bn8/ldapsaisie
1
0
Fork 0
mirror of https://gitlab.easter-eggs.com/ee/ldapsaisie.git synced 2024-05-03 12:58:54 +02:00
Code Issues Projects Releases Wiki Activity

Add dynamic groups support (with cache members attributes)

Browse source 
Add LSaddon dyngroup with feature to handle update static cache members
attributes on users or dyngroup URI changes. The update process could
also be runned using CLI update_dyngroups_members_cache command
(allowing cron task configuration).

LSexample also evoluate to add example of dynamic groups implementation.
On this occasion, the restore_lsexample script was completely rewrited.
This commit is contained in:
Benjamin Renard 2021-07-21 19:42:22 +02:00
parent a7356f5e67
commit e099a27533
36 changed files with 1824 additions and 2592 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
doc/conf/LSattribute/check-data.docbook
View file

@ -54,6 +54,7 @@ règles.</para>
&conf-LSattribute-check-data-imagesize;
&conf-LSattribute-check-data-inarray;
&conf-LSattribute-check-data-integer;
&conf-LSattribute-check-data-ldapSearchURI;
&conf-LSattribute-check-data-lettersonly;
&conf-LSattribute-check-data-maxlength;
&conf-LSattribute-check-data-minlength;

1
doc/conf/LSattribute/check_data/LSattribute-check_data.entities.xml
View file

@ -9,6 +9,7 @@
<!ENTITY conf-LSattribute-check-data-imagesize SYSTEM "imagesize.docbook">
<!ENTITY conf-LSattribute-check-data-inarray SYSTEM "inarray.docbook">
<!ENTITY conf-LSattribute-check-data-integer SYSTEM "integer.docbook">
<!ENTITY conf-LSattribute-check-data-ldapSearchURI SYSTEM "ldapSearchURI.docbook">
<!ENTITY conf-LSattribute-check-data-lettersonly SYSTEM "lettersonly.docbook">
<!ENTITY conf-LSattribute-check-data-maxlength SYSTEM "maxlength.docbook">
<!ENTITY conf-LSattribute-check-data-mimetype SYSTEM "mimetype.docbook">

92
doc/conf/LSattribute/check_data/ldapSearchURI.docbook Normal file
View file

@ -0,0 +1,92 @@
<sect4 id="config-LSattribute-check-data-ldapSearchURI">
<title>ldapSearchURI</title>
<para>Cette règle vérifie que la valeur est une URI de recherche LDAP valide, c'est
à dire, par exemple,
<literal>ldaps://ldap.example.com:636/o=example?attr1,attr2?one?(gidNumber=100)</literal>
</para>
<para>Cette vérification commence par découper la valeur à l'aide du sépérateur
<literal>?</literal> et elle s'assure ensuite :
<itemizedlist>
<listitem><simpara>Que la première partie est bien une URI LDAP valide. Si l'hôte
LDAP est spécifié, elle s'assure qu'il soit une adresse IP ou un nom de domaine valide.
Si le port LDAP est spécifié, elle s'assure également qu'il soit correct et que l'hôte
est également bien spécifié.</simpara></listitem>
<listitem><simpara>Si la base de recherche est spécifiée, elle s'assure qu'elle soit
compatible avec la racine de l'annuaire connecté.</simpara></listitem>
<listitem><simpara>Si un ou plusieurs attributs sont spécifiés, elle les vérifie un à un
afin de vérifier qu'il s'agit de nom d'attribut valide.</simpara></listitem>
<listitem><simpara>Que le scope de recherche soit bien spécifié et valide.</simpara>
</listitem>
<listitem><simpara>Si le filtre de recherche est spécifié, elle vérifie qu'il soit valide.
</simpara></listitem>
</itemizedlist>
</para>
<variablelist>
<title>Paramêtres de configuration</title>
<varlistentry>
<term>check_resolving_ldap_host</term>
<listitem>
<simpara>Si l'hôte du serveur LDAP est spécifié et qu'il s'agit d'un nom de domaine valide,
un tentative de résolution DNS sera également faite (optionnel, par défaut :
<literal>Vrai</literal>).</simpara>
</listitem>
</varlistentry>
<varlistentry>
<term>host_required</term>
<listitem>
<simpara>Booléen détermintant si une erreur est relevée en cas d'absence de l'hôte
LDAP. (optionnel, par défaut : <literal>Faux</literal>)</simpara>
</listitem>
</varlistentry>
<varlistentry>
<term>basedn_required</term>
<listitem>
<simpara>Booléen détermintant si une erreur est relevée en cas d'absence de base de
recherche. (optionnel, par défaut : <literal>Faux</literal>)</simpara>
</listitem>
</varlistentry>
<varlistentry>
<term>scope_required</term>
<listitem>
<simpara>Booléen détermintant si une erreur est relevée en cas d'absence de portée de
recherche. (optionnel, par défaut : <literal>Vrai</literal>)</simpara>
</listitem>
</varlistentry>
<varlistentry>
<term>attr_required</term>
<listitem>
<simpara>Booléen détermintant si une erreur est relevée en cas d'absence d'attribut
recherché. (optionnel, par défaut : <literal>Faux</literal>)</simpara>
</listitem>
</varlistentry>
<varlistentry>
<term>max_attrs_count</term>
<listitem>
<simpara>Nombre maximum d'attribut recherchés. (optionnel, par défaut : pas de limite)
</simpara>
</listitem>
</varlistentry>
<varlistentry>
<term>filter_required</term>
<listitem>
<simpara>Booléen détermintant si une erreur est relevée en cas d'absence de filtre de
recherche. (optionnel, par défaut : <literal>Faux</literal>)</simpara>
</listitem>
</varlistentry>
</variablelist>
</sect4>

713
lsexample/lsexample.ldif
View file

@ -1,713 +0,0 @@
dn: o=ls
objectClass: top
objectClass: organization
o: ls
structuralObjectClass: organization
dn: sambaDomainName=LS,o=ls
objectClass: sambaDomain
objectClass: sambaUnixIdPool
objectClass: sambaSidEntry
objectClass: top
structuralObjectClass: sambaSidEntry
sambaDomainName: LS
sambaSID: S-1-5-21-4207250186-2406131440-3849861866
uidNumber: 800000
gidNumber: 800002
dn: ou=sysaccounts,o=ls
objectClass: top
objectClass: organizationalUnit
ou: sysaccounts
structuralObjectClass: organizationalUnit
dn: uid=mail,ou=sysaccounts,o=ls
objectClass: top
objectClass: lssysaccount
uid: mail
userPassword: toto
pwdPolicySubentry: cn=sysaccounts,ou=ppolicies,o=ls
structuralObjectClass: lssysaccount
dn: uid=samba,ou=sysaccounts,o=ls
objectClass: top
objectClass: lssysaccount
uid: samba
userPassword: toto
pwdPolicySubentry: cn=sysaccounts,ou=ppolicies,o=ls
structuralObjectClass: lssysaccount
dn: uid=ldapsaisie,ou=sysaccounts,o=ls
objectClass: top
objectClass: lssysaccount
uid: ldapsaisie
userPassword: toto
pwdPolicySubentry: cn=sysaccounts,ou=ppolicies,o=ls
structuralObjectClass: lssysaccount
dn: ou=groups,o=ls
objectClass: top
objectClass: organizationalUnit
ou: groups
structuralObjectClass: organizationalUnit
dn: cn=adminldap,ou=groups,o=ls
objectClass: top
objectClass: lsgroup
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: adminldap
gidNumber: 70000
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-70000
sambaGroupType: 2
structuralObjectClass: posixGroup
uniqueMember: uid=admin,ou=people,o=ls
dn: cn=invite,ou=groups,o=ls
objectClass: top
objectClass: lsgroup
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: invite
gidNumber: 101009
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203019
sambaGroupType: 2
structuralObjectClass: posixGroup
dn: cn=ls,ou=groups,o=ls
objectClass: top
objectClass: lsgroup
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: ls
gidNumber: 102001
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-205003
sambaGroupType: 2
structuralObjectClass: posixGroup
uniqueMember: uid=invite,ou=people,o=ls
dn: cn=informatique,ou=groups,o=ls
objectClass: top
objectClass: lsgroup
objectClass: posixGroup
objectClass: sambaGroupMapping
gidNumber: 102009
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-205019
sambaGroupType: 2
cn: informatique
structuralObjectClass: posixGroup
uniqueMember: uid=eeggs,ou=people,o=ls
uniqueMember: uid=admin,ou=people,o=ls
dn: cn=direction,ou=groups,o=ls
objectClass: top
objectClass: lsgroup
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: direction
gidNumber: 102007
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-205015
sambaGroupType: 2
structuralObjectClass: posixGroup
uniqueMember: uid=hmartin,ou=people,o=ls
uniqueMember: uid=eeggs,ou=people,o=ls
dn: cn=administratif,ou=groups,o=ls
objectClass: top
objectClass: lsgroup
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: administratif
gidNumber: 102005
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-205011
sambaGroupType: 2
structuralObjectClass: posixGroup
dn: cn=communication,ou=groups,o=ls
objectClass: top
objectClass: lsgroup
objectClass: posixGroup
objectClass: sambaGroupMapping
cn: communication
gidNumber: 102003
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-205007
sambaGroupType: 2
structuralObjectClass: posixGroup
dn: ou=people,o=ls
objectClass: top
objectClass: organizationalUnit
ou: people
structuralObjectClass: organizationalUnit
dn: uid=hmartin,ou=people,o=ls
objectClass: top
objectClass: lspeople
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
uid: hmartin
homeDirectory: /home/com
loginShell: /bin/false
uidNumber: 101022
sambaAcctFlags: [U ]
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203044
givenName: Henri
sn: MARTIN
gidNumber: 102001
lsAllowedServices: MAIL
lsAllowedServices: SAMBA
lsAllowedServices: FTP
cn: Henri MARTIN
sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-205003
personalTitle: M.
lsGodfatherDn: uid=eeggs,ou=people,o=ls
userPassword: toto
sambaLMPassword: 0182BD0BD4444BF836077A718CCDF409
sambaNTPassword: 259745CB123A52AA2E693AAACCA2DB52
structuralObjectClass: lspeople
mail: henri.martin@ls.com
dn: uid=s.ldapsaisie,ou=people,o=ls
objectClass: top
objectClass: lspeople
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
loginShell: /bin/false
uidNumber: 101036
userPassword: toto
sambaAcctFlags: [U ]
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203072
sambaNTPassword: 8DB716B655D71DF6BD056A41B22B9EA9
sambaLMPassword: 6CE56DC112C920EF0F5E44C88BF9DC39
givenName: Secretariat
mail: secretariat@ldapsaisie.biz
lsAllowedServices: MAIL
lsAllowedServices: SAMBA
lsAllowedServices: FTP
sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-513
structuralObjectClass: lspeople
personalTitle: M.
sn: LdapSaisie
cn: Secretariat LdapSaisie
gidNumber: 70000
uid: s.ldapsaisie
homeDirectory: /home/s.ldapsaisie
dn: uid=ls,ou=people,o=ls
objectClass: top
objectClass: lspeople
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
uid: ls
homeDirectory: /home/ls
loginShell: /bin/false
uidNumber: 101068
userPassword: toto
sambaAcctFlags: [U ]
sambaLMPassword: 6E72264E11F708C0AAD3B435B51404EE
sambaNTPassword: 8D9B9B87EE8C0423691F4F0E00C5BDE1
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203136
gidNumber: 102001
lsAllowedServices: MAIL
lsAllowedServices: SAMBA
lsAllowedServices: FTP
sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-205003
structuralObjectClass: lspeople
personalTitle: M.
givenName: Ldap
sn: Saisie
cn: LdapSaisie
mail: ldap.saisie@ls.com
description: toto
dn: uid=erwpa,ou=people,o=ls
uid: erwpa
objectClass: top
objectClass: lspeople
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
uidNumber: 101082
sambaAcctFlags: [U ]
homeDirectory: /home/erwpa
loginShell: /bin/false
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-203164
sn: PAGEARD
gidNumber: 102009
mail: erwan.page@ldapsaisie.biz
lsAllowedServices: MAIL
lsAllowedServices: SAMBA
lsAllowedServices: FTP
cn: Erwan PAGE
sambaPrimaryGroupSID: S-1-5-21-2421470416-3566881284-3047381809-205019
personalTitle: M.
givenName: Erwan
lsGodfatherDn: uid=eeggs,ou=people,o=ls
userPassword: toto
sambaLMPassword: B3298C30FB103112C187B8085FE1D9DF
sambaNTPassword: 59D2D06177D147726BBA6AECBCB080BC
structuralObjectClass: lspeople
dn: uid=eeggs2,ou=people,o=ls
objectClass: top
objectClass: lspeople
objectClass: posixAccount
objectClass: shadowAccount
uid: eeggs2
uidNumber: 1000000
gidNumber: 102009
facsimileTelephoneNumber: 030000000
lsAllowedServices: MAIL
lsAllowedServices: FTP
description: Utilisateur test Easter-eggs 2
cn: Easter Eggs 2
personalTitle: M.
homeDirectory: /home/eeggs
loginShell: /bin/false
sn: Eggs
givenName: Easter
mail: bn8@zionetrix.net
userPassword: toto
structuralObjectClass: lspeople
dn: uid=eeggs3,ou=people,o=ls
objectClass: top
objectClass: lspeople
objectClass: posixAccount
objectClass: shadowAccount
uid: eeggs3
uidNumber: 10000000
gidNumber: 102009
facsimileTelephoneNumber: 030000000
lsAllowedServices: MAIL
lsAllowedServices: FTP
description: Utilisateur test Easter-eggs 2
cn: Easter Eggs 2
personalTitle: M.
homeDirectory: /home/eeggs
loginShell: /bin/false
sn: Eggs
givenName: Easter
mail: bn8@zionetrix.net
userPassword: toto
structuralObjectClass: lspeople
dn: ou=companies,o=ls
objectClass: organizationalUnit
objectClass: top
ou: companies
structuralObjectClass: organizationalUnit
dn: ou=company2,ou=companies,o=ls
objectClass: top
objectClass: lscompany
ou: company2
description:: dGVzdCAyIA==
structuralObjectClass: lscompany
dn: ou=people,ou=company2,ou=companies,o=ls
objectClass: top
objectClass: organizationalUnit
ou: people
structuralObjectClass: organizationalUnit
dn: ou=groups,ou=company2,ou=companies,o=ls
objectClass: top
objectClass: organizationalUnit
ou: groups
structuralObjectClass: organizationalUnit
dn: ou=company1,ou=companies,o=ls
objectClass: top
objectClass: lscompany
ou: company1
description: Test company 1
structuralObjectClass: lscompany
dn: ou=people,ou=company1,ou=companies,o=ls
objectClass: top
objectClass: organizationalUnit
ou: people
structuralObjectClass: organizationalUnit
dn: ou=groups,ou=company1,ou=companies,o=ls
objectClass: top
objectClass: organizationalUnit
ou: groups
structuralObjectClass: organizationalUnit
dn: ou=company3,ou=companies,o=ls
objectClass: top
objectClass: lscompany
ou: company3
description: test 3
structuralObjectClass: lscompany
dn: ou=people,ou=company3,ou=companies,o=ls
objectClass: top
objectClass: organizationalUnit
ou: people
structuralObjectClass: organizationalUnit
dn: ou=groups,ou=company3,ou=companies,o=ls
objectClass: top
objectClass: organizationalUnit
ou: groups
structuralObjectClass: organizationalUnit
dn: cn=test,ou=groups,ou=company2,ou=companies,o=ls
objectClass: lsgroup
objectClass: posixGroup
cn: test
gidNumber: 102010
structuralObjectClass: posixGroup
dn: cn=group1,ou=groups,ou=company1,ou=companies,o=ls
objectClass: lsgroup
objectClass: posixGroup
cn: group1
gidNumber: 102011
uniqueMember: uid=user1,ou=people,ou=company1,ou=companies,o=ls
structuralObjectClass: posixGroup
dn: uid=user1,ou=people,ou=company1,ou=companies,o=ls
objectClass: top
objectClass: lspeople
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
givenName: prenom1
loginShell: /bin/false
personalTitle: M.
uid: user1
uidNumber: 10000001
sn: nom1
cn: prenom1 nom1
gidNumber: 101009
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-20001002
homeDirectory: /home/user1
mail: user1@ls.com
description: user1
userPassword: toto
sambaLMPassword: FC26CDB2863917C1AAD3B435B51404EE
sambaNTPassword: 00B2C85DDFBD8CC81602D6FC7340EB0B
structuralObjectClass: lspeople
dn: uid=user2,ou=people,ou=company1,ou=companies,o=ls
objectClass: top
objectClass: lspeople
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
givenName: prenom2
loginShell: /bin/false
personalTitle: M.
uid: user2
uidNumber: 10000002
sn: nom2
cn: prenom2 nom2
gidNumber: 102001
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-20001004
homeDirectory: /home/user2
mail: user2@ls.com
userPassword: toto
sambaLMPassword: C53D7C8685D27214AAD3B435B51404EE
sambaNTPassword: C549EE84021E5E8372E10CEDEAFD02A8
structuralObjectClass: lspeople
dn: ou=company4,ou=companies,o=ls
objectClass: top
objectClass: lscompany
ou: company4
description: test
structuralObjectClass: lscompany
dn: ou=people,ou=company4,ou=companies,o=ls
objectClass: top
objectClass: organizationalUnit
ou: people
structuralObjectClass: organizationalUnit
dn: ou=groups,ou=company4,ou=companies,o=ls
objectClass: top
objectClass: organizationalUnit
ou: groups
structuralObjectClass: organizationalUnit
dn: cn=testpasdn,ou=groups,o=ls
objectClass: lsgroup
objectClass: posixGroup
cn: testpasdn
gidNumber: 102012
structuralObjectClass: posixGroup
uniqueMember: uid=erwpa,ou=people,o=ls
uniqueMember: uid=eeggs,ou=people,o=ls
uniqueMember: uid=ls,ou=people,o=ls
dn: uid=eeggs,ou=people,o=ls
objectClass: top
objectClass: lspeople
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
loginShell: /bin/bash
personalTitle: M.
uidNumber: 10000008
sn: Eggs
gidNumber: 102009
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-20001016
userPassword: toto
sambaLMPassword: A466CD4F80A06085E68AA26A841A86FA
sambaNTPassword: 1F2029FF8619E2FEE2189C5A9653BDD5
structuralObjectClass: lspeople
uid: eeggs
givenName: Easter
cn: Easter Eggs
homeDirectory: /home/eeggs
mail: easter.eggs@ls.com
dn: cn=secretariat,ou=groups,o=ls
objectClass: lsgroup
objectClass: posixGroup
cn: secretariat
gidNumber: 102013
uniqueMember: uid=hmartin,ou=people,o=ls
structuralObjectClass: posixGroup
dn: uid=invite,ou=people,o=ls
objectClass: top
objectClass: lspeople
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
givenName: Utilisateur
loginShell: /bin/false
personalTitle: M.
uid: invite
uidNumber: 10000012
sn: de passage
cn: Utilisateur de passage
gidNumber: 101009
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-20001024
homeDirectory: /home/invite
mail: invite@ldapsaisie.biz
userPassword: toto
sambaLMPassword: 0182BD0BD4444BF836077A718CCDF409
sambaNTPassword: 259745CB123A52AA2E693AAACCA2DB52
structuralObjectClass: lspeople
dn: uid=demo,ou=people,o=ls
objectClass: top
objectClass: lspeople
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
givenName: Demonstration
loginShell: /bin/false
personalTitle: M.
uid: demo
uidNumber: 10000014
sn: LdapSaisie
cn: Demonstration LdapSaisie
gidNumber: 70000
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-20001028
homeDirectory: /home/demo
mail: demo@ls.com
description:: VXRpbGlzYXRldXIgZGUgZMOpbW9uc3RyYXRpb24=
userPassword: demo
sambaLMPassword: 193DB29CB51FD313AAD3B435B51404EE
sambaNTPassword: 527C9C819B286EFB8EC4EBB5B5AE71CF
structuralObjectClass: lspeople
dn: uid=admin,ou=people,o=ls
objectClass: top
objectClass: lspeople
objectClass: posixAccount
objectClass: shadowAccount
objectClass: sambaSamAccount
givenName: Administration
loginShell: /bin/false
personalTitle: M.
uid: admin
uidNumber: 10000015
sn: LdapSaisie
cn: Administration LdapSaisie
gidNumber: 70000
sambaSID: S-1-5-21-2421470416-3566881284-3047381809-20001030
homeDirectory: /home/admin
userPassword: admin
sambaLMPassword: F0D412BD764FFE81AAD3B435B51404EE
sambaNTPassword: 209C6174DA490CAEB422F3FA5A7AE634
structuralObjectClass: lspeople
description:: VXRpbGlzYXRldXIgZGUgZMOpbW9uc3RyYXRpb24gOiBBZG1pbmlzdHJhdGV1cg==
jpegPhoto:: iVBORw0KGgoAAAANSUhEUgAAAOkAAAAyCAYAAAC5zvwPAAAABHNCSVQICAgIfAhkiA
AAAAlwSFlzAAAevgAAHr4BkbqOfgAAABl0RVh0U29mdHdhcmUAd3d3Lmlua3NjYXBlLm9yZ5vuPBo
AABdiSURBVHic7Z15nBTVtce/p2YBZACRYBTBDdwRoqio8SkGmRmQxJgo6sP4YjafRg3ODBqNUXFJ
EIYBNfm45OWjvqhPQ4wmGpgeQFHEqHFBg8aoKCAQWUREFGbpOu+PWz1dVV3VXT1dM4Omf5/P/XTX7
btVV517zz3bFVXliwwRORhodGXdoKq/7a7xdAfkgpfK6Ld+AK3l/Sm1d7C1Zb3eOfGz7h5XEKSuaT
yqt7dn2NZknT1uaZf1X9N4NiLT2zMsmagzK5d3Vf9BKI2zMRG5CDjRlTVHVZ+Ls48O4GhgH9f1e90
1kK6EXJY4EovzEU6gguEkS0qxkmADFWVIbWIbsB5YDvoEaj/J7AnLVenuWbs37udlJXt2ae+WVKCu
/pUeXdp/AGIlUuB84CjX9U0xt98RjPJdv9Ito+giSM3jeyHld2ExASALyVU4aSjIaUgJ1CQ2ylTO1
5lVf+ma0RYRBbERqYiUAoe7snYA/4ir/QJwpOv7e6r6UbeNpJMhUxtHIGWLQL/UwSYGorJXrIMqom
DEuZIeCh7W4O+q2hZj+3lDRCzgCFfWy901ls6G1CR2Q2QB4CNQXYpav0F4m6S1hl7Nn7CjdD8sHQo
MQzgOlfHEz1V1DML7KA+1X1vW+q7tX95FNd2/sLlL+w9AnA/mSN/1zkAQB2BYuhR2hjF1DkSvA9nd
lbMNtSdqw/inAkp/hOu/kKlNu6NMxtbvIp090OzQmZXPA2d3Y/9PAE90V/9BiJNIj/Bd7wx7v51x4
ogdMm1xKchkb6ZM0lmBBJoBnVm5AZgNzJZpi7tWUFNETlgxtrUzEoRfaLQzjCl+fNz6FWA3V85Kra
+c35Gm9NoxO+IZVBFxIZaVVEQE+Iorqw34exxtB/S1K3A6MBHYH+gHrAT+Btyhqm4Vi3viWKuqGyK
0LxgJ9Vin/cHAXkAfYDVGhfMWcLeqfpDHuA8GjnVlPaqqW5zfBgPnACc5/fUGlgPLgL+o6otZG7d0
sEeKK7wQdVwdhdTM7YX0Gwt6AjDESYOBJLAZ5Z9YPI3NH7WhKvK+Turm7YNaJ7dn2JLQ2VX/yllva
tNwbJ2Esi/Cvs54tgMbnfQ+ymLa7Cf11vFbQ9u5fMEBJJNfbc9oLntMfzX2w8jjv2L+YJIlE0DHor
I36B4IzSjrgRdB59FQ/UQ+qi6Jw5hBRA4E/unK+ruqjii4YW8f5cBlwFVA35BiNsZY4TqH2D7CEDH
AY6r6jSztHwVMASqBgRGGtB24E7g+isRYRBqc8YNRjPQFSoB64HuEczVtwM+BmzXkYUld47dQeTid
oY9pfXXovRYCmZo4FVsuAk4G7RWhyjZE5tCnfJpeOyanIFHqms5AdW46R0/RWdWLQssbffA04FSIt
KNuQ/m1NlRNCe4/8QOU36Qz5Citr3wp57gvS+yJxfUYNWRJjuIvIHqx1lf/LcJ4Y2N3/axurPtREd
kNWARMJ5xAwdzPtSIyh/Qqm0IuVvdHwGSiEShALwxR/y5iefd/9A4wCLNa/oDsz6EU+CW4Xhw/2nj
dc63WkXLp/M5RwttMAp0QkUABKlC9mq3NTXHvd2VK40FYPInhqqKKvEqxdP9Yx1HXNAqLVzDPMheB
AhyDytNSm/h2lPY7i0hj2/uJSAXwFHCCK3sVZnU5DsOKfhW4HEixMZc6KZ8xpdj1HcAjwHWYWXGs8
9t44MeA34LqVBHx9+W/B8ErWNsMLMSwhy3AA8A3gOEYi61LgHd9zXxPRPzCOYN1n7wDNKczdC/KrN
kybVqcMgc/kiDzEK5H9Qco47CtI7CYiPk//KvfyWxtboirc5na1JsSeRTvpP03p++vYcnhiH0YalW
Z8el0UP9/Wvg4ahMjUV0MfNmV/QFwE+h3sORYRCpBpgLPusr0BB6U2qbjc/YRE7u7ADjFlXWSqj5d
cMOm7YeASa6su4Apqro9oOxQYAGwX0BTQ1R1TUgfFvAn4I/AH1X14xxjOhf4X9Kz9zJVDSYgU34Y8
HbAT28CZ6vqqwF1+gIPAdWu7ISqVvvLAkht4l7gPF/26yi/wGpt0vqJm0JvKA9IXdMNqLZQat+tN4
8P/D/by9YkTkF4ADd3YpccqrNPCTVyicruOja+89LFdLY2VNdkHY8gXJY4AfRAbagOtN/Oh92VHy+
uoGfzS8CB6XFwC232NUH7Xpk2zeKTY+tQbgTKnOxVtNoH6a3jm/3lU4hLBeNeSRUj8CgYInIJXgK9
XVUvCiuvqitE5HJgru+nDWEE6tSzga9HHZeq3iciJwI/dLIOFZFyVW0JqeLnNMAIn05Q1UChhKpuF
ZELnXKpB1opIj1UNfOBlrdNoaW0EtjDlXsYwv1omUpt03LQZ1B9CewXtGFChwR7Wl/588hlG6oWSl
3TZFQbSXFtVtuFZHI5+cPWo10M7g4+HXhFzvEoClVLgCUF9w/Qs+UnuAlUuENnBe91AfTaa21ghtQ
m+gI/c7L3oUzOAe4Jq1cwOyQi++AV/69Q1VDpWR7t9gducGUtw7CBWaGqfyCTVewM1YtbB1mO+2Fl
wr/K7gBODSPQFFR1JfCwK0vwOguky/7y1I8QPRMj6fZDQA8HLkTkf5CS16Q2sVpqE7dJTeIUueCls
oA6sUDrKxcg6rIFlrGxNGxxmOtqpd45qjWWdiPC7PnV9T7qu4jURaq8rfUXwPuu1r6frXgcexb/Cx
gXQdTgFfxMUdVkxLp+dqoziPRT37Wdpax/Ja1X1Xci9uN3kwokUgCtr36Gba2HITITIxXOhiHAxQg
LqNj4ptTMPynieDoAcQsSD5YfL64ILRoVipszGio1j3etzXG5jMGzD5V7dGal/50IhOMm6J58R8sF
j+8SVj4Odjd2ya4jLPqJK2upqkaynnGw0nedN5GKyECMYKcfRjjhn9BO911n05m6/6PtGLVLVKzyX
e+ZrbDzAlwuFy+6mZ7JamAiqlVA//Basj8iT0pt021sG1CX76okV/y5D21lw7CkH0mrD5ZPwmnTz8
WaWvRo3gMj4e44lOWuNsuQ8vlSm/iJzqp6sqB2I/dvneRxMVI7XxnMG67vZexSOhL4a1DBnZJIMUK
oPq7rO/Ks7xfH5yRSEemJkbCegzE62CN7DQ8+UNVAhb2IDMFr9D43l2DKB/8+N5IXj6OAvx+4XybN
LWFIxQhUjkRkNMgEUP/KI6CX0nvjRuDGXO07xgPfB06DHvsCgg2IZrrH+Z+GpVkmjKjY+iD0vQoYZ
q71cOAJqU28BZoAFtJctjQfQ4T8oL733jpEahuDBJbBEOsA3EJbsUI9l+Ig0s5gdye4vtvAY3nWH+
D6vsVnhZQBETkLs7oNzrOfFDKksy74J7FH82z7y77rvL1C9PdnJjGT5yvAb42Uc8EoSF6ByBmewiJ
Xy2ULHw6TwMoFL5VRsakBuIgOb5esqDrWUGjDmdulrvF8VP6EVyZyIMiBwCX0aFOpTbwM8hjC41GM
EvKAd6IRbo+uqgX8WhUJn7gKIlIR+TJGKZ/CWlXdWEibDsa5vi/Pc+UB4zaXQuikISIlwK+A/w74+
U1gDWmzsi2k14i+pK2HsvZBJpE+G1gqHIf4rtflWT8DRso57kXgTKlr+iaqD5MmuB5YbT8DzvXXE0
Go2fR74Ju+n1qAFzATyEeIfITarvAsMhyIpLjP6z7qq5+RKYsOpTQ5B9UzyHyfBRgFOgrlOqlNLME
uuSCbCigyhH6xxrDQcCOIQlfS2I0YHMX/EFfW62FlQ+rvijEKiDKmGXgJ9H0M0T6sqiuy9DGB6ETq
5jTWq2q+K+F/uL6/l02V1BFofeWjUtN4CyKu+7GCTTprGieDuAl0HaJ1lJbO0+mnhE6kUtv0PdDYi
RRA54xdD5wjly2+EGmegDAR+BqZHAjAf2All0lt47k6q9qvpsuzY9yOCDuAKwtqz7KfD/upUCLtDP
e0AXhNq/JVwvttOAMJSES+gjHrS+FN4BRVXRuhj7N811FX0rzuxVFvuVUNiXzqR4Zl3Y+qi0j1IJk
0t8Rhk13ZcrHrn92CUqmzqqNMosNiGmkodPaYLRjLrQcApCZxGKJjUalGqCb9TpSD3Ck1jz+rDROj
POswuJ9lT0qSD+qMCZEdLvJBoSqYzjAH9NvORrGFdMOvcwobk99m9ptRCNQRMLlXky2qweZmIrI7x
mwxhXzdwL6Ld8LpnNhD9sdv+HLKGdTfI1iSyxbvinCMK2ueNlRF5HI0mw65U6ANVa/rrOpbtaFqAp
aMQDwGNv2xyoO2OHlAVnouk6VHBZcrHHETaRwrqX+1CdUL+iEio4ExrqxtBJvjgXffu1ZV/xlSzo+
z8dqLZrtn//8zJLBUABw11AWurDeAeSHFC8RumWqdHp95pcgl2wfhnjA02oTs2A8HWVx1GXRm5XLs
Ui+7rTo8pHg0CF5Vj+pxBbWXBR0mUmfv5xY5f6iqqwsdkCN4+sSVdXDE8VjAbXhXnmWOyZ+/rN9yJ
xKBish+wBxfdj5Co90d4ouCn+PViU4Lupd40Has51L4UG/+xifeIuJlfa2IoS63jj6PYFvqLoU2jH
0Xr9Bt74IabCtZiFs9JlwiUxYW1mYICllJOzNcipt9HCoip0WoU4+JsetGIAE5fplu6xC/BDUDIlI
G/B9eK6jQPhwErSA/DMjz91UF1LqyniPTHjldvq5plNQmrpCpTb1ztZ1R9+JFAzAeP2moZEZ1MJ42
LnZdj80o42+7Zm4vVG7IVa4r4Fj0pLdSogUFJXAEVve6svpgJfPV50dCIUTameFSFvqup4tIoHGBi
JSIyC/xSlujjMk9qewpIqF7FBEZgbEGGZ1nH0GeMVc6AqGwvk4Dfk96L74RODPM4RsA1b7AdGxdKT
WJm6SuKRr3UTf/UHq2PYZwgK+9uzK6MEKktOpC5etSkwidPM2q0vdJpMO656yQ2sR8qWmcKpfOj+b
/W1F2DWlHBbCl8KDtkrwJo5pzrhkvNY1zpbYp0rZGrlgwyHleP81WrhDprv8FnCQiHbH//K2q+h2a
p2OcsFNWRwcDL4tIDbBEVdc6juCVmBUntWl/FnD752UjoCaMr2gKtzouZb/BhEgZiJmITgYuxjzgz
RgzvdS9b8N4qWTA2Q64nYuXYvxeBwKvOt46izBcwy7AMU4/33LVaQPOykPt8iWEq1C9SmoSr2HJM6
g+j9qrsNiIWmUgQ1B7b5CJiOWWeqZwjzZUBXuJqNyC6D3pm2Su1DbdjiTvpIUVlG6zkIqRYB1LKVe
j7UYli/D+1zFAD0SkmjK5UeoSj2LTSIm+R2vpu/Rfav6vT4/enbbSo0EvRBjvqvw+dukjBY+gfsIq
qWs8G5W/kJpURc4AHS+1Tbei+jy2vkn/nitY10fosWFXyqzhiIxG9VTgeAQL1RnZ+vEQqWOvegLGv
vStMKmlA/9Kuq+T8kWGHauqbhKRGXi9YPbEsJuISAvG88SNOgxRpIg0V3Du2cB/AiOd6zIMwddijB
b8L++HGGGTm8V5Ncs+0T+J3QJswNj89sOEXgGzr/HfCxh2/CxV7ZgtqjACE8LmIsRymeopSJhljMx
l24AfhTWpDZX3Sm2TE5kBgDLQS1HrUsqwoa+SellT/anehcViNCbvl0yUo0xCmIQtUJKErce2YrjE
EiSDAdmKJk/VOVWxxPPV+uqE1DSdjujvSG+FeoNeiQAlAlubbSqarXbGNU8fbgtARHqLyCPAvzDhQ
P4AvCUijztqBA9EZBfgoA7elx+BplqqeiPGEybIR9P9Uq8CxqnqLPCoCF7LFpxbVVsxktqgvYn/Lf
4zMAKjS3VbM2UzMwvaDpwH+Pd7QQT6HHC8qkZTudg9XkGYgtGjdiTa3zqE83RW5aScxvXS8l8g9wX
8YogijVbgp8yuLlDVETqQ5ZigZ0EoI1B1p02oNbajvrRh0IbKxyixjsaYfAZRYNi2cgfwOGpnldoL
htX6K8Yf0h+DphXjrTBaVdulfQ7hhjpf54E2hxjDBygyCmMVdATGkqgEM5ksAx7ERN37zCl7Jeko+
q+qak6WxjkeYwpG93kIxg70Y4z10ULgD6q61Ck7EBNCJYV5qhoYmU9E7ses1Djt9VdVdUwRv40JPj
YSYxmjGJO6pzACokey7kGz3U/N3F5In5NBxmE4i72ctDvmZUma8eg/EOtVsP/M6k8WZhgu5Oqnrul
E4EJUDzG2stoLY+CwGotHsaz7dMa4tyFljG+nbYTFvlvrJ/i9e5x25x+KStrR37Lu1ZmVgbbXcun8
vpSVnIjaX0OsIxHdA2UPzIrWAroGldWgbyF6h84an1O4aQKbuQLW2XJnlGiF7fWnNo7A5lsgJ5N+n
0qAbQhrsXUtYr2H0Mj28kb99ZhtOdvE7INmYAJrBWEHMFNVr4k60M6CQ1B256kiIDTyQf7tvEFaav
yUqo4JKVcOJPPwlS3i3wwWhqXM5pXQEzPrdztUta0zCdTpIw4C7Y13OxAqwFLVliKBFpENFoYNyoW
sjsZFZGAk3n3IFzNyfhFdglLgM0zE9GwoHj2QH3bGIzd2OjgCyF19qRyzDcuWyPF7M0Zdthkjld/c
AXfHnQalmNCUF0OomVcr3ngsReSGm0g/I6LZ4ecRjiBsTyfthpfg+ue4DpJsd9Y42zBRLT7ERby+7
+7PlZ11lq2IHK+qkf2KBWPDuAwjEQsSFbcBh6lqoNK+iEyIyDLS+tfntBONrzsTItKHtHQ4LO1BPA
HtbNLBzW2MxDv1qXnm9cS4PBYa8GwdJhCcO72hqpECjoVBROYDL6jqtVHKl6rqahEZgwkqXYERIgl
mBS3DrLZn4TUsKCIEItKDiJEhuhOOLfK+GF/P/cgkvsF440xFwaeY1WqLk/L5vrWjaqcwOJLzAXmm
lMoETNSRQRjLthRURFbiJdzXgTfzEDquBa5xgrl/P1e9UgBVfc052etsDKvWF3gSE5j668D1IlK2M
6hhPgfYB28kuMXdNI7US7o/hhDd6QDMOKP66rZgVpW1Tlrj+p5K6+KQjMcJJ1j5v5wUCY6HVMqkc7
iTDnM+h2AWsP2c5A6onhSRt0kT7mvA0yGxlVMGI5OBvUXk9GwxmLMeM+HoJe8jHYlgDnC5Y61TxE4
Axwl9KJmEOAyzlcnFim7H2CqvIZj41gCb4l7lPo8QkX6kCTb1OZxwDUnqNIdFTlqiqp+KyHN4nTXe
ASaoaqDvc86zYBzBwN3Ad5ysl4FzVbXwYE5FRIIjBQ0iwmEYtjRXmLptwArMy+BPa4sEWBgcSzQ/4
Y4kc0/cCjyPCRnrd27ZDJwedIZSpAObHIfqaZhgSyUYlcwVwG3FBxwPHCHNUAwr6ifEQVmqprCFTA
JcAbyTz2HHRcQDZ89/DCYo2ljMCYC5pNktmD2qxzY6r1PVROQ4jMomFVjqVUwg5YeLxJobjs3zUMx
+Z6grDSM4up0fmwheDd/Jda5MEd0LEemFIdgHyH7GLpiDsNvlP3kffeiYvNVj4u+k2Kw3gJuAh/6d
Tdyc2XMf0kToJsb9iaYS+IBwQvzcKuSLABG5GXOObhQswUSvbOnw+aQiMhwTh+cM0sKJDzBeHA8Bz
34RV1fn3FA34bm/701uiWkS42GzwpXa2dNCdXBF7HxwJMYNeEPIRsES4PSCDxEWkUOAqzESYPcL+j
7mUN6nMQcuxeJk29lw/tC9yCTA1PcB4bXb8Rkm4sKKgLSqKB3/94KIHIQ5OiWXuaNguK2DMeF9BHg
nlpO+nYEMwuhVz8JIr/xYgQkh8iJGrL/OSR90xUvrSKkHYMKX7O58ulOKTd2PTL/aIGwgTXgegiwK
aoqIE7ERqadRkX0xxDoOow/KthdTTLCtda601vnchJlNSlypNMd1HzIJcCDGkiSPE3VoA1bjXQXbi
VFVczrrFlFEHOgUIvV0YFawwzGxh453vg/CrGr5EE2cSGImgA2kD2Ty7xNXZwu/UkQRXYVOJ9LQjo
3JWsp7YlBA2hNzrqeNISr/Z1CejbEf3UiaAN2EmPq++Yso1Crii4n/B0b5UBwNl0uxAAAAAElFTkS
uQmCC
mail: admin@ls.com
dn: cn=test34,ou=groups,o=ls
objectClass: lsgroup
objectClass: posixGroup
cn: test34
gidNumber: 800001
uniqueMember: uid=eeggs,ou=people,o=ls
description: test
lsGodfatherDn: uid=eeggs,ou=people,o=ls
structuralObjectClass: posixGroup
dn: ou=ppolicies,o=ls
objectclass: organizationalUnit
ou: ppolicies
dn: cn=default,ou=ppolicies,o=ls
cn: default
objectclass: top
objectclass: device
objectclass: pwdPolicy
objectclass: pwdPolicyChecker
pwdAttribute: userPassword
pwdMinAge: 0
pwdMaxAge: 0
pwdInHistory: 3
pwdCheckQuality: 1
pwdMinLength: 8
pwdExpireWarning: 0
pwdGraceAuthnLimit: 0
pwdLockout: FALSE
pwdLockoutDuration: 0
pwdMaxFailure: 0
pwdMaxRecordedFailure: 0
pwdFailureCountInterval: 0
pwdMustChange: FALSE
pwdAllowUserChange: FALSE
pwdSafeModify: FALSE
dn: cn=sysaccounts,ou=ppolicies,o=ls
cn: sysaccounts
objectclass: top
objectclass: device
objectclass: pwdPolicy
objectclass: pwdPolicyChecker
pwdAttribute: userPassword
pwdMinAge: 0
pwdMaxAge: 0
pwdInHistory: 0
pwdCheckQuality: 1
pwdMinLength: 10
pwdExpireWarning: 0
pwdGraceAuthnLimit: 0
pwdLockout: FALSE
pwdLockoutDuration: 0
pwdMaxFailure: 0
pwdMaxRecordedFailure: 0
pwdFailureCountInterval: 0
pwdMustChange: FALSE
pwdAllowUserChange: FALSE
pwdSafeModify: FALSE

