryTelexNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2283 NAME 'msDS-ServiceAllowedToAuthenticateFrom' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 2.5.4.12 NAME 'title' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 0.9.2342.19200300.100.1.1 NAME 'uid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1247 NAME 'interSiteTopologyRenew' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1697 NAME 'msDS-Settings' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.247 NAME 'printAttributes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2188 NAME 'msDS-ValueTypeReferenceBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.2133 NAME 'msDNS-MaintainTrustAnchor' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.6.18.1.324 NAME 'msSFU30KeyValues' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )", "( 1.2.840.113556.1.4.1378 NAME 'mS-SQL-AppleTalk' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1663 NAME 'msDS-Replication-Notify-First-DSA-Delay' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.121 NAME 'securityIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.748 NAME 'attributeDisplayNames' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 2.16.840.1.113730.3.1.35 NAME 'thumbnailPhoto' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2082 NAME 'msSPP-KMSIds' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.758 NAME 'aCSMaxTokenRatePerFlow' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.2.121 NAME 'uSNLastObjRem' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.875 NAME 'fRSMemberReference' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1349 NAME 'gPCUserExtensionNames' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.138 NAME 'userParameters' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 2.5.4.36 NAME 'userCertificate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.6.13.3.102 NAME 'msDFSR-MemberReferenceBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.2.131 NAME 'co' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 2.5.4.3 NAME 'cn' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.936 NAME 'mSMQEncryptKey' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.2.226 NAME 'adminDescription' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 2.5.4.34 NAME 'seeAlso' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.2.444 NAME 'msExchAssistantName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.667 NAME 'syncWithSID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1998 NAME 'msFVE-VolumeGuid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2107 NAME 'msTPM-SrkPubThumbprint' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.2.81 NAME 'info' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1686 NAME 'msWMI-ScopeGuid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.151 NAME 'oEMInformation' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.935 NAME 'mSMQOSType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.374 NAME 'rIDNextRID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.2039 NAME 'msDFS-LinkPathv2' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.141 NAME 'versionNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.505 NAME 'oMTGuid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.88 NAME 'nextRid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2037 NAME 'msDFS-Propertiesv2' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1994 NAME 'msTSLicenseVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 2.16.840.1.113730.3.140 NAME 'userSMIMECertificate' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.1985 NAME 'msTSBrokenConnectionAction' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.281 NAME 'printStaplingSupported' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.6.13.3.17 NAME 'msDFSR-Options' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.485 NAME 'fRSUpdateTimeout' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1967 NAME 'msDS-NC-RO-Replica-Locations' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.1819 NAME 'msDS-AzApplicationData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.6.18.1.347 NAME 'msSFU30PosixMemberOf' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.1425 NAME 'msCOM-UserLink' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.6.13.3.24 NAME 'msDFSR-DfsLinkTarget' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.512 NAME 'siteObject' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.584 NAME 'meetingRating' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1794 NAME 'msDS-NonMembersBL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.776 NAME 'aCSDSBMPriority' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.520 NAME 'machinePasswordChangeInterval' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.669 NAME 'rIDSetReferences' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.941 NAME 'mSMQLongLived' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1241 NAME 'netbootMirrorDataFile' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.6.18.1.305 NAME 'msSFU30ResultAttributes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.2236 NAME 'msds-memberOfTransitive' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1427 NAME 'msCOM-DefaultPartitionLink' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.519 NAME 'lastBackupRestorationTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.337 NAME 'currMachineId' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.2.32 NAME 'attributeSyntax' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.362 NAME 'siteGUID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.823 NAME 'certificateTemplates' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.6.18.1.352 NAME 'msSFU30CryptMethod' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1946 NAME 'msDS-PhoneticDisplayName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 2.5.4.14 NAME 'searchGuide' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.2270 NAME 'msDS-IsManaged' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.581 NAME 'meetingScope' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.673 NAME 'retiredReplDSASignatures' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.855 NAME 'netbootNewMachineNamingPolicy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1245 NAME 'globalAddressList' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.2.227 NAME 'extensionName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.884 NAME 'msRRASAttribute' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.6.18.1.349 NAME 'msSFU30NetgroupUserAtDomain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.26' )", "( 1.2.840.113556.1.4.680 NAME 'queryPoint' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.888 NAME 'iPSECNegotiationPolicyAction' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.6.13.3.29 NAME 'msDFSR-CachePolicy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.299 NAME 'printMediaSupported' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.503 NAME 'timeRefresh' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.11 NAME 'authenticationOptions' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.198 NAME 'systemAuxiliaryClass' SYNTAX '1.3.6.1.4.1.1466.115.121.1.38' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.857 NAME 'netbootIntelliMirrorOSes' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1406 NAME 'mS-SQL-AllowSnapshotFilesFTPDownloading' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1333 NAME 'pKIExtendedKeyUsage' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.2019 NAME 'msDS-LockoutThreshold' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1844 NAME 'msDS-QuotaTrustee' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.6.18.1.350 NAME 'msSFU30IsValidContainer' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.359 NAME 'netbootGUID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1719 NAME 'msDS-DnsRootAlias' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.909 NAME 'extendedAttributeInfo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' NO-USER-MODIFICATION )", "( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1248 NAME 'interSiteTopologyFailover' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2275 NAME 'msDS-CloudIsEnabled' SYNTAX '1.3.6.1.4.1.1466.115.121.1.7' SINGLE-VALUE )", "( 1.2.840.113556.1.4.887 NAME 'iPSECNegotiationPolicyType' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2059 NAME 'msDS-LocalEffectiveDeletionTime' SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.587 NAME 'meetingStartTime' SYNTAX '1.3.6.1.4.1.1466.115.121.1.53' )", "( 2.5.4.17 NAME 'postalCode' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.2.445 NAME 'originalDisplayTable' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1990 NAME 'msTSInitialProgram' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.662 NAME 'lockoutTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 0.9.2342.19200300.100.1.21 NAME 'secretary' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.95 NAME 'pwdHistoryLength' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.759 NAME 'aCSMaxPeakBandwidthPerFlow' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.753 NAME 'nameServiceFlags' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.694 NAME 'previousParentCA' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.142 NAME 'winsockAddresses' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.2075 NAME 'msTSSecondaryDesktops' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.2105 NAME 'msSPP-CSVLKPid' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.49 NAME 'badPasswordTime' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2184 NAME 'msDS-GeoCoordinatesLatitude' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2079 NAME 'msDS-RequiredForestBehaviorVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1955 NAME 'ms-net-ieee-8023-GP-PolicyData' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.237 NAME 'printBinNames' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1382 NAME 'mS-SQL-InformationURL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.6.13.3.13 NAME 'msDFSR-DirectoryFilter' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.148 NAME 'schemaIDGUID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.2189 NAME 'msDS-TransformationRules' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 2.5.4.10 NAME 'o' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.504 NAME 'seqNotification' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 2.5.4.7 NAME 'l' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.57 NAME 'defaultLocalPolicyObject' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1801 NAME 'msDS-AzBizRule' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.948 NAME 'mSMQDigests' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.2.327 NAME 'helpFileName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.421 NAME 'domainWidePolicy' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 2.5.4.6 NAME 'c' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2139 NAME 'msDNS-DNSKEYRecordSetTTL' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.609 NAME 'sIDHistory' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.1711 NAME 'msDS-SDReferenceDomain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1367 NAME 'mS-SQL-Memory' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.715 NAME 'dhcpClasses' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.1305 NAME 'moveTreeState' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.757 NAME 'aCSDirection' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.631 NAME 'printPagesPerMinute' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.145 NAME 'revision' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.646 NAME 'otherFacsimileTelephoneNumber' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )", "( 1.2.840.113556.1.4.1798 NAME 'msDS-AzApplicationName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.366 NAME 'rpcNsAnnotation' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2190 NAME 'msDS-TransformationRulesCompiled' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.4.1636 NAME 'msWMI-StringDefault' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.813 NAME 'upgradeProductCode' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' )", "( 1.2.840.113556.1.4.1951 NAME 'ms-net-ieee-80211-GP-PolicyGUID' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2098 NAME 'msDS-ClaimValueType' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE NO-USER-MODIFICATION )", "( 1.2.840.113556.1.2.194 NAME 'adminDisplayName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.879 NAME 'fRSServiceCommandStatus' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.361 NAME 'netbootMachineFilePath' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.67 NAME 'lSAModifiedCount' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.920 NAME 'mSMQBasePriority' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2277 NAME 'msDS-UserAllowedToAuthenticateTo' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2056 NAME 'msDS-HostServiceAccount' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )", "( 1.2.840.113556.1.4.1943 NAME 'msDS-PhoneticLastName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.2055 NAME 'msDS-USNLastSyncSuccess' SYNTAX '1.2.840.113556.1.4.906' SINGLE-VALUE )", "( 1.2.840.113556.1.4.101 NAME 'privateKey' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 2.5.4.42 NAME 'givenName' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE )", "( 1.2.840.113556.1.4.685 NAME 'parentCACertificateChain' SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE )", "( 1.2.840.113556.1.4.1924 NAME 'msDS-RevealedUsers' SYNTAX '1.2.840.113556.1.4.903' NO-USER-MODIFICATION )", "( 1.2.840.113556.1.2.76 NAME 'objectVersion' SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )", "( 1.2.840.113556.1.4.856 NAME 'netbootNewMachineOU' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' SINGLE-VALUE )" ], "cn": [ "Aggregate" ], "dITContentRules": [ "( 1.2.840.113556.1.6.13.4.6 NAME 'msDFSR-Content' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 2.5.6.14 NAME 'device' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ) MAY (uid $ manager $ ipHostNumber $ macAddress $ bootParameter $ bootFile ))", "( 1.2.840.113556.1.5.205 NAME 'msWMI-IntRangeParam' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.5 NAME 'samServer' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.196 NAME 'msPKI-Enterprise-Oid' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.7000.53 NAME 'crossRefContainer' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 2.5.6.5 NAME 'organizationalUnit' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.152 NAME 'intellimirrorGroup' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.253 NAME 'msFVE-RecoveryInformation' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.262 NAME 'msImaging-PSPs' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.251 NAME 'ms-net-ieee-80211-GroupPolicy' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.138 NAME 'aCSSubnet' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.43 NAME 'fTDfs' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.27 NAME 'rpcEntry')", "( 1.2.840.113556.1.5.85 NAME 'dnsZone' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.4.2163 NAME 'msAuthz-CentralAccessRule' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.194 NAME 'msCOM-PartitionSet' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.242 NAME 'msDS-QuotaContainer' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.281 NAME 'msDS-ClaimsTransformationPolicies' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.146 NAME 'remoteStorageServicePoint' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.2 NAME 'samDomainBase')", "( 1.2.840.113556.1.5.132 NAME 'dHCPClass' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.283 NAME 'msDS-CloudExtensions')", "( 1.2.840.113556.1.5.89 NAME 'nTFRSSettings' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.24 NAME 'remoteMailRecipient' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ) MUST (cn ) MAY (telephoneNumber $ userCertificate $ info $ garbageCollPeriod $ msExchAssistantName $ msExchLabeledURI $ showInAddressBook $ userCert $ legacyExchangeDN $ msDS-PhoneticDisplayName $ msDS-GeoCoordinatesAltitude $ msDS-GeoCoordinatesLatitude $ msDS-GeoCoordinatesLongitude $ userSMIMECertificate $ textEncodedORAddress $ secretary $ labeledURI ))", "( 1.2.840.113556.1.5.221 NAME 'msTAPI-RtConference' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.201 NAME 'msWMI-SimplePolicyTemplate' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.6.18.2.212 NAME 'msSFU30NetId' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.49 NAME 'packageRegistration' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.139 NAME 'lostAndFound' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.14 NAME 'connectionPoint')", "( 1.2.840.113556.1.5.6 NAME 'securityPrincipal')", "( 1.2.840.113556.1.5.147 NAME 'siteLink' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.255 NAME 'msDS-PasswordSettings' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.4.2162 NAME 'msAuthz-CentralAccessRules' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.30 NAME 'serviceInstance' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.156 NAME 'rRASAdministrationDictionary' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.4.2164 NAME 'msAuthz-CentralAccessPolicy' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ) MUST (objectSid $ sAMAccountName ) MAY (info $ garbageCollPeriod $ msExchAssistantName $ msExchLabeledURI $ securityIdentifier $ supplementalCredentials $ rid $ sAMAccountType $ sIDHistory $ showInAddressBook $ userCert $ legacyExchangeDN $ altSecurityIdentities $ tokenGroups $ tokenGroupsNoGCAcceptable $ accountNameHistory $ tokenGroupsGlobalAndUniversal $ msDS-KeyVersionNumber $ unixUserPassword $ msDS-GeoCoordinatesAltitude $ msDS-GeoCoordinatesLatitude $ msDS-GeoCoordinatesLongitude $ msDS-cloudExtensionAttribute1 $ msDS-cloudExtensionAttribute2 $ msDS-cloudExtensionAttribute3 $ msDS-cloudExtensionAttribute4 $ msDS-cloudExtensionAttribute5 $ msDS-cloudExtensionAttribute6 $ msDS-cloudExtensionAttribute7 $ msDS-cloudExtensionAttribute8 $ msDS-cloudExtensionAttribute9 $ msDS-cloudExtensionAttribute10 $ msDS-cloudExtensionAttribute11 $ msDS-cloudExtensionAttribute12 $ msDS-cloudExtensionAttribute13 $ msDS-cloudExtensionAttribute14 $ msDS-cloudExtensionAttribute15 $ msDS-cloudExtensionAttribute16 $ msDS-cloudExtensionAttribute17 $ msDS-cloudExtensionAttribute18 $ msDS-cloudExtensionAttribute19 $ msDS-cloudExtensionAttribute20 $ textEncodedORAddress $ uidNumber $ gidNumber $ gecos $ unixHomeDirectory $ loginShell $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag ))", "( 1.2.840.113556.1.5.52 NAME 'fileLinkTracking' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.18 NAME 'domainPolicy' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.6.18.2.216 NAME 'msSFU30NetworkUser' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject')", "( 1.2.840.113556.1.5.177 NAME 'pKICertificateTemplate' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.293 NAME 'msDS-AuthNPolicies' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.6.13.4.2 NAME 'msDFSR-Subscriber' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.31 NAME 'site' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.222 NAME 'msTAPI-RtPerson' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.68 NAME 'applicationSiteSettings')", "( 1.2.840.113556.1.3.14 NAME 'attributeSchema' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.267 NAME 'msSPP-ActivationObject' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.220 NAME 'msDS-App-Configuration' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.3.23 NAME 'container' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.6.13.4.10 NAME 'msDFSR-Connection' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.207 NAME 'msWMI-UintRangeParam' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.23 NAME 'printQueue' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.260 NAME 'msDFS-DeletedLinkv2' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.140 NAME 'interSiteTransportContainer' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.130 NAME 'indexServerCatalog' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.98 NAME 'ipsecPolicy' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 2.5.6.0 NAME 'top')", "( 1.2.840.113556.1.5.36 NAME 'volume' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.236 NAME 'msDS-AzOperation' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 2.5.6.9 NAME 'groupOfNames' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.12 NAME 'configuration' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.78 NAME 'licensingSiteSettings' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.69 NAME 'nTDSSiteSettings' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.269 NAME 'msDS-ClaimTypePropertyBase')", "( 1.2.840.113556.1.5.273 NAME 'msDS-ResourceProperty' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.239 NAME 'msDS-AzRole' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.3.6.1.1.1.2.12 NAME 'bootableDevice')", "( 1.2.840.113556.1.5.294 NAME 'msDS-AuthNPolicy' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.86 NAME 'dnsNode' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.210 NAME 'msWMI-StringSetParam' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.264 NAME 'msDS-ManagedServiceAccount' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ) MUST (objectSid $ sAMAccountName ) MAY (info $ garbageCollPeriod $ msExchAssistantName $ msExchLabeledURI $ securityIdentifier $ supplementalCredentials $ rid $ sAMAccountType $ sIDHistory $ showInAddressBook $ userCert $ legacyExchangeDN $ altSecurityIdentities $ tokenGroups $ tokenGroupsNoGCAcceptable $ accountNameHistory $ tokenGroupsGlobalAndUniversal $ msDS-KeyVersionNumber $ unixUserPassword $ msDS-GeoCoordinatesAltitude $ msDS-GeoCoordinatesLatitude $ msDS-GeoCoordinatesLongitude $ msDS-cloudExtensionAttribute1 $ msDS-cloudExtensionAttribute2 $ msDS-cloudExtensionAttribute3 $ msDS-cloudExtensionAttribute4 $ msDS-cloudExtensionAttribute5 $ msDS-cloudExtensionAttribute6 $ msDS-cloudExtensionAttribute7 $ msDS-cloudExtensionAttribute8 $ msDS-cloudExtensionAttribute9 $ msDS-cloudExtensionAttribute10 $ msDS-cloudExtensionAttribute11 $ msDS-cloudExtensionAttribute12 $ msDS-cloudExtensionAttribute13 $ msDS-cloudExtensionAttribute14 $ msDS-cloudExtensionAttribute15 $ msDS-cloudExtensionAttribute16 $ msDS-cloudExtensionAttribute17 $ msDS-cloudExtensionAttribute18 $ msDS-cloudExtensionAttribute19 $ msDS-cloudExtensionAttribute20 $ textEncodedORAddress $ uidNumber $ gidNumber $ gecos $ unixHomeDirectory $ loginShell $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipHostNumber ))", "( 1.2.840.113556.1.5.15 NAME 'contact' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ) MAY (userCertificate $ info $ garbageCollPeriod $ msExchAssistantName $ msExchLabeledURI $ showInAddressBook $ userCert $ legacyExchangeDN $ msDS-GeoCoordinatesAltitude $ msDS-GeoCoordinatesLatitude $ msDS-GeoCoordinatesLongitude $ userSMIMECertificate $ textEncodedORAddress $ secretary $ labeledURI ))", "( 1.3.6.1.1.1.2.0 NAME 'posixAccount')", "( 1.2.840.113556.1.5.266 NAME 'msSPP-ActivationObjectsContainer' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.217 NAME 'msWMI-ObjectEncoding' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.33 NAME 'storage' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.67 NAME 'domainDNS' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ) MAY (cACertificate $ builtinCreationTime $ builtinModifiedCount $ creationTime $ domainPolicyObject $ forceLogoff $ defaultLocalPolicyObject $ lockoutDuration $ lockOutObservationWindow $ lSACreationTime $ lSAModifiedCount $ lockoutThreshold $ maxPwdAge $ minPwdAge $ minPwdLength $ modifiedCountAtLastProm $ nETBIOSName $ nextRid $ pwdProperties $ pwdHistoryLength $ privateKey $ replicaSource $ objectSid $ oEMInformation $ serverState $ uASCompat $ serverRole $ domainReplica $ modifiedCount $ controlAccessRights $ auditingPolicy $ eFSPolicy $ desktopProfile $ nTMixedDomain $ rIDManagerReference $ treeName $ pekList $ pekKeyChangeInterval $ gPLink $ gPOptions $ ms-DS-MachineAccountQuota $ msDS-LogonTimeSyncInterval $ msDS-PerUserTrustQuota $ msDS-AllUsersTrustQuota $ msDS-PerUserTrustTombstonesQuota ))", "( 1.2.840.113556.1.5.92 NAME 'linkTrackVolEntry' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.3.6.1.1.1.2.11 NAME 'ieee802Device')", "( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject')", "( 1.2.840.113556.1.5.235 NAME 'msDS-AzApplication' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.107 NAME 'sitesContainer' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.263 NAME 'msImaging-PostScanProcess' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.240 NAME 'msieee80211-Policy' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.95 NAME 'subnetContainer' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 0.9.2342.19200300.100.4.6 NAME 'document' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 2.5.6.6 NAME 'person' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.274 NAME 'msDS-ResourcePropertyList' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.270 NAME 'msDS-ClaimTypes' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.3.6.1.1.1.2.1 NAME 'shadowAccount')", "( 1.2.840.113556.1.5.179 NAME 'mSMQMigratedUser' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.185 NAME 'mS-SQL-OLAPServer' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.3.6.1.4.1.1466.101.119.2 NAME 'dynamicObject')", "( 1.2.840.113556.1.5.155 NAME 'nTFRSSubscriber' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.129 NAME 'rIDSet' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.3.58 NAME 'addressTemplate' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.154 NAME 'nTFRSSubscriptions' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.7000.47 NAME 'nTDSDSA' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.175 NAME 'infrastructureUpdate' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.6.18.2.215 NAME 'msSFU30DomainInfo' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.213 NAME 'msWMI-Som' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.82 NAME 'rpcProfile' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.164 NAME 'mSMQSiteLink' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.184 NAME 'mS-SQL-SQLServer' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.106 NAME 'queryPolicy' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.162 NAME 'mSMQConfiguration' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.257 NAME 'msDFS-NamespaceAnchor' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.6.13.4.7 NAME 'msDFSR-ContentSet' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.276 NAME 'msTPM-InformationObjectsContainer' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.209 NAME 'msWMI-RealRangeParam' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 2.5.6.7 NAME 'organizationalPerson' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.176 NAME 'msExchConfigurationContainer' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.278 NAME 'msKds-ProvRootKey' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.238 NAME 'msDS-AzTask' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.282 NAME 'msDS-GroupManagedServiceAccount' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ) MUST (objectSid $ sAMAccountName ) MAY (info $ garbageCollPeriod $ msExchAssistantName $ msExchLabeledURI $ securityIdentifier $ supplementalCredentials $ rid $ sAMAccountType $ sIDHistory $ showInAddressBook $ userCert $ legacyExchangeDN $ altSecurityIdentities $ tokenGroups $ tokenGroupsNoGCAcceptable $ accountNameHistory $ tokenGroupsGlobalAndUniversal $ msDS-KeyVersionNumber $ unixUserPassword $ msDS-GeoCoordinatesAltitude $ msDS-GeoCoordinatesLatitude $ msDS-GeoCoordinatesLongitude $ msDS-cloudExtensionAttribute1 $ msDS-cloudExtensionAttribute2 $ msDS-cloudExtensionAttribute3 $ msDS-cloudExtensionAttribute4 $ msDS-cloudExtensionAttribute5 $ msDS-cloudExtensionAttribute6 $ msDS-cloudExtensionAttribute7 $ msDS-cloudExtensionAttribute8 $ msDS-cloudExtensionAttribute9 $ msDS-cloudExtensionAttribute10 $ msDS-cloudExtensionAttribute11 $ msDS-cloudExtensionAttribute12 $ msDS-cloudExtensionAttribute13 $ msDS-cloudExtensionAttribute14 $ msDS-cloudExtensionAttribute15 $ msDS-cloudExtensionAttribute16 $ msDS-cloudExtensionAttribute17 $ msDS-cloudExtensionAttribute18 $ msDS-cloudExtensionAttribute19 $ msDS-cloudExtensionAttribute20 $ textEncodedORAddress $ uidNumber $ gidNumber $ gecos $ unixHomeDirectory $ loginShell $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipHostNumber ))", "( 1.3.6.1.1.1.2.9 NAME 'nisMap' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.3.6.1.1.1.2.10 NAME 'nisObject' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.277 NAME 'msKds-ProvServerConfiguration' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.6.18.2.217 NAME 'msSFU30NISMapConfig' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.7000.48 NAME 'serversContainer' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.90 NAME 'linkTrackVolumeTable' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.188 NAME 'mS-SQL-SQLDatabase' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.211 NAME 'msWMI-PolicyType' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.183 NAME 'dSUISettings' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.157 NAME 'groupPolicyContainer' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.3 NAME 'samDomain' MAY (forceLogoff $ objectSid $ oEMInformation $ serverState $ uASCompat $ serverRole $ domainReplica $ modifiedCount ))", "( 1.2.840.113556.1.5.234 NAME 'msDS-AzAdminManager' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.214 NAME 'msWMI-Rule' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.254 NAME 'nTDSDSARO' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.286 NAME 'msDS-Device' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.34 NAME 'trustedDomain' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 0.9.2342.19200300.100.4.7 NAME 'room' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 2.5.6.4 NAME 'organization' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.272 NAME 'msDS-ClaimType' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.3.6.1.1.1.2.3 NAME 'ipService' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.80 NAME 'rpcGroup' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.17 NAME 'server' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.28 NAME 'secret' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.163 NAME 'mSMQEnterpriseSettings' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.202 NAME 'msWMI-MergeablePolicyTemplate' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.195 NAME 'msPKI-Key-Recovery-Agent' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ) MUST (objectSid $ sAMAccountName ) MAY (info $ garbageCollPeriod $ msExchAssistantName $ msExchLabeledURI $ securityIdentifier $ supplementalCredentials $ rid $ sAMAccountType $ sIDHistory $ showInAddressBook $ userCert $ legacyExchangeDN $ altSecurityIdentities $ tokenGroups $ tokenGroupsNoGCAcceptable $ accountNameHistory $ tokenGroupsGlobalAndUniversal $ msDS-KeyVersionNumber $ unixUserPassword $ msDS-GeoCoordinatesAltitude $ msDS-GeoCoordinatesLatitude $ msDS-GeoCoordinatesLongitude $ msDS-cloudExtensionAttribute1 $ msDS-cloudExtensionAttribute2 $ msDS-cloudExtensionAttribute3 $ msDS-cloudExtensionAttribute4 $ msDS-cloudExtensionAttribute5 $ msDS-cloudExtensionAttribute6 $ msDS-cloudExtensionAttribute7 $ msDS-cloudExtensionAttribute8 $ msDS-cloudExtensionAttribute9 $ msDS-cloudExtensionAttribute10 $ msDS-cloudExtensionAttribute11 $ msDS-cloudExtensionAttribute12 $ msDS-cloudExtensionAttribute13 $ msDS-cloudExtensionAttribute14 $ msDS-cloudExtensionAttribute15 $ msDS-cloudExtensionAttribute16 $ msDS-cloudExtensionAttribute17 $ msDS-cloudExtensionAttribute18 $ msDS-cloudExtensionAttribute19 $ msDS-cloudExtensionAttribute20 $ textEncodedORAddress $ uidNumber $ gidNumber $ gecos $ unixHomeDirectory $ loginShell $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag ))", "( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.258 NAME 'msDFS-Namespacev2' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.96 NAME 'subnet' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.216 NAME 'applicationVersion' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 2.5.6.10 NAME 'residentialPerson' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 2.5.6.19 NAME 'cRLDistributionPoint' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.137 NAME 'aCSPolicy' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.77 NAME 'controlAccessRight' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.219 NAME 'msMQ-Group' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.8 NAME 'group' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ) MUST (cn $ objectSid $ sAMAccountName ) MAY (telephoneNumber $ userPassword $ userCertificate $ info $ garbageCollPeriod $ msExchAssistantName $ msExchLabeledURI $ securityIdentifier $ supplementalCredentials $ rid $ sAMAccountType $ sIDHistory $ showInAddressBook $ userCert $ legacyExchangeDN $ altSecurityIdentities $ tokenGroups $ tokenGroupsNoGCAcceptable $ accountNameHistory $ tokenGroupsGlobalAndUniversal $ msDS-KeyVersionNumber $ unixUserPassword $ msDS-PhoneticDisplayName $ msDS-GeoCoordinatesAltitude $ msDS-GeoCoordinatesLatitude $ msDS-GeoCoordinatesLongitude $ userSMIMECertificate $ textEncodedORAddress $ secretary $ labeledURI $ gidNumber $ memberUid ))", "( 1.2.840.113556.1.6.23.2 NAME 'msPrint-ConnectionPolicy' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.3.11 NAME 'crossRef' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.6.13.4.9 NAME 'msDFSR-Member' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.3.59 NAME 'displayTemplate' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.3.13 NAME 'classSchema' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.200 NAME 'msWMI-PolicyTemplate' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.165 NAME 'mSMQSettings' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.3.6.1.1.1.2.5 NAME 'oncRpc' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.126 NAME 'serviceConnectionPoint' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.4 NAME 'builtinDomain' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ) MAY (creationTime $ forceLogoff $ lockoutDuration $ lockOutObservationWindow $ lockoutThreshold $ maxPwdAge $ minPwdAge $ minPwdLength $ modifiedCountAtLastProm $ nextRid $ pwdProperties $ pwdHistoryLength $ objectSid $ oEMInformation $ serverState $ uASCompat $ serverRole $ domainReplica $ modifiedCount ))", "( 1.2.840.113556.1.5.241 NAME 'msDS-AppData' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.73 NAME 'rpcServerElement' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.150 NAME 'rRASAdministrationConnectionPoint' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.191 NAME 'aCSResourceLimits' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 2.5.6.3 NAME 'locality' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.3.6.1.1.1.2.6 NAME 'ipHost')", "( 1.2.840.113556.1.5.275 NAME 'msTPM-InformationObject' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.289 NAME 'msDS-DeviceContainer' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.4.2129 NAME 'msDNS-ServerSettings' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.76 NAME 'foreignSecurityPrincipal' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.44 NAME 'classStore' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 0.9.2342.19200300.100.4.5 NAME 'account' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.26 NAME 'rpcProfileElement' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.215 NAME 'msWMI-WMIGPO' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.243 NAME 'msDS-QuotaControl' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.256 NAME 'msDS-PasswordSettingsContainer' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.187 NAME 'mS-SQL-SQLPublication' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.9 NAME 'user' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ) MUST (objectSid $ sAMAccountName ) MAY (info $ garbageCollPeriod $ msExchAssistantName $ msExchLabeledURI $ securityIdentifier $ supplementalCredentials $ rid $ sAMAccountType $ sIDHistory $ showInAddressBook $ userCert $ legacyExchangeDN $ altSecurityIdentities $ tokenGroups $ tokenGroupsNoGCAcceptable $ accountNameHistory $ tokenGroupsGlobalAndUniversal $ msDS-KeyVersionNumber $ unixUserPassword $ msDS-GeoCoordinatesAltitude $ msDS-GeoCoordinatesLatitude $ msDS-GeoCoordinatesLongitude $ msDS-cloudExtensionAttribute1 $ msDS-cloudExtensionAttribute2 $ msDS-cloudExtensionAttribute3 $ msDS-cloudExtensionAttribute4 $ msDS-cloudExtensionAttribute5 $ msDS-cloudExtensionAttribute6 $ msDS-cloudExtensionAttribute7 $ msDS-cloudExtensionAttribute8 $ msDS-cloudExtensionAttribute9 $ msDS-cloudExtensionAttribute10 $ msDS-cloudExtensionAttribute11 $ msDS-cloudExtensionAttribute12 $ msDS-cloudExtensionAttribute13 $ msDS-cloudExtensionAttribute14 $ msDS-cloudExtensionAttribute15 $ msDS-cloudExtensionAttribute16 $ msDS-cloudExtensionAttribute17 $ msDS-cloudExtensionAttribute18 $ msDS-cloudExtensionAttribute19 $ msDS-cloudExtensionAttribute20 $ textEncodedORAddress $ uidNumber $ gidNumber $ gecos $ unixHomeDirectory $ loginShell $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag ))", "( 1.2.840.113556.1.5.259 NAME 'msDFS-Linkv2' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.141 NAME 'interSiteTransport' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.6.13.4.4 NAME 'msDFSR-GlobalSettings' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.29 NAME 'serviceClass' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.189 NAME 'mS-SQL-OLAPDatabase' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 2.5.6.16 NAME 'certificationAuthority' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.104 NAME 'meeting' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.287 NAME 'msDS-DeviceRegistrationServiceContainer' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.71 NAME 'nTDSConnection' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.291 NAME 'msDS-AuthNPolicySilos' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.218 NAME 'msMQ-Custom-Recipient' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.72 NAME 'nTDSService' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.3.9 NAME 'dMD' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.280 NAME 'msDS-ClaimsTransformationPolicyType' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 0.9.2342.19200300.100.4.14 NAME 'rFC822LocalPart' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.190 NAME 'mS-SQL-OLAPCube' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.208 NAME 'msWMI-UintSetParam' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.3.6.1.1.1.2.2 NAME 'posixGroup')", "( 2.5.6.17 NAME 'groupOfUniqueNames' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.252 NAME 'ms-net-ieee-8023-GroupPolicy' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.119 NAME 'ipsecNegotiationPolicy' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.292 NAME 'msDS-AuthNPolicySilo' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.121 NAME 'ipsecNFA' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.42 NAME 'dfsConfiguration' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.271 NAME 'msDS-ResourceProperties' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.91 NAME 'linkTrackObjectMoveTable' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.136 NAME 'rpcContainer' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.83 NAME 'rIDManager' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.206 NAME 'msWMI-IntSetParam' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.6.13.4.5 NAME 'msDFSR-ReplicationGroup' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.125 NAME 'addressBookContainer' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.7000.49 NAME 'applicationSettings')", "( 1.2.840.113556.1.5.265 NAME 'msDS-OptionalFeature' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.94 NAME 'serviceAdministrationPoint' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.102 NAME 'nTFRSReplicaSet' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.203 NAME 'msWMI-RangeParam' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.7000.56 NAME 'ipsecBase')", "( 1.2.840.113556.1.6.13.4.3 NAME 'msDFSR-Subscription' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.223 NAME 'msPKI-PrivateKeyRecoveryAgent' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.178 NAME 'pKIEnrollmentService' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.6.18.2.211 NAME 'msSFU30MailAliases' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.53 NAME 'typeLibrary' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.6.13.4.8 NAME 'msDFSR-Topology' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.237 NAME 'msDS-AzScope' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.74 NAME 'categoryRegistration' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.11 NAME 'comConnectionPoint' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.93 NAME 'linkTrackOMTEntry' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.10 NAME 'classRegistration' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.148 NAME 'siteLinkBridge' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.81 NAME 'rpcServer' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.3.46 NAME 'mailRecipient')", "( 1.2.840.113556.1.5.1 NAME 'securityObject')", "( 1.2.840.113556.1.5.20 NAME 'leaf')", "( 1.2.840.113556.1.5.151 NAME 'intellimirrorSCP' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.6.13.4.1 NAME 'msDFSR-LocalSettings' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.186 NAME 'mS-SQL-SQLRepository' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 2.5.6.8 NAME 'organizationalRole' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 2.5.20.1 NAME 'subSchema' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.284 NAME 'msDS-DeviceRegistrationService' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.84 NAME 'displaySpecifier' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.212 NAME 'msWMI-ShadowObject' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.59 NAME 'fileLinkTrackingEntry' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.4.2161 NAME 'msAuthz-CentralAccessPolicies' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.161 NAME 'mSMQQueue' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.193 NAME 'msCOM-Partition' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.118 NAME 'ipsecFilter' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 2.5.6.2 NAME 'country' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.97 NAME 'physicalLocation' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.3.30 NAME 'computer' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ) MUST (objectSid $ sAMAccountName ) MAY (info $ garbageCollPeriod $ msExchAssistantName $ msExchLabeledURI $ securityIdentifier $ supplementalCredentials $ rid $ sAMAccountType $ sIDHistory $ showInAddressBook $ userCert $ legacyExchangeDN $ altSecurityIdentities $ tokenGroups $ tokenGroupsNoGCAcceptable $ accountNameHistory $ tokenGroupsGlobalAndUniversal $ msDS-KeyVersionNumber $ unixUserPassword $ msDS-GeoCoordinatesAltitude $ msDS-GeoCoordinatesLatitude $ msDS-GeoCoordinatesLongitude $ msDS-cloudExtensionAttribute1 $ msDS-cloudExtensionAttribute2 $ msDS-cloudExtensionAttribute3 $ msDS-cloudExtensionAttribute4 $ msDS-cloudExtensionAttribute5 $ msDS-cloudExtensionAttribute6 $ msDS-cloudExtensionAttribute7 $ msDS-cloudExtensionAttribute8 $ msDS-cloudExtensionAttribute9 $ msDS-cloudExtensionAttribute10 $ msDS-cloudExtensionAttribute11 $ msDS-cloudExtensionAttribute12 $ msDS-cloudExtensionAttribute13 $ msDS-cloudExtensionAttribute14 $ msDS-cloudExtensionAttribute15 $ msDS-cloudExtensionAttribute16 $ msDS-cloudExtensionAttribute17 $ msDS-cloudExtensionAttribute18 $ msDS-cloudExtensionAttribute19 $ msDS-cloudExtensionAttribute20 $ textEncodedORAddress $ uidNumber $ gidNumber $ gecos $ unixHomeDirectory $ loginShell $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipHostNumber ))", "( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.153 NAME 'nTFRSMember' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 2.5.6.12 NAME 'applicationEntity' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 2.5.6.11 NAME 'applicationProcess' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.279 NAME 'msDS-ValueType' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.204 NAME 'msWMI-UnknownRangeParam' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.66 NAME 'domain')", "( 2.5.6.13 NAME 'dSA' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))", "( 1.2.840.113556.1.5.120 NAME 'ipsecISAKMPPolicy' AUX ( mailRecipient $ posixGroup $ ipHost $ samDomain $ dynamicObject $ shadowAccount $ domainRelatedObject $ ieee802Device $ posixAccount $ bootableDevice $ simpleSecurityObject $ securityPrincipal $ msDS-CloudExtensions $ samDomainBase ))" ], "dSCorePropagationData": [ "16010101000000.0Z" ], "distinguishedName": [ "CN=Aggregate,CN=Schema,CN=Configuration,DC=FOREST,DC=LAB" ], "instanceType": [ "4" ], "modifyTimeStamp": [ "20141006121949.0Z" ], "name": [ "Aggregate" ], "objectCategory": [ "CN=SubSchema,CN=Schema,CN=Configuration,DC=FOREST,DC=LAB" ], "objectClass": [ "top", "subSchema" ], "objectClasses": [ "( 1.2.840.113556.1.6.13.4.6 NAME 'msDFSR-Content' SUP top STRUCTURAL MAY (msDFSR-Extension $ msDFSR-Flags $ msDFSR-Options $ msDFSR-Options2 ) )", "( 2.5.6.14 NAME 'device' SUP top STRUCTURAL MUST (cn ) MAY (serialNumber $ l $ o $ ou $ owner $ seeAlso $ msSFU30Name $ msSFU30Aliases $ msSFU30NisDomain $ nisMapName ) )", "( 1.2.840.113556.1.5.205 NAME 'msWMI-IntRangeParam' SUP msWMI-RangeParam STRUCTURAL MUST (msWMI-IntDefault ) MAY (msWMI-IntMax $ msWMI-IntMin ) )", "( 1.2.840.113556.1.5.5 NAME 'samServer' SUP securityObject STRUCTURAL MAY (samDomainUpdates ) )", "( 1.2.840.113556.1.5.196 NAME 'msPKI-Enterprise-Oid' SUP top STRUCTURAL MAY (msPKI-Cert-Template-OID $ msPKI-OID-Attribute $ msPKI-OID-CPS $ msPKI-OID-User-Notice $ msPKI-OIDLocalizedName $ msDS-OIDToGroupLink ) )", "( 1.2.840.113556.1.5.7000.53 NAME 'crossRefContainer' SUP top STRUCTURAL MAY (uPNSuffixes $ msDS-Behavior-Version $ msDS-SPNSuffixes $ msDS-UpdateScript $ msDS-ExecuteScriptPassword $ msDS-EnabledFeature ) )", "( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' SUP top STRUCTURAL MUST (cn $ ipNetworkNumber ) MAY (l $ description $ uid $ manager $ msSFU30Name $ msSFU30Aliases $ msSFU30NisDomain $ ipNetmaskNumber $ nisMapName ) )", "( 2.5.6.5 NAME 'organizationalUnit' SUP top STRUCTURAL MUST (ou ) MAY (c $ l $ st $ street $ searchGuide $ businessCategory $ postalAddress $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ telephoneNumber $ telexNumber $ teletexTerminalIdentifier $ facsimileTelephoneNumber $ x121Address $ internationalISDNNumber $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ seeAlso $ userPassword $ co $ countryCode $ desktopProfile $ defaultGroup $ managedBy $ uPNSuffixes $ gPLink $ gPOptions $ msCOM-UserPartitionSetLink $ thumbnailLogo ) )", "( 1.2.840.113556.1.5.152 NAME 'intellimirrorGroup' SUP top STRUCTURAL )", "( 1.2.840.113556.1.5.253 NAME 'msFVE-RecoveryInformation' SUP top STRUCTURAL MUST (msFVE-RecoveryPassword $ msFVE-RecoveryGuid ) MAY (msFVE-VolumeGuid $ msFVE-KeyPackage ) )", "( 1.2.840.113556.1.5.262 NAME 'msImaging-PSPs' SUP container STRUCTURAL )", "( 1.2.840.113556.1.5.251 NAME 'ms-net-ieee-80211-GroupPolicy' SUP top STRUCTURAL MAY (ms-net-ieee-80211-GP-PolicyGUID $ ms-net-ieee-80211-GP-PolicyData $ ms-net-ieee-80211-GP-PolicyReserved ) )", "( 1.2.840.113556.1.5.138 NAME 'aCSSubnet' SUP top STRUCTURAL MAY (aCSMaxTokenRatePerFlow $ aCSMaxPeakBandwidthPerFlow $ aCSMaxDurationPerFlow $ aCSAllocableRSVPBandwidth $ aCSMaxPeakBandwidth $ aCSEnableRSVPMessageLogging $ aCSEventLogLevel $ aCSEnableACSService $ aCSRSVPLogFilesLocation $ aCSMaxNoOfLogFiles $ aCSMaxSizeOfRSVPLogFile $ aCSDSBMPriority $ aCSDSBMRefresh $ aCSDSBMDeadTime $ aCSCacheTimeout $ aCSNonReservedTxLimit $ aCSNonReservedTxSize $ aCSEnableRSVPAccounting $ aCSRSVPAccountFilesLocation $ aCSMaxNoOfAccountFiles $ aCSMaxSizeOfRSVPAccountFile $ aCSServerList $ aCSNonReservedPeakRate $ aCSNonReservedTokenSize $ aCSNonReservedMaxSDUSize $ aCSNonReservedMinPolicedSize ) )", "( 1.2.840.113556.1.5.43 NAME 'fTDfs' SUP top STRUCTURAL MUST (remoteServerName $ pKTGuid $ pKT ) MAY (keywords $ uNCName $ managedBy ) )", "( 1.2.840.113556.1.5.27 NAME 'rpcEntry' SUP connectionPoint ABSTRACT )", "( 1.2.840.113556.1.5.85 NAME 'dnsZone' SUP top STRUCTURAL MUST (dc ) MAY (dnsAllowDynamic $ dnsAllowXFR $ dnsSecureSecondaries $ dnsNotifySecondaries $ managedBy $ dNSProperty $ msDNS-IsSigned $ msDNS-SignWithNSEC3 $ msDNS-NSEC3OptOut $ msDNS-MaintainTrustAnchor $ msDNS-DSRecordAlgorithms $ msDNS-RFC5011KeyRollovers $ msDNS-NSEC3HashAlgorithm $ msDNS-NSEC3RandomSaltLength $ msDNS-NSEC3Iterations $ msDNS-DNSKEYRecordSetTTL $ msDNS-DSRecordSetTTL $ msDNS-SignatureInceptionOffset $ msDNS-SecureDelegationPollingPeriod $ msDNS-SigningKeyDescriptors $ msDNS-SigningKeys $ msDNS-DNSKEYRecords $ msDNS-ParentHasSecureDelegation $ msDNS-PropagationTime $ msDNS-NSEC3UserSalt $ msDNS-NSEC3CurrentSalt ) )", "( 1.2.840.113556.1.4.2163 NAME 'msAuthz-CentralAccessRule' SUP top STRUCTURAL MAY (Enabled $ msAuthz-EffectiveSecurityPolicy $ msAuthz-ProposedSecurityPolicy $ msAuthz-LastEffectiveSecurityPolicy $ msAuthz-ResourceCondition $ msAuthz-MemberRulesInCentralAccessPolicyBL ) )", "( 1.2.840.113556.1.5.194 NAME 'msCOM-PartitionSet' SUP top STRUCTURAL MAY (msCOM-PartitionLink $ msCOM-DefaultPartitionLink $ msCOM-ObjectId ) )", "( 1.2.840.113556.1.5.242 NAME 'msDS-QuotaContainer' SUP top STRUCTURAL MUST (cn ) MAY (msDS-DefaultQuota $ msDS-TombstoneQuotaFactor $ msDS-QuotaEffective $ msDS-QuotaUsed $ msDS-TopQuotaUsage ) )", "( 1.2.840.113556.1.5.281 NAME 'msDS-ClaimsTransformationPolicies' SUP top STRUCTURAL )", "( 1.2.840.113556.1.5.146 NAME 'remoteStorageServicePoint' SUP serviceAdministrationPoint STRUCTURAL MAY (remoteStorageGUID ) )", "( 1.2.840.113556.1.5.2 NAME 'samDomainBase' SUP top AUXILIARY MAY (nTSecurityDescriptor $ creationTime $ forceLogoff $ lockoutDuration $ lockOutObservationWindow $ lockoutThreshold $ maxPwdAge $ minPwdAge $ minPwdLength $ modifiedCountAtLastProm $ nextRid $ pwdProperties $ pwdHistoryLength $ revision $ objectSid $ oEMInformation $ serverState $ uASCompat $ serverRole $ domainReplica $ modifiedCount ) )", "( 1.2.840.113556.1.5.132 NAME 'dHCPClass' SUP top STRUCTURAL MUST (dhcpUniqueKey $ dhcpType $ dhcpFlags $ dhcpIdentification ) MAY (networkAddress $ dhcpObjName $ dhcpObjDescription $ dhcpServers $ dhcpSubnets $ dhcpMask $ dhcpRanges $ dhcpSites $ dhcpReservations $ superScopes $ superScopeDescription $ optionDescription $ optionsLocation $ dhcpOptions $ dhcpClasses $ mscopeId $ dhcpState $ dhcpProperties $ dhcpMaxKey $ dhcpUpdateTime ) )", "( 1.2.840.113556.1.5.283 NAME 'msDS-CloudExtensions' SUP top AUXILIARY MAY (msDS-cloudExtensionAttribute1 $ msDS-cloudExtensionAttribute2 $ msDS-cloudExtensionAttribute3 $ msDS-cloudExtensionAttribute4 $ msDS-cloudExtensionAttribute5 $ msDS-cloudExtensionAttribute6 $ msDS-cloudExtensionAttribute7 $ msDS-cloudExtensionAttribute8 $ msDS-cloudExtensionAttribute9 $ msDS-cloudExtensionAttribute10 $ msDS-cloudExtensionAttribute11 $ msDS-cloudExtensionAttribute12 $ msDS-cloudExtensionAttribute13 $ msDS-cloudExtensionAttribute14 $ msDS-cloudExtensionAttribute15 $ msDS-cloudExtensionAttribute16 $ msDS-cloudExtensionAttribute17 $ msDS-cloudExtensionAttribute18 $ msDS-cloudExtensionAttribute19 $ msDS-cloudExtensionAttribute20 ) )", "( 1.2.840.113556.1.5.89 NAME 'nTFRSSettings' SUP applicationSettings STRUCTURAL MAY (fRSExtensions $ managedBy ) )", "( 1.2.840.113556.1.5.24 NAME 'remoteMailRecipient' SUP top STRUCTURAL MAY (remoteSource $ remoteSourceType $ managedBy ) )", "( 1.2.840.113556.1.5.221 NAME 'msTAPI-RtConference' SUP top STRUCTURAL MUST (msTAPI-uid ) MAY (msTAPI-ProtocolId $ msTAPI-ConferenceBlob ) )", "( 1.2.840.113556.1.5.201 NAME 'msWMI-SimplePolicyTemplate' SUP msWMI-PolicyTemplate STRUCTURAL MUST (msWMI-TargetObject ) )", "( 1.2.840.113556.1.6.18.2.212 NAME 'msSFU30NetId' SUP top STRUCTURAL MAY (msSFU30Name $ msSFU30KeyValues $ msSFU30NisDomain $ nisMapName ) )", "( 1.2.840.113556.1.5.49 NAME 'packageRegistration' SUP top STRUCTURAL MAY (msiScriptPath $ cOMClassID $ cOMInterfaceID $ cOMProgID $ localeID $ machineArchitecture $ iconPath $ cOMTypelibId $ vendor $ packageType $ setupCommand $ packageName $ packageFlags $ versionNumberHi $ versionNumberLo $ lastUpdateSequence $ managedBy $ msiFileList $ categories $ upgradeProductCode $ msiScript $ canUpgradeScript $ fileExtPriority $ productCode $ msiScriptName $ msiScriptSize $ installUiLevel ) )", "( 1.2.840.113556.1.5.139 NAME 'lostAndFound' SUP top STRUCTURAL MAY (moveTreeState ) )", "( 1.2.840.113556.1.5.14 NAME 'connectionPoint' SUP leaf ABSTRACT MUST (cn ) MAY (keywords $ managedBy $ msDS-Settings ) )", "( 1.2.840.113556.1.5.6 NAME 'securityPrincipal' SUP top AUXILIARY MUST (objectSid $ sAMAccountName ) MAY (nTSecurityDescriptor $ securityIdentifier $ supplementalCredentials $ rid $ sAMAccountType $ sIDHistory $ altSecurityIdentities $ tokenGroups $ tokenGroupsNoGCAcceptable $ accountNameHistory $ tokenGroupsGlobalAndUniversal $ msDS-KeyVersionNumber ) )", "( 1.2.840.113556.1.5.147 NAME 'siteLink' SUP top STRUCTURAL MUST (siteList ) MAY (cost $ schedule $ options $ replInterval ) )", "( 1.2.840.113556.1.5.255 NAME 'msDS-PasswordSettings' SUP top STRUCTURAL MUST (msDS-MaximumPasswordAge $ msDS-MinimumPasswordAge $ msDS-MinimumPasswordLength $ msDS-PasswordHistoryLength $ msDS-PasswordComplexityEnabled $ msDS-PasswordReversibleEncryptionEnabled $ msDS-LockoutObservationWindow $ msDS-LockoutDuration $ msDS-LockoutThreshold $ msDS-PasswordSettingsPrecedence ) MAY (msDS-PSOAppliesTo ) )", "( 1.2.840.113556.1.4.2162 NAME 'msAuthz-CentralAccessRules' SUP top STRUCTURAL )", "( 1.2.840.113556.1.5.30 NAME 'serviceInstance' SUP connectionPoint STRUCTURAL MUST (displayName $ serviceClassID ) MAY (winsockAddresses $ serviceInstanceVersion ) )", "( 1.2.840.113556.1.5.156 NAME 'rRASAdministrationDictionary' SUP top STRUCTURAL MAY (msRRASVendorAttributeEntry ) )", "( 1.2.840.113556.1.4.2164 NAME 'msAuthz-CentralAccessPolicy' SUP top STRUCTURAL MAY (msAuthz-CentralAccessPolicyID $ msAuthz-MemberRulesInCentralAccessPolicy ) )", "( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' SUP user STRUCTURAL MAY (o $ businessCategory $ userCertificate $ givenName $ initials $ x500uniqueIdentifier $ displayName $ employeeNumber $ employeeType $ homePostalAddress $ userSMIMECertificate $ uid $ mail $ roomNumber $ photo $ manager $ homePhone $ secretary $ mobile $ pager $ audio $ jpegPhoto $ carLicense $ departmentNumber $ preferredLanguage $ userPKCS12 $ labeledURI ) )", "( 1.2.840.113556.1.5.52 NAME 'fileLinkTracking' SUP top STRUCTURAL )", "( 1.2.840.113556.1.5.18 NAME 'domainPolicy' SUP leaf STRUCTURAL MAY (authenticationOptions $ forceLogoff $ defaultLocalPolicyObject $ lockoutDuration $ lockOutObservationWindow $ lockoutThreshold $ maxPwdAge $ maxRenewAge $ maxTicketAge $ minPwdAge $ minPwdLength $ minTicketAge $ pwdProperties $ pwdHistoryLength $ proxyLifetime $ eFSPolicy $ publicKeyPolicy $ domainWidePolicy $ domainPolicyReference $ qualityOfService $ ipsecPolicyReference $ managedBy $ domainCAs ) )", "( 1.2.840.113556.1.6.18.2.216 NAME 'msSFU30NetworkUser' SUP top STRUCTURAL MAY (msSFU30Name $ msSFU30KeyValues $ msSFU30NisDomain $ nisMapName ) )", "( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' SUP top AUXILIARY MAY (userPassword ) )", "( 1.2.840.113556.1.5.177 NAME 'pKICertificateTemplate' SUP top STRUCTURAL MAY (displayName $ flags $ pKIDefaultKeySpec $ pKIKeyUsage $ pKIMaxIssuingDepth $ pKICriticalExtensions $ pKIExpirationPeriod $ pKIOverlapPeriod $ pKIExtendedKeyUsage $ pKIDefaultCSPs $ pKIEnrollmentAccess $ msPKI-RA-Signature $ msPKI-Enrollment-Flag $ msPKI-Private-Key-Flag $ msPKI-Certificate-Name-Flag $ msPKI-Minimal-Key-Size $ msPKI-Template-Schema-Version $ msPKI-Template-Minor-Revision $ msPKI-Cert-Template-OID $ msPKI-Supersede-Templates $ msPKI-RA-Policies $ msPKI-Certificate-Policy $ msPKI-Certificate-Application-Policy $ msPKI-RA-Application-Policies ) )", "( 1.2.840.113556.1.5.293 NAME 'msDS-AuthNPolicies' SUP top STRUCTURAL )", "( 1.2.840.113556.1.6.13.4.2 NAME 'msDFSR-Subscriber' SUP top STRUCTURAL MUST (msDFSR-ReplicationGroupGuid $ msDFSR-MemberReference ) MAY (msDFSR-Extension $ msDFSR-Flags $ msDFSR-Options $ msDFSR-Options2 ) )", "( 1.2.840.113556.1.5.31 NAME 'site' SUP top STRUCTURAL MAY (location $ notificationList $ managedBy $ gPLink $ gPOptions $ mSMQSiteID $ mSMQNt4Stub $ mSMQSiteForeign $ mSMQInterval1 $ mSMQInterval2 $ msDS-BridgeHeadServersUsed ) )", "( 1.2.840.113556.1.5.222 NAME 'msTAPI-RtPerson' SUP top STRUCTURAL MAY (msTAPI-uid $ msTAPI-IpAddress ) )", "( 1.2.840.113556.1.5.68 NAME 'applicationSiteSettings' SUP top ABSTRACT MAY (applicationName $ notificationList ) )", "( 1.2.840.113556.1.3.14 NAME 'attributeSchema' SUP top STRUCTURAL MUST (cn $ attributeID $ attributeSyntax $ isSingleValued $ oMSyntax $ lDAPDisplayName $ schemaIDGUID ) MAY (rangeLower $ rangeUpper $ mAPIID $ linkID $ oMObjectClass $ searchFlags $ extendedCharsAllowed $ schemaFlagsEx $ attributeSecurityGUID $ systemOnly $ classDisplayName $ isMemberOfPartialAttributeSet $ isDefunct $ isEphemeral $ msDs-Schema-Extensions $ msDS-IntId ) )", "( 1.2.840.113556.1.5.267 NAME 'msSPP-ActivationObject' SUP top STRUCTURAL MUST (msSPP-CSVLKSkuId $ msSPP-KMSIds $ msSPP-CSVLKPid $ msSPP-CSVLKPartialProductKey ) MAY (msSPP-InstallationId $ msSPP-ConfirmationId $ msSPP-OnlineLicense $ msSPP-PhoneLicense $ msSPP-ConfigLicense $ msSPP-IssuanceLicense ) )", "( 1.2.840.113556.1.5.220 NAME 'msDS-App-Configuration' SUP applicationSettings STRUCTURAL MAY (owner $ keywords $ managedBy $ msDS-ByteArray $ msDS-DateTime $ msDS-Integer $ msDS-ObjectReference ) )", "( 1.2.840.113556.1.3.23 NAME 'container' SUP top STRUCTURAL MUST (cn ) MAY (schemaVersion $ defaultClassStore $ msDS-ObjectReference ) )", "( 1.2.840.113556.1.6.13.4.10 NAME 'msDFSR-Connection' SUP top STRUCTURAL MUST (fromServer ) MAY (msDFSR-Extension $ msDFSR-Enabled $ msDFSR-Schedule $ msDFSR-Keywords $ msDFSR-Flags $ msDFSR-Options $ msDFSR-RdcEnabled $ msDFSR-RdcMinFileSizeInKb $ msDFSR-Priority $ msDFSR-DisablePacketPrivacy $ msDFSR-Options2 ) )", "( 1.2.840.113556.1.5.207 NAME 'msWMI-UintRangeParam' SUP msWMI-RangeParam STRUCTURAL MUST (msWMI-IntDefault ) MAY (msWMI-IntMax $ msWMI-IntMin ) )", "( 1.2.840.113556.1.5.23 NAME 'printQueue' SUP connectionPoint STRUCTURAL MUST (uNCName $ versionNumber $ serverName $ printerName $ shortServerName ) MAY (location $ portName $ driverName $ printSeparatorFile $ priority $ defaultPriority $ printStartTime $ printEndTime $ printFormName $ printBinNames $ printMaxResolutionSupported $ printOrientationsSupported $ printMaxCopies $ printCollate $ printColor $ printLanguage $ printAttributes $ printShareName $ printOwner $ printNotify $ printStatus $ printSpooling $ printKeepPrintedJobs $ driverVersion $ printMaxXExtent $ printMaxYExtent $ printMinXExtent $ printMinYExtent $ printStaplingSupported $ printMemory $ assetNumber $ bytesPerMinute $ printRate $ printRateUnit $ printNetworkAddress $ printMACAddress $ printMediaReady $ printNumberUp $ printMediaSupported $ operatingSystem $ operatingSystemVersion $ operatingSystemServicePack $ operatingSystemHotfix $ physicalLocationObject $ printPagesPerMinute $ printDuplexSupported ) )", "( 1.2.840.113556.1.5.260 NAME 'msDFS-DeletedLinkv2' SUP top STRUCTURAL MUST (msDFS-NamespaceIdentityGUIDv2 $ msDFS-LastModifiedv2 $ msDFS-LinkPathv2 $ msDFS-LinkIdentityGUIDv2 ) MAY (msDFS-Commentv2 $ msDFS-ShortNameLinkPathv2 ) )", "( 1.2.840.113556.1.5.140 NAME 'interSiteTransportContainer' SUP top STRUCTURAL )", "( 1.2.840.113556.1.5.130 NAME 'indexServerCatalog' SUP connectionPoint STRUCTURAL MUST (creator ) MAY (uNCName $ queryPoint $ indexedScopes $ friendlyNames ) )", "( 1.2.840.113556.1.5.98 NAME 'ipsecPolicy' SUP ipsecBase STRUCTURAL MAY (ipsecISAKMPReference $ ipsecNFAReference ) )", "( 2.5.6.0 NAME 'top' ABSTRACT MUST (objectClass $ instanceType $ nTSecurityDescriptor $ objectCategory ) MAY (cn $ description $ distinguishedName $ whenCreated $ whenChanged $ subRefs $ displayName $ uSNCreated $ isDeleted $ dSASignature $ objectVersion $ repsTo $ repsFrom $ memberOf $ ownerBL $ uSNChanged $ uSNLastObjRem $ showInAdvancedViewOnly $ adminDisplayName $ proxyAddresses $ adminDescription $ extensionName $ uSNDSALastObjRemoved $ displayNamePrintable $ directReports $ wWWHomePage $ USNIntersite $ name $ objectGUID $ replPropertyMetaData $ replUpToDateVector $ flags $ revision $ wbemPath $ fSMORoleOwner $ systemFlags $ siteObjectBL $ serverReferenceBL $ nonSecurityMemberBL $ queryPolicyBL $ wellKnownObjects $ isPrivilegeHolder $ partialAttributeSet $ managedObjects $ partialAttributeDeletionList $ url $ lastKnownParent $ bridgeheadServerListBL $ netbootSCPBL $ isCriticalSystemObject $ frsComputerReferenceBL $ fRSMemberReferenceBL $ uSNSource $ fromEntry $ allowedChildClasses $ allowedChildClassesEffective $ allowedAttributes $ allowedAttributesEffective $ possibleInferiors $ canonicalName $ proxiedObjectName $ sDRightsEffective $ dSCorePropagationData $ otherWellKnownObjects $ mS-DS-ConsistencyGuid $ mS-DS-ConsistencyChildCount $ masteredBy $ msCOM-PartitionSetLink $ msCOM-UserLink $ msDS-Approx-Immed-Subordinates $ msDS-NCReplCursors $ msDS-NCReplInboundNeighbors $ msDS-NCReplOutboundNeighbors $ msDS-ReplAttributeMetaData $ msDS-ReplValueMetaData $ msDS-NonMembersBL $ msDS-MembersForAzRoleBL $ msDS-OperationsForAzTaskBL $ msDS-TasksForAzTaskBL $ msDS-OperationsForAzRoleBL $ msDS-TasksForAzRoleBL $ msDs-masteredBy $ msDS-ObjectReferenceBL $ msDS-PrincipalName $ msDS-RevealedDSAs $ msDS-KrbTgtLinkBl $ msDS-IsFullReplicaFor $ msDS-IsDomainFor $ msDS-IsPartialReplicaFor $ msDS-AuthenticatedToAccountlist $ msDS-NC-RO-Replica-Locations-BL $ msDS-RevealedListBL $ msDS-PSOApplied $ msDS-NcType $ msDS-OIDToGroupLinkBl $ msDS-HostServiceAccountBL $ isRecycled $ msDS-LocalEffectiveDeletionTime $ msDS-LocalEffectiveRecycleTime $ msDS-LastKnownRDN $ msDS-EnabledFeatureBL $ msDS-ClaimSharesPossibleValuesWithBL $ msDS-MembersOfResourcePropertyListBL $ msDS-IsPrimaryComputerFor $ msDS-ValueTypeReferenceBL $ msDS-TDOIngressBL $ msDS-TDOEgressBL $ msDS-parentdistname $ msDS-ReplValueMetaDataExt $ msds-memberOfTransitive $ msds-memberTransitive $ structuralObjectClass $ createTimeStamp $ modifyTimeStamp $ subSchemaSubEntry $ msSFU30PosixMemberOf $ msDFSR-MemberReferenceBL $ msDFSR-ComputerReferenceBL ) )", "( 1.2.840.113556.1.5.36 NAME 'volume' SUP connectionPoint STRUCTURAL MUST (uNCName ) MAY (contentIndexingAllowed $ lastContentIndexed ) )", "( 1.2.840.113556.1.5.236 NAME 'msDS-AzOperation' SUP top STRUCTURAL MUST (msDS-AzOperationID ) MAY (description $ msDS-AzApplicationData $ msDS-AzObjectGuid $ msDS-AzGenericData ) )", "( 2.5.6.9 NAME 'groupOfNames' SUP top STRUCTURAL MUST (cn $ member ) MAY (o $ ou $ businessCategory $ owner $ seeAlso ) )", "( 1.2.840.113556.1.5.12 NAME 'configuration' SUP top STRUCTURAL MUST (cn ) MAY (gPLink $ gPOptions $ msDS-USNLastSyncSuccess ) )", "( 1.2.840.113556.1.5.78 NAME 'licensingSiteSettings' SUP applicationSiteSettings STRUCTURAL MAY (siteServer ) )", "( 1.2.840.113556.1.5.69 NAME 'nTDSSiteSettings' SUP applicationSiteSettings STRUCTURAL MAY (schedule $ options $ queryPolicyObject $ managedBy $ interSiteTopologyGenerator $ interSiteTopologyRenew $ interSiteTopologyFailover $ msDS-Preferred-GC-Site ) )", "( 1.2.840.113556.1.5.269 NAME 'msDS-ClaimTypePropertyBase' SUP top ABSTRACT MAY (Enabled $ msDS-ClaimPossibleValues $ msDS-ClaimSharesPossibleValuesWith ) )", "( 1.2.840.113556.1.5.273 NAME 'msDS-ResourceProperty' SUP msDS-ClaimTypePropertyBase STRUCTURAL MUST (msDS-ValueTypeReference ) MAY (msDS-IsUsedAsResourceSecurityAttribute $ msDS-AppliesToResourceTypes ) )", "( 1.2.840.113556.1.5.239 NAME 'msDS-AzRole' SUP top STRUCTURAL MAY (description $ msDS-MembersForAzRole $ msDS-OperationsForAzRole $ msDS-TasksForAzRole $ msDS-AzApplicationData $ msDS-AzObjectGuid $ msDS-AzGenericData ) )", "( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' SUP top AUXILIARY MAY (cn $ bootParameter $ bootFile ) )", "( 1.2.840.113556.1.5.294 NAME 'msDS-AuthNPolicy' SUP top STRUCTURAL MAY (msDS-UserAllowedToAuthenticateTo $ msDS-UserAllowedToAuthenticateFrom $ msDS-UserTGTLifetime $ msDS-ComputerAllowedToAuthenticateTo $ msDS-ComputerTGTLifetime $ msDS-ServiceAllowedToAuthenticateTo $ msDS-ServiceAllowedToAuthenticateFrom $ msDS-ServiceTGTLifetime $ msDS-UserAuthNPolicyBL $ msDS-ComputerAuthNPolicyBL $ msDS-ServiceAuthNPolicyBL $ msDS-AssignedAuthNPolicyBL $ msDS-AuthNPolicyEnforced ) )", "( 1.2.840.113556.1.5.86 NAME 'dnsNode' SUP top STRUCTURAL MUST (dc ) MAY (dnsRecord $ dNSProperty $ dNSTombstoned ) )", "( 1.2.840.113556.1.5.210 NAME 'msWMI-StringSetParam' SUP msWMI-RangeParam STRUCTURAL MUST (msWMI-StringDefault ) MAY (msWMI-StringValidValues ) )", "( 1.2.840.113556.1.5.264 NAME 'msDS-ManagedServiceAccount' SUP computer STRUCTURAL )", "( 1.2.840.113556.1.5.15 NAME 'contact' SUP organizationalPerson STRUCTURAL MUST (cn ) MAY (notes $ msDS-SourceObjectDN ) )", "( 1.3.6.1.1.1.2.0 NAME 'posixAccount' SUP top AUXILIARY MAY (cn $ description $ userPassword $ homeDirectory $ unixUserPassword $ uid $ uidNumber $ gidNumber $ gecos $ unixHomeDirectory $ loginShell ) )", "( 1.2.840.113556.1.5.266 NAME 'msSPP-ActivationObjectsContainer' SUP top STRUCTURAL )", "( 1.2.840.113556.1.5.217 NAME 'msWMI-ObjectEncoding' SUP top STRUCTURAL MUST (msWMI-ID $ msWMI-TargetObject $ msWMI-Class $ msWMI-Genus $ msWMI-intFlags1 $ msWMI-intFlags2 $ msWMI-intFlags3 $ msWMI-intFlags4 $ msWMI-Parm1 $ msWMI-Parm2 $ msWMI-Parm3 $ msWMI-Parm4 $ msWMI-ScopeGuid ) )", "( 1.2.840.113556.1.5.33 NAME 'storage' SUP connectionPoint STRUCTURAL MAY (moniker $ monikerDisplayName $ iconPath ) )", "( 1.2.840.113556.1.5.67 NAME 'domainDNS' SUP domain STRUCTURAL MAY (managedBy $ msDS-Behavior-Version $ msDS-AllowedDNSSuffixes $ msDS-USNLastSyncSuccess $ msDS-EnabledFeature ) )", "( 1.2.840.113556.1.5.92 NAME 'linkTrackVolEntry' SUP leaf STRUCTURAL MAY (linkTrackSecret $ volTableIdxGUID $ volTableGUID $ currMachineId $ timeVolChange $ timeRefresh $ seqNotification $ objectCount ) )", "( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' SUP top AUXILIARY MAY (cn $ macAddress ) )", "( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' SUP top AUXILIARY MAY (associatedDomain ) )", "( 1.2.840.113556.1.5.235 NAME 'msDS-AzApplication' SUP top STRUCTURAL MAY (description $ msDS-AzApplicationName $ msDS-AzGenerateAudits $ msDS-AzClassId $ msDS-AzApplicationVersion $ msDS-AzApplicationData $ msDS-AzObjectGuid $ msDS-AzGenericData ) )", "( 1.2.840.113556.1.5.107 NAME 'sitesContainer' SUP top STRUCTURAL )", "( 1.2.840.113556.1.5.263 NAME 'msImaging-PostScanProcess' SUP top STRUCTURAL MUST (displayName $ msImaging-PSPIdentifier ) MAY (serverName $ msImaging-PSPString ) )", "( 1.2.840.113556.1.5.240 NAME 'msieee80211-Policy' SUP top STRUCTURAL MAY (msieee80211-Data $ msieee80211-DataType $ msieee80211-ID ) )", "( 1.2.840.113556.1.5.95 NAME 'subnetContainer' SUP top STRUCTURAL )", "( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top STRUCTURAL MAY (cn $ l $ o $ ou $ description $ seeAlso $ documentIdentifier $ documentTitle $ documentVersion $ documentAuthor $ documentLocation $ documentPublisher ) )", "( 2.5.6.6 NAME 'person' SUP top STRUCTURAL MUST (cn ) MAY (sn $ serialNumber $ telephoneNumber $ seeAlso $ userPassword $ attributeCertificateAttribute ) )", "( 1.2.840.113556.1.5.274 NAME 'msDS-ResourcePropertyList' SUP top STRUCTURAL MAY (msDS-MembersOfResourcePropertyList ) )", "( 1.2.840.113556.1.5.270 NAME 'msDS-ClaimTypes' SUP top STRUCTURAL )", "( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' SUP top AUXILIARY MAY (description $ userPassword $ uid $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag ) )", "( 1.2.840.113556.1.5.179 NAME 'mSMQMigratedUser' SUP top STRUCTURAL MAY (objectSid $ mSMQSignCertificates $ mSMQDigests $ mSMQDigestsMig $ mSMQSignCertificatesMig $ mSMQUserSid ) )", "( 1.2.840.113556.1.5.185 NAME 'mS-SQL-OLAPServer' SUP serviceConnectionPoint STRUCTURAL MAY (mS-SQL-Name $ mS-SQL-RegisteredOwner $ mS-SQL-Contact $ mS-SQL-Build $ mS-SQL-ServiceAccount $ mS-SQL-Status $ mS-SQL-InformationURL $ mS-SQL-PublicationURL $ mS-SQL-Version $ mS-SQL-Language $ mS-SQL-Keywords ) )", "( 1.3.6.1.4.1.1466.101.119.2 NAME 'dynamicObject' SUP top AUXILIARY MAY (msDS-Entry-Time-To-Die $ entryTTL ) )", "( 1.2.840.113556.1.5.155 NAME 'nTFRSSubscriber' SUP top STRUCTURAL MUST (fRSRootPath $ fRSStagingPath ) MAY (schedule $ fRSUpdateTimeout $ fRSFaultCondition $ fRSServiceCommand $ fRSExtensions $ fRSFlags $ fRSMemberReference $ fRSServiceCommandStatus $ fRSTimeLastCommand $ fRSTimeLastConfigChange ) )", "( 1.2.840.113556.1.5.129 NAME 'rIDSet' SUP top STRUCTURAL MUST (rIDAllocationPool $ rIDPreviousAllocationPool $ rIDUsedPool $ rIDNextRID ) )", "( 1.2.840.113556.1.3.58 NAME 'addressTemplate' SUP displayTemplate STRUCTURAL MUST (displayName ) MAY (addressSyntax $ perMsgDialogDisplayTable $ perRecipDialogDisplayTable $ addressType $ proxyGenerationEnabled ) )", "( 1.2.840.113556.1.5.154 NAME 'nTFRSSubscriptions' SUP top STRUCTURAL MAY (fRSWorkingPath $ fRSExtensions $ fRSVersion ) )", "( 1.2.840.113556.1.5.7000.47 NAME 'nTDSDSA' SUP applicationSettings STRUCTURAL MAY (hasMasterNCs $ hasPartialReplicaNCs $ dMDLocation $ invocationId $ networkAddress $ options $ fRSRootPath $ serverReference $ lastBackupRestorationTime $ queryPolicyObject $ managedBy $ retiredReplDSASignatures $ msDS-Behavior-Version $ msDS-HasInstantiatedNCs $ msDS-ReplicationEpoch $ msDS-HasDomainNCs $ msDS-RetiredReplNCSignatures $ msDS-hasMasterNCs $ msDS-RevealedUsers $ msDS-hasFullReplicaNCs $ msDS-NeverRevealGroup $ msDS-RevealOnDemandGroup $ msDS-isGC $ msDS-isRODC $ msDS-SiteName $ msDS-IsUserCachableAtRodc $ msDS-EnabledFeature ) )", "( 1.2.840.113556.1.5.175 NAME 'infrastructureUpdate' SUP top STRUCTURAL MAY (dNReferenceUpdate ) )", "( 1.2.840.113556.1.6.18.2.215 NAME 'msSFU30DomainInfo' SUP top STRUCTURAL MAY (msSFU30SearchContainer $ msSFU30MasterServerName $ msSFU30OrderNumber $ msSFU30Domains $ msSFU30YpServers $ msSFU30MaxGidNumber $ msSFU30MaxUidNumber $ msSFU30IsValidContainer $ msSFU30CryptMethod ) )", "( 1.2.840.113556.1.5.213 NAME 'msWMI-Som' SUP top STRUCTURAL MUST (msWMI-ID $ msWMI-Name ) MAY (msWMI-Author $ msWMI-ChangeDate $ msWMI-CreationDate $ msWMI-SourceOrganization $ msWMI-intFlags1 $ msWMI-intFlags2 $ msWMI-intFlags3 $ msWMI-intFlags4 $ msWMI-Parm1 $ msWMI-Parm2 $ msWMI-Parm3 $ msWMI-Parm4 ) )", "( 1.2.840.113556.1.5.82 NAME 'rpcProfile' SUP rpcEntry STRUCTURAL )", "( 1.2.840.113556.1.5.164 NAME 'mSMQSiteLink' SUP top STRUCTURAL MUST (mSMQSite1 $ mSMQSite2 $ mSMQCost ) MAY (mSMQSiteGates $ mSMQSiteGatesMig ) )", "( 1.2.840.113556.1.5.184 NAME 'mS-SQL-SQLServer' SUP serviceConnectionPoint STRUCTURAL MAY (mS-SQL-Name $ mS-SQL-RegisteredOwner $ mS-SQL-Contact $ mS-SQL-Location $ mS-SQL-Memory $ mS-SQL-Build $ mS-SQL-ServiceAccount $ mS-SQL-CharacterSet $ mS-SQL-SortOrder $ mS-SQL-UnicodeSortOrder $ mS-SQL-Clustered $ mS-SQL-NamedPipe $ mS-SQL-MultiProtocol $ mS-SQL-SPX $ mS-SQL-TCPIP $ mS-SQL-AppleTalk $ mS-SQL-Vines $ mS-SQL-Status $ mS-SQL-LastUpdatedDate $ mS-SQL-InformationURL $ mS-SQL-GPSLatitude $ mS-SQL-GPSLongitude $ mS-SQL-GPSHeight $ mS-SQL-Keywords ) )", "( 1.2.840.113556.1.5.106 NAME 'queryPolicy' SUP top STRUCTURAL MAY (lDAPAdminLimits $ lDAPIPDenyList ) )", "( 1.2.840.113556.1.5.162 NAME 'mSMQConfiguration' SUP top STRUCTURAL MAY (mSMQQuota $ mSMQJournalQuota $ mSMQOwnerID $ mSMQSites $ mSMQOutRoutingServers $ mSMQInRoutingServers $ mSMQServiceType $ mSMQComputerType $ mSMQForeign $ mSMQOSType $ mSMQEncryptKey $ mSMQSignKey $ mSMQDependentClientServices $ mSMQRoutingServices $ mSMQDsServices $ mSMQComputerTypeEx ) )", "( 1.2.840.113556.1.5.257 NAME 'msDFS-NamespaceAnchor' SUP top STRUCTURAL MUST (msDFS-SchemaMajorVersion ) )", "( 1.2.840.113556.1.6.13.4.7 NAME 'msDFSR-ContentSet' SUP top STRUCTURAL MAY (description $ msDFSR-Extension $ msDFSR-RootSizeInMb $ msDFSR-StagingSizeInMb $ msDFSR-ConflictSizeInMb $ msDFSR-FileFilter $ msDFSR-DirectoryFilter $ msDFSR-Flags $ msDFSR-Options $ msDFSR-DfsPath $ msDFSR-Priority $ msDFSR-DeletedSizeInMb $ msDFSR-DefaultCompressionExclusionFilter $ msDFSR-OnDemandExclusionFileFilter $ msDFSR-OnDemandExclusionDirectoryFilter $ msDFSR-Options2 ) )", "( 1.2.840.113556.1.5.276 NAME 'msTPM-InformationObjectsContainer' SUP top STRUCTURAL MUST (cn ) )", "( 1.2.840.113556.1.5.209 NAME 'msWMI-RealRangeParam' SUP msWMI-RangeParam STRUCTURAL MUST (msWMI-Int8Default ) MAY (msWMI-Int8Max $ msWMI-Int8Min ) )", "( 2.5.6.7 NAME 'organizationalPerson' SUP person STRUCTURAL MAY (c $ l $ st $ street $ o $ ou $ title $ postalAddress $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ telexNumber $ teletexTerminalIdentifier $ facsimileTelephoneNumber $ x121Address $ internationalISDNNumber $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ givenName $ initials $ generationQualifier $ houseIdentifier $ otherTelephone $ otherPager $ co $ department $ company $ streetAddress $ otherHomePhone $ msExchHouseIdentifier $ personalTitle $ homePostalAddress $ countryCode $ employeeID $ comment $ division $ otherFacsimileTelephoneNumber $ otherMobile $ primaryTelexNumber $ primaryInternationalISDNNumber $ mhsORAddress $ otherMailbox $ assistant $ ipPhone $ otherIpPhone $ msDS-AllowedToDelegateTo $ msDS-PhoneticFirstName $ msDS-PhoneticLastName $ msDS-PhoneticDepartment $ msDS-PhoneticCompanyName $ msDS-PhoneticDisplayName $ msDS-HABSeniorityIndex $ msDS-AllowedToActOnBehalfOfOtherIdentity $ mail $ manager $ homePhone $ mobile $ pager $ middleName $ thumbnailPhoto $ thumbnailLogo ) )", "( 1.2.840.113556.1.5.176 NAME 'msExchConfigurationContainer' SUP container STRUCTURAL MAY (addressBookRoots $ globalAddressList $ templateRoots $ addressBookRoots2 $ globalAddressList2 $ templateRoots2 ) )", "( 1.2.840.113556.1.5.278 NAME 'msKds-ProvRootKey' SUP top STRUCTURAL MUST (cn $ msKds-KDFAlgorithmID $ msKds-SecretAgreementAlgorithmID $ msKds-PublicKeyLength $ msKds-PrivateKeyLength $ msKds-RootKeyData $ msKds-Version $ msKds-DomainID $ msKds-UseStartTime $ msKds-CreateTime ) MAY (msKds-KDFParam $ msKds-SecretAgreementParam ) )", "( 1.2.840.113556.1.5.238 NAME 'msDS-AzTask' SUP top STRUCTURAL MAY (description $ msDS-AzBizRule $ msDS-AzBizRuleLanguage $ msDS-AzLastImportedBizRulePath $ msDS-OperationsForAzTask $ msDS-TasksForAzTask $ msDS-AzTaskIsRoleDefinition $ msDS-AzApplicationData $ msDS-AzObjectGuid $ msDS-AzGenericData ) )", "( 1.2.840.113556.1.5.282 NAME 'msDS-GroupManagedServiceAccount' SUP computer STRUCTURAL MUST (msDS-ManagedPasswordInterval ) MAY (msDS-ManagedPassword $ msDS-ManagedPasswordId $ msDS-ManagedPasswordPreviousId $ msDS-GroupMSAMembership ) )", "( 1.3.6.1.1.1.2.9 NAME 'nisMap' SUP top STRUCTURAL MUST (cn $ nisMapName ) MAY (description ) )", "( 1.3.6.1.1.1.2.10 NAME 'nisObject' SUP top STRUCTURAL MUST (cn $ nisMapName $ nisMapEntry ) MAY (description $ msSFU30Name $ msSFU30NisDomain ) )", "( 1.2.840.113556.1.5.277 NAME 'msKds-ProvServerConfiguration' SUP top STRUCTURAL MUST (msKds-Version ) MAY (msKds-KDFAlgorithmID $ msKds-KDFParam $ msKds-SecretAgreementAlgorithmID $ msKds-SecretAgreementParam $ msKds-PublicKeyLength $ msKds-PrivateKeyLength ) )", "( 1.2.840.113556.1.6.18.2.217 NAME 'msSFU30NISMapConfig' SUP top STRUCTURAL MAY (msSFU30KeyAttributes $ msSFU30FieldSeparator $ msSFU30IntraFieldSeparator $ msSFU30SearchAttributes $ msSFU30ResultAttributes $ msSFU30MapFilter $ msSFU30NSMAPFieldPosition ) )", "( 1.2.840.113556.1.5.7000.48 NAME 'serversContainer' SUP top STRUCTURAL )", "( 1.2.840.113556.1.5.90 NAME 'linkTrackVolumeTable' SUP fileLinkTracking STRUCTURAL )", "( 1.2.840.113556.1.5.188 NAME 'mS-SQL-SQLDatabase' SUP top STRUCTURAL MAY (mS-SQL-Name $ mS-SQL-Contact $ mS-SQL-Status $ mS-SQL-InformationURL $ mS-SQL-Description $ mS-SQL-Alias $ mS-SQL-Size $ mS-SQL-CreationDate $ mS-SQL-LastBackupDate $ mS-SQL-LastDiagnosticDate $ mS-SQL-Applications $ mS-SQL-Keywords ) )", "( 1.2.840.113556.1.5.211 NAME 'msWMI-PolicyType' SUP top STRUCTURAL MUST (msWMI-ID $ msWMI-TargetObject ) MAY (msWMI-Author $ msWMI-ChangeDate $ msWMI-CreationDate $ msWMI-SourceOrganization $ msWMI-intFlags1 $ msWMI-intFlags2 $ msWMI-intFlags3 $ msWMI-intFlags4 $ msWMI-Parm1 $ msWMI-Parm2 $ msWMI-Parm3 $ msWMI-Parm4 ) )", "( 1.2.840.113556.1.5.183 NAME 'dSUISettings' SUP top STRUCTURAL MAY (dSUIAdminNotification $ dSUIAdminMaximum $ dSUIShellMaximum $ msDS-Security-Group-Extra-Classes $ msDS-Non-Security-Group-Extra-Classes $ msDS-FilterContainers ) )", "( 1.2.840.113556.1.5.157 NAME 'groupPolicyContainer' SUP container STRUCTURAL MAY (flags $ versionNumber $ gPCFunctionalityVersion $ gPCFileSysPath $ gPCMachineExtensionNames $ gPCUserExtensionNames $ gPCWQLFilter ) )", "( 1.2.840.113556.1.5.3 NAME 'samDomain' SUP top AUXILIARY MAY (description $ cACertificate $ builtinCreationTime $ builtinModifiedCount $ creationTime $ domainPolicyObject $ defaultLocalPolicyObject $ lockoutDuration $ lockOutObservationWindow $ lSACreationTime $ lSAModifiedCount $ lockoutThreshold $ maxPwdAge $ minPwdAge $ minPwdLength $ modifiedCountAtLastProm $ nETBIOSName $ nextRid $ pwdProperties $ pwdHistoryLength $ privateKey $ replicaSource $ controlAccessRights $ auditingPolicy $ eFSPolicy $ desktopProfile $ nTMixedDomain $ rIDManagerReference $ treeName $ pekList $ pekKeyChangeInterval $ gPLink $ gPOptions $ ms-DS-MachineAccountQuota $ msDS-LogonTimeSyncInterval $ msDS-PerUserTrustQuota $ msDS-AllUsersTrustQuota $ msDS-PerUserTrustTombstonesQuota ) )", "( 1.2.840.113556.1.5.234 NAME 'msDS-AzAdminManager' SUP top STRUCTURAL MAY (description $ msDS-AzDomainTimeout $ msDS-AzScriptEngineCacheMax $ msDS-AzScriptTimeout $ msDS-AzGenerateAudits $ msDS-AzApplicationData $ msDS-AzMajorVersion $ msDS-AzMinorVersion $ msDS-AzObjectGuid $ msDS-AzGenericData ) )", "( 1.2.840.113556.1.5.214 NAME 'msWMI-Rule' SUP top STRUCTURAL MUST (msWMI-Query $ msWMI-QueryLanguage $ msWMI-TargetNameSpace ) )", "( 1.2.840.113556.1.5.254 NAME 'nTDSDSARO' SUP nTDSDSA STRUCTURAL )", "( 1.2.840.113556.1.5.286 NAME 'msDS-Device' SUP top STRUCTURAL MUST (displayName $ altSecurityIdentities $ msDS-IsEnabled $ msDS-DeviceID ) MAY (msDS-DeviceOSType $ msDS-DeviceOSVersion $ msDS-DevicePhysicalIDs $ msDS-DeviceObjectVersion $ msDS-RegisteredOwner $ msDS-ApproximateLastLogonTimeStamp $ msDS-RegisteredUsers $ msDS-IsManaged $ msDS-CloudIsManaged $ msDS-CloudAnchor ) )", "( 1.2.840.113556.1.5.34 NAME 'trustedDomain' SUP leaf STRUCTURAL MAY (securityIdentifier $ trustAuthIncoming $ trustDirection $ trustPartner $ trustPosixOffset $ trustAuthOutgoing $ trustType $ trustAttributes $ domainCrossRef $ flatName $ initialAuthIncoming $ initialAuthOutgoing $ domainIdentifier $ additionalTrustedServiceNames $ mS-DS-CreatorSID $ msDS-TrustForestTrustInfo $ msDS-SupportedEncryptionTypes $ msDS-IngressClaimsTransformationPolicy $ msDS-EgressClaimsTransformationPolicy ) )", "( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTURAL MUST (cn ) MAY (description $ telephoneNumber $ seeAlso $ location $ roomNumber ) )", "( 2.5.6.4 NAME 'organization' SUP top STRUCTURAL MUST (o ) MAY (l $ st $ street $ searchGuide $ businessCategory $ postalAddress $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ telephoneNumber $ telexNumber $ teletexTerminalIdentifier $ facsimileTelephoneNumber $ x121Address $ internationalISDNNumber $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ seeAlso $ userPassword ) )", "( 1.2.840.113556.1.5.272 NAME 'msDS-ClaimType' SUP msDS-ClaimTypePropertyBase STRUCTURAL MAY (msDS-ClaimValueType $ msDS-ClaimAttributeSource $ msDS-ClaimTypeAppliesToClass $ msDS-ClaimSource $ msDS-ClaimSourceType $ msDS-ClaimIsValueSpaceRestricted $ msDS-ClaimIsSingleValued ) )", "( 1.3.6.1.1.1.2.3 NAME 'ipService' SUP top STRUCTURAL MUST (cn $ ipServicePort $ ipServiceProtocol ) MAY (description $ msSFU30Name $ msSFU30Aliases $ msSFU30NisDomain $ nisMapName ) )", "( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' SUP top STRUCTURAL MUST (cn $ ipProtocolNumber ) MAY (description $ msSFU30Name $ msSFU30Aliases $ msSFU30NisDomain $ nisMapName ) )", "( 1.2.840.113556.1.5.80 NAME 'rpcGroup' SUP rpcEntry STRUCTURAL MAY (rpcNsGroup $ rpcNsObjectID ) )", "( 1.2.840.113556.1.5.17 NAME 'server' SUP top STRUCTURAL MAY (serialNumber $ serverReference $ dNSHostName $ managedBy $ mailAddress $ bridgeheadTransportList $ msDS-isGC $ msDS-isRODC $ msDS-SiteName $ msDS-IsUserCachableAtRodc ) )", "( 1.2.840.113556.1.5.28 NAME 'secret' SUP leaf STRUCTURAL MAY (currentValue $ lastSetTime $ priorSetTime $ priorValue ) )", "( 1.2.840.113556.1.5.163 NAME 'mSMQEnterpriseSettings' SUP top STRUCTURAL MAY (mSMQNameStyle $ mSMQCSPName $ mSMQLongLived $ mSMQVersion $ mSMQInterval1 $ mSMQInterval2 ) )", "( 1.2.840.113556.1.5.202 NAME 'msWMI-MergeablePolicyTemplate' SUP msWMI-PolicyTemplate STRUCTURAL )", "( 1.2.840.113556.1.5.195 NAME 'msPKI-Key-Recovery-Agent' SUP user STRUCTURAL )", "( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP country STRUCTURAL MUST (co ) )", "( 1.2.840.113556.1.5.258 NAME 'msDFS-Namespacev2' SUP top STRUCTURAL MUST (msDFS-SchemaMajorVersion $ msDFS-SchemaMinorVersion $ msDFS-GenerationGUIDv2 $ msDFS-NamespaceIdentityGUIDv2 $ msDFS-LastModifiedv2 $ msDFS-Ttlv2 $ msDFS-Propertiesv2 $ msDFS-TargetListv2 ) MAY (msDFS-Commentv2 ) )", "( 1.2.840.113556.1.5.96 NAME 'subnet' SUP top STRUCTURAL MAY (location $ siteObject $ physicalLocationObject ) )", "( 1.2.840.113556.1.5.216 NAME 'applicationVersion' SUP applicationSettings STRUCTURAL MAY (owner $ keywords $ versionNumber $ vendor $ versionNumberHi $ versionNumberLo $ managedBy $ appSchemaVersion ) )", "( 2.5.6.10 NAME 'residentialPerson' SUP person STRUCTURAL MAY (l $ st $ street $ ou $ title $ businessCategory $ postalAddress $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ telexNumber $ teletexTerminalIdentifier $ facsimileTelephoneNumber $ x121Address $ internationalISDNNumber $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod ) )", "( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top STRUCTURAL MUST (cn ) MAY (authorityRevocationList $ certificateRevocationList $ deltaRevocationList $ cRLPartitionedRevocationList $ certificateAuthorityObject ) )", "( 1.2.840.113556.1.5.137 NAME 'aCSPolicy' SUP top STRUCTURAL MAY (aCSTimeOfDay $ aCSDirection $ aCSMaxTokenRatePerFlow $ aCSMaxPeakBandwidthPerFlow $ aCSAggregateTokenRatePerUser $ aCSMaxDurationPerFlow $ aCSServiceType $ aCSTotalNoOfFlows $ aCSPriority $ aCSPermissionBits $ aCSIdentityName $ aCSMaxAggregatePeakRatePerUser $ aCSMaxTokenBucketPerFlow $ aCSMaximumSDUSize $ aCSMinimumPolicedSize $ aCSMinimumLatency $ aCSMinimumDelayVariation ) )", "( 1.2.840.113556.1.5.77 NAME 'controlAccessRight' SUP top STRUCTURAL MAY (rightsGuid $ appliesTo $ localizationDisplayId $ validAccesses ) )", "( 1.2.840.113556.1.5.219 NAME 'msMQ-Group' SUP top STRUCTURAL MUST (member ) )", "( 1.2.840.113556.1.5.8 NAME 'group' SUP top STRUCTURAL MUST (groupType ) MAY (member $ nTGroupMembers $ operatorCount $ adminCount $ groupAttributes $ groupMembershipSAM $ controlAccessRights $ desktopProfile $ nonSecurityMember $ managedBy $ primaryGroupToken $ msDS-AzLDAPQuery $ msDS-NonMembers $ msDS-AzBizRule $ msDS-AzBizRuleLanguage $ msDS-AzLastImportedBizRulePath $ msDS-AzApplicationData $ msDS-AzObjectGuid $ msDS-AzGenericData $ msDS-PrimaryComputer $ mail $ msSFU30Name $ msSFU30NisDomain $ msSFU30PosixMember ) )", "( 1.2.840.113556.1.6.23.2 NAME 'msPrint-ConnectionPolicy' SUP top STRUCTURAL MUST (cn ) MAY (uNCName $ serverName $ printAttributes $ printerName ) )", "( 1.2.840.113556.1.3.11 NAME 'crossRef' SUP top STRUCTURAL MUST (cn $ nCName $ dnsRoot ) MAY (Enabled $ nETBIOSName $ nTMixedDomain $ trustParent $ superiorDNSRoot $ rootTrust $ msDS-Behavior-Version $ msDS-NC-Replica-Locations $ msDS-Replication-Notify-First-DSA-Delay $ msDS-Replication-Notify-Subsequent-DSA-Delay $ msDS-SDReferenceDomain $ msDS-DnsRootAlias $ msDS-NC-RO-Replica-Locations ) )", "( 1.2.840.113556.1.6.13.4.9 NAME 'msDFSR-Member' SUP top STRUCTURAL MUST (msDFSR-ComputerReference ) MAY (serverReference $ msDFSR-Extension $ msDFSR-Keywords $ msDFSR-Flags $ msDFSR-Options $ msDFSR-Options2 ) )", "( 1.2.840.113556.1.3.59 NAME 'displayTemplate' SUP top STRUCTURAL MUST (cn ) MAY (helpData32 $ originalDisplayTableMSDOS $ addressEntryDisplayTable $ helpFileName $ addressEntryDisplayTableMSDOS $ helpData16 $ originalDisplayTable ) )", "( 1.2.840.113556.1.3.13 NAME 'classSchema' SUP top STRUCTURAL MUST (cn $ subClassOf $ governsID $ objectClassCategory $ schemaIDGUID $ defaultObjectCategory ) MAY (possSuperiors $ mustContain $ mayContain $ rDNAttID $ auxiliaryClass $ lDAPDisplayName $ schemaFlagsEx $ systemOnly $ systemPossSuperiors $ systemMayContain $ systemMustContain $ systemAuxiliaryClass $ defaultSecurityDescriptor $ defaultHidingValue $ classDisplayName $ isDefunct $ msDs-Schema-Extensions $ msDS-IntId ) )", "( 1.2.840.113556.1.5.200 NAME 'msWMI-PolicyTemplate' SUP top STRUCTURAL MUST (msWMI-ID $ msWMI-Name $ msWMI-NormalizedClass $ msWMI-TargetClass $ msWMI-TargetNameSpace $ msWMI-TargetPath ) MAY (msWMI-Author $ msWMI-ChangeDate $ msWMI-CreationDate $ msWMI-SourceOrganization $ msWMI-TargetType $ msWMI-intFlags1 $ msWMI-intFlags2 $ msWMI-intFlags3 $ msWMI-intFlags4 $ msWMI-Parm1 $ msWMI-Parm2 $ msWMI-Parm3 $ msWMI-Parm4 ) )", "( 1.2.840.113556.1.5.165 NAME 'mSMQSettings' SUP top STRUCTURAL MAY (mSMQOwnerID $ mSMQServices $ mSMQQMID $ mSMQMigrated $ mSMQNt4Flags $ mSMQSiteName $ mSMQRoutingService $ mSMQDsService $ mSMQDependentClientService $ mSMQSiteNameEx ) )", "( 1.3.6.1.1.1.2.5 NAME 'oncRpc' SUP top STRUCTURAL MUST (cn $ oncRpcNumber ) MAY (description $ msSFU30Name $ msSFU30Aliases $ msSFU30NisDomain $ nisMapName ) )", "( 1.2.840.113556.1.5.126 NAME 'serviceConnectionPoint' SUP connectionPoint STRUCTURAL MAY (versionNumber $ vendor $ versionNumberHi $ versionNumberLo $ serviceClassName $ serviceBindingInformation $ serviceDNSName $ serviceDNSNameType $ appSchemaVersion ) )", "( 1.2.840.113556.1.5.4 NAME 'builtinDomain' SUP top STRUCTURAL )", "( 1.2.840.113556.1.5.241 NAME 'msDS-AppData' SUP applicationSettings STRUCTURAL MAY (owner $ keywords $ managedBy $ msDS-ByteArray $ msDS-DateTime $ msDS-Integer $ msDS-ObjectReference ) )", "( 1.2.840.113556.1.5.73 NAME 'rpcServerElement' SUP rpcEntry STRUCTURAL MUST (rpcNsBindings $ rpcNsInterfaceID $ rpcNsTransferSyntax ) )", "( 1.2.840.113556.1.5.150 NAME 'rRASAdministrationConnectionPoint' SUP serviceAdministrationPoint STRUCTURAL MAY (msRRASAttribute ) )", "( 1.2.840.113556.1.5.191 NAME 'aCSResourceLimits' SUP top STRUCTURAL MAY (aCSMaxTokenRatePerFlow $ aCSMaxPeakBandwidthPerFlow $ aCSServiceType $ aCSAllocableRSVPBandwidth $ aCSMaxPeakBandwidth ) )", "( 2.5.6.3 NAME 'locality' SUP top STRUCTURAL MUST (l ) MAY (st $ street $ searchGuide $ seeAlso ) )", "( 1.3.6.1.1.1.2.6 NAME 'ipHost' SUP top AUXILIARY MAY (cn $ l $ description $ uid $ manager $ ipHostNumber ) )", "( 1.2.840.113556.1.5.275 NAME 'msTPM-InformationObject' SUP top STRUCTURAL MUST (msTPM-OwnerInformation ) MAY (msTPM-SrkPubThumbprint $ msTPM-OwnerInformationTemp ) )", "( 1.2.840.113556.1.5.289 NAME 'msDS-DeviceContainer' SUP top STRUCTURAL )", "( 1.2.840.113556.1.4.2129 NAME 'msDNS-ServerSettings' SUP top STRUCTURAL MAY (msDNS-KeymasterZones ) )", "( 1.2.840.113556.1.5.76 NAME 'foreignSecurityPrincipal' SUP top STRUCTURAL MUST (objectSid ) MAY (foreignIdentifier ) )", "( 1.2.840.113556.1.5.44 NAME 'classStore' SUP top STRUCTURAL MAY (versionNumber $ nextLevelStore $ lastUpdateSequence $ appSchemaVersion ) )", "( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top STRUCTURAL MAY (l $ o $ ou $ description $ seeAlso $ uid $ host ) )", "( 1.2.840.113556.1.5.26 NAME 'rpcProfileElement' SUP rpcEntry STRUCTURAL MUST (rpcNsInterfaceID $ rpcNsPriority ) MAY (rpcNsProfileEntry $ rpcNsAnnotation ) )", "( 1.2.840.113556.1.5.215 NAME 'msWMI-WMIGPO' SUP top STRUCTURAL MUST (msWMI-TargetClass ) MAY (msWMI-intFlags1 $ msWMI-intFlags2 $ msWMI-intFlags3 $ msWMI-intFlags4 $ msWMI-Parm1 $ msWMI-Parm2 $ msWMI-Parm3 $ msWMI-Parm4 ) )", "( 1.2.840.113556.1.5.243 NAME 'msDS-QuotaControl' SUP top STRUCTURAL MUST (cn $ msDS-QuotaTrustee $ msDS-QuotaAmount ) )", "( 1.2.840.113556.1.5.256 NAME 'msDS-PasswordSettingsContainer' SUP top STRUCTURAL )", "( 1.2.840.113556.1.5.187 NAME 'mS-SQL-SQLPublication' SUP top STRUCTURAL MAY (mS-SQL-Name $ mS-SQL-Status $ mS-SQL-Description $ mS-SQL-Type $ mS-SQL-Database $ mS-SQL-AllowAnonymousSubscription $ mS-SQL-Publisher $ mS-SQL-AllowKnownPullSubscription $ mS-SQL-AllowImmediateUpdatingSubscription $ mS-SQL-AllowQueuedUpdatingSubscription $ mS-SQL-AllowSnapshotFilesFTPDownloading $ mS-SQL-ThirdParty ) )", "( 1.2.840.113556.1.5.9 NAME 'user' SUP organizationalPerson STRUCTURAL MAY (o $ businessCategory $ userCertificate $ givenName $ initials $ x500uniqueIdentifier $ displayName $ networkAddress $ employeeNumber $ employeeType $ homePostalAddress $ userAccountControl $ badPwdCount $ codePage $ homeDirectory $ homeDrive $ badPasswordTime $ lastLogoff $ lastLogon $ dBCSPwd $ localeID $ scriptPath $ logonHours $ logonWorkstation $ maxStorage $ userWorkstations $ unicodePwd $ otherLoginWorkstations $ ntPwdHistory $ pwdLastSet $ preferredOU $ primaryGroupID $ userParameters $ profilePath $ operatorCount $ adminCount $ accountExpires $ lmPwdHistory $ groupMembershipSAM $ logonCount $ controlAccessRights $ defaultClassStore $ groupsToIgnore $ groupPriority $ desktopProfile $ dynamicLDAPServer $ userPrincipalName $ lockoutTime $ userSharedFolder $ userSharedFolderOther $ servicePrincipalName $ aCSPolicyName $ terminalServer $ mSMQSignCertificates $ mSMQDigests $ mSMQDigestsMig $ mSMQSignCertificatesMig $ msNPAllowDialin $ msNPCallingStationID $ msNPSavedCallingStationID $ msRADIUSCallbackNumber $ msRADIUSFramedIPAddress $ msRADIUSFramedRoute $ msRADIUSServiceType $ msRASSavedCallbackNumber $ msRASSavedFramedIPAddress $ msRASSavedFramedRoute $ mS-DS-CreatorSID $ msCOM-UserPartitionSetLink $ msDS-Cached-Membership $ msDS-Cached-Membership-Time-Stamp $ msDS-Site-Affinity $ msDS-User-Account-Control-Computed $ lastLogonTimestamp $ msIIS-FTPRoot $ msIIS-FTPDir $ msDRM-IdentityCertificate $ msDS-SourceObjectDN $ msPKIRoamingTimeStamp $ msPKIDPAPIMasterKeys $ msPKIAccountCredentials $ msRADIUS-FramedInterfaceId $ msRADIUS-SavedFramedInterfaceId $ msRADIUS-FramedIpv6Prefix $ msRADIUS-SavedFramedIpv6Prefix $ msRADIUS-FramedIpv6Route $ msRADIUS-SavedFramedIpv6Route $ msDS-SecondaryKrbTgtNumber $ msDS-AuthenticatedAtDC $ msDS-SupportedEncryptionTypes $ msDS-LastSuccessfulInteractiveLogonTime $ msDS-LastFailedInteractiveLogonTime $ msDS-FailedInteractiveLogonCount $ msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon $ msTSProfilePath $ msTSHomeDirectory $ msTSHomeDrive $ msTSAllowLogon $ msTSRemoteControl $ msTSMaxDisconnectionTime $ msTSMaxConnectionTime $ msTSMaxIdleTime $ msTSReconnectionAction $ msTSBrokenConnectionAction $ msTSConnectClientDrives $ msTSConnectPrinterDrives $ msTSDefaultToMainPrinter $ msTSWorkDirectory $ msTSInitialProgram $ msTSProperty01 $ msTSProperty02 $ msTSExpireDate $ msTSLicenseVersion $ msTSManagingLS $ msDS-UserPasswordExpiryTimeComputed $ msTSExpireDate2 $ msTSLicenseVersion2 $ msTSManagingLS2 $ msTSExpireDate3 $ msTSLicenseVersion3 $ msTSManagingLS3 $ msTSExpireDate4 $ msTSLicenseVersion4 $ msTSManagingLS4 $ msTSLSProperty01 $ msTSLSProperty02 $ msDS-ResultantPSO $ msPKI-CredentialRoamingTokens $ msTSPrimaryDesktop $ msTSSecondaryDesktops $ msDS-PrimaryComputer $ msDS-SyncServerUrl $ msDS-AssignedAuthNPolicySilo $ msDS-AuthNPolicySiloMembersBL $ msDS-AssignedAuthNPolicy $ userSMIMECertificate $ uid $ mail $ roomNumber $ photo $ manager $ homePhone $ secretary $ mobile $ pager $ audio $ jpegPhoto $ carLicense $ departmentNumber $ preferredLanguage $ userPKCS12 $ labeledURI $ msSFU30Name $ msSFU30NisDomain ) )", "( 1.2.840.113556.1.5.259 NAME 'msDFS-Linkv2' SUP top STRUCTURAL MUST (msDFS-GenerationGUIDv2 $ msDFS-NamespaceIdentityGUIDv2 $ msDFS-LastModifiedv2 $ msDFS-Ttlv2 $ msDFS-Propertiesv2 $ msDFS-TargetListv2 $ msDFS-LinkPathv2 $ msDFS-LinkIdentityGUIDv2 ) MAY (msDFS-Commentv2 $ msDFS-LinkSecurityDescriptorv2 $ msDFS-ShortNameLinkPathv2 ) )", "( 1.2.840.113556.1.5.141 NAME 'interSiteTransport' SUP top STRUCTURAL MUST (transportDLLName $ transportAddressAttribute ) MAY (options $ replInterval ) )", "( 1.2.840.113556.1.6.13.4.4 NAME 'msDFSR-GlobalSettings' SUP top STRUCTURAL MAY (msDFSR-Extension $ msDFSR-Flags $ msDFSR-Options $ msDFSR-Options2 ) )", "( 1.2.840.113556.1.5.29 NAME 'serviceClass' SUP leaf STRUCTURAL MUST (displayName $ serviceClassID ) MAY (serviceClassInfo ) )", "( 1.2.840.113556.1.5.189 NAME 'mS-SQL-OLAPDatabase' SUP top STRUCTURAL MAY (mS-SQL-Name $ mS-SQL-Contact $ mS-SQL-Status $ mS-SQL-LastUpdatedDate $ mS-SQL-InformationURL $ mS-SQL-ConnectionURL $ mS-SQL-PublicationURL $ mS-SQL-Description $ mS-SQL-Type $ mS-SQL-Size $ mS-SQL-LastBackupDate $ mS-SQL-Applications $ mS-SQL-Keywords ) )", "( 2.5.6.16 NAME 'certificationAuthority' SUP top STRUCTURAL MUST (cn $ cACertificate $ authorityRevocationList $ certificateRevocationList ) MAY (searchGuide $ teletexTerminalIdentifier $ supportedApplicationContext $ crossCertificatePair $ deltaRevocationList $ domainPolicyObject $ parentCA $ dNSHostName $ parentCACertificateChain $ domainID $ cAConnect $ cAWEBURL $ cRLObject $ cAUsages $ previousCACertificates $ pendingCACertificates $ previousParentCA $ pendingParentCA $ currentParentCA $ cACertificateDN $ certificateTemplates $ signatureAlgorithms $ enrollmentProviders ) )", "( 1.2.840.113556.1.5.104 NAME 'meeting' SUP top STRUCTURAL MUST (meetingName ) MAY (meetingID $ meetingDescription $ meetingKeyword $ meetingLocation $ meetingProtocol $ meetingType $ meetingApplication $ meetingLanguage $ meetingMaxParticipants $ meetingOriginator $ meetingContactInfo $ meetingOwner $ meetingIP $ meetingScope $ meetingAdvertiseScope $ meetingURL $ meetingRating $ meetingIsEncrypted $ meetingRecurrence $ meetingStartTime $ meetingEndTime $ meetingBandwidth $ meetingBlob ) )", "( 1.2.840.113556.1.5.287 NAME 'msDS-DeviceRegistrationServiceContainer' SUP top STRUCTURAL )", "( 1.2.840.113556.1.5.71 NAME 'nTDSConnection' SUP leaf STRUCTURAL MUST (enabledConnection $ fromServer $ options ) MAY (generatedConnection $ schedule $ transportType $ mS-DS-ReplicatesNCReason ) )", "( 1.2.840.113556.1.5.291 NAME 'msDS-AuthNPolicySilos' SUP top STRUCTURAL )", "( 1.2.840.113556.1.5.218 NAME 'msMQ-Custom-Recipient' SUP top STRUCTURAL MAY (msMQ-Recipient-FormatName ) )", "( 1.2.840.113556.1.5.72 NAME 'nTDSService' SUP top STRUCTURAL MAY (tombstoneLifetime $ dSHeuristics $ garbageCollPeriod $ replTopologyStayOfExecution $ sPNMappings $ msDS-Other-Settings $ msDS-DeletedObjectLifetime ) )", "( 1.2.840.113556.1.3.9 NAME 'dMD' SUP top STRUCTURAL MUST (cn ) MAY (dmdName $ schemaUpdate $ prefixMap $ schemaInfo $ msDs-Schema-Extensions $ msDS-IntId $ msDS-USNLastSyncSuccess ) )", "( 1.2.840.113556.1.5.280 NAME 'msDS-ClaimsTransformationPolicyType' SUP top STRUCTURAL MAY (msDS-TransformationRules $ msDS-TransformationRulesCompiled ) )", "( 0.9.2342.19200300.100.4.14 NAME 'rFC822LocalPart' SUP domain STRUCTURAL MAY (cn $ sn $ street $ description $ postalAddress $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ telephoneNumber $ telexNumber $ teletexTerminalIdentifier $ facsimileTelephoneNumber $ x121Address $ internationalISDNNumber $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ seeAlso ) )", "( 1.2.840.113556.1.5.190 NAME 'mS-SQL-OLAPCube' SUP top STRUCTURAL MAY (mS-SQL-Name $ mS-SQL-Contact $ mS-SQL-Status $ mS-SQL-LastUpdatedDate $ mS-SQL-InformationURL $ mS-SQL-PublicationURL $ mS-SQL-Description $ mS-SQL-Size $ mS-SQL-Keywords ) )", "( 1.2.840.113556.1.5.208 NAME 'msWMI-UintSetParam' SUP msWMI-RangeParam STRUCTURAL MUST (msWMI-IntDefault ) MAY (msWMI-IntValidValues ) )", "( 1.3.6.1.1.1.2.2 NAME 'posixGroup' SUP top AUXILIARY MAY (cn $ description $ userPassword $ unixUserPassword $ gidNumber $ memberUid ) )", "( 2.5.6.17 NAME 'groupOfUniqueNames' SUP top STRUCTURAL MUST (cn $ uniqueMember ) MAY (o $ ou $ description $ businessCategory $ owner $ seeAlso ) )", "( 1.2.840.113556.1.5.252 NAME 'ms-net-ieee-8023-GroupPolicy' SUP top STRUCTURAL MAY (ms-net-ieee-8023-GP-PolicyGUID $ ms-net-ieee-8023-GP-PolicyData $ ms-net-ieee-8023-GP-PolicyReserved ) )", "( 1.2.840.113556.1.5.119 NAME 'ipsecNegotiationPolicy' SUP ipsecBase STRUCTURAL MAY (iPSECNegotiationPolicyType $ iPSECNegotiationPolicyAction ) )", "( 1.2.840.113556.1.5.292 NAME 'msDS-AuthNPolicySilo' SUP top STRUCTURAL MAY (msDS-AssignedAuthNPolicySiloBL $ msDS-AuthNPolicySiloMembers $ msDS-UserAuthNPolicy $ msDS-ComputerAuthNPolicy $ msDS-ServiceAuthNPolicy $ msDS-AuthNPolicySiloEnforced ) )", "( 1.2.840.113556.1.5.121 NAME 'ipsecNFA' SUP ipsecBase STRUCTURAL MAY (ipsecNegotiationPolicyReference $ ipsecFilterReference ) )", "( 1.2.840.113556.1.5.42 NAME 'dfsConfiguration' SUP top STRUCTURAL )", "( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP top STRUCTURAL MUST (cn ) MAY (l $ o $ ou $ description $ telephoneNumber $ seeAlso ) )", "( 1.2.840.113556.1.5.271 NAME 'msDS-ResourceProperties' SUP top STRUCTURAL )", "( 1.2.840.113556.1.5.91 NAME 'linkTrackObjectMoveTable' SUP fileLinkTracking STRUCTURAL )", "( 1.2.840.113556.1.5.136 NAME 'rpcContainer' SUP container STRUCTURAL MAY (nameServiceFlags ) )", "( 1.2.840.113556.1.5.83 NAME 'rIDManager' SUP top STRUCTURAL MUST (rIDAvailablePool ) MAY (msDS-RIDPoolAllocationEnabled ) )", "( 1.2.840.113556.1.5.206 NAME 'msWMI-IntSetParam' SUP msWMI-RangeParam STRUCTURAL MUST (msWMI-IntDefault ) MAY (msWMI-IntValidValues ) )", "( 1.2.840.113556.1.6.13.4.5 NAME 'msDFSR-ReplicationGroup' SUP top STRUCTURAL MUST (msDFSR-ReplicationGroupType ) MAY (description $ msDFSR-Version $ msDFSR-Extension $ msDFSR-RootSizeInMb $ msDFSR-StagingSizeInMb $ msDFSR-ConflictSizeInMb $ msDFSR-TombstoneExpiryInMin $ msDFSR-FileFilter $ msDFSR-DirectoryFilter $ msDFSR-Schedule $ msDFSR-Flags $ msDFSR-Options $ msDFSR-DeletedSizeInMb $ msDFSR-DefaultCompressionExclusionFilter $ msDFSR-OnDemandExclusionFileFilter $ msDFSR-OnDemandExclusionDirectoryFilter $ msDFSR-Options2 ) )", "( 1.2.840.113556.1.5.125 NAME 'addressBookContainer' SUP top STRUCTURAL MUST (displayName ) MAY (purportedSearch ) )", "( 1.2.840.113556.1.5.7000.49 NAME 'applicationSettings' SUP top ABSTRACT MAY (applicationName $ notificationList $ msDS-Settings ) )", "( 1.2.840.113556.1.5.265 NAME 'msDS-OptionalFeature' SUP top STRUCTURAL MUST (msDS-OptionalFeatureGUID $ msDS-OptionalFeatureFlags ) MAY (msDS-RequiredDomainBehaviorVersion $ msDS-RequiredForestBehaviorVersion ) )", "( 1.2.840.113556.1.5.94 NAME 'serviceAdministrationPoint' SUP serviceConnectionPoint STRUCTURAL )", "( 1.2.840.113556.1.5.102 NAME 'nTFRSReplicaSet' SUP top STRUCTURAL MAY (fRSReplicaSetType $ fRSVersionGUID $ schedule $ fRSFileFilter $ fRSDirectoryFilter $ fRSDSPoll $ fRSServiceCommand $ fRSReplicaSetGUID $ fRSLevelLimit $ fRSRootSecurity $ fRSExtensions $ managedBy $ fRSFlags $ fRSPartnerAuthLevel $ fRSPrimaryMember $ msFRS-Topology-Pref $ msFRS-Hub-Member ) )", "( 1.2.840.113556.1.5.203 NAME 'msWMI-RangeParam' SUP top STRUCTURAL MUST (msWMI-PropertyName $ msWMI-TargetClass $ msWMI-TargetType ) )", "( 1.2.840.113556.1.5.7000.56 NAME 'ipsecBase' SUP top ABSTRACT MAY (ipsecName $ ipsecID $ ipsecDataType $ ipsecData $ ipsecOwnersReference ) )", "( 1.2.840.113556.1.6.13.4.3 NAME 'msDFSR-Subscription' SUP top STRUCTURAL MUST (msDFSR-ContentSetGuid $ msDFSR-ReplicationGroupGuid ) MAY (msDFSR-Extension $ msDFSR-RootPath $ msDFSR-RootSizeInMb $ msDFSR-StagingPath $ msDFSR-StagingSizeInMb $ msDFSR-ConflictPath $ msDFSR-ConflictSizeInMb $ msDFSR-Enabled $ msDFSR-Flags $ msDFSR-Options $ msDFSR-RootFence $ msDFSR-DfsLinkTarget $ msDFSR-DeletedPath $ msDFSR-DeletedSizeInMb $ msDFSR-ReadOnly $ msDFSR-CachePolicy $ msDFSR-MinDurationCacheInMin $ msDFSR-MaxAgeInCacheInMin $ msDFSR-OnDemandExclusionFileFilter $ msDFSR-OnDemandExclusionDirectoryFilter $ msDFSR-Options2 $ msDFSR-StagingCleanupTriggerInPercent ) )", "( 1.2.840.113556.1.5.223 NAME 'msPKI-PrivateKeyRecoveryAgent' SUP top STRUCTURAL MUST (userCertificate ) )", "( 1.2.840.113556.1.5.178 NAME 'pKIEnrollmentService' SUP top STRUCTURAL MAY (cACertificate $ dNSHostName $ cACertificateDN $ certificateTemplates $ signatureAlgorithms $ enrollmentProviders $ msPKI-Enrollment-Servers $ msPKI-Site-Name ) )", "( 1.2.840.113556.1.6.18.2.211 NAME 'msSFU30MailAliases' SUP top STRUCTURAL MAY (msSFU30Name $ msSFU30Aliases $ msSFU30NisDomain $ nisMapName ) )", "( 1.2.840.113556.1.5.53 NAME 'typeLibrary' SUP top STRUCTURAL MAY (cOMClassID $ cOMInterfaceID $ cOMUniqueLIBID ) )", "( 1.2.840.113556.1.6.13.4.8 NAME 'msDFSR-Topology' SUP top STRUCTURAL MAY (msDFSR-Extension $ msDFSR-Flags $ msDFSR-Options $ msDFSR-Options2 ) )", "( 1.2.840.113556.1.5.237 NAME 'msDS-AzScope' SUP top STRUCTURAL MUST (msDS-AzScopeName ) MAY (description $ msDS-AzApplicationData $ msDS-AzObjectGuid $ msDS-AzGenericData ) )", "( 1.2.840.113556.1.5.74 NAME 'categoryRegistration' SUP leaf STRUCTURAL MAY (localeID $ categoryId $ managedBy $ localizedDescription ) )", "( 1.2.840.113556.1.5.11 NAME 'comConnectionPoint' SUP connectionPoint STRUCTURAL MUST (cn ) MAY (marshalledInterface $ moniker $ monikerDisplayName ) )", "( 1.2.840.113556.1.5.93 NAME 'linkTrackOMTEntry' SUP leaf STRUCTURAL MAY (birthLocation $ oMTIndxGuid $ currentLocation $ timeRefresh $ oMTGuid ) )", "( 1.2.840.113556.1.5.10 NAME 'classRegistration' SUP leaf STRUCTURAL MAY (cOMInterfaceID $ cOMProgID $ cOMCLSID $ cOMTreatAsClassId $ cOMOtherProgId $ implementedCategories $ requiredCategories $ managedBy ) )", "( 1.2.840.113556.1.5.148 NAME 'siteLinkBridge' SUP top STRUCTURAL MUST (siteLinkList ) )", "( 1.2.840.113556.1.5.81 NAME 'rpcServer' SUP rpcEntry STRUCTURAL MAY (rpcNsObjectID $ rpcNsCodeset $ rpcNsEntryFlags ) )", "( 1.2.840.113556.1.3.46 NAME 'mailRecipient' SUP top AUXILIARY MUST (cn ) MAY (telephoneNumber $ userCertificate $ info $ garbageCollPeriod $ msExchAssistantName $ msExchLabeledURI $ showInAddressBook $ userCert $ legacyExchangeDN $ msDS-PhoneticDisplayName $ msDS-GeoCoordinatesAltitude $ msDS-GeoCoordinatesLatitude $ msDS-GeoCoordinatesLongitude $ userSMIMECertificate $ textEncodedORAddress $ secretary $ labeledURI ) )", "( 1.2.840.113556.1.5.1 NAME 'securityObject' SUP top ABSTRACT MUST (cn ) )", "( 1.2.840.113556.1.5.20 NAME 'leaf' SUP top ABSTRACT )", "( 1.2.840.113556.1.5.151 NAME 'intellimirrorSCP' SUP serviceAdministrationPoint STRUCTURAL MAY (netbootMachineFilePath $ netbootAllowNewClients $ netbootLimitClients $ netbootMaxClients $ netbootCurrentClientCount $ netbootAnswerRequests $ netbootAnswerOnlyValidClients $ netbootNewMachineNamingPolicy $ netbootNewMachineOU $ netbootIntelliMirrorOSes $ netbootTools $ netbootLocallyInstalledOSes $ netbootServer ) )", "( 1.2.840.113556.1.6.13.4.1 NAME 'msDFSR-LocalSettings' SUP top STRUCTURAL MAY (msDFSR-Version $ msDFSR-Extension $ msDFSR-Flags $ msDFSR-Options $ msDFSR-Options2 $ msDFSR-CommonStagingPath $ msDFSR-CommonStagingSizeInMb $ msDFSR-StagingCleanupTriggerInPercent ) )", "( 1.2.840.113556.1.5.186 NAME 'mS-SQL-SQLRepository' SUP top STRUCTURAL MAY (mS-SQL-Name $ mS-SQL-Contact $ mS-SQL-Build $ mS-SQL-Status $ mS-SQL-Version $ mS-SQL-Description $ mS-SQL-InformationDirectory ) )", "( 2.5.6.8 NAME 'organizationalRole' SUP top STRUCTURAL MUST (cn ) MAY (l $ st $ street $ ou $ postalAddress $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ telephoneNumber $ telexNumber $ teletexTerminalIdentifier $ facsimileTelephoneNumber $ x121Address $ internationalISDNNumber $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ roleOccupant $ seeAlso ) )", "( 2.5.20.1 NAME 'subSchema' SUP top STRUCTURAL MAY (extendedClassInfo $ extendedAttributeInfo $ dITContentRules $ attributeTypes $ objectClasses $ modifyTimeStamp ) )", "( 1.2.840.113556.1.5.284 NAME 'msDS-DeviceRegistrationService' SUP top STRUCTURAL MUST (msDS-IsEnabled $ msDS-DeviceLocation ) MAY (msDS-IssuerCertificates $ msDS-RegistrationQuota $ msDS-MaximumRegistrationInactivityPeriod $ msDS-IssuerPublicCertificates $ msDS-CloudIssuerPublicCertificates $ msDS-CloudIsEnabled ) )", "( 1.2.840.113556.1.5.84 NAME 'displaySpecifier' SUP top STRUCTURAL MAY (iconPath $ creationWizard $ contextMenu $ adminPropertyPages $ shellPropertyPages $ classDisplayName $ adminContextMenu $ shellContextMenu $ attributeDisplayNames $ treatAsLeaf $ createDialog $ createWizardExt $ scopeFlags $ queryFilter $ extraColumns $ adminMultiselectPropertyPages ) )", "( 1.2.840.113556.1.5.212 NAME 'msWMI-ShadowObject' SUP top STRUCTURAL MUST (msWMI-TargetObject ) )", "( 1.2.840.113556.1.5.59 NAME 'fileLinkTrackingEntry' SUP top STRUCTURAL )", "( 1.2.840.113556.1.4.2161 NAME 'msAuthz-CentralAccessPolicies' SUP top STRUCTURAL )", "( 1.2.840.113556.1.5.161 NAME 'mSMQQueue' SUP top STRUCTURAL MAY (mSMQQueueType $ mSMQJournal $ mSMQBasePriority $ mSMQLabel $ mSMQAuthenticate $ mSMQPrivacyLevel $ mSMQOwnerID $ mSMQTransactional $ mSMQQueueQuota $ mSMQQueueJournalQuota $ mSMQQueueNameExt $ mSMQLabelEx $ MSMQ-SecuredSource $ MSMQ-MulticastAddress ) )", "( 1.2.840.113556.1.5.193 NAME 'msCOM-Partition' SUP top STRUCTURAL MAY (msCOM-ObjectId ) )", "( 1.2.840.113556.1.5.118 NAME 'ipsecFilter' SUP ipsecBase STRUCTURAL )", "( 2.5.6.2 NAME 'country' SUP top STRUCTURAL MUST (c ) MAY (searchGuide $ co ) )", "( 1.2.840.113556.1.5.97 NAME 'physicalLocation' SUP locality STRUCTURAL MAY (managedBy ) )", "( 1.2.840.113556.1.3.30 NAME 'computer' SUP user STRUCTURAL MAY (cn $ networkAddress $ localPolicyFlags $ defaultLocalPolicyObject $ machineRole $ location $ netbootInitialization $ netbootGUID $ netbootMachineFilePath $ siteGUID $ operatingSystem $ operatingSystemVersion $ operatingSystemServicePack $ operatingSystemHotfix $ volumeCount $ physicalLocationObject $ dNSHostName $ policyReplicationFlags $ managedBy $ rIDSetReferences $ catalogs $ netbootSIFFile $ netbootMirrorDataFile $ msDS-AdditionalDnsHostName $ msDS-AdditionalSamAccountName $ msDS-ExecuteScriptPassword $ msDS-KrbTgtLink $ msDS-RevealedUsers $ msDS-NeverRevealGroup $ msDS-RevealOnDemandGroup $ msDS-RevealedList $ msDS-AuthenticatedAtDC $ msDS-isGC $ msDS-isRODC $ msDS-SiteName $ msDS-PromotionSettings $ msTPM-OwnerInformation $ msTSProperty01 $ msTSProperty02 $ msDS-IsUserCachableAtRodc $ msDS-HostServiceAccount $ msTSEndpointData $ msTSEndpointType $ msTSEndpointPlugin $ msTSPrimaryDesktopBL $ msTSSecondaryDesktopBL $ msTPM-TpmInformationForComputer $ msDS-GenerationId $ msImaging-ThumbprintHash $ msImaging-HashAlgorithm $ netbootDUID $ msSFU30Name $ msSFU30Aliases $ msSFU30NisDomain $ nisMapName ) )", "( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' SUP top STRUCTURAL MUST (cn ) MAY (description $ msSFU30Name $ msSFU30NisDomain $ msSFU30NetgroupHostAtDomain $ msSFU30NetgroupUserAtDomain $ memberNisNetgroup $ nisNetgroupTriple $ nisMapName ) )", "( 1.2.840.113556.1.5.153 NAME 'nTFRSMember' SUP top STRUCTURAL MAY (fRSUpdateTimeout $ fRSServiceCommand $ serverReference $ fRSRootSecurity $ fRSExtensions $ frsComputerReference $ fRSControlDataCreation $ fRSControlInboundBacklog $ fRSControlOutboundBacklog $ fRSFlags $ fRSPartnerAuthLevel ) )", "( 2.5.6.12 NAME 'applicationEntity' SUP top STRUCTURAL MUST (cn $ presentationAddress ) MAY (l $ o $ ou $ supportedApplicationContext $ seeAlso ) )", "( 2.5.6.11 NAME 'applicationProcess' SUP top STRUCTURAL MUST (cn ) MAY (l $ ou $ seeAlso ) )", "( 1.2.840.113556.1.5.279 NAME 'msDS-ValueType' SUP top STRUCTURAL MUST (msDS-ClaimValueType $ msDS-ClaimIsValueSpaceRestricted $ msDS-ClaimIsSingleValued $ msDS-IsPossibleValuesPresent ) )", "( 1.2.840.113556.1.5.204 NAME 'msWMI-UnknownRangeParam' SUP msWMI-RangeParam STRUCTURAL MUST (msWMI-NormalizedClass $ msWMI-TargetObject ) )", "( 1.2.840.113556.1.5.66 NAME 'domain' SUP top ABSTRACT MUST (dc ) )", "( 2.5.6.13 NAME 'dSA' SUP applicationEntity STRUCTURAL MAY (knowledgeInformation ) )", "( 1.2.840.113556.1.5.120 NAME 'ipsecISAKMPPolicy' SUP ipsecBase STRUCTURAL )" ], "objectGUID": [ { "encoded": "sr4GScorekOq9Mmm+aY8Ow==", "encoding": "base64" } ], "systemFlags": [ "134217728" ], "uSNChanged": [ "5" ], "uSNCreated": [ "5" ], "whenChanged": [ "20130521164433.0Z" ], "whenCreated": [ "20130521164433.0Z" ] }, "schema_entry": "CN=Aggregate,CN=Schema,CN=Configuration,DC=AD2012,DC=LAB", "type": "SchemaInfo" } """ ad_2012_r2_dsa_info = """ { "raw": { "configurationNamingContext": [ "CN=Configuration,DC=AD2012,DC=LAB" ], "currentTime": [ "20141111080100.0Z" ], "defaultNamingContext": [ "DC=AD2012,DC=LAB" ], "dnsHostName": [ "WIN1.AD2012.LAB" ], "domainControllerFunctionality": [ "6" ], "domainFunctionality": [ "6" ], "dsServiceName": [ "CN=NTDS Settings,CN=WIN1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=AD2012,DC=LAB" ], "forestFunctionality": [ "6" ], "highestCommittedUSN": [ "22591" ], "isGlobalCatalogReady": [ "TRUE" ], "isSynchronized": [ "TRUE" ], "ldapServiceName": [ "AD2012.LAB:win1$@AD2012.LAB" ], "namingContexts": [ "DC=AD2012,DC=LAB", "CN=Configuration,DC=AD2012,DC=LAB", "CN=Schema,CN=Configuration,DC=AD2012,DC=LAB", "DC=DomainDnsZones,DC=AD2012,DC=LAB", "DC=ForestDnsZones,DC=AD2012,DC=LAB" ], "rootDomainNamingContext": [ "DC=AD2012,DC=LAB" ], "schemaNamingContext": [ "CN=Schema,CN=Configuration,DC=AD2012,DC=LAB" ], "serverName": [ "CN=WIN1,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=AD2012,DC=LAB" ], "subschemaSubentry": [ "CN=Aggregate,CN=Schema,CN=Configuration,DC=AD2012,DC=LAB" ], "supportedCapabilities": [ "1.2.840.113556.1.4.800", "1.2.840.113556.1.4.1670", "1.2.840.113556.1.4.1791", "1.2.840.113556.1.4.1935", "1.2.840.113556.1.4.2080", "1.2.840.113556.1.4.2237" ], "supportedControl": [ "1.2.840.113556.1.4.319", "1.2.840.113556.1.4.801", "1.2.840.113556.1.4.473", "1.2.840.113556.1.4.528", "1.2.840.113556.1.4.417", "1.2.840.113556.1.4.619", "1.2.840.113556.1.4.841", "1.2.840.113556.1.4.529", "1.2.840.113556.1.4.805", "1.2.840.113556.1.4.521", "1.2.840.113556.1.4.970", "1.2.840.113556.1.4.1338", "1.2.840.113556.1.4.474", "1.2.840.113556.1.4.1339", "1.2.840.113556.1.4.1340", "1.2.840.113556.1.4.1413", "2.16.840.1.113730.3.4.9", "2.16.840.1.113730.3.4.10", "1.2.840.113556.1.4.1504", "1.2.840.113556.1.4.1852", "1.2.840.113556.1.4.802", "1.2.840.113556.1.4.1907", "1.2.840.113556.1.4.1948", "1.2.840.113556.1.4.1974", "1.2.840.113556.1.4.1341", "1.2.840.113556.1.4.2026", "1.2.840.113556.1.4.2064", "1.2.840.113556.1.4.2065", "1.2.840.113556.1.4.2066", "1.2.840.113556.1.4.2090", "1.2.840.113556.1.4.2205", "1.2.840.113556.1.4.2204", "1.2.840.113556.1.4.2206", "1.2.840.113556.1.4.2211", "1.2.840.113556.1.4.2239", "1.2.840.113556.1.4.2255", "1.2.840.113556.1.4.2256" ], "supportedExtension": [ "1.3.6.1.4.1.1466.20037", "1.3.6.1.4.1.1466.101.119.1", "1.2.840.113556.1.4.1781", "1.3.6.1.4.1.4203.1.11.3", "1.2.840.113556.1.4.2212" ], "supportedLDAPPolicies": [ "MaxPoolThreads", "MaxPercentDirSyncRequests", "MaxDatagramRecv", "MaxReceiveBuffer", "InitRecvTimeout", "MaxConnections", "MaxConnIdleTime", "MaxPageSize", "MaxBatchReturnMessages", "MaxQueryDuration", "MaxTempTableSize", "MaxResultSetSize", "MinResultSets", "MaxResultSetsPerConn", "MaxNotificationPerConn", "MaxValRange", "MaxValRangeTransitive", "ThreadMemoryLimit", "SystemMemoryLimitPercent" ], "supportedLDAPVersion": [ "3", "2" ], "supportedSASLMechanisms": [ "GSSAPI", "GSS-SPNEGO", "EXTERNAL", "DIGEST-MD5" ] }, "type": "DsaInfo" } """ ldap3-2.4.1/ldap3/protocol/schemas/ds389.py0000666000000000000000000113634413226436321016404 0ustar 00000000000000""" """ # Created on 2014.11.11 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . ds389_1_3_3_schema = """ { "raw": { "aci": [ "(target=\\"ldap:///cn=schema\\")(targetattr !=\\"aci\\")(version 3.0;acl \\"anonymous, no acis\\"; allow (read, search, compare) userdn = \\"ldap:///anyone\\";)" ], "attributeTypes": [ "( 2.16.840.1.113730.3.1.582 NAME 'nsDS5ReplicaCredentials' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )", "( 2.16.840.1.113730.3.1.2274 NAME 'nsslapd-instancedir' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.532 NAME 'ntUserCountryCode' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )", "( 1.3.18.0.2.4.1139 NAME 'printer-info' DESC 'Descriptive information about this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'rfc3712' )", "( 2.16.840.1.113730.3.1.34 NAME 'ref' DESC 'LDAP referrals attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'LDAPv3 referrals Internet Draft' )", "( 1.3.6.1.4.1.13769.2.4 NAME ( 'nsAIMid' 'nscpaimscreenname' ) EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 X-ORIGIN 'Mozilla Address Book' )", "( sslVersionMin-oid NAME 'sslVersionMin' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.204 NAME 'replicaNickName' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2243 NAME 'nsslapd-securelistenhost' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2108 NAME 'nsPagedLookThroughLimit' DESC 'Binder-based simple paged search operation look through limit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-ORIGIN '389' )", "( 1.3.6.1.4.1.6981.11.3.7 NAME 'FTPStatus' DESC 'Account status: enabled or disabled' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' )", "( 2.16.840.1.113730.3.1.2091 NAME 'nsslapd-suffix' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape' )", "( 2.5.4.51 NAME 'houseIdentifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4519' )", "( nsUserRDNComponent-oid NAME 'nsUserRDNComponent' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' )", "( 1.3.18.0.2.4.1117 NAME 'printer-media-local-supported' DESC 'Site-specific names of media supported by this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' )", "( 2.16.840.1.113730.3.1.2301 NAME 'nsslapd-plugin-logging' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822mailbox' ) EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 4524' X-DEPRECATED 'rfc822mailbox' )", "( 2.16.840.1.113730.3.1.607 NAME 'nsDS5Flags' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( nsTaskLabel-oid NAME 'nsTaskLabel' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.2068 NAME 'pamExcludeSuffix' DESC 'Suffixes to exclude from PAM authentication' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Red Hat Directory Server' )", "( 2.16.840.1.113730.3.1.2157 NAME 'dnaRemoteBindCred' DESC 'Remote bind credentials' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN '389 Directory Server' )", "( nsBindDN-oid NAME 'nsBindDN' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape' )", "( 2.5.4.18 NAME 'postOfficeBox' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4519' )", "( 2.16.840.1.113730.3.1.2261 NAME 'nsslapd-attribute-name-exceptions' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.4.1.250.1.2 NAME 'multiLineDescription' DESC 'Pilot attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Internet White Pages Pilot' )", "( 2.16.840.1.113730.3.1.102 NAME ( 'passwordChange' 'pwdAllowUserChange' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.527 NAME 'ntUserLastLogoff' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )", "( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RFC 2307' )", "( 2.16.840.1.113730.3.1.21 NAME 'mailQuota' DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' )", "( 1.2.840.113556.1.4.482 NAME 'calOtherCalURIs' DESC 'RFC2739: multi-value URI for snapshots of other calendars' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'rfc2739' )", "( 2.16.840.1.113730.3.1.2238 NAME 'nsslapd-security' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.4.1.42.2.27.4.1.6 NAME 'javaClassName' DESC 'Fully qualified name of distinguished Java class or interface' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'RFC 2713' )", "( 2.16.840.1.113730.3.1.240 NAME 'replicatedattributelist' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2175 NAME 'nsslapd-accesslog-logrotationsync-enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( nsRevisionNumber-oid NAME 'nsRevisionNumber' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.2207 NAME 'nsslapd-rootdn' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( nsHelpRef-oid NAME 'nsHelpRef' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.43 NAME 'ntUserDeleteAccount' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )", "( 2.16.840.1.113730.3.1.217 NAME 'replicaCFUpdated' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.6 NAME 'targetDn' DESC 'Changelog attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Changelog Internet Draft' )", "( 2.5.4.25 NAME 'internationalISDNNumber' EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 X-ORIGIN 'RFC 4519' )", "( 2.16.840.1.113730.3.1.998 NAME ( 'passwordGraceUserTime' 'pwdGraceUserTime' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2225 NAME 'nsslapd-workingdir' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RFC 2307' )", "( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4524' )", "( 2.16.840.1.113730.3.1.65 NAME 'ntUserLogonServer' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )", "( 2.16.840.1.113730.3.1.781 NAME 'mgrpAddHeader' DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Messaging Server 4.x' )", "( 2.16.840.1.113730.3.1.2295 NAME 'nsslapd-allowed-sasl-mechanisms' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2162 NAME 'winSyncDirectoryFilter' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.4.1.15953.9.1.9 NAME 'sudoNotAfter' DESC 'End of time interval for which the entry is valid' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 X-ORIGIN 'SUDO' )", "( 1.3.18.0.2.4.1121 NAME 'printer-resolution-supported' DESC 'List of resolutions supported for printing documents by this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' )", "( 2.16.840.1.113730.3.1.2139 NAME 'winSyncMoveAction' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( nsExpirationDate-oid NAME 'nsExpirationDate' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 1.3.6.1.4.1.5923.1.1.1.1 NAME 'eduPersonAffiliation' DESC 'Affiliation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'http://middleware.internet2.edu/eduperson/' )", "( nsVendor-oid NAME 'nsVendor' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.87 NAME 'cirUpdateSchedule' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.5.4.32 NAME 'owner' SUP distinguishedName EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 4519' )", "( 2.16.840.1.113730.3.1.253 NAME 'nsValueSyntax' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape servers - value item' )", "( nsLdapSchemaVersion-oid NAME 'nsLdapSchemaVersion' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.2100 NAME 'autoMemberInclusiveRegex' DESC 'Auto Membership inclusive regex rule' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN '389 Directory Server' )", "( 2.16.840.1.113730.3.1.2089 NAME 'mepMappedAttr' DESC 'Managed Entries mapped attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN '389 Directory Server' )", "( 2.16.840.1.113730.3.1.2212 NAME 'nsslapd-useroc' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2282 NAME 'nsslapd-rundir' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.4.1.13769.3.3 NAME 'mozillaHomeLocalityName' SUP name EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' )", "( 2.5.4.10 NAME ( 'o' 'organizationname' ) SUP name EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'organizationname' )", "( 2.16.840.1.113730.3.1.2259 NAME 'nsslapd-return-exact-case' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( nsAdminAccessAddresses-oid NAME 'nsAdminAccessAddresses' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' )", "( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4524' )", "( nsAdminUsers-oid NAME 'nsAdminUsers' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' )", "( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RFC 2307' )", "( 2.16.840.1.113730.3.1.19 NAME 'mailMessageStore' DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Messaging Server 4.x' )", "( 2.16.840.1.113730.3.1.221 NAME 'passwordStorageScheme' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2126 NAME 'dnaHostname' DESC 'DNA hostname of replica to get new range of values' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN '389 Directory Server' )", "( 2.16.840.1.113730.3.1.2230 NAME 'nsslapd-ldapiautobind' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2196 NAME 'nsslapd-accesslog-logexpirationtime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.576 NAME 'nsRoleFilter' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.70 NAME 'serverRoot' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' )", "( 5.3.6.1.1.1.1.0 NAME 'trustModel' DESC 'Access scheme' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'nss_ldap/pam_ldap' )", "( 2.16.840.1.113730.3.1.248 NAME 'nsValueDN' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape servers - value item' )", "( 1.3.6.1.4.1.1466.101.120.41 NAME 'parentOrganization' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'Netscape' )", "( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )", "( nsAdminEnableDSGW-oid NAME 'nsAdminEnableDSGW' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' )", "( 1.3.18.0.2.4.1132 NAME 'printer-multiple-document-jobs-supported' DESC 'Indicates whether or not this printer supports more than one document per job.' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'rfc3712' )", "( 1.3.6.1.4.1.13769.2.1 NAME ( 'mozillaNickname' 'xmozillanickname' ) SUP name EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Mozilla Address Book' )", "( 2.5.18.2 NAME 'modifyTimestamp' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'RFC 4512' )", "( 2.16.840.1.113730.3.1.92 NAME ( 'passwordExpWarned' 'pwdExpirationWarned' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2246 NAME 'nsslapd-maxdescriptors' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2113 NAME 'internalModifiersName' DESC 'plugin dn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN '389 Directory Server' )", "( 2.16.840.1.113730.3.1.2094 NAME 'nsslapd-parent-suffix' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.692 NAME 'inetUserStatus' DESC '\\"active\\", \\"inactive\\", or \\"deleted\\" status of a user' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape subscriber interoperability' )", "( 1.3.18.0.2.4.1110 NAME 'printer-job-priority-supported' DESC 'Indicates the number of job priority levels supported by this printer.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'rfc3712' )", "( 2.16.840.1.113730.3.1.2183 NAME 'nsslapd-audit-logrotationsyncmin' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2304 NAME 'nsslapd-dynamic-plugins' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.789 NAME 'mgrpNoDuplicateChecks' DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Messaging Server 4.x' )", "( 2.16.840.1.113730.3.1.602 NAME 'entrydn' DESC 'internal server defined attribute type' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", "( 2.16.840.1.113730.3.1.1098 NAME 'nsds5replicaSessionPauseTime' DESC 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2073 NAME 'pamSecure' DESC 'Require secure (TLS/SSL) connection for PAM auth' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'Red Hat Directory Server' )", "( 2.16.840.1.113730.3.1.2264 NAME 'nsslapd-max-filter-nest-level' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.5.21.2 NAME 'dITContentRules' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOperation X-ORIGIN 'RFC 4512' )", "( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4524' )", "( 2.16.840.1.113730.3.1.522 NAME 'ntUserComment' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )", "( 1.3.18.0.2.4.1129 NAME 'printer-color-supported' DESC 'Indicates whether this printer is capable of any type of color printing at all, including highlight color.' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'rfc3712' )", "( 2.16.840.1.113730.3.1.24 NAME 'mailRoutingAddress' DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' )", "( nsmsgDisallowAccess-oid NAME 'nsmsgDisallowAccess' DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Messaging Server 4.x' )", "( 1.2.840.113556.1.4.485 NAME 'calOtherCalAdrURIs' DESC 'RFC2739: multi-value URI to other request destinations' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'rfc2739' )", "( 2.16.840.1.113730.3.1.2131 NAME 'pamFilter' DESC 'Filter to match entries that should use PAM authentication' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Red Hat Directory Server' )", "( 2.16.840.1.113730.3.1.234 NAME 'nsSNMPLocation' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE dSAOperation X-ORIGIN 'RFC 4512' )", "( 1.3.6.1.4.1.5923.1.1.1.9 NAME 'eduPersonScopedAffiliation' DESC 'Scoped Affiliation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'http://middleware.internet2.edu/eduperson/' )", "( nsHostLocation-oid NAME 'nsHostLocation' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.590 NAME 'nsDS5ReplicaName' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2178 NAME 'nsslapd-accesslog-logrotationsynchour' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2081 NAME ( 'passwordMaxRepeats' 'pwdMaxRepeats' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.687 NAME 'nsds5replicaChangesSentSinceStartup' DESC 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' )", "( 1.3.18.0.2.4.1107 NAME 'printer-xri-supported' DESC 'The unordered list of XRI (extended resource identifiers) supported by this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' )", "( 2.16.840.1.113730.3.1.46 NAME 'ntGroupDeleteGroup' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )", "( 2.16.840.1.113730.3.1.9 NAME 'newRdn' DESC 'Changelog attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Changelog Internet Draft' )", "( 2.16.840.1.113730.3.1.2147 NAME 'rootdn-allow-host' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2251 NAME 'nsslapd-accesscontrol' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE dSAOperation X-ORIGIN 'RFC 4512' )", "( 2.5.4.28 NAME 'preferredDeliveryMethod' SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 SINGLE-VALUE X-ORIGIN 'RFC 4519' )", "( 2.16.840.1.113730.3.1.11 NAME 'newSuperior' DESC 'Changelog attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Changelog Internet Draft' )", "( 2.16.840.1.113730.3.1.229 NAME 'nsslapd-pluginVendor' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2228 NAME 'nsslapd-ldapifilepath' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RFC 2307' )", "( 2.5.4.47 NAME 'enhancedSearchGuide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 X-ORIGIN 'RFC 4519' )", "( 2.16.840.1.113730.3.1.68 NAME 'ntUserPasswordExpired' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )", "( 2.16.840.1.113730.3.1.2298 NAME 'nsslapd-enable-turbo-mode' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.585 NAME 'nsDS5ReplicatedAttributeList' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2165 NAME 'schemaUpdateObjectclassAccept' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2277 NAME 'nsslapd-tmpdir' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.1002 NAME 'nsds7NewWinUserSyncEnabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 0.9.2342.19200300.100.1.23 NAME 'lastModifiedTime' DESC 'old variant of modifyTimestamp' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 1274' )", "( 2.16.840.1.113730.3.1.110 NAME 'ntGroupId' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )", "( 2.16.840.1.113730.3.1.535 NAME 'ntUserHomeDirDrive' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )", "( 2.16.840.1.113730.3.1.33 NAME 'mgrpModerator' DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Messaging Server 4.x' )", "( 2.16.840.1.113730.3.1.207 NAME 'vlvBase' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape Directory Server' )", "( nsServerMigrationClassname-oid NAME 'nsServerMigrationClassname' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( nsSSLPersonalitySSL-oid NAME 'nsSSLPersonalitySSL' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.5.4.35 NAME 'userPassword' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'RFC 4519' )", "( 1.3.6.1.1.4 NAME 'vendorName' EQUALITY 1.3.6.1.4.1.1466.109.114.1 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation X-ORIGIN 'RFC 3045' )", "( 1.3.6.1.4.1.6981.11.3.4 NAME 'FTPDownloadRatio' DESC 'Ratio (compared with FTPRatioUp) for downloaded files' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' )", "( 2.16.840.1.113730.3.1.801 NAME 'mgrpRemoveHeader' DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' )", "( 2.16.840.1.113730.3.1.2215 NAME 'nsslapd-allow-unauthenticated-binds' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.18.0.2.4.1118 NAME 'printer-copies-supported' DESC 'The maximum number of copies of a document that may be printed as a single job on this printer.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'rfc3712' )", "( 2.16.840.1.113730.3.1.55 NAME 'aci' DESC 'Netscape defined access control information attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2285 NAME 'nsslapd-hash-filters' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4524' )", "( 2.5.4.7 NAME ( 'l' 'locality' 'localityname' ) SUP name EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'locality localityname' )", "( nsSSL3SessionTimeout-oid NAME 'nsSSL3SessionTimeout' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.2152 NAME 'nsds5ReplicaProtocolTimeout' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.105 NAME ( 'passwordLockout' 'pwdLockOut' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RFC 2307' )", "( 2.16.840.1.113730.3.1.2129 NAME 'dnaNextRange' DESC 'DNA range of values to get from replica' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN '389 Directory Server' )", "( nsSSL3-oid NAME 'nsSSL3' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.2199 NAME 'nsslapd-accesslog-logexpirationtimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.571 NAME 'nsSizeLimit' DESC 'Binder-based search operation size limit (entries)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.77 NAME 'changeTime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.243 NAME 'nsValueCIS' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape servers - value item' )", "( 2.16.840.1.113730.3.1.2170 NAME 'nsslapd-accesslog-level' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2202 NAME 'nsslapd-accesslog-logging-enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.1.1.1.33 NAME 'automountInformation' DESC 'Information used by the autofs automounter' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'draft-howard-rfc2307bis' )", "( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'vehicle license or registration plate' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2798' )", "( nsCertConfig-oid NAME 'nsCertConfig' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Certificate Management System' )", "( 2.16.840.1.113730.3.1.99 NAME ( 'passwordMinLength' 'pwdMinLength' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2249 NAME 'nsslapd-idletimeout' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.5.4.20 NAME 'telephoneNumber' EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 X-ORIGIN 'RFC 4519' )", "( 2.16.840.1.113730.3.1.2116 NAME 'dnaPrefix' DESC 'DNA string prefix for dna value' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN '389 Directory Server' )", "( 2.16.840.1.113730.3.1.2220 NAME 'nsslapd-minssf-exclude-rootdse' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.1.1.1.0 NAME 'uidNumber' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RFC 2307' )", "( 2.16.840.1.113730.3.1.2186 NAME 'nsslapd-auditlog-logrotationtime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4524' )", "( 2.16.840.1.113730.3.1.60 NAME 'ntUserAuthFlags' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )", "( 2.16.840.1.113730.3.1.2290 NAME 'nsslapd-disk-monitoring-threshold' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2076 NAME ( 'passwordMinAlphas' 'pwdMinAlphas' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.406 NAME 'nsSynchUserIDFormat' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.5.21.5 NAME 'attributeTypes' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOperation X-ORIGIN 'RFC 4512' )", "( 1.3.18.0.2.4.1122 NAME 'printer-media-supported' DESC 'The standard names/types/sizes (and optional color suffixes) of the media supported by this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' )", "( nsAdminEnableEnduser-oid NAME 'nsAdminEnableEnduser' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' )", "( 1.3.6.1.1.1.1.26 NAME 'nisMapName' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2307' )", "( 2.16.840.1.113730.3.1.2134 NAME 'nsds5ReplicaStripAttrs' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.544 NAME 'nsParentUniqueId' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.4.1.5923.1.1.1.4 NAME 'eduPersonOrgUnitDN' DESC 'Organizational Unit DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'http://middleware.internet2.edu/eduperson/' )", "( 2.16.840.1.113730.3.1.82 NAME 'cirBindDn' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape Directory Server' )", "( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 X-ORIGIN 'RFC 2798' )", "( 1.3.6.1.4.1.42.2.27.4.1.13 NAME 'javaClassNames' DESC 'Fully qualified Java class or interface name' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2713' )", "( 2.16.840.1.113730.3.1.2103 NAME 'autoMemberDisabled' DESC 'Auto Membership disabled attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN '389 Directory Server' )", "( 2.16.840.1.113730.3.1.809 NAME 'nsds5replicaLastInitStatus' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2084 NAME 'nsSymmetricKey' DESC 'A symmetric key - currently used by attribute encryption' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN 'attribute encryption' )", "( 2.16.840.1.113730.3.1.682 NAME 'nsds5ReplicaPurgeDelay' DESC 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' EQUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 X-ORIGIN 'RFC 4524' )", "( nsTLS1-oid NAME 'nsTLS1' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.2063 NAME 'nsEncryptionAlgorithm' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.4.1.13769.3.4 NAME 'mozillaHomeState' SUP name EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' )", "( 2.5.4.13 NAME 'description' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4519' )", "( 2.16.840.1.113730.3.1.2254 NAME 'nsslapd-pwpolicy-local' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2121 NAME 'dnaScope' DESC 'DNA base DN for finding entries' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN '389 Directory Server' )", "( 2.16.840.1.113730.3.1.14 NAME 'mailAutoReplyMode' DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' )", "( 2.16.840.1.113730.3.1.224 NAME 'nsslapd-pluginPath' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.4.1.11.1.3.2.1.2 NAME 'acctPolicySubentry' DESC 'Account policy pointer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Account Policy Plugin' )", "( 2.16.840.1.113730.3.1.2191 NAME 'nsslapd-errorlog-logmaxdiskspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2233 NAME 'nsslapd-ldapiuidnumbertype' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.579 NAME 'nsDS5ReplicaPort' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.610 NAME 'nsAccountLock' DESC 'Operational attribute for Account Inactivation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.707 NAME 'vacationstartdate' DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' )", "( 2.16.840.1.113730.3.1.580 NAME 'nsDS5ReplicaTransportInfo' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2168 NAME 'schemaUpdateAttributeReject' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )", "( 1.3.18.0.2.4.1137 NAME 'printer-generated-natural-language-supported' DESC 'Natural language(s) supported for this directory entry.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' )", "( 2.16.840.1.113730.3.1.1005 NAME 'nsds7DirsyncCookie' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 0.9.2342.19200300.100.1.24 NAME 'lastModifiedBy' DESC 'old variant of modifiersName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 1274' )", "( 2.16.840.1.113730.3.1.530 NAME 'ntUserLogonHours' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )", "( 2.16.840.1.113730.3.1.36 NAME 'nsLicensedFor' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' )", "( 2.16.840.1.113730.3.1.202 NAME 'replicaCredentials' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.4.1.13769.2.2 NAME ( 'mozillaSecondEmail' 'xmozillasecondemail' ) EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' )", "( 2.16.840.1.113730.3.1.3023 NAME 'nsViewFilter' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( nsSSL2Ciphers-oid NAME 'nsSSL2Ciphers' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( nsServerAddress-oid NAME 'nsServerAddress' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.91 NAME 'passwordExpirationTime' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2241 NAME 'nsslapd-errorlog' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( nsProductName-oid NAME 'nsProductName' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.2027 NAME 'nsruvReplicaLastModified' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.5.4.38 NAME 'authorityRevocationList' DESC 'X.509 authority revocation list' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'RFC 4523' )", "( 2.16.840.1.113730.3.1.2097 NAME 'autoMemberScope' DESC 'Auto Membership scope criteria' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN '389 Directory Server' )", "( 2.16.840.1.113730.3.1.695 NAME 'inetSubscriberChallenge' DESC 'Used to confirm subscriberIdentity. This attribute holds the challenge phrase and is used in conjunction with the inetSubscriberResponse' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'Netscape subscriber interoperability' )", "( 2.16.840.1.113730.3.1.2218 NAME 'nsslapd-localssf' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.18.0.2.4.1115 NAME 'printer-stacking-order-supported' DESC 'The possible stacking order of pages as they are printed and ejected from this printer.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' )", "( 1.2.840.113556.1.4.479 NAME 'calFBURL' DESC 'RFC2739: URI to the users default freebusy data' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'rfc2739' )", "( 2.16.840.1.113730.3.1.2307 NAME 'nsslapd-allow-hashed-passwords' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.58 NAME 'replicaBindDn' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.605 NAME 'entryid' DESC 'internal server defined attribute type' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", "( 2.16.840.1.113730.3.1.2288 NAME 'nsslapd-defaultnamingcontext' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.4.1.13769.3.9 NAME 'mozillaWorkUrl' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' )", "( 2.16.840.1.113730.3.1.2155 NAME 'nsds5ReplicaBackoffMax' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2267 NAME 'nsslapd-certmap-basedn' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.100 NAME 'passwordKeepHistory' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.525 NAME 'ntUserWorkstations' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )", "( 2.16.840.1.113730.3.1.23 NAME 'mgrpAllowedDomain' DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' )", "( 1.2.840.113556.1.4.480 NAME 'calCAPURI' DESC 'RFC2739: URI used to communicate with the users calendar' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'rfc2739' )", "( 2.16.840.1.113730.3.1.237 NAME 'nsSNMPMasterHost' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( nsDefaultAcceptLanguage-oid NAME 'nsDefaultAcceptLanguage' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.593 NAME 'nsSNMPName' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2205 NAME 'nsslapd-auditlog-logging-hide-unhashed-pw' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.18.0.2.4.1108 NAME 'printer-aliases' DESC 'List of site-specific administrative names of this printer in addition to the value specified for printer-name.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' )", "( 2.16.840.1.113730.3.1.45 NAME 'ntGroupCreateNewGroup' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )", "( 2.16.840.1.113730.3.1.215 NAME 'oid' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2142 NAME 'nsSaslMapPriority' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2798' )", "( 2.16.840.1.113730.3.1.2119 NAME 'dnaMagicRegen' DESC 'DNA value that will trigger regeneration of attribute value' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN '389 Directory Server' )", "( 2.5.4.42 NAME 'givenName' SUP name EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4519' )", "( 2.16.840.1.113730.3.1.2189 NAME 'nsslapd-auditlog-logrotationtimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.67 NAME 'ntUserProfile' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )", "( 2.16.840.1.113730.3.1.2079 NAME ( 'passwordMinSpecials' 'pwdMinSpecials' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.588 NAME 'nsDS5ReplicaId' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2160 NAME 'dnaRemoteBindMethod' DESC 'Remote bind method: SIMPLE, SSL, SASL/DIGEST-MD5, or SASL/GSSAPI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN '389 Directory Server' )", "( 1.3.6.1.4.1.13769.4.3 NAME 'mozillaCustom3' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' )", "( 2.16.840.1.113730.3.1.2272 NAME 'nsslapd-plugin-binddn-tracking' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.5.21.8 NAME 'matchingRuleUse' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOperation X-ORIGIN 'RFC 4512' )", "( 1.3.6.1.4.1.250.1.57 NAME ( 'labeledURI' 'labeledurl' ) EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2079' X-DEPRECATED 'labeledurl' )", "( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2307' )", "( 2.16.840.1.113730.3.1.89 NAME 'cirSyncInterval' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.251 NAME 'nsValueFlags' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape servers - value item' )", "( 2.16.840.1.113730.3.1.2106 NAME 'nsIDListScanLimit' DESC 'Binder-based search operation ID list scan limit (candidate entries)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-ORIGIN '389' )", "( 1.3.6.1.4.1.6981.11.3.1 NAME 'FTPQuotaFiles' DESC 'Quota (in number of files) for an FTP user' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' )", "( 2.16.840.1.113730.3.1.804 NAME 'nsSchemaCSN' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' )", "( nsServerSecurity-oid NAME 'nsServerSecurity' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.2210 NAME 'nsslapd-auditlog' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDrink' ) EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4524' X-DEPRECATED 'favouriteDrink' )", "( 2.16.840.1.113730.3.1.50 NAME 'replicaBeginOrc' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2280 NAME 'nsslapd-bakdir' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.5.4.4 NAME ( 'sn' 'surName' ) SUP name EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'surName' )", "( 2.16.840.1.113730.3.1.2066 NAME 'nsSaslMapFilterTemplate' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.4.1.13769.3.1 NAME 'mozillaHomeStreet' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' )", "( 2.16.840.1.113730.3.1.198 NAME 'memberURL' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Directory Server' )", "( 2.5.4.16 NAME 'postalAddress' EQUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 X-ORIGIN 'RFC 4519' )", "( 2.16.840.1.113730.3.1.108 NAME 'passwordUnlock' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2307' )", "( nsSSLClientAuth-oid NAME 'nsSSLClientAuth' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.2124 NAME 'dnaRemainingValues' DESC 'DNA remaining values left to assign' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN '389 Directory Server' )", "( 2.16.840.1.113730.3.1.2236 NAME 'nsslapd-anonlimitsdn' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2194 NAME 'nsslapd-errorlog-logminfreediskspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.574 NAME 'nsRole' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' )", "( nsAdminGroupName-oid NAME 'nsAdminGroupName' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.72 NAME 'serverVersionNumber' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' )", "( 2.16.840.1.113730.3.1.246 NAME 'nsValueInt' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'Netscape servers - value item' )", "( 1.3.6.1.4.1.1466.101.120.43 NAME 'preferredTimeZone' DESC 'preferred time zone for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.2173 NAME 'nsslapd-errorlog-maxlogsize' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.4.1.15953.9.1.6 NAME 'sudoRunAsUser' DESC 'User(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )", "( 1.3.18.0.2.4.1130 NAME 'printer-document-format-supported' DESC 'The possible source document formats which may be interpreted and printed by this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' )", "( 2.16.840.1.113730.3.1.552 NAME 'costargettree' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.94 NAME 'retryCountResetTime' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' )", "( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 X-ORIGIN 'RFC 4519' X-DEPRECATED 'fax' )", "( 2.16.840.1.113730.3.1.2244 NAME 'nnslapd-threadnumber' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.2.840.113556.1.2.102 NAME 'memberOf' DESC 'Group that the entry belongs to' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape Delegated Administrator' )", "( 2.16.840.1.113730.3.1.2111 NAME 'tombstoneNumSubordinates' DESC 'count of immediate subordinates for tombstone entries' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN '389 directory server' )", "( nsDirectoryURL-oid NAME 'nsDirectoryURL' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.690 NAME 'inetDomainBaseDN' DESC 'Base DN of user subtree for a DNS domain' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'Netscape subscriber interoperability' )", "( 2.16.840.1.113730.3.1.2223 NAME 'nsslapd-localhost' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'RFC 2307' )", "( 2.16.840.1.113730.3.1.2181 NAME 'nsslapd-accesslog-logrotationsyncmin' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.569 NAME 'cosPriority' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( nsOsVersion-oid NAME 'nsOsVersion' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( nsJarfilename-oid NAME 'nsJarfilename' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.2293 NAME 'nsslapd-ndn-cache-enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2071 NAME 'pamIDAttr' DESC 'Name of attribute holding PAM ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Red Hat Directory Server' )", "( 2.16.840.1.113730.3.1.2158 NAME 'dnaRemoteBindDN' DESC 'Remote bind DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN '389 Directory Server' )", "( 1.3.18.0.2.4.1127 NAME 'printer-pages-per-minute' DESC 'The nominal number of pages per minute which may be output by this printer.