1 # Custom schema for our LDAP directory. This defines only objectclasses, the
2 # relevant attributes are reused from other schema. Having a custom schema
3 # ensures that we can enforce our local rules and not have all those extra
4 # attributes available which we'll never use.
6 # A lot of the ideas in this schema are taken from the paper "LDAP Schema
7 # Design", by Andrew Findlay.
8 # http://www.skills-1st.co.uk/papers/ldap-schema-design-feb-2005/ldap-schema-design-feb-2005.pdf
11 # Oid for the "stderr.nl" organization, owned by Matthijs Kooijman. Do not use
12 # this OID or these objectclasses without contacting Matthijs, since they may
13 # change without notice!
14 objectIdentifier StdErr 1.3.6.1.4.1.33232
15 objectIdentifier StdErrLDAP StdErr:2
16 objectIdentifier StdErrAttributeType StdErrLDAP:1
17 objectIdentifier StdErrObjectClass StdErrLDAP:2
20 # Define a number of structural object classes. These define what an object
21 # _is_ and is expected never to change.
24 # An object. Can be anything that is not a person and not a group (mostly
25 # used for organizing the directory and for sytem accounts).
26 objectclass ( StdErrObjectClass:1
31 MAY ( uniqueIdentifier ) )
33 # A person. Any person that should be represented should be a simplePerson,
34 # adding auxillary classes from below to add an account, mailbox, etc.
35 objectclass ( StdErrObjectClass:2
39 MUST ( cn $ givenName $ sn)
42 # A group. This is any group of things, though usually it will be a group of
43 # people. Does not have any particular meaning by itself, but auxillary classes
44 # from below can be added to make this group a unix group, mail alias, etc.
46 # This is similar to groupOfUniqueNames, but its uniqueMember attribute is
47 # optional, allowing for an empty group.
48 # Also, it adds a displayName and removes some other attributes.
49 objectclass ( StdErrObjectClass:3
54 MAY ( uniqueMember $ description ) )
56 # A posix group that should get a unix account.
58 # This is similar to posixGroup, but it is an auxillary class instead of
59 # structural, so it can be used together with groupOfUniqueNames
60 objectclass ( StdErrObjectClass:4
61 NAME 'simplePosixGroup'
64 MUST ( cn $ gidNumber )
65 MAY ( memberUid $ description ) )
67 # A mail user. It has a number of mail addresses (mail and
68 # mailAlternateAddresses). Mail to these addresses should be delivered to the
69 # mailbox of uid on mailHost or forwarded to all mailForwardingAddresses.
70 objectclass ( StdErrObjectClass:5
75 MAY ( mailAlternateAddress $ mailHost $ uid $ mailForwardingAddress ) )
77 # A mail group. This has a number of mail addresses (mail and
78 # mailAlternateAddresses). Mail to these addresses should be delivered to each
79 # rf822member and uniqueMember.
80 objectclass ( StdErrObjectClass:6
85 MAY ( mailAlternateAddress $ rfc822member $ uniqueMember ) )
87 # Note that there is no alternative for posixGroup here. posixGroup exactly has
88 # the attributes we would like to have, so there seems to be no need to add a
89 # custom version of it.