51
lsexample/restore_lsexample
View file

@ -13,30 +13,59 @@ SLAPD_CONF_DIR=/etc/ldap/slapd.d
SLAPD_DB_DIR=/var/lib/ldap
SLAPD_USER=openldap
SLAPD_GROUP=openldap
SYS_SCHEMA_DIR=/etc/ldap/schema
# Deducted configuration
LDIF="$SRC_DIR/lsexample/lsexample.ldif"
SCHEMA_LDIF="$SRC_DIR/lsexample/schema/cn={10}ls.ldif"
SCHEMA_DEST="$SLAPD_CONF_DIR/cn=config/cn=schema/"
SLAPD_CONF_LDIF="$SRC_DIR/lsexample/slapd-config.ldif"
LS_SCHEMA_LDIF="$SRC_DIR/lsexample/schema/ls.ldif"
SAMBA_SCHEMA_LDIF="$SRC_DIR/lsexample/schema/samba.ldif"
SLAPD_DB_LDIF="$SRC_DIR/lsexample/db.ldif"
#
# Start restoration
#
# Stop slapd
/usr/sbin/service slapd stop > /dev/null
/usr/sbin/service slapd stop
# Purge old DB data
rm -fr $SLAPD_DB_DIR/*
rm -fr $SLAPD_DB_DIR $SLAPD_CONF_DIR
mkdir -p $SLAPD_DB_DIR $SLAPD_CONF_DIR
# Restore schema file
cp -f "$SCHEMA_LDIF" "$SCHEMA_DEST"
# Install slapd.d configuration
slapadd -n0 -F $SLAPD_CONF_DIR -l $SLAPD_CONF_LDIF
# Restore DB data from LDIF file
/usr/sbin/slapadd -l $LDIF -q
# Install schemas
slapadd -n0 -F/etc/ldap/slapd.d -l$SYS_SCHEMA_DIR/core.ldif
slapadd -n0 -F/etc/ldap/slapd.d -l$SYS_SCHEMA_DIR/cosine.ldif
slapadd -n0 -F/etc/ldap/slapd.d -l$SYS_SCHEMA_DIR/nis.ldif
slapadd -n0 -F/etc/ldap/slapd.d -l$SYS_SCHEMA_DIR/inetorgperson.ldif
slapadd -n0 -F/etc/ldap/slapd.d -l$SYS_SCHEMA_DIR/ppolicy.ldif
slapadd -n0 -F/etc/ldap/slapd.d -l$SYS_SCHEMA_DIR/dyngroup.ldif
slapadd -n0 -F/etc/ldap/slapd.d -l$SAMBA_SCHEMA_LDIF
slapadd -n0 -F/etc/ldap/slapd.d -l$LS_SCHEMA_LDIF
# Fix rights on restored data
chown $SLAPD_USER:$SLAPD_GROUP -R $SLAPD_DB_DIR $SCHEMA_DEST
chown $SLAPD_USER:$SLAPD_GROUP -R $SLAPD_DB_DIR $SLAPD_CONF_DIR
# Start slapd
/usr/sbin/service slapd start > /dev/null
/usr/sbin/service slapd start
cat << EOF > /etc/ldapvi.conf
profile default
unpaged-help: yes
ldap-conf: yes
profile config
host: ldapi://
sasl-mech: EXTERNAL
base: cn=config
profile ls
host: ldapi://
sasl-mech: EXTERNAL
base: o=ls
EOF
# Add database
ldapvi -p config --verbose --ldapmodify --ldapvi --add $SLAPD_DB_LDIF

40
lsexample/schema/cn={10}ls.ldif
View file

@ -1,40 +0,0 @@
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 7e667c54
dn: cn={10}ls
objectClass: olcSchemaConfig
objectClass: top
cn: {10}ls
olcObjectIdentifier: {0}EeRoot 1.3.6.1.4.1.10650
olcObjectIdentifier: {1}LeRoot EeRoot:4
olcObjectIdentifier: {2}LsRoot LeRoot:10000
olcObjectIdentifier: {3}LsLDAP LsRoot:2
olcObjectIdentifier: {4}LsLDAPAttribute LsLDAP:1
olcObjectIdentifier: {5}LsLDAPObjectClass LsLDAP:2
olcAttributeTypes: {0}( LsLDAPAttribute:1 NAME 'lsAllowedServices' DESC 'Lis
tof allowed services' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM
atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {1}( LsLDAPAttribute:2 NAME 'lsRecoveryHash' DESC 'Passwo
rdRecover Hash' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.
15)
olcAttributeTypes: {2}( LsLDAPAttribute:3 NAME 'lsGodfatherDn' DESC 'Godfath
erdn of this entry' SUP distinguishedName )
structuralObjectClass: olcSchemaConfig
entryUUID: 6408206a-b8c2-1038-8c14-9d79696c60b6
creatorsName: cn=admin,cn=config
createTimestamp: 20190130100601Z
olcObjectClasses: {0}( LsLDAPObjectClass:1 NAME 'lspeople' DESC 'LS people O
bjectclass' STRUCTURAL MUST ( uid $ cn ) MAY ( jpegPhoto $ sn $ givenName $
postalAddress $ postalCode $ l $ st $ c $ telephoneNumber $ mobile $ fax $
mail$ personalTitle $ description $ userPassword $ lsallowedservices $ lsR
ecoveryHash $ lsGodfatherDn ) )
olcObjectClasses: {1}( LsLDAPObjectClass:3 NAME 'lsgroup' DESC 'LS group Obj
ectclass' AUXILIARY MUST cn MAY ( uniquemember $ description $ lsGodfatherD
n ))
olcObjectClasses: {2}( LsLDAPObjectClass:4 NAME 'lssysaccount' DESC 'LS syst
emaccount Objectclass' STRUCTURAL MUST uid MAY ( userpassword $ description
))
olcObjectClasses: {3}( LsLDAPObjectClass:5 NAME 'lscompany' SUP organization
alUnit STRUCTURAL MUST ou MAY ( description $ lsGodfatherDn ) )
entryCSN: 20190130103114.350601Z#000000#000#000000
modifiersName: cn=admin,cn=config
modifyTimestamp: 20190130103114Z

43
lsexample/schema/ls.ldif Normal file
View file

@ -0,0 +1,43 @@
dn: cn=ls,cn=schema,cn=config
cn: ls
objectclass: olcSchemaConfig
objectclass: top
olcattributetypes: {0}( LsLDAPAttribute:1 NAME 'lsAllowedServices' DESC 'Lis
tof allowed services' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsM
atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcattributetypes: {1}( LsLDAPAttribute:2 NAME 'lsRecoveryHash' DESC 'Passwo
rdRecover Hash' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.
15)
olcattributetypes: {2}( LsLDAPAttribute:3 NAME 'lsGodfatherDn' DESC 'Godfath
erdn of this entry' SUP distinguishedName )
olcattributetypes: {3}( LsLDAPAttribute:4 NAME 'lsDynGroupMemberDnURI' DESC
'Dynamic group members DN URI' SUP labeledURI )
olcattributetypes: {4}( LsLDAPAttribute:5 NAME 'lsDynGroupMemberUidURI' DESC
'Dynamic group members UID URI' SUP labeledURI )
olcattributetypes: {5}( LsLDAPAttribute:6 NAME 'lsDynGroupMemberDn' DESC 'Dy
namic group members DN' SUP uniqueMember )
olcattributetypes: {6}( LsLDAPAttribute:7 NAME 'lsDynGroupMemberUid' DESC 'D
ynamic group members UID' SUP memberUid )
olcobjectclasses: {0}( LsLDAPObjectClass:1 NAME 'lspeople' DESC 'LS people O
bjectclass' STRUCTURAL MUST ( uid $ cn ) MAY ( jpegPhoto $ sn $ givenName $
postalAddress $ postalCode $ l $ st $ c $ telephoneNumber $ mobile $ fax $
mail$ personalTitle $ description $ userPassword $ lsallowedservices $ lsR
ecoveryHash $ lsGodfatherDn ) )
olcobjectclasses: {1}( LsLDAPObjectClass:3 NAME 'lsgroup' DESC 'LS group Obj
ectclass' AUXILIARY MUST cn MAY ( uniquemember $ description $ lsGodfatherD
n ))
olcobjectclasses: {2}( LsLDAPObjectClass:4 NAME 'lssysaccount' DESC 'LS syst
emaccount Objectclass' STRUCTURAL MUST uid MAY ( userpassword $ description
))
olcobjectclasses: {3}( LsLDAPObjectClass:5 NAME 'lscompany' SUP organization
alUnit STRUCTURAL MUST ou MAY ( description $ lsGodfatherDn ) )
olcobjectclasses: {4}( LsLDAPObjectClass:6 NAME 'lsdyngroup' DESC 'Dynamic g
roups objectclass' SUP top AUXILIARY MUST cn MAY ( description $ uniqueMemb
er $ memberUid $ lsGodfatherDn $ lsDynGroupMemberDnURI $ lsDynGroupMemberDn
$ lsDynGroupMemberUidURI $ lsDynGroupMemberUid $ dgIdentity $ dgAuthz ))
olcobjectidentifier: {0}EeRoot 1.3.6.1.4.1.10650
olcobjectidentifier: {1}LeRoot EeRoot:4
olcobjectidentifier: {2}LsRoot LeRoot:10000
olcobjectidentifier: {3}LsLDAP LsRoot:2
olcobjectidentifier: {4}LsLDAPAttribute LsLDAP:1
olcobjectidentifier: {5}LsLDAPObjectClass LsLDAP:2

59
lsexample/schema/lsexample.schema
View file

@ -1,59 +0,0 @@
# LdapSaisie - LDAP Schema - Example
# Web Site : https://ldapsaisie.org
objectIdentifier EeRoot 1.3.6.1.4.1.10650
objectIdentifier LeRoot EeRoot:4
objectIdentifier LsRoot LeRoot:10000
objectIdentifier LsLDAP LsRoot:2
objectIdentifier LsLDAPAttribute LsLDAP:1
objectIdentifier LsLDAPObjectClass LsLDAP:2
# <Ls attributes>
attributetype (LsLDAPAttribute:1
NAME 'lsAllowedServices'
DESC 'List of allowed services'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( LsLDAPAttribute:2 NAME 'lsRecoveryHash'
DESC 'Password Recover Hash'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
attributetype ( LsLDAPAttribute:3 NAME 'lsGodfatherDn'
SUP distinguishedName
DESC 'Godfather dn of this entry' )
# </Ls attributes>
# <Ls Objectclass>
objectclass (LsLDAPObjectClass:1
NAME 'lspeople'
DESC 'LS people Objectclass'
STRUCTURAL
MUST ( uid $ cn )
MAY ( jpegPhoto $ sn $ givenName $ postalAddress $ postalCode $ l $ st $ c $
telephoneNumber $ mobile $ fax $ mail $ personalTitle $ description $
userPassword $ lsallowedservices $ lsRecoveryHash $ lsGodfatherDn ))
objectclass (LsLDAPObjectClass:3
NAME 'lsgroup'
DESC 'LS group Objectclass'
AUXILIARY
MUST ( cn )
MAY ( uniquemember $ description $ lsGodfatherDn ))
objectclass (LsLDAPObjectClass:4
NAME 'lssysaccount'
DESC 'LS system account Objectclass'
STRUCTURAL
MUST ( uid )
MAY (userpassword $ description))
objectclass ( LsLDAPObjectClass:5
NAME 'lscompany'
SUP organizationalUnit
STRUCTURAL
MUST ( ou )
MAY ( description $ lsGodfatherDn ))
# </Ls Objectclass>