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'rfc3712' )", "( 0.9.2342.19200300.100.1.54 NAME 'ditRedirect' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 1274' )", "( 2.16.840.1.113730.3.1.520 NAME 'nswmExtendedUserPrefs' DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' )", "( 2.16.840.1.113730.3.1.26 NAME 'mgrpErrorsTo' DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'Netscape Messaging Server 4.x' )", "( 1.3.6.1.4.1.4203.1.3.5 NAME 'supportedFeatures' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation X-ORIGIN 'RFC 4512' )", "( 2.16.840.1.113730.3.1.232 NAME 'nsSNMPEnabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2137 NAME 'nsds5ReplicaAbortCleanRUV' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.4.1.1466.101.120.17 NAME 'ldapSchemas' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOperation X-ORIGIN 'RFC 2927' )", "( 1.3.6.1.4.1.5923.1.1.1.7 NAME 'eduPersonEntitlement' DESC 'Entitlement' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'http://middleware.internet2.edu/eduperson/' )", "( 2.16.840.1.113730.3.1.81 NAME 'cirPort' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.4.1.6981.11.3.9 NAME 'FTPgid' DESC 'System uid (overrides gidNumber if present)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' )", "( 2.16.840.1.113730.3.1.2087 NAME 'mepManagedEntry' DESC 'Managed Entries pointer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN '389 Directory Server' )", "( 2.16.840.1.113730.3.1.685 NAME 'nsds5replicaLastUpdateStart' DESC 'Netscape defined attribute type' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' )", "( nsAdminSIEDN-oid NAME 'nsAdminSIEDN' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.2208 NAME 'nsslapd-rootdnpw' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.48 NAME 'replicaPort' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.210 NAME 'vlvSort' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2145 NAME 'rootdn-close-time' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2257 NAME 'nsslapd-accesslog-logbuffering' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlycountryname' ) EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4524' X-DEPRECATED 'friendlycountryname' )", "( 2.16.840.1.113730.3.1.13 NAME 'mailAlternateAddress' DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' )", "( 2.16.840.1.113730.3.1.227 NAME 'nsslapd-pluginId' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.5.4.45 NAME 'x500UniqueIdentifier' EQUALITY bitStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 X-ORIGIN 'RFC 4519' )", "( 2.16.840.1.113730.3.1.613 NAME 'copiedFrom' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' )", "( nsServerPort-oid NAME 'nsServerPort' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 1.3.6.1.4.1.42.2.27.4.1.8 NAME 'javaSerializedData' DESC 'Serialized form of a Java object' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE X-ORIGIN 'RFC 2713' )", "( 2.16.840.1.113730.3.1.583 NAME 'nsDS5ReplicaBindMethod' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2275 NAME 'nsslapd-schemadir' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( nsSSLActivation-oid NAME 'nsSSLActivation' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.1000 NAME 'nsds7WindowsReplicaSubtree' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 0.9.2342.19200300.100.1.21 NAME 'secretary' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 4524' )", "( 2.16.840.1.113730.3.1.533 NAME 'ntUserCodePage' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )", "( 1.3.18.0.2.4.1138 NAME 'printer-make-and-model' DESC 'Make and model of this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'rfc3712' )", "( 2.16.840.1.113730.3.1.35 NAME 'changeLog' DESC 'the distinguished name of the entry which contains the set of entries comprising this servers changelog' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Changelog Internet Draft' )", "( 2.16.840.1.113730.3.1.205 NAME 'changeLogMaximumConcurrentWrites' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( nsDirectoryInfoRef-oid NAME 'nsDirectoryInfoRef' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape' )", "( 1.3.6.1.4.1.6981.11.3.6 NAME 'FTPDownloadBandwidth' DESC 'Bandwidth (in KB/s) to limit download speeds to' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' )", "( 2.16.840.1.113730.3.1.2109 NAME 'nsPagedIDListScanLimit' DESC 'Binder-based simple paged search operation ID list scan limit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-ORIGIN '389' )", "( 2.16.840.1.113730.3.1.2092 NAME 'nsslapd-ldapiautodnsuffix' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape' )", "( 2.5.4.52 NAME 'supportedAlgorithms' DESC 'X.509 supported algorithms' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'RFC 4523' )", "( 1.3.18.0.2.4.1116 NAME 'printer-output-features-supported' DESC 'The possible output features supported by this printer.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' )", "( 2.16.840.1.113730.3.1.2302 NAME 'nsslapd-listen-backlog-size' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.57 NAME 'replicaRoot' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.608 NAME 'nsDS5Task' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.5.4.9 NAME ( 'street' 'streetaddress' ) EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'streetaddress' )", "( 2.16.840.1.113730.3.1.2069 NAME 'pamMissingSuffix' DESC 'How to handle missing include or exclude suffixes' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Red Hat Directory Server' )", "( 2.16.840.1.113730.3.1.2150 NAME 'rootdn-deny-ip' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( nsGroupRDNComponent-oid NAME 'nsGroupRDNComponent' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' )", "( 2.16.840.1.113730.3.1.2262 NAME 'nsslapd-maxbersize' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.5.4.19 NAME 'physicalDeliveryOfficeName' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4519' )", "( 2.16.840.1.113730.3.1.528 NAME 'ntUserAcctExpires' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )", "( 2.16.840.1.113730.3.1.103 NAME ( 'passwordCheckSyntax' 'pwdCheckSyntax' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2307' )", "( 1.2.840.113556.1.4.483 NAME 'calOtherFBURLs' DESC 'RFC2739: multi-value URI for other free/busy data' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'rfc2739' )", "( 2.16.840.1.113730.3.1.2239 NAME 'nsslapd-SSL3ciphers' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.79 NAME 'cirReplicaRoot' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'preferred name of a person to be used when displaying entries' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'RFC 2798' )", "( nsProductVersion-oid NAME 'nsProductVersion' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.2176 NAME 'nsslapd-errorlog-logrotationsync-enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2200 NAME 'nsslapd-errorlog-logexpirationtimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' DESC 'signed message used to support S/MIME' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'RFC 2798' )", "( nsSecureServerPort-oid NAME 'nsSecureServerPort' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.218 NAME 'replicaAbandonedChanges' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.7 NAME 'changeType' DESC 'Changelog attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Changelog Internet Draft' )", "( 2.5.4.26 NAME 'registeredAddress' SUP postalAddress EQUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 X-ORIGIN 'RFC 4519' )", "( 2.16.840.1.113730.3.1.999 NAME ( 'passwordGraceLimit' 'pwdGraceLoginLimit' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2114 NAME 'internalCreatorsName' DESC 'plugin dn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN '389 Directory Server' )", "( nsBindPassword-oid NAME 'nsBindPassword' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.812 NAME 'netscapeReversiblePassword' DESC 'password for HTTP Digest/MD5 authentication' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'Netscape Web Server' )", "( 2.16.840.1.113730.3.1.2226 NAME 'nsslapd-listenhost' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.1.1.1.6 NAME 'shadowMin' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RFC 2307' )", "( 2.16.840.1.113730.3.1.2184 NAME 'nsslapd-accesslog-logrotationtime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 0.9.2342.19200300.100.1.10 NAME 'manager' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 4524' )", "( 2.16.840.1.113730.3.1.62 NAME 'ntUserParms' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )", "( 2.16.840.1.113730.3.1.2296 NAME 'nsslapd-ignore-virtual-attrs' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2074 NAME 'pamService' DESC 'Service name to pass to pam_start' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'Red Hat Directory Server' )", "( 2.16.840.1.113730.3.1.2163 NAME 'winSyncWindowsFilter' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.4.1.13769.4.4 NAME 'mozillaCustom4' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' )", "( 1.3.18.0.2.4.1120 NAME 'printer-print-quality-supported' DESC 'List of print qualities supported for printing documents on this printer.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' )", "( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2307' )", "( 1.3.6.1.4.1.5923.1.1.1.2 NAME 'eduPersonNickName' DESC 'NickName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'http://middleware.internet2.edu/eduperson/' )", "( 2.16.840.1.113730.3.1.542 NAME 'nsUniqueId' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.84 NAME 'cirUseSsl' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.5.4.33 NAME 'roleOccupant' SUP distinguishedName EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 4519' )", "( nsServerID-oid NAME 'nsServerID' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.254 NAME 'nsValueHelpURL' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape servers - value item' )", "( 2.16.840.1.113730.3.1.807 NAME 'nsds5replicaLastInitStart' DESC 'Netscape defined attribute type' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2101 NAME 'autoMemberDefaultGroup' DESC 'Auto Membership default group' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN '389 Directory Server' )", "( 2.16.840.1.113730.3.1.2213 NAME 'nsslapd-userat' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2283 NAME 'nsslapd-SSLclientAuth' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 0.9.2342.19200300.100.1.8 NAME 'userClass' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4524' )", "( 2.5.4.1 NAME 'aliasedObjectName' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'RFC 4512' )", "( 1.3.6.1.4.1.13769.3.2 NAME 'mozillaHomeStreet2' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' )", "( 2.16.840.1.113730.3.1.2148 NAME 'rootdn-deny-host' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) SUP name EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'organizationalUnitName' )", "( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4524' )", "( 2.16.840.1.113730.3.1.16 NAME 'mailDeliveryOption' DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' )", "( 2.16.840.1.113730.3.1.2127 NAME 'dnaPortNum' DESC 'DNA port number of replica to get new range of values' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN '389 Directory Server' )", "( 2.16.840.1.113730.3.1.222 NAME ( 'passwordMinAge' 'pwdMinAge' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113719.1.1.4.1.35 NAME 'lastLoginTime' DESC 'Last login time' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Account Policy Plugin' )", "( 2.16.840.1.113730.3.1.2231 NAME 'nsslapd-ldapimaprootdn' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2197 NAME 'nsslapd-errorlog-logexpirationtime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.577 NAME 'cosIndirectSpecifier' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.71 NAME 'serverProductName' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' )", "( 5.3.6.1.1.1.1.1 NAME 'accessTo' DESC 'Access to which servers user is allowed' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'nss_ldap/pam_ldap' )", "( 2.16.840.1.113730.3.1.249 NAME 'nsValueType' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape servers - value item' )", "( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )", "( 2.16.840.1.113730.3.1.2278 NAME 'nsslapd-certdir' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.18.0.2.4.1135 NAME 'printer-name' DESC 'The site-specific administrative name of this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'rfc3712' )", "( 2.16.840.1.113730.3.1.38 NAME 'nsLicenseEndTime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' )", "( 2.16.840.1.113730.3.1.200 NAME 'changeLogMaximumAge' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.5.18.3 NAME 'creatorsName' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'RFC 4512' )", "( 2.16.840.1.113730.3.1.93 NAME 'passwordRetryCount' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2247 NAME 'nsslapd-conntablesize' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2095 NAME 'connection' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( nsSuiteSpotUser-oid NAME 'nsSuiteSpotUser' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.693 NAME 'inetUserHttpURL' DESC 'A users Web addresses' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape subscriber interoperability' )", "( 1.3.18.0.2.4.1113 NAME 'printer-service-person' DESC 'The identity of the current human service person responsible for servicing this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'rfc3712' )", "( 2.16.840.1.113730.3.1.2305 NAME 'nsslapd-moddn-aci' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.603 NAME 'dncomp' DESC 'internal server defined attribute type' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE directoryOperation )", "( 2.16.840.1.113730.3.1.1099 NAME 'winSyncInterval' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( nsBaseDN-oid NAME 'nsBaseDN' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.2265 NAME 'nsslapd-versionstring' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.523 NAME 'ntUserFlags' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )", "( 1.3.18.0.2.4.1128 NAME 'printer-compression-supported' DESC 'Compression algorithms supported by this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' )", "( 2.16.840.1.113730.3.1.2132 NAME 'nsds5ReplicaEnabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( nsExecRef-oid NAME 'nsExecRef' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.25 NAME 'mgrpDeliverTo' DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Messaging Server 4.x' )", "( 2.16.840.1.113730.3.1.235 NAME 'nsSNMPContact' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.591 NAME 'nsDS5ReplicaReferral' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2179 NAME 'nsslapd-errorlog-logrotationsynchour' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2082 NAME ( 'passwordMinCategories' 'pwdMinCategories' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.688 NAME 'nsds5replicaLastUpdateStatus' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' )", "( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 4524' )", "( 2.16.840.1.113730.3.1.213 NAME 'vlvEnabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2140 NAME 'passwordTrackUpdateTime' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2252 NAME 'nsslapd-groupevalnestlevel' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RFC 2307' )", "( 2.16.840.1.113730.3.1.2229 NAME 'nsslapd-ldapilisten' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.5.4.40 NAME 'crossCertificatePair' DESC 'X.509 cross certificate pair' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'RFC 4523' )", "( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4524' )", "( 2.16.840.1.113730.3.1.69 NAME 'subtreeACI' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Directory Server 1.0' )", "( 2.16.840.1.113730.3.1.2299 NAME 'nsslapd-connection-buffer' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2166 NAME 'schemaUpdateObjectclassReject' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.586 NAME 'nsDS5ReplicaUpdateSchedule' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.4.1.13769.4.1 NAME 'mozillaCustom1' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' )", "( 2.16.840.1.113730.3.1.2270 NAME 'nsslapd-auditlog-list' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.1003 NAME 'nsds7NewWinGroupSyncEnabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.111 NAME 'ntUniqueId' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )", "( 2.16.840.1.113730.3.1.536 NAME 'ntGroupAttributes' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )", "( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'RFC 2307' )", "( 2.16.840.1.113730.3.1.30 NAME 'mgrpRFC822MailMember' DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' )", "( 2.16.840.1.113730.3.1.208 NAME 'vlvScope' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'Netscape Directory Server' )", "( nsNickName-oid NAME 'nsNickName' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.5.4.36 NAME 'userCertificate' DESC 'X.509 user certificate' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'RFC 4523' )", "( 2.16.840.1.113730.3.1.2104 NAME 'nsslapd-pluginConfigArea' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.1.5 NAME 'vendorVersion' EQUALITY 1.3.6.1.4.1.1466.109.114.1 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation X-ORIGIN 'RFC 3045' )", "( 1.3.6.1.4.1.6981.11.3.3 NAME 'FTPUploadRatio' DESC 'Ratio (compared with FTPRatioDown) for uploaded files' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' )", "( 2.16.840.1.113730.3.1.802 NAME 'nsds5ReplicaLegacyConsumer' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2216 NAME 'nsslapd-require-secure-binds' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( nsKeyfile-oid NAME 'nsKeyfile' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.52 NAME 'replicaUpdateSchedule' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 0.9.2342.19200300.100.1.7 NAME 'photo' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23 X-ORIGIN 'RFC 1274' )", "( 2.5.4.6 NAME ( 'c' 'countryName' ) SUP name EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 SINGLE-VALUE X-ORIGIN 'RFC 4519' X-DEPRECATED 'countryName' )", "( 2.16.840.1.113730.3.1.2064 NAME 'nsSaslMapRegexString' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2286 NAME 'nsslapd-outbound-ldap-io-timeout' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2153 NAME ( 'passwordAdminDN' 'pwdAdminDN' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.5.4.14 NAME 'searchGuide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 X-ORIGIN 'RFC 4519' )", "( 2.16.840.1.113730.3.1.106 NAME ( 'passwordMaxFailure' 'pwdMaxFailure' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2307' )", "( 2.16.840.1.113730.3.1.2234 NAME 'nsslapd-ldapigidnumbertype' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.572 NAME 'nsTimeLimit' DESC 'Binder-based search operation time limit (seconds)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.74 NAME 'administratorContactInfo' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' )", "( nsClassname-oid NAME 'nsClassname' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.244 NAME 'nsValueCES' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape servers - value item' )", "( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService' DESC 'IANA GSS-API authorized service name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'NSS LDAP schema' )", "( 2.16.840.1.113730.3.1.2171 NAME 'nsslapd-accesslog-maxlogsperdir' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2203 NAME 'nsslapd-errorlog-logging-enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( nsDeleteclassname-oid NAME 'nsDeleteclassname' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' )", "( nsmsgNumMsgQuota-oid NAME 'nsmsgNumMsgQuota' DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' )", "( nsAdminCgiWaitPid-oid NAME 'nsAdminCgiWaitPid' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' )", "( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC 'identifies a department within an organization' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2798' )", "( 2.16.840.1.113730.3.1.550 NAME 'cosAttribute' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.96 NAME ( 'passwordHistory' 'pwdHistory' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' )", "( 2.5.4.21 NAME 'telexNumber' SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 X-ORIGIN 'RFC 4519' )", "( 2.16.840.1.113730.3.1.2117 NAME 'dnaNextValue' DESC 'DNA next available value for assignment' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN '389 Directory Server' )", "( 2.16.840.1.113730.3.1.2098 NAME 'autoMemberFilter' DESC 'Auto Membership filter criteria' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN '389 Directory Server' )", "( 1.3.6.1.1.1.1.1 NAME 'gidNumber' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RFC 2307' )", "( 2.16.840.1.113730.3.1.2187 NAME 'nsslapd-accesslog-logrotationtimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2221 NAME 'nsslapd-validate-cert' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2308 NAME 'nstombstonecsn' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.61 NAME 'ntUserUsrComment' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )", "( 2.16.840.1.113730.3.1.2291 NAME 'nsslapd-disk-monitoring-grace-period' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2077 NAME ( 'passwordMinUppers' 'pwdMinUppers' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.407 NAME 'nsSynchUniqueAttribute' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2268 NAME 'nsslapd-accesslog-list' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 1.3.18.0.2.4.1125 NAME 'printer-finishings-supported' DESC 'The possible finishing operations supported by this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' )", "( 2.5.21.6 NAME 'objectClasses' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOperation X-ORIGIN 'RFC 4512' )", "( 2.16.840.1.113730.3.1.28 NAME 'mgrpMsgRejectAction' DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' )", "( 2.16.840.1.113730.3.1.230 NAME 'nsslapd-pluginDescription' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2135 NAME 'nsds5ReplicaCleanRUV' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( nsAdminCacheLifetime-oid NAME 'nsAdminCacheLifetime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' )", "( 2.16.840.1.113730.3.1.327 NAME 'nsIndexType' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.545 NAME 'nscpEntryDN' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.4.1.5923.1.1.1.5 NAME 'eduPersonPrimaryAffiliation' DESC 'Primary Affiliation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'http://middleware.internet2.edu/eduperson/' )", "( 2.16.840.1.113730.3.1.83 NAME 'cirUsePersistentSearch' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.4.1.42.2.27.4.1.10 NAME 'javaFactory' DESC 'Fully qualified Java class name of a JNDI object factory' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'RFC 2713' )", "( 2.5.18.10 NAME 'subschemaSubentry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'RFC 4512' )", "( 2.16.840.1.113730.3.1.2085 NAME 'isReplicated' DESC 'Changelog attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.683 NAME 'nsds5ReplicaTombstonePurgeInterval' DESC 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 0.9.2342.19200300.100.1.38 NAME 'associatedName' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 4524' )", "( 2.16.840.1.113730.3.1.1100 NAME 'oneWaySync' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( nsConfigRoot-oid NAME 'nsConfigRoot' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 1.3.6.1.4.1.13769.3.7 NAME 'mozillaHomeUrl' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' )", "( 2.16.840.1.113730.3.1.2255 NAME 'passwordIsGlobalPolicy' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTelephoneNumber' ) EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 X-ORIGIN 'RFC 4524' X-DEPRECATED 'mobileTelephoneNumber' )", "( 2.16.840.1.113730.3.1.2122 NAME 'dnaMaxValue' DESC 'DNA maximum value to assign' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN '389 Directory Server' )", "( nsAdminDomainName-oid NAME 'nsAdminDomainName' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.15 NAME 'mailAutoReplyText' DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' )", "( 2.16.840.1.113730.3.1.225 NAME 'nsslapd-pluginInitfunc' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( nsAdminEndUserHTMLIndex-oid NAME 'nsAdminEndUserHTMLIndex' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' )", "( 1.3.6.1.4.1.11.1.3.2.1.3 NAME 'accountInactivityLimit' DESC 'Account inactivity limit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Account Policy Plugin' )", "( 2.16.840.1.113730.3.1.2192 NAME 'nsslapd-auditlog-logmaxdiskspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( nsBuildSecurity-oid NAME 'nsBuildSecurity' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.708 NAME 'vacationenddate' DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' )", "( 2.16.840.1.113730.3.1.581 NAME 'nsDS5ReplicaBindDN' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2169 NAME 'nsslapd-pagedsizelimit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( mgrpApprovePassword-oid NAME 'mgrpApprovePassword' DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'Netscape Messaging Server 4.x' )", "( 1.3.18.0.2.4.1136 NAME 'printer-location' DESC 'The physical location of this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'rfc3712' )", "( 2.16.840.1.113730.3.1.531 NAME 'ntUserBadPwCount' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )", "( 2.16.840.1.113730.3.1.37 NAME 'nsLicenseStartTime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' )", "( 2.16.840.1.113730.3.1.203 NAME 'replicaEntryFilter' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2242 NAME 'nsslapd-securePort' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.5.4.39 NAME 'certificateRevocationList' DESC 'X.509 certificate revocation list' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'RFC 4523' )", "( nsAdminAccountInfo-oid NAME 'nsAdminAccountInfo' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' )", "( 2.16.840.1.113730.3.1.2090 NAME 'mepRDNAttr' DESC 'Managed Entries RDN attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN '389 Directory Server' )", "( 2.16.840.1.113730.3.1.696 NAME 'inetSubscriberResponse' DESC 'Used to confirm subscriberIdentity. This attribute holds the response phrase and is used in conjunction with the inetSubscriberChallenge' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'Netscape subscriber interoperability' )", "( 2.5.4.50 NAME 'uniqueMember' EQUALITY uniqueMemberMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 X-ORIGIN 'RFC 4519' )", "( 2.16.840.1.113730.3.1.2219 NAME 'nsslapd-minssf' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.18.0.2.4.1114 NAME 'printer-delivery-orientation-supported' DESC 'The possible delivery orientations of pages as they are printed and ejected from this printer.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' )", "( 1.3.6.1.4.1.250.1.60 NAME ( 'ttl' 'timeToLive' ) DESC 'time to live in seconds for cached objects' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'LDAP Caching Internet Draft' )", "( 2.16.840.1.113730.3.1.2300 NAME 'nsslapd-connection-nocanon' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.59 NAME 'ntUserPriv' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )", "( 2.16.840.1.113730.3.1.2289 NAME 'nsslapd-disk-monitoring' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( nsDefaultObjectClass-oid NAME 'nsDefaultObjectClass' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' )", "( 1.3.6.1.4.1.13769.3.8 NAME 'mozillaWorkStreet2' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' )", "( 2.16.840.1.113730.3.1.2156 NAME 'nsslapd-sasl-max-buffer-size' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2260 NAME 'nsslapd-result-tweak' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.101 NAME ( 'passwordInHistory' 'pwdInHistory' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.526 NAME 'ntUserLastLogon' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )", "( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RFC 2307' )", "( 2.16.840.1.113730.3.1.20 NAME 'mailProgramDeliveryInfo' DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Messaging Server 4.x' )", "( 1.2.840.113556.1.4.481 NAME 'calCalAdrURI' DESC 'RFC2739: URI for event equests destination' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'rfc2739' )", "( 2.16.840.1.113730.3.1.238 NAME 'nsSNMPMasterPort' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.4.1.15953.9.1.10 NAME 'sudoOrder' DESC 'an integer to order the sudoRole entries' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'SUDO' )", "( 1.3.6.1.4.1.42.2.27.4.1.7 NAME 'javaCodebase' DESC 'URL(s) specifying the location of class definition' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2713' )", "( 2.16.840.1.113730.3.1.594 NAME 'nsDS5ReplicatedAttributeListTotal' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2174 NAME 'nsslapd-auditlog-maxlogsize' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2206 NAME 'nsslapd-unhashed-pw-switch' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.42 NAME 'ntUserCreateNewAccount' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )", "( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'PKCS #12 PFX PDU for exchange of personal identity information' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'RFC 2798' )", "( 2.16.840.1.113730.3.1.2143 NAME 'nsslapd-sasl-mapping-fallback' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.5 NAME 'changeNumber' DESC 'Changelog attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'Changelog Internet Draft' )", "( 2.5.18.9 NAME 'hasSubordinates' DESC 'if TRUE, subordinate entries may exist' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'numSubordinates Internet Draft' )", "( 2.5.4.24 NAME 'x121Address' EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 X-ORIGIN 'RFC 4519' )", "( 2.16.840.1.113730.3.1.997 NAME 'pwdpolicysubentry' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' )", "( 2.5.4.43 NAME 'initials' SUP name EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4519' )", "( 2.16.840.1.113730.3.1.2224 NAME 'nsslapd-port' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'RFC 2307' )", "( 2.16.840.1.113730.3.1.64 NAME 'ntUserNumLogons' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )", "( 2.16.840.1.113730.3.1.2294 NAME 'nsslapd-ndn-cache-max-size' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2161 NAME 'nsIndexIDListScanLimit' DESC 'fine grained idlistscanlimit - per index/type/value' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.589 NAME 'nsDS5ReplicaType' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.4.1.13769.4.2 NAME 'mozillaCustom2' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' )", "( 1.3.6.1.4.1.15953.9.1.8 NAME 'sudoNotBefore' DESC 'Start of time interval for which the entry is valid' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 X-ORIGIN 'SUDO' )", "( 2.16.840.1.113730.3.1.2273 NAME 'nsslapd-config' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.5.21.9 NAME 'structuralObjectClass' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'RFC 4512' )", "( nsDisplayName-oid NAME 'nsDisplayName' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' )", "( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2307' )", "( 2.16.840.1.113730.3.1.2138 NAME 'nsslapd-readonly' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.86 NAME 'cirLastUpdateApplied' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.5.4.31 NAME 'member' SUP distinguishedName EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 4519' )", "( sslVersionMax-oid NAME 'sslVersionMax' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.252 NAME 'nsValueDescription' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape servers - value item' )", "( 2.16.840.1.113730.3.1.2107 NAME 'nsPagedSizeLimit' DESC 'Binder-based simple paged search operation size limit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-ORIGIN '389' )", "( 2.16.840.1.113730.3.1.805 NAME 'nsds5replicaTimeout' DESC 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2088 NAME 'mepStaticAttr' DESC 'Managed Entries static attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN '389 Directory Server' )", "( 2.16.840.1.113730.3.1.2211 NAME 'nsslapd-dynamicconf' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.51 NAME 'replicaUpdateReplayed' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2281 NAME 'nsslapd-saslpath' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.5.4.3 NAME ( 'cn' 'commonName' ) SUP name EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'commonName' )", "( 2.16.840.1.113730.3.1.2067 NAME 'pamIncludeSuffix' DESC 'Suffixes to include for PAM authentication' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Red Hat Directory Server' )", "( 2.16.840.1.113730.3.1.199 NAME 'memberCertificateDescription' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.4.1.2312.4.3.3.1 NAME 'sabayonProfileURL' DESC 'The URL of a sabayon profile' SUP labeledURI EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Sabayon' )", "( 2.5.4.17 NAME 'postalCode' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4519' )", "( 2.16.840.1.113730.3.1.2258 NAME 'nsslapd-csnlogging' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( nsSSL2-oid NAME 'nsSSL2' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.109 NAME ( 'passwordLockoutDuration' 'pwdLockoutDuration' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2307' )", "( 2.16.840.1.113730.3.1.18 NAME 'mailHost' DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' )", "( 2.16.840.1.113730.3.1.220 NAME ( 'passwordMustChange' 'pwdMustChange' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2125 NAME 'dnaThreshold' DESC 'DNA threshold for getting next range of values' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN '389 Directory Server' )", "( 2.16.840.1.113730.3.1.2237 NAME 'nsslapd-counters' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2195 NAME 'nsslapd-auditlog-logminfreediskspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.575 NAME 'nsRoleDN' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.73 NAME 'installationTimeStamp' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' )", "( 2.16.840.1.113730.3.1.247 NAME 'nsValueBin' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'Netscape servers - value item' )", "( 1.3.6.1.4.1.15953.9.1.7 NAME 'sudoRunAsGroup' DESC 'Group(s) impersonated by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )", "( 1.3.18.0.2.4.1133 NAME 'printer-ipp-versions-supported' DESC 'IPP protocol version(s) that this printer supports.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' )", "( 2.5.18.1 NAME 'createTimestamp' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'RFC 4512' )", "( 2.16.840.1.113730.3.1.553 NAME 'costemplatedn' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.95 NAME 'accountUnlockTime' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2245 NAME 'nsslapd-maxthreadsperconn' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2112 NAME 'ntGroupType' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )", "( 2.16.840.1.113730.3.1.691 NAME 'inetDomainStatus' DESC '\\"active\\", \\"inactive\\", or \\"deleted\\" status of a domain' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape subscriber interoperability' )", "( 1.3.18.0.2.4.1111 NAME 'printer-job-k-octets-supported' DESC 'The maximum size in kilobytes (1,024 octets actually) incoming print job that this printer will accept.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'rfc3712' )", "( 2.16.840.1.113730.3.1.2182 NAME 'nsslapd-errorlog-logrotationsyncmin' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.788 NAME 'mgrpBroadcasterPolicy' DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' )", "( 2.16.840.1.113730.3.1.601 NAME 'adminRole' DESC 'Administrative role' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Delegated Administrator' )", "( 2.16.840.1.113730.3.1.2072 NAME 'pamFallback' DESC 'Fallback to regular LDAP BIND if PAM auth fails' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'Red Hat Directory Server' )", "( 2.16.840.1.113730.3.1.2159 NAME 'dnaRemoteConnProtocol' DESC 'Connection protocol: LDAP, TLS, or SSL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN '389 Directory Server' )", "( nsLogSuppress-oid NAME 'nsLogSuppress' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.5.21.1 NAME 'dITStructureRules' EQUALITY integerFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOperation X-ORIGIN 'RFC 4512' )", "( 2.16.840.1.113730.3.1.521 NAME 'ntUserHomeDir' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )", "( 1.3.18.0.2.4.1126 NAME 'printer-pages-per-minute-color' DESC 'The nominal number of color pages per minute which may be output by this printer.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'rfc3712' )", "( 1.2.840.113556.1.4.484 NAME 'calOtherCAPURIs' DESC 'RFC2739: multi-value URI to other calendars' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'rfc2739' )", "( 2.16.840.1.113730.3.1.2130 NAME 'dnaRangeRequestTimeout' DESC 'DNA timeout for querying replica for next range of values' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN '389 Directory Server' )", "( 2.16.840.1.113730.3.1.233 NAME 'nsSNMPOrganization' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE dSAOperation X-ORIGIN 'RFC 4512' )", "( 1.3.6.1.4.1.5923.1.1.1.8 NAME 'eduPersonPrimaryOrgUnitDN' DESC 'Primary Organizational Unit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'http://middleware.internet2.edu/eduperson/' )", "( nsHardwarePlatform-oid NAME 'nsHardwarePlatform' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 1.3.6.1.4.1.6981.11.3.8 NAME 'FTPuid' DESC 'System uid (overrides uidNumber if present)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' )", "( 2.16.840.1.113730.3.1.686 NAME 'nsds5replicaLastUpdateEnd' DESC 'Netscape defined attribute type' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2080 NAME ( 'passwordMin8bit' 'pwdMin8bit' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2209 NAME 'nsslapd-rootpwstoragescheme' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.49 NAME 'replicaUpdateFailedAt' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.8 NAME 'changes' DESC 'Changelog attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 X-ORIGIN 'Changelog Internet Draft' )", "( 2.16.840.1.113730.3.1.2146 NAME 'rootdn-days-allowed' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2250 NAME 'nsslapd-ioblocktimeout' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation X-ORIGIN 'RFC 4512' )", "( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelephoneNumber' ) EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 X-ORIGIN 'RFC 4524' X-DEPRECATED 'pagerTelephoneNumber' )", "( 2.16.840.1.113730.3.1.10 NAME 'deleteOldRdn' DESC 'Changelog attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 X-ORIGIN 'Changelog Internet Draft' )", "( 2.16.840.1.113730.3.1.228 NAME 'nsslapd-pluginVersion' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.5.4.46 NAME 'dnQualifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 X-ORIGIN 'RFC 4519' )", "( 2.16.840.1.113730.3.1.614 NAME 'copyingFrom' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' )", "( nsSSLToken-oid NAME 'nsSSLToken' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.584 NAME 'nsDS5ReplicaRoot' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2164 NAME 'winSyncSubtreePair' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2276 NAME 'nsslapd-lockdir' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.1001 NAME 'nsds7DirectoryReplicaSubtree' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.534 NAME 'ntUserPrimaryGroupId' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )", "( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTelephoneNumber' ) EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 X-ORIGIN 'RFC 4524' X-DEPRECATED 'homeTelephoneNumber' )", "( 2.16.840.1.113730.3.1.32 NAME 'mgrpMsgMaxSize' DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Messaging Server 4.x' )", "( 2.16.840.1.113730.3.1.206 NAME 'filterInfo' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 1.3.18.0.2.4.1140 NAME 'printer-uri' DESC 'A URI supported by this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'rfc3712' )", "( 2.5.4.34 NAME 'seeAlso' SUP distinguishedName EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 4519' )", "( nsSSL3Ciphers-oid NAME 'nsSSL3Ciphers' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 1.3.6.1.4.1.6981.11.3.5 NAME 'FTPUploadBandwidth' DESC 'Bandwidth (in KB/s) to limit upload speeds to' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' )", "( 2.16.840.1.113730.3.1.2093 NAME 'nsslapd-changelogsuffix' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.2214 NAME 'nsslapd-svrtab' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.5.4.53 NAME 'deltaRevocationList' DESC 'X.509 delta revocation list' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'RFC 4523' )", "( nsUniqueAttribute-oid NAME 'nsUniqueAttribute' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' )", "( 1.3.18.0.2.4.1119 NAME 'printer-natural-language-configured' DESC 'The configured natural language in which error and status messages will be generated (by default) by this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'rfc3712' )", "( 2.16.840.1.113730.3.1.2303 NAME 'nsslapd-ignore-time-skew' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.54 NAME 'replicaUseSSL' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'userid' )", "( 2.16.840.1.113730.3.1.609 NAME 'nsds5BeginReplicaRefresh' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2284 NAME 'nsslapd-ssl-check-hostname' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) SUP name EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4519' X-DEPRECATED 'stateOrProvinceName' )", "( 2.16.840.1.113730.3.1.1097 NAME 'nsds5replicaBusyWaitTime' DESC 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2151 NAME 'nsslapd-plugin-depends-on-type' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( nsViewConfiguration-oid NAME 'nsViewConfiguration' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' )", "( 2.16.840.1.113730.3.1.2263 NAME 'nsslapd-maxsasliosize' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.529 NAME 'ntUserMaxStorage' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )", "( 2.16.840.1.113730.3.1.104 NAME ( 'passwordWarning' 'pwdExpireWarning' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.1.1.1.12 NAME 'memberUid' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2307' )", "( nsAccessLog-oid NAME 'nsAccessLog' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.2128 NAME 'dnaSecurePortNum' DESC 'DNA secure port number of replica to get new range of values' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN '389 Directory Server' )", "( nsPidLog-oid NAME 'nsPidLog' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.2198 NAME 'nsslapd-auditlog-logexpirationtime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.570 NAME 'nsLookThroughLimit' DESC 'Binder-based search operation look through limit (candidate entries)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' )", "( nsCertfile-oid NAME 'nsCertfile' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.76 NAME 'serverHostName' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' )", "( 2.16.840.1.113730.3.1.242 NAME 'nsSystemIndex' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2177 NAME 'nsslapd-auditlog-logrotationsync-enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2201 NAME 'nsslapd-auditlog-logexpirationtimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( nsServerCreationClassname-oid NAME 'nsServerCreationClassname' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.41 NAME 'ntUserDomainId' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )", "( 2.16.840.1.113730.3.1.219 NAME 'vlvUses' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.973 NAME 'nsds5ReplConflict' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' )", "( 2.5.18.4 NAME 'modifiersName' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'RFC 4512' )", "( 2.16.840.1.113730.3.1.98 NAME 'passwordExp' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.5.4.27 NAME 'destinationIndicator' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 X-ORIGIN 'RFC 4519' )", "( 2.16.840.1.113730.3.1.2248 NAME 'nsslapd-reservedescriptors' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2115 NAME 'dnaType' DESC 'DNA attribute type to maintain' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN '389 Directory Server' )", "( 2.16.840.1.113730.3.1.2227 NAME 'nsslapd-snmp-index' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.1.1.1.7 NAME 'shadowMax' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RFC 2307' )", "( 2.16.840.1.113730.3.1.2185 NAME 'nsslapd-errorlog-logrotationtime' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4524' )", "( 2.16.840.1.113730.3.1.63 NAME 'ntUserUnitsPerWeek' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )", "( 2.16.840.1.113730.3.1.2297 NAME 'nsslapd-search-return-original-type-switch' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2075 NAME ( 'passwordMinDigits' 'pwdMinDigits' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.5.21.4 NAME 'matchingRules' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOperation X-ORIGIN 'RFC 4512' )", "( 1.3.18.0.2.4.1123 NAME 'printer-sides-supported' DESC 'The number of impression sides (one or two) and the two-sided impression rotations supported by this printer.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' )", "( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'RFC 2307' )", "( 1.3.6.1.4.1.5923.1.1.1.3 NAME 'eduPersonOrgDN' DESC 'Organization DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'http://middleware.internet2.edu/eduperson/' )", "( 2.16.840.1.113730.3.1.543 NAME 'nsState' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.85 NAME 'cirBindCredentials' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.4.1.42.2.27.4.1.12 NAME 'javaDoc' DESC 'The Java documentation for the class' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'RFC 2713' )", "( 2.16.840.1.113730.3.1.2102 NAME 'autoMemberGroupingAttr' DESC 'Auto Membership grouping attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN '389 Directory Server' )", "( 2.16.840.1.113730.3.1.808 NAME 'nsds5replicaLastInitEnd' DESC 'Netscape defined attribute type' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' )", "( nsUserIDFormat-oid NAME 'nsUserIDFormat' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' )", "( 0.9.2342.19200300.100.1.9 NAME 'host' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4524' )", "( 2.5.4.0 NAME 'objectClass' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 X-ORIGIN 'RFC 4512' )", "( nsAdminOneACLDir-oid NAME 'nsAdminOneACLDir' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' )", "( nsBuildNumber-oid NAME 'nsBuildNumber' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 1.3.6.1.4.1.13769.3.5 NAME 'mozillaHomePostalCode' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' )", "( 2.16.840.1.113730.3.1.2149 NAME 'rootdn-allow-ip' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.4.1.2312.4.3.3.2 NAME 'sabayonProfileName' DESC 'The Name of a sabayon profile' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Sabayon' )", "( 2.5.4.12 NAME 'title' SUP name EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4519' )", "( 2.16.840.1.113730.3.1.17 NAME 'mailForwardingAddress' DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' )", "( 2.16.840.1.113730.3.1.2120 NAME 'dnaFilter' DESC 'DNA filter for finding entries' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN '389 Directory Server' )", "( 2.16.840.1.113730.3.1.223 NAME ( 'passwordResetFailureCount' 'pwdFailureCountInterval' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.5.4.49 NAME ( 'distinguishedName' 'dn' ) EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 4519' X-DEPRECATED 'dn' )", "( 2.16.840.1.113730.3.1.578 NAME 'nsDS5ReplicaHost' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2190 NAME 'nsslapd-accesslog-logmaxdiskspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2232 NAME 'nsslapd-ldapimaptoentries' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.5.21.10 NAME 'governingStructureRule' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'RFC 4512' )", "( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'SUDO' )", "( 2.16.840.1.113730.3.1.2279 NAME 'nsslapd-ldifdir' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.18.0.2.4.1134 NAME 'printer-more-info' DESC 'A URI for more information about this specific printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'rfc3712' )", "( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domaincomponent' ) EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE X-ORIGIN 'RFC 4519' X-DEPRECATED 'domaincomponent' )", "( 2.16.840.1.113730.3.1.1004 NAME 'nsds7WindowsDomain' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC 'preferred written or spoken language for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'RFC 2798' )", "( 2.16.840.1.113730.3.1.201 NAME 'changeLogMaximumSize' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.4.1.13769.2.3 NAME ( 'mozillaUseHtmlMail' 'xmozillausehtmlmail' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' )", "( nsSerialNumber-oid NAME 'nsSerialNumber' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.90 NAME 'cirBeginORC' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2240 NAME 'nsslapd-accesslog' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2096 NAME 'entryusn' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.694 NAME 'inetSubscriberAccountId' DESC 'A unique attribute linking the subscriber to a billing system' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape subscriber interoperability' )", "( 1.3.18.0.2.4.1112 NAME 'printer-current-operator' DESC 'The identity of the current human operator responsible for operating this printer.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'rfc3712' )", "( 2.16.840.1.113730.3.1.2306 NAME 'nsslapd-return-default-opattr' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' )", "( 1.2.840.113556.1.4.478 NAME 'calCalURI' DESC 'RFC2739: URI of entire default calendar' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'rfc2739' )", "( 2.16.840.1.113730.3.1.604 NAME 'parentid' DESC 'internal server defined attribute type' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", "( 2.16.840.1.113730.3.1.2154 NAME 'nsds5ReplicaBackoffMin' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2266 NAME 'nsslapd-enquote-sup-oc' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.524 NAME 'ntUserScriptPath' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )", "( 2.16.840.1.113730.3.1.2133 NAME 'pwdUpdateTime' DESC 'Last password update time' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE USAGE directoryOperation X-ORIGIN '389 Directory Server' )", "( 2.16.840.1.113730.3.1.22 NAME 'mgrpAllowedBroadcaster' DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Messaging Server 4.x' )", "( 2.16.840.1.113730.3.1.236 NAME 'nsSNMPDescription' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation X-ORIGIN 'RFC 4512' )", "( nsPreference-oid NAME 'nsPreference' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' )", "( 2.16.840.1.113730.3.1.592 NAME 'nsDS5ReplicaAutoReferral' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2083 NAME ( 'passwordMinTokenLength' 'pwdMinTokenLength' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.689 NAME 'nsds5replicaUpdateInProgress' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE NO-USER-MODIFICATION X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2204 NAME 'nsslapd-auditlog-logging-enabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.18.0.2.4.1109 NAME 'printer-charset-configured' DESC 'The configured charset in which error and status messages will be generated (by default) by this printer.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'rfc3712' )", "( 2.16.840.1.113730.3.1.44 NAME 'ntGroupDomainId' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )", "( 2.16.840.1.113730.3.1.214 NAME 'passwordAllowChangeTime' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2141 NAME 'dsOnlyMemberUid' DESC 'Elements from a memberuid attribute created to reflect dynamic group membership' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Red Hat Directory Server' )", "( nsDirectoryFailoverList-oid NAME 'nsDirectoryFailoverList' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape' )", "( nsSSLSessionTimeout-oid NAME 'nsSSLSessionTimeout' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.2253 NAME 'nsslapd-nagle' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2118 NAME 'dnaInterval' DESC 'DNA interval between values' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN '389 Directory Server' )", "( 2.5.4.41 NAME 'name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4519' )", "( 2.16.840.1.113730.3.1.2188 NAME 'nsslapd-errorlog-logrotationtimeunit' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'RFC 4524' )", "( 2.16.840.1.113730.3.1.66 NAME 'ntUserUniqueId' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-ORIGIN 'Netscape NT Synchronization' )", "( 2.16.840.1.113730.3.1.2078 NAME ( 'passwordMinLowers' 'pwdMinLowers' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.587 NAME 'nsds50ruv' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2167 NAME 'schemaUpdateAttributeAccept' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2271 NAME 'nsslapd-rewrite-rfc1274' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'RFC 2307' )", "( 2.16.840.1.113730.3.1.31 NAME 'mailEnhancedUniqueMember' DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN 'Netscape Messaging Server 4.x' )", "( 2.16.840.1.113730.3.1.209 NAME 'vlvFilter' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Directory Server' )", "( nsErrorLog-oid NAME 'nsErrorLog' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.88 NAME 'cirUpdateFailedat' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.250 NAME 'nsValueDefault' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape servers - value item' )", "( 2.5.4.37 NAME 'cACertificate' DESC 'X.509 CA certificate' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'RFC 4523' )", "( 2.16.840.1.113730.3.1.2105 NAME 'autoMemberTargetGroup' DESC 'Auto Membership target group' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN '389 Directory Server' )", "( 1.3.6.1.4.1.6981.11.3.2 NAME 'FTPQuotaMBytes' DESC 'Quota (in megabytes) for an FTP user' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Pure-FTPd' )", "( 2.16.840.1.113730.3.1.803 NAME 'nsBackendSuffix' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2217 NAME 'nsslapd-allow-anonymous-access' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.53 NAME 'replicaBindMethod' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 0.9.2342.19200300.100.1.4 NAME 'info' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4524' )", "( 2.16.840.1.113730.3.1.2065 NAME 'nsSaslMapBaseDNTemplate' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( nsSSLSupportedCiphers-oid NAME 'nsSSLSupportedCiphers' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.2287 NAME 'nsslapd-force-sasl-external' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.5.4.5 NAME 'serialNumber' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 X-ORIGIN 'RFC 4519' )", "( 2.16.840.1.113730.3.1.197 NAME 'replicaHost' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 2.5.4.15 NAME 'businessCategory' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4519' )", "( 2.16.840.1.113730.3.1.107 NAME 'passwordResetDuration' DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 0.9.2342.19200300.100.1.48 NAME 'buildingName' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4524' )", "( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'RFC 2307' )", "( 2.16.840.1.113730.3.1.2235 NAME 'nsslapd-ldapientrysearchbase' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( nsInstalledLocation-oid NAME 'nsInstalledLocation' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.1.573 NAME 'nsIdleTimeout' DESC 'Binder-based connection idle timeout (seconds)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.75 NAME 'adminUrl' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Administration Services' )", "( 2.16.840.1.113730.3.1.245 NAME 'nsValueTel' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 X-ORIGIN 'Netscape servers - value item' )", "( 1.3.6.1.4.1.1466.101.120.42 NAME 'preferredLocale' DESC 'preferred locale for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape' )", "( nsNYR-oid NAME 'nsNYR' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' )", "( 2.16.840.1.113730.3.1.2172 NAME 'nsslapd-accesslog-maxlogsize' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.18.0.2.4.1131 NAME 'printer-charset-supported' DESC 'Set of charsets supported for the attribute values of syntax DirectoryString for this directory entry.' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'rfc3712' )", "( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'numerically identifies an employee within an organization' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'RFC 2798' )", "( 2.16.840.1.113730.3.1.551 NAME 'cosspecifier' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.97 NAME ( 'passwordMaxAge' 'pwdMaxAge' ) DESC 'Netscape defined password policy attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.5.4.22 NAME 'teletexTerminalIdentifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 X-ORIGIN 'RFC 4519' )", "( 2.16.840.1.113730.3.1.2099 NAME 'autoMemberExclusiveRegex' DESC 'Auto Membership exclusive regex rule' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN '389 Directory Server' )", "( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'Standard LDAP attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'RFC 2307' )", "( 2.16.840.1.113730.3.1.2180 NAME 'nsslapd-auditlog-logrotationsynchour' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2222 NAME 'nsslapd-localuser' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2309 NAME 'nsds5ReplicaPreciseTombstonePurging' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2292 NAME 'nsslapd-disk-monitoring-logging-critical' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2070 NAME 'pamIDMapMethod' DESC 'How to map BIND DN to PAM identity' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Red Hat Directory Server' )", "( 2.16.840.1.113730.3.1.408 NAME 'replicaLastRelevantChange' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2269 NAME 'nsslapd-errorlog-list' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 1.3.18.0.2.4.1124 NAME 'printer-number-up-supported' DESC 'The possible numbers of print-stream pages to impose upon a single side of an instance of a selected medium.' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'rfc3712' )", "( 2.5.21.7 NAME 'nameForms' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOperation X-ORIGIN 'RFC 4512' )", "( 0.9.2342.19200300.100.1.55 NAME 'audio' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 X-ORIGIN 'RFC 1274' )", "( 2.16.840.1.113730.3.1.29 NAME 'mgrpMsgRejectText' DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Messaging Server 4.x' )", "( 2.16.840.1.113730.3.1.231 NAME 'nsslapd-pluginEnabled' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2136 NAME 'nsds5ReplicaCleanRUVNotified' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-ORIGIN 'Netscape Directory Server' )", "( nsWellKnownJarfiles-oid NAME 'nsWellKnownJarfiles' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' )", "( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE directoryOperation X-ORIGIN 'RFC 4512' )", "( 2.16.840.1.113730.3.1.328 NAME 'nsMatchingRule' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( nsAdminAccessHosts-oid NAME 'nsAdminAccessHosts' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Administration Services' )", "( 1.3.6.1.4.1.5923.1.1.1.6 NAME 'eduPersonPrincipalName' DESC 'Principal Name' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'http://middleware.internet2.edu/eduperson/' )", "( 2.16.840.1.113730.3.1.80 NAME 'cirHost' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.4.1.42.2.27.4.1.11 NAME 'javaReferenceAddress' DESC 'Addresses associated with a JNDI Reference' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 2713' )", "( 2.16.840.1.113730.3.1.2086 NAME 'mepManagedBy' DESC 'Managed Entries backpointer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-ORIGIN '389 Directory Server' )", "( 2.16.840.1.113730.3.1.684 NAME 'nsds5ReplicaChangeCount' DESC 'Netscape defined attribute type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.1101 NAME 'nsRoleScopeDN' DESC 'Scope of a role' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN '389 Directory Server' )", "( 1.3.1.1.4.1.453.16.2.103 NAME 'numSubordinates' DESC 'count of immediate subordinates' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-ORIGIN 'numSubordinates Internet Draft' )", "( 1.3.6.1.4.1.13769.3.6 NAME 'mozillaHomeCountryName' SUP name EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Mozilla Address Book' )", "( 2.16.840.1.113730.3.1.2144 NAME 'rootdn-open-time' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.9999999 NAME 'nsds5debugreplicatimeout' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2256 NAME 'passwordLegacyPolicy' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperation X-ORIGIN 'RFC 4512' )", "( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4524' )", "( 2.16.840.1.113730.3.1.12 NAME 'mailAccessDomain' DESC 'Netscape Messaging Server 4.x defined attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'Netscape Messaging Server 4.x' )", "( 2.16.840.1.113730.3.1.226 NAME 'nsslapd-pluginType' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.2123 NAME 'dnaSharedCfgDN' DESC 'DNA shared configuration entry DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-ORIGIN '389 Directory Server' )", "( 2.5.4.44 NAME 'generationQualifier' SUP name EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORIGIN 'RFC 4519' )", "( 2.16.840.1.113730.3.1.2193 NAME 'nsslapd-accesslog-logminfreediskspace' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.1.612 NAME 'generation' DESC 'Netscape defined attribute type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORIGIN 'Netscape Directory Server' )" ], "cn": [ "schema" ], "ldapSyntaxes": [ "( 1.3.6.1.4.1.1466.115.121.1.5 DESC 'Binary' )", "( 1.3.6.1.4.1.1466.115.121.1.6 DESC 'Bit String' )", "( 1.3.6.1.4.1.1466.115.121.1.7 DESC 'Boolean' )", "( 1.3.6.1.4.1.1466.115.121.1.26 DESC 'IA5String' )", "( 1.3.6.1.4.1.1466.115.121.1.15 DESC 'DirectoryString' )", "( 1.3.6.1.4.1.1466.115.121.1.11 DESC 'Country String' )", "( 1.3.6.1.4.1.1466.115.121.1.14 DESC 'Delivery Method' )", "( 1.3.6.1.4.1.1466.115.121.1.12 DESC 'DN' )", "( 1.3.6.1.4.1.1466.115.121.1.21 DESC 'Enhanced Guide' )", "( 1.3.6.1.4.1.1466.115.121.1.22 DESC 'Facsimile Telephone Number' )", "( 1.3.6.1.4.1.1466.115.121.1.23 DESC 'FAX' )", "( 1.3.6.1.4.1.1466.115.121.1.24 DESC 'GeneralizedTime' )", "( 1.3.6.1.4.1.1466.115.121.1.25 DESC 'Guide' )", "( 1.3.6.1.4.1.1466.115.121.1.27 DESC 'INTEGER' )", "( 1.3.6.1.4.1.1466.115.121.1.28 DESC 'JPEG' )", "( 1.3.6.1.4.1.1466.115.121.1.34 DESC 'Name And Optional UID' )", "( 1.3.6.1.4.1.1466.115.121.1.36 DESC 'Numeric String' )", "( 1.3.6.1.4.1.1466.115.121.1.40 DESC 'OctetString' )", "( 1.3.6.1.4.1.1466.115.121.1.38 DESC 'OID' )", "( 1.3.6.1.4.1.1466.115.121.1.41 DESC 'Postal Address' )", "( 1.3.6.1.4.1.1466.115.121.1.44 DESC 'Printable String' )", "( 1.3.6.1.4.1.1466.115.121.1.50 DESC 'TelephoneNumber' )", "( 1.3.6.1.4.1.1466.115.121.1.51 DESC 'Teletex Terminal Identifier' )", "( 1.3.6.1.4.1.1466.115.121.1.52 DESC 'Telex Number' )" ], "matchingRules": [ "( 2.5.13.17 NAME 'octetStringMatch' DESC 'The octetStringMatch rule compares an assertion value of the Octet String syntax to an attribute value of a syntax (e.g., the Octet String or JPEG syntax) whose corresponding ASN.1 type is the OCTET STRING ASN.1 type. The rule evaluates to TRUE if and only if the attribute value and the assertion value are the same length and corresponding octets (by position) are the same.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )", "( 2.5.13.18 NAME 'octetStringOrderingMatch' DESC 'The octetStringOrderingMatch rule compares an assertion value of the Octet String syntax to an attribute value of a syntax (e.g., the Octet String or JPEG syntax) whose corresponding ASN.1 type is the OCTET STRING ASN.1 type. The rule evaluates to TRUE if and only if the attribute value appears earlier in the collation order than the assertion value. The rule compares octet strings from the first octet to the last octet, and from the most significant bit to the least significant bit within the octet. The first occurrence of a different bit determines the ordering of the strings. A zero bit precedes a one bit. If the strings contain different numbers of octets but the longer string is identical to the shorter string up to the length of the shorter string, then the shorter string precedes the longer string.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )", "( 2.5.13.16 NAME 'bitStringMatch' DESC 'The bitStringMatch rule compares an assertion value of the Bit String syntax to an attribute value of a syntax (e.g., the Bit String syntax) whose corresponding ASN.1 type is BIT STRING. If the corresponding ASN.1 type of the attribute syntax does not have a named bit list [ASN.1] (which is the case for the Bit String syntax), then the rule evaluates to TRUE if and only if the attribute value has the same number of bits as the assertion value and the bits match on a bitwise basis. If the corresponding ASN.1 type does have a named bit list, then bitStringMatch operates as above, except that trailing zero bits in the attribute and assertion values are treated as absent.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )", "( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' DESC 'The caseExactIA5Match rule compares an assertion value of the IA5 String syntax to an attribute value of a syntax (e.g., the IA5 String syntax) whose corresponding ASN.1 type is IA5String. The rule evaluates to TRUE if and only if the prepared attribute value character string and the prepared assertion value character string have the same number of characters and corresponding characters have the same code point. In preparing the attribute value and assertion value for comparison, characters are not case folded in the Map preparation step, and only Insignificant Space Handling is applied in the Insignificant Character Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )", "( 2.5.13.5 NAME 'caseExactMatch' DESC 'The caseExactMatch rule compares an assertion value of the Directory String syntax to an attribute value of a syntax (e.g., the Directory String, Printable String, Country String, or Telephone Number syntax) whose corresponding ASN.1 type is DirectoryString or one of the alternative string types of DirectoryString, such as PrintableString (the other alternatives do not correspond to any syntax defined in this document). The rule evaluates to TRUE if and only if the prepared attribute value character string and the prepared assertion value character string have the same number of characters and corresponding characters have the same code point. In preparing the attribute value and assertion value for comparison, characters are not case folded in the Map preparation step, and only Insignificant Space Handling is applied in the Insignificant Character Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.5.13.6 NAME 'caseExactOrderingMatch' DESC 'The caseExactOrderingMatch rule compares an assertion value of the Directory String syntax to an attribute value of a syntax (e.g., the Directory String, Printable String, Country String, or Telephone Number syntax) whose corresponding ASN.1 type is DirectoryString or one of its alternative string types. The rule evaluates to TRUE if and only if, in the code point collation order, the prepared attribute value character string appears earlier than the prepared assertion value character string; i.e., the attribute value is \\"less than\\" the assertion value. In preparing the attribute value and assertion value for comparison, characters are not case folded in the Map preparation step, and only Insignificant Space Handling is applied in the Insignificant Character Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.5.13.7 NAME 'caseExactSubstringsMatch' DESC 'The caseExactSubstringsMatch rule compares an assertion value of the Substring Assertion syntax to an attribute value of a syntax (e.g., the Directory String, Printable String, Country String, or Telephone Number syntax) whose corresponding ASN.1 type is DirectoryString or one of its alternative string types. The rule evaluates to TRUE if and only if (1) the prepared substrings of the assertion value match disjoint portions of the prepared attribute value character string in the order of the substrings in the assertion value, (2) an substring, if present, matches the beginning of the prepared attribute value character string, and (3) a substring, if present, matches the end of the prepared attribute value character string. A prepared substring matches a portion of the prepared attribute value character string if corresponding characters have the same code point. In preparing the attribute value and assertion value substrings for comparison, characters are not case folded in the Map preparation step, and only Insignificant Space Handling is applied in the Insignificant Character Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )", "( 2.16.840.1.113730.3.3.1 NAME 'caseExactIA5SubstringsMatch' DESC 'The caseExactIA5SubstringsMatch rule compares an assertion value of the Substring Assertion syntax to an attribute value of a syntax (e.g., the IA5 syntax) whose corresponding ASN.1 type is IA5 String or one of its alternative string types. The rule evaluates to TRUE if and only if (1) the prepared substrings of the assertion value match disjoint portions of the prepared attribute value character string in the order of the substrings in the assertion value, (2) an substring, if present, matches the beginning of the prepared attribute value character string, and (3) a substring, if present, matches the end of the prepared attribute value character string. A prepared substring matches a portion of the prepared attribute value character string if corresponding characters have the same code point. In preparing the attribute value and assertion value substrings for comparison, characters are not case folded in the Map preparation step, and only Insignificant Space Handling is applied in the Insignificant Character Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )", "( 2.5.13.27 NAME 'generalizedTimeMatch' DESC 'The rule evaluates to TRUE if and only if the attribute value represents the same universal coordinated time as the assertion value.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )", "( 2.5.13.28 NAME 'generalizedTimeOrderingMatch' DESC 'The rule evaluates to TRUE if and only if the attribute value represents a universal coordinated time that is earlier than the universal coordinated time represented by the assertion value.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )", "( 2.5.13.13 NAME 'booleanMatch' DESC 'The booleanMatch rule compares an assertion value of the Boolean syntax to an attribute value of a syntax (e.g., the Boolean syntax) whose corresponding ASN.1 type is BOOLEAN. The rule evaluates to TRUE if and only if the attribute value and the assertion value are both TRUE or both FALSE.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )", "( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' DESC 'The caseIgnoreIA5Match rule compares an assertion value of the IA5 String syntax to an attribute value of a syntax (e.g., the IA5 String syntax) whose corresponding ASN.1 type is IA5String. The rule evaluates to TRUE if and only if the prepared attribute value character string and the prepared assertion value character string have the same number of characters and corresponding characters have the same code point. In preparing the attribute value and assertion value for comparison, characters are case folded in the Map preparation step, and only Insignificant Space Handling is applied in the Insignificant Character Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )", "( 1.3.6.1.4.1.1466.109.114.3 NAME 'caseIgnoreIA5SubstringsMatch' DESC 'The caseIgnoreIA5SubstringsMatch rule compares an assertion value of the Substring Assertion syntax to an attribute value of a syntax (e.g., the IA5 String syntax) whose corresponding ASN.1 type is IA5String. The rule evaluates to TRUE if and only if (1) the prepared substrings of the assertion value match disjoint portions of the prepared attribute value character string in the order of the substrings in the assertion value, (2) an substring, if present, matches the beginning of the prepared attribute value character string, and (3) a substring, if present, matches the end of the prepared attribute value character string. A prepared substring matches a portion of the prepared attribute value character string if corresponding characters have the same code point. In preparing the attribute value and assertion value substrings for comparison, characters are case folded in the Map preparation step, and only Insignificant Space Handling is applied in the Insignificant Character Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )", "( 2.5.13.2 NAME 'caseIgnoreMatch' DESC 'The caseIgnoreMatch rule compares an assertion value of the Directory String syntax to an attribute value of a syntax (e.g., the Directory String, Printable String, Country String, or Telephone Number syntax) whose corresponding ASN.1 type is DirectoryString or one of its alternative string types. The rule evaluates to TRUE if and only if the prepared attribute value character string and the prepared assertion value character string have the same number of characters and corresponding characters have the same code point. In preparing the attribute value and assertion value for comparison, characters are case folded in the Map preparation step, and only Insignificant Space Handling is applied in the Insignificant Character Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.5.13.3 NAME 'caseIgnoreOrderingMatch' DESC 'The caseIgnoreOrderingMatch rule compares an assertion value of the Directory String syntax to an attribute value of a syntax (e.g., the Directory String, Printable String, Country String, or Telephone Number syntax) whose corresponding ASN.1 type is DirectoryString or one of its alternative string types. The rule evaluates to TRUE if and only if, in the code point collation order, the prepared attribute value character string appears earlier than the prepared assertion value character string; i.e., the attribute value is \\"less than\\" the assertion value. In preparing the attribute value and assertion value for comparison, characters are case folded in the Map preparation step, and only Insignificant Space Handling is applied in the Insignificant Character Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.5.13.4 NAME 'caseIgnoreSubstringsMatch' DESC 'The caseIgnoreSubstringsMatch rule compares an assertion value of the Substring Assertion syntax to an attribute value of a syntax (e.g., the Directory String, Printable String, Country String, or Telephone Number syntax) whose corresponding ASN.1 type is DirectoryString or one of its alternative string types. The rule evaluates to TRUE if and only if (1) the prepared substrings of the assertion value match disjoint portions of the prepared attribute value character string in the order of the substrings in the assertion value, (2) an substring, if present, matches the beginning of the prepared attribute value character string, and (3) a substring, if present, matches the end of the prepared attribute value character string. A prepared substring matches a portion of the prepared attribute value character string if corresponding characters have the same code point. In preparing the attribute value and assertion value substrings for comparison, characters are case folded in the Map preparation step, and only Insignificant Space Handling is applied in the Insignificant Character Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )", "( 2.5.13.11 NAME 'caseIgnoreListMatch' DESC 'The caseIgnoreListMatch rule compares an assertion value that is a sequence of strings to an attribute value of a syntax (e.g., the Postal Address syntax) whose corresponding ASN.1 type is a SEQUENCE OF the DirectoryString ASN.1 type. The rule evaluates to TRUE if and only if the attribute value and the assertion value have the same number of strings and corresponding strings (by position) match according to the caseIgnoreMatch matching rule. In [X.520], the assertion syntax for this matching rule is defined to be: SEQUENCE OF DirectoryString {ub-match} That is, it is different from the corresponding type for the Postal Address syntax. The choice of the Postal Address syntax for the assertion syntax of the caseIgnoreListMatch in LDAP should not be seen as limiting the matching rule to apply only to attributes with the Postal Address syntax.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )", "( 2.5.13.12 NAME 'caseIgnoreListSubstringsMatch' DESC 'The caseIgnoreListSubstringsMatch rule compares an assertion value of the Substring Assertion syntax to an attribute value of a syntax (e.g., the Postal Address syntax) whose corresponding ASN.1 type is a SEQUENCE OF the DirectoryString ASN.1 type. The rule evaluates to TRUE if and only if the assertion value matches, per the caseIgnoreSubstringsMatch rule, the character string formed by concatenating the strings of the attribute value, except that none of the , , or substrings of the assertion value are considered to match a substring of the concatenated string which spans more than one of the original strings of the attribute value. Note that, in terms of the LDAP-specific encoding of the Postal Address syntax, the concatenated string omits the line separator and the escaping of \\"\\\\\\" and \\"$\\" characters.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )", "( 2.5.13.0 NAME 'objectIdentifierMatch' DESC 'The objectIdentifierMatch rule compares an assertion value of the OID syntax to an attribute value of a syntax (e.g., the OID syntax) whose corresponding ASN.1 type is OBJECT IDENTIFIER. The rule evaluates to TRUE if and only if the assertion value and the attribute value represent the same object identifier; that is, the same sequence of integers, whether represented explicitly in the form of or implicitly in the form (see [RFC4512]). If an LDAP client supplies an assertion value in the form and the chosen descriptor is not recognized by the server, then the objectIdentifierMatch rule evaluates to Undefined.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )", "( 2.5.13.31 NAME 'directoryStringFirstComponentMatch' DESC 'The directoryStringFirstComponentMatch rule compares an assertion value of the Directory String syntax to an attribute value of a syntax whose corresponding ASN.1 type is a SEQUENCE with a mandatory first component of the DirectoryString ASN.1 type. Note that the assertion syntax of this matching rule differs from the attribute syntax of attributes for which this is the equality matching rule. The rule evaluates to TRUE if and only if the assertion value matches the first component of the attribute value using the rules of caseIgnoreMatch.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' DESC 'The objectIdentifierFirstComponentMatch rule compares an assertion value of the OID syntax to an attribute value of a syntax (e.g., the Attribute Type Description, DIT Content Rule Description, LDAP Syntax Description, Matching Rule Description, Matching Rule Use Description, Name Form Description, or Object Class Description syntax) whose corresponding ASN.1 type is a SEQUENCE with a mandatory first component of the OBJECT IDENTIFIER ASN.1 type. Note that the assertion syntax of this matching rule differs from the attribute syntax of attributes for which this is the equality matching rule. The rule evaluates to TRUE if and only if the assertion value matches the first component of the attribute value using the rules of objectIdentifierMatch.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )", "( 2.5.13.1 NAME 'distinguishedNameMatch' DESC 'The distinguishedNameMatch rule compares an assertion value of the DN syntax to an attribute value of a syntax (e.g., the DN syntax) whose corresponding ASN.1 type is DistinguishedName. The rule evaluates to TRUE if and only if the attribute value and the assertion value have the same number of relative distinguished names and corresponding relative distinguished names (by position) are the same. A relative distinguished name (RDN) of the assertion value is the same as an RDN of the attribute value if and only if they have the same number of attribute value assertions and each attribute value assertion (AVA) of the first RDN is the same as the AVA of the second RDN with the same attribute type. The order of the AVAs is not significant. Also note that a particular attribute type may appear in at most one AVA in an RDN. Two AVAs with the same attribute type are the same if their values are equal according to the equality matching rule of the attribute type. If one or more of the AVA comparisons evaluate to Undefined and the remaining AVA comparisons return TRUE then the distinguishedNameMatch rule evaluates to Undefined.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )", "( 2.5.13.14 NAME 'integerMatch' DESC 'The rule evaluates to TRUE if and only if the attribute value and the assertion value are the same integer value.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )", "( 2.5.13.15 NAME 'integerOrderingMatch' DESC 'The rule evaluates to TRUE if and only if the integer value of the attribute value is less than the integer value of the assertion value.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )", "( 2.5.13.29 NAME 'integerFirstComponentMatch' DESC 'The integerFirstComponentMatch rule compares an assertion value of the Integer syntax to an attribute value of a syntax (e.g., the DIT Structure Rule Description syntax) whose corresponding ASN.1 type is a SEQUENCE with a mandatory first component of the INTEGER ASN.1 type. Note that the assertion syntax of this matching rule differs from the attribute syntax of attributes for which this is the equality matching rule. The rule evaluates to TRUE if and only if the assertion value and the first component of the attribute value are the same integer value.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )", "( 2.16.840.1.113730.3.3.2.0.1 NAME 'caseIgnoreOrderingMatch-default' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.0.1.6 NAME 'caseIgnoreSubstringMatch-default' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.1.1 NAME 'caseIgnoreOrderingMatch-ar' DESC 'ar' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.1.1.6 NAME 'caseIgnoreSubstringMatch-ar' DESC 'ar' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.2.1 NAME 'caseIgnoreOrderingMatch-be' DESC 'be' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.2.1.6 NAME 'caseIgnoreSubstringMatch-be' DESC 'be' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.3.1 NAME 'caseIgnoreOrderingMatch-bg' DESC 'bg' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.3.1.6 NAME 'caseIgnoreSubstringMatch-bg' DESC 'bg' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.4.1 NAME 'caseIgnoreOrderingMatch-ca' DESC 'ca' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.4.1.6 NAME 'caseIgnoreSubstringMatch-ca' DESC 'ca' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.5.1 NAME 'caseIgnoreOrderingMatch-cs' DESC 'cs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.5.1.6 NAME 'caseIgnoreSubstringMatch-cs' DESC 'cs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.6.1 NAME 'caseIgnoreOrderingMatch-da' DESC 'da' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.6.1.6 NAME 'caseIgnoreSubstringMatch-da' DESC 'da' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.7.1 NAME 'caseIgnoreOrderingMatch-de' DESC 'de' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.7.1.6 NAME 'caseIgnoreSubstringMatch-de' DESC 'de' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.8.1 NAME 'caseIgnoreOrderingMatch-de-AT' DESC 'de-AT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.8.1.6 NAME 'caseIgnoreSubstringMatch-de-AT' DESC 'de-AT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.9.1 NAME 'caseIgnoreOrderingMatch-de-CH' DESC 'de-CH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.9.1.6 NAME 'caseIgnoreSubstringMatch-de-CH' DESC 'de-CH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.10.1 NAME 'caseIgnoreOrderingMatch-el' DESC 'el' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.10.1.6 NAME 'caseIgnoreSubstringMatch-el' DESC 'el' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.11.1 NAME 'caseIgnoreOrderingMatch-en' DESC 'en' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.11.1.6 NAME 'caseIgnoreSubstringMatch-en' DESC 'en' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.12.1 NAME 'caseIgnoreOrderingMatch-en-CA' DESC 'en-CA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.12.1.6 NAME 'caseIgnoreSubstringMatch-en-CA' DESC 'en-CA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.13.1 NAME 'caseIgnoreOrderingMatch-en-GB' DESC 'en-GB' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.13.1.6 NAME 'caseIgnoreSubstringMatch-en-GB' DESC 'en-GB' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.14.1 NAME 'caseIgnoreOrderingMatch-en-IE' DESC 'en-IE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.14.1.6 NAME 'caseIgnoreSubstringMatch-en-IE' DESC 'en-IE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.15.1 NAME 'caseIgnoreOrderingMatch-es' DESC 'es' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.15.1.6 NAME 'caseIgnoreSubstringMatch-es' DESC 'es' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.16.1 NAME 'caseIgnoreOrderingMatch-et' DESC 'et' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.16.1.6 NAME 'caseIgnoreSubstringMatch-et' DESC 'et' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.17.1 NAME 'caseIgnoreOrderingMatch-fi' DESC 'fi' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.17.1.6 NAME 'caseIgnoreSubstringMatch-fi' DESC 'fi' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.18.1 NAME 'caseIgnoreOrderingMatch-fr' DESC 'fr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.18.1.6 NAME 'caseIgnoreSubstringMatch-fr' DESC 'fr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.19.1 NAME 'caseIgnoreOrderingMatch-fr-BE' DESC 'fr-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.19.1.6 NAME 'caseIgnoreSubstringMatch-fr-BE' DESC 'fr-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.20.1 NAME 'caseIgnoreOrderingMatch-fr-CA' DESC 'fr-CA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.20.1.6 NAME 'caseIgnoreSubstringMatch-fr-CA' DESC 'fr-CA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.21.1 NAME 'caseIgnoreOrderingMatch-fr-CH' DESC 'fr-CH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.21.1.6 NAME 'caseIgnoreSubstringMatch-fr-CH' DESC 'fr-CH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.22.1 NAME 'caseIgnoreOrderingMatch-hr' DESC 'hr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.22.1.6 NAME 'caseIgnoreSubstringMatch-hr' DESC 'hr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.23.1 NAME 'caseIgnoreOrderingMatch-hu' DESC 'hu' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.23.1.6 NAME 'caseIgnoreSubstringMatch-hu' DESC 'hu' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.24.1 NAME 'caseIgnoreOrderingMatch-is' DESC 'is' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.24.1.6 NAME 'caseIgnoreSubstringMatch-is' DESC 'is' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.25.1 NAME 'caseIgnoreOrderingMatch-it' DESC 'it' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.25.1.6 NAME 'caseIgnoreSubstringMatch-it' DESC 'it' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.26.1 NAME 'caseIgnoreOrderingMatch-it-CH' DESC 'it-CH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.26.1.6 NAME 'caseIgnoreSubstringMatch-it-CH' DESC 'it-CH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.27.1 NAME 'caseIgnoreOrderingMatch-iw' DESC 'iw' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.27.1.6 NAME 'caseIgnoreSubstringMatch-iw' DESC 'iw' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.28.1 NAME 'caseIgnoreOrderingMatch-ja' DESC 'ja' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.28.1.6 NAME 'caseIgnoreSubstringMatch-ja' DESC 'ja' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.29.1 NAME 'caseIgnoreOrderingMatch-ko' DESC 'ko' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.29.1.6 NAME 'caseIgnoreSubstringMatch-ko' DESC 'ko' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.30.1 NAME 'caseIgnoreOrderingMatch-lt' DESC 'lt' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.30.1.6 NAME 'caseIgnoreSubstringMatch-lt' DESC 'lt' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.31.1 NAME 'caseIgnoreOrderingMatch-lv' DESC 'lv' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.31.1.6 NAME 'caseIgnoreSubstringMatch-lv' DESC 'lv' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.32.1 NAME 'caseIgnoreOrderingMatch-mk' DESC 'mk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.32.1.6 NAME 'caseIgnoreSubstringMatch-mk' DESC 'mk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.33.1 NAME 'caseIgnoreOrderingMatch-nl' DESC 'nl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.33.1.6 NAME 'caseIgnoreSubstringMatch-nl' DESC 'nl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.34.1 NAME 'caseIgnoreOrderingMatch-nl-BE' DESC 'nl-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.34.1.6 NAME 'caseIgnoreSubstringMatch-nl-BE' DESC 'nl-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.35.1 NAME 'caseIgnoreOrderingMatch-no' DESC 'no' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.35.1.6 NAME 'caseIgnoreSubstringMatch-no' DESC 'no' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.36.1 NAME 'caseIgnoreOrderingMatch-no-NO-B' DESC 'no-NO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.36.1.6 NAME 'caseIgnoreSubstringMatch-no-NO-B' DESC 'no-NO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.37.1 NAME 'caseIgnoreOrderingMatch-no-NO-NY' DESC 'no-NO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.37.1.6 NAME 'caseIgnoreSubstringMatch-no-NO-NY' DESC 'no-NO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.38.1 NAME 'caseIgnoreOrderingMatch-pl' DESC 'pl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.38.1.6 NAME 'caseIgnoreSubstringMatch-pl' DESC 'pl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.39.1 NAME 'caseIgnoreOrderingMatch-ro' DESC 'ro' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.39.1.6 NAME 'caseIgnoreSubstringMatch-ro' DESC 'ro' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.40.1 NAME 'caseIgnoreOrderingMatch-ru' DESC 'ru' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.40.1.6 NAME 'caseIgnoreSubstringMatch-ru' DESC 'ru' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.41.1 NAME 'caseIgnoreOrderingMatch-sh' DESC 'sh' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.41.1.6 NAME 'caseIgnoreSubstringMatch-sh' DESC 'sh' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.42.1 NAME 'caseIgnoreOrderingMatch-sk' DESC 'sk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.42.1.6 NAME 'caseIgnoreSubstringMatch-sk' DESC 'sk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.43.1 NAME 'caseIgnoreOrderingMatch-sl' DESC 'sl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.43.1.6 NAME 'caseIgnoreSubstringMatch-sl' DESC 'sl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.44.1 NAME 'caseIgnoreOrderingMatch-sq' DESC 'sq' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.44.1.6 NAME 'caseIgnoreSubstringMatch-sq' DESC 'sq' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.45.1 NAME 'caseIgnoreOrderingMatch-sr' DESC 'sr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.45.1.6 NAME 'caseIgnoreSubstringMatch-sr' DESC 'sr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.46.1 NAME 'caseIgnoreOrderingMatch-sv' DESC 'sv' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.46.1.6 NAME 'caseIgnoreSubstringMatch-sv' DESC 'sv' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.47.1 NAME 'caseIgnoreOrderingMatch-tr' DESC 'tr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.47.1.6 NAME 'caseIgnoreSubstringMatch-tr' DESC 'tr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.48.1 NAME 'caseIgnoreOrderingMatch-uk' DESC 'uk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.48.1.6 NAME 'caseIgnoreSubstringMatch-uk' DESC 'uk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.49.1 NAME 'caseIgnoreOrderingMatch-zh' DESC 'zh' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.49.1.6 NAME 'caseIgnoreSubstringMatch-zh' DESC 'zh' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.50.1 NAME 'caseIgnoreOrderingMatch-zh-TW' DESC 'zh-TW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.50.1.6 NAME 'caseIgnoreSubstringMatch-zh-TW' DESC 'zh-TW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.51.1 NAME 'caseIgnoreOrderingMatch-af' DESC 'af' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.51.1.6 NAME 'caseIgnoreSubstringMatch-af' DESC 'af' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.52.1 NAME 'caseIgnoreOrderingMatch-af-NA' DESC 'af-NA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.52.1.6 NAME 'caseIgnoreSubstringMatch-af-NA' DESC 'af-NA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.53.1 NAME 'caseIgnoreOrderingMatch-af-ZA' DESC 'af-ZA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.53.1.6 NAME 'caseIgnoreSubstringMatch-af-ZA' DESC 'af-ZA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.54.1 NAME 'caseIgnoreOrderingMatch-ar-AE' DESC 'ar-AE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.54.1.6 NAME 'caseIgnoreSubstringMatch-ar-AE' DESC 'ar-AE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.55.1 NAME 'caseIgnoreOrderingMatch-ar-BH' DESC 'ar-BH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.55.1.6 NAME 'caseIgnoreSubstringMatch-ar-BH' DESC 'ar-BH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.56.1 NAME 'caseIgnoreOrderingMatch-ar-DZ' DESC 'ar-DZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.56.1.6 NAME 'caseIgnoreSubstringMatch-ar-DZ' DESC 'ar-DZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.57.1 NAME 'caseIgnoreOrderingMatch-ar-EG' DESC 'ar-EG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.57.1.6 NAME 'caseIgnoreSubstringMatch-ar-EG' DESC 'ar-EG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.58.1 NAME 'caseIgnoreOrderingMatch-ar-IQ' DESC 'ar-IQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.58.1.6 NAME 'caseIgnoreSubstringMatch-ar-IQ' DESC 'ar-IQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.59.1 NAME 'caseIgnoreOrderingMatch-ar-JO' DESC 'ar-JO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.59.1.6 NAME 'caseIgnoreSubstringMatch-ar-JO' DESC 'ar-JO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.60.1 NAME 'caseIgnoreOrderingMatch-ar-KW' DESC 'ar-KW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.60.1.6 NAME 'caseIgnoreSubstringMatch-ar-KW' DESC 'ar-KW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.61.1 NAME 'caseIgnoreOrderingMatch-ar-LB' DESC 'ar-LB' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.61.1.6 NAME 'caseIgnoreSubstringMatch-ar-LB' DESC 'ar-LB' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.62.1 NAME 'caseIgnoreOrderingMatch-ar-LY' DESC 'ar-LY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.62.1.6 NAME 'caseIgnoreSubstringMatch-ar-LY' DESC 'ar-LY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.63.1 NAME 'caseIgnoreOrderingMatch-ar-MA' DESC 'ar-MA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.63.1.6 NAME 'caseIgnoreSubstringMatch-ar-MA' DESC 'ar-MA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.64.1 NAME 'caseIgnoreOrderingMatch-ar-OM' DESC 'ar-OM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.64.1.6 NAME 'caseIgnoreSubstringMatch-ar-OM' DESC 'ar-OM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.65.1 NAME 'caseIgnoreOrderingMatch-ar-QA' DESC 'ar-QA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.65.1.6 NAME 'caseIgnoreSubstringMatch-ar-QA' DESC 'ar-QA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.66.1 NAME 'caseIgnoreOrderingMatch-ar-SA' DESC 'ar-SA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.66.1.6 NAME 'caseIgnoreSubstringMatch-ar-SA' DESC 'ar-SA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.67.1 NAME 'caseIgnoreOrderingMatch-ar-SD' DESC 'ar-SD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.67.1.6 NAME 'caseIgnoreSubstringMatch-ar-SD' DESC 'ar-SD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.68.1 NAME 'caseIgnoreOrderingMatch-ar-SY' DESC 'ar-SY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.68.1.6 NAME 'caseIgnoreSubstringMatch-ar-SY' DESC 'ar-SY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.69.1 NAME 'caseIgnoreOrderingMatch-ar-TN' DESC 'ar-TN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.69.1.6 NAME 'caseIgnoreSubstringMatch-ar-TN' DESC 'ar-TN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.70.1 NAME 'caseIgnoreOrderingMatch-ar-YE' DESC 'ar-YE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.70.1.6 NAME 'caseIgnoreSubstringMatch-ar-YE' DESC 'ar-YE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.71.1 NAME 'caseIgnoreOrderingMatch-as' DESC 'as' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.71.1.6 NAME 'caseIgnoreSubstringMatch-as' DESC 'as' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.72.1 NAME 'caseIgnoreOrderingMatch-as-IN' DESC 'as-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.72.1.6 NAME 'caseIgnoreSubstringMatch-as-IN' DESC 'as-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.73.1 NAME 'caseIgnoreOrderingMatch-az' DESC 'az' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.73.1.6 NAME 'caseIgnoreSubstringMatch-az' DESC 'az' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.74.1 NAME 'caseIgnoreOrderingMatch-az-Latn' DESC 'az-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.74.1.6 NAME 'caseIgnoreSubstringMatch-az-Latn' DESC 'az-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.75.1 NAME 'caseIgnoreOrderingMatch-az-Latn-AZ' DESC 'az-Latn_AZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.75.1.6 NAME 'caseIgnoreSubstringMatch-az-Latn-AZ' DESC 'az-Latn_AZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.76.1 NAME 'caseIgnoreOrderingMatch-bn' DESC 'bn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.76.1.6 NAME 'caseIgnoreSubstringMatch-bn' DESC 'bn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.77.1 NAME 'caseIgnoreOrderingMatch-bn-BD' DESC 'bn-BD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.77.1.6 NAME 'caseIgnoreSubstringMatch-bn-BD' DESC 'bn-BD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.78.1 NAME 'caseIgnoreOrderingMatch-bn-IN' DESC 'bn-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.78.1.6 NAME 'caseIgnoreSubstringMatch-bn-IN' DESC 'bn-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.79.1 NAME 'caseIgnoreOrderingMatch-bs' DESC 'bs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.79.1.6 NAME 'caseIgnoreSubstringMatch-bs' DESC 'bs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.80.1 NAME 'caseIgnoreOrderingMatch-chr' DESC 'chr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.80.1.6 NAME 'caseIgnoreSubstringMatch-chr' DESC 'chr' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.81.1 NAME 'caseIgnoreOrderingMatch-chr-US' DESC 'chr-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.81.1.6 NAME 'caseIgnoreSubstringMatch-chr-US' DESC 'chr-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.82.1 NAME 'caseIgnoreOrderingMatch-cy' DESC 'cy' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.82.1.6 NAME 'caseIgnoreSubstringMatch-cy' DESC 'cy' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.83.1 NAME 'caseIgnoreOrderingMatch-de-BE' DESC 'de-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.83.1.6 NAME 'caseIgnoreSubstringMatch-de-BE' DESC 'de-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.84.1 NAME 'caseIgnoreOrderingMatch-de-LI' DESC 'de-LI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.84.1.6 NAME 'caseIgnoreSubstringMatch-de-LI' DESC 'de-LI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.85.1 NAME 'caseIgnoreOrderingMatch-de-LU' DESC 'de-LU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.85.1.6 NAME 'caseIgnoreSubstringMatch-de-LU' DESC 'de-LU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.86.1 NAME 'caseIgnoreOrderingMatch-el-CY' DESC 'el-CY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.86.1.6 NAME 'caseIgnoreSubstringMatch-el-CY' DESC 'el-CY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.87.1 NAME 'caseIgnoreOrderingMatch-el-GR' DESC 'el-GR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.87.1.6 NAME 'caseIgnoreSubstringMatch-el-GR' DESC 'el-GR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.88.1 NAME 'caseIgnoreOrderingMatch-en-AS' DESC 'en-AS' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.88.1.6 NAME 'caseIgnoreSubstringMatch-en-AS' DESC 'en-AS' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.89.1 NAME 'caseIgnoreOrderingMatch-en-AU' DESC 'en-AU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.89.1.6 NAME 'caseIgnoreSubstringMatch-en-AU' DESC 'en-AU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.90.1 NAME 'caseIgnoreOrderingMatch-en-BE' DESC 'en-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.90.1.6 NAME 'caseIgnoreSubstringMatch-en-BE' DESC 'en-BE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.91.1 NAME 'caseIgnoreOrderingMatch-en-BW' DESC 'en-BW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.91.1.6 NAME 'caseIgnoreSubstringMatch-en-BW' DESC 'en-BW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.92.1 NAME 'caseIgnoreOrderingMatch-en-BZ' DESC 'en-BZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.92.1.6 NAME 'caseIgnoreSubstringMatch-en-BZ' DESC 'en-BZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.93.1 NAME 'caseIgnoreOrderingMatch-en-GU' DESC 'en-GU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.93.1.6 NAME 'caseIgnoreSubstringMatch-en-GU' DESC 'en-GU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.94.1 NAME 'caseIgnoreOrderingMatch-en-GY' DESC 'en-GY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.94.1.6 NAME 'caseIgnoreSubstringMatch-en-GY' DESC 'en-GY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.95.1 NAME 'caseIgnoreOrderingMatch-en-HK' DESC 'en-HK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.95.1.6 NAME 'caseIgnoreSubstringMatch-en-HK' DESC 'en-HK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.96.1 NAME 'caseIgnoreOrderingMatch-en-IN' DESC 'en-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.96.1.6 NAME 'caseIgnoreSubstringMatch-en-IN' DESC 'en-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.97.1 NAME 'caseIgnoreOrderingMatch-en-JM' DESC 'en-JM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.97.1.6 NAME 'caseIgnoreSubstringMatch-en-JM' DESC 'en-JM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.98.1 NAME 'caseIgnoreOrderingMatch-en-MH' DESC 'en-MH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.98.1.6 NAME 'caseIgnoreSubstringMatch-en-MH' DESC 'en-MH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.99.1 NAME 'caseIgnoreOrderingMatch-en-MP' DESC 'en-MP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.99.1.6 NAME 'caseIgnoreSubstringMatch-en-MP' DESC 'en-MP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.100.1 NAME 'caseIgnoreOrderingMatch-en-MT' DESC 'en-MT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.100.1.6 NAME 'caseIgnoreSubstringMatch-en-MT' DESC 'en-MT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.101.1 NAME 'caseIgnoreOrderingMatch-en-MU' DESC 'en-MU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.101.1.6 NAME 'caseIgnoreSubstringMatch-en-MU' DESC 'en-MU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.102.1 NAME 'caseIgnoreOrderingMatch-en-NA' DESC 'en-NA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.102.1.6 NAME 'caseIgnoreSubstringMatch-en-NA' DESC 'en-NA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.103.1 NAME 'caseIgnoreOrderingMatch-en-NZ' DESC 'en-NZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.103.1.6 NAME 'caseIgnoreSubstringMatch-en-NZ' DESC 'en-NZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.104.1 NAME 'caseIgnoreOrderingMatch-en-PH' DESC 'en-PH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.104.1.6 NAME 'caseIgnoreSubstringMatch-en-PH' DESC 'en-PH' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.105.1 NAME 'caseIgnoreOrderingMatch-en-PK' DESC 'en-PK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.105.1.6 NAME 'caseIgnoreSubstringMatch-en-PK' DESC 'en-PK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.106.1 NAME 'caseIgnoreOrderingMatch-en-SG' DESC 'en-SG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.106.1.6 NAME 'caseIgnoreSubstringMatch-en-SG' DESC 'en-SG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.107.1 NAME 'caseIgnoreOrderingMatch-en-TT' DESC 'en-TT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.107.1.6 NAME 'caseIgnoreSubstringMatch-en-TT' DESC 'en-TT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.108.1 NAME 'caseIgnoreOrderingMatch-en-UM' DESC 'en-UM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.108.1.6 NAME 'caseIgnoreSubstringMatch-en-UM' DESC 'en-UM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.109.1 NAME 'caseIgnoreOrderingMatch-en-US' DESC 'en-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.109.1.6 NAME 'caseIgnoreSubstringMatch-en-US' DESC 'en-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.110.1 NAME 'caseIgnoreOrderingMatch-en-US-POSIX' DESC 'en-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.110.1.6 NAME 'caseIgnoreSubstringMatch-en-US-POSIX' DESC 'en-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.111.1 NAME 'caseIgnoreOrderingMatch-en-VI' DESC 'en-VI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.111.1.6 NAME 'caseIgnoreSubstringMatch-en-VI' DESC 'en-VI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.112.1 NAME 'caseIgnoreOrderingMatch-en-ZA' DESC 'en-ZA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.112.1.6 NAME 'caseIgnoreSubstringMatch-en-ZA' DESC 'en-ZA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.113.1 NAME 'caseIgnoreOrderingMatch-en-ZW' DESC 'en-ZW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.113.1.6 NAME 'caseIgnoreSubstringMatch-en-ZW' DESC 'en-ZW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.114.1 NAME 'caseIgnoreOrderingMatch-es-AR' DESC 'es-AR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.114.1.6 NAME 'caseIgnoreSubstringMatch-es-AR' DESC 'es-AR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.115.1 NAME 'caseIgnoreOrderingMatch-es-BO' DESC 'es-BO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.115.1.6 NAME 'caseIgnoreSubstringMatch-es-BO' DESC 'es-BO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.116.1 NAME 'caseIgnoreOrderingMatch-es-CL' DESC 'es-CL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.116.1.6 NAME 'caseIgnoreSubstringMatch-es-CL' DESC 'es-CL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.117.1 NAME 'caseIgnoreOrderingMatch-es-CO' DESC 'es-CO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.117.1.6 NAME 'caseIgnoreSubstringMatch-es-CO' DESC 'es-CO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.118.1 NAME 'caseIgnoreOrderingMatch-es-CR' DESC 'es-CR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.118.1.6 NAME 'caseIgnoreSubstringMatch-es-CR' DESC 'es-CR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.119.1 NAME 'caseIgnoreOrderingMatch-es-DO' DESC 'es-DO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.119.1.6 NAME 'caseIgnoreSubstringMatch-es-DO' DESC 'es-DO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.120.1 NAME 'caseIgnoreOrderingMatch-es-EC' DESC 'es-EC' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.120.1.6 NAME 'caseIgnoreSubstringMatch-es-EC' DESC 'es-EC' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.121.1 NAME 'caseIgnoreOrderingMatch-es-ES' DESC 'es-ES' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.121.1.6 NAME 'caseIgnoreSubstringMatch-es-ES' DESC 'es-ES' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.122.1 NAME 'caseIgnoreOrderingMatch-es-GQ' DESC 'es-GQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.122.1.6 NAME 'caseIgnoreSubstringMatch-es-GQ' DESC 'es-GQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.123.1 NAME 'caseIgnoreOrderingMatch-es-GT' DESC 'es-GT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.123.1.6 NAME 'caseIgnoreSubstringMatch-es-GT' DESC 'es-GT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.124.1 NAME 'caseIgnoreOrderingMatch-es-HN' DESC 'es-HN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.124.1.6 NAME 'caseIgnoreSubstringMatch-es-HN' DESC 'es-HN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.125.1 NAME 'caseIgnoreOrderingMatch-es-MX' DESC 'es-MX' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.125.1.6 NAME 'caseIgnoreSubstringMatch-es-MX' DESC 'es-MX' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.126.1 NAME 'caseIgnoreOrderingMatch-es-NI' DESC 'es-NI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.126.1.6 NAME 'caseIgnoreSubstringMatch-es-NI' DESC 'es-NI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.127.1 NAME 'caseIgnoreOrderingMatch-es-PA' DESC 'es-PA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.127.1.6 NAME 'caseIgnoreSubstringMatch-es-PA' DESC 'es-PA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.128.1 NAME 'caseIgnoreOrderingMatch-es-PE' DESC 'es-PE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.128.1.6 NAME 'caseIgnoreSubstringMatch-es-PE' DESC 'es-PE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.129.1 NAME 'caseIgnoreOrderingMatch-es-PR' DESC 'es-PR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.129.1.6 NAME 'caseIgnoreSubstringMatch-es-PR' DESC 'es-PR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.130.1 NAME 'caseIgnoreOrderingMatch-es-PY' DESC 'es-PY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.130.1.6 NAME 'caseIgnoreSubstringMatch-es-PY' DESC 'es-PY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.131.1 NAME 'caseIgnoreOrderingMatch-es-SV' DESC 'es-SV' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.131.1.6 NAME 'caseIgnoreSubstringMatch-es-SV' DESC 'es-SV' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.132.1 NAME 'caseIgnoreOrderingMatch-es-US' DESC 'es-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.132.1.6 NAME 'caseIgnoreSubstringMatch-es-US' DESC 'es-US' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.133.1 NAME 'caseIgnoreOrderingMatch-es-UY' DESC 'es-UY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.133.1.6 NAME 'caseIgnoreSubstringMatch-es-UY' DESC 'es-UY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.134.1 NAME 'caseIgnoreOrderingMatch-es-VE' DESC 'es-VE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.134.1.6 NAME 'caseIgnoreSubstringMatch-es-VE' DESC 'es-VE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.135.1 NAME 'caseIgnoreOrderingMatch-fa' DESC 'fa' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.135.1.6 NAME 'caseIgnoreSubstringMatch-fa' DESC 'fa' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.136.1 NAME 'caseIgnoreOrderingMatch-fil' DESC 'fil' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.136.1.6 NAME 'caseIgnoreSubstringMatch-fil' DESC 'fil' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.137.1 NAME 'caseIgnoreOrderingMatch-fo' DESC 'fo' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.137.1.6 NAME 'caseIgnoreSubstringMatch-fo' DESC 'fo' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.138.1 NAME 'caseIgnoreOrderingMatch-fr-BF' DESC 'fr-BF' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.138.1.6 NAME 'caseIgnoreSubstringMatch-fr-BF' DESC 'fr-BF' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.139.1 NAME 'caseIgnoreOrderingMatch-fr-BI' DESC 'fr-BI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.139.1.6 NAME 'caseIgnoreSubstringMatch-fr-BI' DESC 'fr-BI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.140.1 NAME 'caseIgnoreOrderingMatch-fr-BJ' DESC 'fr-BJ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.140.1.6 NAME 'caseIgnoreSubstringMatch-fr-BJ' DESC 'fr-BJ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.141.1 NAME 'caseIgnoreOrderingMatch-fr-BL' DESC 'fr-BL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.141.1.6 NAME 'caseIgnoreSubstringMatch-fr-BL' DESC 'fr-BL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.142.1 NAME 'caseIgnoreOrderingMatch-fr-CD' DESC 'fr-CD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.142.1.6 NAME 'caseIgnoreSubstringMatch-fr-CD' DESC 'fr-CD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.143.1 NAME 'caseIgnoreOrderingMatch-fr-CF' DESC 'fr-CF' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.143.1.6 NAME 'caseIgnoreSubstringMatch-fr-CF' DESC 'fr-CF' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.144.1 NAME 'caseIgnoreOrderingMatch-fr-CG' DESC 'fr-CG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.144.1.6 NAME 'caseIgnoreSubstringMatch-fr-CG' DESC 'fr-CG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.145.1 NAME 'caseIgnoreOrderingMatch-fr-CI' DESC 'fr-CI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.145.1.6 NAME 'caseIgnoreSubstringMatch-fr-CI' DESC 'fr-CI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.146.1 NAME 'caseIgnoreOrderingMatch-fr-CM' DESC 'fr-CM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.146.1.6 NAME 'caseIgnoreSubstringMatch-fr-CM' DESC 'fr-CM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.147.1 NAME 'caseIgnoreOrderingMatch-fr-DJ' DESC 'fr-DJ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.147.1.6 NAME 'caseIgnoreSubstringMatch-fr-DJ' DESC 'fr-DJ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.148.1 NAME 'caseIgnoreOrderingMatch-fr-GA' DESC 'fr-GA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.148.1.6 NAME 'caseIgnoreSubstringMatch-fr-GA' DESC 'fr-GA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.149.1 NAME 'caseIgnoreOrderingMatch-fr-GN' DESC 'fr-GN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.149.1.6 NAME 'caseIgnoreSubstringMatch-fr-GN' DESC 'fr-GN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.150.1 NAME 'caseIgnoreOrderingMatch-fr-GP' DESC 'fr-GP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.150.1.6 NAME 'caseIgnoreSubstringMatch-fr-GP' DESC 'fr-GP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.151.1 NAME 'caseIgnoreOrderingMatch-fr-GQ' DESC 'fr-GQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.151.1.6 NAME 'caseIgnoreSubstringMatch-fr-GQ' DESC 'fr-GQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.152.1 NAME 'caseIgnoreOrderingMatch-fr-KM' DESC 'fr-KM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.152.1.6 NAME 'caseIgnoreSubstringMatch-fr-KM' DESC 'fr-KM' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.153.1 NAME 'caseIgnoreOrderingMatch-fr-LU' DESC 'fr-LU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.153.1.6 NAME 'caseIgnoreSubstringMatch-fr-LU' DESC 'fr-LU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.154.1 NAME 'caseIgnoreOrderingMatch-fr-MC' DESC 'fr-MC' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.154.1.6 NAME 'caseIgnoreSubstringMatch-fr-MC' DESC 'fr-MC' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.155.1 NAME 'caseIgnoreOrderingMatch-fr-MF' DESC 'fr-MF' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.155.1.6 NAME 'caseIgnoreSubstringMatch-fr-MF' DESC 'fr-MF' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.156.1 NAME 'caseIgnoreOrderingMatch-fr-MG' DESC 'fr-MG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.156.1.6 NAME 'caseIgnoreSubstringMatch-fr-MG' DESC 'fr-MG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.157.1 NAME 'caseIgnoreOrderingMatch-fr-ML' DESC 'fr-ML' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.157.1.6 NAME 'caseIgnoreSubstringMatch-fr-ML' DESC 'fr-ML' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.158.1 NAME 'caseIgnoreOrderingMatch-fr-MQ' DESC 'fr-MQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.158.1.6 NAME 'caseIgnoreSubstringMatch-fr-MQ' DESC 'fr-MQ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.159.1 NAME 'caseIgnoreOrderingMatch-fr-NE' DESC 'fr-NE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.159.1.6 NAME 'caseIgnoreSubstringMatch-fr-NE' DESC 'fr-NE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.160.1 NAME 'caseIgnoreOrderingMatch-fr-RE' DESC 'fr-RE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.160.1.6 NAME 'caseIgnoreSubstringMatch-fr-RE' DESC 'fr-RE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.161.1 NAME 'caseIgnoreOrderingMatch-fr-RW' DESC 'fr-RW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.161.1.6 NAME 'caseIgnoreSubstringMatch-fr-RW' DESC 'fr-RW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.162.1 NAME 'caseIgnoreOrderingMatch-fr-SN' DESC 'fr-SN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.162.1.6 NAME 'caseIgnoreSubstringMatch-fr-SN' DESC 'fr-SN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.163.1 NAME 'caseIgnoreOrderingMatch-fr-TD' DESC 'fr-TD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.163.1.6 NAME 'caseIgnoreSubstringMatch-fr-TD' DESC 'fr-TD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.164.1 NAME 'caseIgnoreOrderingMatch-fr-TG' DESC 'fr-TG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.164.1.6 NAME 'caseIgnoreSubstringMatch-fr-TG' DESC 'fr-TG' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.165.1 NAME 'caseIgnoreOrderingMatch-ga' DESC 'ga' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.165.1.6 NAME 'caseIgnoreSubstringMatch-ga' DESC 'ga' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.166.1 NAME 'caseIgnoreOrderingMatch-ga-IE' DESC 'ga-IE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.166.1.6 NAME 'caseIgnoreSubstringMatch-ga-IE' DESC 'ga-IE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.167.1 NAME 'caseIgnoreOrderingMatch-ga-IN' DESC 'ga-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.167.1.6 NAME 'caseIgnoreSubstringMatch-ga-IN' DESC 'ga-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.168.1 NAME 'caseIgnoreOrderingMatch-ha' DESC 'ha' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.168.1.6 NAME 'caseIgnoreSubstringMatch-ha' DESC 'ha' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.169.1 NAME 'caseIgnoreOrderingMatch-ha-Latn' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.169.1.6 NAME 'caseIgnoreSubstringMatch-ha-Latn' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.170.1 NAME 'caseIgnoreOrderingMatch-ha-Latn-GH' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.170.1.6 NAME 'caseIgnoreSubstringMatch-ha-Latn-GH' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.171.1 NAME 'caseIgnoreOrderingMatch-ha-Latn-NE' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.171.1.6 NAME 'caseIgnoreSubstringMatch-ha-Latn-NE' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.172.1 NAME 'caseIgnoreOrderingMatch-ha-Latn-NG' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.172.1.6 NAME 'caseIgnoreSubstringMatch-ha-Latn-NG' DESC 'ha-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.173.1 NAME 'caseIgnoreOrderingMatch-he' DESC 'he' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.173.1.6 NAME 'caseIgnoreSubstringMatch-he' DESC 'he' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.174.1 NAME 'caseIgnoreOrderingMatch-hi' DESC 'hi' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.174.1.6 NAME 'caseIgnoreSubstringMatch-hi' DESC 'hi' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.175.1 NAME 'caseIgnoreOrderingMatch-hy' DESC 'hy' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.175.1.6 NAME 'caseIgnoreSubstringMatch-hy' DESC 'hy' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.176.1 NAME 'caseIgnoreOrderingMatch-id-ID' DESC 'id' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.176.1.6 NAME 'caseIgnoreSubstringMatch-id-ID' DESC 'id' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.177.1 NAME 'caseIgnoreOrderingMatch-ig-NG' DESC 'id-ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.177.1.6 NAME 'caseIgnoreSubstringMatch-ig-NG' DESC 'id-ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.178.1 NAME 'caseIgnoreOrderingMatch-it-IT' DESC 'it-IT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.178.1.6 NAME 'caseIgnoreSubstringMatch-it-IT' DESC 'it-IT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.179.1 NAME 'caseIgnoreOrderingMatch-ka' DESC 'ka' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.179.1.6 NAME 'caseIgnoreSubstringMatch-ka' DESC 'ka' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.180.1 NAME 'caseIgnoreOrderingMatch-ka-GE' DESC 'ka-GE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.180.1.6 NAME 'caseIgnoreSubstringMatch-ka-GE' DESC 'ka-GE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.181.1 NAME 'caseIgnoreOrderingMatch-kk' DESC 'kk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.181.1.6 NAME 'caseIgnoreSubstringMatch-kk' DESC 'kk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.182.1 NAME 'caseIgnoreOrderingMatch-kl' DESC 'kl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.182.1.6 NAME 'caseIgnoreSubstringMatch-kl' DESC 'kl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.183.1 NAME 'caseIgnoreOrderingMatch-kn' DESC 'kn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.183.1.6 NAME 'caseIgnoreSubstringMatch-kn' DESC 'kn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.184.1 NAME 'caseIgnoreOrderingMatch-kok' DESC 'kok' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.184.1.6 NAME 'caseIgnoreSubstringMatch-kok' DESC 'kok' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.185.1 NAME 'caseIgnoreOrderingMatch-ml' DESC 'ml' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.185.1.6 NAME 'caseIgnoreSubstringMatch-ml' DESC 'ml' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.186.1 NAME 'caseIgnoreOrderingMatch-ms' DESC 'ms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.186.1.6 NAME 'caseIgnoreSubstringMatch-ms' DESC 'ms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.187.1 NAME 'caseIgnoreOrderingMatch-ms-BN' DESC 'ms-BN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.187.1.6 NAME 'caseIgnoreSubstringMatch-ms-BN' DESC 'ms-BN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.188.1 NAME 'caseIgnoreOrderingMatch-ms-MY' DESC 'ms-MY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.188.1.6 NAME 'caseIgnoreSubstringMatch-ms-MY' DESC 'ms-MY' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.189.1 NAME 'caseIgnoreOrderingMatch-mt' DESC 'mt' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.189.1.6 NAME 'caseIgnoreSubstringMatch-mt' DESC 'mt' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.190.1 NAME 'caseIgnoreOrderingMatch-nl-NL' DESC 'nl-NL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.190.1.6 NAME 'caseIgnoreSubstringMatch-nl-NL' DESC 'nl-NL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.191.1 NAME 'caseIgnoreOrderingMatch-nn' DESC 'nn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.191.1.6 NAME 'caseIgnoreSubstringMatch-nn' DESC 'nn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.192.1 NAME 'caseIgnoreOrderingMatch-om' DESC 'om' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.192.1.6 NAME 'caseIgnoreSubstringMatch-om' DESC 'om' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.193.1 NAME 'caseIgnoreOrderingMatch-om-ET' DESC 'om-ET' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.193.1.6 NAME 'caseIgnoreSubstringMatch-om-ET' DESC 'om-ET' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.194.1 NAME 'caseIgnoreOrderingMatch-om-KE' DESC 'om-KE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.194.1.6 NAME 'caseIgnoreSubstringMatch-om-KE' DESC 'om-KE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.195.1 NAME 'caseIgnoreOrderingMatch-or' DESC 'or' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.195.1.6 NAME 'caseIgnoreSubstringMatch-or' DESC 'or' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.196.1 NAME 'caseIgnoreOrderingMatch-pa' DESC 'pa' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.196.1.6 NAME 'caseIgnoreSubstringMatch-pa' DESC 'pa' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.197.1 NAME 'caseIgnoreOrderingMatch-pa-Arab' DESC 'pa-Arab' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.197.1.6 NAME 'caseIgnoreSubstringMatch-pa-Arab' DESC 'pa-Arab' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.198.1 NAME 'caseIgnoreOrderingMatch-pa-Arab-PK' DESC 'pa-Arab' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.198.1.6 NAME 'caseIgnoreSubstringMatch-pa-Arab-PK' DESC 'pa-Arab' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.199.1 NAME 'caseIgnoreOrderingMatch-pa-Guru' DESC 'pa-Guru' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.199.1.6 NAME 'caseIgnoreSubstringMatch-pa-Guru' DESC 'pa-Guru' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.200.1 NAME 'caseIgnoreOrderingMatch-pa-Guru-IN' DESC 'pa-Guru' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.200.1.6 NAME 'caseIgnoreSubstringMatch-pa-Guru-IN' DESC 'pa-Guru' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.201.1 NAME 'caseIgnoreOrderingMatch-ps' DESC 'ps' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.201.1.6 NAME 'caseIgnoreSubstringMatch-ps' DESC 'ps' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.202.1 NAME 'caseIgnoreOrderingMatch-pt' DESC 'pt' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.202.1.6 NAME 'caseIgnoreSubstringMatch-pt' DESC 'pt' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.203.1 NAME 'caseIgnoreOrderingMatch-pt-BR' DESC 'pt-BR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.203.1.6 NAME 'caseIgnoreSubstringMatch-pt-BR' DESC 'pt-BR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.204.1 NAME 'caseIgnoreOrderingMatch-pt-PT' DESC 'pt-PT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.204.1.6 NAME 'caseIgnoreSubstringMatch-pt-PT' DESC 'pt-PT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.205.1 NAME 'caseIgnoreOrderingMatch-ro-MD' DESC 'ro-MD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.205.1.6 NAME 'caseIgnoreSubstringMatch-ro-MD' DESC 'ro-MD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.206.1 NAME 'caseIgnoreOrderingMatch-ro-RO' DESC 'ro-RO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.206.1.6 NAME 'caseIgnoreSubstringMatch-ro-RO' DESC 'ro-RO' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.207.1 NAME 'caseIgnoreOrderingMatch-ru-MD' DESC 'ru-MD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.207.1.6 NAME 'caseIgnoreSubstringMatch-ru-MD' DESC 'ru-MD' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.208.1 NAME 'caseIgnoreOrderingMatch-ru-RU' DESC 'ru-RU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.208.1.6 NAME 'caseIgnoreSubstringMatch-ru-RU' DESC 'ru-RU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.209.1 NAME 'caseIgnoreOrderingMatch-ru-UA' DESC 'ru-UA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.209.1.6 NAME 'caseIgnoreSubstringMatch-ru-UA' DESC 'ru-UA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.210.1 NAME 'caseIgnoreOrderingMatch-si' DESC 'si' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.210.1.6 NAME 'caseIgnoreSubstringMatch-si' DESC 'si' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.211.1 NAME 'caseIgnoreOrderingMatch-sk' DESC 'sk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.211.1.6 NAME 'caseIgnoreSubstringMatch-sk' DESC 'sk' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.212.1 NAME 'caseIgnoreOrderingMatch-sl' DESC 'sl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.212.1.6 NAME 'caseIgnoreSubstringMatch-sl' DESC 'sl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.213.1 NAME 'caseIgnoreOrderingMatch-sq' DESC 'sq' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.213.1.6 NAME 'caseIgnoreSubstringMatch-sq' DESC 'sq' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.214.1 NAME 'caseIgnoreOrderingMatch-sr-Cyrl' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.214.1.6 NAME 'caseIgnoreSubstringMatch-sr-Cyrl' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.215.1 NAME 'caseIgnoreOrderingMatch-sr-Cyrl-BA' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.215.1.6 NAME 'caseIgnoreSubstringMatch-sr-Cyrl-BA' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.216.1 NAME 'caseIgnoreOrderingMatch-sr-Cyrl-ME' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.216.1.6 NAME 'caseIgnoreSubstringMatch-sr-Cyrl-ME' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.217.1 NAME 'caseIgnoreOrderingMatch-sr-Cyrl-RS' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.217.1.6 NAME 'caseIgnoreSubstringMatch-sr-Cyrl-RS' DESC 'sr-Cyrl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.218.1 NAME 'caseIgnoreOrderingMatch-sr-Latn' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.218.1.6 NAME 'caseIgnoreSubstringMatch-sr-Latn' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.219.1 NAME 'caseIgnoreOrderingMatch-sr-Latn-BA' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.219.1.6 NAME 'caseIgnoreSubstringMatch-sr-Latn-BA' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.220.1 NAME 'caseIgnoreOrderingMatch-sr-Latn-ME' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.220.1.6 NAME 'caseIgnoreSubstringMatch-sr-Latn-ME' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.221.1 NAME 'caseIgnoreOrderingMatch-sr-Latn-RS' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.221.1.6 NAME 'caseIgnoreSubstringMatch-sr-Latn-RS' DESC 'sr-Latn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.222.1 NAME 'caseIgnoreOrderingMatch-sv-FI' DESC 'sv-FI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.222.1.6 NAME 'caseIgnoreSubstringMatch-sv-FI' DESC 'sv-FI' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.223.1 NAME 'caseIgnoreOrderingMatch-sv-SE' DESC 'sv-SE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.223.1.6 NAME 'caseIgnoreSubstringMatch-sv-SE' DESC 'sv-SE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.224.1 NAME 'caseIgnoreOrderingMatch-sw' DESC 'sw' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.224.1.6 NAME 'caseIgnoreSubstringMatch-sw' DESC 'sw' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.225.1 NAME 'caseIgnoreOrderingMatch-sw-KE' DESC 'sw-KE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.225.1.6 NAME 'caseIgnoreSubstringMatch-sw-KE' DESC 'sw-KE' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.226.1 NAME 'caseIgnoreOrderingMatch-sw-TZ' DESC 'sw-TZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.226.1.6 NAME 'caseIgnoreSubstringMatch-sw-TZ' DESC 'sw-TZ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.227.1 NAME 'caseIgnoreOrderingMatch-ta' DESC 'ta' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.227.1.6 NAME 'caseIgnoreSubstringMatch-ta' DESC 'ta' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.228.1 NAME 'caseIgnoreOrderingMatch-ta-IN' DESC 'ta-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.228.1.6 NAME 'caseIgnoreSubstringMatch-ta-IN' DESC 'ta-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.229.1 NAME 'caseIgnoreOrderingMatch-ta-LK' DESC 'ta-LK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.229.1.6 NAME 'caseIgnoreSubstringMatch-ta-LK' DESC 'ta-LK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.230.1 NAME 'caseIgnoreOrderingMatch-te' DESC 'te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.230.1.6 NAME 'caseIgnoreSubstringMatch-te' DESC 'te' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.231.1 NAME 'caseIgnoreOrderingMatch-th' DESC 'th' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.231.1.6 NAME 'caseIgnoreSubstringMatch-th' DESC 'th' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.232.1 NAME 'caseIgnoreOrderingMatch-ur' DESC 'ur' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.232.1.6 NAME 'caseIgnoreSubstringMatch-ur' DESC 'ur' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.233.1 NAME 'caseIgnoreOrderingMatch-ur-IN' DESC 'ur-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.233.1.6 NAME 'caseIgnoreSubstringMatch-ur-IN' DESC 'ur-IN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.234.1 NAME 'caseIgnoreOrderingMatch-ur-PK' DESC 'ur-PK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.234.1.6 NAME 'caseIgnoreSubstringMatch-ur-PK' DESC 'ur-PK' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.235.1 NAME 'caseIgnoreOrderingMatch-vi' DESC 'vi' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.235.1.6 NAME 'caseIgnoreSubstringMatch-vi' DESC 'vi' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.236.1 NAME 'caseIgnoreOrderingMatch-yo' DESC 'yo' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.236.1.6 NAME 'caseIgnoreSubstringMatch-yo' DESC 'yo' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.237.1 NAME 'caseIgnoreOrderingMatch-zh-Hans' DESC 'zh-Hans' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.237.1.6 NAME 'caseIgnoreSubstringMatch-zh-Hans' DESC 'zh-Hans' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.238.1 NAME 'caseIgnoreOrderingMatch-zh-Hans-CN' DESC 'zh-Hans' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.238.1.6 NAME 'caseIgnoreSubstringMatch-zh-Hans-CN' DESC 'zh-Hans' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.239.1 NAME 'caseIgnoreOrderingMatch-zh-Hans-SG' DESC 'zh-Hans' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.239.1.6 NAME 'caseIgnoreSubstringMatch-zh-Hans-SG' DESC 'zh-Hans' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.240.1 NAME 'caseIgnoreOrderingMatch-zh-Hant-HK' DESC 'zh-Hant' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.240.1.6 NAME 'caseIgnoreSubstringMatch-zh-Hant-HK' DESC 'zh-Hant' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.241.1 NAME 'caseIgnoreOrderingMatch-zh-Hant-MO' DESC 'zh-Hant' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.241.1.6 NAME 'caseIgnoreSubstringMatch-zh-Hant-MO' DESC 'zh-Hant' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.242.1 NAME 'caseIgnoreOrderingMatch-zh-Hant-TW' DESC 'zh-Hant' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.242.1.6 NAME 'caseIgnoreSubstringMatch-zh-Hant-TW' DESC 'zh-Hant' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.243.1 NAME 'caseIgnoreOrderingMatch-zu' DESC 'zu' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.243.1.6 NAME 'caseIgnoreSubstringMatch-zu' DESC 'zu' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.244.1 NAME 'caseIgnoreOrderingMatch-zu-ZA' DESC 'zu-ZA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.244.1.6 NAME 'caseIgnoreSubstringMatch-zu-ZA' DESC 'zu-ZA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.0.3 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.0.3.6 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.11.3 NAME 'caseExactOrderingMatch-en' DESC 'en' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.3.2.11.3.6 NAME 'caseExactSubstringMatch-en' DESC 'en' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.5.13.23 NAME 'uniqueMemberMatch' DESC 'The uniqueMemberMatch rule compares an assertion value of the Name And Optional UID syntax to an attribute value of a syntax (e.g., the Name And Optional UID syntax) whose corresponding ASN.1 type is NameAndOptionalUID. The rule evaluates to TRUE if and only if the components of the assertion value and attribute value match according to the distinguishedNameMatch rule and either, (1) the component is absent from both the attribute value and assertion value, or (2) the component is present in both the attribute value and the assertion value and the component of the assertion value matches the component of the attribute value according to the bitStringMatch rule. Note that this matching rule has been altered from its description in X.520 [X.520] in order to make the matching rule commutative. Server implementors should consider using the original X.520 semantics (where the matching was less exact) for approximate matching of attributes with uniqueMemberMatch as the equality matching rule.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )", "( 2.5.13.8 NAME 'numericStringMatch' DESC 'The rule evaluates to TRUE if and only if the prepared attribute value character string and the prepared assertion value character string have the same number of characters and corresponding characters have the same code point.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )", "( 2.5.13.9 NAME 'numericStringOrderingMatch' DESC 'The rule evaluates to TRUE if and only if, in the code point collation order, the prepared attribute value character string appears earlier than the prepared assertion value character string; i.e., the attribute value is less than the assertion value.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )", "( 2.5.13.10 NAME 'numericStringSubstringsMatch' DESC 'The rule evaluates to TRUE if and only if (1) the prepared substrings of the assertion value match disjoint portions of the prepared attribute value, (2) an initial substring, if present, matches the beginning of the prepared attribute value character string, and (3) a final substring, if present, matches the end of the prepared attribute value character string.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )", "( 2.5.13.20 NAME 'telephoneNumberMatch' DESC 'The telephoneNumberMatch rule compares an assertion value of the Telephone Number syntax to an attribute value of a syntax (e.g., the Telephone Number syntax) whose corresponding ASN.1 type is a PrintableString representing a telephone number. The rule evaluates to TRUE if and only if the prepared attribute value character string and the prepared assertion value character string have the same number of characters and corresponding characters have the same code point. In preparing the attribute value and assertion value for comparison, characters are case folded in the Map preparation step, and only telephoneNumber Insignificant Character Handling is applied in the Insignificant Character Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )", "( 2.5.13.21 NAME 'telephoneNumberSubstringsMatch' DESC 'The telephoneNumberSubstringsMatch rule compares an assertion value of the Substring Assertion syntax to an attribute value of a syntax (e.g., the Telephone Number syntax) whose corresponding ASN.1 type is a PrintableString representing a telephone number. The rule evaluates to TRUE if and only if (1) the prepared substrings of the assertion value match disjoint portions of the prepared attribute value character string in the order of the substrings in the assertion value, (2) an substring, if present, matches the beginning of the prepared attribute value character string, and (3) a substring, if present, matches the end of the prepared attribute value character string. A prepared substring matches a portion of the prepared attribute value character string if corresponding characters have the same code point. In preparing the attribute value and assertion value substrings for comparison, characters are case folded in the Map preparation step, and only telephoneNumber Insignificant Character Handling is applied in the Insignificant Character Handling step.