Home | History | Annotate | Line # | Download | only in schema 
      1      1.1      tron # dyngroup.schema -- Dynamic Group schema
      2      1.1      tron # $OpenLDAP$
      3      1.1      tron ## This work is part of OpenLDAP Software <http://www.openldap.org/>.
      4      1.1      tron ##
      5  1.1.1.7  christos ## Copyright 1998-2024 The OpenLDAP Foundation.
      6      1.1      tron ## All rights reserved.
      7      1.1      tron ##
      8      1.1      tron ## Redistribution and use in source and binary forms, with or without
      9      1.1      tron ## modification, are permitted only as authorized by the OpenLDAP
     10      1.1      tron ## Public License.
     11      1.1      tron ##
     12      1.1      tron ## A copy of this license is available in the file LICENSE in the
     13      1.1      tron ## top-level directory of the distribution or, alternatively, at
     14      1.1      tron ## <http://www.OpenLDAP.org/license.html>.
     15      1.1      tron #
     16      1.1      tron # Dynamic Group schema (experimental), as defined by Netscape.  See
     17      1.1      tron # http://www.redhat.com/docs/manuals/ent-server/pdf/esadmin611.pdf
     18      1.1      tron # page 70 for details on how these groups were used.
     19      1.1      tron #
     20      1.1      tron # A description of the objectclass definition is available here:
     21      1.1      tron # http://www.redhat.com/docs/manuals/dir-server/schema/7.1/oc_dir.html#1303745
     22      1.1      tron #
     23      1.1      tron # depends upon:
     24      1.1      tron #       core.schema
     25      1.1      tron #
     26      1.1      tron # These definitions are considered experimental due to the lack of
     27      1.1      tron # a formal specification (e.g., RFC).
     28      1.1      tron #
     29      1.1      tron # NOT RECOMMENDED FOR PRODUCTION USE!  USE WITH CAUTION!
     30      1.1      tron #
     31      1.1      tron # The Netscape documentation describes this as an auxiliary objectclass
     32      1.1      tron # but their implementations have always defined it as a structural class.
     33      1.1      tron # The sloppiness here is because Netscape-derived servers don't actually
     34      1.1      tron # implement the X.500 data model, and they don't honor the distinction
     35      1.1      tron # between structural and auxiliary classes. This fact is noted here:
     36      1.1      tron # http://forum.java.sun.com/thread.jspa?threadID=5016864&messageID=9034636
     37      1.1      tron #
     38      1.1      tron # In accordance with other existing implementations, we define it as a
     39      1.1      tron # structural class.
     40      1.1      tron #
     41      1.1      tron # Our definition of memberURL also does not match theirs but again
     42      1.1      tron # their published definition and what works in practice do not agree.
     43      1.1      tron # In other words, the Netscape definitions are broken and interoperability
     44      1.1      tron # is not guaranteed.
     45      1.1      tron #
     46      1.1      tron # Also see the new DynGroup proposed spec at
     47      1.1      tron # http://tools.ietf.org/html/draft-haripriya-dynamicgroup-02
     48      1.1      tron dn: cn=dyngroup,cn=schema,cn=config
     49      1.1      tron objectClass: olcSchemaConfig
     50      1.1      tron cn: dyngroup
     51      1.1      tron olcObjectIdentifier: {0}NetscapeRoot 2.16.840.1.113730
     52      1.1      tron olcObjectIdentifier: {1}NetscapeLDAP NetscapeRoot:3
     53      1.1      tron olcObjectIdentifier: {2}NetscapeLDAPattributeType NetscapeLDAP:1
     54      1.1      tron olcObjectIdentifier: {3}NetscapeLDAPobjectClass NetscapeLDAP:2
     55      1.1      tron olcObjectIdentifier: {4}OpenLDAPExp11 1.3.6.1.4.1.4203.666.11
     56      1.1      tron olcObjectIdentifier: {5}DynGroupBase OpenLDAPExp11:8
     57      1.1      tron olcObjectIdentifier: {6}DynGroupAttr DynGroupBase:1
     58      1.1      tron olcObjectIdentifier: {7}DynGroupOC DynGroupBase:2
     59      1.1      tron olcAttributeTypes: {0}( NetscapeLDAPattributeType:198 NAME 'memberURL' DESC 'I
     60      1.1      tron  dentifies an URL associated with each member of a group. Any type of labeled 
     61      1.1      tron  URL can be used.' SUP labeledURI )
     62      1.1      tron olcAttributeTypes: {1}( DynGroupAttr:1 NAME 'dgIdentity' DESC 'Identity to use
     63      1.1      tron   when processing the memberURL' SUP distinguishedName SINGLE-VALUE )
     64      1.1      tron olcAttributeTypes: {2}( DynGroupAttr:2 NAME 'dgAuthz' DESC 'Optional authoriza
     65      1.1      tron  tion rules that determine who is allowed to assume the dgIdentity' EQUALITY a
     66      1.1      tron  uthzMatch SYNTAX 1.3.6.1.4.1.4203.666.2.7 X-ORDERED 'VALUES' )
     67  1.1.1.6  christos olcAttributeTypes: {3}( DynGroupAttr:3 NAME 'dgMemberOf' DESC 'Group that the
     68  1.1.1.6  christos  entry belongs to' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115
     69  1.1.1.6  christos  .121.1.12 )
     70      1.1      tron olcObjectClasses: {0}( NetscapeLDAPobjectClass:33 NAME 'groupOfURLs' SUP top S
     71      1.1      tron  TRUCTURAL MUST cn MAY ( memberURL $ businessCategory $ description $ o $ ou $
     72      1.1      tron   owner $ seeAlso ) )
     73      1.1      tron olcObjectClasses: {1}( DynGroupOC:1 NAME 'dgIdentityAux' SUP top AUXILIARY MAY
     74      1.1      tron   ( dgIdentity $ dgAuthz ) )
     75