176
lsexample/schema/samba.ldif Normal file
View file

@ -0,0 +1,176 @@
dn: cn=samba,cn=schema,cn=config
cn: samba
objectclass: olcSchemaConfig
olcattributetypes: {0}( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC
'LanManager Password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.1
15.121.1.26{32} SINGLE-VALUE )
olcattributetypes: {1}( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC
'MD4 hash of the unicode password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6
.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
olcattributetypes: {2}( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC '
Account Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.
1.26{16} SINGLE-VALUE )
olcattributetypes: {3}( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' DESC
'Timestamp of the last password update' EQUALITY integerMatch SYNTAX 1.3.6.
1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcattributetypes: {4}( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange' DES
C 'Timestamp of when the user is allowed to update the password' EQUALITY i
ntegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcattributetypes: {5}( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' DE
SC 'Timestamp of when the password will expire' EQUALITY integerMatch SYNTA
X 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcattributetypes: {6}( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime' DESC '
Timestamp of last logon' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.
121.1.27 SINGLE-VALUE )
olcattributetypes: {7}( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' DESC
'Timestamp of last logoff' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.11
5.121.1.27 SINGLE-VALUE )
olcattributetypes: {8}( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' DESC
'Timestamp of when the user will be logged off automatically' EQUALITY int
egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcattributetypes: {9}( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount'
DESC 'Bad password attempt count' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1
.1466.115.121.1.27 SINGLE-VALUE )
olcattributetypes: {10}( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime'
DESC 'Time of the last bad password attempt' EQUALITY integerMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcattributetypes: {11}( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' DESC
'Logon Hours' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.
1.26{42} SINGLE-VALUE )
olcattributetypes: {12}( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' DESC
'Driver letter of home directory mapping' EQUALITY caseIgnoreIA5Match SYNTA
X 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
olcattributetypes: {13}( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript' DES
C 'Logon script path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.
121.1.15{255} SINGLE-VALUE )
olcattributetypes: {14}( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' DES
C 'Roaming profile path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.1
15.121.1.15{255} SINGLE-VALUE )
olcattributetypes: {15}( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations
' DESC 'List of user workstations the user is allowed to logon to' EQUALITY
caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
olcattributetypes: {16}( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath' DESC '
Home directory UNC path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.1
15.121.1.15{128} )
olcattributetypes: {17}( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' DESC
'Windows NT domain to which the user belongs' EQUALITY caseIgnoreMatch SYN
TAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
olcattributetypes: {18}( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' DESC
'Base64 encoded user parameter string' EQUALITY caseExactMatch SYNTAX 1.3.
6.1.4.1.1466.115.121.1.15{1050} )
olcattributetypes: {19}( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory'
DESC 'Concatenated MD4 hashes of the unicode passwords used on this accoun
t' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} )
olcattributetypes: {20}( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Secur
ity ID' EQUALITY caseIgnoreIA5Match SUBSTR caseExactIA5SubstringsMatch SYNT
AX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
olcattributetypes: {21}( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID'
DESC 'Primary Group Security ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.
1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
olcattributetypes: {22}( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList' DESC 'S
ecurity ID List' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.12
1.1.26{64} )
olcattributetypes: {23}( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' DESC
'NT Group Type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
olcattributetypes: {24}( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid' DES
C 'Next NT rid to give our for users' EQUALITY integerMatch SYNTAX 1.3.6.1.
4.1.1466.115.121.1.27 SINGLE-VALUE )
olcattributetypes: {25}( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid' DE
SC 'Next NT rid to give out for groups' EQUALITY integerMatch SYNTAX 1.3.6.
1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcattributetypes: {26}( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid' DESC 'N
ext NT rid to give out for anything' EQUALITY integerMatch SYNTAX 1.3.6.1.4
.1.1466.115.121.1.27 SINGLE-VALUE )
olcattributetypes: {27}( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBa
se' DESC 'Base at which the samba RID generation algorithm should operate'
EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcattributetypes: {28}( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName' DESC
'Share Name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
olcattributetypes: {29}( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName' DESC
'Option Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SY
NTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcattributetypes: {30}( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption' DESC
'A boolean option' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1
.7 SINGLE-VALUE )
olcattributetypes: {31}( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption' D
ESC 'An integer option' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.1
21.1.27 SINGLE-VALUE )
olcattributetypes: {32}( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption' DE
SC 'A string option' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115
.121.1.26 SINGLE-VALUE )
olcattributetypes: {33}( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption
' DESC 'A string list option' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1
466.115.121.1.15 )
olcattributetypes: {34}( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags' DESC
'Trust Password Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466
.115.121.1.26 )
olcattributetypes: {35}( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength' DE
SC 'Minimal password length (default: 5)' EQUALITY integerMatch SYNTAX 1.3.
6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcattributetypes: {36}( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength
' DESC 'Length of Password History Entries (default: 0 => off)' EQUALITY in
tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcattributetypes: {37}( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd' D
ESC 'Force Users to logon for password change (default: 0 => off, 2 => on)'
EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcattributetypes: {38}( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge' DESC
'Maximum password age, in seconds (default: -1 => never expire passwords)'
EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcattributetypes: {39}( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge' DESC
'Minimum password age, in seconds (default: 0 => allow immediate password c
hange)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-V
ALUE )
olcattributetypes: {40}( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration'
DESC 'Lockout duration in minutes (default: 30, -1 => forever)' EQUALITY i
ntegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcattributetypes: {41}( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservati
onWindow' DESC 'Reset time after lockout in minutes (default: 30)' EQUALITY
integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcattributetypes: {42}( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold
' DESC 'Lockout users after bad logon attempts (default: 0 => off)' EQUALIT
Y integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcattributetypes: {43}( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff' DES
C 'Disconnect Users outside logon hours (default: -1 => off, 0 => on)' EQUA
LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcattributetypes: {44}( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwd
Change' DESC 'Allow Machine Password changes (default: 0 => off)' EQUALITY
integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcobjectclasses: {0}( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' DESC 'S
amba 3.0 Auxilary SAM Account' SUP top AUXILIARY MUST ( uid $ sambaSID ) MA
Y ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ sambaLogonTi
me $ sambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $ sambaPwdMustC
hange $ sambaAcctFlags $ displayName $ sambaHomePath $ sambaHomeDrive $ sam
baLogonScript $ sambaProfilePath $ description $ sambaUserWorkstations $ sa
mbaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $ sambaBadPasswordCo
unt $ sambaBadPasswordTime $ sambaPasswordHistory $ sambaLogonHours ) )
olcobjectclasses: {1}( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' DESC
'Samba Group Mapping' SUP top AUXILIARY MUST ( gidNumber $ sambaSID $ samba
GroupType ) MAY ( displayName $ description $ sambaSIDList ) )
olcobjectclasses: {2}( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' DES
C 'Samba Trust Password' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaN
TPassword $ sambaTrustFlags ) MAY ( sambaSID $ sambaPwdLastSet ) )
olcobjectclasses: {3}( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' DESC 'Samba
Domain Information' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaSID )
MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithm
icRidBase $ sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd
$ sambaMaxPwdAge $ sambaMinPwdAge $ sambaLockoutDuration $ sambaLockoutObse
rvationWindow $ sambaLockoutThreshold $ sambaForceLogoff $ sambaRefuseMachi
nePwdChange ) )
olcobjectclasses: {4}( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' DESC 'P
ool for allocating UNIX uids/gids' SUP top AUXILIARY MUST ( uidNumber $ gid
Number ) )
olcobjectclasses: {5}( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' DESC 'M
apping from a SID to an ID' SUP top AUXILIARY MUST sambaSID MAY ( uidNumber
$ gidNumber ) )
olcobjectclasses: {6}( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' DESC 'Str
uctural Class for a SID' SUP top STRUCTURAL MUST sambaSID )
olcobjectclasses: {7}( 1.3.6.1.4.1.7165.2.2.10 NAME 'sambaConfig' DESC 'Samb
a Configuration Section' SUP top AUXILIARY MAY description )
olcobjectclasses: {8}( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' DESC 'Samba
Share Section' SUP top STRUCTURAL MUST sambaShareName MAY description )
olcobjectclasses: {9}( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' DESC
'Samba Configuration Option' SUP top STRUCTURAL MUST sambaOptionName MAY (
sambaBoolOption $ sambaIntegerOption $ sambaStringOption $ sambaStringList
option $ description ) )

44
lsexample/slapd-config.ldif Normal file
View file

@ -0,0 +1,44 @@
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /var/run/slapd/slapd.args
olcPidFile: /var/run/slapd/slapd.pid
olcToolThreads: 1
olcLogLevel: stats
olcServerId: 1
olcAttributeOptions: lang- x-
dn: cn=module{0},cn=config
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_mdb
olcModuleLoad: {1}ppolicy
olcModuleLoad: {2}dynlist
olcModuleLoad: {3}pw-sha2
dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
dn: olcDatabase={-1}frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
olcAccess: {0}to *
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
by * break
olcAccess: {1}to dn.exact="" by * read
olcAccess: {2}to dn.base="cn=Subschema" by * read
olcSizeLimit: 500
olcLimits: {0}* size.pr=1000 size.prtotal=unlimited
olcPasswordHash: {SSHA512}
dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to *
by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth manage
by * break
olcRootDN: cn=admin,cn=config

94
lsexample/slapd/permissions-ls.conf
View file

@ -1,94 +0,0 @@
## Racine
access to dn.regex="^o=ls$" attrs="entry,children,objectclass"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by dn="uid=ldapsaisie,ou=sysaccounts,o=ls" write
by users read
by * read
## Groups
### Ajout d'entrees par les admins
access to dn.regex="^ou=groups,o=ls$" attrs="children,objectclass"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by dn="uid=ldapsaisie,ou=sysaccounts,o=ls" write
by users read
by * none
access to dn.regex="^cn=[^,]+,ou=groups,o=ls$" attrs="entry,objectclass"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by dn="uid=ldapsaisie,ou=sysaccounts,o=ls" write
by users read
by * none
### Les admins peuvent tout modifier, les authentifies peuvent tout voir
access to dn.regex="^cn=[^,]+,ou=groups,o=ls$"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by dn="uid=ldapsaisie,ou=sysaccounts,o=ls" write
by users read
by * none
## Peoples
### Ajout d'entrees par les admins
access to dn.regex="^ou=people,o=ls$" attrs="children,objectclass"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by dn="uid=ldapsaisie,ou=sysaccounts,o=ls" write
by users read
by * read
access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="entry,objectclass"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by dn="uid=ldapsaisie,ou=sysaccounts,o=ls" write
by users read
by * read
### Les admins peuvent modifier le mot de passe, samba le mettre à jour, les autres peuvent s'en servir pour l'authentification
access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="userPassword"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by dn="uid=samba,ou=sysaccounts,o=ls" write
by dn="uid=ldapsaisie,ou=sysaccounts,o=ls" write
by self write
by anonymous auth
by * none
access to dn.regex="^uid=[^,]+,ou=sysaccounts,o=ls$" attrs="userPassword"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by dn="uid=ldapsaisie,ou=sysaccounts,o=ls" write
by anonymous auth
by * none
### Les admins peuvent modifier ces attributs, les authentifies peuvent les voir
access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="uid,lsallowedservices,uidNumber,gidNumber,homeDirectory,loginShell,sambaSID,sambaAcctFlags,sambaPrimaryGroupSID"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by dn="uid=ldapsaisie,ou=sysaccounts,o=ls" write
by users read
by * none
### Les admins peuvent modifier ces attributs, le proprio aussi, samba aussi
access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="sambaLMPassword,sambaNTPassword"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by dn="uid=ldapsaisie,ou=sysaccounts,o=ls" write
by dn="uid=samba,ou=sysaccounts,o=ls" write
by self write
by * none
### Les admins peuvent modifier ces attributs, le proprio aussi, les authentifies peuvent les voir
access to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs="c,cn,jpegPhoto,personalTitle,sn,givenName,postalAddress,postalCode,l,st,telephoneNumber,mobile,fax,mail,description"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by dn="uid=ldapsaisie,ou=sysaccounts,o=ls" write
by self write
by users read
by * read
## Les authentifies peuvent voir les noeuds et les admins peuvent en ajouter
access to * attrs="entry"
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by dn="uid=ldapsaisie,ou=sysaccounts,o=ls" write
by users read
by * none
## Le reste
access to *
by group/lsgroup/uniqueMember="cn=adminldap,ou=groups,o=ls" write
by dn="uid=ldapsaisie,ou=sysaccounts,o=ls" write
by * none

45
lsexample/slapd/slapd.conf
View file

@ -1,45 +0,0 @@
# LSexample - Config
# Loading schema
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/samba.schema
include /etc/ldap/schema/lsexample.schema
# Slapd core configuration
pidfile /var/run/slapd/slapd.pid
argsfile /var/run/slapd/slapd.args
loglevel stats
modulepath /usr/lib/ldap
moduleload back_hdb
sizelimit 500
tool-threads 1
# LSexample database configuration
backend hdb
database hdb
suffix "o=ls"
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /var/lib/ldap
# Indices to maintain
index objectClass eq
index uidNumber eq
index gidNumber eq
index lsallowedservices,lsGodfatherDn eq
index sambasid eq
index sambaDomainName eq
index memberUid,uniqueMember eq
index givenname,cn,sn,mail,uid sub,eq,approx
# Save the time that the entry gets modified, for database #1
lastmod on
checkpoint 512 30
# Loading LSexample permission file
include permissions-ls.conf

16
lsexample/slapd/slapd.d/cn=config.ldif
View file

@ -1,16 +0,0 @@
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 1a375831
dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /var/run/slapd/slapd.args
olcLogLevel: none
olcPidFile: /var/run/slapd/slapd.pid
olcToolThreads: 1
structuralObjectClass: olcGlobal
entryUUID: 6db4a4c4-6a91-1032-8cb6-d5eaa14a6b52
creatorsName: cn=config
createTimestamp: 20130616052915Z
entryCSN: 20130616052915.388815Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20130616052915Z

14
lsexample/slapd/slapd.d/cn=config/cn=module{0}.ldif
View file

@ -1,14 +0,0 @@
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 418bf3c9
dn: cn=module{0}
objectClass: olcModuleList
cn: module{0}
olcModulePath: /usr/lib/ldap
olcModuleLoad: {0}back_hdb
structuralObjectClass: olcModuleList
entryUUID: 5605629c-6a95-1032-9775-cf219862f309
creatorsName: cn=config
createTimestamp: 20130616055713Z
entryCSN: 20130616055713.639138Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20130616055713Z