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )" ], "objectClass": [ "top", "ldapSubentry", "subschema" ], "objectClasses": [ "( 2.5.6.0 NAME 'top' ABSTRACT MUST objectClass X-ORIGIN 'RFC 4512' )", "( 2.5.6.1 NAME 'alias' SUP top STRUCTURAL MUST aliasedObjectName X-ORIGIN 'RFC 4512' )", "( 2.5.20.1 NAME 'subschema' AUXILIARY MAY ( dITStructureRules $ nameForms $ dITContentRules $ objectClasses $ attributeTypes $ matchingRules $ matchingRuleUse ) X-ORIGIN 'RFC 4512' )", "( 1.3.6.1.4.1.1466.101.120.111 NAME 'extensibleObject' SUP top AUXILIARY X-ORIGIN 'RFC 4512' )", "( 2.5.6.11 NAME 'applicationProcess' SUP top STRUCTURAL MUST cn MAY ( seeAlso $ ou $ l $ description ) X-ORIGIN 'RFC 4519' )", "( 2.5.6.2 NAME 'country' SUP top STRUCTURAL MUST c MAY ( searchGuide $ description ) X-ORIGIN 'RFC 4519' )", "( 1.3.6.1.4.1.1466.344 NAME 'dcObject' SUP top AUXILIARY MUST dc X-ORIGIN 'RFC 4519' )", "( 2.5.6.14 NAME 'device' SUP top STRUCTURAL MUST cn MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) X-ORIGIN 'RFC 4519' )", "( 2.5.6.9 NAME 'groupOfNames' SUP top STRUCTURAL MUST cn MAY ( member $ businessCategory $ seeAlso $ owner $ ou $ o $ description ) X-ORIGIN 'RFC 4519' )", "( 2.5.6.17 NAME 'groupOfUniqueNames' SUP top STRUCTURAL MUST cn MAY ( uniqueMember $ businessCategory $ seeAlso $ owner $ ou $ o $ description ) X-ORIGIN 'RFC 4519' )", "( 2.5.6.3 NAME 'locality' SUP top STRUCTURAL MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) X-ORIGIN 'RFC 4519' )", "( 2.5.6.4 NAME 'organization' SUP top STRUCTURAL MUST o MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationalISDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) X-ORIGIN 'RFC 4519' )", "( 2.5.6.6 NAME 'person' SUP top STRUCTURAL MUST ( sn $ cn ) MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) X-ORIGIN 'RFC 4519' )", "( 2.5.6.7 NAME 'organizationalPerson' SUP person STRUCTURAL MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ internationalISDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) X-ORIGIN 'RFC 4519' )", "( 2.5.6.8 NAME 'organizationalRole' SUP top STRUCTURAL MUST cn MAY ( x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationalISDNNumber $ facsimileTelephoneNumber $ seeAlso $ roleOccupant $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l $ description ) X-ORIGIN 'RFC 4519' )", "( 2.5.6.5 NAME 'organizationalUnit' SUP top STRUCTURAL MUST ou MAY ( businessCategory $ description $ destinationIndicator $ facsimileTelephoneNumber $ internationalISDNNumber $ l $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOfficeBox $ preferredDeliveryMethod $ registeredAddress $ searchGuide $ seeAlso $ st $ street $ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ userPassword $ x121Address ) X-ORIGIN 'RFC 4519' )", "( 2.5.6.10 NAME 'residentialPerson' SUP person STRUCTURAL MUST l MAY ( businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ internationalISDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l ) X-ORIGIN 'RFC 4519' )", "( 1.3.6.1.1.3.1 NAME 'uidObject' SUP top AUXILIARY MUST uid X-ORIGIN 'RFC 4519' )", "( 2.16.840.1.113719.2.142.6.1.1 NAME 'ldapSubEntry' DESC 'LDAP Subentry class, version 1' SUP top STRUCTURAL MAY cn X-ORIGIN 'LDAP Subentry Internet Draft' )", "( 2.16.840.1.113730.3.2.40 NAME 'directoryServerFeature' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MAY ( oid $ cn $ multiLineDescription ) X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.41 NAME 'nsslapdPlugin' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST ( cn $ nsslapd-pluginPath $ nsslapd-pluginInitfunc $ nsslapd-pluginType $ nsslapd-pluginId $ nsslapd-pluginVersion $ nsslapd-pluginVendor $ nsslapd-pluginDescription $ nsslapd-pluginEnabled ) MAY ( nsslapd-pluginConfigArea $ nsslapd-plugin-depends-on-type ) X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.44 NAME 'nsIndex' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST ( cn $ nsSystemIndex ) MAY ( description $ nsIndexType $ nsMatchingRule $ nsIndexIDListScanLimit ) X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.109 NAME 'nsBackendInstance' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.110 NAME 'nsMappingTree' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.104 NAME 'nsContainer' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.108 NAME 'nsDS5Replica' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST ( nsDS5ReplicaRoot $ nsDS5ReplicaId ) MAY ( cn $ nsds5ReplicaPreciseTombstonePurging $ nsds5ReplicaCleanRUV $ nsds5ReplicaAbortCleanRUV $ nsDS5ReplicaType $ nsDS5ReplicaBindDN $ nsState $ nsDS5ReplicaName $ nsDS5Flags $ nsDS5Task $ nsDS5ReplicaReferral $ nsDS5ReplicaAutoReferral $ nsds5ReplicaPurgeDelay $ nsds5ReplicaTombstonePurgeInterval $ nsds5ReplicaChangeCount $ nsds5ReplicaLegacyConsumer $ nsds5ReplicaProtocolTimeout $ nsds5ReplicaBackoffMin $ nsds5ReplicaBackoffMax ) X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.113 NAME 'nsTombstone' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MAY ( nstombstonecsn $ nsParentUniqueId $ nscpEntryDN ) X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.103 NAME 'nsDS5ReplicationAgreement' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsds5ReplicaCleanRUVNotified $ nsDS5ReplicaHost $ nsDS5ReplicaPort $ nsDS5ReplicaTransportInfo $ nsDS5ReplicaBindDN $ nsDS5ReplicaCredentials $ nsDS5ReplicaBindMethod $ nsDS5ReplicaRoot $ nsDS5ReplicatedAttributeList $ nsDS5ReplicatedAttributeListTotal $ nsDS5ReplicaUpdateSchedule $ nsds5BeginReplicaRefresh $ description $ nsds50ruv $ nsruvReplicaLastModified $ nsds5replicaTimeout $ nsds5replicaChangesSentSinceStartup $ nsds5replicaLastUpdateEnd $ nsds5replicaLastUpdateStart $ nsds5replicaLastUpdateStatus $ nsds5replicaUpdateInProgress $ nsds5replicaLastInitEnd $ nsds5ReplicaEnabled $ nsds5replicaLastInitStart $ nsds5replicaLastInitStatus $ nsds5debugreplicatimeout $ nsds5replicaBusyWaitTime $ nsds5ReplicaStripAttrs $ nsds5replicaSessionPauseTime $ nsds5ReplicaProtocolTimeout ) X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.39 NAME 'nsslapdConfig' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MAY cn X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.317 NAME 'nsSaslMapping' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST ( cn $ nsSaslMapRegexString $ nsSaslMapBaseDNTemplate $ nsSaslMapFilterTemplate ) MAY nsSaslMapPriority X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.43 NAME 'nsSNMP' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST ( cn $ nsSNMPEnabled ) MAY ( nsSNMPOrganization $ nsSNMPLocation $ nsSNMPContact $ nsSNMPDescription $ nsSNMPName $ nsSNMPMasterHost $ nsSNMPMasterPort ) X-ORIGIN 'Netscape Directory Server' )", "( nsEncryptionConfig-oid NAME 'nsEncryptionConfig' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsCertfile $ nsKeyfile $ nsSSL2 $ nsSSL3 $ nsTLS1 $ sslVersionMin $ sslVersionMax $ nsSSLSessionTimeout $ nsSSL3SessionTimeout $ nsSSLClientAuth $ nsSSL2Ciphers $ nsSSL3Ciphers $ nsSSLSupportedCiphers ) X-ORIGIN 'Netscape' )", "( nsEncryptionModule-oid NAME 'nsEncryptionModule' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsSSLToken $ nsSSLPersonalitySSL $ nsSSLActivation ) X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.2.327 NAME 'rootDNPluginConfig' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( rootdn-open-time $ rootdn-close-time $ rootdn-days-allowed $ rootdn-allow-host $ rootdn-deny-host $ rootdn-allow-ip $ rootdn-deny-ip ) X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.2.328 NAME 'nsSchemaPolicy' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MAY ( cn $ schemaUpdateObjectclassAccept $ schemaUpdateObjectclassReject $ schemaUpdateAttributeAccept $ schemaUpdateAttributeReject ) X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.31 NAME 'groupOfCertificates' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( memberCertificateDescription $ businessCategory $ description $ o $ ou $ owner $ seeAlso ) X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.33 NAME 'groupOfURLs' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( memberURL $ businessCategory $ description $ o $ ou $ owner $ seeAlso ) X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.35 NAME 'LDAPServer' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( description $ l $ ou $ seeAlso $ generation $ changeLogMaximumAge $ changeLogMaximumSize ) X-ORIGIN 'Netscape Directory Server' )", "( 1.3.6.1.4.1.250.3.18 NAME 'cacheObject' DESC 'object that contains the TTL (time to live) attribute type' SUP top STRUCTURAL MAY ttl X-ORIGIN 'LDAP Caching Internet Draft' )", "( 2.16.840.1.113730.3.2.10 NAME 'netscapeServer' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( description $ serverRoot $ serverProductName $ serverVersionNumber $ installationTimeStamp $ administratorContactInfo $ userPassword $ adminUrl $ serverHostName ) X-ORIGIN 'Netscape Administration Services' )", "( 2.16.840.1.113730.3.2.7 NAME 'nsLicenseUser' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MAY ( nsLicensedFor $ nsLicenseStartTime $ nsLicenseEndTime ) X-ORIGIN 'Netscape Administration Services' )", "( 2.16.840.1.113730.3.2.1 NAME 'changeLogEntry' DESC 'LDAP changelog objectclass' SUP top STRUCTURAL MUST ( targetDn $ changeTime $ changeNumber $ changeType ) MAY ( changes $ newRdn $ deleteOldRdn $ newSuperior ) X-ORIGIN 'Changelog Internet Draft' )", "( 2.16.840.1.113730.3.2.6 NAME 'referral' DESC 'LDAP referrals objectclass' SUP top STRUCTURAL MAY ref X-ORIGIN 'LDAPv3 referrals Internet Draft' )", "( 2.16.840.1.113730.3.2.12 NAME 'passwordObject' DESC 'Netscape defined password policy objectclass' SUP top STRUCTURAL MAY ( pwdpolicysubentry $ passwordExpirationTime $ passwordExpWarned $ passwordRetryCount $ retryCountResetTime $ accountUnlockTime $ passwordHistory $ passwordAllowChangeTime $ passwordGraceUserTime ) X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.13 NAME 'passwordPolicy' DESC 'Netscape defined password policy objectclass' SUP top STRUCTURAL MAY ( passwordMaxAge $ passwordExp $ passwordMinLength $ passwordKeepHistory $ passwordInHistory $ passwordChange $ passwordWarning $ passwordLockout $ passwordMaxFailure $ passwordResetDuration $ passwordUnlock $ passwordLockoutDuration $ passwordCheckSyntax $ passwordMustChange $ passwordStorageScheme $ passwordMinAge $ passwordResetFailureCount $ passwordGraceLimit $ passwordMinDigits $ passwordMinAlphas $ passwordMinUppers $ passwordMinLowers $ passwordMinSpecials $ passwordMin8bit $ passwordMaxRepeats $ passwordMinCategories $ passwordMinTokenLength $ passwordTrackUpdateTime $ passwordAdminDN ) X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.30 NAME 'glue' DESC 'Netscape defined objectclass' SUP top STRUCTURAL X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.32 NAME 'netscapeMachineData' DESC 'Netscape defined objectclass' SUP top STRUCTURAL X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.38 NAME 'vlvSearch' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST ( cn $ vlvBase $ vlvScope $ vlvFilter ) MAY multiLineDescription X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.42 NAME 'vlvIndex' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST ( cn $ vlvSort ) MAY ( vlvEnabled $ vlvUses ) X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.84 NAME 'cosDefinition' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MAY ( costargettree $ costemplatedn $ cosspecifier $ cosAttribute $ aci $ cn $ uid ) X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.93 NAME 'nsRoleDefinition' DESC 'Netscape defined objectclass' SUP ldapSubEntry STRUCTURAL MAY ( description $ nsRoleScopeDN ) X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.94 NAME 'nsSimpleRoleDefinition' DESC 'Netscape defined objectclass' SUP nsRoleDefinition STRUCTURAL X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.95 NAME 'nsComplexRoleDefinition' DESC 'Netscape defined objectclass' SUP nsRoleDefinition STRUCTURAL X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.96 NAME 'nsManagedRoleDefinition' DESC 'Netscape defined objectclass' SUP nsSimpleRoleDefinition STRUCTURAL X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.97 NAME 'nsFilteredRoleDefinition' DESC 'Netscape defined objectclass' SUP nsComplexRoleDefinition STRUCTURAL MUST nsRoleFilter X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.98 NAME 'nsNestedRoleDefinition' DESC 'Netscape defined objectclass' SUP nsComplexRoleDefinition STRUCTURAL MUST nsRoleDN X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.99 NAME 'cosSuperDefinition' DESC 'Netscape defined objectclass' SUP ldapSubEntry STRUCTURAL MUST cosAttribute MAY description X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.100 NAME 'cosClassicDefinition' DESC 'Netscape defined objectclass' SUP cosSuperDefinition STRUCTURAL MAY ( costemplatedn $ cosspecifier ) X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.101 NAME 'cosPointerDefinition' DESC 'Netscape defined objectclass' SUP cosSuperDefinition STRUCTURAL MAY costemplatedn X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.102 NAME 'cosIndirectDefinition' DESC 'Netscape defined objectclass' SUP cosSuperDefinition STRUCTURAL MAY cosIndirectSpecifier X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.503 NAME 'nsDSWindowsReplicationAgreement' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsDS5ReplicaHost $ nsDS5ReplicaPort $ nsDS5ReplicaTransportInfo $ nsDS5ReplicaBindDN $ nsDS5ReplicaCredentials $ nsDS5ReplicaBindMethod $ nsDS5ReplicaRoot $ nsDS5ReplicatedAttributeList $ nsDS5ReplicaUpdateSchedule $ nsds5BeginReplicaRefresh $ description $ nsds50ruv $ nsruvReplicaLastModified $ nsds5replicaTimeout $ nsds5replicaChangesSentSinceStartup $ nsds5replicaLastUpdateEnd $ nsds5replicaLastUpdateStart $ nsds5replicaLastUpdateStatus $ nsds5replicaUpdateInProgress $ nsds5replicaLastInitEnd $ nsds5replicaLastInitStart $ nsds5replicaLastInitStatus $ nsds5debugreplicatimeout $ nsds5replicaBusyWaitTime $ nsds5replicaSessionPauseTime $ nsds7WindowsReplicaSubtree $ nsds7DirectoryReplicaSubtree $ nsds7NewWinUserSyncEnabled $ nsds7NewWinGroupSyncEnabled $ nsds7WindowsDomain $ nsds7DirsyncCookie $ winSyncInterval $ oneWaySync $ winSyncMoveAction $ nsds5ReplicaEnabled $ winSyncDirectoryFilter $ winSyncWindowsFilter $ winSyncSubtreePair ) X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.128 NAME 'costemplate' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MAY ( cn $ cosPriority ) X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.304 NAME 'nsView' DESC 'Netscape defined objectclass' SUP top AUXILIARY MAY ( nsViewFilter $ description ) X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.316 NAME 'nsAttributeEncryption' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST ( cn $ nsEncryptionAlgorithm ) X-ORIGIN 'Netscape Directory Server' )", "( 2.5.6.21 NAME 'pkiUser' DESC 'X.509 PKI User' SUP top AUXILIARY MAY userCertificate X-ORIGIN 'RFC 4523' )", "( 2.5.6.22 NAME 'pkiCA' DESC 'X.509 PKI Certificate Authority' SUP top AUXILIARY MAY ( cACertificate $ certificateRevocationList $ authorityRevocationList $ crossCertificatePair ) X-ORIGIN 'RFC 4523' )", "( 2.5.6.19 NAME 'cRLDistributionPoint' DESC 'X.509 CRL distribution point' SUP top STRUCTURAL MUST cn MAY ( certificateRevocationList $ authorityRevocationList $ deltaRevocationList ) X-ORIGIN 'RFC 4523' )", "( 2.5.6.23 NAME 'deltaCRL' DESC 'X.509 delta CRL' SUP top AUXILIARY MAY deltaRevocationList X-ORIGIN 'RFC 4523' )", "( 2.5.6.15 NAME 'strongAuthenticationUser' DESC 'X.521 strong authentication user' SUP top AUXILIARY MUST userCertificate X-ORIGIN 'RFC 4523' )", "( 2.5.6.18 NAME 'userSecurityInformation' DESC 'X.521 user security information' SUP top AUXILIARY MAY supportedAlgorithms X-ORIGIN 'RFC 4523' )", "( 2.5.6.16 NAME 'certificationAuthority' DESC 'X.509 certificate authority' SUP top AUXILIARY MUST ( authorityRevocationList $ certificateRevocationList $ cACertificate ) MAY crossCertificatePair X-ORIGIN 'RFC 4523' )", "( 2.5.6.16.2 NAME 'certificationAuthority-V2' DESC 'X.509 certificate authority, version 2' SUP certificationAuthority AUXILIARY MAY deltaRevocationList X-ORIGIN 'RFC 4523' )", "( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top STRUCTURAL MUST uid MAY ( description $ seeAlso $ l $ o $ ou $ host ) X-ORIGIN 'RFC 4524' )", "( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top STRUCTURAL MUST documentIdentifier MAY ( cn $ description $ seeAlso $ l $ o $ ou $ documentTitle $ documentVersion $ documentAuthor $ documentLocation $ documentPublisher ) X-ORIGIN 'RFC 4524' )", "( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP top STRUCTURAL MUST cn MAY ( description $ l $ o $ ou $ seeAlso $ telephoneNumber ) X-ORIGIN 'RFC 4524' )", "( 0.9.2342.19200300.100.4.13 NAME 'domain' SUP top STRUCTURAL MUST dc MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationalISDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description $ o $ associatedName ) X-ORIGIN 'RFC 4524' )", "( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' SUP top AUXILIARY MUST associatedDomain X-ORIGIN 'RFC 4524' )", "( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP country STRUCTURAL MUST co X-ORIGIN 'RFC 4524' )", "( 0.9.2342.19200300.100.4.14 NAME 'rFC822localPart' SUP domain STRUCTURAL MAY ( cn $ sn ) X-ORIGIN 'RFC 4524' )", "( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTURAL MUST cn MAY ( roomNumber $ description $ seeAlso $ telephoneNumber ) X-ORIGIN 'RFC 4524' )", "( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' SUP top AUXILIARY MUST userPassword X-ORIGIN 'RFC 4524' )", "( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' SUP organizationalPerson STRUCTURAL MAY ( audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ employeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ initials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo $ roomNumber $ secretary $ uid $ userCertificate $ x500UniqueIdentifier $ preferredLanguage $ userSMIMECertificate $ userPKCS12 ) X-ORIGIN 'RFC 2798' )", "( 2.16.840.1.113730.3.2.322 NAME 'autoMemberDefinition' DESC 'Auto Membership Config Definition Entry' SUP top STRUCTURAL MUST ( cn $ autoMemberScope $ autoMemberFilter $ autoMemberGroupingAttr ) MAY ( autoMemberDefaultGroup $ autoMemberDisabled ) X-ORIGIN '389 Directory Server' )", "( 2.16.840.1.113730.3.2.323 NAME 'autoMemberRegexRule' DESC 'Auto Membership Regex Rule Entry' SUP top STRUCTURAL MUST ( cn $ autoMemberTargetGroup ) MAY ( autoMemberExclusiveRegex $ autoMemberInclusiveRegex $ description ) X-ORIGIN '389 Directory Server' )", "( 2.16.840.1.113730.3.2.324 NAME 'dnaPluginConfig' DESC 'DNA plugin configuration' SUP top AUXILIARY MAY ( dnaType $ dnaPrefix $ dnaNextValue $ dnaMaxValue $ dnaInterval $ dnaMagicRegen $ dnaFilter $ dnaScope $ dnaSharedCfgDN $ dnaThreshold $ dnaNextRange $ dnaRangeRequestTimeout $ dnaRemoteBindDN $ dnaRemoteBindCred $ cn ) X-ORIGIN '389 Directory Server' )", "( 2.16.840.1.113730.3.2.325 NAME 'dnaSharedConfig' DESC 'DNA Shared Configuration' SUP top AUXILIARY MAY ( dnaHostname $ dnaPortNum $ dnaSecurePortNum $ dnaRemoteBindMethod $ dnaRemoteConnProtocol $ dnaRemainingValues ) X-ORIGIN '389 Directory Server' )", "( 2.16.840.1.113730.3.2.319 NAME 'mepManagedEntry' DESC 'Managed Entries Managed Entry' SUP top AUXILIARY MAY mepManagedBy X-ORIGIN '389 Directory Server' )", "( 2.16.840.1.113730.3.2.320 NAME 'mepOriginEntry' DESC 'Managed Entries Origin Entry' SUP top AUXILIARY MAY mepManagedEntry X-ORIGIN '389 Directory Server' )", "( 2.16.840.1.113730.3.2.321 NAME 'mepTemplateEntry' DESC 'Managed Entries Template Entry' SUP top AUXILIARY MAY ( cn $ mepStaticAttr $ mepMappedAttr $ mepRDNAttr ) X-ORIGIN '389 Directory Server' )", "( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Standard LDAP objectclass' SUP top AUXILIARY MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $ description ) X-ORIGIN 'RFC 2307' )", "( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC 'Standard LDAP objectclass' SUP top AUXILIARY MUST uid MAY ( userPassword $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ description ) X-ORIGIN 'RFC 2307' )", "( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Standard LDAP objectclass' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY ( userPassword $ memberUid $ description ) X-ORIGIN 'RFC 2307' )", "( 1.3.6.1.1.1.2.3 NAME 'ipService' DESC 'Standard LDAP objectclass' SUP top STRUCTURAL MUST ( cn $ ipServicePort $ ipServiceProtocol ) MAY description X-ORIGIN 'RFC 2307' )", "( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC 'Standard LDAP objectclass' SUP top STRUCTURAL MUST ( cn $ ipProtocolNumber ) MAY description X-ORIGIN 'RFC 2307' )", "( 1.3.6.1.1.1.2.5 NAME 'oncRpc' DESC 'Standard LDAP objectclass' SUP top STRUCTURAL MUST ( cn $ oncRpcNumber ) MAY description X-ORIGIN 'RFC 2307' )", "( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Standard LDAP objectclass' SUP top AUXILIARY MUST ( ipHostNumber $ cn ) MAY ( manager $ description $ l $ o $ ou $ owner $ seeAlso $ serialNumber ) X-ORIGIN 'RFC 2307' )", "( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Standard LDAP objectclass' SUP top STRUCTURAL MUST ( ipNetworkNumber $ cn ) MAY ( ipNetmaskNumber $ manager $ l $ description ) X-ORIGIN 'RFC 2307' )", "( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC 'Standard LDAP objectclass' SUP top STRUCTURAL MUST cn MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) X-ORIGIN 'RFC 2307' )", "( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'Standard LDAP objectclass' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $ nisMapName ) MAY description X-ORIGIN 'RFC 2307' )", "( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'Standard LDAP objectclass' SUP top AUXILIARY MUST cn MAY ( macAddress $ description $ l $ o $ ou $ owner $ seeAlso $ serialNumber ) X-ORIGIN 'RFC 2307' )", "( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'Standard LDAP objectclass' SUP top AUXILIARY MUST cn MAY ( bootFile $ bootParameter $ description $ l $ o $ ou $ owner $ seeAlso $ serialNumber ) X-ORIGIN 'RFC 2307' )", "( 1.3.6.1.1.1.2.13 NAME 'nisMap' DESC 'Standard LDAP objectclass' SUP top STRUCTURAL MUST nisMapName MAY description X-ORIGIN 'RFC 2307' )", "( 2.16.840.1.113730.3.2.129 NAME 'inetDomain' DESC 'Auxiliary class for virtual domain nodes' SUP top AUXILIARY MAY ( inetDomainBaseDN $ inetDomainStatus ) X-ORIGIN 'Netscape subscriber interoperability' )", "( 2.16.840.1.113730.3.2.130 NAME 'inetUser' DESC 'Auxiliary class which must be present in an entry for delivery of subscriber services' SUP top AUXILIARY MAY ( uid $ inetUserStatus $ inetUserHttpURL $ userPassword $ memberOf ) X-ORIGIN 'Netscape subscriber interoperability' )", "( 1.3.6.1.4.1.1466.101.120.141 NAME 'NetscapeLinkedOrganization' AUXILIARY MAY parentOrganization X-ORIGIN 'Netscape' )", "( 1.3.6.1.4.1.1466.101.120.142 NAME 'NetscapePreferences' AUXILIARY MAY ( preferredLanguage $ preferredLocale $ preferredTimeZone ) X-ORIGIN 'Netscape' )", "( 2.16.840.1.113730.3.2.134 NAME 'inetSubscriber' SUP top AUXILIARY MAY ( inetSubscriberAccountId $ inetSubscriberChallenge $ inetSubscriberResponse ) X-ORIGIN 'Netscape subscriber interoperability' )", "( 2.16.840.1.113730.3.2.112 NAME 'inetAdmin' DESC 'Marker for an administrative group or user' SUP top AUXILIARY MAY ( aci $ memberOf $ adminRole ) X-ORIGIN 'Netscape Delegated Administrator' )", "( 1.3.6.1.4.1.42.2.27.4.2.1 NAME 'javaContainer' DESC 'Container for a Java object' SUP top STRUCTURAL MUST cn X-ORIGIN 'RFC 2713' )", "( 1.3.6.1.4.1.42.2.27.4.2.4 NAME 'javaObject' DESC 'Java object representation' SUP top ABSTRACT MUST javaClassName MAY ( javaClassNames $ javaCodebase $ javaDoc $ description ) X-ORIGIN 'RFC 2713' )", "( 1.3.6.1.4.1.42.2.27.4.2.5 NAME 'javaSerializedObject' DESC 'Java serialized object' SUP javaObject AUXILIARY MUST javaSerializedData X-ORIGIN 'RFC 2713' )", "( 1.3.6.1.4.1.42.2.27.4.2.7 NAME 'javaNamingReference' DESC 'JNDI reference' SUP javaObject AUXILIARY MAY ( javaReferenceAddress $ javaFactory ) X-ORIGIN 'RFC 2713' )", "( 1.3.6.1.4.1.42.2.27.4.2.8 NAME 'javaMarshalledObject' DESC 'Java marshalled object' SUP javaObject AUXILIARY MUST javaSerializedData X-ORIGIN 'RFC 2713' )", "( 0.9.2342.19200300.100.4.3 NAME 'pilotObject' DESC 'Standard LDAP objectclass' SUP top STRUCTURAL MAY ( audio $ ditRedirect $ info $ jpegPhoto $ lastModifiedBy $ lastModifiedTime $ manager $ photo $ uniqueIdentifier ) X-ORIGIN 'RFC 1274' )", "( nsAdminDomain-oid NAME 'nsAdminDomain' DESC 'Netscape defined objectclass' SUP organizationalUnit STRUCTURAL MAY nsAdminDomainName X-ORIGIN 'Netscape' )", "( nsHost-oid NAME 'nsHost' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( serverHostName $ description $ l $ nsHostLocation $ nsHardwarePlatform $ nsOsVersion ) X-ORIGIN 'Netscape' )", "( nsAdminGroup-oid NAME 'nsAdminGroup' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsAdminGroupName $ description $ nsConfigRoot $ nsAdminSIEDN ) X-ORIGIN 'Netscape' )", "( nsApplication-oid NAME 'nsApplication' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsVendor $ description $ nsProductName $ nsNickName $ nsProductVersion $ nsBuildNumber $ nsRevisionNumber $ nsSerialNumber $ nsInstalledLocation $ installationTimeStamp $ nsExpirationDate $ nsBuildSecurity $ nsLdapSchemaVersion $ nsServerMigrationClassname $ nsServerCreationClassname ) X-ORIGIN 'Netscape' )", "( nsResourceRef-oid NAME 'nsResourceRef' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY seeAlso X-ORIGIN 'Netscape' )", "( nsTask-oid NAME 'nsTask' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsTaskLabel $ nsHelpRef $ nsExecRef $ nsLogSuppress ) X-ORIGIN 'Netscape' )", "( nsTaskGroup-oid NAME 'nsTaskGroup' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY nsTaskLabel X-ORIGIN 'Netscape' )", "( nsAdminObject-oid NAME 'nsAdminObject' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsJarfilename $ nsClassname ) X-ORIGIN 'Netscape' )", "( nsConfig-oid NAME 'nsConfig' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( description $ nsServerPort $ nsServerAddress $ nsSuiteSpotUser $ nsErrorLog $ nsPidLog $ nsAccessLog $ nsDefaultAcceptLanguage $ nsServerSecurity ) X-ORIGIN 'Netscape' )", "( nsDirectoryInfo-oid NAME 'nsDirectoryInfo' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsBindDN $ nsBindPassword $ nsDirectoryURL $ nsDirectoryFailoverList $ nsDirectoryInfoRef ) X-ORIGIN 'Netscape' )", "( nsAdminServer-oid NAME 'nsAdminServer' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST ( cn $ nsServerID ) MAY description X-ORIGIN 'Netscape Administration Services' )", "( nsAdminConfig-oid NAME 'nsAdminConfig' DESC 'Netscape defined objectclass' SUP nsConfig STRUCTURAL MAY ( nsAdminCgiWaitPid $ nsAdminUsers $ nsAdminAccessHosts $ nsAdminAccessAddresses $ nsAdminOneACLDir $ nsAdminEnableDSGW $ nsAdminEnableEnduser $ nsAdminCacheLifetime ) X-ORIGIN 'Netscape Administration Services' )", "( nsAdminResourceEditorExtension-oid NAME 'nsAdminResourceEditorExtension' DESC 'Netscape defined objectclass' SUP nsAdminObject STRUCTURAL MAY ( nsAdminAccountInfo $ nsDeleteclassname ) X-ORIGIN 'Netscape Administration Services' )", "( nsAdminGlobalParameters-oid NAME 'nsAdminGlobalParameters' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsAdminEndUserHTMLIndex $ nsNickName ) X-ORIGIN 'Netscape Administration Services' )", "( nsGlobalParameters-oid NAME 'nsGlobalParameters' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsUniqueAttribute $ nsUserIDFormat $ nsUserRDNComponent $ nsGroupRDNComponent $ nsWellKnownJarfiles $ nsNYR ) X-ORIGIN 'Netscape Administration Services' )", "( nsDefaultObjectClasses-oid NAME 'nsDefaultObjectClasses' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY nsDefaultObjectClass X-ORIGIN 'Netscape Administration Services' )", "( nsAdminConsoleUser-oid NAME 'nsAdminConsoleUser' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY nsPreference X-ORIGIN 'Netscape Administration Services' )", "( nsCustomView-oid NAME 'nsCustomView' DESC 'Netscape defined objectclass' SUP nsAdminObject STRUCTURAL MAY nsDisplayName X-ORIGIN 'Netscape Administration Services' )", "( nsTopologyCustomView-oid NAME 'nsTopologyCustomView' DESC 'Netscape defined objectclass' SUP nsCustomView STRUCTURAL MAY nsViewConfiguration X-ORIGIN 'Netscape Administration Services' )", "( nsTopologyPlugin-oid NAME 'nsTopologyPlugin' DESC 'Netscape defined objectclass' SUP nsAdminObject STRUCTURAL X-ORIGIN 'Netscape Administration Services' )", "( 2.16.840.1.113730.3.2.18 NAME 'netscapeCertificateServer' DESC 'Netscape defined objectclass' SUP top STRUCTURAL X-ORIGIN 'Netscape Certificate Management System' )", "( nsCertificateServer-oid NAME 'nsCertificateServer' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST nsServerID MAY ( serverHostName $ nsServerPort $ nsCertConfig ) X-ORIGIN 'Netscape Certificate Management System' )", "( 2.16.840.1.113730.3.2.23 NAME 'netscapeDirectoryServer' DESC 'Netscape defined objectclass' SUP top STRUCTURAL X-ORIGIN 'Netscape Directory Server' )", "( nsDirectoryServer-oid NAME 'nsDirectoryServer' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST nsServerID MAY ( serverHostName $ nsServerPort $ nsSecureServerPort $ nsBindPassword $ nsBindDN $ nsBaseDN ) X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.8 NAME 'ntUser' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST ntUserDomainId MAY ( description $ l $ ou $ seeAlso $ ntUserPriv $ ntUserHomeDir $ ntUserComment $ ntUserFlags $ ntUserScriptPath $ ntUserAuthFlags $ ntUserUsrComment $ ntUserParms $ ntUserWorkstations $ ntUserLastLogon $ ntUserLastLogoff $ ntUserAcctExpires $ ntUserMaxStorage $ ntUserUnitsPerWeek $ ntUserLogonHours $ ntUserBadPwCount $ ntUserNumLogons $ ntUserLogonServer $ ntUserCountryCode $ ntUserCodePage $ ntUserUniqueId $ ntUserPrimaryGroupId $ ntUserProfile $ ntUserHomeDirDrive $ ntUserPasswordExpired $ ntUserCreateNewAccount $ ntUserDeleteAccount $ ntUniqueId ) X-ORIGIN 'Netscape NT Synchronization' )", "( 2.16.840.1.113730.3.2.9 NAME 'ntGroup' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST ntUserDomainId MAY ( description $ l $ ou $ seeAlso $ ntGroupId $ ntGroupAttributes $ ntGroupCreateNewGroup $ ntGroupDeleteGroup $ ntGroupType $ ntUniqueId $ mail ) X-ORIGIN 'Netscape NT Synchronization' )", "( 2.16.840.1.113730.3.2.82 NAME 'nsChangelog4Config' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MAY cn X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.114 NAME 'nsConsumer4Config' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MAY cn X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.36 NAME 'LDAPReplica' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( description $ l $ ou $ seeAlso $ replicaRoot $ replicaHost $ replicaPort $ replicaBindDn $ replicaCredentials $ replicaBindMethod $ replicaUseSSL $ replicaUpdateSchedule $ replicaUpdateReplayed $ replicaUpdateFailedAt $ replicaBeginOrc $ replicaNickName $ replicaEntryFilter $ replicatedattributelist $ replicaCFUpdated $ replicaAbandonedChanges $ replicaLastRelevantChange ) X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.11 NAME 'cirReplicaSource' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( cirReplicaRoot $ cirHost $ cirPort $ cirBindDn $ cirUsePersistentSearch $ cirUseSsl $ cirBindCredentials $ cirLastUpdateApplied $ cirUpdateSchedule $ cirSyncInterval $ cirUpdateFailedat $ cirBeginORC $ replicaNickName $ replicaEntryFilter $ replicatedattributelist ) X-ORIGIN 'Netscape Directory Server' )", "( 2.16.840.1.113730.3.2.3 NAME 'mailRecipient' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MAY ( cn $ mail $ mailAlternateAddress $ mailHost $ mailRoutingAddress $ mailAccessDomain $ mailAutoReplyMode $ mailAutoReplyText $ mailDeliveryOption $ mailForwardingAddress $ mailMessageStore $ mailProgramDeliveryInfo $ mailQuota $ multiLineDescription $ uid $ userPassword ) X-ORIGIN 'Netscape Messaging Server 4.x' )", "( 2.16.840.113730.3.2.37 NAME 'nsMessagingServerUser' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MAY ( cn $ mailAccessDomain $ mailAutoReplyMode $ mailAutoReplyText $ mailDeliveryOption $ mailForwardingAddress $ mailMessageStore $ mailProgramDeliveryInfo $ mailQuota $ nsmsgDisallowAccess $ nsmsgNumMsgQuota $ nswmExtendedUserPrefs $ vacationstartdate $ vacationenddate ) X-ORIGIN 'Netscape Messaging Server 4.x' )", "( 2.16.840.1.113730.3.2.4 NAME 'mailGroup' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MAY ( cn $ mail $ mailAlternateAddress $ mailHost $ mailRoutingAddress $ mgrpAddHeader $ mgrpAllowedBroadcaster $ mgrpAllowedDomain $ mgrpApprovePassword $ mgrpBroadcasterPolicy $ mgrpDeliverTo $ mgrpErrorsTo $ mgrpModerator $ mgrpMsgMaxSize $ mgrpMsgRejectAction $ mgrpMsgRejectText $ mgrpNoDuplicateChecks $ mgrpRemoveHeader $ mgrpRFC822MailMember $ owner ) X-ORIGIN 'Netscape Messaging Server 4.x' )", "( 2.16.840.1.113730.3.2.5 NAME 'groupOfMailEnhancedUniqueNames' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY MUST cn MAY ( businessCategory $ description $ mailEnhancedUniqueMember $ o $ ou $ owner $ seeAlso ) X-ORIGIN 'Netscape Messaging Server 4.x' )", "( 2.16.840.1.113730.3.2.24 NAME 'netscapeMailServer' DESC 'Netscape Messaging Server 4.x defined objectclass' SUP top AUXILIARY X-ORIGIN 'Netscape Messaging Server 4.x' )", "( 2.16.840.1.113730.3.2.45 NAME 'nsValueItem' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST cn MAY ( nsValueCIS $ nsValueCES $ nsValueTel $ nsValueInt $ nsValueBin $ nsValueDN $ nsValueType $ nsValueSyntax $ nsValueDescription $ nsValueHelpURL $ nsValueFlags $ nsValueDefault ) X-ORIGIN 'Netscape servers - value item' )", "( 2.16.840.1.113730.3.2.29 NAME 'netscapeWebServer' DESC 'Netscape defined objectclass' SUP top STRUCTURAL MUST ( cn $ nsServerID ) MAY ( description $ nsServerPort ) X-ORIGIN 'Netscape Web Server' )", "( 2.16.840.1.113730.3.2.154 NAME 'netscapeReversiblePasswordObject' DESC 'object that contains an netscapeReversiblePassword' AUXILIARY MAY netscapeReversiblePassword X-ORIGIN 'Netscape Web Server' )", "( 1.3.6.1.4.1.11.1.3.2.2.1 NAME 'accountPolicy' DESC 'Account policy entry' SUP top AUXILIARY MAY accountInactivityLimit X-ORIGIN 'Account Policy Plugin' )", "( 1.3.6.1.1.1.2.17 NAME 'automount' DESC 'An entry in an automounter map' SUP top STRUCTURAL MUST ( cn $ automountInformation ) MAY description X-ORIGIN 'draft-howard-rfc2307bis' )", "( 1.3.6.1.1.1.2.16 NAME 'automountMap' DESC 'An group of related automount objects' SUP top STRUCTURAL MUST ou X-ORIGIN 'draft-howard-rfc2307bis' )", "( 1.3.6.1.4.1.5923.1.1.2 NAME 'eduPerson' AUXILIARY MAY ( eduPersonAffiliation $ eduPersonNickName $ eduPersonOrgDN $ eduPersonOrgUnitDN $ eduPersonPrimaryAffiliation $ eduPersonPrincipalName $ eduPersonEntitlement $ eduPersonPrimaryOrgUnitDN $ eduPersonScopedAffiliation ) X-ORIGIN 'http://middleware.internet2.edu/eduperson/' )", "( 1.3.6.1.4.1.13769.9.1 NAME 'mozillaAbPersonAlpha' SUP top AUXILIARY MUST cn MAY ( c $ description $ displayName $ facsimileTelephoneNumber $ givenName $ homePhone $ l $ mail $ mobile $ mozillaCustom1 $ mozillaCustom2 $ mozillaCustom3 $ mozillaCustom4 $ mozillaHomeCountryName $ mozillaHomeLocalityName $ mozillaHomePostalCode $ mozillaHomeState $ mozillaHomeStreet $ mozillaHomeStreet2 $ mozillaHomeUrl $ mozillaNickname $ mozillaSecondEmail $ mozillaUseHtmlMail $ mozillaWorkStreet2 $ mozillaWorkUrl $ nsAIMid $ o $ ou $ pager $ postalCode $ postOfficeBox $ sn $ st $ street $ telephoneNumber $ title ) X-ORIGIN 'Mozilla Address Book' )", "( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject' DESC 'Auxiliary object class for adding authorizedService attribute' SUP top AUXILIARY MAY authorizedService X-ORIGIN 'NSS LDAP schema' )", "( 1.3.6.1.4.1.5322.17.1.2 NAME 'hostObject' DESC 'Auxiliary object class for adding host attribute' SUP top AUXILIARY MAY host X-ORIGIN 'NSS LDAP schema' )", "( 2.16.840.1.113730.3.2.318 NAME 'pamConfig' DESC 'PAM plugin configuration' SUP top AUXILIARY MAY ( cn $ pamMissingSuffix $ pamExcludeSuffix $ pamIncludeSuffix $ pamIDAttr $ pamIDMapMethod $ pamFallback $ pamSecure $ pamService $ pamFilter ) X-ORIGIN 'Red Hat Directory Server' )", "( 2.16.840.1.113730.3.2.326 NAME 'dynamicGroup' DESC 'Group containing internal dynamically-generated members' SUP posixGroup AUXILIARY MAY dsOnlyMemberUid X-ORIGIN 'Red Hat Directory Server' )", "( 1.3.6.1.4.1.6981.11.2.3 NAME 'PureFTPdUser' DESC 'PureFTPd user with optional quota, throttling and ratio' STRUCTURAL MAY ( FTPStatus $ FTPQuotaFiles $ FTPQuotaMBytes $ FTPUploadRatio $ FTPDownloadRatio $ FTPUploadBandwidth $ FTPDownloadBandwidth $ FTPuid $ FTPgid ) X-ORIGIN 'Pure-FTPd' )", "( 1.2.840.113556.1.5.87 NAME 'calEntry' DESC 'RFC2739: Calendar Entry' SUP top AUXILIARY MAY ( calCalURI $ calFBURL $ calOtherCalURIs $ calOtherFBURLs $ calCAPURI $ calOtherCAPURIs ) X-ORIGIN 'rfc2739' )", "( 1.3.18.0.2.6.258 NAME 'printerAbstract' DESC 'Printer related information.' SUP top ABSTRACT MAY ( printer-name $ printer-natural-language-configured $ printer-location $ printer-info $ printer-more-info $ printer-make-and-model $ printer-multiple-document-jobs-supported $ printer-charset-configured $ printer-charset-supported $ printer-generated-natural-language-supported $ printer-document-format-supported $ printer-color-supported $ printer-compression-supported $ printer-pages-per-minute $ printer-pages-per-minute-color $ printer-finishings-supported $ printer-number-up-supported $ printer-sides-supported $ printer-media-supported $ printer-media-local-supported $ printer-resolution-supported $ printer-print-quality-supported $ printer-job-priority-supported $ printer-copies-supported $ printer-job-k-octets-supported $ printer-current-operator $ printer-service-person $ printer-delivery-orientation-supported $ printer-stacking-order-supported $ printer-output-features-supported ) X-ORIGIN 'rfc3712' )", "( 1.3.18.0.2.6.255 NAME 'printerService' DESC 'Printer information.' SUP printerAbstract STRUCTURAL MAY ( printer-uri $ printer-xri-supported ) X-ORIGIN 'rfc3712' )", "( 1.3.18.0.2.6.257 NAME 'printerServiceAuxClass' DESC 'Printer information.' SUP printerAbstract AUXILIARY MAY ( printer-uri $ printer-xri-supported ) X-ORIGIN 'rfc3712' )", "( 1.3.18.0.2.6.256 NAME 'printerIPP' DESC 'Internet Printing Protocol (IPP) information.' SUP top AUXILIARY MAY ( printer-ipp-versions-supported $ printer-multiple-document-jobs-supported ) X-ORIGIN 'rfc3712' )", "( 1.3.18.0.2.6.253 NAME 'printerLPR' DESC 'LPR information.' SUP top AUXILIARY MUST printer-name MAY printer-aliases X-ORIGIN 'rfc3712' )", "( 1.3.6.1.4.1.2312.4.3.4.1 NAME 'sabayonProfile' DESC 'sabayon profile' SUP top STRUCTURAL MUST cn MAY ( sabayonProfileURL $ description ) X-ORIGIN 'Sabayon' )", "( 1.3.6.1.4.1.2312.4.3.4.2 NAME 'sabayonProfileNameObject' DESC 'contains sabayon profile name' SUP top AUXILIARY MUST sabayonProfileName X-ORIGIN 'Sabayon' )", "( 1.3.6.1.4.1.2312.4.3.4.3 NAME 'sabayonProfileURLObject' DESC 'contains sabayon profile' SUP top AUXILIARY MUST cn MAY sabayonProfileURL X-ORIGIN 'Sabayon' )", "( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' DESC 'Sudoer Entries' SUP top STRUCTURAL MUST cn MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ sudoRunAsGroup $ sudoOption $ sudoNotBefore $ sudoNotAfter $ sudoOrder $ description ) X-ORIGIN 'SUDO' )", "( 5.3.6.1.1.1.2.0 NAME 'trustAccount' DESC 'Sets trust accounts information' SUP top AUXILIARY MUST trustModel MAY accessTo X-ORIGIN 'nss_ldap/pam_ldap' )" ] }, "schema_entry": "cn=schema", "type": "SchemaInfo" } """ ds389_1_3_3_dsa_info = """ { "raw": { "aci": [ "(targetattr != \\"aci\\")(version 3.0; aci \\"rootdse anon read access\\"; allow(read,search,compare) userdn=\\"ldap:///anyone\\";)" ], "dataversion": [ "020141110230816" ], "defaultnamingcontext": [ "dc=labldap06,dc=a3,dc=internal,dc=cloudapp,dc=net" ], "namingContexts": [ "dc=labldap06,dc=a3,dc=internal,dc=cloudapp,dc=net" ], "netscapemdsuffix": [ "cn=ldap://dc=DS3891,dc=labldap06,dc=a3,dc=internal,dc=cloudapp,dc=net:389" ], "objectClass": [ "top" ], "subschemaSubentry": [ "cn=schema" ], "supportedControl": [ "2.16.840.1.113730.3.4.2", "2.16.840.1.113730.3.4.3", "2.16.840.1.113730.3.4.4", "2.16.840.1.113730.3.4.5", "1.2.840.113556.1.4.473", "2.16.840.1.113730.3.4.9", "2.16.840.1.113730.3.4.16", "2.16.840.1.113730.3.4.15", "2.16.840.1.113730.3.4.17", "2.16.840.1.113730.3.4.19", "1.3.6.1.1.13.1", "1.3.6.1.1.13.2", "1.3.6.1.4.1.42.2.27.8.5.1", "1.3.6.1.4.1.42.2.27.9.5.2", "1.2.840.113556.1.4.319", "1.3.6.1.4.1.42.2.27.9.5.8", "1.3.6.1.4.1.4203.666.5.16", "2.16.840.1.113730.3.4.14", "2.16.840.1.113730.3.4.20", "1.3.6.1.4.1.1466.29539.12", "2.16.840.1.113730.3.4.12", "2.16.840.1.113730.3.4.18", "2.16.840.1.113730.3.4.13" ], "supportedExtension": [ "2.16.840.1.113730.3.5.7", "2.16.840.1.113730.3.5.8", "2.16.840.1.113730.3.5.3", "2.16.840.1.113730.3.5.12", "2.16.840.1.113730.3.5.5", "2.16.840.1.113730.3.5.6", "2.16.840.1.113730.3.5.9", "2.16.840.1.113730.3.5.4", "2.16.840.1.113730.3.6.5", "2.16.840.1.113730.3.6.6", "2.16.840.1.113730.3.6.7", "2.16.840.1.113730.3.6.8", "1.3.6.1.4.1.4203.1.11.3", "1.3.6.1.4.1.4203.1.11.1" ], "supportedLdapVersion": [ "2", "3" ], "supportedSASLMechanisms": [ "EXTERNAL", "PLAIN", "DIGEST-MD5", "ANONYMOUS", "GSSAPI", "LOGIN" ], "vendorName": [ "389 Project" ], "vendorVersion": [ "389-Directory/1.3.3.0 B2014.289.2022" ] }, "type": "DsaInfo" } """ ldap3-2.4.1/ldap3/protocol/schemas/edir888.py0000666000000000000000000053360113226436321016721 0ustar 00000000000000""" """ # Created on 2014.10.21 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . edir_8_8_8_schema = """ { "raw": { "attributeTypes": [ "( 2.5.4.35 NAME 'userPassword' DESC 'Internal NDS policy forces this to be single-valued' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} USAGE directoryOperation )", "( 2.5.18.1 NAME 'createTimestamp' DESC 'Operational Attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", "( 2.5.18.2 NAME 'modifyTimestamp' DESC 'Operational Attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", "( 2.5.18.10 NAME 'subschemaSubentry' DESC 'Operational Attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE directoryOperation )", "( 2.5.21.9 NAME 'structuralObjectClass' DESC 'Operational Attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", "( 2.16.840.1.113719.1.27.4.49 NAME 'subordinateCount' DESC 'Operational Attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", "( 2.16.840.1.113719.1.27.4.48 NAME 'entryFlags' DESC 'Operational Attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", "( 2.16.840.1.113719.1.27.4.51 NAME 'federationBoundary' DESC 'Operational Attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE directoryOperation )", "( 2.5.21.5 NAME 'attributeTypes' DESC 'Operational Attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 USAGE directoryOperation )", "( 2.5.21.6 NAME 'objectClasses' DESC 'Operational Attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.37 USAGE directoryOperation )", "( 1.3.6.1.1.20 NAME 'entryDN' DESC 'Operational Attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", "( 2.16.840.1.113719.1.1.4.1.2 NAME 'ACL' SYNTAX 2.16.840.1.113719.1.1.5.1.17 X-NDS_NONREMOVABLE '1' X-NDS_FILTERED_REQUIRED '1' )", "( 2.5.4.1 NAME 'aliasedObjectName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-NDS_NAME 'Aliased Object Name' X-NDS_NONREMOVABLE '1' X-NDS_FILTERED_REQUIRED '1' )", "( 2.16.840.1.113719.1.1.4.1.6 NAME 'backLink' SYNTAX 2.16.840.1.113719.1.1.5.1.23 NO-USER-MODIFICATION USAGE directoryOperation X-NDS_NAME 'Back Link' X-NDS_SERVER_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' X-NDS_NONREMOVABLE '1' X-NDS_FILTERED_REQUIRED '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.8 NAME 'binderyProperty' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} NO-USER-MODIFICATION USAGE directoryOperation X-NDS_NAME 'Bindery Property' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.7 NAME 'binderyObjectRestriction' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-NDS_NAME 'Bindery Object Restriction' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.9 NAME 'binderyType' SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{64512} SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-NDS_NAME 'Bindery Type' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.11 NAME 'cAPrivateKey' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-NDS_NAME 'CA Private Key' X-NDS_NONREMOVABLE '1' X-NDS_HIDDEN '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.12 NAME 'cAPublicKey' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-NDS_NAME 'CA Public Key' X-NDS_PUBLIC_READ '1' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.10 NAME 'Cartridge' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} X-NDS_NONREMOVABLE '1' )", "( 2.5.4.3 NAME ( 'cn' 'commonName' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} X-NDS_NAME 'CN' X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '64' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.78 NAME 'printerConfiguration' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5{64512} SINGLE-VALUE X-NDS_NAME 'Printer Configuration' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.15 NAME 'Convergence' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{1} SINGLE-VALUE X-NDS_UPPER_BOUND '1' X-NDS_NONREMOVABLE '1' )", "( 2.5.4.6 NAME ( 'c' 'countryName' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2} SINGLE-VALUE X-NDS_NAME 'C' X-NDS_LOWER_BOUND '2' X-NDS_UPPER_BOUND '2' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.18 NAME 'defaultQueue' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-NDS_NAME 'Default Queue' X-NDS_SERVER_READ '1' X-NDS_NONREMOVABLE '1' )", "( 2.5.4.13 NAME ( 'description' 'multiLineDescription' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} X-NDS_NAME 'Description' X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '1024' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.64 NAME 'partitionCreationTime' SYNTAX 2.16.840.1.113719.1.1.5.1.19 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-NDS_NAME 'Partition Creation Time' X-NDS_PUBLIC_READ '1' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.5.4.23 NAME 'facsimileTelephoneNumber' SYNTAX 1.3.6.1.4.1.1466.115.121.1.22{64512} X-NDS_NAME 'Facsimile Telephone Number' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.117 NAME 'highConvergenceSyncInterval' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NAME 'High Convergence Sync Interval' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.25 NAME 'groupMembership' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-NDS_NAME 'Group Membership' X-NDS_NAME_VALUE_ACCESS '1' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.26 NAME 'ndsHomeDirectory' SYNTAX 2.16.840.1.113719.1.1.5.1.15{255} SINGLE-VALUE X-NDS_NAME 'Home Directory' X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '255' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.27 NAME 'hostDevice' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-NDS_NAME 'Host Device' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.28 NAME 'hostResourceName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} SINGLE-VALUE X-NDS_NAME 'Host Resource Name' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.29 NAME 'hostServer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-NDS_NAME 'Host Server' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.30 NAME 'inheritedACL' SYNTAX 2.16.840.1.113719.1.1.5.1.17 NO-USER-MODIFICATION USAGE directoryOperation X-NDS_NAME 'Inherited ACL' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.5.4.7 NAME ( 'l' 'localityname' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} X-NDS_NAME 'L' X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '128' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.39 NAME 'loginAllowedTimeMap' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5{42} SINGLE-VALUE X-NDS_NAME 'Login Allowed Time Map' X-NDS_LOWER_BOUND '42' X-NDS_UPPER_BOUND '42' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.40 NAME 'loginDisabled' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NAME 'Login Disabled' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.41 NAME 'loginExpirationTime' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE X-NDS_NAME 'Login Expiration Time' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.42 NAME 'loginGraceLimit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NAME 'Login Grace Limit' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.43 NAME 'loginGraceRemaining' SYNTAX 2.16.840.1.113719.1.1.5.1.22 SINGLE-VALUE X-NDS_NAME 'Login Grace Remaining' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.44 NAME 'loginIntruderAddress' SYNTAX 2.16.840.1.113719.1.1.5.1.12 SINGLE-VALUE X-NDS_NAME 'Login Intruder Address' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.45 NAME 'loginIntruderAttempts' SYNTAX 2.16.840.1.113719.1.1.5.1.22 SINGLE-VALUE X-NDS_NAME 'Login Intruder Attempts' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.46 NAME 'loginIntruderLimit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NAME 'Login Intruder Limit' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.31 NAME 'intruderAttemptResetInterval' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NAME 'Intruder Attempt Reset Interval' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.47 NAME 'loginIntruderResetTime' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE X-NDS_NAME 'Login Intruder Reset Time' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.48 NAME 'loginMaximumSimultaneous' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NAME 'Login Maximum Simultaneous' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.49 NAME 'loginScript' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_NAME 'Login Script' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.50 NAME 'loginTime' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE X-NDS_NAME 'Login Time' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' X-NDS_NONREMOVABLE '1' )", "( 2.5.4.31 NAME ( 'member' 'uniqueMember' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-NDS_NAME 'Member' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.52 NAME 'Memory' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.22 NAME 'eMailAddress' SYNTAX 2.16.840.1.113719.1.1.5.1.14{64512} X-NDS_NAME 'EMail Address' X-NDS_PUBLIC_READ '1' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.55 NAME 'networkAddress' SYNTAX 2.16.840.1.113719.1.1.5.1.12 X-NDS_NAME 'Network Address' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.56 NAME 'networkAddressRestriction' SYNTAX 2.16.840.1.113719.1.1.5.1.12 X-NDS_NAME 'Network Address Restriction' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.57 NAME 'notify' SYNTAX 2.16.840.1.113719.1.1.5.1.25 X-NDS_NAME 'Notify' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.114 NAME 'Obituary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} NO-USER-MODIFICATION USAGE directoryOperation X-NDS_NONREMOVABLE '1' X-NDS_FILTERED_REQUIRED '1' X-NDS_READ_FILTERED '1' )", "( 2.5.4.0 NAME 'objectClass' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 X-NDS_NAME 'Object Class' X-NDS_PUBLIC_READ '1' X-NDS_NONREMOVABLE '1' X-NDS_FILTERED_REQUIRED '1' )", "( 2.16.840.1.113719.1.1.4.1.59 NAME 'operator' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-NDS_NAME 'Operator' X-NDS_SERVER_READ '1' X-NDS_NONREMOVABLE '1' )", "( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} X-NDS_NAME 'OU' X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '64' X-NDS_NONREMOVABLE '1' )", "( 2.5.4.10 NAME ( 'o' 'organizationname' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} X-NDS_NAME 'O' X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '64' X-NDS_NONREMOVABLE '1' )", "( 2.5.4.32 NAME 'owner' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-NDS_NAME 'Owner' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.63 NAME 'pageDescriptionLanguage' SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} X-NDS_NAME 'Page Description Language' X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '64' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.65 NAME 'passwordsUsed' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} USAGE directoryOperation X-NDS_NAME 'Passwords Used' X-NDS_NONREMOVABLE '1' X-NDS_HIDDEN '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.66 NAME 'passwordAllowChange' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NAME 'Password Allow Change' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.67 NAME 'passwordExpirationInterval' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NAME 'Password Expiration Interval' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.68 NAME 'passwordExpirationTime' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE X-NDS_NAME 'Password Expiration Time' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.69 NAME 'passwordMinimumLength' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NAME 'Password Minimum Length' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.70 NAME 'passwordRequired' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NAME 'Password Required' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.71 NAME 'passwordUniqueRequired' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NAME 'Password Unique Required' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.72 NAME 'path' SYNTAX 2.16.840.1.113719.1.1.5.1.15{64512} X-NDS_NAME 'Path' X-NDS_NONREMOVABLE '1' )", "( 2.5.4.19 NAME 'physicalDeliveryOfficeName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} X-NDS_NAME 'Physical Delivery Office Name' X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '128' X-NDS_NONREMOVABLE '1' )", "( 2.5.4.16 NAME 'postalAddress' SYNTAX 1.3.6.1.4.1.1466.115.121.1.41{64512} X-NDS_NAME 'Postal Address' X-NDS_NONREMOVABLE '1' )", "( 2.5.4.17 NAME 'postalCode' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} X-NDS_NAME 'Postal Code' X-NDS_UPPER_BOUND '40' X-NDS_NONREMOVABLE '1' )", "( 2.5.4.18 NAME 'postOfficeBox' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} X-NDS_NAME 'Postal Office Box' X-NDS_UPPER_BOUND '40' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.80 NAME 'printJobConfiguration' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_NAME 'Print Job Configuration' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.79 NAME 'printerControl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_NAME 'Printer Control' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.82 NAME 'privateKey' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-NDS_NAME 'Private Key' X-NDS_NONREMOVABLE '1' X-NDS_HIDDEN '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.83 NAME 'Profile' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.84 NAME 'publicKey' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-NDS_NAME 'Public Key' X-NDS_PUBLIC_READ '1' X-NDS_NONREMOVABLE '1' X-NDS_FILTERED_OPERATIONAL '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.85 NAME 'queue' SYNTAX 2.16.840.1.113719.1.1.5.1.25 X-NDS_NAME 'Queue' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.86 NAME 'queueDirectory' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE X-NDS_NAME 'Queue Directory' X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '255' X-NDS_SERVER_READ '1' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.115 NAME 'Reference' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE directoryOperation X-NDS_NEVER_SYNC '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' X-NDS_NONREMOVABLE '1' X-NDS_HIDDEN '1' X-NDS_FILTERED_REQUIRED '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.88 NAME 'Replica' SYNTAX 2.16.840.1.113719.1.1.5.1.16{64512} NO-USER-MODIFICATION USAGE directoryOperation X-NDS_PUBLIC_READ '1' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.89 NAME 'Resource' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-NDS_NONREMOVABLE '1' )", "( 2.5.4.33 NAME 'roleOccupant' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-NDS_NAME 'Role Occupant' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.116 NAME 'higherPrivileges' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-NDS_NAME 'Higher Privileges' X-NDS_SERVER_READ '1' X-NDS_NAME_VALUE_ACCESS '1' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.92 NAME 'securityEquals' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-NDS_NAME 'Security Equals' X-NDS_SERVER_READ '1' X-NDS_NAME_VALUE_ACCESS '1' X-NDS_NONREMOVABLE '1' X-NDS_FILTERED_REQUIRED '1' )", "( 2.5.4.34 NAME 'seeAlso' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-NDS_NAME 'See Also' X-NDS_NONREMOVABLE '1' )", "( 2.5.4.5 NAME 'serialNumber' SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} X-NDS_NAME 'Serial Number' X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '64' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.95 NAME 'server' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-NDS_NAME 'Server' X-NDS_SERVER_READ '1' X-NDS_NONREMOVABLE '1' )", "( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} X-NDS_NAME 'S' X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '128' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.98 NAME 'status' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NAME 'Status' X-NDS_PUBLIC_READ '1' X-NDS_NONREMOVABLE '1' X-NDS_FILTERED_OPERATIONAL '1' )", "( 2.5.4.9 NAME 'street' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} X-NDS_NAME 'SA' X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '128' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.102 NAME 'supportedTypefaces' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} X-NDS_NAME 'Supported Typefaces' X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '64' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.101 NAME 'supportedServices' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} X-NDS_NAME 'Supported Services' X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '64' X-NDS_NONREMOVABLE '1' )", "( 2.5.4.4 NAME ( 'sn' 'surname' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} X-NDS_NAME 'Surname' X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '64' X-NDS_PUBLIC_READ '1' X-NDS_NONREMOVABLE '1' )", "( 2.5.4.20 NAME 'telephoneNumber' SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{64512} X-NDS_NAME 'Telephone Number' X-NDS_NONREMOVABLE '1' )", "( 2.5.4.12 NAME 'title' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} X-NDS_NAME 'Title' X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '64' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.111 NAME 'User' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-NDS_SERVER_READ '1' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.112 NAME 'Version' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} SINGLE-VALUE X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '64' X-NDS_PUBLIC_READ '1' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.1 NAME 'accountBalance' SYNTAX 2.16.840.1.113719.1.1.5.1.22 SINGLE-VALUE X-NDS_NAME 'Account Balance' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.4 NAME 'allowUnlimitedCredit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NAME 'Allow Unlimited Credit' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.118 NAME 'lowConvergenceResetTime' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE USAGE directoryOperation X-NDS_NAME 'Low Convergence Reset Time' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.54 NAME 'minimumAccountBalance' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NAME 'Minimum Account Balance' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.104 NAME 'lowConvergenceSyncInterval' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NAME 'Low Convergence Sync Interval' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.21 NAME 'Device' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.53 NAME 'messageServer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-NDS_NAME 'Message Server' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.34 NAME 'Language' SYNTAX 2.16.840.1.113719.1.1.5.1.6{64512} SINGLE-VALUE X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.100 NAME 'supportedConnections' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NAME 'Supported Connections' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.107 NAME 'typeCreatorMap' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_NAME 'Type Creator Map' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.108 NAME 'ndsUID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NAME 'UID' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.24 NAME 'groupID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NAME 'GID' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.110 NAME 'unknownBaseClass' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32} SINGLE-VALUE USAGE directoryOperation X-NDS_NAME 'Unknown Base Class' X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '32' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.87 NAME 'receivedUpTo' SYNTAX 2.16.840.1.113719.1.1.5.1.19 NO-USER-MODIFICATION USAGE directoryOperation X-NDS_NAME 'Received Up To' X-NDS_PUBLIC_READ '1' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.33 NAME 'synchronizedUpTo' SYNTAX 2.16.840.1.113719.1.1.5.1.19 NO-USER-MODIFICATION USAGE directoryOperation X-NDS_NAME 'Synchronized Up To' X-NDS_PUBLIC_READ '1' X-NDS_NEVER_SYNC '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.5 NAME 'authorityRevocation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-NDS_NAME 'Authority Revocation' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.13 NAME 'certificateRevocation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-NDS_NAME 'Certificate Revocation' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.17 NAME 'ndsCrossCertificatePair' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5{64512} X-NDS_NAME 'Cross Certificate Pair' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.37 NAME 'lockedByIntruder' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NAME 'Locked By Intruder' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.77 NAME 'printer' SYNTAX 2.16.840.1.113719.1.1.5.1.25 X-NDS_NAME 'Printer' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.20 NAME 'detectIntruder' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NAME 'Detect Intruder' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.38 NAME 'lockoutAfterDetection' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NAME 'Lockout After Detection' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.32 NAME 'intruderLockoutResetInterval' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NAME 'Intruder Lockout Reset Interval' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.96 NAME 'serverHolds' SYNTAX 2.16.840.1.113719.1.1.5.1.23 X-NDS_NAME 'Server Holds' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.91 NAME 'sAPName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{47} SINGLE-VALUE X-NDS_NAME 'SAP Name' X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '47' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.113 NAME 'Volume' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.35 NAME 'lastLoginTime' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-NDS_NAME 'Last Login Time' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.81 NAME 'printServer' SYNTAX 2.16.840.1.113719.1.1.5.1.25 SINGLE-VALUE X-NDS_NAME 'Print Server' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.119 NAME 'nNSDomain' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} X-NDS_NAME 'NNS Domain' X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '128' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.120 NAME 'fullName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{127} X-NDS_NAME 'Full Name' X-NDS_UPPER_BOUND '127' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.121 NAME 'partitionControl' SYNTAX 2.16.840.1.113719.1.1.5.1.25 NO-USER-MODIFICATION USAGE directoryOperation X-NDS_NAME 'Partition Control' X-NDS_PUBLIC_READ '1' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.122 NAME 'revision' SYNTAX 2.16.840.1.113719.1.1.5.1.22 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-NDS_NAME 'Revision' X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' X-NDS_SCHED_SYNC_NEVER '1' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.123 NAME 'certificateValidityInterval' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{4294967295} SINGLE-VALUE X-NDS_NAME 'Certificate Validity Interval' X-NDS_LOWER_BOUND '60' X-NDS_UPPER_BOUND '-1' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.124 NAME 'externalSynchronizer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} X-NDS_NAME 'External Synchronizer' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.125 NAME 'messagingDatabaseLocation' SYNTAX 2.16.840.1.113719.1.1.5.1.15{64512} SINGLE-VALUE X-NDS_NAME 'Messaging Database Location' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.126 NAME 'messageRoutingGroup' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-NDS_NAME 'Message Routing Group' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.127 NAME 'messagingServer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-NDS_NAME 'Messaging Server' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.128 NAME 'Postmaster' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.162 NAME 'mailboxLocation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-NDS_NAME 'Mailbox Location' X-NDS_PUBLIC_READ '1' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.163 NAME 'mailboxID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{8} SINGLE-VALUE X-NDS_NAME 'Mailbox ID' X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '8' X-NDS_PUBLIC_READ '1' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.164 NAME 'externalName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE X-NDS_NAME 'External Name' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.165 NAME 'securityFlags' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NAME 'Security Flags' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.166 NAME 'messagingServerType' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32} SINGLE-VALUE X-NDS_NAME 'Messaging Server Type' X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '32' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.167 NAME 'lastReferencedTime' SYNTAX 2.16.840.1.113719.1.1.5.1.19 SINGLE-VALUE USAGE directoryOperation X-NDS_NAME 'Last Referenced Time' X-NDS_NEVER_SYNC '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.5.4.42 NAME 'givenName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32} X-NDS_NAME 'Given Name' X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '32' X-NDS_PUBLIC_READ '1' X-NDS_NONREMOVABLE '1' )", "( 2.5.4.43 NAME 'initials' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{8} X-NDS_NAME 'Initials' X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '8' X-NDS_PUBLIC_READ '1' X-NDS_NONREMOVABLE '1' )", "( 2.5.4.44 NAME 'generationQualifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{8} SINGLE-VALUE X-NDS_NAME 'Generational Qualifier' X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '8' X-NDS_PUBLIC_READ '1' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.171 NAME 'profileMembership' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-NDS_NAME 'Profile Membership' X-NDS_NAME_VALUE_ACCESS '1' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.172 NAME 'dsRevision' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NAME 'DS Revision' X-NDS_PUBLIC_READ '1' X-NDS_NONREMOVABLE '1' X-NDS_FILTERED_OPERATIONAL '1' )", "( 2.16.840.1.113719.1.1.4.1.173 NAME 'supportedGateway' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{4096} X-NDS_NAME 'Supported Gateway' X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '4096' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.174 NAME 'equivalentToMe' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-NDS_NAME 'Equivalent To Me' X-NDS_SERVER_READ '1' X-NDS_NONREMOVABLE '1' X-NDS_FILTERED_REQUIRED '1' )", "( 2.16.840.1.113719.1.1.4.1.175 NAME 'replicaUpTo' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} NO-USER-MODIFICATION USAGE directoryOperation X-NDS_NAME 'Replica Up To' X-NDS_PUBLIC_READ '1' X-NDS_NEVER_SYNC '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.176 NAME 'partitionStatus' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} NO-USER-MODIFICATION USAGE directoryOperation X-NDS_NAME 'Partition Status' X-NDS_PUBLIC_READ '1' X-NDS_NEVER_SYNC '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.177 NAME 'permanentConfigParms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} X-NDS_NAME 'Permanent Config Parms' X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.178 NAME 'Timezone' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.179 NAME 'binderyRestrictionLevel' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE directoryOperation X-NDS_NAME 'Bindery Restriction Level' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.180 NAME 'transitiveVector' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} NO-USER-MODIFICATION USAGE directoryOperation X-NDS_NAME 'Transitive Vector' X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' X-NDS_SCHED_SYNC_NEVER '1' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.181 NAME 'T' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32} X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '32' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.183 NAME 'purgeVector' SYNTAX 2.16.840.1.113719.1.1.5.1.19 NO-USER-MODIFICATION USAGE directoryOperation X-NDS_NAME 'Purge Vector' X-NDS_PUBLIC_READ '1' X-NDS_NEVER_SYNC '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' X-NDS_SCHED_SYNC_NEVER '1' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.184 NAME 'synchronizationTolerance' SYNTAX 2.16.840.1.113719.1.1.5.1.19 USAGE directoryOperation X-NDS_NAME 'Synchronization Tolerance' X-NDS_PUBLIC_READ '1' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.185 NAME 'passwordManagement' SYNTAX 2.16.840.1.113719.1.1.5.1.0 SINGLE-VALUE USAGE directoryOperation X-NDS_NAME 'Password Management' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.186 NAME 'usedBy' SYNTAX 2.16.840.1.113719.1.1.5.1.15{64512} NO-USER-MODIFICATION USAGE directoryOperation X-NDS_NAME 'Used By' X-NDS_SERVER_READ '1' X-NDS_NONREMOVABLE '1' X-NDS_FILTERED_REQUIRED '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.187 NAME 'Uses' SYNTAX 2.16.840.1.113719.1.1.5.1.15{64512} NO-USER-MODIFICATION USAGE directoryOperation X-NDS_SERVER_READ '1' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.500 NAME 'obituaryNotify' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} NO-USER-MODIFICATION USAGE directoryOperation X-NDS_NAME 'Obituary Notify' X-NDS_NONREMOVABLE '1' X-NDS_FILTERED_REQUIRED '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.501 NAME 'GUID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{16} SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-NDS_LOWER_BOUND '16' X-NDS_UPPER_BOUND '16' X-NDS_PUBLIC_READ '1' X-NDS_NONREMOVABLE '1' X-NDS_FILTERED_REQUIRED '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.502 NAME 'otherGUID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{16} USAGE directoryOperation X-NDS_NAME 'Other GUID' X-NDS_LOWER_BOUND '16' X-NDS_UPPER_BOUND '16' X-NDS_PUBLIC_READ '1' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.503 NAME 'auxiliaryClassFlag' SYNTAX 2.16.840.1.113719.1.1.5.1.0 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-NDS_NAME 'Auxiliary Class Flag' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.504 NAME 'unknownAuxiliaryClass' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32} USAGE directoryOperation X-NDS_NAME 'Unknown Auxiliary Class' X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '32' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userId' ) SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} X-NDS_NAME 'uniqueID' X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '64' X-NDS_PUBLIC_READ '1' X-NDS_NONREMOVABLE '1' )", "( 0.9.2342.19200300.100.1.25 NAME 'dc' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} X-NDS_NAME 'dc' X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '64' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.507 NAME 'auxClassObjectClassBackup' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 NO-USER-MODIFICATION USAGE directoryOperation X-NDS_NAME 'AuxClass Object Class Backup' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.508 NAME 'localReceivedUpTo' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} NO-USER-MODIFICATION USAGE directoryOperation X-NDS_NAME 'Local Received Up To' X-NDS_PUBLIC_READ '1' X-NDS_NEVER_SYNC '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.141.4.4 NAME 'federationControl' SYNTAX 2.16.840.1.113719.1.1.5.1.15{64512} USAGE directoryOperation X-NDS_NONREMOVABLE '1' X-NDS_FILTERED_REQUIRED '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.141.4.2 NAME 'federationSearchPath' SYNTAX 2.16.840.1.113719.1.1.5.1.6{64512} SINGLE-VALUE USAGE directoryOperation X-NDS_NONREMOVABLE '1' X-NDS_FILTERED_REQUIRED '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.141.4.3 NAME 'federationDNSName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE USAGE directoryOperation X-NDS_PUBLIC_READ '1' X-NDS_NONREMOVABLE '1' X-NDS_FILTERED_REQUIRED '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.141.4.1 NAME 'federationBoundaryType' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-NDS_NONREMOVABLE '1' X-NDS_FILTERED_REQUIRED '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.14.4.1.4 NAME 'DirXML-Associations' SYNTAX 2.16.840.1.113719.1.1.5.1.15{64512} X-NDS_NONREMOVABLE '1' X-NDS_FILTERED_REQUIRED '1' )", "( 2.5.18.3 NAME 'creatorsName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-NDS_NONREMOVABLE '1' X-NDS_FILTERED_REQUIRED '1' X-NDS_READ_FILTERED '1' )", "( 2.5.18.4 NAME 'modifiersName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-NDS_NONREMOVABLE '1' X-NDS_FILTERED_REQUIRED '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.300 NAME 'languageId' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.27.4.35 NAME 'ndsPredicate' SYNTAX 2.16.840.1.113719.1.1.5.1.12 X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.27.4.36 NAME 'ndsPredicateState' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.27.4.37 NAME 'ndsPredicateFlush' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.27.4.38 NAME 'ndsPredicateTimeout' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{2147483647} SINGLE-VALUE X-NDS_UPPER_BOUND '2147483647' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.27.4.40 NAME 'ndsPredicateStatsDN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.27.4.39 NAME 'ndsPredicateUseValues' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.601 NAME 'syncPanePoint' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-NDS_PUBLIC_READ '1' X-NDS_NEVER_SYNC '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.600 NAME 'syncWindowVector' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-NDS_PUBLIC_READ '1' X-NDS_NEVER_SYNC '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.602 NAME 'objectVersion' SYNTAX 2.16.840.1.113719.1.1.5.1.19 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-NDS_PUBLIC_READ '1' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.27.4.52 NAME 'memberQueryURL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} X-NDS_NAME 'memberQuery' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.302 NAME 'excludedMember' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.1.525 NAME 'auxClassCompatibility' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 NO-USER-MODIFICATION USAGE directoryOperation X-NDS_PUBLIC_READ '1' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.518 NAME 'ndsAgentPassword' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' X-NDS_NONREMOVABLE '1' X-NDS_HIDDEN '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.519 NAME 'ndsOperationCheckpoint' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} USAGE directoryOperation X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.520 NAME 'localReferral' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE USAGE directoryOperation X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.521 NAME 'treeReferral' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} USAGE directoryOperation X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.522 NAME 'schemaResetLock' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE USAGE directoryOperation X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.523 NAME 'modifiedACLEntry' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE directoryOperation X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.524 NAME 'monitoredConnection' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} USAGE directoryOperation X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.526 NAME 'localFederationBoundary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE USAGE directoryOperation X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.527 NAME 'replicationFilter' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE USAGE directoryOperation X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' X-NDS_NONREMOVABLE '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.296 NAME 'loginActivationTime' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.687 NAME 'UpdateInProgress' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.4.400.1 NAME 'edirSchemaFlagVersion' SYNTAX 2.16.840.1.113719.1.1.5.1.0 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-NDS_NONREMOVABLE '1' X-NDS_HIDDEN '1' X-NDS_READ_FILTERED '1' )", "( 2.16.840.1.113719.1.1.4.1.512 NAME 'indexDefinition' SYNTAX 2.16.840.1.113719.1.1.5.1.6{64512} X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.1.4.1.513 NAME 'ndsStatusRepair' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.1.4.1.514 NAME 'ndsStatusExternalReference' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.1.4.1.515 NAME 'ndsStatusObituary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.1.4.1.516 NAME 'ndsStatusSchema' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.1.4.1.517 NAME 'ndsStatusLimber' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.1.4.1.511 NAME 'authoritative' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113730.3.1.34 NAME 'ref' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64512} X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.1.4.1.546 NAME 'CachedAttrsOnExtRefs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} X-NDS_SERVER_READ '1' )", "( 2.16.840.1.113719.1.1.4.1.547 NAME 'ExtRefLastUpdatedTime' SYNTAX 2.16.840.1.113719.1.1.5.1.19 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation X-NDS_PUBLIC_READ '1' X-NDS_NEVER_SYNC '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.1.4.688 NAME 'NCPKeyMaterialName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} SINGLE-VALUE X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.1.4.713 NAME 'UTF8LoginScript' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE )", "( 2.16.840.1.113719.1.1.4.714 NAME 'loginScriptCharset' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} SINGLE-VALUE )", "( 2.16.840.1.113719.1.1.4.1.1.192 NAME 'lDAPLogLevel' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{32768} SINGLE-VALUE X-NDS_NAME 'LDAP Log Level' X-NDS_UPPER_BOUND '32768' )", "( 2.16.840.1.113719.1.27.4.12 NAME 'lDAPUDPPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{65535} SINGLE-VALUE X-NDS_NAME 'LDAP UDP Port' X-NDS_UPPER_BOUND '65535' )", "( 2.16.840.1.113719.1.1.4.1.204 NAME 'lDAPLogFilename' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} SINGLE-VALUE X-NDS_NAME 'LDAP Log Filename' )", "( 2.16.840.1.113719.1.1.4.1.205 NAME 'lDAPBackupLogFilename' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} SINGLE-VALUE X-NDS_NAME 'LDAP Backup Log Filename' )", "( 2.16.840.1.113719.1.1.4.1.206 NAME 'lDAPLogSizeLimit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{4294967295} SINGLE-VALUE X-NDS_NAME 'LDAP Log Size Limit' X-NDS_LOWER_BOUND '2048' X-NDS_UPPER_BOUND '-1' )", "( 2.16.840.1.113719.1.1.4.1.194 NAME 'lDAPSearchSizeLimit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{2147483647} SINGLE-VALUE X-NDS_NAME 'LDAP Search Size Limit' X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '2147483647' )", "( 2.16.840.1.113719.1.1.4.1.195 NAME 'lDAPSearchTimeLimit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{2147483647} SINGLE-VALUE X-NDS_NAME 'LDAP Search Time Limit' X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '2147483647' )", "( 2.16.840.1.113719.1.1.4.1.207 NAME 'lDAPSuffix' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-NDS_NAME 'LDAP Suffix' )", "( 2.16.840.1.113719.1.27.4.70 NAME 'ldapConfigVersion' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 2.16.840.1.113719.1.27.4.14 NAME 'ldapReferral' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} SINGLE-VALUE X-NDS_NAME 'LDAP Referral' )", "( 2.16.840.1.113719.1.27.4.73 NAME 'ldapDefaultReferralBehavior' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 2.16.840.1.113719.1.27.4.23 NAME 'ldapSearchReferralUsage' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NAME 'LDAP:searchReferralUsage' )", "( 2.16.840.1.113719.1.27.4.24 NAME 'lDAPOtherReferralUsage' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NAME 'LDAP:otherReferralUsage' )", "( 2.16.840.1.113719.1.27.4.1 NAME 'ldapHostServer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-NDS_NAME 'LDAP Host Server' )", "( 2.16.840.1.113719.1.27.4.2 NAME 'ldapGroupDN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-NDS_NAME 'LDAP Group' )", "( 2.16.840.1.113719.1.27.4.3 NAME 'ldapTraceLevel' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{32768} SINGLE-VALUE X-NDS_NAME 'LDAP Screen Level' X-NDS_UPPER_BOUND '32768' )", "( 2.16.840.1.113719.1.27.4.4 NAME 'searchSizeLimit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{2147483647} SINGLE-VALUE X-NDS_UPPER_BOUND '2147483647' )", "( 2.16.840.1.113719.1.27.4.5 NAME 'searchTimeLimit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{2147483647} SINGLE-VALUE X-NDS_UPPER_BOUND '2147483647' )", "( 2.16.840.1.113719.1.27.4.6 NAME 'ldapServerBindLimit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{4294967295} SINGLE-VALUE X-NDS_NAME 'LDAP Server Bind Limit' X-NDS_UPPER_BOUND '-1' )", "( 2.16.840.1.113719.1.27.4.7 NAME 'ldapServerIdleTimeout' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{4294967295} SINGLE-VALUE X-NDS_NAME 'LDAP Server Idle Timeout' X-NDS_UPPER_BOUND '-1' )", "( 2.16.840.1.113719.1.27.4.8 NAME 'ldapEnableTCP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NAME 'LDAP Enable TCP' )", "( 2.16.840.1.113719.1.27.4.10 NAME 'ldapEnableSSL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NAME 'LDAP Enable SSL' )", "( 2.16.840.1.113719.1.27.4.11 NAME 'ldapTCPPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{65535} SINGLE-VALUE X-NDS_NAME 'LDAP TCP Port' X-NDS_UPPER_BOUND '65535' )", "( 2.16.840.1.113719.1.27.4.13 NAME 'ldapSSLPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{65535} SINGLE-VALUE X-NDS_NAME 'LDAP SSL Port' X-NDS_UPPER_BOUND '65535' )", "( 2.16.840.1.113719.1.27.4.21 NAME 'filteredReplicaUsage' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 2.16.840.1.113719.1.27.4.22 NAME 'ldapKeyMaterialName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} SINGLE-VALUE X-NDS_NAME 'LDAP:keyMaterialName' )", "( 2.16.840.1.113719.1.27.4.42 NAME 'extensionInfo' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.27.4.45 NAME 'nonStdClientSchemaCompatMode' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 2.16.840.1.113719.1.27.4.46 NAME 'sslEnableMutualAuthentication' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 2.16.840.1.113719.1.27.4.62 NAME 'ldapEnablePSearch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 2.16.840.1.113719.1.27.4.63 NAME 'ldapMaximumPSearchOperations' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 2.16.840.1.113719.1.27.4.64 NAME 'ldapIgnorePSearchLimitsForEvents' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 2.16.840.1.113719.1.27.4.65 NAME 'ldapTLSTrustedRootContainer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )", "( 2.16.840.1.113719.1.27.4.66 NAME 'ldapEnableMonitorEvents' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 2.16.840.1.113719.1.27.4.67 NAME 'ldapMaximumMonitorEventsLoad' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 2.16.840.1.113719.1.27.4.68 NAME 'ldapTLSRequired' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 2.16.840.1.113719.1.27.4.69 NAME 'ldapTLSVerifyClientCertificate' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 2.16.840.1.113719.1.27.4.71 NAME 'ldapDerefAlias' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 2.16.840.1.113719.1.27.4.72 NAME 'ldapNonStdAllUserAttrsMode' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 2.16.840.1.113719.1.27.4.75 NAME 'ldapBindRestrictions' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 2.16.840.1.113719.1.27.4.79 NAME 'ldapInterfaces' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 2.16.840.1.113719.1.27.4.80 NAME 'ldapChainSecureRequired' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 2.16.840.1.113719.1.27.4.82 NAME 'ldapStdCompliance' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 2.16.840.1.113719.1.27.4.83 NAME 'ldapDerefAliasOnAuth' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 2.16.840.1.113719.1.27.4.84 NAME 'ldapGeneralizedTime' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 2.16.840.1.113719.1.27.4.85 NAME 'ldapPermissiveModify' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 2.16.840.1.113719.1.27.4.15 NAME 'ldapServerList' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-NDS_NAME 'LDAP Server List' )", "( 2.16.840.1.113719.1.27.4.16 NAME 'ldapAttributeMap' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE X-NDS_NAME 'LDAP Attribute Map v11' )", "( 2.16.840.1.113719.1.27.4.17 NAME 'ldapClassMap' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE X-NDS_NAME 'LDAP Class Map v11' )", "( 2.16.840.1.113719.1.27.4.18 NAME 'ldapAllowClearTextPassword' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NAME 'LDAP Allow Clear Text Password' )", "( 2.16.840.1.113719.1.27.4.19 NAME 'ldapAnonymousIdentity' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-NDS_NAME 'LDAP Anonymous Identity' )", "( 2.16.840.1.113719.1.27.4.52 NAME 'ldapAttributeList' SYNTAX 2.16.840.1.113719.1.1.5.1.6{64512} )", "( 2.16.840.1.113719.1.27.4.53 NAME 'ldapClassList' SYNTAX 2.16.840.1.113719.1.1.5.1.6{64512} )", "( 2.16.840.1.113719.1.27.4.56 NAME 'transitionGroupDN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )", "( 2.16.840.1.113719.1.27.4.74 NAME 'ldapTransitionBackLink' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )", "( 2.16.840.1.113719.1.27.4.78 NAME 'ldapLBURPNumWriterThreads' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 2.16.840.1.113719.1.27.4.20 NAME 'ldapServerDN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-NDS_NAME 'LDAP Server' )", "( 0.9.2342.19200300.100.1.3 NAME 'mail' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} X-NDS_NAME 'Internet EMail Address' X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} X-NDS_NAME 'NSCP:employeeNumber' )", "( 2.16.840.1.113719.1.27.4.76 NAME 'referralExcludeFilter' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 2.16.840.1.113719.1.27.4.77 NAME 'referralIncludeFilter' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 2.5.4.36 NAME 'userCertificate' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5{64512} X-NDS_NAME 'userCertificate' X-NDS_PUBLIC_READ '1' )", "( 2.5.4.37 NAME 'cACertificate' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5{64512} X-NDS_NAME 'cACertificate' X-NDS_PUBLIC_READ '1' )", "( 2.5.4.40 NAME 'crossCertificatePair' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5{64512} X-NDS_NAME 'crossCertificatePair' X-NDS_PUBLIC_READ '1' )", "( 2.5.4.58 NAME 'attributeCertificate' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} X-NDS_PUBLIC_READ '1' )", "( 2.5.4.2 NAME 'knowledgeInformation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '32768' )", "( 2.5.4.14 NAME 'searchGuide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.25{64512} X-NDS_NAME 'searchGuide' )", "( 2.5.4.15 NAME 'businessCategory' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '128' )", "( 2.5.4.21 NAME 'telexNumber' SYNTAX 1.3.6.1.4.1.1466.115.121.1.52{64512} X-NDS_NAME 'telexNumber' )", "( 2.5.4.22 NAME 'teletexTerminalIdentifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.51{64512} X-NDS_NAME 'teletexTerminalIdentifier' )", "( 2.5.4.24 NAME 'x121Address' SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '15' )", "( 2.5.4.25 NAME 'internationaliSDNNumber' SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '16' )", "( 2.5.4.26 NAME 'registeredAddress' SYNTAX 1.3.6.1.4.1.1466.115.121.1.41{64512} X-NDS_NAME 'registeredAddress' )", "( 2.5.4.27 NAME 'destinationIndicator' SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '128' )", "( 2.5.4.28 NAME 'preferredDeliveryMethod' SYNTAX 1.3.6.1.4.1.1466.115.121.1.14{64512} SINGLE-VALUE X-NDS_NAME 'preferredDeliveryMethod' )", "( 2.5.4.29 NAME 'presentationAddress' SYNTAX 1.3.6.1.4.1.1466.115.121.1.43{64512} SINGLE-VALUE X-NDS_NAME 'presentationAddress' )", "( 2.5.4.30 NAME 'supportedApplicationContext' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38{64512} X-NDS_NAME 'supportedApplicationContext' )", "( 2.5.4.45 NAME 'x500UniqueIdentifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.6{64512} X-NDS_NAME 'x500UniqueIdentifier' )", "( 2.5.4.46 NAME 'dnQualifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64512} )", "( 2.5.4.47 NAME 'enhancedSearchGuide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.21{64512} X-NDS_NAME 'enhancedSearchGuide' )", "( 2.5.4.48 NAME 'protocolInformation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.42{64512} X-NDS_NAME 'protocolInformation' )", "( 2.5.4.51 NAME 'houseIdentifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '32768' )", "( 2.5.4.52 NAME 'supportedAlgorithms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.49{64512} X-NDS_NAME 'supportedAlgorithms' )", "( 2.5.4.54 NAME 'dmdName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '32768' )", "( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 0.9.2342.19200300.100.1.38 NAME 'associatedName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )", "( 2.5.4.49 NAME 'dn' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )", "( 2.16.840.1.113719.1.3.4.1 NAME 'httpServerDN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )", "( 2.16.840.1.113719.1.3.4.2 NAME 'httpHostServerDN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )", "( 2.16.840.1.113719.1.3.4.3 NAME 'httpThreadsPerCPU' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 2.16.840.1.113719.1.3.4.4 NAME 'httpIOBufferSize' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 2.16.840.1.113719.1.3.4.5 NAME 'httpRequestTimeout' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 2.16.840.1.113719.1.3.4.6 NAME 'httpKeepAliveRequestTimeout' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 2.16.840.1.113719.1.3.4.7 NAME 'httpSessionTimeout' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 2.16.840.1.113719.1.3.4.8 NAME 'httpKeyMaterialObject' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )", "( 2.16.840.1.113719.1.3.4.9 NAME 'httpTraceLevel' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 2.16.840.1.113719.1.3.4.10 NAME 'httpAuthRequiresTLS' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 2.16.840.1.113719.1.3.4.11 NAME 'httpDefaultClearPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 2.16.840.1.113719.1.3.4.12 NAME 'httpDefaultTLSPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 2.16.840.1.113719.1.3.4.13 NAME 'httpBindRestrictions' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 2.16.840.1.113719.1.1.4.1.295 NAME 'emboxConfig' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE )", "( 2.16.840.1.113719.1.54.4.1.1 NAME 'trusteesOfNewObject' SYNTAX 2.16.840.1.113719.1.1.5.1.17 X-NDS_NAME 'Trustees Of New Object' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.55.4.1.1 NAME 'newObjectSDSRights' SYNTAX 2.16.840.1.113719.1.1.5.1.17 X-NDS_NAME 'New Object's DS Rights' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.56.4.1.1 NAME 'newObjectSFSRights' SYNTAX 2.16.840.1.113719.1.1.5.1.15{64512} X-NDS_NAME 'New Object's FS Rights' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.57.4.1.1 NAME 'setupScript' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_NAME 'Setup Script' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.58.4.1.1 NAME 'runSetupScript' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NAME 'Run Setup Script' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.59.4.1.1 NAME 'membersOfTemplate' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-NDS_NAME 'Members Of Template' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.60.4.1.1 NAME 'volumeSpaceRestrictions' SYNTAX 2.16.840.1.113719.1.1.5.1.15{64512} X-NDS_NAME 'Volume Space Restrictions' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.61.4.1.1 NAME 'setPasswordAfterCreate' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NAME 'Set Password After Create' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.62.4.1.1 NAME 'homeDirectoryRights' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-NDS_NAME 'Home Directory Rights' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.63.4.1.1 NAME 'newObjectSSelfRights' SYNTAX 2.16.840.1.113719.1.1.5.1.17 X-NDS_NAME 'New Object's Self Rights' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.8.4.1 NAME 'digitalMeID' SYNTAX 2.16.840.1.113719.1.1.5.1.15{64512} SINGLE-VALUE )", "( 2.16.840.1.113719.1.8.4.2 NAME 'assistant' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )", "( 2.16.840.1.113719.1.8.4.3 NAME 'assistantPhone' SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{64512} )", "( 2.16.840.1.113719.1.8.4.4 NAME 'city' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 2.16.840.1.113719.1.8.4.5 NAME 'company' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 0.9.2342.19200300.100.1.43 NAME 'co' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 2.16.840.1.113719.1.8.4.6 NAME 'directReports' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )", "( 0.9.2342.19200300.100.1.10 NAME 'manager' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )", "( 2.16.840.1.113719.1.8.4.7 NAME 'mailstop' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 0.9.2342.19200300.100.1.41 NAME 'mobile' SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{64512} )", "( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 0.9.2342.19200300.100.1.42 NAME 'pager' SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{64512} )", "( 2.16.840.1.113719.1.8.4.8 NAME 'workforceID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 2.16.840.1.113719.1.8.4.9 NAME 'instantMessagingID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 2.16.840.1.113719.1.8.4.10 NAME 'preferredName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 0.9.2342.19200300.100.1.7 NAME 'photo' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} )", "( 2.16.840.1.113719.1.8.4.11 NAME 'jobCode' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 2.16.840.1.113719.1.8.4.12 NAME 'siteLocation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 2.16.840.1.113719.1.8.4.13 NAME 'employeeStatus' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 2.16.840.1.113730.3.1.4 NAME 'employeeType' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 2.16.840.1.113719.1.8.4.14 NAME 'costCenter' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 2.16.840.1.113719.1.8.4.15 NAME 'costCenterDescription' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 2.16.840.1.113719.1.8.4.16 NAME 'tollFreePhoneNumber' SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{64512} )", "( 2.16.840.1.113719.1.8.4.17 NAME 'otherPhoneNumber' SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{64512} )", "( 2.16.840.1.113719.1.8.4.18 NAME 'managerWorkforceID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 2.16.840.1.113719.1.8.4.19 NAME 'jackNumber' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 2.16.840.1.113719.1.8.4.20 NAME 'vehicleInformation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 2.16.840.1.113719.1.8.4.21 NAME 'accessCardNumber' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 2.16.840.1.113719.1.8.4.32 NAME 'isManager' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 2.16.840.1.113719.1.8.4.22 NAME 'homeCity' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 2.16.840.1.113719.1.8.4.23 NAME 'homeEmailAddress' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 1.3.6.1.4.1.1466.101.120.31 NAME 'homeFax' SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{64512} )", "( 0.9.2342.19200300.100.1.20 NAME 'homePhone' SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{64512} )", "( 2.16.840.1.113719.1.8.4.24 NAME 'homeState' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' SYNTAX 1.3.6.1.4.1.1466.115.121.1.41{64512} )", "( 2.16.840.1.113719.1.8.4.25 NAME 'homeZipCode' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 2.16.840.1.113719.1.8.4.26 NAME 'personalMobile' SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{64512} )", "( 2.16.840.1.113719.1.8.4.27 NAME 'children' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 2.16.840.1.113719.1.8.4.28 NAME 'spouse' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 2.16.840.1.113719.1.8.4.29 NAME 'vendorName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 2.16.840.1.113719.1.8.4.30 NAME 'vendorAddress' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 2.16.840.1.113719.1.8.4.31 NAME 'vendorPhoneNumber' SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{64512} )", "( 2.16.840.1.113719.1.1.4.1.303 NAME 'dgIdentity' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-NDS_NAME_VALUE_ACCESS '1' )", "( 2.16.840.1.113719.1.1.4.1.304 NAME 'dgTimeOut' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 2.16.840.1.113719.1.1.4.1.305 NAME 'dgAllowUnknown' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 2.16.840.1.113719.1.1.4.1.306 NAME 'dgAllowDuplicates' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 2.16.840.1.113719.1.1.4.1.546 NAME 'allowAliasToAncestor' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 2.16.840.1.113719.1.39.4.1.1 NAME 'sASSecurityDN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-NDS_NAME 'SAS:Security DN' X-NDS_SERVER_READ '1' )", "( 2.16.840.1.113719.1.39.4.1.2 NAME 'sASServiceDN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-NDS_NAME 'SAS:Service DN' X-NDS_SERVER_READ '1' )", "( 2.16.840.1.113719.1.39.4.1.3 NAME 'sASSecretStore' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NAME 'SAS:SecretStore' )", "( 2.16.840.1.113719.1.39.4.1.4 NAME 'sASSecretStoreKey' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE USAGE directoryOperation X-NDS_NAME 'SAS:SecretStore:Key' X-NDS_HIDDEN '1' )", "( 2.16.840.1.113719.1.39.4.1.5 NAME 'sASSecretStoreData' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} USAGE directoryOperation X-NDS_NAME 'SAS:SecretStore:Data' X-NDS_HIDDEN '1' )", "( 2.16.840.1.113719.1.39.4.1.6 NAME 'sASPKIStoreKeys' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} USAGE directoryOperation X-NDS_NAME 'SAS:PKIStore:Keys' X-NDS_HIDDEN '1' )", "( 2.16.840.1.113719.1.48.4.1.1 NAME 'nDSPKIPublicKey' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE X-NDS_NAME 'NDSPKI:Public Key' X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.48.4.1.2 NAME 'nDSPKIPrivateKey' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE X-NDS_NAME 'NDSPKI:Private Key' )", "( 2.16.840.1.113719.1.48.4.1.3 NAME 'nDSPKIPublicKeyCertificate' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE X-NDS_NAME 'NDSPKI:Public Key Certificate' X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.48.4.1.4 NAME 'nDSPKICertificateChain' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} X-NDS_NAME 'NDSPKI:Certificate Chain' X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.48.4.1.5 NAME 'nDSPKIParentCA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} SINGLE-VALUE X-NDS_NAME 'NDSPKI:Parent CA' )", "( 2.16.840.1.113719.1.48.4.1.6 NAME 'nDSPKIParentCADN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-NDS_NAME 'NDSPKI:Parent CA DN' )", "( 2.16.840.1.113719.1.48.4.1.7 NAME 'nDSPKIKeyFile' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE X-NDS_NAME 'NDSPKI:Key File' )", "( 2.16.840.1.113719.1.48.4.1.8 NAME 'nDSPKISubjectName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} SINGLE-VALUE X-NDS_NAME 'NDSPKI:Subject Name' )", "( 2.16.840.1.113719.1.48.4.1.11 NAME 'nDSPKIGivenName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} SINGLE-VALUE X-NDS_NAME 'NDSPKI:Given Name' )", "( 2.16.840.1.113719.1.48.4.1.9 NAME 'nDSPKIKeyMaterialDN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-NDS_NAME 'NDSPKI:Key Material DN' )", "( 2.16.840.1.113719.1.48.4.1.10 NAME 'nDSPKITreeCADN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-NDS_NAME 'NDSPKI:Tree CA DN' )", "( 2.16.840.1.113719.1.48.4.1.12 NAME 'nDSPKIUserCertificateInfo' SYNTAX 2.16.840.1.113719.1.1.5.1.15{64512} X-NDS_NAME 'NDSPKI:userCertificateInfo' )", "( 2.16.840.1.113719.1.48.4.1.13 NAME 'nDSPKITrustedRootCertificate' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE X-NDS_NAME 'NDSPKI:Trusted Root Certificate' X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.48.4.1.14 NAME 'nDSPKINotBefore' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} SINGLE-VALUE X-NDS_NAME 'NDSPKI:Not Before' X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.48.4.1.15 NAME 'nDSPKINotAfter' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} SINGLE-VALUE X-NDS_NAME 'NDSPKI:Not After' X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.48.4.1.101 NAME 'nDSPKISDKeyServerDN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-NDS_NAME 'NDSPKI:SD Key Server DN' X-NDS_SERVER_READ '1' )", "( 2.16.840.1.113719.1.48.4.1.102 NAME 'nDSPKISDKeyStruct' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} X-NDS_NAME 'NDSPKI:SD Key Struct' )", "( 2.16.840.1.113719.1.48.4.1.103 NAME 'nDSPKISDKeyCert' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE X-NDS_NAME 'NDSPKI:SD Key Cert' )", "( 2.16.840.1.113719.1.48.4.1.104 NAME 'nDSPKISDKeyID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE X-NDS_NAME 'NDSPKI:SD Key ID' )", "( 2.16.840.1.113719.1.39.4.1.105 NAME 'nDSPKIKeystore' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} USAGE directoryOperation X-NDS_NAME 'NDSPKI:Keystore' X-NDS_HIDDEN '1' )", "( 2.16.840.1.113719.1.39.4.1.106 NAME 'ndspkiAdditionalRoots' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.31.4.2.3 NAME 'masvLabel' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.31.4.2.4 NAME 'masvProposedLabel' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.31.4.2.5 NAME 'masvDefaultRange' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.31.4.2.6 NAME 'masvAuthorizedRange' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.31.4.2.7 NAME 'masvDomainPolicy' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.31.4.1.8 NAME 'masvClearanceNames' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.31.4.1.9 NAME 'masvLabelNames' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.31.4.1.10 NAME 'masvLabelSecrecyLevelNames' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.31.4.1.11 NAME 'masvLabelSecrecyCategoryNames' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.31.4.1.12 NAME 'masvLabelIntegrityLevelNames' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.31.4.1.13 NAME 'masvLabelIntegrityCategoryNames' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.31.4.1.14 NAME 'masvPolicyUpdate' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.31.4.1.16 NAME 'masvNDSAttributeLabels' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.31.4.1.15 NAME 'masvPolicyDN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.2 NAME 'sASLoginSequence' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} X-NDS_NAME 'SAS:Login Sequence' X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.8 NAME 'sASLoginPolicyUpdate' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NAME 'SAS:Login Policy Update' X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.38 NAME 'sasNMASProductOptions' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.39.42.1.0.74 NAME 'sasAuditConfiguration' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_SERVER_READ '1' )", "( 2.16.840.1.113719.1.39.42.1.0.14 NAME 'sASNDSPasswordWindow' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NAME 'SAS:NDS Password Window' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.15 NAME 'sASPolicyCredentials' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE X-NDS_NAME 'SAS:Policy Credentials' X-NDS_SERVER_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.16 NAME 'sASPolicyMethods' SYNTAX 2.16.840.1.113719.1.1.5.1.15{64512} X-NDS_NAME 'SAS:Policy Methods' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.17 NAME 'sASPolicyObjectVersion' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NAME 'SAS:Policy Object Version' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.18 NAME 'sASPolicyServiceSubtypes' SYNTAX 2.16.840.1.113719.1.1.5.1.15{64512} X-NDS_NAME 'SAS:Policy Service Subtypes' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.19 NAME 'sASPolicyServices' SYNTAX 2.16.840.1.113719.1.1.5.1.15{64512} X-NDS_NAME 'SAS:Policy Services' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.20 NAME 'sASPolicyUsers' SYNTAX 2.16.840.1.113719.1.1.5.1.15{64512} X-NDS_NAME 'SAS:Policy Users' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.21 NAME 'sASAllowNDSPasswordWindow' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NAME 'SAS:Allow NDS Password Window' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.9 NAME 'sASMethodIdentifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE X-NDS_NAME 'SAS:Method Identifier' X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.10 NAME 'sASMethodVendor' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} SINGLE-VALUE X-NDS_NAME 'SAS:Method Vendor' X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.11 NAME 'sASAdvisoryMethodGrade' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} SINGLE-VALUE X-NDS_NAME 'SAS:Advisory Method Grade' X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.12 NAME 'sASVendorSupport' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} SINGLE-VALUE X-NDS_NAME 'SAS:Vendor Support' X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.13 NAME 'sasCertificateSearchContainers' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.70 NAME 'sasNMASMethodConfigData' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.22 NAME 'sASLoginClientMethodNetWare' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_NAME 'SAS:Login Client Method NetWare' X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.23 NAME 'sASLoginServerMethodNetWare' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_NAME 'SAS:Login Server Method NetWare' X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.24 NAME 'sASLoginClientMethodWINNT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_NAME 'SAS:Login Client Method WINNT' X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.25 NAME 'sASLoginServerMethodWINNT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_NAME 'SAS:Login Server Method WINNT' X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.26 NAME 'sasLoginClientMethodSolaris' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.27 NAME 'sasLoginServerMethodSolaris' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.28 NAME 'sasLoginClientMethodLinux' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.29 NAME 'sasLoginServerMethodLinux' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.30 NAME 'sasLoginClientMethodTru64' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.31 NAME 'sasLoginServerMethodTru64' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.32 NAME 'sasLoginClientMethodAIX' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.33 NAME 'sasLoginServerMethodAIX' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.34 NAME 'sasLoginClientMethodHPUX' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.35 NAME 'sasLoginServerMethodHPUX' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.1000 NAME 'sasLoginClientMethods390' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.1001 NAME 'sasLoginServerMethods390' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.1002 NAME 'sasLoginClientMethodLinuxX64' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.1003 NAME 'sasLoginServerMethodLinuxX64' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.1004 NAME 'sasLoginClientMethodWinX64' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.1005 NAME 'sasLoginServerMethodWinX64' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.1006 NAME 'sasLoginClientMethodSolaris64' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.1007 NAME 'sasLoginServerMethodSolaris64' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.1008 NAME 'sasLoginClientMethodAIX64' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.1009 NAME 'sasLoginServerMethodAIX64' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.1011 NAME 'sasLoginServerMethodSolarisi386' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.1012 NAME 'sasLoginClientMethodSolarisi386' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.78 NAME 'sasUnsignedMethodModules' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.79 NAME 'sasServerModuleName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.80 NAME 'sasServerModuleEntryPointName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.81 NAME 'sasSASLMechanismName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.82 NAME 'sasSASLMechanismEntryPointName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.83 NAME 'sasClientModuleName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.84 NAME 'sasClientModuleEntryPointName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.36 NAME 'sASLoginMethodContainerDN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-NDS_NAME 'SAS:Login Method Container DN' X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.37 NAME 'sASLoginPolicyDN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-NDS_NAME 'SAS:Login Policy DN' X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.63 NAME 'sasPostLoginMethodContainerDN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.38 NAME 'rADIUSActiveConnections' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} X-NDS_NAME 'RADIUS:Active Connections' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.39 NAME 'rADIUSAgedInterval' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NAME 'RADIUS:Aged Interval' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.40 NAME 'rADIUSAttributeList' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE X-NDS_NAME 'RADIUS:Attribute List' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.41 NAME 'rADIUSAttributeLists' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} X-NDS_NAME 'RADIUS:Attribute Lists' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.42 NAME 'rADIUSClient' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} X-NDS_NAME 'RADIUS:Client' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.43 NAME 'rADIUSCommonNameResolution' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NAME 'RADIUS:Common Name Resolution' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.44 NAME 'rADIUSConcurrentLimit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NAME 'RADIUS:Concurrent Limit' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.45 NAME 'rADIUSConnectionHistory' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} X-NDS_NAME 'RADIUS:Connection History' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.46 NAME 'rADIUSDASVersion' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NAME 'RADIUS:DAS Version' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.47 NAME 'rADIUSDefaultProfile' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} SINGLE-VALUE X-NDS_NAME 'RADIUS:Default Profile' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.48 NAME 'rADIUSDialAccessGroup' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-NDS_NAME 'RADIUS:Dial Access Group' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.49 NAME 'rADIUSEnableCommonNameLogin' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NAME 'RADIUS:Enable Common Name Login' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.50 NAME 'rADIUSEnableDialAccess' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NAME 'RADIUS:Enable Dial Access' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.51 NAME 'rADIUSInterimAcctingTimeout' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NAME 'RADIUS:Interim Accting Timeout' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.52 NAME 'rADIUSLookupContexts' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-NDS_NAME 'RADIUS:Lookup Contexts' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.53 NAME 'rADIUSMaxDASHistoryRecord' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NAME 'RADIUS:Max DAS History Record' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.54 NAME 'rADIUSMaximumHistoryRecord' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NAME 'RADIUS:Maximum History Record' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.55 NAME 'rADIUSPassword' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE X-NDS_NAME 'RADIUS:Password' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.56 NAME 'rADIUSPasswordPolicy' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NAME 'RADIUS:Password Policy' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.57 NAME 'rADIUSPrivateKey' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE X-NDS_NAME 'RADIUS:Private Key' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.58 NAME 'rADIUSProxyContext' SYNTAX 2.16.840.1.113719.1.1.5.1.15{64512} X-NDS_NAME 'RADIUS:Proxy Context' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.59 NAME 'rADIUSProxyDomain' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} X-NDS_NAME 'RADIUS:Proxy Domain' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.60 NAME 'rADIUSProxyTarget' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} X-NDS_NAME 'RADIUS:Proxy Target' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.61 NAME 'rADIUSPublicKey' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE X-NDS_NAME 'RADIUS:Public Key' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.62 NAME 'rADIUSServiceList' SYNTAX 2.16.840.1.113719.1.1.5.1.15{64512} X-NDS_NAME 'RADIUS:Service List' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.42.1.0.3 NAME 'sASLoginSecret' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} X-NDS_NAME 'SAS:Login Secret' X-NDS_SERVER_READ '1' )", "( 2.16.840.1.113719.1.39.42.1.0.4 NAME 'sASLoginSecretKey' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} X-NDS_NAME 'SAS:Login Secret Key' X-NDS_SERVER_READ '1' )", "( 2.16.840.1.113719.1.39.42.1.0.5 NAME 'sASEncryptionType' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NAME 'SAS:Encryption Type' X-NDS_SERVER_READ '1' )", "( 2.16.840.1.113719.1.39.42.1.0.6 NAME 'sASLoginConfiguration' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} X-NDS_NAME 'SAS:Login Configuration' X-NDS_SERVER_READ '1' )", "( 2.16.840.1.113719.1.39.42.1.0.7 NAME 'sASLoginConfigurationKey' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} X-NDS_NAME 'SAS:Login Configuration Key' X-NDS_SERVER_READ '1' )", "( 2.16.840.1.113719.1.39.42.1.0.73 NAME 'sasDefaultLoginSequence' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} SINGLE-VALUE X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.39.42.1.0.64 NAME 'sasAuthorizedLoginSequences' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.39.42.1.0.69 NAME 'sasAllowableSubjectNames' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.39.42.1.0.71 NAME 'sasLoginFailureDelay' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_SERVER_READ '1' )", "( 2.16.840.1.113719.1.39.42.1.0.72 NAME 'sasMethodVersion' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_SERVER_READ '1' )", "( 2.16.840.1.113719.1.39.42.1.0.1010 NAME 'sasUpdateLoginInfo' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_SERVER_READ '1' )", "( 2.16.840.1.113719.1.39.42.1.0.1011 NAME 'sasOTPEnabled' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_SERVER_READ '1' )", "( 2.16.840.1.113719.1.39.42.1.0.1012 NAME 'sasOTPCounter' SYNTAX 2.16.840.1.113719.1.1.5.1.22 SINGLE-VALUE X-NDS_SERVER_READ '1' )", "( 2.16.840.1.113719.1.39.42.1.0.1013 NAME 'sasOTPLookAheadWindow' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_SERVER_READ '1' )", "( 2.16.840.1.113719.1.39.42.1.0.1014 NAME 'sasOTPDigits' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_SERVER_READ '1' )", "( 2.16.840.1.113719.1.39.42.1.0.1015 NAME 'sasOTPReSync' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_SERVER_READ '1' )", "( 2.16.840.1.113719.1.39.42.1.0.1016 NAME 'sasUpdateLoginTimeInterval' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_SERVER_READ '1' )", "( 2.16.840.1.113719.1.6.4.1 NAME 'snmpGroupDN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )", "( 2.16.840.1.113719.1.6.4.2 NAME 'snmpServerList' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )", "( 2.16.840.1.113719.1.6.4.3 NAME 'snmpTrapConfig' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE )", "( 2.16.840.1.113719.1.6.4.4 NAME 'snmpTrapDescription' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE )", "( 2.16.840.1.113719.1.6.4.5 NAME 'snmpTrapInterval' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 2.16.840.1.113719.1.6.4.6 NAME 'snmpTrapDisable' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 2.16.840.1.113719.1.1.4.1.528 NAME 'ndapPartitionPasswordMgmt' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.1.4.1.529 NAME 'ndapClassPasswordMgmt' SYNTAX 2.16.840.1.113719.1.1.5.1.0 X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.1.4.1.530 NAME 'ndapPasswordMgmt' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.1.4.1.537 NAME 'ndapPartitionLoginMgmt' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.1.4.1.538 NAME 'ndapClassLoginMgmt' SYNTAX 2.16.840.1.113719.1.1.5.1.0 X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.1.4.1.539 NAME 'ndapLoginMgmt' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.1 NAME 'nspmPasswordKey' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE USAGE directoryOperation X-NDS_HIDDEN '1' )", "( 2.16.840.1.113719.1.39.43.4.2 NAME 'nspmPassword' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE USAGE directoryOperation X-NDS_HIDDEN '1' )", "( 2.16.840.1.113719.1.39.43.4.3 NAME 'nspmDistributionPassword' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE USAGE directoryOperation X-NDS_HIDDEN '1' )", "( 2.16.840.1.113719.1.39.43.4.4 NAME 'nspmPasswordHistory' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} USAGE directoryOperation X-NDS_HIDDEN '1' )", "( 2.16.840.1.113719.1.39.43.4.5 NAME 'nspmAdministratorChangeCount' SYNTAX 2.16.840.1.113719.1.1.5.1.22 SINGLE-VALUE USAGE directoryOperation X-NDS_HIDDEN '1' )", "( 2.16.840.1.113719.1.39.43.4.6 NAME 'nspmPasswordPolicyDN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.7 NAME 'nspmPreviousDistributionPassword' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE USAGE directoryOperation X-NDS_HIDDEN '1' )", "( 2.16.840.1.113719.1.39.43.4.8 NAME 'nspmDoNotExpirePassword' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.42.2.27.8.1.16 NAME 'pwdChangedTime' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", "( 1.3.6.1.4.1.42.2.27.8.1.17 NAME 'pwdAccountLockedTime' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", "( 1.3.6.1.4.1.42.2.27.8.1.19 NAME 'pwdFailureTime' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 NO-USER-MODIFICATION USAGE directoryOperation )", "( 2.16.840.1.113719.1.39.43.4.100 NAME 'nspmConfigurationOptions' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.102 NAME 'nspmChangePasswordMessage' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64512} SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.103 NAME 'nspmPasswordHistoryLimit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.104 NAME 'nspmPasswordHistoryExpiration' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 1.3.6.1.4.1.42.2.27.8.1.4 NAME 'pwdInHistory' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.105 NAME 'nspmMinPasswordLifetime' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.106 NAME 'nspmAdminsDoNotExpirePassword' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.107 NAME 'nspmPasswordACL' SYNTAX 2.16.840.1.113719.1.1.5.1.17 )", "( 2.16.840.1.113719.1.39.43.4.200 NAME 'nspmMaximumLength' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.201 NAME 'nspmMinUpperCaseCharacters' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.202 NAME 'nspmMaxUpperCaseCharacters' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.203 NAME 'nspmMinLowerCaseCharacters' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.204 NAME 'nspmMaxLowerCaseCharacters' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.205 NAME 'nspmNumericCharactersAllowed' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.206 NAME 'nspmNumericAsFirstCharacter' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.207 NAME 'nspmNumericAsLastCharacter' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.208 NAME 'nspmMinNumericCharacters' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.209 NAME 'nspmMaxNumericCharacters' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.210 NAME 'nspmSpecialCharactersAllowed' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.211 NAME 'nspmSpecialAsFirstCharacter' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.212 NAME 'nspmSpecialAsLastCharacter' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.213 NAME 'nspmMinSpecialCharacters' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.214 NAME 'nspmMaxSpecialCharacters' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.215 NAME 'nspmMaxRepeatedCharacters' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.216 NAME 'nspmMaxConsecutiveCharacters' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.217 NAME 'nspmMinUniqueCharacters' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.218 NAME 'nspmDisallowedAttributeValues' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64512} X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.219 NAME 'nspmExcludeList' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.220 NAME 'nspmCaseSensitive' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.221 NAME 'nspmPolicyPrecedence' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.222 NAME 'nspmExtendedCharactersAllowed' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.223 NAME 'nspmExtendedAsFirstCharacter' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.224 NAME 'nspmExtendedAsLastCharacter' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.225 NAME 'nspmMinExtendedCharacters' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.226 NAME 'nspmMaxExtendedCharacters' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.227 NAME 'nspmUpperAsFirstCharacter' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.228 NAME 'nspmUpperAsLastCharacter' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.229 NAME 'nspmLowerAsFirstCharacter' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.230 NAME 'nspmLowerAsLastCharacter' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.231 NAME 'nspmComplexityRules' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.233 NAME 'nspmAD2K8Syntax' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.234 NAME 'nspmAD2K8maxViolation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.235 NAME 'nspmXCharLimit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.236 NAME 'nspmXCharHistoryLimit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.237 NAME 'nspmUnicodeAllowed' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.238 NAME 'nspmNonAlphaCharactersAllowed' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.239 NAME 'nspmMinNonAlphaCharacters' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.240 NAME 'nspmMaxNonAlphaCharacters' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.241 NAME 'nspmGraceLoginHistoryLimit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.300 NAME 'nspmPolicyAgentContainerDN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.301 NAME 'nspmPolicyAgentNetWare' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.302 NAME 'nspmPolicyAgentWINNT' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.303 NAME 'nspmPolicyAgentSolaris' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.304 NAME 'nspmPolicyAgentLinux' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.305 NAME 'nspmPolicyAgentAIX' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.43.4.306 NAME 'nspmPolicyAgentHPUX' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 0.9.2342.19200300.100.1.55 NAME 'audio' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} )", "( 2.16.840.1.113730.3.1.1 NAME 'carLicense' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 2.16.840.1.113730.3.1.241 NAME 'displayName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} )", "( 1.3.6.1.4.1.250.1.57 NAME 'labeledUri' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 0.9.2342.19200300.100.1.7 NAME 'ldapPhoto' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} )", "( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} SINGLE-VALUE )", "( 0.9.2342.19200300.100.1.21 NAME 'secretary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )", "( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} )", "( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} )", "( 2.16.840.1.113719.1.12.4.1.0 NAME 'auditAEncryptionKey' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE X-NDS_NAME 'Audit:A Encryption Key' )", "( 2.16.840.1.113719.1.12.4.2.0 NAME 'auditBEncryptionKey' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE X-NDS_NAME 'Audit:B Encryption Key' )", "( 2.16.840.1.113719.1.12.4.3.0 NAME 'auditContents' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NAME 'Audit:Contents' )", "( 2.16.840.1.113719.1.12.4.4.0 NAME 'auditType' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NAME 'Audit:Type' )", "( 2.16.840.1.113719.1.12.4.5.0 NAME 'auditCurrentEncryptionKey' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE X-NDS_NAME 'Audit:Current Encryption Key' )", "( 2.16.840.1.113719.1.12.4.6.0 NAME 'auditFileLink' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-NDS_NAME 'Audit:File Link' )", "( 2.16.840.1.113719.1.12.4.7.0 NAME 'auditLinkList' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-NDS_NAME 'Audit:Link List' )", "( 2.16.840.1.113719.1.12.4.8.0 NAME 'auditPath' SYNTAX 2.16.840.1.113719.1.1.5.1.15{64512} SINGLE-VALUE X-NDS_NAME 'Audit:Path' )", "( 2.16.840.1.113719.1.12.4.9.0 NAME 'auditPolicy' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE X-NDS_NAME 'Audit:Policy' )", "( 2.16.840.1.113719.1.38.4.1.1 NAME 'wANMANWANPolicy' SYNTAX 2.16.840.1.113719.1.1.5.1.13{64512} X-NDS_NAME 'WANMAN:WAN Policy' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.38.4.1.2 NAME 'wANMANLANAreaMembership' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-NDS_NAME 'WANMAN:LAN Area Membership' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.38.4.1.3 NAME 'wANMANCost' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} X-NDS_NAME 'WANMAN:Cost' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.38.4.1.4 NAME 'wANMANDefaultCost' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NAME 'WANMAN:Default Cost' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.135.4.30 NAME 'rbsAssignedRoles' SYNTAX 2.16.840.1.113719.1.1.5.1.25 )", "( 2.16.840.1.113719.1.135.4.31 NAME 'rbsContent' SYNTAX 2.16.840.1.113719.1.1.5.1.25 )", "( 2.16.840.1.113719.1.135.4.32 NAME 'rbsContentMembership' SYNTAX 2.16.840.1.113719.1.1.5.1.25 )", "( 2.16.840.1.113719.1.135.4.33 NAME 'rbsEntryPoint' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64512} SINGLE-VALUE )", "( 2.16.840.1.113719.1.135.4.34 NAME 'rbsMember' SYNTAX 2.16.840.1.113719.1.1.5.1.25 )", "( 2.16.840.1.113719.1.135.4.35 NAME 'rbsOwnedCollections' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )", "( 2.16.840.1.113719.1.135.4.36 NAME 'rbsPath' SYNTAX 2.16.840.1.113719.1.1.5.1.25 )", "( 2.16.840.1.113719.1.135.4.37 NAME 'rbsParameters' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64512} )", "( 2.16.840.1.113719.1.135.4.38 NAME 'rbsTaskRights' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} )", "( 2.16.840.1.113719.1.135.4.39 NAME 'rbsTrusteeOf' SYNTAX 2.16.840.1.113719.1.1.5.1.25 )", "( 2.16.840.1.113719.1.135.4.40 NAME 'rbsType' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} SINGLE-VALUE X-NDS_LOWER_BOUND '1' X-NDS_UPPER_BOUND '256' )", "( 2.16.840.1.113719.1.135.4.41 NAME 'rbsURL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE )", "( 2.16.840.1.113719.1.135.4.42 NAME 'rbsTaskTemplates' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} )", "( 2.16.840.1.113719.1.135.4.43 NAME 'rbsTaskTemplatesURL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE )", "( 2.16.840.1.113719.1.135.4.44 NAME 'rbsGALabel' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE )", "( 2.16.840.1.113719.1.135.4.45 NAME 'rbsPageMembership' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64512} )", "( 2.16.840.1.113719.1.135.4.46 NAME 'rbsTargetObjectType' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 2.16.840.1.113719.1.135.4.47 NAME 'rbsContext' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )", "( 2.16.840.1.113719.1.135.4.48 NAME 'rbsXMLInfo' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} SINGLE-VALUE )", "( 2.16.840.1.113719.1.135.4.51 NAME 'rbsAssignedRoles2' SYNTAX 2.16.840.1.113719.1.1.5.1.25 )", "( 2.16.840.1.113719.1.135.4.52 NAME 'rbsOwnedCollections2' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )", "( 2.16.840.1.113719.1.1.4.1.540 NAME 'prSyncPolicyDN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-NDS_SERVER_READ '1' )", "( 2.16.840.1.113719.1.1.4.1.541 NAME 'prSyncAttributes' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} X-NDS_SERVER_READ '1' )", "( 2.16.840.1.113719.1.1.4.1.542 NAME 'dsEncryptedReplicationConfig' SYNTAX 2.16.840.1.113719.1.1.5.1.19 )", "( 2.16.840.1.113719.1.1.4.1.543 NAME 'encryptionPolicyDN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )", "( 2.16.840.1.113719.1.1.4.1.544 NAME 'attrEncryptionRequiresSecure' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 2.16.840.1.113719.1.1.4.1.545 NAME 'attrEncryptionDefinition' SYNTAX 2.16.840.1.113719.1.1.5.1.6{64512} X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.48.4.1.16 NAME 'ndspkiCRLFileName' SYNTAX 2.16.840.1.113719.1.1.5.1.15{64512} SINGLE-VALUE X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.48.4.1.17 NAME 'ndspkiStatus' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.48.4.1.18 NAME 'ndspkiIssueTime' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.48.4.1.19 NAME 'ndspkiNextIssueTime' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.48.4.1.20 NAME 'ndspkiAttemptTime' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.48.4.1.21 NAME 'ndspkiTimeInterval' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.48.4.1.22 NAME 'ndspkiCRLMaxProcessingInterval' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.48.4.1.23 NAME 'ndspkiCRLNumber' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.48.4.1.24 NAME 'ndspkiDistributionPoints' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.48.4.1.25 NAME 'ndspkiCRLProcessData' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.48.4.1.26 NAME 'ndspkiCRLConfigurationDNList' SYNTAX 2.16.840.1.113719.1.1.5.1.15{64512} X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.48.4.1.27 NAME 'ndspkiCADN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.48.4.1.28 NAME 'ndspkiCRLContainerDN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.48.4.1.29 NAME 'ndspkiIssuedCertContainerDN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.48.4.1.30 NAME 'ndspkiDistributionPointDN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.48.4.1.31 NAME 'ndspkiCRLConfigurationDN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.48.4.1.32 NAME 'ndspkiDirectory' SYNTAX 2.16.840.1.113719.1.1.5.1.15{64512} )", "( 2.5.4.38 NAME 'authorityRevocationList' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_NAME 'ndspkiAuthorityRevocationList' X-NDS_PUBLIC_READ '1' )", "( 2.5.4.39 NAME 'certificateRevocationList' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_NAME 'ndspkiCertificateRevocationList' X-NDS_PUBLIC_READ '1' )", "( 2.5.4.53 NAME 'deltaRevocationList' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE X-NDS_NAME 'ndspkiDeltaRevocationList' X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.48.4.1.36 NAME 'ndspkiTrustedRootList' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.48.4.1.37 NAME 'ndspkiSecurityRightsLevel' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 2.16.840.1.113719.1.48.4.1.38 NAME 'ndspkiKMOExport' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 2.16.840.1.113719.1.7.4.1 NAME 'notfSMTPEmailHost' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.7.4.2 NAME 'notfSMTPEmailFrom' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.7.4.3 NAME 'notfSMTPEmailUserName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.7.4.5 NAME 'notfMergeTemplateData' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64512} SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.7.4.6 NAME 'notfMergeTemplateSubject' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64512} SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.44.4.1 NAME 'nsimRequiredQuestions' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64512} SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.44.4.2 NAME 'nsimRandomQuestions' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64512} SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.44.4.3 NAME 'nsimNumberRandomQuestions' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.44.4.4 NAME 'nsimMinResponseLength' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.44.4.5 NAME 'nsimMaxResponseLength' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.44.4.6 NAME 'nsimForgottenLoginConfig' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.44.4.7 NAME 'nsimForgottenAction' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64512} SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.44.4.8 NAME 'nsimAssignments' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.44.4.9 NAME 'nsimChallengeSetDN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.44.4.10 NAME 'nsimChallengeSetGUID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64512} SINGLE-VALUE X-NDS_PUBLIC_READ '1' X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.44.4.11 NAME 'nsimPwdRuleEnforcement' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.39.44.4.12 NAME 'nsimHint' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64512} SINGLE-VALUE X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.39.44.4.13 NAME 'nsimPasswordReminder' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64512} SINGLE-VALUE )", "( 2.16.840.1.113719.1.266.4.4 NAME 'sssProxyStoreKey' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE USAGE directoryOperation X-NDS_HIDDEN '1' )", "( 2.16.840.1.113719.1.266.4.5 NAME 'sssProxyStoreSecrets' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} USAGE directoryOperation X-NDS_HIDDEN '1' )", "( 2.16.840.1.113719.1.266.4.6 NAME 'sssActiveServerList' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} )", "( 2.16.840.1.113719.1.266.4.7 NAME 'sssCacheRefreshInterval' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 2.16.840.1.113719.1.266.4.8 NAME 'sssAdminList' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )", "( 2.16.840.1.113719.1.266.4.9 NAME 'sssAdminGALabel' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} SINGLE-VALUE )", "( 2.16.840.1.113719.1.266.4.10 NAME 'sssEnableReadTimestamps' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 2.16.840.1.113719.1.266.4.11 NAME 'sssDisableMasterPasswords' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 2.16.840.1.113719.1.266.4.12 NAME 'sssEnableAdminAccess' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 2.16.840.1.113719.1.266.4.13 NAME 'sssReadSecretPolicies' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} )", "( 2.16.840.1.113719.1.266.4.14 NAME 'sssServerPolicyOverrideDN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )", "( 2.16.840.1.113719.1.1.4.1.531 NAME 'eDirCloneSource' SYNTAX 2.16.840.1.113719.1.1.5.1.15{64512} SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.1.4.1.532 NAME 'eDirCloneKeys' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64512} NO-USER-MODIFICATION USAGE directoryOperation X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' X-NDS_HIDDEN '1' )", "( 2.16.840.1.113719.1.1.4.1.533 NAME 'eDirCloneLock' SYNTAX 2.16.840.1.113719.1.1.5.1.15{64512} SINGLE-VALUE X-NDS_NOT_SCHED_SYNC_IMMEDIATE '1' )", "( 2.16.840.1.113719.1.1.4.711 NAME 'groupMember' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )", "( 2.16.840.1.113719.1.1.4.712 NAME 'nestedConfig' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 2.16.840.1.113719.1.1.4.717 NAME 'xdasDSConfiguration' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 2.16.840.1.113719.1.1.4.718 NAME 'xdasConfiguration' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 2.16.840.1.113719.1.1.4.719 NAME 'xdasVersion' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{32768} SINGLE-VALUE X-NDS_UPPER_BOUND '32768' )", "( 2.16.840.1.113719.1.347.4.79 NAME 'NAuditInstrumentation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64512} )", "( 2.16.840.1.113719.1.347.4.2 NAME 'NAuditLoggingServer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 X-NDS_PUBLIC_READ '1' )", "( 2.16.840.1.113719.1.135.4.53 NAME 'rbsRoleMember' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )", "( 2.16.840.1.113719.1.135.4.54 NAME 'rbsCategoryMembership' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )" ], "ldapSyntaxes": [ "( 1.3.6.1.4.1.1466.115.121.1.1 X-NDS_SYNTAX '9' )", "( 1.3.6.1.4.1.1466.115.121.1.2 X-NDS_SYNTAX '9' )", "( 1.3.6.1.4.1.1466.115.121.1.3 X-NDS_SYNTAX '3' )", "( 1.3.6.1.4.1.1466.115.121.1.4 X-NDS_SYNTAX '9' )", "( 1.3.6.1.4.1.1466.115.121.1.5 X-NDS_SYNTAX '21' )", "( 1.3.6.1.4.1.1466.115.121.1.6 X-NDS_SYNTAX '9' )", "( 1.3.6.1.4.1.1466.115.121.1.7 X-NDS_SYNTAX '7' )", "( 2.16.840.1.113719.1.1.5.1.6 X-NDS_SYNTAX '6' )", "( 1.3.6.1.4.1.1466.115.121.1.8 X-NDS_SYNTAX '9' )", "( 1.3.6.1.4.1.1466.115.121.1.9 X-NDS_SYNTAX '9' )", "( 1.3.6.1.4.1.1466.115.121.1.10 X-NDS_SYNTAX '9' )", "( 2.16.840.1.113719.1.1.5.1.22 X-NDS_SYNTAX '22' )", "( 1.3.6.1.4.1.1466.115.121.1.11 X-NDS_SYNTAX '3' )", "( 1.3.6.1.4.1.1466.115.121.1.12 X-NDS_SYNTAX '1' )", "( 1.3.6.1.4.1.1466.115.121.1.13 X-NDS_SYNTAX '9' )", "( 1.3.6.1.4.1.1466.115.121.1.14 X-NDS_SYNTAX '9' )", "( 1.3.6.1.4.1.1466.115.121.1.15 X-NDS_SYNTAX '3' )", "( 1.3.6.1.4.1.1466.115.121.1.16 X-NDS_SYNTAX '3' )", "( 1.3.6.1.4.1.1466.115.121.1.17 X-NDS_SYNTAX '3' )", "( 1.3.6.1.4.1.1466.115.121.1.18 X-NDS_SYNTAX '9' )", "( 1.3.6.1.4.1.1466.115.121.1.19 X-NDS_SYNTAX '9' )", "( 1.3.6.1.4.1.1466.115.121.1.20 X-NDS_SYNTAX '9' )", "( 1.3.6.1.4.1.1466.115.121.1.21 X-NDS_SYNTAX '9' )", "( 1.3.6.1.4.1.1466.115.121.1.22 X-NDS_SYNTAX '11' )", "( 1.3.6.1.4.1.1466.115.121.1.23 X-NDS_SYNTAX '9' )", "( 1.3.6.1.4.1.1466.115.121.1.24 X-NDS_SYNTAX '24' )", "( 1.3.6.1.4.1.1466.115.121.1.25 X-NDS_SYNTAX '9' )", "( 1.3.6.1.4.1.1466.115.121.1.26 X-NDS_SYNTAX '2' )", "( 1.3.6.1.4.1.1466.115.121.1.27 X-NDS_SYNTAX '8' )", "( 1.3.6.1.4.1.1466.115.121.1.28 X-NDS_SYNTAX '9' )", "( 1.2.840.113556.1.4.906 X-NDS_SYNTAX '29' )", "( 1.3.6.1.4.1.1466.115.121.1.54 X-NDS_SYNTAX '3' )", "( 1.3.6.1.4.1.1466.115.121.1.56 X-NDS_SYNTAX '9' )", "( 1.3.6.1.4.1.1466.115.121.1.57 X-NDS_SYNTAX '3' )", "( 1.3.6.1.4.1.1466.115.121.1.29 X-NDS_SYNTAX '9' )", "( 1.3.6.1.4.1.1466.115.121.1.30 X-NDS_SYNTAX '3' )", "( 1.3.6.1.4.1.1466.115.121.1.31 X-NDS_SYNTAX '3' )", "( 1.3.6.1.4.1.1466.115.121.1.32 X-NDS_SYNTAX '3' )", "( 1.3.6.1.4.1.1466.115.121.1.33 X-NDS_SYNTAX '3' )", "( 1.3.6.1.4.1.1466.115.121.1.55 X-NDS_SYNTAX '9' )", "( 1.3.6.1.4.1.1466.115.121.1.34 X-NDS_SYNTAX '3' )", "( 1.3.6.1.4.1.1466.115.121.1.35 X-NDS_SYNTAX '3' )", "( 2.16.840.1.113719.1.1.5.1.19 X-NDS_SYNTAX '19' )", "( 1.3.6.1.4.1.1466.115.121.1.36 X-NDS_SYNTAX '5' )", "( 2.16.840.1.113719.1.1.5.1.17 X-NDS_SYNTAX '17' )", "( 1.3.6.1.4.1.1466.115.121.1.37 X-NDS_SYNTAX '3' )", "( 2.16.840.1.113719.1.1.5.1.13 X-NDS_SYNTAX '13' )", "( 1.3.6.1.4.1.1466.115.121.1.40 X-NDS_SYNTAX '9' )", "( 1.3.6.1.4.1.1466.115.121.1.38 X-NDS_SYNTAX '3' )", "( 1.3.6.1.4.1.1466.115.121.1.39 X-NDS_SYNTAX '3' )", "( 1.3.6.1.4.1.1466.115.121.1.41 X-NDS_SYNTAX '18' )", "( 1.3.6.1.4.1.1466.115.121.1.43 X-NDS_SYNTAX '9' )", "( 1.3.6.1.4.1.1466.115.121.1.44 X-NDS_SYNTAX '4' )", "( 1.3.6.1.4.1.1466.115.121.1.42 X-NDS_SYNTAX '9' )", "( 2.16.840.1.113719.1.1.5.1.16 X-NDS_SYNTAX '16' )", "( 1.3.6.1.4.1.1466.115.121.1.58 X-NDS_SYNTAX '9' )", "( 1.3.6.1.4.1.1466.115.121.1.45 X-NDS_SYNTAX '9' )", "( 1.3.6.1.4.1.1466.115.121.1.46 X-NDS_SYNTAX '9' )", "( 1.3.6.1.4.1.1466.115.121.1.47 X-NDS_SYNTAX '9' )", "( 1.3.6.1.4.1.1466.115.121.1.48 X-NDS_SYNTAX '9' )", "( 1.3.6.1.4.1.1466.115.121.1.49 X-NDS_SYNTAX '9' )", "( 2.16.840.1.113719.1.1.5.1.12 X-NDS_SYNTAX '12' )", "( 2.16.840.1.113719.1.1.5.1.23 X-NDS_SYNTAX '23' )", "( 2.16.840.1.113719.1.1.5.1.15 X-NDS_SYNTAX '15' )", "( 2.16.840.1.113719.1.1.5.1.14 X-NDS_SYNTAX '14' )", "( 1.3.6.1.4.1.1466.115.121.1.50 X-NDS_SYNTAX '10' )", "( 1.3.6.1.4.1.1466.115.121.1.51 X-NDS_SYNTAX '9' )", "( 1.3.6.1.4.1.1466.115.121.1.52 X-NDS_SYNTAX '9' )", "( 2.16.840.1.113719.1.1.5.1.25 X-NDS_SYNTAX '25' )", "( 1.3.6.1.4.1.1466.115.121.1.53 X-NDS_SYNTAX '9' )" ], "modifyTimestamp": [ "20141014222353Z" ], "objectClass": [ "top", "subschema" ], "objectClasses": [ "( 2.5.6.0 NAME 'Top' STRUCTURAL MUST objectClass MAY ( cAPublicKey $ cAPrivateKey $ certificateValidityInterval $ authorityRevocation $ lastReferencedTime $ equivalentToMe $ ACL $ backLink $ binderyProperty $ Obituary $ Reference $ revision $ ndsCrossCertificatePair $ certificateRevocation $ usedBy $ GUID $ otherGUID $ DirXML-Associations $ creatorsName $ modifiersName $ objectVersion $ auxClassCompatibility $ unknownBaseClass $ unknownAuxiliaryClass $ masvProposedLabel $ masvDefaultRange $ masvAuthorizedRange $ auditFileLink $ rbsAssignedRoles $ rbsOwnedCollections $ rbsAssignedRoles2 $ rbsOwnedCollections2 ) X-NDS_NONREMOVABLE '1' X-NDS_ACL_TEMPLATES '16#subtree#[Creator]#[Entry Rights]' )", "( 1.3.6.1.4.1.42.2.27.1.2.1 NAME 'aliasObject' SUP Top STRUCTURAL MUST aliasedObjectName X-NDS_NAME 'Alias' X-NDS_NOT_CONTAINER '1' X-NDS_NONREMOVABLE '1' )", "( 2.5.6.2 NAME 'Country' SUP Top STRUCTURAL MUST c MAY ( description $ searchGuide $ sssActiveServerList $ sssServerPolicyOverrideDN ) X-NDS_NAMING 'c' X-NDS_CONTAINMENT ( 'Top' 'treeRoot' 'domain' ) X-NDS_NONREMOVABLE '1' )", "( 2.5.6.3 NAME 'Locality' SUP Top STRUCTURAL MAY ( description $ l $ seeAlso $ st $ street $ searchGuide $ sssActiveServerList $ sssServerPolicyOverrideDN ) X-NDS_NAMING ( 'l' 'st' ) X-NDS_CONTAINMENT ( 'Country' 'organizationalUnit' 'Locality' 'Organization' 'domain' ) X-NDS_NONREMOVABLE '1' )", "( 2.5.6.4 NAME 'Organization' SUP ( ndsLoginProperties $ ndsContainerLoginProperties ) STRUCTURAL MUST o MAY ( description $ facsimileTelephoneNumber $ l $ loginScript $ eMailAddress $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOfficeBox $ printJobConfiguration $ printerControl $ seeAlso $ st $ street $ telephoneNumber $ loginIntruderLimit $ intruderAttemptResetInterval $ detectIntruder $ lockoutAfterDetection $ intruderLockoutResetInterval $ nNSDomain $ mailboxLocation $ mailboxID $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ internationaliSDNNumber $ businessCategory $ searchGuide $ rADIUSAttributeLists $ rADIUSDefaultProfile $ rADIUSDialAccessGroup $ rADIUSEnableDialAccess $ rADIUSServiceList $ sssActiveServerList $ sssServerPolicyOverrideDN $ userPassword ) X-NDS_NAMING 'o' X-NDS_CONTAINMENT ( 'Top' 'treeRoot' 'Country' 'Locality' 'domain' ) X-NDS_NONREMOVABLE '1' X-NDS_ACL_TEMPLATES ( '2#entry#[Self]#loginScript' '2#entry#[Self]#printJobConfiguration') )", "( 2.5.6.5 NAME 'organizationalUnit' SUP ( ndsLoginProperties $ ndsContainerLoginProperties ) STRUCTURAL MUST ou MAY ( description $ facsimileTelephoneNumber $ l $ loginScript $ eMailAddress $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOfficeBox $ printJobConfiguration $ printerControl $ seeAlso $ st $ street $ telephoneNumber $ loginIntruderLimit $ intruderAttemptResetInterval $ detectIntruder $ lockoutAfterDetection $ intruderLockoutResetInterval $ nNSDomain $ mailboxLocation $ mailboxID $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ internationaliSDNNumber $ businessCategory $ searchGuide $ rADIUSAttributeLists $ rADIUSDefaultProfile $ rADIUSDialAccessGroup $ rADIUSEnableDialAccess $ rADIUSServiceList $ sssActiveServerList $ sssServerPolicyOverrideDN $ userPassword ) X-NDS_NAMING 'ou' X-NDS_CONTAINMENT ( 'Locality' 'Organization' 'organizationalUnit' 'domain' ) X-NDS_NAME 'Organizational Unit' X-NDS_NONREMOVABLE '1' X-NDS_ACL_TEMPLATES ( '2#entry#[Self]#loginScript' '2#entry#[Self]#printJobConfiguration') )", "( 2.5.6.8 NAME 'organizationalRole' SUP Top STRUCTURAL MUST cn MAY ( description $ facsimileTelephoneNumber $ l $ eMailAddress $ ou $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOfficeBox $ roleOccupant $ seeAlso $ st $ street $ telephoneNumber $ mailboxLocation $ mailboxID $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ internationaliSDNNumber ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT ( 'Organization' 'organizationalUnit' 'domain' ) X-NDS_NAME 'Organizational Role' X-NDS_NOT_CONTAINER '1' X-NDS_NONREMOVABLE '1' )", "( 2.5.6.9 NAME ( 'groupOfNames' 'group' 'groupOfUniqueNames' ) SUP Top STRUCTURAL MUST cn MAY ( description $ l $ member $ ou $ o $ owner $ seeAlso $ groupID $ fullName $ eMailAddress $ mailboxLocation $ mailboxID $ Profile $ profileMembership $ loginScript $ businessCategory $ nspmPasswordPolicyDN ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT ( 'Organization' 'organizationalUnit' 'domain' ) X-NDS_NAME 'Group' X-NDS_NOT_CONTAINER '1' X-NDS_NONREMOVABLE '1' )", "( 2.5.6.6 NAME 'Person' SUP ndsLoginProperties STRUCTURAL MUST ( cn $ sn ) MAY ( description $ seeAlso $ telephoneNumber $ fullName $ givenName $ initials $ generationQualifier $ uid $ assistant $ assistantPhone $ city $ st $ company $ co $ directReports $ manager $ mailstop $ mobile $ personalTitle $ pager $ workforceID $ instantMessagingID $ preferredName $ photo $ jobCode $ siteLocation $ employeeStatus $ employeeType $ costCenter $ costCenterDescription $ tollFreePhoneNumber $ otherPhoneNumber $ managerWorkforceID $ roomNumber $ jackNumber $ departmentNumber $ vehicleInformation $ accessCardNumber $ isManager $ userPassword ) X-NDS_NAMING ( 'cn' 'uid' ) X-NDS_CONTAINMENT ( 'Organization' 'organizationalUnit' 'domain' ) X-NDS_NOT_CONTAINER '1' X-NDS_NONREMOVABLE '1' )", "( 2.5.6.7 NAME 'organizationalPerson' SUP Person STRUCTURAL MAY ( facsimileTelephoneNumber $ l $ eMailAddress $ ou $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOfficeBox $ st $ street $ title $ mailboxLocation $ mailboxID $ uid $ mail $ employeeNumber $ destinationIndicator $ internationaliSDNNumber $ preferredDeliveryMethod $ registeredAddress $ teletexTerminalIdentifier $ telexNumber $ x121Address $ businessCategory $ roomNumber $ x500UniqueIdentifier ) X-NDS_NAMING ( 'cn' 'ou' 'uid' ) X-NDS_CONTAINMENT ( 'Organization' 'organizationalUnit' 'domain' ) X-NDS_NAME 'Organizational Person' X-NDS_NOT_CONTAINER '1' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' SUP organizationalPerson STRUCTURAL MAY ( groupMembership $ ndsHomeDirectory $ loginAllowedTimeMap $ loginDisabled $ loginExpirationTime $ loginGraceLimit $ loginGraceRemaining $ loginIntruderAddress $ loginIntruderAttempts $ loginIntruderResetTime $ loginMaximumSimultaneous $ loginScript $ loginTime $ networkAddressRestriction $ networkAddress $ passwordsUsed $ passwordAllowChange $ passwordExpirationInterval $ passwordExpirationTime $ passwordMinimumLength $ passwordRequired $ passwordUniqueRequired $ printJobConfiguration $ privateKey $ Profile $ publicKey $ securityEquals $ accountBalance $ allowUnlimitedCredit $ minimumAccountBalance $ messageServer $ Language $ ndsUID $ lockedByIntruder $ serverHolds $ lastLoginTime $ typeCreatorMap $ higherPrivileges $ printerControl $ securityFlags $ profileMembership $ Timezone $ sASServiceDN $ sASSecretStore $ sASSecretStoreKey $ sASSecretStoreData $ sASPKIStoreKeys $ userCertificate $ nDSPKIUserCertificateInfo $ nDSPKIKeystore $ rADIUSActiveConnections $ rADIUSAttributeLists $ rADIUSConcurrentLimit $ rADIUSConnectionHistory $ rADIUSDefaultProfile $ rADIUSDialAccessGroup $ rADIUSEnableDialAccess $ rADIUSPassword $ rADIUSServiceList $ audio $ businessCategory $ carLicense $ departmentNumber $ employeeNumber $ employeeType $ displayName $ givenName $ homePhone $ homePostalAddress $ initials $ jpegPhoto $ labeledUri $ mail $ manager $ mobile $ o $ pager $ ldapPhoto $ preferredLanguage $ roomNumber $ secretary $ uid $ userSMIMECertificate $ x500UniqueIdentifier $ userPKCS12 $ sssProxyStoreKey $ sssProxyStoreSecrets $ sssServerPolicyOverrideDN ) X-NDS_NAME 'User' X-NDS_NOT_CONTAINER '1' X-NDS_NONREMOVABLE '1' X-NDS_ACL_TEMPLATES ( '2#subtree#[Self]#[All Attributes Rights]' '6#entry#[Self]#loginScript' '1#subtree#[Root Template]#[Entry Rights]' '2#entry#[Public]#messageServer' '2#entry#[Root Template]#groupMembership' '6#entry#[Self]#printJobConfiguration' '2#entry#[Root Template]#networkAddress') )", "( 2.5.6.14 NAME 'Device' SUP Top STRUCTURAL MUST cn MAY ( description $ l $ networkAddress $ ou $ o $ owner $ seeAlso $ serialNumber ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT ( 'Organization' 'organizationalUnit' 'domain' ) X-NDS_NOT_CONTAINER '1' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.6.1.4 NAME 'Computer' SUP Device STRUCTURAL MAY ( operator $ server $ status ) X-NDS_NOT_CONTAINER '1' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.6.1.17 NAME 'Printer' SUP Device STRUCTURAL MAY ( Cartridge $ printerConfiguration $ defaultQueue $ hostDevice $ printServer $ Memory $ networkAddressRestriction $ notify $ operator $ pageDescriptionLanguage $ queue $ status $ supportedTypefaces ) X-NDS_NOT_CONTAINER '1' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.6.1.21 NAME 'Resource' SUP Top ABSTRACT MUST cn MAY ( description $ hostResourceName $ l $ ou $ o $ seeAlso $ Uses ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT ( 'Organization' 'organizationalUnit' 'domain' ) X-NDS_NOT_CONTAINER '1' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.6.1.20 NAME 'Queue' SUP Resource STRUCTURAL MUST queueDirectory MAY ( Device $ operator $ server $ User $ networkAddress $ Volume $ hostServer ) X-NDS_NOT_CONTAINER '1' X-NDS_NONREMOVABLE '1' X-NDS_ACL_TEMPLATES '2#subtree#[Root Template]#[All Attributes Rights]' )", "( 2.16.840.1.113719.1.1.6.1.3 NAME 'binderyQueue' SUP Queue STRUCTURAL MUST binderyType X-NDS_NAMING ( 'cn' 'binderyType' ) X-NDS_NAME 'Bindery Queue' X-NDS_NOT_CONTAINER '1' X-NDS_NONREMOVABLE '1' X-NDS_ACL_TEMPLATES '2#subtree#[Root Template]#[All Attributes Rights]' )", "( 2.16.840.1.113719.1.1.6.1.26 NAME 'Volume' SUP Resource STRUCTURAL MUST hostServer MAY status X-NDS_NOT_CONTAINER '1' X-NDS_NONREMOVABLE '1' X-NDS_ACL_TEMPLATES ( '2#entry#[Root Template]#hostResourceName' '2#entry#[Root Template]#hostServer') )", "( 2.16.840.1.113719.1.1.6.1.7 NAME 'directoryMap' SUP Resource STRUCTURAL MUST hostServer MAY path X-NDS_NAME 'Directory Map' X-NDS_NOT_CONTAINER '1' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.6.1.19 NAME 'Profile' SUP Top STRUCTURAL MUST ( cn $ loginScript ) MAY ( description $ l $ ou $ o $ seeAlso $ fullName ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT ( 'Organization' 'organizationalUnit' 'domain' ) X-NDS_NOT_CONTAINER '1' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.6.1.22 NAME 'Server' SUP Top ABSTRACT MUST cn MAY ( description $ hostDevice $ l $ ou $ o $ privateKey $ publicKey $ Resource $ seeAlso $ status $ User $ Version $ networkAddress $ accountBalance $ allowUnlimitedCredit $ minimumAccountBalance $ fullName $ securityEquals $ securityFlags $ Timezone $ ndapClassPasswordMgmt $ ndapClassLoginMgmt ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT ( 'Organization' 'organizationalUnit' 'domain' ) X-NDS_NOT_CONTAINER '1' X-NDS_NONREMOVABLE '1' X-NDS_ACL_TEMPLATES ( '2#entry#[Public]#networkAddress' '16#subtree#[Self]#[Entry Rights]') )", "( 2.16.840.1.113719.1.1.6.1.10 NAME 'ncpServer' SUP Server STRUCTURAL MAY ( operator $ supportedServices $ messagingServer $ dsRevision $ permanentConfigParms $ ndsPredicateStatsDN $ languageId $ indexDefinition $ CachedAttrsOnExtRefs $ NCPKeyMaterialName $ ldapServerDN $ httpServerDN $ emboxConfig $ sASServiceDN $ cACertificate $ nDSPKIPublicKey $ nDSPKIPrivateKey $ nDSPKICertificateChain $ nDSPKIParentCADN $ nDSPKISDKeyID $ nDSPKISDKeyStruct $ snmpGroupDN $ wANMANWANPolicy $ wANMANLANAreaMembership $ wANMANCost $ wANMANDefaultCost $ encryptionPolicyDN $ eDirCloneSource $ eDirCloneLock $ xdasDSConfiguration $ xdasConfiguration $ xdasVersion $ NAuditLoggingServer $ NAuditInstrumentation ) X-NDS_NAME 'NCP Server' X-NDS_NOT_CONTAINER '1' X-NDS_NONREMOVABLE '1' X-NDS_ACL_TEMPLATES '2#entry#[Public]#messagingServer' )", "( 2.16.840.1.113719.1.1.6.1.18 NAME 'printServer' SUP Server STRUCTURAL MAY ( operator $ printer $ sAPName ) X-NDS_NAME 'Print Server' X-NDS_NOT_CONTAINER '1' X-NDS_NONREMOVABLE '1' X-NDS_ACL_TEMPLATES '2#subtree#[Root Template]#[All Attributes Rights]' )", "( 2.16.840.1.113719.1.1.6.1.31 NAME 'CommExec' SUP Server STRUCTURAL MAY networkAddressRestriction X-NDS_NOT_CONTAINER '1' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.6.1.2 NAME 'binderyObject' SUP Top STRUCTURAL MUST ( binderyObjectRestriction $ binderyType $ cn ) X-NDS_NAMING ( 'cn' 'binderyType' ) X-NDS_CONTAINMENT ( 'Organization' 'organizationalUnit' 'domain' ) X-NDS_NAME 'Bindery Object' X-NDS_NOT_CONTAINER '1' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.6.1.15 NAME 'Partition' AUXILIARY MAY ( Convergence $ partitionCreationTime $ Replica $ inheritedACL $ lowConvergenceSyncInterval $ receivedUpTo $ synchronizedUpTo $ authorityRevocation $ certificateRevocation $ cAPrivateKey $ cAPublicKey $ ndsCrossCertificatePair $ lowConvergenceResetTime $ highConvergenceSyncInterval $ partitionControl $ replicaUpTo $ partitionStatus $ transitiveVector $ purgeVector $ synchronizationTolerance $ obituaryNotify $ localReceivedUpTo $ federationControl $ syncPanePoint $ syncWindowVector $ authoritative $ allowAliasToAncestor $ sASSecurityDN $ masvLabel $ ndapPartitionPasswordMgmt $ ndapPartitionLoginMgmt $ prSyncPolicyDN $ dsEncryptedReplicationConfig ) X-NDS_NOT_CONTAINER '1' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.6.1.0 NAME 'aFPServer' SUP Server STRUCTURAL MAY ( serialNumber $ supportedConnections ) X-NDS_NAME 'AFP Server' X-NDS_NOT_CONTAINER '1' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.6.1.27 NAME 'messagingServer' SUP Server STRUCTURAL MAY ( messagingDatabaseLocation $ messageRoutingGroup $ Postmaster $ supportedServices $ messagingServerType $ supportedGateway ) X-NDS_NAME 'Messaging Server' X-NDS_NOT_CONTAINER '1' X-NDS_NONREMOVABLE '1' X-NDS_ACL_TEMPLATES ( '1#subtree#[Self]#[Entry Rights]' '2#subtree#[Self]#[All Attributes Rights]' '6#entry#[Self]#status' '2#entry#[Public]#messagingServerType' '2#entry#[Public]#messagingDatabaseLocation') )", "( 2.16.840.1.113719.1.1.6.1.28 NAME 'messageRoutingGroup' SUP groupOfNames STRUCTURAL X-NDS_NAME 'Message Routing Group' X-NDS_NOT_CONTAINER '1' X-NDS_NONREMOVABLE '1' X-NDS_ACL_TEMPLATES ( '1#subtree#[Self]#[Entry Rights]' '2#subtree#[Self]#[All Attributes Rights]') )", "( 2.16.840.1.113719.1.1.6.1.29 NAME 'externalEntity' SUP Top STRUCTURAL MUST cn MAY ( description $ seeAlso $ facsimileTelephoneNumber $ l $ eMailAddress $ ou $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOfficeBox $ st $ street $ title $ externalName $ mailboxLocation $ mailboxID ) X-NDS_NAMING ( 'cn' 'ou' ) X-NDS_CONTAINMENT ( 'Organization' 'organizationalUnit' 'domain' ) X-NDS_NAME 'External Entity' X-NDS_NOT_CONTAINER '1' X-NDS_NONREMOVABLE '1' X-NDS_ACL_TEMPLATES '2#entry#[Public]#externalName' )", "( 2.16.840.1.113719.1.1.6.1.30 NAME 'List' SUP Top STRUCTURAL MUST cn MAY ( description $ l $ member $ ou $ o $ eMailAddress $ mailboxLocation $ mailboxID $ owner $ seeAlso $ fullName ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT ( 'Organization' 'organizationalUnit' 'domain' ) X-NDS_NOT_CONTAINER '1' X-NDS_NONREMOVABLE '1' X-NDS_ACL_TEMPLATES '2#entry#[Root Template]#member' )", "( 2.16.840.1.113719.1.1.6.1.32 NAME 'treeRoot' SUP Top STRUCTURAL MUST T MAY sssActiveServerList X-NDS_NAMING 'T' X-NDS_NAME 'Tree Root' X-NDS_NONREMOVABLE '1' )", "( 0.9.2342.19200300.100.4.13 NAME 'domain' SUP ( Top $ ndsLoginProperties $ ndsContainerLoginProperties ) STRUCTURAL MUST dc MAY ( searchGuide $ o $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ l $ associatedName $ description $ sssActiveServerList $ sssServerPolicyOverrideDN $ userPassword ) X-NDS_NAMING 'dc' X-NDS_CONTAINMENT ( 'Top' 'treeRoot' 'Country' 'Locality' 'Organization' 'organizationalUnit' 'domain' ) X-NDS_NONREMOVABLE '1' )", "( 1.3.6.1.4.1.1466.344 NAME 'dcObject' AUXILIARY MUST dc X-NDS_NAMING 'dc' X-NDS_NOT_CONTAINER '1' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.6.1.33 NAME 'ndsLoginProperties' SUP Top ABSTRACT MAY ( groupMembership $ loginAllowedTimeMap $ loginDisabled $ loginExpirationTime $ loginGraceLimit $ loginGraceRemaining $ loginIntruderAddress $ loginIntruderAttempts $ loginIntruderResetTime $ loginMaximumSimultaneous $ loginScript $ loginTime $ networkAddressRestriction $ networkAddress $ passwordsUsed $ passwordAllowChange $ passwordExpirationInterval $ passwordExpirationTime $ passwordMinimumLength $ passwordRequired $ passwordUniqueRequired $ privateKey $ Profile $ publicKey $ securityEquals $ accountBalance $ allowUnlimitedCredit $ minimumAccountBalance $ Language $ lockedByIntruder $ serverHolds $ lastLoginTime $ higherPrivileges $ securityFlags $ profileMembership $ Timezone $ loginActivationTime $ UTF8LoginScript $ loginScriptCharset $ sASNDSPasswordWindow $ sASLoginSecret $ sASLoginSecretKey $ sASEncryptionType $ sASLoginConfiguration $ sASLoginConfigurationKey $ sasLoginFailureDelay $ sasDefaultLoginSequence $ sasAuthorizedLoginSequences $ sasAllowableSubjectNames $ sasUpdateLoginInfo $ sasOTPEnabled $ sasOTPCounter $ sasOTPDigits $ sasOTPReSync $ sasUpdateLoginTimeInterval $ ndapPasswordMgmt $ ndapLoginMgmt $ nspmPasswordKey $ nspmPassword $ pwdChangedTime $ pwdAccountLockedTime $ pwdFailureTime $ nspmDoNotExpirePassword $ nspmDistributionPassword $ nspmPreviousDistributionPassword $ nspmPasswordHistory $ nspmAdministratorChangeCount $ nspmPasswordPolicyDN $ nsimHint $ nsimPasswordReminder $ userPassword ) X-NDS_NOT_CONTAINER '1' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.141.6.1 NAME 'federationBoundary' AUXILIARY MUST federationBoundaryType MAY ( federationControl $ federationDNSName $ federationSearchPath ) X-NDS_NOT_CONTAINER '1' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.6.1.34 NAME 'ndsContainerLoginProperties' SUP Top ABSTRACT MAY ( loginIntruderLimit $ intruderAttemptResetInterval $ detectIntruder $ lockoutAfterDetection $ intruderLockoutResetInterval $ sasLoginFailureDelay $ sasDefaultLoginSequence $ sasAuthorizedLoginSequences $ sasUpdateLoginInfo $ sasOTPEnabled $ sasOTPDigits $ sasUpdateLoginTimeInterval $ ndapPasswordMgmt $ ndapLoginMgmt $ nspmPasswordPolicyDN ) X-NDS_NOT_CONTAINER '1' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.27.6.3 NAME 'ndsPredicateStats' SUP Top STRUCTURAL MUST ( cn $ ndsPredicateState $ ndsPredicateFlush ) MAY ( ndsPredicate $ ndsPredicateTimeout $ ndsPredicateUseValues ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT ( 'Country' 'Locality' 'Organization' 'organizationalUnit' 'domain' ) X-NDS_NOT_CONTAINER '1' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.6.400.1 NAME 'edirSchemaVersion' SUP Top ABSTRACT MAY edirSchemaFlagVersion X-NDS_NOT_CONTAINER '1' X-NDS_NONREMOVABLE '1' )", "( 2.16.840.1.113719.1.1.6.1.47 NAME 'immediateSuperiorReference' AUXILIARY MAY ref X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.27.6.1 NAME 'ldapServer' SUP Top STRUCTURAL MUST cn MAY ( ldapHostServer $ ldapGroupDN $ ldapTraceLevel $ ldapServerBindLimit $ ldapServerIdleTimeout $ lDAPUDPPort $ lDAPSearchSizeLimit $ lDAPSearchTimeLimit $ lDAPLogLevel $ lDAPLogFilename $ lDAPBackupLogFilename $ lDAPLogSizeLimit $ Version $ searchSizeLimit $ searchTimeLimit $ ldapEnableTCP $ ldapTCPPort $ ldapEnableSSL $ ldapSSLPort $ ldapKeyMaterialName $ filteredReplicaUsage $ extensionInfo $ nonStdClientSchemaCompatMode $ sslEnableMutualAuthentication $ ldapEnablePSearch $ ldapMaximumPSearchOperations $ ldapIgnorePSearchLimitsForEvents $ ldapTLSTrustedRootContainer $ ldapEnableMonitorEvents $ ldapMaximumMonitorEventsLoad $ ldapTLSRequired $ ldapTLSVerifyClientCertificate $ ldapConfigVersion $ ldapDerefAlias $ ldapNonStdAllUserAttrsMode $ ldapBindRestrictions $ ldapDefaultReferralBehavior $ ldapReferral $ ldapSearchReferralUsage $ lDAPOtherReferralUsage $ ldapLBURPNumWriterThreads $ ldapInterfaces $ ldapChainSecureRequired $ ldapStdCompliance $ ldapDerefAliasOnAuth $ ldapGeneralizedTime $ ldapPermissiveModify ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT ( 'Country' 'Locality' 'organizationalUnit' 'Organization' 'domain' ) X-NDS_NAME 'LDAP Server' X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.27.6.2 NAME 'ldapGroup' SUP Top STRUCTURAL MUST cn MAY ( ldapReferral $ ldapServerList $ ldapAllowClearTextPassword $ ldapAnonymousIdentity $ lDAPSuffix $ ldapAttributeMap $ ldapClassMap $ ldapSearchReferralUsage $ lDAPOtherReferralUsage $ transitionGroupDN $ ldapAttributeList $ ldapClassList $ ldapConfigVersion $ Version $ ldapDefaultReferralBehavior $ ldapTransitionBackLink $ referralIncludeFilter $ referralExcludeFilter ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT ( 'Country' 'Locality' 'organizationalUnit' 'Organization' 'domain' ) X-NDS_NAME 'LDAP Group' X-NDS_NOT_CONTAINER '1' )", "( 2.5.6.22 NAME 'pkiCA' AUXILIARY MAY ( cACertificate $ certificateRevocationList $ authorityRevocationList $ crossCertificatePair $ attributeCertificate $ publicKey $ privateKey $ networkAddress $ loginTime $ lastLoginTime ) X-NDS_NOT_CONTAINER '1' )", "( 2.5.6.21 NAME 'pkiUser' AUXILIARY MAY userCertificate X-NDS_NOT_CONTAINER '1' )", "( 2.5.6.15 NAME 'strongAuthenticationUser' AUXILIARY MAY userCertificate X-NDS_NOT_CONTAINER '1' )", "( 2.5.6.11 NAME 'applicationProcess' SUP Top STRUCTURAL MUST cn MAY ( seeAlso $ ou $ l $ description ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT ( 'Country' 'Locality' 'organizationalUnit' 'Organization' 'domain' ) )", "( 2.5.6.12 NAME 'applicationEntity' SUP Top STRUCTURAL MUST ( presentationAddress $ cn ) MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $ description ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT ( 'Country' 'Locality' 'organizationalUnit' 'Organization' 'domain' ) )", "( 2.5.6.13 NAME 'dSA' SUP applicationEntity STRUCTURAL MAY knowledgeInformation X-NDS_CONTAINMENT ( 'Country' 'Locality' 'organizationalUnit' 'Organization' 'domain' ) )", "( 2.5.6.16 NAME 'certificationAuthority' AUXILIARY MUST ( authorityRevocationList $ certificateRevocationList $ cACertificate ) MAY crossCertificatePair X-NDS_NOT_CONTAINER '1' )", "( 2.5.6.18 NAME 'userSecurityInformation' AUXILIARY MAY supportedAlgorithms X-NDS_NOT_CONTAINER '1' )", "( 2.5.6.20 NAME 'dmd' SUP ndsLoginProperties AUXILIARY MUST dmdName MAY ( searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ l $ description $ userPassword ) X-NDS_NOT_CONTAINER '1' )", "( 2.5.6.16.2 NAME 'certificationAuthority-V2' AUXILIARY MUST ( authorityRevocationList $ certificateRevocationList $ cACertificate ) MAY ( crossCertificatePair $ deltaRevocationList ) X-NDS_NAME 'certificationAuthorityVer2' X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.3.6.1 NAME 'httpServer' SUP Top STRUCTURAL MUST cn MAY ( httpHostServerDN $ httpThreadsPerCPU $ httpIOBufferSize $ httpRequestTimeout $ httpKeepAliveRequestTimeout $ httpSessionTimeout $ httpKeyMaterialObject $ httpTraceLevel $ httpAuthRequiresTLS $ httpDefaultClearPort $ httpDefaultTLSPort $ httpBindRestrictions ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT ( 'domain' 'Country' 'Locality' 'organizationalUnit' 'Organization' ) X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.64.6.1.1 NAME 'Template' SUP Top STRUCTURAL MUST cn MAY ( trusteesOfNewObject $ newObjectSDSRights $ newObjectSFSRights $ setupScript $ runSetupScript $ membersOfTemplate $ volumeSpaceRestrictions $ setPasswordAfterCreate $ homeDirectoryRights $ accountBalance $ allowUnlimitedCredit $ description $ eMailAddress $ facsimileTelephoneNumber $ groupMembership $ higherPrivileges $ ndsHomeDirectory $ l $ Language $ loginAllowedTimeMap $ loginDisabled $ loginExpirationTime $ loginGraceLimit $ loginMaximumSimultaneous $ loginScript $ mailboxID $ mailboxLocation $ member $ messageServer $ minimumAccountBalance $ networkAddressRestriction $ newObjectSSelfRights $ ou $ passwordAllowChange $ passwordExpirationInterval $ passwordExpirationTime $ passwordMinimumLength $ passwordRequired $ passwordUniqueRequired $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOfficeBox $ Profile $ st $ street $ securityEquals $ securityFlags $ seeAlso $ telephoneNumber $ title $ assistant $ assistantPhone $ city $ company $ co $ manager $ managerWorkforceID $ mailstop $ siteLocation $ employeeType $ costCenter $ costCenterDescription $ tollFreePhoneNumber $ departmentNumber ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT ( 'organizationalUnit' 'Organization' ) X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.8.6.1 NAME 'homeInfo' AUXILIARY MAY ( homeCity $ homeEmailAddress $ homeFax $ homePhone $ homeState $ homePostalAddress $ homeZipCode $ personalMobile $ spouse $ children ) X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.8.6.2 NAME 'contingentWorker' AUXILIARY MAY ( vendorName $ vendorAddress $ vendorPhoneNumber ) X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.1.6.1.45 NAME 'dynamicGroup' SUP ( groupOfNames $ ndsLoginProperties ) STRUCTURAL MAY ( memberQueryURL $ excludedMember $ dgIdentity $ dgAllowUnknown $ dgTimeOut $ dgAllowDuplicates $ userPassword ) X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.1.6.1.46 NAME 'dynamicGroupAux' SUP ( groupOfNames $ ndsLoginProperties ) AUXILIARY MAY ( memberQueryURL $ excludedMember $ dgIdentity $ dgAllowUnknown $ dgTimeOut $ dgAllowDuplicates $ userPassword ) X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.39.6.1.1 NAME 'sASSecurity' SUP Top STRUCTURAL MUST cn MAY ( nDSPKITreeCADN $ masvPolicyDN $ sASLoginPolicyDN $ sASLoginMethodContainerDN $ sasPostLoginMethodContainerDN $ nspmPolicyAgentContainerDN ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT ( 'Top' 'treeRoot' 'Country' 'Organization' 'domain' ) X-NDS_NAME 'SAS:Security' )", "( 2.16.840.1.113719.1.39.6.1.2 NAME 'sASService' SUP Resource STRUCTURAL MAY ( hostServer $ privateKey $ publicKey $ allowUnlimitedCredit $ fullName $ lastLoginTime $ lockedByIntruder $ loginAllowedTimeMap $ loginDisabled $ loginExpirationTime $ loginIntruderAddress $ loginIntruderAttempts $ loginIntruderResetTime $ loginMaximumSimultaneous $ loginTime $ networkAddress $ networkAddressRestriction $ notify $ operator $ owner $ path $ securityEquals $ securityFlags $ status $ Version $ nDSPKIKeyMaterialDN $ ndspkiKMOExport ) X-NDS_NAMING 'cn' X-NDS_NAME 'SAS:Service' X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.48.6.1.1 NAME 'nDSPKICertificateAuthority' SUP Top STRUCTURAL MUST cn MAY ( hostServer $ nDSPKIPublicKey $ nDSPKIPrivateKey $ nDSPKIPublicKeyCertificate $ nDSPKICertificateChain $ nDSPKIParentCA $ nDSPKIParentCADN $ nDSPKISubjectName $ cACertificate $ ndspkiCRLContainerDN $ ndspkiIssuedCertContainerDN $ ndspkiCRLConfigurationDNList $ ndspkiSecurityRightsLevel ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT 'sASSecurity' X-NDS_NAME 'NDSPKI:Certificate Authority' X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.48.6.1.2 NAME 'nDSPKIKeyMaterial' SUP Top STRUCTURAL MUST cn MAY ( hostServer $ nDSPKIKeyFile $ nDSPKIPrivateKey $ nDSPKIPublicKey $ nDSPKIPublicKeyCertificate $ nDSPKICertificateChain $ nDSPKISubjectName $ nDSPKIGivenName $ ndspkiAdditionalRoots $ nDSPKINotBefore $ nDSPKINotAfter ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT ( 'sASSecurity' 'Organization' 'organizationalUnit' 'domain' ) X-NDS_NAME 'NDSPKI:Key Material' X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.48.6.1.3 NAME 'nDSPKITrustedRoot' SUP Top STRUCTURAL MUST cn MAY ndspkiTrustedRootList X-NDS_NAMING 'cn' X-NDS_CONTAINMENT ( 'sASSecurity' 'Organization' 'organizationalUnit' 'Country' 'Locality' 'domain' ) X-NDS_NAME 'NDSPKI:Trusted Root' )", "( 2.16.840.1.113719.1.48.6.1.4 NAME 'nDSPKITrustedRootObject' SUP Top STRUCTURAL MUST ( cn $ nDSPKITrustedRootCertificate ) MAY ( nDSPKISubjectName $ nDSPKINotBefore $ nDSPKINotAfter $ externalName $ givenName $ sn ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT 'nDSPKITrustedRoot' X-NDS_NAME 'NDSPKI:Trusted Root Object' X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.48.6.1.101 NAME 'nDSPKISDKeyAccessPartition' SUP Top STRUCTURAL MUST cn X-NDS_NAMING 'cn' X-NDS_CONTAINMENT 'sASSecurity' X-NDS_NAME 'NDSPKI:SD Key Access Partition' )", "( 2.16.840.1.113719.1.48.6.1.102 NAME 'nDSPKISDKeyList' SUP Top STRUCTURAL MUST cn MAY ( nDSPKISDKeyServerDN $ nDSPKISDKeyStruct $ nDSPKISDKeyCert ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT 'nDSPKISDKeyAccessPartition' X-NDS_NAME 'NDSPKI:SD Key List' )", "( 2.16.840.1.113719.1.31.6.2.1 NAME 'mASVSecurityPolicy' SUP Top STRUCTURAL MUST cn MAY ( description $ masvDomainPolicy $ masvPolicyUpdate $ masvClearanceNames $ masvLabelNames $ masvLabelSecrecyLevelNames $ masvLabelSecrecyCategoryNames $ masvLabelIntegrityLevelNames $ masvLabelIntegrityCategoryNames $ masvNDSAttributeLabels ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT 'sASSecurity' X-NDS_NAME 'MASV:Security Policy' X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.39.42.2.0.1 NAME 'sASLoginMethodContainer' SUP Top STRUCTURAL MUST cn MAY description X-NDS_NAMING 'cn' X-NDS_CONTAINMENT ( 'sASSecurity' 'Country' 'Locality' 'organizationalUnit' 'Organization' ) X-NDS_NAME 'SAS:Login Method Container' )", "( 2.16.840.1.113719.1.39.42.2.0.4 NAME 'sASLoginPolicy' SUP Top STRUCTURAL MUST cn MAY ( description $ privateKey $ publicKey $ sASAllowNDSPasswordWindow $ sASPolicyCredentials $ sASPolicyMethods $ sASPolicyObjectVersion $ sASPolicyServiceSubtypes $ sASPolicyServices $ sASPolicyUsers $ sASLoginSequence $ sASLoginPolicyUpdate $ sasNMASProductOptions $ sasPolicyMethods $ sasPolicyServices $ sasPolicyUsers $ sasAllowNDSPasswordWindow $ sasLoginFailureDelay $ sasDefaultLoginSequence $ sasAuthorizedLoginSequences $ sasAuditConfiguration $ sasUpdateLoginInfo $ sasOTPEnabled $ sasOTPLookAheadWindow $ sasOTPDigits $ sasUpdateLoginTimeInterval $ nspmPasswordPolicyDN ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT 'sASSecurity' X-NDS_NAME 'SAS:Login Policy' X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.39.42.2.0.7 NAME 'sASNMASBaseLoginMethod' SUP Top ABSTRACT MUST cn MAY ( description $ sASLoginSecret $ sASLoginSecretKey $ sASEncryptionType $ sASLoginConfiguration $ sASLoginConfigurationKey $ sASMethodIdentifier $ sASMethodVendor $ sASVendorSupport $ sASAdvisoryMethodGrade $ sASLoginClientMethodNetWare $ sASLoginServerMethodNetWare $ sASLoginClientMethodWINNT $ sASLoginServerMethodWINNT $ sasCertificateSearchContainers $ sasNMASMethodConfigData $ sasMethodVersion $ sASLoginPolicyUpdate $ sasUnsignedMethodModules $ sasServerModuleName $ sasServerModuleEntryPointName $ sasSASLMechanismName $ sasSASLMechanismEntryPointName $ sasClientModuleName $ sasClientModuleEntryPointName $ sasLoginClientMethodSolaris $ sasLoginServerMethodSolaris $ sasLoginClientMethodLinux $ sasLoginServerMethodLinux $ sasLoginClientMethodTru64 $ sasLoginServerMethodTru64 $ sasLoginClientMethodAIX $ sasLoginServerMethodAIX $ sasLoginClientMethodHPUX $ sasLoginServerMethodHPUX $ sasLoginClientMethods390 $ sasLoginServerMethods390 $ sasLoginClientMethodLinuxX64 $ sasLoginServerMethodLinuxX64 $ sasLoginClientMethodWinX64 $ sasLoginServerMethodWinX64 $ sasLoginClientMethodSolaris64 $ sasLoginServerMethodSolaris64 $ sasLoginClientMethodSolarisi386 $ sasLoginServerMethodSolarisi386 $ sasLoginClientMethodAIX64 $ sasLoginServerMethodAIX64 ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT 'sASLoginMethodContainer' X-NDS_NAME 'SAS:NMAS Base Login Method' )", "( 2.16.840.1.113719.1.39.42.2.0.8 NAME 'sASNMASLoginMethod' SUP sASNMASBaseLoginMethod STRUCTURAL X-NDS_NAME 'SAS:NMAS Login Method' )", "( 2.16.840.1.113719.1.39.42.2.0.9 NAME 'rADIUSDialAccessSystem' SUP Top STRUCTURAL MUST cn MAY ( publicKey $ privateKey $ rADIUSAgedInterval $ rADIUSClient $ rADIUSCommonNameResolution $ rADIUSConcurrentLimit $ rADIUSDASVersion $ rADIUSEnableCommonNameLogin $ rADIUSEnableDialAccess $ rADIUSInterimAcctingTimeout $ rADIUSLookupContexts $ rADIUSMaxDASHistoryRecord $ rADIUSMaximumHistoryRecord $ rADIUSPasswordPolicy $ rADIUSPrivateKey $ rADIUSProxyContext $ rADIUSProxyDomain $ rADIUSProxyTarget $ rADIUSPublicKey $ sASLoginConfiguration $ sASLoginConfigurationKey ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT ( 'Country' 'Locality' 'organizationalUnit' 'Organization' ) X-NDS_NAME 'RADIUS:Dial Access System' X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.39.42.2.0.10 NAME 'rADIUSProfile' SUP Top STRUCTURAL MUST cn MAY rADIUSAttributeList X-NDS_NAMING 'cn' X-NDS_CONTAINMENT ( 'Country' 'Locality' 'organizationalUnit' 'Organization' ) X-NDS_NAME 'RADIUS:Profile' X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.39.42.2.0.11 NAME 'sasPostLoginMethodContainer' SUP Top STRUCTURAL MUST cn MAY description X-NDS_NAMING 'cn' X-NDS_CONTAINMENT 'sASSecurity' )", "( 2.16.840.1.113719.1.39.42.2.0.12 NAME 'sasPostLoginMethod' SUP Top STRUCTURAL MUST cn MAY ( description $ sASLoginSecret $ sASLoginSecretKey $ sASEncryptionType $ sASLoginConfiguration $ sASLoginConfigurationKey $ sASMethodIdentifier $ sASMethodVendor $ sASVendorSupport $ sASAdvisoryMethodGrade $ sASLoginClientMethodNetWare $ sASLoginServerMethodNetWare $ sASLoginClientMethodWINNT $ sASLoginServerMethodWINNT $ sasMethodVersion $ sASLoginPolicyUpdate $ sasUnsignedMethodModules $ sasServerModuleName $ sasServerModuleEntryPointName $ sasSASLMechanismName $ sasSASLMechanismEntryPointName $ sasClientModuleName $ sasClientModuleEntryPointName $ sasLoginClientMethodSolaris $ sasLoginServerMethodSolaris $ sasLoginClientMethodLinux $ sasLoginServerMethodLinux $ sasLoginClientMethodTru64 $ sasLoginServerMethodTru64 $ sasLoginClientMethodAIX $ sasLoginServerMethodAIX $ sasLoginClientMethodHPUX $ sasLoginServerMethodHPUX $ sasLoginClientMethods390 $ sasLoginServerMethods390 $ sasLoginClientMethodLinuxX64 $ sasLoginServerMethodLinuxX64 $ sasLoginClientMethodWinX64 $ sasLoginServerMethodWinX64 $ sasLoginClientMethodSolaris64 $ sasLoginServerMethodSolaris64 $ sasLoginClientMethodSolarisi386 $ sasLoginServerMethodSolarisi386 $ sasLoginClientMethodAIX64 $ sasLoginServerMethodAIX64 ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT 'sasPostLoginMethodContainer' )", "( 2.16.840.1.113719.1.6.6.1 NAME 'snmpGroup' SUP Top STRUCTURAL MUST cn MAY ( Version $ snmpServerList $ snmpTrapDisable $ snmpTrapInterval $ snmpTrapDescription $ snmpTrapConfig ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT ( 'Country' 'Locality' 'domain' 'organizationalUnit' 'Organization' ) X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.39.43.6.2 NAME 'nspmPasswordPolicyContainer' SUP Top STRUCTURAL MUST cn MAY description X-NDS_NAMING 'cn' X-NDS_CONTAINMENT ( 'sASSecurity' 'Country' 'domain' 'Locality' 'Organization' 'organizationalUnit' ) )", "( 2.16.840.1.113719.1.39.43.6.3 NAME 'nspmPolicyAgent' SUP Top STRUCTURAL MUST cn MAY ( description $ nspmPolicyAgentNetWare $ nspmPolicyAgentWINNT $ nspmPolicyAgentSolaris $ nspmPolicyAgentLinux $ nspmPolicyAgentAIX $ nspmPolicyAgentHPUX ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT 'nspmPasswordPolicyContainer' X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.39.43.6.1 NAME 'nspmPasswordPolicy' SUP Top STRUCTURAL MUST cn MAY ( description $ nspmPolicyPrecedence $ nspmConfigurationOptions $ nspmChangePasswordMessage $ passwordExpirationInterval $ loginGraceLimit $ nspmMinPasswordLifetime $ passwordUniqueRequired $ nspmPasswordHistoryLimit $ nspmPasswordHistoryExpiration $ passwordAllowChange $ passwordRequired $ passwordMinimumLength $ nspmMaximumLength $ nspmCaseSensitive $ nspmMinUpperCaseCharacters $ nspmMaxUpperCaseCharacters $ nspmMinLowerCaseCharacters $ nspmMaxLowerCaseCharacters $ nspmNumericCharactersAllowed $ nspmNumericAsFirstCharacter $ nspmNumericAsLastCharacter $ nspmMinNumericCharacters $ nspmMaxNumericCharacters $ nspmSpecialCharactersAllowed $ nspmSpecialAsFirstCharacter $ nspmSpecialAsLastCharacter $ nspmMinSpecialCharacters $ nspmMaxSpecialCharacters $ nspmMaxRepeatedCharacters $ nspmMaxConsecutiveCharacters $ nspmMinUniqueCharacters $ nspmDisallowedAttributeValues $ nspmExcludeList $ nspmExtendedCharactersAllowed $ nspmExtendedAsFirstCharacter $ nspmExtendedAsLastCharacter $ nspmMinExtendedCharacters $ nspmMaxExtendedCharacters $ nspmUpperAsFirstCharacter $ nspmUpperAsLastCharacter $ nspmLowerAsFirstCharacter $ nspmLowerAsLastCharacter $ nspmComplexityRules $ nspmAD2K8Syntax $ nspmAD2K8maxViolation $ nspmXCharLimit $ nspmXCharHistoryLimit $ nspmUnicodeAllowed $ nspmNonAlphaCharactersAllowed $ nspmMinNonAlphaCharacters $ nspmMaxNonAlphaCharacters $ pwdInHistory $ nspmAdminsDoNotExpirePassword $ nspmPasswordACL $ nsimChallengeSetDN $ nsimForgottenAction $ nsimForgottenLoginConfig $ nsimAssignments $ nsimChallengeSetGUID $ nsimPwdRuleEnforcement ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT ( 'nspmPasswordPolicyContainer' 'domain' 'Locality' 'Organization' 'organizationalUnit' 'Country' ) X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.39.43.6.4 NAME 'nspmPasswordAux' AUXILIARY MAY ( publicKey $ privateKey $ loginGraceLimit $ loginGraceRemaining $ passwordExpirationTime $ passwordRequired $ nspmPasswordKey $ nspmPassword $ nspmDistributionPassword $ nspmPreviousDistributionPassword $ nspmPasswordHistory $ nspmAdministratorChangeCount $ nspmPasswordPolicyDN $ pwdChangedTime $ pwdAccountLockedTime $ pwdFailureTime $ nspmDoNotExpirePassword ) X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.12.6.1.0 NAME 'auditFileObject' SUP Top STRUCTURAL MUST ( cn $ auditPolicy $ auditContents ) MAY ( description $ auditPath $ auditLinkList $ auditType $ auditCurrentEncryptionKey $ auditAEncryptionKey $ auditBEncryptionKey ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT ( 'Top' 'Country' 'Locality' 'Organization' 'organizationalUnit' 'treeRoot' 'domain' ) X-NDS_NAME 'Audit:File Object' X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.38.6.1.4 NAME 'wANMANLANArea' SUP Top STRUCTURAL MUST cn MAY ( description $ l $ member $ o $ ou $ owner $ seeAlso $ wANMANWANPolicy $ wANMANCost $ wANMANDefaultCost ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT ( 'Country' 'Locality' 'Organization' 'organizationalUnit' ) X-NDS_NAME 'WANMAN:LAN Area' X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.135.6.37.1 NAME 'rbsCollection' SUP Top STRUCTURAL MUST cn MAY ( owner $ description $ rbsXMLInfo ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT ( 'Country' 'Locality' 'organizationalUnit' 'Organization' 'domain' ) )", "( 2.16.840.1.113719.1.135.6.30.1 NAME 'rbsExternalScope' SUP Top ABSTRACT MUST cn MAY ( rbsURL $ description $ rbsXMLInfo ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT 'rbsCollection' X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.135.6.31.1 NAME 'rbsModule' SUP Top STRUCTURAL MUST cn MAY ( rbsURL $ rbsPath $ rbsType $ description $ rbsXMLInfo ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT 'rbsCollection' )", "( 2.16.840.1.113719.1.135.6.32.1 NAME 'rbsRole' SUP Top STRUCTURAL MUST cn MAY ( rbsContent $ rbsMember $ rbsTrusteeOf $ rbsGALabel $ rbsParameters $ description $ rbsXMLInfo ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT 'rbsCollection' )", "( 2.16.840.1.113719.1.135.6.33.1 NAME 'rbsTask' SUP Top STRUCTURAL MUST cn MAY ( rbsContentMembership $ rbsType $ rbsTaskRights $ rbsEntryPoint $ rbsParameters $ rbsTaskTemplates $ rbsTaskTemplatesURL $ description $ rbsXMLInfo ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT 'rbsModule' X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.135.6.34.1 NAME 'rbsBook' SUP rbsTask STRUCTURAL MAY ( rbsTargetObjectType $ rbsPageMembership ) X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.135.6.35.1 NAME 'rbsScope' SUP groupOfNames STRUCTURAL MAY ( rbsContext $ rbsXMLInfo ) X-NDS_CONTAINMENT 'rbsRole' X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.135.6.45.1 NAME 'rbsCollection2' SUP Top STRUCTURAL MUST cn MAY ( rbsXMLInfo $ rbsParameters $ owner $ description ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT ( 'Country' 'Locality' 'organizationalUnit' 'Organization' 'domain' ) )", "( 2.16.840.1.113719.1.135.6.38.1 NAME 'rbsExternalScope2' SUP Top ABSTRACT MUST cn MAY ( rbsXMLInfo $ description ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT 'rbsCollection2' X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.135.6.39.1 NAME 'rbsModule2' SUP Top STRUCTURAL MUST cn MAY ( rbsXMLInfo $ rbsPath $ rbsType $ description ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT 'rbsCollection2' )", "( 2.16.840.1.113719.1.135.6.40.1 NAME 'rbsRole2' SUP Top STRUCTURAL MUST cn MAY ( rbsXMLInfo $ rbsContent $ rbsMember $ rbsTrusteeOf $ rbsParameters $ description $ rbsCategoryMembership ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT 'rbsCollection2' )", "( 2.16.840.1.113719.1.135.6.41.1 NAME 'rbsTask2' SUP Top STRUCTURAL MUST cn MAY ( rbsXMLInfo $ rbsContentMembership $ rbsType $ rbsTaskRights $ rbsEntryPoint $ rbsParameters $ description ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT 'rbsModule2' X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.135.6.42.1 NAME 'rbsBook2' SUP rbsTask2 STRUCTURAL MAY ( rbsTargetObjectType $ rbsPageMembership ) X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.135.6.43.1 NAME 'rbsScope2' SUP groupOfNames STRUCTURAL MAY ( rbsContext $ rbsXMLInfo ) X-NDS_CONTAINMENT 'rbsRole2' X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.1.6.1.49 NAME 'prSyncPolicy' SUP Top STRUCTURAL MUST cn MAY prSyncAttributes X-NDS_NAMING 'cn' X-NDS_CONTAINMENT ( 'domain' 'Country' 'Locality' 'organizationalUnit' 'Organization' ) X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.1.6.1.50 NAME 'encryptionPolicy' SUP Top STRUCTURAL MUST cn MAY ( attrEncryptionDefinition $ attrEncryptionRequiresSecure ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT ( 'Country' 'Locality' 'domain' 'organizationalUnit' 'Organization' ) X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.48.6.1.5 NAME 'ndspkiContainer' SUP Top STRUCTURAL MUST cn X-NDS_NAMING 'cn' X-NDS_CONTAINMENT ( 'ndspkiContainer' 'sASSecurity' 'Organization' 'organizationalUnit' 'Country' 'Locality' 'nDSPKITrustedRoot' ) )", "( 2.16.840.1.113719.1.48.6.1.6 NAME 'ndspkiCertificate' SUP Top STRUCTURAL MUST ( cn $ userCertificate ) MAY ( nDSPKISubjectName $ nDSPKINotBefore $ nDSPKINotAfter $ externalName $ givenName $ sn ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT ( 'sASSecurity' 'Organization' 'organizationalUnit' 'Country' 'Locality' 'ndspkiContainer' 'nDSPKITrustedRoot' ) X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.48.6.1.7 NAME 'ndspkiCRLConfiguration' SUP Top STRUCTURAL MUST cn MAY ( ndspkiCRLFileName $ ndspkiDirectory $ ndspkiStatus $ ndspkiIssueTime $ ndspkiNextIssueTime $ ndspkiAttemptTime $ ndspkiTimeInterval $ ndspkiCRLMaxProcessingInterval $ ndspkiCRLNumber $ ndspkiDistributionPoints $ ndspkiDistributionPointDN $ ndspkiCADN $ ndspkiCRLProcessData $ nDSPKIPublicKey $ nDSPKIPrivateKey $ nDSPKIPublicKeyCertificate $ nDSPKICertificateChain $ nDSPKIParentCA $ nDSPKIParentCADN $ nDSPKISubjectName $ cACertificate $ hostServer ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT 'ndspkiContainer' )", "( 2.5.6.19 NAME 'cRLDistributionPoint' SUP Top STRUCTURAL MUST cn MAY ( authorityRevocationList $ authorityRevocationList $ cACertificate $ certificateRevocationList $ certificateRevocationList $ crossCertificatePair $ deltaRevocationList $ deltaRevocationList $ ndspkiCRLConfigurationDN ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT ( 'Country' 'Locality' 'organizationalUnit' 'Organization' 'sASSecurity' 'domain' 'ndspkiCRLConfiguration' ) X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.7.6.1 NAME 'notfTemplateCollection' SUP Top STRUCTURAL MUST cn MAY ( notfSMTPEmailHost $ notfSMTPEmailFrom $ notfSMTPEmailUserName $ sASSecretStore ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT 'sASSecurity' )", "( 2.16.840.1.113719.1.7.6.2 NAME 'notfMergeTemplate' SUP Top STRUCTURAL MUST cn MAY ( notfMergeTemplateData $ notfMergeTemplateSubject ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT 'notfTemplateCollection' X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.39.44.6.1 NAME 'nsimChallengeSet' SUP Top STRUCTURAL MUST cn MAY ( description $ nsimRequiredQuestions $ nsimRandomQuestions $ nsimNumberRandomQuestions $ nsimMinResponseLength $ nsimMaxResponseLength ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT ( 'nspmPasswordPolicyContainer' 'Country' 'domain' 'Locality' 'Organization' 'organizationalUnit' ) X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.266.6.1 NAME 'sssServerPolicies' SUP Top STRUCTURAL MUST cn MAY ( sssCacheRefreshInterval $ sssEnableReadTimestamps $ sssDisableMasterPasswords $ sssEnableAdminAccess $ sssAdminList $ sssAdminGALabel $ sssReadSecretPolicies ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT 'sASSecurity' )", "( 2.16.840.1.113719.1.266.6.2 NAME 'sssServerPolicyOverride' SUP Top STRUCTURAL MUST cn MAY ( sssCacheRefreshInterval $ sssEnableReadTimestamps $ sssDisableMasterPasswords $ sssEnableAdminAccess $ sssAdminList $ sssAdminGALabel $ sssReadSecretPolicies ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT ( 'sssServerPolicies' 'Organization' 'organizationalUnit' 'Country' 'Locality' 'domain' ) X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.1.6.1.91 NAME 'nestedGroupAux' AUXILIARY MAY ( groupMember $ excludedMember $ nestedConfig $ groupMembership ) X-NDS_NOT_CONTAINER '1' )", "( 2.16.840.1.113719.1.135.6.46.1 NAME 'rbsCategory2' SUP Top STRUCTURAL MUST cn MAY ( rbsRoleMember $ rbsXMLInfo $ rbsParameters $ description ) X-NDS_NAMING 'cn' X-NDS_CONTAINMENT 'rbsCollection2' X-NDS_NOT_CONTAINER '1' )" ] }, "schema_entry": "cn=schema", "type": "SchemaInfo" } """ edir_8_8_8_dsa_info = """ { "raw": { "abandonOps": [ "0" ], "addEntryOps": [ "947" ], "altServer": [ "ldap://192.168.137.102:389/", "ldaps://192.168.137.102:636/", "ldap://192.168.137.103:389/", "ldaps://192.168.137.103:636/" ], "bindSecurityErrors": [ "3" ], "chainings": [ "0" ], "compareOps": [ "61" ], "directoryTreeName": [ "EDIR-TEST" ], "dsaName": [ "cn=edir1,o=services" ], "errors": [ "984" ], "extendedOps": [ "213" ], "inBytes": [ "1253717" ], "inOps": [ "14342" ], "listOps": [ "0" ], "modifyEntryOps": [ "121" ], "modifyRDNOps": [ "63" ], "namingContexts": [ "" ], "oneLevelSearchOps": [ "129" ], "outBytes": [ "547685251" ], "readOps": [ "7427" ], "referralsReturned": [ "0" ], "removeEntryOps": [ "146" ], "repUpdatesIn": [ "0" ], "repUpdatesOut": [ "0" ], "searchOps": [ "8316" ], "securityErrors": [ "3" ], "simpleAuthBinds": [ "1654" ], "strongAuthBinds": [ "57" ], "subschemaSubentry": [ "cn=schema" ], "supportedControl": [ "2.16.840.1.113719.1.27.101.6", "2.16.840.1.113719.1.27.101.5", "1.2.840.113556.1.4.319", "2.16.840.1.113730.3.4.3", "2.16.840.1.113730.3.4.2", "2.16.840.1.113719.1.27.103.7", "2.16.840.1.113719.1.27.101.40", "2.16.840.1.113719.1.27.101.41", "1.2.840.113556.1.4.1413", "1.2.840.113556.1.4.805" ], "supportedExtension": [ "2.16.840.1.113719.1.148.100.1", "2.16.840.1.113719.1.148.100.3", "2.16.840.1.113719.1.148.100.5", "2.16.840.1.113719.1.148.100.7", "2.16.840.1.113719.1.148.100.9", "2.16.840.1.113719.1.148.100.11", "2.16.840.1.113719.1.148.100.13", "2.16.840.1.113719.1.148.100.15", "2.16.840.1.113719.1.148.100.17", "2.16.840.1.113719.1.39.42.100.1", "2.16.840.1.113719.1.39.42.100.3", "2.16.840.1.113719.1.39.42.100.5", "2.16.840.1.113719.1.39.42.100.7", "2.16.840.1.113719.1.39.42.100.9", "2.16.840.1.113719.1.39.42.100.11", "2.16.840.1.113719.1.39.42.100.13", "2.16.840.1.113719.1.39.42.100.15", "2.16.840.1.113719.1.39.42.100.17", "2.16.840.1.113719.1.39.42.100.19", "2.16.840.1.113719.1.39.42.100.21", "2.16.840.1.113719.1.39.42.100.23", "2.16.840.1.113719.1.39.42.100.25", "2.16.840.1.113719.1.39.42.100.27", "2.16.840.1.113719.1.27.100.1", "2.16.840.1.113719.1.27.100.3", "2.16.840.1.113719.1.27.100.5", "2.16.840.1.113719.1.27.100.7", "2.16.840.1.113719.1.27.100.11", "2.16.840.1.113719.1.27.100.13", "2.16.840.1.113719.1.27.100.15", "2.16.840.1.113719.1.27.100.17", "2.16.840.1.113719.1.27.100.19", "2.16.840.1.113719.1.27.100.21", "2.16.840.1.113719.1.27.100.23", "2.16.840.1.113719.1.27.100.25", "2.16.840.1.113719.1.27.100.27", "2.16.840.1.113719.1.27.100.29", "2.16.840.1.113719.1.27.100.31", "2.16.840.1.113719.1.27.100.33", "2.16.840.1.113719.1.27.100.35", "2.16.840.1.113719.1.27.100.37", "2.16.840.1.113719.1.27.100.39", "2.16.840.1.113719.1.27.100.41", "2.16.840.1.113719.1.27.100.96", "2.16.840.1.113719.1.27.100.98", "2.16.840.1.113719.1.27.100.101", "2.16.840.1.113719.1.27.100.103", "2.16.840.1.113719.1.142.100.1", "2.16.840.1.113719.1.142.100.4", "2.16.840.1.113719.1.142.100.6", "2.16.840.1.113719.1.27.100.9", "2.16.840.1.113719.1.27.100.43", "2.16.840.1.113719.1.27.100.45", "2.16.840.1.113719.1.27.100.47", "2.16.840.1.113719.1.27.100.49", "2.16.840.1.113719.1.27.100.51", "2.16.840.1.113719.1.27.100.53", "2.16.840.1.113719.1.27.100.55", "1.3.6.1.4.1.1466.20037", "2.16.840.1.113719.1.27.100.79", "2.16.840.1.113719.1.27.100.84", "2.16.840.1.113719.1.27.103.1", "2.16.840.1.113719.1.27.103.2" ], "supportedFeatures": [ "1.3.6.1.4.1.4203.1.5.1", "2.16.840.1.113719.1.27.99.1" ], "supportedGroupingTypes": [ "2.16.840.1.113719.1.27.103.8" ], "supportedLDAPVersion": [ "2", "3" ], "supportedSASLMechanisms": [ "NMAS_LOGIN", "EXTERNAL", "DIGEST-MD5", "GSSAPI" ], "unAuthBinds": [ "1897" ], "vendorName": [ "NetIQ Corporation" ], "vendorVersion": [ "LDAP Agent for NetIQ eDirectory 8.8 SP8 (20804.04)" ], "wholeSubtreeSearchOps": [ "760" ] }, "type": "DsaInfo" } """ ldap3-2.4.1/ldap3/protocol/schemas/slapd24.py0000666000000000000000000037433513226436321017006 0ustar 00000000000000""" """ # Created on 2014.10.21 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . slapd_2_4_schema = """ { "raw": { "attributeTypes": [ "( 2.5.4.0 NAME 'objectClass' DESC 'RFC4512: object classes of the entity' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )", "( 2.5.21.9 NAME 'structuralObjectClass' DESC 'RFC4512: structural object class of entry' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", "( 2.5.18.1 NAME 'createTimestamp' DESC 'RFC4512: time which object was created' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", "( 2.5.18.2 NAME 'modifyTimestamp' DESC 'RFC4512: time which object was last modified' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", "( 2.5.18.3 NAME 'creatorsName' DESC 'RFC4512: name of creator' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", "( 2.5.18.4 NAME 'modifiersName' DESC 'RFC4512: name of last modifier' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", "( 2.5.18.9 NAME 'hasSubordinates' DESC 'X.501: entry has children' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", "( 2.5.18.10 NAME 'subschemaSubentry' DESC 'RFC4512: name of controlling subschema entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", "( 1.3.6.1.1.20 NAME 'entryDN' DESC 'DN of the entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", "( 1.3.6.1.1.16.4 NAME 'entryUUID' DESC 'UUID of the entry' EQUALITY UUIDMatch ORDERING UUIDOrderingMatch SYNTAX 1.3.6.1.1.16.1 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", "( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer' DESC 'RFC4512: alternative servers' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE dSAOperation )", "( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts' DESC 'RFC4512: naming contexts' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperation )", "( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl' DESC 'RFC4512: supported controls' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )", "( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension' DESC 'RFC4512: supported extended operations' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )", "( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion' DESC 'RFC4512: supported LDAP versions' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE dSAOperation )", "( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms' DESC 'RFC4512: supported SASL mechanisms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE dSAOperation )", "( 1.3.6.1.4.1.4203.1.3.5 NAME 'supportedFeatures' DESC 'RFC4512: features supported by the server' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )", "( 1.3.6.1.1.4 NAME 'vendorName' DESC 'RFC3045: name of implementation vendor' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )", "( 1.3.6.1.1.5 NAME 'vendorVersion' DESC 'RFC3045: version of implementation' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )", "( 2.5.21.4 NAME 'matchingRules' DESC 'RFC4512: matching rules' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.30 USAGE directoryOperation )", "( 2.5.21.5 NAME 'attributeTypes' DESC 'RFC4512: attribute types' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 USAGE directoryOperation )", "( 2.5.21.6 NAME 'objectClasses' DESC 'RFC4512: object classes' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.37 USAGE directoryOperation )", "( 2.5.21.8 NAME 'matchingRuleUse' DESC 'RFC4512: matching rule uses' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.31 USAGE directoryOperation )", "( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes' DESC 'RFC4512: LDAP syntaxes' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.54 USAGE directoryOperation )", "( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' ) DESC 'RFC4512: name of aliased object' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )", "( 2.16.840.1.113730.3.1.34 NAME 'ref' DESC 'RFC3296: subordinate referral URL' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE distributedOperation )", "( 1.3.6.1.4.1.1466.101.119.3 NAME 'entryTtl' DESC 'RFC2589: entry time-to-live' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )", "( 1.3.6.1.4.1.1466.101.119.4 NAME 'dynamicSubtrees' DESC 'RFC2589: dynamic subtrees' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE dSAOperation )", "( 2.5.4.49 NAME 'distinguishedName' DESC 'RFC4519: common supertype of DN attributes' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )", "( 2.5.4.41 NAME 'name' DESC 'RFC4519: common supertype of name attributes' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )", "( 2.5.4.3 NAME ( 'cn' 'commonName' ) DESC 'RFC4519: common name(s) for which the entity is known by' SUP name )", "( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) DESC 'RFC4519: user identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )", "( 1.3.6.1.1.1.1.0 NAME 'uidNumber' DESC 'RFC2307: An integer uniquely identifying a user in an administrative domain' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.1.1.1.1 NAME 'gidNumber' DESC 'RFC2307: An integer uniquely identifying a group in an administrative domain' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 2.5.4.35 NAME 'userPassword' DESC 'RFC4519/2307: password of user' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )", "( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' DESC 'RFC2079: Uniform Resource Identifier with optional label' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.5.4.13 NAME 'description' DESC 'RFC4519: descriptive information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )", "( 2.5.4.34 NAME 'seeAlso' DESC 'RFC4519: DN of related object' SUP distinguishedName )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.78 NAME 'olcConfigFile' DESC 'File for slapd configuration directives' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.79 NAME 'olcConfigDir' DESC 'Directory for slapd configuration backend' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.1 NAME 'olcAccess' DESC 'Access Control List' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.86 NAME 'olcAddContentAcl' DESC 'Check ACLs against content of Add ops' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.2 NAME 'olcAllows' DESC 'Allowed set of deprecated features' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.3 NAME 'olcArgsFile' DESC 'File for slapd command line options' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.5 NAME 'olcAttributeOptions' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.4 NAME 'olcAttributeTypes' DESC 'OpenLDAP attributeTypes' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.6 NAME 'olcAuthIDRewrite' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.7 NAME 'olcAuthzPolicy' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.8 NAME 'olcAuthzRegexp' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.9 NAME 'olcBackend' DESC 'A type of backend' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORDERED 'SIBLINGS' )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.10 NAME 'olcConcurrency' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.11 NAME 'olcConnMaxPending' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.12 NAME 'olcConnMaxPendingAuth' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.13 NAME 'olcDatabase' DESC 'The backend type for a database instance' SUP olcBackend SINGLE-VALUE X-ORDERED 'SIBLINGS' )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.14 NAME 'olcDefaultSearchBase' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.15 NAME 'olcDisallows' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.16 NAME 'olcDitContentRules' DESC 'OpenLDAP DIT content rules' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.0.20 NAME 'olcExtraAttrs' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.17 NAME 'olcGentleHUP' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.0.17 NAME 'olcHidden' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.18 NAME 'olcIdleTimeout' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.19 NAME 'olcInclude' SUP labeledURI )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.20 NAME 'olcIndexSubstrIfMinLen' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.21 NAME 'olcIndexSubstrIfMaxLen' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.22 NAME 'olcIndexSubstrAnyLen' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.23 NAME 'olcIndexSubstrAnyStep' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.84 NAME 'olcIndexIntLen' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.0.4 NAME 'olcLastMod' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.85 NAME 'olcLdapSyntaxes' DESC 'OpenLDAP ldapSyntax' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.0.5 NAME 'olcLimits' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.93 NAME 'olcListenerThreads' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.26 NAME 'olcLocalSSF' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.27 NAME 'olcLogFile' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.28 NAME 'olcLogLevel' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.0.6 NAME 'olcMaxDerefDepth' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.0.16 NAME 'olcMirrorMode' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.30 NAME 'olcModuleLoad' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.31 NAME 'olcModulePath' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.0.18 NAME 'olcMonitoring' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.32 NAME 'olcObjectClasses' DESC 'OpenLDAP object classes' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.33 NAME 'olcObjectIdentifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.34 NAME 'olcOverlay' SUP olcDatabase SINGLE-VALUE X-ORDERED 'SIBLINGS' )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.35 NAME 'olcPasswordCryptSaltFormat' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.36 NAME 'olcPasswordHash' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.37 NAME 'olcPidFile' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.38 NAME 'olcPlugin' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.39 NAME 'olcPluginLogFile' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.40 NAME 'olcReadOnly' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.41 NAME 'olcReferral' SUP labeledURI SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.0.7 NAME 'olcReplica' SUP labeledURI EQUALITY caseIgnoreMatch X-ORDERED 'VALUES' )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.43 NAME 'olcReplicaArgsFile' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.44 NAME 'olcReplicaPidFile' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.45 NAME 'olcReplicationInterval' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.46 NAME 'olcReplogFile' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.47 NAME 'olcRequires' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.48 NAME 'olcRestrict' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.49 NAME 'olcReverseLookup' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.0.8 NAME 'olcRootDN' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.51 NAME 'olcRootDSE' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.0.9 NAME 'olcRootPW' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.89 NAME 'olcSaslAuxprops' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.53 NAME 'olcSaslHost' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.54 NAME 'olcSaslRealm' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.56 NAME 'olcSaslSecProps' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.58 NAME 'olcSchemaDN' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.59 NAME 'olcSecurity' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.81 NAME 'olcServerID' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.60 NAME 'olcSizeLimit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.61 NAME 'olcSockbufMaxIncoming' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.62 NAME 'olcSockbufMaxIncomingAuth' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.83 NAME 'olcSortVals' DESC 'Attributes whose values will always be sorted' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.0.15 NAME 'olcSubordinate' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.0.10 NAME 'olcSuffix' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.0.19 NAME 'olcSyncUseSubentry' DESC 'Store sync context in a subentry' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.0.11 NAME 'olcSyncrepl' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.90 NAME 'olcTCPBuffer' DESC 'Custom TCP buffer size' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.66 NAME 'olcThreads' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.67 NAME 'olcTimeLimit' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.68 NAME 'olcTLSCACertificateFile' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.69 NAME 'olcTLSCACertificatePath' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.70 NAME 'olcTLSCertificateFile' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.71 NAME 'olcTLSCertificateKeyFile' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.72 NAME 'olcTLSCipherSuite' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.73 NAME 'olcTLSCRLCheck' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.82 NAME 'olcTLSCRLFile' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.74 NAME 'olcTLSRandFile' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.75 NAME 'olcTLSVerifyClient' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.77 NAME 'olcTLSDHParamFile' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.87 NAME 'olcTLSProtocolMin' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.80 NAME 'olcToolThreads' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.0.12 NAME 'olcUpdateDN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.0.13 NAME 'olcUpdateRef' SUP labeledURI EQUALITY caseIgnoreMatch )", "( 1.3.6.1.4.1.4203.1.12.2.3.0.88 NAME 'olcWriteTimeout' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.0.1 NAME 'olcDbDirectory' DESC 'Directory for database content' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.1.11 NAME 'olcDbCacheFree' DESC 'Number of extra entries to free when max is reached' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.1.1 NAME 'olcDbCacheSize' DESC 'Entry cache size in entries' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.1.2 NAME 'olcDbCheckpoint' DESC 'Database checkpoint interval in kbytes and minutes' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.1.16 NAME 'olcDbChecksum' DESC 'Enable database checksum validation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.1.13 NAME 'olcDbCryptFile' DESC 'Pathname of file containing the DB encryption key' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.1.14 NAME 'olcDbCryptKey' DESC 'DB encryption key' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.1.3 NAME 'olcDbConfig' DESC 'BerkeleyDB DB_CONFIG configuration directives' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORDERED 'VALUES' )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.1.4 NAME 'olcDbNoSync' DESC 'Disable synchronous database writes' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.1.15 NAME 'olcDbPageSize' DESC 'Page size of specified DB, in Kbytes' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.1.5 NAME 'olcDbDirtyRead' DESC 'Allow reads of uncommitted data' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.1.12 NAME 'olcDbDNcacheSize' DESC 'DN cache size' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.1.6 NAME 'olcDbIDLcacheSize' DESC 'IDL cache size in IDLs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.0.2 NAME 'olcDbIndex' DESC 'Attribute index parameters' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.1.7 NAME 'olcDbLinearIndex' DESC 'Index attributes one at a time' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.1.8 NAME 'olcDbLockDetect' DESC 'Deadlock detection algorithm' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.0.3 NAME 'olcDbMode' DESC 'Unix permissions of database files' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.1.9 NAME 'olcDbSearchStack' DESC 'Depth of search stack in IDLs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.1.10 NAME 'olcDbShmKey' DESC 'Key for shared memory region' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.0.14 NAME 'olcDbURI' DESC 'URI (list) for remote DSA' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.3.1 NAME 'olcDbStartTLS' DESC 'StartTLS' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.3.2 NAME 'olcDbACLAuthcDn' DESC 'Remote ACL administrative identity' OBSOLETE SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.3.3 NAME 'olcDbACLPasswd' DESC 'Remote ACL administrative identity credentials' OBSOLETE SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.3.4 NAME 'olcDbACLBind' DESC 'Remote ACL administrative identity auth bind configuration' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.3.5 NAME 'olcDbIDAssertAuthcDn' DESC 'Remote Identity Assertion administrative identity' OBSOLETE SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.3.6 NAME 'olcDbIDAssertPasswd' DESC 'Remote Identity Assertion administrative identity credentials' OBSOLETE SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.3.7 NAME 'olcDbIDAssertBind' DESC 'Remote Identity Assertion administrative identity auth bind configuration' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.3.8 NAME 'olcDbIDAssertMode' DESC 'Remote Identity Assertion mode' OBSOLETE SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.3.9 NAME 'olcDbIDAssertAuthzFrom' DESC 'Remote Identity Assertion authz rules' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.3.10 NAME 'olcDbRebindAsUser' DESC 'Rebind as user' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.3.11 NAME 'olcDbChaseReferrals' DESC 'Chase referrals' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.3.12 NAME 'olcDbTFSupport' DESC 'Absolute filters support' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.3.13 NAME 'olcDbProxyWhoAmI' DESC 'Proxy whoAmI exop' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.3.14 NAME 'olcDbTimeout' DESC 'Per-operation timeouts' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.3.15 NAME 'olcDbIdleTimeout' DESC 'connection idle timeout' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.3.16 NAME 'olcDbConnTtl' DESC 'connection ttl' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.3.17 NAME 'olcDbNetworkTimeout' DESC 'connection network timeout' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.3.18 NAME 'olcDbProtocolVersion' DESC 'protocol version' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.3.19 NAME 'olcDbSingleConn' DESC 'cache a single connection per identity' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.3.20 NAME 'olcDbCancel' DESC 'abandon/ignore/exop operations when appropriate' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.3.21 NAME 'olcDbQuarantine' DESC 'Quarantine database if connection fails and retry according to rule' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.3.22 NAME 'olcDbUseTemporaryConn' DESC 'Use temporary connections if the cached one is busy' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.3.23 NAME 'olcDbConnectionPoolMax' DESC 'Max size of privileged connections pool' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.3.25 NAME 'olcDbNoRefs' DESC 'Do not return search reference responses' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.3.26 NAME 'olcDbNoUndefFilter' DESC 'Do not propagate undefined search filters' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.3.27 NAME 'olcDbIDAssertPassThru' DESC 'Remote Identity Assertion passthru rules' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.3.1 NAME 'olcChainingBehavior' DESC 'Chaining behavior control parameters (draft-sermersheim-ldap-chaining)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.3.2 NAME 'olcChainCacheURI' DESC 'Enables caching of URIs not present in configuration' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.3.3 NAME 'olcChainMaxReferralDepth' DESC 'max referral depth' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.3.4 NAME 'olcChainReturnError' DESC 'Errors are returned instead of the original referral' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.2.5.1 NAME 'olcRelay' DESC 'Relay DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.4.1 NAME 'olcAccessLogDB' DESC 'Suffix of database for log content' SUP distinguishedName SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.4.2 NAME 'olcAccessLogOps' DESC 'Operation types to log' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.4.3 NAME 'olcAccessLogPurge' DESC 'Log cleanup parameters' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.4.4 NAME 'olcAccessLogSuccess' DESC 'Log successful ops only' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.4.5 NAME 'olcAccessLogOld' DESC 'Log old values when modifying entries matching the filter' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.4.6 NAME 'olcAccessLogOldAttr' DESC 'Log old values of these attributes even if unmodified' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.4.7 NAME 'olcAccessLogBase' DESC 'Operation types to log under a specific branch' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.15.1 NAME 'olcAuditlogFile' DESC 'Filename for auditlogging' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.19.1 NAME 'olcCollectInfo' DESC 'DN of entry and attribute to distribute' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.13.1 NAME 'olcConstraintAttribute' DESC 'constraint for list of attributes' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.9.1 NAME 'olcDDSstate' DESC 'RFC2589 Dynamic directory services state' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.9.2 NAME 'olcDDSmaxTtl' DESC 'RFC2589 Dynamic directory services max TTL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.9.3 NAME 'olcDDSminTtl' DESC 'RFC2589 Dynamic directory services min TTL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.9.4 NAME 'olcDDSdefaultTtl' DESC 'RFC2589 Dynamic directory services default TTL' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.9.5 NAME 'olcDDSinterval' DESC 'RFC2589 Dynamic directory services expiration task run interval' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.9.6 NAME 'olcDDStolerance' DESC 'RFC2589 Dynamic directory services additional TTL in expiration scheduling' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.9.7 NAME 'olcDDSmaxDynamicObjects' DESC 'RFC2589 Dynamic directory services max number of dynamic objects' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.17.1 NAME 'olcDGAttrPair' DESC 'Member and MemberURL attribute pair' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.8.1 NAME 'olcDlAttrSet' DESC 'Dynamic list: , , ' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' )", "( 1.2.840.113556.1.2.102 NAME 'memberOf' DESC 'Group that the entry belongs to' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperation X-ORIGIN 'iPlanet Delegated Administrator' )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.18.0 NAME 'olcMemberOfDN' DESC 'DN to be used as modifiersName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.18.1 NAME 'olcMemberOfDangling' DESC 'Behavior with respect to dangling members, constrained to ignore, drop, error' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.18.2 NAME 'olcMemberOfRefInt' DESC 'Take care of referential integrity' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.18.3 NAME 'olcMemberOfGroupOC' DESC 'Group objectClass' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.18.4 NAME 'olcMemberOfMemberAD' DESC 'member attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.18.5 NAME 'olcMemberOfMemberOfAD' DESC 'memberOf attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.18.7 NAME 'olcMemberOfDanglingError' DESC 'Error code returned in case of dangling back reference' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.42.2.27.8.1.16 NAME 'pwdChangedTime' DESC 'The time the password was last changed' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )", "( 1.3.6.1.4.1.42.2.27.8.1.17 NAME 'pwdAccountLockedTime' DESC 'The time an user account was locked' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE USAGE directoryOperation )", "( 1.3.6.1.4.1.42.2.27.8.1.19 NAME 'pwdFailureTime' DESC 'The timestamps of the last consecutive authentication failures' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 NO-USER-MODIFICATION USAGE directoryOperation )", "( 1.3.6.1.4.1.42.2.27.8.1.20 NAME 'pwdHistory' DESC 'The history of users passwords' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 NO-USER-MODIFICATION USAGE directoryOperation )", "( 1.3.6.1.4.1.42.2.27.8.1.21 NAME 'pwdGraceUseTime' DESC 'The timestamps of the grace login once the password has expired' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 NO-USER-MODIFICATION USAGE directoryOperation )", "( 1.3.6.1.4.1.42.2.27.8.1.22 NAME 'pwdReset' DESC 'The indication that the password has been reset' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE USAGE directoryOperation )", "( 1.3.6.1.4.1.42.2.27.8.1.23 NAME 'pwdPolicySubentry' DESC 'The pwdPolicy subentry in effect for this object' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE USAGE directoryOperation )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.12.1 NAME 'olcPPolicyDefault' DESC 'DN of a pwdPolicy object for uncustomized objects' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.12.2 NAME 'olcPPolicyHashCleartext' DESC 'Hash passwords on add or modify' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.12.4 NAME 'olcPPolicyForwardUpdates' DESC 'Allow policy state updates to be forwarded via updateref' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.12.3 NAME 'olcPPolicyUseLockout' DESC 'Warn clients with AccountLocked' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.2.1 NAME ( 'olcPcache' 'olcProxyCache' ) DESC 'Proxy Cache basic parameters' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.2.2 NAME ( 'olcPcacheAttrset' 'olcProxyAttrset' ) DESC 'A set of attributes to cache' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.2.3 NAME ( 'olcPcacheTemplate' 'olcProxyCacheTemplate' ) DESC 'Filter template, attrset, cache TTL, optional negative TTL, optional sizelimit TTL, optional TTR' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.2.4 NAME 'olcPcachePosition' DESC 'Response callback position in overlay stack' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.2.5 NAME ( 'olcPcacheMaxQueries' 'olcProxyCacheQueries' ) DESC 'Maximum number of queries to cache' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.2.6 NAME ( 'olcPcachePersist' 'olcProxySaveQueries' ) DESC 'Save cached queries for hot restart' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.2.7 NAME ( 'olcPcacheValidate' 'olcProxyCheckCacheability' ) DESC 'Check whether the results of a query are cacheable, e.g. for schema issues' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.2.8 NAME 'olcPcacheOffline' DESC 'Set cache to offline mode and disable expiration' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.2.9 NAME 'olcPcacheBind' DESC 'Parameters for caching Binds' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.11.1 NAME 'olcRefintAttribute' DESC 'Attributes for referential integrity' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.11.2 NAME 'olcRefintNothing' DESC 'Replacement DN to supply when needed' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.11.3 NAME 'olcRefintModifiersName' DESC 'The DN to use as modifiersName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.20.1 NAME 'olcRetcodeParent' DESC '' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.20.2 NAME 'olcRetcodeItem' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.20.3 NAME 'olcRetcodeInDir' DESC '' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.20.4 NAME 'olcRetcodeSleep' DESC '' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.16.1 NAME 'olcRwmRewrite' DESC 'Rewrites strings' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.16.2 NAME 'olcRwmTFSupport' DESC 'Absolute filters support' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.16.3 NAME 'olcRwmMap' DESC 'maps attributes/objectClasses' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.16.4 NAME 'olcRwmNormalizeMapped' DESC 'Normalize mapped attributes/objectClasses' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.16.5 NAME 'olcRwmDropUnrequested' DESC 'Drop unrequested attributes' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.21.1 NAME 'olcSssVlvMax' DESC 'Maximum number of concurrent Sort requests' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.21.2 NAME 'olcSssVlvMaxKeys' DESC 'Maximum number of Keys in a Sort request' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.21.3 NAME 'olcSssVlvMaxPerConn' DESC 'Maximum number of concurrent paged search requests per connection' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.1.1 NAME 'olcSpCheckpoint' DESC 'ContextCSN checkpoint interval in ops and minutes' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.1.2 NAME 'olcSpSessionlog' DESC 'Session log size in ops' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.1.3 NAME 'olcSpNoPresent' DESC 'Omit Present phase processing' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.1.4 NAME 'olcSpReloadHint' DESC 'Observe Reload Hint in Request control' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.14.1 NAME 'olcTranslucentStrict' DESC 'Reveal attribute deletion constraint violations' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.14.2 NAME 'olcTranslucentNoGlue' DESC 'Disable automatic glue records for ADD and MODRDN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.14.3 NAME 'olcTranslucentLocal' DESC 'Attributes to use in local search filter' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.14.4 NAME 'olcTranslucentRemote' DESC 'Attributes to use in remote search filter' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.14.5 NAME 'olcTranslucentBindLocal' DESC 'Enable local bind' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.14.6 NAME 'olcTranslucentPwModLocal' DESC 'Enable local RFC 3062 Password Modify extended operation' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.10.1 NAME 'olcUniqueBase' DESC 'Subtree for uniqueness searches' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.10.2 NAME 'olcUniqueIgnore' DESC 'Attributes for which uniqueness shall not be enforced' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.10.3 NAME 'olcUniqueAttribute' DESC 'Attributes for which uniqueness shall be enforced' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.10.4 NAME 'olcUniqueStrict' DESC 'Enforce uniqueness of null values' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.10.5 NAME 'olcUniqueURI' DESC 'List of keywords and LDAP URIs for a uniqueness domain' EQUALITY caseExactMatch ORDERING caseExactOrderingMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.4203.1.12.2.3.3.5.1 NAME 'olcValSortAttr' DESC 'Sorting rule for attribute under given DN' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.5.4.2 NAME 'knowledgeInformation' DESC 'RFC2256: knowledge information' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )", "( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (family) name(s) for which the entity is known by' SUP name )", "( 2.5.4.5 NAME 'serialNumber' DESC 'RFC2256: serial number of the entity' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )", "( 2.5.4.6 NAME ( 'c' 'countryName' ) DESC 'RFC4519: two-letter ISO-3166 country code' SUP name SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 SINGLE-VALUE )", "( 2.5.4.7 NAME ( 'l' 'localityName' ) DESC 'RFC2256: locality which this object resides in' SUP name )", "( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) DESC 'RFC2256: state or province which this object resides in' SUP name )", "( 2.5.4.9 NAME ( 'street' 'streetAddress' ) DESC 'RFC2256: street address of this object' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )", "( 2.5.4.10 NAME ( 'o' 'organizationName' ) DESC 'RFC2256: organization this object belongs to' SUP name )", "( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) DESC 'RFC2256: organizational unit this object belongs to' SUP name )", "( 2.5.4.12 NAME 'title' DESC 'RFC2256: title associated with the entity' SUP name )", "( 2.5.4.14 NAME 'searchGuide' DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )", "( 2.5.4.15 NAME 'businessCategory' DESC 'RFC2256: business category' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )", "( 2.5.4.16 NAME 'postalAddress' DESC 'RFC2256: postal address' EQUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )", "( 2.5.4.17 NAME 'postalCode' DESC 'RFC2256: postal code' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )", "( 2.5.4.18 NAME 'postOfficeBox' DESC 'RFC2256: Post Office Box' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )", "( 2.5.4.19 NAME 'physicalDeliveryOfficeName' DESC 'RFC2256: Physical Delivery Office Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )", "( 2.5.4.20 NAME 'telephoneNumber' DESC 'RFC2256: Telephone Number' EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )", "( 2.5.4.21 NAME 'telexNumber' DESC 'RFC2256: Telex Number' SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )", "( 2.5.4.22 NAME 'teletexTerminalIdentifier' DESC 'RFC2256: Teletex Terminal Identifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )", "( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) DESC 'RFC2256: Facsimile (Fax) Telephone Number' SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )", "( 2.5.4.24 NAME 'x121Address' DESC 'RFC2256: X.121 Address' EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )", "( 2.5.4.25 NAME 'internationaliSDNNumber' DESC 'RFC2256: international ISDN number' EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )", "( 2.5.4.26 NAME 'registeredAddress' DESC 'RFC2256: registered postal address' SUP postalAddress SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )", "( 2.5.4.27 NAME 'destinationIndicator' DESC 'RFC2256: destination indicator' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )", "( 2.5.4.28 NAME 'preferredDeliveryMethod' DESC 'RFC2256: preferred delivery method' SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 SINGLE-VALUE )", "( 2.5.4.29 NAME 'presentationAddress' DESC 'RFC2256: presentation address' EQUALITY presentationAddressMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.43 SINGLE-VALUE )", "( 2.5.4.30 NAME 'supportedApplicationContext' DESC 'RFC2256: supported application context' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )", "( 2.5.4.31 NAME 'member' DESC 'RFC2256: member of a group' SUP distinguishedName )", "( 2.5.4.32 NAME 'owner' DESC 'RFC2256: owner (of the object)' SUP distinguishedName )", "( 2.5.4.33 NAME 'roleOccupant' DESC 'RFC2256: occupant of role' SUP distinguishedName )", "( 2.5.4.36 NAME 'userCertificate' DESC 'RFC2256: X.509 user certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )", "( 2.5.4.37 NAME 'cACertificate' DESC 'RFC2256: X.509 CA certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )", "( 2.5.4.38 NAME 'authorityRevocationList' DESC 'RFC2256: X.509 authority revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )", "( 2.5.4.39 NAME 'certificateRevocationList' DESC 'RFC2256: X.509 certificate revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )", "( 2.5.4.40 NAME 'crossCertificatePair' DESC 'RFC2256: X.509 cross certificate pair, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )", "( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC 'RFC2256: first name(s) for which the entity is known by' SUP name )", "( 2.5.4.43 NAME 'initials' DESC 'RFC2256: initials of some or all of names, but not the surname(s).' SUP name )", "( 2.5.4.44 NAME 'generationQualifier' DESC 'RFC2256: name qualifier indicating a generation' SUP name )", "( 2.5.4.45 NAME 'x500UniqueIdentifier' DESC 'RFC2256: X.500 unique identifier' EQUALITY bitStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )", "( 2.5.4.46 NAME 'dnQualifier' DESC 'RFC2256: DN qualifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )", "( 2.5.4.47 NAME 'enhancedSearchGuide' DESC 'RFC2256: enhanced search guide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )", "( 2.5.4.48 NAME 'protocolInformation' DESC 'RFC2256: protocol information' EQUALITY protocolInformationMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )", "( 2.5.4.50 NAME 'uniqueMember' DESC 'RFC2256: unique member of a group' EQUALITY uniqueMemberMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )", "( 2.5.4.51 NAME 'houseIdentifier' DESC 'RFC2256: house identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )", "( 2.5.4.52 NAME 'supportedAlgorithms' DESC 'RFC2256: supported algorithms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )", "( 2.5.4.53 NAME 'deltaRevocationList' DESC 'RFC2256: delta revocation list; use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )", "( 2.5.4.54 NAME 'dmdName' DESC 'RFC2256: name of DMD' SUP name )", "( 2.5.4.65 NAME 'pseudonym' DESC 'X.520(4th): pseudonym for the object' SUP name )", "( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' ) DESC 'RFC1274: RFC822 Mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )", "( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainComponent' ) DESC 'RFC1274/2247: domain component' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )", "( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' DESC 'RFC1274: domain associated with object' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )", "( 1.2.840.113549.1.9.1 NAME ( 'email' 'emailAddress' 'pkcs9email' ) DESC 'RFC3280: legacy attribute for email addresses in DNs' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )", "( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )", "( 0.9.2342.19200300.100.1.4 NAME 'info' DESC 'RFC1274: general information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )", "( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDrink' ) DESC 'RFC1274: favorite drink' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )", "( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC 'RFC1274: room number' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )", "( 0.9.2342.19200300.100.1.7 NAME 'photo' DESC 'RFC1274: photo (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} )", "( 0.9.2342.19200300.100.1.8 NAME 'userClass' DESC 'RFC1274: category of user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )", "( 0.9.2342.19200300.100.1.9 NAME 'host' DESC 'RFC1274: host computer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )", "( 0.9.2342.19200300.100.1.10 NAME 'manager' DESC 'RFC1274: DN of manager' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )", "( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' DESC 'RFC1274: unique identifier of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )", "( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' DESC 'RFC1274: title of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )", "( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' DESC 'RFC1274: version of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )", "( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' DESC 'RFC1274: DN of author of document' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )", "( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' DESC 'RFC1274: location of document original' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )", "( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTelephoneNumber' ) DESC 'RFC1274: home telephone number' EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )", "( 0.9.2342.19200300.100.1.21 NAME 'secretary' DESC 'RFC1274: DN of secretary' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )", "( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 )", "( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )", "( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )", "( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )", "( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )", "( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )", "( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )", "( 0.9.2342.19200300.100.1.38 NAME 'associatedName' DESC 'RFC1274: DN of entry associated with domain' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )", "( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' DESC 'RFC1274: home postal address' EQUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )", "( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' DESC 'RFC1274: personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )", "( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTelephoneNumber' ) DESC 'RFC1274: mobile telephone number' EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )", "( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelephoneNumber' ) DESC 'RFC1274: pager telephone number' EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )", "( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlyCountryName' ) DESC 'RFC1274: friendly country name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' DESC 'RFC1274: unique identifer' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )", "( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus' DESC 'RFC1274: organizational status' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )", "( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' DESC 'RFC1274: Janet mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )", "( 0.9.2342.19200300.100.1.47 NAME 'mailPreferenceOption' DESC 'RFC1274: mail preference option' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )", "( 0.9.2342.19200300.100.1.48 NAME 'buildingName' DESC 'RFC1274: name of building' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )", "( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' DESC 'RFC1274: DSA Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE )", "( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality' DESC 'RFC1274: Single Level Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )", "( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQuality' DESC 'RFC1274: Subtree Mininum Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )", "( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQuality' DESC 'RFC1274: Subtree Maximun Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE )", "( 0.9.2342.19200300.100.1.53 NAME 'personalSignature' DESC 'RFC1274: Personal Signature (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23 )", "( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' DESC 'RFC1274: DIT Redirect' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )", "( 0.9.2342.19200300.100.1.55 NAME 'audio' DESC 'RFC1274: audio (u-law)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} )", "( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' DESC 'RFC1274: publisher of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'RFC2798: vehicle license or registration plate' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC 'RFC2798: identifies a department within an organization' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'RFC2798: preferred name to be used when displaying entries' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'RFC2798: numerically identifies an employee within an organization' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'RFC2798: type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'RFC2798: a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )", "( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC 'RFC2798: preferred written or spoken language for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )", "( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'RFC2798: personal identity information, a PKCS #12 PFX' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )", "( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; the common name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )", "( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absolute path to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )", "( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to the login shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )", "( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )", "( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )", "( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Netgroup triple' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )", "( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' DESC 'Service port number' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' DESC 'Service protocol name' SUP name )", "( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' DESC 'IP protocol number' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' DESC 'ONC RPC number' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IPv4 addresses as a dotted decimal omitting leading zeros or IPv6 addresses as defined in RFC2373' SUP name )", "( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP network as a dotted decimal, eg. 192.168, omitting leading zeros' SUP name SINGLE-VALUE )", "( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP netmask as a dotted decimal, eg. 255.255.255.0, omitting leading zeros' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )", "( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC address in maximal, colon separated hex notation, eg. 00:00:92:90:ee:e2' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )", "( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.bootparamd parameter' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )", "( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image name' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )", "( 1.3.6.1.1.1.1.26 NAME 'nisMapName' DESC 'Name of a A generic NIS map' SUP name )", "( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' DESC 'A generic NIS entry' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )", "( 1.3.6.1.1.1.1.28 NAME 'nisPublicKey' DESC 'NIS public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )", "( 1.3.6.1.1.1.1.29 NAME 'nisSecretKey' DESC 'NIS secret key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )", "( 1.3.6.1.1.1.1.30 NAME 'nisDomain' DESC 'NIS domain' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )", "( 1.3.6.1.1.1.1.31 NAME 'automountMapName' DESC 'automount Map Name' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )", "( 1.3.6.1.1.1.1.32 NAME 'automountKey' DESC 'Automount Key value' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )", "( 1.3.6.1.1.1.1.33 NAME 'automountInformation' DESC 'Automount information' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )", "( 1.3.6.1.4.1.7057.10.1.2.2.2 NAME 'suseDefaultBase' DESC 'Base DN where new Objects should be created by default' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )", "( 1.3.6.1.4.1.7057.10.1.2.2.3 NAME 'suseNextUniqueId' DESC 'Next unused unique ID, can be used to generate directory wide uniqe IDs' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.7057.10.1.2.2.4 NAME 'suseMinUniqueId' DESC 'lower Border for Unique IDs' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.7057.10.1.2.2.5 NAME 'suseMaxUniqueId' DESC 'upper Border for Unique IDs' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.7057.10.1.2.2.6 NAME 'suseDefaultTemplate' DESC 'The DN of a template that should be used by default' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )", "( 1.3.6.1.4.1.7057.10.1.2.2.7 NAME 'suseSearchFilter' DESC 'Search filter to localize Objects' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.7057.10.1.2.2.11 NAME 'suseDefaultValue' DESC 'an Attribute-Value-Assertions to define defaults for specific Attributes' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.7057.10.1.2.2.12 NAME 'suseNamingAttribute' DESC 'AttributeType that should be used as the RDN' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )", "( 1.3.6.1.4.1.7057.10.1.2.2.15 NAME 'suseSecondaryGroup' DESC 'seconday group DN' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )", "( 1.3.6.1.4.1.7057.10.1.2.2.16 NAME 'suseMinPasswordLength' DESC 'minimum Password length for new users' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.7057.10.1.2.2.17 NAME 'suseMaxPasswordLength' DESC 'maximum Password length for new users' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.7057.10.1.2.2.18 NAME 'susePasswordHash' DESC 'Hash method to use for new users' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )", "( 1.3.6.1.4.1.7057.10.1.2.2.19 NAME 'suseSkelDir' DESC '' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )", "( 1.3.6.1.4.1.7057.10.1.2.2.20 NAME 'susePlugin' DESC 'plugin to use upon user/ group creation' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.7057.10.1.2.2.21 NAME 'suseMapAttribute' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.3.6.1.4.1.7057.10.1.2.2.22 NAME 'suseImapServer' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.7057.10.1.2.2.23 NAME 'suseImapAdmin' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )", "( 1.3.6.1.4.1.7057.10.1.2.2.24 NAME 'suseImapDefaultQuota' DESC '' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )", "( 1.3.6.1.4.1.7057.10.1.2.2.25 NAME 'suseImapUseSsl' DESC '' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )" ], "cn": [ "Subschema" ], "createTimestamp": [ "20141024204149Z" ], "entryDN": [ "cn=Subschema" ], "ldapSyntaxes": [ "( 1.3.6.1.4.1.1466.115.121.1.4 DESC 'Audio' X-NOT-HUMAN-READABLE 'TRUE' )", "( 1.3.6.1.4.1.1466.115.121.1.5 DESC 'Binary' X-NOT-HUMAN-READABLE 'TRUE' )", "( 1.3.6.1.4.1.1466.115.121.1.6 DESC 'Bit String' )", "( 1.3.6.1.4.1.1466.115.121.1.7 DESC 'Boolean' )", "( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'Certificate' X-BINARY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' )", "( 1.3.6.1.4.1.1466.115.121.1.9 DESC 'Certificate List' X-BINARY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' )", "( 1.3.6.1.4.1.1466.115.121.1.10 DESC 'Certificate Pair' X-BINARY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' )", "( 1.3.6.1.4.1.4203.666.11.10.2.1 DESC 'X.509 AttributeCertificate' X-BINARY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' )", "( 1.3.6.1.4.1.1466.115.121.1.12 DESC 'Distinguished Name' )", "( 1.2.36.79672281.1.5.0 DESC 'RDN' )", "( 1.3.6.1.4.1.1466.115.121.1.14 DESC 'Delivery Method' )", "( 1.3.6.1.4.1.1466.115.121.1.15 DESC 'Directory String' )", "( 1.3.6.1.4.1.1466.115.121.1.22 DESC 'Facsimile Telephone Number' )", "( 1.3.6.1.4.1.1466.115.121.1.24 DESC 'Generalized Time' )", "( 1.3.6.1.4.1.1466.115.121.1.26 DESC 'IA5 String' )", "( 1.3.6.1.4.1.1466.115.121.1.27 DESC 'Integer' )", "( 1.3.6.1.4.1.1466.115.121.1.28 DESC 'JPEG' X-NOT-HUMAN-READABLE 'TRUE' )", "( 1.3.6.1.4.1.1466.115.121.1.34 DESC 'Name And Optional UID' )", "( 1.3.6.1.4.1.1466.115.121.1.36 DESC 'Numeric String' )", "( 1.3.6.1.4.1.1466.115.121.1.38 DESC 'OID' )", "( 1.3.6.1.4.1.1466.115.121.1.39 DESC 'Other Mailbox' )", "( 1.3.6.1.4.1.1466.115.121.1.40 DESC 'Octet String' )", "( 1.3.6.1.4.1.1466.115.121.1.41 DESC 'Postal Address' )", "( 1.3.6.1.4.1.1466.115.121.1.44 DESC 'Printable String' )", "( 1.3.6.1.4.1.1466.115.121.1.11 DESC 'Country String' )", "( 1.3.6.1.4.1.1466.115.121.1.45 DESC 'SubtreeSpecification' )", "( 1.3.6.1.4.1.1466.115.121.1.49 DESC 'Supported Algorithm' X-BINARY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' )", "( 1.3.6.1.4.1.1466.115.121.1.50 DESC 'Telephone Number' )", "( 1.3.6.1.4.1.1466.115.121.1.52 DESC 'Telex Number' )", "( 1.3.6.1.1.1.0.0 DESC 'RFC2307 NIS Netgroup Triple' )", "( 1.3.6.1.1.1.0.1 DESC 'RFC2307 Boot Parameter' )", "( 1.3.6.1.1.16.1 DESC 'UUID' )" ], "matchingRuleUse": [ "( 1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcListenerThreads $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ olcDbProtocolVersion $ olcDbConnectionPoolMax $ olcChainMaxReferralDepth $ olcDDSmaxDynamicObjects $ olcPcacheMaxQueries $ olcRetcodeSleep $ olcSssVlvMax $ olcSssVlvMaxKeys $ olcSssVlvMaxPerConn $ olcSpSessionlog $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber $ suseNextUniqueId $ suseMinUniqueId $ suseMaxUniqueId $ suseMinPasswordLength $ suseMaxPasswordLength $ suseImapDefaultQuota ) )", "( 1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcListenerThreads $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ olcDbProtocolVersion $ olcDbConnectionPoolMax $ olcChainMaxReferralDepth $ olcDDSmaxDynamicObjects $ olcPcacheMaxQueries $ olcRetcodeSleep $ olcSssVlvMax $ olcSssVlvMaxKeys $ olcSssVlvMaxPerConn $ olcSpSessionlog $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber $ suseNextUniqueId $ suseMinUniqueId $ suseMaxUniqueId $ suseMinPasswordLength $ suseMaxPasswordLength $ suseImapDefaultQuota ) )", "( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' APPLIES ( altServer $ olcDbConfig $ c $ mail $ dc $ associatedDomain $ email $ aRecord $ mDRecord $ mXRecord $ nSRecord $ sOARecord $ cNAMERecord $ janetMailbox $ gecos $ homeDirectory $ loginShell $ memberUid $ memberNisNetgroup $ nisNetgroupTriple $ ipNetmaskNumber $ macAddress $ bootParameter $ bootFile $ nisMapEntry $ nisDomain $ automountMapName $ automountKey $ automountInformation $ suseNamingAttribute $ susePasswordHash $ suseSkelDir ) )", "( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' APPLIES ( altServer $ olcDbConfig $ c $ mail $ dc $ associatedDomain $ email $ aRecord $ mDRecord $ mXRecord $ nSRecord $ sOARecord $ cNAMERecord $ janetMailbox $ gecos $ homeDirectory $ loginShell $ memberUid $ memberNisNetgroup $ nisNetgroupTriple $ ipNetmaskNumber $ macAddress $ bootParameter $ bootFile $ nisMapEntry $ nisDomain $ automountMapName $ automountKey $ automountInformation $ suseNamingAttribute $ susePasswordHash $ suseSkelDir ) )", "( 2.5.13.38 NAME 'certificateListExactMatch' APPLIES ( authorityRevocationList $ certificateRevocationList $ deltaRevocationList ) )", "( 2.5.13.34 NAME 'certificateExactMatch' APPLIES ( userCertificate $ cACertificate ) )", "( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures $ ldapSyntaxes $ supportedApplicationContext ) )", "( 2.5.13.29 NAME 'integerFirstComponentMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcListenerThreads $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ olcDbProtocolVersion $ olcDbConnectionPoolMax $ olcChainMaxReferralDepth $ olcDDSmaxDynamicObjects $ olcPcacheMaxQueries $ olcRetcodeSleep $ olcSssVlvMax $ olcSssVlvMaxKeys $ olcSssVlvMaxPerConn $ olcSpSessionlog $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber $ suseNextUniqueId $ suseMinUniqueId $ suseMaxUniqueId $ suseMinPasswordLength $ suseMaxPasswordLength $ suseImapDefaultQuota ) )", "( 2.5.13.28 NAME 'generalizedTimeOrderingMatch' APPLIES ( createTimestamp $ modifyTimestamp $ pwdChangedTime $ pwdAccountLockedTime $ pwdFailureTime $ pwdGraceUseTime ) )", "( 2.5.13.27 NAME 'generalizedTimeMatch' APPLIES ( createTimestamp $ modifyTimestamp $ pwdChangedTime $ pwdAccountLockedTime $ pwdFailureTime $ pwdGraceUseTime ) )", "( 2.5.13.24 NAME 'protocolInformationMatch' APPLIES protocolInformation )", "( 2.5.13.23 NAME 'uniqueMemberMatch' APPLIES uniqueMember )", "( 2.5.13.22 NAME 'presentationAddressMatch' APPLIES presentationAddress )", "( 2.5.13.20 NAME 'telephoneNumberMatch' APPLIES ( telephoneNumber $ homePhone $ mobile $ pager ) )", "( 2.5.13.18 NAME 'octetStringOrderingMatch' APPLIES ( userPassword $ olcDbCryptKey $ pwdHistory $ nisPublicKey $ nisSecretKey ) )", "( 2.5.13.17 NAME 'octetStringMatch' APPLIES ( userPassword $ olcDbCryptKey $ pwdHistory $ nisPublicKey $ nisSecretKey ) )", "( 2.5.13.16 NAME 'bitStringMatch' APPLIES x500UniqueIdentifier )", "( 2.5.13.15 NAME 'integerOrderingMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcListenerThreads $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ olcDbProtocolVersion $ olcDbConnectionPoolMax $ olcChainMaxReferralDepth $ olcDDSmaxDynamicObjects $ olcPcacheMaxQueries $ olcRetcodeSleep $ olcSssVlvMax $ olcSssVlvMaxKeys $ olcSssVlvMaxPerConn $ olcSpSessionlog $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber $ suseNextUniqueId $ suseMinUniqueId $ suseMaxUniqueId $ suseMinPasswordLength $ suseMaxPasswordLength $ suseImapDefaultQuota ) )", "( 2.5.13.14 NAME 'integerMatch' APPLIES ( supportedLDAPVersion $ entryTtl $ uidNumber $ gidNumber $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcIdleTimeout $ olcIndexSubstrIfMinLen $ olcIndexSubstrIfMaxLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcListenerThreads $ olcLocalSSF $ olcMaxDerefDepth $ olcReplicationInterval $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads $ olcToolThreads $ olcWriteTimeout $ olcDbCacheFree $ olcDbCacheSize $ olcDbDNcacheSize $ olcDbIDLcacheSize $ olcDbSearchStack $ olcDbShmKey $ olcDbProtocolVersion $ olcDbConnectionPoolMax $ olcChainMaxReferralDepth $ olcDDSmaxDynamicObjects $ olcPcacheMaxQueries $ olcRetcodeSleep $ olcSssVlvMax $ olcSssVlvMaxKeys $ olcSssVlvMaxPerConn $ olcSpSessionlog $ mailPreferenceOption $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ ipServicePort $ ipProtocolNumber $ oncRpcNumber $ suseNextUniqueId $ suseMinUniqueId $ suseMaxUniqueId $ suseMinPasswordLength $ suseMaxPasswordLength $ suseImapDefaultQuota ) )", "( 2.5.13.13 NAME 'booleanMatch' APPLIES ( hasSubordinates $ olcAddContentAcl $ olcGentleHUP $ olcHidden $ olcLastMod $ olcMirrorMode $ olcMonitoring $ olcReadOnly $ olcReverseLookup $ olcSyncUseSubentry $ olcDbChecksum $ olcDbNoSync $ olcDbDirtyRead $ olcDbLinearIndex $ olcDbRebindAsUser $ olcDbChaseReferrals $ olcDbProxyWhoAmI $ olcDbSingleConn $ olcDbUseTemporaryConn $ olcDbNoRefs $ olcDbNoUndefFilter $ olcChainCacheURI $ olcChainReturnError $ olcAccessLogSuccess $ olcDDSstate $ olcMemberOfRefInt $ pwdReset $ olcPPolicyHashCleartext $ olcPPolicyForwardUpdates $ olcPPolicyUseLockout $ olcPcachePersist $ olcPcacheValidate $ olcPcacheOffline $ olcRetcodeInDir $ olcRwmNormalizeMapped $ olcRwmDropUnrequested $ olcSpNoPresent $ olcSpReloadHint $ olcTranslucentStrict $ olcTranslucentNoGlue $ olcTranslucentBindLocal $ olcTranslucentPwModLocal $ olcUniqueStrict $ suseImapUseSsl ) )", "( 2.5.13.11 NAME 'caseIgnoreListMatch' APPLIES ( postalAddress $ registeredAddress $ homePostalAddress ) )", "( 2.5.13.9 NAME 'numericStringOrderingMatch' APPLIES ( x121Address $ internationaliSDNNumber ) )", "( 2.5.13.8 NAME 'numericStringMatch' APPLIES ( x121Address $ internationaliSDNNumber ) )", "( 2.5.13.7 NAME 'caseExactSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) )", "( 2.5.13.6 NAME 'caseExactOrderingMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcExtraAttrs $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSCRLFile $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcTLSProtocolMin $ olcUpdateRef $ olcDbDirectory $ olcDbCheckpoint $ olcDbCryptFile $ olcDbPageSize $ olcDbIndex $ olcDbLockDetect $ olcDbMode $ olcDbURI $ olcDbStartTLS $ olcDbACLPasswd $ olcDbACLBind $ olcDbIDAssertPasswd $ olcDbIDAssertBind $ olcDbIDAssertMode $ olcDbIDAssertAuthzFrom $ olcDbTFSupport $ olcDbTimeout $ olcDbIdleTimeout $ olcDbConnTtl $ olcDbNetworkTimeout $ olcDbCancel $ olcDbQuarantine $ olcDbIDAssertPassThru $ olcChainingBehavior $ olcAccessLogOps $ olcAccessLogPurge $ olcAccessLogOld $ olcAccessLogOldAttr $ olcAccessLogBase $ olcAuditlogFile $ olcCollectInfo $ olcConstraintAttribute $ olcDDSmaxTtl $ olcDDSminTtl $ olcDDSdefaultTtl $ olcDDSinterval $ olcDDStolerance $ olcDGAttrPair $ olcDlAttrSet $ olcMemberOfDangling $ olcMemberOfGroupOC $ olcMemberOfMemberAD $ olcMemberOfMemberOfAD $ olcMemberOfDanglingError $ olcPcache $ olcPcacheAttrset $ olcPcacheTemplate $ olcPcachePosition $ olcPcacheBind $ olcRefintAttribute $ olcRetcodeItem $ olcRwmRewrite $ olcRwmTFSupport $ olcRwmMap $ olcSpCheckpoint $ olcTranslucentLocal $ olcTranslucentRemote $ olcUniqueIgnore $ olcUniqueAttribute $ olcUniqueURI $ olcValSortAttr $ knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $ title $ businessCategory $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ destinationIndicator $ givenName $ initials $ generationQualifier $ dnQualifier $ houseIdentifier $ dmdName $ pseudonym $ textEncodedORAddress $ info $ drink $ roomNumber $ userClass $ host $ documentIdentifier $ documentTitle $ documentVersion $ documentLocation $ personalTitle $ co $ uniqueIdentifier $ organizationalStatus $ buildingName $ documentPublisher $ carLicense $ departmentNumber $ displayName $ employeeNumber $ employeeType $ preferredLanguage $ ipServiceProtocol $ ipHostNumber $ ipNetworkNumber $ nisMapName $ suseSearchFilter $ suseDefaultValue $ susePlugin $ suseMapAttribute $ suseImapServer $ suseImapAdmin ) )", "( 2.5.13.5 NAME 'caseExactMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcExtraAttrs $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSCRLFile $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcTLSProtocolMin $ olcUpdateRef $ olcDbDirectory $ olcDbCheckpoint $ olcDbCryptFile $ olcDbPageSize $ olcDbIndex $ olcDbLockDetect $ olcDbMode $ olcDbURI $ olcDbStartTLS $ olcDbACLPasswd $ olcDbACLBind $ olcDbIDAssertPasswd $ olcDbIDAssertBind $ olcDbIDAssertMode $ olcDbIDAssertAuthzFrom $ olcDbTFSupport $ olcDbTimeout $ olcDbIdleTimeout $ olcDbConnTtl $ olcDbNetworkTimeout $ olcDbCancel $ olcDbQuarantine $ olcDbIDAssertPassThru $ olcChainingBehavior $ olcAccessLogOps $ olcAccessLogPurge $ olcAccessLogOld $ olcAccessLogOldAttr $ olcAccessLogBase $ olcAuditlogFile $ olcCollectInfo $ olcConstraintAttribute $ olcDDSmaxTtl $ olcDDSminTtl $ olcDDSdefaultTtl $ olcDDSinterval $ olcDDStolerance $ olcDGAttrPair $ olcDlAttrSet $ olcMemberOfDangling $ olcMemberOfGroupOC $ olcMemberOfMemberAD $ olcMemberOfMemberOfAD $ olcMemberOfDanglingError $ olcPcache $ olcPcacheAttrset $ olcPcacheTemplate $ olcPcachePosition $ olcPcacheBind $ olcRefintAttribute $ olcRetcodeItem $ olcRwmRewrite $ olcRwmTFSupport $ olcRwmMap $ olcSpCheckpoint $ olcTranslucentLocal $ olcTranslucentRemote $ olcUniqueIgnore $ olcUniqueAttribute $ olcUniqueURI $ olcValSortAttr $ knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $ title $ businessCategory $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ destinationIndicator $ givenName $ initials $ generationQualifier $ dnQualifier $ houseIdentifier $ dmdName $ pseudonym $ textEncodedORAddress $ info $ drink $ roomNumber $ userClass $ host $ documentIdentifier $ documentTitle $ documentVersion $ documentLocation $ personalTitle $ co $ uniqueIdentifier $ organizationalStatus $ buildingName $ documentPublisher $ carLicense $ departmentNumber $ displayName $ employeeNumber $ employeeType $ preferredLanguage $ ipServiceProtocol $ ipHostNumber $ ipNetworkNumber $ nisMapName $ suseSearchFilter $ suseDefaultValue $ susePlugin $ suseMapAttribute $ suseImapServer $ suseImapAdmin ) )", "( 2.5.13.4 NAME 'caseIgnoreSubstringsMatch' APPLIES ( serialNumber $ destinationIndicator $ dnQualifier ) )", "( 2.5.13.3 NAME 'caseIgnoreOrderingMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcExtraAttrs $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSCRLFile $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcTLSProtocolMin $ olcUpdateRef $ olcDbDirectory $ olcDbCheckpoint $ olcDbCryptFile $ olcDbPageSize $ olcDbIndex $ olcDbLockDetect $ olcDbMode $ olcDbURI $ olcDbStartTLS $ olcDbACLPasswd $ olcDbACLBind $ olcDbIDAssertPasswd $ olcDbIDAssertBind $ olcDbIDAssertMode $ olcDbIDAssertAuthzFrom $ olcDbTFSupport $ olcDbTimeout $ olcDbIdleTimeout $ olcDbConnTtl $ olcDbNetworkTimeout $ olcDbCancel $ olcDbQuarantine $ olcDbIDAssertPassThru $ olcChainingBehavior $ olcAccessLogOps $ olcAccessLogPurge $ olcAccessLogOld $ olcAccessLogOldAttr $ olcAccessLogBase $ olcAuditlogFile $ olcCollectInfo $ olcConstraintAttribute $ olcDDSmaxTtl $ olcDDSminTtl $ olcDDSdefaultTtl $ olcDDSinterval $ olcDDStolerance $ olcDGAttrPair $ olcDlAttrSet $ olcMemberOfDangling $ olcMemberOfGroupOC $ olcMemberOfMemberAD $ olcMemberOfMemberOfAD $ olcMemberOfDanglingError $ olcPcache $ olcPcacheAttrset $ olcPcacheTemplate $ olcPcachePosition $ olcPcacheBind $ olcRefintAttribute $ olcRetcodeItem $ olcRwmRewrite $ olcRwmTFSupport $ olcRwmMap $ olcSpCheckpoint $ olcTranslucentLocal $ olcTranslucentRemote $ olcUniqueIgnore $ olcUniqueAttribute $ olcUniqueURI $ olcValSortAttr $ knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $ title $ businessCategory $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ destinationIndicator $ givenName $ initials $ generationQualifier $ dnQualifier $ houseIdentifier $ dmdName $ pseudonym $ textEncodedORAddress $ info $ drink $ roomNumber $ userClass $ host $ documentIdentifier $ documentTitle $ documentVersion $ documentLocation $ personalTitle $ co $ uniqueIdentifier $ organizationalStatus $ buildingName $ documentPublisher $ carLicense $ departmentNumber $ displayName $ employeeNumber $ employeeType $ preferredLanguage $ ipServiceProtocol $ ipHostNumber $ ipNetworkNumber $ nisMapName $ suseSearchFilter $ suseDefaultValue $ susePlugin $ suseMapAttribute $ suseImapServer $ suseImapAdmin ) )", "( 2.5.13.2 NAME 'caseIgnoreMatch' APPLIES ( supportedSASLMechanisms $ vendorName $ vendorVersion $ ref $ name $ cn $ uid $ labeledURI $ description $ olcConfigFile $ olcConfigDir $ olcAccess $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAttributeTypes $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcBackend $ olcDatabase $ olcDisallows $ olcDitContentRules $ olcExtraAttrs $ olcInclude $ olcLdapSyntaxes $ olcLimits $ olcLogFile $ olcLogLevel $ olcModuleLoad $ olcModulePath $ olcObjectClasses $ olcObjectIdentifier $ olcOverlay $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPlugin $ olcPluginLogFile $ olcReferral $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDSE $ olcRootPW $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSortVals $ olcSubordinate $ olcSyncrepl $ olcTCPBuffer $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSCRLFile $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcTLSProtocolMin $ olcUpdateRef $ olcDbDirectory $ olcDbCheckpoint $ olcDbCryptFile $ olcDbPageSize $ olcDbIndex $ olcDbLockDetect $ olcDbMode $ olcDbURI $ olcDbStartTLS $ olcDbACLPasswd $ olcDbACLBind $ olcDbIDAssertPasswd $ olcDbIDAssertBind $ olcDbIDAssertMode $ olcDbIDAssertAuthzFrom $ olcDbTFSupport $ olcDbTimeout $ olcDbIdleTimeout $ olcDbConnTtl $ olcDbNetworkTimeout $ olcDbCancel $ olcDbQuarantine $ olcDbIDAssertPassThru $ olcChainingBehavior $ olcAccessLogOps $ olcAccessLogPurge $ olcAccessLogOld $ olcAccessLogOldAttr $ olcAccessLogBase $ olcAuditlogFile $ olcCollectInfo $ olcConstraintAttribute $ olcDDSmaxTtl $ olcDDSminTtl $ olcDDSdefaultTtl $ olcDDSinterval $ olcDDStolerance $ olcDGAttrPair $ olcDlAttrSet $ olcMemberOfDangling $ olcMemberOfGroupOC $ olcMemberOfMemberAD $ olcMemberOfMemberOfAD $ olcMemberOfDanglingError $ olcPcache $ olcPcacheAttrset $ olcPcacheTemplate $ olcPcachePosition $ olcPcacheBind $ olcRefintAttribute $ olcRetcodeItem $ olcRwmRewrite $ olcRwmTFSupport $ olcRwmMap $ olcSpCheckpoint $ olcTranslucentLocal $ olcTranslucentRemote $ olcUniqueIgnore $ olcUniqueAttribute $ olcUniqueURI $ olcValSortAttr $ knowledgeInformation $ sn $ serialNumber $ c $ l $ st $ street $ o $ ou $ title $ businessCategory $ postalCode $ postOfficeBox $ physicalDeliveryOfficeName $ destinationIndicator $ givenName $ initials $ generationQualifier $ dnQualifier $ houseIdentifier $ dmdName $ pseudonym $ textEncodedORAddress $ info $ drink $ roomNumber $ userClass $ host $ documentIdentifier $ documentTitle $ documentVersion $ documentLocation $ personalTitle $ co $ uniqueIdentifier $ organizationalStatus $ buildingName $ documentPublisher $ carLicense $ departmentNumber $ displayName $ employeeNumber $ employeeType $ preferredLanguage $ ipServiceProtocol $ ipHostNumber $ ipNetworkNumber $ nisMapName $ suseSearchFilter $ suseDefaultValue $ susePlugin $ suseMapAttribute $ suseImapServer $ suseImapAdmin ) )", "( 2.5.13.1 NAME 'distinguishedNameMatch' APPLIES ( creatorsName $ modifiersName $ subschemaSubentry $ entryDN $ namingContexts $ aliasedObjectName $ dynamicSubtrees $ distinguishedName $ seeAlso $ olcDefaultSearchBase $ olcRootDN $ olcSchemaDN $ olcSuffix $ olcUpdateDN $ olcDbACLAuthcDn $ olcDbIDAssertAuthcDn $ olcRelay $ olcAccessLogDB $ memberOf $ olcMemberOfDN $ pwdPolicySubentry $ olcPPolicyDefault $ olcRefintNothing $ olcRefintModifiersName $ olcRetcodeParent $ olcUniqueBase $ member $ owner $ roleOccupant $ manager $ documentAuthor $ secretary $ associatedName $ dITRedirect $ suseDefaultBase $ suseDefaultTemplate $ suseSecondaryGroup ) )", "( 2.5.13.0 NAME 'objectIdentifierMatch' APPLIES ( supportedControl $ supportedExtension $ supportedFeatures $ supportedApplicationContext ) )" ], "matchingRules": [ "( 1.3.6.1.1.16.3 NAME 'UUIDOrderingMatch' SYNTAX 1.3.6.1.1.16.1 )", "( 1.3.6.1.1.16.2 NAME 'UUIDMatch' SYNTAX 1.3.6.1.1.16.1 )", "( 1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )", "( 1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )", "( 1.3.6.1.4.1.4203.1.2.1 NAME 'caseExactIA5SubstringsMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )", "( 1.3.6.1.4.1.1466.109.114.3 NAME 'caseIgnoreIA5SubstringsMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )", "( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )", "( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )", "( 2.5.13.38 NAME 'certificateListExactMatch' SYNTAX 1.3.6.1.1.15.5 )", "( 2.5.13.34 NAME 'certificateExactMatch' SYNTAX 1.3.6.1.1.15.1 )", "( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )", "( 2.5.13.29 NAME 'integerFirstComponentMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )", "( 2.5.13.28 NAME 'generalizedTimeOrderingMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )", "( 2.5.13.27 NAME 'generalizedTimeMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )", "( 2.5.13.23 NAME 'uniqueMemberMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )", "( 2.5.13.21 NAME 'telephoneNumberSubstringsMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )", "( 2.5.13.20 NAME 'telephoneNumberMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )", "( 2.5.13.19 NAME 'octetStringSubstringsMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )", "( 2.5.13.18 NAME 'octetStringOrderingMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )", "( 2.5.13.17 NAME 'octetStringMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )", "( 2.5.13.16 NAME 'bitStringMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )", "( 2.5.13.15 NAME 'integerOrderingMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )", "( 2.5.13.14 NAME 'integerMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )", "( 2.5.13.13 NAME 'booleanMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )", "( 2.5.13.11 NAME 'caseIgnoreListMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )", "( 2.5.13.10 NAME 'numericStringSubstringsMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )", "( 2.5.13.9 NAME 'numericStringOrderingMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )", "( 2.5.13.8 NAME 'numericStringMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )", "( 2.5.13.7 NAME 'caseExactSubstringsMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )", "( 2.5.13.6 NAME 'caseExactOrderingMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.5.13.5 NAME 'caseExactMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.5.13.4 NAME 'caseIgnoreSubstringsMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )", "( 2.5.13.3 NAME 'caseIgnoreOrderingMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 2.5.13.2 NAME 'caseIgnoreMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )", "( 1.2.36.79672281.1.13.3 NAME 'rdnMatch' SYNTAX 1.2.36.79672281.1.5.0 )", "( 2.5.13.1 NAME 'distinguishedNameMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )", "( 2.5.13.0 NAME 'objectIdentifierMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )" ], "modifyTimestamp": [ "20141024204149Z" ], "objectClass": [ "top", "subentry", "subschema", "extensibleObject" ], "objectClasses": [ "( 2.5.6.0 NAME 'top' DESC 'top of the superclass chain' ABSTRACT MUST objectClass )", "( 1.3.6.1.4.1.1466.101.120.111 NAME 'extensibleObject' DESC 'RFC4512: extensible object' SUP top AUXILIARY )", "( 2.5.6.1 NAME 'alias' DESC 'RFC4512: an alias' SUP top STRUCTURAL MUST aliasedObjectName )", "( 2.16.840.1.113730.3.2.6 NAME 'referral' DESC 'namedref: named subordinate referral' SUP top STRUCTURAL MUST ref )", "( 1.3.6.1.4.1.4203.1.4.1 NAME ( 'OpenLDAProotDSE' 'LDAProotDSE' ) DESC 'OpenLDAP Root DSE object' SUP top STRUCTURAL MAY cn )", "( 2.5.17.0 NAME 'subentry' DESC 'RFC3672: subentry' SUP top STRUCTURAL MUST ( cn $ subtreeSpecification ) )", "( 2.5.20.1 NAME 'subschema' DESC 'RFC4512: controlling subschema (sub)entry' AUXILIARY MAY ( dITStructureRules $ nameForms $ dITContentRules $ objectClasses $ attributeTypes $ matchingRules $ matchingRuleUse ) )", "( 1.3.6.1.4.1.1466.101.119.2 NAME 'dynamicObject' DESC 'RFC2589: Dynamic Object' SUP top AUXILIARY )", "( 1.3.6.1.4.1.4203.1.12.2.4.0.0 NAME 'olcConfig' DESC 'OpenLDAP configuration object' SUP top ABSTRACT )", "( 1.3.6.1.4.1.4203.1.12.2.4.0.1 NAME 'olcGlobal' DESC 'OpenLDAP Global configuration options' SUP olcConfig STRUCTURAL MAY ( cn $ olcConfigFile $ olcConfigDir $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcDisallows $ olcGentleHUP $ olcIdleTimeout $ olcIndexSubstrIfMaxLen $ olcIndexSubstrIfMinLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcLogFile $ olcLogLevel $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPluginLogFile $ olcReadOnly $ olcReferral $ olcReplogFile $ olcRequires $ olcRestrict $ olcReverseLookup $ olcRootDSE $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcTCPBuffer $ olcThreads $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcTLSCRLFile $ olcToolThreads $ olcWriteTimeout $ olcObjectIdentifier $ olcAttributeTypes $ olcObjectClasses $ olcDitContentRules $ olcLdapSyntaxes ) )", "( 1.3.6.1.4.1.4203.1.12.2.4.0.2 NAME 'olcSchemaConfig' DESC 'OpenLDAP schema object' SUP olcConfig STRUCTURAL MAY ( cn $ olcObjectIdentifier $ olcAttributeTypes $ olcObjectClasses $ olcDitContentRules $ olcLdapSyntaxes ) )", "( 1.3.6.1.4.1.4203.1.12.2.4.0.3 NAME 'olcBackendConfig' DESC 'OpenLDAP Backend-specific options' SUP olcConfig STRUCTURAL MUST olcBackend )", "( 1.3.6.1.4.1.4203.1.12.2.4.0.4 NAME 'olcDatabaseConfig' DESC 'OpenLDAP Database-specific options' SUP olcConfig STRUCTURAL MUST olcDatabase MAY ( olcHidden $ olcSuffix $ olcSubordinate $ olcAccess $ olcAddContentAcl $ olcLastMod $ olcLimits $ olcMaxDerefDepth $ olcPlugin $ olcReadOnly $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplicationInterval $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDN $ olcRootPW $ olcSchemaDN $ olcSecurity $ olcSizeLimit $ olcSyncUseSubentry $ olcSyncrepl $ olcTimeLimit $ olcUpdateDN $ olcUpdateRef $ olcMirrorMode $ olcMonitoring $ olcExtraAttrs ) )", "( 1.3.6.1.4.1.4203.1.12.2.4.0.5 NAME 'olcOverlayConfig' DESC 'OpenLDAP Overlay-specific options' SUP olcConfig STRUCTURAL MUST olcOverlay )", "( 1.3.6.1.4.1.4203.1.12.2.4.0.6 NAME 'olcIncludeFile' DESC 'OpenLDAP configuration include file' SUP olcConfig STRUCTURAL MUST olcInclude MAY ( cn $ olcRootDSE ) )", "( 1.3.6.1.4.1.4203.1.12.2.4.0.7 NAME 'olcFrontendConfig' DESC 'OpenLDAP frontend configuration' AUXILIARY MAY ( olcDefaultSearchBase $ olcPasswordHash $ olcSortVals ) )", "( 1.3.6.1.4.1.4203.1.12.2.4.0.8 NAME 'olcModuleList' DESC 'OpenLDAP dynamic module info' SUP olcConfig STRUCTURAL MAY ( cn $ olcModulePath $ olcModuleLoad ) )", "( 1.3.6.1.4.1.4203.1.12.2.4.2.2.1 NAME 'olcLdifConfig' DESC 'LDIF backend configuration' SUP olcDatabaseConfig STRUCTURAL MUST olcDbDirectory )", "( 1.3.6.1.4.1.4203.1.12.2.4.2.4.1 NAME 'olcMonitorConfig' DESC 'Monitor backend configuration' SUP olcDatabaseConfig STRUCTURAL )", "( 1.3.6.1.4.1.4203.1.12.2.4.2.1.1 NAME 'olcBdbConfig' DESC 'BDB backend configuration' SUP olcDatabaseConfig STRUCTURAL MUST olcDbDirectory MAY ( olcDbCacheSize $ olcDbCheckpoint $ olcDbConfig $ olcDbCryptFile $ olcDbCryptKey $ olcDbNoSync $ olcDbDirtyRead $ olcDbIDLcacheSize $ olcDbIndex $ olcDbLinearIndex $ olcDbLockDetect $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $ olcDbCacheFree $ olcDbDNcacheSize $ olcDbPageSize ) )", "( 1.3.6.1.4.1.4203.1.12.2.4.2.1.2 NAME 'olcHdbConfig' DESC 'HDB backend configuration' SUP olcDatabaseConfig STRUCTURAL MUST olcDbDirectory MAY ( olcDbCacheSize $ olcDbCheckpoint $ olcDbConfig $ olcDbCryptFile $ olcDbCryptKey $ olcDbNoSync $ olcDbDirtyRead $ olcDbIDLcacheSize $ olcDbIndex $ olcDbLinearIndex $ olcDbLockDetect $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $ olcDbCacheFree $ olcDbDNcacheSize $ olcDbPageSize ) )", "( 1.3.6.1.4.1.4203.1.12.2.4.2.3.1 NAME 'olcLDAPConfig' DESC 'LDAP backend configuration' SUP olcDatabaseConfig STRUCTURAL MAY ( olcDbURI $ olcDbStartTLS $ olcDbACLAuthcDn $ olcDbACLPasswd $ olcDbACLBind $ olcDbIDAssertAuthcDn $ olcDbIDAssertPasswd $ olcDbIDAssertBind $ olcDbIDAssertMode $ olcDbIDAssertAuthzFrom $ olcDbIDAssertPassThru $ olcDbRebindAsUser $ olcDbChaseReferrals $ olcDbTFSupport $ olcDbProxyWhoAmI $ olcDbTimeout $ olcDbIdleTimeout $ olcDbConnTtl $ olcDbNetworkTimeout $ olcDbProtocolVersion $ olcDbSingleConn $ olcDbCancel $ olcDbQuarantine $ olcDbUseTemporaryConn $ olcDbConnectionPoolMax $ olcDbNoRefs $ olcDbNoUndefFilter ) )", "( 1.3.6.1.4.1.4203.1.12.2.4.3.3.1 NAME 'olcChainConfig' DESC 'Chain configuration' SUP olcOverlayConfig STRUCTURAL MAY ( olcChainingBehavior $ olcChainCacheURI $ olcChainMaxReferralDepth $ olcChainReturnError ) )", "( 1.3.6.1.4.1.4203.1.12.2.4.3.3.2 NAME 'olcChainDatabase' DESC 'Chain remote server configuration' AUXILIARY )", "( 1.3.6.1.4.1.4203.1.12.2.4.3.3.3 NAME 'olcPBindConfig' DESC 'Proxy Bind configuration' SUP olcOverlayConfig STRUCTURAL MUST olcDbURI MAY ( olcDbStartTLS $ olcDbNetworkTimeout $ olcDbQuarantine ) )", "( 1.3.6.1.4.1.4203.1.12.2.4.3.7.1 NAME 'olcDistProcConfig' DESC 'Distributed procedures configuration' SUP olcOverlayConfig STRUCTURAL MAY ( olcChainingBehavior $ olcChainCacheURI ) )", "( 1.3.6.1.4.1.4203.1.12.2.4.3.7.2 NAME 'olcDistProcDatabase' DESC 'Distributed procedure remote server configuration' AUXILIARY )", "( 1.3.6.1.4.1.4203.1.12.2.4.2.5.1 NAME 'olcRelayConfig' DESC 'Relay backend configuration' SUP olcDatabaseConfig STRUCTURAL MAY olcRelay )", "( 1.3.6.1.4.1.4203.1.12.2.4.3.4.1 NAME 'olcAccessLogConfig' DESC 'Access log configuration' SUP olcOverlayConfig STRUCTURAL MUST olcAccessLogDB MAY ( olcAccessLogOps $ olcAccessLogPurge $ olcAccessLogSuccess $ olcAccessLogOld $ olcAccessLogOldAttr $ olcAccessLogBase ) )", "( 1.3.6.1.4.1.4203.1.12.2.4.3.15.1 NAME 'olcAuditlogConfig' DESC 'Auditlog configuration' SUP olcOverlayConfig STRUCTURAL MAY olcAuditlogFile )", "( 1.3.6.1.4.1.4203.1.12.2.4.3.19.1 NAME 'olcCollectConfig' DESC 'Collective Attribute configuration' SUP olcOverlayConfig STRUCTURAL MAY olcCollectInfo )", "( 1.3.6.1.4.1.4203.1.12.2.4.3.13.1 NAME 'olcConstraintConfig' DESC 'Constraint overlay configuration' SUP olcOverlayConfig STRUCTURAL MAY olcConstraintAttribute )", "( 1.3.6.1.4.1.4203.1.12.2.4.3.9.1 NAME 'olcDDSConfig' DESC 'RFC2589 Dynamic directory services configuration' SUP olcOverlayConfig STRUCTURAL MAY ( olcDDSstate $ olcDDSmaxTtl $ olcDDSminTtl $ olcDDSdefaultTtl $ olcDDSinterval $ olcDDStolerance $ olcDDSmaxDynamicObjects ) )", "( 1.3.6.1.4.1.4203.1.12.2.4.3.17.1 NAME 'olcDGConfig' DESC 'Dynamic Group configuration' SUP olcOverlayConfig STRUCTURAL MAY olcDGAttrPair )", "( 1.3.6.1.4.1.4203.1.12.2.4.3.8.1 NAME 'olcDynamicList' DESC 'Dynamic list configuration' SUP olcOverlayConfig STRUCTURAL MAY olcDLattrSet )", "( 1.3.6.1.4.1.4203.1.12.2.4.3.18.1 NAME 'olcMemberOf' DESC 'Member-of configuration' SUP olcOverlayConfig STRUCTURAL MAY ( olcMemberOfDN $ olcMemberOfDangling $ olcMemberOfDanglingError $ olcMemberOfRefInt $ olcMemberOfGroupOC $ olcMemberOfMemberAD $ olcMemberOfMemberOfAD ) )", "( 1.3.6.1.4.1.4203.1.12.2.4.3.12.1 NAME 'olcPPolicyConfig' DESC 'Password Policy configuration' SUP olcOverlayConfig STRUCTURAL MAY ( olcPPolicyDefault $ olcPPolicyHashCleartext $ olcPPolicyUseLockout $ olcPPolicyForwardUpdates ) )", "( 1.3.6.1.4.1.4203.1.12.2.4.3.2.1 NAME 'olcPcacheConfig' DESC 'ProxyCache configuration' SUP olcOverlayConfig STRUCTURAL MUST ( olcPcache $ olcPcacheAttrset $ olcPcacheTemplate ) MAY ( olcPcachePosition $ olcPcacheMaxQueries $ olcPcachePersist $ olcPcacheValidate $ olcPcacheOffline $ olcPcacheBind ) )", "( 1.3.6.1.4.1.4203.1.12.2.4.3.2.2 NAME 'olcPcacheDatabase' DESC 'Cache database configuration' AUXILIARY )", "( 1.3.6.1.4.1.4203.1.12.2.4.3.11.1 NAME 'olcRefintConfig' DESC 'Referential integrity configuration' SUP olcOverlayConfig STRUCTURAL MAY ( olcRefintAttribute $ olcRefintNothing $ olcRefintModifiersName ) )", "( 1.3.6.1.4.1.4203.1.12.2.4.3.20.1 NAME 'olcRetcodeConfig' DESC 'Retcode configuration' SUP olcOverlayConfig STRUCTURAL MAY ( olcRetcodeParent $ olcRetcodeItem $ olcRetcodeInDir $ olcRetcodeSleep ) )", "( 1.3.6.1.4.1.4203.1.12.2.4.3.16.1 NAME 'olcRwmConfig' DESC 'Rewrite/remap configuration' SUP olcOverlayConfig STRUCTURAL MAY ( olcRwmRewrite $ olcRwmTFSupport $ olcRwmMap $ olcRwmNormalizeMapped ) )", "( 1.3.6.1.4.1.4203.1.12.2.4.3.21.1 NAME 'olcSssVlvConfig' DESC 'SSS VLV configuration' SUP olcOverlayConfig STRUCTURAL MAY ( olcSssVlvMax $ olcSssVlvMaxKeys ) )", "( 1.3.6.1.4.1.4203.1.12.2.4.3.1.1 NAME 'olcSyncProvConfig' DESC 'SyncRepl Provider configuration' SUP olcOverlayConfig STRUCTURAL MAY ( olcSpCheckpoint $ olcSpSessionlog $ olcSpNoPresent $ olcSpReloadHint ) )", "( 1.3.6.1.4.1.4203.1.12.2.4.3.14.1 NAME 'olcTranslucentConfig' DESC 'Translucent configuration' SUP olcOverlayConfig STRUCTURAL MAY ( olcTranslucentStrict $ olcTranslucentNoGlue $ olcTranslucentLocal $ olcTranslucentRemote $ olcTranslucentBindLocal $ olcTranslucentPwModLocal ) )", "( 1.3.6.1.4.1.4203.1.12.2.4.3.14.2 NAME 'olcTranslucentDatabase' DESC 'Translucent target database configuration' AUXILIARY )", "( 1.3.6.1.4.1.4203.1.12.2.4.3.10.1 NAME 'olcUniqueConfig' DESC 'Attribute value uniqueness configuration' SUP olcOverlayConfig STRUCTURAL MAY ( olcUniqueBase $ olcUniqueIgnore $ olcUniqueAttribute $ olcUniqueStrict $ olcUniqueURI ) )", "( 1.3.6.1.4.1.4203.1.12.2.4.3.5.1 NAME 'olcValSortConfig' DESC 'Value Sorting configuration' SUP olcOverlayConfig STRUCTURAL MUST olcValSortAttr )", "( 2.5.6.2 NAME 'country' DESC 'RFC2256: a country' SUP top STRUCTURAL MUST c MAY ( searchGuide $ description ) )", "( 2.5.6.3 NAME 'locality' DESC 'RFC2256: a locality' SUP top STRUCTURAL MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )", "( 2.5.6.4 NAME 'organization' DESC 'RFC2256: an organization' SUP top STRUCTURAL MUST o MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )", "( 2.5.6.5 NAME 'organizationalUnit' DESC 'RFC2256: an organizational unit' SUP top STRUCTURAL MUST ou MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )", "( 2.5.6.6 NAME 'person' DESC 'RFC2256: a person' SUP top STRUCTURAL MUST ( sn $ cn ) MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )", "( 2.5.6.7 NAME 'organizationalPerson' DESC 'RFC2256: an organizational person' SUP person STRUCTURAL MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )", "( 2.5.6.8 NAME 'organizationalRole' DESC 'RFC2256: an organizational role' SUP top STRUCTURAL MUST cn MAY ( x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l $ description ) )", "( 2.5.6.9 NAME 'groupOfNames' DESC 'RFC2256: a group of names (DNs)' SUP top STRUCTURAL MUST ( member $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )", "( 2.5.6.10 NAME 'residentialPerson' DESC 'RFC2256: an residential person' SUP person STRUCTURAL MUST l MAY ( businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l ) )", "( 2.5.6.11 NAME 'applicationProcess' DESC 'RFC2256: an application process' SUP top STRUCTURAL MUST cn MAY ( seeAlso $ ou $ l $ description ) )", "( 2.5.6.12 NAME 'applicationEntity' DESC 'RFC2256: an application entity' SUP top STRUCTURAL MUST ( presentationAddress $ cn ) MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $ description ) )", "( 2.5.6.13 NAME 'dSA' DESC 'RFC2256: a directory system agent (a server)' SUP applicationEntity STRUCTURAL MAY knowledgeInformation )", "( 2.5.6.14 NAME 'device' DESC 'RFC2256: a device' SUP top STRUCTURAL MUST cn MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )", "( 2.5.6.15 NAME 'strongAuthenticationUser' DESC 'RFC2256: a strong authentication user' SUP top AUXILIARY MUST userCertificate )", "( 2.5.6.16 NAME 'certificationAuthority' DESC 'RFC2256: a certificate authority' SUP top AUXILIARY MUST ( authorityRevocationList $ certificateRevocationList $ cACertificate ) MAY crossCertificatePair )", "( 2.5.6.17 NAME 'groupOfUniqueNames' DESC 'RFC2256: a group of unique names (DN and Unique Identifier)' SUP top STRUCTURAL MUST ( uniqueMember $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )", "( 2.5.6.18 NAME 'userSecurityInformation' DESC 'RFC2256: a user security information' SUP top AUXILIARY MAY supportedAlgorithms )", "( 2.5.6.16.2 NAME 'certificationAuthority-V2' SUP certificationAuthority AUXILIARY MAY deltaRevocationList )", "( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top STRUCTURAL MUST cn MAY ( certificateRevocationList $ authorityRevocationList $ deltaRevocationList ) )", "( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST dmdName MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )", "( 2.5.6.21 NAME 'pkiUser' DESC 'RFC2587: a PKI user' SUP top AUXILIARY MAY userCertificate )", "( 2.5.6.22 NAME 'pkiCA' DESC 'RFC2587: PKI certificate authority' SUP top AUXILIARY MAY ( authorityRevocationList $ certificateRevocationList $ cACertificate $ crossCertificatePair ) )", "( 2.5.6.23 NAME 'deltaCRL' DESC 'RFC2587: PKI user' SUP top AUXILIARY MAY deltaRevocationList )", "( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' DESC 'RFC2079: object that contains the URI attribute type' SUP top AUXILIARY MAY labeledURI )", "( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' DESC 'RFC1274: simple security object' SUP top AUXILIARY MUST userPassword )", "( 1.3.6.1.4.1.1466.344 NAME 'dcObject' DESC 'RFC2247: domain component object' SUP top AUXILIARY MUST dc )", "( 1.3.6.1.1.3.1 NAME 'uidObject' DESC 'RFC2377: uid object' SUP top AUXILIARY MUST uid )", "( 0.9.2342.19200300.100.4.4 NAME ( 'pilotPerson' 'newPilotPerson' ) SUP person STRUCTURAL MAY ( userid $ textEncodedORAddress $ rfc822Mailbox $ favouriteDrink $ roomNumber $ userClass $ homeTelephoneNumber $ homePostalAddress $ secretary $ personalTitle $ preferredDeliveryMethod $ businessCategory $ janetMailbox $ otherMailbox $ mobileTelephoneNumber $ pagerTelephoneNumber $ organizationalStatus $ mailPreferenceOption $ personalSignature ) )", "( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top STRUCTURAL MUST userid MAY ( description $ seeAlso $ localityName $ organizationName $ organizationalUnitName $ host ) )", "( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top STRUCTURAL MUST documentIdentifier MAY ( commonName $ description $ seeAlso $ localityName $ organizationName $ organizationalUnitName $ documentTitle $ documentVersion $ documentAuthor $ documentLocation $ documentPublisher ) )", "( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTURAL MUST commonName MAY ( roomNumber $ description $ seeAlso $ telephoneNumber ) )", "( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP top STRUCTURAL MUST commonName MAY ( description $ seeAlso $ telephonenumber $ localityName $ organizationName $ organizationalUnitName ) )", "( 0.9.2342.19200300.100.4.13 NAME 'domain' SUP top STRUCTURAL MUST domainComponent MAY ( associatedName $ organizationName $ description $ businessCategory $ seeAlso $ searchGuide $ userPassword $ localityName $ stateOrProvinceName $ streetAddress $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOfficeBox $ streetAddress $ facsimileTelephoneNumber $ internationalISDNNumber $ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ preferredDeliveryMethod $ destinationIndicator $ registeredAddress $ x121Address ) )", "( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' SUP domain STRUCTURAL MAY ( commonName $ surname $ description $ seeAlso $ telephoneNumber $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOfficeBox $ streetAddress $ facsimileTelephoneNumber $ internationalISDNNumber $ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ preferredDeliveryMethod $ destinationIndicator $ registeredAddress $ x121Address ) )", "( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' SUP domain STRUCTURAL MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAMERecord ) )", "( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' DESC 'RFC1274: an object related to an domain' SUP top AUXILIARY MUST associatedDomain )", "( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP country STRUCTURAL MUST friendlyCountryName )", "( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization' SUP ( organization $ organizationalUnit ) STRUCTURAL MAY buildingName )", "( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' SUP dsa STRUCTURAL MAY dSAQuality )", "( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData' SUP top AUXILIARY MUST dsaQuality MAY ( subtreeMinimumQuality $ subtreeMaximumQuality ) )", "( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RFC2798: Internet Organizational Person' SUP organizationalPerson STRUCTURAL MAY ( audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ employeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ initials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ preferredLanguage $ userSMIMECertificate $ userPKCS12 ) )", "( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Abstraction of an account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $ description ) )", "( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC 'Additional attributes for shadow passwords' SUP top AUXILIARY MUST uid MAY ( userPassword $ description $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag ) )", "( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Abstraction of a group of accounts' SUP top AUXILIARY MUST gidNumber MAY ( userPassword $ memberUid $ description ) )", "( 1.3.6.1.1.1.2.3 NAME 'ipService' DESC 'Abstraction an Internet Protocol service. Maps an IP port and protocol (such as tcp or udp) to one or more names; the distinguished value of the cn attribute denotes the services canonical name' SUP top STRUCTURAL MUST ( cn $ ipServicePort $ ipServiceProtocol ) MAY description )", "( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC 'Abstraction of an IP protocol. Maps a protocol number to one or more names. The distinguished value of the cn attribute denotes the protocols canonical name' SUP top STRUCTURAL MUST ( cn $ ipProtocolNumber ) MAY description )", "( 1.3.6.1.1.1.2.5 NAME 'oncRpc' DESC 'Abstraction of an Open Network Computing (ONC) [RFC1057] Remote Procedure Call (RPC) binding. This class maps an ONC RPC number to a name. The distinguished value of the cn attribute denotes the RPC services canonical name' SUP top STRUCTURAL MUST ( cn $ oncRpcNumber ) MAY description )", "( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Abstraction of a host, an IP device. The distinguished value of the cn attribute denotes the hosts canonical name. Device SHOULD be used as a structural class' SUP top AUXILIARY MUST ( cn $ ipHostNumber ) MAY ( userPassword $ l $ description $ manager ) )", "( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Abstraction of a network. The distinguished value of the cn attribute denotes the networks canonical name' SUP top STRUCTURAL MUST ipNetworkNumber MAY ( cn $ ipNetmaskNumber $ l $ description $ manager ) )", "( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC 'Abstraction of a netgroup. May refer to other netgroups' SUP top STRUCTURAL MUST cn MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) )", "( 1.3.6.1.1.1.2.9 NAME 'nisMap' DESC 'A generic abstraction of a NIS map' SUP top STRUCTURAL MUST nisMapName MAY description )", "( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'An entry in a NIS map' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $ nisMapName ) MAY description )", "( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'A device with a MAC address; device SHOULD be used as a structural class' SUP top AUXILIARY MAY macAddress )", "( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'A device with boot parameters; device SHOULD be used as a structural class' SUP top AUXILIARY MAY ( bootFile $ bootParameter ) )", "( 1.3.6.1.1.1.2.14 NAME 'nisKeyObject' DESC 'An object with a public and secret key' SUP top AUXILIARY MUST ( cn $ nisPublicKey $ nisSecretKey ) MAY ( uidNumber $ description ) )", "( 1.3.6.1.1.1.2.15 NAME 'nisDomainObject' DESC 'Associates a NIS domain with a naming context' SUP top AUXILIARY MUST nisDomain )", "( 1.3.6.1.1.1.2.16 NAME 'automountMap' SUP top STRUCTURAL MUST automountMapName MAY description )", "( 1.3.6.1.1.1.2.17 NAME 'automount' DESC 'Automount information' SUP top STRUCTURAL MUST ( automountKey $ automountInformation ) MAY description )", "( 1.3.6.1.4.1.5322.13.1.1 NAME 'namedObject' SUP top STRUCTURAL MAY cn )", "( 1.3.6.1.4.1.7057.10.1.2.1.2 NAME 'suseModuleConfiguration' DESC 'Contains configuration of Management Modules' SUP top STRUCTURAL MUST cn MAY suseDefaultBase )", "( 1.3.6.1.4.1.7057.10.1.2.1.3 NAME 'suseUserConfiguration' DESC 'Configuration of user management tools' SUP suseModuleConfiguration STRUCTURAL MAY ( suseMinPasswordLength $ suseMaxPasswordLength $ susePasswordHash $ suseSkelDir $ suseNextUniqueId $ suseMinUniqueId $ suseMaxUniqueId $ suseDefaultTemplate $ suseSearchFilter $ suseMapAttribute ) )", "( 1.3.6.1.4.1.7057.10.1.2.1.4 NAME 'suseObjectTemplate' DESC 'Base Class for Object-Templates' SUP top STRUCTURAL MUST cn MAY ( susePlugin $ suseDefaultValue $ suseNamingAttribute ) )", "( 1.3.6.1.4.1.7057.10.1.2.1.5 NAME 'suseUserTemplate' DESC 'User object template' SUP suseObjectTemplate STRUCTURAL MUST cn MAY suseSecondaryGroup )", "( 1.3.6.1.4.1.7057.10.1.2.1.6 NAME 'suseGroupTemplate' DESC 'Group object template' SUP suseObjectTemplate STRUCTURAL MUST cn )", "( 1.3.6.1.4.1.7057.10.1.2.1.7 NAME 'suseGroupConfiguration' DESC 'Configuration of user management tools' SUP suseModuleConfiguration STRUCTURAL MAY ( suseNextUniqueId $ suseMinUniqueId $ suseMaxUniqueId $ suseDefaultTemplate $ suseSearchFilter $ suseMapAttribute ) )", "( 1.3.6.1.4.1.7057.10.1.2.1.8 NAME 'suseCaConfiguration' DESC 'Configuration of CA management tools' SUP suseModuleConfiguration STRUCTURAL )", "( 1.3.6.1.4.1.7057.10.1.2.1.9 NAME 'suseDnsConfiguration' DESC 'Configuration of mail server management tools' SUP suseModuleConfiguration STRUCTURAL )", "( 1.3.6.1.4.1.7057.10.1.2.1.10 NAME 'suseDhcpConfiguration' DESC 'Configuration of DHCP server management tools' SUP suseModuleConfiguration STRUCTURAL )", "( 1.3.6.1.4.1.7057.10.1.2.1.11 NAME 'suseMailConfiguration' DESC 'Configuration of IMAP user management tools' SUP suseModuleConfiguration STRUCTURAL MUST ( suseImapServer $ suseImapAdmin $ suseImapDefaultQuota $ suseImapUseSsl ) )" ], "structuralObjectClass": [ "subentry" ], "subschemaSubentry": [ "cn=Subschema" ] }, "schema_entry": "cn=Subschema", "type": "SchemaInfo" } """ slapd_2_4_dsa_info = """ { "raw": { "configContext": [ "cn=config" ], "entryDN": [ "" ], "namingContexts": [ "o=services", "o=test" ], "objectClass": [ "top", "OpenLDAProotDSE" ], "structuralObjectClass": [ "OpenLDAProotDSE" ], "subschemaSubentry": [ "cn=Subschema" ], "supportedControl": [ "1.3.6.1.4.1.4203.1.9.1.1", "2.16.840.1.113730.3.4.18", "2.16.840.1.113730.3.4.2", "1.3.6.1.4.1.4203.1.10.1", "1.2.840.113556.1.4.319", "1.2.826.0.1.3344810.2.3", "1.3.6.1.1.13.2", "1.3.6.1.1.13.1", "1.3.6.1.1.12" ], "supportedExtension": [ "1.3.6.1.4.1.1466.20037", "1.3.6.1.4.1.4203.1.11.1", "1.3.6.1.4.1.4203.1.11.3", "1.3.6.1.1.8" ], "supportedFeatures": [ "1.3.6.1.1.14", "1.3.6.1.4.1.4203.1.5.1", "1.3.6.1.4.1.4203.1.5.2", "1.3.6.1.4.1.4203.1.5.3", "1.3.6.1.4.1.4203.1.5.4", "1.3.6.1.4.1.4203.1.5.5" ], "supportedLDAPVersion": [ "3" ], "supportedSASLMechanisms": [ "GSSAPI", "DIGEST-MD5" ] }, "type": "DsaInfo" } """ ldap3-2.4.1/ldap3/protocol/schemas/__init__.py0000666000000000000000000000000012767320327017252 0ustar 00000000000000ldap3-2.4.1/ldap3/protocol/__init__.py0000666000000000000000000000000012767320327015627 0ustar 00000000000000ldap3-2.4.1/ldap3/strategy/0000777000000000000000000000000013231031760013514 5ustar 00000000000000ldap3-2.4.1/ldap3/strategy/asynchronous.py0000666000000000000000000002473313230633467016645 0ustar 00000000000000""" """ # Created on 2013.07.15 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from threading import Thread, Lock import socket from .. import get_config_parameter from ..core.exceptions import LDAPSSLConfigurationError, LDAPStartTLSError, LDAPOperationResult from ..strategy.base import BaseStrategy, RESPONSE_COMPLETE from ..protocol.rfc4511 import LDAPMessage from ..utils.log import log, log_enabled, format_ldap_message, ERROR, NETWORK, EXTENDED from ..utils.asn1 import decoder, decode_message_fast # noinspection PyProtectedMember class AsyncStrategy(BaseStrategy): """ This strategy is asynchronous. You send the request and get the messageId of the request sent Receiving data from socket is managed in a separated thread in a blocking mode Requests return an int value to indicate the messageId of the requested Operation You get the response with get_response, it has a timeout to wait for response to appear Connection.response will contain the whole LDAP response for the messageId requested in a dict form Connection.request will contain the result LDAP message in a dict form Response appear in strategy._responses dictionary """ # noinspection PyProtectedMember class ReceiverSocketThread(Thread): """ The thread that actually manage the receiver socket """ def __init__(self, ldap_connection): Thread.__init__(self) self.connection = ldap_connection self.socket_size = get_config_parameter('SOCKET_SIZE') def run(self): """ Wait for data on socket, compute the length of the message and wait for enough bytes to decode the message Message are appended to strategy._responses """ unprocessed = b'' get_more_data = True listen = True data = b'' while listen: if get_more_data: try: data = self.connection.socket.recv(self.socket_size) except (OSError, socket.error, AttributeError): if self.connection.receive_timeout: # a receive timeout has been detected - keep kistening on the socket continue except Exception as e: if log_enabled(ERROR): log(ERROR, '<%s> for <%s>', str(e), self.connection) raise # unexpected exception - re-raise if len(data) > 0: unprocessed += data data = b'' else: listen = False length = BaseStrategy.compute_ldap_message_size(unprocessed) if length == -1 or len(unprocessed) < length: get_more_data = True elif len(unprocessed) >= length: # add message to message list if self.connection.usage: self.connection._usage.update_received_message(length) if log_enabled(NETWORK): log(NETWORK, 'received %d bytes via <%s>', length, self.connection) if self.connection.fast_decoder: ldap_resp = decode_message_fast(unprocessed[:length]) dict_response = self.connection.strategy.decode_response_fast(ldap_resp) else: ldap_resp = decoder.decode(unprocessed[:length], asn1Spec=LDAPMessage())[0] dict_response = self.connection.strategy.decode_response(ldap_resp) message_id = int(ldap_resp['messageID']) if log_enabled(NETWORK): log(NETWORK, 'received 1 ldap message via <%s>', self.connection) if log_enabled(EXTENDED): log(EXTENDED, 'ldap message received via <%s>:%s', self.connection, format_ldap_message(ldap_resp, '<<')) if dict_response['type'] == 'extendedResp' and (dict_response['responseName'] == '1.3.6.1.4.1.1466.20037' or hasattr(self.connection, '_awaiting_for_async_start_tls')): if dict_response['result'] == 0: # StartTls in progress if self.connection.server.tls: self.connection.server.tls._start_tls(self.connection) else: self.connection.last_error = 'no Tls object defined in Server' if log_enabled(ERROR): log(ERROR, '<%s> for <%s>', self.connection.last_error, self.connection) raise LDAPSSLConfigurationError(self.connection.last_error) else: self.connection.last_error = 'asynchronous StartTls failed' if log_enabled(ERROR): log(ERROR, '<%s> for <%s>', self.connection.last_error, self.connection) raise LDAPStartTLSError(self.connection.last_error) del self.connection._awaiting_for_async_start_tls if message_id != 0: # 0 is reserved for 'Unsolicited Notification' from server as per RFC4511 (paragraph 4.4) with self.connection.strategy.async_lock: if message_id in self.connection.strategy._responses: self.connection.strategy._responses[message_id].append(dict_response) else: self.connection.strategy._responses[message_id] = [dict_response] if dict_response['type'] not in ['searchResEntry', 'searchResRef', 'intermediateResponse']: self.connection.strategy._responses[message_id].append(RESPONSE_COMPLETE) if self.connection.strategy.can_stream: # for AsyncStreamStrategy, used for PersistentSearch self.connection.strategy.accumulate_stream(message_id, dict_response) unprocessed = unprocessed[length:] get_more_data = False if unprocessed else True listen = True if self.connection.listening or unprocessed else False else: # Unsolicited Notification if dict_response['responseName'] == '1.3.6.1.4.1.1466.20036': # Notice of Disconnection as per RFC4511 (paragraph 4.4.1) listen = False else: self.connection.last_error = 'unknown unsolicited notification from server' if log_enabled(ERROR): log(ERROR, '<%s> for <%s>', self.connection.last_error, self.connection) raise LDAPStartTLSError(self.connection.last_error) self.connection.strategy.close() def __init__(self, ldap_connection): BaseStrategy.__init__(self, ldap_connection) self.sync = False self.no_real_dsa = False self.pooled = False self._responses = None self._requests = None self.can_stream = False self.receiver = None self.async_lock = Lock() def open(self, reset_usage=True, read_server_info=True): """ Open connection and start listen on the socket in a different thread """ with self.connection.connection_lock: self._responses = dict() self._requests = dict() BaseStrategy.open(self, reset_usage, read_server_info) if read_server_info: try: self.connection.refresh_server_info() except LDAPOperationResult: # catch errors from server if raise_exception = True self.connection.server._dsa_info = None self.connection.server._schema_info = None def close(self): """ Close connection and stop socket thread """ with self.connection.connection_lock: BaseStrategy.close(self) def post_send_search(self, message_id): """ Clears connection.response and returns messageId """ self.connection.response = None self.connection.request = None self.connection.result = None return message_id def post_send_single_response(self, message_id): """ Clears connection.response and returns messageId. """ self.connection.response = None self.connection.request = None self.connection.result = None return message_id def _start_listen(self): """ Start thread in daemon mode """ if not self.connection.listening: self.receiver = AsyncStrategy.ReceiverSocketThread(self.connection) self.connection.listening = True self.receiver.daemon = True self.receiver.start() def _get_response(self, message_id): """ Performs the capture of LDAP response for this strategy Checks lock to avoid race condition with receiver thread """ with self.async_lock: responses = self._responses.pop(message_id) if message_id in self._responses and self._responses[message_id][-1] == RESPONSE_COMPLETE else None return responses def receiving(self): raise NotImplementedError def get_stream(self): raise NotImplementedError def set_stream(self, value): raise NotImplementedError ldap3-2.4.1/ldap3/strategy/asyncStream.py0000666000000000000000000001055413230604045016365 0ustar 00000000000000""" """ # Created on 2016.07.10 # # Author: Giovanni Cannata # # Copyright 2016 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . try: from queue import Queue except ImportError: # Python 2 # noinspection PyUnresolvedReferences from Queue import Queue from io import StringIO from os import linesep from ..protocol.rfc2849 import decode_persistent_search_control from ..strategy.asynchronous import AsyncStrategy from ..core.exceptions import LDAPLDIFError from ..utils.conv import prepare_for_stream from ..protocol.rfc2849 import persistent_search_response_to_ldif, add_ldif_header # noinspection PyProtectedMember class AsyncStreamStrategy(AsyncStrategy): """ This strategy is asynchronous. It streams responses in a generator as they appear in the self._responses container """ def __init__(self, ldap_connection): AsyncStrategy.