615
lsexample/slapd/slapd.d/cn=config/cn=schema.ldif
View file

@ -1,615 +0,0 @@
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 6d62e916
dn: cn=schema
objectClass: olcSchemaConfig
cn: schema
olcObjectIdentifier: OLcfg 1.3.6.1.4.1.4203.1.12.2
olcObjectIdentifier: OLcfgAt OLcfg:3
olcObjectIdentifier: OLcfgGlAt OLcfgAt:0
olcObjectIdentifier: OLcfgBkAt OLcfgAt:1
olcObjectIdentifier: OLcfgDbAt OLcfgAt:2
olcObjectIdentifier: OLcfgOvAt OLcfgAt:3
olcObjectIdentifier: OLcfgCtAt OLcfgAt:4
olcObjectIdentifier: OLcfgOc OLcfg:4
olcObjectIdentifier: OLcfgGlOc OLcfgOc:0
olcObjectIdentifier: OLcfgBkOc OLcfgOc:1
olcObjectIdentifier: OLcfgDbOc OLcfgOc:2
olcObjectIdentifier: OLcfgOvOc OLcfgOc:3
olcObjectIdentifier: OLcfgCtOc OLcfgOc:4
olcObjectIdentifier: OMsyn 1.3.6.1.4.1.1466.115.121.1
olcObjectIdentifier: OMsBoolean OMsyn:7
olcObjectIdentifier: OMsDN OMsyn:12
olcObjectIdentifier: OMsDirectoryString OMsyn:15
olcObjectIdentifier: OMsIA5String OMsyn:26
olcObjectIdentifier: OMsInteger OMsyn:27
olcObjectIdentifier: OMsOID OMsyn:38
olcObjectIdentifier: OMsOctetString OMsyn:40
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.1 DESC 'ACI Item' X-BINARY-TRANS
FER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.2 DESC 'Access Point' X-NOT-HUMA
N-READABLE 'TRUE' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.3 DESC 'Attribute Type Descripti
on' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.4 DESC 'Audio' X-NOT-HUMAN-READA
BLE 'TRUE' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.5 DESC 'Binary' X-NOT-HUMAN-READ
ABLE 'TRUE' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.6 DESC 'Bit String' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.7 DESC 'Boolean' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'Certificate' X-BINARY-TR
ANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.9 DESC 'Certificate List' X-BINA
RY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.10 DESC 'Certificate Pair' X-BIN
ARY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.666.11.10.2.1 DESC 'X.509 AttributeCertifi
cate' X-BINARY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.12 DESC 'Distinguished Name' )
olcLdapSyntaxes: ( 1.2.36.79672281.1.5.0 DESC 'RDN' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.13 DESC 'Data Quality' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.14 DESC 'Delivery Method' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.15 DESC 'Directory String' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.16 DESC 'DIT Content Rule Descri
ption' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.17 DESC 'DIT Structure Rule Desc
ription' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.19 DESC 'DSA Quality' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.20 DESC 'DSE Type' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.21 DESC 'Enhanced Guide' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.22 DESC 'Facsimile Telephone Num
ber' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.23 DESC 'Fax' X-NOT-HUMAN-READAB
LE 'TRUE' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.24 DESC 'Generalized Time' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.25 DESC 'Guide' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.26 DESC 'IA5 String' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.27 DESC 'Integer' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.28 DESC 'JPEG' X-NOT-HUMAN-READA
BLE 'TRUE' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.29 DESC 'Master And Shadow Acces
s Points' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.30 DESC 'Matching Rule Descripti
on' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.31 DESC 'Matching Rule Use Descr
iption' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.32 DESC 'Mail Preference' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.33 DESC 'MHS OR Address' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.34 DESC 'Name And Optional UID'
)
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.35 DESC 'Name Form Description'
)
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.36 DESC 'Numeric String' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.37 DESC 'Object Class Descriptio
n' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.38 DESC 'OID' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.39 DESC 'Other Mailbox' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.40 DESC 'Octet String' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.41 DESC 'Postal Address' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.42 DESC 'Protocol Information' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.43 DESC 'Presentation Address' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.44 DESC 'Printable String' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.11 DESC 'Country String' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.45 DESC 'SubtreeSpecification' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.49 DESC 'Supported Algorithm' X-
BINARY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.50 DESC 'Telephone Number' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.51 DESC 'Teletex Terminal Identi
fier' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.52 DESC 'Telex Number' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.54 DESC 'LDAP Syntax Description
' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.55 DESC 'Modify Rights' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.56 DESC 'LDAP Schema Definition'
)
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.57 DESC 'LDAP Schema Description
' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.58 DESC 'Substring Assertion' )
olcLdapSyntaxes: ( 1.3.6.1.1.1.0.0 DESC 'RFC2307 NIS Netgroup Triple' )
olcLdapSyntaxes: ( 1.3.6.1.1.1.0.1 DESC 'RFC2307 Boot Parameter' )
olcLdapSyntaxes: ( 1.3.6.1.1.15.1 DESC 'Certificate Exact Assertion' )
olcLdapSyntaxes: ( 1.3.6.1.1.15.2 DESC 'Certificate Assertion' )
olcLdapSyntaxes: ( 1.3.6.1.1.15.3 DESC 'Certificate Pair Exact Assertion' )
olcLdapSyntaxes: ( 1.3.6.1.1.15.4 DESC 'Certificate Pair Assertion' )
olcLdapSyntaxes: ( 1.3.6.1.1.15.5 DESC 'Certificate List Exact Assertion' )
olcLdapSyntaxes: ( 1.3.6.1.1.15.6 DESC 'Certificate List Assertion' )
olcLdapSyntaxes: ( 1.3.6.1.1.15.7 DESC 'Algorithm Identifier' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.666.11.10.2.2 DESC 'AttributeCertificate E
xact Assertion' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.666.11.10.2.3 DESC 'AttributeCertificate A
ssertion' )
olcLdapSyntaxes: ( 1.3.6.1.1.16.1 DESC 'UUID' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.666.11.2.1 DESC 'CSN' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.666.11.2.4 DESC 'CSN SID' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.1.1.1 DESC 'OpenLDAP void' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.666.2.7 DESC 'OpenLDAP authz' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.666.2.1 DESC 'OpenLDAP Experimental ACI' )
olcAttributeTypes: ( 2.5.4.0 NAME 'objectClass' DESC 'RFC4512: object classes
of the entity' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121
.1.38 )
olcAttributeTypes: ( 2.5.21.9 NAME 'structuralObjectClass' DESC 'RFC4512: stru
ctural object class of entry' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4
.1.1466.115.121.1.38 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperati
on )
olcAttributeTypes: ( 2.5.18.1 NAME 'createTimestamp' DESC 'RFC4512: time which
object was created' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOr
deringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFIC
ATION USAGE directoryOperation )
olcAttributeTypes: ( 2.5.18.2 NAME 'modifyTimestamp' DESC 'RFC4512: time which
object was last modified' EQUALITY generalizedTimeMatch ORDERING generalized
TimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-M
ODIFICATION USAGE directoryOperation )
olcAttributeTypes: ( 2.5.18.3 NAME 'creatorsName' DESC 'RFC4512: name of creat
or' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SING
LE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
olcAttributeTypes: ( 2.5.18.4 NAME 'modifiersName' DESC 'RFC4512: name of last
modifier' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.
12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
olcAttributeTypes: ( 2.5.18.9 NAME 'hasSubordinates' DESC 'X.501: entry has ch
ildren' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALU
E NO-USER-MODIFICATION USAGE directoryOperation )
olcAttributeTypes: ( 2.5.18.10 NAME 'subschemaSubentry' DESC 'RFC4512: name of
controlling subschema entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.
4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperat
ion )
olcAttributeTypes: ( 1.3.6.1.1.20 NAME 'entryDN' DESC 'DN of the entry' EQUALI
TY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE N
O-USER-MODIFICATION USAGE directoryOperation )
olcAttributeTypes: ( 1.3.6.1.1.16.4 NAME 'entryUUID' DESC 'UUID of the entry'
EQUALITY UUIDMatch ORDERING UUIDOrderingMatch SYNTAX 1.3.6.1.1.16.1 SINGLE-VA
LUE NO-USER-MODIFICATION USAGE directoryOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.7 NAME 'entryCSN' DESC 'change seq
uence number of the entry content' EQUALITY CSNMatch ORDERING CSNOrderingMatc
h SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} SINGLE-VALUE NO-USER-MODIFICATION US
AGE directoryOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.13 NAME 'namingCSN' DESC 'change s
equence number of the entry naming (RDN)' EQUALITY CSNMatch ORDERING CSNOrder
ingMatch SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} SINGLE-VALUE NO-USER-MODIFICA
TION USAGE directoryOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.23 NAME 'syncreplCookie' DESC 'syn
crepl Cookie for shadow copy' EQUALITY octetStringMatch ORDERING octetStringO
rderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE NO-USER-MODIFI
CATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.25 NAME 'contextCSN' DESC 'the lar
gest committed CSN of a context' EQUALITY CSNMatch ORDERING CSNOrderingMatch
SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} NO-USER-MODIFICATION USAGE dSAOperatio
n )
olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer' DESC 'RFC4512
: alternative servers' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE dSAOperatio
n )
olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts' DESC 'RF
C4512: naming contexts' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperati
on )
olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl' DESC
'RFC4512: supported controls' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAO
peration )
olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension' DESC
'RFC4512: supported extended operations' SYNTAX 1.3.6.1.4.1.1466.115.121.1.3
8 USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion' D
ESC 'RFC4512: supported LDAP versions' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 U
SAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms
' DESC 'RFC4512: supported SASL mechanisms' SYNTAX 1.3.6.1.4.1.1466.115.121.1
.15 USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.1.3.5 NAME 'supportedFeatures' DESC 'RFC
4512: features supported by the server' EQUALITY objectIdentifierMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.10 NAME 'monitorContext' DESC 'mon
itor context' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121
.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.1 NAME 'configContext' DESC 'conf
ig context' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1
.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.1.4 NAME 'vendorName' DESC 'RFC3045: name of impl
ementation vendor' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.
15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.1.5 NAME 'vendorVersion' DESC 'RFC3045: version o
f implementation' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.1
5 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 2.5.18.5 NAME 'administrativeRole' DESC 'RFC3672: adminis
trative role' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.
1.38 USAGE directoryOperation )
olcAttributeTypes: ( 2.5.18.6 NAME 'subtreeSpecification' DESC 'RFC3672: subtr
ee specification' SYNTAX 1.3.6.1.4.1.1466.115.121.1.45 SINGLE-VALUE USAGE dir
ectoryOperation )
olcAttributeTypes: ( 2.5.21.1 NAME 'dITStructureRules' DESC 'RFC4512: DIT stru
cture rules' EQUALITY integerFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.
121.1.17 USAGE directoryOperation )
olcAttributeTypes: ( 2.5.21.2 NAME 'dITContentRules' DESC 'RFC4512: DIT conten
t rules' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466
.115.121.1.16 USAGE directoryOperation )
olcAttributeTypes: ( 2.5.21.4 NAME 'matchingRules' DESC 'RFC4512: matching rul
es' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.
121.1.30 USAGE directoryOperation )
olcAttributeTypes: ( 2.5.21.5 NAME 'attributeTypes' DESC 'RFC4512: attribute t
ypes' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.11
5.121.1.3 USAGE directoryOperation )
olcAttributeTypes: ( 2.5.21.6 NAME 'objectClasses' DESC 'RFC4512: object class
es' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.
121.1.37 USAGE directoryOperation )
olcAttributeTypes: ( 2.5.21.7 NAME 'nameForms' DESC 'RFC4512: name forms ' EQU
ALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.3
5 USAGE directoryOperation )
olcAttributeTypes: ( 2.5.21.8 NAME 'matchingRuleUse' DESC 'RFC4512: matching r
ule uses' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.146
6.115.121.1.31 USAGE directoryOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes' DESC 'RFC
4512: LDAP syntaxes' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.
6.1.4.1.1466.115.121.1.54 USAGE directoryOperation )
olcAttributeTypes: ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' ) D
ESC 'RFC4512: name of aliased object' EQUALITY distinguishedNameMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
olcAttributeTypes: ( 2.16.840.1.113730.3.1.34 NAME 'ref' DESC 'RFC3296: subord
inate referral URL' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1
.15 USAGE distributedOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.1.3.1 NAME 'entry' DESC 'OpenLDAP ACL en
try pseudo-attribute' SYNTAX 1.3.6.1.4.1.4203.1.1.1 SINGLE-VALUE NO-USER-MODI
FICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.1.3.2 NAME 'children' DESC 'OpenLDAP ACL
children pseudo-attribute' SYNTAX 1.3.6.1.4.1.4203.1.1.1 SINGLE-VALUE NO-USE
R-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.8 NAME ( 'authzTo' 'saslAuthzTo' )
DESC 'proxy authorization targets' EQUALITY authzMatch SYNTAX 1.3.6.1.4.1.42
03.666.2.7 USAGE distributedOperation X-ORDERED 'VALUES' )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.9 NAME ( 'authzFrom' 'saslAuthzFro
m' ) DESC 'proxy authorization sources' EQUALITY authzMatch SYNTAX 1.3.6.1.4.
1.4203.666.2.7 USAGE distributedOperation X-ORDERED 'VALUES' )
olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.119.3 NAME 'entryTtl' DESC 'RFC2589:
entry time-to-live' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USE
R-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.119.4 NAME 'dynamicSubtrees' DESC 'R
FC2589: dynamic subtrees' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFI
CATION USAGE dSAOperation )
olcAttributeTypes: ( 2.5.4.49 NAME 'distinguishedName' DESC 'RFC4519: common s
upertype of DN attributes' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1
.1466.115.121.1.12 )
olcAttributeTypes: ( 2.5.4.41 NAME 'name' DESC 'RFC4519: common supertype of n
ame attributes' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYN
TAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
olcAttributeTypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' ) DESC 'RFC4519: common
name(s) for which the entity is known by' SUP name )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) DESC 'R
FC4519: user identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrings
Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: ( 1.3.6.1.1.1.1.0 NAME 'uidNumber' DESC 'RFC2307: An intege
r uniquely identifying a user in an administrative domain' EQUALITY integerMa
tch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE
-VALUE )
olcAttributeTypes: ( 1.3.6.1.1.1.1.1 NAME 'gidNumber' DESC 'RFC2307: An intege
r uniquely identifying a group in an administrative domain' EQUALITY integerM
atch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGL
E-VALUE )
olcAttributeTypes: ( 2.5.4.35 NAME 'userPassword' DESC 'RFC4519/2307: password
of user' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128}
)
olcAttributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' DESC 'RFC2079: Uni
form Resource Identifier with optional label' EQUALITY caseExactMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: ( 2.5.4.13 NAME 'description' DESC 'RFC4519: descriptive in
formation' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1
.3.6.1.4.1.1466.115.121.1.15{1024} )
olcAttributeTypes: ( 2.5.4.34 NAME 'seeAlso' DESC 'RFC4519: DN of related obje
ct' SUP distinguishedName )
olcAttributeTypes: ( OLcfgGlAt:78 NAME 'olcConfigFile' DESC 'File for slapd co
nfiguration directives' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString SI
NGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:79 NAME 'olcConfigDir' DESC 'Directory for slap
d configuration backend' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString S
INGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:1 NAME 'olcAccess' DESC 'Access Control List' E
QUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
olcAttributeTypes: ( OLcfgGlAt:86 NAME 'olcAddContentAcl' DESC 'Check ACLs aga
inst content of Add ops' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:2 NAME 'olcAllows' DESC 'Allowed set of depreca
ted features' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgGlAt:3 NAME 'olcArgsFile' DESC 'File for slapd comma
nd line options' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGLE-VA
LUE )
olcAttributeTypes: ( OLcfgGlAt:5 NAME 'olcAttributeOptions' EQUALITY caseIgnor
eMatch SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgGlAt:4 NAME 'olcAttributeTypes' DESC 'OpenLDAP attri
buteTypes' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX O
MsDirectoryString X-ORDERED 'VALUES' )
olcAttributeTypes: ( OLcfgGlAt:6 NAME 'olcAuthIDRewrite' EQUALITY caseIgnoreMa
tch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
olcAttributeTypes: ( OLcfgGlAt:7 NAME 'olcAuthzPolicy' EQUALITY caseIgnoreMatc
h SYNTAX OMsDirectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:8 NAME 'olcAuthzRegexp' EQUALITY caseIgnoreMatc
h SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
olcAttributeTypes: ( OLcfgGlAt:9 NAME 'olcBackend' DESC 'A type of backend' EQ
UALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGLE-VALUE X-ORDERED 'SIBL
INGS' )
olcAttributeTypes: ( OLcfgGlAt:10 NAME 'olcConcurrency' SYNTAX OMsInteger SING
LE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:11 NAME 'olcConnMaxPending' SYNTAX OMsInteger S
INGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:12 NAME 'olcConnMaxPendingAuth' SYNTAX OMsInteg
er SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:13 NAME 'olcDatabase' DESC 'The backend type fo
r a database instance' SUP olcBackend SINGLE-VALUE X-ORDERED 'SIBLINGS' )
olcAttributeTypes: ( OLcfgGlAt:14 NAME 'olcDefaultSearchBase' SYNTAX OMsDN SIN
GLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:15 NAME 'olcDisallows' EQUALITY caseIgnoreMatch
SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgGlAt:16 NAME 'olcDitContentRules' DESC 'OpenLDAP DIT
content rules' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYN
TAX OMsDirectoryString X-ORDERED 'VALUES' )
olcAttributeTypes: ( OLcfgDbAt:0.20 NAME 'olcExtraAttrs' EQUALITY caseIgnoreMa
tch SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgGlAt:17 NAME 'olcGentleHUP' SYNTAX OMsBoolean SINGLE
-VALUE )
olcAttributeTypes: ( OLcfgDbAt:0.17 NAME 'olcHidden' SYNTAX OMsBoolean SINGLE-
VALUE )
olcAttributeTypes: ( OLcfgGlAt:18 NAME 'olcIdleTimeout' SYNTAX OMsInteger SING
LE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:19 NAME 'olcInclude' SUP labeledURI )
olcAttributeTypes: ( OLcfgGlAt:20 NAME 'olcIndexSubstrIfMinLen' SYNTAX OMsInte
ger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:21 NAME 'olcIndexSubstrIfMaxLen' SYNTAX OMsInte
ger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:22 NAME 'olcIndexSubstrAnyLen' SYNTAX OMsIntege
r SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:23 NAME 'olcIndexSubstrAnyStep' SYNTAX OMsInteg
er SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:84 NAME 'olcIndexIntLen' SYNTAX OMsInteger SING
LE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:0.4 NAME 'olcLastMod' SYNTAX OMsBoolean SINGLE-
VALUE )
olcAttributeTypes: ( OLcfgGlAt:85 NAME 'olcLdapSyntaxes' DESC 'OpenLDAP ldapSy
ntax' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX OMsDir
ectoryString X-ORDERED 'VALUES' )
olcAttributeTypes: ( OLcfgDbAt:0.5 NAME 'olcLimits' EQUALITY caseIgnoreMatch S
YNTAX OMsDirectoryString X-ORDERED 'VALUES' )
olcAttributeTypes: ( OLcfgGlAt:93 NAME 'olcListenerThreads' SYNTAX OMsInteger
SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:26 NAME 'olcLocalSSF' SYNTAX OMsInteger SINGLE-
VALUE )
olcAttributeTypes: ( OLcfgGlAt:27 NAME 'olcLogFile' SYNTAX OMsDirectoryString
SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:28 NAME 'olcLogLevel' EQUALITY caseIgnoreMatch
SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgDbAt:0.6 NAME 'olcMaxDerefDepth' SYNTAX OMsInteger S
INGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:0.16 NAME 'olcMirrorMode' SYNTAX OMsBoolean SIN
GLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:30 NAME 'olcModuleLoad' EQUALITY caseIgnoreMatc
h SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
olcAttributeTypes: ( OLcfgGlAt:31 NAME 'olcModulePath' SYNTAX OMsDirectoryStri
ng SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:0.18 NAME 'olcMonitoring' SYNTAX OMsBoolean SIN
GLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:32 NAME 'olcObjectClasses' DESC 'OpenLDAP objec
t classes' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX O
MsDirectoryString X-ORDERED 'VALUES' )
olcAttributeTypes: ( OLcfgGlAt:33 NAME 'olcObjectIdentifier' EQUALITY caseIgno
reMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX OMsDirectoryString X-ORDERED
'VALUES' )
olcAttributeTypes: ( OLcfgGlAt:34 NAME 'olcOverlay' SUP olcDatabase SINGLE-VAL
UE X-ORDERED 'SIBLINGS' )
olcAttributeTypes: ( OLcfgGlAt:35 NAME 'olcPasswordCryptSaltFormat' SYNTAX OMs
DirectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:36 NAME 'olcPasswordHash' EQUALITY caseIgnoreMa
tch SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgGlAt:37 NAME 'olcPidFile' SYNTAX OMsDirectoryString
SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:38 NAME 'olcPlugin' EQUALITY caseIgnoreMatch SY
NTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgGlAt:39 NAME 'olcPluginLogFile' SYNTAX OMsDirectoryS
tring SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:40 NAME 'olcReadOnly' SYNTAX OMsBoolean SINGLE-
VALUE )
olcAttributeTypes: ( OLcfgGlAt:41 NAME 'olcReferral' SUP labeledURI SINGLE-VAL
UE )
olcAttributeTypes: ( OLcfgDbAt:0.7 NAME 'olcReplica' SUP labeledURI EQUALITY c
aseIgnoreMatch X-ORDERED 'VALUES' )
olcAttributeTypes: ( OLcfgGlAt:43 NAME 'olcReplicaArgsFile' SYNTAX OMsDirector
yString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:44 NAME 'olcReplicaPidFile' SYNTAX OMsDirectory
String SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:45 NAME 'olcReplicationInterval' SYNTAX OMsInte
ger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:46 NAME 'olcReplogFile' SYNTAX OMsDirectoryStri
ng SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:47 NAME 'olcRequires' EQUALITY caseIgnoreMatch
SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgGlAt:48 NAME 'olcRestrict' EQUALITY caseIgnoreMatch
SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgGlAt:49 NAME 'olcReverseLookup' SYNTAX OMsBoolean SI
NGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:0.8 NAME 'olcRootDN' EQUALITY distinguishedName
Match SYNTAX OMsDN SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:51 NAME 'olcRootDSE' EQUALITY caseIgnoreMatch S
YNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgDbAt:0.9 NAME 'olcRootPW' SYNTAX OMsDirectoryString
SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:89 NAME 'olcSaslAuxprops' SYNTAX OMsDirectorySt
ring SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:53 NAME 'olcSaslHost' SYNTAX OMsDirectoryString
SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:54 NAME 'olcSaslRealm' SYNTAX OMsDirectoryStrin
g SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:56 NAME 'olcSaslSecProps' SYNTAX OMsDirectorySt
ring SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:58 NAME 'olcSchemaDN' EQUALITY distinguishedNam
eMatch SYNTAX OMsDN SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:59 NAME 'olcSecurity' EQUALITY caseIgnoreMatch
SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgGlAt:81 NAME 'olcServerID' EQUALITY caseIgnoreMatch
SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgGlAt:60 NAME 'olcSizeLimit' SYNTAX OMsDirectoryStrin
g SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:61 NAME 'olcSockbufMaxIncoming' SYNTAX OMsInteg
er SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:62 NAME 'olcSockbufMaxIncomingAuth' SYNTAX OMsI
nteger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:83 NAME 'olcSortVals' DESC 'Attributes whose va
lues will always be sorted' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryStrin
g )
olcAttributeTypes: ( OLcfgDbAt:0.15 NAME 'olcSubordinate' SYNTAX OMsDirectoryS
tring SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:0.10 NAME 'olcSuffix' EQUALITY distinguishedNam
eMatch SYNTAX OMsDN )
olcAttributeTypes: ( OLcfgDbAt:0.19 NAME 'olcSyncUseSubentry' DESC 'Store sync
context in a subentry' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:0.11 NAME 'olcSyncrepl' EQUALITY caseIgnoreMatc
h SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
olcAttributeTypes: ( OLcfgGlAt:90 NAME 'olcTCPBuffer' DESC 'Custom TCP buffer
size' SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgGlAt:66 NAME 'olcThreads' SYNTAX OMsInteger SINGLE-V
ALUE )
olcAttributeTypes: ( OLcfgGlAt:67 NAME 'olcTimeLimit' SYNTAX OMsDirectoryStrin
g )
olcAttributeTypes: ( OLcfgGlAt:68 NAME 'olcTLSCACertificateFile' SYNTAX OMsDir
ectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:69 NAME 'olcTLSCACertificatePath' SYNTAX OMsDir
ectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:70 NAME 'olcTLSCertificateFile' SYNTAX OMsDirec
toryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:71 NAME 'olcTLSCertificateKeyFile' SYNTAX OMsDi
rectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:72 NAME 'olcTLSCipherSuite' SYNTAX OMsDirectory
String SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:73 NAME 'olcTLSCRLCheck' SYNTAX OMsDirectoryStr
ing SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:82 NAME 'olcTLSCRLFile' SYNTAX OMsDirectoryStri
ng SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:74 NAME 'olcTLSRandFile' SYNTAX OMsDirectoryStr
ing SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:75 NAME 'olcTLSVerifyClient' SYNTAX OMsDirector
yString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:77 NAME 'olcTLSDHParamFile' SYNTAX OMsDirectory
String SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:87 NAME 'olcTLSProtocolMin' SYNTAX OMsDirectory
String SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:80 NAME 'olcToolThreads' SYNTAX OMsInteger SING
LE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:0.12 NAME 'olcUpdateDN' SYNTAX OMsDN SINGLE-VAL
UE )
olcAttributeTypes: ( OLcfgDbAt:0.13 NAME 'olcUpdateRef' SUP labeledURI EQUALIT
Y caseIgnoreMatch )
olcAttributeTypes: ( OLcfgGlAt:88 NAME 'olcWriteTimeout' SYNTAX OMsInteger SIN
GLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:0.1 NAME 'olcDbDirectory' DESC 'Directory for d
atabase content' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGLE-VA
LUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.5 NAME 'OpenLDAPaci' DESC 'OpenLDA
P access control information (experimental)' EQUALITY OpenLDAPaciMatch SYNTAX
1.3.6.1.4.1.4203.666.2.1 USAGE directoryOperation )
olcAttributeTypes: ( OLcfgDbAt:1.11 NAME 'olcDbCacheFree' DESC 'Number of extr
a entries to free when max is reached' SYNTAX OMsInteger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:1.1 NAME 'olcDbCacheSize' DESC 'Entry cache siz
e in entries' SYNTAX OMsInteger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:1.2 NAME 'olcDbCheckpoint' DESC 'Database check
point interval in kbytes and minutes' SYNTAX OMsDirectoryString SINGLE-VALUE
)
olcAttributeTypes: ( OLcfgDbAt:1.16 NAME 'olcDbChecksum' DESC 'Enable database
checksum validation' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:1.13 NAME 'olcDbCryptFile' DESC 'Pathname of fi
le containing the DB encryption key' SYNTAX OMsDirectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:1.14 NAME 'olcDbCryptKey' DESC 'DB encryption k
ey' SYNTAX OMsOctetString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:1.3 NAME 'olcDbConfig' DESC 'BerkeleyDB DB_CONF
IG configuration directives' SYNTAX OMsIA5String X-ORDERED 'VALUES' )
olcAttributeTypes: ( OLcfgDbAt:1.4 NAME 'olcDbNoSync' DESC 'Disable synchronou
s database writes' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:1.15 NAME 'olcDbPageSize' DESC 'Page size of sp
ecified DB, in Kbytes' EQUALITY caseExactMatch SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgDbAt:1.5 NAME 'olcDbDirtyRead' DESC 'Allow reads of
uncommitted data' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:1.12 NAME 'olcDbDNcacheSize' DESC 'DN cache siz
e' SYNTAX OMsInteger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:1.6 NAME 'olcDbIDLcacheSize' DESC 'IDL cache si
ze in IDLs' SYNTAX OMsInteger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:0.2 NAME 'olcDbIndex' DESC 'Attribute index par
ameters' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgDbAt:1.7 NAME 'olcDbLinearIndex' DESC 'Index attribu
tes one at a time' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:1.8 NAME 'olcDbLockDetect' DESC 'Deadlock detec
tion algorithm' SYNTAX OMsDirectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:0.3 NAME 'olcDbMode' DESC 'Unix permissions of
database files' SYNTAX OMsDirectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:1.9 NAME 'olcDbSearchStack' DESC 'Depth of sear
ch stack in IDLs' SYNTAX OMsInteger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:1.10 NAME 'olcDbShmKey' DESC 'Key for shared me
mory region' SYNTAX OMsInteger SINGLE-VALUE )
olcObjectClasses: ( 2.5.6.0 NAME 'top' DESC 'top of the superclass chain' ABST
RACT MUST objectClass )
olcObjectClasses: ( 1.3.6.1.4.1.1466.101.120.111 NAME 'extensibleObject' DESC
'RFC4512: extensible object' SUP top AUXILIARY )
olcObjectClasses: ( 2.5.6.1 NAME 'alias' DESC 'RFC4512: an alias' SUP top STRU
CTURAL MUST aliasedObjectName )
olcObjectClasses: ( 2.16.840.1.113730.3.2.6 NAME 'referral' DESC 'namedref: na
med subordinate referral' SUP top STRUCTURAL MUST ref )
olcObjectClasses: ( 1.3.6.1.4.1.4203.1.4.1 NAME ( 'OpenLDAProotDSE' 'LDAProotD
SE' ) DESC 'OpenLDAP Root DSE object' SUP top STRUCTURAL MAY cn )
olcObjectClasses: ( 2.5.17.0 NAME 'subentry' DESC 'RFC3672: subentry' SUP top
STRUCTURAL MUST ( cn $ subtreeSpecification ) )
olcObjectClasses: ( 2.5.20.1 NAME 'subschema' DESC 'RFC4512: controlling subsc
hema (sub)entry' AUXILIARY MAY ( dITStructureRules $ nameForms $ dITContentRu
les $ objectClasses $ attributeTypes $ matchingRules $ matchingRuleUse ) )
olcObjectClasses: ( 1.3.6.1.4.1.1466.101.119.2 NAME 'dynamicObject' DESC 'RFC2
589: Dynamic Object' SUP top AUXILIARY )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.4 NAME 'glue' DESC 'Glue Entry' SUP
top STRUCTURAL )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.5 NAME 'syncConsumerSubentry' DESC
'Persistent Info for SyncRepl Consumer' AUXILIARY MAY syncreplCookie )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.6 NAME 'syncProviderSubentry' DESC
'Persistent Info for SyncRepl Producer' AUXILIARY MAY contextCSN )
olcObjectClasses: ( OLcfgGlOc:0 NAME 'olcConfig' DESC 'OpenLDAP configuration
object' SUP top ABSTRACT )
olcObjectClasses: ( OLcfgGlOc:1 NAME 'olcGlobal' DESC 'OpenLDAP Global configu
ration options' SUP olcConfig STRUCTURAL MAY ( cn $ olcConfigFile $ olcConfig
Dir $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAuthIDRewrite $ olcA
uthzPolicy $ olcAuthzRegexp $ olcConcurrency $ olcConnMaxPending $ olcConnMax
PendingAuth $ olcDisallows $ olcGentleHUP $ olcIdleTimeout $ olcIndexSubstrIf
MaxLen $ olcIndexSubstrIfMinLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnySte
p $ olcIndexIntLen $ olcLocalSSF $ olcLogFile $ olcLogLevel $ olcPasswordCryp
tSaltFormat $ olcPasswordHash $ olcPidFile $ olcPluginLogFile $ olcReadOnly $
olcReferral $ olcReplogFile $ olcRequires $ olcRestrict $ olcReverseLookup $
olcRootDSE $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps
$ olcSecurity $ olcServerID $ olcSizeLimit $ olcSockbufMaxIncoming $ olcSockb
ufMaxIncomingAuth $ olcTCPBuffer $ olcThreads $ olcTimeLimit $ olcTLSCACertif
icateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertifica
teKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSRandFile $ olcTLSVerif
yClient $ olcTLSDHParamFile $ olcTLSCRLFile $ olcToolThreads $ olcWriteTimeou
t $ olcObjectIdentifier $ olcAttributeTypes $ olcObjectClasses $ olcDitConten
tRules $ olcLdapSyntaxes ) )
olcObjectClasses: ( OLcfgGlOc:2 NAME 'olcSchemaConfig' DESC 'OpenLDAP schema o
bject' SUP olcConfig STRUCTURAL MAY ( cn $ olcObjectIdentifier $ olcLdapSynta
xes $ olcAttributeTypes $ olcObjectClasses $ olcDitContentRules ) )
olcObjectClasses: ( OLcfgGlOc:3 NAME 'olcBackendConfig' DESC 'OpenLDAP Backend
-specific options' SUP olcConfig STRUCTURAL MUST olcBackend )
olcObjectClasses: ( OLcfgGlOc:4 NAME 'olcDatabaseConfig' DESC 'OpenLDAP Databa
se-specific options' SUP olcConfig STRUCTURAL MUST olcDatabase MAY ( olcHidde
n $ olcSuffix $ olcSubordinate $ olcAccess $ olcAddContentAcl $ olcLastMod $
olcLimits $ olcMaxDerefDepth $ olcPlugin $ olcReadOnly $ olcReplica $ olcRepl
icaArgsFile $ olcReplicaPidFile $ olcReplicationInterval $ olcReplogFile $ ol
cRequires $ olcRestrict $ olcRootDN $ olcRootPW $ olcSchemaDN $ olcSecurity $
olcSizeLimit $ olcSyncUseSubentry $ olcSyncrepl $ olcTimeLimit $ olcUpdateDN
$ olcUpdateRef $ olcMirrorMode $ olcMonitoring $ olcExtraAttrs ) )
olcObjectClasses: ( OLcfgGlOc:5 NAME 'olcOverlayConfig' DESC 'OpenLDAP Overlay
-specific options' SUP olcConfig STRUCTURAL MUST olcOverlay )
olcObjectClasses: ( OLcfgGlOc:6 NAME 'olcIncludeFile' DESC 'OpenLDAP configura
tion include file' SUP olcConfig STRUCTURAL MUST olcInclude MAY ( cn $ olcRoo
tDSE ) )
olcObjectClasses: ( OLcfgGlOc:7 NAME 'olcFrontendConfig' DESC 'OpenLDAP fronte
nd configuration' AUXILIARY MAY ( olcDefaultSearchBase $ olcPasswordHash $ ol
cSortVals ) )
olcObjectClasses: ( OLcfgGlOc:8 NAME 'olcModuleList' DESC 'OpenLDAP dynamic mo
dule info' SUP olcConfig STRUCTURAL MAY ( cn $ olcModulePath $ olcModuleLoad
) )
olcObjectClasses: ( OLcfgDbOc:2.1 NAME 'olcLdifConfig' DESC 'LDIF backend conf
iguration' SUP olcDatabaseConfig STRUCTURAL MUST olcDbDirectory )
olcObjectClasses: ( OLcfgDbOc:1.2 NAME 'olcHdbConfig' DESC 'HDB backend config
uration' SUP olcDatabaseConfig STRUCTURAL MUST olcDbDirectory MAY ( olcDbCach
eSize $ olcDbCheckpoint $ olcDbConfig $ olcDbCryptFile $ olcDbCryptKey $ olcD
bNoSync $ olcDbDirtyRead $ olcDbIDLcacheSize $ olcDbIndex $ olcDbLinearIndex
$ olcDbLockDetect $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $ olcDbCacheFr
ee $ olcDbDNcacheSize $ olcDbPageSize ) )
structuralObjectClass: olcSchemaConfig
entryUUID: 5605c11a-6a95-1032-9776-cf219862f309
creatorsName: cn=config
createTimestamp: 20130616055713Z
entryCSN: 20130616055713.639138Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20130616055713Z

243
lsexample/slapd/slapd.d/cn=config/cn=schema/cn={0}core.ldif
View file

@ -1,243 +0,0 @@
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 b1b9e123
dn: cn={0}core
objectClass: olcSchemaConfig
cn: {0}core
olcAttributeTypes: {0}( 2.5.4.2 NAME 'knowledgeInformation' DESC 'RFC2256: kno
wledge information' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.
1.15{32768} )
olcAttributeTypes: {1}( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (f
amily) name(s) for which the entity is known by' SUP name )
olcAttributeTypes: {2}( 2.5.4.5 NAME 'serialNumber' DESC 'RFC2256: serial numb
er of the entity' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S
YNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
olcAttributeTypes: {3}( 2.5.4.6 NAME ( 'c' 'countryName' ) DESC 'RFC2256: ISO-
3166 country 2-letter code' SUP name SINGLE-VALUE )
olcAttributeTypes: {4}( 2.5.4.7 NAME ( 'l' 'localityName' ) DESC 'RFC2256: loc
ality which this object resides in' SUP name )
olcAttributeTypes: {5}( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) DESC 'RFC2
256: state or province which this object resides in' SUP name )
olcAttributeTypes: {6}( 2.5.4.9 NAME ( 'street' 'streetAddress' ) DESC 'RFC225
6: street address of this object' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreS
ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
olcAttributeTypes: {7}( 2.5.4.10 NAME ( 'o' 'organizationName' ) DESC 'RFC2256
: organization this object belongs to' SUP name )
olcAttributeTypes: {8}( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) DESC '
RFC2256: organizational unit this object belongs to' SUP name )
olcAttributeTypes: {9}( 2.5.4.12 NAME 'title' DESC 'RFC2256: title associated
with the entity' SUP name )
olcAttributeTypes: {10}( 2.5.4.14 NAME 'searchGuide' DESC 'RFC2256: search gui
de, deprecated by enhancedSearchGuide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
olcAttributeTypes: {11}( 2.5.4.15 NAME 'businessCategory' DESC 'RFC2256: busin
ess category' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTA
X 1.3.6.1.4.1.1466.115.121.1.15{128} )
olcAttributeTypes: {12}( 2.5.4.16 NAME 'postalAddress' DESC 'RFC2256: postal a
ddress' EQUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYN
TAX 1.3.6.1.4.1.1466.115.121.1.41 )
olcAttributeTypes: {13}( 2.5.4.17 NAME 'postalCode' DESC 'RFC2256: postal code
' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.
1.1466.115.121.1.15{40} )
olcAttributeTypes: {14}( 2.5.4.18 NAME 'postOfficeBox' DESC 'RFC2256: Post Off
ice Box' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3
.6.1.4.1.1466.115.121.1.15{40} )
olcAttributeTypes: {15}( 2.5.4.19 NAME 'physicalDeliveryOfficeName' DESC 'RFC2
256: Physical Delivery Office Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnor
eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
olcAttributeTypes: {16}( 2.5.4.20 NAME 'telephoneNumber' DESC 'RFC2256: Teleph
one Number' EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMat
ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
olcAttributeTypes: {17}( 2.5.4.21 NAME 'telexNumber' DESC 'RFC2256: Telex Numb
er' SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
olcAttributeTypes: {18}( 2.5.4.22 NAME 'teletexTerminalIdentifier' DESC 'RFC22
56: Teletex Terminal Identifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
olcAttributeTypes: {19}( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) DE
SC 'RFC2256: Facsimile (Fax) Telephone Number' SYNTAX 1.3.6.1.4.1.1466.115.12
1.1.22 )
olcAttributeTypes: {20}( 2.5.4.24 NAME 'x121Address' DESC 'RFC2256: X.121 Addr
ess' EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1
.3.6.1.4.1.1466.115.121.1.36{15} )
olcAttributeTypes: {21}( 2.5.4.25 NAME 'internationaliSDNNumber' DESC 'RFC2256
: international ISDN number' EQUALITY numericStringMatch SUBSTR numericString
SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
olcAttributeTypes: {22}( 2.5.4.26 NAME 'registeredAddress' DESC 'RFC2256: regi
stered postal address' SUP postalAddress SYNTAX 1.3.6.1.4.1.1466.115.121.1.41
)
olcAttributeTypes: {23}( 2.5.4.27 NAME 'destinationIndicator' DESC 'RFC2256: d
estination indicator' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat
ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
olcAttributeTypes: {24}( 2.5.4.28 NAME 'preferredDeliveryMethod' DESC 'RFC2256
: preferred delivery method' SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 SINGLE-VALU
E )
olcAttributeTypes: {25}( 2.5.4.29 NAME 'presentationAddress' DESC 'RFC2256: pr
esentation address' EQUALITY presentationAddressMatch SYNTAX 1.3.6.1.4.1.1466
.115.121.1.43 SINGLE-VALUE )
olcAttributeTypes: {26}( 2.5.4.30 NAME 'supportedApplicationContext' DESC 'RFC
2256: supported application context' EQUALITY objectIdentifierMatch SYNTAX 1.
3.6.1.4.1.1466.115.121.1.38 )
olcAttributeTypes: {27}( 2.5.4.31 NAME 'member' DESC 'RFC2256: member of a gro
up' SUP distinguishedName )
olcAttributeTypes: {28}( 2.5.4.32 NAME 'owner' DESC 'RFC2256: owner (of the ob
ject)' SUP distinguishedName )
olcAttributeTypes: {29}( 2.5.4.33 NAME 'roleOccupant' DESC 'RFC2256: occupant
of role' SUP distinguishedName )
olcAttributeTypes: {30}( 2.5.4.36 NAME 'userCertificate' DESC 'RFC2256: X.509
user certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1.
4.1.1466.115.121.1.8 )
olcAttributeTypes: {31}( 2.5.4.37 NAME 'cACertificate' DESC 'RFC2256: X.509 CA
certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1.4.1.
1466.115.121.1.8 )
olcAttributeTypes: {32}( 2.5.4.38 NAME 'authorityRevocationList' DESC 'RFC2256
: X.509 authority revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.1
21.1.9 )
olcAttributeTypes: {33}( 2.5.4.39 NAME 'certificateRevocationList' DESC 'RFC22
56: X.509 certificate revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.1
15.121.1.9 )
olcAttributeTypes: {34}( 2.5.4.40 NAME 'crossCertificatePair' DESC 'RFC2256: X
.509 cross certificate pair, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.1
0 )
olcAttributeTypes: {35}( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC 'RFC2256: fir
st name(s) for which the entity is known by' SUP name )
olcAttributeTypes: {36}( 2.5.4.43 NAME 'initials' DESC 'RFC2256: initials of s
ome or all of names, but not the surname(s).' SUP name )
olcAttributeTypes: {37}( 2.5.4.44 NAME 'generationQualifier' DESC 'RFC2256: na
me qualifier indicating a generation' SUP name )
olcAttributeTypes: {38}( 2.5.4.45 NAME 'x500UniqueIdentifier' DESC 'RFC2256: X
.500 unique identifier' EQUALITY bitStringMatch SYNTAX 1.3.6.1.4.1.1466.115.1
21.1.6 )
olcAttributeTypes: {39}( 2.5.4.46 NAME 'dnQualifier' DESC 'RFC2256: DN qualifi
er' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgno
reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
olcAttributeTypes: {40}( 2.5.4.47 NAME 'enhancedSearchGuide' DESC 'RFC2256: en
hanced search guide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
olcAttributeTypes: {41}( 2.5.4.48 NAME 'protocolInformation' DESC 'RFC2256: pr
otocol information' EQUALITY protocolInformationMatch SYNTAX 1.3.6.1.4.1.1466
.115.121.1.42 )
olcAttributeTypes: {42}( 2.5.4.50 NAME 'uniqueMember' DESC 'RFC2256: unique me
mber of a group' EQUALITY uniqueMemberMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1
.34 )
olcAttributeTypes: {43}( 2.5.4.51 NAME 'houseIdentifier' DESC 'RFC2256: house
identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15{32768} )
olcAttributeTypes: {44}( 2.5.4.52 NAME 'supportedAlgorithms' DESC 'RFC2256: su
pported algorithms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
olcAttributeTypes: {45}( 2.5.4.53 NAME 'deltaRevocationList' DESC 'RFC2256: de
lta revocation list; use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
olcAttributeTypes: {46}( 2.5.4.54 NAME 'dmdName' DESC 'RFC2256: name of DMD' S
UP name )
olcAttributeTypes: {47}( 2.5.4.65 NAME 'pseudonym' DESC 'X.520(4th): pseudonym
for the object' SUP name )
olcAttributeTypes: {48}( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbo
x' ) DESC 'RFC1274: RFC822 Mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIg
noreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
olcAttributeTypes: {49}( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainCompone
nt' ) DESC 'RFC1274/2247: domain component' EQUALITY caseIgnoreIA5Match SUBST
R caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VA
LUE )
olcAttributeTypes: {50}( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' DE
SC 'RFC1274: domain associated with object' EQUALITY caseIgnoreIA5Match SUBST
R caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {51}( 1.2.840.113549.1.9.1 NAME ( 'email' 'emailAddress' 'p
kcs9email' ) DESC 'RFC3280: legacy attribute for email addresses in DNs' EQUA
LITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.
1.1466.115.121.1.26{128} )
olcObjectClasses: {0}( 2.5.6.2 NAME 'country' DESC 'RFC2256: a country' SUP to
p STRUCTURAL MUST c MAY ( searchGuide $ description ) )
olcObjectClasses: {1}( 2.5.6.3 NAME 'locality' DESC 'RFC2256: a locality' SUP
top STRUCTURAL MAY ( street $ seeAlso $ searchGuide $ st $ l $ description )
)
olcObjectClasses: {2}( 2.5.6.4 NAME 'organization' DESC 'RFC2256: an organizat
ion' SUP top STRUCTURAL MUST o MAY ( userPassword $ searchGuide $ seeAlso $ b
usinessCategory $ x121Address $ registeredAddress $ destinationIndicator $ pr
eferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNu
mber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOffi
ceBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ de
scription ) )
olcObjectClasses: {3}( 2.5.6.5 NAME 'organizationalUnit' DESC 'RFC2256: an org
anizational unit' SUP top STRUCTURAL MUST ou MAY ( userPassword $ searchGuide
$ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destination
Indicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier
$ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ str
eet $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName
$ st $ l $ description ) )
olcObjectClasses: {4}( 2.5.6.6 NAME 'person' DESC 'RFC2256: a person' SUP top
STRUCTURAL MUST ( sn $ cn ) MAY ( userPassword $ telephoneNumber $ seeAlso $
description ) )
olcObjectClasses: {5}( 2.5.6.7 NAME 'organizationalPerson' DESC 'RFC2256: an o
rganizational person' SUP person STRUCTURAL MAY ( title $ x121Address $ regis
teredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $
teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facs
imileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ ou $ st $ l ) )
olcObjectClasses: {6}( 2.5.6.8 NAME 'organizationalRole' DESC 'RFC2256: an org
anizational role' SUP top STRUCTURAL MUST cn MAY ( x121Address $ registeredAd
dress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ telete
xTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTe
lephoneNumber $ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ p
ostOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $
st $ l $ description ) )
olcObjectClasses: {7}( 2.5.6.9 NAME 'groupOfNames' DESC 'RFC2256: a group of n
ames (DNs)' SUP top STRUCTURAL MUST ( member $ cn ) MAY ( businessCategory $
seeAlso $ owner $ ou $ o $ description ) )
olcObjectClasses: {8}( 2.5.6.10 NAME 'residentialPerson' DESC 'RFC2256: an res
idential person' SUP person STRUCTURAL MUST l MAY ( businessCategory $ x121Ad
dress $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $
telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDN
Number $ facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ postOf
ficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l )
)
olcObjectClasses: {9}( 2.5.6.11 NAME 'applicationProcess' DESC 'RFC2256: an ap
plication process' SUP top STRUCTURAL MUST cn MAY ( seeAlso $ ou $ l $ descri
ption ) )
olcObjectClasses: {10}( 2.5.6.12 NAME 'applicationEntity' DESC 'RFC2256: an ap
plication entity' SUP top STRUCTURAL MUST ( presentationAddress $ cn ) MAY (
supportedApplicationContext $ seeAlso $ ou $ o $ l $ description ) )
olcObjectClasses: {11}( 2.5.6.13 NAME 'dSA' DESC 'RFC2256: a directory system
agent (a server)' SUP applicationEntity STRUCTURAL MAY knowledgeInformation )
olcObjectClasses: {12}( 2.5.6.14 NAME 'device' DESC 'RFC2256: a device' SUP to
p STRUCTURAL MUST cn MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ desc
ription ) )
olcObjectClasses: {13}( 2.5.6.15 NAME 'strongAuthenticationUser' DESC 'RFC2256
: a strong authentication user' SUP top AUXILIARY MUST userCertificate )
olcObjectClasses: {14}( 2.5.6.16 NAME 'certificationAuthority' DESC 'RFC2256:
a certificate authority' SUP top AUXILIARY MUST ( authorityRevocationList $ c
ertificateRevocationList $ cACertificate ) MAY crossCertificatePair )
olcObjectClasses: {15}( 2.5.6.17 NAME 'groupOfUniqueNames' DESC 'RFC2256: a gr
oup of unique names (DN and Unique Identifier)' SUP top STRUCTURAL MUST ( uni
queMember $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ descript
ion ) )
olcObjectClasses: {16}( 2.5.6.18 NAME 'userSecurityInformation' DESC 'RFC2256:
a user security information' SUP top AUXILIARY MAY supportedAlgorithms )
olcObjectClasses: {17}( 2.5.6.16.2 NAME 'certificationAuthority-V2' SUP certif
icationAuthority AUXILIARY MAY deltaRevocationList )
olcObjectClasses: {18}( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top STRUCTURA
L MUST cn MAY ( certificateRevocationList $ authorityRevocationList $ deltaRe
vocationList ) )
olcObjectClasses: {19}( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST dmdName MA
Y ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ r
egisteredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumb
er $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddres
s $ physicalDeliveryOfficeName $ st $ l $ description ) )
olcObjectClasses: {20}( 2.5.6.21 NAME 'pkiUser' DESC 'RFC2587: a PKI user' SUP
top AUXILIARY MAY userCertificate )
olcObjectClasses: {21}( 2.5.6.22 NAME 'pkiCA' DESC 'RFC2587: PKI certificate a
uthority' SUP top AUXILIARY MAY ( authorityRevocationList $ certificateRevoca
tionList $ cACertificate $ crossCertificatePair ) )
olcObjectClasses: {22}( 2.5.6.23 NAME 'deltaCRL' DESC 'RFC2587: PKI user' SUP
top AUXILIARY MAY deltaRevocationList )
olcObjectClasses: {23}( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' DESC 'RFC
2079: object that contains the URI attribute type' SUP top AUXILIARY MAY labe
ledURI )
olcObjectClasses: {24}( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
DESC 'RFC1274: simple security object' SUP top AUXILIARY MUST userPassword )
olcObjectClasses: {25}( 1.3.6.1.4.1.1466.344 NAME 'dcObject' DESC 'RFC2247: do
main component object' SUP top AUXILIARY MUST dc )
olcObjectClasses: {26}( 1.3.6.1.1.3.1 NAME 'uidObject' DESC 'RFC2377: uid obje
ct' SUP top AUXILIARY MUST uid )
structuralObjectClass: olcSchemaConfig
entryUUID: 56061354-6a95-1032-9777-cf219862f309
creatorsName: cn=config
createTimestamp: 20130616055713Z
entryCSN: 20130616055713.639138Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20130616055713Z

177
lsexample/slapd/slapd.d/cn=config/cn=schema/cn={1}cosine.ldif
View file

@ -1,177 +0,0 @@
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 75de0966
dn: cn={1}cosine
objectClass: olcSchemaConfig
cn: {1}cosine
olcAttributeTypes: {0}( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress'
EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.
1466.115.121.1.15{256} )
olcAttributeTypes: {1}( 0.9.2342.19200300.100.1.4 NAME 'info' DESC 'RFC1274: g
eneral information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )
olcAttributeTypes: {2}( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDri
nk' ) DESC 'RFC1274: favorite drink' EQUALITY caseIgnoreMatch SUBSTR caseIgno
reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {3}( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC 'RFC1
274: room number' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch S
YNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {4}( 0.9.2342.19200300.100.1.7 NAME 'photo' DESC 'RFC1274:
photo (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} )
olcAttributeTypes: {5}( 0.9.2342.19200300.100.1.8 NAME 'userClass' DESC 'RFC12
74: category of user' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMat
ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {6}( 0.9.2342.19200300.100.1.9 NAME 'host' DESC 'RFC1274: h
ost computer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTA
X 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {7}( 0.9.2342.19200300.100.1.10 NAME 'manager' DESC 'RFC127
4: DN of manager' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115
.121.1.12 )
olcAttributeTypes: {8}( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' D
ESC 'RFC1274: unique identifier of document' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {9}( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' DESC '
RFC1274: title of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstri
ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {10}( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' DES
C 'RFC1274: version of document' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSu
bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {11}( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' DESC
'RFC1274: DN of author of document' EQUALITY distinguishedNameMatch SYNTAX 1
.3.6.1.4.1.1466.115.121.1.12 )
olcAttributeTypes: {12}( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' DE
SC 'RFC1274: location of document original' EQUALITY caseIgnoreMatch SUBSTR c
aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {13}( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTe
lephoneNumber' ) DESC 'RFC1274: home telephone number' EQUALITY telephoneNumb
erMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121
.1.50 )
olcAttributeTypes: {14}( 0.9.2342.19200300.100.1.21 NAME 'secretary' DESC 'RFC
1274: DN of secretary' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.146
6.115.121.1.12 )
olcAttributeTypes: {15}( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' SYNTAX
1.3.6.1.4.1.1466.115.121.1.39 )
olcAttributeTypes: {16}( 0.9.2342.19200300.100.1.26 NAME 'aRecord' EQUALITY ca
seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {17}( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' EQUALITY c
aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {18}( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' EQUALITY c
aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {19}( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' EQUALITY c
aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {20}( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' EQUALITY
caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {21}( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' EQUALIT
Y caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {22}( 0.9.2342.19200300.100.1.38 NAME 'associatedName' DESC
'RFC1274: DN of entry associated with domain' EQUALITY distinguishedNameMatc
h SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
olcAttributeTypes: {23}( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' D
ESC 'RFC1274: home postal address' EQUALITY caseIgnoreListMatch SUBSTR caseIg
noreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
olcAttributeTypes: {24}( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' DESC
'RFC1274: personal title' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstring
sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {25}( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTel
ephoneNumber' ) DESC 'RFC1274: mobile telephone number' EQUALITY telephoneNum
berMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12
1.1.50 )
olcAttributeTypes: {26}( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelep
honeNumber' ) DESC 'RFC1274: pager telephone number' EQUALITY telephoneNumber
Match SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1
.50 )
olcAttributeTypes: {27}( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlyCount
ryName' ) DESC 'RFC1274: friendly country name' EQUALITY caseIgnoreMatch SUBS
TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {28}( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' DE
SC 'RFC1274: unique identifer' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.14
66.115.121.1.15{256} )
olcAttributeTypes: {29}( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus
' DESC 'RFC1274: organizational status' EQUALITY caseIgnoreMatch SUBSTR caseI
gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {30}( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' DESC '
RFC1274: Janet mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subst
ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
olcAttributeTypes: {31}( 0.9.2342.19200300.100.1.47 NAME 'mailPreferenceOption
' DESC 'RFC1274: mail preference option' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
)
olcAttributeTypes: {32}( 0.9.2342.19200300.100.1.48 NAME 'buildingName' DESC '
RFC1274: name of building' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrin
gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {33}( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' DESC 'RF
C1274: DSA Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE )
olcAttributeTypes: {34}( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality'
DESC 'RFC1274: Single Level Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SIN
GLE-VALUE )
olcAttributeTypes: {35}( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQualit
y' DESC 'RFC1274: Subtree Mininum Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.
13 SINGLE-VALUE )
olcAttributeTypes: {36}( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQualit
y' DESC 'RFC1274: Subtree Maximun Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.
13 SINGLE-VALUE )
olcAttributeTypes: {37}( 0.9.2342.19200300.100.1.53 NAME 'personalSignature' D
ESC 'RFC1274: Personal Signature (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.
23 )
olcAttributeTypes: {38}( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' DESC 'R
FC1274: DIT Redirect' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466
.115.121.1.12 )
olcAttributeTypes: {39}( 0.9.2342.19200300.100.1.55 NAME 'audio' DESC 'RFC1274
: audio (u-law)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} )
olcAttributeTypes: {40}( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' D
ESC 'RFC1274: publisher of document' EQUALITY caseIgnoreMatch SUBSTR caseIgno
reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcObjectClasses: {0}( 0.9.2342.19200300.100.4.4 NAME ( 'pilotPerson' 'newPilo
tPerson' ) SUP person STRUCTURAL MAY ( userid $ textEncodedORAddress $ rfc822
Mailbox $ favouriteDrink $ roomNumber $ userClass $ homeTelephoneNumber $ hom
ePostalAddress $ secretary $ personalTitle $ preferredDeliveryMethod $ busine
ssCategory $ janetMailbox $ otherMailbox $ mobileTelephoneNumber $ pagerTelep
honeNumber $ organizationalStatus $ mailPreferenceOption $ personalSignature
) )
olcObjectClasses: {1}( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top STRUCT
URAL MUST userid MAY ( description $ seeAlso $ localityName $ organizationNam
e $ organizationalUnitName $ host ) )
olcObjectClasses: {2}( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top STRUC
TURAL MUST documentIdentifier MAY ( commonName $ description $ seeAlso $ loca
lityName $ organizationName $ organizationalUnitName $ documentTitle $ docume
ntVersion $ documentAuthor $ documentLocation $ documentPublisher ) )
olcObjectClasses: {3}( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTURA
L MUST commonName MAY ( roomNumber $ description $ seeAlso $ telephoneNumber
) )
olcObjectClasses: {4}( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP top
STRUCTURAL MUST commonName MAY ( description $ seeAlso $ telephonenumber $ l
ocalityName $ organizationName $ organizationalUnitName ) )
olcObjectClasses: {5}( 0.9.2342.19200300.100.4.13 NAME 'domain' SUP top STRUCT
URAL MUST domainComponent MAY ( associatedName $ organizationName $ descripti
on $ businessCategory $ seeAlso $ searchGuide $ userPassword $ localityName $
stateOrProvinceName $ streetAddress $ physicalDeliveryOfficeName $ postalAdd
ress $ postalCode $ postOfficeBox $ streetAddress $ facsimileTelephoneNumber
$ internationalISDNNumber $ telephoneNumber $ teletexTerminalIdentifier $ tel
exNumber $ preferredDeliveryMethod $ destinationIndicator $ registeredAddress
$ x121Address ) )
olcObjectClasses: {6}( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' SUP d
omain STRUCTURAL MAY ( commonName $ surname $ description $ seeAlso $ telepho
neNumber $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOffi
ceBox $ streetAddress $ facsimileTelephoneNumber $ internationalISDNNumber $
telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ preferredDelivery
Method $ destinationIndicator $ registeredAddress $ x121Address ) )
olcObjectClasses: {7}( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' SUP domain
STRUCTURAL MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAME
Record ) )
olcObjectClasses: {8}( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' D
ESC 'RFC1274: an object related to an domain' SUP top AUXILIARY MUST associat
edDomain )
olcObjectClasses: {9}( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP c
ountry STRUCTURAL MUST friendlyCountryName )
olcObjectClasses: {10}( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization' SU
P ( organization $ organizationalUnit ) STRUCTURAL MAY buildingName )
olcObjectClasses: {11}( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' SUP dsa STR
UCTURAL MAY dSAQuality )
olcObjectClasses: {12}( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData'
SUP top AUXILIARY MUST dsaQuality MAY ( subtreeMinimumQuality $ subtreeMaximu
mQuality ) )
structuralObjectClass: olcSchemaConfig
entryUUID: 560647de-6a95-1032-9778-cf219862f309
creatorsName: cn=config
createTimestamp: 20130616055713Z
entryCSN: 20130616055713.639138Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20130616055713Z

106
lsexample/slapd/slapd.d/cn=config/cn=schema/cn={2}nis.ldif
View file

@ -1,106 +0,0 @@
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 e02f73e2
dn: cn={2}nis
objectClass: olcSchemaConfig
cn: {2}nis
olcAttributeTypes: {0}( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; th
e common name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc
h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {1}( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The absolut
e path to the home directory' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1
466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {2}( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path to th
e login shell' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2
6 SINGLE-VALUE )
olcAttributeTypes: {3}( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY integ
erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {4}( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {5}( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {6}( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY integerM
atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {7}( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY integer
Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {8}( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY integerM
atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {9}( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY integerMat
ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {10}( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY caseExactI
A5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.
26 )
olcAttributeTypes: {11}( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' EQUALITY ca
seExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.11
5.121.1.26 )
olcAttributeTypes: {12}( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC 'Netgr
oup triple' SYNTAX 1.3.6.1.1.1.0.0 )
olcAttributeTypes: {13}( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' EQUALITY intege
rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {14}( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' SUP name )
olcAttributeTypes: {15}( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' EQUALITY int
egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {16}( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' EQUALITY integer
Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {17}( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IP address
' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
olcAttributeTypes: {18}( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC 'IP netw
ork' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI
NGLE-VALUE )
olcAttributeTypes: {19}( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC 'IP netm
ask' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SI
NGLE-VALUE )
olcAttributeTypes: {20}( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC address'
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
olcAttributeTypes: {21}( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC 'rpc.bootp
aramd parameter' SYNTAX 1.3.6.1.1.1.0.1 )
olcAttributeTypes: {22}( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot image nam
e' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {23}( 1.3.6.1.1.1.1.26 NAME 'nisMapName' SUP name )
olcAttributeTypes: {24}( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' EQUALITY caseExac
tIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.
1.26{1024} SINGLE-VALUE )
olcObjectClasses: {0}( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Abstraction o
f an account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ uidNu
mber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $
description ) )
olcObjectClasses: {1}( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC 'Additional a
ttributes for shadow passwords' SUP top AUXILIARY MUST uid MAY ( userPassword
$ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive
$ shadowExpire $ shadowFlag $ description ) )
olcObjectClasses: {2}( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Abstraction of
a group of accounts' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY ( userPas
sword $ memberUid $ description ) )
olcObjectClasses: {3}( 1.3.6.1.1.1.2.3 NAME 'ipService' DESC 'Abstraction an I
nternet Protocol service' SUP top STRUCTURAL MUST ( cn $ ipServicePort $ ipSe
rviceProtocol ) MAY description )
olcObjectClasses: {4}( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC 'Abstraction of
an IP protocol' SUP top STRUCTURAL MUST ( cn $ ipProtocolNumber $ description
) MAY description )
olcObjectClasses: {5}( 1.3.6.1.1.1.2.5 NAME 'oncRpc' DESC 'Abstraction of an O
NC/RPC binding' SUP top STRUCTURAL MUST ( cn $ oncRpcNumber $ description ) M
AY description )
olcObjectClasses: {6}( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Abstraction of a ho
st, an IP device' SUP top AUXILIARY MUST ( cn $ ipHostNumber ) MAY ( l $ desc
ription $ manager ) )
olcObjectClasses: {7}( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Abstraction of a
n IP network' SUP top STRUCTURAL MUST ( cn $ ipNetworkNumber ) MAY ( ipNetmas
kNumber $ l $ description $ manager ) )
olcObjectClasses: {8}( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC 'Abstraction of
a netgroup' SUP top STRUCTURAL MUST cn MAY ( nisNetgroupTriple $ memberNisNe
tgroup $ description ) )
olcObjectClasses: {9}( 1.3.6.1.1.1.2.9 NAME 'nisMap' DESC 'A generic abstracti
on of a NIS map' SUP top STRUCTURAL MUST nisMapName MAY description )
olcObjectClasses: {10}( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'An entry in a
NIS map' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $ nisMapName ) MAY descri
ption )
olcObjectClasses: {11}( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'A device w
ith a MAC address' SUP top AUXILIARY MAY macAddress )
olcObjectClasses: {12}( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'A device
with boot parameters' SUP top AUXILIARY MAY ( bootFile $ bootParameter ) )
structuralObjectClass: olcSchemaConfig
entryUUID: 56066b88-6a95-1032-9779-cf219862f309
creatorsName: cn=config
createTimestamp: 20130616055713Z
entryCSN: 20130616055713.639138Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20130616055713Z

48
lsexample/slapd/slapd.d/cn=config/cn=schema/cn={3}inetorgperson.ldif
View file

@ -1,48 +0,0 @@
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 314118ac
dn: cn={3}inetorgperson
objectClass: olcSchemaConfig
cn: {3}inetorgperson
olcAttributeTypes: {0}( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'RFC279
8: vehicle license or registration plate' EQUALITY caseIgnoreMatch SUBSTR cas
eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {1}( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber' DESC '
RFC2798: identifies a department within an organization' EQUALITY caseIgnoreM
atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {2}( 2.16.840.1.113730.3.1.241 NAME 'displayName' DESC 'RFC
2798: preferred name to be used when displaying entries' EQUALITY caseIgnoreM
atch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SI
NGLE-VALUE )
olcAttributeTypes: {3}( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber' DESC 'RF
C2798: numerically identifies an employee within an organization' EQUALITY ca
seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.12
1.1.15 SINGLE-VALUE )
olcAttributeTypes: {4}( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC 'RFC2
798: type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR caseIgn
oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {5}( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC 'RFC2
798: a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
olcAttributeTypes: {6}( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage' DESC
'RFC2798: preferred written or spoken language for a person' EQUALITY caseIg
noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.
15 SINGLE-VALUE )
olcAttributeTypes: {7}( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate' D
ESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' SYNTAX 1.3.6.1.4.1.14
66.115.121.1.5 )
olcAttributeTypes: {8}( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC 'RFC2
798: personal identity information, a PKCS #12 PFX' SYNTAX 1.3.6.1.4.1.1466.1
15.121.1.5 )
olcObjectClasses: {0}( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RFC2
798: Internet Organizational Person' SUP organizationalPerson STRUCTURAL MAY
( audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ em
ployeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ ini
tials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo
$ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ pre
ferredLanguage $ userSMIMECertificate $ userPKCS12 ) )
structuralObjectClass: olcSchemaConfig
entryUUID: 56068406-6a95-1032-977a-cf219862f309
creatorsName: cn=config
createTimestamp: 20130616055713Z
entryCSN: 20130616055713.639138Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20130616055713Z