__init__(self, ldap_connection) self.can_stream = True self.line_separator = linesep self.all_base64 = False self.stream = None self.order = dict() self._header_added = False self.persistent_search_message_id = None self.streaming = False self.callback = None self.events = Queue() del self._requests # remove _requests dict from Async Strategy def _start_listen(self): AsyncStrategy._start_listen(self) if self.streaming: if not self.stream or (isinstance(self.stream, StringIO) and self.stream.closed): self.set_stream(StringIO()) def _stop_listen(self): AsyncStrategy._stop_listen(self) if self.streaming: self.stream.close() def accumulate_stream(self, message_id, change): if message_id == self.persistent_search_message_id: with self.async_lock: self._responses[message_id] = [] if self.streaming: if not self._header_added and self.stream.tell() == 0: header = add_ldif_header(['-'])[0] self.stream.write(prepare_for_stream(header + self.line_separator + self.line_separator)) ldif_lines = persistent_search_response_to_ldif(change) if self.stream and ldif_lines and not self.connection.closed: fragment = self.line_separator.join(ldif_lines) if not self._header_added and self.stream.tell() == 0: self._header_added = True header = add_ldif_header(['-'])[0] self.stream.write(prepare_for_stream(header + self.line_separator + self.line_separator)) self.stream.write(prepare_for_stream(fragment + self.line_separator + self.line_separator)) else: # strategy is not streaming, events are added to a queue notification = decode_persistent_search_control(change) if notification: change.update(notification) del change['controls']['2.16.840.1.113730.3.4.7'] if not self.callback: self.events.put(change) else: self.callback(change) def get_stream(self): if self.streaming: return self.stream return None def set_stream(self, value): error = False try: if not value.writable(): error = True except (ValueError, AttributeError): error = True if error: raise LDAPLDIFError('stream must be writable') self.stream = value self.streaming = True ldap3-2.4.1/ldap3/strategy/base.py0000666000000000000000000013535613226436321015023 0ustar 00000000000000""" """ # Created on 2013.07.15 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more dectails. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import socket from struct import pack from platform import system from sys import exc_info from time import sleep from random import choice from datetime import datetime from .. import SYNC, ANONYMOUS, get_config_parameter, BASE, ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTES, NO_ATTRIBUTES from ..core.results import DO_NOT_RAISE_EXCEPTIONS, RESULT_REFERRAL from ..core.exceptions import LDAPOperationResult, LDAPSASLBindInProgressError, LDAPSocketOpenError, LDAPSessionTerminatedByServerError,\ LDAPUnknownResponseError, LDAPUnknownRequestError, LDAPReferralError, communication_exception_factory, \ LDAPSocketSendError, LDAPExceptionError, LDAPControlError, LDAPResponseTimeoutError, LDAPTransactionError from ..utils.uri import parse_uri from ..protocol.rfc4511 import LDAPMessage, ProtocolOp, MessageID, SearchResultEntry from ..operation.add import add_response_to_dict, add_request_to_dict from ..operation.modify import modify_request_to_dict, modify_response_to_dict from ..operation.search import search_result_reference_response_to_dict, search_result_done_response_to_dict,\ search_result_entry_response_to_dict, search_request_to_dict, search_result_entry_response_to_dict_fast,\ search_result_reference_response_to_dict_fast, attributes_to_dict, attributes_to_dict_fast from ..operation.bind import bind_response_to_dict, bind_request_to_dict, sicily_bind_response_to_dict, bind_response_to_dict_fast, \ sicily_bind_response_to_dict_fast from ..operation.compare import compare_response_to_dict, compare_request_to_dict from ..operation.extended import extended_request_to_dict, extended_response_to_dict, intermediate_response_to_dict, extended_response_to_dict_fast, intermediate_response_to_dict_fast from ..core.server import Server from ..operation.modifyDn import modify_dn_request_to_dict, modify_dn_response_to_dict from ..operation.delete import delete_response_to_dict, delete_request_to_dict from ..protocol.convert import prepare_changes_for_request, build_controls_list from ..operation.abandon import abandon_request_to_dict from ..core.tls import Tls from ..protocol.oid import Oids from ..protocol.rfc2696 import RealSearchControlValue from ..protocol.microsoft import DirSyncControlResponseValue from ..utils.log import log, log_enabled, ERROR, BASIC, PROTOCOL, NETWORK, EXTENDED, format_ldap_message from ..utils.asn1 import encode, decoder, ldap_result_to_dict_fast, decode_sequence from ..utils.conv import to_unicode SESSION_TERMINATED_BY_SERVER = 'TERMINATED_BY_SERVER' TRANSACTION_ERROR = 'TRANSACTION_ERROR' RESPONSE_COMPLETE = 'RESPONSE_FROM_SERVER_COMPLETE' # noinspection PyProtectedMember class BaseStrategy(object): """ Base class for connection strategy """ def __init__(self, ldap_connection): self.connection = ldap_connection self._outstanding = None self._referrals = [] self.sync = None # indicates a synchronous connection self.no_real_dsa = None # indicates a connection to a fake LDAP server self.pooled = None # Indicates a connection with a connection pool self.can_stream = None # indicates if a strategy keeps a stream of responses (i.e. LdifProducer can accumulate responses with a single header). Stream must be initialized and closed in _start_listen() and _stop_listen() self.referral_cache = {} if log_enabled(BASIC): log(BASIC, 'instantiated <%s>: <%s>', self.__class__.__name__, self) def __str__(self): s = [ str(self.connection) if self.connection else 'None', 'sync' if self.sync else 'async', 'no real DSA' if self.no_real_dsa else 'real DSA', 'pooled' if self.pooled else 'not pooled', 'can stream output' if self.can_stream else 'cannot stream output', ] return ' - '.join(s) def open(self, reset_usage=True, read_server_info=True): """ Open a socket to a server. Choose a server from the server pool if available """ if log_enabled(NETWORK): log(NETWORK, 'opening connection for <%s>', self.connection) if self.connection.lazy and not self.connection._executing_deferred: self.connection._deferred_open = True self.connection.closed = False if log_enabled(NETWORK): log(NETWORK, 'deferring open connection for <%s>', self.connection) else: if not self.connection.closed and not self.connection._executing_deferred: # try to close connection if still open self.close() self._outstanding = dict() if self.connection.usage: if reset_usage or not self.connection._usage.initial_connection_start_time: self.connection._usage.start() if self.connection.server_pool: new_server = self.connection.server_pool.get_server(self.connection) # get a server from the server_pool if available if self.connection.server != new_server: self.connection.server = new_server if self.connection.usage: self.connection._usage.servers_from_pool += 1 exception_history = [] if not self.no_real_dsa: # tries to connect to a real server for candidate_address in self.connection.server.candidate_addresses(): try: if log_enabled(BASIC): log(BASIC, 'try to open candidate address %s', candidate_address[:-2]) self._open_socket(candidate_address, self.connection.server.ssl, unix_socket=self.connection.server.ipc) self.connection.server.current_address = candidate_address self.connection.server.update_availability(candidate_address, True) break except Exception: self.connection.server.update_availability(candidate_address, False) exception_history.append((datetime.now(), exc_info()[0], exc_info()[1], candidate_address[4])) if not self.connection.server.current_address and exception_history: if len(exception_history) == 1: # only one exception, reraise if log_enabled(ERROR): log(ERROR, '<%s> for <%s>', exception_history[0][1](exception_history[0][2]), self.connection) raise exception_history[0][1](exception_history[0][2]) else: if log_enabled(ERROR): log(ERROR, 'unable to open socket for <%s>', self.connection) raise LDAPSocketOpenError('unable to open socket', exception_history) elif not self.connection.server.current_address: if log_enabled(ERROR): log(ERROR, 'invalid server address for <%s>', self.connection) raise LDAPSocketOpenError('invalid server address') self.connection._deferred_open = False self._start_listen() self.connection.do_auto_bind() if log_enabled(NETWORK): log(NETWORK, 'connection open for <%s>', self.connection) def close(self): """ Close connection """ if log_enabled(NETWORK): log(NETWORK, 'closing connection for <%s>', self.connection) if self.connection.lazy and not self.connection._executing_deferred and (self.connection._deferred_bind or self.connection._deferred_open): self.connection.listening = False self.connection.closed = True if log_enabled(NETWORK): log(NETWORK, 'deferred connection closed for <%s>', self.connection) else: if not self.connection.closed: self._stop_listen() if not self. no_real_dsa: self._close_socket() if log_enabled(NETWORK): log(NETWORK, 'connection closed for <%s>', self.connection) self.connection.bound = False self.connection.request = None self.connection.response = None self.connection.tls_started = False self._outstanding = None self._referrals = [] if not self.connection.strategy.no_real_dsa: self.connection.server.current_address = None if self.connection.usage: self.connection._usage.stop() def _open_socket(self, address, use_ssl=False, unix_socket=False): """ Tries to open and connect a socket to a Server raise LDAPExceptionError if unable to open or connect socket """ exc = None try: self.connection.socket = socket.socket(*address[:3]) except Exception as e: self.connection.last_error = 'socket creation error: ' + str(e) exc = e if exc: if log_enabled(ERROR): log(ERROR, '<%s> for <%s>', self.connection.last_error, self.connection) raise communication_exception_factory(LDAPSocketOpenError, exc)(self.connection.last_error) try: # set socket timeout for opening connection if self.connection.server.connect_timeout: self.connection.socket.settimeout(self.connection.server.connect_timeout) self.connection.socket.connect(address[4]) except socket.error as e: self.connection.last_error = 'socket connection error while opening: ' + str(e) exc = e if exc: if log_enabled(ERROR): log(ERROR, '<%s> for <%s>', self.connection.last_error, self.connection) raise communication_exception_factory(LDAPSocketOpenError, exc)(self.connection.last_error) # Set connection recv timeout (must be set after connect, # because socket.settimeout() affects both, connect() as # well as recv(). Set it before tls.wrap_socket() because # the recv timeout should take effect during the TLS # handshake. if self.connection.receive_timeout is not None: try: # set receive timeout for the connection socket self.connection.socket.settimeout(self.connection.receive_timeout) if system().lower() == 'windows': self.connection.socket.setsockopt(socket.SOL_SOCKET, socket.SO_RCVTIMEO, int(1000 * self.connection.receive_timeout)) else: self.connection.socket.setsockopt(socket.SOL_SOCKET, socket.SO_RCVTIMEO, pack('LL', self.connection.receive_timeout, 0)) except socket.error as e: self.connection.last_error = 'unable to set receive timeout for socket connection: ' + str(e) exc = e if exc: if log_enabled(ERROR): log(ERROR, '<%s> for <%s>', self.connection.last_error, self.connection) raise communication_exception_factory(LDAPSocketOpenError, exc)(self.connection.last_error) if use_ssl: try: self.connection.server.tls.wrap_socket(self.connection, do_handshake=True) if self.connection.usage: self.connection._usage.wrapped_sockets += 1 except Exception as e: self.connection.last_error = 'socket ssl wrapping error: ' + str(e) exc = e if exc: if log_enabled(ERROR): log(ERROR, '<%s> for <%s>', self.connection.last_error, self.connection) raise communication_exception_factory(LDAPSocketOpenError, exc)(self.connection.last_error) if self.connection.usage: self.connection._usage.open_sockets += 1 self.connection.closed = False def _close_socket(self): """ Try to close a socket don't raise exception if unable to close socket, assume socket is already closed """ try: self.connection.socket.shutdown(socket.SHUT_RDWR) except Exception: pass try: self.connection.socket.close() except Exception: pass self.connection.socket = None self.connection.closed = True if self.connection.usage: self.connection._usage.closed_sockets += 1 def _stop_listen(self): self.connection.listening = False def send(self, message_type, request, controls=None): """ Send an LDAP message Returns the message_id """ self.connection.request = None if self.connection.listening: if self.connection.sasl_in_progress and message_type not in ['bindRequest']: # as per RFC4511 (4.2.1) self.connection.last_error = 'cannot send operation requests while SASL bind is in progress' if log_enabled(ERROR): log(ERROR, '<%s> for <%s>', self.connection.last_error, self.connection) raise LDAPSASLBindInProgressError(self.connection.last_error) message_id = self.connection.server.next_message_id() ldap_message = LDAPMessage() ldap_message['messageID'] = MessageID(message_id) ldap_message['protocolOp'] = ProtocolOp().setComponentByName(message_type, request) message_controls = build_controls_list(controls) if message_controls is not None: ldap_message['controls'] = message_controls self.connection.request = BaseStrategy.decode_request(message_type, request, controls) self._outstanding[message_id] = self.connection.request self.sending(ldap_message) else: self.connection.last_error = 'unable to send message, socket is not open' if log_enabled(ERROR): log(ERROR, '<%s> for <%s>', self.connection.last_error, self.connection) raise LDAPSocketOpenError(self.connection.last_error) return message_id def get_response(self, message_id, timeout=None, get_request=False): """ Get response LDAP messages Responses are returned by the underlying connection strategy Check if message_id LDAP message is still outstanding and wait for timeout to see if it appears in _get_response Result is stored in connection.result Responses without result is stored in connection.response A tuple (responses, result) is returned """ conf_sleep_interval = get_config_parameter('RESPONSE_SLEEPTIME') if timeout is None: timeout = get_config_parameter('RESPONSE_WAITING_TIMEOUT') response = None result = None request = None if self._outstanding and message_id in self._outstanding: while timeout >= 0: # waiting for completed message to appear in responses responses = self._get_response(message_id) if not responses: sleep(conf_sleep_interval) timeout -= conf_sleep_interval continue if responses == SESSION_TERMINATED_BY_SERVER: try: # try to close the session but don't raise any error if server has already closed the session self.close() except (socket.error, LDAPExceptionError): pass self.connection.last_error = 'session terminated by server' if log_enabled(ERROR): log(ERROR, '<%s> for <%s>', self.connection.last_error, self.connection) raise LDAPSessionTerminatedByServerError(self.connection.last_error) elif responses == TRANSACTION_ERROR: # Novell LDAP Transaction unsolicited notification self.connection.last_error = 'transaction error' if log_enabled(ERROR): log(ERROR, '<%s> for <%s>', self.connection.last_error, self.connection) raise LDAPTransactionError(self.connection.last_error) # if referral in response opens a new connection to resolve referrals if requested if responses[-2]['result'] == RESULT_REFERRAL: if self.connection.usage: self.connection._usage.referrals_received += 1 if self.connection.auto_referrals: ref_response, ref_result = self.do_operation_on_referral(self._outstanding[message_id], responses[-2]['referrals']) if ref_response is not None: responses = ref_response + [ref_result] responses.append(RESPONSE_COMPLETE) elif ref_result is not None: responses = [ref_result, RESPONSE_COMPLETE] self._referrals = [] if responses: result = responses[-2] response = responses[:-2] self.connection.result = None self.connection.response = None break if timeout <= 0: if log_enabled(ERROR): log(ERROR, 'socket timeout, no response from server for <%s>', self.connection) raise LDAPResponseTimeoutError('no response from server') if self.connection.raise_exceptions and result and result['result'] not in DO_NOT_RAISE_EXCEPTIONS: if log_enabled(PROTOCOL): log(PROTOCOL, 'operation result <%s> for <%s>', result, self.connection) self._outstanding.pop(message_id) raise LDAPOperationResult(result=result['result'], description=result['description'], dn=result['dn'], message=result['message'], response_type=result['type']) # checks if any response has a range tag # self._auto_range_searching is set as a flag to avoid recursive searches if self.connection.auto_range and not hasattr(self, '_auto_range_searching') and any((True for resp in response if 'raw_attributes' in resp for name in resp['raw_attributes'] if ';range=' in name)): self._auto_range_searching = result.copy() temp_response = response[:] # copy self.do_search_on_auto_range(self._outstanding[message_id], response) for resp in temp_response: if resp['type'] == 'searchResEntry': keys = [key for key in resp['raw_attributes'] if ';range=' in key] for key in keys: del resp['raw_attributes'][key] del resp['attributes'][key] response = temp_response result = self._auto_range_searching del self._auto_range_searching if self.connection.empty_attributes: for entry in response: if entry['type'] == 'searchResEntry': for attribute_type in self._outstanding[message_id]['attributes']: if attribute_type not in entry['raw_attributes'] and attribute_type not in (ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTES, NO_ATTRIBUTES): entry['raw_attributes'][attribute_type] = list() entry['attributes'][attribute_type] = list() if log_enabled(PROTOCOL): log(PROTOCOL, 'attribute set to empty list for missing attribute <%s> in <%s>', attribute_type, self) if not self.connection.auto_range: attrs_to_remove = [] # removes original empty attribute in case a range tag is returned for attribute_type in entry['attributes']: if ';range' in attribute_type.lower(): orig_attr, _, _ = attribute_type.partition(';') attrs_to_remove.append(orig_attr) for attribute_type in attrs_to_remove: if log_enabled(PROTOCOL): log(PROTOCOL, 'attribute type <%s> removed in response because of same attribute returned as range by the server in <%s>', attribute_type, self) del entry['raw_attributes'][attribute_type] del entry['attributes'][attribute_type] request = self._outstanding.pop(message_id) else: if log_enabled(ERROR): log(ERROR, 'message id not in outstanding queue for <%s>', self.connection) raise(LDAPResponseTimeoutError('message id not in outstanding queue')) if get_request: return response, result, request else: return response, result @staticmethod def compute_ldap_message_size(data): """ Compute LDAP Message size according to BER definite length rules Returns -1 if too few data to compute message length """ if isinstance(data, str): # fix for Python 2, data is string not bytes data = bytearray(data) # Python 2 bytearray is equivalent to Python 3 bytes ret_value = -1 if len(data) > 2: if data[1] <= 127: # BER definite length - short form. Highest bit of byte 1 is 0, message length is in the last 7 bits - Value can be up to 127 bytes long ret_value = data[1] + 2 else: # BER definite length - long form. Highest bit of byte 1 is 1, last 7 bits counts the number of following octets containing the value length bytes_length = data[1] - 128 if len(data) >= bytes_length + 2: value_length = 0 cont = bytes_length for byte in data[2:2 + bytes_length]: cont -= 1 value_length += byte * (256 ** cont) ret_value = value_length + 2 + bytes_length return ret_value def decode_response(self, ldap_message): """ Convert received LDAPMessage to a dict """ message_type = ldap_message.getComponentByName('protocolOp').getName() component = ldap_message['protocolOp'].getComponent() controls = ldap_message['controls'] if message_type == 'bindResponse': if not bytes(component['matchedDN']).startswith(b'NTLM'): # patch for microsoft ntlm authentication result = bind_response_to_dict(component) else: result = sicily_bind_response_to_dict(component) elif message_type == 'searchResEntry': result = search_result_entry_response_to_dict(component, self.connection.server.schema, self.connection.server.custom_formatter, self.connection.check_names) elif message_type == 'searchResDone': result = search_result_done_response_to_dict(component) elif message_type == 'searchResRef': result = search_result_reference_response_to_dict(component) elif message_type == 'modifyResponse': result = modify_response_to_dict(component) elif message_type == 'addResponse': result = add_response_to_dict(component) elif message_type == 'delResponse': result = delete_response_to_dict(component) elif message_type == 'modDNResponse': result = modify_dn_response_to_dict(component) elif message_type == 'compareResponse': result = compare_response_to_dict(component) elif message_type == 'extendedResp': result = extended_response_to_dict(component) elif message_type == 'intermediateResponse': result = intermediate_response_to_dict(component) else: if log_enabled(ERROR): log(ERROR, 'unknown response <%s> for <%s>', message_type, self.connection) raise LDAPUnknownResponseError('unknown response') result['type'] = message_type if controls: result['controls'] = dict() for control in controls: decoded_control = self.decode_control(control) result['controls'][decoded_control[0]] = decoded_control[1] return result def decode_response_fast(self, ldap_message): """ Convert received LDAPMessage from fast ber decoder to a dict """ if ldap_message['protocolOp'] == 1: # bindResponse if not ldap_message['payload'][1][3].startswith(b'NTLM'): # patch for microsoft ntlm authentication result = bind_response_to_dict_fast(ldap_message['payload']) else: result = sicily_bind_response_to_dict_fast(ldap_message['payload']) result['type'] = 'bindResponse' elif ldap_message['protocolOp'] == 4: # searchResEntry' result = search_result_entry_response_to_dict_fast(ldap_message['payload'], self.connection.server.schema, self.connection.server.custom_formatter, self.connection.check_names) result['type'] = 'searchResEntry' elif ldap_message['protocolOp'] == 5: # searchResDone result = ldap_result_to_dict_fast(ldap_message['payload']) result['type'] = 'searchResDone' elif ldap_message['protocolOp'] == 19: # searchResRef result = search_result_reference_response_to_dict_fast(ldap_message['payload']) result['type'] = 'searchResRef' elif ldap_message['protocolOp'] == 7: # modifyResponse result = ldap_result_to_dict_fast(ldap_message['payload']) result['type'] = 'modifyResponse' elif ldap_message['protocolOp'] == 9: # addResponse result = ldap_result_to_dict_fast(ldap_message['payload']) result['type'] = 'addResponse' elif ldap_message['protocolOp'] == 11: # delResponse result = ldap_result_to_dict_fast(ldap_message['payload']) result['type'] = 'delResponse' elif ldap_message['protocolOp'] == 13: # modDNResponse result = ldap_result_to_dict_fast(ldap_message['payload']) result['type'] = 'modDNResponse' elif ldap_message['protocolOp'] == 15: # compareResponse result = ldap_result_to_dict_fast(ldap_message['payload']) result['type'] = 'compareResponse' elif ldap_message['protocolOp'] == 24: # extendedResp result = extended_response_to_dict_fast(ldap_message['payload']) result['type'] = 'extendedResp' elif ldap_message['protocolOp'] == 25: # intermediateResponse result = intermediate_response_to_dict_fast(ldap_message['payload']) result['type'] = 'intermediateResponse' else: if log_enabled(ERROR): log(ERROR, 'unknown response <%s> for <%s>', ldap_message['protocolOp'], self.connection) raise LDAPUnknownResponseError('unknown response') if ldap_message['controls']: result['controls'] = dict() for control in ldap_message['controls']: decoded_control = self.decode_control_fast(control[3]) result['controls'][decoded_control[0]] = decoded_control[1] return result @staticmethod def decode_control(control): """ decode control, return a 2-element tuple where the first element is the control oid and the second element is a dictionary with description (from Oids), criticality and decoded control value """ control_type = str(control['controlType']) criticality = bool(control['criticality']) control_value = bytes(control['controlValue']) unprocessed = None if control_type == '1.2.840.113556.1.4.319': # simple paged search as per RFC2696 control_resp, unprocessed = decoder.decode(control_value, asn1Spec=RealSearchControlValue()) control_value = dict() control_value['size'] = int(control_resp['size']) control_value['cookie'] = bytes(control_resp['cookie']) elif control_type == '1.2.840.113556.1.4.841': # DirSync AD control_resp, unprocessed = decoder.decode(control_value, asn1Spec=DirSyncControlResponseValue()) control_value = dict() control_value['more_results'] = bool(control_resp['MoreResults']) # more_result if nonzero control_value['cookie'] = bytes(control_resp['CookieServer']) elif control_type == '1.3.6.1.1.13.1' or control_type == '1.3.6.1.1.13.2': # Pre-Read control, Post-Read Control as per RFC 4527 control_resp, unprocessed = decoder.decode(control_value, asn1Spec=SearchResultEntry()) control_value = dict() control_value['result'] = attributes_to_dict(control_resp['attributes']) if unprocessed: if log_enabled(ERROR): log(ERROR, 'unprocessed control response in substrate') raise LDAPControlError('unprocessed control response in substrate') return control_type, {'description': Oids.get(control_type, ''), 'criticality': criticality, 'value': control_value} @staticmethod def decode_control_fast(control): """ decode control, return a 2-element tuple where the first element is the control oid and the second element is a dictionary with description (from Oids), criticality and decoded control value """ control_type = str(to_unicode(control[0][3], from_server=True)) criticality = False control_value = None for r in control[1:]: if r[2] == 4: # controlValue control_value = r[3] else: criticality = False if r[3] == 0 else True # criticality (booleand default to False) if control_type == '1.2.840.113556.1.4.319': # simple paged search as per RFC2696 control_resp = decode_sequence(control_value, 0, len(control_value)) control_value = dict() control_value['size'] = int(control_resp[0][3][0][3]) control_value['cookie'] = bytes(control_resp[0][3][1][3]) elif control_type == '1.2.840.113556.1.4.841': # DirSync AD control_resp = decode_sequence(control_value, 0, len(control_value)) control_value = dict() control_value['more_results'] = True if control_resp[0][3][0][3] else False # more_result if nonzero control_value['cookie'] = control_resp[0][3][2][3] elif control_type == '1.3.6.1.1.13.1' or control_type == '1.3.6.1.1.13.2': # Pre-Read control, Post-Read Control as per RFC 4527 control_resp = decode_sequence(control_value, 0, len(control_value)) control_value = dict() control_value['result'] = attributes_to_dict_fast(control_resp[0][3][1][3]) return control_type, {'description': Oids.get(control_type, ''), 'criticality': criticality, 'value': control_value} @staticmethod def decode_request(message_type, component, controls=None): # message_type = ldap_message.getComponentByName('protocolOp').getName() # component = ldap_message['protocolOp'].getComponent() if message_type == 'bindRequest': result = bind_request_to_dict(component) elif message_type == 'unbindRequest': result = dict() elif message_type == 'addRequest': result = add_request_to_dict(component) elif message_type == 'compareRequest': result = compare_request_to_dict(component) elif message_type == 'delRequest': result = delete_request_to_dict(component) elif message_type == 'extendedReq': result = extended_request_to_dict(component) elif message_type == 'modifyRequest': result = modify_request_to_dict(component) elif message_type == 'modDNRequest': result = modify_dn_request_to_dict(component) elif message_type == 'searchRequest': result = search_request_to_dict(component) elif message_type == 'abandonRequest': result = abandon_request_to_dict(component) else: if log_enabled(ERROR): log(ERROR, 'unknown request <%s>', message_type) raise LDAPUnknownRequestError('unknown request') result['type'] = message_type result['controls'] = controls return result def valid_referral_list(self, referrals): referral_list = [] for referral in referrals: candidate_referral = parse_uri(referral) if candidate_referral: for ref_host in self.connection.server.allowed_referral_hosts: if ref_host[0] == candidate_referral['host'] or ref_host[0] == '*': if candidate_referral['host'] not in self._referrals: candidate_referral['anonymousBindOnly'] = not ref_host[1] referral_list.append(candidate_referral) break return referral_list def do_next_range_search(self, request, response, attr_name): done = False current_response = response while not done: attr_type, _, returned_range = attr_name.partition(';range=') _, _, high_range = returned_range.partition('-') response['raw_attributes'][attr_type] += current_response['raw_attributes'][attr_name] response['attributes'][attr_type] += current_response['attributes'][attr_name] if high_range != '*': if log_enabled(PROTOCOL): log(PROTOCOL, 'performing next search on auto-range <%s> via <%s>', str(int(high_range) + 1), self.connection) requested_range = attr_type + ';range=' + str(int(high_range) + 1) + '-*' result = self.connection.search(search_base=response['dn'], search_filter='(objectclass=*)', search_scope=BASE, dereference_aliases=request['dereferenceAlias'], attributes=[attr_type + ';range=' + str(int(high_range) + 1) + '-*']) if isinstance(result, bool): if result: current_response = self.connection.response[0] else: done = True else: current_response, _ = self.get_response(result) current_response = current_response[0] if not done: if requested_range in current_response['raw_attributes'] and len(current_response['raw_attributes'][requested_range]) == 0: del current_response['raw_attributes'][requested_range] del current_response['attributes'][requested_range] attr_name = list(filter(lambda a: ';range=' in a, current_response['raw_attributes'].keys()))[0] continue done = True def do_search_on_auto_range(self, request, response): for resp in [r for r in response if r['type'] == 'searchResEntry']: for attr_name in list(resp['raw_attributes'].keys()): # generate list to avoid changing of dict size error if ';range=' in attr_name: attr_type, _, _ = attr_name.partition(';range=') if attr_type not in resp['raw_attributes'] or resp['raw_attributes'][attr_type] is None: resp['raw_attributes'][attr_type] = list() if attr_type not in resp['attributes'] or resp['attributes'][attr_type] is None: resp['attributes'][attr_type] = list() self.do_next_range_search(request, resp, attr_name) def do_operation_on_referral(self, request, referrals): if log_enabled(PROTOCOL): log(PROTOCOL, 'following referral for <%s>', self.connection) valid_referral_list = self.valid_referral_list(referrals) if valid_referral_list: preferred_referral_list = [referral for referral in valid_referral_list if referral['ssl'] == self.connection.server.ssl] selected_referral = choice(preferred_referral_list) if preferred_referral_list else choice(valid_referral_list) cachekey = (selected_referral['host'], selected_referral['port'] or self.connection.server.port, selected_referral['ssl']) if self.connection.use_referral_cache and cachekey in self.referral_cache: referral_connection = self.referral_cache[cachekey] else: referral_server = Server(host=selected_referral['host'], port=selected_referral['port'] or self.connection.server.port, use_ssl=selected_referral['ssl'], get_info=self.connection.server.get_info, formatter=self.connection.server.custom_formatter, connect_timeout=self.connection.server.connect_timeout, mode=self.connection.server.mode, allowed_referral_hosts=self.connection.server.allowed_referral_hosts, tls=Tls(local_private_key_file=self.connection.server.tls.private_key_file, local_certificate_file=self.connection.server.tls.certificate_file, validate=self.connection.server.tls.validate, version=self.connection.server.tls.version, ca_certs_file=self.connection.server.tls.ca_certs_file) if selected_referral['ssl'] else None) from ..core.connection import Connection referral_connection = Connection(server=referral_server, user=self.connection.user if not selected_referral['anonymousBindOnly'] else None, password=self.connection.password if not selected_referral['anonymousBindOnly'] else None, version=self.connection.version, authentication=self.connection.authentication if not selected_referral['anonymousBindOnly'] else ANONYMOUS, client_strategy=SYNC, auto_referrals=True, read_only=self.connection.read_only, check_names=self.connection.check_names, raise_exceptions=self.connection.raise_exceptions, fast_decoder=self.connection.fast_decoder, receive_timeout=self.connection.receive_timeout, sasl_mechanism=self.connection.sasl_mechanism, sasl_credentials=self.connection.sasl_credentials) if self.connection.usage: self.connection._usage.referrals_connections += 1 referral_connection.open() referral_connection.strategy._referrals = self._referrals if self.connection.tls_started and not referral_server.ssl: # if the original server was in start_tls mode and the referral server is not in ssl then start_tls on the referral connection referral_connection.start_tls() if self.connection.bound: referral_connection.bind() if self.connection.usage: self.connection._usage.referrals_followed += 1 if request['type'] == 'searchRequest': referral_connection.search(selected_referral['base'] or request['base'], selected_referral['filter'] or request['filter'], selected_referral['scope'] or request['scope'], request['dereferenceAlias'], selected_referral['attributes'] or request['attributes'], request['sizeLimit'], request['timeLimit'], request['typesOnly'], controls=request['controls']) elif request['type'] == 'addRequest': referral_connection.add(selected_referral['base'] or request['entry'], None, request['attributes'], controls=request['controls']) elif request['type'] == 'compareRequest': referral_connection.compare(selected_referral['base'] or request['entry'], request['attribute'], request['value'], controls=request['controls']) elif request['type'] == 'delRequest': referral_connection.delete(selected_referral['base'] or request['entry'], controls=request['controls']) elif request['type'] == 'extendedReq': referral_connection.extended(request['name'], request['value'], controls=request['controls'], no_encode=True ) elif request['type'] == 'modifyRequest': referral_connection.modify(selected_referral['base'] or request['entry'], prepare_changes_for_request(request['changes']), controls=request['controls']) elif request['type'] == 'modDNRequest': referral_connection.modify_dn(selected_referral['base'] or request['entry'], request['newRdn'], request['deleteOldRdn'], request['newSuperior'], controls=request['controls']) else: self.connection.last_error = 'referral operation not permitted' if log_enabled(ERROR): log(ERROR, '<%s> for <%s>', self.connection.last_error, self.connection) raise LDAPReferralError(self.connection.last_error) response = referral_connection.response result = referral_connection.result if self.connection.use_referral_cache: self.referral_cache[cachekey] = referral_connection else: referral_connection.unbind() else: response = None result = None return response, result def sending(self, ldap_message): exc = None if log_enabled(NETWORK): log(NETWORK, 'sending 1 ldap message for <%s>', self.connection) try: encoded_message = encode(ldap_message) self.connection.socket.sendall(encoded_message) if log_enabled(EXTENDED): log(EXTENDED, 'ldap message sent via <%s>:%s', self.connection, format_ldap_message(ldap_message, '>>')) if log_enabled(NETWORK): log(NETWORK, 'sent %d bytes via <%s>', len(encoded_message), self.connection) except socket.error as e: self.connection.last_error = 'socket sending error' + str(e) exc = e encoded_message = None if exc: if log_enabled(ERROR): log(ERROR, '<%s> for <%s>', self.connection.last_error, self.connection) raise communication_exception_factory(LDAPSocketSendError, exc)(self.connection.last_error) if self.connection.usage: self.connection._usage.update_transmitted_message(self.connection.request, len(encoded_message)) def _start_listen(self): # overridden on strategy class raise NotImplementedError def _get_response(self, message_id): # overridden in strategy class raise NotImplementedError def receiving(self): # overridden in strategy class raise NotImplementedError def post_send_single_response(self, message_id): # overridden in strategy class raise NotImplementedError def post_send_search(self, message_id): # overridden in strategy class raise NotImplementedError def get_stream(self): raise NotImplementedError def set_stream(self, value): raise NotImplementedError def unbind_referral_cache(self): while len(self.referral_cache) > 0: cachekey, referral_connection = self.referral_cache.popitem() referral_connection.unbind() ldap3-2.4.1/ldap3/strategy/ldifProducer.py0000666000000000000000000001310613226436321016517 0ustar 00000000000000""" """ # Created on 2013.07.15 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from io import StringIO from os import linesep import random from ..core.exceptions import LDAPLDIFError from ..utils.conv import prepare_for_stream from ..protocol.rfc4511 import LDAPMessage, MessageID, ProtocolOp, LDAP_MAX_INT from ..protocol.rfc2849 import operation_to_ldif, add_ldif_header from ..protocol.convert import build_controls_list from .base import BaseStrategy class LdifProducerStrategy(BaseStrategy): """ This strategy is used to create the LDIF stream for the Add, Delete, Modify, ModifyDn operations. You send the request and get the request in the ldif-change representation of the operation. NO OPERATION IS SENT TO THE LDAP SERVER! Connection.request will contain the result LDAP message in a dict form Connection.response will contain the ldif-change format of the requested operation if available You don't need a real server to connect to for this strategy """ def __init__(self, ldap_connection): BaseStrategy.__init__(self, ldap_connection) self.sync = True self.no_real_dsa = True self.pooled = False self.can_stream = True self.line_separator = linesep self.all_base64 = False self.stream = None self.order = dict() self._header_added = False random.seed() def _open_socket(self, address, use_ssl=False, unix_socket=False): # fake open socket self.connection.socket = NotImplemented # placeholder for a dummy socket if self.connection.usage: self.connection._usage.open_sockets += 1 self.connection.closed = False def _close_socket(self): if self.connection.usage: self.connection._usage.closed_sockets += 1 self.connection.socket = None self.connection.closed = True def _start_listen(self): self.connection.listening = True self.connection.closed = False self._header_added = False if not self.stream or (isinstance(self.stream, StringIO) and self.stream.closed): self.set_stream(StringIO()) def _stop_listen(self): self.stream.close() self.connection.listening = False self.connection.closed = True def receiving(self): return None def send(self, message_type, request, controls=None): """ Build the LDAPMessage without sending to server """ message_id = random.randint(0, LDAP_MAX_INT) ldap_message = LDAPMessage() ldap_message['messageID'] = MessageID(message_id) ldap_message['protocolOp'] = ProtocolOp().setComponentByName(message_type, request) message_controls = build_controls_list(controls) if message_controls is not None: ldap_message['controls'] = message_controls self.connection.request = BaseStrategy.decode_request(message_type, request, controls) self.connection.request['controls'] = controls self._outstanding[message_id] = self.connection.request return message_id def post_send_single_response(self, message_id): self.connection.response = None self.connection.result = None if self._outstanding and message_id in self._outstanding: request = self._outstanding.pop(message_id) ldif_lines = operation_to_ldif(self.connection.request['type'], request, self.all_base64, self.order.get(self.connection.request['type'])) if self.stream and ldif_lines and not self.connection.closed: self.accumulate_stream(self.line_separator.join(ldif_lines)) ldif_lines = add_ldif_header(ldif_lines) self.connection.response = self.line_separator.join(ldif_lines) return self.connection.response return None def post_send_search(self, message_id): raise LDAPLDIFError('LDIF-CONTENT cannot be produced for Search operations') def _get_response(self, message_id): pass def accumulate_stream(self, fragment): if not self._header_added and self.stream.tell() == 0: self._header_added = True header = add_ldif_header(['-'])[0] self.stream.write(prepare_for_stream(header + self.line_separator + self.line_separator)) self.stream.write(prepare_for_stream(fragment + self.line_separator + self.line_separator)) def get_stream(self): return self.stream def set_stream(self, value): error = False try: if not value.writable(): error = True except (ValueError, AttributeError): error = True if error: raise LDAPLDIFError('stream must be writable') self.stream = value ldap3-2.4.1/ldap3/strategy/mockAsync.py0000666000000000000000000002402313226436321016024 0ustar 00000000000000""" """ # Created on 2016.04.30 # # Author: Giovanni Cannata # # Copyright 2016 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from .. import ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTES, NO_ATTRIBUTES from .mockBase import MockBaseStrategy from .asynchronous import AsyncStrategy from ..operation.search import search_result_done_response_to_dict, search_result_entry_response_to_dict from ..core.results import DO_NOT_RAISE_EXCEPTIONS from ..utils.log import log, log_enabled, ERROR, PROTOCOL from ..core.exceptions import LDAPResponseTimeoutError, LDAPOperationResult from ..operation.bind import bind_response_to_dict from ..operation.delete import delete_response_to_dict from ..operation.add import add_response_to_dict from ..operation.compare import compare_response_to_dict from ..operation.modifyDn import modify_dn_response_to_dict from ..operation.modify import modify_response_to_dict from ..operation.search import search_result_done_response_to_dict, search_result_entry_response_to_dict from ..operation.extended import extended_response_to_dict # LDAPResult ::= SEQUENCE { # resultCode ENUMERATED { # success (0), # operationsError (1), # protocolError (2), # timeLimitExceeded (3), # sizeLimitExceeded (4), # compareFalse (5), # compareTrue (6), # authMethodNotSupported (7), # strongerAuthRequired (8), # -- 9 reserved -- # referral (10), # adminLimitExceeded (11), # unavailableCriticalExtension (12), # confidentialityRequired (13), # saslBindInProgress (14), # noSuchAttribute (16), # undefinedAttributeType (17), # inappropriateMatching (18), # constraintViolation (19), # attributeOrValueExists (20), # invalidAttributeSyntax (21), # -- 22-31 unused -- # noSuchObject (32), # aliasProblem (33), # invalidDNSyntax (34), # -- 35 reserved for undefined isLeaf -- # aliasDereferencingProblem (36), # -- 37-47 unused -- # inappropriateAuthentication (48), # invalidCredentials (49), # insufficientAccessRights (50), # busy (51), # unavailable (52), # unwillingToPerform (53), # loopDetect (54), # -- 55-63 unused -- # namingViolation (64), # objectClassViolation (65), # notAllowedOnNonLeaf (66), # notAllowedOnRDN (67), # entryAlreadyExists (68), # objectClassModsProhibited (69), # -- 70 reserved for CLDAP -- # affectsMultipleDSAs (71), # -- 72-79 unused -- # other (80), # ... }, # matchedDN LDAPDN, # diagnosticMessage LDAPString, # referral [3] Referral OPTIONAL } class MockAsyncStrategy(MockBaseStrategy, AsyncStrategy): # class inheritance sequence is important, MockBaseStrategy must be the first one """ This strategy create a mock LDAP server, with asynchronous access It can be useful to test LDAP without accessing a real Server """ def __init__(self, ldap_connection): AsyncStrategy.__init__(self, ldap_connection) MockBaseStrategy.__init__(self) #outstanding = dict() # a dictionary with the message id as key and a tuple (result, response) as value def post_send_search(self, payload): message_id, message_type, request, controls = payload async_response = [] async_result = dict() if message_type == 'searchRequest': responses, result = self.mock_search(request, controls) result['type'] = 'searchResDone' for entry in responses: response = search_result_entry_response_to_dict(entry, self.connection.server.schema, self.connection.server.custom_formatter, self.connection.check_names) response['type'] = 'searchResEntry' if self.connection.empty_attributes: for attribute_type in request['attributes']: attribute_name = str(attribute_type) if attribute_name not in response['raw_attributes'] and attribute_name not in (ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTES, NO_ATTRIBUTES): response['raw_attributes'][attribute_name] = list() response['attributes'][attribute_name] = list() if log_enabled(PROTOCOL): log(PROTOCOL, 'attribute set to empty list for missing attribute <%s> in <%s>', attribute_type, self) if not self.connection.auto_range: attrs_to_remove = [] # removes original empty attribute in case a range tag is returned for attribute_type in response['attributes']: attribute_name = str(attribute_type) if ';range' in attribute_name.lower(): orig_attr, _, _ = attribute_name.partition(';') attrs_to_remove.append(orig_attr) for attribute_type in attrs_to_remove: if log_enabled(PROTOCOL): log(PROTOCOL, 'attribute type <%s> removed in response because of same attribute returned as range by the server in <%s>', attribute_type, self) del response['raw_attributes'][attribute_type] del response['attributes'][attribute_type] async_response.append(response) async_result = search_result_done_response_to_dict(result) async_result['type'] = 'searchResDone' self._responses[message_id] = (request, async_result, async_response) return message_id def post_send_single_response(self, payload): # payload is a tuple sent by self.send() made of message_type, request, controls message_id, message_type, request, controls = payload responses = [] result = None if message_type == 'bindRequest': result = bind_response_to_dict(self.mock_bind(request, controls)) result['type'] = 'bindResponse' elif message_type == 'unbindRequest': self.bound = None elif message_type == 'abandonRequest': pass elif message_type == 'delRequest': result = delete_response_to_dict(self.mock_delete(request, controls)) result['type'] = 'delResponse' elif message_type == 'addRequest': result = add_response_to_dict(self.mock_add(request, controls)) result['type'] = 'addResponse' elif message_type == 'compareRequest': result = compare_response_to_dict(self.mock_compare(request, controls)) result['type'] = 'compareResponse' elif message_type == 'modDNRequest': result = modify_dn_response_to_dict(self.mock_modify_dn(request, controls)) result['type'] = 'modDNResponse' elif message_type == 'modifyRequest': result = modify_response_to_dict(self.mock_modify(request, controls)) result['type'] = 'modifyResponse' elif message_type == 'extendedReq': result = extended_response_to_dict(self.mock_extended(request, controls)) result['type'] = 'extendedResp' responses.append(result) if self.connection.raise_exceptions and result and result['result'] not in DO_NOT_RAISE_EXCEPTIONS: if log_enabled(PROTOCOL): log(PROTOCOL, 'operation result <%s> for <%s>', result, self.connection) raise LDAPOperationResult(result=result['result'], description=result['description'], dn=result['dn'], message=result['message'], response_type=result['type']) self._responses[message_id] = (request, result, responses) return message_id def get_response(self, message_id, timeout=None, get_request=False): if message_id in self._responses: request, result, response = self._responses.pop(message_id) else: raise(LDAPResponseTimeoutError('message id not in outstanding queue')) if self.connection.raise_exceptions and result and result['result'] not in DO_NOT_RAISE_EXCEPTIONS: if log_enabled(PROTOCOL): log(PROTOCOL, 'operation result <%s> for <%s>', result, self.connection) raise LDAPOperationResult(result=result['result'], description=result['description'], dn=result['dn'], message=result['message'], response_type=result['type']) if get_request: return response, result, request else: return response, result ldap3-2.4.1/ldap3/strategy/mockBase.py0000666000000000000000000013060013230577564015632 0ustar 00000000000000""" """ # Created on 2016.04.30 # # Author: Giovanni Cannata # # Copyright 2016 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import json import re from threading import Lock from random import SystemRandom from pyasn1.type.univ import OctetString from .. import SEQUENCE_TYPES, ALL_ATTRIBUTES from ..operation.bind import bind_request_to_dict from ..operation.delete import delete_request_to_dict from ..operation.add import add_request_to_dict from ..operation.compare import compare_request_to_dict from ..operation.modifyDn import modify_dn_request_to_dict from ..operation.modify import modify_request_to_dict from ..operation.extended import extended_request_to_dict from ..operation.search import search_request_to_dict, parse_filter, ROOT, AND, OR, NOT, MATCH_APPROX, \ MATCH_GREATER_OR_EQUAL, MATCH_LESS_OR_EQUAL, MATCH_EXTENSIBLE, MATCH_PRESENT,\ MATCH_SUBSTRING, MATCH_EQUAL from ..utils.conv import json_hook, to_unicode, to_raw from ..core.exceptions import LDAPDefinitionError, LDAPPasswordIsMandatoryError, LDAPInvalidValueError, LDAPSocketOpenError from ..core.results import RESULT_SUCCESS, RESULT_OPERATIONS_ERROR, RESULT_UNAVAILABLE_CRITICAL_EXTENSION, \ RESULT_INVALID_CREDENTIALS, RESULT_NO_SUCH_OBJECT, RESULT_ENTRY_ALREADY_EXISTS, RESULT_COMPARE_TRUE, \ RESULT_COMPARE_FALSE, RESULT_NO_SUCH_ATTRIBUTE, RESULT_UNWILLING_TO_PERFORM from ..utils.ciDict import CaseInsensitiveDict from ..utils.dn import to_dn, safe_dn, safe_rdn from ..protocol.sasl.sasl import validate_simple_password from ..protocol.formatters.standard import find_attribute_validator, format_attribute_values from ..protocol.rfc2696 import paged_search_control from ..utils.log import log, log_enabled, ERROR, BASIC from ..utils.asn1 import encode from ..strategy.base import BaseStrategy # needed for decode_control() method from ..protocol.rfc4511 import LDAPMessage, ProtocolOp, MessageID from ..protocol.convert import build_controls_list # LDAPResult ::= SEQUENCE { # resultCode ENUMERATED { # success (0), # operationsError (1), # protocolError (2), # timeLimitExceeded (3), # sizeLimitExceeded (4), # compareFalse (5), # compareTrue (6), # authMethodNotSupported (7), # strongerAuthRequired (8), # -- 9 reserved -- # referral (10), # adminLimitExceeded (11), # unavailableCriticalExtension (12), # confidentialityRequired (13), # saslBindInProgress (14), # noSuchAttribute (16), # undefinedAttributeType (17), # inappropriateMatching (18), # constraintViolation (19), # attributeOrValueExists (20), # invalidAttributeSyntax (21), # -- 22-31 unused -- # noSuchObject (32), # aliasProblem (33), # invalidDNSyntax (34), # -- 35 reserved for undefined isLeaf -- # aliasDereferencingProblem (36), # -- 37-47 unused -- # inappropriateAuthentication (48), # invalidCredentials (49), # insufficientAccessRights (50), # busy (51), # unavailable (52), # unwillingToPerform (53), # loopDetect (54), # -- 55-63 unused -- # namingViolation (64), # objectClassViolation (65), # notAllowedOnNonLeaf (66), # notAllowedOnRDN (67), # entryAlreadyExists (68), # objectClassModsProhibited (69), # -- 70 reserved for CLDAP -- # affectsMultipleDSAs (71), # -- 72-79 unused -- # other (80), # ... }, # matchedDN LDAPDN, # diagnosticMessage LDAPString, # referral [3] Referral OPTIONAL } # noinspection PyProtectedMember,PyUnresolvedReferences SEARCH_CONTROLS = ['1.2.840.113556.1.4.319' # simple paged search [RFC 2696] ] SERVER_ENCODING = 'utf-8' def random_cookie(): return to_raw(SystemRandom().random())[-6:] class PagedSearchSet(object): def __init__(self, response, size, criticality): self.size = size self.response = response self.cookie = None self.sent = 0 self.done = False def next(self, size=None): if size: self.size=size message = '' response = self.response[self.sent: self.sent + self.size] self.sent += self.size if self.sent > len(self.response): self.done = True self.cookie = '' else: self.cookie = random_cookie() response_control = paged_search_control(False, len(self.response), self.cookie) result = {'resultCode': RESULT_SUCCESS, 'matchedDN': '', 'diagnosticMessage': to_unicode(message, SERVER_ENCODING), 'referral': None, 'controls': [BaseStrategy.decode_control(response_control)] } return response, result class MockBaseStrategy(object): """ Base class for connection strategy """ def __init__(self): if not hasattr(self.connection.server, 'dit'): # create entries dict if not already present self.connection.server.dit = CaseInsensitiveDict() self.entries = self.connection.server.dit # for simpler reference self.no_real_dsa = True self.bound = None self.custom_validators = None self.operational_attributes = ['entryDN'] self.add_entry('cn=schema', []) # add default entry for schema self._paged_sets = [] # list of paged search in progress if log_enabled(BASIC): log(BASIC, 'instantiated <%s>: <%s>', self.__class__.__name__, self) def _start_listen(self): self.connection.listening = True self.connection.closed = False if self.connection.usage: self.connection._usage.open_sockets += 1 def _stop_listen(self): self.connection.listening = False self.connection.closed = True if self.connection.usage: self.connection._usage.closed_sockets += 1 def _prepare_value(self, attribute_type, value): """ Prepare a value for being stored in the mock DIT :param value: object to store :return: raw value to store in the DIT """ validator = find_attribute_validator(self.connection.server.schema, attribute_type, self.custom_validators) validated = validator(value) if validated is False: raise LDAPInvalidValueError('value \'%s\' non valid for attribute \'%s\'' % (value, attribute_type)) elif validated is not True: # a valid LDAP value equivalent to the actual value value = validated raw_value = to_raw(value) if not isinstance(raw_value, bytes): raise LDAPInvalidValueError('added values must be bytes if no offline schema is provided in Mock strategies') return raw_value def _update_attribute(self, dn, attribute_type, value): pass def add_entry(self, dn, attributes): with self.connection.server.dit_lock: escaped_dn = safe_dn(dn) if escaped_dn not in self.connection.server.dit: new_entry = CaseInsensitiveDict() for attribute in attributes: if attribute in self.operational_attributes: # no restore of operational attributes, should be computed at runtime continue if not isinstance(attributes[attribute], SEQUENCE_TYPES): # entry attributes are always lists of bytes values attributes[attribute] = [attributes[attribute]] if self.connection.server.schema and self.connection.server.schema.attribute_types[attribute].single_value and len(attributes[attribute]) > 1: # multiple values in single-valued attribute return False if attribute.lower() == 'objectclass' and self.connection.server.schema: # builds the objectClass hierarchy only if schema is present class_set = set() for object_class in attributes['objectClass']: if self.connection.server.schema.object_classes and object_class not in self.connection.server.schema.object_classes: return False # walkups the class hierarchy and buils a set of all classes in it class_set.add(object_class) class_set_size = 0 while class_set_size != len(class_set): new_classes = set() class_set_size = len(class_set) for class_name in class_set: if self.connection.server.schema.object_classes[class_name].superior: new_classes.update(self.connection.server.schema.object_classes[class_name].superior) class_set.update(new_classes) new_entry['objectClass'] = [to_raw(value) for value in class_set] else: new_entry[attribute] = [self._prepare_value(attribute, value) for value in attributes[attribute]] for rdn in safe_rdn(escaped_dn, decompose=True): # adds rdns to entry attributes if rdn[0] not in new_entry: # if rdn attribute is missing adds attribute and its value new_entry[rdn[0]] = [to_raw(rdn[1])] else: raw_rdn = to_raw(rdn[1]) if raw_rdn not in new_entry[rdn[0]]: # add rdn value if rdn attribute is present but value is missing new_entry[rdn[0]].append(raw_rdn) new_entry['entryDN'] = [to_raw(escaped_dn)] self.connection.server.dit[escaped_dn] = new_entry return True return False def remove_entry(self, dn): with self.connection.server.dit_lock: escaped_dn = safe_dn(dn) if escaped_dn in self.connection.server.dit: del self.connection.server.dit[escaped_dn] return True return False def entries_from_json(self, json_entry_file): target = open(json_entry_file, 'r') definition = json.load(target, object_hook=json_hook) if 'entries' not in definition: self.connection.last_error = 'invalid JSON definition, missing "entries" section' if log_enabled(ERROR): log(ERROR, '<%s> for <%s>', self.connection.last_error, self.connection) raise LDAPDefinitionError(self.connection.last_error) if not self.connection.server.dit: self.connection.server.dit = CaseInsensitiveDict() for entry in definition['entries']: if 'raw' not in entry: self.connection.last_error = 'invalid JSON definition, missing "raw" section' if log_enabled(ERROR): log(ERROR, '<%s> for <%s>', self.connection.last_error, self.connection) raise LDAPDefinitionError(self.connection.last_error) if 'dn' not in entry: self.connection.last_error = 'invalid JSON definition, missing "dn" section' if log_enabled(ERROR): log(ERROR, '<%s> for <%s>', self.connection.last_error, self.connection) raise LDAPDefinitionError(self.connection.last_error) self.add_entry(entry['dn'], entry['raw']) target.close() def mock_bind(self, request_message, controls): # BindRequest ::= [APPLICATION 0] SEQUENCE { # version INTEGER (1 .. 127), # name LDAPDN, # authentication AuthenticationChoice } # # BindResponse ::= [APPLICATION 1] SEQUENCE { # COMPONENTS OF LDAPResult, # serverSaslCreds [7] OCTET STRING OPTIONAL } # # request: version, name, authentication # response: LDAPResult + serverSaslCreds request = bind_request_to_dict(request_message) identity = request['name'] if 'simple' in request['authentication']: try: password = validate_simple_password(request['authentication']['simple']) except LDAPPasswordIsMandatoryError: password = '' identity = '' else: self.connection.last_error = 'only Simple Bind allowed in Mock strategy' if log_enabled(ERROR): log(ERROR, '<%s> for <%s>', self.connection.last_error, self.connection) raise LDAPDefinitionError(self.connection.last_error) # checks userPassword for password. userPassword must be a text string or a list of text strings if identity in self.connection.server.dit: if 'userPassword' in self.connection.server.dit[identity]: # if self.connection.server.dit[identity]['userPassword'] == password or password in self.connection.server.dit[identity]['userPassword']: if self.equal(identity, 'userPassword', password): result_code = RESULT_SUCCESS message = '' self.bound = identity else: result_code = RESULT_INVALID_CREDENTIALS message = 'invalid credentials' else: # no user found, returns invalidCredentials result_code = RESULT_INVALID_CREDENTIALS message = 'missing userPassword attribute' elif identity == '': result_code = RESULT_SUCCESS message = '' self.bound = identity else: result_code = RESULT_INVALID_CREDENTIALS message = 'missing object' return {'resultCode': result_code, 'matchedDN': '', 'diagnosticMessage': to_unicode(message, SERVER_ENCODING), 'referral': None, 'serverSaslCreds': None } def mock_delete(self, request_message, controls): # DelRequest ::= [APPLICATION 10] LDAPDN # # DelResponse ::= [APPLICATION 11] LDAPResult # # request: entry # response: LDAPResult request = delete_request_to_dict(request_message) dn = safe_dn(request['entry']) if dn in self.connection.server.dit: del self.connection.server.dit[dn] result_code = RESULT_SUCCESS message = '' else: result_code = RESULT_NO_SUCH_OBJECT message = 'object not found' return {'resultCode': result_code, 'matchedDN': '', 'diagnosticMessage': to_unicode(message, SERVER_ENCODING), 'referral': None } def mock_add(self, request_message, controls): # AddRequest ::= [APPLICATION 8] SEQUENCE { # entry LDAPDN, # attributes AttributeList } # # AddResponse ::= [APPLICATION 9] LDAPResult # # request: entry, attributes # response: LDAPResult request = add_request_to_dict(request_message) dn = safe_dn(request['entry']) attributes = request['attributes'] # converts attributes values to bytes if dn not in self.connection.server.dit: if self.add_entry(dn, attributes): result_code = RESULT_SUCCESS message = '' else: result_code = RESULT_OPERATIONS_ERROR message = 'error adding entry' else: result_code = RESULT_ENTRY_ALREADY_EXISTS message = 'entry already exist' return {'resultCode': result_code, 'matchedDN': '', 'diagnosticMessage': to_unicode(message, SERVER_ENCODING), 'referral': None } def mock_compare(self, request_message, controls): # CompareRequest ::= [APPLICATION 14] SEQUENCE { # entry LDAPDN, # ava AttributeValueAssertion } # # CompareResponse ::= [APPLICATION 15] LDAPResult # # request: entry, attribute, value # response: LDAPResult request = compare_request_to_dict(request_message) dn = safe_dn(request['entry']) attribute = request['attribute'] value = to_raw(request['value']) if dn in self.connection.server.dit: if attribute in self.connection.server.dit[dn]: if self.equal(dn, attribute, value): result_code = RESULT_COMPARE_TRUE message = '' else: result_code = RESULT_COMPARE_FALSE message = '' else: result_code = RESULT_NO_SUCH_ATTRIBUTE message = 'attribute not found' else: result_code = RESULT_NO_SUCH_OBJECT message = 'object not found' return {'resultCode': result_code, 'matchedDN': '', 'diagnosticMessage': to_unicode(message, SERVER_ENCODING), 'referral': None } def mock_modify_dn(self, request_message, controls): # ModifyDNRequest ::= [APPLICATION 12] SEQUENCE { # entry LDAPDN, # newrdn RelativeLDAPDN, # deleteoldrdn BOOLEAN, # newSuperior [0] LDAPDN OPTIONAL } # # ModifyDNResponse ::= [APPLICATION 13] LDAPResult # # request: entry, newRdn, deleteOldRdn, newSuperior # response: LDAPResult request = modify_dn_request_to_dict(request_message) dn = safe_dn(request['entry']) new_rdn = request['newRdn'] delete_old_rdn = request['deleteOldRdn'] new_superior = safe_dn(request['newSuperior']) if request['newSuperior'] else '' dn_components = to_dn(dn) if dn in self.connection.server.dit: if new_superior and new_rdn: # performs move in the DIT new_dn = safe_dn(dn_components[0] + ',' + new_superior) self.connection.server.dit[new_dn] = self.connection.server.dit[dn].copy() moved_entry = self.connection.server.dit[new_dn] if delete_old_rdn: del self.connection.server.dit[dn] result_code = RESULT_SUCCESS message = 'entry moved' moved_entry['entryDN'] = [to_raw(new_dn)] elif new_rdn and not new_superior: # performs rename new_dn = safe_dn(new_rdn + ',' + safe_dn(dn_components[1:])) self.connection.server.dit[new_dn] = self.connection.server.dit[dn].copy() renamed_entry = self.connection.server.dit[new_dn] del self.connection.server.dit[dn] renamed_entry['entryDN'] = [to_raw(new_dn)] for rdn in safe_rdn(new_dn, decompose=True): # adds rdns to entry attributes renamed_entry[rdn[0]] = [to_raw(rdn[1])] result_code = RESULT_SUCCESS message = 'entry rdn renamed' else: result_code = RESULT_UNWILLING_TO_PERFORM message = 'newRdn or newSuperior missing' else: result_code = RESULT_NO_SUCH_OBJECT message = 'object not found' return {'resultCode': result_code, 'matchedDN': '', 'diagnosticMessage': to_unicode(message, SERVER_ENCODING), 'referral': None } def mock_modify(self, request_message, controls): # ModifyRequest ::= [APPLICATION 6] SEQUENCE { # object LDAPDN, # changes SEQUENCE OF change SEQUENCE { # operation ENUMERATED { # add (0), # delete (1), # replace (2), # ... }, # modification PartialAttribute } } # # ModifyResponse ::= [APPLICATION 7] LDAPResult # # request: entry, changes # response: LDAPResult # # changes is a dictionary in the form {'attribute': [(operation, [val1, ...]), ...], ...} # operation is 0 (add), 1 (delete), 2 (replace), 3 (increment) request = modify_request_to_dict(request_message) dn = safe_dn(request['entry']) changes = request['changes'] result_code = 0 message = '' rdns = [rdn[0] for rdn in safe_rdn(dn, decompose=True)] if dn in self.connection.server.dit: entry = self.connection.server.dit[dn] original_entry = entry.copy() # to preserve atomicity of operation for modification in changes: operation = modification['operation'] attribute = modification['attribute']['type'] elements = modification['attribute']['value'] if operation == 0: # add if attribute not in entry and elements: # attribute not present, creates the new attribute and add elements if self.connection.server.schema and self.connection.server.schema.attribute_types and self.connection.server.schema.attribute_types[attribute].single_value and len(elements) > 1: # multiple values in single-valued attribute result_code = 19 message = 'attribute is single-valued' else: entry[attribute] = [to_raw(element) for element in elements] else: # attribute present, adds elements to current values if self.connection.server.schema and self.connection.server.schema.attribute_types and self.connection.server.schema.attribute_types[attribute].single_value: # multiple values in single-valued attribute result_code = 19 message = 'attribute is single-valued' else: entry[attribute].extend([to_raw(element) for element in elements]) elif operation == 1: # delete if attribute not in entry: # attribute must exist result_code = RESULT_NO_SUCH_ATTRIBUTE message = 'attribute must exists for deleting its values' elif attribute in rdns: # attribute can't be used in dn result_code = 67 message = 'cannot delete an rdn' else: if not elements: # deletes whole attribute if element list is empty del entry[attribute] else: for element in elements: raw_element = to_raw(element) if self.equal(dn, attribute, raw_element): # removes single element entry[attribute].remove(raw_element) else: result_code = 1 message = 'value to delete not found' if not entry[attribute]: # removes the whole attribute if no elements remained del entry[attribute] elif operation == 2: # replace if attribute not in entry and elements: # attribute not present, creates the new attribute and add elements if self.connection.server.schema and self.connection.server.schema.attribute_types and self.connection.server.schema.attribute_types[attribute].single_value and len(elements) > 1: # multiple values in single-valued attribute result_code = 19 message = 'attribute is single-valued' else: entry[attribute] = [to_raw(element) for element in elements] elif not elements and attribute in rdns: # attribute can't be used in dn result_code = 67 message = 'cannot replace an rdn' elif not elements: # deletes whole attribute if element list is empty if attribute in entry: del entry[attribute] else: # substitutes elements entry[attribute] = [to_raw(element) for element in elements] if result_code: # an error has happened, restores the original dn self.connection.server.dit[dn] = original_entry else: result_code = RESULT_NO_SUCH_OBJECT message = 'object not found' return {'resultCode': result_code, 'matchedDN': '', 'diagnosticMessage': to_unicode(message, SERVER_ENCODING), 'referral': None } def mock_search(self, request_message, controls): # SearchRequest ::= [APPLICATION 3] SEQUENCE { # baseObject LDAPDN, # scope ENUMERATED { # baseObject (0), # singleLevel (1), # wholeSubtree (2), # ... }, # derefAliases ENUMERATED { # neverDerefAliases (0), # derefInSearching (1), # derefFindingBaseObj (2), # derefAlways (3) }, # sizeLimit INTEGER (0 .. maxInt), # timeLimit INTEGER (0 .. maxInt), # typesOnly BOOLEAN, # filter Filter, # attributes AttributeSelection } # # SearchResultEntry ::= [APPLICATION 4] SEQUENCE { # objectName LDAPDN, # attributes PartialAttributeList } # # # SearchResultReference ::= [APPLICATION 19] SEQUENCE # SIZE (1..MAX) OF uri URI # # SearchResultDone ::= [APPLICATION 5] LDAPResult # # request: base, scope, dereferenceAlias, sizeLimit, timeLimit, typesOnly, filter, attributes # response_entry: object, attributes # response_done: LDAPResult request = search_request_to_dict(request_message) if controls: decoded_controls = [self.decode_control(control) for control in controls if control] for decoded_control in decoded_controls: if decoded_control[1]['criticality'] and decoded_control[0] not in SEARCH_CONTROLS: message = 'Critical requested control ' + str(decoded_control[0]) + ' not available' result = {'resultCode': RESULT_UNAVAILABLE_CRITICAL_EXTENSION, 'matchedDN': '', 'diagnosticMessage': to_unicode(message, SERVER_ENCODING), 'referral': None } return [], result elif decoded_control[0] == '1.2.840.113556.1.4.319': # Simple paged search if not decoded_control[1]['value']['cookie']: # new paged search response, result = self._execute_search(request) if result['resultCode'] == RESULT_SUCCESS: # success paged_set = PagedSearchSet(response, int(decoded_control[1]['value']['size']), decoded_control[1]['criticality']) response, result = paged_set.next() if paged_set.done: # paged search already completed, no need to store the set del paged_set else: self._paged_sets.append(paged_set) return response, result else: return [], result else: for paged_set in self._paged_sets: if paged_set.cookie == decoded_control[1]['value']['cookie']: # existing paged set response, result = paged_set.next() # returns next bunch of entries as per paged set specifications if paged_set.done: self._paged_sets.remove(paged_set) return response, result # paged set not found message = 'Invalid cookie in simple paged search' result = {'resultCode': RESULT_OPERATIONS_ERROR, 'matchedDN': '', 'diagnosticMessage': to_unicode(message, SERVER_ENCODING), 'referral': None } return [], result else: return self._execute_search(request) def _execute_search(self, request): responses = [] base = safe_dn(request['base']) scope = request['scope'] attributes = request['attributes'] if '+' in attributes: # operational attributes requested attributes.extend(self.operational_attributes) attributes.remove('+') attributes = [attr.lower() for attr in request['attributes']] filter_root = parse_filter(request['filter'], self.connection.server.schema, auto_escape=True, auto_encode=False, check_names=self.connection.check_names) candidates = [] if scope == 0: # base object if base in self.connection.server.dit or base.lower() == 'cn=schema': candidates.append(base) elif scope == 1: # single level for entry in self.connection.server.dit: if entry.endswith(base) and ',' not in entry[:-len(base) - 1]: # only leafs without commas in the remaining dn candidates.append(entry) elif scope == 2: # whole subtree for entry in self.connection.server.dit: if entry.endswith(base): candidates.append(entry) if not candidates: # incorrect base result_code = RESULT_NO_SUCH_OBJECT message = 'incorrect base object' else: matched = self.evaluate_filter_node(filter_root, candidates) for match in matched: responses.append({ 'object': match, 'attributes': [{'type': attribute, 'vals': [] if request['typesOnly'] else self.connection.server.dit[match][attribute]} for attribute in self.connection.server.dit[match] if attribute.lower() in attributes or ALL_ATTRIBUTES in attributes] }) result_code = 0 message = '' result = {'resultCode': result_code, 'matchedDN': '', 'diagnosticMessage': to_unicode(message, SERVER_ENCODING), 'referral': None } return responses[:request['sizeLimit']] if request['sizeLimit'] > 0 else responses, result def mock_extended(self, request_message, controls): # ExtendedRequest ::= [APPLICATION 23] SEQUENCE { # requestName [0] LDAPOID, # requestValue [1] OCTET STRING OPTIONAL } # # ExtendedResponse ::= [APPLICATION 24] SEQUENCE { # COMPONENTS OF LDAPResult, # responseName [10] LDAPOID OPTIONAL, # responseValue [11] OCTET STRING OPTIONAL } # # IntermediateResponse ::= [APPLICATION 25] SEQUENCE { # responseName [0] LDAPOID OPTIONAL, # responseValue [1] OCTET STRING OPTIONAL } request = extended_request_to_dict(request_message) result_code = RESULT_UNWILLING_TO_PERFORM message = 'not implemented' response_name = None response_value = None if self.connection.server.info: for extension in self.connection.server.info.supported_extensions: if request['name'] == extension[0]: # server can answer the extended request if extension[0] == '2.16.840.1.113719.1.27.100.31': # getBindDNRequest [NOVELL] result_code = 0 message = '' response_name = '2.16.840.1.113719.1.27.100.32' # getBindDNResponse [NOVELL] response_value = OctetString(self.bound) elif extension[0] == '1.3.6.1.4.1.4203.1.11.3': # WhoAmI [RFC4532] result_code = 0 message = '' response_name = '1.3.6.1.4.1.4203.1.11.3' # WhoAmI [RFC4532] response_value = OctetString(self.bound) break return {'resultCode': result_code, 'matchedDN': '', 'diagnosticMessage': to_unicode(message, SERVER_ENCODING), 'referral': None, 'responseName': response_name, 'responseValue': response_value } def evaluate_filter_node(self, node, candidates): """After evaluation each 2 sets are added to each MATCH node, one for the matched object and one for unmatched object. The unmatched object set is needed if a superior node is a NOT that reverts the evaluation. The BOOLEAN nodes mix the sets returned by the MATCH nodes""" node.matched = set() node.unmatched = set() if node.elements: for element in node.elements: self.evaluate_filter_node(element, candidates) if node.tag == ROOT: return node.elements[0].matched elif node.tag == AND: first_element = node.elements[0] node.matched.update(first_element.matched) node.unmatched.update(first_element.unmatched) for element in node.elements[1:]: node.matched.intersection_update(element.matched) node.unmatched.intersection_update(element.unmatched) elif node.tag == OR: for element in node.elements: node.matched.update(element.matched) node.unmatched.update(element.unmatched) elif node.tag == NOT: node.matched = node.elements[0].unmatched node.unmatched = node.elements[0].matched elif node.tag == MATCH_GREATER_OR_EQUAL: attr_name = node.assertion['attr'] attr_value = node.assertion['value'] for candidate in candidates: if attr_name in self.connection.server.dit[candidate]: for value in self.connection.server.dit[candidate][attr_name]: if value.isdigit() and attr_value.isdigit(): # int comparison if int(value) >= int(attr_value): node.matched.add(candidate) else: node.unmatched.add(candidate) else: if to_unicode(value, SERVER_ENCODING).lower() >= to_unicode(attr_value, SERVER_ENCODING).lower(): # case insensitive string comparison node.matched.add(candidate) else: node.unmatched.add(candidate) elif node.tag == MATCH_LESS_OR_EQUAL: attr_name = node.assertion['attr'] attr_value = node.assertion['value'] for candidate in candidates: if attr_name in self.connection.server.dit[candidate]: for value in self.connection.server.dit[candidate][attr_name]: if value.isdigit() and attr_value.isdigit(): # int comparison if int(value) <= int(attr_value): node.matched.add(candidate) else: node.unmatched.add(candidate) else: if to_unicode(value, SERVER_ENCODING).lower() <= to_unicode(attr_value, SERVER_ENCODING).lower(): # case insentive string comparison node.matched.add(candidate) else: node.unmatched.add(candidate) elif node.tag == MATCH_EXTENSIBLE: self.connection.last_error = 'Extensible match not allowed in Mock strategy' if log_enabled(ERROR): log(ERROR, '<%s> for <%s>', self.connection.last_error, self.connection) raise LDAPDefinitionError(self.connection.last_error) elif node.tag == MATCH_PRESENT: attr_name = node.assertion['attr'] for candidate in candidates: if attr_name in self.connection.server.dit[candidate]: node.matched.add(candidate) else: node.unmatched.add(candidate) elif node.tag == MATCH_SUBSTRING: attr_name = node.assertion['attr'] # rebuild the original substring filter if 'initial' in node.assertion and node.assertion['initial'] is not None: substring_filter = re.escape(to_unicode(node.assertion['initial'], SERVER_ENCODING)) else: substring_filter = '' if 'any' in node.assertion and node.assertion['any'] is not None: for middle in node.assertion['any']: substring_filter += '.*' + re.escape(to_unicode(middle, SERVER_ENCODING)) if 'final' in node.assertion and node.assertion['final'] is not None: substring_filter += '.*' + re.escape(to_unicode(node.assertion['final'], SERVER_ENCODING)) if substring_filter and not node.assertion.get('any', None) and not node.assertion.get('final', None): # only initial, adds .* substring_filter += '.*' regex_filter = re.compile(substring_filter, flags=re.UNICODE | re.IGNORECASE) # unicode AND ignorecase for candidate in candidates: if attr_name in self.connection.server.dit[candidate]: for value in self.connection.server.dit[candidate][attr_name]: if regex_filter.match(to_unicode(value, SERVER_ENCODING)): node.matched.add(candidate) else: node.unmatched.add(candidate) else: node.unmatched.add(candidate) elif node.tag == MATCH_EQUAL or node.tag == MATCH_APPROX: attr_name = node.assertion['attr'] attr_value = node.assertion['value'] for candidate in candidates: # if attr_name in self.connection.server.dit[candidate] and attr_value in self.connection.server.dit[candidate][attr_name]: if attr_name in self.connection.server.dit[candidate] and self.equal(candidate, attr_name, attr_value): node.matched.add(candidate) # elif attr_name in self.connection.server.dit[candidate]: # tries to apply formatters # formatted_values = format_attribute_values(self.connection.server.schema, attr_name, self.connection.server.dit[candidate][attr_name], None) # if not isinstance(formatted_values, SEQUENCE_TYPES): # formatted_values = [formatted_values] # # if attr_value.decode(SERVER_ENCODING) in formatted_values: # attributes values should be returned in utf-8 # if self.equal(attr_name, attr_value.decode(SERVER_ENCODING), formatted_values): # attributes values should be returned in utf-8 # node.matched.add(candidate) # else: # node.unmatched.add(candidate) else: node.unmatched.add(candidate) def equal(self, dn, attribute, value): # value is the value to match attribute_values = self.connection.server.dit[dn][attribute] if not isinstance(attribute_values, SEQUENCE_TYPES): attribute_values = [attribute_values] for attribute_value in attribute_values: if self._check_equality(value, attribute_value): return True # if not found tries to apply formatters formatted_values = format_attribute_values(self.connection.server.schema, attribute, attribute_values, None) if not isinstance(formatted_values, SEQUENCE_TYPES): formatted_values = [formatted_values] for attribute_value in formatted_values: if self._check_equality(value, attribute_value): return True return False @staticmethod def _check_equality(value1, value2): if str(value1).isdigit() and str(value2).isdigit(): if int(value1) == int(value2): # int comparison return True try: if to_unicode(value1, SERVER_ENCODING).lower() == to_unicode(value2, SERVER_ENCODING).lower(): # case insensitive comparison return True except UnicodeError: pass return False def send(self, message_type, request, controls=None): self.connection.request = self.decode_request(message_type, request, controls) if self.connection.listening: message_id = self.connection.server.next_message_id() if self.connection.usage: # ldap message is built for updating metrics only ldap_message = LDAPMessage() ldap_message['messageID'] = MessageID(message_id) ldap_message['protocolOp'] = ProtocolOp().setComponentByName(message_type, request) message_controls = build_controls_list(controls) if message_controls is not None: ldap_message['controls'] = message_controls asn1_request = BaseStrategy.decode_request(message_type, request, controls) self.connection._usage.update_transmitted_message(asn1_request, len(encode(ldap_message))) return message_id, message_type, request, controls else: self.connection.last_error = 'unable to send message, connection is not open' if log_enabled(ERROR): log(ERROR, '<%s> for <%s>', self.connection.last_error, self.connection) raise LDAPSocketOpenError(self.connection.last_error) ldap3-2.4.1/ldap3/strategy/mockSync.py0000666000000000000000000001622313226436321015666 0ustar 00000000000000""" """ # Created on 2014.11.17 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from ..core.results import DO_NOT_RAISE_EXCEPTIONS from .mockBase import MockBaseStrategy from .. import ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTES, NO_ATTRIBUTES from .sync import SyncStrategy from ..operation.bind import bind_response_to_dict from ..operation.delete import delete_response_to_dict from ..operation.add import add_response_to_dict from ..operation.compare import compare_response_to_dict from ..operation.modifyDn import modify_dn_response_to_dict from ..operation.modify import modify_response_to_dict from ..operation.search import search_result_done_response_to_dict, search_result_entry_response_to_dict from ..operation.extended import extended_response_to_dict from ..core.exceptions import LDAPSocketOpenError, LDAPOperationResult from ..utils.log import log, log_enabled, ERROR, PROTOCOL class MockSyncStrategy(MockBaseStrategy, SyncStrategy): # class inheritance sequence is important, MockBaseStrategy must be the first one """ This strategy create a mock LDAP server, with synchronous access It can be useful to test LDAP without accessing a real Server """ def __init__(self, ldap_connection): SyncStrategy.__init__(self, ldap_connection) MockBaseStrategy.__init__(self) def post_send_search(self, payload): message_id, message_type, request, controls = payload self.connection.response = [] self.connection.result = dict() if message_type == 'searchRequest': responses, result = self.mock_search(request, controls) for entry in responses: response = search_result_entry_response_to_dict(entry, self.connection.server.schema, self.connection.server.custom_formatter, self.connection.check_names) response['type'] = 'searchResEntry' ### if self.connection.empty_attributes: for attribute_type in request['attributes']: attribute_name = str(attribute_type) if attribute_name not in response['raw_attributes'] and attribute_name not in (ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTES, NO_ATTRIBUTES): response['raw_attributes'][attribute_name] = list() response['attributes'][attribute_name] = list() if log_enabled(PROTOCOL): log(PROTOCOL, 'attribute set to empty list for missing attribute <%s> in <%s>', attribute_type, self) if not self.connection.auto_range: attrs_to_remove = [] # removes original empty attribute in case a range tag is returned for attribute_type in response['attributes']: attribute_name = str(attribute_type) if ';range' in attribute_name.lower(): orig_attr, _, _ = attribute_name.partition(';') attrs_to_remove.append(orig_attr) for attribute_type in attrs_to_remove: if log_enabled(PROTOCOL): log(PROTOCOL, 'attribute type <%s> removed in response because of same attribute returned as range by the server in <%s>', attribute_type, self) del response['raw_attributes'][attribute_type] del response['attributes'][attribute_type] ### self.connection.response.append(response) result = search_result_done_response_to_dict(result) result['type'] = 'searchResDone' self.connection.result = result if self.connection.raise_exceptions and result and result['result'] not in DO_NOT_RAISE_EXCEPTIONS: if log_enabled(PROTOCOL): log(PROTOCOL, 'operation result <%s> for <%s>', result, self.connection) raise LDAPOperationResult(result=result['result'], description=result['description'], dn=result['dn'], message=result['message'], response_type=result['type']) return self.connection.response def post_send_single_response(self, payload): # payload is a tuple sent by self.send() made of message_type, request, controls message_id, message_type, request, controls = payload responses = [] result = None if message_type == 'bindRequest': result = bind_response_to_dict(self.mock_bind(request, controls)) result['type'] = 'bindResponse' elif message_type == 'unbindRequest': self.bound = None elif message_type == 'abandonRequest': pass elif message_type == 'delRequest': result = delete_response_to_dict(self.mock_delete(request, controls)) result['type'] = 'delResponse' elif message_type == 'addRequest': result = add_response_to_dict(self.mock_add(request, controls)) result['type'] = 'addResponse' elif message_type == 'compareRequest': result = compare_response_to_dict(self.mock_compare(request, controls)) result['type'] = 'compareResponse' elif message_type == 'modDNRequest': result = modify_dn_response_to_dict(self.mock_modify_dn(request, controls)) result['type'] = 'modDNResponse' elif message_type == 'modifyRequest': result = modify_response_to_dict(self.mock_modify(request, controls)) result['type'] = 'modifyResponse' elif message_type == 'extendedReq': result = extended_response_to_dict(self.mock_extended(request, controls)) result['type'] = 'extendedResp' self.connection.result = result responses.append(result) if self.connection.raise_exceptions and result and result['result'] not in DO_NOT_RAISE_EXCEPTIONS: if log_enabled(PROTOCOL): log(PROTOCOL, 'operation result <%s> for <%s>', result, self.connection) raise LDAPOperationResult(result=result['result'], description=result['description'], dn=result['dn'], message=result['message'], response_type=result['type']) return responses ldap3-2.4.1/ldap3/strategy/restartable.py0000666000000000000000000003120213226436321016402 0ustar 00000000000000""" """ # Created on 2014.03.04 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from sys import exc_info from time import sleep import socket from datetime import datetime from .. import get_config_parameter from .sync import SyncStrategy from ..core.exceptions import LDAPSocketOpenError, LDAPOperationResult, LDAPMaximumRetriesError from ..utils.log import log, log_enabled, ERROR, BASIC # noinspection PyBroadException,PyProtectedMember class RestartableStrategy(SyncStrategy): def __init__(self, ldap_connection): SyncStrategy.__init__(self, ldap_connection) self.sync = True self.no_real_dsa = False self.pooled = False self.can_stream = False self.restartable_sleep_time = get_config_parameter('RESTARTABLE_SLEEPTIME') self.restartable_tries = get_config_parameter('RESTARTABLE_TRIES') self._restarting = False self._last_bind_controls = None self._current_message_type = None self._current_request = None self._current_controls = None self._restart_tls = None self.exception_history = [] def open(self, reset_usage=False, read_server_info=True): SyncStrategy.open(self, reset_usage, read_server_info) def _open_socket(self, address, use_ssl=False, unix_socket=False): """ Try to open and connect a socket to a Server raise LDAPExceptionError if unable to open or connect socket if connection is restartable tries for the number of restarting requested or forever """ try: SyncStrategy._open_socket(self, address, use_ssl, unix_socket) # try to open socket using SyncWait self._reset_exception_history() return except Exception as e: # machinery for restartable connection if log_enabled(ERROR): log(ERROR, '<%s> while restarting <%s>', e, self.connection) self._add_exception_to_history() if not self._restarting: # if not already performing a restart self._restarting = True counter = self.restartable_tries while counter > 0: # includes restartable_tries == True if log_enabled(BASIC): log(BASIC, 'try #%d to open Restartable connection <%s>', self.restartable_tries - counter, self.connection) sleep(self.restartable_sleep_time) if not self.connection.closed: try: # resetting connection self.connection.unbind() except (socket.error, LDAPSocketOpenError): # don't trace catch socket errors because socket could already be closed pass except Exception: self._add_exception_to_history() try: # reissuing same operation if self.connection.server_pool: new_server = self.connection.server_pool.get_server(self.connection) # get a server from the server_pool if available if self.connection.server != new_server: self.connection.server = new_server if self.connection.usage: self.connection._usage.servers_from_pool += 1 SyncStrategy._open_socket(self, address, use_ssl, unix_socket) # calls super (not restartable) _open_socket() if self.connection.usage: self.connection._usage.restartable_successes += 1 self.connection.closed = False self._restarting = False self._reset_exception_history() return except Exception as e: if log_enabled(ERROR): log(ERROR, '<%s> while restarting <%s>', e, self.connection) self._add_exception_to_history() if self.connection.usage: self.connection._usage.restartable_failures += 1 if not isinstance(self.restartable_tries, bool): counter -= 1 self._restarting = False self.connection.last_error = 'restartable connection strategy failed while opening socket' if log_enabled(ERROR): log(ERROR, '<%s> for <%s>', self.connection.last_error, self.connection) raise LDAPMaximumRetriesError(self.connection.last_error, self.exception_history, self.restartable_tries) def send(self, message_type, request, controls=None): self._current_message_type = message_type self._current_request = request self._current_controls = controls if not self._restart_tls: # RFCs doesn't define how to stop tls once started self._restart_tls = self.connection.tls_started if message_type == 'bindRequest': # stores controls used in bind operation to be used again when restarting the connection self._last_bind_controls = controls try: message_id = SyncStrategy.send(self, message_type, request, controls) # tries to send using SyncWait self._reset_exception_history() return message_id except Exception as e: if log_enabled(ERROR): log(ERROR, '<%s> while restarting <%s>', e, self.connection) self._add_exception_to_history() if not self._restarting: # machinery for restartable connection self._restarting = True counter = self.restartable_tries while counter > 0: if log_enabled(BASIC): log(BASIC, 'try #%d to send in Restartable connection <%s>', self.restartable_tries - counter, self.connection) sleep(self.restartable_sleep_time) if not self.connection.closed: try: # resetting connection self.connection.unbind() except (socket.error, LDAPSocketOpenError): # don't trace socket errors because socket could already be closed pass except Exception as e: if log_enabled(ERROR): log(ERROR, '<%s> while restarting <%s>', e, self.connection) self._add_exception_to_history() failure = False try: # reopening connection self.connection.open(reset_usage=False, read_server_info=False) if self._restart_tls: # restart tls if start_tls was previously used self.connection.start_tls(read_server_info=False) if message_type != 'bindRequest': self.connection.bind(read_server_info=False, controls=self._last_bind_controls) # binds with previously used controls unless the request is already a bindRequest if not self.connection.server.schema and not self.connection.server.info: self.connection.refresh_server_info() else: self.connection._fire_deferred(read_info=False) # in case of lazy connection, not open by the refresh_server_info except Exception as e: if log_enabled(ERROR): log(ERROR, '<%s> while restarting <%s>', e, self.connection) self._add_exception_to_history() failure = True if not failure: try: # reissuing same operation ret_value = self.connection.send(message_type, request, controls) if self.connection.usage: self.connection._usage.restartable_successes += 1 self._restarting = False self._reset_exception_history() return ret_value # successful send except Exception as e: if log_enabled(ERROR): log(ERROR, '<%s> while restarting <%s>', e, self.connection) self._add_exception_to_history() failure = True if failure and self.connection.usage: self.connection._usage.restartable_failures += 1 if not isinstance(self.restartable_tries, bool): counter -= 1 self._restarting = False self.connection.last_error = 'restartable connection failed to send' if log_enabled(ERROR): log(ERROR, '<%s> for <%s>', self.connection.last_error, self.connection) raise LDAPMaximumRetriesError(self.connection.last_error, self.exception_history, self.restartable_tries) def post_send_single_response(self, message_id): try: ret_value = SyncStrategy.post_send_single_response(self, message_id) self._reset_exception_history() return ret_value except Exception as e: if log_enabled(ERROR): log(ERROR, '<%s> while restarting <%s>', e, self.connection) self._add_exception_to_history() # if an LDAPExceptionError is raised then resend the request try: ret_value = SyncStrategy.post_send_single_response(self, self.send(self._current_message_type, self._current_request, self._current_controls)) self._reset_exception_history() return ret_value except Exception as e: if log_enabled(ERROR): log(ERROR, '<%s> while restarting <%s>', e, self.connection) self._add_exception_to_history() exc = e if exc: if not isinstance(exc, LDAPOperationResult): self.connection.last_error = 'restartable connection strategy failed in post_send_single_response' if log_enabled(ERROR): log(ERROR, '<%s> for <%s>', self.connection.last_error, self.connection) raise exc def post_send_search(self, message_id): try: ret_value = SyncStrategy.post_send_search(self, message_id) self._reset_exception_history() return ret_value except Exception as e: if log_enabled(ERROR): log(ERROR, '<%s> while restarting <%s>', e, self.connection) self._add_exception_to_history() # if an LDAPExceptionError is raised then resend the request try: ret_value = SyncStrategy.post_send_search(self, self.connection.send(self._current_message_type, self._current_request, self._current_controls)) self._reset_exception_history() return ret_value except Exception as e: if log_enabled(ERROR): log(ERROR, '<%s> while restarting <%s>', e, self.connection) self._add_exception_to_history() exc = e if exc: if not isinstance(exc, LDAPOperationResult): self.connection.last_error = exc.args if log_enabled(ERROR): log(ERROR, '<%s> for <%s>', self.connection.last_error, self.connection) raise exc def _add_exception_to_history(self): if not isinstance(self.restartable_tries, bool): # doesn't accumulate when restarting forever if not isinstance(exc_info()[1], LDAPMaximumRetriesError): # doesn't add the LDAPMaximumRetriesError exception self.exception_history.append((datetime.now(), exc_info()[0], exc_info()[1])) def _reset_exception_history(self): if self.exception_history: self.exception_history = [] def get_stream(self): raise NotImplementedError def set_stream(self, value): raise NotImplementedError ldap3-2.4.1/ldap3/strategy/reusable.py0000666000000000000000000005731213230600634015701 0ustar 00000000000000""" """ # Created on 2014.03.23 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from datetime import datetime from os import linesep from threading import Thread, Lock from time import sleep from .. import RESTARTABLE, get_config_parameter, AUTO_BIND_NONE, AUTO_BIND_NO_TLS, AUTO_BIND_TLS_AFTER_BIND, AUTO_BIND_TLS_BEFORE_BIND from .base import BaseStrategy from ..core.usage import ConnectionUsage from ..core.exceptions import LDAPConnectionPoolNameIsMandatoryError, LDAPConnectionPoolNotStartedError, LDAPOperationResult, LDAPExceptionError, LDAPResponseTimeoutError from ..utils.log import log, log_enabled, ERROR, BASIC from ..protocol.rfc4511 import LDAP_MAX_INT TERMINATE_REUSABLE = 'TERMINATE_REUSABLE_CONNECTION' BOGUS_BIND = -1 BOGUS_UNBIND = -2 BOGUS_EXTENDED = -3 BOGUS_ABANDON = -4 try: from queue import Queue, Empty except ImportError: # Python 2 # noinspection PyUnresolvedReferences from Queue import Queue, Empty # noinspection PyProtectedMember class ReusableStrategy(BaseStrategy): """ A pool of reusable SyncWaitRestartable connections with lazy behaviour and limited lifetime. The connection using this strategy presents itself as a normal connection, but internally the strategy has a pool of connections that can be used as needed. Each connection lives in its own thread and has a busy/available status. The strategy performs the requested operation on the first available connection. The pool of connections is instantiated at strategy initialization. Strategy has two customizable properties, the total number of connections in the pool and the lifetime of each connection. When lifetime is expired the connection is closed and will be open again when needed. """ def receiving(self): raise NotImplementedError def _start_listen(self): raise NotImplementedError def _get_response(self, message_id): raise NotImplementedError def get_stream(self): raise NotImplementedError def set_stream(self, value): raise NotImplementedError pools = dict() # noinspection PyProtectedMember class ConnectionPool(object): """ Container for the Connection Threads """ def __new__(cls, connection): if connection.pool_name in ReusableStrategy.pools: # returns existing connection pool pool = ReusableStrategy.pools[connection.pool_name] if not pool.started: # if pool is not started remove it from the pools singleton and create a new onw del ReusableStrategy.pools[connection.pool_name] return object.__new__(cls) if connection.pool_keepalive and pool.keepalive != connection.pool_keepalive: # change lifetime pool.keepalive = connection.pool_keepalive if connection.pool_lifetime and pool.lifetime != connection.pool_lifetime: # change keepalive pool.lifetime = connection.pool_lifetime if connection.pool_size and pool.pool_size != connection.pool_size: # if pool size has changed terminate and recreate the connections pool.terminate_pool() pool.pool_size = connection.pool_size return pool else: return object.__new__(cls) def __init__(self, connection): if not hasattr(self, 'workers'): self.name = connection.pool_name self.master_connection = connection self.workers = [] self.pool_size = connection.pool_size or get_config_parameter('REUSABLE_THREADED_POOL_SIZE') self.lifetime = connection.pool_lifetime or get_config_parameter('REUSABLE_THREADED_LIFETIME') self.keepalive = connection.pool_keepalive self.request_queue = Queue() self.open_pool = False self.bind_pool = False self.tls_pool = False self._incoming = dict() self.counter = 0 self.terminated_usage = ConnectionUsage() if connection._usage else None self.terminated = False self.pool_lock = Lock() ReusableStrategy.pools[self.name] = self self.started = False if log_enabled(BASIC): log(BASIC, 'instantiated ConnectionPool: <%r>', self) def __str__(self): s = 'POOL: ' + str(self.name) + ' - status: ' + ('started' if self.started else 'terminated') s += ' - responses in queue: ' + str(len(self._incoming)) s += ' - pool size: ' + str(self.pool_size) s += ' - lifetime: ' + str(self.lifetime) s += ' - keepalive: ' + str(self.keepalive) s += ' - open: ' + str(self.open_pool) s += ' - bind: ' + str(self.bind_pool) s += ' - tls: ' + str(self.tls_pool) + linesep s += 'MASTER CONN: ' + str(self.master_connection) + linesep s += 'WORKERS:' if self.workers: for i, worker in enumerate(self.workers): s += linesep + str(i).rjust(5) + ': ' + str(worker) else: s += linesep + ' no active workers in pool' return s def __repr__(self): return self.__str__() def get_info_from_server(self): for worker in self.workers: with worker.worker_lock: if not worker.connection.server.schema or not worker.connection.server.info: worker.get_info_from_server = True else: worker.get_info_from_server = False def rebind_pool(self): for worker in self.workers: with worker.worker_lock: worker.connection.rebind(self.master_connection.user, self.master_connection.password, self.master_connection.authentication, self.master_connection.sasl_mechanism, self.master_connection.sasl_credentials) def start_pool(self): if not self.started: self.create_pool() for worker in self.workers: with worker.worker_lock: worker.thread.start() self.started = True self.terminated = False if log_enabled(BASIC): log(BASIC, 'worker started for pool <%s>', self) return True return False def create_pool(self): if log_enabled(BASIC): log(BASIC, 'created pool <%s>', self) self.workers = [ReusableStrategy.PooledConnectionWorker(self.master_connection, self.request_queue) for _ in range(self.pool_size)] def terminate_pool(self): if not self.terminated: if log_enabled(BASIC): log(BASIC, 'terminating pool <%s>', self) self.started = False self.request_queue.join() # waits for all queue pending operations for _ in range(len([worker for worker in self.workers if worker.thread.is_alive()])): # put a TERMINATE signal on the queue for each active thread self.request_queue.put((TERMINATE_REUSABLE, None, None, None)) self.request_queue.join() # waits for all queue terminate operations self.terminated = True if log_enabled(BASIC): log(BASIC, 'pool terminated for <%s>', self) class PooledConnectionThread(Thread): """ The thread that holds the Reusable connection and receive operation request via the queue Result are sent back in the pool._incoming list when ready """ def __init__(self, worker, master_connection): Thread.__init__(self) self.daemon = True self.worker = worker self.master_connection = master_connection if log_enabled(BASIC): log(BASIC, 'instantiated PooledConnectionThread: <%r>', self) # noinspection PyProtectedMember def run(self): self.worker.running = True terminate = False pool = self.master_connection.strategy.pool while not terminate: try: counter, message_type, request, controls = pool.request_queue.get(block=True, timeout=self.master_connection.strategy.pool.keepalive) except Empty: # issue an Abandon(0) operation to keep the connection live - Abandon(0) is a harmless operation if not self.worker.connection.closed: self.worker.connection.abandon(0) continue with self.worker.worker_lock: self.worker.busy = True if counter == TERMINATE_REUSABLE: terminate = True if self.worker.connection.bound: try: self.worker.connection.unbind() if log_enabled(BASIC): log(BASIC, 'thread terminated') except LDAPExceptionError: pass else: if (datetime.now() - self.worker.creation_time).seconds >= self.master_connection.strategy.pool.lifetime: # destroy and create a new connection try: self.worker.connection.unbind() except LDAPExceptionError: pass self.worker.new_connection() if log_enabled(BASIC): log(BASIC, 'thread respawn') if message_type not in ['bindRequest', 'unbindRequest']: if pool.open_pool and self.worker.connection.closed: self.worker.connection.open(read_server_info=False) if pool.tls_pool and not self.worker.connection.tls_started: self.worker.connection.start_tls(read_server_info=False) if pool.bind_pool and not self.worker.connection.bound: self.worker.connection.bind(read_server_info=False) elif pool.open_pool and not self.worker.connection.closed: # connection already open, issues a start_tls if pool.tls_pool and not self.worker.connection.tls_started: self.worker.connection.start_tls(read_server_info=False) if self.worker.get_info_from_server and counter: self.worker.connection._fire_deferred() self.worker.get_info_from_server = False exc = None response = None result = None try: if message_type == 'searchRequest': response = self.worker.connection.post_send_search(self.worker.connection.send(message_type, request, controls)) else: response = self.worker.connection.post_send_single_response(self.worker.connection.send(message_type, request, controls)) result = self.worker.connection.result except LDAPOperationResult as e: # raise_exceptions has raised an exception. It must be redirected to the original connection thread exc = e with pool.pool_lock: if exc: pool._incoming[counter] = (exc, None, None) else: pool._incoming[counter] = (response, result, BaseStrategy.decode_request(message_type, request, controls)) self.worker.busy = False pool.request_queue.task_done() self.worker.task_counter += 1 if log_enabled(BASIC): log(BASIC, 'thread terminated') if self.master_connection.usage: pool.terminated_usage += self.worker.connection.usage self.worker.running = False class PooledConnectionWorker(object): """ Container for the restartable connection. it includes a thread and a lock to execute the connection in the pool """ def __init__(self, connection, request_queue): self.master_connection = connection self.request_queue = request_queue self.running = False self.busy = False self.get_info_from_server = False self.connection = None self.creation_time = None self.new_connection() self.task_counter = 0 self.thread = ReusableStrategy.PooledConnectionThread(self, self.master_connection) self.worker_lock = Lock() if log_enabled(BASIC): log(BASIC, 'instantiated PooledConnectionWorker: <%s>', self) def __str__(self): s = 'CONN: ' + str(self.connection) + linesep + ' THREAD: ' s += 'running' if self.running else 'halted' s += ' - ' + ('busy' if self.busy else 'available') s += ' - ' + ('created at: ' + self.creation_time.isoformat()) s += ' - time to live: ' + str(self.master_connection.strategy.pool.lifetime - (datetime.now() - self.creation_time).seconds) s += ' - requests served: ' + str(self.task_counter) return s def new_connection(self): from ..core.connection import Connection # noinspection PyProtectedMember self.connection = Connection(server=self.master_connection.server_pool if self.master_connection.server_pool else self.master_connection.server, user=self.master_connection.user, password=self.master_connection.password, auto_bind=AUTO_BIND_NONE, # do not perform auto_bind because it reads again the schema version=self.master_connection.version, authentication=self.master_connection.authentication, client_strategy=RESTARTABLE, auto_referrals=self.master_connection.auto_referrals, auto_range=self.master_connection.auto_range, sasl_mechanism=self.master_connection.sasl_mechanism, sasl_credentials=self.master_connection.sasl_credentials, check_names=self.master_connection.check_names, collect_usage=self.master_connection._usage, read_only=self.master_connection.read_only, raise_exceptions=self.master_connection.raise_exceptions, lazy=False, fast_decoder=self.master_connection.fast_decoder, receive_timeout=self.master_connection.receive_timeout, return_empty_attributes=self.master_connection.empty_attributes) # simulates auto_bind, always with read_server_info=False if self.master_connection.auto_bind and self.master_connection.auto_bind != AUTO_BIND_NONE: if log_enabled(BASIC): log(BASIC, 'performing automatic bind for <%s>', self.connection) self.connection.open(read_server_info=False) if self.master_connection.auto_bind == AUTO_BIND_NO_TLS: self.connection.bind(read_server_info=False) elif self.master_connection.auto_bind == AUTO_BIND_TLS_BEFORE_BIND: self.connection.start_tls(read_server_info=False) self.connection.bind(read_server_info=False) elif self.master_connection.auto_bind == AUTO_BIND_TLS_AFTER_BIND: self.connection.bind(read_server_info=False) self.connection.start_tls(read_server_info=False) if self.master_connection.server_pool: self.connection.server_pool = self.master_connection.server_pool self.connection.server_pool.initialize(self.connection) self.creation_time = datetime.now() # ReusableStrategy methods def __init__(self, ldap_connection): BaseStrategy.__init__(self, ldap_connection) self.sync = False self.no_real_dsa = False self.pooled = True self.can_stream = False if hasattr(ldap_connection, 'pool_name') and ldap_connection.pool_name: self.pool = ReusableStrategy.ConnectionPool(ldap_connection) else: if log_enabled(ERROR): log(ERROR, 'reusable connection must have a pool_name') raise LDAPConnectionPoolNameIsMandatoryError('reusable connection must have a pool_name') def open(self, reset_usage=True, read_server_info=True): # read_server_info not used self.pool.open_pool = True self.pool.start_pool() self.connection.closed = False if self.connection.usage: if reset_usage or not self.connection._usage.initial_connection_start_time: self.connection._usage.start() def terminate(self): self.pool.terminate_pool() self.pool.open_pool = False self.connection.bound = False self.connection.closed = True self.pool.bind_pool = False self.pool.tls_pool = False def _close_socket(self): """ Doesn't really close the socket """ self.connection.closed = True if self.connection.usage: self.connection._usage.closed_sockets += 1 def send(self, message_type, request, controls=None): if self.pool.started: if message_type == 'bindRequest': self.pool.bind_pool = True counter = BOGUS_BIND elif message_type == 'unbindRequest': self.pool.bind_pool = False counter = BOGUS_UNBIND elif message_type == 'abandonRequest': counter = BOGUS_ABANDON elif message_type == 'extendedReq' and self.connection.starting_tls: self.pool.tls_pool = True counter = BOGUS_EXTENDED else: with self.pool.pool_lock: self.pool.counter += 1 if self.pool.counter > LDAP_MAX_INT: self.pool.counter = 1 counter = self.pool.counter self.pool.request_queue.put((counter, message_type, request, controls)) return counter if log_enabled(ERROR): log(ERROR, 'reusable connection pool not started') raise LDAPConnectionPoolNotStartedError('reusable connection pool not started') def validate_bind(self, controls): temp_connection = self.pool.workers[0].connection temp_connection.lazy = False if not self.connection.server.schema or not self.connection.server.info: result = self.pool.workers[0].connection.bind(controls=controls) else: result = self.pool.workers[0].connection.bind(controls=controls, read_server_info=False) temp_connection.unbind() temp_connection.lazy = True if result: self.pool.bind_pool = True # bind pool if bind is validated return result def get_response(self, counter, timeout=None, get_request=False): sleeptime = get_config_parameter('RESPONSE_SLEEPTIME') request=None if timeout is None: timeout = get_config_parameter('RESPONSE_WAITING_TIMEOUT') if counter == BOGUS_BIND: # send a bogus bindResponse response = list() result = {'description': 'success', 'referrals': None, 'type': 'bindResponse', 'result': 0, 'dn': '', 'message': '', 'saslCreds': None} elif counter == BOGUS_UNBIND: # bogus unbind response response = None result = None elif counter == BOGUS_ABANDON: # abandon cannot be executed because of multiple connections response = list() result = {'result': 0, 'referrals': None, 'responseName': '1.3.6.1.4.1.1466.20037', 'type': 'extendedResp', 'description': 'success', 'responseValue': 'None', 'dn': '', 'message': ''} elif counter == BOGUS_EXTENDED: # bogus startTls extended response response = list() result = {'result': 0, 'referrals': None, 'responseName': '1.3.6.1.4.1.1466.20037', 'type': 'extendedResp', 'description': 'success', 'responseValue': 'None', 'dn': '', 'message': ''} self.connection.starting_tls = False else: response = None result = None while timeout >= 0: # waiting for completed message to appear in _incoming try: with self.connection.strategy.pool.pool_lock: response, result, request = self.connection.strategy.pool._incoming.pop(counter) except KeyError: sleep(sleeptime) timeout -= sleeptime continue break if timeout <= 0: if log_enabled(ERROR): log(ERROR, 'no response from worker threads in Reusable connection') raise LDAPResponseTimeoutError('no response from worker threads in Reusable connection') if isinstance(response, LDAPOperationResult): raise response # an exception has been raised with raise_exceptions if get_request: return response, result, request return response, result def post_send_single_response(self, counter): return counter def post_send_search(self, counter): return counter ldap3-2.4.1/ldap3/strategy/sync.py0000666000000000000000000002503613226436321015056 0ustar 00000000000000""" """ # Created on 2013.07.15 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import socket from .. import SEQUENCE_TYPES, get_config_parameter from ..core.exceptions import LDAPSocketReceiveError, communication_exception_factory, LDAPExceptionError, LDAPExtensionError, LDAPOperationResult from ..strategy.base import BaseStrategy, SESSION_TERMINATED_BY_SERVER, RESPONSE_COMPLETE, TRANSACTION_ERROR from ..protocol.rfc4511 import LDAPMessage from ..utils.log import log, log_enabled, ERROR, NETWORK, EXTENDED, format_ldap_message from ..utils.asn1 import decoder, decode_message_fast LDAP_MESSAGE_TEMPLATE = LDAPMessage() # noinspection PyProtectedMember class SyncStrategy(BaseStrategy): """ This strategy is synchronous. You send the request and get the response Requests return a boolean value to indicate the result of the requested Operation Connection.response will contain the whole LDAP response for the messageId requested in a dict form Connection.request will contain the result LDAP message in a dict form """ def __init__(self, ldap_connection): BaseStrategy.__init__(self, ldap_connection) self.sync = True self.no_real_dsa = False self.pooled = False self.can_stream = False self.socket_size = get_config_parameter('SOCKET_SIZE') def open(self, reset_usage=True, read_server_info=True): BaseStrategy.open(self, reset_usage, read_server_info) if read_server_info: try: self.connection.refresh_server_info() except LDAPOperationResult: # catch errors from server if raise_exception = True self.connection.server._dsa_info = None self.connection.server._schema_info = None def _start_listen(self): if not self.connection.listening and not self.connection.closed: self.connection.listening = True def receiving(self): """ Receive data over the socket Checks if the socket is closed """ messages = [] receiving = True unprocessed = b'' data = b'' get_more_data = True exc = None while receiving: if get_more_data: try: data = self.connection.socket.recv(self.socket_size) except (OSError, socket.error, AttributeError) as e: self.connection.last_error = 'error receiving data: ' + str(e) exc = e if exc: try: # try to close the connection before raising exception self.close() except (socket.error, LDAPExceptionError): pass if log_enabled(ERROR): log(ERROR, '<%s> for <%s>', self.connection.last_error, self.connection) raise communication_exception_factory(LDAPSocketReceiveError, exc)(self.connection.last_error) unprocessed += data if len(data) > 0: length = BaseStrategy.compute_ldap_message_size(unprocessed) if length == -1: # too few data to decode message length get_more_data = True continue if len(unprocessed) < length: get_more_data = True else: if log_enabled(NETWORK): log(NETWORK, 'received %d bytes via <%s>', len(unprocessed[:length]), self.connection) messages.append(unprocessed[:length]) unprocessed = unprocessed[length:] get_more_data = False if len(unprocessed) == 0: receiving = False else: receiving = False if log_enabled(NETWORK): log(NETWORK, 'received %d ldap messages via <%s>', len(messages), self.connection) return messages def post_send_single_response(self, message_id): """ Executed after an Operation Request (except Search) Returns the result message or None """ responses, result = self.get_response(message_id) self.connection.result = result if result['type'] == 'intermediateResponse': # checks that all responses are intermediates (there should be only one) for response in responses: if response['type'] != 'intermediateResponse': self.connection.last_error = 'multiple messages received error' if log_enabled(ERROR): log(ERROR, '<%s> for <%s>', self.connection.last_error, self.connection) raise LDAPSocketReceiveError(self.connection.last_error) responses.append(result) return responses def post_send_search(self, message_id): """ Executed after a search request Returns the result message and store in connection.response the objects found """ responses, result = self.get_response(message_id) self.connection.result = result if isinstance(responses, SEQUENCE_TYPES): self.connection.response = responses[:] # copy search result entries return responses self.connection.last_error = 'error receiving response' if log_enabled(ERROR): log(ERROR, '<%s> for <%s>', self.connection.last_error, self.connection) raise LDAPSocketReceiveError(self.connection.last_error) def _get_response(self, message_id): """ Performs the capture of LDAP response for SyncStrategy """ ldap_responses = [] response_complete = False while not response_complete: responses = self.receiving() if responses: for response in responses: if len(response) > 0: if self.connection.usage: self.connection._usage.update_received_message(len(response)) if self.connection.fast_decoder: ldap_resp = decode_message_fast(response) dict_response = self.decode_response_fast(ldap_resp) else: ldap_resp, _ = decoder.decode(response, asn1Spec=LDAP_MESSAGE_TEMPLATE) # unprocessed unused because receiving() waits for the whole message dict_response = self.decode_response(ldap_resp) if log_enabled(EXTENDED): log(EXTENDED, 'ldap message received via <%s>:%s', self.connection, format_ldap_message(ldap_resp, '<<')) if int(ldap_resp['messageID']) == message_id: ldap_responses.append(dict_response) if dict_response['type'] not in ['searchResEntry', 'searchResRef', 'intermediateResponse']: response_complete = True elif int(ldap_resp['messageID']) == 0: # 0 is reserved for 'Unsolicited Notification' from server as per RFC4511 (paragraph 4.4) if dict_response['responseName'] == '1.3.6.1.4.1.1466.20036': # Notice of Disconnection as per RFC4511 (paragraph 4.4.1) return SESSION_TERMINATED_BY_SERVER elif dict_response['responseName'] == '2.16.840.1.113719.1.27.103.4': # Novell LDAP transaction error unsolicited notification return TRANSACTION_ERROR else: self.connection.last_error = 'unknown unsolicited notification from server' if log_enabled(ERROR): log(ERROR, '<%s> for <%s>', self.connection.last_error, self.connection) raise LDAPSocketReceiveError(self.connection.last_error) elif int(ldap_resp['messageID']) != message_id and dict_response['type'] == 'extendedResp': self.connection.last_error = 'multiple extended responses to a single extended request' if log_enabled(ERROR): log(ERROR, '<%s> for <%s>', self.connection.last_error, self.connection) raise LDAPExtensionError(self.connection.last_error) # pass # ignore message with invalid messageId when receiving multiple extendedResp. This is not allowed by RFC4511 but some LDAP server do it else: self.connection.last_error = 'invalid messageId received' if log_enabled(ERROR): log(ERROR, '<%s> for <%s>', self.connection.last_error, self.connection) raise LDAPSocketReceiveError(self.connection.last_error) # response = unprocessed # if response: # if this statement is removed unprocessed data will be processed as another message # self.connection.last_error = 'unprocessed substrate error' # if log_enabled(ERROR): # log(ERROR, '<%s> for <%s>', self.connection.last_error, self.connection) # raise LDAPSocketReceiveError(self.connection.last_error) else: return SESSION_TERMINATED_BY_SERVER ldap_responses.append(RESPONSE_COMPLETE) return ldap_responses def set_stream(self, value): raise NotImplementedError def get_stream(self): raise NotImplementedError ldap3-2.4.1/ldap3/strategy/__init__.py0000666000000000000000000000000012767320327015630 0ustar 00000000000000ldap3-2.4.1/ldap3/utils/0000777000000000000000000000000013231031760013012 5ustar 00000000000000ldap3-2.4.1/ldap3/utils/asn1.py0000666000000000000000000002213013230206626014230 0ustar 00000000000000""" """ # Created on 2015.08.19 # # Author: Giovanni Cannata # # Copyright 2015 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from pyasn1 import __version__ as pyasn1_version from pyasn1.codec.ber import decoder # for usage in other modules from pyasn1.codec.ber.encoder import Encoder # for monkeypatching of boolean value from ..core.results import RESULT_CODES from ..utils.conv import to_unicode from ..protocol.convert import referrals_to_list CLASSES = {(False, False): 0, # Universal (False, True): 1, # Application (True, False): 2, # Context (True, True): 3} # Private # Monkeypatching of pyasn1 for encoding Boolean with the value 0xFF for TRUE # THIS IS NOT PART OF THE FAST BER DECODER if pyasn1_version == 'xxx0.2.3': from pyasn1.codec.ber.encoder import tagMap, BooleanEncoder, encode from pyasn1.type.univ import Boolean from pyasn1.compat.octets import ints2octs class BooleanCEREncoder(BooleanEncoder): _true = ints2octs((255,)) tagMap[Boolean.tagSet] = BooleanCEREncoder() else: from pyasn1.codec.ber.encoder import tagMap, typeMap, AbstractItemEncoder from pyasn1.type.univ import Boolean from copy import deepcopy class LDAPBooleanEncoder(AbstractItemEncoder): supportIndefLenMode = False if pyasn1_version <= '0.2.3': from pyasn1.compat.octets import ints2octs _true = ints2octs((255,)) _false = ints2octs((0,)) def encodeValue(self, encodeFun, value, defMode, maxChunkSize): return value and self._true or self._false, 0 elif pyasn1_version <= '0.3.1': def encodeValue(self, encodeFun, value, defMode, maxChunkSize): return value and (255,) or (0,), False, False elif pyasn1_version <= '0.3.4': def encodeValue(self, encodeFun, value, defMode, maxChunkSize, ifNotEmpty=False): return value and (255,) or (0,), False, False elif pyasn1_version <= '0.3.7': def encodeValue(self, value, encodeFun, **options): return value and (255,) or (0,), False, False else: def encodeValue(self, value, asn1Spec, encodeFun, **options): return value and (255,) or (0,), False, False customTagMap = deepcopy(tagMap) customTypeMap = deepcopy(typeMap) customTagMap[Boolean.tagSet] = LDAPBooleanEncoder() customTypeMap[Boolean.typeId] = LDAPBooleanEncoder() encode = Encoder(customTagMap, customTypeMap) # end of monkey patching # a fast BER decoder for LDAP responses only def compute_ber_size(data): """ Compute size according to BER definite length rules Returns size of value and value offset """ if data[1] <= 127: # BER definite length - short form. Highest bit of byte 1 is 0, message length is in the last 7 bits - Value can be up to 127 bytes long return data[1], 2 else: # BER definite length - long form. Highest bit of byte 1 is 1, last 7 bits counts the number of following octets containing the value length bytes_length = data[1] - 128 value_length = 0 cont = bytes_length for byte in data[2: 2 + bytes_length]: cont -= 1 value_length += byte * (256 ** cont) return value_length, bytes_length + 2 def decode_message_fast(message): ber_len, ber_value_offset = compute_ber_size(get_bytes(message[:10])) # get start of sequence, at maximum 3 bytes for length decoded = decode_sequence(message, ber_value_offset, ber_len + ber_value_offset, LDAP_MESSAGE_CONTEXT) return { 'messageID': decoded[0][3], 'protocolOp': decoded[1][2], 'payload': decoded[1][3], 'controls': decoded[2][3] if len(decoded) == 3 else None } def decode_sequence(message, start, stop, context_decoders=None): decoded = [] while start < stop: octet = get_byte(message[start]) ber_class = CLASSES[(bool(octet & 0b10000000), bool(octet & 0b01000000))] ber_constructed = bool(octet & 0b00100000) ber_type = octet & 0b00011111 ber_decoder = DECODERS[(ber_class, octet & 0b00011111)] if ber_class < 2 else None ber_len, ber_value_offset = compute_ber_size(get_bytes(message[start: start + 10])) start += ber_value_offset if ber_decoder: value = ber_decoder(message, start, start + ber_len, context_decoders) # call value decode function else: # try: value = context_decoders[ber_type](message, start, start + ber_len) # call value decode function for context class # except KeyError: # if ber_type == 3: # Referral in result # value = decode_sequence(message, start, start + ber_len) # else: # raise # re-raise, should never happen decoded.append((ber_class, ber_constructed, ber_type, value)) start += ber_len return decoded def decode_integer(message, start, stop, context_decoders=None): first = message[start] value = -1 if get_byte(first) & 0x80 else 0 for octet in message[start: stop]: value = value << 8 | get_byte(octet) return value def decode_octet_string(message, start, stop, context_decoders=None): return message[start: stop] def decode_boolean(message, start, stop, context_decoders=None): return False if message[start: stop] == 0 else True def decode_bind_response(message, start, stop, context_decoders=None): return decode_sequence(message, start, stop, BIND_RESPONSE_CONTEXT) def decode_extended_response(message, start, stop, context_decoders=None): return decode_sequence(message, start, stop, EXTENDED_RESPONSE_CONTEXT) def decode_intermediate_response(message, start, stop, context_decoders=None): return decode_sequence(message, start, stop, INTERMEDIATE_RESPONSE_CONTEXT) def decode_controls(message, start, stop, context_decoders=None): return decode_sequence(message, start, stop, CONTROLS_CONTEXT) def ldap_result_to_dict_fast(response): response_dict = dict() response_dict['result'] = int(response[0][3]) # resultCode response_dict['description'] = RESULT_CODES[response_dict['result']] response_dict['dn'] = to_unicode(response[1][3], from_server=True) # matchedDN response_dict['message'] = to_unicode(response[2][3], from_server=True) # diagnosticMessage if len(response) == 4: response_dict['referrals'] = referrals_to_list([to_unicode(referral[3], from_server=True) for referral in response[3][3]]) # referrals else: response_dict['referrals'] = None return response_dict ###### if str is not bytes: # Python 3 def get_byte(x): return x def get_bytes(x): return x else: # Python 2 def get_byte(x): return ord(x) def get_bytes(x): return bytearray(x) DECODERS = { # Universal (0, 1): decode_boolean, # Boolean (0, 2): decode_integer, # Integer (0, 4): decode_octet_string, # Octet String (0, 10): decode_integer, # Enumerated (0, 16): decode_sequence, # Sequence (0, 17): decode_sequence, # Set # Application (1, 1): decode_bind_response, # Bind response (1, 4): decode_sequence, # Search result entry (1, 5): decode_sequence, # Search result done (1, 7): decode_sequence, # Modify response (1, 9): decode_sequence, # Add response (1, 11): decode_sequence, # Delete response (1, 13): decode_sequence, # ModifyDN response (1, 15): decode_sequence, # Compare response (1, 19): decode_sequence, # Search result reference (1, 24): decode_extended_response, # Extended response (1, 25): decode_intermediate_response, # intermediate response (2, 3): decode_octet_string # } BIND_RESPONSE_CONTEXT = { 7: decode_octet_string # SaslCredentials } EXTENDED_RESPONSE_CONTEXT = { 10: decode_octet_string, # ResponseName 11: decode_octet_string # Response Value } INTERMEDIATE_RESPONSE_CONTEXT = { 0: decode_octet_string, # IntermediateResponseName 1: decode_octet_string # IntermediateResponseValue } LDAP_MESSAGE_CONTEXT = { 0: decode_controls, # Controls 3: decode_sequence # Referral } CONTROLS_CONTEXT = { 0: decode_sequence # Control } ldap3-2.4.1/ldap3/utils/ciDict.py0000666000000000000000000001635013226436321014576 0ustar 00000000000000""" """ # Created on 2014.08.23 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import collections from .. import SEQUENCE_TYPES class CaseInsensitiveDict(collections.MutableMapping): def __init__(self, other=None, **kwargs): self._store = dict() # store use the original key self._case_insensitive_keymap = dict() # is a mapping ci_key -> key if other or kwargs: if other is None: other = dict() self.update(other, **kwargs) def __contains__(self, item): try: self.__getitem__(item) return True except KeyError: return False @staticmethod def _ci_key(key): return key.strip().lower() if hasattr(key, 'lower') else key def __delitem__(self, key): ci_key = self._ci_key(key) del self._store[self._case_insensitive_keymap[ci_key]] del self._case_insensitive_keymap[ci_key] def __setitem__(self, key, item): ci_key = self._ci_key(key) if ci_key in self._case_insensitive_keymap: # updates existing value self._store[self._case_insensitive_keymap[ci_key]] = item else: # new key self._store[key] = item self._case_insensitive_keymap[ci_key] = key def __getitem__(self, key): return self._store[self._case_insensitive_keymap[self._ci_key(key)]] def __iter__(self): return self._store.__iter__() def __len__(self): # if len is 0 then the cidict appears as False in IF statement return len(self._store) def __repr__(self): return repr(self._store) def __str__(self): return str(self._store) def keys(self): return self._store.keys() def values(self): return self._store.values() def items(self): return self._store.items() def __eq__(self, other): if not isinstance(other, (collections.Mapping, dict)): return NotImplemented if isinstance(other, CaseInsensitiveDict): if len(self.items()) != len(other.items()): return False else: for key, value in self.items(): if not (key in other and other[key] == value): return False return True return self == CaseInsensitiveDict(other) def copy(self): return CaseInsensitiveDict(self._store) class CaseInsensitiveWithAliasDict(CaseInsensitiveDict): def __init__(self, other=None, **kwargs): self._aliases = dict() self._alias_keymap = dict() # is a mapping key -> [alias1, alias2, ...] CaseInsensitiveDict.__init__(self, other, **kwargs) def aliases(self): return self._aliases.keys() def __setitem__(self, key, value): if isinstance(key, SEQUENCE_TYPES): ci_key = self._ci_key(key[0]) if ci_key not in self._aliases: CaseInsensitiveDict.__setitem__(self, key[0], value) self.set_alias(ci_key, key[1:]) else: raise KeyError('\'' + str(key[0] + ' already used as alias')) else: ci_key = self._ci_key(key) if ci_key not in self._aliases: CaseInsensitiveDict.__setitem__(self, key, value) else: self[self._aliases[ci_key]] = value def __delitem__(self, key): ci_key = self._ci_key(key) try: CaseInsensitiveDict.__delitem__(self, ci_key) if ci_key in self._alias_keymap: for alias in self._alias_keymap[ci_key][:]: # removes aliases, uses a copy of _alias_keymap because iterator gets confused when aliases are removed from _alias_keymap self.remove_alias(alias) return except KeyError: # try to remove alias if ci_key in self._aliases: self.remove_alias(ci_key) def set_alias(self, key, alias): if not isinstance(alias, SEQUENCE_TYPES): alias = [alias] for alias_to_add in alias: ci_key = self._ci_key(key) if ci_key in self._case_insensitive_keymap: ci_alias = self._ci_key(alias_to_add) if ci_alias not in self._case_insensitive_keymap: # checks if alias is used a key if ci_alias not in self._aliases: # checks if alias is used as another alias self._aliases[ci_alias] = ci_key if ci_key in self._alias_keymap: # extend alias keymap self._alias_keymap[ci_key].append(self._ci_key(ci_alias)) else: self._alias_keymap[ci_key] = list() self._alias_keymap[ci_key].append(self._ci_key(ci_alias)) else: if ci_key == self._ci_key(self._alias_keymap[ci_alias]): # passes if alias is already defined to the same key pass else: raise KeyError('\'' + str(alias_to_add) + '\' already used as alias') else: if ci_key == self._ci_key(self._case_insensitive_keymap[ci_alias]): # passes if alias is already defined to the same key pass else: raise KeyError('\'' + str(alias_to_add) + '\' already used as key') else: raise KeyError('\'' + str(ci_key) + '\' is not an existing key') def remove_alias(self, alias): if not isinstance(alias, SEQUENCE_TYPES): alias = [alias] for alias_to_remove in alias: ci_alias = self._ci_key(alias_to_remove) self._alias_keymap[self._aliases[ci_alias]].remove(ci_alias) if not self._alias_keymap[self._aliases[ci_alias]]: # remove keymap if empty del self._alias_keymap[self._aliases[ci_alias]] del self._aliases[ci_alias] def __getitem__(self, key): try: return CaseInsensitiveDict.__getitem__(self, key) except KeyError: return CaseInsensitiveDict.__getitem__(self, self._aliases[self._ci_key(key)]) def copy(self): new = CaseInsensitiveWithAliasDict(self._store) new._aliases = self._aliases.copy() new._alias_keymap = self._alias_keymap return new ldap3-2.4.1/ldap3/utils/config.py0000666000000000000000000003111613226436321014641 0ustar 00000000000000""" """ # Created on 2016.08.31 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from sys import stdin, getdefaultencoding from .. import ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTES, NO_ATTRIBUTES, SEQUENCE_TYPES from ..core.exceptions import LDAPConfigurationParameterError # checks _CLASSES_EXCLUDED_FROM_CHECK = ['subschema'] _ATTRIBUTES_EXCLUDED_FROM_CHECK = [ALL_ATTRIBUTES, ALL_OPERATIONAL_ATTRIBUTES, NO_ATTRIBUTES, 'ldapSyntaxes', 'matchingRules', 'matchingRuleUse', 'dITContentRules', 'dITStructureRules', 'nameForms', 'altServer', 'namingContexts', 'supportedControl', 'supportedExtension', 'supportedFeatures', 'supportedCapabilities', 'supportedLdapVersion', 'supportedSASLMechanisms', 'vendorName', 'vendorVersion', 'subschemaSubentry', 'ACL'] _UTF8_ENCODED_SYNTAXES = ['1.2.840.113556.1.4.904', # DN String [MICROSOFT] '1.2.840.113556.1.4.1362', # String (Case) [MICROSOFT] '1.3.6.1.4.1.1466.115.121.1.12', # DN String [RFC4517] '1.3.6.1.4.1.1466.115.121.1.15', # Directory String [RFC4517] '1.3.6.1.4.1.1466.115.121.1.41', # Postal Address) [RFC4517] '1.3.6.1.4.1.1466.115.121.1.58', # Substring Assertion [RFC4517] '2.16.840.1.113719.1.1.5.1.6', # Case Ignore List [NOVELL] '2.16.840.1.113719.1.1.5.1.14', # Tagged String [NOVELL] '2.16.840.1.113719.1.1.5.1.15', # Tagged Name and String [NOVELL] '2.16.840.1.113719.1.1.5.1.23', # Tagged Name [NOVELL] '2.16.840.1.113719.1.1.5.1.25'] # Typed Name [NOVELL] _UTF8_ENCODED_TYPES = [] _ATTRIBUTES_EXCLUDED_FROM_OBJECT_DEF = ['msds-memberOfTransitive', 'msds-memberTransitive', 'entryDN'] _IGNORED_MANDATORY_ATTRIBUTES_IN_OBJECT_DEF = ['instanceType', 'nTSecurityDescriptor', 'objectCategory'] _CASE_INSENSITIVE_ATTRIBUTE_NAMES = True _CASE_INSENSITIVE_SCHEMA_NAMES = True # abstraction layer _ABSTRACTION_OPERATIONAL_ATTRIBUTE_PREFIX = 'OA_' # communication _POOLING_LOOP_TIMEOUT = 10 # number of seconds to wait before restarting a cycle to find an active server in the pool _RESPONSE_SLEEPTIME = 0.05 # seconds to wait while waiting for a response in asynchronous strategies _RESPONSE_WAITING_TIMEOUT = 3 # waiting timeout for receiving a response in asynchronous strategies _SOCKET_SIZE = 4096 # socket byte size _CHECK_AVAILABILITY_TIMEOUT = 2.5 # default timeout for socket connect when checking availability _RESET_AVAILABILITY_TIMEOUT = 5 # default timeout for resetting the availability status when checking candidate addresses _RESTARTABLE_SLEEPTIME = 2 # time to wait in a restartable strategy before retrying the request _RESTARTABLE_TRIES = 30 # number of times to retry in a restartable strategy before giving up. Set to True for unlimited retries _REUSABLE_THREADED_POOL_SIZE = 5 _REUSABLE_THREADED_LIFETIME = 3600 # 1 hour _DEFAULT_THREADED_POOL_NAME = 'REUSABLE_DEFAULT_POOL' _ADDRESS_INFO_REFRESH_TIME = 300 # seconds to wait before refreshing address info from dns _ADDITIONAL_SERVER_ENCODINGS = ['latin-1', 'koi8-r'] # some broken LDAP implementation may have different encoding than those expected by RFCs _IGNORE_MALFORMED_SCHEMA = False # some flaky LDAP servers returns malformed schema. If True no expection is raised and schema is thrown away _DEFAULT_SERVER_ENCODING = 'utf-8' # should always be utf-8 if stdin and hasattr(stdin, 'encoding') and stdin.encoding: _DEFAULT_CLIENT_ENCODING = stdin.encoding elif getdefaultencoding(): _DEFAULT_CLIENT_ENCODING = getdefaultencoding() else: _DEFAULT_CLIENT_ENCODING = 'utf-8' def get_config_parameter(parameter): if parameter == 'CASE_INSENSITIVE_ATTRIBUTE_NAMES': # Boolean return _CASE_INSENSITIVE_ATTRIBUTE_NAMES elif parameter == 'CASE_INSENSITIVE_SCHEMA_NAMES': # Boolean return _CASE_INSENSITIVE_SCHEMA_NAMES elif parameter == 'ABSTRACTION_OPERATIONAL_ATTRIBUTE_PREFIX': # String return _ABSTRACTION_OPERATIONAL_ATTRIBUTE_PREFIX elif parameter == 'POOLING_LOOP_TIMEOUT': # Integer return _POOLING_LOOP_TIMEOUT elif parameter == 'RESPONSE_SLEEPTIME': # Integer return _RESPONSE_SLEEPTIME elif parameter == 'RESPONSE_WAITING_TIMEOUT': # Integer return _RESPONSE_WAITING_TIMEOUT elif parameter == 'SOCKET_SIZE': # Integer return _SOCKET_SIZE elif parameter == 'CHECK_AVAILABILITY_TIMEOUT': # Integer return _CHECK_AVAILABILITY_TIMEOUT elif parameter == 'RESTARTABLE_SLEEPTIME': # Integer return _RESTARTABLE_SLEEPTIME elif parameter == 'RESTARTABLE_TRIES': # Integer return _RESTARTABLE_TRIES elif parameter == 'REUSABLE_THREADED_POOL_SIZE': # Integer return _REUSABLE_THREADED_POOL_SIZE elif parameter == 'REUSABLE_THREADED_LIFETIME': # Integer return _REUSABLE_THREADED_LIFETIME elif parameter == 'DEFAULT_THREADED_POOL_NAME': # String return _DEFAULT_THREADED_POOL_NAME elif parameter == 'ADDRESS_INFO_REFRESH_TIME': # Integer return _ADDRESS_INFO_REFRESH_TIME elif parameter == 'RESET_AVAILABILITY_TIMEOUT': # Integer return _RESET_AVAILABILITY_TIMEOUT elif parameter in ['DEFAULT_CLIENT_ENCODING', 'DEFAULT_ENCODING']: # String return _DEFAULT_CLIENT_ENCODING elif parameter == 'DEFAULT_SERVER_ENCODING': # String return _DEFAULT_SERVER_ENCODING elif parameter == 'CLASSES_EXCLUDED_FROM_CHECK': # Sequence if isinstance(_CLASSES_EXCLUDED_FROM_CHECK, SEQUENCE_TYPES): return _CLASSES_EXCLUDED_FROM_CHECK else: return [_CLASSES_EXCLUDED_FROM_CHECK] elif parameter == 'ATTRIBUTES_EXCLUDED_FROM_CHECK': # Sequence if isinstance(_ATTRIBUTES_EXCLUDED_FROM_CHECK, SEQUENCE_TYPES): return _ATTRIBUTES_EXCLUDED_FROM_CHECK else: return [_ATTRIBUTES_EXCLUDED_FROM_CHECK] elif parameter == 'UTF8_ENCODED_SYNTAXES': # Sequence if isinstance(_UTF8_ENCODED_SYNTAXES, SEQUENCE_TYPES): return _UTF8_ENCODED_SYNTAXES else: return [_UTF8_ENCODED_SYNTAXES] elif parameter == 'UTF8_ENCODED_TYPES': # Sequence if isinstance(_UTF8_ENCODED_TYPES, SEQUENCE_TYPES): return _UTF8_ENCODED_TYPES else: return [_UTF8_ENCODED_TYPES] elif parameter in ['ADDITIONAL_SERVER_ENCODINGS', 'ADDITIONAL_ENCODINGS']: # Sequence if isinstance(_ADDITIONAL_SERVER_ENCODINGS, SEQUENCE_TYPES): return _ADDITIONAL_SERVER_ENCODINGS else: return [_ADDITIONAL_SERVER_ENCODINGS] elif parameter == 'IGNORE_MALFORMED_SCHEMA': # Boolean return _IGNORE_MALFORMED_SCHEMA elif parameter == 'ATTRIBUTES_EXCLUDED_FROM_OBJECT_DEF': # Sequence if isinstance(_ATTRIBUTES_EXCLUDED_FROM_OBJECT_DEF, SEQUENCE_TYPES): return _ATTRIBUTES_EXCLUDED_FROM_OBJECT_DEF else: return [_ATTRIBUTES_EXCLUDED_FROM_OBJECT_DEF] elif parameter == 'IGNORED_MANDATORY_ATTRIBUTES_IN_OBJECT_DEF': # Sequence if isinstance(_IGNORED_MANDATORY_ATTRIBUTES_IN_OBJECT_DEF, SEQUENCE_TYPES): return _IGNORED_MANDATORY_ATTRIBUTES_IN_OBJECT_DEF else: return [_IGNORED_MANDATORY_ATTRIBUTES_IN_OBJECT_DEF] raise LDAPConfigurationParameterError('configuration parameter %s not valid' % parameter) def set_config_parameter(parameter, value): if parameter == 'CASE_INSENSITIVE_ATTRIBUTE_NAMES': global _CASE_INSENSITIVE_ATTRIBUTE_NAMES _CASE_INSENSITIVE_ATTRIBUTE_NAMES = value elif parameter == 'CASE_INSENSITIVE_SCHEMA_NAMES': global _CASE_INSENSITIVE_SCHEMA_NAMES _CASE_INSENSITIVE_SCHEMA_NAMES = value elif parameter == 'ABSTRACTION_OPERATIONAL_ATTRIBUTE_PREFIX': global _ABSTRACTION_OPERATIONAL_ATTRIBUTE_PREFIX _ABSTRACTION_OPERATIONAL_ATTRIBUTE_PREFIX = value elif parameter == 'POOLING_LOOP_TIMEOUT': global _POOLING_LOOP_TIMEOUT _POOLING_LOOP_TIMEOUT = value elif parameter == 'RESPONSE_SLEEPTIME': global _RESPONSE_SLEEPTIME _RESPONSE_SLEEPTIME = value elif parameter == 'RESPONSE_WAITING_TIMEOUT': global _RESPONSE_WAITING_TIMEOUT _RESPONSE_WAITING_TIMEOUT = value elif parameter == 'SOCKET_SIZE': global _SOCKET_SIZE _SOCKET_SIZE = value elif parameter == 'CHECK_AVAILABILITY_TIMEOUT': global _CHECK_AVAILABILITY_TIMEOUT _CHECK_AVAILABILITY_TIMEOUT = value elif parameter == 'RESTARTABLE_SLEEPTIME': global _RESTARTABLE_SLEEPTIME _RESTARTABLE_SLEEPTIME = value elif parameter == 'RESTARTABLE_TRIES': global _RESTARTABLE_TRIES _RESTARTABLE_TRIES = value elif parameter == 'REUSABLE_THREADED_POOL_SIZE': global _REUSABLE_THREADED_POOL_SIZE _REUSABLE_THREADED_POOL_SIZE = value elif parameter == 'REUSABLE_THREADED_LIFETIME': global _REUSABLE_THREADED_LIFETIME _REUSABLE_THREADED_LIFETIME = value elif parameter == 'DEFAULT_THREADED_POOL_NAME': global _DEFAULT_THREADED_POOL_NAME _DEFAULT_THREADED_POOL_NAME = value elif parameter == 'ADDRESS_INFO_REFRESH_TIME': global _ADDRESS_INFO_REFRESH_TIME _ADDRESS_INFO_REFRESH_TIME = value elif parameter == 'RESET_AVAILABILITY_TIMEOUT': global _RESET_AVAILABILITY_TIMEOUT _RESET_AVAILABILITY_TIMEOUT = value elif parameter in ['DEFAULT_CLIENT_ENCODING', 'DEFAULT_ENCODING']: global _DEFAULT_CLIENT_ENCODING _DEFAULT_CLIENT_ENCODING = value elif parameter == 'DEFAULT_SERVER_ENCODING': global _DEFAULT_SERVER_ENCODING _DEFAULT_SERVER_ENCODING = value elif parameter == 'CLASSES_EXCLUDED_FROM_CHECK': global _CLASSES_EXCLUDED_FROM_CHECK _CLASSES_EXCLUDED_FROM_CHECK = value elif parameter == 'ATTRIBUTES_EXCLUDED_FROM_CHECK': global _ATTRIBUTES_EXCLUDED_FROM_CHECK _ATTRIBUTES_EXCLUDED_FROM_CHECK = value elif parameter == 'UTF8_ENCODED_SYNTAXES': global _UTF8_ENCODED_SYNTAXES _UTF8_ENCODED_SYNTAXES = value elif parameter == 'UTF8_ENCODED_TYPES': global _UTF8_ENCODED_TYPES _UTF8_ENCODED_TYPES = value elif parameter in ['ADDITIONAL_SERVER_ENCODINGS', 'ADDITIONAL_ENCODINGS']: global _ADDITIONAL_SERVER_ENCODINGS _ADDITIONAL_SERVER_ENCODINGS = value if isinstance(value, SEQUENCE_TYPES) else [value] elif parameter == 'IGNORE_MALFORMED_SCHEMA': global _IGNORE_MALFORMED_SCHEMA _IGNORE_MALFORMED_SCHEMA = value elif parameter == 'ATTRIBUTES_EXCLUDED_FROM_OBJECT_DEF': global _ATTRIBUTES_EXCLUDED_FROM_OBJECT_DEF _ATTRIBUTES_EXCLUDED_FROM_OBJECT_DEF = value elif parameter == 'IGNORED_MANDATORY_ATTRIBUTES_IN_OBJECT_DEF': global _IGNORED_MANDATORY_ATTRIBUTES_IN_OBJECT_DEF _IGNORED_MANDATORY_ATTRIBUTES_IN_OBJECT_DEF = value else: raise LDAPConfigurationParameterError('unable to set configuration parameter %s' % parameter) ldap3-2.4.1/ldap3/utils/conv.py0000666000000000000000000001724613226436321014351 0ustar 00000000000000""" """ # Created on 2014.04.26 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from base64 import b64encode, b64decode import datetime import re from .. import SEQUENCE_TYPES, STRING_TYPES, NUMERIC_TYPES, get_config_parameter from ..utils.ciDict import CaseInsensitiveDict from ..core.exceptions import LDAPDefinitionError def to_unicode(obj, encoding=None, from_server=False): """Try to convert bytes (and str in python2) to unicode. Return object unmodified if python3 string, else raise an exception """ conf_default_client_encoding = get_config_parameter('DEFAULT_CLIENT_ENCODING') conf_default_server_encoding = get_config_parameter('DEFAULT_SERVER_ENCODING') conf_additional_server_encodings = get_config_parameter('ADDITIONAL_SERVER_ENCODINGS') if isinstance(obj, NUMERIC_TYPES): obj = str(obj) if isinstance(obj, (bytes, bytearray)): if from_server: # data from server if encoding is None: encoding = conf_default_server_encoding try: return obj.decode(encoding) except UnicodeDecodeError: for encoding in conf_additional_server_encodings: # AD could have DN not encoded in utf-8 (even if this is not allowed by RFC4510) try: return obj.decode(encoding) except UnicodeDecodeError: pass raise UnicodeError("Unable to convert server data to unicode: %r" % obj) else: # data from client if encoding is None: encoding = conf_default_client_encoding try: return obj.decode(encoding) except UnicodeDecodeError: raise UnicodeError("Unable to convert client data to unicode: %r" % obj) if isinstance(obj, STRING_TYPES): # python3 strings, python 2 unicode return obj raise UnicodeError("Unable to convert type %s to unicode: %r" % (type(obj).__class__.