157
lsexample/slapd/slapd.d/cn=config/cn=schema/cn={4}samba.ldif
View file

@ -1,157 +0,0 @@
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 e8bb6371
dn: cn={4}samba
objectClass: olcSchemaConfig
cn: {4}samba
olcAttributeTypes: {0}( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC 'L
anManager Password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1
21.1.26{32} SINGLE-VALUE )
olcAttributeTypes: {1}( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC 'M
D4 hash of the unicode password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4
.1.1466.115.121.1.26{32} SINGLE-VALUE )
olcAttributeTypes: {2}( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC 'Ac
count Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
{16} SINGLE-VALUE )
olcAttributeTypes: {3}( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' DESC 'T
imestamp of the last password update' EQUALITY integerMatch SYNTAX 1.3.6.1.4.
1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {4}( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange' DESC
'Timestamp of when the user is allowed to update the password' EQUALITY integ
erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {5}( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' DESC
'Timestamp of when the password will expire' EQUALITY integerMatch SYNTAX 1.
3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {6}( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime' DESC 'Ti
mestamp of last logon' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.
1.27 SINGLE-VALUE )
olcAttributeTypes: {7}( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' DESC 'T
imestamp of last logoff' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.12
1.1.27 SINGLE-VALUE )
olcAttributeTypes: {8}( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' DESC '
Timestamp of when the user will be logged off automatically' EQUALITY integer
Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {9}( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount' D
ESC 'Bad password attempt count' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.146
6.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {10}( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime' D
ESC 'Time of the last bad password attempt' EQUALITY integerMatch SYNTAX 1.3.
6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {11}( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' DESC '
Logon Hours' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
{42} SINGLE-VALUE )
olcAttributeTypes: {12}( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' DESC 'D
river letter of home directory mapping' EQUALITY caseIgnoreIA5Match SYNTAX 1.
3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
olcAttributeTypes: {13}( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript' DESC
'Logon script path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.
1.15{255} SINGLE-VALUE )
olcAttributeTypes: {14}( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' DESC
'Roaming profile path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.1
21.1.15{255} SINGLE-VALUE )
olcAttributeTypes: {15}( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations'
DESC 'List of user workstations the user is allowed to logon to' EQUALITY cas
eIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
olcAttributeTypes: {16}( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath' DESC 'Ho
me directory UNC path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.1
21.1.15{128} )
olcAttributeTypes: {17}( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' DESC '
Windows NT domain to which the user belongs' EQUALITY caseIgnoreMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15{128} )
olcAttributeTypes: {18}( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' DESC '
' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
olcAttributeTypes: {19}( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' D
ESC 'Concatenated MD4 hashes of the unicode passwords used on this account' E
QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} )
olcAttributeTypes: {20}( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Securit
y ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SI
NGLE-VALUE )
olcAttributeTypes: {21}( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID' D
ESC 'Primary Group Security ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.
1.1466.115.121.1.26{64} SINGLE-VALUE )
olcAttributeTypes: {22}( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList' DESC 'Sec
urity ID List' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.
26{64} )
olcAttributeTypes: {23}( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' DESC 'N
T Group Type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING
LE-VALUE )
olcAttributeTypes: {24}( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid' DESC
'Next NT rid to give our for users' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.
1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {25}( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid' DESC
'Next NT rid to give out for groups' EQUALITY integerMatch SYNTAX 1.3.6.1.4.
1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {26}( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid' DESC 'Nex
t NT rid to give out for anything' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1
466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {27}( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase
' DESC 'Base at which the samba RID generation algorithm should operate' EQUA
LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {28}( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName' DESC 'S
hare Name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SING
LE-VALUE )
olcAttributeTypes: {29}( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName' DESC '
Option Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {30}( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption' DESC '
A boolean option' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 S
INGLE-VALUE )
olcAttributeTypes: {31}( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption' DES
C 'An integer option' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1
.27 SINGLE-VALUE )
olcAttributeTypes: {32}( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption' DESC
'A string option' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121
.1.26 SINGLE-VALUE )
olcAttributeTypes: {33}( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption'
DESC 'A string list option' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.
115.121.1.15 )
olcAttributeTypes: {34}( 1.3.6.1.4.1.7165.2.1.50 NAME 'sambaPrivName' SUP name
)
olcAttributeTypes: {35}( 1.3.6.1.4.1.7165.2.1.52 NAME 'sambaPrivilegeList' DES
C 'Privileges List' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1
21.1.26{64} )
olcAttributeTypes: {36}( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags' DESC '
Trust Password Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115
.121.1.26 )
olcObjectClasses: {0}( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' DESC 'Sam
ba 3.0 Auxilary SAM Account' SUP top AUXILIARY MUST ( uid $ sambaSID ) MAY (
cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ sambaLogonTime $ s
ambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $ sambaPwdMustChange $
sambaAcctFlags $ displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScr
ipt $ sambaProfilePath $ description $ sambaUserWorkstations $ sambaPrimaryGr
oupSID $ sambaDomainName $ sambaMungedDial $ sambaBadPasswordCount $ sambaBad
PasswordTime $ sambaPasswordHistory $ sambaLogonHours ) )
olcObjectClasses: {1}( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' DESC 'S
amba Group Mapping' SUP top AUXILIARY MUST ( gidNumber $ sambaSID $ sambaGrou
pType ) MAY ( displayName $ description $ sambaSIDList ) )
olcObjectClasses: {2}( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' DESC
'Samba Trust Password' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaNTPas
sword $ sambaTrustFlags ) MAY ( sambaSID $ sambaPwdLastSet ) )
olcObjectClasses: {3}( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' DESC 'Samba D
omain Information' SUP top AUXILIARY MUST ( sambaDomainName $ sambaSID ) MAY
( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithmicRidBa
se ) )
olcObjectClasses: {4}( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' DESC 'Poo
l for allocating UNIX uids/gids' SUP top AUXILIARY MUST ( uidNumber $ gidNumb
er ) )
olcObjectClasses: {5}( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' DESC 'Map
ping from a SID to an ID' SUP top AUXILIARY MUST sambaSID MAY ( uidNumber $ g
idNumber ) )
olcObjectClasses: {6}( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' DESC 'Struc
tural Class for a SID' SUP top STRUCTURAL MUST sambaSID )
olcObjectClasses: {7}( 1.3.6.1.4.1.7165.1.2.2.10 NAME 'sambaConfig' DESC 'Samb
a Configuration Section' SUP top AUXILIARY MAY description )
olcObjectClasses: {8}( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' DESC 'Samba S
hare Section' SUP top STRUCTURAL MUST sambaShareName MAY description )
olcObjectClasses: {9}( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' DESC '
Samba Configuration Option' SUP top STRUCTURAL MUST sambaOptionName MAY ( sam
baBoolOption $ sambaIntegerOption $ sambaStringOption $ sambaStringListoption
$ description ) )
olcObjectClasses: {10}( 1.3.6.1.4.1.7165.2.2.13 NAME 'sambaPrivilege' DESC 'Sa
mba Privilege' SUP top AUXILIARY MUST sambaSID MAY sambaPrivilegeList )
structuralObjectClass: olcSchemaConfig
entryUUID: 5606a71a-6a95-1032-977b-cf219862f309
creatorsName: cn=config
createTimestamp: 20130616055713Z
entryCSN: 20130616055713.639138Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20130616055713Z

39
lsexample/slapd/slapd.d/cn=config/cn=schema/cn={5}lsexample.ldif
View file

@ -1,39 +0,0 @@
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 5c6a815f
dn: cn={5}lsexample
objectClass: olcSchemaConfig
cn: {5}lsexample
olcObjectIdentifier: {0}EeRoot 1.3.6.1.4.1.10650
olcObjectIdentifier: {1}LeRoot EeRoot:4
olcObjectIdentifier: {2}LsRoot LeRoot:10000
olcObjectIdentifier: {3}LsLDAP LsRoot:2
olcObjectIdentifier: {4}LsLDAPAttribute LsLDAP:1
olcObjectIdentifier: {5}LsLDAPObjectClass LsLDAP:2
olcAttributeTypes: {0}( LsLDAPAttribute:1 NAME 'lsAllowedServices' DESC 'List
of allowed services' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatc
h SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {1}( LsLDAPAttribute:2 NAME 'lsRecoveryHash' DESC 'Password
Recover Hash' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
)
olcAttributeTypes: {2}( LsLDAPAttribute:3 NAME 'lsGodfatherDn' DESC 'Godfather
dn of this entry' SUP distinguishedName )
olcObjectClasses: {0}( LsLDAPObjectClass:1 NAME 'lspeople' DESC 'LS people Obj
ectclass' STRUCTURAL MUST ( uid $ cn ) MAY ( jpegPhoto $ sn $ givenName $ pos
talAddress $ postalCode $ l $ st $ c $ telephoneNumber $ mobile $ fax $ mail
$ personalTitle $ description $ userPassword $ lsallowedservices $ lsRecovery
Hash $ lsGodfatherDn ) )
olcObjectClasses: {1}( LsLDAPObjectClass:3 NAME 'lsgroup' DESC 'LS group Objec
tclass' AUXILIARY MUST cn MAY ( uniquemember $ description $ lsGodfatherDn )
)
olcObjectClasses: {2}( LsLDAPObjectClass:4 NAME 'lssysaccount' DESC 'LS system
account Objectclass' STRUCTURAL MUST uid MAY ( userpassword $ description )
)
olcObjectClasses: {3}( LsLDAPObjectClass:5 NAME 'lscompany' SUP organizational
Unit STRUCTURAL MUST ou MAY ( description $ lsGodfatherDn ) )
structuralObjectClass: olcSchemaConfig
entryUUID: 076f2732-6a9d-1032-82eb-95e24cffa2a0
creatorsName: cn=config
createTimestamp: 20130616065217Z
entryCSN: 20130616065217.757414Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20130616065217Z

20
lsexample/slapd/slapd.d/cn=config/olcDatabase={-1}frontend.ldif
View file

@ -1,20 +0,0 @@
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 c50de41a
dn: olcDatabase={-1}frontend
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 0
olcReadOnly: FALSE
olcSchemaDN: cn=Subschema
olcSyncUseSubentry: FALSE
olcMonitoring: FALSE
structuralObjectClass: olcDatabaseConfig
entryUUID: 5606cc0e-6a95-1032-977d-cf219862f309
creatorsName: cn=config
createTimestamp: 20130616055713Z
entryCSN: 20130616055713.639138Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20130616055713Z

16
lsexample/slapd/slapd.d/cn=config/olcDatabase={0}config.ldif
View file

@ -1,16 +0,0 @@
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 96dac74f
dn: olcDatabase={0}config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external
,cn=auth manage by * break
olcRootDN: cn=admin,cn=config
structuralObjectClass: olcDatabaseConfig
entryUUID: 6db4d93a-6a91-1032-8cb8-d5eaa14a6b52
creatorsName: cn=config
createTimestamp: 20130616052915Z
olcRootPW:: dG90bw==
entryCSN: 20130616061517.456231Z#000000#000#000000
modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
modifyTimestamp: 20130616061517Z

97
lsexample/slapd/slapd.d/cn=config/olcDatabase={1}hdb.ldif
View file

@ -1,97 +0,0 @@
# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
# CRC32 4ba4a558
dn: olcDatabase={1}hdb
objectClass: olcDatabaseConfig
objectClass: olcHdbConfig
olcDatabase: {1}hdb
olcSuffix: o=ls
olcAccess: {0}to dn.regex="^o=ls$" attrs=entry,children,objectclass by group
/lsgroup/uniqueMember.exact="cn=adminldap,ou=groups,o=ls" write by dn.base="
uid=ldapsaisie,ou=sysaccounts,o=ls" write by users read by * read
olcAccess: {1}to dn.regex="^ou=groups,o=ls$" attrs=children,objectclass by g
roup/lsgroup/uniqueMember.exact="cn=adminldap,ou=groups,o=ls" write by dn.ba
se="uid=ldapsaisie,ou=sysaccounts,o=ls" write by users read by * none
olcAccess: {2}to dn.regex="^cn=[^,]+,ou=groups,o=ls$" attrs=entry,objectclass
by group/lsgroup/uniqueMember.exact="cn=adminldap,ou=groups,o=ls" write by
dn.base="uid=ldapsaisie,ou=sysaccounts,o=ls" write by users read by * none
olcAccess: {3}to dn.regex="^cn=[^,]+,ou=groups,o=ls$" by group/lsgroup/unique
Member.exact="cn=adminldap,ou=groups,o=ls" write by dn.base="uid=ldapsaisie,
ou=sysaccounts,o=ls" write by users read by * none
olcAccess: {4}to dn.regex="^ou=people,o=ls$" attrs=children,objectclass by g
roup/lsgroup/uniqueMember.exact="cn=adminldap,ou=groups,o=ls" write by dn.ba
se="uid=ldapsaisie,ou=sysaccounts,o=ls" write by users read by * read
olcAccess: {5}to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs=entry,objectclas
s by group/lsgroup/uniqueMember.exact="cn=adminldap,ou=groups,o=ls" write b
y dn.base="uid=ldapsaisie,ou=sysaccounts,o=ls" write by users read by * rea
d
olcAccess: {6}to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs=userPassword by
group/lsgroup/uniqueMember.exact="cn=adminldap,ou=groups,o=ls" write by dn.
base="uid=samba,ou=sysaccounts,o=ls" write by dn.base="uid=ldapsaisie,ou=sys
accounts,o=ls" write by self write by anonymous auth by * none
olcAccess: {7}to dn.regex="^uid=[^,]+,ou=sysaccounts,o=ls$" attrs=userPasswor
d by group/lsgroup/uniqueMember.exact="cn=adminldap,ou=groups,o=ls" write b
y dn.base="uid=ldapsaisie,ou=sysaccounts,o=ls" write by anonymous auth by *
none
olcAccess: {8}to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs=uid,lsallowedser
vices,uidNumber,gidNumber,homeDirectory,loginShell,sambaSID,sambaAcctFlags,sa
mbaPrimaryGroupSID by group/lsgroup/uniqueMember.exact="cn=adminldap,ou=grou
ps,o=ls" write by dn.base="uid=ldapsaisie,ou=sysaccounts,o=ls" write by use
rs read by * none
olcAccess: {9}to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs=sambaLMPassword,
sambaNTPassword by group/lsgroup/uniqueMember.exact="cn=adminldap,ou=groups,
o=ls" write by dn.base="uid=ldapsaisie,ou=sysaccounts,o=ls" write by dn.bas
e="uid=samba,ou=sysaccounts,o=ls" write by self write by * none
olcAccess: {10}to dn.regex="^uid=[^,]+,ou=people,o=ls$" attrs=c,cn,jpegPhoto,
personalTitle,sn,givenName,postalAddress,postalCode,l,st,telephoneNumber,mobi
le,fax,mail,description by group/lsgroup/uniqueMember.exact="cn=adminldap,ou
=groups,o=ls" write by dn.base="uid=ldapsaisie,ou=sysaccounts,o=ls" write b
y self write by users read by * read
olcAccess: {11}to attrs=entry by group/lsgroup/uniqueMember.exact="cn=adminld
ap,ou=groups,o=ls" write by dn.base="uid=ldapsaisie,ou=sysaccounts,o=ls" wri
te by users read by * none
olcAccess: {12}to * by group/lsgroup/uniqueMember.exact="cn=adminldap,ou=grou
ps,o=ls" write by dn.base="uid=ldapsaisie,ou=sysaccounts,o=ls" write by * n
one
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcSyncUseSubentry: FALSE
olcMonitoring: FALSE
olcDbDirectory: /var/lib/ldap
olcDbCacheSize: 1000
olcDbCheckpoint: 512 30
olcDbConfig: {0}set_cachesize 0 2097152 0
olcDbConfig: {1}set_lk_max_objects 1500
olcDbConfig: {2}set_lk_max_locks 1500
olcDbConfig: {3}set_lk_max_lockers 1500
olcDbNoSync: FALSE
olcDbDirtyRead: FALSE
olcDbIDLcacheSize: 0
olcDbIndex: objectClass eq
olcDbIndex: cn eq,approx,sub
olcDbIndex: uid eq,approx,sub
olcDbIndex: uidNumber eq
olcDbIndex: gidNumber eq
olcDbIndex: sambaSID eq
olcDbIndex: lsAllowedServices eq
olcDbIndex: lsGodfatherDn eq
olcDbIndex: uniqueMember eq
olcDbIndex: sambaDomainName eq
olcDbIndex: memberUid eq
olcDbIndex: givenName eq,approx,sub
olcDbIndex: sn eq,approx,sub
olcDbIndex: mail eq,approx,sub
olcDbLinearIndex: FALSE
olcDbMode: 0600
olcDbSearchStack: 16
olcDbShmKey: 0
olcDbCacheFree: 1
olcDbDNcacheSize: 0
structuralObjectClass: olcHdbConfig
entryUUID: a17059aa-6aa2-1032-8f84-37b4f3699116
creatorsName: cn=config
createTimestamp: 20130616073223Z
entryCSN: 20130616073223.616056Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20130616073223Z

56
src/conf/LSaddons/config.LSaddons.dyngroup.php Normal file
View file

@ -0,0 +1,56 @@
<?php
/*******************************************************************************
* Copyright (C) 2021 Easter-eggs
* https://ldapsaisie.org
*
* Author: See AUTHORS file in top-level directory.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
******************************************************************************/
/*
***********************************************
* Dynamic group configuration
***********************************************
*/
// Dynamic group object type
define('DYNGROUP_OBJECT_TYPE', 'LSdyngroup');
/*
* Members DN attributes
*/
// Members DN URI attribute
define('DYNGROUP_MEMBER_DN_URI_ATTRIBUTE', 'lsDynGroupMemberDnURI');
// Members DN attribute
define('DYNGROUP_MEMBER_DN_ATTRIBUTE', 'lsDynGroupMemberDn');
// Members DN static attribute
define('DYNGROUP_MEMBER_DN_STATIC_ATTRIBUTE', 'uniqueMember');
/*
* Members UID attributes
*/
// Members UID URI attribute
define('DYNGROUP_MEMBER_UID_URI_ATTRIBUTE', 'lsDynGroupMemberUidURI');
// Members UID attribute
define('DYNGROUP_MEMBER_UID_ATTRIBUTE', 'lsDynGroupMemberUid');
// Members UID static attribute
define('DYNGROUP_MEMBER_UID_STATIC_ATTRIBUTE', 'memberUid');

362
src/conf/LSobjects/config.LSobjects.LSdyngroup.php Normal file
View file

@ -0,0 +1,362 @@
<?php
/*******************************************************************************
* Copyright (C) 2007 Easter-eggs
* https://ldapsaisie.org
*
* Author: See AUTHORS file in top-level directory.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
******************************************************************************/
$GLOBALS['LSobjects']['LSdyngroup'] = array (
'objectclass' => array(
'LSdyngroup',
'posixGroup',
),
'rdn' => 'cn',
'container_dn' => 'ou=dyngroups',
'container_auto_create' => array(
'objectclass' => array(
'top',
'organizationalUnit',
),
'attrs' => array(
'ou' => 'dyngroups',
),
),
'display_name_format' => '%{cn}',
'label' => 'Dynamic groups',
'customActions' => array (
'showTechInfo' => array (
'function' => 'showTechInfo',
'label' => 'Show technical information',
'hideLabel' => True,
'noConfirmation' => true,
'disableOnSuccessMsg' => true,
'icon' => 'tech_info',
'rights' => array (
'admin',
),
),
'updateDynGroupMembersCache' => array (
'function' => 'updateDynGroupMembersCache',
'label' => 'Update members cache',
'question_format' => 'Are you sure you want to update members cache of this dynamic group ?',
'onSuccessMsgFormat' => 'Members cache updated.',
'icon' => 'refresh',
'rights' => array (
'admin',
),
),
),
'LSsearch' => array (
'attrs' => array (
'cn',
'gidNumber' => array (
'searchLSformat' => '(gidNumber=%{pattern})',
'approxLSformat' => '(gidNumber=%{pattern})',
),
'description',
),
'params' => array (
'sortBy' => 'displayName'
),
'customActions' => array (
'updateDynGroupsMembersCache' => array (
'function' => 'updateDynGroupsMembersCache',
'label' => 'Update members cache',
'question_format' => 'Are you sure you want to update members cache of all dynamic groups <small>(could be quite long)</small> ?',
'onSuccessMsgFormat' => 'Dynamic groups members cache updated.',
'icon' => 'refresh',
'rights' => array (
'admin',
),
),
),
),
'after_delete' => 'updateGroupMembersAllowedServices',
'after_create' => 'updateDynGroupMembersCache',
'attrs' => array (
/* ----------- start -----------*/
'cn' => array (
'label' => 'Name',
'ldap_type' => 'ascii',
'html_type' => 'text',
'required' => 1,
'check_data' => array (
'alphanumeric' => array(
'msg' => 'Name must contain alphanumeric values only.',
),
),
'validation' => array (
array (
'filter' => 'cn=%{val}',
'result' => 0,
),
),
'view' => 1,
'rights' => array(
'user' => 'r',
'admin' => 'w',
'godfather' => 'r',
),
'form' => array (
'modify' => 1,
'create' => 1,
),
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'gidNumber' => array (
'label' => 'Identifier',
'ldap_type' => 'numeric',
'html_type' => 'text',
'required' => 1,
'generate_function' => 'generate_samba_gidNumber',
'validation' => array (
array (
'filter' => 'gidNumber=%{val}',
'result' => 0,
),
),
'view' => 1,
'rights' => array(
'user' => 'r',
'admin' => 'w',
),
'form' => array (
'modify' => 1,
),
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'lsDynGroupMemberDnURI' => array (
'label' => 'Member search URI',
'help_info' => "<p>LDAP search URI or group members. A LDAP search URI is composed of the following parts separated by semicolons :<ul>
<li>The LDAP URI in format <code>ldap://[host]/[base DN]</code>. For instance, to make a request on the same LDAP server, use <code>ldap:///o=ls</code></li>
<li>The retreived attributes (separated by coma, optional)</li>
<li>The search scope (<code>base</code>, <code>one</code> or <code>sub</code>)</li>
<li>The LDAP filter (optional, default : <code>(objectClass=*)</code>)</li>
</ul></p><p><strong>Example :</strong> <code>ldap:///ou=people,o=ls??one?(&(objectClass=lspeople)(mail=*@ls.com))</code></p>",
'ldap_type' => 'ascii',
'html_type' => 'textarea',
'required' => 0,
'default_value' => 'ldap:///ou=people,o=ls??one?(objectClass=lspeople)',
'check_data' => array (
'ldapSearchURI' => array(
'msg' => "Invalid LDAP search URI.",
),
),
'view' => 1,
'rights' => array(
'admin' => 'w',
),
'form' => array (
'modify' => 1,
'create' => 1,
),
'dependAttrs' => array(
'lsDynGroupMemberUidURI'
),
'after_modify' => array(
'updateGroupMembersAllowedServices',
'updateDynGroupMembersCache',
),
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'lsDynGroupMemberUidURI' => array (
'label' => 'Member search URI (UID)',
'ldap_type' => 'ascii',
'html_type' => 'textarea',
'required' => 0,
'generate_function' => 'generateDyngroupMemberUidURI',
'rights' => array(
'admin' => 'w',
),
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'lsDynGroupMemberDn' => array (
'label' => 'Members',
'ldap_type' => 'ascii',
'html_type' => 'select_object',
'html_options' => array(
'selectable_object' => array(
'object_type' => 'LSpeople',
'display_name_format' => '%{cn} (%{dn})',
'value_attribute' => 'dn',
),
),
'required' => 0,
'multiple' => 1,
'view' => 1,
'rights' => array(
'user' => 'r',
'admin' => 'w',
'godfather' => 'w',
),
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'lsDynGroupMemberUid' => array (
'label' => 'Members UID',
'ldap_type' => 'ascii',
'html_type' => 'select_object',
'html_options' => array(
'selectable_object' => array(
'object_type' => 'LSpeople',
'display_name_format' => '%{cn} (%{uid})',
'value_attribute' => 'uid',
)
),
'required' => 0,
'multiple' => 1,
'view' => 1,
'rights' => array(
'user' => 'r',
'admin' => 'w',
'godfather' => 'w',
),
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'uniqueMember' => array (
'label' => 'Members (cache)',
'ldap_type' => 'ascii',
'html_type' => 'select_object',
'html_options' => array(
'selectable_object' => array(
array(
'object_type' => 'LSpeople',
'display_name_format' => '%{cn} (%{dn})',
'value_attribute' => 'dn',
),
),
'ordered' => true,
),
'required' => 0,
'multiple' => 1,
'validation' => array (
array (
'object_type' => 'LSpeople',
'basedn' => '%{val}',
'result' => 1,
),
),
'view' => 1,
'rights' => array(
'admin' => 'w',
'admingroup' => 'w',
'godfather' => 'w',
),
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'memberUid' => array (
'label' => 'Members UID (cache)',
'ldap_type' => 'ascii',
'html_type' => 'select_object',
'html_options' => array(
'selectable_object' => array(
array(
'object_type' => 'LSpeople',
'display_name_format' => '%{cn} (%{uid})',
'value_attribute' => 'uid',
),
),
'ordered' => true,
),
'required' => 0,
'multiple' => 1,
'validation' => array (
array (
'object_type' => 'LSpeople',
'filter' => '(uid=%{val})',
'result' => 1,
),
),
'view' => 1,
'rights' => array(
'admin' => 'w',
'admingroup' => 'w',
'godfather' => 'w',
),
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'description' => array (
'label' => 'Description',
'ldap_type' => 'ascii',
'html_type' => 'textarea',
'multiple' => 1,
'rights' => array(
'user' => 'r',
'admin' => 'w',
'godfather' => 'r',
),
'view' => 1,
'form' => array (
'modify' => 1,
'create' => 1,
),
),
/* ----------- end -----------*/
/* ----------- start -----------*/
'lsGodfatherDn' => array (
'label' => 'Accountable(s)',
'ldap_type' => 'ascii',
'html_type' => 'select_object',
'html_options' => array (
'selectable_object' => array(
'object_type' => 'LSpeople',
'value_attribute' => 'dn',
),
),
'validation' => array (
array (
'basedn' => '%{val}',
'result' => 1,
'msg' => "One or several of these users don't exist.",
),
),
'multiple' => 0,
'rights' => array(
'admin' => 'w',
),
'view' => 1,
'form' => array (
'modify' => 1,
'create' => 1,
),
),
/* ----------- end -----------*/
),
);

39
src/conf/LSobjects/config.LSobjects.LSpeople.php
View file

@ -148,6 +148,17 @@ $GLOBALS['LSobjects']['LSpeople'] = array (
'admingroup' => 'w',
),
),
'dyngroups' => array(
'label' => 'Belongs to dynamic groups ...',
'emptyText' => "Doesn't belong to any dynamic group.",
'LSobject' => "LSdyngroup",
'linkAttribute' => "uniqueMember",
'linkAttributeValue' => "dn",
'rights' => array(
'self' => 'r',
'admin' => 'r',
),
),
'godfather' => array(
'label' => 'Godfather of ...',
'emptyText' => "Doesn't sponsor any user.",
@ -160,6 +171,30 @@ $GLOBALS['LSobjects']['LSpeople'] = array (
'admingroup' => 'w',
),
),
'group_godfather' => array(
'label' => 'Godfather of groups ...',
'emptyText' => "Doesn't sponsor any group.",
'LSobject' => "LSgroup",
'linkAttribute' => "lsGodfatherDn",
'linkAttributeValue' => "dn",
'rights' => array(
'self' => 'r',
'admin' => 'w',
'admingroup' => 'w',
),
),
'dyngroup_godfather' => array(
'label' => 'Godfather of dynamic groups ...',
'emptyText' => "Doesn't sponsor any dynamic group.",
'LSobject' => "LSdyngroup",
'linkAttribute' => "lsGodfatherDn",
'linkAttributeValue' => "dn",
'rights' => array(
'self' => 'r',
'admin' => 'w',
'admingroup' => 'w',
),
),
),
// LSform
@ -278,6 +313,10 @@ $GLOBALS['LSobjects']['LSpeople'] = array (
),
),
'after_create' => 'triggerUpdateDynGroupsMembersCacheOnUserCreateOrDelete',
'after_modify' => 'triggerUpdateDynGroupsMembersCacheOnUserModify',
'after_delete' => 'triggerUpdateDynGroupsMembersCacheOnUserCreateOrDelete',
// Attributes
'attrs' => array_merge($GLOBALS['pwdPolicyAccountAttrs'], array (