__name__, obj)) def to_raw(obj, encoding='utf-8'): """Tries to convert to raw bytes from unicode""" if isinstance(obj, NUMERIC_TYPES): obj = str(obj) if not (isinstance(obj, bytes)): if isinstance(obj, SEQUENCE_TYPES): return [to_raw(element) for element in obj] elif isinstance(obj, STRING_TYPES): return obj.encode(encoding) return obj def escape_filter_chars(text, encoding=None): """ Escape chars mentioned in RFC4515. """ if encoding is None: encoding = get_config_parameter('DEFAULT_ENCODING') text = to_unicode(text, encoding) escaped = text.replace('\\', '\\5c') escaped = escaped.replace('*', '\\2a') escaped = escaped.replace('(', '\\28') escaped = escaped.replace(')', '\\29') escaped = escaped.replace('\x00', '\\00') # escape all octets greater than 0x7F that are not part of a valid UTF-8 # escaped = ''.join(c if c <= '\x7f' else escape_bytes(to_raw(to_unicode(c, encoding))) for c in output) return escaped def escape_bytes(bytes_value): """ Convert a byte sequence to a properly escaped for LDAP (format BACKSLASH HEX HEX) string""" if bytes_value: if str is not bytes: # Python 3 if isinstance(bytes_value, str): bytes_value = bytearray(bytes_value, encoding='utf-8') escaped = '\\'.join([('%02x' % int(b)) for b in bytes_value]) else: # Python 2 if isinstance(bytes_value, unicode): bytes_value = bytes_value.encode('utf-8') escaped = '\\'.join([('%02x' % ord(b)) for b in bytes_value]) else: escaped = '' return ('\\' + escaped) if escaped else '' def prepare_for_stream(value): if str is not bytes: # Python 3 return value else: # Python 2 return value.decode() # def check_escape(raw_string): # if isinstance(raw_string, bytes) or '\\' not in raw_string: # return raw_string # # escaped = '' # i = 0 # while i < len(raw_string): # if raw_string[i] == '\\' and i < len(raw_string) - 2: # try: # value = int(raw_string[i + 1: i + 3], 16) # escaped += chr(value) # i += 2 # except ValueError: # escaped += '\\\\' # else: # escaped += raw_string[i] # i += 1 # # return escaped def json_encode_b64(obj): try: return dict(encoding='base64', encoded=b64encode(obj)) except Exception as e: raise LDAPDefinitionError('unable to encode ' + str(obj) + ' - ' + str(e)) # noinspection PyProtectedMember def check_json_dict(json_dict): # needed for python 2 for k, v in json_dict.items(): if isinstance(v, dict): check_json_dict(v) elif isinstance(v, CaseInsensitiveDict): check_json_dict(v._store) elif isinstance(v, SEQUENCE_TYPES): for i, e in enumerate(v): if isinstance(e, dict): check_json_dict(e) elif isinstance(e, CaseInsensitiveDict): check_json_dict(e._store) else: v[i] = format_json(e) else: json_dict[k] = format_json(v) def json_hook(obj): if hasattr(obj, 'keys') and len(list(obj.keys())) == 2 and 'encoding' in obj.keys() and 'encoded' in obj.keys(): return b64decode(obj['encoded']) return obj # noinspection PyProtectedMember def format_json(obj): if isinstance(obj, CaseInsensitiveDict): return obj._store if isinstance(obj, datetime.datetime): return str(obj) if isinstance(obj, int): return obj if str is bytes: # Python 2 if isinstance(obj, long): # long exists only in python2 return obj try: if str is not bytes: # Python 3 if isinstance(obj, bytes): # return check_escape(str(obj, 'utf-8', errors='strict')) return str(obj, 'utf-8', errors='strict') raise LDAPDefinitionError('unable to serialize ' + str(obj)) else: # Python 2 if isinstance(obj, unicode): return obj else: # return unicode(check_escape(obj)) return unicode(obj) except (TypeError, UnicodeDecodeError): pass try: return json_encode_b64(bytes(obj)) except Exception: pass raise LDAPDefinitionError('unable to serialize ' + str(obj)) def is_filter_escaped(text): if not type(text) == ((str is not bytes) and str or unicode): # requires str for Python 3 and unicode for Python 2 raise ValueError('unicode input expected') return all(c not in text for c in '()*\0') and not re.search('\\\\([^0-9a-fA-F]|(.[^0-9a-fA-F]))', text) ldap3-2.4.1/ldap3/utils/dn.py0000666000000000000000000003076613226436321014007 0ustar 00000000000000""" """ # Created on 2014.09.08 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from string import hexdigits, ascii_letters, digits from .. import SEQUENCE_TYPES from ..core.exceptions import LDAPInvalidDnError STATE_ANY = 0 STATE_ESCAPE = 1 STATE_ESCAPE_HEX = 2 def _add_ava(ava, decompose, remove_space, space_around_equal): if not ava: return '' space = ' ' if space_around_equal else '' attr_name, _, value = ava.partition('=') if decompose: if remove_space: component = (attr_name.strip(), value.strip()) else: component = (attr_name, value) else: if remove_space: component = attr_name.strip() + space + '=' + space + value.strip() else: component = attr_name + space + '=' + space + value return component def to_dn(iterator, decompose=False, remove_space=False, space_around_equal=False, separate_rdn=False): """ Convert an iterator to a list of dn parts if decompose=True return a list of tuple (one for each dn component) else return a list of strings if remove_space=True removes unneeded spaces if space_around_equal=True add spaces around equal in returned strings if separate_rdn=True consider multiple RDNs as different component of DN """ dn = [] component = '' escape_sequence = False for c in iterator: if c == '\\': # escape sequence escape_sequence = True elif escape_sequence and c != ' ': escape_sequence = False elif c == '+' and separate_rdn: dn.append(_add_ava(component, decompose, remove_space, space_around_equal)) component = '' continue elif c == ',': if '=' in component: dn.append(_add_ava(component, decompose, remove_space, space_around_equal)) component = '' continue component += c dn.append(_add_ava(component, decompose, remove_space, space_around_equal)) return dn def _find_first_unescaped(dn, char, pos): while True: pos = dn.find(char, pos) if pos == -1: break # no char found if pos > 0 and dn[pos - 1] != '\\': # unescaped char break pos += 1 return pos def _find_last_unescaped(dn, char, start, stop=0): while True: stop = dn.rfind(char, start, stop) if stop == -1: break if stop >= 0 and dn[stop - 1] != '\\': break if stop < start: stop = -1 break return stop def _get_next_ava(dn): comma = _find_first_unescaped(dn, ',', 0) plus = _find_first_unescaped(dn, '+', 0) if plus > 0 and (plus < comma or comma == -1): equal = _find_first_unescaped(dn, '=', plus + 1) if equal > plus + 1: plus = _find_last_unescaped(dn, '+', plus, equal) return dn[:plus], '+' if comma > 0: equal = _find_first_unescaped(dn, '=', comma + 1) if equal > comma + 1: comma = _find_last_unescaped(dn, ',', comma, equal) return dn[:comma], ',' return dn, '' def _split_ava(ava, escape=False, strip=True): equal = ava.find('=') while equal > 0: # not first character if ava[equal - 1] != '\\': # not an escaped equal so it must be an ava separator # attribute_type1 = ava[0:equal].strip() if strip else ava[0:equal] if strip: attribute_type = ava[0:equal].strip() attribute_value = _escape_attribute_value(ava[equal + 1:].strip()) if escape else ava[equal + 1:].strip() else: attribute_type = ava[0:equal] attribute_value = _escape_attribute_value(ava[equal + 1:]) if escape else ava[equal + 1:] return attribute_type, attribute_value equal = ava.find('=', equal + 1) return '', (ava.strip if strip else ava) # if no equal found return only value def _validate_attribute_type(attribute_type): if not attribute_type: raise LDAPInvalidDnError('attribute type not present') if attribute_type == ' pairs') if attribute_value[0] == ' ': # space cannot be used as first or last character raise LDAPInvalidDnError('SPACE not allowed as first character of attribute value') if attribute_value[-1] == ' ': raise LDAPInvalidDnError('SPACE not allowed as last character of attribute value') state = STATE_ANY for c in attribute_value: if state == STATE_ANY: if c == '\\': state = STATE_ESCAPE elif c in '"#+,;<=>\00': raise LDAPInvalidDnError('special characters ' + c + ' must be escaped') elif state == STATE_ESCAPE: if c in hexdigits: state = STATE_ESCAPE_HEX elif c in ' "#+,;<=>\\\00': state = STATE_ANY else: raise LDAPInvalidDnError('invalid escaped character ' + c) elif state == STATE_ESCAPE_HEX: if c in hexdigits: state = STATE_ANY else: raise LDAPInvalidDnError('invalid escaped character ' + c) # final state if state != STATE_ANY: raise LDAPInvalidDnError('invalid final character') return True def _escape_attribute_value(attribute_value): if not attribute_value: return '' if attribute_value[0] == '#': # with leading SHARP only pairs of hex characters are valid valid_hex = True if len(attribute_value) % 2 == 0: # string must be # + HEX HEX (an odd number of chars) valid_hex = False if valid_hex: for c in attribute_value: if c not in hexdigits: # allowed only hex digits as per RFC 4514 valid_hex = False break if valid_hex: return attribute_value state = STATE_ANY escaped = '' tmp_buffer = '' for c in attribute_value: if state == STATE_ANY: if c == '\\': state = STATE_ESCAPE elif c in '"#+,;<=>\00': escaped += '\\' + c else: escaped += c elif state == STATE_ESCAPE: if c in hexdigits: tmp_buffer = c state = STATE_ESCAPE_HEX elif c in ' "#+,;<=>\\\00': escaped += '\\' + c state = STATE_ANY else: escaped += '\\\\' + c elif state == STATE_ESCAPE_HEX: if c in hexdigits: escaped += '\\' + tmp_buffer + c else: escaped += '\\\\' + tmp_buffer + c tmp_buffer = '' state = STATE_ANY # final state if state == STATE_ESCAPE: escaped += '\\\\' elif state == STATE_ESCAPE_HEX: escaped += '\\\\' + tmp_buffer if escaped[0] == ' ': # leading SPACE must be escaped escaped = '\\' + escaped if escaped[-1] == ' ' and len(escaped) > 1 and escaped[-2] != '\\': # trailing SPACE must be escaped escaped = escaped[:-1] + '\\ ' return escaped def parse_dn(dn, escape=False, strip=True): rdns = [] avas = [] while dn: ava, separator = _get_next_ava(dn) # if returned ava doesn't containg any unescaped equal it'a appended to last ava in avas dn = dn[len(ava) + 1:] if _find_first_unescaped(ava, '=', 0) > 0 or len(avas) == 0: avas.append((ava, separator)) else: avas[len(avas) - 1] = (avas[len(avas) - 1][0] + avas[len(avas) - 1][1] + ava, separator) for ava, separator in avas: attribute_type, attribute_value = _split_ava(ava, escape, strip) if not _validate_attribute_type(attribute_type): raise LDAPInvalidDnError('unable to validate attribute type in ' + ava) if not _validate_attribute_value(attribute_value): raise LDAPInvalidDnError('unable to validate attribute value in ' + ava) rdns.append((attribute_type, attribute_value, separator)) dn = dn[len(ava) + 1:] if not rdns: raise LDAPInvalidDnError('empty dn') return rdns def safe_dn(dn, decompose=False, reverse=False): """ normalize and escape a dn, if dn is a sequence it is joined. the reverse parameter change the join direction of the sequence """ if isinstance(dn, SEQUENCE_TYPES): components = [rdn for rdn in dn] if reverse: dn = ','.join(reversed(components)) else: dn = ','.join(components) if decompose: escaped_dn = [] else: escaped_dn = '' if dn.startswith(''): # Active Directory allows looking up objects by putting its GUID in a specially-formatted DN (e.g. '') escaped_dn = dn elif '@' not in dn and '\\' not in dn: # active directory UPN (User Principal Name) consist of an account, the at sign (@) and a domain, or the domain level logn name domain\username for component in parse_dn(dn, escape=True): if decompose: escaped_dn.append((component[0], component[1], component[2])) else: escaped_dn += component[0] + '=' + component[1] + component[2] elif '@' in dn and '=' not in dn and len(dn.split('@')) != 2: raise LDAPInvalidDnError('Active Directory User Principal Name must consist of name@domain') elif '\\' in dn and '=' not in dn and len(dn.split('\\')) != 2: raise LDAPInvalidDnError('Active Directory Domain Level Logon Name must consist of name\\domain') else: escaped_dn = dn return escaped_dn def safe_rdn(dn, decompose=False): """Returns a list of rdn for the dn, usually there is only one rdn, but it can be more than one when the + sign is used""" escaped_rdn = [] one_more = True for component in parse_dn(dn, escape=True): if component[2] == '+' or one_more: if decompose: escaped_rdn.append((component[0], component[1])) else: escaped_rdn.append(component[0] + '=' + component[1]) if component[2] == '+': one_more = True else: one_more = False break if one_more: raise LDAPInvalidDnError('bad dn ' + str(dn)) return escaped_rdn ldap3-2.4.1/ldap3/utils/hashed.py0000666000000000000000000000676713226436321014646 0ustar 00000000000000""" """ # Created on 2015.07.16 # # Author: Giovanni Cannata # # Copyright 2015 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from .. import HASHED_NONE, HASHED_MD5, HASHED_SALTED_MD5, HASHED_SALTED_SHA, HASHED_SALTED_SHA256, \ HASHED_SALTED_SHA384, HASHED_SALTED_SHA512, HASHED_SHA, HASHED_SHA256, HASHED_SHA384, HASHED_SHA512 import hashlib from os import urandom from base64 import b64encode from ..core.exceptions import LDAPInvalidHashAlgorithmError # each tuple: (the string to include between braces in the digest, the name of the algorithm to invoke with the new() function) algorithms_table = { HASHED_MD5: ('md5', 'MD5'), HASHED_SHA: ('sha', 'SHA1'), HASHED_SHA256: ('sha256', 'SHA256'), HASHED_SHA384: ('sha384', 'SHA384'), HASHED_SHA512: ('sha512', 'SHA512') } salted_table = { HASHED_SALTED_MD5: ('smd5', HASHED_MD5), HASHED_SALTED_SHA: ('ssha', HASHED_SHA), HASHED_SALTED_SHA256: ('ssha256', HASHED_SHA256), HASHED_SALTED_SHA384: ('ssha384', HASHED_SHA384), HASHED_SALTED_SHA512: ('ssha512', HASHED_SHA512) } def hashed(algorithm, value, salt=None, raw=False, encoding='utf-8'): if str is not bytes and not isinstance(value, bytes): # Python 3 value = value.encode(encoding) if algorithm is None or algorithm == HASHED_NONE: return value # algorithm name can be already coded in the ldap3 constants or can be any value passed in the 'algorithm' parameter if algorithm in algorithms_table: try: digest = hashlib.new(algorithms_table[algorithm][1], value).digest() except ValueError: raise LDAPInvalidHashAlgorithmError('Hash algorithm ' + str(algorithm) + ' not available') if raw: return digest return ('{%s}' % algorithms_table[algorithm][0]) + b64encode(digest).decode('ascii') elif algorithm in salted_table: if not salt: salt = urandom(8) digest = hashed(salted_table[algorithm][1], value + salt, raw=True) + salt if raw: return digest return ('{%s}' % salted_table[algorithm][0]) + b64encode(digest).decode('ascii') else: # if an unknown (to the library) algorithm is requested passes the name as the string in braces and as the algorithm name # if salt is present uses it to salt the digest try: if not salt: digest = hashlib.new(algorithm, value).digest() else: digest = hashlib.new(algorithm, value + salt).digest() + salt except ValueError: raise LDAPInvalidHashAlgorithmError('Hash algorithm ' + str(algorithm) + ' not available') if raw: return digest return ('{%s}' % algorithm) + b64encode(digest).decode('ascii') ldap3-2.4.1/ldap3/utils/log.py0000666000000000000000000001512213226436321014154 0ustar 00000000000000""" """ # Created on 2015.05.01 # # Author: Giovanni Cannata # # Copyright 2015 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from logging import getLogger, DEBUG from copy import deepcopy from pprint import pformat from ..protocol.rfc4511 import LDAPMessage # logging levels OFF = 0 ERROR = 10 BASIC = 20 PROTOCOL = 30 NETWORK = 40 EXTENDED = 50 _sensitive_lines = ('simple', 'credentials', 'serversaslcreds') # must be a tuple, not a list, lowercase _sensitive_args = ('simple', 'password', 'sasl_credentials', 'saslcreds', 'server_creds') _sensitive_attrs = ('userpassword', 'unicodepwd') _hide_sensitive_data = None DETAIL_LEVELS = [OFF, ERROR, BASIC, PROTOCOL, NETWORK, EXTENDED] _max_line_length = 4096 _logging_level = None _detail_level = None _logging_encoding = 'ascii' try: from logging import NullHandler except ImportError: # NullHandler not present in Python < 2.7 from logging import Handler class NullHandler(Handler): def handle(self, record): pass def emit(self, record): pass def createLock(self): self.lock = None def _strip_sensitive_data_from_dict(d): if not isinstance(d, dict): return d try: d = deepcopy(d) except Exception: # if deepcopy goes wrong gives up and returns the dict unchanged return d for k in d.keys(): if isinstance(d[k], dict): d[k] = _strip_sensitive_data_from_dict(d[k]) elif k.lower() in _sensitive_args and d[k]: d[k] = '' % len(d[k]) return d def get_detail_level_name(level_name): if level_name == OFF: return 'OFF' elif level_name == ERROR: return 'ERROR' elif level_name == BASIC: return 'BASIC' elif level_name == PROTOCOL: return 'PROTOCOL' elif level_name == NETWORK: return 'NETWORK' elif level_name == EXTENDED: return 'EXTENDED' raise ValueError('unknown detail level') def log(detail, message, *args): if detail <= _detail_level: if _hide_sensitive_data: args = tuple([_strip_sensitive_data_from_dict(arg) if isinstance(arg, dict) else arg for arg in args]) encoded_message = (get_detail_level_name(detail) + ':' + message % args).encode(_logging_encoding, 'backslashreplace') if str is not bytes: # Python 3 encoded_message = encoded_message.decode() if len(encoded_message) > _max_line_length: logger.log(_logging_level, encoded_message[:_max_line_length] + ' ' % (len(encoded_message) - _max_line_length, )) else: logger.log(_logging_level, encoded_message) def log_enabled(detail): if detail <= _detail_level: if logger.isEnabledFor(_logging_level): return True return False def set_library_log_hide_sensitive_data(hide=True): global _hide_sensitive_data if hide: _hide_sensitive_data = True else: _hide_sensitive_data = False if log_enabled(ERROR): log(ERROR, 'hide sensitive data set to ' + str(_hide_sensitive_data)) def get_library_log_hide_sensitive_data(): return True if _hide_sensitive_data else False def set_library_log_activation_level(logging_level): if isinstance(logging_level, int): global _logging_level _logging_level = logging_level else: if log_enabled(ERROR): log(ERROR, 'invalid library log activation level <%s> ', logging_level) raise ValueError('invalid library log activation level') def get_library_log_activation_lavel(): return _logging_level def set_library_log_max_line_length(length): if isinstance(length, int): global _max_line_length _max_line_length = length else: if log_enabled(ERROR): log(ERROR, 'invalid log max line length <%s> ', length) raise ValueError('invalid library log max line length') def get_library_log_max_line_length(): return _max_line_length def set_library_log_detail_level(detail): if detail in DETAIL_LEVELS: global _detail_level _detail_level = detail if log_enabled(ERROR): log(ERROR, 'detail level set to ' + get_detail_level_name(_detail_level)) else: if log_enabled(ERROR): log(ERROR, 'unable to set log detail level to <%s>', detail) raise ValueError('invalid library log detail level') def get_library_log_detail_level(): return _detail_level def format_ldap_message(message, prefix): prefixed = '' for line in (message.prettyPrint().split('\n') if isinstance(message, LDAPMessage) else pformat(message).split('\n')): # uses pyasn1 LDAP message prettyPrint() method if line: if _hide_sensitive_data and line.strip().lower().startswith(_sensitive_lines): # _sensitive_lines is a tuple. startswith() method checks each tuple element tag, _, data = line.partition('=') if data.startswith("b'") and data.endswith("'") or data.startswith('b"') and data.endswith('"'): prefixed += '\n' + prefix + tag + '=' % (len(data) - 3, ) else: prefixed += '\n' + prefix + tag + '=' % len(data) else: prefixed += '\n' + prefix + line return prefixed # sets a logger for the library with NullHandler. It can be used by the application with its own logging configuration logger = getLogger('ldap3') logger.addHandler(NullHandler()) # sets defaults for the library logging set_library_log_activation_level(DEBUG) set_library_log_detail_level(OFF) set_library_log_hide_sensitive_data(True) ldap3-2.4.1/ldap3/utils/ntlm.py0000666000000000000000000004640713226436321014357 0ustar 00000000000000""" """ # Created on 2015.04.02 # # Author: Giovanni Cannata # # Copyright 2015 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . # NTLMv2 authentication as per [MS-NLMP] (https://msdn.microsoft.com/en-us/library/cc236621.aspx) from struct import pack, unpack from platform import system, version from socket import gethostname from time import time import hmac import hashlib import binascii from os import urandom try: from locale import getpreferredencoding oem_encoding = getpreferredencoding() except Exception: oem_encoding = 'utf-8' from ..protocol.formatters.formatters import format_ad_timestamp NTLM_SIGNATURE = b'NTLMSSP\x00' NTLM_MESSAGE_TYPE_NTLM_NEGOTIATE = 1 NTLM_MESSAGE_TYPE_NTLM_CHALLENGE = 2 NTLM_MESSAGE_TYPE_NTLM_AUTHENTICATE = 3 FLAG_NEGOTIATE_56 = 31 # W FLAG_NEGOTIATE_KEY_EXCH = 30 # V FLAG_NEGOTIATE_128 = 29 # U FLAG_NEGOTIATE_VERSION = 25 # T FLAG_NEGOTIATE_TARGET_INFO = 23 # S FLAG_REQUEST_NOT_NT_SESSION_KEY = 22 # R FLAG_NEGOTIATE_IDENTIFY = 20 # Q FLAG_NEGOTIATE_EXTENDED_SESSIONSECURITY = 19 # P FLAG_TARGET_TYPE_SERVER = 17 # O FLAG_TARGET_TYPE_DOMAIN = 16 # N FLAG_NEGOTIATE_ALWAYS_SIGN = 15 # M FLAG_NEGOTIATE_OEM_WORKSTATION_SUPPLIED = 13 # L FLAG_NEGOTIATE_OEM_DOMAIN_SUPPLIED = 12 # K FLAG_NEGOTIATE_ANONYMOUS = 11 # J FLAG_NEGOTIATE_NTLM = 9 # H FLAG_NEGOTIATE_LM_KEY = 7 # G FLAG_NEGOTIATE_DATAGRAM = 6 # F FLAG_NEGOTIATE_SEAL = 5 # E FLAG_NEGOTIATE_SIGN = 4 # D FLAG_REQUEST_TARGET = 2 # C FLAG_NEGOTIATE_OEM = 1 # B FLAG_NEGOTIATE_UNICODE = 0 # A FLAG_TYPES = [FLAG_NEGOTIATE_56, FLAG_NEGOTIATE_KEY_EXCH, FLAG_NEGOTIATE_128, FLAG_NEGOTIATE_VERSION, FLAG_NEGOTIATE_TARGET_INFO, FLAG_REQUEST_NOT_NT_SESSION_KEY, FLAG_NEGOTIATE_IDENTIFY, FLAG_NEGOTIATE_EXTENDED_SESSIONSECURITY, FLAG_TARGET_TYPE_SERVER, FLAG_TARGET_TYPE_DOMAIN, FLAG_NEGOTIATE_ALWAYS_SIGN, FLAG_NEGOTIATE_OEM_WORKSTATION_SUPPLIED, FLAG_NEGOTIATE_OEM_DOMAIN_SUPPLIED, FLAG_NEGOTIATE_ANONYMOUS, FLAG_NEGOTIATE_NTLM, FLAG_NEGOTIATE_LM_KEY, FLAG_NEGOTIATE_DATAGRAM, FLAG_NEGOTIATE_SEAL, FLAG_NEGOTIATE_SIGN, FLAG_REQUEST_TARGET, FLAG_NEGOTIATE_OEM, FLAG_NEGOTIATE_UNICODE] AV_END_OF_LIST = 0 AV_NETBIOS_COMPUTER_NAME = 1 AV_NETBIOS_DOMAIN_NAME = 2 AV_DNS_COMPUTER_NAME = 3 AV_DNS_DOMAIN_NAME = 4 AV_DNS_TREE_NAME = 5 AV_FLAGS = 6 AV_TIMESTAMP = 7 AV_SINGLE_HOST_DATA = 8 AV_TARGET_NAME = 9 AV_CHANNEL_BINDINGS = 10 AV_TYPES = [AV_END_OF_LIST, AV_NETBIOS_COMPUTER_NAME, AV_NETBIOS_DOMAIN_NAME, AV_DNS_COMPUTER_NAME, AV_DNS_DOMAIN_NAME, AV_DNS_TREE_NAME, AV_FLAGS, AV_TIMESTAMP, AV_SINGLE_HOST_DATA, AV_TARGET_NAME, AV_CHANNEL_BINDINGS] AV_FLAG_CONSTRAINED = 0 AV_FLAG_INTEGRITY = 1 AV_FLAG_TARGET_SPN_UNTRUSTED = 2 AV_FLAG_TYPES = [AV_FLAG_CONSTRAINED, AV_FLAG_INTEGRITY, AV_FLAG_TARGET_SPN_UNTRUSTED] def pack_windows_version(debug=False): if debug: if system().lower() == 'windows': try: major_release, minor_release, build = version().split('.') major_release = int(major_release) minor_release = int(minor_release) build = int(build) except Exception: major_release = 5 minor_release = 1 build = 2600 else: major_release = 5 minor_release = 1 build = 2600 else: major_release = 0 minor_release = 0 build = 0 return pack(' 1: raise TypeError('expected at most 1 arguments, got %d' % len(args)) try: self.__end except AttributeError: self.clear() self.update(*args, **kwds) def clear(self): self.__end = end = [] end += [None, end, end] # sentinel node for doubly linked list self.__map = {} # key --> [key, prev, next] dict.clear(self) def __setitem__(self, key, value): if key not in self: end = self.__end curr = end[1] curr[2] = end[1] = self.__map[key] = [key, curr, end] dict.__setitem__(self, key, value) def __delitem__(self, key): dict.__delitem__(self, key) key, prev, next = self.__map.pop(key) prev[2] = next next[1] = prev def __iter__(self): end = self.__end curr = end[2] while curr is not end: yield curr[0] curr = curr[2] def __reversed__(self): end = self.__end curr = end[1] while curr is not end: yield curr[0] curr = curr[1] def popitem(self, last=True): if not self: raise KeyError('dictionary is empty') if last: key = reversed(self).next() else: key = iter(self).next() value = self.pop(key) return key, value def __reduce__(self): items = [[k, self[k]] for k in self] tmp = self.__map, self.__end del self.__map, self.__end inst_dict = vars(self).copy() self.__map, self.__end = tmp if inst_dict: return (self.__class__, (items,), inst_dict) return self.__class__, (items,) def keys(self): return list(self) setdefault = DictMixin.setdefault update = DictMixin.update pop = DictMixin.pop values = DictMixin.values items = DictMixin.items iterkeys = DictMixin.iterkeys itervalues = DictMixin.itervalues iteritems = DictMixin.iteritems def __repr__(self): if not self: return '%s()' % (self.__class__.__name__,) return '%s(%r)' % (self.__class__.__name__, self.items()) def copy(self): return self.__class__(self) @classmethod def fromkeys(cls, iterable, value=None): d = cls() for key in iterable: d[key] = value return d def __eq__(self, other): if isinstance(other, OrderedDict): if len(self) != len(other): return False for p, q in zip(self.items(), other.items()): if p != q: return False return True return dict.__eq__(self, other) def __ne__(self, other): return not self == other ldap3-2.4.1/ldap3/utils/repr.py0000666000000000000000000000324413226436321014345 0ustar 00000000000000""" """ # Created on 2015.07.09 # # Author: Giovanni Cannata # # Copyright 2015 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from binascii import hexlify from .. import STRING_TYPES try: from sys import stdout repr_encoding = stdout.encoding # get the encoding of the stdout for printing (repr) if not repr_encoding: repr_encoding = 'ascii' # default except Exception: repr_encoding = 'ascii' # default def to_stdout_encoding(value): if not isinstance(value, STRING_TYPES): value = str(value) if str is bytes: # Python 2 try: return value.encode(repr_encoding, 'backslashreplace') except UnicodeDecodeError: # Python 2.6 return hexlify(value) else: # Python 3 try: return value.encode(repr_encoding, errors='backslashreplace').decode(repr_encoding, errors='backslashreplace') except UnicodeDecodeError: return hexlify(value) ldap3-2.4.1/ldap3/utils/tls_backport.py0000666000000000000000000001246213226436321016066 0ustar 00000000000000""" """ # Created on 2014.10.05 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import re from ..utils.log import log, log_enabled, NETWORK try: from backports.ssl_match_hostname import match_hostname, CertificateError except ImportError: class CertificateError(ValueError): # fix for Python 2, code from Python 3.5 standard library pass def _dnsname_match(dn, hostname, max_wildcards=1): """Backported from Python 3.4.3 standard library Matching according to RFC 6125, section 6.4.3 http://tools.ietf.org/html/rfc6125#section-6.4.3 """ if log_enabled(NETWORK): log(NETWORK, "matching dn %s with hostname %s", dn, hostname) pats = [] if not dn: return False pieces = dn.split(r'.') leftmost = pieces[0] remainder = pieces[1:] wildcards = leftmost.count('*') if wildcards > max_wildcards: # Issue #17980: avoid denials of service by refusing more # than one wildcard per fragment. A survey of established # policy among SSL implementations showed it to be a # reasonable choice. raise CertificateError( "too many wildcards in certificate DNS name: " + repr(dn)) # speed up common case w/o wildcards if not wildcards: return dn.lower() == hostname.lower() # RFC 6125, section 6.4.3, subitem 1. # The client SHOULD NOT attempt to match a presented identifier in which # the wildcard character comprises a label other than the left-most label. if leftmost == '*': # When '*' is a fragment by itself, it matches a non-empty dotless # fragment. pats.append('[^.]+') elif leftmost.startswith('xn--') or hostname.startswith('xn--'): # RFC 6125, section 6.4.3, subitem 3. # The client SHOULD NOT attempt to match a presented identifier # where the wildcard character is embedded within an A-label or # U-label of an internationalized domain name. pats.append(re.escape(leftmost)) else: # Otherwise, '*' matches any dotless string, e.g. www* pats.append(re.escape(leftmost).replace(r'\*', '[^.]*')) # add the remaining fragments, ignore any wildcards for frag in remainder: pats.append(re.escape(frag)) pat = re.compile(r'\A' + r'\.'.join(pats) + r'\Z', re.IGNORECASE) return pat.match(hostname) def match_hostname(cert, hostname): """Backported from Python 3.4.3 standard library. Verify that *cert* (in decoded format as returned by SSLSocket.getpeercert()) matches the *hostname*. RFC 2818 and RFC 6125 rules are followed, but IP addresses are not accepted for *hostname*. CertificateError is raised on failure. On success, the function returns nothing. """ if not cert: raise ValueError("empty or no certificate, match_hostname needs a " "SSL socket or SSL context with either " "CERT_OPTIONAL or CERT_REQUIRED") dnsnames = [] san = cert.get('subjectAltName', ()) for key, value in san: if key == 'DNS': if _dnsname_match(value, hostname): return dnsnames.append(value) if not dnsnames: # The subject is only checked when there is no dNSName entry # in subjectAltName for sub in cert.get('subject', ()): for key, value in sub: # XXX according to RFC 2818, the most specific Common Name # must be used. if key == 'commonName': if _dnsname_match(value, hostname): return dnsnames.append(value) if len(dnsnames) > 1: raise CertificateError("hostname %r " "doesn't match either of %s" % (hostname, ', '.join(map(repr, dnsnames)))) elif len(dnsnames) == 1: raise CertificateError("hostname %r " "doesn't match %r" % (hostname, dnsnames[0])) else: raise CertificateError("no appropriate commonName or " "subjectAltName fields were found") ldap3-2.4.1/ldap3/utils/uri.py0000666000000000000000000001144413226436321014175 0ustar 00000000000000""" """ # Created on 2014.09.08 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . try: from urllib.parse import unquote # Python3 except ImportError: from urllib import unquote # Python 2 from .. import SUBTREE, BASE, LEVEL def parse_uri(uri): """ Decode LDAP URI as specified in RFC 4516 relaxing specifications permitting 'ldaps' as scheme for ssl-ldap """ # ldapurl = scheme COLON SLASH SLASH [host [COLON port]] # [SLASH dn [QUESTION [attributes] # [QUESTION [scope] [QUESTION [filter] # [QUESTION extensions]]]]] # ; and are defined # ; in Sections 3.2.2 and 3.2.3 # ; of [RFC3986]. # ; is from Section 3 of # ; [RFC4515], subject to the # ; provisions of the # ; "Percent-Encoding" section # ; below. # # scheme = "ldap" / "ldaps" <== not RFC4516 compliant (original is 'scheme = "ldap"') # dn = distinguishedName ; From Section 3 of [RFC4514], # ; subject to the provisions of # ; the "Percent-Encoding" # ; section below. # # attributes = attrdesc *(COMMA attrdesc) # attrdesc = selector *(COMMA selector) # selector = attributeSelector ; From Section 4.5.1 of # ; [RFC4511], subject to the # ; provisions of the # ; "Percent-Encoding" section # ; below. # # scope = "base" / "one" / "sub" # extensions = extension *(COMMA extension) # extension = [EXCLAMATION] extype [EQUALS exvalue] # extype = oid ; From section 1.4 of [RFC4512]. # # exvalue = LDAPString ; From section 4.1.2 of # ; [RFC4511], subject to the # ; provisions of the # ; "Percent-Encoding" section # ; below. # # EXCLAMATION = %x21 ; exclamation mark ("!") # SLASH = %x2F ; forward slash ("/") # COLON = %x3A ; colon (":") # QUESTION = %x3F ; question mark ("?") uri_components = dict() parts = unquote(uri).split('?') # encoding defaults to utf-8 in Python 3 scheme, sep, remain = parts[0].partition('://') if sep != '://' or scheme not in ['ldap', 'ldaps']: return None address, _, uri_components['base'] = remain.partition('/') uri_components['ssl'] = True if scheme == 'ldaps' else False uri_components['host'], sep, uri_components['port'] = address.partition(':') if sep != ':': if uri_components['ssl']: uri_components['port'] = 636 else: uri_components['port'] = None else: if not uri_components['port'].isdigit() or not (0 < int(uri_components['port']) < 65536): return None else: uri_components['port'] = int(uri_components['port']) uri_components['attributes'] = parts[1].split(',') if len(parts) > 1 else None uri_components['scope'] = parts[2] if len(parts) > 2 else None if uri_components['scope'] == 'base': uri_components['scope'] = BASE elif uri_components['scope'] == 'sub': uri_components['scope'] = SUBTREE elif uri_components['scope'] == 'one': uri_components['scope'] = LEVEL elif uri_components['scope']: return None uri_components['filter'] = parts[3] if len(parts) > 3 else None uri_components['extensions'] = parts[4].split(',') if len(parts) > 4 else None return uri_components ldap3-2.4.1/ldap3/utils/__init__.py0000666000000000000000000000000012767320327015126 0ustar 00000000000000ldap3-2.4.1/ldap3/version.py0000666000000000000000000000125313231031756013717 0ustar 00000000000000# THIS FILE IS AUTO-GENERATED. PLEASE DO NOT MODIFY# version file for ldap3 # generated on 2018-01-21 07:32:14.704404 # on system uname_result(system='Windows', node='ELITE10GC', release='10', version='10.0.16299', machine='AMD64', processor='Intel64 Family 6 Model 58 Stepping 9, GenuineIntel') # with Python 3.6.4 - ('v3.6.4:d48eceb', 'Dec 19 2017 06:54:40') - MSC v.1900 64 bit (AMD64) # __version__ = '2.4.1' __author__ = 'Giovanni Cannata' __email__ = 'cannatag@gmail.com' __url__ = 'https://github.com/cannatag/ldap3' __description__ = 'A strictly RFC 4510 conforming LDAP V3 pure Python client library' __status__ = '5 - Production/Stable' __license__ = 'LGPL v3' ldap3-2.4.1/ldap3/__init__.py0000666000000000000000000000774313226436321014004 0ustar 00000000000000""" """ # Created on 2013.05.15 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from types import GeneratorType # authentication ANONYMOUS = 'ANONYMOUS' SIMPLE = 'SIMPLE' SASL = 'SASL' NTLM = 'NTLM' # SASL MECHANISMS EXTERNAL = 'EXTERNAL' DIGEST_MD5 = 'DIGEST-MD5' KERBEROS = GSSAPI = 'GSSAPI' PLAIN = 'PLAIN' AUTO_BIND_NONE = 'NONE' # same as False AUTO_BIND_NO_TLS = 'NO_TLS' # same as True AUTO_BIND_TLS_BEFORE_BIND = 'TLS_BEFORE_BIND' AUTO_BIND_TLS_AFTER_BIND = 'TLS_AFTER_BIND' # server IP dual stack mode IP_SYSTEM_DEFAULT = 'IP_SYSTEM_DEFAULT' IP_V4_ONLY = 'IP_V4_ONLY' IP_V6_ONLY = 'IP_V6_ONLY' IP_V4_PREFERRED = 'IP_V4_PREFERRED' IP_V6_PREFERRED = 'IP_V6_PREFERRED' # search scope BASE = 'BASE' LEVEL = 'LEVEL' SUBTREE = 'SUBTREE' # search alias DEREF_NEVER = 'NEVER' DEREF_SEARCH = 'SEARCH' DEREF_BASE = 'FINDING_BASE' DEREF_ALWAYS = 'ALWAYS' # search attributes ALL_ATTRIBUTES = '*' NO_ATTRIBUTES = '1.1' # as per RFC 4511 ALL_OPERATIONAL_ATTRIBUTES = '+' # as per RFC 3673 # modify type MODIFY_ADD = 'MODIFY_ADD' MODIFY_DELETE = 'MODIFY_DELETE' MODIFY_REPLACE = 'MODIFY_REPLACE' MODIFY_INCREMENT = 'MODIFY_INCREMENT' # client strategies SYNC = 'SYNC' ASYNC = 'ASYNC' LDIF = 'LDIF' RESTARTABLE = 'RESTARTABLE' REUSABLE = 'REUSABLE' MOCK_SYNC = 'MOCK_SYNC' MOCK_ASYNC = 'MOCK_ASYNC' ASYNC_STREAM = 'ASYNC_STREAM' # get rootDSE info NONE = 'NO_INFO' DSA = 'DSA' SCHEMA = 'SCHEMA' ALL = 'ALL' OFFLINE_EDIR_8_8_8 = 'EDIR_8_8_8' OFFLINE_AD_2012_R2 = 'AD_2012_R2' OFFLINE_SLAPD_2_4 = 'SLAPD_2_4' OFFLINE_DS389_1_3_3 = 'DS389_1_3_3' # server pooling FIRST = 'FIRST' ROUND_ROBIN = 'ROUND_ROBIN' RANDOM = 'RANDOM' # Hashed password HASHED_NONE = 'PLAIN' HASHED_SHA = 'SHA' HASHED_SHA256 = 'SHA256' HASHED_SHA384 = 'SHA384' HASHED_SHA512 = 'SHA512' HASHED_MD5 = 'MD5' HASHED_SALTED_SHA = 'SALTED_SHA' HASHED_SALTED_SHA256 = 'SALTED_SHA256' HASHED_SALTED_SHA384 = 'SALTED_SHA384' HASHED_SALTED_SHA512 = 'SALTED_SHA512' HASHED_SALTED_MD5 = 'SALTED_MD5' if str is not bytes: # Python 3 NUMERIC_TYPES = (int, float) else: NUMERIC_TYPES = (int, long, float) # types for string and sequence if str is not bytes: # Python 3 STRING_TYPES = (str, ) SEQUENCE_TYPES = (set, list, tuple, GeneratorType, type(dict().keys())) # dict.keys() is a iterable memoryview in Python 3 else: # Python 2 try: from future.types.newstr import newstr except ImportError: pass STRING_TYPES = (str, unicode) SEQUENCE_TYPES = (set, list, tuple, GeneratorType) # centralized imports # must be at the end of the __init__.py file from .version import __author__, __version__, __email__, __description__, __status__, __license__, __url__ from .utils.config import get_config_parameter, set_config_parameter from .core.server import Server from .core.connection import Connection from .core.tls import Tls from .core.pooling import ServerPool from .abstract.objectDef import ObjectDef from .abstract.attrDef import AttrDef from .abstract.attribute import Attribute, WritableAttribute, OperationalAttribute from .abstract.entry import Entry, WritableEntry from .abstract.cursor import Reader, Writer from .protocol.rfc4512 import DsaInfo, SchemaInfo ldap3-2.4.1/ldap3.egg-info/0000777000000000000000000000000013231031760013344 5ustar 00000000000000ldap3-2.4.1/ldap3.egg-info/dependency_links.txt0000666000000000000000000000000113231031760017412 0ustar 00000000000000 ldap3-2.4.1/ldap3.egg-info/PKG-INFO0000666000000000000000000001326013231031760014443 0ustar 00000000000000Metadata-Version: 1.1 Name: ldap3 Version: 2.4.1 Summary: A strictly RFC 4510 conforming LDAP V3 pure Python client library Home-page: https://github.com/cannatag/ldap3 Author: Giovanni Cannata Author-email: cannatag@gmail.com License: LGPL v3 Description-Content-Type: UNKNOWN Description: LDAP3 ===== .. image:: https://img.shields.io/pypi/v/ldap3.svg :target: https://pypi.python.org/pypi/ldap3/ :alt: Latest Version .. image:: https://img.shields.io/pypi/l/ldap3.svg :target: https://pypi.python.org/pypi/ldap3/ :alt: License .. image:: https://img.shields.io/travis/cannatag/ldap3/master.svg :target: https://travis-ci.org/cannatag/ldap3 :alt: TRAVIS-CI build status for master branch ldap3 is a strictly RFC 4510 conforming **LDAP V3 pure Python client** library. The same codebase runs in Python 2, Python 3, PyPy and PyPy3. Version 2 warning ----------------- In version 2 of ldap3 some default values have been changed and the ldap3 namespace has been decluttered, removing redundant constants (look at the changelog for details). Also, the result code constants were moved to ldap3.core.results and the ldap3 custom exceptions were stored in ldap3.core.exceptions. If you experience errors in your existing code you should rearrange the import statements or explicitly set the defaults to their former values. A more pythonic LDAP -------------------- LDAP operations look clumsy and hard-to-use because they reflect the old-age idea that time-consuming operations should be performed client-side to not hog the server with heavy elaborations. To alleviate this ldap3 includes a fully functional **Abstraction Layer** that lets you interact with the LDAP server in a modern and *pythonic* way. With the Abstraction Layer you don't need to directly issue any LDAP operation at all. Home Page --------- Project home page is https://github.com/cannatag/ldap3 Documentation ------------- Documentation is available at http://ldap3.readthedocs.io License ------- The ldap3 project is open source software released under the **LGPL v3 license**. Copyright 2013 - 2018 Giovanni Cannata PEP8 Compliance --------------- ldap3 is PEP8 compliant, except for line length. Download -------- Package download is available at https://pypi.python.org/pypi/ldap3. Install ------- Install with **pip install ldap3** Git repository -------------- You can download the latest source at https://github.com/cannatag/ldap3 Continuous integration ---------------------- Continuous integration for testing is at https://travis-ci.org/cannatag/ldap3 Support ------- You can submit support tickets on https://github.com/cannatag/ldap3/issues/new You can submit pull request on the **dev** branch at https://github.com/cannatag/ldap3/tree/dev Thanks to --------- * **Ilya Etingof**, the author of the *pyasn1* package for his excellent work and support. * **Mark Lutz** for his *Learning Python* and *Programming Python* excellent books series and **John Goerzen** and **Brandon Rhodes** for their book *Foundations of Python Network Programming*. These books are wonderful tools for learning Python and this project owes a lot to them. * **JetBrains** for donating to this project the Open Source license of *PyCharm Professional*. * **GitHub** for providing the *free source repository space and the tools* I use to develop this project. * The **FreeIPA** team for letting me use their demo LDAP server in the ldap3 tutorial. Contact me ---------- For information and suggestions you can contact me at cannatag@gmail.com. You can also open a support ticket on https://github.com/cannatag/ldap3/issues/new Donate ------ If you want to keep this project up and running you can send me an Amazon gift card. I will use it to improve my skills in the Information and Communication technology. Changelog --------- Updated changelog at https://ldap3.readthedocs.io/changelog.html Keywords: python3 python2 ldap Platform: UNKNOWN Classifier: Development Status :: 5 - Production/Stable Classifier: Intended Audience :: Developers Classifier: Intended Audience :: System Administrators Classifier: Operating System :: MacOS :: MacOS X Classifier: Operating System :: Microsoft :: Windows Classifier: Operating System :: POSIX :: Linux Classifier: License :: OSI Approved :: GNU Lesser General Public License v3 (LGPLv3) Classifier: Programming Language :: Python Classifier: Programming Language :: Python :: 2 Classifier: Programming Language :: Python :: 3 Classifier: Topic :: Software Development :: Libraries :: Python Modules Classifier: Topic :: System :: Systems Administration :: Authentication/Directory :: LDAP ldap3-2.4.1/ldap3.egg-info/requires.txt0000666000000000000000000000001613231031760015741 0ustar 00000000000000pyasn1>=0.1.8 ldap3-2.4.1/ldap3.egg-info/SOURCES.txt0000666000000000000000000001140013231031760015224 0ustar 00000000000000COPYING.LESSER.txt COPYING.txt LICENSE.txt MANIFEST.in README.rst _version.json requirements.txt setup.py ./ldap3/__init__.py ./ldap3/version.py ./ldap3/abstract/__init__.py ./ldap3/abstract/attrDef.py ./ldap3/abstract/attribute.py ./ldap3/abstract/cursor.py ./ldap3/abstract/entry.py ./ldap3/abstract/objectDef.py ./ldap3/core/__init__.py ./ldap3/core/connection.py ./ldap3/core/exceptions.py ./ldap3/core/pooling.py ./ldap3/core/results.py ./ldap3/core/server.py ./ldap3/core/timezone.py ./ldap3/core/tls.py ./ldap3/core/usage.py ./ldap3/extend/__init__.py ./ldap3/extend/operation.py ./ldap3/extend/microsoft/__init__.py ./ldap3/extend/microsoft/addMembersToGroups.py ./ldap3/extend/microsoft/dirSync.py ./ldap3/extend/microsoft/modifyPassword.py ./ldap3/extend/microsoft/removeMembersFromGroups.py ./ldap3/extend/microsoft/unlockAccount.py ./ldap3/extend/novell/__init__.py ./ldap3/extend/novell/addMembersToGroups.py ./ldap3/extend/novell/checkGroupsMemberships.py ./ldap3/extend/novell/endTransaction.py ./ldap3/extend/novell/getBindDn.py ./ldap3/extend/novell/listReplicas.py ./ldap3/extend/novell/nmasGetUniversalPassword.py ./ldap3/extend/novell/nmasSetUniversalPassword.py ./ldap3/extend/novell/partition_entry_count.py ./ldap3/extend/novell/removeMembersFromGroups.py ./ldap3/extend/novell/replicaInfo.py ./ldap3/extend/novell/startTransaction.py ./ldap3/extend/standard/PagedSearch.py ./ldap3/extend/standard/PersistentSearch.py ./ldap3/extend/standard/__init__.py ./ldap3/extend/standard/modifyPassword.py ./ldap3/extend/standard/whoAmI.py ./ldap3/operation/__init__.py ./ldap3/operation/abandon.py ./ldap3/operation/add.py ./ldap3/operation/bind.py ./ldap3/operation/compare.py ./ldap3/operation/delete.py ./ldap3/operation/extended.py ./ldap3/operation/modify.py ./ldap3/operation/modifyDn.py ./ldap3/operation/search.py ./ldap3/operation/unbind.py ./ldap3/protocol/__init__.py ./ldap3/protocol/controls.py ./ldap3/protocol/convert.py ./ldap3/protocol/microsoft.py ./ldap3/protocol/novell.py ./ldap3/protocol/oid.py ./ldap3/protocol/persistentSearch.py ./ldap3/protocol/rfc2696.py ./ldap3/protocol/rfc2849.py ./ldap3/protocol/rfc3062.py ./ldap3/protocol/rfc4511.py ./ldap3/protocol/rfc4512.py ./ldap3/protocol/rfc4527.py ./ldap3/protocol/formatters/__init__.py ./ldap3/protocol/formatters/formatters.py ./ldap3/protocol/formatters/standard.py ./ldap3/protocol/formatters/validators.py ./ldap3/protocol/sasl/__init__.py ./ldap3/protocol/sasl/digestMd5.py ./ldap3/protocol/sasl/external.py ./ldap3/protocol/sasl/kerberos.py ./ldap3/protocol/sasl/plain.py ./ldap3/protocol/sasl/sasl.py ./ldap3/protocol/schemas/__init__.py ./ldap3/protocol/schemas/ad2012R2.py ./ldap3/protocol/schemas/ds389.py ./ldap3/protocol/schemas/edir888.py ./ldap3/protocol/schemas/slapd24.py ./ldap3/strategy/__init__.py ./ldap3/strategy/asyncStream.py ./ldap3/strategy/asynchronous.py ./ldap3/strategy/base.py ./ldap3/strategy/ldifProducer.py ./ldap3/strategy/mockAsync.py ./ldap3/strategy/mockBase.py ./ldap3/strategy/mockSync.py ./ldap3/strategy/restartable.py ./ldap3/strategy/reusable.py ./ldap3/strategy/sync.py ./ldap3/utils/__init__.py ./ldap3/utils/asn1.py ./ldap3/utils/ciDict.py ./ldap3/utils/config.py ./ldap3/utils/conv.py ./ldap3/utils/dn.py ./ldap3/utils/hashed.py ./ldap3/utils/log.py ./ldap3/utils/ntlm.py ./ldap3/utils/ordDict.py ./ldap3/utils/repr.py ./ldap3/utils/tls_backport.py ./ldap3/utils/uri.py ldap3.egg-info/PKG-INFO ldap3.egg-info/SOURCES.txt ldap3.egg-info/dependency_links.txt ldap3.egg-info/requires.txt ldap3.egg-info/top_level.txt test/testAbandonOperation.py test/testAbstractionDefs.py test/testAbstractionDefsFromSchema.py test/testAbstractionSearch.py test/testAbstractionWrite.py test/testAddMembersToGroups.py test/testAddOperation.py test/testBindOperation.py test/testBytesOperation.py test/testCaseInsensitiveDictionary.py test/testCaseInsensitiveWithAliasDictionary.py test/testCheckGroupMembership.py test/testCheckNamesFalse.py test/testCheckNamesTrue.py test/testCheckedAttributes.py test/testCompareOperation.py test/testConnection.py test/testControls.py test/testDeleteOperation.py test/testDnParsing.py test/testExceptions.py test/testExtendedOperations.py test/testExtensions.py test/testFormatGeneralizedTime.py test/testLDIF-change.py test/testLDIF-content.py test/testMicrosoftAD.py test/testMockASyncStrategy.py test/testMockBase.py test/testMockSyncStrategy.py test/testModifyDNOperation.py test/testModifyOperation.py test/testOfflineSchema.py test/testParseSearchFilter.py test/testRebindOperation.py test/testRemoveMembersFromGroups.py test/testRestartable.py test/testSaslPrep.py test/testSchema.py test/testSearchAndModifyEntries.py test/testSearchOperation.py test/testSearchOperationEntries.py test/testSearchOperationJSON.py test/testTls.py test/testTransactions.py test/testValidators.py test/testWriterCursor.pyldap3-2.4.1/ldap3.egg-info/top_level.txt0000666000000000000000000000000613231031760016072 0ustar 00000000000000ldap3 ldap3-2.4.1/LICENSE.txt0000666000000000000000000000125312767320326012507 0ustar 00000000000000This program is free software: you can redistribute it and/or modify it under the terms of the GNU Lesser General Public License as published by the Free Software Foundation, either version 3 of the License, or (at your option) any later version. This program is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU Lesser General Public License for more details. You should have received a copy of the GNU Lesser General Public License along with this program in the COPYING and COPYING.LESSER files. If not, see .ldap3-2.4.1/MANIFEST.in0000666000000000000000000000013613013523260012404 0ustar 00000000000000include COPYING.txt COPYING.LESSER.txt LICENSE.txt README.rst requirements.txt _version.json ldap3-2.4.1/PKG-INFO0000666000000000000000000001326013231031760011746 0ustar 00000000000000Metadata-Version: 1.1 Name: ldap3 Version: 2.4.1 Summary: A strictly RFC 4510 conforming LDAP V3 pure Python client library Home-page: https://github.com/cannatag/ldap3 Author: Giovanni Cannata Author-email: cannatag@gmail.com License: LGPL v3 Description-Content-Type: UNKNOWN Description: LDAP3 ===== .. image:: https://img.shields.io/pypi/v/ldap3.svg :target: https://pypi.python.org/pypi/ldap3/ :alt: Latest Version .. image:: https://img.shields.io/pypi/l/ldap3.svg :target: https://pypi.python.org/pypi/ldap3/ :alt: License .. image:: https://img.shields.io/travis/cannatag/ldap3/master.svg :target: https://travis-ci.org/cannatag/ldap3 :alt: TRAVIS-CI build status for master branch ldap3 is a strictly RFC 4510 conforming **LDAP V3 pure Python client** library. The same codebase runs in Python 2, Python 3, PyPy and PyPy3. Version 2 warning ----------------- In version 2 of ldap3 some default values have been changed and the ldap3 namespace has been decluttered, removing redundant constants (look at the changelog for details). Also, the result code constants were moved to ldap3.core.results and the ldap3 custom exceptions were stored in ldap3.core.exceptions. If you experience errors in your existing code you should rearrange the import statements or explicitly set the defaults to their former values. A more pythonic LDAP -------------------- LDAP operations look clumsy and hard-to-use because they reflect the old-age idea that time-consuming operations should be performed client-side to not hog the server with heavy elaborations. To alleviate this ldap3 includes a fully functional **Abstraction Layer** that lets you interact with the LDAP server in a modern and *pythonic* way. With the Abstraction Layer you don't need to directly issue any LDAP operation at all. Home Page --------- Project home page is https://github.com/cannatag/ldap3 Documentation ------------- Documentation is available at http://ldap3.readthedocs.io License ------- The ldap3 project is open source software released under the **LGPL v3 license**. Copyright 2013 - 2018 Giovanni Cannata PEP8 Compliance --------------- ldap3 is PEP8 compliant, except for line length. Download -------- Package download is available at https://pypi.python.org/pypi/ldap3. Install ------- Install with **pip install ldap3** Git repository -------------- You can download the latest source at https://github.com/cannatag/ldap3 Continuous integration ---------------------- Continuous integration for testing is at https://travis-ci.org/cannatag/ldap3 Support ------- You can submit support tickets on https://github.com/cannatag/ldap3/issues/new You can submit pull request on the **dev** branch at https://github.com/cannatag/ldap3/tree/dev Thanks to --------- * **Ilya Etingof**, the author of the *pyasn1* package for his excellent work and support. * **Mark Lutz** for his *Learning Python* and *Programming Python* excellent books series and **John Goerzen** and **Brandon Rhodes** for their book *Foundations of Python Network Programming*. These books are wonderful tools for learning Python and this project owes a lot to them. * **JetBrains** for donating to this project the Open Source license of *PyCharm Professional*. * **GitHub** for providing the *free source repository space and the tools* I use to develop this project. * The **FreeIPA** team for letting me use their demo LDAP server in the ldap3 tutorial. Contact me ---------- For information and suggestions you can contact me at cannatag@gmail.com. You can also open a support ticket on https://github.com/cannatag/ldap3/issues/new Donate ------ If you want to keep this project up and running you can send me an Amazon gift card. I will use it to improve my skills in the Information and Communication technology. Changelog --------- Updated changelog at https://ldap3.readthedocs.io/changelog.html Keywords: python3 python2 ldap Platform: UNKNOWN Classifier: Development Status :: 5 - Production/Stable Classifier: Intended Audience :: Developers Classifier: Intended Audience :: System Administrators Classifier: Operating System :: MacOS :: MacOS X Classifier: Operating System :: Microsoft :: Windows Classifier: Operating System :: POSIX :: Linux Classifier: License :: OSI Approved :: GNU Lesser General Public License v3 (LGPLv3) Classifier: Programming Language :: Python Classifier: Programming Language :: Python :: 2 Classifier: Programming Language :: Python :: 3 Classifier: Topic :: Software Development :: Libraries :: Python Modules Classifier: Topic :: System :: Systems Administration :: Authentication/Directory :: LDAP ldap3-2.4.1/README.rst0000666000000000000000000000727013226436771012363 0ustar 00000000000000LDAP3 ===== .. image:: https://img.shields.io/pypi/v/ldap3.svg :target: https://pypi.python.org/pypi/ldap3/ :alt: Latest Version .. image:: https://img.shields.io/pypi/l/ldap3.svg :target: https://pypi.python.org/pypi/ldap3/ :alt: License .. image:: https://img.shields.io/travis/cannatag/ldap3/master.svg :target: https://travis-ci.org/cannatag/ldap3 :alt: TRAVIS-CI build status for master branch ldap3 is a strictly RFC 4510 conforming **LDAP V3 pure Python client** library. The same codebase runs in Python 2, Python 3, PyPy and PyPy3. Version 2 warning ----------------- In version 2 of ldap3 some default values have been changed and the ldap3 namespace has been decluttered, removing redundant constants (look at the changelog for details). Also, the result code constants were moved to ldap3.core.results and the ldap3 custom exceptions were stored in ldap3.core.exceptions. If you experience errors in your existing code you should rearrange the import statements or explicitly set the defaults to their former values. A more pythonic LDAP -------------------- LDAP operations look clumsy and hard-to-use because they reflect the old-age idea that time-consuming operations should be performed client-side to not hog the server with heavy elaborations. To alleviate this ldap3 includes a fully functional **Abstraction Layer** that lets you interact with the LDAP server in a modern and *pythonic* way. With the Abstraction Layer you don't need to directly issue any LDAP operation at all. Home Page --------- Project home page is https://github.com/cannatag/ldap3 Documentation ------------- Documentation is available at http://ldap3.readthedocs.io License ------- The ldap3 project is open source software released under the **LGPL v3 license**. Copyright 2013 - 2018 Giovanni Cannata PEP8 Compliance --------------- ldap3 is PEP8 compliant, except for line length. Download -------- Package download is available at https://pypi.python.org/pypi/ldap3. Install ------- Install with **pip install ldap3** Git repository -------------- You can download the latest source at https://github.com/cannatag/ldap3 Continuous integration ---------------------- Continuous integration for testing is at https://travis-ci.org/cannatag/ldap3 Support ------- You can submit support tickets on https://github.com/cannatag/ldap3/issues/new You can submit pull request on the **dev** branch at https://github.com/cannatag/ldap3/tree/dev Thanks to --------- * **Ilya Etingof**, the author of the *pyasn1* package for his excellent work and support. * **Mark Lutz** for his *Learning Python* and *Programming Python* excellent books series and **John Goerzen** and **Brandon Rhodes** for their book *Foundations of Python Network Programming*. These books are wonderful tools for learning Python and this project owes a lot to them. * **JetBrains** for donating to this project the Open Source license of *PyCharm Professional*. * **GitHub** for providing the *free source repository space and the tools* I use to develop this project. * The **FreeIPA** team for letting me use their demo LDAP server in the ldap3 tutorial. Contact me ---------- For information and suggestions you can contact me at cannatag@gmail.com. You can also open a support ticket on https://github.com/cannatag/ldap3/issues/new Donate ------ If you want to keep this project up and running you can send me an Amazon gift card. I will use it to improve my skills in the Information and Communication technology. Changelog --------- Updated changelog at https://ldap3.readthedocs.io/changelog.html ldap3-2.4.1/requirements.txt0000666000000000000000000000001712767320327014146 0ustar 00000000000000pyasn1>=0.1.8 ldap3-2.4.1/setup.cfg0000666000000000000000000000005213231031760012465 0ustar 00000000000000[egg_info] tag_build = tag_date = 0 ldap3-2.4.1/setup.py0000666000000000000000000001461313226437506012402 0ustar 00000000000000""" """ # Created on 2013.07.11 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import os from setuptools import setup from json import load version_dict = load(open('_version.json', 'r')) version = str(version_dict['version']) author = str(version_dict['author']) email = str(version_dict['email']) license = str(version_dict['license']) url = str(version_dict['url']) description = str(version_dict['description']) package_name = str(version_dict['package_name']) package_folder = str(version_dict['package_folder']) status = str(version_dict['status']) long_description = str(open('README.rst').read()) packages=['ldap3', 'ldap3.abstract', 'ldap3.core', 'ldap3.operation', 'ldap3.protocol', 'ldap3.protocol.sasl', 'ldap3.protocol.schemas', 'ldap3.protocol.formatters', 'ldap3.strategy', 'ldap3.utils', 'ldap3.extend', 'ldap3.extend.novell', 'ldap3.extend.microsoft', 'ldap3.extend.standard'] setup_kwargs = {'packages': packages, 'package_dir': {'': package_folder}} try: from Cython.Build import cythonize HAS_CYTHON = True except ImportError: HAS_CYTHON = False if 'LDAP3_CYTHON_COMPILE' in os.environ and HAS_CYTHON is True: import sys import multiprocessing import multiprocessing.pool from setuptools import Extension from distutils.command.build_py import build_py from distutils.command.build_ext import build_ext # Change to source's directory prior to running any command try: SETUP_DIRNAME = os.path.dirname(__file__) except NameError: # We're most likely being frozen and __file__ triggered this NameError # Let's work around that SETUP_DIRNAME = os.path.dirname(sys.argv[0]) if SETUP_DIRNAME != '': os.chdir(SETUP_DIRNAME) SETUP_DIRNAME = os.path.abspath(SETUP_DIRNAME) def find_ext(): for package in ('ldap3',): for root, _, files in os.walk(os.path.join(SETUP_DIRNAME, package)): commonprefix = os.path.commonprefix([SETUP_DIRNAME, root]) for filename in files: full = os.path.join(root, filename) if not filename.endswith(('.py', '.c')): continue if filename in ('__init__.py',): continue relpath = os.path.join(root, filename).split(commonprefix)[-1][1:] module = os.path.splitext(relpath)[0].replace(os.sep, '.') yield Extension(module, [full]) def discover_packages(): modules = [] pkg_data = {} pkg_dir = {} for package in ('ldap3',): for root, _, files in os.walk(os.path.join(SETUP_DIRNAME, package)): if '__init__.py' not in files: continue pdir = os.path.relpath(root, SETUP_DIRNAME) modname = pdir.replace(os.sep, '.') modules.append(modname) pkg_data.setdefault(modname, []).append('*.so') pkg_dir[modname] = pdir return modules, pkg_dir, pkg_data ext_modules = cythonize(list(find_ext()), nthreads=multiprocessing.cpu_count()) class BuildPy(build_py): def find_package_modules(self, package, package_dir): modules = build_py.find_package_modules(self, package, package_dir) for package, module, filename in modules: if module not in ('__init__',): # We only want __init__ python files # All others will be built as extensions continue yield package, module, filename class BuildExt(build_ext): def run(self): self.extensions = ext_modules build_ext.run(self) def build_extensions(self): multiprocessing.pool.ThreadPool( processes=multiprocessing.cpu_count()).map( self.build_extension, self.extensions) packages, package_dir, package_data = discover_packages() setup_kwargs['packages'] = packages setup_kwargs['package_dir'] = package_dir setup_kwargs['package_data'] = package_data setup_kwargs['cmdclass'] = {'build_py': BuildPy, 'build_ext': BuildExt} setup_kwargs['ext_modules'] = ext_modules setup_kwargs['zip_safe'] = False setup(name=package_name, version=version, install_requires=[i.strip() for i in open('requirements.txt').readlines()], license=license, author=author, author_email=email, description=description, long_description=long_description, keywords='python3 python2 ldap', url=url, classifiers=['Development Status :: 5 - Production/Stable', 'Intended Audience :: Developers', 'Intended Audience :: System Administrators', 'Operating System :: MacOS :: MacOS X', 'Operating System :: Microsoft :: Windows', 'Operating System :: POSIX :: Linux', 'License :: OSI Approved :: GNU Lesser General Public License v3 (LGPLv3)', 'Programming Language :: Python', 'Programming Language :: Python :: 2', 'Programming Language :: Python :: 3', 'Topic :: Software Development :: Libraries :: Python Modules', 'Topic :: System :: Systems Administration :: Authentication/Directory :: LDAP'], **setup_kwargs ) ldap3-2.4.1/test/0000777000000000000000000000000013231031760011626 5ustar 00000000000000ldap3-2.4.1/test/testAbandonOperation.py0000666000000000000000000000353213226436742016343 0ustar 00000000000000""" """ # Created on 2016.04.29 # # Author: Giovanni Cannata # # Copyright 2016 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from test.config import random_id, get_connection, drop_connection testcase_id = '' class Test(unittest.TestCase): def setUp(self): global testcase_id testcase_id = random_id() self.connection = get_connection(check_names=True) self.delete_at_teardown = [] def tearDown(self): drop_connection(self.connection, self.delete_at_teardown) self.assertFalse(self.connection.bound) def test_abandon_0(self): # abandon(0) should work as a "ping" to the server result = self.connection.abandon(0) self.assertTrue(result) def test_abandon_1(self): # should abandon a specific operation, but messageID 1 has been used by the authentication result = self.connection.abandon(1) self.assertFalse(result) def test_abandon_99999999(self): # should abandon a not yet existing specific operation result = self.connection.abandon(99999999) self.assertFalse(result) ldap3-2.4.1/test/testAbstractionDefs.py0000666000000000000000000000707413226436742016200 0ustar 00000000000000""" """ # Created on 2014.01.12 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from ldap3 import ObjectDef, AttrDef, Reader from ldap3.abstract.cursor import _create_query_dict from test.config import test_base, get_connection, drop_connection class Test(unittest.TestCase): def setUp(self): self.connection = get_connection(check_names=True) def tearDown(self): drop_connection(self.connection) def test_create_query_dict(self): query_text = 'Common Name:=|john;Bob, Surname:=smith' query_dict = _create_query_dict(query_text) self.assertEqual(query_dict['Common Name'], '=|john;Bob') self.assertEqual(query_dict['Surname'], '=smith') self.assertEqual(len(query_dict), 2) def test_validate_query_filter(self): o = ObjectDef() o += AttrDef('cn', 'Common Name') o += AttrDef('sn', 'Surname') o += AttrDef('givenName', 'Given Name') query_text = '|Common Name:=john;=Bob, Surname:=smith' r = Reader(self.connection, o, test_base, query_text) r._validate_query() self.assertEqual('Surname: =smith, |CommonName: =Bob;=john', r.validated_query) def test_create_query_filter(self): o = ObjectDef() o += AttrDef('cn', 'Common Name') o += AttrDef('sn', 'Surname') o += AttrDef('givenName', 'Given Name') query_text = '|Common Name:=john;Bob, Surname:=smith' r = Reader(self.connection, o, test_base, query_text) r._create_query_filter() self.assertEqual('(&(sn=smith)(|(cn=Bob)(cn=john)))', r.query_filter) def test_create_query_filter_single_attribute_single_value(self): o = ObjectDef() o += AttrDef('cn', 'Common Name') query_text = 'Common Name:John' r = Reader(self.connection, o, test_base, query_text) r._create_query_filter() self.assertEqual('(cn=John)', r.query_filter) def test_create_query_filter_single_attribute_multiple_value(self): o = ObjectDef() o += AttrDef('cn', 'Common Name') query_text = '|Common Name:=john;=Bob' r = Reader(self.connection, o, test_base, query_text) r._create_query_filter() self.assertEqual('(|(cn=Bob)(cn=john))', r.query_filter) def test_create_query_filter_with_object_class(self): o = ObjectDef('inetOrgPerson') o += AttrDef('cn', 'Common Name') o += AttrDef('sn', 'Surname') o += AttrDef('givenName', 'Given Name') query_text = '|Common Name:=john;=Bob, Surname:=smith' r = Reader(self.connection, o, test_base, query_text) r._create_query_filter() self.assertEqual('(&(objectClass=inetOrgPerson)(sn=smith)(|(cn=Bob)(cn=john)))', r.query_filter) ldap3-2.4.1/test/testAbstractionDefsFromSchema.py0000666000000000000000000000401013226436742020130 0ustar 00000000000000""" """ # Created on 2016.08.09 # # Author: Giovanni Cannata # # Copyright 2016 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from ldap3 import ALL from ldap3 import ObjectDef, Reader from test.config import test_base, get_connection, drop_connection, random_id, add_user testcase_id = '' class Test(unittest.TestCase): def setUp(self): global testcase_id testcase_id = random_id() self.connection = get_connection(get_info=ALL, check_names=True) self.delete_at_teardown = [] def tearDown(self): drop_connection(self.connection, self.delete_at_teardown) self.assertFalse(self.connection.bound) def test_create_objectdef_from_schema(self): o = ObjectDef(['inetorgPerson', 'person'], self.connection) self.assertEqual(o.cn.name, 'cn') def test_search_object(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'abstract-1')) o = ObjectDef(['inetorgPerson', 'person'], self.connection) r = Reader(self.connection, o, test_base, '(cn=' + testcase_id + 'abstract-1)') r.search(attributes='cn') # AD returns operationError for reading some atributes self.assertEqual(len(r), 1) self.assertEqual(r.entries[0].cn, testcase_id + 'abstract-1') ldap3-2.4.1/test/testAbstractionSearch.py0000666000000000000000000003507713226436742016530 0ustar 00000000000000""" """ # Created on 2014.01.19 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from ldap3 import ObjectDef, AttrDef, Reader from test.config import test_base, add_user, add_group, get_connection, drop_connection, random_id, test_server_type, test_multivalued_attribute, test_singlevalued_attribute testcase_id = '' class Test(unittest.TestCase): def setUp(self): global testcase_id testcase_id = random_id() self.connection = get_connection() self.delete_at_teardown = [] def tearDown(self): drop_connection(self.connection, self.delete_at_teardown) self.assertFalse(self.connection.bound) def test_search_filter_with_object_class(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'abs-1')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'abs-2')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'abs-3')) self.delete_at_teardown.append(add_group(self.connection, testcase_id, 'abs-grp', self.delete_at_teardown)) reverse = lambda a, e: e[::-1] o = ObjectDef('inetOrgPerson') o += AttrDef('cn', 'Common Name') o += AttrDef('sn', 'Surname') o += AttrDef(test_multivalued_attribute, 'Given Name', post_query=reverse) query_text = 'Common Name:=' + testcase_id + 'abs-*' r = Reader(self.connection, o, test_base, query_text) results = r.search() self.assertEqual(len(results), 3) def test_search_with_dereference(self): reverse = lambda a, e: e[::-1] def raise_parentheses_rank(_, l): up = {'(': '[', ')': ']', '[': '{', ']': '}', '{': '<', '}': '>'} r = [] for e in l: s = '' for c in e: s += up[c] if c in up else c r.append(s) return r self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'abs-4')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'abs-5')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'abs-6')) self.delete_at_teardown.append(add_group(self.connection, testcase_id, 'abstract-group', self.delete_at_teardown)) ou = ObjectDef('inetOrgPerson') ou += AttrDef('cn', 'Common Name', post_query=reverse) ou += AttrDef('sn', 'Surname') ou += AttrDef(test_multivalued_attribute, 'Given Name', post_query=raise_parentheses_rank) ou += AttrDef('ACL') qu = 'Common Name: ' + testcase_id + 'abs-*' ru = Reader(self.connection, ou, test_base, qu) lu = ru.search() self.assertEqual(len(lu), 3) og = ObjectDef('groupOfNames') og += AttrDef('member', dereference_dn=ou) og += 'cn' qg = 'cn := ' + testcase_id + 'abstract-group' rg = Reader(self.connection, og, test_base, qg) lg = rg.search() self.assertEqual(len(lg), 1) eg = lg[0] mg = eg.member self.assertEqual(len(mg), 3) ug = eg.member[0] self.assertTrue(str(ug.surname) in ['abs-4', 'abs-5', 'abs-6']) def test_search_with_pre_query(self): change = lambda attr, value: testcase_id + 'abs-*' self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'abs-7')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'abs-8')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'abs-9')) self.delete_at_teardown.append(add_group(self.connection, testcase_id, 'abstract-group', self.delete_at_teardown)) ou = ObjectDef('inetOrgPerson') ou += AttrDef('cn', 'Common Name', pre_query=change) ou += AttrDef('sn', 'Surname') ou += AttrDef(test_multivalued_attribute, 'Given Name') ou += AttrDef('ACL') qu = 'Common Name := bug' ru = Reader(self.connection, ou, test_base, qu) lu = ru.search() self.assertEqual(len(lu), 3) def test_search_with_default(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'abs-10')) ou = ObjectDef('inetOrgPerson') ou += AttrDef('cn', 'CommonName') ou += AttrDef('employeeType', key='Employee', default='not employed') qu = 'CommonName := ' + testcase_id + 'abs-10' ru = Reader(self.connection, ou, test_base, qu) lu = ru.search() self.assertEqual(str(lu[0].employee), 'not employed') def test_search_with_falsy_default(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'abs-11')) ou = ObjectDef('inetOrgPerson') ou += AttrDef('cn', 'CommonName') ou += AttrDef('employeeType', key='Employee', default='') qu = 'CommonName := ' + testcase_id + 'abs-11' ru = Reader(self.connection, ou, test_base, qu) lu = ru.search() self.assertEqual(lu[0].employee.value, '') def test_search_with_None_default(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'abs-12')) ou = ObjectDef('inetOrgPerson') ou += AttrDef('cn', 'CommonName') ou += AttrDef('employeeType', key='Employee', default=None) qu = 'CommonName := ' + testcase_id + 'abs-12' ru = Reader(self.connection, ou, test_base, qu) lu = ru.search() self.assertEqual(lu[0].employee.value, None) def test_find_entry_with_text_index_match(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'mat-1')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'mat-2')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'mat-3')) o = ObjectDef('inetOrgPerson') o += AttrDef('cn', 'Common Name') o += AttrDef('sn', 'Surname') o += AttrDef(test_multivalued_attribute, 'Given Name') query_text = 'Common Name:=' + testcase_id + 'mat-*' r = Reader(self.connection, o, test_base, query_text) results = r.search() self.assertEqual(len(results), 3) try: # multiple matches e = r['match'] except KeyError: pass e = r['-2'] # exact match self.assertTrue('mat-2' in e.entry_dn) try: e = r['no-match'] # no match except KeyError: pass def test_match_dn_in_cursor(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'mat-1')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'mat-2')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'mat-3')) o = ObjectDef('inetOrgPerson') o += AttrDef('cn', 'Common Name') o += AttrDef('sn', 'Surname') o += AttrDef(test_multivalued_attribute, 'Given Name') query_text = 'Common Name:=' + testcase_id + 'mat-*' r = Reader(self.connection, o, test_base, query_text) results = r.search() self.assertEqual(len(results), 3) e = r.match_dn('mat') # multiple matches self.assertEqual(len(e), 3) e = r.match_dn('-2') # single match self.assertEqual(len(e), 1) e = r.match_dn('no-match') # no match self.assertEqual(len(e), 0) def test_match_in_single_attribute(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'mat-1', attributes={test_multivalued_attribute: ['givenname-1', 'givenname-1a']})) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'mat-2', attributes={test_multivalued_attribute: ['givenname-2', 'givenname-2a']})) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'mat-3', attributes={test_multivalued_attribute: ['givenname-3', 'givenname-3a']})) o = ObjectDef('inetOrgPerson') o += AttrDef('cn', 'Common Name') o += AttrDef('sn', 'Surname') o += AttrDef(test_multivalued_attribute, 'Given Name') query_text = 'Common Name:=' + testcase_id + 'mat-*' r = Reader(self.connection, o, test_base, query_text) results = r.search() self.assertEqual(len(results), 3) e = r.match('Given Name', 'name') # multiple matches self.assertEqual(len(e), 3) e = r.match('Given Name', '2a') # single match self.assertEqual(len(e), 1) e = r.match('Given Name', 'no-match') # no match self.assertEqual(len(e), 0) def test_match_in_multiple_attribute(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'mat-1', attributes={test_multivalued_attribute: ['givenname-1', 'givenname-1a'], 'street': '1a'})) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'mat-2', attributes={test_multivalued_attribute: ['givenname-2', 'givenname-2a'], 'street': '3a'})) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'mat-3', attributes={test_multivalued_attribute: ['givenname-3', 'givenname-3a'], 'street': '4a'})) o = ObjectDef('inetOrgPerson') o += AttrDef('cn', 'Common Name') o += AttrDef('sn', 'Surname') o += AttrDef(test_multivalued_attribute, 'Given Name') o += AttrDef('street', 'Street') query_text = 'Common Name:=' + testcase_id + 'mat-*' r = Reader(self.connection, o, test_base, query_text) results = r.search() self.assertEqual(len(results), 3) e = r.match(['Given Name', 'Street'], '3a') # multiple matches self.assertEqual(len(e), 2) e = r.match(['Given Name', 'street'], '1a') # single match self.assertEqual(len(e), 1) e = r.match(['Given Name', 'street'], 'no-match') # no match self.assertEqual(len(e), 0) def test_match_in_single_attribute_with_schema(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'mat-1', attributes={test_singlevalued_attribute: 'FALSE'})) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'mat-2', attributes={test_singlevalued_attribute: 'FALSE'})) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'mat-3', attributes={test_singlevalued_attribute: 'TRUE'})) r = Reader(self.connection, 'inetorgperson', test_base, 'cn:=' + testcase_id + 'mat-*') results = r.search() self.assertEqual(len(results), 3) e = r.match(test_singlevalued_attribute, 'FALSE') self.assertEqual(len(e), 2) e = r.match(test_singlevalued_attribute, 'fAlSe') self.assertEqual(len(e), 2) def test_paged_search_accumulator_with_schema(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'mat-1')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'mat-2')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'mat-3')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'mat-4')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'mat-5')) r = Reader(self.connection, 'inetorgperson', test_base, 'cn:=' + testcase_id + 'mat-*') entries = r.search_paged(2, True, generator=False, attributes=['cn']) self.assertEqual(len(entries), 5) def test_paged_search_generator_with_schema(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'mat-1')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'mat-2')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'mat-3')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'mat-4')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'mat-5')) r = Reader(self.connection, 'inetorgperson', test_base, 'cn:=' + testcase_id + 'mat-*') entries = r.search_paged(2, True, generator=True, attributes=['cn']) cont = 0 for _ in entries: cont += 1 self.assertEqual(cont, 5) def test_paged_search_accumulator_with_schema_single_entry(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'mat-1')) r = Reader(self.connection, 'inetorgperson', test_base, 'cn:=' + testcase_id + 'mat-*') entries = r.search_paged(2, True, generator=False, attributes=['cn']) self.assertEqual(len(entries), 1) def test_paged_search_generator_with_schema_single_entry(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'mat-1')) r = Reader(self.connection, 'inetorgperson', test_base, 'cn:=' + testcase_id + 'mat-*') entries = r.search_paged(2, True, generator=True, attributes=['cn']) cont = 0 for _ in entries: cont += 1 self.assertEqual(cont, 1) def test_paged_search_accumulator_with_schema_base_object(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'mat-1')) r = Reader(self.connection, 'inetorgperson', self.delete_at_teardown[0][0]) entries = r.search_paged(2, True, generator=False, attributes=['cn']) self.assertEqual(len(entries), 1) def test_paged_search_generator_with_schema_base_object(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'mat-1')) r = Reader(self.connection, 'inetorgperson', self.delete_at_teardown[0][0]) entries = r.search_paged(2, True, generator=True, attributes=['cn']) cont = 0 for _ in entries: cont += 1 self.assertEqual(cont, 1) ldap3-2.4.1/test/testAbstractionWrite.py0000666000000000000000000001710413226436742016404 0ustar 00000000000000""" """ # Created on 2014.01.19 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from time import sleep from ldap3 import Writer, Reader, AttrDef, ObjectDef from ldap3.core.exceptions import LDAPCursorError from test.config import test_base, get_connection, drop_connection, random_id, test_moved, add_user, test_multivalued_attribute, test_server_type from ldap3.abstract import STATUS_COMMITTED, STATUS_MANDATORY_MISSING, STATUS_DELETED, STATUS_PENDING_CHANGES, STATUS_READ, \ STATUS_READY_FOR_DELETION, STATUS_READY_FOR_MOVING, STATUS_READY_FOR_RENAMING, STATUS_VIRTUAL, STATUS_WRITABLE testcase_id = '' class Test(unittest.TestCase): def setUp(self): global testcase_id testcase_id = random_id() self.connection = get_connection() self.delete_at_teardown = [] def tearDown(self): drop_connection(self.connection, self.delete_at_teardown) self.assertFalse(self.connection.bound) def test_create_new_entry_invalid_mandatory(self): if test_server_type == 'EDIR': w = Writer(self.connection, 'inetorgperson') n = w.new('cn=' + testcase_id + 'new-1,' + test_base) self.assertTrue('sn' in n.entry_mandatory_attributes) self.assertTrue(n.entry_status in [STATUS_MANDATORY_MISSING]) try: n.entry_commit_changes() except LDAPCursorError: return self.fail('Entry created with missing attributes') def test_create_new_entry_valid_mandatory_only(self): w = Writer(self.connection, 'inetorgperson') n = w.new('cn=' + testcase_id + 'new-2,' + test_base) n.sn = 'sn-test-2' self.assertEqual(n.entry_status, STATUS_PENDING_CHANGES) n.entry_commit_changes() self.assertEqual(n.sn, 'sn-test-2') self.assertEqual(n.entry_status, STATUS_COMMITTED) n.entry_delete() self.assertEqual(n.entry_status, STATUS_READY_FOR_DELETION) n.entry_commit_changes() self.assertEqual(n.entry_status, STATUS_DELETED) def test_create_new_entry_valid_mandatory_and_optional(self): w = Writer(self.connection, 'inetorgperson') n = w.new('cn=' + testcase_id + 'new-3,' + test_base) n.sn = 'sn-test-3' n.postalAddress = 'postal-address-3' self.assertEqual(n.entry_status, STATUS_PENDING_CHANGES) n.entry_commit_changes() self.assertEqual(n.sn, 'sn-test-3') self.assertEqual(n.postalAddress, 'postal-address-3') self.assertEqual(n.entry_status, STATUS_COMMITTED) n.entry_delete() self.assertEqual(n.entry_status, STATUS_READY_FOR_DELETION) n.entry_commit_changes() self.assertEqual(n.entry_status, STATUS_DELETED) def test_create_new_entry_valid_and_rename_before_commit(self): w = Writer(self.connection, 'inetorgperson') n = w.new('cn=' + testcase_id + 'new-4,' + test_base) n.sn = 'sn-test-4' self.assertEqual(n.entry_status, STATUS_PENDING_CHANGES) try: n.entry_rename('cn=' + testcase_id + 'new-4-renamed') except LDAPCursorError: pass def test_create_new_entry_valid_and_rename_after_commit(self): w = Writer(self.connection, 'inetorgperson') n = w.new('cn=' + testcase_id + 'new-5,' + test_base) n.sn = 'sn-test-5' n.postalAddress = 'postal-address-5' self.assertEqual(n.entry_status, STATUS_PENDING_CHANGES) n.entry_commit_changes() self.assertEqual(n.sn, 'sn-test-5') self.assertEqual(n.postalAddress, 'postal-address-5') self.assertEqual(n.entry_status, STATUS_COMMITTED) n.entry_rename('cn=' + testcase_id + 'new-5-renamed') self.assertEqual(n.entry_status, STATUS_READY_FOR_RENAMING) n.entry_commit_changes() self.assertEqual(n.entry_status, STATUS_COMMITTED) n.entry_delete() self.assertEqual(n.entry_status, STATUS_READY_FOR_DELETION) n.entry_commit_changes() self.assertEqual(n.entry_status, STATUS_DELETED) def test_create_new_entry_valid_and_move_before_commit(self): w = Writer(self.connection, 'inetorgperson') n = w.new('cn=' + testcase_id + 'new-6,' + test_base) n.sn = 'sn-test-6' self.assertEqual(n.entry_status, STATUS_PENDING_CHANGES) try: n.entry_move(test_moved) except LDAPCursorError: pass def test_create_new_entry_valid_and_move_after_commit(self): w = Writer(self.connection, 'inetorgperson') n = w.new('cn=' + testcase_id + 'new-7,' + test_base) n.sn = 'sn-test-7' self.assertEqual(n.entry_status, STATUS_PENDING_CHANGES) n.entry_commit_changes() self.assertEqual(n.sn, 'sn-test-7') self.assertEqual(n.entry_status, STATUS_COMMITTED) n.entry_move(test_moved) self.assertEqual(n.entry_status, STATUS_READY_FOR_MOVING) sleep(5) n.entry_commit_changes() self.assertEqual(n.entry_status, STATUS_COMMITTED) n.entry_delete() self.assertEqual(n.entry_status, STATUS_READY_FOR_DELETION) counter = 20 while counter > 0: try: n.entry_commit_changes() if n.entry_status == STATUS_DELETED: break except LDAPCursorError: pass counter -= 1 sleep(3) self.assertEqual(n.entry_status, STATUS_DELETED) def test_create_new_entry_valid_mandatory_only_case_insensitive_attribute_names(self): w = Writer(self.connection, 'inetorgperson') n = w.new('CN=' + testcase_id + 'new-8,' + test_base) n.sn = 'sn-test-8' self.assertEqual(n.entry_status, STATUS_PENDING_CHANGES) n.entry_commit_changes() self.assertEqual(n.sn, 'sn-test-8') self.assertEqual(n.entry_status, STATUS_COMMITTED) n.entry_delete() self.assertEqual(n.entry_status, STATUS_READY_FOR_DELETION) n.entry_commit_changes() self.assertEqual(n.entry_status, STATUS_DELETED) def test_modify_entry_with_attrdef_with_friendly_name(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'new-9', attributes={test_multivalued_attribute: testcase_id + 'friendly-attr-name-1'})) a = AttrDef(name=test_multivalued_attribute, key='myname') o = ObjectDef('inetorgperson') o += a r = Reader(self.connection, o, test_base, 'myname:=' + testcase_id + 'friendly*') r.search() self.assertTrue(r[0].myname, testcase_id + 'friendly-attr-name-1') w = Writer.from_cursor(r) e = w[0] e.myname += 'xyz' w.commit() self.assertTrue('xyz' in e.myname) ldap3-2.4.1/test/testAddMembersToGroups.py0000666000000000000000000003161713226436742016633 0ustar 00000000000000""" """ # Created on 2016.04.16 # # Author: Giovanni Cannata # # Copyright 2016 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from test.config import add_user, add_group, get_connection, drop_connection, random_id, test_server_type testcase_id = '' class Test(unittest.TestCase): def setUp(self): global testcase_id testcase_id = random_id() self.connection = get_connection() self.delete_at_teardown = [] def tearDown(self): drop_connection(self.connection, self.delete_at_teardown) self.assertFalse(self.connection.bound) def test_add_member_to_group(self): if test_server_type == 'EDIR' and not self.connection.strategy.pooled and not self.connection.strategy.no_real_dsa: self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'user-1')) self.delete_at_teardown.append(add_group(self.connection, testcase_id, 'group-1')) self.connection.extend.novell.add_members_to_groups(self.delete_at_teardown[0][0], self.delete_at_teardown[1][0], fix=False, transaction=False) result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', attributes=['securityEquals', 'groupMembership']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response, result = self.connection.response, self.connection.result if response: self.assertTrue(self.delete_at_teardown[1][0] in (response[0]['attributes']['securityEquals'] if 'securityEquals' in response[0]['attributes'] else [])) self.assertTrue(self.delete_at_teardown[1][0] in (response[0]['attributes']['groupMembership'] if 'groupMembership' in response[0]['attributes'] else [])) else: self.assertFalse(True, self.delete_at_teardown[1][0] + ' not found') result = self.connection.search(self.delete_at_teardown[1][0], '(objectclass=*)', attributes=['member', 'equivalentToMe']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response, result = self.connection.response, self.connection.result if response: self.assertTrue(self.delete_at_teardown[0][0] in (response[0]['attributes']['member'] if 'member' in response[0]['attributes'] else [])) self.assertTrue(self.delete_at_teardown[0][0] in (response[0]['attributes']['equivalentToMe'] if 'equivalentToMe' in response[0]['attributes'] else [])) else: self.assertFalse(True, self.delete_at_teardown[0][0] + ' not found') def test_add_members_to_groups(self): if test_server_type == 'EDIR' and not self.connection.strategy.pooled and not self.connection.strategy.no_real_dsa: self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'user-2')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'user-3')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'user-4')) self.delete_at_teardown.append(add_group(self.connection, testcase_id, 'group-2', self.delete_at_teardown)) self.delete_at_teardown.append(add_group(self.connection, testcase_id, 'group-3')) self.delete_at_teardown.append(add_group(self.connection, testcase_id, 'group-4')) self.connection.extend.novell.add_members_to_groups([self.delete_at_teardown[0][0], self.delete_at_teardown[1][0], self.delete_at_teardown[2][0]], [self.delete_at_teardown[3][0], self.delete_at_teardown[4][0], self.delete_at_teardown[5][0]], fix=True, transaction=False ) for i in range(0, 2): result = self.connection.search(self.delete_at_teardown[i][0], '(objectclass=*)', attributes=['securityEquals', 'groupMembership']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response, result = self.connection.response, self.connection.result if response: for j in range(3, 5): self.assertTrue(self.delete_at_teardown[j][0] in (response[0]['attributes']['securityEquals'] if 'securityEquals' in response[0]['attributes'] else [])) self.assertTrue(self.delete_at_teardown[j][0] in (response[0]['attributes']['groupMembership'] if 'groupMembership' in response[0]['attributes'] else [])) else: self.assertFalse(True, self.delete_at_teardown[i][0] + ' not found') for j in range(3, 5): result = self.connection.search(self.delete_at_teardown[j][0], '(objectclass=*)', attributes=['member', 'equivalentToMe']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response, result = self.connection.response, self.connection.result if response: for i in range(0, 2): self.assertTrue(self.delete_at_teardown[i][0] in (response[0]['attributes']['member'] if 'member' in response[0]['attributes'] else [])) self.assertTrue(self.delete_at_teardown[i][0] in (response[0]['attributes']['equivalentToMe'] if 'equivalentToMe' in response[0]['attributes'] else [])) else: self.assertFalse(True, self.delete_at_teardown[j][0] + ' not found') def test_add_member_to_group_transactional(self): if test_server_type == 'EDIR' and not self.connection.strategy.pooled and not self.connection.strategy.no_real_dsa: self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'user-5')) self.delete_at_teardown.append(add_group(self.connection, testcase_id, 'group-5', self.delete_at_teardown)) self.connection.extend.novell.add_members_to_groups(self.delete_at_teardown[0][0], self.delete_at_teardown[1][0], fix=True, transaction=True) result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', attributes=['securityEquals', 'groupMembership']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response, result = self.connection.response, self.connection.result if response: self.assertTrue(self.delete_at_teardown[1][0] in (response[0]['attributes']['securityEquals'] if 'securityEquals' in response[0]['attributes'] else [])) self.assertTrue(self.delete_at_teardown[1][0] in (response[0]['attributes']['groupMembership'] if 'groupMembership' in response[0]['attributes'] else [])) else: self.assertFalse(True, self.delete_at_teardown[1][0] + ' not found') result = self.connection.search(self.delete_at_teardown[1][0], '(objectclass=*)', attributes=['member', 'equivalentToMe']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response, result = self.connection.response, self.connection.result if response: self.assertTrue(self.delete_at_teardown[0][0] in (response[0]['attributes']['member'] if 'member' in response[0]['attributes'] else [])) self.assertTrue(self.delete_at_teardown[0][0] in (response[0]['attributes']['equivalentToMe'] if 'equivalentToMe' in response[0]['attributes'] else [])) else: self.assertFalse(True, self.delete_at_teardown[0][0] + ' not found') def test_add_members_to_groups_transactional(self): if test_server_type == 'EDIR' and not self.connection.strategy.pooled and not self.connection.strategy.no_real_dsa: self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'user-6')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'user-7')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'user-8')) self.delete_at_teardown.append(add_group(self.connection, testcase_id, 'group-6', self.delete_at_teardown)) # this group has members but other attributes are not set self.delete_at_teardown.append(add_group(self.connection, testcase_id, 'group-7')) self.delete_at_teardown.append(add_group(self.connection, testcase_id, 'group-8')) self.connection.extend.novell.add_members_to_groups([self.delete_at_teardown[0][0], self.delete_at_teardown[1][0], self.delete_at_teardown[2][0]], [self.delete_at_teardown[3][0], self.delete_at_teardown[4][0], self.delete_at_teardown[5][0]], fix=True, transaction=True ) for i in range(0, 2): result = self.connection.search(self.delete_at_teardown[i][0], '(objectclass=*)', attributes=['securityEquals', 'groupMembership']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response, result = self.connection.response, self.connection.result if response: for j in range(3, 5): self.assertTrue(self.delete_at_teardown[j][0] in (response[0]['attributes']['securityEquals'] if 'securityEquals' in response[0]['attributes'] else [])) self.assertTrue(self.delete_at_teardown[j][0] in (response[0]['attributes']['groupMembership'] if 'groupMembership' in response[0]['attributes'] else [])) else: self.assertFalse(True, self.delete_at_teardown[i][0] + ' not found') for j in range(3, 5): result = self.connection.search(self.delete_at_teardown[j][0], '(objectclass=*)', attributes=['member', 'equivalentToMe']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response, result = self.connection.response, self.connection.result if response: for i in range(0, 2): self.assertTrue(self.delete_at_teardown[i][0] in (response[0]['attributes']['member'] if 'member' in response[0]['attributes'] else [])) self.assertTrue(self.delete_at_teardown[i][0] in (response[0]['attributes']['equivalentToMe'] if 'equivalentToMe' in response[0]['attributes'] else [])) else: self.assertFalse(True, self.delete_at_teardown[j][0] + ' not found') ldap3-2.4.1/test/testAddOperation.py0000666000000000000000000000332213226436742015466 0ustar 00000000000000""" """ # Created on 2013.06.06 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from test.config import get_connection, drop_connection, add_user, random_id testcase_id = '' class Test(unittest.TestCase): def setUp(self): global testcase_id testcase_id = random_id() self.connection = get_connection() self.delete_at_teardown = [] def tearDown(self): drop_connection(self.connection, self.delete_at_teardown) self.assertFalse(self.connection.bound) def test_add(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'add-operation-1')) self.assertEqual('success', self.delete_at_teardown[0][1]['description']) def test_add_bytes(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'add-operation-1', test_bytes=True)) self.assertEqual('success', self.delete_at_teardown[0][1]['description']) ldap3-2.4.1/test/testBindOperation.py0000666000000000000000000001061213226436742015652 0ustar 00000000000000""" """ # Created on 2013.06.06 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from ldap3 import ANONYMOUS, SASL, NTLM, Server, Connection, EXTERNAL, DIGEST_MD5, MOCK_SYNC, MOCK_ASYNC from ldap3.core.exceptions import LDAPSocketOpenError from test.config import test_sasl_user, test_sasl_password, random_id, get_connection, drop_connection, test_sasl_realm, test_server_type, \ test_ntlm_user, test_ntlm_password, test_sasl_user_dn, test_strategy class Test(unittest.TestCase): def test_bind_cleartext(self): connection = get_connection(bind=False) connection.open() connection.bind() self.assertTrue(connection.bound) drop_connection(connection) self.assertFalse(connection.bound) def test_bind_ssl_cert_none(self): connection = get_connection(bind=False, use_ssl=True) connection.open() connection.bind() self.assertTrue(connection.bound) drop_connection(connection) self.assertFalse(connection.bound) def test_bind_anonymous(self): connection = get_connection(bind=True, lazy_connection=False, authentication=ANONYMOUS) self.assertTrue(connection.bound) drop_connection(connection) self.assertFalse(connection.bound) def test_bind_sasl_digest_md5(self): if test_server_type not in ['AD', 'SLAPD'] and test_strategy not in [MOCK_SYNC, MOCK_ASYNC]: connection = get_connection(bind=False, authentication=SASL, sasl_mechanism=DIGEST_MD5, sasl_credentials=(test_sasl_realm, test_sasl_user, test_sasl_password, None)) connection.open() connection.bind() self.assertTrue(connection.bound) if not connection.strategy.pooled: if test_server_type == 'EDIR': connected_user = connection.extend.novell.get_bind_dn() else: connected_user = str(connection.extend.standard.who_am_i()) self.assertEqual(connected_user, test_sasl_user_dn) drop_connection(connection) self.assertFalse(connection.bound) def test_ntlm(self): if test_server_type == 'AD': connection = get_connection(bind=False, authentication=NTLM, ntlm_credentials=(test_ntlm_user, test_ntlm_password)) connection.open() connection.bind() self.assertTrue(connection.bound) connected_user = str(connection.extend.standard.who_am_i())[2:] self.assertEqual(connected_user, test_ntlm_user) drop_connection(connection) self.assertFalse(connection.bound) def test_ldapi(self): if test_server_type == 'SLAPD': try: server = Server('ldapi:///var/run/slapd/ldapi') connection = Connection(server, authentication=SASL, sasl_mechanism=EXTERNAL, sasl_credentials=('',)) connection.open() connection.bind() self.assertTrue(connection.bound) except LDAPSocketOpenError: return self.assertTrue(False) def test_ldapi_encoded_url(self): if test_server_type == 'SLAPD': try: server = Server('ldapi://%2Fvar%2Frun%2Fslapd%2Fldapi') connection = Connection(server, authentication=SASL, sasl_mechanism=EXTERNAL, sasl_credentials=('',)) connection.open() connection.bind() self.assertTrue(connection.bound) except LDAPSocketOpenError: return self.assertTrue(False) ldap3-2.4.1/test/testBytesOperation.py0000666000000000000000000014266413226436742016101 0ustar 00000000000000# encoding: utf-8 """ """ # Created on 2013.06.06 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from time import sleep from ldap3 import MODIFY_REPLACE, MODIFY_ADD, LEVEL, BASE, SEQUENCE_TYPES from test.config import random_id, get_connection, add_user, drop_connection, test_singlevalued_attribute, test_multivalued_attribute, test_base, test_name_attr testcase_id = '' def make_bytes(value, encoding=None): if str is bytes: # python 2 if isinstance(value, unicode): return value.encode(encoding) else: return bytes(value) else: if isinstance(value, SEQUENCE_TYPES): return bytes(value) else: return bytes(value, encoding) def make_bytearray(value, encoding=None): if str is bytes: # python 2 if isinstance(value, unicode): return value.encode(encoding) else: return bytearray(value) else: if isinstance(value, SEQUENCE_TYPES): return bytearray(value) else: return bytearray(value, encoding) class Test(unittest.TestCase): def setUp(self): global testcase_id testcase_id = random_id() self.connection = get_connection() self.delete_at_teardown = [] def tearDown(self): drop_connection(self.connection, self.delete_at_teardown) self.assertFalse(self.connection.bound) def test_add_operation_from_bytes_literal(self): single = b'abc' multi = [b'abc', b'def'] self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'byt-1', attributes={test_singlevalued_attribute: single, test_multivalued_attribute: multi}, test_bytes=True)) self.assertEqual('success', self.delete_at_teardown[0][1]['description']) result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', BASE, attributes=[test_singlevalued_attribute, test_multivalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response self.assertEqual(len(response), 1) self.assertEqual(response[0]['raw_attributes'][test_singlevalued_attribute], [single]) self.assertEqual(sorted(response[0]['raw_attributes'][test_multivalued_attribute]), sorted(multi)) def test_add_operation_from_bytes(self): single = make_bytes('àèìòù', 'utf-8') multi = [make_bytes('àèì', 'utf-8'), make_bytes('òù', 'utf-8')] self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'byt-2', attributes={test_singlevalued_attribute: single, test_multivalued_attribute: multi}, test_bytes=True)) self.assertEqual('success', self.delete_at_teardown[0][1]['description']) result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', BASE, attributes=[test_singlevalued_attribute, test_multivalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response self.assertEqual(len(response), 1) self.assertEqual(response[0]['raw_attributes'][test_singlevalued_attribute], [single]) def test_add_operation_from_byte_values(self): if str is not bytes: # integer list to bytes works only in Python 3 single = make_bytes([195, 160, 195, 168, 195, 172, 195, 178, 195, 185]) multi = [make_bytes([195, 160, 195, 168, 195, 172]), make_bytes([195, 178, 195, 185])] self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'byt-3', attributes={test_singlevalued_attribute: single, test_multivalued_attribute: multi}, test_bytes=True)) self.assertEqual('success', self.delete_at_teardown[0][1]['description']) result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', BASE, attributes=[test_singlevalued_attribute, test_multivalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response self.assertEqual(len(response), 1) self.assertEqual(response[0]['raw_attributes'][test_singlevalued_attribute], [single]) self.assertEqual(sorted(response[0]['raw_attributes'][test_multivalued_attribute]), sorted(multi)) def test_add_operation_from_unicode_literal(self): single = make_bytes(u'\u00e0\u00e8\u00ec\u00f2\u00f9', 'utf-8') multi = [make_bytes(u'\u00e0\u00e8\u00ec', 'utf-8'), make_bytes('\u00f2\u00f9', 'utf-8')] self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'byt-4', attributes={test_singlevalued_attribute: single, test_multivalued_attribute: multi}, test_bytes=True)) self.assertEqual('success', self.delete_at_teardown[0][1]['description']) result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', BASE, attributes=[test_singlevalued_attribute, test_multivalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response self.assertEqual(len(response), 1) self.assertEqual(response[0]['raw_attributes'][test_singlevalued_attribute], [single]) self.assertEqual(sorted(response[0]['raw_attributes'][test_multivalued_attribute]), sorted(multi)) def test_add_operation_from_unicode_name(self): if str is not bytes: # works only in Python 3 single = make_bytes('\N{LATIN SMALL LETTER A WITH GRAVE}\N{LATIN SMALL LETTER E WITH GRAVE}\N{LATIN SMALL LETTER I WITH GRAVE}\N{LATIN SMALL LETTER O WITH GRAVE}\N{LATIN SMALL LETTER U WITH GRAVE}', 'utf-8') multi = [make_bytes('\N{LATIN SMALL LETTER A WITH GRAVE}\N{LATIN SMALL LETTER E WITH GRAVE}\N{LATIN SMALL LETTER I WITH GRAVE}', 'utf-8'), make_bytes('\N{LATIN SMALL LETTER O WITH GRAVE}\N{LATIN SMALL LETTER U WITH GRAVE}', 'utf-8')] self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'byt-5', attributes={test_singlevalued_attribute: single, test_multivalued_attribute: multi}, test_bytes=True)) self.assertEqual('success', self.delete_at_teardown[0][1]['description']) result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', BASE, attributes=[test_singlevalued_attribute, test_multivalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response self.assertEqual(len(response), 1) self.assertEqual(response[0]['raw_attributes'][test_singlevalued_attribute], [single]) self.assertEqual(sorted(response[0]['raw_attributes'][test_multivalued_attribute]), sorted(multi)) def test_add_operation_from_bytearray(self): single = make_bytearray('àèìòù', 'utf-8') multi = [make_bytearray('àèì', 'utf-8'), make_bytearray('òù', 'utf-8')] self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'byt-6', attributes={test_singlevalued_attribute: single, test_multivalued_attribute: multi}, test_bytes=True)) self.assertEqual('success', self.delete_at_teardown[0][1]['description']) result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', BASE, attributes=[test_singlevalued_attribute, test_multivalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response self.assertEqual(len(response), 1) self.assertEqual(response[0]['raw_attributes'][test_singlevalued_attribute], [single]) self.assertEqual(sorted(response[0]['raw_attributes'][test_multivalued_attribute]), sorted(multi)) def test_add_operation_from_bytearray_values(self): single = make_bytearray([195, 160, 195, 168, 195, 172, 195, 178, 195, 185]) multi = [make_bytearray([195, 160, 195, 168, 195, 172]), make_bytearray([195, 178, 195, 185])] self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'byt-7', attributes={test_singlevalued_attribute: single, test_multivalued_attribute: multi}, test_bytes=True)) self.assertEqual('success', self.delete_at_teardown[0][1]['description']) result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', BASE, attributes=[test_singlevalued_attribute, test_multivalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response self.assertEqual(len(response), 1) self.assertEqual(response[0]['raw_attributes'][test_singlevalued_attribute], [single]) self.assertEqual(sorted(response[0]['raw_attributes'][test_multivalued_attribute]), sorted(multi)) def test_add_operation_from_bytearray_unicode_literal(self): single = make_bytearray(u'\u00e0\u00e8\u00ec\u00f2\u00f9', 'utf-8') multi = [make_bytearray(u'\u00e0\u00e8\u00ec', 'utf-8'), make_bytearray(u'\u00f2\u00f9', 'utf-8')] self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'byt-8', attributes={test_singlevalued_attribute: single, test_multivalued_attribute: multi}, test_bytes=True)) self.assertEqual('success', self.delete_at_teardown[0][1]['description']) result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', BASE, attributes=[test_singlevalued_attribute, test_multivalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response self.assertEqual(len(response), 1) self.assertEqual(response[0]['raw_attributes'][test_singlevalued_attribute], [single]) self.assertEqual(sorted(response[0]['raw_attributes'][test_multivalued_attribute]), sorted(multi)) def test_add_operation_from_bytearray_unicode_name(self): if str is not bytes: # works only in python 3 single = make_bytearray(u'\N{LATIN SMALL LETTER A WITH GRAVE}\N{LATIN SMALL LETTER E WITH GRAVE}\N{LATIN SMALL LETTER I WITH GRAVE}\N{LATIN SMALL LETTER O WITH GRAVE}\N{LATIN SMALL LETTER U WITH GRAVE}', 'utf-8') multi = [make_bytearray(u'\N{LATIN SMALL LETTER A WITH GRAVE}\N{LATIN SMALL LETTER E WITH GRAVE}\N{LATIN SMALL LETTER I WITH GRAVE}', 'utf-8'), make_bytearray('\N{LATIN SMALL LETTER O WITH GRAVE}\N{LATIN SMALL LETTER U WITH GRAVE}', 'utf-8')] self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'byt-9', attributes={test_singlevalued_attribute: single, test_multivalued_attribute: multi}, test_bytes=True)) self.assertEqual('success', self.delete_at_teardown[0][1]['description']) result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', BASE, attributes=[test_singlevalued_attribute, test_multivalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response self.assertEqual(len(response), 1) self.assertEqual(response[0]['raw_attributes'][test_singlevalued_attribute], [single]) self.assertEqual(sorted(response[0]['raw_attributes'][test_multivalued_attribute]), sorted(multi)) def test_compare_true_operation_with_bytes(self): single = make_bytes('àèìòù', 'utf-8') self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'byt-10', attributes={test_singlevalued_attribute: single}, test_bytes=True)) self.assertEqual('success', self.delete_at_teardown[0][1]['description']) result = self.connection.compare(self.delete_at_teardown[0][0], test_singlevalued_attribute, single) if not self.connection.strategy.sync: _, result = self.connection.get_response(result) else: result = self.connection.result self.assertEqual(result['description'], 'compareTrue') def test_compare_false_operation_with_bytes(self): single = make_bytes('àèìòù', 'utf-8') self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'byt-11', attributes={test_singlevalued_attribute: single}, test_bytes=True)) self.assertEqual('success', self.delete_at_teardown[0][1]['description']) result = self.connection.compare(self.delete_at_teardown[0][0], test_singlevalued_attribute, 'invalid') if not self.connection.strategy.sync: _, result = self.connection.get_response(result) else: result = self.connection.result self.assertEqual(result['description'], 'compareFalse') def test_modify_operation_from_bytes_literal(self): single = b'abc' multi = [b'abc', b'def'] single_mod = b'cba' multi_mod = [b'cba', b'fed'] self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'byt-12', attributes={test_singlevalued_attribute: single, test_multivalued_attribute: multi}, test_bytes=True)) self.assertEqual('success', self.delete_at_teardown[0][1]['description']) result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', BASE, attributes=[test_singlevalued_attribute, test_multivalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response self.assertEqual(len(response), 1) self.assertEqual(response[0]['raw_attributes'][test_singlevalued_attribute], [single]) self.assertEqual(sorted(response[0]['raw_attributes'][test_multivalued_attribute]), sorted(multi)) self.connection.modify(self.delete_at_teardown[0][0], {test_singlevalued_attribute: (MODIFY_REPLACE, single_mod), test_multivalued_attribute: (MODIFY_ADD, multi_mod)}) if not self.connection.strategy.sync: sleep(2) result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', BASE, attributes=[test_singlevalued_attribute, test_multivalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response self.assertEqual(response[0]['raw_attributes'][test_singlevalued_attribute], [single_mod]) self.assertEqual(sorted(response[0]['raw_attributes'][test_multivalued_attribute]), sorted(multi + multi_mod)) def test_modify_operation_from_bytes(self): single = make_bytes('àèìòù', 'utf-8') multi = [make_bytes('àèì', 'utf-8'), make_bytes('òù', 'utf-8')] single_mod = make_bytes('ùòìèà', 'utf-8') multi_mod = [make_bytes('ìèà', 'utf-8'), make_bytes('ùò', 'utf-8')] self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'byt-12', attributes={test_singlevalued_attribute: single, test_multivalued_attribute: multi}, test_bytes=True)) self.assertEqual('success', self.delete_at_teardown[0][1]['description']) result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', BASE, attributes=[test_singlevalued_attribute, test_multivalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response self.assertEqual(len(response), 1) self.assertEqual(response[0]['raw_attributes'][test_singlevalued_attribute], [single]) self.assertEqual(sorted(response[0]['raw_attributes'][test_multivalued_attribute]), sorted(multi)) self.connection.modify(self.delete_at_teardown[0][0], {test_singlevalued_attribute: (MODIFY_REPLACE, single_mod), test_multivalued_attribute: (MODIFY_ADD, multi_mod)}) if not self.connection.strategy.sync: sleep(2) result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', BASE, attributes=[test_singlevalued_attribute, test_multivalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response self.assertEqual(response[0]['raw_attributes'][test_singlevalued_attribute], [single_mod]) self.assertEqual(sorted(response[0]['raw_attributes'][test_multivalued_attribute]), sorted(multi + multi_mod)) def test_modify_operation_from_byte_values(self): if str is not bytes: # integer list to bytes works only in Python 3 single = make_bytes([195, 160, 195, 168, 195, 172, 195, 178, 195, 185]) multi = [make_bytes([195, 160, 195, 168, 195, 172]), make_bytes([195, 178, 195, 185])] single_mod = make_bytes([195, 185, 195, 178, 195, 172, 195, 168, 195, 160]) multi_mod = [make_bytes([195, 172, 195, 168, 195, 160]), make_bytes([195, 185, 195, 178])] self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'byt-13', attributes={test_singlevalued_attribute: single, test_multivalued_attribute: multi}, test_bytes=True)) self.assertEqual('success', self.delete_at_teardown[0][1]['description']) result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', BASE, attributes=[test_singlevalued_attribute, test_multivalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response self.assertEqual(len(response), 1) self.assertEqual(response[0]['raw_attributes'][test_singlevalued_attribute], [single]) self.assertEqual(sorted(response[0]['raw_attributes'][test_multivalued_attribute]), sorted(multi)) self.connection.modify(self.delete_at_teardown[0][0], {test_singlevalued_attribute: (MODIFY_REPLACE, single_mod), test_multivalued_attribute: (MODIFY_ADD, multi_mod)}) if not self.connection.strategy.sync: sleep(2) result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', BASE, attributes=[test_singlevalued_attribute, test_multivalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response self.assertEqual(response[0]['raw_attributes'][test_singlevalued_attribute], [single_mod]) self.assertEqual(sorted(response[0]['raw_attributes'][test_multivalued_attribute]), sorted(multi + multi_mod)) def test_modify_operation_from_unicode_literal(self): single = make_bytes(u'\u00e0\u00e8\u00ec\u00f2\u00f9', 'utf-8') multi = [make_bytes(u'\u00e0\u00e8\u00ec', 'utf-8'), make_bytes('\u00f2\u00f9', 'utf-8')] single_mod = make_bytes(u'\u00f9\u00f2\u00ec\u00e8\u00e0', 'utf-8') multi_mod = [make_bytes(u'\u00ec\u00e8\u00e0', 'utf-8'), make_bytes('\u00f9\u00f2', 'utf-8')] self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'byt-14', attributes={test_singlevalued_attribute: single, test_multivalued_attribute: multi}, test_bytes=True)) self.assertEqual('success', self.delete_at_teardown[0][1]['description']) result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', BASE, attributes=[test_singlevalued_attribute, test_multivalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response self.assertEqual(len(response), 1) self.assertEqual(response[0]['raw_attributes'][test_singlevalued_attribute], [single]) self.assertEqual(sorted(response[0]['raw_attributes'][test_multivalued_attribute]), sorted(multi)) self.connection.modify(self.delete_at_teardown[0][0], {test_singlevalued_attribute: (MODIFY_REPLACE, single_mod), test_multivalued_attribute: (MODIFY_ADD, multi_mod)}) if not self.connection.strategy.sync: sleep(2) result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', BASE, attributes=[test_singlevalued_attribute, test_multivalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response self.assertEqual(response[0]['raw_attributes'][test_singlevalued_attribute], [single_mod]) self.assertEqual(sorted(response[0]['raw_attributes'][test_multivalued_attribute]), sorted(multi + multi_mod)) def test_modify_operation_from_unicode_name(self): if str is not bytes: # works only in Python 3 single = make_bytes('\N{LATIN SMALL LETTER A WITH GRAVE}\N{LATIN SMALL LETTER E WITH GRAVE}\N{LATIN SMALL LETTER I WITH GRAVE}\N{LATIN SMALL LETTER O WITH GRAVE}\N{LATIN SMALL LETTER U WITH GRAVE}', 'utf-8') multi = [make_bytes('\N{LATIN SMALL LETTER A WITH GRAVE}\N{LATIN SMALL LETTER E WITH GRAVE}\N{LATIN SMALL LETTER I WITH GRAVE}', 'utf-8'), make_bytes('\N{LATIN SMALL LETTER O WITH GRAVE}\N{LATIN SMALL LETTER U WITH GRAVE}', 'utf-8')] single_mod = make_bytes('\N{LATIN SMALL LETTER U WITH GRAVE}\N{LATIN SMALL LETTER O WITH GRAVE}\N{LATIN SMALL LETTER I WITH GRAVE}\N{LATIN SMALL LETTER E WITH GRAVE}\N{LATIN SMALL LETTER A WITH GRAVE}', 'utf-8') multi_mod = [make_bytes('\N{LATIN SMALL LETTER I WITH GRAVE}\N{LATIN SMALL LETTER E WITH GRAVE}\N{LATIN SMALL LETTER A WITH GRAVE}', 'utf-8'), make_bytes('\N{LATIN SMALL LETTER U WITH GRAVE}\N{LATIN SMALL LETTER O WITH GRAVE}', 'utf-8')] self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'byt-15', attributes={test_singlevalued_attribute: single, test_multivalued_attribute: multi}, test_bytes=True)) self.assertEqual('success', self.delete_at_teardown[0][1]['description']) result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', BASE, attributes=[test_singlevalued_attribute, test_multivalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response self.assertEqual(len(response), 1) self.assertEqual(response[0]['raw_attributes'][test_singlevalued_attribute], [single]) self.assertEqual(sorted(response[0]['raw_attributes'][test_multivalued_attribute]), sorted(multi)) self.connection.modify(self.delete_at_teardown[0][0], {test_singlevalued_attribute: (MODIFY_REPLACE, single_mod), test_multivalued_attribute: (MODIFY_ADD, multi_mod)}) if not self.connection.strategy.sync: sleep(2) result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', BASE, attributes=[test_singlevalued_attribute, test_multivalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response self.assertEqual(response[0]['raw_attributes'][test_singlevalued_attribute], [single_mod]) self.assertEqual(sorted(response[0]['raw_attributes'][test_multivalued_attribute]), sorted(multi + multi_mod)) def test_modify_operation_from_bytearray(self): single = make_bytearray('àèìòù', 'utf-8') multi = [make_bytearray('àèì', 'utf-8'), make_bytearray('òù', 'utf-8')] single_mod = make_bytearray('ùòìèà', 'utf-8') multi_mod = [make_bytearray('ìèà', 'utf-8'), make_bytearray('ùò', 'utf-8')] self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'byt-16', attributes={test_singlevalued_attribute: single, test_multivalued_attribute: multi}, test_bytes=True)) self.assertEqual('success', self.delete_at_teardown[0][1]['description']) result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', BASE, attributes=[test_singlevalued_attribute, test_multivalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response self.assertEqual(len(response), 1) self.assertEqual(response[0]['raw_attributes'][test_singlevalued_attribute], [single]) self.assertEqual(sorted(response[0]['raw_attributes'][test_multivalued_attribute]), sorted(multi)) self.connection.modify(self.delete_at_teardown[0][0], {test_singlevalued_attribute: (MODIFY_REPLACE, single_mod), test_multivalued_attribute: (MODIFY_ADD, multi_mod)}) if not self.connection.strategy.sync: sleep(2) result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', BASE, attributes=[test_singlevalued_attribute, test_multivalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response self.assertEqual(response[0]['raw_attributes'][test_singlevalued_attribute], [single_mod]) self.assertEqual(sorted(response[0]['raw_attributes'][test_multivalued_attribute]), sorted(multi + multi_mod)) def test_modify_operation_from_bytearray_values(self): single = make_bytearray([195, 160, 195, 168, 195, 172, 195, 178, 195, 185]) multi = [make_bytearray([195, 160, 195, 168, 195, 172]), make_bytearray([195, 178, 195, 185])] single_mod = make_bytearray([195, 185, 195, 178, 195, 172, 195, 168, 195, 160]) multi_mod = [make_bytearray([195, 172, 195, 168, 195, 160]), make_bytearray([195, 185, 195, 178])] self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'byt-17', attributes={test_singlevalued_attribute: single, test_multivalued_attribute: multi}, test_bytes=True)) self.assertEqual('success', self.delete_at_teardown[0][1]['description']) result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', BASE, attributes=[test_singlevalued_attribute, test_multivalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response self.assertEqual(len(response), 1) self.assertEqual(response[0]['raw_attributes'][test_singlevalued_attribute], [single]) self.assertEqual(sorted(response[0]['raw_attributes'][test_multivalued_attribute]), sorted(multi)) self.connection.modify(self.delete_at_teardown[0][0], {test_singlevalued_attribute: (MODIFY_REPLACE, single_mod), test_multivalued_attribute: (MODIFY_ADD, multi_mod)}) if not self.connection.strategy.sync: sleep(2) result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', BASE, attributes=[test_singlevalued_attribute, test_multivalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response self.assertEqual(response[0]['raw_attributes'][test_singlevalued_attribute], [single_mod]) self.assertEqual(sorted(response[0]['raw_attributes'][test_multivalued_attribute]), sorted(multi + multi_mod)) def test_modify_operation_from_bytearray_unicode_literal(self): single = make_bytearray(u'\u00e0\u00e8\u00ec\u00f2\u00f9', 'utf-8') multi = [make_bytearray(u'\u00e0\u00e8\u00ec', 'utf-8'), make_bytearray(u'\u00f2\u00f9', 'utf-8')] single_mod = make_bytearray(u'\u00f9\u00f2\u00ec\u00e8\u00e0', 'utf-8') multi_mod = [make_bytearray(u'\u00ec\u00e8\u00e0', 'utf-8'), make_bytearray('\u00f9\u00f2', 'utf-8')] self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'byt-18', attributes={test_singlevalued_attribute: single, test_multivalued_attribute: multi}, test_bytes=True)) self.assertEqual('success', self.delete_at_teardown[0][1]['description']) result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', BASE, attributes=[test_singlevalued_attribute, test_multivalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response self.assertEqual(len(response), 1) self.assertEqual(response[0]['raw_attributes'][test_singlevalued_attribute], [single]) self.assertEqual(sorted(response[0]['raw_attributes'][test_multivalued_attribute]), sorted(multi)) self.connection.modify(self.delete_at_teardown[0][0], {test_singlevalued_attribute: (MODIFY_REPLACE, single_mod), test_multivalued_attribute: (MODIFY_ADD, multi_mod)}) if not self.connection.strategy.sync: sleep(2) result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', BASE, attributes=[test_singlevalued_attribute, test_multivalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response self.assertEqual(response[0]['raw_attributes'][test_singlevalued_attribute], [single_mod]) self.assertEqual(sorted(response[0]['raw_attributes'][test_multivalued_attribute]), sorted(multi + multi_mod)) def test_modify_operation_from_bytearray_unicode_name(self): if str is not bytes: # works only in python 3 single = make_bytearray(u'\N{LATIN SMALL LETTER A WITH GRAVE}\N{LATIN SMALL LETTER E WITH GRAVE}\N{LATIN SMALL LETTER I WITH GRAVE}\N{LATIN SMALL LETTER O WITH GRAVE}\N{LATIN SMALL LETTER U WITH GRAVE}', 'utf-8') multi = [make_bytearray(u'\N{LATIN SMALL LETTER A WITH GRAVE}\N{LATIN SMALL LETTER E WITH GRAVE}\N{LATIN SMALL LETTER I WITH GRAVE}', 'utf-8'), make_bytearray('\N{LATIN SMALL LETTER O WITH GRAVE}\N{LATIN SMALL LETTER U WITH GRAVE}', 'utf-8')] single_mod = make_bytearray('\N{LATIN SMALL LETTER U WITH GRAVE}\N{LATIN SMALL LETTER O WITH GRAVE}\N{LATIN SMALL LETTER I WITH GRAVE}\N{LATIN SMALL LETTER E WITH GRAVE}\N{LATIN SMALL LETTER A WITH GRAVE}', 'utf-8') multi_mod = [make_bytearray('\N{LATIN SMALL LETTER I WITH GRAVE}\N{LATIN SMALL LETTER E WITH GRAVE}\N{LATIN SMALL LETTER A WITH GRAVE}', 'utf-8'), make_bytearray('\N{LATIN SMALL LETTER U WITH GRAVE}\N{LATIN SMALL LETTER O WITH GRAVE}', 'utf-8')] self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'byt-19', attributes={test_singlevalued_attribute: single, test_multivalued_attribute: multi}, test_bytes=True)) self.assertEqual('success', self.delete_at_teardown[0][1]['description']) result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', BASE, attributes=[test_singlevalued_attribute, test_multivalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response self.assertEqual(len(response), 1) self.assertEqual(response[0]['raw_attributes'][test_singlevalued_attribute], [single]) self.assertEqual(sorted(response[0]['raw_attributes'][test_multivalued_attribute]), sorted(multi)) self.connection.modify(self.delete_at_teardown[0][0], {test_singlevalued_attribute: (MODIFY_REPLACE, single_mod), test_multivalued_attribute: (MODIFY_ADD, multi_mod)}) if not self.connection.strategy.sync: sleep(2) result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', BASE, attributes=[test_singlevalued_attribute, test_multivalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response self.assertEqual(response[0]['raw_attributes'][test_singlevalued_attribute], [single_mod]) self.assertEqual(sorted(response[0]['raw_attributes'][test_multivalued_attribute]), sorted(multi + multi_mod)) def test_search_operation_from_bytes_literal(self): single = b'abc' multi = [b'abc', b'def'] self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'byt-20', attributes={test_singlevalued_attribute: single, test_multivalued_attribute: multi}, test_bytes=True)) self.assertEqual('success', self.delete_at_teardown[0][1]['description']) if str is bytes: # python 2 byte_filter = b'(&(%s=*%s*)(%s=%s))' % (make_bytes(test_name_attr, 'utf-8'), make_bytes(testcase_id, 'utf-8'), make_bytes(test_singlevalued_attribute, 'utf-8'), single) else: # byte_filter = b'(&(%b=*%b*)(%b=%b))' % (make_bytes(test_name_attr, 'utf-8'), make_bytes(testcase_id, 'utf-8'), make_bytes(test_singlevalued_attribute, 'utf-8'), single) byte_filter = b'(&(' + make_bytes(test_name_attr, 'utf-8') + b'=*' + make_bytes(testcase_id, 'utf-8') + b'*)(' + make_bytes(test_singlevalued_attribute, 'utf-8') + b'=' + single + b'))' result = self.connection.search(test_base, byte_filter, attributes=[test_singlevalued_attribute, test_multivalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response self.assertEqual(len(response), 1) self.assertEqual(response[0]['raw_attributes'][test_singlevalued_attribute], [single]) self.assertEqual(sorted(response[0]['raw_attributes'][test_multivalued_attribute]), sorted(multi)) def test_search_operation_from_bytes(self): single = make_bytes('àèìòù', 'utf-8') multi = [make_bytes('àèì', 'utf-8'), make_bytes('òù', 'utf-8')] self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'byt-21', attributes={test_singlevalued_attribute: single, test_multivalued_attribute: multi}, test_bytes=True)) self.assertEqual('success', self.delete_at_teardown[0][1]['description']) if str is bytes: # python 2 byte_filter = b'(&(%s=*%s*)(%s=%s))' % (make_bytes(test_name_attr, 'utf-8'), make_bytes(testcase_id, 'utf-8'), make_bytes(test_singlevalued_attribute, 'utf-8'), single) else: # byte_filter = b'(&(%b=*%b*)(%b=%b))' % (make_bytes(test_name_attr, 'utf-8'), make_bytes(testcase_id, 'utf-8'), make_bytes(test_singlevalued_attribute, 'utf-8'), single) byte_filter = b'(&(' + make_bytes(test_name_attr, 'utf-8') + b'=*' + make_bytes(testcase_id, 'utf-8') + b'*)(' + make_bytes(test_singlevalued_attribute, 'utf-8') + b'=' + single + b'))' result = self.connection.search(test_base, byte_filter, attributes=[test_singlevalued_attribute, test_multivalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response self.assertEqual(len(response), 1) self.assertEqual(response[0]['raw_attributes'][test_singlevalued_attribute], [single]) self.assertEqual(sorted(response[0]['raw_attributes'][test_multivalued_attribute]), sorted(multi)) def test_search_operation_from_byte_values(self): if str is not bytes: # integer list to bytes works only in Python 3 single = make_bytes([195, 160, 195, 168, 195, 172, 195, 178, 195, 185]) multi = [make_bytes([195, 160, 195, 168, 195, 172]), make_bytes([195, 178, 195, 185])] self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'byt-22', attributes={test_singlevalued_attribute: single, test_multivalued_attribute: multi}, test_bytes=True)) self.assertEqual('success', self.delete_at_teardown[0][1]['description']) # byte_filter = b'(&(%b=*%b*)(%b=%b))' % (make_bytes(test_name_attr, 'utf-8'), make_bytes(testcase_id, 'utf-8'), make_bytes(test_singlevalued_attribute, 'utf-8'), single) byte_filter = b'(&(' + make_bytes(test_name_attr, 'utf-8') + b'=*' + make_bytes(testcase_id, 'utf-8') + b'*)(' + make_bytes(test_singlevalued_attribute, 'utf-8') + b'=' + single + b'))' result = self.connection.search(test_base, byte_filter, attributes=[test_singlevalued_attribute, test_multivalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response self.assertEqual(len(response), 1) self.assertEqual(response[0]['raw_attributes'][test_singlevalued_attribute], [single]) self.assertEqual(sorted(response[0]['raw_attributes'][test_multivalued_attribute]), sorted(multi)) def test_search_operation_from_unicode_literal(self): single = make_bytes(u'\u00e0\u00e8\u00ec\u00f2\u00f9', 'utf-8') multi = [make_bytes(u'\u00e0\u00e8\u00ec', 'utf-8'), make_bytes('\u00f2\u00f9', 'utf-8')] self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'byt-23', attributes={test_singlevalued_attribute: single, test_multivalued_attribute: multi}, test_bytes=True)) self.assertEqual('success', self.delete_at_teardown[0][1]['description']) if str is bytes: # python 2 byte_filter = b'(&(%s=*%s*)(%s=%s))' % (make_bytes(test_name_attr, 'utf-8'), make_bytes(testcase_id, 'utf-8'), make_bytes(test_singlevalued_attribute, 'utf-8'), single) else: # byte_filter = b'(&(%b=*%b*)(%b=%b))' % (make_bytes(test_name_attr, 'utf-8'), make_bytes(testcase_id, 'utf-8'), make_bytes(test_singlevalued_attribute, 'utf-8'), single) byte_filter = b'(&(' + make_bytes(test_name_attr, 'utf-8') + b'=*' + make_bytes(testcase_id, 'utf-8') + b'*)(' + make_bytes(test_singlevalued_attribute, 'utf-8') + b'=' + single + b'))' result = self.connection.search(test_base, byte_filter, attributes=[test_singlevalued_attribute, test_multivalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response self.assertEqual(len(response), 1) self.assertEqual(response[0]['raw_attributes'][test_singlevalued_attribute], [single]) self.assertEqual(sorted(response[0]['raw_attributes'][test_multivalued_attribute]), sorted(multi)) def test_search_operation_from_unicode_name(self): if str is not bytes: # works only in Python 3 single = make_bytes('\N{LATIN SMALL LETTER A WITH GRAVE}\N{LATIN SMALL LETTER E WITH GRAVE}\N{LATIN SMALL LETTER I WITH GRAVE}\N{LATIN SMALL LETTER O WITH GRAVE}\N{LATIN SMALL LETTER U WITH GRAVE}', 'utf-8') multi = [make_bytes('\N{LATIN SMALL LETTER A WITH GRAVE}\N{LATIN SMALL LETTER E WITH GRAVE}\N{LATIN SMALL LETTER I WITH GRAVE}', 'utf-8'), make_bytes('\N{LATIN SMALL LETTER O WITH GRAVE}\N{LATIN SMALL LETTER U WITH GRAVE}', 'utf-8')] self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'byt-24', attributes={test_singlevalued_attribute: single, test_multivalued_attribute: multi}, test_bytes=True)) self.assertEqual('success', self.delete_at_teardown[0][1]['description']) if str is bytes: # python 2 byte_filter = b'(&(%s=*%s*)(%s=%s))' % (make_bytes(test_name_attr, 'utf-8'), make_bytes(testcase_id, 'utf-8'), make_bytes(test_singlevalued_attribute, 'utf-8'), single) else: # byte_filter = b'(&(%b=*%b*)(%b=%b))' % (make_bytes(test_name_attr, 'utf-8'), make_bytes(testcase_id, 'utf-8'), make_bytes(test_singlevalued_attribute, 'utf-8'), single) byte_filter = b'(&(' + make_bytes(test_name_attr, 'utf-8') + b'=*' + make_bytes(testcase_id, 'utf-8') + b'*)(' + make_bytes(test_singlevalued_attribute, 'utf-8') + b'=' + single + b'))' result = self.connection.search(test_base, byte_filter, attributes=[test_singlevalued_attribute, test_multivalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response self.assertEqual(len(response), 1) self.assertEqual(response[0]['raw_attributes'][test_singlevalued_attribute], [single]) self.assertEqual(sorted(response[0]['raw_attributes'][test_multivalued_attribute]), sorted(multi)) def test_search_operation_from_bytearray(self): single = make_bytearray('àèìòù', 'utf-8') multi = [make_bytearray('àèì', 'utf-8'), make_bytearray('òù', 'utf-8')] self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'byt-25', attributes={test_singlevalued_attribute: single, test_multivalued_attribute: multi}, test_bytes=True)) self.assertEqual('success', self.delete_at_teardown[0][1]['description']) if str is bytes: # python 2 byte_filter = b'(&(%s=*%s*)(%s=%s))' % (make_bytes(test_name_attr, 'utf-8'), make_bytes(testcase_id, 'utf-8'), make_bytes(test_singlevalued_attribute, 'utf-8'), single) else: # byte_filter = b'(&(%b=*%b*)(%b=%b))' % (make_bytes(test_name_attr, 'utf-8'), make_bytes(testcase_id, 'utf-8'), make_bytes(test_singlevalued_attribute, 'utf-8'), single) byte_filter = b'(&(' + make_bytes(test_name_attr, 'utf-8') + b'=*' + make_bytes(testcase_id, 'utf-8') + b'*)(' + make_bytes(test_singlevalued_attribute, 'utf-8') + b'=' + single + b'))' result = self.connection.search(test_base, byte_filter, attributes=[test_singlevalued_attribute, test_multivalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response self.assertEqual(len(response), 1) self.assertEqual(response[0]['raw_attributes'][test_singlevalued_attribute], [single]) self.assertEqual(sorted(response[0]['raw_attributes'][test_multivalued_attribute]), sorted(multi)) def test_search_operation_from_bytearray_values(self): single = make_bytearray([195, 160, 195, 168, 195, 172, 195, 178, 195, 185]) multi = [make_bytearray([195, 160, 195, 168, 195, 172]), make_bytearray([195, 178, 195, 185])] self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'byt-26', attributes={test_singlevalued_attribute: single, test_multivalued_attribute: multi}, test_bytes=True)) self.assertEqual('success', self.delete_at_teardown[0][1]['description']) if str is bytes: # python 2 byte_filter = b'(&(%s=*%s*)(%s=%s))' % (make_bytes(test_name_attr, 'utf-8'), make_bytes(testcase_id, 'utf-8'), make_bytes(test_singlevalued_attribute, 'utf-8'), single) else: # byte_filter = b'(&(%b=*%b*)(%b=%b))' % (make_bytes(test_name_attr, 'utf-8'), make_bytes(testcase_id, 'utf-8'), make_bytes(test_singlevalued_attribute, 'utf-8'), single) byte_filter = b'(&(' + make_bytes(test_name_attr, 'utf-8') + b'=*' + make_bytes(testcase_id, 'utf-8') + b'*)(' + make_bytes(test_singlevalued_attribute, 'utf-8') + b'=' + single + b'))' result = self.connection.search(test_base, byte_filter, attributes=[test_singlevalued_attribute, test_multivalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response self.assertEqual(len(response), 1) self.assertEqual(response[0]['raw_attributes'][test_singlevalued_attribute], [single]) self.assertEqual(sorted(response[0]['raw_attributes'][test_multivalued_attribute]), sorted(multi)) def test_search_operation_from_bytearray_unicode_literal(self): single = make_bytearray(u'\u00e0\u00e8\u00ec\u00f2\u00f9', 'utf-8') multi = [make_bytearray(u'\u00e0\u00e8\u00ec', 'utf-8'), make_bytearray(u'\u00f2\u00f9', 'utf-8')] self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'byt-27', attributes={test_singlevalued_attribute: single, test_multivalued_attribute: multi}, test_bytes=True)) self.assertEqual('success', self.delete_at_teardown[0][1]['description']) if str is bytes: # python 2 byte_filter = b'(&(%s=*%s*)(%s=%s))' % (make_bytes(test_name_attr, 'utf-8'), make_bytes(testcase_id, 'utf-8'), make_bytes(test_singlevalued_attribute, 'utf-8'), single) else: # byte_filter = b'(&(%b=*%b*)(%b=%b))' % (make_bytes(test_name_attr, 'utf-8'), make_bytes(testcase_id, 'utf-8'), make_bytes(test_singlevalued_attribute, 'utf-8'), single) byte_filter = b'(&(' + make_bytes(test_name_attr, 'utf-8') + b'=*' + make_bytes(testcase_id, 'utf-8') + b'*)(' + make_bytes(test_singlevalued_attribute, 'utf-8') + b'=' + single + b'))' result = self.connection.search(test_base, byte_filter, attributes=[test_singlevalued_attribute, test_multivalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response self.assertEqual(len(response), 1) self.assertEqual(response[0]['raw_attributes'][test_singlevalued_attribute], [single]) self.assertEqual(sorted(response[0]['raw_attributes'][test_multivalued_attribute]), sorted(multi)) def test_search_operation_from_bytearray_unicode_name(self): if str is not bytes: # works only in python 3 single = make_bytearray(u'\N{LATIN SMALL LETTER A WITH GRAVE}\N{LATIN SMALL LETTER E WITH GRAVE}\N{LATIN SMALL LETTER I WITH GRAVE}\N{LATIN SMALL LETTER O WITH GRAVE}\N{LATIN SMALL LETTER U WITH GRAVE}', 'utf-8') multi = [make_bytearray(u'\N{LATIN SMALL LETTER A WITH GRAVE}\N{LATIN SMALL LETTER E WITH GRAVE}\N{LATIN SMALL LETTER I WITH GRAVE}', 'utf-8'), make_bytearray('\N{LATIN SMALL LETTER O WITH GRAVE}\N{LATIN SMALL LETTER U WITH GRAVE}', 'utf-8')] self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'byt-28', attributes={test_singlevalued_attribute: single, test_multivalued_attribute: multi}, test_bytes=True)) self.assertEqual('success', self.delete_at_teardown[0][1]['description']) # byte_filter = b'(&(%b=*%b*)(%b=%b))' % (make_bytes(test_name_attr, 'utf-8'), make_bytes(testcase_id, 'utf-8'), make_bytes(test_singlevalued_attribute, 'utf-8'), single) byte_filter = b'(&(' + make_bytes(test_name_attr, 'utf-8') + b'=*' + make_bytes(testcase_id, 'utf-8') + b'*)(' + make_bytes(test_singlevalued_attribute, 'utf-8') + b'=' + single + b'))' result = self.connection.search(test_base, byte_filter, attributes=[test_singlevalued_attribute, test_multivalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response self.assertEqual(len(response), 1) self.assertEqual(response[0]['raw_attributes'][test_singlevalued_attribute], [single]) self.assertEqual(sorted(response[0]['raw_attributes'][test_multivalued_attribute]), sorted(multi)) def test_modify_operation_from_bytes_for_objectclass(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'byt-29', test_bytes=True)) self.assertEqual('success', self.delete_at_teardown[0][1]['description']) result = self.connection.modify(self.delete_at_teardown[0][0], {'objectClass': (MODIFY_REPLACE, [b'top', b'organizationalunit'])}) if not self.connection.strategy.sync: sleep(2) response, result = self.connection.get_response(result) else: result = self.connection.result self.assertTrue(result['description'], ['objectClassViolation', 'objectClassModsProhibited']) ldap3-2.4.1/test/testCaseInsensitiveDictionary.py0000666000000000000000000002226213226436742020243 0ustar 00000000000000""" """ # Created on 2014.01.12 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from ldap3.utils.ciDict import CaseInsensitiveDict class Test(unittest.TestCase): def test_create_empty_case_insensitive_dict(self): cid = CaseInsensitiveDict() self.assertTrue(isinstance(cid, CaseInsensitiveDict)) def test_create_case_insensitive_dict_from_dict(self): dic = dict() dic['ONE'] = 1 dic['TWO'] = 2 dic[3] = 3 cid = CaseInsensitiveDict(dic) self.assertEqual(cid['ONE'], 1) self.assertEqual(cid['one'], 1) self.assertEqual(cid['TWO'], 2) self.assertEqual(cid['two'], 2) self.assertEqual(cid[3], 3) def test_create_case_insensitive_dict_from_parameters(self): cid = CaseInsensitiveDict(one=1, two=2) self.assertEqual(cid['ONE'], 1) self.assertEqual(cid['one'], 1) self.assertEqual(cid['TWO'], 2) self.assertEqual(cid['two'], 2) def test_add_values_to_case_insentitive_dict(self): cid = CaseInsensitiveDict() cid['oNe'] = 1 cid['tWo'] = 2 cid[3] = 3 self.assertEqual(cid['ONE'], 1) self.assertEqual(cid['one'], 1) self.assertEqual(cid['TWO'], 2) self.assertEqual(cid['two'], 2) self.assertEqual(cid[3], 3) def test_modify_value_in_case_insentitive_dict_immmutable_key(self): cid = CaseInsensitiveDict() cid['oNe'] = 1 cid['tWo'] = 2 cid[3] = 3 self.assertEqual(cid[3], 3) cid[3] = 'Three' self.assertEqual(cid['ONE'], 1) self.assertEqual(cid['oNe'], 1) self.assertEqual(cid['TWO'], 2) self.assertEqual(cid['tWo'], 2) self.assertEqual(cid[3], 'Three') def test_modify_value_in_case_insentitive_dict_same_case_key(self): cid = CaseInsensitiveDict() cid['oNe'] = 1 cid['tWo'] = 2 cid[3] = 3 self.assertEqual(cid['ONE'], 1) self.assertEqual(cid['oNe'], 1) cid['oNe'] = 'ONE' self.assertEqual(cid['ONE'], 'ONE') self.assertEqual(cid['oNe'], 'ONE') self.assertEqual(cid['TWO'], 2) self.assertEqual(cid['two'], 2) self.assertEqual(cid[3], 3) def test_modify_value_in_case_insentitive_dict_different_case_key(self): cid = CaseInsensitiveDict() cid['oNe'] = 1 cid['tWo'] = 2 cid[3] = 3 self.assertEqual(cid['ONE'], 1) self.assertEqual(cid['oNe'], 1) cid['one'] = 'ONE' self.assertEqual(cid['ONE'], 'ONE') self.assertEqual(cid['oNe'], 'ONE') self.assertEqual(cid['TWO'], 2) self.assertEqual(cid['two'], 2) self.assertEqual(cid[3], 3) def test_delete_item_in_case_insentitive_dict_immutable_key(self): cid = CaseInsensitiveDict() cid['oNe'] = 1 cid['tWo'] = 2 cid[3] = 3 self.assertEqual(cid[3], 3) del cid[3] self.assertEqual(cid['ONE'], 1) self.assertEqual(cid['oNe'], 1) self.assertEqual(cid['TWO'], 2) self.assertEqual(cid['tWo'], 2) try: cid[3] except KeyError: self.assertTrue(True) except Exception: self.assertTrue(False) else: self.fail('key still present') def test_delete_item_in_case_insentitive_dict_same_case_key(self): cid = CaseInsensitiveDict() cid['oNe'] = 1 cid['tWo'] = 2 cid[3] = 3 self.assertEqual(cid['ONE'], 1) self.assertEqual(cid['oNe'], 1) del cid['oNe'] self.assertEqual(cid['TWO'], 2) self.assertEqual(cid['two'], 2) self.assertEqual(cid[3], 3) try: cid['oNe'] except KeyError: self.assertTrue(True) except Exception: self.assertTrue(False) else: self.fail('key still present') try: cid['ONE'] except KeyError: self.assertTrue(True) except Exception: self.assertTrue(False) else: self.fail('key still present') def test_delete_item_in_case_insentitive_dict_different_case_key(self): cid = CaseInsensitiveDict() cid['oNe'] = 1 cid['tWo'] = 2 cid[3] = 3 self.assertEqual(cid['ONE'], 1) self.assertEqual(cid['oNe'], 1) del cid['one'] self.assertEqual(cid['TWO'], 2) self.assertEqual(cid['two'], 2) self.assertEqual(cid[3], 3) try: cid['oNe'] except KeyError: self.assertTrue(True) except Exception: self.assertTrue(False) else: self.fail('key still present') try: cid['ONE'] except KeyError: self.assertTrue(True) except Exception: self.assertTrue(False) else: self.fail('key still present') def test_len_empty_case_insensitive_dict(self): cid = CaseInsensitiveDict() self.assertEqual(len(cid), 0) def test_len_case_insentitive_dict(self): cid = CaseInsensitiveDict() cid['oNe'] = 1 cid['tWo'] = 2 cid[3] = 3 self.assertEqual(len(cid), 3) cid['ONE'] = 'ONE' self.assertEqual(len(cid), 3) def test_case_insensitive_dict_contains_immutable_key(self): cid = CaseInsensitiveDict() cid['oNe'] = 1 cid['tWo'] = 2 cid[3] = 3 self.assertTrue(3 in cid) self.assertFalse('THREE' in cid) self.assertFalse(4 in cid) def test_case_insensitive_dict_contains_same_case_key(self): cid = CaseInsensitiveDict() cid['oNe'] = 1 cid['tWo'] = 2 cid[3] = 3 self.assertTrue('oNe' in cid) self.assertFalse('THREE' in cid) self.assertFalse(4 in cid) def test_case_insensitive_dict_contains_different_case_key(self): cid = CaseInsensitiveDict() cid['oNe'] = 1 cid['tWo'] = 2 cid[3] = 3 self.assertTrue('ONE' in cid) self.assertFalse('THREE' in cid) self.assertFalse(4 in cid) def test_copy_case_insensitive_dict(self): cid = CaseInsensitiveDict() cid['oNe'] = 1 cid['tWo'] = 2 cid[3] = 3 cid2 = cid.copy() self.assertEqual(cid2['ONE'], 1) self.assertEqual(cid2['one'], 1) self.assertEqual(cid2['TWO'], 2) self.assertEqual(cid2['two'], 2) self.assertEqual(cid2[3], 3) def test_equality_case_insensitive_dict_with_same_case(self): cid = CaseInsensitiveDict() cid['one'] = 1 cid['two'] = 2 cid[3] = 3 cid2 = CaseInsensitiveDict() cid2['one'] = 1 cid2['two'] = 2 cid2[3] = 3 self.assertEqual(cid, cid2) def test_equality_case_insensitive_dict_with_different_case(self): cid = CaseInsensitiveDict() cid['one'] = 1 cid['two'] = 2 cid[3] = 3 cid2 = CaseInsensitiveDict() cid2['ONE'] = 1 cid2['TWO'] = 2 cid2[3] = 3 self.assertEqual(cid, cid2) def test_equality_case_insensitive_dict_with_same_case_dict(self): cid = CaseInsensitiveDict() cid['one'] = 1 cid['two'] = 2 cid[3] = 3 dic = dict() dic['one'] = 1 dic['two'] = 2 dic[3] = 3 self.assertEqual(cid, dic) def test_equality_case_insensitive_dict_with_different_case_dict(self): cid = CaseInsensitiveDict() cid['one'] = 1 cid['two'] = 2 cid[3] = 3 dic = dict() dic['ONE'] = 1 dic['TWO'] = 2 dic[3] = 3 self.assertEqual(cid, dic) def test_preserve_key_case_case_insensitive_dict(self): cid = CaseInsensitiveDict() cid['One'] = 1 cid['Two'] = 2 cid[3] = 3 key_list = list(cid.keys()) self.assertTrue('One' in key_list) self.assertTrue('Two' in key_list) self.assertTrue(3 in key_list) self.assertFalse('ONE' in key_list) self.assertFalse('one' in key_list) self.assertFalse('TWO' in key_list) self.assertFalse('TWO' in key_list) self.assertFalse(4 in key_list) ldap3-2.4.1/test/testCaseInsensitiveWithAliasDictionary.py0000666000000000000000000011202213226436742022043 0ustar 00000000000000""" """ # Created on 2017.01.15 # # Author: Giovanni Cannata # # Copyright 2017 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from ldap3.utils.ciDict import CaseInsensitiveWithAliasDict class Test(unittest.TestCase): # these tests are the same for CaseInsensitiveDict def test_create_empty(self): cid = CaseInsensitiveWithAliasDict() self.assertTrue(isinstance(cid, CaseInsensitiveWithAliasDict)) def test_create_from_dict(self): dic = dict() dic['ONE'] = 1 dic['TWO'] = 2 dic[3] = 3 cid = CaseInsensitiveWithAliasDict(dic) self.assertEqual(cid['ONE'], 1) self.assertEqual(cid['one'], 1) self.assertEqual(cid['TWO'], 2) self.assertEqual(cid['two'], 2) self.assertEqual(cid[3], 3) def test_create_from_parameters(self): cid = CaseInsensitiveWithAliasDict(one=1, two=2) self.assertEqual(cid['ONE'], 1) self.assertEqual(cid['one'], 1) self.assertEqual(cid['TWO'], 2) self.assertEqual(cid['two'], 2) def test_add_values(self): cid = CaseInsensitiveWithAliasDict() cid['oNe'] = 1 cid['tWo'] = 2 cid[3] = 3 self.assertEqual(cid['ONE'], 1) self.assertEqual(cid['one'], 1) self.assertEqual(cid['TWO'], 2) self.assertEqual(cid['two'], 2) self.assertEqual(cid[3], 3) def test_modify_value_immutable_key(self): cid = CaseInsensitiveWithAliasDict() cid['oNe'] = 1 cid['tWo'] = 2 cid[3] = 3 self.assertEqual(cid[3], 3) cid[3] = 'Three' self.assertEqual(cid['ONE'], 1) self.assertEqual(cid['oNe'], 1) self.assertEqual(cid['TWO'], 2) self.assertEqual(cid['tWo'], 2) self.assertEqual(cid[3], 'Three') def test_modify_value_same_case_key(self): cid = CaseInsensitiveWithAliasDict() cid['oNe'] = 1 cid['tWo'] = 2 cid[3] = 3 self.assertEqual(cid['ONE'], 1) self.assertEqual(cid['oNe'], 1) cid['oNe'] = 'ONE' self.assertEqual(cid['ONE'], 'ONE') self.assertEqual(cid['oNe'], 'ONE') self.assertEqual(cid['TWO'], 2) self.assertEqual(cid['two'], 2) self.assertEqual(cid[3], 3) def test_modify_value_different_case_key(self): cid = CaseInsensitiveWithAliasDict() cid['oNe'] = 1 cid['tWo'] = 2 cid[3] = 3 self.assertEqual(cid['ONE'], 1) self.assertEqual(cid['oNe'], 1) cid['one'] = 'ONE' self.assertEqual(cid['ONE'], 'ONE') self.assertEqual(cid['oNe'], 'ONE') self.assertEqual(cid['TWO'], 2) self.assertEqual(cid['two'], 2) self.assertEqual(cid[3], 3) def test_delete_item_immutable_key(self): cid = CaseInsensitiveWithAliasDict() cid['oNe'] = 1 cid['tWo'] = 2 cid[3] = 3 self.assertEqual(cid[3], 3) del cid[3] self.assertEqual(cid['ONE'], 1) self.assertEqual(cid['oNe'], 1) self.assertEqual(cid['TWO'], 2) self.assertEqual(cid['tWo'], 2) try: cid[3] except KeyError: self.assertTrue(True) except Exception: self.assertTrue(False) else: self.fail('key still present') def test_delete_item_same_case_key(self): cid = CaseInsensitiveWithAliasDict() cid['oNe'] = 1 cid['tWo'] = 2 cid[3] = 3 self.assertEqual(cid['ONE'], 1) self.assertEqual(cid['oNe'], 1) del cid['oNe'] self.assertEqual(cid['TWO'], 2) self.assertEqual(cid['two'], 2) self.assertEqual(cid[3], 3) try: cid['oNe'] except KeyError: self.assertTrue(True) except Exception: self.assertTrue(False) else: self.fail('key still present') try: cid['ONE'] except KeyError: self.assertTrue(True) except Exception: self.assertTrue(False) else: self.fail('key still present') def test_delete_item_different_case_key(self): cid = CaseInsensitiveWithAliasDict() cid['oNe'] = 1 cid['tWo'] = 2 cid[3] = 3 self.assertEqual(cid['ONE'], 1) self.assertEqual(cid['oNe'], 1) del cid['one'] self.assertEqual(cid['TWO'], 2) self.assertEqual(cid['two'], 2) self.assertEqual(cid[3], 3) try: cid['oNe'] except KeyError: self.assertTrue(True) except Exception: self.assertTrue(False) else: self.fail('key still present') try: cid['ONE'] except KeyError: self.assertTrue(True) except Exception: self.assertTrue(False) else: self.fail('key still present') def test_len_empty(self): cid = CaseInsensitiveWithAliasDict() self.assertEqual(len(cid), 0) def test_len(self): cid = CaseInsensitiveWithAliasDict() cid['oNe'] = 1 cid['tWo'] = 2 cid[3] = 3 self.assertEqual(len(cid), 3) cid['ONE'] = 'ONE' self.assertEqual(len(cid), 3) def test_contains_immutable_key(self): cid = CaseInsensitiveWithAliasDict() cid['oNe'] = 1 cid['tWo'] = 2 cid[3] = 3 self.assertTrue(3 in cid) self.assertFalse('THREE' in cid) self.assertFalse(4 in cid) def test_contains_same_case_key(self): cid = CaseInsensitiveWithAliasDict() cid['oNe'] = 1 cid['tWo'] = 2 cid[3] = 3 self.assertTrue('oNe' in cid) self.assertFalse('THREE' in cid) self.assertFalse(4 in cid) def test_contains_different_case_key(self): cid = CaseInsensitiveWithAliasDict() cid['oNe'] = 1 cid['tWo'] = 2 cid[3] = 3 self.assertTrue('ONE' in cid) self.assertFalse('THREE' in cid) self.assertFalse(4 in cid) def test_copy(self): cid = CaseInsensitiveWithAliasDict() cid['oNe'] = 1 cid['tWo'] = 2 cid[3] = 3 cid2 = cid.copy() self.assertEqual(cid2['ONE'], 1) self.assertEqual(cid2['one'], 1) self.assertEqual(cid2['TWO'], 2) self.assertEqual(cid2['two'], 2) self.assertEqual(cid2[3], 3) def test_equality_with_same_case(self): cid = CaseInsensitiveWithAliasDict() cid['one'] = 1 cid['two'] = 2 cid[3] = 3 cid2 = CaseInsensitiveWithAliasDict() cid2['one'] = 1 cid2['two'] = 2 cid2[3] = 3 self.assertEqual(cid, cid2) def test_equality_with_different_case(self): cid = CaseInsensitiveWithAliasDict() cid['one'] = 1 cid['two'] = 2 cid[3] = 3 cid2 = CaseInsensitiveWithAliasDict() cid2['ONE'] = 1 cid2['TWO'] = 2 cid2[3] = 3 self.assertEqual(cid, cid2) def test_equality_with_same_case_dict(self): cid = CaseInsensitiveWithAliasDict() cid['one'] = 1 cid['two'] = 2 cid[3] = 3 dic = dict() dic['one'] = 1 dic['two'] = 2 dic[3] = 3 self.assertEqual(cid, dic) def test_equality_with_different_case_dict(self): cid = CaseInsensitiveWithAliasDict() cid['one'] = 1 cid['two'] = 2 cid[3] = 3 dic = dict() dic['ONE'] = 1 dic['TWO'] = 2 dic[3] = 3 self.assertEqual(cid, dic) def test_preserve_key_case(self): cid = CaseInsensitiveWithAliasDict() cid['One'] = 1 cid['Two'] = 2 cid[3] = 3 key_list = list(cid.keys()) self.assertTrue('One' in key_list) self.assertTrue('Two' in key_list) self.assertTrue(3 in key_list) self.assertFalse('ONE' in key_list) self.assertFalse('one' in key_list) self.assertFalse('TWO' in key_list) self.assertFalse('TWO' in key_list) self.assertFalse(4 in key_list) # These tests are the same tests adapted to CaseInsensitiveWithAliasDict def test_add_values(self): cid = CaseInsensitiveWithAliasDict() cid['oNe', 'oNe-A'] = 1 cid['tWo'] = 2 cid[3] = 3 self.assertEqual(cid['ONE'], 1) self.assertEqual(cid['one'], 1) self.assertEqual(cid['TWO'], 2) self.assertEqual(cid['two'], 2) self.assertEqual(cid[3], 3) self.assertEqual(cid['one-a'], 1) self.assertEqual(cid['oNe-A'], 1) def test_modify_value_in_immutable_key(self): cid = CaseInsensitiveWithAliasDict() cid['oNe'] = 1 cid['tWo'] = 2 cid[3, 4] = 3 self.assertEqual(cid[3], 3) cid[3] = 'Three' self.assertEqual(cid['ONE'], 1) self.assertEqual(cid['oNe'], 1) self.assertEqual(cid['TWO'], 2) self.assertEqual(cid['tWo'], 2) self.assertEqual(cid[3], 'Three') self.assertEqual(cid[4], 'Three') def test_modify_value_in_same_case_key(self): cid = CaseInsensitiveWithAliasDict() cid['oNe', 'oNe-A'] = 1 cid['tWo'] = 2 cid[3] = 3 self.assertEqual(cid['ONE'], 1) self.assertEqual(cid['oNe'], 1) self.assertEqual(cid['ONE-A'], 1) cid['oNe'] = 'ONE' self.assertEqual(cid['ONE'], 'ONE') self.assertEqual(cid['oNe'], 'ONE') self.assertEqual(cid['TWO'], 2) self.assertEqual(cid['two'], 2) self.assertEqual(cid[3], 3) self.assertEqual(cid['ONE-A'], 'ONE') def test_modify_value_in_different_case_key(self): cid = CaseInsensitiveWithAliasDict() cid['oNe', 'oNe-A'] = 1 cid['tWo'] = 2 cid[3] = 3 self.assertEqual(cid['ONE'], 1) self.assertEqual(cid['oNe'], 1) self.assertEqual(cid['ONE-A'], 1) cid['one'] = 'ONE' self.assertEqual(cid['ONE'], 'ONE') self.assertEqual(cid['oNe'], 'ONE') self.assertEqual(cid['TWO'], 2) self.assertEqual(cid['two'], 2) self.assertEqual(cid[3], 3) self.assertEqual(cid['ONE-A'], 'ONE') def test_delete_item_in_immutable_key(self): cid = CaseInsensitiveWithAliasDict() cid['oNe'] = 1 cid['tWo'] = 2 cid[3, 4] = 3 self.assertEqual(cid[3], 3) del cid[3] self.assertEqual(cid['ONE'], 1) self.assertEqual(cid['oNe'], 1) self.assertEqual(cid['TWO'], 2) self.assertEqual(cid['tWo'], 2) try: cid[3] except KeyError: self.assertTrue(True) except Exception: self.assertTrue(False) else: self.fail('key still present') try: cid[4] except KeyError: self.assertTrue(True) except Exception: self.assertTrue(False) else: self.fail('key still present') def test_delete_item_in_same_case_key(self): cid = CaseInsensitiveWithAliasDict() cid['oNe', 'oNe-A'] = 1 cid['tWo'] = 2 cid[3] = 3 self.assertEqual(cid['ONE'], 1) self.assertEqual(cid['oNe'], 1) self.assertEqual(cid['ONE-a'], 1) self.assertEqual(cid['oNe-a'], 1) del cid['oNe'] self.assertEqual(cid['TWO'], 2) self.assertEqual(cid['two'], 2) self.assertEqual(cid[3], 3) try: cid['oNe'] except KeyError: self.assertTrue(True) except Exception: self.fail() else: self.fail('key still present') try: cid['ONE'] except KeyError: self.assertTrue(True) except Exception: self.assertTrue(False) else: self.fail('key still present') try: cid['oNe-A'] except KeyError: self.assertTrue(True) except Exception: self.assertTrue(False) else: self.fail('key still present') try: cid['ONE-A'] except KeyError: self.assertTrue(True) except Exception: self.assertTrue(False) else: self.fail('key still present') def test_delete_item_in_different_case_key(self): cid = CaseInsensitiveWithAliasDict() cid['oNe', 'oNe-A'] = 1 cid['tWo'] = 2 cid[3] = 3 self.assertEqual(cid['ONE'], 1) self.assertEqual(cid['oNe'], 1) self.assertEqual(cid['ONE-a'], 1) self.assertEqual(cid['oNe-a'], 1) del cid['one'] self.assertEqual(cid['TWO'], 2) self.assertEqual(cid['two'], 2) self.assertEqual(cid[3], 3) try: cid['oNe'] except KeyError: self.assertTrue(True) except Exception: self.assertTrue(False) else: self.fail('key still present') try: cid['ONE'] except KeyError: self.assertTrue(True) except Exception: self.assertTrue(False) else: self.fail('key still present') try: cid['oNe-a'] except KeyError: self.assertTrue(True) except Exception: self.assertTrue(False) else: self.fail('key still present') try: cid['ONE-a'] except KeyError: self.assertTrue(True) except Exception: self.assertTrue(False) else: self.fail('key still present') def test_len(self): cid = CaseInsensitiveWithAliasDict() cid['oNe', 'oNe-A'] = 1 cid['tWo'] = 2 cid[3] = 3 self.assertEqual(len(cid), 3) cid['ONE-A'] = 'ONE' self.assertEqual(cid['ONE'], 'ONE') self.assertEqual(len(cid), 3) def test_contains_immutable_key(self): cid = CaseInsensitiveWithAliasDict() cid['oNe'] = 1 cid['tWo'] = 2 cid[3, 4] = 3 self.assertTrue(3 in cid) self.assertTrue(4 in cid) self.assertFalse('THREE' in cid) self.assertFalse(5 in cid) def test_contains_same_case_key(self): cid = CaseInsensitiveWithAliasDict() cid['oNe', 'oNe-a'] = 1 cid['tWo'] = 2 cid[3] = 3 self.assertTrue('oNe' in cid) self.assertTrue('oNe-a' in cid) self.assertFalse('THREE' in cid) self.assertFalse(4 in cid) def test_contains_different_case_key(self): cid = CaseInsensitiveWithAliasDict() cid['oNe', 'oNe-a'] = 1 cid['tWo'] = 2 cid[3] = 3 self.assertTrue('ONE' in cid) self.assertTrue('ONE-A' in cid) self.assertFalse('THREE' in cid) self.assertFalse(4 in cid) def test_copy(self): cid = CaseInsensitiveWithAliasDict() cid['oNe', 'oNe-A'] = 1 cid['tWo'] = 2 cid[3, 4] = 3 cid2 = cid.copy() self.assertEqual(cid2['ONE'], 1) self.assertEqual(cid2['one'], 1) self.assertEqual(cid2['TWO'], 2) self.assertEqual(cid2['two'], 2) self.assertEqual(cid2[3], 3) self.assertEqual(cid2['oNe-A'], 1) self.assertEqual(cid2['ONE-A'], 1) self.assertEqual(cid2[4], 3) def test_equality_with_same_case(self): cid = CaseInsensitiveWithAliasDict() cid['one', 'oNe-A'] = 1 cid['two'] = 2 cid[3] = 3 cid2 = CaseInsensitiveWithAliasDict() cid2['one'] = 1 cid2['two'] = 2 cid2[3, 4] = 3 self.assertEqual(cid, cid2) def test_equality_with_different_case(self): cid = CaseInsensitiveWithAliasDict() cid['one', 'oNe-A'] = 1 cid['two'] = 2 cid[3] = 3 cid2 = CaseInsensitiveWithAliasDict() cid2['ONE', 'ONE-A'] = 1 cid2['TWO'] = 2 cid2[3] = 3 self.assertEqual(cid, cid2) def test_equality_with_same_case_dict(self): cid = CaseInsensitiveWithAliasDict() cid['one', 'oNe-A'] = 1 cid['two'] = 2 cid[3] = 3 dic = dict() dic['one'] = 1 dic['two'] = 2 dic[3] = 3 self.assertEqual(cid, dic) def test_equality_with_different_case_dict(self): cid = CaseInsensitiveWithAliasDict() cid['one', 'oNe-A'] = 1 cid['two'] = 2 cid[3] = 3 dic = dict() dic['ONE'] = 1 dic['TWO'] = 2 dic[3] = 3 self.assertEqual(cid, dic) def test_preserve_key_case(self): cid = CaseInsensitiveWithAliasDict() cid['One', 'oNe-A'] = 1 cid['Two'] = 2 cid[3] = 3 key_list = list(cid.keys()) self.assertTrue('One' in key_list) self.assertTrue('Two' in key_list) self.assertTrue(3 in key_list) self.assertFalse('ONE' in key_list) self.assertFalse('one' in key_list) self.assertFalse('TWO' in key_list) self.assertFalse('TWO' in key_list) self.assertFalse(4 in key_list) self.assertFalse('oNe-A' in key_list) # These are specific tests for CaseInsensitiveWithAliasDict def test_add_alias_to_key_same_case(self): cid = CaseInsensitiveWithAliasDict() cid['oNe'] = 1 cid['tWo'] = 2 cid.set_alias('oNe', 'oNe-A') self.assertEqual(len(cid), 2) self.assertEqual(cid['oNe'], 1) self.assertEqual(cid['oNe-A'], 1) self.assertEqual(cid['tWo'], 2) def test_add_alias_to_key_different_case(self): cid = CaseInsensitiveWithAliasDict() cid['oNe'] = 1 cid['tWo'] = 2 cid.set_alias('ONE', 'oNe-A') self.assertEqual(len(cid), 2) self.assertEqual(cid['oNe'], 1) self.assertEqual(cid['oNe-A'], 1) self.assertEqual(cid['tWo'], 2) def test_implicit_add_multiple_aliases_to_same_key(self): cid = CaseInsensitiveWithAliasDict() cid['oNe', 'oNe-A', 'oNe-B'] = 1 cid['tWo'] = 2 self.assertEqual(len(cid), 2) self.assertEqual(cid['oNe'], 1) self.assertEqual(cid['oNe-A'], 1) self.assertEqual(cid['oNe-B'], 1) self.assertEqual(cid['tWo'], 2) def test_explicit_add_multiple_aliases_to_same_key_same_case(self): cid = CaseInsensitiveWithAliasDict() cid['oNe'] = 1 cid['tWo'] = 2 cid.set_alias('oNe', 'oNe-A') cid.set_alias('oNe', 'oNe-B') self.assertEqual(len(cid), 2) self.assertEqual(cid['oNe'], 1) self.assertEqual(cid['oNe-A'], 1) self.assertEqual(cid['oNe-B'], 1) self.assertEqual(cid['tWo'], 2) def test_explicit_add_multiple_aliases_to_same_key_different_case(self): cid = CaseInsensitiveWithAliasDict() cid['oNe'] = 1 cid['tWo'] = 2 cid.set_alias('ONE', 'oNe-A') cid.set_alias('ONE', 'oNe-B') self.assertEqual(len(cid), 2) self.assertEqual(cid['oNe'], 1) self.assertEqual(cid['oNe-A'], 1) self.assertEqual(cid['oNe-B'], 1) self.assertEqual(cid['tWo'], 2) def test_implicit_add_multiple_aliases_to_different_key(self): cid = CaseInsensitiveWithAliasDict() cid['oNe', 'oNe-A', 'oNe-B'] = 1 cid['tWo', 'tWo-A', 'tWo-B'] = 2 self.assertEqual(len(cid), 2) self.assertEqual(cid['oNe'], 1) self.assertEqual(cid['oNe-A'], 1) self.assertEqual(cid['oNe-B'], 1) self.assertEqual(cid['tWo'], 2) self.assertEqual(cid['tWo-A'], 2) self.assertEqual(cid['tWo-B'], 2) def test_explicit_add_multiple_aliases_to_different_key_same_case(self): cid = CaseInsensitiveWithAliasDict() cid['oNe'] = 1 cid['tWo'] = 2 cid.set_alias('oNe', 'oNe-A') cid.set_alias('oNe', 'oNe-B') cid.set_alias('tWo', 'tWo-A') cid.set_alias('tWo', 'tWo-B') self.assertEqual(len(cid), 2) self.assertEqual(cid['oNe'], 1) self.assertEqual(cid['oNe-A'], 1) self.assertEqual(cid['oNe-B'], 1) self.assertEqual(cid['tWo-A'], 2) self.assertEqual(cid['tWo-B'], 2) self.assertEqual(cid['tWo'], 2) def test_explicit_add_multiple_alias_to_different_key_different_case(self): cid = CaseInsensitiveWithAliasDict() cid['oNe'] = 1 cid['tWo'] = 2 cid.set_alias('ONE', 'oNe-A') cid.set_alias('ONE', 'oNe-B') cid.set_alias('TWO', 'tWo-A') cid.set_alias('TWO', 'tWo-B') self.assertEqual(len(cid), 2) self.assertEqual(cid['oNe'], 1) self.assertEqual(cid['oNe-A'], 1) self.assertEqual(cid['oNe-B'], 1) self.assertEqual(cid['tWo-A'], 2) self.assertEqual(cid['tWo-B'], 2) self.assertEqual(cid['tWo'], 2) def test_explicit_single_add_multiple_aliases_to_same_key_same_case(self): cid = CaseInsensitiveWithAliasDict() cid['oNe'] = 1 cid['tWo'] = 2 cid.set_alias('oNe', ['oNe-A', 'oNe-B']) cid.set_alias('tWo', ['tWo-A', 'tWo-B']) self.assertEqual(len(cid), 2) self.assertEqual(cid['oNe'], 1) self.assertEqual(cid['oNe-A'], 1) self.assertEqual(cid['oNe-B'], 1) self.assertEqual(cid['tWo-A'], 2) self.assertEqual(cid['tWo-B'], 2) self.assertEqual(cid['tWo'], 2) def test_explicit_add_multiple_aliases_to_same_key_different_case(self): cid = CaseInsensitiveWithAliasDict() cid['oNe'] = 1 cid['tWo'] = 2 cid.set_alias('ONE', ['oNe-A', 'oNe-B']) cid.set_alias('TWO', ['tWo-A', 'tWo-B']) self.assertEqual(len(cid), 2) self.assertEqual(cid['oNe'], 1) self.assertEqual(cid['oNe-A'], 1) self.assertEqual(cid['oNe-B'], 1) self.assertEqual(cid['tWo-A'], 2) self.assertEqual(cid['tWo-B'], 2) self.assertEqual(cid['tWo'], 2) def test_modify_value_by_key_same_case(self): cid = CaseInsensitiveWithAliasDict() cid['oNe', 'oNe-A', 'oNe-B'] = 1 cid['tWo'] = 2 cid['oNe'] = 3 self.assertEqual(len(cid), 2) self.assertEqual(cid['oNe'], 3) self.assertEqual(cid['oNe-A'], 3) self.assertEqual(cid['oNe-B'], 3) def test_modify_value_by_key_different_case(self): cid = CaseInsensitiveWithAliasDict() cid['oNe', 'oNe-A', 'oNe-B'] = 1 cid['tWo'] = 2 cid['ONE'] = 3 self.assertEqual(len(cid), 2) self.assertEqual(cid['oNe'], 3) self.assertEqual(cid['oNe-A'], 3) self.assertEqual(cid['oNe-B'], 3) def test_modify_value_by_alias_same_case(self): cid = CaseInsensitiveWithAliasDict() cid['oNe', 'oNe-A', 'oNe-B'] = 1 cid['tWo'] = 2 cid['oNe-B'] = 3 self.assertEqual(len(cid), 2) self.assertEqual(cid['oNe'], 3) self.assertEqual(cid['oNe-A'], 3) self.assertEqual(cid['oNe-B'], 3) def test_modify_value_by_alias_different_case(self): cid = CaseInsensitiveWithAliasDict() cid['oNe', 'oNe-A', 'oNe-B'] = 1 cid['tWo'] = 2 cid['ONE-A'] = 3 self.assertEqual(len(cid), 2) self.assertEqual(cid['oNe'], 3) self.assertEqual(cid['oNe-A'], 3) self.assertEqual(cid['oNe-B'], 3) def test_delete_key_same_case(self): cid = CaseInsensitiveWithAliasDict() cid['oNe', 'oNe-A', 'oNe-B'] = 1 cid['tWo'] = 2 self.assertEqual(len(cid), 2) del cid['oNe'] self.assertEqual(len(cid), 1) try: cid['oNe'] except KeyError: self.assertTrue(True) except Exception: self.assertTrue(False) else: self.fail('key still present') try: cid['oNe-A'] except KeyError: self.assertTrue(True) except Exception: self.assertTrue(False) else: self.fail('key still present') try: cid['oNe-B'] except KeyError: self.assertTrue(True) except Exception: self.assertTrue(False) else: self.fail('key still present') self.assertEqual(cid._store, dict(tWo=2)) self.assertEqual(cid._aliases, dict()) self.assertEqual(cid._alias_keymap, dict()) def test_delete_key_different_case(self): cid = CaseInsensitiveWithAliasDict() cid['oNe', 'oNe-A', 'oNe-B'] = 1 cid['tWo'] = 2 self.assertEqual(len(cid), 2) del cid['ONE'] self.assertEqual(len(cid), 1) try: cid['oNe'] except KeyError: self.assertTrue(True) except Exception: self.assertTrue(False) else: self.fail('key still present') try: cid['oNe-A'] except KeyError: self.assertTrue(True) except Exception: self.assertTrue(False) else: self.fail('key still present') try: cid['oNe-B'] except KeyError: self.assertTrue(True) except Exception: self.assertTrue(False) else: self.fail('key still present') self.assertEqual(cid._store, dict(tWo=2)) self.assertEqual(cid._aliases, dict()) self.assertEqual(cid._alias_keymap, dict()) def test_delete_alias_same_case(self): cid = CaseInsensitiveWithAliasDict() cid['oNe', 'oNe-A', 'oNe-B'] = 1 cid['tWo'] = 2 self.assertEqual(len(cid), 2) del cid['oNe-A'] self.assertEqual(len(cid), 2) self.assertEqual(cid['oNe'], 1) self.assertEqual(cid['oNe-B'], 1) try: cid['oNe-A'] except KeyError: self.assertTrue(True) except Exception: self.assertTrue(False) else: self.fail('key still present') self.assertEqual(cid._store, {'oNe': 1, 'tWo': 2}) self.assertEqual(cid._aliases, {'one-b': 'one'}) self.assertEqual(cid._alias_keymap, {'one': ['one-b']}) def test_delete_alias_different_case(self): cid = CaseInsensitiveWithAliasDict() cid['oNe', 'oNe-A', 'oNe-B'] = 1 cid['tWo'] = 2 self.assertEqual(len(cid), 2) del cid['ONE-A'] self.assertEqual(len(cid), 2) self.assertEqual(cid['oNe'], 1) self.assertEqual(cid['oNe-B'], 1) try: cid['oNe-A'] except KeyError: self.assertTrue(True) except Exception: self.assertTrue(False) else: self.fail('key still present') self.assertEqual(cid._store, {'oNe': 1, 'tWo': 2}) self.assertEqual(cid._aliases, {'one-b': 'one'}) self.assertEqual(cid._alias_keymap, {'one': ['one-b']}) def test_explicit_remove_alias_same_case(self): cid = CaseInsensitiveWithAliasDict() cid['oNe', 'oNe-A', 'oNe-B'] = 1 cid['tWo'] = 2 self.assertEqual(len(cid), 2) cid.remove_alias('oNe-A') self.assertEqual(len(cid), 2) self.assertEqual(cid['oNe'], 1) self.assertEqual(cid['oNe-B'], 1) try: cid['oNe-A'] except KeyError: self.assertTrue(True) except Exception: self.assertTrue(False) else: self.fail('key still present') self.assertEqual(cid._store, {'oNe': 1, 'tWo': 2}) self.assertEqual(cid._aliases, {'one-b': 'one'}) self.assertEqual(cid._alias_keymap, {'one': ['one-b']}) def test_explicit_remove_alias_same_case(self): cid = CaseInsensitiveWithAliasDict() cid['oNe', 'oNe-A', 'oNe-B'] = 1 cid['tWo'] = 2 self.assertEqual(len(cid), 2) cid.remove_alias('oNe-A') self.assertEqual(len(cid), 2) self.assertEqual(cid['oNe'], 1) self.assertEqual(cid['oNe-B'], 1) try: cid['oNe-A'] except KeyError: self.assertTrue(True) except Exception: self.assertTrue(False) else: self.fail('key still present') self.assertEqual(cid._store, {'oNe': 1, 'tWo': 2}) self.assertEqual(cid._aliases, {'one-b': 'one'}) self.assertEqual(cid._alias_keymap, {'one': ['one-b']}) def test_explicit_remove_alias_different_case(self): cid = CaseInsensitiveWithAliasDict() cid['oNe', 'oNe-A', 'oNe-B'] = 1 cid['tWo'] = 2 self.assertEqual(len(cid), 2) cid.remove_alias('ONE-A') self.assertEqual(len(cid), 2) self.assertEqual(cid['oNe'], 1) self.assertEqual(cid['oNe-B'], 1) try: cid['oNe-A'] except KeyError: self.assertTrue(True) except Exception: self.assertTrue(False) else: self.fail('key still present') self.assertEqual(cid._store, {'oNe': 1, 'tWo': 2}) self.assertEqual(cid._aliases, {'one-b': 'one'}) self.assertEqual(cid._alias_keymap, {'one': ['one-b']}) def test_explicit_single_remove_aliases_same_case(self): cid = CaseInsensitiveWithAliasDict() cid['oNe', 'oNe-A', 'oNe-B'] = 1 cid['tWo'] = 2 self.assertEqual(len(cid), 2) cid.remove_alias(['oNe-A', 'oNe-B']) self.assertEqual(len(cid), 2) self.assertEqual(cid['oNe'], 1) try: cid['oNe-A'] except KeyError: self.assertTrue(True) except Exception: self.assertTrue(False) else: self.fail('key still present') try: cid['oNe-B'] except KeyError: self.assertTrue(True) except Exception: self.assertTrue(False) else: self.fail('key still present') self.assertEqual(cid._store, {'oNe': 1, 'tWo': 2}) self.assertEqual(cid._aliases, {}) self.assertEqual(cid._alias_keymap, {}) def test_explicit_single_remove_aliases_different_case(self): cid = CaseInsensitiveWithAliasDict() cid['oNe', 'oNe-A', 'oNe-B'] = 1 cid['tWo'] = 2 self.assertEqual(len(cid), 2) cid.remove_alias(['ONE-A', 'ONE-B']) self.assertEqual(len(cid), 2) self.assertEqual(cid['oNe'], 1) try: cid['oNe-A'] except KeyError: self.assertTrue(True) except Exception: self.assertTrue(False) try: cid['oNe-B'] except KeyError: self.assertTrue(True) except Exception: self.assertTrue(False) self.assertEqual(cid._store, {'oNe': 1, 'tWo': 2}) self.assertEqual(cid._aliases, {}) self.assertEqual(cid._alias_keymap, {}) def test_add_same_alias_twice_to_same_key_same_case(self): cid = CaseInsensitiveWithAliasDict() try: cid['oNe', 'oNe-A', 'oNe-A'] = 1 except KeyError: self.assertTrue(True) except Exception: self.fail('wrong exception') else: self.fail('double alias') self.assertEqual(cid._store, {'oNe': 1}) self.assertEqual(cid._aliases, {'one-a': 'one'}) self.assertEqual(cid._alias_keymap, {'one': ['one-a']}) def test_add_same_alias_twice_to_same_key_different_case(self): cid = CaseInsensitiveWithAliasDict() try: cid['oNe', 'oNe-A', 'ONE-A'] = 1 except KeyError: self.assertTrue(True) except Exception: self.fail('wrong exception') else: self.fail('double alias') self.assertEqual(cid._store, {'oNe': 1}) self.assertEqual(cid._aliases, {'one-a': 'one'}) self.assertEqual(cid._alias_keymap, {'one': ['one-a']}) def test_explicit_add_same_alias_twice_to_same_key_same_case(self): cid = CaseInsensitiveWithAliasDict() cid['oNe'] = 1 try: cid.set_alias('oNe', ['oNe-A', 'oNe-A']) except KeyError: self.assertTrue(True) except Exception: self.fail('wrong exception') else: self.fail('double alias') self.assertEqual(cid._store, {'oNe': 1}) self.assertEqual(cid._aliases, {'one-a': 'one'}) self.assertEqual(cid._alias_keymap, {'one': ['one-a']}) def test_explicit_add_same_alias_twice_to_same_key_different_case(self): cid = CaseInsensitiveWithAliasDict() cid['oNe'] = 1 try: cid.set_alias('ONE', ['oNe-A', 'ONE-A']) except KeyError: self.assertTrue(True) except Exception: self.fail('wrong exception') else: self.fail('double alias') self.assertEqual(cid._store, {'oNe': 1}) self.assertEqual(cid._aliases, {'one-a': 'one'}) self.assertEqual(cid._alias_keymap, {'one': ['one-a']}) def test_add_same_alias_to_different_key_same_case(self): cid = CaseInsensitiveWithAliasDict() cid['oNe', 'oNe-A'] = 1 try: cid['tWo', 'oNe-A'] = 2 except KeyError: self.assertTrue(True) except Exception: self.fail('wrong exception') else: self.fail('double alias') self.assertEqual(cid._store, {'oNe': 1, 'tWo': 2}) self.assertEqual(cid._aliases, {'one-a': 'one'}) self.assertEqual(cid._alias_keymap, {'one': ['one-a']}) def test_add_same_alias_to_different_key_different_case(self): cid = CaseInsensitiveWithAliasDict() cid['oNe', 'oNe-A'] = 1 try: cid['tWo', 'ONE-A'] = 2 except KeyError: self.assertTrue(True) except Exception: self.fail('wrong exception') else: self.fail('double alias') self.assertEqual(cid._store, {'oNe': 1, 'tWo': 2}) self.assertEqual(cid._aliases, {'one-a': 'one'}) self.assertEqual(cid._alias_keymap, {'one': ['one-a']}) def test_explicit_add_same_alias_to_different_key_same_case(self): cid = CaseInsensitiveWithAliasDict() cid['oNe', 'oNe-A'] = 1 cid['tWo'] = 2 try: cid.set_alias('tWo', 'oNe-A') except KeyError: self.assertTrue(True) except Exception: self.fail('wrong exception') else: self.fail('double alias') self.assertEqual(cid._store, {'oNe': 1, 'tWo': 2}) self.assertEqual(cid._aliases, {'one-a': 'one'}) self.assertEqual(cid._alias_keymap, {'one': ['one-a']}) def test_explicit_add_same_alias_to_different_key_different_case(self): cid = CaseInsensitiveWithAliasDict() cid['oNe', 'oNe-A'] = 1 cid['tWo'] = 2 try: cid.set_alias('TWO', 'ONE-A') except KeyError: self.assertTrue(True) except Exception: self.fail('wrong exception') else: self.fail('double alias') self.assertEqual(cid._store, {'oNe': 1, 'tWo': 2}) self.assertEqual(cid._aliases, {'one-a': 'one'}) self.assertEqual(cid._alias_keymap, {'one': ['one-a']}) def test_explicit_add_alias_to_unexistent_key(self): cid = CaseInsensitiveWithAliasDict() cid['oNe', 'oNe-A'] = 1 cid['tWo'] = 2 try: cid.set_alias('THREE', 'THREE-A') except KeyError: self.assertTrue(True) except Exception: self.fail('wrong exception') else: # self.fail('double alias') pass self.assertEqual(cid._store, {'oNe': 1, 'tWo': 2}) self.assertEqual(cid._aliases, {'one-a': 'one'}) self.assertEqual(cid._alias_keymap, {'one': ['one-a']}) ldap3-2.4.1/test/testCheckedAttributes.py0000666000000000000000000001155413226436742016520 0ustar 00000000000000""" """ # Created on 2014.07.14 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from ldap3 import ALL from test.config import test_base, test_name_attr, random_id, get_connection, add_user, drop_connection, test_int_attr, test_server_type testcase_id = '' class Test(unittest.TestCase): def setUp(self): global testcase_id testcase_id = random_id() self.connection = get_connection(check_names=True, get_info=ALL) self.delete_at_teardown = [] if test_server_type == 'EDIR': self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'chk-1', attributes={'loginGraceLimit': 0})) elif test_server_type == 'AD': self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'chk-1')) else: self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'chk-1')) def tearDown(self): drop_connection(self.connection, self.delete_at_teardown) self.assertFalse(self.connection.bound) def test_search_checked_attributes(self): result = self.connection.search(search_base=test_base, search_filter='(' + test_name_attr + '=' + testcase_id + 'chk-1*)', attributes=[test_name_attr, 'sn', test_int_attr]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response result = self.connection.result self.assertEqual(result['description'], 'success') self.assertEqual(len(response), 1) if test_server_type == 'AD': self.assertEqual(response[0]['attributes']['sn'], 'chk-1') # sn is single-value in Active Directory else: self.assertEqual(response[0]['attributes']['sn'][0], 'chk-1') self.assertEqual(response[0]['attributes'][test_int_attr], 0) if str != bytes: # python3 self.assertTrue(isinstance(response[0]['attributes']['sn'][0], str)) else: # python2 self.assertTrue(isinstance(response[0]['attributes']['sn'][0], unicode)) self.assertTrue(isinstance(response[0]['attributes'][test_int_attr], int)) def test_custom_formatter(self): def to_upper(byte_value): if str != bytes: # python 3 return str(byte_value, encoding='UTF-8').upper() else: return unicode(byte_value, encoding='UTF-8').upper() if str != bytes: # python3 formatter = {'cn': to_upper, # name to upper '2.5.4.4': lambda v: str(v, encoding='UTF-8')[::-1], # sn reversed '1.3.6.1.4.1.1466.115.121.1.27': lambda v: int(v) + 1000} # integer syntax incremented by 1000 else: formatter = {'cn': to_upper, # name to upper '2.5.4.4': lambda v: unicode(v, encoding='UTF-8')[::-1], # sn reversed '1.3.6.1.4.1.1466.115.121.1.27': lambda v: int(v) + 1000} # integer syntax incremented by 1000 self.connection.server.custom_formatter = formatter result = self.connection.search(search_base=test_base, search_filter='(' + test_name_attr + '=' + testcase_id + 'chk-1*)', attributes=[test_name_attr, 'sn', test_int_attr]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response result = self.connection.result self.assertEqual(result['description'], 'success') self.assertEqual(len(response), 1) if test_server_type == 'AD': self.assertTrue('CHK-1' in response[0]['attributes']['cn']) # cn is single-valued in Active Directory self.assertEqual(response[0]['attributes']['sn'], '1-khc') # sn is single-valued in Active Directory else: self.assertTrue('CHK-1' in response[0]['attributes']['cn'][0]) self.assertEqual(response[0]['attributes']['sn'][0], '1-khc') self.assertEqual(response[0]['attributes'][test_int_attr], 1000) ldap3-2.4.1/test/testCheckGroupMembership.py0000666000000000000000000002125413226436742017167 0ustar 00000000000000""" """ # Created on 2016.05.14 # # Author: Giovanni Cannata # # Copyright 2016 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from test.config import add_user, add_group, get_connection, drop_connection, random_id, test_server_type testcase_id = '' class Test(unittest.TestCase): def setUp(self): global testcase_id testcase_id = random_id() self.connection = get_connection() self.delete_at_teardown = [] def tearDown(self): drop_connection(self.connection, self.delete_at_teardown) self.assertFalse(self.connection.bound) def test_check_group_membership(self): if test_server_type == 'EDIR' and not self.connection.strategy.pooled and not self.connection.strategy.no_real_dsa: self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'user-1')) self.delete_at_teardown.append(add_group(self.connection, testcase_id, 'group-1')) self.delete_at_teardown.append(add_group(self.connection, testcase_id, 'group-2')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'user-2')) self.connection.extend.novell.add_members_to_groups(self.delete_at_teardown[0][0], self.delete_at_teardown[1][0], fix=True, transaction=True) # valid user in valid group result = self.connection.extend.novell.check_groups_memberships(self.delete_at_teardown[0][0], self.delete_at_teardown[1][0]) self.assertTrue(result) # invalid user in valid group result = self.connection.extend.novell.check_groups_memberships(self.delete_at_teardown[3][0], self.delete_at_teardown[1][0]) self.assertFalse(result) # invalid user in invalid group result = self.connection.extend.novell.check_groups_memberships(self.delete_at_teardown[0][0], self.delete_at_teardown[2][0]) self.assertFalse(result) def test_check_groups_membership(self): if test_server_type == 'EDIR' and not self.connection.strategy.pooled and not self.connection.strategy.no_real_dsa: self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'user-1')) self.delete_at_teardown.append(add_group(self.connection, testcase_id, 'group-1')) self.delete_at_teardown.append(add_group(self.connection, testcase_id, 'group-2')) self.delete_at_teardown.append(add_group(self.connection, testcase_id, 'group-3')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'user-2')) self.connection.extend.novell.add_members_to_groups(self.delete_at_teardown[0][0], (self.delete_at_teardown[1][0], self.delete_at_teardown[2][0]), fix=True, transaction=True) # valid user in valid groups result = self.connection.extend.novell.check_groups_memberships(self.delete_at_teardown[0][0], (self.delete_at_teardown[1][0], self.delete_at_teardown[2][0])) self.assertTrue(result) # invalid user in valid groups result = self.connection.extend.novell.check_groups_memberships(self.delete_at_teardown[4][0], (self.delete_at_teardown[1][0], self.delete_at_teardown[2][0])) self.assertFalse(result) # invalid user in invalid groups result = self.connection.extend.novell.check_groups_memberships(self.delete_at_teardown[0][0], (self.delete_at_teardown[1][0], self.delete_at_teardown[3][0])) self.assertFalse(result) def test_check_group_memberships(self): if test_server_type == 'EDIR' and not self.connection.strategy.pooled and not self.connection.strategy.no_real_dsa: self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'user-1')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'user-2')) self.delete_at_teardown.append(add_group(self.connection, testcase_id, 'group-1')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'user-3')) self.delete_at_teardown.append(add_group(self.connection, testcase_id, 'group-2')) self.connection.extend.novell.add_members_to_groups((self.delete_at_teardown[0][0], self.delete_at_teardown[1][0]), self.delete_at_teardown[2][0], fix=True, transaction=True) # valid users in valid group result = self.connection.extend.novell.check_groups_memberships((self.delete_at_teardown[0][0], self.delete_at_teardown[1][0]), self.delete_at_teardown[2][0]) self.assertTrue(result) # invalid users in valid group result = self.connection.extend.novell.check_groups_memberships((self.delete_at_teardown[0][0], self.delete_at_teardown[3][0]), self.delete_at_teardown[2][0]) self.assertFalse(result) # invalid users in invalid group result = self.connection.extend.novell.check_groups_memberships((self.delete_at_teardown[0][0], self.delete_at_teardown[3][0]), self.delete_at_teardown[4][0]) self.assertFalse(result) def test_check_groups_memberships(self): if test_server_type == 'EDIR' and not self.connection.strategy.pooled and not self.connection.strategy.no_real_dsa: self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'user-1')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'user-2')) self.delete_at_teardown.append(add_group(self.connection, testcase_id, 'group-1')) self.delete_at_teardown.append(add_group(self.connection, testcase_id, 'group-2')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'user-3')) self.delete_at_teardown.append(add_group(self.connection, testcase_id, 'group-3')) self.connection.extend.novell.add_members_to_groups((self.delete_at_teardown[0][0], self.delete_at_teardown[1][0]), self.delete_at_teardown[2][0], fix=True, transaction=True) self.connection.extend.novell.add_members_to_groups((self.delete_at_teardown[0][0], self.delete_at_teardown[1][0]), self.delete_at_teardown[3][0], fix=True, transaction=True) # valid users in valid groups result = self.connection.extend.novell.check_groups_memberships((self.delete_at_teardown[0][0], self.delete_at_teardown[1][0]), (self.delete_at_teardown[2][0],self.delete_at_teardown[3][0])) self.assertTrue(result) # invalid users in valid groups result = self.connection.extend.novell.check_groups_memberships((self.delete_at_teardown[0][0], self.delete_at_teardown[3][0]), (self.delete_at_teardown[2][0],self.delete_at_teardown[3][0])) self.assertFalse(result) # invalid users in invalid groups result = self.connection.extend.novell.check_groups_memberships((self.delete_at_teardown[0][0], self.delete_at_teardown[4][0]), (self.delete_at_teardown[2][0], self.delete_at_teardown[5][0])) self.assertFalse(result) ldap3-2.4.1/test/testCheckNamesFalse.py0000666000000000000000000000732713230275616016076 0ustar 00000000000000""" """ # Created on 2014.05.01 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from ldap3 import ALL from ldap3.core.exceptions import LDAPAttributeError, LDAPObjectClassError from test.config import test_base, generate_dn, test_name_attr, random_id, get_connection, add_user, drop_connection testcase_id = '' class Test(unittest.TestCase): def setUp(self): global testcase_id testcase_id = random_id() self.connection = get_connection(check_names=False, get_info=ALL) self.delete_at_teardown = [] def tearDown(self): drop_connection(self.connection, self.delete_at_teardown) self.assertFalse(self.connection.bound) def test_wrong_assertion(self): if not self.connection.strategy.pooled: self.connection.search(search_base=test_base, search_filter='(xxx=yyy)', attributes=[test_name_attr]) def test_wrong_attribute(self): if not self.connection.strategy.pooled: self.assertRaises(LDAPAttributeError, self.connection.search, search_base=test_base, search_filter='(cn=yyy)', attributes=[test_name_attr, 'xxx']) def test_wrong_object_class_add(self): if not self.connection.strategy.pooled: self.connection.add(generate_dn(test_base, testcase_id, 'test-add-operation-wrong'), 'inetOrgPerson', {'objectClass': ['inetOrgPerson', 'xxx'], 'sn': 'test-add', test_name_attr: 'test-add-operation'}) def test_valid_assertion(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'chk-1')) result = self.connection.search(search_base=test_base, search_filter='(' + test_name_attr + '=' + testcase_id + 'chk-1)', attributes=[test_name_attr]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response result = self.connection.result self.assertEqual(result['description'], 'success') self.assertEqual(len(response), 1) def test_valid_attribute(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'chk-2', attributes={'givenName': 'given-name-2'})) result = self.connection.search(search_base=test_base, search_filter='(' + test_name_attr + '=' + testcase_id + 'chk-2)', attributes=[test_name_attr, 'givenName']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response result = self.connection.result self.assertEqual(result['description'], 'success') self.assertEqual(len(response), 1) def test_valid_object_class_add(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'chk-3', attributes={'objectClass': ['inetOrgPerson', 'Person']})) self.assertEqual(self.delete_at_teardown[0][1]['description'], 'success') ldap3-2.4.1/test/testCheckNamesTrue.py0000666000000000000000000000744613226436742015771 0ustar 00000000000000""" """ # Created on 2014.05.01 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from ldap3 import ALL from ldap3.core.exceptions import LDAPAttributeError, LDAPObjectClassError from test.config import test_base, generate_dn, test_name_attr, random_id, get_connection, add_user, drop_connection testcase_id = '' class Test(unittest.TestCase): def setUp(self): global testcase_id testcase_id = random_id() self.connection = get_connection(check_names=True, get_info=ALL) self.delete_at_teardown = [] def tearDown(self): drop_connection(self.connection, self.delete_at_teardown) self.assertFalse(self.connection.bound) def test_wrong_assertion(self): if not self.connection.strategy.pooled: self.assertRaises(LDAPAttributeError, self.connection.search, search_base=test_base, search_filter='(xxx=yyy)', attributes=[test_name_attr]) def test_wrong_attribute(self): if not self.connection.strategy.pooled: self.assertRaises(LDAPAttributeError, self.connection.search, search_base=test_base, search_filter='(cn=yyy)', attributes=[test_name_attr, 'xxx']) def test_wrong_object_class_add(self): if not self.connection.strategy.pooled: self.assertRaises(LDAPObjectClassError, self.connection.add, generate_dn(test_base, testcase_id, 'test-add-operation-wrong'), 'inetOrgPerson', {'objectClass': ['inetOrgPerson', 'xxx'], 'sn': 'test-add', test_name_attr: 'test-add-operation'}) def test_valid_assertion(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'chk-1')) result = self.connection.search(search_base=test_base, search_filter='(' + test_name_attr + '=' + testcase_id + 'chk-1)', attributes=[test_name_attr]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response result = self.connection.result self.assertEqual(result['description'], 'success') self.assertEqual(len(response), 1) def test_valid_attribute(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'chk-2', attributes={'givenName': 'given-name-2'})) result = self.connection.search(search_base=test_base, search_filter='(' + test_name_attr + '=' + testcase_id + 'chk-2)', attributes=[test_name_attr, 'givenName']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response result = self.connection.result self.assertEqual(result['description'], 'success') self.assertEqual(len(response), 1) def test_valid_object_class_add(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'chk-3', attributes={'objectClass': ['inetOrgPerson', 'Person']})) self.assertEqual(self.delete_at_teardown[0][1]['description'], 'success') ldap3-2.4.1/test/testCompareOperation.py0000666000000000000000000000515213226436742016367 0ustar 00000000000000""" """ # Created on 2013.06.06 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from test.config import random_id, get_connection, drop_connection, add_user testcase_id = '' class Test(unittest.TestCase): def setUp(self): global testcase_id testcase_id = random_id() self.connection = get_connection(check_names=True) self.delete_at_teardown = [] self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'compare-1', attributes={'givenName': 'compare'})) def tearDown(self): drop_connection(self.connection, self.delete_at_teardown) self.assertFalse(self.connection.bound) def test_compare_true(self): result = self.connection.compare(self.delete_at_teardown[0][0], 'givenName', 'compare') if not self.connection.strategy.sync: _, result = self.connection.get_response(result) else: result = self.connection.result self.assertEqual(result['description'], 'compareTrue') def test_compare_true_with_get_request(self): result = self.connection.compare(self.delete_at_teardown[0][0], 'givenName', 'compare') if not self.connection.strategy.sync: _, result, request = self.connection.get_response(result, get_request=True) self.assertEqual(request['type'], 'compareRequest') else: result = self.connection.result self.assertEqual(result['description'], 'compareTrue') def test_compare_false(self): result = self.connection.compare(self.delete_at_teardown[0][0], 'givenName', 'error') if not self.connection.strategy.sync: _, result = self.connection.get_response(result) else: result = self.connection.result self.assertEqual(result['description'], 'compareFalse') ldap3-2.4.1/test/testConnection.py0000666000000000000000000000532213226436742015216 0ustar 00000000000000""" """ # Created on 2014.02.02 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from test.config import get_connection, drop_connection class Test(unittest.TestCase): def setUp(self): self.connection = get_connection(bind=False) def tearDown(self): drop_connection(self.connection) self.assertFalse(self.connection.bound) def test_open_connection(self): self.connection.open() self.assertEqual(self.connection.closed, False) self.connection.unbind() if self.connection.strategy.pooled: self.connection.strategy.terminate() self.assertEqual(self.connection.closed, True) self.assertEqual(self.connection.bound, False) def test_bind_connection(self): self.connection.open() self.assertEqual(self.connection.closed, False) self.connection.bind() self.assertEqual(self.connection.bound, True) self.connection.unbind() if self.connection.strategy.pooled: self.connection.strategy.terminate() self.assertEqual(self.connection.closed, True) self.assertEqual(self.connection.bound, False) def test_connection_in_context(self): with self.connection: self.assertEqual(self.connection.closed, False) self.assertEqual(self.connection.bound, True) if self.connection.strategy.pooled: self.connection.strategy.terminate() self.assertEqual(self.connection.closed, True) self.assertEqual(self.connection.bound, False) def test_connection_in_context_with_as(self): with self.connection as c: self.assertEqual(c.closed, False) self.assertEqual(c.bound, True) if self.connection.strategy.pooled: self.connection.strategy.terminate() self.assertEqual(self.connection.closed, True) self.assertEqual(self.connection.bound, False) ldap3-2.4.1/test/testControls.py0000666000000000000000000000454513226436742014730 0ustar 00000000000000""" """ # Created on 2013.07.31 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from test.config import test_base, random_id, get_connection, drop_connection, add_user, test_server_type, test_name_attr testcase_id = '' class Test(unittest.TestCase): def setUp(self): global testcase_id testcase_id = random_id() self.connection = get_connection() self.delete_at_teardown = [] self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'controls-1', attributes={'givenName': 'given name-1'})) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'controls-2', attributes={'givenName': 'given name-2'})) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'controls-3', attributes={'givenName': 'given name-3'})) def tearDown(self): drop_connection(self.connection, self.delete_at_teardown) self.assertFalse(self.connection.bound) def test_search_with_controls(self): if test_server_type == 'EDIR': controls = list() controls.append(('2.16.840.1.113719.1.27.103.7', True, 'sn')) # grouping [Novell] result = self.connection.search(test_base, '(' + test_name_attr + '=' + testcase_id + 'controls-*)', attributes=['sn', 'givenName'], controls=controls) if not self.connection.strategy.sync: _, result = self.connection.get_response(result) else: result = self.connection.result self.assertTrue(result['description'] in ['success', 'operationsError']) ldap3-2.4.1/test/testDeleteOperation.py0000666000000000000000000000452013226436742016201 0ustar 00000000000000""" """ # Created on 2013.06.06 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from test.config import random_id, get_connection, drop_connection, add_user testcase_id = '' class Test(unittest.TestCase): def setUp(self): global testcase_id testcase_id = random_id() self.connection = get_connection(check_names=True) self.delete_at_teardown = [] self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'delete-1')) def tearDown(self): drop_connection(self.connection, self.delete_at_teardown) self.assertFalse(self.connection.bound) def test_delete(self): result = self.connection.delete(self.delete_at_teardown[0][0]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: result = self.connection.result self.assertEqual(result['description'], 'success') self.delete_at_teardown = [] # remove object from delete list if delete is successful def test_delete_with_get_request(self): result = self.connection.delete(self.delete_at_teardown[0][0]) if not self.connection.strategy.sync: response, result, request = self.connection.get_response(result, get_request=True) self.assertEqual(request['type'], 'delRequest') else: result = self.connection.result self.assertEqual(result['description'], 'success') self.delete_at_teardown = [] # remove object from delete list if delete is successful ldap3-2.4.1/test/testDnParsing.py0000666000000000000000000001102613226436742015002 0ustar 00000000000000""" """ # Created on 2014.09.15 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from ldap3.utils.dn import parse_dn as p class Test(unittest.TestCase): def test_parse_dn_single(self): parsed = p('cn=admin') self.assertEqual(len(parsed), 1) self.assertEqual(parsed[0], ('cn', 'admin', '')) def test_parse_dn_double(self): parsed = p('cn=user1,o=users') self.assertEqual(len(parsed), 2) self.assertEqual(parsed[0], ('cn', 'user1', ',')) self.assertEqual(parsed[1], ('o', 'users', '')) def test_parse_dn_multi(self): parsed = p('cn=user1,ou=users,dc=branch,dc=company,c=IT') self.assertEqual(len(parsed), 5) self.assertEqual(parsed[0], ('cn', 'user1', ',')) self.assertEqual(parsed[1], ('ou', 'users', ',')) self.assertEqual(parsed[2], ('dc', 'branch', ',')) self.assertEqual(parsed[3], ('dc', 'company', ',')) self.assertEqual(parsed[4], ('c', 'IT', '')) def test_parse_dn_multi_type(self): parsed = p('cn=user1+sn=surname1,o=users') self.assertEqual(len(parsed), 3) self.assertEqual(parsed[0], ('cn', 'user1', '+')) self.assertEqual(parsed[1], ('sn', 'surname1', ',')) self.assertEqual(parsed[2], ('o', 'users', '')) def test_parse_dn_escaped_single(self): parsed = p('cn=admi\\,n') self.assertEqual(len(parsed), 1) self.assertEqual(parsed[0], ('cn', 'admi\\,n', '')) def test_parse_dn_escaped_double(self): parsed = p('cn=us\\=er1,o=us\\,ers') self.assertEqual(len(parsed), 2) self.assertEqual(parsed[0], ('cn', 'us\\=er1', ',')) self.assertEqual(parsed[1], ('o', 'us\\,ers', '')) def test_parse_dn_escaped_multi(self): parsed = p('cn=us\\,er1,ou=us\\08ers,dc=br\\,anch,dc=company,c=IT') self.assertEqual(len(parsed), 5) self.assertEqual(parsed[0], ('cn', 'us\\,er1', ',')) self.assertEqual(parsed[1], ('ou', 'us\\08ers', ',')) self.assertEqual(parsed[2], ('dc', 'br\\,anch', ',')) self.assertEqual(parsed[3], ('dc', 'company', ',')) self.assertEqual(parsed[4], ('c', 'IT', '')) def test_parse_dn_escaped_multi_type(self): parsed = p('cn=us\\+er1+sn=su\\,rname1,o=users') self.assertEqual(len(parsed), 3) self.assertEqual(parsed[0], ('cn', 'us\\+er1', '+')) self.assertEqual(parsed[1], ('sn', 'su\\,rname1', ',')) self.assertEqual(parsed[2], ('o', 'users', '')) def test_parse_dn_unescaped_single(self): parsed = p('cn=admi,n', escape=True) self.assertEqual(len(parsed), 1) self.assertEqual(parsed[0], ('cn', 'admi\\,n', '')) def test_parse_dn_unescaped_double(self): parsed = p('cn=us=er1,o=us,ers', escape=True) self.assertEqual(len(parsed), 2) self.assertEqual(parsed[0], ('cn', 'us\\=er1', ',')) self.assertEqual(parsed[1], ('o', 'us\\,ers', '')) def test_parse_dn_unescaped_multi(self): parsed = p('cn=us,er1,ou=use. import unittest from ldap3.core.exceptions import LDAPException, LDAPOperationsErrorResult, LDAPOperationResult class Test(unittest.TestCase): def test_main_class_exception(self): e = LDAPException() self.assertTrue(isinstance(e, LDAPException)) def test_subclassing_exception(self): e = LDAPOperationResult(1) self.assertTrue(isinstance(e, LDAPOperationsErrorResult)) ldap3-2.4.1/test/testExtendedOperations.py0000666000000000000000000001165613226436742016732 0ustar 00000000000000""" """ # Created on 2014.06.30 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from ldap3.core.exceptions import LDAPExtensionError from test.config import test_user, test_server_context, test_server_edir_name, random_id, get_connection, drop_connection, add_user, test_server_type, \ test_name_attr, test_base, test_password testcase_id = '' class Test(unittest.TestCase): def setUp(self): global testcase_id testcase_id = random_id() self.connection = get_connection(check_names=True) self.delete_at_teardown = [] self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'pag-1')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'pag-2')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'pag-3')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'pag-4')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'pag-5')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'pag-6')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'pag-7')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'pag-8')) def tearDown(self): drop_connection(self.connection, self.delete_at_teardown) self.assertFalse(self.connection.bound) def test_who_am_i_extension(self): if test_server_type != 'EDIR': if not self.connection.strategy.pooled and not self.connection.strategy.no_real_dsa: try: if not self.connection.server.info: self.connection.refresh_server_info() user = self.connection.extend.standard.who_am_i() self.assertTrue(user) except LDAPExtensionError as e: if not e.args[0] == 'extension not in DSA list of supported extensions': raise def test_get_bind_dn_extension(self): if test_server_type == 'EDIR' and not self.connection.strategy.pooled and not self.connection.strategy.no_real_dsa: result = self.connection.extend.novell.get_bind_dn() self.assertTrue(test_user in result) def test_paged_search_accumulator(self): if not self.connection.strategy.pooled and not self.connection.strategy.no_real_dsa: responses = self.connection.extend.standard.paged_search(test_base, '(' + test_name_attr + '=' + testcase_id + 'pag-*)', generator=False, paged_size=3) self.assertEqual(len(responses), 8) def test_paged_search_generator(self): if not self.connection.strategy.pooled and not self.connection.strategy.no_real_dsa: responses = [] for response in self.connection.extend.standard.paged_search(test_base, '(' + test_name_attr + '=' + testcase_id + 'pag-*)'): responses.append(response) self.assertEqual(len(responses), 8) def test_novell_list_replicas(self): if test_server_type == 'EDIR' and not self.connection.strategy.no_real_dsa: result = self.connection.extend.novell.list_replicas('cn=' + test_server_edir_name + ',' + test_server_context) self.assertEqual(result, None) def test_novell_replica_info(self): if test_server_type == 'EDIR' and not self.connection.strategy.no_real_dsa: result = self.connection.extend.novell.replica_info('cn=' + test_server_edir_name + ',' + test_server_context, '') self.assertEqual(result, '') def test_novell_partition_entry_count(self): if test_server_type == 'EDIR' and not self.connection.strategy.no_real_dsa: result = self.connection.extend.novell.partition_entry_count(test_base) self.assertTrue(result > 0) def test_novell_get_universal_password(self): if test_server_type == 'EDIR' and not self.connection.strategy.no_real_dsa: self.connection.start_tls() result = self.connection.extend.novell.get_universal_password(test_user) self.assertEqual(result, test_password) ldap3-2.4.1/test/testExtensions.py0000666000000000000000000000600113226436742015251 0ustar 00000000000000""" """ # Created on 2013.08.05 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from ldap3 import Tls from test.config import test_server_context, random_id, get_connection, drop_connection, \ test_server_edir_name, test_server_type testcase_id = '' class Test(unittest.TestCase): def setUp(self): global testcase_id testcase_id = random_id() self.connection = get_connection() def tearDown(self): drop_connection(self.connection) self.assertFalse(self.connection.bound) def test_get_replica_list_extension(self): if test_server_type == 'EDIR' and not self.connection.strategy.no_real_dsa: result = self.connection.extended('2.16.840.1.113719.1.27.100.19', ('cn=' + test_server_edir_name + ',' + test_server_context)) if not self.connection.strategy.sync: _, result = self.connection.get_response(result) else: result = self.connection.result self.assertEqual(result['description'], 'success') def test_who_am_i_extension(self): if not test_server_type == 'EDIR' and not self.connection.strategy.no_real_dsa: result = self.connection.extended('1.3.6.1.4.1.4203.1.11.3') if not self.connection.strategy.sync: _, result = self.connection.get_response(result) else: result = self.connection.result self.assertEqual(result['description'], 'success') def test_get_bind_dn_extension(self): if test_server_type == 'EDIR' and not self.connection.strategy.no_real_dsa: result = self.connection.extended('2.16.840.1.113719.1.27.100.31') if not self.connection.strategy.sync: _, result = self.connection.get_response(result) else: result = self.connection.result self.assertEqual(result['description'], 'success') def test_start_tls_extension(self): if not self.connection.strategy.no_real_dsa: connection = get_connection(use_ssl=False) connection.server.tls = Tls() result = connection.start_tls() self.assertTrue(result) connection.unbind() ldap3-2.4.1/test/testFormatGeneralizedTime.py0000666000000000000000000001512013226436742017335 0ustar 00000000000000""" """ # Created on 2014.07.14 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from datetime import datetime import unittest from ldap3.protocol.formatters.formatters import format_time from ldap3.core.timezone import OffsetTzInfo class Test(unittest.TestCase): def test_format_time(self): self.assertEqual(format_time(b'20140102030405Z'), datetime(2014, 1, 2, 3, 4, 5, 0, OffsetTzInfo(0, 'UTC'))) self.assertEqual(format_time(b'201401020304Z'), datetime(2014, 1, 2, 3, 4, 0, 0, OffsetTzInfo(0, 'UTC'))) self.assertEqual(format_time(b'2014010203.0Z'), datetime(2014, 1, 2, 3, 0, 0, 0, OffsetTzInfo(0, 'UTC'))) self.assertEqual(format_time(b'201401020304.1Z'), datetime(2014, 1, 2, 3, 4, 6, 0, OffsetTzInfo(0, 'UTC'))) self.assertEqual(format_time(b'20140102030405.2Z'), datetime(2014, 1, 2, 3, 4, 5, 200000, OffsetTzInfo(0, 'UTC'))) self.assertEqual(format_time(b'2014010203Z'), datetime(2014, 1, 2, 3, 0, 0, 0, OffsetTzInfo(0, 'UTC'))) self.assertEqual(format_time(b'20140102030405'), b'20140102030405') self.assertEqual(format_time(b'201401020304'), b'201401020304') self.assertEqual(format_time(b'2014010203.0'), b'2014010203.0') self.assertEqual(format_time(b'201401020304.1'), b'201401020304.1') self.assertEqual(format_time(b'20140102030405.2'), b'20140102030405.2') self.assertEqual(format_time(b'2014010203'), b'2014010203') self.assertEqual(format_time(b'20140102030405+01'), datetime(2014, 1, 2, 3, 4, 5, 0, OffsetTzInfo(60, 'UTC+01'))) self.assertEqual(format_time(b'201401020304+01'), datetime(2014, 1, 2, 3, 4, 0, 0, OffsetTzInfo(60, 'UTC+01'))) self.assertEqual(format_time(b'2014010203.0+01'), datetime(2014, 1, 2, 3, 0, 0, 0, OffsetTzInfo(60, 'UTC+01'))) self.assertEqual(format_time(b'201401020304.1+01'), datetime(2014, 1, 2, 3, 4, 6, 0, OffsetTzInfo(60, 'UTC+01'))) self.assertEqual(format_time(b'20140102030405.2+01'), datetime(2014, 1, 2, 3, 4, 5, 200000, OffsetTzInfo(60, 'UTC+01'))) self.assertEqual(format_time(b'2014010203+01'), datetime(2014, 1, 2, 3, 0, 0, 0, OffsetTzInfo(60, 'UTC+01'))) self.assertEqual(format_time(b'20140102030405-01'), datetime(2014, 1, 2, 3, 4, 5, 0, OffsetTzInfo(-60, 'UTC-01'))) self.assertEqual(format_time(b'201401020304-01'), datetime(2014, 1, 2, 3, 4, 0, 0, OffsetTzInfo(-60, 'UTC-01'))) self.assertEqual(format_time(b'2014010203.0-01'), datetime(2014, 1, 2, 3, 0, 0, 0, OffsetTzInfo(-60, 'UTC-01'))) self.assertEqual(format_time(b'201401020304.1-01'), datetime(2014, 1, 2, 3, 4, 6, 0, OffsetTzInfo(-60, 'UTC-01'))) self.assertEqual(format_time(b'20140102030405.2-01'), datetime(2014, 1, 2, 3, 4, 5, 200000, OffsetTzInfo(-60, 'UTC-01'))) self.assertEqual(format_time(b'2014010203-01'), datetime(2014, 1, 2, 3, 0, 0, 0, OffsetTzInfo(-60, 'UTC-01'))) self.assertEqual(format_time(b'20140102030405+0100'), datetime(2014, 1, 2, 3, 4, 5, 0, OffsetTzInfo(60, 'UTC+01'))) self.assertEqual(format_time(b'201401020304+0100'), datetime(2014, 1, 2, 3, 4, 0, 0, OffsetTzInfo(60, 'UTC+01'))) self.assertEqual(format_time(b'2014010203.0+0100'), datetime(2014, 1, 2, 3, 0, 0, 0, OffsetTzInfo(60, 'UTC+01'))) self.assertEqual(format_time(b'201401020304.1+0100'), datetime(2014, 1, 2, 3, 4, 6, 0, OffsetTzInfo(60, 'UTC+01'))) self.assertEqual(format_time(b'20140102030405.2+0100'), datetime(2014, 1, 2, 3, 4, 5, 200000, OffsetTzInfo(60, 'UTC+01'))) self.assertEqual(format_time(b'2014010203+0100'), datetime(2014, 1, 2, 3, 0, 0, 0, OffsetTzInfo(60, 'UTC+01'))) self.assertEqual(format_time(b'20140102030405-0100'), datetime(2014, 1, 2, 3, 4, 5, 0, OffsetTzInfo(-60, 'UTC-01'))) self.assertEqual(format_time(b'201401020304-0100'), datetime(2014, 1, 2, 3, 4, 0, 0, OffsetTzInfo(-60, 'UTC-01'))) self.assertEqual(format_time(b'2014010203.0-0100'), datetime(2014, 1, 2, 3, 0, 0, 0, OffsetTzInfo(-60, 'UTC-01'))) self.assertEqual(format_time(b'201401020304.1-0100'), datetime(2014, 1, 2, 3, 4, 6, 0, OffsetTzInfo(-60, 'UTC-01'))) self.assertEqual(format_time(b'20140102030405.2-0100'), datetime(2014, 1, 2, 3, 4, 5, 200000, OffsetTzInfo(-60, 'UTC-01'))) self.assertEqual(format_time(b'2014010203-0100'), datetime(2014, 1, 2, 3, 0, 0, 0, OffsetTzInfo(-60, 'UTC-01'))) self.assertEqual(format_time(b'20140102030405+0130'), datetime(2014, 1, 2, 3, 4, 5, 0, OffsetTzInfo(90, 'UTC+0130'))) self.assertEqual(format_time(b'201401020304+0130'), datetime(2014, 1, 2, 3, 4, 0, 0, OffsetTzInfo(90, 'UTC+0130'))) self.assertEqual(format_time(b'2014010203.0+0130'), datetime(2014, 1, 2, 3, 0, 0, 0, OffsetTzInfo(90, 'UTC+0130'))) self.assertEqual(format_time(b'201401020304.1+0130'), datetime(2014, 1, 2, 3, 4, 6, 0, OffsetTzInfo(90, 'UTC+0130'))) self.assertEqual(format_time(b'20140102030405.2+0130'), datetime(2014, 1, 2, 3, 4, 5, 200000, OffsetTzInfo(90, 'UTC+0130'))) self.assertEqual(format_time(b'2014010203+0130'), datetime(2014, 1, 2, 3, 0, 0, 0, OffsetTzInfo(90, 'UTC+0130'))) self.assertEqual(format_time(b'20140102030405-0130'), datetime(2014, 1, 2, 3, 4, 5, 0, OffsetTzInfo(-90, 'UTC-0130'))) self.assertEqual(format_time(b'201401020304-0130'), datetime(2014, 1, 2, 3, 4, 0, 0, OffsetTzInfo(-90, 'UTC-0130'))) self.assertEqual(format_time(b'2014010203.0-0130'), datetime(2014, 1, 2, 3, 0, 0, 0, OffsetTzInfo(-90, 'UTC-0130'))) self.assertEqual(format_time(b'201401020304.1-0130'), datetime(2014, 1, 2, 3, 4, 6, 0, OffsetTzInfo(-90, 'UTC-0130'))) self.assertEqual(format_time(b'20140102030405.2-0130'), datetime(2014, 1, 2, 3, 4, 5, 200000, OffsetTzInfo(-90, 'UTC-0130'))) self.assertEqual(format_time(b'2014010203-0130'), datetime(2014, 1, 2, 3, 0, 0, 0, OffsetTzInfo(-90, 'UTC-0130'))) ldap3-2.4.1/test/testLDIF-change.py0000666000000000000000000002160513226436742015062 0ustar 00000000000000""" """ # Created on 2013.12.13 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from ldap3 import Connection, LDIF, MODIFY_ADD, MODIFY_REPLACE, MODIFY_DELETE from test.config import test_base, generate_dn, test_name_attr, test_moved, random_id testcase_id = '' class Test(unittest.TestCase): def setUp(self): global testcase_id testcase_id = random_id() self.connection = Connection(server=None, client_strategy=LDIF) self.connection.open() def tearDown(self): self.connection.unbind() self.assertFalse(self.connection.bound) def test_add_request_to_ldif(self): controls = list() controls.append(('2.16.840.1.113719.1.27.103.7', True, 'givenName')) controls.append(('2.16.840.1.113719.1.27.103.7', False, 'sn')) if str != bytes: # python3 controls.append(('2.16.840.1.113719.1.27.103.7', False, bytearray('\u00e0\u00e0', encoding='UTF-8'))) else: controls.append(('2.16.840.1.113719.1.27.103.7', False, bytearray(unicode('\xe0\xe0', encoding='latin1'), encoding='UTF-8'))) # for python2 compatibility controls.append(('2.16.840.1.113719.1.27.103.7', False, 'trailingspace ')) self.connection.add(generate_dn(test_base, testcase_id, 'ldif-change-1'), 'inetOrgPerson', {'objectClass': 'inetOrgPerson', 'sn': 'ldif-change-1', test_name_attr: 'ldif-change-1', 'loginEnabled': True}, controls=controls) response = self.connection.response self.assertTrue('version: 1' in response) self.assertTrue('dn: ' + test_name_attr + '=' + testcase_id + 'ldif-change-1,' + test_base in response) self.assertTrue('control: 2.16.840.1.113719.1.27.103.7 true: givenName' in response) self.assertTrue('control: 2.16.840.1.113719.1.27.103.7 false: sn' in response) self.assertTrue('control: 2.16.840.1.113719.1.27.103.7 false:: w6DDoA==' in response) self.assertTrue('control: 2.16.840.1.113719.1.27.103.7 false:: dHJhaWxpbmdzcGFjZSA=' in response) self.assertTrue('changetype: add' in response) self.assertTrue('objectClass: inetOrgPerson' in response) self.assertTrue('sn: ldif-change-1' in response) self.assertTrue(test_name_attr + ': ldif-change-1' in response) def test_delete_request_to_ldif(self): self.connection.strategy.order = dict(delRequest=['dn:', 'changetype', 'vers']) self.connection.delete(generate_dn(test_base, testcase_id, 'ldif-change-2')) response = self.connection.response.replace('\r\n', '').replace(' ', '') self.assertTrue('version:1' in response) self.assertTrue('dn:' + test_name_attr + '=' + testcase_id + 'ldif-change-2,' + test_base in response) self.assertTrue('changetype:delete' in response) def test_modify_dn_request_to_ldif(self): result = self.connection.modify_dn(generate_dn(test_base, testcase_id, 'ldif-change-3'), test_name_attr + '=' + testcase_id + 'ldif-change-4,' + test_base) if isinstance(result, int): self.connection.get_response(result) response = self.connection.response.replace('\r\n', '').replace(' ', '') self.assertTrue('version:1' in response) self.assertTrue('dn:' + test_name_attr + '=' + testcase_id + 'ldif-change-3,' + test_base in response) self.assertTrue('changetype:moddn' in response) self.assertTrue('newrdn:' + test_name_attr + '=' + testcase_id + 'ldif-change-4,' + test_base in response) self.assertTrue('deleteoldrdn:1' in response) def test_move_dn_request_to_ldif(self): result = self.connection.modify_dn(generate_dn(test_base, testcase_id, 'ldif-change-5'), test_name_attr + '=' + testcase_id + 'ldif-change-5', delete_old_dn=False, new_superior=test_moved) if isinstance(result, int): self.connection.get_response(result) response = self.connection.response.replace('\r\n', '').replace(' ', '') self.assertTrue('version:1' in response) self.assertTrue('dn:' + test_name_attr + '=' + testcase_id + 'ldif-change-5,' + test_base in response) self.assertTrue('changetype:modrdn' in response) self.assertTrue('newrdn:' + test_name_attr + '=' + testcase_id + 'ldif-change-5' in response) self.assertTrue('deleteoldrdn:0' in response) self.assertTrue('newsuperior:' + test_moved in response) def test_modify_add_to_ldif(self): result = self.connection.modify(generate_dn(test_base, testcase_id, 'ldif-change-6'), {'givenName': (MODIFY_ADD, ['givenname-6-modified'])}) if isinstance(result, int): self.connection.get_response(result) response = self.connection.response.replace('\r\n', '').replace(' ', '') self.assertTrue('version:1' in response) self.assertTrue('dn:' + test_name_attr + '=' + testcase_id + 'ldif-change-6,' + test_base in response) self.assertTrue('changetype:modify' in response) self.assertTrue('add:givenName' in response) self.assertTrue('givenName:givenname-6-modified' in response) self.assertEqual('-', response[-1]) def test_modify_replace_to_ldif(self): result = self.connection.modify(generate_dn(test_base, testcase_id, 'ldif-change-7'), {'givenName': (MODIFY_REPLACE, ['givenname-7-replaced'])}) if isinstance(result, int): self.connection.get_response(result) response = self.connection.response.replace('\r\n', '').replace(' ', '') self.assertTrue('version:1' in response) self.assertTrue('dn:' + test_name_attr + '=' + testcase_id + 'ldif-change-7,' + test_base in response) self.assertTrue('changetype:modify' in response) self.assertTrue('replace:givenName' in response) self.assertTrue('givenName:givenname-7-replaced' in response) self.assertEqual('-', response[-1]) def test_modify_delete_to_ldif(self): result = self.connection.modify(generate_dn(test_base, testcase_id, 'ldif-change-8'), {'givenName': (MODIFY_DELETE, ['givenname-8-deleted'])}) if isinstance(result, int): self.connection.get_response(result) response = self.connection.response.replace('\r\n', '').replace(' ', '') self.assertTrue('version:1' in response) self.assertTrue('dn:' + test_name_attr + '=' + testcase_id + 'ldif-change-8,' + test_base in response) self.assertTrue('changetype:modify' in response) self.assertTrue('delete:givenName' in response) self.assertTrue('givenName:givenname-8-deleted' in response) self.assertEqual('-', response[-1]) def test_multiple_modify_to_ldif(self): # from rfc 2849 example result = self.connection.modify('cn=Paula Jensen,ou=Product Development,dc=airius,dc=com', {'postaladdress': (MODIFY_ADD, ['123 Anystreet $ Sunnyvale, CA $ 94086']), 'description': (MODIFY_DELETE, []), 'telephonenumber': (MODIFY_REPLACE, ['+1 408 555 1234', '+1 408 555 5678']), 'facsimiletelephonenumber': (MODIFY_DELETE, ['+1 408 555 9876'])}) if isinstance(result, int): self.connection.get_response(result) response = self.connection.response self.assertTrue('version: 1' in response) self.assertTrue('dn: cn=Paula Jensen,ou=Product Development,dc=airius,dc=com' in response) self.assertTrue('changetype: modify' in response) self.assertTrue('delete: facsimiletelephonenumber' in response) self.assertTrue('facsimiletelephonenumber: +1 408 555 9876' in response) self.assertTrue('replace: telephonenumber' in response) self.assertTrue('telephonenumber: +1 408 555 1234' in response) self.assertTrue('telephonenumber: +1 408 555 5678' in response) self.assertTrue('add: postaladdress' in response) self.assertTrue('postaladdress: 123 Anystreet $ Sunnyvale, CA $ 94086' in response) self.assertTrue('delete: description' in response) self.assertEqual('-', response[-1]) ldap3-2.4.1/test/testLDIF-content.py0000666000000000000000000000735013226436742015310 0ustar 00000000000000""" """ # Created on 2013.12.10 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from test.config import test_base, test_name_attr, get_connection, random_id, add_user, \ drop_connection testcase_id = '' class Test(unittest.TestCase): def setUp(self): global testcase_id testcase_id = random_id() self.connection = get_connection() self.delete_at_teardown = [] self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'ldif-content-1')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'ldif-content-2')) def tearDown(self): drop_connection(self.connection, self.delete_at_teardown) self.assertFalse(self.connection.bound) def test_single_search_result_to_ldif(self): result = self.connection.search(search_base=test_base, search_filter='(' + test_name_attr + '=' + testcase_id + 'ldif-content-1)', attributes=[test_name_attr, 'givenName', 'objectClass', 'sn']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response l = self.connection.response_to_ldif(response).lower() self.assertTrue('version: 1' in l) self.assertTrue('dn: ' + test_name_attr.lower() + '=' + testcase_id.lower() + 'ldif-content-1,' + test_base.lower() in l) self.assertTrue('objectclass: inetorgperson' in l) self.assertTrue('objectclass: top' in l) self.assertTrue(test_name_attr.lower() + ': ' + testcase_id.lower() + 'ldif-content-1' in l) self.assertTrue('sn: ldif-content-1' in l) self.assertTrue('total number of entries: 1' in l) def test_multiple_search_result_to_ldif(self): result = self.connection.search(search_base=test_base, search_filter='(' + test_name_attr + '=' + testcase_id + 'ldif-content-*)', attributes=[test_name_attr, 'givenName', 'sn', 'objectClass']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response l = self.connection.response_to_ldif(response).lower() self.assertTrue('version: 1' in l) self.assertTrue('dn: ' + test_name_attr.lower() + '=' + testcase_id.lower() + 'ldif-content-1,' + test_base.lower() in l) self.assertTrue('objectclass: inetorgperson' in l) self.assertTrue('objectclass: top' in l) self.assertTrue(test_name_attr.lower() + ': ' + testcase_id + 'ldif-content-1' in l) self.assertTrue('sn: ldif-content-1' in l) self.assertTrue('dn: ' + test_name_attr.lower() + '=' + testcase_id.lower() + 'ldif-content-1,' + test_base.lower() in l) self.assertTrue(test_name_attr.lower() + ': ' + testcase_id.lower() + 'ldif-content-2' in l) self.assertTrue('sn: ldif-content-2' in l) self.assertTrue('# total number of entries: 2' in l) ldap3-2.4.1/test/testMicrosoftAD.py0000666000000000000000000003130213226436742015266 0ustar 00000000000000# -*- coding: utf-8 -*- """ """ # Created on 2013.06.06 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from time import sleep from ldap3 import SUBTREE, MODIFY_ADD, MODIFY_REPLACE, MODIFY_DELETE, SIMPLE, REUSABLE from ldap3.protocol.microsoft import extended_dn_control, show_deleted_control from test.config import test_base, test_name_attr, random_id, get_connection, add_user, drop_connection, test_server_type, test_root_partition, test_strategy testcase_id = '' class Test(unittest.TestCase): def setUp(self): global testcase_id testcase_id = random_id() if test_server_type == 'AD': self.connection = get_connection(use_ssl=True) self.delete_at_teardown = [] def tearDown(self): if test_server_type == 'AD': drop_connection(self.connection, self.delete_at_teardown) self.assertFalse(self.connection.bound) def test_search_extended_dn_ad(self): if test_server_type == 'AD': self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'sea-1', attributes={'givenName': 'sea-1'})) result = self.connection.search(search_base=test_base, search_filter='(' + test_name_attr + '=' + testcase_id + 'sea-1)', attributes=[test_name_attr], controls=[extended_dn_control(), show_deleted_control()]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response result = self.connection.result self.assertEqual(result['description'], 'success') self.assertTrue(';' in response[0]['dn']) def test_search_deleted_objects_ad(self): if test_server_type == 'AD': dn_to_delete, _ = add_user(self.connection, testcase_id, 'del-1', attributes={'givenName': 'del-1'}) sleep(2) self.connection.delete(dn_to_delete) sleep(5) result = self.connection.search(search_base=test_root_partition, search_filter='(&(isDeleted=TRUE)(cn=*' + testcase_id + '*del-1*))', search_scope=SUBTREE, attributes=[], controls=[show_deleted_control(criticality=True)]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response result = self.connection.result found = False for entry in response: if entry['type'] == 'searchResEntry' and testcase_id in entry['dn']: found = True break self.assertTrue(found) def test_dir_sync(self): if False: # takes a long long time to complete # if test_server_type == 'AD': sync = self.connection.extend.microsoft.dir_sync(test_root_partition, attributes=['*']) # read all previous changes while sync.more_results: print('PREV', len(sync.loop())) # add a new object and verify the sync dn, _ = add_user(self.connection, testcase_id, 'to-be-deleted-1', attributes={'givenName': 'to-be-deleted-1'}) sleep(1) response = sync.loop() print('ADD OBJ', len(response), response[0]['attributes']) found = False for entry in response: if entry['type'] == 'searchResEntry' and testcase_id + 'to-be-deleted-1' in entry['dn']: found = True break self.assertTrue(found) # modify-add an attribute and verify the sync result = self.connection.modify(dn, {'businessCategory': (MODIFY_ADD, ['businessCategory-1-added'])}) if not self.connection.strategy.sync: _, result = self.connection.get_response(result) else: result = self.connection.result self.assertEqual(result['description'], 'success') sleep(1) response = sync.loop() print('MOD-ADD ATTR', len(response), response[0]['attributes']) found = False for entry in response: if entry['type'] == 'searchResEntry' and testcase_id + 'to-be-deleted-1' in entry['dn']: found = True break self.assertTrue(found) # modify-replace an attribute and verify the sync result = self.connection.modify(dn, {'businessCategory': (MODIFY_REPLACE, ['businessCategory-1-replaced']), 'sn': (MODIFY_REPLACE, ['sn-replaced'])}) if not self.connection.strategy.sync: _, result = self.connection.get_response(result) else: result = self.connection.result self.assertEqual(result['description'], 'success') sleep(1) response = sync.loop() print('MOD-REPLACE ATTR', len(response), response[0]['attributes']) found = False for entry in response: if entry['type'] == 'searchResEntry' and testcase_id + 'to-be-deleted-1' in entry['dn']: found = True break self.assertTrue(found) # modify-delete an attribute and verify the sync # result = self.connection.modify(dn, {'businessCategory': (MODIFY_ADD, ['businessCategory-2-added', 'businessCategory-3-added'])}) # if not self.connection.strategy.sync: # _, result = self.connection.get_response(result) # else: # result = self.connection.result # self.assertEqual(result['description'], 'success') result = self.connection.modify(dn, {'businessCategory': (MODIFY_DELETE, ['businessCategory-1-replaced'])}) if not self.connection.strategy.sync: _, result = self.connection.get_response(result) else: result = self.connection.result self.assertEqual(result['description'], 'success') sleep(1) response = sync.loop() print('MOD-DEL ATTR', len(response), response[0]['attributes']) found = False for entry in response: if entry['type'] == 'searchResEntry' and testcase_id + 'to-be-deleted-1' in entry['dn']: found = True break self.assertTrue(found) # delete object and verify the sync self.connection.delete(dn) sleep(1) response = sync.loop() print('DEL OBJ', len(response), response[0]['attributes']) found = False for entry in response: if entry['type'] == 'searchResEntry' and testcase_id + 'to-be-deleted-1' in entry['dn']: found = True break self.assertTrue(found) def test_modify_password_as_administrator(self): if test_server_type == 'AD' and test_strategy != REUSABLE: self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'pwd-1', attributes={'givenName': 'changed-password-1'})) dn = self.delete_at_teardown[-1][0] # test_connection = get_connection(bind=False, authentication=SIMPLE, simple_credentials=(dn, 'Rc1234abcd')) # test_connection.bind() # self.assertTrue(test_connection.bound) # connected_user = test_connection.extend.standard.who_am_i() # test_connection.unbind() # self.assertTrue('changed-password-1' in connected_user) new_password = 'Rc567812àèìòù' result = self.connection.extend.microsoft.modify_password(dn, new_password) self.assertEqual(result, True) # creates a second connection and tries to bind with the new password test_connection = get_connection(bind=False, authentication=SIMPLE, simple_credentials=(dn, new_password)) test_connection.bind() connected_user = test_connection.extend.standard.who_am_i() test_connection.unbind() self.assertTrue('pwd-1' in connected_user) # def test_modify_password_as_normal_user(self): # if test_server_type == 'AD': # old_password = 'Ab123456cdef' # new_password = 'Gh567890ijkl' # self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'pwd-2', password=old_password, attributes={'givenName': 'changed-password-2'})) # dn = self.delete_at_teardown[-1][0] # # creates a second connection and tries to bind with the new password # test_connection = get_connection(bind=False, use_ssl=True, authentication=SIMPLE, simple_credentials=(dn, old_password)) # test_connection.bind() # self.assertTrue(test_connection.bound) # connected_user = test_connection.extend.standard.who_am_i() # test_connection.unbind() # self.assertTrue('pwd-2' in connected_user) # # # changee the password # result = self.connection.extend.microsoft.modify_password(dn, new_password, old_password) # self.assertEqual(result, True) # # # tries to bind with the new password # test_connection.password = new_password # test_connection.bind() # connected_user = test_connection.extend.standard.who_am_i() # test_connection.unbind() # # self.assertTrue('changed-password-2' in connected_user) def test_modify_existing_password_as_administrator(self): if test_server_type == 'AD' and test_strategy != REUSABLE: self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'pwd-3', attributes={'givenName': 'pwd-3'})) dn = self.delete_at_teardown[-1][0] new_password = 'Rc56789efgh' result = self.connection.extend.microsoft.modify_password(dn, new_password) self.assertEqual(result, True) # creates a second connection and tries to bind with the new password test_connection = get_connection(bind=False, authentication=SIMPLE, simple_credentials=(dn, new_password)) test_connection.bind() connected_user = test_connection.extend.standard.who_am_i() test_connection.unbind() self.assertTrue('pwd-3' in connected_user) # def test_search_with_auto_range(self): # if test_server_type == 'AD': # user_dns = [] # for i in range(0, 6999): # try: # user_dn, _ = add_user(self.connection, '', 'user-' + str(i).zfill(4), attributes={'givenName': 'givenname-' + str(i).zfill(4)}) # user_dns.append(user_dn) # print('created', user_dn) # except Exception as e: # # if 'entryAlreadyExists' not in e.args[0]: # # raise # pass # self.connection.extend.microsoft.add_members_to_groups(user_dns, 'CN=testgrp,OU=test,DC=AD2012,DC=LAB', fix=True) # print(self.connection.auto_range) # self.connection.auto_range = False # result = self.connection.search(search_base=test_base, search_filter='(' + test_name_attr + '=testgrp)', attributes=[test_name_attr, 'member']) # print(result) # print(self.connection.response[0]['attributes'].keys()) # print (len(self.connection.response[0]['attributes']['member'])) ldap3-2.4.1/test/testMockASyncStrategy.py0000666000000000000000000022044413226436742016475 0ustar 00000000000000""" """ # Created on 2015.02.3 # # Author: Giovanni Cannata # # Copyright 2015 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from ldap3 import Server, Connection, MOCK_ASYNC, MODIFY_ADD, MODIFY_REPLACE, MODIFY_DELETE, OFFLINE_EDIR_8_8_8,\ BASE, LEVEL, SUBTREE, AUTO_BIND_NO_TLS, NONE from ldap3.core.exceptions import LDAPInvalidCredentialsResult, LDAPNoSuchObjectResult from ldap3.protocol.rfc4512 import SchemaInfo, DsaInfo from ldap3.protocol.schemas.edir888 import edir_8_8_8_dsa_info, edir_8_8_8_schema from test.config import random_id testcase_id = '' class Test(unittest.TestCase): def setUp(self): global testcase_id testcase_id = random_id() # The mock server can be defined in two different ways, so tests are duplicated, connection_3 is without schema schema = SchemaInfo.from_json(edir_8_8_8_schema) info = DsaInfo.from_json(edir_8_8_8_dsa_info, schema) server_1 = Server.from_definition('MockSyncServer', info, schema) self.connection_1 = Connection(server_1, user='cn=user1,ou=test,o=lab', password='test1111', client_strategy=MOCK_ASYNC) self.connection_1b = Connection(server_1, user='cn=user1,ou=test,o=lab', password='test1111', client_strategy=MOCK_ASYNC) self.connection_1c = Connection(server_1, user='cn=user1,ou=test,o=lab', password='test1111', client_strategy=MOCK_ASYNC, raise_exceptions=True) server_2 = Server('dummy', get_info=OFFLINE_EDIR_8_8_8) self.connection_2 = Connection(server_2, user='cn=user2,ou=test,o=lab', password='test2222', client_strategy=MOCK_ASYNC) self.connection_2b = Connection(server_2, user='cn=user2,ou=test,o=lab', password='test2222', client_strategy=MOCK_ASYNC) self.connection_2c = Connection(server_2, user='cn=user2,ou=test,o=lab', password='test2222', client_strategy=MOCK_ASYNC, raise_exceptions=True) server_3 = Server('dummy') # no schema self.connection_3 = Connection(server_3, user='cn=user3,ou=test,o=lab', password='test3333', client_strategy=MOCK_ASYNC) self.connection_3b = Connection(server_3, user='cn=user3,ou=test,o=lab', password='test3333', client_strategy=MOCK_ASYNC) self.connection_3c = Connection(server_3, user='cn=user3,ou=test,o=lab', password='test3333', client_strategy=MOCK_ASYNC, raise_exceptions=True) # creates fixtures self.connection_1.strategy.add_entry('cn=user0,o=lab', {'userPassword': 'test0000', 'sn': 'user0_sn', 'revision': 0}) self.connection_2.strategy.add_entry('cn=user0,o=lab', {'userPassword': 'test0000', 'sn': 'user0_sn', 'revision': 0}) self.connection_3.strategy.add_entry('cn=user0,o=lab', {'userPassword': 'test0000', 'sn': 'user0_sn', 'revision': 0}) self.connection_1.strategy.add_entry('cn=user1,ou=test,o=lab', {'userPassword': 'test1111', 'sn': 'user1_sn', 'revision': 1}) self.connection_2.strategy.add_entry('cn=user1,ou=test,o=lab', {'userPassword': 'test1111', 'sn': 'user1_sn', 'revision': 1}) self.connection_3.strategy.add_entry('cn=user1,ou=test,o=lab', {'userPassword': 'test1111', 'sn': 'user1_sn', 'revision': 1}) self.connection_1.strategy.add_entry('cn=user2,ou=test,o=lab', {'userPassword': 'test2222', 'sn': 'user2_sn', 'revision': 2}) self.connection_2.strategy.add_entry('cn=user2,ou=test,o=lab', {'userPassword': 'test2222', 'sn': 'user2_sn', 'revision': 2}) self.connection_3.strategy.add_entry('cn=user2,ou=test,o=lab', {'userPassword': 'test2222', 'sn': 'user2_sn', 'revision': 2}) self.connection_1.strategy.add_entry('cn=user3,ou=test,o=lab', {'userPassword': 'test3333', 'sn': 'user3_sn', 'revision': 3}) self.connection_2.strategy.add_entry('cn=user3,ou=test,o=lab', {'userPassword': 'test3333', 'sn': 'user3_sn', 'revision': 3}) self.connection_3.strategy.add_entry('cn=user3,ou=test,o=lab', {'userPassword': 'test3333', 'sn': 'user3_sn', 'revision': 3}) self.connection_1.strategy.add_entry('cn=user4,ou=test,o=lab', {'userPassword': 'test4444', 'sn': 'user4_sn', 'revision': 4, 'title': ['title1', 'title2', 'title3']}) self.connection_2.strategy.add_entry('cn=user4,ou=test,o=lab', {'userPassword': 'test4444', 'sn': 'user4_sn', 'revision': 4, 'title': ['title1', 'title2', 'title3']}) self.connection_3.strategy.add_entry('cn=user4,ou=test,o=lab', {'userPassword': 'test4444', 'sn': 'user4_sn', 'revision': 4, 'title': ['title1', 'title2', 'title3']}) def tearDown(self): self.connection_1.unbind() self.assertFalse(self.connection_1.bound) self.connection_2.unbind() self.assertFalse(self.connection_2.bound) self.connection_3.unbind() self.assertFalse(self.connection_3.bound) def test_open_1(self): self.connection_1.open() self.assertFalse(self.connection_1.closed) def test_open_2(self): self.connection_2.open() self.assertFalse(self.connection_2.closed) def test_open_3(self): self.connection_3.open() self.assertFalse(self.connection_3.closed) def test_bind_1(self): self.connection_1.open() self.connection_1.bind() self.assertTrue(self.connection_1.bound) def test_bind_2(self): self.connection_2.open() self.connection_2.bind() self.assertTrue(self.connection_2.bound) def test_bind_3(self): self.connection_3.open() self.connection_3.bind() self.assertTrue(self.connection_3.bound) def test_invalid_bind_1(self): self.connection_1.password = 'wrong' self.connection_1.open() self.connection_1.bind() self.assertFalse(self.connection_1.bound) def test_invalid_bind_2(self): self.connection_2.password = 'wrong' self.connection_2.open() self.connection_2.bind() self.assertFalse(self.connection_2.bound) def test_invalid_bind_3(self): self.connection_3.password = 'wrong' self.connection_3.open() self.connection_3.bind() self.assertFalse(self.connection_3.bound) def test_invalid_bind_exception_1(self): self.connection_1c.password = 'wrong' self.connection_1c.open() try: self.connection_1c.bind() self.fail('exception not raised') except LDAPInvalidCredentialsResult: pass def test_invalid_bind_exception_2(self): self.connection_2c.password = 'wrong' self.connection_2c.open() try: self.connection_2c.bind() self.fail('exception not raised') except LDAPInvalidCredentialsResult: pass def test_invalid_bind_exception_3(self): self.connection_3c.password = 'wrong' self.connection_3c.open() try: self.connection_3c.bind() self.fail('exception not raised') except LDAPInvalidCredentialsResult: pass def test_unbind_1(self): self.connection_1.open() self.assertFalse(self.connection_1.closed) self.connection_1.bind() self.assertTrue(self.connection_1.bound) self.connection_1.unbind() self.assertFalse(self.connection_1.bound) self.assertTrue(self.connection_1.closed) def test_unbind_2(self): self.connection_2.open() self.assertFalse(self.connection_2.closed) self.connection_2.bind() self.assertTrue(self.connection_2.bound) self.connection_2.unbind() self.assertFalse(self.connection_2.bound) self.assertTrue(self.connection_2.closed) def test_unbind_3(self): self.connection_3.open() self.assertFalse(self.connection_3.closed) self.connection_3.bind() self.assertTrue(self.connection_3.bound) self.connection_3.unbind() self.assertFalse(self.connection_3.bound) self.assertTrue(self.connection_3.closed) def test_add_user_1(self): self.connection_1.strategy.add_entry('cn=user4,ou=test,o=lab', {'userPassword': 'test4444'}) self.connection_1.rebind('cn=user4,ou=test,o=lab', 'test4444') self.assertTrue(self.connection_1.bound) def test_add_user_2(self): self.connection_2.strategy.add_entry('cn=user4,ou=test,o=lab', {'userPassword': 'test4444'}) self.connection_2.rebind('cn=user4,ou=test,o=lab', 'test4444') self.assertTrue(self.connection_2.bound) def test_add_user_3(self): self.connection_3.strategy.add_entry('cn=user4,ou=test,o=lab', {'userPassword': 'test4444'}) self.connection_3.rebind('cn=user4,ou=test,o=lab', 'test4444') self.assertTrue(self.connection_3.bound) def test_remove_user_1(self): self.connection_1.strategy.remove_entry('cn=user2,ou=test,o=lab') self.connection_1.bind() self.assertTrue(self.connection_1.bound) self.connection_1.rebind('cn=user2,ou=test,o=lab', 'test9876') self.assertFalse(self.connection_1.bound) def test_remove_user_2(self): self.connection_2.strategy.remove_entry('cn=user1,ou=test,o=lab') self.connection_2.bind() self.assertTrue(self.connection_2.bound) self.connection_2.rebind('cn=user1,ou=test,o=lab', 'test9876') self.assertFalse(self.connection_2.bound) def test_remove_user_3(self): self.connection_3.strategy.remove_entry('cn=user1,ou=test,o=lab') self.connection_3.bind() self.assertTrue(self.connection_3.bound) self.connection_3.rebind('cn=user1,ou=test,o=lab', 'test1111') self.assertFalse(self.connection_3.bound) def test_delete_1(self): self.connection_1.bind() result = self.connection_1.delete('cn=user1,ou=test,o=lab') if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertTrue(result['description'], 'success') self.assertTrue('cn=user1,ou=test,o=lab' not in self.connection_1.strategy.entries) def test_delete_2(self): self.connection_2.bind() result = self.connection_2.delete('cn=user2,ou=test,o=lab') if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertTrue(['description'], 'success') self.assertTrue('cn=user2,ou=test,o=lab' not in self.connection_2.strategy.entries) def test_delete_3(self): self.connection_3.bind() result = self.connection_3.delete('cn=user3,ou=test,o=lab') if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertTrue(result['description'], 'success') self.assertTrue('cn=user3,ou=test,o=lab' not in self.connection_3.strategy.entries) def test_add_entry_1(self): dn = 'cn=user5,ou=test,o=lab' self.connection_1.bind() result = self.connection_1.add(dn, ['inetOrgPerson', 'top'], {'sn': 'user5_sn'}) if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertTrue(result['description'], 'success') self.assertTrue(dn in self.connection_1.strategy.entries) self.connection_1b.bind() self.assertTrue(dn in self.connection_1b.strategy.entries) def test_add_entry_2(self): dn = 'cn=user5,ou=test,o=lab' self.connection_2.bind() result = self.connection_2.add(dn, ['inetOrgPerson', 'top'], {'sn': 'user5_sn'}) if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertTrue(result['description'], 'success') self.assertTrue(dn in self.connection_2.strategy.entries) self.connection_2b.bind() self.assertTrue(dn in self.connection_2b.strategy.entries) def test_add_entry_3(self): dn = 'cn=user5,ou=test,o=lab' self.connection_3.bind() result = self.connection_3.add(dn, ['inetOrgPerson', 'top'], {'sn': 'user5_sn'}) if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertTrue(result['description'], 'success') self.assertTrue(dn in self.connection_3.strategy.entries) self.connection_3b.bind() self.assertTrue(dn in self.connection_3b.strategy.entries) def test_add_entry_already_exists_1(self): dn = 'cn=user5,ou=test,o=lab' self.connection_1.bind() self.connection_1.strategy.add_entry(dn, {'objectClass': ['inetOrgPerson', 'top'], 'sn': 'user5_sn'}) result = self.connection_1.add(dn, ['inetOrgPerson', 'top'], {'sn': 'user5_sn'}) if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'entryAlreadyExists') def test_add_entry_already_exists_2(self): dn = 'cn=user5,ou=test,o=lab' self.connection_2.bind() self.connection_2.strategy.add_entry(dn, {'objectClass': ['inetOrgPerson', 'top'], 'sn': 'user5_sn'}) result = self.connection_2.add(dn, ['inetOrgPerson', 'top'], {'sn': 'user5_sn'}) if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'entryAlreadyExists') def test_add_entry_already_exists_3(self): dn = 'cn=user5,ou=test,o=lab' self.connection_3.bind() self.connection_3.strategy.add_entry(dn, {'objectClass': ['inetOrgPerson', 'top'], 'sn': 'user5_sn'}) result = self.connection_3.add(dn, ['inetOrgPerson', 'top'], {'sn': 'user5_sn'}) if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'entryAlreadyExists') def test_delete_entry_nonexisting_1(self): dn = 'cn=user5,ou=test,o=lab' self.connection_1.bind() self.assertTrue(dn not in self.connection_1.strategy.entries) result = self.connection_1.delete(dn) if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'noSuchObject') def test_delete_entry_nonexisting_2(self): dn = 'cn=user5,ou=test,o=lab' self.connection_2.bind() self.assertTrue(dn not in self.connection_2.strategy.entries) result = self.connection_2.delete(dn) if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'noSuchObject') def test_delete_entry_nonexisting_3(self): dn = 'cn=user5,ou=test,o=lab' self.connection_3.bind() self.assertTrue(dn not in self.connection_3.strategy.entries) result = self.connection_3.delete(dn) if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'noSuchObject') def test_compare_entry_1(self): dn = 'cn=user4,ou=test,o=lab' self.connection_1.bind() result = self.connection_1.compare(dn, 'sn', 'user4_sn') if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertTrue(result['description'], 'compareTrue') result = self.connection_1.compare(dn, 'sn', 'bad_sn') if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertTrue(result['description'], 'compareFalse') def test_compare_entry_2(self): dn = 'cn=user4,ou=test,o=lab' self.connection_2.bind() result = self.connection_2.compare(dn, 'sn', 'user4_sn') if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertTrue(result['description'], 'compareTrue') result = self.connection_2.compare(dn, 'sn', 'bad_sn') if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertTrue(result['description'], 'compareFalse') def test_compare_entry_3(self): dn = 'cn=user4,ou=test,o=lab' self.connection_3.bind() result = self.connection_3.compare(dn, 'sn', 'user4_sn') if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertTrue(result['description'], 'compareTrue') result = self.connection_3.compare(dn, 'sn', 'bad_sn') if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertTrue(result['description'], 'compareFalse') def test_move_dn_1(self): dn = 'cn=user4,ou=test,o=lab' self.connection_1.bind() result = self.connection_1.modify_dn(dn, relative_dn='cn=user4', new_superior='ou=moved,o=lab') if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertTrue(result['description'], 'success') self.assertTrue('cn=user4,ou=moved,o=lab' in self.connection_1.strategy.entries) self.assertFalse(dn in self.connection_1.strategy.entries) def test_move_dn_2(self): dn = 'cn=user4,ou=test,o=lab' self.connection_2.bind() result = self.connection_2.modify_dn(dn, relative_dn='cn=user4', new_superior='ou=moved,o=lab') if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertTrue(result['description'], 'success') self.assertTrue('cn=user4,ou=moved,o=lab' in self.connection_2.strategy.entries) self.assertFalse(dn in self.connection_2.strategy.entries) def test_move_dn_3(self): dn = 'cn=user4,ou=test,o=lab' self.connection_3.bind() result = self.connection_3.modify_dn(dn, relative_dn='cn=user4', new_superior='ou=moved,o=lab') if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertTrue(result['description'], 'success') self.assertTrue('cn=user4,ou=moved,o=lab' in self.connection_3.strategy.entries) self.assertFalse(dn in self.connection_3.strategy.entries) def test_rename_dn_1(self): dn = 'cn=user4,ou=test,o=lab' self.connection_1.bind() result = self.connection_1.modify_dn(dn, relative_dn='cn=user_renamed') if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertTrue(result['description'], 'success') self.assertTrue('cn=user_renamed,ou=test,o=lab' in self.connection_1.strategy.entries) self.assertFalse(dn in self.connection_1.strategy.entries) def test_rename_dn_2(self): dn = 'cn=user4,ou=test,o=lab' self.connection_2.bind() result = self.connection_2.modify_dn(dn, relative_dn='cn=user_renamed') if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertTrue(result['description'], 'success') self.assertTrue('cn=user_renamed,ou=test,o=lab' in self.connection_2.strategy.entries) self.assertFalse(dn in self.connection_2.strategy.entries) def test_rename_dn_3(self): dn = 'cn=user4,ou=test,o=lab' self.connection_3.bind() result = self.connection_3.modify_dn(dn, relative_dn='cn=user_renamed') if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertTrue(result['description'], 'success') self.assertTrue('cn=user_renamed,ou=test,o=lab' in self.connection_3.strategy.entries) self.assertFalse(dn in self.connection_3.strategy.entries) def test_modify_add_existing_singlevalue_1(self): dn = 'cn=user4,ou=test,o=lab' self.connection_1.bind() result = self.connection_1.modify(dn, {'sn': (MODIFY_ADD, ['sn_added'])}) if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertTrue(result['description'], 'success') self.assertTrue(b'sn_added' in self.connection_1.strategy.entries[dn]['sn']) def test_modify_add_existing_singlevalue_2(self): dn = 'cn=user4,ou=test,o=lab' self.connection_2.bind() result = self.connection_2.modify(dn, {'sn': (MODIFY_ADD, ['sn_added'])}) if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertTrue(result['description'], 'success') self.assertTrue(b'sn_added' in self.connection_2.strategy.entries[dn]['sn']) def test_modify_add_existing_singlevalue_3(self): dn = 'cn=user4,ou=test,o=lab' self.connection_3.bind() result = self.connection_3.modify(dn, {'sn': (MODIFY_ADD, ['sn_added'])}) if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertTrue(result['description'], 'success') self.assertTrue(b'sn_added' in self.connection_3.strategy.entries[dn]['sn']) def test_modify_add_nonexisting_singlevalue_1(self): dn = 'cn=user4,ou=test,o=lab' self.connection_1.bind() result = self.connection_1.modify(dn, {'title': (MODIFY_ADD, ['title_added'])}) if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertTrue(result['description'], 'success') self.assertTrue(b'title_added' in self.connection_1.strategy.entries[dn]['title']) def test_modify_add_nonexisting_singlevalue_2(self): dn = 'cn=user4,ou=test,o=lab' self.connection_2.bind() result = self.connection_2.modify(dn, {'title': (MODIFY_ADD, ['title_added'])}) if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertTrue(result['description'], 'success') self.assertTrue(b'title_added' in self.connection_2.strategy.entries[dn]['title']) def test_modify_add_nonexisting_singlevalue_3(self): dn = 'cn=user4,ou=test,o=lab' self.connection_3.bind() result = self.connection_3.modify(dn, {'title': (MODIFY_ADD, ['title_added'])}) if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertTrue(result['description'], 'success') self.assertTrue(b'title_added' in self.connection_3.strategy.entries[dn]['title']) def test_modify_add_existing_multivalue_1(self): dn = 'cn=user4,ou=test,o=lab' self.connection_1.bind() result = self.connection_1.modify(dn, {'sn': (MODIFY_ADD, ['sn_added1', 'sn_added2'])}) if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertTrue(result['description'], 'success') self.assertTrue(b'sn_added1' in self.connection_1.strategy.entries[dn]['sn']) self.assertTrue(b'sn_added2' in self.connection_1.strategy.entries[dn]['sn']) def test_modify_add_existing_multivalue_2(self): dn = 'cn=user4,ou=test,o=lab' self.connection_2.bind() result = self.connection_2.modify(dn, {'sn': (MODIFY_ADD, ['sn_added1', 'sn_added2'])}) if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertTrue(result['description'], 'success') self.assertTrue(b'sn_added1' in self.connection_2.strategy.entries[dn]['sn']) self.assertTrue(b'sn_added2' in self.connection_2.strategy.entries[dn]['sn']) def test_modify_add_existing_multivalue_3(self): dn = 'cn=user4,ou=test,o=lab' self.connection_3.bind() result = self.connection_3.modify(dn, {'sn': (MODIFY_ADD, ['sn_added1', 'sn_added2'])}) if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertTrue(result['description'], 'success') self.assertTrue(b'sn_added1' in self.connection_3.strategy.entries[dn]['sn']) self.assertTrue(b'sn_added2' in self.connection_3.strategy.entries[dn]['sn']) def test_modify_add_nonexisting_multivalue_1(self): dn = 'cn=user4,ou=test,o=lab' self.connection_1.bind() result = self.connection_1.modify(dn, {'title': (MODIFY_ADD, ['title_added1', 'title_added2'])}) if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertTrue(result['description'], 'success') self.assertTrue(b'title_added1' in self.connection_1.strategy.entries[dn]['title']) self.assertTrue(b'title_added2' in self.connection_1.strategy.entries[dn]['title']) def test_modify_add_nonexisting_multivalue_2(self): dn = 'cn=user4,ou=test,o=lab' self.connection_2.bind() result = self.connection_2.modify(dn, {'title': (MODIFY_ADD, ['title_added1', 'title_added2'])}) if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertTrue(result['description'], 'success') self.assertTrue(b'title_added1' in self.connection_2.strategy.entries[dn]['title']) self.assertTrue(b'title_added2' in self.connection_2.strategy.entries[dn]['title']) def test_modify_add_nonexisting_multivalue_3(self): dn = 'cn=user4,ou=test,o=lab' self.connection_3.bind() result = self.connection_3.modify(dn, {'title': (MODIFY_ADD, ['title_added1', 'title_added2'])}) if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertTrue(result['description'], 'success') self.assertTrue(b'title_added1' in self.connection_3.strategy.entries[dn]['title']) self.assertTrue(b'title_added2' in self.connection_3.strategy.entries[dn]['title']) def test_modify_delete_nonexisting_attribute_1(self): dn = 'cn=user4,ou=test,o=lab' self.connection_1.bind() result = self.connection_1.modify(dn, {'initials': (MODIFY_DELETE, ['initials1', 'initials2'])}) if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'noSuchAttribute') def test_modify_delete_nonexisting_attribute_2(self): dn = 'cn=user4,ou=test,o=lab' self.connection_2.bind() result = self.connection_2.modify(dn, {'initials': (MODIFY_DELETE, ['initials1', 'initials2'])}) if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'noSuchAttribute') def test_modify_delete_nonexisting_attribute_3(self): dn = 'cn=user4,ou=test,o=lab' self.connection_3.bind() result = self.connection_3.modify(dn, {'initials': (MODIFY_DELETE, ['initials1', 'initials2'])}) if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'noSuchAttribute') def test_modify_delete_existing_singlevalue_1(self): dn = 'cn=user4,ou=test,o=lab' self.connection_1.bind() result = self.connection_1.modify(dn, {'title': (MODIFY_DELETE, ['title1'])}) if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') def test_modify_delete_existing_singlevalue_2(self): dn = 'cn=user4,ou=test,o=lab' self.connection_2.bind() result = self.connection_2.modify(dn, {'sn': (MODIFY_DELETE, ['user4_sn'])}) if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') def test_modify_delete_existing_singlevalue_3(self): dn = 'cn=user4,ou=test,o=lab' self.connection_3.bind() result = self.connection_3.modify(dn, {'sn': (MODIFY_DELETE, ['user4_sn'])}) if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') def test_modify_delete_existing_multivalue_1(self): dn = 'cn=user4,ou=test,o=lab' self.connection_1.bind() result = self.connection_1.modify(dn, {'title': (MODIFY_DELETE, ['title1', 'title2'])}) if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertTrue(self.connection_1.strategy.entries[dn]['title'] == [b'title3']) def test_modify_delete_existing_multivalue_2(self): dn = 'cn=user4,ou=test,o=lab' self.connection_2.bind() result = self.connection_2.modify(dn, {'title': (MODIFY_DELETE, ['title1', 'title2'])}) if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertTrue(self.connection_2.strategy.entries[dn]['title'] == [b'title3']) def test_modify_delete_existing_multivalue_3(self): dn = 'cn=user4,ou=test,o=lab' self.connection_3.bind() result = self.connection_3.modify(dn, {'title': (MODIFY_DELETE, ['title1', 'title2'])}) if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertTrue(self.connection_3.strategy.entries[dn]['title'] == [b'title3']) def test_modify_replace_existing_singlevalue_1(self): dn = 'cn=user4,ou=test,o=lab' self.connection_1.bind() result = self.connection_1.modify(dn, {'sn': (MODIFY_REPLACE, ['user_test_sn'])}) if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertTrue(b'user_test_sn' in self.connection_1.strategy.entries[dn]['sn']) self.assertEqual(len(self.connection_1.strategy.entries[dn]['sn']), 1) def test_modify_replace_existing_singlevalue_2(self): dn = 'cn=user4,ou=test,o=lab' self.connection_2.bind() result = self.connection_2.modify(dn, {'sn': (MODIFY_REPLACE, ['user_test_sn'])}) if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertTrue(b'user_test_sn' in self.connection_2.strategy.entries[dn]['sn']) self.assertEqual(len(self.connection_2.strategy.entries[dn]['sn']), 1) def test_modify_replace_existing_singlevalue_3(self): dn = 'cn=user4,ou=test,o=lab' self.connection_3.bind() result = self.connection_3.modify(dn, {'sn': (MODIFY_REPLACE, ['user_test_sn'])}) if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertTrue(b'user_test_sn' in self.connection_3.strategy.entries[dn]['sn']) self.assertEqual(len(self.connection_3.strategy.entries[dn]['sn']), 1) def test_modify_replace_existing_multivalue_1(self): dn = 'cn=user4,ou=test,o=lab' self.connection_1.bind() result = self.connection_1.modify(dn, {'title': (MODIFY_REPLACE, ['title4', 'title5'])}) if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertFalse(b'title1' in self.connection_1.strategy.entries[dn]['title']) self.assertFalse(b'title2' in self.connection_1.strategy.entries[dn]['title']) self.assertFalse(b'title3' in self.connection_1.strategy.entries[dn]['title']) self.assertTrue(b'title4' in self.connection_1.strategy.entries[dn]['title']) self.assertTrue(b'title5' in self.connection_1.strategy.entries[dn]['title']) self.assertEqual(len(self.connection_1.strategy.entries[dn]['title']), 2) def test_modify_replace_existing_multivalue_2(self): dn = 'cn=user4,ou=test,o=lab' self.connection_2.bind() result = self.connection_2.modify(dn, {'title': (MODIFY_REPLACE, ['title4', 'title5'])}) if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertFalse(b'title1' in self.connection_2.strategy.entries[dn]['title']) self.assertFalse(b'title2' in self.connection_2.strategy.entries[dn]['title']) self.assertFalse(b'title3' in self.connection_2.strategy.entries[dn]['title']) self.assertTrue(b'title4' in self.connection_2.strategy.entries[dn]['title']) self.assertTrue(b'title5' in self.connection_2.strategy.entries[dn]['title']) self.assertEqual(len(self.connection_2.strategy.entries[dn]['title']), 2) def test_modify_replace_existing_multivalue_3(self): dn = 'cn=user4,ou=test,o=lab' self.connection_3.bind() result = self.connection_3.modify(dn, {'title': (MODIFY_REPLACE, ['title4', 'title5'])}) if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertFalse(b'title1' in self.connection_3.strategy.entries[dn]['title']) self.assertFalse(b'title2' in self.connection_3.strategy.entries[dn]['title']) self.assertFalse(b'title3' in self.connection_3.strategy.entries[dn]['title']) self.assertTrue(b'title4' in self.connection_3.strategy.entries[dn]['title']) self.assertTrue(b'title5' in self.connection_3.strategy.entries[dn]['title']) self.assertEqual(len(self.connection_3.strategy.entries[dn]['title']), 2) def test_modify_replace_existing_novalue_1(self): dn = 'cn=user4,ou=test,o=lab' self.connection_1.bind() result = self.connection_1.modify(dn, {'title': (MODIFY_REPLACE, [])}) if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertFalse(b'title' in self.connection_1.strategy.entries[dn]) def test_modify_replace_existing_novalue_2(self): dn = 'cn=user4,ou=test,o=lab' self.connection_2.bind() result = self.connection_2.modify(dn, {'title': (MODIFY_REPLACE, [])}) if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertFalse(b'title' in self.connection_2.strategy.entries[dn]) def test_modify_replace_existing_novalue_3(self): dn = 'cn=user4,ou=test,o=lab' self.connection_3.bind() result = self.connection_3.modify(dn, {'title': (MODIFY_REPLACE, [])}) if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertFalse(b'title' in self.connection_3.strategy.entries[dn]) def test_modify_replace_not_existing_novalue_1(self): dn = 'cn=user4,ou=test,o=lab' self.connection_1.bind() result = self.connection_1.modify(dn, {'initials': (MODIFY_REPLACE, [])}) if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertFalse(b'initials' in self.connection_1.strategy.entries[dn]) def test_modify_replace_not_existing_novalue_2(self): dn = 'cn=user4,ou=test,o=lab' self.connection_2.bind() result = self.connection_2.modify(dn, {'initials': (MODIFY_REPLACE, [])}) if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertFalse(b'initials' in self.connection_2.strategy.entries[dn]) def test_modify_replace_not_existing_novalue_3(self): dn = 'cn=user4,ou=test,o=lab' self.connection_3.bind() result = self.connection_3.modify(dn, {'initials': (MODIFY_REPLACE, [])}) if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertFalse(b'initials' in self.connection_3.strategy.entries[dn]) def test_modify_replace_not_existing_singlevalue_1(self): dn = 'cn=user4,ou=test,o=lab' self.connection_1.bind() result = self.connection_1.modify(dn, {'initials': (MODIFY_REPLACE, ['initials1'])}) if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertTrue(b'initials1' in self.connection_1.strategy.entries[dn]['initials']) def test_modify_replace_not_existing_singlevalue_2(self): dn = 'cn=user4,ou=test,o=lab' self.connection_2.bind() result = self.connection_2.modify(dn, {'initials': (MODIFY_REPLACE, ['initials1'])}) if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertTrue(b'initials1' in self.connection_2.strategy.entries[dn]['initials']) def test_modify_replace_not_existing_singlevalue_3(self): dn = 'cn=user4,ou=test,o=lab' self.connection_3.bind() result = self.connection_3.modify(dn, {'initials': (MODIFY_REPLACE, ['initials1'])}) if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertTrue(b'initials1' in self.connection_3.strategy.entries[dn]['initials']) def test_modify_replace_not_existing_multivalue_1(self): dn = 'cn=user4,ou=test,o=lab' self.connection_1.bind() result = self.connection_1.modify(dn, {'initials': (MODIFY_REPLACE, ['initials1', 'initials2'])}) if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertTrue(b'initials1' in self.connection_1.strategy.entries[dn]['initials']) self.assertTrue(b'initials2' in self.connection_1.strategy.entries[dn]['initials']) def test_modify_replace_not_existing_multivalue_2(self): dn = 'cn=user4,ou=test,o=lab' self.connection_2.bind() result = self.connection_2.modify(dn, {'initials': (MODIFY_REPLACE, ['initials1', 'initials2'])}) if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertTrue(b'initials1' in self.connection_2.strategy.entries[dn]['initials']) self.assertTrue(b'initials2' in self.connection_2.strategy.entries[dn]['initials']) def test_modify_replace_not_existing_multivalue_3(self): dn = 'cn=user4,ou=test,o=lab' self.connection_3.bind() result = self.connection_3.modify(dn, {'initials': (MODIFY_REPLACE, ['initials1', 'initials2'])}) if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertTrue(b'initials1' in self.connection_3.strategy.entries[dn]['initials']) self.assertTrue(b'initials2' in self.connection_3.strategy.entries[dn]['initials']) def test_search_exact_match_single_attribute_1(self): self.connection_1.bind() result = self.connection_1.search('o=lab', '(cn=user1)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_1.response if not self.connection_1.strategy.sync: response, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertEqual('user1', response[0]['attributes']['cn'][0]) def test_search_exact_match_single_attribute_2(self): self.connection_2.bind() result = self.connection_2.search('o=lab', '(cn=user2)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_2.response if not self.connection_2.strategy.sync: response, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertEqual('user2', response[0]['attributes']['cn'][0]) def test_search_exact_match_single_attribute_3(self): self.connection_3.bind() result = self.connection_3.search('o=lab', '(cn=user3)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_3.response if not self.connection_3.strategy.sync: response, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertEqual('user3', response[0]['attributes']['cn'][0]) def test_search_exact_match_case_insensitive_single_attribute_1(self): self.connection_1.bind() result = self.connection_1.search('o=lab', '(cn=UsEr1)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_1.response if not self.connection_1.strategy.sync: response, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertEqual('user1', response[0]['attributes']['cn'][0]) def test_search_exact_match_case_insensitive_single_attribute_2(self): self.connection_2.bind() result = self.connection_2.search('o=lab', '(cn=UsEr2)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_2.response if not self.connection_2.strategy.sync: response, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertEqual('user2', response[0]['attributes']['cn'][0]) def test_search_exact_match_case_insensitive_single_attribute_3(self): self.connection_3.bind() result = self.connection_3.search('o=lab', '(cn=UsEr3)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_3.response if not self.connection_3.strategy.sync: response, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertEqual('user3', response[0]['attributes']['cn'][0]) def test_search_presence_single_attribute_1(self): self.connection_1.bind() result = self.connection_1.search('o=lab', '(cn=*)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_1.response if not self.connection_1.strategy.sync: response, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertTrue('user' in response[0]['attributes']['cn'][0]) def test_search_presence_single_attribute_2(self): self.connection_2.bind() result = self.connection_2.search('o=lab', '(cn=*)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_2.response if not self.connection_2.strategy.sync: response, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertTrue('user' in response[0]['attributes']['cn'][0]) def test_search_presence_single_attribute_3(self): self.connection_3.bind() result = self.connection_3.search('o=lab', '(cn=*)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_3.response if not self.connection_3.strategy.sync: response, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertTrue('user' in response[0]['attributes']['cn'][0]) def test_search_presence_and_filter_1(self): self.connection_1.bind() result = self.connection_1.search('o=lab', '(&(cn=*)(|(sn=user0_sn)(sn=user1_sn)))', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_1.response if not self.connection_1.strategy.sync: response, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user0', 'user1']) self.connection_1b.bind() result = self.connection_1b.search('o=lab', '(&(cn=*)(|(sn=user0_sn)(sn=user1_sn)))', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_1b.response if not self.connection_1b.strategy.sync: response, result = self.connection_1b.get_response(result) else: result = self.connection_1b.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user0', 'user1']) def test_search_presence_and_filter_2(self): self.connection_2.bind() result = self.connection_2.search('o=lab', '(&(cn=*)(|(sn=user0_sn)(sn=user1_sn)))', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_2.response if not self.connection_2.strategy.sync: response, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user0', 'user1']) self.connection_2b.bind() result = self.connection_2b.search('o=lab', '(&(cn=*)(|(sn=user0_sn)(sn=user1_sn)))', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_2b.response if not self.connection_2b.strategy.sync: response, result = self.connection_2b.get_response(result) else: result = self.connection_2b.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user0', 'user1']) def test_search_presence_and_filter_3(self): self.connection_3.bind() result = self.connection_3.search('o=lab', '(&(cn=*)(|(sn=user0_sn)(sn=user1_sn)))', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_3.response if not self.connection_3.strategy.sync: response, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user0', 'user1']) self.connection_3b.bind() result = self.connection_3b.search('o=lab', '(&(cn=*)(|(sn=user0_sn)(sn=user1_sn)))', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_3b.response if not self.connection_3b.strategy.sync: response, result = self.connection_3b.get_response(result) else: result = self.connection_3b.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user0', 'user1']) def test_search_incorrect_base_1(self): self.connection_1.bind() result = self.connection_1.search('o=nonexistant', '(cn=*)', search_scope=SUBTREE, attributes=['cn', 'sn']) if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'noSuchObject') def test_search_incorrect_base_2(self): self.connection_2.bind() result = self.connection_2.search('o=nonexistant', '(cn=*)', search_scope=SUBTREE, attributes=['cn', 'sn']) if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'noSuchObject') def test_search_incorrect_base_3(self): self.connection_3.bind() result = self.connection_3.search('o=nonexistant', '(cn=*)', search_scope=SUBTREE, attributes=['cn', 'sn']) if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'noSuchObject') def test_search_incorrect_base_exception_1(self): self.connection_1c.bind() try: result = self.connection_1c.search('o=nonexistant', '(cn=*)', search_scope=SUBTREE, attributes=['cn', 'sn']) if not self.connection_1c.strategy.sync: _, result = self.connection_1c.get_response(result) self.fail('exception not raised') except LDAPNoSuchObjectResult: pass def test_search_incorrect_base_exception_2(self): self.connection_2c.bind() try: result = self.connection_2c.search('o=nonexistant', '(cn=*)', search_scope=SUBTREE, attributes=['cn', 'sn']) if not self.connection_2c.strategy.sync: _, result = self.connection_2c.get_response(result) self.fail('exception not raised') except LDAPNoSuchObjectResult: pass def test_search_incorrect_base_exception_3(self): self.connection_3c.bind() try: result = self.connection_3c.search('o=nonexistant', '(cn=*)', search_scope=SUBTREE, attributes=['cn', 'sn']) if not self.connection_3c.strategy.sync: _, result = self.connection_3c.get_response(result) self.fail('exception not raised') except LDAPNoSuchObjectResult: pass def test_search_presence_and_filter_no_entries_found_1(self): self.connection_1.bind() result = self.connection_1.search('o=lab', '(&(cn=*)(sn=user_nonexistant))', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_1.response if not self.connection_1.strategy.sync: response, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertEqual(len(response), 0) def test_search_presence_and_filter_no_entries_found_2(self): self.connection_2.bind() result = self.connection_2.search('o=lab', '(&(cn=*)(sn=user_nonexistant))', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_2.response if not self.connection_2.strategy.sync: response, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertEqual(len(response), 0) def test_search_presence_and_filter_no_entries_found_3(self): self.connection_3.bind() result = self.connection_3.search('o=lab', '(&(cn=*)(sn=user_nonexistant))', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_3.response if not self.connection_3.strategy.sync: response, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertEqual(len(response), 0) def test_search_exact_match_not_filter_1(self): self.connection_1.bind() result = self.connection_1.search('o=lab', '(!(sn=user0_sn))', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_1.response if not self.connection_1.strategy.sync: response, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertNotEqual(response[0]['attributes']['cn'][0], 'user0') def test_search_exact_match_not_filter_2(self): self.connection_2.bind() result = self.connection_2.search('o=lab', '(!(sn=user0_sn))', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_2.response if not self.connection_2.strategy.sync: response, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertNotEqual(response[0]['attributes']['cn'][0], 'user0') def test_search_exact_match_not_filter_3(self): self.connection_3.bind() result = self.connection_3.search('o=lab', '(!(sn=user0_sn))', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_3.response if not self.connection_3.strategy.sync: response, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertNotEqual(response[0]['attributes']['cn'][0], 'user0') def test_search_greater_or_equal_than_string_1(self): self.connection_1.bind() result = self.connection_1.search('o=lab', '(userPassword>=test2222)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_1.response if not self.connection_1.strategy.sync: response, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user2', 'user3', 'user4']) def test_search_greater_or_equal_than_string_2(self): self.connection_2.bind() result = self.connection_2.search('o=lab', '(userPassword>=test2222)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_2.response if not self.connection_2.strategy.sync: response, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user2', 'user3', 'user4']) def test_search_greater_or_equal_than_string_3(self): self.connection_3.bind() result = self.connection_3.search('o=lab', '(userPassword>=test2222)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_3.response if not self.connection_3.strategy.sync: response, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user2', 'user3', 'user4']) def test_search_greater_or_equal_than_int_1(self): self.connection_1.bind() result = self.connection_1.search('o=lab', '(revision>=2)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_1.response if not self.connection_1.strategy.sync: response, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user2', 'user3', 'user4']) def test_search_greater_or_equal_than_int_2(self): self.connection_2.bind() result = self.connection_2.search('o=lab', '(revision>=2)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_2.response if not self.connection_2.strategy.sync: response, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user2', 'user3', 'user4']) def test_search_greater_or_equal_than_int_3(self): self.connection_3.bind() result = self.connection_3.search('o=lab', '(revision>=2)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_3.response if not self.connection_3.strategy.sync: response, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user2', 'user3', 'user4']) def test_search_less_or_equal_than_string_1(self): self.connection_1.bind() result = self.connection_1.search('o=lab', '(userPassword<=test2222)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_1.response if not self.connection_1.strategy.sync: response, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user0', 'user1', 'user2']) def test_search_less_or_equal_than_string_2(self): self.connection_2.bind() result = self.connection_2.search('o=lab', '(userPassword<=test2222)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_2.response if not self.connection_2.strategy.sync: response, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user0', 'user1', 'user2']) def test_search_less_or_equal_than_string_3(self): self.connection_3.bind() result = self.connection_3.search('o=lab', '(userPassword<=test2222)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_3.response if not self.connection_3.strategy.sync: response, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user0', 'user1', 'user2']) def test_search_less_or_equal_than_int_1(self): self.connection_1.bind() result = self.connection_1.search('o=lab', '(revision<=2)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_1.response if not self.connection_1.strategy.sync: response, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user0', 'user1', 'user2']) def test_search_less_or_equal_than_int_2(self): self.connection_2.bind() result = self.connection_2.search('o=lab', '(revision<=2)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_2.response if not self.connection_2.strategy.sync: response, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user0', 'user1', 'user2']) def test_search_less_or_equal_than_int_3(self): self.connection_3.bind() result = self.connection_3.search('o=lab', '(revision<=2)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_3.response if not self.connection_3.strategy.sync: response, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user0', 'user1', 'user2']) def test_search_substring_1(self): self.connection_1.bind() result = self.connection_1.search('o=lab', '(cn=*ser*2)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_1.response if not self.connection_1.strategy.sync: response, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user2']) def test_search_substring_2(self): self.connection_2.bind() result = self.connection_2.search('o=lab', '(cn=*ser*2)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_2.response if not self.connection_2.strategy.sync: response, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user2']) def test_search_substring_3(self): self.connection_3.bind() result = self.connection_3.search('o=lab', '(cn=*ser*2)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_3.response if not self.connection_3.strategy.sync: response, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user2']) def test_search_case_insensitive_substring_1(self): self.connection_1.bind() result = self.connection_1.search('o=lab', '(cn=*SeR*2)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_1.response if not self.connection_1.strategy.sync: response, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user2']) def test_search_case_insensitive_substring_2(self): self.connection_2.bind() result = self.connection_2.search('o=lab', '(cn=*SeR*2)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_2.response if not self.connection_2.strategy.sync: response, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user2']) def test_search_case_insensitive_substring_3(self): self.connection_3.bind() result = self.connection_3.search('o=lab', '(cn=*SeR*2)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_3.response if not self.connection_3.strategy.sync: response, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user2']) def test_search_presence_singlevalue_attribute_1(self): self.connection_1.bind() result = self.connection_1.search('o=lab', '(revision=*)', search_scope=SUBTREE, attributes=['cn', 'revision']) response = self.connection_1.response if not self.connection_1.strategy.sync: response, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertTrue(isinstance(response[0]['attributes']['revision'], int)) def test_search_presence_singlevalue_attribute_2(self): self.connection_2.bind() result = self.connection_2.search('o=lab', '(revision=*)', search_scope=SUBTREE, attributes=['cn', 'revision']) response = self.connection_2.response if not self.connection_2.strategy.sync: response, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertTrue(isinstance(response[0]['attributes']['revision'], int)) def test_search_presence_singlevalue_attribute_3(self): self.connection_3.bind() result = self.connection_3.search('o=lab', '(revision=*)', search_scope=SUBTREE, attributes=['cn', 'revision']) response = self.connection_3.response if not self.connection_3.strategy.sync: response, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertTrue(isinstance(response[0]['attributes']['revision'], list)) # no schema so attributes are returned as lists def test_search_paged_1(self): self.connection_1.bind() response = [] for resp in self.connection_1.extend.standard.paged_search('o=lab', '(cn=*)', search_scope=SUBTREE, attributes=['cn', 'revision'], paged_size=2, paged_criticality=True): response.append(resp) self.assertEqual(len(response), 5) def test_search_paged_2(self): self.connection_2.bind() response = [] for resp in self.connection_2.extend.standard.paged_search('o=lab', '(cn=*)', search_scope=SUBTREE, attributes=['cn', 'revision'], paged_size=2, paged_criticality=True): response.append(resp) self.assertEqual(len(response), 5) def test_search_paged_3(self): self.connection_3.bind() response = [] for resp in self.connection_3.extend.standard.paged_search('o=lab', '(cn=*)', search_scope=SUBTREE, attributes=['cn', 'revision'], paged_size=2, paged_criticality=True): response.append(resp) self.assertEqual(len(response), 5) ldap3-2.4.1/test/testMockBase.py0000666000000000000000000000552413230273275014602 0ustar 00000000000000# Created on 2016.04.17 # # Author: Giovanni Cannata & signedbit # # Copyright 2016 - 2018 Giovanni Cannata & signedbit # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from ldap3 import SchemaInfo, DsaInfo, Server, Connection, MOCK_SYNC from ldap3.operation import search from ldap3.protocol.schemas.edir888 import edir_8_8_8_schema, edir_8_8_8_dsa_info class Test(unittest.TestCase): @classmethod def setUpClass(cls): cls.schema = SchemaInfo.from_json(edir_8_8_8_schema) info = DsaInfo.from_json(edir_8_8_8_dsa_info, cls.schema) cls.server = Server.from_definition('MockSyncServer', info, cls.schema) cls.connection = Connection(cls.server, user='cn=user1,ou=test', password='test1', client_strategy=MOCK_SYNC) # create fixtures cls.connection.strategy.add_entry('cn=user1,ou=test', {'userPassword': 'test1', 'revision': 1}) cls.connection.strategy.add_entry('cn=user2,ou=test', {'userPassword': 'test2', 'revision': 2}) cls.connection.strategy.add_entry('cn=user3,ou=test', {'userPassword': 'test3', 'revision': 3}) @classmethod def tearDownClass(cls): cls.connection.unbind() def test_and_evaluates_correctly_when_first_operand_doesnt_match(self): actual = len(self._evaluate_filter('(&(revision=1)(userPassword=notarealvalue))')) expected = 0 self.assertEqual(actual, expected) def test_and_evaluates_correctly_when_second_operand_doesnt_match(self): actual = len(self._evaluate_filter('(&(userPassword=notarealvalue)(revision=1))')) expected = 0 self.assertEqual(actual, expected) def test_and_evaluates_correctly_when_both_operands_match(self): actual = len(self._evaluate_filter('(&(revision=1)(userPassword=test1))')) expected = 1 self.assertEqual(actual, expected) def _evaluate_filter(self, search_filter): filter_root = search.parse_filter(search_filter, self.schema, auto_escape=True, auto_encode=False, check_names=False) candidates = self.server.dit return self.connection.strategy.evaluate_filter_node(filter_root, candidates) ldap3-2.4.1/test/testMockSyncStrategy.py0000666000000000000000000022121013226436742016364 0ustar 00000000000000""" """ # Created on 2015.02.3 # # Author: Giovanni Cannata # # Copyright 2015 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from ldap3 import Server, Connection, MOCK_SYNC, MODIFY_ADD, MODIFY_REPLACE, MODIFY_DELETE, OFFLINE_EDIR_8_8_8,\ BASE, LEVEL, SUBTREE, AUTO_BIND_NO_TLS, NONE from ldap3.core.exceptions import LDAPInvalidCredentialsResult, LDAPNoSuchObjectResult from ldap3.protocol.rfc4512 import SchemaInfo, DsaInfo from ldap3.protocol.schemas.edir888 import edir_8_8_8_dsa_info, edir_8_8_8_schema from test.config import random_id testcase_id = '' class Test(unittest.TestCase): def setUp(self): global testcase_id testcase_id = random_id() # The mock server can be defined in two different ways, so tests are duplicated, connection_3 is without schema schema = SchemaInfo.from_json(edir_8_8_8_schema) info = DsaInfo.from_json(edir_8_8_8_dsa_info, schema) server_1 = Server.from_definition('MockSyncServer', info, schema) self.connection_1 = Connection(server_1, user='cn=user1,ou=test,o=lab', password='test1111', client_strategy=MOCK_SYNC) self.connection_1b = Connection(server_1, user='cn=user1,ou=test,o=lab', password='test1111', client_strategy=MOCK_SYNC) self.connection_1c = Connection(server_1, user='cn=user1,ou=test,o=lab', password='test1111', client_strategy=MOCK_SYNC, raise_exceptions=True) server_2 = Server('dummy', get_info=OFFLINE_EDIR_8_8_8) self.connection_2 = Connection(server_2, user='cn=user2,ou=test,o=lab', password='test2222', client_strategy=MOCK_SYNC) self.connection_2b = Connection(server_2, user='cn=user2,ou=test,o=lab', password='test2222', client_strategy=MOCK_SYNC) self.connection_2c = Connection(server_2, user='cn=user2,ou=test,o=lab', password='test2222', client_strategy=MOCK_SYNC, raise_exceptions=True) server_3 = Server('dummy') # no schema self.connection_3 = Connection(server_3, user='cn=user3,ou=test,o=lab', password='test3333', client_strategy=MOCK_SYNC) self.connection_3b = Connection(server_3, user='cn=user3,ou=test,o=lab', password='test3333', client_strategy=MOCK_SYNC) self.connection_3c = Connection(server_3, user='cn=user3,ou=test,o=lab', password='test3333', client_strategy=MOCK_SYNC, raise_exceptions=True) # creates fixtures self.connection_1.strategy.add_entry('cn=user0,o=lab', {'userPassword': 'test0000', 'sn': 'user0_sn', 'revision': 0}) self.connection_2.strategy.add_entry('cn=user0,o=lab', {'userPassword': 'test0000', 'sn': 'user0_sn', 'revision': 0}) self.connection_3.strategy.add_entry('cn=user0,o=lab', {'userPassword': 'test0000', 'sn': 'user0_sn', 'revision': 0}) self.connection_1.strategy.add_entry('cn=user1,ou=test,o=lab', {'userPassword': 'test1111', 'sn': 'user1_sn', 'revision': 1}) self.connection_2.strategy.add_entry('cn=user1,ou=test,o=lab', {'userPassword': 'test1111', 'sn': 'user1_sn', 'revision': 1}) self.connection_3.strategy.add_entry('cn=user1,ou=test,o=lab', {'userPassword': 'test1111', 'sn': 'user1_sn', 'revision': 1}) self.connection_1.strategy.add_entry('cn=user2,ou=test,o=lab', {'userPassword': 'test2222', 'sn': 'user2_sn', 'revision': 2}) self.connection_2.strategy.add_entry('cn=user2,ou=test,o=lab', {'userPassword': 'test2222', 'sn': 'user2_sn', 'revision': 2}) self.connection_3.strategy.add_entry('cn=user2,ou=test,o=lab', {'userPassword': 'test2222', 'sn': 'user2_sn', 'revision': 2}) self.connection_1.strategy.add_entry('cn=user3,ou=test,o=lab', {'userPassword': 'test3333', 'sn': 'user3_sn', 'revision': 3}) self.connection_2.strategy.add_entry('cn=user3,ou=test,o=lab', {'userPassword': 'test3333', 'sn': 'user3_sn', 'revision': 3}) self.connection_3.strategy.add_entry('cn=user3,ou=test,o=lab', {'userPassword': 'test3333', 'sn': 'user3_sn', 'revision': 3}) self.connection_1.strategy.add_entry('cn=user4,ou=test,o=lab', {'userPassword': 'test4444', 'sn': 'user4_sn', 'revision': 4, 'title': ['title1', 'title2', 'title3']}) self.connection_2.strategy.add_entry('cn=user4,ou=test,o=lab', {'userPassword': 'test4444', 'sn': 'user4_sn', 'revision': 4, 'title': ['title1', 'title2', 'title3']}) self.connection_3.strategy.add_entry('cn=user4,ou=test,o=lab', {'userPassword': 'test4444', 'sn': 'user4_sn', 'revision': 4, 'title': ['title1', 'title2', 'title3']}) def tearDown(self): self.connection_1.unbind() self.assertFalse(self.connection_1.bound) self.connection_2.unbind() self.assertFalse(self.connection_2.bound) self.connection_3.unbind() self.assertFalse(self.connection_3.bound) def test_open_1(self): self.connection_1.open() self.assertFalse(self.connection_1.closed) def test_open_2(self): self.connection_2.open() self.assertFalse(self.connection_2.closed) def test_open_3(self): self.connection_3.open() self.assertFalse(self.connection_3.closed) def test_bind_1(self): self.connection_1.open() self.connection_1.bind() self.assertTrue(self.connection_1.bound) def test_bind_2(self): self.connection_2.open() self.connection_2.bind() self.assertTrue(self.connection_2.bound) def test_bind_3(self): self.connection_3.open() self.connection_3.bind() self.assertTrue(self.connection_3.bound) def test_invalid_bind_1(self): self.connection_1.password = 'wrong' self.connection_1.open() self.connection_1.bind() self.assertFalse(self.connection_1.bound) def test_invalid_bind_2(self): self.connection_2.password = 'wrong' self.connection_2.open() self.connection_2.bind() self.assertFalse(self.connection_2.bound) def test_invalid_bind_3(self): self.connection_3.password = 'wrong' self.connection_3.open() self.connection_3.bind() self.assertFalse(self.connection_3.bound) def test_invalid_bind_exception_1(self): self.connection_1c.password = 'wrong' self.connection_1c.open() try: self.connection_1c.bind() self.fail('exception not raised') except LDAPInvalidCredentialsResult: pass def test_invalid_bind_exception_2(self): self.connection_2c.password = 'wrong' self.connection_2c.open() try: self.connection_2c.bind() self.fail('exception not raised') except LDAPInvalidCredentialsResult: pass def test_invalid_bind_exception_3(self): self.connection_3c.password = 'wrong' self.connection_3c.open() try: self.connection_3c.bind() self.fail('exception not raised') except LDAPInvalidCredentialsResult: pass def test_unbind_1(self): self.connection_1.open() self.assertFalse(self.connection_1.closed) self.connection_1.bind() self.assertTrue(self.connection_1.bound) self.connection_1.unbind() self.assertFalse(self.connection_1.bound) self.assertTrue(self.connection_1.closed) def test_unbind_2(self): self.connection_2.open() self.assertFalse(self.connection_2.closed) self.connection_2.bind() self.assertTrue(self.connection_2.bound) self.connection_2.unbind() self.assertFalse(self.connection_2.bound) self.assertTrue(self.connection_2.closed) def test_unbind_3(self): self.connection_3.open() self.assertFalse(self.connection_3.closed) self.connection_3.bind() self.assertTrue(self.connection_3.bound) self.connection_3.unbind() self.assertFalse(self.connection_3.bound) self.assertTrue(self.connection_3.closed) def test_add_user_1(self): self.connection_1.strategy.add_entry('cn=user4,ou=test,o=lab', {'userPassword': 'test4444'}) self.connection_1.rebind('cn=user4,ou=test,o=lab', 'test4444') self.assertTrue(self.connection_1.bound) def test_add_user_2(self): self.connection_2.strategy.add_entry('cn=user4,ou=test,o=lab', {'userPassword': 'test4444'}) self.connection_2.rebind('cn=user4,ou=test,o=lab', 'test4444') self.assertTrue(self.connection_2.bound) def test_add_user_3(self): self.connection_3.strategy.add_entry('cn=user4,ou=test,o=lab', {'userPassword': 'test4444'}) self.connection_3.rebind('cn=user4,ou=test,o=lab', 'test4444') self.assertTrue(self.connection_3.bound) def test_remove_user_1(self): self.connection_1.strategy.remove_entry('cn=user2,ou=test,o=lab') self.connection_1.bind() self.assertTrue(self.connection_1.bound) self.connection_1.rebind('cn=user2,ou=test,o=lab', 'test9876') self.assertFalse(self.connection_1.bound) def test_remove_user_2(self): self.connection_2.strategy.remove_entry('cn=user1,ou=test,o=lab') self.connection_2.bind() self.assertTrue(self.connection_2.bound) self.connection_2.rebind('cn=user1,ou=test,o=lab', 'test9876') self.assertFalse(self.connection_2.bound) def test_remove_user_3(self): self.connection_3.strategy.remove_entry('cn=user1,ou=test,o=lab') self.connection_3.bind() self.assertTrue(self.connection_3.bound) self.connection_3.rebind('cn=user1,ou=test,o=lab', 'test1111') self.assertFalse(self.connection_3.bound) def test_delete_1(self): self.connection_1.bind() result = self.connection_1.delete('cn=user1,ou=test,o=lab') if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertTrue(result['description'], 'success') self.assertTrue('cn=user1,ou=test,o=lab' not in self.connection_1.strategy.entries) def test_delete_2(self): self.connection_2.bind() result = self.connection_2.delete('cn=user2,ou=test,o=lab') if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertTrue(['description'], 'success') self.assertTrue('cn=user2,ou=test,o=lab' not in self.connection_2.strategy.entries) def test_delete_3(self): self.connection_3.bind() result = self.connection_3.delete('cn=user3,ou=test,o=lab') if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertTrue(result['description'], 'success') self.assertTrue('cn=user3,ou=test,o=lab' not in self.connection_3.strategy.entries) def test_add_entry_1(self): dn = 'cn=user5,ou=test,o=lab' self.connection_1.bind() result = self.connection_1.add(dn, ['inetOrgPerson', 'top'], {'sn': 'user5_sn'}) if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertTrue(result['description'], 'success') self.assertTrue(dn in self.connection_1.strategy.entries) self.connection_1b.bind() self.assertTrue(dn in self.connection_1b.strategy.entries) def test_add_entry_2(self): dn = 'cn=user5,ou=test,o=lab' self.connection_2.bind() result = self.connection_2.add(dn, ['inetOrgPerson', 'top'], {'sn': 'user5_sn'}) if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertTrue(result['description'], 'success') self.assertTrue(dn in self.connection_2.strategy.entries) self.connection_2b.bind() self.assertTrue(dn in self.connection_2b.strategy.entries) def test_add_entry_3(self): dn = 'cn=user5,ou=test,o=lab' self.connection_3.bind() result = self.connection_3.add(dn, ['inetOrgPerson', 'top'], {'sn': 'user5_sn'}) if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertTrue(result['description'], 'success') self.assertTrue(dn in self.connection_3.strategy.entries) self.connection_3b.bind() self.assertTrue(dn in self.connection_3b.strategy.entries) def test_add_entry_already_exists_1(self): dn = 'cn=user5,ou=test,o=lab' self.connection_1.bind() self.connection_1.strategy.add_entry(dn, {'objectClass': ['inetOrgPerson', 'top'], 'sn': 'user5_sn'}) result = self.connection_1.add(dn, ['inetOrgPerson', 'top'], {'sn': 'user5_sn'}) if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'entryAlreadyExists') def test_add_entry_already_exists_2(self): dn = 'cn=user5,ou=test,o=lab' self.connection_2.bind() self.connection_2.strategy.add_entry(dn, {'objectClass': ['inetOrgPerson', 'top'], 'sn': 'user5_sn'}) result = self.connection_2.add(dn, ['inetOrgPerson', 'top'], {'sn': 'user5_sn'}) if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'entryAlreadyExists') def test_add_entry_already_exists_3(self): dn = 'cn=user5,ou=test,o=lab' self.connection_3.bind() self.connection_3.strategy.add_entry(dn, {'objectClass': ['inetOrgPerson', 'top'], 'sn': 'user5_sn'}) result = self.connection_3.add(dn, ['inetOrgPerson', 'top'], {'sn': 'user5_sn'}) if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'entryAlreadyExists') def test_delete_entry_nonexisting_1(self): dn = 'cn=user5,ou=test,o=lab' self.connection_1.bind() self.assertTrue(dn not in self.connection_1.strategy.entries) result = self.connection_1.delete(dn) if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'noSuchObject') def test_delete_entry_nonexisting_2(self): dn = 'cn=user5,ou=test,o=lab' self.connection_2.bind() self.assertTrue(dn not in self.connection_2.strategy.entries) result = self.connection_2.delete(dn) if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'noSuchObject') def test_delete_entry_nonexisting_3(self): dn = 'cn=user5,ou=test,o=lab' self.connection_3.bind() self.assertTrue(dn not in self.connection_3.strategy.entries) result = self.connection_3.delete(dn) if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'noSuchObject') def test_compare_entry_1(self): dn = 'cn=user4,ou=test,o=lab' self.connection_1.bind() result = self.connection_1.compare(dn, 'sn', 'user4_sn') if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertTrue(result['description'], 'compareTrue') result = self.connection_1.compare(dn, 'sn', 'bad_sn') if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertTrue(result['description'], 'compareFalse') def test_compare_entry_2(self): dn = 'cn=user4,ou=test,o=lab' self.connection_2.bind() result = self.connection_2.compare(dn, 'sn', 'user4_sn') if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertTrue(result['description'], 'compareTrue') result = self.connection_2.compare(dn, 'sn', 'bad_sn') if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertTrue(result['description'], 'compareFalse') def test_compare_entry_3(self): dn = 'cn=user4,ou=test,o=lab' self.connection_3.bind() result = self.connection_3.compare(dn, 'sn', 'user4_sn') if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertTrue(result['description'], 'compareTrue') result = self.connection_3.compare(dn, 'sn', 'bad_sn') if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertTrue(result['description'], 'compareFalse') def test_move_dn_1(self): dn = 'cn=user4,ou=test,o=lab' self.connection_1.bind() result = self.connection_1.modify_dn(dn, relative_dn='cn=user4', new_superior='ou=moved,o=lab') if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertTrue(result['description'], 'success') self.assertTrue('cn=user4,ou=moved,o=lab' in self.connection_1.strategy.entries) self.assertFalse(dn in self.connection_1.strategy.entries) def test_move_dn_2(self): dn = 'cn=user4,ou=test,o=lab' self.connection_2.bind() result = self.connection_2.modify_dn(dn, relative_dn='cn=user4', new_superior='ou=moved,o=lab') if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertTrue(result['description'], 'success') self.assertTrue('cn=user4,ou=moved,o=lab' in self.connection_2.strategy.entries) self.assertFalse(dn in self.connection_2.strategy.entries) def test_move_dn_3(self): dn = 'cn=user4,ou=test,o=lab' self.connection_3.bind() result = self.connection_3.modify_dn(dn, relative_dn='cn=user4', new_superior='ou=moved,o=lab') if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertTrue(result['description'], 'success') self.assertTrue('cn=user4,ou=moved,o=lab' in self.connection_3.strategy.entries) self.assertFalse(dn in self.connection_3.strategy.entries) def test_rename_dn_1(self): dn = 'cn=user4,ou=test,o=lab' self.connection_1.bind() result = self.connection_1.modify_dn(dn, relative_dn='cn=user_renamed') if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertTrue(result['description'], 'success') self.assertTrue('cn=user_renamed,ou=test,o=lab' in self.connection_1.strategy.entries) self.assertFalse(dn in self.connection_1.strategy.entries) def test_rename_dn_2(self): dn = 'cn=user4,ou=test,o=lab' self.connection_2.bind() result = self.connection_2.modify_dn(dn, relative_dn='cn=user_renamed') if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertTrue(result['description'], 'success') self.assertTrue('cn=user_renamed,ou=test,o=lab' in self.connection_2.strategy.entries) self.assertFalse(dn in self.connection_2.strategy.entries) def test_rename_dn_3(self): dn = 'cn=user4,ou=test,o=lab' self.connection_3.bind() result = self.connection_3.modify_dn(dn, relative_dn='cn=user_renamed') if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertTrue(result['description'], 'success') self.assertTrue('cn=user_renamed,ou=test,o=lab' in self.connection_3.strategy.entries) self.assertFalse(dn in self.connection_3.strategy.entries) def test_modify_add_existing_singlevalue_1(self): dn = 'cn=user4,ou=test,o=lab' self.connection_1.bind() result = self.connection_1.modify(dn, {'sn': (MODIFY_ADD, ['sn_added'])}) if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertTrue(result['description'], 'success') self.assertTrue(b'sn_added' in self.connection_1.strategy.entries[dn]['sn']) def test_modify_add_existing_singlevalue_2(self): dn = 'cn=user4,ou=test,o=lab' self.connection_2.bind() result = self.connection_2.modify(dn, {'sn': (MODIFY_ADD, ['sn_added'])}) if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertTrue(result['description'], 'success') self.assertTrue(b'sn_added' in self.connection_2.strategy.entries[dn]['sn']) def test_modify_add_existing_singlevalue_3(self): dn = 'cn=user4,ou=test,o=lab' self.connection_3.bind() result = self.connection_3.modify(dn, {'sn': (MODIFY_ADD, ['sn_added'])}) if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertTrue(result['description'], 'success') self.assertTrue(b'sn_added' in self.connection_3.strategy.entries[dn]['sn']) def test_modify_add_nonexisting_singlevalue_1(self): dn = 'cn=user4,ou=test,o=lab' self.connection_1.bind() result = self.connection_1.modify(dn, {'title': (MODIFY_ADD, ['title_added'])}) if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertTrue(result['description'], 'success') self.assertTrue(b'title_added' in self.connection_1.strategy.entries[dn]['title']) def test_modify_add_nonexisting_singlevalue_2(self): dn = 'cn=user4,ou=test,o=lab' self.connection_2.bind() result = self.connection_2.modify(dn, {'title': (MODIFY_ADD, ['title_added'])}) if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertTrue(result['description'], 'success') self.assertTrue(b'title_added' in self.connection_2.strategy.entries[dn]['title']) def test_modify_add_nonexisting_singlevalue_3(self): dn = 'cn=user4,ou=test,o=lab' self.connection_3.bind() result = self.connection_3.modify(dn, {'title': (MODIFY_ADD, ['title_added'])}) if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertTrue(result['description'], 'success') self.assertTrue(b'title_added' in self.connection_3.strategy.entries[dn]['title']) def test_modify_add_existing_multivalue_1(self): dn = 'cn=user4,ou=test,o=lab' self.connection_1.bind() result = self.connection_1.modify(dn, {'sn': (MODIFY_ADD, ['sn_added1', 'sn_added2'])}) if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertTrue(result['description'], 'success') self.assertTrue(b'sn_added1' in self.connection_1.strategy.entries[dn]['sn']) self.assertTrue(b'sn_added2' in self.connection_1.strategy.entries[dn]['sn']) def test_modify_add_existing_multivalue_2(self): dn = 'cn=user4,ou=test,o=lab' self.connection_2.bind() result = self.connection_2.modify(dn, {'sn': (MODIFY_ADD, ['sn_added1', 'sn_added2'])}) if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertTrue(result['description'], 'success') self.assertTrue(b'sn_added1' in self.connection_2.strategy.entries[dn]['sn']) self.assertTrue(b'sn_added2' in self.connection_2.strategy.entries[dn]['sn']) def test_modify_add_existing_multivalue_3(self): dn = 'cn=user4,ou=test,o=lab' self.connection_3.bind() result = self.connection_3.modify(dn, {'sn': (MODIFY_ADD, ['sn_added1', 'sn_added2'])}) if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertTrue(result['description'], 'success') self.assertTrue(b'sn_added1' in self.connection_3.strategy.entries[dn]['sn']) self.assertTrue(b'sn_added2' in self.connection_3.strategy.entries[dn]['sn']) def test_modify_add_nonexisting_multivalue_1(self): dn = 'cn=user4,ou=test,o=lab' self.connection_1.bind() result = self.connection_1.modify(dn, {'title': (MODIFY_ADD, ['title_added1', 'title_added2'])}) if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertTrue(result['description'], 'success') self.assertTrue(b'title_added1' in self.connection_1.strategy.entries[dn]['title']) self.assertTrue(b'title_added2' in self.connection_1.strategy.entries[dn]['title']) def test_modify_add_nonexisting_multivalue_2(self): dn = 'cn=user4,ou=test,o=lab' self.connection_2.bind() result = self.connection_2.modify(dn, {'title': (MODIFY_ADD, ['title_added1', 'title_added2'])}) if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertTrue(result['description'], 'success') self.assertTrue(b'title_added1' in self.connection_2.strategy.entries[dn]['title']) self.assertTrue(b'title_added2' in self.connection_2.strategy.entries[dn]['title']) def test_modify_add_nonexisting_multivalue_3(self): dn = 'cn=user4,ou=test,o=lab' self.connection_3.bind() result = self.connection_3.modify(dn, {'title': (MODIFY_ADD, ['title_added1', 'title_added2'])}) if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertTrue(result['description'], 'success') self.assertTrue(b'title_added1' in self.connection_3.strategy.entries[dn]['title']) self.assertTrue(b'title_added2' in self.connection_3.strategy.entries[dn]['title']) def test_modify_delete_nonexisting_attribute_1(self): dn = 'cn=user4,ou=test,o=lab' self.connection_1.bind() result = self.connection_1.modify(dn, {'initials': (MODIFY_DELETE, ['initials1', 'initials2'])}) if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'noSuchAttribute') def test_modify_delete_nonexisting_attribute_2(self): dn = 'cn=user4,ou=test,o=lab' self.connection_2.bind() result = self.connection_2.modify(dn, {'initials': (MODIFY_DELETE, ['initials1', 'initials2'])}) if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'noSuchAttribute') def test_modify_delete_nonexisting_attribute_3(self): dn = 'cn=user4,ou=test,o=lab' self.connection_3.bind() result = self.connection_3.modify(dn, {'initials': (MODIFY_DELETE, ['initials1', 'initials2'])}) if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'noSuchAttribute') def test_modify_delete_existing_singlevalue_1(self): dn = 'cn=user4,ou=test,o=lab' self.connection_1.bind() result = self.connection_1.modify(dn, {'title': (MODIFY_DELETE, ['title1'])}) if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') def test_modify_delete_existing_singlevalue_2(self): dn = 'cn=user4,ou=test,o=lab' self.connection_2.bind() result = self.connection_2.modify(dn, {'sn': (MODIFY_DELETE, ['user4_sn'])}) if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') def test_modify_delete_existing_singlevalue_3(self): dn = 'cn=user4,ou=test,o=lab' self.connection_3.bind() result = self.connection_3.modify(dn, {'sn': (MODIFY_DELETE, ['user4_sn'])}) if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') def test_modify_delete_existing_multivalue_1(self): dn = 'cn=user4,ou=test,o=lab' self.connection_1.bind() result = self.connection_1.modify(dn, {'title': (MODIFY_DELETE, ['title1', 'title2'])}) if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertTrue(self.connection_1.strategy.entries[dn]['title'] == [b'title3']) def test_modify_delete_existing_multivalue_2(self): dn = 'cn=user4,ou=test,o=lab' self.connection_2.bind() result = self.connection_2.modify(dn, {'title': (MODIFY_DELETE, ['title1', 'title2'])}) if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertTrue(self.connection_2.strategy.entries[dn]['title'] == [b'title3']) def test_modify_delete_existing_multivalue_3(self): dn = 'cn=user4,ou=test,o=lab' self.connection_3.bind() result = self.connection_3.modify(dn, {'title': (MODIFY_DELETE, ['title1', 'title2'])}) if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertTrue(self.connection_3.strategy.entries[dn]['title'] == [b'title3']) def test_modify_replace_existing_singlevalue_1(self): dn = 'cn=user4,ou=test,o=lab' self.connection_1.bind() result = self.connection_1.modify(dn, {'sn': (MODIFY_REPLACE, ['user_test_sn'])}) if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertTrue(b'user_test_sn' in self.connection_1.strategy.entries[dn]['sn']) self.assertEqual(len(self.connection_1.strategy.entries[dn]['sn']), 1) def test_modify_replace_existing_singlevalue_2(self): dn = 'cn=user4,ou=test,o=lab' self.connection_2.bind() result = self.connection_2.modify(dn, {'sn': (MODIFY_REPLACE, ['user_test_sn'])}) if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertTrue(b'user_test_sn' in self.connection_2.strategy.entries[dn]['sn']) self.assertEqual(len(self.connection_2.strategy.entries[dn]['sn']), 1) def test_modify_replace_existing_singlevalue_3(self): dn = 'cn=user4,ou=test,o=lab' self.connection_3.bind() result = self.connection_3.modify(dn, {'sn': (MODIFY_REPLACE, ['user_test_sn'])}) if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertTrue(b'user_test_sn' in self.connection_3.strategy.entries[dn]['sn']) self.assertEqual(len(self.connection_3.strategy.entries[dn]['sn']), 1) def test_modify_replace_existing_multivalue_1(self): dn = 'cn=user4,ou=test,o=lab' self.connection_1.bind() result = self.connection_1.modify(dn, {'title': (MODIFY_REPLACE, ['title4', 'title5'])}) if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertFalse(b'title1' in self.connection_1.strategy.entries[dn]['title']) self.assertFalse(b'title2' in self.connection_1.strategy.entries[dn]['title']) self.assertFalse(b'title3' in self.connection_1.strategy.entries[dn]['title']) self.assertTrue(b'title4' in self.connection_1.strategy.entries[dn]['title']) self.assertTrue(b'title5' in self.connection_1.strategy.entries[dn]['title']) self.assertEqual(len(self.connection_1.strategy.entries[dn]['title']), 2) def test_modify_replace_existing_multivalue_2(self): dn = 'cn=user4,ou=test,o=lab' self.connection_2.bind() result = self.connection_2.modify(dn, {'title': (MODIFY_REPLACE, ['title4', 'title5'])}) if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertFalse(b'title1' in self.connection_2.strategy.entries[dn]['title']) self.assertFalse(b'title2' in self.connection_2.strategy.entries[dn]['title']) self.assertFalse(b'title3' in self.connection_2.strategy.entries[dn]['title']) self.assertTrue(b'title4' in self.connection_2.strategy.entries[dn]['title']) self.assertTrue(b'title5' in self.connection_2.strategy.entries[dn]['title']) self.assertEqual(len(self.connection_2.strategy.entries[dn]['title']), 2) def test_modify_replace_existing_multivalue_3(self): dn = 'cn=user4,ou=test,o=lab' self.connection_3.bind() result = self.connection_3.modify(dn, {'title': (MODIFY_REPLACE, ['title4', 'title5'])}) if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertFalse(b'title1' in self.connection_3.strategy.entries[dn]['title']) self.assertFalse(b'title2' in self.connection_3.strategy.entries[dn]['title']) self.assertFalse(b'title3' in self.connection_3.strategy.entries[dn]['title']) self.assertTrue(b'title4' in self.connection_3.strategy.entries[dn]['title']) self.assertTrue(b'title5' in self.connection_3.strategy.entries[dn]['title']) self.assertEqual(len(self.connection_3.strategy.entries[dn]['title']), 2) def test_modify_replace_existing_novalue_1(self): dn = 'cn=user4,ou=test,o=lab' self.connection_1.bind() result = self.connection_1.modify(dn, {'title': (MODIFY_REPLACE, [])}) if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertFalse(b'title' in self.connection_1.strategy.entries[dn]) def test_modify_replace_existing_novalue_2(self): dn = 'cn=user4,ou=test,o=lab' self.connection_2.bind() result = self.connection_2.modify(dn, {'title': (MODIFY_REPLACE, [])}) if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertFalse(b'title' in self.connection_2.strategy.entries[dn]) def test_modify_replace_existing_novalue_3(self): dn = 'cn=user4,ou=test,o=lab' self.connection_3.bind() result = self.connection_3.modify(dn, {'title': (MODIFY_REPLACE, [])}) if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertFalse(b'title' in self.connection_3.strategy.entries[dn]) def test_modify_replace_not_existing_novalue_1(self): dn = 'cn=user4,ou=test,o=lab' self.connection_1.bind() result = self.connection_1.modify(dn, {'initials': (MODIFY_REPLACE, [])}) if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertFalse(b'initials' in self.connection_1.strategy.entries[dn]) def test_modify_replace_not_existing_novalue_2(self): dn = 'cn=user4,ou=test,o=lab' self.connection_2.bind() result = self.connection_2.modify(dn, {'initials': (MODIFY_REPLACE, [])}) if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertFalse(b'initials' in self.connection_2.strategy.entries[dn]) def test_modify_replace_not_existing_novalue_3(self): dn = 'cn=user4,ou=test,o=lab' self.connection_3.bind() result = self.connection_3.modify(dn, {'initials': (MODIFY_REPLACE, [])}) if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertFalse(b'initials' in self.connection_3.strategy.entries[dn]) def test_modify_replace_not_existing_singlevalue_1(self): dn = 'cn=user4,ou=test,o=lab' self.connection_1.bind() result = self.connection_1.modify(dn, {'initials': (MODIFY_REPLACE, ['initials1'])}) if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertTrue(b'initials1' in self.connection_1.strategy.entries[dn]['initials']) def test_modify_replace_not_existing_singlevalue_2(self): dn = 'cn=user4,ou=test,o=lab' self.connection_2.bind() result = self.connection_2.modify(dn, {'initials': (MODIFY_REPLACE, ['initials1'])}) if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertTrue(b'initials1' in self.connection_2.strategy.entries[dn]['initials']) def test_modify_replace_not_existing_singlevalue_3(self): dn = 'cn=user4,ou=test,o=lab' self.connection_3.bind() result = self.connection_3.modify(dn, {'initials': (MODIFY_REPLACE, ['initials1'])}) if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertTrue(b'initials1' in self.connection_3.strategy.entries[dn]['initials']) def test_modify_replace_not_existing_multivalue_1(self): dn = 'cn=user4,ou=test,o=lab' self.connection_1.bind() result = self.connection_1.modify(dn, {'initials': (MODIFY_REPLACE, ['initials1', 'initials2'])}) if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertTrue(b'initials1' in self.connection_1.strategy.entries[dn]['initials']) self.assertTrue(b'initials2' in self.connection_1.strategy.entries[dn]['initials']) def test_modify_replace_not_existing_multivalue_2(self): dn = 'cn=user4,ou=test,o=lab' self.connection_2.bind() result = self.connection_2.modify(dn, {'initials': (MODIFY_REPLACE, ['initials1', 'initials2'])}) if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertTrue(b'initials1' in self.connection_2.strategy.entries[dn]['initials']) self.assertTrue(b'initials2' in self.connection_2.strategy.entries[dn]['initials']) def test_modify_replace_not_existing_multivalue_3(self): dn = 'cn=user4,ou=test,o=lab' self.connection_3.bind() result = self.connection_3.modify(dn, {'initials': (MODIFY_REPLACE, ['initials1', 'initials2'])}) if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertTrue(b'initials1' in self.connection_3.strategy.entries[dn]['initials']) self.assertTrue(b'initials2' in self.connection_3.strategy.entries[dn]['initials']) def test_search_exact_match_single_attribute_1(self): self.connection_1.bind() result = self.connection_1.search('o=lab', '(cn=user1)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_1.response if not self.connection_1.strategy.sync: response, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertEqual('user1', response[0]['attributes']['cn'][0]) def test_search_exact_match_single_attribute_2(self): self.connection_2.bind() result = self.connection_2.search('o=lab', '(cn=user2)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_2.response if not self.connection_2.strategy.sync: response, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertEqual('user2', response[0]['attributes']['cn'][0]) def test_search_exact_match_single_attribute_3(self): self.connection_3.bind() result = self.connection_3.search('o=lab', '(cn=user3)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_3.response if not self.connection_3.strategy.sync: response, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertEqual('user3', response[0]['attributes']['cn'][0]) def test_search_exact_match_case_insensitive_single_attribute_1(self): self.connection_1.bind() result = self.connection_1.search('o=lab', '(cn=UsEr1)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_1.response if not self.connection_1.strategy.sync: response, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertEqual('user1', response[0]['attributes']['cn'][0]) def test_search_exact_match_case_insensitive_single_attribute_2(self): self.connection_2.bind() result = self.connection_2.search('o=lab', '(cn=UsEr2)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_2.response if not self.connection_2.strategy.sync: response, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertEqual('user2', response[0]['attributes']['cn'][0]) def test_search_exact_match_case_insensitive_single_attribute_3(self): self.connection_3.bind() result = self.connection_3.search('o=lab', '(cn=UsEr3)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_3.response if not self.connection_3.strategy.sync: response, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertEqual('user3', response[0]['attributes']['cn'][0]) def test_search_presence_single_attribute_1(self): self.connection_1.bind() result = self.connection_1.search('o=lab', '(cn=*)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_1.response if not self.connection_1.strategy.sync: response, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertTrue('user' in response[0]['attributes']['cn'][0]) def test_search_presence_single_attribute_2(self): self.connection_2.bind() result = self.connection_2.search('o=lab', '(cn=*)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_2.response if not self.connection_2.strategy.sync: response, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertTrue('user' in response[0]['attributes']['cn'][0]) def test_search_presence_single_attribute_3(self): self.connection_3.bind() result = self.connection_3.search('o=lab', '(cn=*)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_3.response if not self.connection_3.strategy.sync: response, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertTrue('user' in response[0]['attributes']['cn'][0]) def test_search_presence_and_filter_1(self): self.connection_1.bind() result = self.connection_1.search('o=lab', '(&(cn=*)(|(sn=user0_sn)(sn=user1_sn)))', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_1.response if not self.connection_1.strategy.sync: response, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user0', 'user1']) self.connection_1b.bind() result = self.connection_1b.search('o=lab', '(&(cn=*)(|(sn=user0_sn)(sn=user1_sn)))', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_1b.response if not self.connection_1b.strategy.sync: response, result = self.connection_1b.get_response(result) else: result = self.connection_1b.