1
src/conf/config.LSaddons.php
View file

@ -25,6 +25,7 @@ $GLOBALS['LSaddons']['loads'] = array (
'posix',
'ftp',
'maildir',
'dyngroup',
'showTechInfo',
'LSaccessRightsMatrixView',
);

1
src/conf/config.inc.php
View file

@ -96,6 +96,7 @@ $GLOBALS['LSconfig'] = array(
'LSaccess' => array(
'LSpeople',
'LSgroup',
'LSdyngroup',
'LSsysaccount',
'pwdPolicy',
),

359
src/includes/addons/LSaddons.dyngroup.php Normal file
View file

@ -0,0 +1,359 @@
<?php
/*******************************************************************************
* Copyright (C) 2021 Easter-eggs
* https://ldapsaisie.org
*
* Author: See AUTHORS file in top-level directory.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
******************************************************************************/
// Error messages
// Support
LSerror :: defineError('DYNGROUP_SUPPORT_01',
___("Dynamic groups support: The constant %{const} is not defined.")
);
LSerror :: defineError('DYNGROUP_SUPPORT_02',
___("Dynamic groups support: You must at least define all constantes of dynamic groups's by DN or by UID.")
);
LSerror :: defineError('DYNGROUP_01',
___("Dynamic groups: The attribute %{dependency} is missing. Unable to forge the attribute %{attr}.")
);
LSerror :: defineError('DYNGROUP_02',
___("Dynamic groups: Fail to parse %{attr} value : invalid number of parts.")
);
/**
* Check dyngroup support by ldapSaisie
*
* @author Benjamin Renard <brenard@easter-eggs.com>
*
* @retval boolean true if dyngroup are fully supported, false otherwise
*/
function LSaddon_dyngroup_support() {
$retval = true;
$MUST_DEFINE_CONST = array(
'DYNGROUP_OBJECT_TYPE',
);
foreach($MUST_DEFINE_CONST as $const) {
if ( !defined($const) || !constant($const) ) {
LSerror :: addErrorCode('DYNGROUP_SUPPORT_01', $const);
$retval = false;
}
}
if (
!(constant('DYNGROUP_MEMBER_DN_URI_ATTRIBUTE') && constant('DYNGROUP_MEMBER_DN_ATTRIBUTE') && constant('DYNGROUP_MEMBER_DN_STATIC_ATTRIBUTE')) &&
!(constant('DYNGROUP_MEMBER_UID_URI_ATTRIBUTE') && constant('DYNGROUP_MEMBER_UID_ATTRIBUTE') && constant('DYNGROUP_MEMBER_UID_STATIC_ATTRIBUTE'))
) {
LSerror :: addErrorCode('DYNGROUP_SUPPORT_02');
$retval = false;
}
if ($retval && php_sapi_name() == 'cli') {
LScli :: add_command(
'update_dyngroups_members_cache',
'cli_updateDynGroupsMembersCache',
'Update dynamic groups members cache'
);
}
return $retval;
}
/*
* Parse LDAP search URI
*
* @param[in] $uri string The LDAP search URI to parse
*
* @retval array|false Array of parsed LDAP search URI info, or false
*/
function parseLdapSearchURI($uri) {
$uri_parts = explode('?', $uri);
if (count($uri_parts) < 2) {
return false;
}
return array (
'ldap_base_uri' => $uri_parts[0],
'requested_attributes' => $uri_parts[1],
'scope' => (isset($uri_parts[2])?$uri_parts[2]:null),
'filter' => (isset($uri_parts[3])?$uri_parts[3]:null),
);
}
/*
* Extract attributes cited in an LDAP filter string
*
* @param[in] $filter string The LDAP filter string
*
* @retval array|false Array of the attributes cited in the LDAP filter string, or false
*/
function extractAttributesFromLdapFilterString($filter) {
if ($filter[0] != '(')
$filter = "($filter)";
if (!preg_match_all('#\((?P<attr>[a-z0-9]+)(?P<op>[~<>]?=)(?P<value>[^\)]+)\)#i', $filter, $parts))
return false;
return $parts['attr'];
}
/**
* Generate dyngroup memberUid URI attribute value from memberDN URI attribute
*
* @author Benjamin Renard <brenard@easter-eggs.com>
*
* @param[in] $ldapObject The LSldapObject
*
* @retval array|null array of memberUid URI attribute values or null in case of error
*/
function generateDyngroupMemberUidURI($ldapObject) {
if (!isset($ldapObject -> attrs[ DYNGROUP_MEMBER_DN_URI_ATTRIBUTE ])) {
LSerror :: addErrorCode(
'DYNGROUP_01',
array('dependency' => DYNGROUP_MEMBER_DN_URI_ATTRIBUTE, 'attr' => DYNGROUP_MEMBER_UID_URI_ATTRIBUTE)
);
return;
}
$dn_uri = $ldapObject -> attrs[ DYNGROUP_MEMBER_DN_URI_ATTRIBUTE ] -> getValue();
if (empty($dn_uri))
return;
$uri_parts = explode('?', $dn_uri[0]);
if (count($uri_parts) < 2) {
LSerror :: addErrorCode('DYNGROUP_02', DYNGROUP_MEMBER_DN_URI_ATTRIBUTE);
return;
}
$uri_parts[1] = 'uid';
return array(
implode('?', $uri_parts)
);
}
/**
* Update dyngroup cache members attributes
*
* @author Benjamin Renard <brenard@easter-eggs.com>
*
* @param[in] $dyngroup The LSldapObject
*
* @retval boolean True on success, False otherwise
*/
function updateDynGroupMembersCache($dyngroup, $reload=true) {
if ($reload && !$dyngroup -> reloadData()) {
LSlog :: get_logger('LSaddon_dyngroup') -> error("Fail to reload $dyngroup data");
return false;
}
$attrs_map = array(
'DYNGROUP_MEMBER_DN_ATTRIBUTE' => 'DYNGROUP_MEMBER_DN_STATIC_ATTRIBUTE',
'DYNGROUP_MEMBER_UID_ATTRIBUTE' => 'DYNGROUP_MEMBER_UID_STATIC_ATTRIBUTE'
);
$old_attrs = array();
$attrs = array();
foreach ($attrs_map as $src_attr => $dst_attr) {
$src_attr = constant($src_attr);
$dst_attr = constant($dst_attr);
if (!$src_attr || !$dst_attr)
continue;
LSlog :: get_logger('LSaddon_dyngroup') -> trace(
"updateDynGroupMembersCache($dyngroup): update attribute '$dst_attr' from '$dst_attr'"
);
$old_attrs[$dst_attr] = $dyngroup -> getValue($dst_attr, false, array());
ksort($old_attrs[$dst_attr]);
$attrs[$dst_attr] = $dyngroup -> getValue($src_attr, false, array());
ksort($attrs[$dst_attr]);
}
if ($attrs == $old_attrs) {
LSlog :: get_logger('LSaddon_dyngroup') -> debug(
"updateDynGroupMembersCache($dyngroup): no member change"
);
return true;
}
LSlog :: get_logger('LSaddon_dyngroup') -> debug(
"updateDynGroupMembersCache($dyngroup): change detected:\n - Current: ".varDump($old_attrs).
"\n\n - New: ".varDump($attrs)
);
if (!$old_attrs) {
LSlog :: get_logger('LSaddon_dyngroup') -> error(
"updateDynGroupMembersCache($dyngroup): No member attribute defined !"
);
return false;
}
if (!LSldap :: update(DYNGROUP_OBJECT_TYPE, $dyngroup -> getDn(), $attrs)) {
LSlog :: get_logger('LSaddon_dyngroup') -> error("Fail to update $dyngroup cache members attributes");
return false;
}
LSlog :: get_logger('LSaddon_dyngroup') -> debug(
"updateDynGroupMembersCache($dyngroup): cache members attributes updated"
);
return true;
}
function updateDynGroupsMembersCache() {
if (!LSsession :: loadLSobject(DYNGROUP_OBJECT_TYPE))
LSlog :: get_logger('LSaddon_dyngroup') -> fatal('Fail to load dyngroup object type');
// List dyn groups
$dyngroup_class = constant('DYNGROUP_OBJECT_TYPE');
$dyngroup = new $dyngroup_class();
$error = false;
foreach($dyngroup -> listObjects(null, null, array('withoutCache' => true)) as $group) {
if (!updateDynGroupMembersCache($group, false))
$error = true;
}
return !$error;
}
function triggerUpdateDynGroupsMembersCacheOnUserModify($user) {
$changed_attrs = array();
foreach($user -> attrs as $attr_name => $attr) {
if ($attr -> isUpdate())
$changed_attrs[] = strtolower($attr_name);
}
if (!$changed_attrs) {
LSlog :: get_logger('LSaddon_dyngroup') -> debug(
"triggerUpdateDynGroupsMembersCacheOnUserModify($user): no attribute changed"
);
return true;
}
LSlog :: get_logger('LSaddon_dyngroup') -> debug(
"triggerUpdateDynGroupsMembersCacheOnUserModify($user): changed attributes = ".implode(', ', $changed_attrs)
);
return triggerUpdateDynGroupsMembersCacheOnUserChanges($user, $changed_attrs);
}
function triggerUpdateDynGroupsMembersCacheOnUserCreateOrDelete($user) {
$changed_attrs = array_keys($user -> attrs);
return triggerUpdateDynGroupsMembersCacheOnUserChanges($user, $changed_attrs);
}
function triggerUpdateDynGroupsMembersCacheOnUserChanges(&$user, &$changed_attrs) {
if (!LSsession :: loadLSobject(DYNGROUP_OBJECT_TYPE)) {
LSlog :: get_logger('LSaddon_dyngroup') -> error('Fail to load dyngroup object type');
return false;
}
// List dyn groups
$dyngroup_class = constant('DYNGROUP_OBJECT_TYPE');
$dyngroup = new $dyngroup_class();
$error = false;
$impacted_dyngroups = 0;
$updated_dyngroups = 0;
foreach($dyngroup -> listObjects() as $group) { // Leave cache enabled
$uri = null;
foreach(array(DYNGROUP_MEMBER_DN_URI_ATTRIBUTE, DYNGROUP_MEMBER_UID_URI_ATTRIBUTE) as $uri_attr) {
$uri = $group -> getValue($uri_attr, true);
if ($uri) break;
}
if (!$uri) {
LSlog :: get_logger('LSaddon_dyngroup') -> debug(
"triggerUpdateDynGroupsMembersCacheOnUserChanges($user): $group hasn't member URI attribute."
);
continue;
}
$parsed_uri = parseLdapSearchURI($uri);
if (!$parsed_uri) {
LSlog :: get_logger('LSaddon_dyngroup') -> warning(
"triggerUpdateDynGroupsMembersCacheOnUserChanges($user): fail to parse member URI attribute of $group."
);
continue;
}
if (!$parsed_uri['filter']) {
LSlog :: get_logger('LSaddon_dyngroup') -> warning(
"triggerUpdateDynGroupsMembersCacheOnUserChanges($user): no LDAP filter found in member URI attribute of $group."
);
continue;
}
$filter_attrs = extractAttributesFromLdapFilterString($parsed_uri['filter']);
LSlog :: get_logger('LSaddon_dyngroup') -> debug(
"triggerUpdateDynGroupsMembersCacheOnUserChanges($user): attributes of LDAP filter of member URI attribute of $group = ".implode(', ', $filter_attrs)
);
if (!$filter_attrs) {
LSlog :: get_logger('LSaddon_dyngroup') -> warning(
"triggerUpdateDynGroupsMembersCacheOnUserChanges($user): fail to extract attribute from LDAP filter '".$parsed_uri['filter']."' from member URI attribute of $group."
);
continue;
}
$is_impacted = false;
foreach($filter_attrs as $attr) {
if (in_array(strtolower($attr), $changed_attrs)) {
$is_impacted = true;
break;
}
}
if (!$is_impacted) {
LSlog :: get_logger('LSaddon_dyngroup') -> debug(
"triggerUpdateDynGroupsMembersCacheOnUserChanges($user): $group is NOT impacted by user's changes."
);
continue;
}
LSlog :: get_logger('LSaddon_dyngroup') -> debug(
"triggerUpdateDynGroupsMembersCacheOnUserChanges($user): $group is impacted by user's changes ".
"(at least by attribute '$attr')."
);
$impacted_dyngroups++;
if (updateDynGroupMembersCache($group, false))
$updated_dyngroups++;
else
$error = true;
}
LSlog :: get_logger('LSaddon_dyngroup') -> debug(
"triggerUpdateDynGroupsMembersCacheOnUserChanges($user): $impacted_dyngroups impacted dyngroups found, ".
"$updated_dyngroups updated."
);
if ($impacted_dyngroups && $impacted_dyngroups == $updated_dyngroups) {
LSsession :: addInfo(
getFData(
_('Members cache of %{count} dynamic group(s) have been updated because thes were potentially impacted by your changes.'),
$updated_dyngroups)
);
}
else if ($error) {
LSsession :: addInfo(
getFData(
_('Members cache of %{count} dynamic group(s) have NOT been updated but thes were potentially impacted by your changes. A delay of some minutes could be necessary to handle your changes on this groups.'),
($impacted_dyngroups-$updated_dyngroups)
)
);
}
return !$error;
}
if (php_sapi_name() != 'cli')
return true;
function cli_updateDynGroupsMembersCache($command_args) {
return updateDynGroupsMembersCache();
}

15
src/includes/class/class.LScli.php
View file

@ -638,14 +638,25 @@ class LScli extends LSlog_staticLoggerClass {
*
* @retval array List of available options
**/
public static function autocomplete_int($prefix='') {
public static function autocomplete_int($prefix='', $quote_char='') {
$opts = array();
for ($i=0; $i < 10; $i++) {
$opts[] = "$prefix$i";
$opts[] = self :: quote_word("$prefix$i", $quote_char);
}
return $opts;
}
/**
* Autocomplete boolean option
*
* @param[in] $prefix string Option prefix (optional, default=empty string)
*
* @retval array List of available options
**/
public static function autocomplete_bool($prefix='', $quote_char='') {
return self :: autocomplete_opts(array('0', '1'), $prefix, false, $quote_char);
}
/**
* Autocomplete LSobject type option
*

179
src/includes/class/class.LSformRule_ldapSearchURI.php Normal file
View file

@ -0,0 +1,179 @@
<?php
/*******************************************************************************
* Copyright (C) 2007 Easter-eggs
* https://ldapsaisie.org
*
* Author: See AUTHORS file in top-level directory.
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License version 2
* as published by the Free Software Foundation.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
******************************************************************************/
/**
* LSform rule to check a LDAP search URI
*
* @author Benjamin Renard <brenard@easter-eggs.com>
*/
class LSformRule_ldapSearchURI extends LSformRule {
// CLI parameters autocompleters
protected static $cli_params_autocompleters = array(
'check_resolving_ldap_host' => array('LScli', 'autocomplete_bool'),
'host_required' => array('LScli', 'autocomplete_bool'),
'scope_required' => array('LScli', 'autocomplete_bool'),
'attr_required' => array('LScli', 'autocomplete_bool'),
'max_attrs_count' => array('LScli', 'autocomplete_int'),
'filter_required' => array('LScli', 'autocomplete_bool'),
);
/**
* Check an LDAP search URI value
*
* @param mixed $value The value to check
* @param array $options Validation option
* @param object $formElement The LSformElement object
*
* @return boolean true if the value is valid, false otherwise
*/
public static function validate($value, $options=array(), &$formElement) {
self :: log_trace("validate($value): options = ".varDump($options));
$uri_parts = explode('?', $value);
self :: log_trace("validate($value): URI parts = ".varDump($uri_parts));
/*
* The LDAP URI
*/
if (!preg_match('/^(?P<proto>ldaps?)\:\/\/(?P<host>[^\/\:]+)?(:(?P<port>[0-9]+))?\/(?P<basedn>.*)$/', $uri_parts[0], $m)) {
throw new LSformRuleException(getFData(_('Invalid LDAP server URI (%{uri})'), $uri_parts[0]));
}
self :: log_trace("validate($value): parsed LDAP URI:".varDump($m));
// Check LDAP host
if ($m['host']) {
if (filter_var($m['host'], FILTER_VALIDATE_IP)) {
self :: log_trace("validate($value): '".$m['host']."' is a valid IP address");
}
elseif (
filter_var($m['host'], FILTER_VALIDATE_DOMAIN) &&
(!LSconfig :: get('params.check_resolving_ldap_host', true, 'bool', $options) || @gethostbyname($m['host']) != $m['host'])
) {
self :: log_trace("validate($value): '".$m['host']."' is a valid domain name");
}
else {
throw new LSformRuleException(getFData(_('Invalid LDAP host (%{host})'), $m['host']));
}
if ($m['port'] && $m['port'] < 1 || $m['port'] > 65535) {
throw new LSformRuleException(getFData(_('Invalid LDAP port (%{port})'), $m['port']));
}
}
elseif ($m['port']) {
throw new LSformRuleException(getFData(_('A LDAP URI could not contain port without host (%{host}:%{port})'), $m));
}
else {
self :: log_trace("validate($value): URI doesn't contain LDAP host");
if (LSconfig :: get('params.host_required', False, 'bool', $options))
throw new LSformRuleException(_('LDAP host not provided but required'));
}
// Check base DN
if (isset($m['basedn']) && $m['basedn']) {
if (!isCompatibleDNs($m['basedn'], LSsession :: getRootDn()))
throw new LSformRuleException(getFData(_('Invalid base DN (%{basedn})'), $m['basedn']));
self :: log_trace("validate($value): base DN '".$m['basedn']."' is valid");
}
else {
self :: log_trace("validate($value): URI doesn't contain search base DN");
if (LSconfig :: get('params.basedn_required', False, 'bool', $options))
throw new LSformRuleException(_('Search base DN not provided but required'));
}
/*
* Attributes (optionals)
*/
$max_attrs_count = LSconfig :: get('params.max_attrs_count', null, null, $options);
if (isset($uri_parts[1]) && $uri_parts[1]) {
$attrs = explode(',', $uri_parts[1]);
if (!is_empty($max_attrs_count) && count($attrs) > $max_attrs_count)
throw new LSformRuleException(
getFData(
_('Invalid searched attributes count (%{attrCount} > %{maxAttrsCount})'),
array('attrCount' => count($attrs), 'maxAttrsCount' => $max_attrs_count)
)
);
foreach($attrs as $attr) {
if (!preg_match('/^[a-z][a-z0-9\-]+$/i', $attr)) {
throw new LSformRuleException(getFData(_('Invalid attribute name (%{attr})'), $attr));
}
}
}
else {
self :: log_trace("validate($value): no attribute name provided");
if (
LSconfig :: get('params.attr_required', False, 'bool', $options) ||
(!is_empty($max_attrs_count) && $max_attrs_count > 0)
)
throw new LSformRuleException(_('Attribute name not provided but required'));
}
/*
* Scope
*/
if (isset($uri_parts[2]) && $uri_parts[2]) {
if (!in_array($uri_parts[2], array('base', 'one', 'sub'))) {
throw new LSformRuleException(
getFData(
_('Invalid search scope (%{scope}). Must be one of the following value : base, one or sub.'),
$uri_parts[2]
)
);
}
}
else {
self :: log_trace("validate($value): no search scope provided");
if (LSconfig :: get('params.scope_required', true, 'bool', $options))
throw new LSformRuleException(_('Search scope not provided but required'));
}
/*
* LDAP Filter (optinal)
*/
if (isset($uri_parts[3]) && $uri_parts[3]) {
/*
Try to parse LDAP filter string to validate it
Due to a limitation of Net_LDAP2_Filter::parse() that only
support filter enclosed by parentheses, if string does not
start with "(", enclose the filter with parentheses.
*/
$filter = @Net_LDAP2_Filter::parse(
($uri_parts[3][0]=='('?$uri_parts[3]:"(".$uri_parts[3].")")
);
if (!$filter instanceof Net_LDAP2_Filter) {
throw new LSformRuleException(getFData(_('Invalid LDAP filter ("%{filter}")'), $uri_parts[3]));
}
self :: log_trace("validate($value): LDAP search filter '".$uri_parts[3]."' is valid.");
}
else {
self :: log_trace("validate($value): no search filter provided");
if (LSconfig :: get('params.filter_required', false, 'bool', $options))
throw new LSformRuleException(_('Search filter not provided but required'));
}
self :: log_trace("validate($value): LDAP search URI is valid.");
return True;
}
}

BIN
src/lang/fr_FR.UTF8/LC_MESSAGES/ldapsaisie.mo
View file

Binary file not shown.

214
src/lang/fr_FR.UTF8/LC_MESSAGES/ldapsaisie.po
View file

@ -8,7 +8,7 @@ msgstr ""
"Project-Id-Version: LdapSaisie\n"
"Report-Msgid-Bugs-To: \n"
"POT-Creation-Date: \n"
"PO-Revision-Date: 2021-07-12 18:59+0200\n"
"PO-Revision-Date: 2021-07-21 19:28+0200\n"
"Last-Translator: Benjamin Renard <brenard@zionetrix.net>\n"
"Language-Team: LdapSaisie <ldapsaisie-users@lists.labs.libre-entreprise."
"org>\n"
@ -19,6 +19,7 @@ msgstr ""
"X-Poedit-SourceCharset: utf-8\n"
"X-Poedit-Basepath: /var/www/ldapsaisie/trunk\n"
"X-Generator: Poedit 2.4.2\n"
"Plural-Forms: nplurals=2; plural=(n > 1);\n"
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.samba.php:27
msgid "SAMBA Support: Unable to load smbHash class."
@ -160,6 +161,52 @@ msgstr "MAIL : Erreur durant l'envoie de votre mail"
msgid "PhpLdapAdmin Support : The constant %{const} is not defined."
msgstr "Support PhpLdapAdmin : La constante %{const} n'est pas définie."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.dyngroup.php:27
msgid "Dynamic groups support: The constant %{const} is not defined."
msgstr ""
"Support des groupes dynamiques : La constante %{const} n'est pas définie."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.dyngroup.php:30
msgid ""
"Dynamic groups support: You must at least define all constantes of dynamic "
"groups's by DN or by UID."
msgstr ""
"Support des groupes dynamiques : vous devez au moins définir toutes les "
"constantes des groupes dynamiques par DN ou par UID."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.dyngroup.php:34
msgid ""
"Dynamic groups: The attribute %{dependency} is missing. Unable to forge the "
"attribute %{attr}."
msgstr ""
"Support des groupes dynamiques : L'attribut %{dependency} est manquant. "
"Impossible de générer l'attribut %{attr}."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.dyngroup.php:37
msgid "Dynamic groups: Fail to parse %{attr} value : invalid number of parts."
msgstr ""
"Groupes dynamiques : Impossible d'analyser la valeur de l'attribut %{attr} : "
"nombre de parties invalide."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.dyngroup.php:338
msgid ""
"Members cache of %{count} dynamic group(s) have been updated because thes "
"were potentially impacted by your changes."
msgstr ""
"Le cache des membres de %{count} groupe(s) dynamique(s) as été mis à jours "
"suite à vos modifications qui les impactaient potentiellement."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.dyngroup.php:345
msgid ""
"Members cache of %{count} dynamic group(s) have NOT been updated but thes "
"were potentially impacted by your changes. A delay of some minutes could be "
"necessary to handle your changes on this groups."
msgstr ""
"Le cache des membres de %{count} groupe(s) dynamique(s) n'ont PAS put être "
"mis à jours suite à vos modifications qui les impactaient potentiellement. "
"Un délais de quelques minutes pourra être nécessaire pour que vos "
"modifications soient pris en compte sur ces groupes."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.posix.php:27
msgid "POSIX Support : The constant %{const} is not defined."
msgstr "Support POSIX : La constante %{const} n'est pas définie."
@ -456,19 +503,19 @@ msgstr "État"
msgid "Sub-state"
msgstr "Sous-état"
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule.php:52
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule.php:60
msgid "Invalid syntax checking configuration: unknown rule %{rule}."
msgstr ""
"Configuration de validation syntaxique invalide : règle %{rule} inconnue."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule.php:73
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule.php:100
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule.php:81
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule.php:283
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattr_html_date.php:47
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattr_html_select_list.php:63
msgid "Invalid value"
msgstr "Valeur invalide"
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule.php:111
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule.php:294
msgid "LSformRule_%{type}: Parameter %{param} is not found."
msgstr "LSformRule_%{type} : Le paramètre %{param} n'est pas défini."
@ -917,21 +964,21 @@ msgstr ""
"LSattr_html_select_objet : l'objet sélectionné %{name} n'a pas de valeur "
"dans son attribut %{attr}, vous ne pouvez pas le sélectionner."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:90
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:95
msgid ""
"LSformRule_differentPassword : Other password attribute is not configured."
msgstr ""
"LSformRule_differentPassword : L'autre attribut mot de passe n'est pas "
"configuré."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:93
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:98
msgid ""
"LSformRule_differentPassword : Fail to load LSattr_ldap :: password class."
msgstr ""
"LSformRule_differentPassword : Impossible de charger la classe "
"LSattr_ldap :: password."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:96
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:101
msgid ""
"LSformRule_differentPassword : The other password attribute %{attr} does not "
"exist."
@ -939,7 +986,7 @@ msgstr ""
"LSformRule_differentPassword : L'autre attribut mot de passe %{attr} "
"n'existe pas."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:99
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:104
msgid ""
"LSformRule_differentPassword : The other password attribute could not be the "
"same of the current one."
@ -947,7 +994,7 @@ msgstr ""
"LSformRule_differentPassword : L'autre attribut mot de passe ne peut être le "
"même que l'attribut courant."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:102
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:107
msgid ""
"LSformRule_differentPassword : The other password attributes must use "
"LSattr_ldap :: password. It's not the case of the attribure %{attr}."
@ -955,11 +1002,7 @@ msgstr ""
"LSformRule_differentPassword : Les autres attributs mots de passe doivent "
"utiliser LSattr_ldap :: password. Ce n'est pas le cas de l'attribut %{attr}."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:261
msgid "The value of field %{label} is invalid."
msgstr "La valeur du champ %{label} est incorrecte."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:756
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:755
msgid ""
"LSattribute : Attribute %{attr} : LDAP or HTML types unknow (LDAP = %{ldap} "
"& HTML = %{html})."
@ -967,7 +1010,7 @@ msgstr ""
"LSattribute : Attribut %{attr} : Les types LDAP ou HTML sont inconnus (LDAP "
"= %{ldap} & HTML = %{html})."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:759
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:758
msgid ""
"LSattribute : The function %{func} to display the attribute %{attr} is "
"unknow."
@ -975,14 +1018,14 @@ msgstr ""
"LSattribute : La fonction %{func} pour afficher l'attribut %{attr} est "
"inconnue."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:762
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:761
msgid ""
"LSattribute : The rule %{rule} to validate the attribute %{attr} is unknow."
msgstr ""
"LSattribute : La règle %{rule} de validation de l'attribut %{attr} n'existe "
"pas."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:765
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:764
msgid ""
"LSattribute : Configuration data to verify the attribute %{attr} are "
"incorrect."
@ -990,22 +1033,22 @@ msgstr ""
"LSattribute : Les données de configuration pour vérifier l'attribut %{attr} "
"sont incorrecte."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:768
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:767
msgid ""
"LSattribute : The function %{func} to save the attribute %{attr} is unknow."
msgstr ""
"LSattribute : La fonction %{func} pour sauvegarder l'attribut %{attr} est "
"inconnue."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:771
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:770
msgid "LSattribute : The value of the attribute %{attr} can't be generated."
msgstr "LSattribute : La valeur de l'attribut %{attr} ne peut être générée."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:774
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:773
msgid "LSattribute : Generation of the attribute %{attr} failed."
msgstr "LSattribute : La génération de l'attribut %{attr} a échouée."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:777
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:776
msgid ""
"LSattribute : Generation of the attribute %{attr} did not return a correct "
"value."
@ -1013,14 +1056,14 @@ msgstr ""
"LSattribute : La génération de l'attribut %{attr} n'a pas retournée de "
"valeur correcte."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:780
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:779
msgid ""
"LSattribute : The attr_%{type} of the attribute %{name} is not yet defined."
msgstr ""
"LSattribute : L'objet attr_%{type} de l'attribut %{name} n'est pas encore "
"défini."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_callable.php:66
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_callable.php:71
msgid "LSformRule_callable : The given callable option is not callable"
msgstr "LSformRule_callable : Le paramètre fournis n'est pas exécutable"
@ -1260,8 +1303,8 @@ msgstr ""
"Context:\n"
"%{context}</pre>"
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_mimetype.php:47
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_mimetype.php:51
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_mimetype.php:53
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_mimetype.php:57
msgid "Invalid file type (%{type})."
msgstr "Type de fichier invalide (%{type})."
@ -1523,15 +1566,15 @@ msgstr ""
"LSrelation : Des paramètres sont manquant dans l'appel des méthodes de "
"manipulation des relations standards."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:51
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:60
msgid "Password is too long (maximum: %{maxLength})."
msgstr "Le mot de passe est trop long (maximum : %{maxLength})."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:56
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:65
msgid "Password is too short (minimum: %{minLength})."
msgstr "Le mot de passe est trop court (minimum : %{minLength})."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:81
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:90
msgid ""
"Password match with only %{valid} rule(s) (at least %{minValidRegex} are "
"required)."
@ -1539,11 +1582,11 @@ msgstr ""
"Le mot de passe ne respecte que %{valid} règle(s) (au moins %{minValidRegex} "
"sont requises)."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:92
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:101
msgid "This password is prohibited."
msgstr "Ce mot de passe est interdit."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:107
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:116
msgid ""
"LSformRule_password : Invalid regex configured : %{regex}. You must use PCRE "
"(begining by '/' caracter)."
@ -1583,6 +1626,67 @@ msgstr "LSldap : Erreur pendant la modification du DN de l'objet."
msgid "LSldap: LDAP server base DN not configured."
msgstr "LSldap : Le base DN du serveur LDAP n'est pas configuré."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:59
msgid "Invalid LDAP server URI (%{uri})"
msgstr "URI de serveur LDAP invalide (%{uri})"
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:75
msgid "Invalid LDAP host (%{host})"
msgstr "Hôte LDAP invalide (%{type})."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:79
msgid "Invalid LDAP port (%{port})"
msgstr "Port LDAP invalide (%{port})"
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:83
msgid "A LDAP URI could not contain port without host (%{host}:%{port})"
msgstr "Une URI LDAP ne peut contenir de port sans hôte (%{host}:%{port})"
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:88
msgid "LDAP host not provided but required"
msgstr "Hôte LDAP non-fourni mais obligatoire"
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:94
msgid "Invalid base DN (%{basedn})"
msgstr "Base DN invalide (%{basedn})"
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:100
msgid "Search base DN not provided but required"
msgstr "Base DN de recherche non-fournie mais obligatoire"
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:112
msgid "Invalid searched attributes count (%{attrCount} > %{maxAttrsCount})"
msgstr ""
"Nombre d'attributs recherchés invalide (%{attrCount} > %{maxAttrsCount})"
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:118
msgid "Invalid attribute name (%{attr})"
msgstr "Nom d'attribut invalide (%{attr})"
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:128
msgid "Attribute name not provided but required"
msgstr "Nom d'attribut non-fourni mais obligatoire"
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:138
msgid ""
"Invalid search scope (%{scope}). Must be one of the following value : base, "
"one or sub."
msgstr ""
"Portée de recherche invalide (%{scope}). Doit être une des valeurs "
"suivantes : base, one ou sub."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:147
msgid "Search scope not provided but required"
msgstr "Portéé de recherche non-fournie mais obligatoire"
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:165
msgid "Invalid LDAP filter (\"%{filter}\")"
msgstr "Filtre LDAP invalide (\"%{filter}\")"
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:172
msgid "Search filter not provided but required"
msgstr "Filtre de recherche non-fourni mais obligatoire"
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSrelation.php:331
msgid "listing related objects"
msgstr "énumaration des objets liés"
@ -1803,11 +1907,11 @@ msgstr "Ajouter ce site internet à mes favoris."
msgid "Generate the value"
msgstr "Générer une valeur"
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_filesize.php:49
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_filesize.php:55
msgid "File is too big."
msgstr "Fichier trop gros."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_filesize.php:53
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_filesize.php:59
msgid "File is too light."
msgstr "Fichier trop petit."
@ -1826,6 +1930,30 @@ msgstr ""
"des constantes suivantes : LSAUTH_CAS_SERVER_SSL_CACERT ou "
"LSAUTH_CAS_SERVER_NO_SSL_VALIDATION"
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_numberOfValues.php:52
msgid "max (or min)"
msgstr "max (ou min)"
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_numberOfValues.php:65
msgid "At least one value is required."
msgid_plural "At least %{min} values are required."
msgstr[0] "Au moins une valeur est obligatoire."
msgstr[1] "Au moins %{min} valeurs sont obligatoires."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_numberOfValues.php:77
msgid "Maximum one value is allowed."
msgid_plural "Maximum %{max} values are allowed."
msgstr[0] "Au maximum une valeur est autorisée."
msgstr[1] "Au maximum %{max} valeurs sont autorisées."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_numberOfValues.php:93
msgid ""
"LSformRule_numberOfValues: Parameter max could not be lower than parameter "
"min."
msgstr ""
"LSformRule_numberOfValues : Le paramètre max ne peut être inférieur au "
"paramètre min."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSform.php:126
msgid "Add a field to add another values."
msgstr "Ajouter une autre valeur à ce champ."
@ -1919,7 +2047,7 @@ msgstr ""
"Cliquer pour activer la création/modification de la maildir en même temps "
"que la création/modification du l'utilisateur."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_regex.php:62
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_regex.php:67
msgid "LSformRule_regex : Regex has not been configured to validate data."
msgstr ""
"LSformRule_regex : L'expression régulière de vérification des données n'est "
@ -2001,11 +2129,11 @@ msgstr "Cette requête ne peut être traitée."
msgid "This request could not be processed correctly."
msgstr "Cette requête ne peut être traitée correctement."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_rangelength.php:50
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_rangelength.php:55
msgid "Value is too short (minimum: %{limit})."
msgstr "La valeur est trop courte (minimum : %{limit})."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_rangelength.php:54
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_rangelength.php:59
msgid "Value is too long (maximum: %{limit})."
msgstr "La valeur est trop longue (maximum: %{limit})."
@ -2360,7 +2488,7 @@ msgstr ""
"LSattr_html_select_list : Impossible de récupérer les valeurs possibles de "
"l'attribut %{attr} en utilisant la fonction configurée %{callable}."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_inarray.php:57
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_inarray.php:62
msgid ""
"LSformRule_inarray : Possible values has not been configured to validate "
"data."
@ -2380,7 +2508,7 @@ msgstr "Valeur invalide pour le composant %{component} : \"%{value}\"."
msgid "Godfather"
msgstr "Parrain"
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_date.php:66
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_date.php:72
msgid "LSformRule_date : No date format specify."
msgstr "LSformRule_date : Aucun format de date spécifié."
@ -2413,11 +2541,11 @@ msgstr ""
"Note: Les paramètres/arguments de la commande doivent être placés après "
"celle-ci."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LScli.php:804
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LScli.php:835
msgid "LScli : The CLI command '%{command}' already exists."
msgstr "LScli : La commande CLI '%{command}' existe déjà."
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LScli.php:807
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LScli.php:838
msgid "LScli : The CLI command '%{command}' handler is not callable."
msgstr ""
"LScli : La fonction de prise en charge de la commande CLI '%{command}' n'est "
@ -2967,6 +3095,12 @@ msgstr "non"
msgid "yes"
msgstr "oui"
#~ msgid "Invalid LDAP URI format"
#~ msgstr "Format d'URI LDAP invalide"
#~ msgid "The value of field %{label} is invalid."
#~ msgstr "La valeur du champ %{label} est incorrecte."
#~ msgid "LSformRule: Unknown rule type %{type}."
#~ msgstr "LSformRule : Type de règle %{type} inconnu."

96
src/lang/fr_FR.UTF8/lang.php
View file

@ -2,12 +2,27 @@
$GLOBALS['LSlang'] = array (
# LSobjects.LSdyngroup.attrs.lsDynGroupMemberDnURI.help_info
"<p>LDAP search URI or group members. A LDAP search URI is composed of the following parts separated by semicolons :<ul>
<li>The LDAP URI in format <code>ldap://[host]/[base DN]</code>. For instance, to make a request on the same LDAP server, use <code>ldap:///o=ls</code></li>
<li>The retreived attributes (separated by coma, optional)</li>
<li>The search scope (<code>base</code>, <code>one</code> or <code>sub</code>)</li>
<li>The LDAP filter (optional, default : <code>(objectClass=*)</code>)</li>
</ul></p><p><strong>Example :</strong> <code>ldap:///ou=people,o=ls??one?(&(objectClass=lspeople)(mail=*@ls.com))</code></p>" =>
"<p>L'URI LDAP de recherche des membres du groupe. Une URI de recherche LDAP est composée des parties suivantes séparées par des points virgules :<ul>
<li>L'URI LDAP au format <code>ldap://[host]/[base DN]</code>. Par exemple, pour effectuer une recherche sur le même serveur LDAP, utiliser <code>ldap:///o=ls</code></li>
<li>Les attributs récupérés (séparés par une virgule, facultatif)</li>
<li>La profondeur de la recherche (<code>base</code>, <code>one</code> ou <code>sub</code>)</li>
<li>Le filtre LDAP (facultatif, par défaut : <code>(objectClass=*)</code>)</li>
</ul></p><p><strong>Exemple :</strong> <code>ldap:///ou=people,o=ls??one?(&(objectClass=lsPeople)(mail=*@ls.com))</code></p>",
# LSobjects.pwdPolicy.attrs.pwdCheckModule.help_info
"<strong>Used with caution !</strong> The name of the OpenLDAP module to used to check the password quality." =>
"<strong>À utiliser avec vigilance !</strong> Nom du module pour OpenLDAP à utiliser pour vérifier la qualité du mot de passe.",
# LSobjects.LSpeople.attrs.lsGodfatherDn.label
# LSobjects.LSgroup.attrs.lsGodfatherDn.label
# LSobjects.LSdyngroup.attrs.lsGodfatherDn.label
# LSobjects.LScompany.attrs.lsGodfatherDn.label
"Accountable(s)" =>
"Responsable(s)",
@ -44,10 +59,22 @@ $GLOBALS['LSlang'] = array (
"Always (disable account)" =>
"Toujours (compte désactivé)",
# LSobjects.LSdyngroup.LSsearch.customActions.updateDynGroupsMembersCache.question_format
"Are you sure you want to update members cache of all dynamic groups <small>(could be quite long)</small> ?" =>
"Êtes-vous sûre de vouloir mettre à jour le cache des membres de tous les groupes dynamiques <small>(peut être assez long)</small> ?",
# LSobjects.LSdyngroup.customActions.updateDynGroupMembersCache.question_format
"Are you sure you want to update members cache of this dynamic group ?" =>
"Êtes-vous sûre de vouloir mettre à jour le cache de membre de ce groupe dynamique ?",
# LSobjects.LSpeople.attrs.sambaPwdMustChange.html_options.special_values.0
"At first login" =>
"À la première connexion",
# LSobjects.LSpeople.LSrelation.dyngroups.label
"Belongs to dynamic groups ..." =>
"Appartient aux groupes dynamiques ...",
# LSobjects.LSpeople.LSrelation.groups.label
# LSobjects.LSsysaccount.LSrelation.groups.label
"Belongs to groups ..." =>
@ -55,7 +82,7 @@ $GLOBALS['LSlang'] = array (
# LSobjects.pwdPolicy.LSform.layout.bruteforce.label
"Brute-force attacks protection" =>
"Proctetion anti brute-force",
"Protection anti brute-force",
# LSobjects.pwdPolicy.attrs.pwdCheckModule.label
"Check OpenLDAP module to used" =>
@ -123,6 +150,7 @@ $GLOBALS['LSlang'] = array (
# LSobjects.LSpeople.attrs.description.label
# LSobjects.LSgroup.attrs.description.label
# LSobjects.LSdyngroup.attrs.description.label
# LSobjects.LSsysaccount.attrs.description.label
# LSobjects.LScompany.attrs.description.label
"Description" =>
@ -136,15 +164,35 @@ $GLOBALS['LSlang'] = array (
"Do you confirm change of this user's password?" =>
"Confirmez-vous le changement du mot de passe de cet utilisateur ?",
# LSobjects.LSpeople.LSrelation.dyngroups.emptyText
"Doesn't belong to any dynamic group." =>
"N'appartient à aucun groupe dynamique.",
# LSobjects.LSpeople.LSrelation.groups.emptyText
# LSobjects.LSsysaccount.LSrelation.groups.emptyText
"Doesn't belong to any group." =>
"N'appartient à aucun groupe.",
# LSobjects.LSpeople.LSrelation.dyngroup_godfather.emptyText
"Doesn't sponsor any dynamic group." =>
"Ne parraine aucun groupe dynamique.",
# LSobjects.LSpeople.LSrelation.group_godfather.emptyText
"Doesn't sponsor any group." =>
"Ne parraine aucun groupe.",
# LSobjects.LSpeople.LSrelation.godfather.emptyText
"Doesn't sponsor any user." =>
"Ne parraine aucun utilisateur.",
# LSobjects.LSdyngroup.label
"Dynamic groups" =>
"Groupes dynamiques",
# LSobjects.LSdyngroup.LSsearch.customActions.updateDynGroupsMembersCache.onSuccessMsgFormat
"Dynamic groups members cache updated." =>
"Le cache des membres des groupes dynamiques a été mis à jour.",
# LSobjects.LSpeople.attrs.mail.label
"E-mail address" =>
"Adresse e-mail",
@ -190,6 +238,14 @@ $GLOBALS['LSlang'] = array (
"Godfather of ..." =>
"Parrain de ...",
# LSobjects.LSpeople.LSrelation.dyngroup_godfather.label
"Godfather of dynamic groups ..." =>
"Parrain des groupes dynamiques ...",
# LSobjects.LSpeople.LSrelation.group_godfather.label
"Godfather of groups ..." =>
"Parrain des groupes ...",
# LSobjects.pwdPolicy.attrs.pwdGraceAuthNLimit.label
"Grace delay after password expiration" =>
"Délai de grâce après l'expiration du mot de passe",
@ -251,6 +307,10 @@ $GLOBALS['LSlang'] = array (
"Indicates the time the account was locked time. Delete this date and set <em>pwdReset</em> attribute to unlock the account." =>
"Indique la durée de blocage du compte. Supprimez cette date et définissez l'attribut <em>pwdReset</em> pour débloquer le compte.",
# LSobjects.LSdyngroup.attrs.lsDynGroupMemberDnURI.check_data.ldapSearchURI.msg
"Invalid LDAP search URI." =>
"URI de recherche LDAP invalide.",
# LSobjects.LSpeople.attrs.gidNumber.html_options.possible_values.1.label
"LDAP Groups" =>
"Groupes LDAP",
@ -326,10 +386,35 @@ $GLOBALS['LSlang'] = array (
"Maximum validity duration of a password" =>
"Durée maximum de validité du mot de passe",
# LSobjects.LSdyngroup.attrs.lsDynGroupMemberDnURI.label
"Member search URI" =>
"URI de recherche des membres",
# LSobjects.LSdyngroup.attrs.lsDynGroupMemberUidURI.label
"Member search URI (UID)" =>
"URI de recherche des membres (UID)",
# LSobjects.LSgroup.attrs.uniqueMember.label
# LSobjects.LSdyngroup.attrs.lsDynGroupMemberDn.label
"Members" =>
"Membres",
# LSobjects.LSdyngroup.attrs.uniqueMember.label
"Members (cache)" =>
"Membres (cache)",
# LSobjects.LSdyngroup.attrs.lsDynGroupMemberUid.label
"Members UID" =>
"UID des membres",
# LSobjects.LSdyngroup.attrs.memberUid.label
"Members UID (cache)" =>
"UID des membres (cache)",
# LSobjects.LSdyngroup.customActions.updateDynGroupMembersCache.onSuccessMsgFormat
"Members cache updated." =>
"Le cache des membres a été mis à jour.",
# LSobjects.pwdPolicy.attrs.pwdMinLength.label
"Minimum length a password" =>
"Longueur minimum d'un mot de passe",
@ -364,12 +449,14 @@ $GLOBALS['LSlang'] = array (
"Doit être un entier positif.",
# LSobjects.LSgroup.attrs.cn.label
# LSobjects.LSdyngroup.attrs.cn.label
# LSobjects.pwdPolicy.attrs.cn.label
# LSobjects.LScompany.attrs.ou.label
"Name" =>
"Nom",
# LSobjects.LSgroup.attrs.cn.check_data.alphanumeric.msg
# LSobjects.LSdyngroup.attrs.cn.check_data.alphanumeric.msg
"Name must contain alphanumeric values only." =>
"Le nom doit contenir uniquement des valeurs alpha-numériques.",
@ -449,6 +536,7 @@ $GLOBALS['LSlang'] = array (
"Identifiant numérique",
# LSobjects.LSgroup.attrs.lsGodfatherDn.validation.0.msg
# LSobjects.LSdyngroup.attrs.lsGodfatherDn.validation.0.msg
# LSobjects.LScompany.attrs.lsGodfatherDn.validation.0.msg
"One or several of these users don't exist." =>
"Un ou plusieurs utilisateurs n'existent pas.",
@ -594,6 +682,7 @@ $GLOBALS['LSlang'] = array (
# LSobjects.LSpeople.customActions.showTechInfo.label
# LSobjects.LSgroup.customActions.showTechInfo.label
# LSobjects.LSdyngroup.customActions.showTechInfo.label
# LSobjects.LSsysaccount.customActions.showTechInfo.label
# LSobjects.pwdPolicy.customActions.showTechInfo.label
# LSobjects.LScompany.customActions.showTechInfo.label
@ -677,6 +766,11 @@ $GLOBALS['LSlang'] = array (
"Until an administrator manually unlock it (default)" =>
"Tant qu'un administrateur ne le débloque pas (par défaut)",
# LSobjects.LSdyngroup.customActions.updateDynGroupMembersCache.label
# LSobjects.LSdyngroup.LSsearch.customActions.updateDynGroupsMembersCache.label
"Update members cache" =>
"Mettre à jour le cache des membres",
# LSobjects.pwdPolicy.attrs.pwdAllowUserChange.label
"User can change its password" =>
"L'utilisateur peut changer son mot de passe",

187
src/lang/ldapsaisie.pot
View file

@ -117,6 +117,39 @@ msgstr ""
msgid "PhpLdapAdmin Support : The constant %{const} is not defined."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.dyngroup.php:27
msgid "Dynamic groups support: The constant %{const} is not defined."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.dyngroup.php:30
msgid ""
"Dynamic groups support: You must at least define all constantes of dynamic "
"groups's by DN or by UID."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.dyngroup.php:34
msgid ""
"Dynamic groups: The attribute %{dependency} is missing. Unable to forge the "
"attribute %{attr}."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.dyngroup.php:37
msgid "Dynamic groups: Fail to parse %{attr} value : invalid number of parts."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.dyngroup.php:338
msgid ""
"Members cache of %{count} dynamic group(s) have been updated because thes "
"were potentially impacted by your changes."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.dyngroup.php:345
msgid ""
"Members cache of %{count} dynamic group(s) have NOT been updated but thes "
"were potentially impacted by your changes. A delay of some minutes could be "
"necessary to handle your changes on this groups."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/addons/LSaddons.posix.php:27
msgid "POSIX Support : The constant %{const} is not defined."
msgstr ""
@ -379,18 +412,18 @@ msgstr ""
msgid "Sub-state"
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule.php:52
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule.php:60
msgid "Invalid syntax checking configuration: unknown rule %{rule}."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule.php:73
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule.php:100
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule.php:81
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule.php:283
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattr_html_date.php:47
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattr_html_select_list.php:63
msgid "Invalid value"
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule.php:111
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule.php:294
msgid "LSformRule_%{type}: Parameter %{param} is not found."
msgstr ""
@ -793,86 +826,82 @@ msgid ""
"value, you can't select it."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:90
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:95
msgid ""
"LSformRule_differentPassword : Other password attribute is not configured."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:93
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:98
msgid ""
"LSformRule_differentPassword : Fail to load LSattr_ldap :: password class."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:96
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:101
msgid ""
"LSformRule_differentPassword : The other password attribute %{attr} does not "
"exist."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:99
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:104
msgid ""
"LSformRule_differentPassword : The other password attribute could not be the "
"same of the current one."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:102
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_differentPassword.php:107
msgid ""
"LSformRule_differentPassword : The other password attributes must use "
"LSattr_ldap :: password. It's not the case of the attribure %{attr}."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:261
msgid "The value of field %{label} is invalid."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:756
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:755
msgid ""
"LSattribute : Attribute %{attr} : LDAP or HTML types unknow (LDAP = %{ldap} "
"& HTML = %{html})."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:759
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:758
msgid ""
"LSattribute : The function %{func} to display the attribute %{attr} is "
"unknow."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:762
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:761
msgid ""
"LSattribute : The rule %{rule} to validate the attribute %{attr} is unknow."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:765
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:764
msgid ""
"LSattribute : Configuration data to verify the attribute %{attr} are "
"incorrect."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:768
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:767
msgid ""
"LSattribute : The function %{func} to save the attribute %{attr} is unknow."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:771
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:770
msgid "LSattribute : The value of the attribute %{attr} can't be generated."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:774
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:773
msgid "LSattribute : Generation of the attribute %{attr} failed."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:777
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:776
msgid ""
"LSattribute : Generation of the attribute %{attr} did not return a correct "
"value."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:780
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSattribute.php:779
msgid ""
"LSattribute : The attr_%{type} of the attribute %{name} is not yet defined."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_callable.php:66
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_callable.php:71
msgid "LSformRule_callable : The given callable option is not callable"
msgstr ""
@ -1072,8 +1101,8 @@ msgid ""
"%{context}</pre>"
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_mimetype.php:47
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_mimetype.php:51
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_mimetype.php:53
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_mimetype.php:57
msgid "Invalid file type (%{type})."
msgstr ""
@ -1275,25 +1304,25 @@ msgid ""
"standard relations (Method : %{meth})."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:51
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:60
msgid "Password is too long (maximum: %{maxLength})."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:56
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:65
msgid "Password is too short (minimum: %{minLength})."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:81
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:90
msgid ""
"Password match with only %{valid} rule(s) (at least %{minValidRegex} are "
"required)."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:92
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:101
msgid "This password is prohibited."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:107
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_password.php:116
msgid ""
"LSformRule_password : Invalid regex configured : %{regex}. You must use PCRE "
"(begining by '/' caracter)."
@ -1331,6 +1360,64 @@ msgstr ""
msgid "LSldap: LDAP server base DN not configured."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:59
msgid "Invalid LDAP server URI (%{uri})"
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:75
msgid "Invalid LDAP host (%{host})"
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:79
msgid "Invalid LDAP port (%{port})"
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:83
msgid "A LDAP URI could not contain port without host (%{host}:%{port})"
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:88
msgid "LDAP host not provided but required"
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:94
msgid "Invalid base DN (%{basedn})"
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:100
msgid "Search base DN not provided but required"
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:112
msgid "Invalid searched attributes count (%{attrCount} > %{maxAttrsCount})"
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:118
msgid "Invalid attribute name (%{attr})"
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:128
msgid "Attribute name not provided but required"
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:138
msgid ""
"Invalid search scope (%{scope}). Must be one of the following value : base, "
"one or sub."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:147
msgid "Search scope not provided but required"
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:165
msgid "Invalid LDAP filter (\"%{filter}\")"
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_ldapSearchURI.php:172
msgid "Search filter not provided but required"
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSrelation.php:331
msgid "listing related objects"
msgstr ""
@ -1519,11 +1606,11 @@ msgstr ""
msgid "Generate the value"
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_filesize.php:49
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_filesize.php:55
msgid "File is too big."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_filesize.php:53
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_filesize.php:59
msgid "File is too light."
msgstr ""
@ -1538,6 +1625,28 @@ msgid ""
"LSAUTH_CAS_SERVER_SSL_CACERT or LSAUTH_CAS_SERVER_NO_SSL_VALIDATION"
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_numberOfValues.php:52
msgid "max (or min)"
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_numberOfValues.php:65
msgid "At least one value is required."
msgid_plural "At least %{min} values are required."
msgstr[0] ""
msgstr[1] ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_numberOfValues.php:77
msgid "Maximum one value is allowed."
msgid_plural "Maximum %{max} values are allowed."
msgstr[0] ""
msgstr[1] ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_numberOfValues.php:93
msgid ""
"LSformRule_numberOfValues: Parameter max could not be lower than parameter "
"min."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSform.php:126
msgid "Add a field to add another values."
msgstr ""
@ -1620,7 +1729,7 @@ msgid ""
"Click to enable maildir creation/modification on user creation/modification."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_regex.php:62
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_regex.php:67
msgid "LSformRule_regex : Regex has not been configured to validate data."
msgstr ""
@ -1700,11 +1809,11 @@ msgstr ""
msgid "This request could not be processed correctly."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_rangelength.php:50
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_rangelength.php:55
msgid "Value is too short (minimum: %{limit})."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_rangelength.php:54
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_rangelength.php:59
msgid "Value is too long (maximum: %{limit})."
msgstr ""
@ -2014,7 +2123,7 @@ msgid ""
"%{attr} using configured function %{callable}."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_inarray.php:57
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_inarray.php:62
msgid ""
"LSformRule_inarray : Possible values has not been configured to validate "
"data."
@ -2032,7 +2141,7 @@ msgstr ""
msgid "Godfather"
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_date.php:66
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LSformRule_date.php:72
msgid "LSformRule_date : No date format specify."
msgstr ""
@ -2062,11 +2171,11 @@ msgid ""
"Note: Command's parameter/argument must be place after the command."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LScli.php:804
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LScli.php:835
msgid "LScli : The CLI command '%{command}' already exists."
msgstr ""
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LScli.php:807
#: /home/brenard/dev/ldapsaisie_clean3/src/includes/class/class.LScli.php:838
msgid "LScli : The CLI command '%{command}' handler is not callable."
msgstr ""