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user0', 'user1']) def test_search_presence_and_filter_2(self): self.connection_2.bind() result = self.connection_2.search('o=lab', '(&(cn=*)(|(sn=user0_sn)(sn=user1_sn)))', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_2.response if not self.connection_2.strategy.sync: response, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user0', 'user1']) self.connection_2b.bind() result = self.connection_2b.search('o=lab', '(&(cn=*)(|(sn=user0_sn)(sn=user1_sn)))', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_2b.response if not self.connection_2b.strategy.sync: response, result = self.connection_2b.get_response(result) else: result = self.connection_2b.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user0', 'user1']) def test_search_presence_and_filter_3(self): self.connection_3.bind() result = self.connection_3.search('o=lab', '(&(cn=*)(|(sn=user0_sn)(sn=user1_sn)))', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_3.response if not self.connection_3.strategy.sync: response, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user0', 'user1']) self.connection_3b.bind() result = self.connection_3b.search('o=lab', '(&(cn=*)(|(sn=user0_sn)(sn=user1_sn)))', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_3b.response if not self.connection_3b.strategy.sync: response, result = self.connection_3b.get_response(result) else: result = self.connection_3b.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user0', 'user1']) def test_search_incorrect_base_1(self): self.connection_1.bind() result = self.connection_1.search('o=nonexistant', '(cn=*)', search_scope=SUBTREE, attributes=['cn', 'sn']) if not self.connection_1.strategy.sync: _, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'noSuchObject') def test_search_incorrect_base_2(self): self.connection_2.bind() result = self.connection_2.search('o=nonexistant', '(cn=*)', search_scope=SUBTREE, attributes=['cn', 'sn']) if not self.connection_2.strategy.sync: _, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'noSuchObject') def test_search_incorrect_base_3(self): self.connection_3.bind() result = self.connection_3.search('o=nonexistant', '(cn=*)', search_scope=SUBTREE, attributes=['cn', 'sn']) if not self.connection_3.strategy.sync: _, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'noSuchObject') def test_search_incorrect_base_exception_1(self): self.connection_1c.bind() try: result = self.connection_1c.search('o=nonexistant', '(cn=*)', search_scope=SUBTREE, attributes=['cn', 'sn']) self.fail('exception not raised') except LDAPNoSuchObjectResult: pass if not self.connection_1c.strategy.sync: _, result = self.connection_1c.get_response(result) else: result = self.connection_1c.result self.assertEqual(result['description'], 'noSuchObject') def test_search_incorrect_base_exception_2(self): self.connection_2c.bind() try: result = self.connection_2c.search('o=nonexistant', '(cn=*)', search_scope=SUBTREE, attributes=['cn', 'sn']) self.fail('exception not raised') except LDAPNoSuchObjectResult: pass if not self.connection_2c.strategy.sync: _, result = self.connection_2c.get_response(result) else: result = self.connection_2c.result self.assertEqual(result['description'], 'noSuchObject') def test_search_incorrect_base_exception_3(self): self.connection_3c.bind() try: result = self.connection_3c.search('o=nonexistant', '(cn=*)', search_scope=SUBTREE, attributes=['cn', 'sn']) self.fail('exception not raised') except LDAPNoSuchObjectResult: pass if not self.connection_3c.strategy.sync: _, result = self.connection_3c.get_response(result) else: result = self.connection_3c.result self.assertEqual(result['description'], 'noSuchObject') def test_search_presence_and_filter_no_entries_found_1(self): self.connection_1.bind() result = self.connection_1.search('o=lab', '(&(cn=*)(sn=user_nonexistant))', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_1.response if not self.connection_1.strategy.sync: response, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertEqual(len(response), 0) def test_search_presence_and_filter_no_entries_found_2(self): self.connection_2.bind() result = self.connection_2.search('o=lab', '(&(cn=*)(sn=user_nonexistant))', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_2.response if not self.connection_2.strategy.sync: response, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertEqual(len(response), 0) def test_search_presence_and_filter_no_entries_found_3(self): self.connection_3.bind() result = self.connection_3.search('o=lab', '(&(cn=*)(sn=user_nonexistant))', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_3.response if not self.connection_3.strategy.sync: response, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertEqual(len(response), 0) def test_search_exact_match_not_filter_1(self): self.connection_1.bind() result = self.connection_1.search('o=lab', '(!(sn=user0_sn))', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_1.response if not self.connection_1.strategy.sync: response, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertNotEqual(response[0]['attributes']['cn'][0], 'user0') def test_search_exact_match_not_filter_2(self): self.connection_2.bind() result = self.connection_2.search('o=lab', '(!(sn=user0_sn))', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_2.response if not self.connection_2.strategy.sync: response, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertNotEqual(response[0]['attributes']['cn'][0], 'user0') def test_search_exact_match_not_filter_3(self): self.connection_3.bind() result = self.connection_3.search('o=lab', '(!(sn=user0_sn))', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_3.response if not self.connection_3.strategy.sync: response, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertNotEqual(response[0]['attributes']['cn'][0], 'user0') def test_search_greater_or_equal_than_string_1(self): self.connection_1.bind() result = self.connection_1.search('o=lab', '(userPassword>=test2222)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_1.response if not self.connection_1.strategy.sync: response, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user2', 'user3', 'user4']) def test_search_greater_or_equal_than_string_2(self): self.connection_2.bind() result = self.connection_2.search('o=lab', '(userPassword>=test2222)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_2.response if not self.connection_2.strategy.sync: response, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user2', 'user3', 'user4']) def test_search_greater_or_equal_than_string_3(self): self.connection_3.bind() result = self.connection_3.search('o=lab', '(userPassword>=test2222)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_3.response if not self.connection_3.strategy.sync: response, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user2', 'user3', 'user4']) def test_search_greater_or_equal_than_int_1(self): self.connection_1.bind() result = self.connection_1.search('o=lab', '(revision>=2)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_1.response if not self.connection_1.strategy.sync: response, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user2', 'user3', 'user4']) def test_search_greater_or_equal_than_int_2(self): self.connection_2.bind() result = self.connection_2.search('o=lab', '(revision>=2)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_2.response if not self.connection_2.strategy.sync: response, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user2', 'user3', 'user4']) def test_search_greater_or_equal_than_int_3(self): self.connection_3.bind() result = self.connection_3.search('o=lab', '(revision>=2)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_3.response if not self.connection_3.strategy.sync: response, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user2', 'user3', 'user4']) def test_search_less_or_equal_than_string_1(self): self.connection_1.bind() result = self.connection_1.search('o=lab', '(userPassword<=test2222)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_1.response if not self.connection_1.strategy.sync: response, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user0', 'user1', 'user2']) def test_search_less_or_equal_than_string_2(self): self.connection_2.bind() result = self.connection_2.search('o=lab', '(userPassword<=test2222)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_2.response if not self.connection_2.strategy.sync: response, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user0', 'user1', 'user2']) def test_search_less_or_equal_than_string_3(self): self.connection_3.bind() result = self.connection_3.search('o=lab', '(userPassword<=test2222)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_3.response if not self.connection_3.strategy.sync: response, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user0', 'user1', 'user2']) def test_search_less_or_equal_than_int_1(self): self.connection_1.bind() result = self.connection_1.search('o=lab', '(revision<=2)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_1.response if not self.connection_1.strategy.sync: response, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user0', 'user1', 'user2']) def test_search_less_or_equal_than_int_2(self): self.connection_2.bind() result = self.connection_2.search('o=lab', '(revision<=2)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_2.response if not self.connection_2.strategy.sync: response, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user0', 'user1', 'user2']) def test_search_less_or_equal_than_int_3(self): self.connection_3.bind() result = self.connection_3.search('o=lab', '(revision<=2)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_3.response if not self.connection_3.strategy.sync: response, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user0', 'user1', 'user2']) def test_search_substring_1(self): self.connection_1.bind() result = self.connection_1.search('o=lab', '(cn=*ser*2)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_1.response if not self.connection_1.strategy.sync: response, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user2']) def test_search_substring_2(self): self.connection_2.bind() result = self.connection_2.search('o=lab', '(cn=*ser*2)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_2.response if not self.connection_2.strategy.sync: response, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user2']) def test_search_substring_3(self): self.connection_3.bind() result = self.connection_3.search('o=lab', '(cn=*ser*2)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_3.response if not self.connection_3.strategy.sync: response, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user2']) def test_search_case_insensitive_substring_1(self): self.connection_1.bind() result = self.connection_1.search('o=lab', '(cn=*SeR*2)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_1.response if not self.connection_1.strategy.sync: response, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user2']) def test_search_case_insensitive_substring_2(self): self.connection_2.bind() result = self.connection_2.search('o=lab', '(cn=*SeR*2)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_2.response if not self.connection_2.strategy.sync: response, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user2']) def test_search_case_insensitive_substring_3(self): self.connection_3.bind() result = self.connection_3.search('o=lab', '(cn=*SeR*2)', search_scope=SUBTREE, attributes=['cn', 'sn']) response = self.connection_3.response if not self.connection_3.strategy.sync: response, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertTrue(response[0]['attributes']['cn'][0] in ['user2']) def test_search_presence_singlevalue_attribute_1(self): self.connection_1.bind() result = self.connection_1.search('o=lab', '(revision=*)', search_scope=SUBTREE, attributes=['cn', 'revision']) response = self.connection_1.response if not self.connection_1.strategy.sync: response, result = self.connection_1.get_response(result) else: result = self.connection_1.result self.assertEqual(result['description'], 'success') self.assertTrue(isinstance(response[0]['attributes']['revision'], int)) def test_search_presence_singlevalue_attribute_2(self): self.connection_2.bind() result = self.connection_2.search('o=lab', '(revision=*)', search_scope=SUBTREE, attributes=['cn', 'revision']) response = self.connection_2.response if not self.connection_2.strategy.sync: response, result = self.connection_2.get_response(result) else: result = self.connection_2.result self.assertEqual(result['description'], 'success') self.assertTrue(isinstance(response[0]['attributes']['revision'], int)) def test_search_presence_singlevalue_attribute_3(self): self.connection_3.bind() result = self.connection_3.search('o=lab', '(revision=*)', search_scope=SUBTREE, attributes=['cn', 'revision']) response = self.connection_3.response if not self.connection_3.strategy.sync: response, result = self.connection_3.get_response(result) else: result = self.connection_3.result self.assertEqual(result['description'], 'success') self.assertTrue(isinstance(response[0]['attributes']['revision'], list)) # no schema so attributes are returned as lists def test_search_paged_1(self): self.connection_1.bind() response = [] for resp in self.connection_1.extend.standard.paged_search('o=lab', '(cn=*)', search_scope=SUBTREE, attributes=['cn', 'revision'], paged_size=2, paged_criticality=True): response.append(resp) self.assertEqual(len(response), 5) def test_search_paged_2(self): self.connection_2.bind() response = [] for resp in self.connection_2.extend.standard.paged_search('o=lab', '(cn=*)', search_scope=SUBTREE, attributes=['cn', 'revision'], paged_size=2, paged_criticality=True): response.append(resp) self.assertEqual(len(response), 5) def test_search_paged_3(self): self.connection_3.bind() response = [] for resp in self.connection_3.extend.standard.paged_search('o=lab', '(cn=*)', search_scope=SUBTREE, attributes=['cn', 'revision'], paged_size=2, paged_criticality=True): response.append(resp) self.assertEqual(len(response), 5) ldap3-2.4.1/test/testModifyDNOperation.py0000666000000000000000000001130113226436742016443 0ustar 00000000000000""" """ # Created on 2013.06.06 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . from time import sleep import unittest from test.config import test_base, test_moved, test_name_attr, random_id, \ get_connection, add_user, drop_connection testcase_id = '' class Test(unittest.TestCase): def setUp(self): global testcase_id testcase_id = random_id() self.connection = get_connection() self.delete_at_teardown = [] def tearDown(self): drop_connection(self.connection, self.delete_at_teardown) self.assertFalse(self.connection.bound) def test_modify_dn_operation(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'modify-dn-1')) result = self.connection.modify_dn(self.delete_at_teardown[0][0], test_name_attr + '=' + testcase_id + 'modified-dn-1') if not self.connection.strategy.sync: _, result = self.connection.get_response(result) else: result = self.connection.result self.delete_at_teardown[0] = (self.delete_at_teardown[0][0].replace('modify-dn-1', 'modified-dn-1'), self.delete_at_teardown[0][1]) self.assertEqual(result['description'], 'success') def test_move_dn(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'modify-dn-2')) counter = 20 result = None while counter > 0: # tries move operation for at maximum 20 times - partition may be busy while moving (at least on eDirectory) result = self.connection.modify_dn(self.delete_at_teardown[0][0], test_name_attr + '=' + testcase_id + 'modify-dn-2', new_superior=test_moved) if not self.connection.strategy.sync: _, result = self.connection.get_response(result) else: result = self.connection.result if result['description'] == 'success': break sleep(2) counter -= 1 self.delete_at_teardown[0] = (self.delete_at_teardown[0][0].replace(test_base, test_moved), self.delete_at_teardown[0][1]) self.assertEqual('success', result['description']) def test_modify_dn_operation_with_get_request(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'modify-dn-3')) result = self.connection.modify_dn(self.delete_at_teardown[0][0], test_name_attr + '=' + testcase_id + 'modified-dn-3') if not self.connection.strategy.sync: _, result, request = self.connection.get_response(result, get_request=True) self.assertEqual(request['type'], 'modDNRequest') else: result = self.connection.result self.delete_at_teardown[0] = (self.delete_at_teardown[0][0].replace('modify-dn-3', 'modified-dn-3'), self.delete_at_teardown[0][1]) self.assertEqual(result['description'], 'success') def test_move_dn_with_get_request(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'modify-dn-4')) counter = 20 result = None while counter > 0: # tries move operation for at maximum 20 times - partition may be busy while moving (at least on eDirectory) result = self.connection.modify_dn(self.delete_at_teardown[0][0], test_name_attr + '=' + testcase_id + 'modify-dn-4', new_superior=test_moved) if not self.connection.strategy.sync: _, result, request = self.connection.get_response(result, get_request=True) self.assertEqual(request['type'], 'modDNRequest') else: result = self.connection.result if result['description'] == 'success': break sleep(2) counter -= 1 self.delete_at_teardown[0] = (self.delete_at_teardown[0][0].replace(test_base, test_moved), self.delete_at_teardown[0][1]) self.assertEqual('success', result['description']) ldap3-2.4.1/test/testModifyOperation.py0000666000000000000000000001242113226436742016225 0ustar 00000000000000""" """ # Created on 2013.06.06 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from ldap3 import MODIFY_REPLACE, MODIFY_ADD, MODIFY_DELETE from test.config import random_id, get_connection, add_user, \ drop_connection testcase_id = '' class Test(unittest.TestCase): def setUp(self): global testcase_id testcase_id = random_id() self.connection = get_connection() self.delete_at_teardown = [] self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'modify-1', attributes={'givenName': 'givenname-1'})) def tearDown(self): drop_connection(self.connection, self.delete_at_teardown) self.assertFalse(self.connection.bound) def test_modify_replace(self): result = self.connection.modify(self.delete_at_teardown[0][0], {'givenName': (MODIFY_REPLACE, ['givenname-1-replaced']), 'sn': (MODIFY_REPLACE, ['sn-replaced'])}) if not self.connection.strategy.sync: _, result = self.connection.get_response(result) else: result = self.connection.result self.assertEqual(result['description'], 'success') def test_modify_replace_with_get_request(self): result = self.connection.modify(self.delete_at_teardown[0][0], {'givenName': (MODIFY_REPLACE, ['givenname-1-replaced']), 'sn': (MODIFY_REPLACE, ['sn-replaced'])}) if not self.connection.strategy.sync: _, result, request = self.connection.get_response(result, get_request=True) self.assertEqual(request['type'], 'modifyRequest') else: result = self.connection.result self.assertEqual(result['description'], 'success') def test_modify_add(self): result = self.connection.modify(self.delete_at_teardown[0][0], {'businessCategory': (MODIFY_ADD, ['businessCategory-2-added'])}) if not self.connection.strategy.sync: _, result = self.connection.get_response(result) else: result = self.connection.result self.assertEqual(result['description'], 'success') def test_modify_delete_attribute_value(self): result = self.connection.modify(self.delete_at_teardown[0][0], {'businessCategory': (MODIFY_ADD, ['businessCategory-3-added', 'businessCategory-4-added'])}) if not self.connection.strategy.sync: _, result = self.connection.get_response(result) else: result = self.connection.result self.assertEqual(result['description'], 'success') result = self.connection.modify(self.delete_at_teardown[0][0], {'businessCategory': (MODIFY_DELETE, ['businessCategory-3-added'])}) if not self.connection.strategy.sync: _, result = self.connection.get_response(result) else: result = self.connection.result self.assertEqual(result['description'], 'success') def test_modify_delete_attribute(self): result = self.connection.modify(self.delete_at_teardown[0][0], {'businessCategory': (MODIFY_ADD, ['businessCategory-5-added', 'businessCategory-6-added'])}) if not self.connection.strategy.sync: _, result = self.connection.get_response(result) else: result = self.connection.result self.assertEqual(result['description'], 'success') result = self.connection.modify(self.delete_at_teardown[0][0], {'businessCategory': (MODIFY_DELETE, [])}) if not self.connection.strategy.sync: _, result = self.connection.get_response(result) else: result = self.connection.result self.assertEqual(result['description'], 'success') def test_delete_add_same_attribute(self): result = self.connection.modify(self.delete_at_teardown[0][0], {'businessCategory': (MODIFY_ADD, ['businessCategory-7-added', 'businessCategory-8-added', 'businessCategory-9-added'])}) if not self.connection.strategy.sync: _, result = self.connection.get_response(result) else: result = self.connection.result self.assertEqual(result['description'], 'success') result = self.connection.modify(self.delete_at_teardown[0][0], {'businessCategory': [(MODIFY_DELETE, ['businessCategory-8-added']), (MODIFY_ADD, ['business-Category-10-added'])]}) if not self.connection.strategy.sync: _, result = self.connection.get_response(result) else: result = self.connection.result self.assertEqual(result['description'], 'success') ldap3-2.4.1/test/testOfflineSchema.py0000666000000000000000000000553213226436742015625 0ustar 00000000000000""" """ # Created on 2013.09.13 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from ldap3 import Server, OFFLINE_EDIR_8_8_8, SchemaInfo, DsaInfo from ldap3.protocol.rfc4512 import ObjectClassInfo, AttributeTypeInfo from test.config import test_server, get_connection, drop_connection class Test(unittest.TestCase): def setUp(self): self.connection = get_connection(get_info=OFFLINE_EDIR_8_8_8) def tearDown(self): drop_connection(self.connection) self.assertFalse(self.connection.bound) def test_offline_schema(self): if not self.connection.strategy.pooled: if not self.connection.server.schema: self.connection.refresh_server_info() self.assertEqual(type(self.connection.server.schema), SchemaInfo) def test_object_classes(self): if not self.connection.strategy.pooled: if not self.connection.server.info: self.connection.refresh_server_info() self.assertEqual(type(self.connection.server.schema.object_classes['inetOrgPerson']), ObjectClassInfo) def test_attributes_types(self): if not self.connection.strategy.pooled: if not self.connection.server.info: self.connection.refresh_server_info() self.assertEqual(type(self.connection.server.schema.attribute_types['cn']), AttributeTypeInfo) def test_json_definition(self): if not self.connection.strategy.pooled: if not self.connection.server.info: self.connection.refresh_server_info() json_info = self.connection.server.info.to_json() json_schema = self.connection.server.schema.to_json() info = DsaInfo.from_json(json_info) schema = SchemaInfo.from_json(json_schema) server1 = Server.from_definition(test_server, info, schema) json_info1 = server1.info.to_json() json_schema1 = server1.schema.to_json() self.assertEqual(json_info, json_info1) self.assertEqual(json_schema, json_schema1) ldap3-2.4.1/test/testParseSearchFilter.py0000666000000000000000000001543513230302501016447 0ustar 00000000000000""" """ # Created on 2013.06.04 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from ldap3.operation.search import parse_filter, MATCH_EQUAL, MATCH_EXTENSIBLE from ldap3.utils.conv import escape_filter_chars from ldap3.protocol.schemas.edir888 import edir_8_8_8_schema from ldap3.protocol.rfc4512 import SchemaInfo, DsaInfo from ldap3.core.exceptions import LDAPAttributeError, LDAPObjectClassError from test.config import test_auto_escape, test_auto_encode, test_check_names class Test(unittest.TestCase): def test_parse_search_filter_equality(self): f = parse_filter('(cn=admin)', None, test_auto_escape, test_auto_encode, test_check_names) self.assertEqual(f.elements[0].tag, MATCH_EQUAL) self.assertEqual(f.elements[0].assertion['attr'], 'cn') self.assertEqual(f.elements[0].assertion['value'], b'admin') def test_parse_search_filter_equality_2(self): f = parse_filter('(cn=a<=b=>c)', None, test_auto_escape, test_auto_encode, test_check_names) self.assertEqual(f.elements[0].tag, MATCH_EQUAL) self.assertEqual(f.elements[0].assertion['attr'], 'cn') self.assertEqual(f.elements[0].assertion['value'], b'a<=b=>c') def test_parse_search_filter_extensible_syntax_1(self): f = parse_filter('(cn:caseExactMatch:=Fred Flintstone)', None, test_auto_escape, test_auto_encode, test_check_names) self.assertEqual(f.elements[0].tag, MATCH_EXTENSIBLE) self.assertEqual(f.elements[0].assertion['attr'], 'cn') self.assertEqual(f.elements[0].assertion['value'], b'Fred Flintstone') self.assertEqual(f.elements[0].assertion['matchingRule'], 'caseExactMatch') self.assertEqual(f.elements[0].assertion['dnAttributes'], False) def test_parse_search_filter_extensible_syntax_2(self): f = parse_filter('(cn:=Betty Rubble)', None, test_auto_escape, test_auto_encode, test_check_names) self.assertEqual(f.elements[0].tag, MATCH_EXTENSIBLE) self.assertEqual(f.elements[0].assertion['attr'], 'cn') self.assertEqual(f.elements[0].assertion['value'], b'Betty Rubble') self.assertEqual(f.elements[0].assertion['matchingRule'], False) self.assertEqual(f.elements[0].assertion['dnAttributes'], False) def test_parse_search_filter_extensible_syntax_3(self): f = parse_filter('(sn:dn:2.4.6.8.10:=Barney Rubble)', None, test_auto_escape, test_auto_encode, test_check_names) self.assertEqual(f.elements[0].tag, MATCH_EXTENSIBLE) self.assertEqual(f.elements[0].assertion['attr'], 'sn') self.assertEqual(f.elements[0].assertion['value'], b'Barney Rubble') self.assertEqual(f.elements[0].assertion['matchingRule'], '2.4.6.8.10') self.assertEqual(f.elements[0].assertion['dnAttributes'], True) def test_parse_search_filter_extensible_syntax_4(self): f = parse_filter('(o:dn:=Ace Industry)', None, test_auto_escape, test_auto_encode, test_check_names) self.assertEqual(f.elements[0].tag, MATCH_EXTENSIBLE) self.assertEqual(f.elements[0].assertion['attr'], 'o') self.assertEqual(f.elements[0].assertion['value'], b'Ace Industry') self.assertEqual(f.elements[0].assertion['matchingRule'], False) self.assertEqual(f.elements[0].assertion['dnAttributes'], True) def test_parse_search_filter_extensible_syntax_5(self): f = parse_filter('(:1.2.3:=Wilma Flintstone)', None, test_auto_escape, test_auto_encode, test_check_names) self.assertEqual(f.elements[0].tag, MATCH_EXTENSIBLE) self.assertEqual(f.elements[0].assertion['attr'], False) self.assertEqual(f.elements[0].assertion['value'], b'Wilma Flintstone') self.assertEqual(f.elements[0].assertion['matchingRule'], '1.2.3') self.assertEqual(f.elements[0].assertion['dnAttributes'], False) def test_parse_search_filter_extensible_syntax_6(self): f = parse_filter('(:DN:2.4.6.8.10:=Dino)', None, test_auto_escape, test_auto_encode, test_check_names) self.assertEqual(f.elements[0].tag, MATCH_EXTENSIBLE) self.assertEqual(f.elements[0].assertion['attr'], False) self.assertEqual(f.elements[0].assertion['value'], b'Dino') self.assertEqual(f.elements[0].assertion['matchingRule'], '2.4.6.8.''10') self.assertEqual(f.elements[0].assertion['dnAttributes'], True) def test_parse_search_filter_parenteses(self): f = parse_filter('(cn=' + escape_filter_chars('Doe (Missing Inc)') + ')', None, test_auto_escape, test_auto_encode, test_check_names) self.assertEqual(f.elements[0].tag, MATCH_EQUAL) self.assertEqual(f.elements[0].assertion['attr'], 'cn') self.assertEqual(f.elements[0].assertion['value'], b'Doe \\28Missing Inc\\29') def test_parse_search_filter_bad_attribute_type_check_true(self): self.assertRaises(LDAPAttributeError, parse_filter, '(bad=admin)', SchemaInfo.from_json(edir_8_8_8_schema), test_auto_escape, test_auto_encode, check_names=True) def test_parse_search_filter_bad_attribute_type_check_false(self): f = parse_filter('(bad=admin)', SchemaInfo.from_json(edir_8_8_8_schema), test_auto_escape, test_auto_encode, check_names=False) self.assertEqual(f.elements[0].tag, MATCH_EQUAL) self.assertEqual(f.elements[0].assertion['attr'], 'bad') self.assertEqual(f.elements[0].assertion['value'], b'admin') def test_parse_search_filter_bad_object_class_type_check_true(self): self.assertRaises(LDAPObjectClassError, parse_filter, '(objectClass=bad)', SchemaInfo.from_json(edir_8_8_8_schema), test_auto_escape, test_auto_encode, check_names=True) def test_parse_search_filter_bad_object_class_type_check_false(self): f = parse_filter('(objectClass=bad)', SchemaInfo.from_json(edir_8_8_8_schema), test_auto_escape, test_auto_encode, check_names=False) self.assertEqual(f.elements[0].tag, MATCH_EQUAL) self.assertEqual(f.elements[0].assertion['attr'], 'objectClass') self.assertEqual(f.elements[0].assertion['value'], b'bad') ldap3-2.4.1/test/testRebindOperation.py0000666000000000000000000001171413226436742016205 0ustar 00000000000000""" """ # Created on 2013.06.06 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from ldap3 import ANONYMOUS, SASL, NTLM, DIGEST_MD5 from test.config import test_sasl_user, test_sasl_password, random_id, get_connection, drop_connection, test_sasl_realm, \ test_server_type, test_ntlm_user, test_ntlm_password, test_secondary_user, test_secondary_password, \ test_sasl_secondary_user, test_sasl_secondary_password, test_sasl_secondary_user_dn, test_sasl_user_dn class Test(unittest.TestCase): def test_bind_clear_text_to_secondary_user(self): connection = get_connection() self.assertTrue(connection.bound) connection.rebind(test_secondary_user, test_secondary_password) if test_server_type == 'EDIR': bound_dn = connection.extend.novell.get_bind_dn() else: bound_dn = connection.extend.standard.who_am_i() if bound_dn: if '\\' in bound_dn: # for Active Directory domain, _, name = bound_dn.replace('u:', '').partition('\\') self.assertTrue(domain in test_secondary_user) self.assertTrue(name in test_secondary_user) else: self.assertTrue(test_secondary_user in bound_dn) else: self.fail('no user dn in extended response') drop_connection(connection) self.assertFalse(connection.bound) def test_bind_anonymous_to_secondary_user(self): connection = get_connection(bind=True, lazy_connection=False, authentication=ANONYMOUS) self.assertTrue(connection.bound) connection.rebind(test_secondary_user, test_secondary_password) if test_server_type == 'EDIR': bound_dn = connection.extend.novell.get_bind_dn() else: bound_dn = connection.extend.standard.who_am_i() if bound_dn: if '\\' in bound_dn: # for Active Directory domain, _, name = bound_dn.replace('u:', '').partition('\\') self.assertTrue(domain in test_secondary_user) self.assertTrue(name in test_secondary_user) else: self.assertTrue(test_secondary_user in bound_dn) else: self.fail('no user dn in extended response') drop_connection(connection) self.assertFalse(connection.bound) def test_bind_sasl_digest_md5_to_secondary_sasl_user(self): if test_server_type not in ['AD', 'SLAPD']: connection = get_connection(bind=False, authentication=SASL, sasl_mechanism=DIGEST_MD5, sasl_credentials=(test_sasl_realm, test_sasl_user, test_sasl_password, None)) connection.open() connection.bind() self.assertTrue(connection.bound) if test_server_type == 'EDIR': connected_user = connection.extend.novell.get_bind_dn() else: connected_user = str(connection.extend.standard.who_am_i()) self.assertEqual(connected_user, test_sasl_user_dn) if connection.rebind(authentication=SASL, sasl_mechanism=DIGEST_MD5, sasl_credentials=(test_sasl_realm, test_sasl_secondary_user, test_sasl_secondary_password, None)): if test_server_type == 'EDIR': connected_user = connection.extend.novell.get_bind_dn() else: connected_user = connection.extend.standard.who_am_i() self.assertEqual(connected_user, test_sasl_secondary_user_dn) else: self.fail('secondary user sasl authentication failed') drop_connection(connection) self.assertFalse(connection.bound) def test_ntlm(self): if test_server_type == 'AD': connection = get_connection(bind=False, authentication=NTLM, ntlm_credentials=(test_ntlm_user, test_ntlm_password)) connection.open() connection.bind() self.assertTrue(connection.bound) connected_user = str(connection.extend.standard.who_am_i())[2:] self.assertEqual(connected_user, test_ntlm_user) drop_connection(connection) self.assertFalse(connection.bound) ldap3-2.4.1/test/testRemoveMembersFromGroups.py0000666000000000000000000006410613226436742017720 0ustar 00000000000000""" """ # Created on 2016.04.17 # # Author: Giovanni Cannata # # Copyright 2016 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from test.config import test_base, add_user, add_group, get_connection, drop_connection, random_id, test_server_type testcase_id = '' class Test(unittest.TestCase): def setUp(self): global testcase_id testcase_id = random_id() self.connection = get_connection() self.delete_at_teardown = [] def tearDown(self): drop_connection(self.connection, self.delete_at_teardown) self.assertFalse(self.connection.bound) def test_remove_member_from_group(self): if test_server_type == 'EDIR' and not self.connection.strategy.pooled and not self.connection.strategy.no_real_dsa: self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'user-1')) self.delete_at_teardown.append(add_group(self.connection, testcase_id, 'group-1')) self.delete_at_teardown.append(add_group(self.connection, testcase_id, 'group-1b', [self.delete_at_teardown[0]])) self.connection.extend.novell.add_members_to_groups(self.delete_at_teardown[0][0], [self.delete_at_teardown[1][0], self.delete_at_teardown[2][0]], fix=True, transaction=False) # verifies user in group-1 result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', attributes=['securityEquals', 'groupMembership']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response, result = self.connection.response, self.connection.result if response: self.assertTrue(self.delete_at_teardown[1][0] in (response[0]['attributes']['securityEquals'] if 'securityEquals' in response[0]['attributes'] else [])) self.assertTrue(self.delete_at_teardown[1][0] in (response[0]['attributes']['groupMembership'] if 'groupMembership' in response[0]['attributes'] else [])) else: self.assertFalse(True, self.delete_at_teardown[1][0] + ' not found') result = self.connection.search(self.delete_at_teardown[1][0], '(objectclass=*)', attributes=['member', 'equivalentToMe']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response, result = self.connection.response, self.connection.result if response: self.assertTrue(self.delete_at_teardown[0][0] in (response[0]['attributes']['member'] if 'member' in response[0]['attributes'] else [])) self.assertTrue(self.delete_at_teardown[0][0] in (response[0]['attributes']['equivalentToMe'] if 'equivalentToMe' in response[0]['attributes'] else [])) else: self.assertFalse(True, self.delete_at_teardown[0][0] + ' not found') # verifies user in group-1b result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', attributes=['securityEquals', 'groupMembership']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response, result = self.connection.response, self.connection.result if response: self.assertTrue(self.delete_at_teardown[2][0] in (response[0]['attributes']['securityEquals'] if 'securityEquals' in response[0]['attributes'] else [])) self.assertTrue(self.delete_at_teardown[2][0] in (response[0]['attributes']['groupMembership'] if 'groupMembership' in response[0]['attributes'] else [])) else: self.assertFalse(True, self.delete_at_teardown[2][0] + ' not found') result = self.connection.search(self.delete_at_teardown[2][0], '(objectclass=*)', attributes=['member', 'equivalentToMe']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response, result = self.connection.response, self.connection.result if response: self.assertTrue(self.delete_at_teardown[0][0] in (response[0]['attributes']['member'] if 'member' in response[0]['attributes'] else [])) self.assertTrue(self.delete_at_teardown[0][0] in (response[0]['attributes']['equivalentToMe'] if 'equivalentToMe' in response[0]['attributes'] else [])) else: self.assertFalse(True, self.delete_at_teardown[0][0] + ' not found') self.connection.extend.novell.remove_members_from_groups(self.delete_at_teardown[0][0], self.delete_at_teardown[1][0], fix=False, transaction=False) # verifies users not in group-1 result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', attributes=['securityEquals', 'groupMembership']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response, result = self.connection.response, self.connection.result if response: self.assertTrue(self.delete_at_teardown[1][0] not in (response[0]['attributes']['securityEquals'] if 'securityEquals' in response[0]['attributes'] else [])) self.assertTrue(self.delete_at_teardown[1][0] not in (response[0]['attributes']['groupMembership'] if 'groupMembership' in response[0]['attributes'] else [])) else: self.assertFalse(True, self.delete_at_teardown[1][0] + ' not found') result = self.connection.search(self.delete_at_teardown[1][0], '(objectclass=*)', attributes=['member', 'equivalentToMe']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response, result = self.connection.response, self.connection.result if response: self.assertTrue(self.delete_at_teardown[0][0] not in (response[0]['attributes']['member'] if 'member' in response[0]['attributes'] else [])) self.assertTrue(self.delete_at_teardown[0][0] not in (response[0]['attributes']['equivalentToMe'] if 'equivalentToMe' in response[0]['attributes'] else [])) else: self.assertFalse(True, self.delete_at_teardown[0][0] + ' not found') # verifies user still in group-1b result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', attributes=['securityEquals', 'groupMembership']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response, result = self.connection.response, self.connection.result if response: self.assertTrue(self.delete_at_teardown[2][0] in (response[0]['attributes']['securityEquals'] if 'securityEquals' in response[0]['attributes'] else [])) self.assertTrue(self.delete_at_teardown[2][0] in (response[0]['attributes']['groupMembership'] if 'groupMembership' in response[0]['attributes'] else [])) else: self.assertFalse(True, self.delete_at_teardown[2][0] + ' not found') result = self.connection.search(self.delete_at_teardown[2][0], '(objectclass=*)', attributes=['member', 'equivalentToMe']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response, result = self.connection.response, self.connection.result if response: self.assertTrue(self.delete_at_teardown[0][0] in (response[0]['attributes']['member'] if 'member' in response[0]['attributes'] else [])) self.assertTrue(self.delete_at_teardown[0][0] in (response[0]['attributes']['equivalentToMe'] if 'equivalentToMe' in response[0]['attributes'] else [])) else: self.assertFalse(True, self.delete_at_teardown[0][0] + ' not found') def test_remove_members_from_groups(self): if test_server_type == 'EDIR' and not self.connection.strategy.pooled and not self.connection.strategy.no_real_dsa: self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'user-2')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'user-3')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'user-4')) self.delete_at_teardown.append(add_group(self.connection, testcase_id, 'group-2', self.delete_at_teardown)) self.delete_at_teardown.append(add_group(self.connection, testcase_id, 'group-3')) self.delete_at_teardown.append(add_group(self.connection, testcase_id, 'group-4')) self.connection.extend.novell.add_members_to_groups([self.delete_at_teardown[0][0], self.delete_at_teardown[1][0], self.delete_at_teardown[2][0]], [self.delete_at_teardown[3][0], self.delete_at_teardown[4][0], self.delete_at_teardown[5][0]], fix=True, transaction=False ) for i in range(0, 2): result = self.connection.search(self.delete_at_teardown[i][0], '(objectclass=*)', attributes=['securityEquals', 'groupMembership']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response, result = self.connection.response, self.connection.result if response: for j in range(3, 5): self.assertTrue(self.delete_at_teardown[j][0] in (response[0]['attributes']['securityEquals'] if 'securityEquals' in response[0]['attributes'] else [])) self.assertTrue(self.delete_at_teardown[j][0] in (response[0]['attributes']['groupMembership'] if 'groupMembership' in response[0]['attributes'] else [])) else: self.assertFalse(True, self.delete_at_teardown[i][0] + ' not found') for j in range(3, 5): result = self.connection.search(self.delete_at_teardown[j][0], '(objectclass=*)', attributes=['member', 'equivalentToMe']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response, result = self.connection.response, self.connection.result if response: for i in range(0, 2): self.assertTrue(self.delete_at_teardown[i][0] in (response[0]['attributes']['member'] if 'member' in response[0]['attributes'] else [])) self.assertTrue(self.delete_at_teardown[i][0] in (response[0]['attributes']['equivalentToMe'] if 'equivalentToMe' in response[0]['attributes'] else [])) else: self.assertFalse(True, self.delete_at_teardown[j][0] + ' not found') self.connection.extend.novell.remove_members_from_groups([self.delete_at_teardown[0][0], self.delete_at_teardown[1][0], self.delete_at_teardown[2][0]], [self.delete_at_teardown[3][0], self.delete_at_teardown[4][0], self.delete_at_teardown[5][0]], fix=True, transaction=False ) for i in range(0, 2): result = self.connection.search(self.delete_at_teardown[i][0], '(objectclass=*)', attributes=['securityEquals', 'groupMembership']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response, result = self.connection.response, self.connection.result if response: for j in range(3, 5): self.assertTrue(self.delete_at_teardown[j][0] not in (response[0]['attributes']['securityEquals'] if 'securityEquals' in response[0]['attributes'] else [])) self.assertTrue(self.delete_at_teardown[j][0] not in (response[0]['attributes']['groupMembership'] if 'groupMembership' in response[0]['attributes'] else [])) else: self.assertFalse(True, self.delete_at_teardown[i][0] + ' not found') for j in range(3, 5): result = self.connection.search(self.delete_at_teardown[j][0], '(objectclass=*)', attributes=['member', 'equivalentToMe']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response, result = self.connection.response, self.connection.result if response: for i in range(0, 2): self.assertTrue(self.delete_at_teardown[i][0] not in (response[0]['attributes']['member'] if 'member' in response[0]['attributes'] else [])) self.assertTrue(self.delete_at_teardown[i][0] not in (response[0]['attributes']['equivalentToMe'] if 'equivalentToMe' in response[0]['attributes'] else [])) else: self.assertFalse(True, self.delete_at_teardown[j][0] + ' not found') def test_remove_member_from_group_transactional(self): if test_server_type == 'EDIR' and not self.connection.strategy.pooled and not self.connection.strategy.no_real_dsa: self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'user-5')) self.delete_at_teardown.append(add_group(self.connection, testcase_id, 'group-5', self.delete_at_teardown)) self.connection.extend.novell.add_members_to_groups(self.delete_at_teardown[0][0], self.delete_at_teardown[1][0], fix=True, transaction=True) result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', attributes=['securityEquals', 'groupMembership']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response, result = self.connection.response, self.connection.result if response: self.assertTrue(self.delete_at_teardown[1][0] in (response[0]['attributes']['securityEquals'] if 'securityEquals' in response[0]['attributes'] else [])) self.assertTrue(self.delete_at_teardown[1][0] in (response[0]['attributes']['groupMembership'] if 'groupMembership' in response[0]['attributes'] else [])) else: self.assertFalse(True, self.delete_at_teardown[1][0] + ' not found') result = self.connection.search(self.delete_at_teardown[1][0], '(objectclass=*)', attributes=['member', 'equivalentToMe']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response, result = self.connection.response, self.connection.result if response: self.assertTrue(self.delete_at_teardown[0][0] in (response[0]['attributes']['member'] if 'member' in response[0]['attributes'] else [])) self.assertTrue(self.delete_at_teardown[0][0] in (response[0]['attributes']['equivalentToMe'] if 'equivalentToMe' in response[0]['attributes'] else [])) else: self.assertFalse(True, self.delete_at_teardown[0][0] + ' not found') self.connection.extend.novell.remove_members_from_groups(self.delete_at_teardown[0][0], self.delete_at_teardown[1][0], fix=False, transaction=False) result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', attributes=['securityEquals', 'groupMembership']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response, result = self.connection.response, self.connection.result if response: self.assertTrue(self.delete_at_teardown[1][0] not in (response[0]['attributes']['securityEquals'] if 'securityEquals' in response[0]['attributes'] else [])) self.assertTrue(self.delete_at_teardown[1][0] not in (response[0]['attributes']['groupMembership'] if 'groupMembership' in response[0]['attributes'] else [])) else: self.assertFalse(True, self.delete_at_teardown[1][0] + ' not found') result = self.connection.search(self.delete_at_teardown[1][0], '(objectclass=*)', attributes=['member', 'equivalentToMe']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response, result = self.connection.response, self.connection.result if response: self.assertTrue(self.delete_at_teardown[0][0] not in (response[0]['attributes']['member'] if 'member' in response[0]['attributes'] else [])) self.assertTrue(self.delete_at_teardown[0][0] not in (response[0]['attributes']['equivalentToMe'] if 'equivalentToMe' in response[0]['attributes'] else [])) else: self.assertFalse(True, self.delete_at_teardown[0][0] + ' not found') def test_remove_members_from_groups_transactional(self): if test_server_type == 'EDIR' and not self.connection.strategy.pooled and not self.connection.strategy.no_real_dsa: self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'user-6')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'user-7')) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'user-8')) self.delete_at_teardown.append(add_group(self.connection, testcase_id, 'group-6', self.delete_at_teardown)) # this group has members but other attributes are not set self.delete_at_teardown.append(add_group(self.connection, testcase_id, 'group-7')) self.delete_at_teardown.append(add_group(self.connection, testcase_id, 'group-8')) self.connection.extend.novell.add_members_to_groups([self.delete_at_teardown[0][0], self.delete_at_teardown[1][0], self.delete_at_teardown[2][0]], [self.delete_at_teardown[3][0], self.delete_at_teardown[4][0], self.delete_at_teardown[5][0]], fix=True, transaction=True ) for i in range(0, 2): result = self.connection.search(self.delete_at_teardown[i][0], '(objectclass=*)', attributes=['securityEquals', 'groupMembership']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response, result = self.connection.response, self.connection.result if response: for j in range(3, 5): self.assertTrue(self.delete_at_teardown[j][0] in (response[0]['attributes']['securityEquals'] if 'securityEquals' in response[0]['attributes'] else [])) self.assertTrue(self.delete_at_teardown[j][0] in (response[0]['attributes']['groupMembership'] if 'groupMembership' in response[0]['attributes'] else [])) else: self.assertFalse(True, self.delete_at_teardown[i][0] + ' not found') for j in range(3, 5): result = self.connection.search(self.delete_at_teardown[j][0], '(objectclass=*)', attributes=['member', 'equivalentToMe']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response, result = self.connection.response, self.connection.result if response: for i in range(0, 2): self.assertTrue(self.delete_at_teardown[i][0] in (response[0]['attributes']['member'] if 'member' in response[0]['attributes'] else [])) self.assertTrue(self.delete_at_teardown[i][0] in (response[0]['attributes']['equivalentToMe'] if 'equivalentToMe' in response[0]['attributes'] else [])) else: self.assertFalse(True, self.delete_at_teardown[j][0] + ' not found') self.connection.extend.novell.remove_members_from_groups([self.delete_at_teardown[0][0], self.delete_at_teardown[1][0], self.delete_at_teardown[2][0]], [self.delete_at_teardown[3][0], self.delete_at_teardown[4][0], self.delete_at_teardown[5][0]], fix=True, transaction=False ) for i in range(0, 2): result = self.connection.search(self.delete_at_teardown[i][0], '(objectclass=*)', attributes=['securityEquals', 'groupMembership']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response, result = self.connection.response, self.connection.result if response: for j in range(3, 5): self.assertTrue(self.delete_at_teardown[j][0] not in (response[0]['attributes']['securityEquals'] if 'securityEquals' in response[0]['attributes'] else [])) self.assertTrue(self.delete_at_teardown[j][0] not in (response[0]['attributes']['groupMembership'] if 'groupMembership' in response[0]['attributes'] else [])) else: self.assertFalse(True, self.delete_at_teardown[i][0] + ' not found') for j in range(3, 5): result = self.connection.search(self.delete_at_teardown[j][0], '(objectclass=*)', attributes=['member', 'equivalentToMe']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response, result = self.connection.response, self.connection.result if response: for i in range(0, 2): self.assertTrue(self.delete_at_teardown[i][0] not in (response[0]['attributes']['member'] if 'member' in response[0]['attributes'] else [])) self.assertTrue(self.delete_at_teardown[i][0] not in (response[0]['attributes']['equivalentToMe'] if 'equivalentToMe' in response[0]['attributes'] else [])) else: self.assertFalse(True, self.delete_at_teardown[j][0] + ' not found') ldap3-2.4.1/test/testRestartable.py0000666000000000000000000000635613226436742015377 0ustar 00000000000000""" """ # Created on 2014.03.29 # # Author: Giovanni Cannata # # Copyright 2014 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from test.config import test_server, test_user, test_password, test_lazy_connection, test_get_info, test_server_mode, test_base, test_strategy from ldap3 import Server, Connection, ServerPool, RESTARTABLE, ROUND_ROBIN, BASE, MOCK_SYNC, MOCK_ASYNC class Test(unittest.TestCase): def test_restartable_invalid_server(self): if test_strategy not in [MOCK_SYNC, MOCK_ASYNC]: if isinstance(test_server, (list, tuple)): hosts = ['a.b.c.d'] + list(test_server) else: hosts = ['a.b.c.d', test_server] search_results = [] servers = [Server(host=host, port=636, use_ssl=True, get_info=test_get_info, mode=test_server_mode) for host in hosts] connection = Connection(ServerPool(servers, ROUND_ROBIN, active=True, exhaust=True), user=test_user, password=test_password, client_strategy=RESTARTABLE, lazy=test_lazy_connection, pool_name='pool1') with connection as c: c.search(search_base=test_base, search_filter='(' + test_base.split(',')[0] + ')', search_scope=BASE, attributes='*') for resp in connection.response: if resp['type'] == 'searchResEntry': search_results.append(resp['dn']) self.assertEqual(len(search_results), 1) def test_restartable_invalid_server2(self): if test_strategy not in [MOCK_SYNC, MOCK_ASYNC]: if isinstance(test_server, (list, tuple)): hosts = ['a.b.c.d'] + list(test_server) else: hosts = ['a.b.c.d', test_server] search_results = [] servers = [Server(host=host, port=389, use_ssl=False) for host in hosts] server_pool = ServerPool(servers, ROUND_ROBIN, active=True, exhaust=True) connection = Connection(server_pool, user=test_user, password=test_password, client_strategy=RESTARTABLE, lazy=False) connection.open() connection.bind() connection.search(search_base=test_base, search_filter='(' + test_base.split(',')[0] + ')', search_scope=BASE) if connection.response: for resp in connection.response: if resp['type'] == 'searchResEntry': search_results.append(resp['dn']) connection.unbind() self.assertEqual(len(search_results), 1) ldap3-2.4.1/test/testSaslPrep.py0000666000000000000000000000505513226436742014653 0ustar 00000000000000""" """ # Created on 2013.08.26 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . # """ # import unittest # from unicodedata import lookup # # from ldap3.protocol.sasl.sasl import validate_simple_password import unittest from unicodedata import lookup from ldap3.protocol.sasl.sasl import validate_simple_password class Test(unittest.TestCase): def test_valid_simple_alphanumeric_password(self): password = 'abcdefg1234567890ABCDEFG' validated = validate_simple_password(password) self.assertEqual(b'abcdefg1234567890ABCDEFG', validated) def test_valid_simple_alphanumeric_bytes_password(self): password = b'abcdefg1234567890ABCDEFG' validated = validate_simple_password(password) self.assertEqual(b'abcdefg1234567890ABCDEFG', validated) def test_valid_simple_alphanumeric_password_with_ascii_characters(self): password = b'abcdefg1234567890ABCDEFG!"$%&/()=' validated = validate_simple_password(password) self.assertEqual(password, validated) def test_valid_simple_alphanumeric_password_with_non_ascii_characters(self): password = ''.join(['123', lookup('POUND SIGN'), 'abc']) validated = validate_simple_password(password) self.assertEqual(b'123\xc2\xa3abc', validated) def test_valid_simple_alphanumeric_password_with_mapped_to_nothing_characters(self): password = ''.join(['123', lookup('SOFT HYPHEN'), 'abc']) validated = validate_simple_password(password) self.assertEqual(b'123abc', validated) def test_valid_simple_alphanumeric_password_with_mapped_to_space_characters(self): password = ''.join(['123', lookup('FIGURE SPACE'), 'abc']) validated = validate_simple_password(password) self.assertEqual(b'123 abc', validated) ldap3-2.4.1/test/testSchema.py0000666000000000000000000000506313226436742014321 0ustar 00000000000000""" """ # Created on 2013.09.13 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from ldap3 import Server, ALL, SchemaInfo, DsaInfo from ldap3.protocol.rfc4512 import ObjectClassInfo, AttributeTypeInfo from test.config import test_server, get_connection, drop_connection class Test(unittest.TestCase): def setUp(self): self.connection = get_connection(get_info=ALL, lazy_connection=False) self.delete_at_teardown = [] def tearDown(self): drop_connection(self.connection) self.assertFalse(self.connection.bound) def test_schema(self): if not self.connection.strategy.pooled: self.assertEqual(type(self.connection.server.schema), SchemaInfo) def test_object_classes(self): if not self.connection.strategy.pooled: self.assertEqual(type(self.connection.server.schema.object_classes['inetOrgPerson']), ObjectClassInfo) def test_attributes_types(self): if self.connection.server.schema: self.assertEqual(type(self.connection.server.schema.attribute_types['cn']), AttributeTypeInfo) def test_json_definition(self): if not self.connection.strategy.pooled: if not self.connection.server.info: self.connection.refresh_server_info() json_info = self.connection.server.info.to_json() json_schema = self.connection.server.schema.to_json() info = DsaInfo.from_json(json_info) schema = SchemaInfo.from_json(json_schema) server1 = Server.from_definition(test_server, info, schema) json_info1 = server1.info.to_json() json_schema1 = server1.schema.to_json() self.assertEqual(json_info, json_info1) self.assertEqual(json_schema, json_schema1) ldap3-2.4.1/test/testSearchAndModifyEntries.py0000666000000000000000000010372413226436742017456 0ustar 00000000000000""" """ # Created on 2016.08.20 # # Author: Giovanni Cannata # # Copyright 2015 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from time import sleep from ldap3 import REUSABLE from ldap3.core.exceptions import LDAPCursorError, LDAPOperationResult, LDAPConstraintViolationResult, LDAPAttributeOrValueExistsResult from ldap3.abstract import STATUS_WRITABLE, STATUS_COMMITTED, STATUS_DELETED, STATUS_INIT, STATUS_MANDATORY_MISSING, STATUS_VIRTUAL, STATUS_PENDING_CHANGES, STATUS_READ, STATUS_READY_FOR_DELETION from ldap3.core.results import RESULT_CONSTRAINT_VIOLATION, RESULT_ATTRIBUTE_OR_VALUE_EXISTS from test.config import test_base, test_name_attr, random_id, get_connection, add_user, drop_connection, test_server_type, test_int_attr, test_strategy,\ test_multivalued_attribute, test_singlevalued_attribute testcase_id = '' class Test(unittest.TestCase): def setUp(self): global testcase_id testcase_id = random_id() self.connection = get_connection() self.delete_at_teardown = [] if test_server_type == 'EDIR': self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'mod-1', attributes={test_multivalued_attribute: 'givenname-1', test_int_attr: 0})) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'mod-2', attributes={test_multivalued_attribute: ['givenname-2a', 'givenname-2b', 'givenname-2c'], test_int_attr: 0, test_singlevalued_attribute: 'init'})) elif test_server_type == 'AD': self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'mod-1', attributes={test_multivalued_attribute: 'givenname-1'})) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'mod-2', attributes={test_multivalued_attribute: ['givenname-2a', 'givenname-2b', 'givenname-2c'], test_singlevalued_attribute: 'init'})) else: self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'mod-1', attributes={test_multivalued_attribute: 'givenname-1'})) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'mod-2', attributes={test_multivalued_attribute: ['givenname-2a', 'givenname-2b', 'givenname-2c'], test_singlevalued_attribute: 'init'})) def tearDown(self): drop_connection(self.connection, self.delete_at_teardown) self.assertFalse(self.connection.bound) def get_entry(self, entry_name): result = self.connection.search(search_base=test_base, search_filter='(' + test_name_attr + '=' + testcase_id + entry_name + ')', attributes=[test_name_attr, 'givenName', test_multivalued_attribute, test_singlevalued_attribute]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) entries = self.connection._get_entries(response) else: result = self.connection.result entries = self.connection.entries self.assertEqual(result['description'], 'success') self.assertEqual(len(entries), 1) return entries[0] def compare_entries(self, entry1, entry2): for attr in entry1: self.assertFalse(entry1[attr.key] is entry2[attr.key]) self.assertEqual(entry1[attr.key], entry2[attr.key]) for attr in entry2: self.assertFalse(entry2[attr.key] is entry1[attr.key]) self.assertEqual(entry2[attr.key], entry1[attr.key]) for attr in entry1._state.attributes.keys(): self.assertFalse(entry1._state.attributes[attr] is entry2._state.attributes[attr]) self.assertEqual(entry1._state.attributes[attr], entry2._state.attributes[attr]) for attr in entry2._state.attributes.keys(): self.assertFalse(entry2._state.attributes[attr] is entry1._state.attributes[attr]) self.assertEqual(entry2._state.attributes[attr], entry1._state.attributes[attr]) for attr in entry1._state.raw_attributes.keys(): self.assertFalse(entry1._state.raw_attributes[attr] is entry2._state.raw_attributes[attr]) self.assertEqual(entry1._state.raw_attributes[attr], entry2._state.raw_attributes[attr]) for attr in entry2._state.raw_attributes.keys(): self.assertFalse(entry2._state.raw_attributes[attr] is entry1._state.raw_attributes[attr]) self.assertEqual(entry2._state.raw_attributes[attr], entry1._state.raw_attributes[attr]) self.assertEqual(entry1._state.dn, entry2._state.dn) self.assertEqual(entry1._state.response, entry2._state.response) self.assertEqual(entry1._state.read_time, entry2._state.read_time) self.assertFalse(entry1 is entry2) self.assertFalse(entry1._state is entry2._state) self.assertFalse(entry1._state.attributes is entry2._state.attributes) self.assertFalse(entry1._state.raw_attributes is entry2._state.raw_attributes) # if entry1._state.response is not None: # self.assertFalse(entry1._state.response is entry2._state.response) # if entry1._state.read_time is not None: # self.assertFalse(entry1._state.read_time is entry2._state.read_time) def test_search_and_delete_entry(self): add_user(self.connection, testcase_id, 'del1', attributes={'givenName': 'givenname-delete'}) read_only_entry = self.get_entry('del1') self.assertEqual(read_only_entry.entry_status, STATUS_READ) writable_entry = read_only_entry.entry_writable('inetorgperson') self.assertEqual(writable_entry.entry_status, STATUS_WRITABLE) writable_entry.entry_delete() self.assertEqual(writable_entry.entry_status, STATUS_READY_FOR_DELETION) result = writable_entry.entry_commit_changes() self.assertEqual(writable_entry.entry_status, STATUS_DELETED) self.assertTrue(result) counter = 20 while counter > 0: # waits for at maximum 20 times - delete operation can take some time to complete result = self.connection.search(search_base=test_base, search_filter='(' + test_name_attr + '=' + testcase_id + 'del1)', attributes=[test_name_attr, 'givenName']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) entries = self.connection._get_entries(response) else: result = self.connection.result entries = self.connection.entries if len(entries) == 0: break sleep(3) counter -= 1 self.assertEqual(result['description'], 'success') self.assertEqual(len(entries), 0) self.compare_entries(read_only_entry, writable_entry) def test_search_and_add_value_to_existing_single_value(self): read_only_entry = self.get_entry('mod-2') writable_entry = read_only_entry.entry_writable('inetorgperson') writable_entry[test_singlevalued_attribute].add('single') writable_entry.entry_commit_changes() cursor = writable_entry.entry_cursor if not cursor.failed: self.fail('error assigning to existing single value') self.assertEqual(len(cursor.errors), 1) self.assertTrue(cursor.errors[0].result['result'] in [RESULT_CONSTRAINT_VIOLATION, RESULT_ATTRIBUTE_OR_VALUE_EXISTS]) def test_search_and_implicit_add_value_to_existing_single_value(self): read_only_entry = self.get_entry('mod-2') writable_entry = read_only_entry.entry_writable('inetorgperson') writable_entry[test_singlevalued_attribute] += 'single' writable_entry.entry_commit_changes() cursor = writable_entry.entry_cursor if not cursor.failed: self.fail('error assigning to existing single value') self.assertEqual(len(cursor.errors), 1) self.assertTrue(cursor.errors[0].result['result'] in [RESULT_CONSTRAINT_VIOLATION, RESULT_ATTRIBUTE_OR_VALUE_EXISTS]) def test_search_and_add_value_to_existing_single_value_with_exception(self): if test_strategy != REUSABLE: # in REUSABLE strategy the connection can't be changed old_raise_exception = self.connection.raise_exceptions self.connection.raise_exceptions = True read_only_entry = self.get_entry('mod-2') writable_entry = read_only_entry.entry_writable('inetorgperson') writable_entry[test_singlevalued_attribute].add('single') try: writable_entry.entry_commit_changes() except (LDAPConstraintViolationResult, LDAPAttributeOrValueExistsResult): return finally: self.connection.raise_exceptions = old_raise_exception self.fail('error assigning to existing single value') def test_search_and_implicit_add_value_to_existing_single_value_with_exception(self): if test_strategy != REUSABLE: # in REUSABLE strategy the connection can't be changed old_raise_exception = self.connection.raise_exceptions self.connection.raise_exceptions = True read_only_entry = self.get_entry('mod-2') writable_entry = read_only_entry.entry_writable('inetorgperson') writable_entry[test_singlevalued_attribute] += 'single' try: writable_entry.entry_commit_changes() except (LDAPConstraintViolationResult, LDAPAttributeOrValueExistsResult): return finally: self.connection.raise_exceptions = old_raise_exception self.fail('error assigning to existing single value') def test_search_and_add_value_to_non_existing_single_value(self): read_only_entry = self.get_entry('mod-1') writable_entry = read_only_entry.entry_writable('inetorgperson') writable_entry[test_singlevalued_attribute].add('single') result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertEqual(writable_entry[test_singlevalued_attribute], 'single') self.assertEqual(len(writable_entry[test_singlevalued_attribute]), 1) self.compare_entries(read_only_entry, writable_entry) def test_search_and_implicit_add_value_to_non_existing_single_value(self): read_only_entry = self.get_entry('mod-1') writable_entry = read_only_entry.entry_writable('inetorgperson', attributes=[test_singlevalued_attribute]) writable_entry[test_singlevalued_attribute] += 'single' result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertEqual(writable_entry[test_singlevalued_attribute], 'single') self.assertEqual(len(writable_entry[test_singlevalued_attribute]), 1) self.compare_entries(read_only_entry, writable_entry) def test_search_and_add_value_to_existing_multi_value(self): read_only_entry = self.get_entry('mod-1') writable_entry = read_only_entry.entry_writable('inetorgperson') writable_entry[test_multivalued_attribute].add('added-givenname-1') result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertTrue('givenname-1' in writable_entry[test_multivalued_attribute]) self.assertTrue('added-givenname-1' in writable_entry[test_multivalued_attribute]) self.assertEqual(len(writable_entry[test_multivalued_attribute]), 2) self.compare_entries(read_only_entry, writable_entry) def test_search_and_implicit_add_value_to_existing_multi_value(self): read_only_entry = self.get_entry('mod-1') writable_entry = read_only_entry.entry_writable('inetorgperson') writable_entry[test_multivalued_attribute] += 'implicit-added-givenname-1' result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertTrue('givenname-1' in writable_entry[test_multivalued_attribute]) self.assertTrue('implicit-added-givenname-1' in writable_entry[test_multivalued_attribute]) self.assertEqual(len(writable_entry[test_multivalued_attribute]), 2) self.compare_entries(read_only_entry, writable_entry) def test_search_and_add_values_to_existing_multi_value(self): read_only_entry = self.get_entry('mod-1') writable_entry = read_only_entry.entry_writable('inetorgperson') writable_entry[test_multivalued_attribute].add('added-givenname-1') writable_entry[test_multivalued_attribute].add('added-givenname-2') result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertTrue('givenname-1' in writable_entry[test_multivalued_attribute]) self.assertTrue('added-givenname-1' in writable_entry[test_multivalued_attribute]) self.assertTrue('added-givenname-2' in writable_entry[test_multivalued_attribute]) self.assertEqual(len(writable_entry[test_multivalued_attribute]), 3) self.compare_entries(read_only_entry, writable_entry) def test_search_and_implicit_add_values_to_existing_multi_value(self): read_only_entry = self.get_entry('mod-1') writable_entry = read_only_entry.entry_writable('inetorgperson') writable_entry[test_multivalued_attribute] += 'implicit-added-givenname-1' writable_entry[test_multivalued_attribute] += 'implicit-added-givenname-2' result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertTrue('givenname-1' in writable_entry[test_multivalued_attribute]) self.assertTrue('implicit-added-givenname-1' in writable_entry[test_multivalued_attribute]) self.assertTrue('implicit-added-givenname-2' in writable_entry[test_multivalued_attribute]) self.assertEqual(len(writable_entry[test_multivalued_attribute]), 3) self.compare_entries(read_only_entry, writable_entry) def test_search_and_add_values_from_sequence_to_existing_multi_value(self): read_only_entry = self.get_entry('mod-1') writable_entry = read_only_entry.entry_writable('inetorgperson') writable_entry[test_multivalued_attribute].add(['added-givenname-1', 'added-givenname-2']) result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertTrue('givenname-1' in writable_entry[test_multivalued_attribute]) self.assertTrue('added-givenname-1' in writable_entry[test_multivalued_attribute]) self.assertTrue('added-givenname-2' in writable_entry[test_multivalued_attribute]) self.assertEqual(len(writable_entry[test_multivalued_attribute]), 3) self.compare_entries(read_only_entry, writable_entry) def test_search_and_implicit_add_values_from_sequence_to_existing_multi_value(self): read_only_entry = self.get_entry('mod-1') writable_entry = read_only_entry.entry_writable('inetorgperson') writable_entry[test_multivalued_attribute] += ['implicit-added-givenname-1', 'implicit-added-givenname-2'] result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertTrue('givenname-1' in writable_entry[test_multivalued_attribute]) self.assertTrue('implicit-added-givenname-1' in writable_entry[test_multivalued_attribute]) self.assertTrue('implicit-added-givenname-2' in writable_entry[test_multivalued_attribute]) self.assertEqual(len(writable_entry[test_multivalued_attribute]), 3) self.compare_entries(read_only_entry, writable_entry) def test_search_and_add_value_to_non_existing_multi_value(self): read_only_entry = self.get_entry('mod-1') writable_entry = read_only_entry.entry_writable('inetorgperson') writable_entry.postalAddress.add('postalAddress-1') result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertTrue('postalAddress-1' in writable_entry.postalAddress) self.assertEqual(len(writable_entry.postalAddress), 1) self.compare_entries(read_only_entry, writable_entry) def test_search_and_implicit_add_value_to_non_existing_multi_value(self): read_only_entry = self.get_entry('mod-1') writable_entry = read_only_entry.entry_writable('inetorgperson') writable_entry.postalAddress += 'postalAddress-1' result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertTrue('postalAddress-1' in writable_entry.postalAddress) self.assertEqual(len(writable_entry.postalAddress), 1) self.compare_entries(read_only_entry, writable_entry) def test_search_and_add_values_to_non_existing_multi_value(self): read_only_entry = self.get_entry('mod-1') writable_entry = read_only_entry.entry_writable('inetorgperson') writable_entry.postalAddress.add('postalAddress-1') writable_entry.postalAddress.add('postalAddress-2') result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertTrue('postalAddress-1' in writable_entry.postalAddress) self.assertTrue('postalAddress-2' in writable_entry.postalAddress) self.assertEqual(len(writable_entry.postalAddress), 2) self.compare_entries(read_only_entry, writable_entry) def test_search_and_implicit_add_values_to_non_existing_multi_value(self): read_only_entry = self.get_entry('mod-1') writable_entry = read_only_entry.entry_writable('inetorgperson') writable_entry.postalAddress += 'postalAddress-1' writable_entry.postalAddress += 'postalAddress-2' result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertTrue('postalAddress-1' in writable_entry.postalAddress) self.assertTrue('postalAddress-2' in writable_entry.postalAddress) self.assertEqual(len(writable_entry.postalAddress), 2) self.compare_entries(read_only_entry, writable_entry) def test_search_and_add_values_from_sequence_to_non_existing_multi_value(self): read_only_entry = self.get_entry('mod-1') writable_entry = read_only_entry.entry_writable('inetorgperson') writable_entry.postalAddress.add(['postalAddress-1', 'postalAddress-2']) result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertTrue('postalAddress-1' in writable_entry.postalAddress) self.assertTrue('postalAddress-2' in writable_entry.postalAddress) self.assertEqual(len(writable_entry.postalAddress), 2) self.compare_entries(read_only_entry, writable_entry) def test_search_and_implicit_add_values_from_sequence_to_non_existing_multi_value(self): read_only_entry = self.get_entry('mod-1') writable_entry = read_only_entry.entry_writable('inetorgperson') writable_entry.postalAddress += ['postalAddress-1', 'postalAddress-2'] result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertTrue('postalAddress-1' in writable_entry.postalAddress) self.assertTrue('postalAddress-2' in writable_entry.postalAddress) self.assertEqual(len(writable_entry.postalAddress), 2) self.compare_entries(read_only_entry, writable_entry) def test_search_and_set_value_to_existing_single_value(self): read_only_entry = self.get_entry('mod-2') writable_entry = read_only_entry.entry_writable('inetorgperson') writable_entry[test_singlevalued_attribute].set('single') result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertEqual(writable_entry[test_singlevalued_attribute], 'single') self.assertEqual(len(writable_entry[test_singlevalued_attribute]), 1) self.compare_entries(read_only_entry, writable_entry) def test_search_and_implicit_set_value_to_existing_single_value(self): read_only_entry = self.get_entry('mod-2') writable_entry = read_only_entry.entry_writable('inetorgperson') writable_entry[test_singlevalued_attribute] = 'single' result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertEqual(writable_entry[test_singlevalued_attribute], 'single') self.assertEqual(len(writable_entry[test_singlevalued_attribute]), 1) self.compare_entries(read_only_entry, writable_entry) def test_search_and_set_value_to_non_existing_single_value(self): read_only_entry = self.get_entry('mod-1') writable_entry = read_only_entry.entry_writable('inetorgperson') writable_entry[test_singlevalued_attribute].set('init') result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertEqual(writable_entry[test_singlevalued_attribute], 'init') self.assertEqual(len(writable_entry[test_singlevalued_attribute]), 1) self.compare_entries(read_only_entry, writable_entry) def test_search_and_implicit_set_value_to_non_existing_single_value(self): read_only_entry = self.get_entry('mod-1') writable_entry = read_only_entry.entry_writable('inetorgperson') writable_entry[test_singlevalued_attribute] = 'init' result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertEqual(writable_entry[test_singlevalued_attribute], 'init') self.assertEqual(len(writable_entry[test_singlevalued_attribute]), 1) self.compare_entries(read_only_entry, writable_entry) def test_search_and_set_value_to_existing_multi_value(self): read_only_entry = self.get_entry('mod-1') writable_entry = read_only_entry.entry_writable('inetorgperson') writable_entry[test_multivalued_attribute].set('set-givenname-1') result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertTrue('set-givenname-1' in writable_entry[test_multivalued_attribute]) self.assertEqual(len(writable_entry[test_multivalued_attribute]), 1) self.compare_entries(read_only_entry, writable_entry) def test_search_and_implicit_set_value_to_existing_multi_value(self): read_only_entry = self.get_entry('mod-1') writable_entry = read_only_entry.entry_writable('inetorgperson') writable_entry[test_multivalued_attribute] = 'implicit-set-givenname-1' result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertTrue('implicit-set-givenname-1' in writable_entry[test_multivalued_attribute]) self.assertEqual(len(writable_entry[test_multivalued_attribute]), 1) self.compare_entries(read_only_entry, writable_entry) def test_search_and_set_values_from_sequence_to_existing_multi_value(self): read_only_entry = self.get_entry('mod-1') writable_entry = read_only_entry.entry_writable('inetorgperson') writable_entry[test_multivalued_attribute].set(['set-givenname-1', 'set-givenname-2']) result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertTrue('set-givenname-1' in writable_entry[test_multivalued_attribute]) self.assertTrue('set-givenname-2' in writable_entry[test_multivalued_attribute]) self.assertEqual(len(writable_entry[test_multivalued_attribute]), 2) self.compare_entries(read_only_entry, writable_entry) def test_search_and_implicit_set_values_from_sequence_to_existing_multi_value(self): read_only_entry = self.get_entry('mod-1') writable_entry = read_only_entry.entry_writable('inetorgperson') writable_entry[test_multivalued_attribute] = ['implicit-set-givenname-1', 'implicit-set-givenname-2'] result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertTrue('implicit-set-givenname-1' in writable_entry[test_multivalued_attribute]) self.assertTrue('implicit-set-givenname-2' in writable_entry[test_multivalued_attribute]) self.assertEqual(len(writable_entry[test_multivalued_attribute]), 2) self.compare_entries(read_only_entry, writable_entry) def test_search_and_set_value_to_non_existing_multi_value(self): read_only_entry = self.get_entry('mod-1') writable_entry = read_only_entry.entry_writable('inetorgperson') writable_entry.postalAddress.set('postalAddress-1') result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertTrue('postalAddress-1' in writable_entry.postalAddress) self.assertEqual(len(writable_entry.postalAddress), 1) self.compare_entries(read_only_entry, writable_entry) def test_search_and_implicit_set_value_to_non_existing_multi_value(self): read_only_entry = self.get_entry('mod-1') writable_entry = read_only_entry.entry_writable('inetorgperson') writable_entry.postalAddress = 'postalAddress-1' result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertTrue('postalAddress-1' in writable_entry.postalAddress) self.assertEqual(len(writable_entry.postalAddress), 1) self.compare_entries(read_only_entry, writable_entry) def test_search_and_set_values_from_sequence_to_non_existing_multi_value(self): read_only_entry = self.get_entry('mod-1') writable_entry = read_only_entry.entry_writable('inetorgperson') writable_entry.postalAddress.set(['postalAddress-1', 'postalAddress-2']) result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertTrue('postalAddress-1' in writable_entry.postalAddress) self.assertTrue('postalAddress-2' in writable_entry.postalAddress) self.assertEqual(len(writable_entry.postalAddress), 2) self.compare_entries(read_only_entry, writable_entry) def test_search_and_implicit_set_values_from_sequence_to_non_existing_multi_value(self): read_only_entry = self.get_entry('mod-1') writable_entry = read_only_entry.entry_writable('inetorgperson') writable_entry.postalAddress = ['postalAddress-1', 'postalAddress-2'] result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertTrue('postalAddress-1' in writable_entry.postalAddress) self.assertTrue('postalAddress-2' in writable_entry.postalAddress) self.assertEqual(len(writable_entry.postalAddress), 2) self.compare_entries(read_only_entry, writable_entry) def test_search_and_remove_existing_attribute(self): read_only_entry = self.get_entry('mod-1') writable_entry = read_only_entry.entry_writable('inetorgperson') writable_entry[test_multivalued_attribute].remove() result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertEqual(writable_entry[test_multivalued_attribute].values, []) self.assertEqual(writable_entry[test_multivalued_attribute].virtual, True) def test_search_and_delete_value_from_existing_single_value(self): read_only_entry = self.get_entry('mod-2') writable_entry = read_only_entry.entry_writable('inetorgperson', attributes='preferreddeliverymethod') writable_entry[test_singlevalued_attribute].delete('init') result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertEqual(writable_entry[test_singlevalued_attribute].value, None) self.assertEqual(len(writable_entry[test_singlevalued_attribute]), 0) def test_search_and_implicit_delete_value_from_existing_single_value(self): read_only_entry = self.get_entry('mod-2') writable_entry = read_only_entry.entry_writable('inetorgperson', attributes='preferreddeliverymethod') writable_entry[test_singlevalued_attribute] -= 'init' result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertEqual(writable_entry[test_singlevalued_attribute].value, None) self.assertEqual(len(writable_entry[test_singlevalued_attribute]), 0) def test_search_and_delete_value_from_existing_multi_value(self): read_only_entry = self.get_entry('mod-2') writable_entry = read_only_entry.entry_writable('inetorgperson') writable_entry[test_multivalued_attribute].delete('givenname-2a') result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertTrue('givenname-2b' in writable_entry[test_multivalued_attribute].value) self.assertTrue('givenname-2c' in writable_entry[test_multivalued_attribute].value) self.assertEqual(len(writable_entry[test_multivalued_attribute]), 2) def test_search_and_implicit_delete_value_from_existing_multi_value(self): read_only_entry = self.get_entry('mod-2') writable_entry = read_only_entry.entry_writable('inetorgperson') writable_entry[test_multivalued_attribute] -= 'givenname-2a' result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertTrue('givenname-2b' in writable_entry[test_multivalued_attribute].value) self.assertTrue('givenname-2c' in writable_entry[test_multivalued_attribute].value) self.assertEqual(len(writable_entry[test_multivalued_attribute]), 2) def test_search_and_delete_values_from_existing_multi_value(self): read_only_entry = self.get_entry('mod-2') writable_entry = read_only_entry.entry_writable('inetorgperson') writable_entry[test_multivalued_attribute].delete(['givenname-2a', 'givenname-2b']) result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertTrue('givenname-2c' in writable_entry[test_multivalued_attribute].value) self.assertEqual(len(writable_entry[test_multivalued_attribute]), 1) def test_search_and_implicit_delete_values_from_existing_multi_value(self): read_only_entry = self.get_entry('mod-2') writable_entry = read_only_entry.entry_writable('inetorgperson') writable_entry[test_multivalued_attribute] -= ['givenname-2a', 'givenname-2b'] result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertTrue('givenname-2c' in writable_entry[test_multivalued_attribute].value) self.assertEqual(len(writable_entry[test_multivalued_attribute]), 1) def test_search_and_delete_all_values_from_existing_multi_value(self): read_only_entry = self.get_entry('mod-2') writable_entry = read_only_entry.entry_writable('inetorgperson') writable_entry[test_multivalued_attribute].delete(['givenname-2a', 'givenname-2b', 'givenname-2c']) result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertEqual(writable_entry[test_multivalued_attribute].value, None) self.assertEqual(len(writable_entry[test_multivalued_attribute]), 0) def test_search_and_implicit_delete_all_values_from_existing_multi_value(self): read_only_entry = self.get_entry('mod-2') writable_entry = read_only_entry.entry_writable('inetorgperson') writable_entry[test_multivalued_attribute] -= ['givenname-2a', 'givenname-2b', 'givenname-2c'] result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertEqual(writable_entry[test_multivalued_attribute].value, None) self.assertEqual(len(writable_entry[test_multivalued_attribute]), 0) def test_search_and_add_value_to_existing_multi_value_using_alias(self): if test_server_type != 'AD': # AD doens't use alias for cn read_only_entry = self.get_entry('mod-1') writable_entry = read_only_entry.entry_writable('inetorgperson') self.assertTrue(testcase_id + 'mod-1' in writable_entry.cn) self.assertTrue(testcase_id + 'mod-1' in writable_entry.commonname) writable_entry.commonname.add('added-commonname-1') result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertTrue('added-commonname-1' in writable_entry.cn) self.assertTrue('added-commonname-1' in writable_entry.commonname) self.assertEqual(len(writable_entry.commonname), 2) self.compare_entries(read_only_entry, writable_entry) def test_search_and_implicit_add_value_to_existing_multi_value_using_alias(self): if test_server_type != 'AD': # AD doens't use alias for cn read_only_entry = self.get_entry('mod-1') writable_entry = read_only_entry.entry_writable('inetorgperson') self.assertTrue(testcase_id + 'mod-1' in writable_entry.cn) self.assertTrue(testcase_id + 'mod-1' in writable_entry.commonname) writable_entry.commonname += 'implicit-added-commonname-1' result = writable_entry.entry_commit_changes() self.assertTrue(result) self.assertTrue('givenname-1' in writable_entry[test_multivalued_attribute]) self.assertTrue('implicit-added-commonname-1' in writable_entry.cn) self.assertTrue('implicit-added-commonname-1' in writable_entry.commonname) self.assertEqual(len(writable_entry.commonname), 2) self.compare_entries(read_only_entry, writable_entry) ldap3-2.4.1/test/testSearchOperation.py0000666000000000000000000004554413226436742016217 0ustar 00000000000000# -*- coding: cp850 -*- """ """ # Created on 2013.06.06 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from ldap3.utils.conv import escape_bytes, escape_filter_chars from test.config import test_base, test_name_attr, random_id, get_connection, \ add_user, drop_connection, test_server_type, test_int_attr from ldap3 import SUBTREE testcase_id = '' class Test(unittest.TestCase): def setUp(self): global testcase_id testcase_id = random_id() self.connection = get_connection() self.delete_at_teardown = [] if test_server_type == 'EDIR': self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'sea-1', attributes={'givenName': 'givenname-1', test_int_attr: 0})) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'sea-2', attributes={'givenName': 'givenname-2', test_int_attr: 0})) self.delete_at_teardown.append(add_user(self.connection, testcase_id, u'sea-3-\u2122', attributes={'givenName': 'givenname-3', test_int_attr: 0})) # TRADE-MARK SIGN self.delete_at_teardown.append(add_user(self.connection, testcase_id, u'sea-4-', attributes={'givenName': 'givenname-4', test_int_attr: 0})) elif test_server_type == 'AD': self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'sea-1', attributes={'givenName': 'givenname-1'})) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'sea-2', attributes={'givenName': 'givenname-2'})) self.delete_at_teardown.append(add_user(self.connection, testcase_id, u'sea-3-\u2122', attributes={'givenName': 'givenname-3'})) # TRADE-MARK SIGN self.delete_at_teardown.append(add_user(self.connection, testcase_id, u'sea-4-', attributes={'givenName': 'givenname-4'})) else: self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'sea-1', attributes={'givenName': 'givenname-1'})) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'sea-2', attributes={'givenName': 'givenname-2'})) self.delete_at_teardown.append(add_user(self.connection, testcase_id, u'sea-3-\u2122', attributes={'givenName': 'givenname-3'})) # TRADE-MARK SIGN self.delete_at_teardown.append(add_user(self.connection, testcase_id, u'sea-4-', attributes={'givenName': 'givenname-4', test_int_attr: 0})) def tearDown(self): drop_connection(self.connection, self.delete_at_teardown) self.assertFalse(self.connection.bound) def test_search_exact_match(self): result = self.connection.search(search_base=test_base, search_filter='(' + test_name_attr + '=' + testcase_id + 'sea-1)', attributes=[test_name_attr, 'givenName']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response result = self.connection.result self.assertEqual(result['description'], 'success') self.assertEqual(len(response), 1) if test_server_type == 'AD': self.assertEqual(response[0]['attributes']['givenName'], 'givenname-1') else: self.assertEqual(response[0]['attributes']['givenName'][0], 'givenname-1') def test_search_exact_match_with_get_request(self): result = self.connection.search(search_base=test_base, search_filter='(' + test_name_attr + '=' + testcase_id + 'sea-1)', attributes=[test_name_attr, 'givenName']) if not self.connection.strategy.sync: response, result, request = self.connection.get_response(result, get_request=True) self.assertEqual(request['type'], 'searchRequest') else: response = self.connection.response result = self.connection.result self.assertEqual(result['description'], 'success') self.assertEqual(len(response), 1) if test_server_type == 'AD': self.assertEqual(response[0]['attributes']['givenName'], 'givenname-1') else: self.assertEqual(response[0]['attributes']['givenName'][0], 'givenname-1') def test_search_extensible_match(self): if test_server_type == 'EDIR' and not self.connection.strategy.no_real_dsa: result = self.connection.search(search_base=test_base, search_filter='(&(ou:dn:=fixtures)(objectclass=inetOrgPerson))', attributes=[test_name_attr, 'givenName', 'sn']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response result = self.connection.result self.assertEqual(result['description'], 'success') self.assertTrue(len(response) >= 2) def test_search_present(self): result = self.connection.search(search_base=test_base, search_filter='(' + test_name_attr + '=*)', search_scope=SUBTREE, attributes=[test_name_attr, 'givenName']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response result = self.connection.result self.assertEqual(result['description'], 'success') self.assertTrue(len(response) >= 2) def test_search_substring_many(self): result = self.connection.search(search_base=test_base, search_filter='(' + test_name_attr + '=' + testcase_id + '*)', attributes=[test_name_attr, 'givenName']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response result = self.connection.result self.assertEqual(result['description'], 'success') self.assertEqual(len(response), 4) def test_search_with_operational_attributes(self): result = self.connection.search(search_base=test_base, search_filter='(' + test_name_attr + '=' + testcase_id + 'sea-1)', search_scope=SUBTREE, attributes=[test_name_attr, 'givenName'], get_operational_attributes=True) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response result = self.connection.result self.assertEqual(result['description'], 'success') if self.connection.check_names: if test_server_type == 'AD': self.assertEqual(response[0]['dn'].lower(), self.delete_at_teardown[0][0].lower()) else: self.assertEqual(response[0]['attributes']['entryDN'], self.delete_at_teardown[0][0]) def test_search_simple_paged(self): if not self.connection.strategy.pooled and not self.connection.strategy.no_real_dsa: self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'sea-5', attributes={'givenName': 'givenname-3'})) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'sea-6', attributes={'givenName': 'givenname-4'})) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'sea-7', attributes={'givenName': 'givenname-5'})) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'sea-8', attributes={'givenName': 'givenname-6'})) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'sea-9', attributes={'givenName': 'givenname-7'})) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'sea-10', attributes={'givenName': 'givenname-8'})) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'sea-11', attributes={'givenName': 'givenname-9'})) paged_size = 4 total_entries = 0 result = self.connection.search(search_base=test_base, search_filter='(' + test_name_attr + '=' + testcase_id + '*)', search_scope=SUBTREE, attributes=[test_name_attr, 'givenName'], paged_size=paged_size) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response result = self.connection.result self.assertEqual(result['description'], 'success') self.assertEqual(len(response), paged_size) total_entries += len(response) cookie = result['controls']['1.2.840.113556.1.4.319']['value']['cookie'] while cookie: result = self.connection.search(search_base=test_base, search_filter='(' + test_name_attr + '=' + testcase_id + '*)', search_scope=SUBTREE, attributes=[test_name_attr, 'givenName'], paged_size=paged_size, paged_cookie=cookie) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response result = self.connection.result self.assertEqual(result['description'], 'success') total_entries += len(response) self.assertTrue(len(response) <= paged_size) cookie = result['controls']['1.2.840.113556.1.4.319']['value']['cookie'] self.assertEqual(total_entries, 11) def test_search_exact_match_with_escaped_parentheses_in_filter(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, '(s)-12', attributes={'givenName': 'givenname-12'})) result = self.connection.search(search_base=test_base, search_filter='(' + test_name_attr + '=' + testcase_id + '*' + escape_bytes(')') + '*)', attributes=[test_name_attr, 'sn']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response result = self.connection.result self.assertEqual(result['description'], 'success') self.assertEqual(len(response), 1) if test_server_type == 'AD': self.assertEqual(response[0]['attributes'][test_name_attr], testcase_id + '(s)-12') else: self.assertEqual(response[0]['attributes'][test_name_attr][0], testcase_id + '(s)-12') # def test_search_exact_match_with_parentheses_in_filter(self): # self.delete_at_teardown.append(add_user(self.connection, testcase_id, '(search)-13', attributes={'givenName': 'givenname-13'})) # result = self.connection.search(search_base=test_base, search_filter='(' + test_name_attr + '=' + testcase_id + '*)*)', attributes=[test_name_attr, 'sn']) # if not self.connection.strategy.sync: # response, result = self.connection.get_response(result) # else: # response = self.connection.response # result = self.connection.result # self.assertEqual(result['description'], 'success') # self.assertEqual(len(response), 1) # if test_server_type == 'AD': # self.assertEqual(response[0]['attributes'][test_name_attr], testcase_id + '(search)-13') # else: # self.assertEqual(response[0]['attributes'][test_name_attr][0], testcase_id + '(search)-13') def test_search_integer_exact_match(self): result = self.connection.search(search_base=test_base, search_filter='(&(' + test_name_attr + '=' + testcase_id + '*)(' + test_int_attr + '=0))', attributes=[test_name_attr, test_int_attr]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response result = self.connection.result self.assertEqual(result['description'], 'success') self.assertEqual(len(response), 4) def test_search_integer_less_than(self): result = self.connection.search(search_base=test_base, search_filter='(&(' + test_name_attr + '=' + testcase_id + '*)(' + test_int_attr + ' <=1))', attributes=[test_name_attr, test_int_attr]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response result = self.connection.result self.assertEqual(result['description'], 'success') self.assertEqual(len(response), 4) def test_search_integer_greater_than(self): result = self.connection.search(search_base=test_base, search_filter='(&(' + test_name_attr + '=' + testcase_id + '*)(' + test_int_attr + ' >=-1))', attributes=[test_name_attr, test_int_attr]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response result = self.connection.result self.assertEqual(result['description'], 'success') self.assertEqual(len(response), 4) def test_search_not_match(self): result = self.connection.search(search_base=test_base, search_filter='(!(' + test_name_attr + '=' + testcase_id + 'sea-1))', attributes=[test_name_attr, 'givenName']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = [entry for entry in self.connection.response if entry['dn'].lower().startswith(test_name_attr.lower() + '=' + testcase_id.lower())] result = self.connection.result self.assertEqual(result['description'], 'success') self.assertTrue(len(response) >= 1) def test_search_exact_match_with_unicode_in_filter(self): result = self.connection.search(search_base=test_base, search_filter='(' + test_name_attr + '=' + testcase_id + u'sea-3-\u2122)', attributes=[test_name_attr, 'givenName']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response result = self.connection.result self.assertEqual(result['description'], 'success') self.assertEqual(len(response), 1) if test_server_type == 'AD': self.assertEqual(response[0]['attributes']['givenName'], 'givenname-3') else: self.assertEqual(response[0]['attributes']['givenName'][0], 'givenname-3') def test_search_exact_match_with_unescaped_chars(self): result = self.connection.search(search_base=test_base, search_filter='(' + test_name_attr + '=' + testcase_id + u'sea-4-)', attributes=[test_name_attr, 'givenName']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response result = self.connection.result self.assertEqual(result['description'], 'success') self.assertEqual(len(response), 1) if test_server_type == 'AD': self.assertEqual(response[0]['attributes']['givenName'], 'givenname-4') else: self.assertEqual(response[0]['attributes']['givenName'][0], 'givenname-4') def test_search_exact_match_with_unescaped_backslash_in_filter(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'sea-13', attributes={'givenName': testcase_id + 'givenname\\-13'})) result = self.connection.search(search_base=test_base, search_filter='(givenname=' + testcase_id + '*\\*)', attributes=[test_name_attr, 'sn']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response result = self.connection.result self.assertEqual(result['description'], 'success') self.assertEqual(len(response), 1) if test_server_type == 'AD': self.assertEqual(response[0]['attributes'][test_name_attr], testcase_id + 'sea-13') else: self.assertEqual(response[0]['attributes'][test_name_attr][0], testcase_id + 'sea-13') def test_search_exact_match_with_escaped_backslash_in_filter(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'sea-14', attributes={'givenName': testcase_id + 'givenname\\-14'})) result = self.connection.search(search_base=test_base, search_filter='(givenname=' + testcase_id + '*\\5c*)', attributes=[test_name_attr, 'sn']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response result = self.connection.result self.assertEqual(result['description'], 'success') self.assertEqual(len(response), 1) if test_server_type == 'AD': self.assertEqual(response[0]['attributes'][test_name_attr], testcase_id + 'sea-14') else: self.assertEqual(response[0]['attributes'][test_name_attr][0], testcase_id + 'sea-14') def test_search_exact_match_with_escape_chars_backslash_in_filter(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'sea-15', attributes={'givenName': testcase_id + 'givenname\\-15'})) result = self.connection.search(search_base=test_base, search_filter='(givenname=' + testcase_id + '*' + escape_filter_chars('\\') + '*)', attributes=[test_name_attr, 'sn']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response = self.connection.response result = self.connection.result self.assertEqual(result['description'], 'success') self.assertEqual(len(response), 1) if test_server_type == 'AD': self.assertEqual(response[0]['attributes'][test_name_attr], testcase_id + 'sea-15') else: self.assertEqual(response[0]['attributes'][test_name_attr][0], testcase_id + 'sea-15') ldap3-2.4.1/test/testSearchOperationEntries.py0000666000000000000000000002630513226436742017543 0ustar 00000000000000""" """ # Created on 2015.02.01 # # Author: Giovanni Cannata # # Copyright 2015 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from ldap3 import SUBTREE from ldap3.utils.conv import escape_bytes from test.config import test_base, test_name_attr, random_id, get_connection, \ add_user, drop_connection, test_server_type, test_int_attr testcase_id = '' class Test(unittest.TestCase): def setUp(self): global testcase_id testcase_id = random_id() self.connection = get_connection() self.delete_at_teardown = [] if test_server_type == 'EDIR': self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'sea-1', attributes={'givenName': 'givenname-1', test_int_attr: 0})) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'sea-2', attributes={'givenName': 'givenname-2', test_int_attr: 0})) elif test_server_type == 'AD': self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'sea-1', attributes={'givenName': 'givenname-1'})) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'sea-2', attributes={'givenName': 'givenname-2'})) else: self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'sea-1', attributes={'givenName': 'givenname-1'})) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'sea-2', attributes={'givenName': 'givenname-2'})) def tearDown(self): drop_connection(self.connection, self.delete_at_teardown) self.assertFalse(self.connection.bound) def test_search_exact_match(self): result = self.connection.search(search_base=test_base, search_filter='(' + test_name_attr + '=' + testcase_id + 'sea-1)', attributes=[test_name_attr, 'givenName']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) entries = self.connection._get_entries(response) else: result = self.connection.result entries = self.connection.entries self.assertEqual(result['description'], 'success') self.assertEqual(len(entries), 1) self.assertEqual(entries[0].givenName.value, 'givenname-1') self.assertEqual(entries[0].givenname.value, 'givenname-1') self.assertEqual(entries[0].GIVENNAME.value, 'givenname-1') def test_search_extensible_match(self): if test_server_type == 'EDIR' and not self.connection.strategy.no_real_dsa: result = self.connection.search(search_base=test_base, search_filter='(&(ou:dn:=fixtures)(objectclass=inetOrgPerson))', attributes=[test_name_attr, 'givenName', 'sn']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) entries = self.connection._get_entries(response) else: result = self.connection.result entries = self.connection.entries self.assertEqual(result['description'], 'success') self.assertTrue(len(entries) >= 2) def test_search_present(self): result = self.connection.search(search_base=test_base, search_filter='(' + test_name_attr + '=*)', search_scope=SUBTREE, attributes=[test_name_attr, 'givenName']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) entries = self.connection._get_entries(response) else: result = self.connection.result entries = self.connection.entries self.assertEqual(result['description'], 'success') self.assertTrue(len(entries) >= 2) def test_search_substring_many(self): result = self.connection.search(search_base=test_base, search_filter='(' + test_name_attr + '=' + testcase_id + '*)', attributes=[test_name_attr, 'givenName']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) entries = self.connection._get_entries(response) else: result = self.connection.result entries = self.connection.entries self.assertEqual(result['description'], 'success') self.assertEqual(len(entries), 2) def test_search_with_operational_attributes(self): result = self.connection.search(search_base=test_base, search_filter='(' + test_name_attr + '=' + testcase_id + 'sea-1)', search_scope=SUBTREE, attributes=[test_name_attr, 'givenName'], get_operational_attributes=True) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) entries = self.connection._get_entries(response) else: result = self.connection.result entries = self.connection.entries self.assertEqual(result['description'], 'success') if self.connection.check_names: self.assertEqual(entries[0].entry_dn.lower(), self.delete_at_teardown[0][0].lower()) def test_search_simple_paged(self): if not self.connection.strategy.pooled: self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'sea-3', attributes={'givenName': 'givenname-3'})) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'sea-4', attributes={'givenName': 'givenname-4'})) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'sea-5', attributes={'givenName': 'givenname-5'})) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'sea-6', attributes={'givenName': 'givenname-6'})) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'sea-7', attributes={'givenName': 'givenname-7'})) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'sea-8', attributes={'givenName': 'givenname-8'})) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'sea-9', attributes={'givenName': 'givenname-9'})) paged_size = 4 total_entries = 0 result = self.connection.search(search_base=test_base, search_filter='(' + test_name_attr + '=' + testcase_id + '*)', search_scope=SUBTREE, attributes=[test_name_attr, 'givenName'], paged_size=paged_size) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) entries = self.connection._get_entries(response) else: result = self.connection.result entries = self.connection.entries self.assertEqual(result['description'], 'success') self.assertEqual(len(entries), paged_size) total_entries += len(entries) cookie = result['controls']['1.2.840.113556.1.4.319']['value']['cookie'] while cookie: result = self.connection.search(search_base=test_base, search_filter='(' + test_name_attr + '=' + testcase_id + '*)', search_scope=SUBTREE, attributes=[test_name_attr, 'givenName'], paged_size=paged_size, paged_cookie=cookie) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) entries = self.connection._get_entries(response) else: result = self.connection.result entries = self.connection.entries self.assertEqual(result['description'], 'success') total_entries += len(entries) self.assertTrue(len(entries) <= paged_size) cookie = result['controls']['1.2.840.113556.1.4.319']['value']['cookie'] self.assertEqual(total_entries, 9) def test_search_exact_match_with_parentheses_in_filter(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, '(search)-10', attributes={'givenName': 'givenname-10'})) result = self.connection.search(search_base=test_base, search_filter='(' + test_name_attr + '=' + testcase_id + '*' + escape_bytes(')') + '*)', attributes=[test_name_attr, 'sn']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) entries = self.connection._get_entries(response) else: result = self.connection.result entries = self.connection.entries self.assertEqual(result['description'], 'success') self.assertEqual(len(entries), 1) self.assertEqual(entries[0][test_name_attr][0], testcase_id + '(search)-10') def test_search_integer_exact_match(self): result = self.connection.search(search_base=test_base, search_filter='(&(' + test_name_attr + '=' + testcase_id + '*)(' + test_int_attr + '=0))', attributes=[test_name_attr, test_int_attr]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) entries = self.connection._get_entries(response) else: result = self.connection.result entries = self.connection.entries self.assertEqual(result['description'], 'success') self.assertEqual(len(entries), 2) def test_search_integer_less_than(self): result = self.connection.search(search_base=test_base, search_filter='(&(' + test_name_attr + '=' + testcase_id + '*)(' + test_int_attr + ' <=1))', attributes=[test_name_attr, test_int_attr]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) entries = self.connection._get_entries(response) else: result = self.connection.result entries = self.connection.entries self.assertEqual(result['description'], 'success') self.assertEqual(len(entries), 2) def test_search_integer_greater_than(self): result = self.connection.search(search_base=test_base, search_filter='(&(' + test_name_attr + '=' + testcase_id + '*)(' + test_int_attr + ' >=-1))', attributes=[test_name_attr, test_int_attr]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) entries = self.connection._get_entries(response) else: result = self.connection.result entries = self.connection.entries self.assertEqual(result['description'], 'success') self.assertEqual(len(entries), 2) ldap3-2.4.1/test/testSearchOperationJSON.py0000666000000000000000000002206413226436742016701 0ustar 00000000000000""" """ # Created on 2013.06.06 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest import json from ldap3 import SUBTREE from ldap3.utils.conv import escape_bytes from test.config import test_base, test_name_attr, random_id, get_connection, add_user, drop_connection, test_int_attr, test_server_type testcase_id = '' class Test(unittest.TestCase): def setUp(self): global testcase_id testcase_id = random_id() self.connection = get_connection() self.delete_at_teardown = [] if test_server_type == 'EDIR': self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'sea-1', attributes={'givenName': 'givenname-1', test_int_attr: 0})) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'sea-2', attributes={'givenName': 'givenname-2', test_int_attr: 0})) elif test_server_type == 'AD': self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'sea-1', attributes={'givenName': 'givenname-1'})) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'sea-2', attributes={'givenName': 'givenname-2'})) else: self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'sea-1', attributes={'givenName': 'givenname-1'})) self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'sea-2', attributes={'givenName': 'givenname-2'})) def tearDown(self): drop_connection(self.connection, self.delete_at_teardown) self.assertFalse(self.connection.bound) def test_search_exact_match(self): result = self.connection.search(search_base=test_base, search_filter='(' + test_name_attr + '=' + testcase_id + 'sea-1)', attributes=[test_name_attr, 'givenName']) if not self.connection.strategy.sync: response, _ = self.connection.get_response(result) json_response = self.connection.response_to_json(search_result=response) else: json_response = self.connection.response_to_json() json_entries = json.loads(json_response)['entries'] self.assertEqual(len(json_entries), 1) def test_search_extensible_match(self): if test_server_type == 'EDIR' and not self.connection.strategy.no_real_dsa: result = self.connection.search(search_base=test_base, search_filter='(&(ou:dn:=fixtures)(objectclass=inetOrgPerson))', attributes=[test_name_attr, 'givenName', 'sn']) if not self.connection.strategy.sync: response, _ = self.connection.get_response(result) json_response = self.connection.response_to_json(search_result=response) else: json_response = self.connection.response_to_json() json_entries = json.loads(json_response)['entries'] self.assertTrue(len(json_entries) >= 2) def test_search_present(self): result = self.connection.search(search_base=test_base, search_filter='(' + test_name_attr + '=*)', search_scope=SUBTREE, attributes=[test_name_attr, 'givenName']) if not self.connection.strategy.sync: response, _ = self.connection.get_response(result) json_response = self.connection.response_to_json(search_result=response) else: json_response = self.connection.response_to_json() json_entries = json.loads(json_response)['entries'] self.assertTrue(len(json_entries) >= 2) def test_search_substring_many(self): result = self.connection.search(search_base=test_base, search_filter='(' + test_name_attr + '=' + testcase_id + '*)', attributes=[test_name_attr, 'givenName']) if not self.connection.strategy.sync: response, _ = self.connection.get_response(result) json_response = self.connection.response_to_json(search_result=response) else: json_response = self.connection.response_to_json() json_entries = json.loads(json_response)['entries'] self.assertEqual(len(json_entries), 2) def test_search_with_operational_attributes(self): if test_server_type == 'EDIR': test_operation_attribute = 'entryDN' elif test_server_type == 'SLAPD': test_operation_attribute = 'entryDN' else: test_operation_attribute = 'xxx' result = self.connection.search(search_base=test_base, search_filter='(' + test_name_attr + '=' + testcase_id + 'sea-1)', search_scope=SUBTREE, attributes=[test_name_attr, 'givenName'], get_operational_attributes=True) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) json_response = self.connection.response_to_json(search_result=response) else: json_response = self.connection.response_to_json() json_entries = json.loads(json_response)['entries'] if self.connection.check_names: if test_server_type == 'AD': self.assertEqual(json_entries[0]['dn'].lower(), self.delete_at_teardown[0][0].lower()) elif test_server_type == 'SLAPD': self.assertEqual(json_entries[0]['attributes'][test_operation_attribute], self.delete_at_teardown[0][0]) else: self.assertEqual(json_entries[0]['attributes'][test_operation_attribute], self.delete_at_teardown[0][0]) def test_search_exact_match_with_parentheses_in_filter(self): self.delete_at_teardown.append(add_user(self.connection, testcase_id, '(search)-3', attributes={'givenName': 'givenname-3'})) result = self.connection.search(search_base=test_base, search_filter='(&(' + test_name_attr + '=' + testcase_id + '*)(' + test_name_attr + '=*' + escape_bytes(')') + '*))', attributes=[test_name_attr, 'sn']) if not self.connection.strategy.sync: response, _ = self.connection.get_response(result) json_response = self.connection.response_to_json(search_result=response) else: json_response = self.connection.response_to_json() json_entries = json.loads(json_response)['entries'] self.assertEqual(len(json_entries), 1) if test_server_type == 'AD': self.assertEqual(json_entries[0]['attributes'][test_name_attr], testcase_id + '(search)-3') else: self.assertEqual(json_entries[0]['attributes'][test_name_attr][0], testcase_id + '(search)-3') def test_search_integer_exact_match(self): result = self.connection.search(search_base=test_base, search_filter='(&(' + test_name_attr + '=' + testcase_id + '*)(' + test_int_attr + '=0))', attributes=[test_name_attr, test_int_attr]) if not self.connection.strategy.sync: response, _ = self.connection.get_response(result) json_response = self.connection.response_to_json(search_result=response) else: json_response = self.connection.response_to_json() json_entries = json.loads(json_response)['entries'] self.assertEqual(len(json_entries), 2) def test_search_integer_less_than(self): result = self.connection.search(search_base=test_base, search_filter='(&(' + test_name_attr + '=' + testcase_id + '*)(' + test_int_attr + ' <=1))', attributes=[test_name_attr, test_int_attr]) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) json_response = self.connection.response_to_json(search_result=response) else: json_response = self.connection.response_to_json() json_entries = json.loads(json_response)['entries'] self.assertEqual(len(json_entries), 2) def test_search_integer_greater_than(self): result = self.connection.search(search_base=test_base, search_filter='(&(' + test_name_attr + '=' + testcase_id + '*)(' + test_int_attr + '>=-1))', attributes=[test_name_attr, test_int_attr]) if not self.connection.strategy.sync: response, _ = self.connection.get_response(result) json_response = self.connection.response_to_json(search_result=response) else: json_response = self.connection.response_to_json() json_entries = json.loads(json_response)['entries'] self.assertEqual(len(json_entries), 2) ldap3-2.4.1/test/testTls.py0000666000000000000000000002556313226436742013672 0ustar 00000000000000""" """ # Created on 2013.08.11 # # Author: Giovanni Cannata # # Copyright 2013 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest import ssl from ldap3 import Server, Connection, ServerPool, Tls, SASL, EXTERNAL, MOCK_ASYNC, MOCK_SYNC from test.config import test_server, test_port, test_port_ssl, test_user, test_password, test_authentication, \ test_strategy, test_lazy_connection, test_get_info, test_server_mode, test_valid_names, \ test_pooling_strategy, test_pooling_active, test_pooling_exhaust, test_ca_cert_file, \ test_user_cert_file, test_user_key_file class Test(unittest.TestCase): def test_start_tls(self): if test_strategy not in [MOCK_SYNC, MOCK_ASYNC]: if isinstance(test_server, (list, tuple)): server = ServerPool(pool_strategy=test_pooling_strategy, active=test_pooling_active, exhaust=test_pooling_exhaust) for host in test_server: server.add(Server(host=host, port=test_port, allowed_referral_hosts=('*', True), get_info=test_get_info, mode=test_server_mode)) else: server = Server(host=test_server, port=test_port, tls=Tls(validate=ssl.CERT_NONE), get_info=test_get_info, mode=test_server_mode) connection = Connection(server, auto_bind=False, version=3, client_strategy=test_strategy, user=test_user, password=test_password, authentication=test_authentication, lazy=test_lazy_connection, pool_name='pool1') connection.open() connection.start_tls() self.assertFalse(connection.closed) connection.unbind() if connection.strategy.pooled: connection.strategy.terminate() def test_open_ssl_with_defaults(self): if test_strategy not in [MOCK_SYNC, MOCK_ASYNC]: if isinstance(test_server, (list, tuple)): server = ServerPool(pool_strategy=test_pooling_strategy, active=test_pooling_active, exhaust=test_pooling_exhaust) for host in test_server: server.add(Server(host=host, port=test_port, allowed_referral_hosts=('*', True), get_info=test_get_info, mode=test_server_mode)) else: server = Server(host=test_server, port=test_port_ssl, use_ssl=True) connection = Connection(server, user=test_user, password=test_password) connection.open() self.assertFalse(connection.closed) connection.unbind() if connection.strategy.pooled: connection.strategy.terminate() def test_open_with_tls_before_bind(self): if test_strategy not in [MOCK_SYNC, MOCK_ASYNC]: if isinstance(test_server, (list, tuple)): server = ServerPool(pool_strategy=test_pooling_strategy, active=test_pooling_active, exhaust=test_pooling_exhaust) for host in test_server: server.add(Server(host=host, port=test_port, allowed_referral_hosts=('*', True), get_info=test_get_info, mode=test_server_mode)) else: server = Server(host=test_server, port=test_port, tls=Tls()) connection = Connection(server, auto_bind=False, version=3, client_strategy=test_strategy, user=test_user, password=test_password, authentication=test_authentication, lazy=test_lazy_connection, pool_name='pool1') connection.open(read_server_info=False) connection.start_tls(read_server_info=False) connection.bind() self.assertTrue(connection.bound) connection.unbind() if connection.strategy.pooled: connection.strategy.terminate() self.assertFalse(connection.bound) def test_open_with_tls_after_bind(self): if test_strategy not in [MOCK_SYNC, MOCK_ASYNC]: if isinstance(test_server, (list, tuple)): server = ServerPool(pool_strategy=test_pooling_strategy, active=test_pooling_active, exhaust=test_pooling_exhaust) for host in test_server: server.add(Server(host=host, port=test_port, allowed_referral_hosts=('*', True), get_info=test_get_info, mode=test_server_mode)) else: server = Server(host=test_server, port=test_port, tls=Tls()) connection = Connection(server, auto_bind=False, version=3, client_strategy=test_strategy, user=test_user, password=test_password, authentication=test_authentication, lazy=test_lazy_connection, pool_name='pool1') connection.open() connection.bind() connection.start_tls() self.assertTrue(connection.bound) connection.unbind() if connection.strategy.pooled: connection.strategy.terminate() self.assertFalse(connection.bound) # def test_bind_ssl_with_certificate(self): # if test_strategy not in [MOCK_SYNC, MOCK_ASYNC]: # tls = Tls(local_private_key_file=test_user_key_file, # local_certificate_file=test_user_cert_file, # validate=ssl.CERT_REQUIRED, # version=ssl.PROTOCOL_TLSv1, # ca_certs_file=test_ca_cert_file, # valid_names=test_valid_names) # if isinstance(test_server, (list, tuple)): # server = ServerPool(pool_strategy=test_pooling_strategy, active=test_pooling_active, exhaust=test_pooling_exhaust) # for host in test_server: # server.add(Server(host=host, port=test_port, allowed_referral_hosts=('*', True), get_info=test_get_info, mode=test_server_mode)) # else: # server = Server(host=test_server, port=test_port_ssl, use_ssl=True, tls=tls) # connection = Connection(server, auto_bind=False, client_strategy=test_strategy, user=test_user, password=test_password, authentication=test_authentication) # connection.open() # connection.bind() # self.assertTrue(connection.bound) # connection.unbind() # if connection.strategy.pooled: # connection.strategy.terminate() # self.assertFalse(connection.bound) # def test_sasl_with_external_certificate(self): # if test_strategy not in [MOCK_SYNC, MOCK_ASYNC]: # tls = Tls(local_private_key_file=test_user_key_file, local_certificate_file=test_user_cert_file, validate=ssl.CERT_REQUIRED, version=ssl.PROTOCOL_TLSv1, ca_certs_file=test_ca_cert_file, valid_names=test_valid_names) # if isinstance(test_server, (list, tuple)): # server = ServerPool(pool_strategy=test_pooling_strategy, active=test_pooling_active, exhaust=test_pooling_exhaust) # for host in test_server: # server.add(Server(host=host, port=test_port_ssl, use_ssl=True, tls=tls, allowed_referral_hosts=('*', True), get_info=test_get_info, mode=test_server_mode)) # else: # server = Server(host=test_server, port=test_port_ssl, use_ssl=True, tls=tls) # connection = Connection(server, auto_bind=False, version=3, client_strategy=test_strategy, authentication=SASL, sasl_mechanism=EXTERNAL) # connection.open() # connection.bind() # self.assertTrue(connection.bound) # connection.unbind() # if connection.strategy.pooled: # connection.strategy.terminate() # self.assertFalse(connection.bound) def test_bind_ssl_cert_none(self): if test_strategy not in [MOCK_SYNC, MOCK_ASYNC]: tls = Tls(validate=ssl.CERT_NONE) if isinstance(test_server, (list, tuple)): server = ServerPool(pool_strategy=test_pooling_strategy, active=test_pooling_active, exhaust=test_pooling_exhaust) for host in test_server: server.add(Server(host=host, port=test_port, allowed_referral_hosts=('*', True), get_info=test_get_info, mode=test_server_mode)) else: server = Server(host=test_server, port=test_port_ssl, use_ssl=True, tls=tls) connection = Connection(server, auto_bind=False, client_strategy=test_strategy, user=test_user, password=test_password, authentication=test_authentication) connection.open() connection.bind() self.assertTrue(connection.bound) connection.unbind() if connection.strategy.pooled: connection.strategy.terminate() self.assertFalse(connection.bound) def test_start_tls_with_cipher(self): # ciphers = None # ciphers = '!aNULL:!eNULL:!LOW:!EXPORT:!SSLv2' ciphers = 'HIGH:!aNULL:!RC4:!DSS' if test_strategy not in [MOCK_SYNC, MOCK_ASYNC]: if isinstance(test_server, (list, tuple)): server = ServerPool(pool_strategy=test_pooling_strategy, active=test_pooling_active, exhaust=test_pooling_exhaust) for host in test_server: server.add(Server(host=host, port=test_port, allowed_referral_hosts=('*', True), get_info=test_get_info, mode=test_server_mode)) else: server = Server(host=test_server, port=test_port, tls=Tls(validate=ssl.CERT_NONE, ciphers=ciphers), get_info=test_get_info, mode=test_server_mode) connection = Connection(server, auto_bind=False, version=3, client_strategy=test_strategy, user=test_user, password=test_password, authentication=test_authentication, lazy=test_lazy_connection, pool_name='pool1') connection.open() connection.start_tls() self.assertFalse(connection.closed) # self.assertEqual(connection.socket.cipher(), ciphers) connection.unbind() if connection.strategy.pooled: connection.strategy.terminate() # def test_hostname_doesnt_match(self): # tls_config = Tls(validate=ssl.CERT_REQUIRED, version=ssl.PROTOCOL_TLSv1) # server = Server('edir1.hyperv', use_ssl=True, tls=tls_config) # conn = Connection(server) # conn.open() # self.assertTrue(conn.bound) ldap3-2.4.1/test/testTransactions.py0000666000000000000000000001327113226436742015571 0ustar 00000000000000""" """ # Created on 2016.04.17 # # Author: Giovanni Cannata # # Copyright 2016 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from ldap3 import MODIFY_REPLACE from ldap3.protocol.controls import build_control from ldap3.protocol.novell import Integer from test.config import add_user, get_connection, drop_connection, random_id, test_server_type testcase_id = '' class Test(unittest.TestCase): def setUp(self): global testcase_id testcase_id = random_id() self.connection = get_connection() self.delete_at_teardown = [] def tearDown(self): drop_connection(self.connection, self.delete_at_teardown) self.assertFalse(self.connection.bound) def test_commit_transaction(self): if test_server_type == 'EDIR' and not self.connection.strategy.pooled and not self.connection.strategy.no_real_dsa: self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'user-1')) transaction_control = self.connection.extend.novell.start_transaction() self.connection.modify(self.delete_at_teardown[0][0], {'givenName': (MODIFY_REPLACE, ['user-1b'])}, controls=[transaction_control]) self.connection.modify(self.delete_at_teardown[0][0], {'sn': (MODIFY_REPLACE, ['sn-user-1b'])}, controls=[transaction_control]) result = self.connection.extend.novell.end_transaction(commit=True, controls=[transaction_control]) result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', attributes=['givenName', 'sn']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response, result = self.connection.response, self.connection.result if response: self.assertEqual(response[0]['attributes']['givenName'][0], 'user-1b') self.assertEqual(response[0]['attributes']['sn'][0], 'sn-user-1b') else: self.assertFalse(True, self.delete_at_teardown[0][0] + ' not found') def test_abort_transaction(self): if test_server_type == 'EDIR' and not self.connection.strategy.pooled and not self.connection.strategy.no_real_dsa: self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'user-1')) transaction_control = self.connection.extend.novell.start_transaction() self.connection.modify(self.delete_at_teardown[0][0], {'givenName': (MODIFY_REPLACE, ['user-1b'])}, controls=[transaction_control]) self.connection.modify(self.delete_at_teardown[0][0], {'sn': (MODIFY_REPLACE, ['sn-user-1b'])}, controls=[transaction_control]) result = self.connection.extend.novell.end_transaction(commit=False, controls=[transaction_control]) result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', attributes=['givenName', 'sn']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response, result = self.connection.response, self.connection.result if response: # self.assertEqual(response[0]['attributes']['givenName'][0], 'user-1b') self.assertEqual(response[0]['attributes']['sn'][0], 'user-1') else: self.assertFalse(True, self.delete_at_teardown[0][0] + ' not found') def test_invalid_transaction_cookie(self): if test_server_type == 'EDIR' and not self.connection.strategy.pooled and not self.connection.strategy.no_real_dsa: self.delete_at_teardown.append(add_user(self.connection, testcase_id, 'user-1')) transaction_control = self.connection.extend.novell.start_transaction() invalid_transaction_control = build_control('2.16.840.1.113719.1.27.103.7', True, Integer(12345678), encode_control_value=True) self.connection.modify(self.delete_at_teardown[0][0], {'givenName': (MODIFY_REPLACE, ['user-1b'])}, controls=[transaction_control]) self.connection.modify(self.delete_at_teardown[0][0], {'sn': (MODIFY_REPLACE, ['sn-user-1b'])}, controls=[invalid_transaction_control]) result = self.connection.extend.novell.end_transaction(commit=True, controls=[transaction_control]) result = self.connection.search(self.delete_at_teardown[0][0], '(objectclass=*)', attributes=['givenName', 'sn']) if not self.connection.strategy.sync: response, result = self.connection.get_response(result) else: response, result = self.connection.response, self.connection.result if response: self.assertEqual(response[0]['attributes']['givenName'][0], 'user-1b') self.assertEqual(response[0]['attributes']['sn'][0], 'user-1') else: self.assertFalse(True, self.delete_at_teardown[0][0] + ' not found') ldap3-2.4.1/test/testValidators.py0000666000000000000000000001344213062777165015236 0ustar 00000000000000import unittest from datetime import datetime from ldap3.protocol.formatters.validators import validate_integer, validate_boolean, validate_bytes, validate_generic_single_value, validate_time from ldap3.core.timezone import OffsetTzInfo class Test(unittest.TestCase): def test_int_validator_valid_number(self): validated = validate_integer(1) self.assertTrue(validated) def test_int_validator_invalid_number(self): validated = validate_integer(1.2) self.assertFalse(validated) def test_int_validator_valid_number_sequence(self): validated = validate_integer([1, 2, 3]) self.assertTrue(validated) def test_int_validator_invalid_number_sequence(self): validated = validate_integer([1, 1.2, 3]) self.assertFalse(validated) def test_int_validator_valid_string_number(self): validated = validate_integer('1') self.assertEqual(validated, 1) def test_int_validator_invalid_string_number(self): validated = validate_integer('1.2') self.assertFalse(validated) def test_int_validator_valid_string_number_sequence(self): validated = validate_integer(['1', '2', '3']) self.assertEqual(validated, [1, 2, 3]) def test_int_validator_invalid_string_number_sequence(self): validated = validate_integer(['1', '1.2', '3']) self.assertFalse(validated) def test_int_validator_invalid_type_1(self): validated = validate_integer(True) self.assertFalse(validated) def test_int_validator_invalid_type_2(self): validated = validate_integer(False) self.assertFalse(validated) def test_int_validator_invalid_type_3(self): validated = validate_integer(Ellipsis) self.assertFalse(validated) def test_int_validator_invalid_type_4(self): validated = validate_integer(object) self.assertFalse(validated) def test_boolean_validator_valid_bool_true(self): validated = validate_boolean(True) self.assertEqual(validated, 'TRUE') def test_boolean_validator_valid_bool_false(self): validated = validate_boolean(False) self.assertEqual(validated, 'FALSE') def test_boolean_validator_valid_str_true_1(self): validated = validate_boolean('True') self.assertEqual(validated, 'TRUE') def test_boolean_validator_valid_str_false_1(self): validated = validate_boolean('False') self.assertEqual(validated, 'FALSE') def test_boolean_validator_valid_str_true_2(self): validated = validate_boolean('TrUe') self.assertEqual(validated, 'TRUE') def test_boolean_validator_valid_str_false_2(self): validated = validate_boolean('FaLsE') self.assertEqual(validated, 'FALSE') def test_boolean_validator_invalid_int_1(self): validated = validate_boolean(0) self.assertFalse(validated) def test_boolean_validator_invalid_int_2(self): validated = validate_boolean(1) self.assertFalse(validated) def test_boolean_validator_invalid_str_1(self): validated = validate_boolean('') self.assertFalse(validated) def test_boolean_validator_invalid_str_2(self): validated = validate_boolean('abc') self.assertFalse(validated) def test_bytes_validator_valid_bytes(self): validated = validate_bytes(bytes([1, 2, 3])) self.assertTrue(validated) def test_bytes_validator_invalid_str(self): if str is bytes: # Python 2 validated = validate_bytes(unicode('abc')) else: validated = validate_bytes('abc') self.assertFalse(validated) def test_bytes_validator_invalid_object(self): validated = validate_bytes(object) self.assertFalse(validated) def test_validate_generic_single_value_valid_1(self): validated = validate_generic_single_value(1) self.assertTrue(validated) def test_validate_generic_single_value_valid_2(self): validated = validate_generic_single_value('abc') self.assertTrue(validated) def test_validate_generic_single_value_valid_3(self): validated = validate_generic_single_value(object) self.assertTrue(validated) def test_validate_generic_single_value_invalid_1(self): validated = validate_generic_single_value((1, 2)) self.assertFalse(validated) def test_validate_generic_single_value_invalid_2(self): validated = validate_generic_single_value([1, 2]) self.assertFalse(validated) def test_validate_generic_single_value_invalid_3(self): validated = validate_generic_single_value((a for a in range(2))) self.assertFalse(validated) def test_validate_time_valid_datetime(self): validated = validate_time(datetime.now()) self.assertTrue(validated) def test_validate_time_valid_datetime_with_timezone(self): validated = validate_time(datetime.now(OffsetTzInfo(0, 'UTC'))) self.assertTrue(validated) def test_validate_time_valid_str(self): validated = validate_time('20170317094232Z') self.assertTrue(validated) def test_validate_time_valid_str_with_timezone(self): validated = validate_time('20170317094232+0100') self.assertTrue(validated) def test_validate_time_invalid_str_1(self): validated = validate_time('abc') self.assertFalse(validated) def test_validate_time_invalid_str_2(self): validated = validate_time('20170317254201Z') self.assertFalse(validated) def test_validate_time_invalid_str_with_timezone(self): validated = validate_time('20170317094232+24') self.assertFalse(validated) ldap3-2.4.1/test/testWriterCursor.py0000666000000000000000000000316113226436742015570 0ustar 00000000000000""" """ # Created on 2016.04.17 # # Author: Giovanni Cannata # # Copyright 2016 - 2018 Giovanni Cannata # # This file is part of ldap3. # # ldap3 is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published # by the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # ldap3 is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with ldap3 in the COPYING and COPYING.LESSER files. # If not, see . import unittest from test.config import add_user, get_connection, drop_connection, random_id, test_server_type from ldap3 import Server, Connection, ObjectDef, Reader, Writer, ALL testcase_id = '' class Test(unittest.TestCase): def setUp(self): global testcase_id testcase_id = random_id() self.connection = get_connection(get_info=ALL, bind=True) self.delete_at_teardown = [] def tearDown(self): drop_connection(self.connection, self.delete_at_teardown) self.assertFalse(self.connection.bound) def test_writer_from_cursor(self): o = ObjectDef('inetorgperson', self.connection) r = Reader(self.connection, o, 'o=test', 'cn:=*') r.search() w = Writer.from_cursor(r, self.connection, o) ldap3-2.4.1/_version.json0000666000000000000000000000055413216273066013404 0ustar 00000000000000{ "package_folder": ".", "email": "cannatag@gmail.com", "status": "5 - Production/Stable", "package_name": "ldap3", "url": "https://github.com/cannatag/ldap3", "description": "A strictly RFC 4510 conforming LDAP V3 pure Python client library", "author": "Giovanni Cannata", "version": "2.4.1", "license": "LGPL v3" }