dyngroup.schema revision 1.1.1.1.6.2
1 1.1.1.1.6.2 wrstuden # dyngroup.schema -- Dynamic Group schema 2 1.1.1.1.6.2 wrstuden # $OpenLDAP: pkg/ldap/servers/slapd/schema/dyngroup.schema,v 1.6.2.4 2008/02/12 05:17:43 quanah Exp $ 3 1.1.1.1.6.2 wrstuden ## This work is part of OpenLDAP Software <http://www.openldap.org/>. 4 1.1.1.1.6.2 wrstuden ## 5 1.1.1.1.6.2 wrstuden ## Copyright 1998-2008 The OpenLDAP Foundation. 6 1.1.1.1.6.2 wrstuden ## All rights reserved. 7 1.1.1.1.6.2 wrstuden ## 8 1.1.1.1.6.2 wrstuden ## Redistribution and use in source and binary forms, with or without 9 1.1.1.1.6.2 wrstuden ## modification, are permitted only as authorized by the OpenLDAP 10 1.1.1.1.6.2 wrstuden ## Public License. 11 1.1.1.1.6.2 wrstuden ## 12 1.1.1.1.6.2 wrstuden ## A copy of this license is available in the file LICENSE in the 13 1.1.1.1.6.2 wrstuden ## top-level directory of the distribution or, alternatively, at 14 1.1.1.1.6.2 wrstuden ## <http://www.OpenLDAP.org/license.html>. 15 1.1.1.1.6.2 wrstuden # 16 1.1.1.1.6.2 wrstuden # Dynamic Group schema (experimental), as defined by Netscape. See 17 1.1.1.1.6.2 wrstuden # http://www.redhat.com/docs/manuals/ent-server/pdf/esadmin611.pdf 18 1.1.1.1.6.2 wrstuden # page 70 for details on how these groups were used. 19 1.1.1.1.6.2 wrstuden # 20 1.1.1.1.6.2 wrstuden # A description of the objectclass definition is available here: 21 1.1.1.1.6.2 wrstuden # http://www.redhat.com/docs/manuals/dir-server/schema/7.1/oc_dir.html#1303745 22 1.1.1.1.6.2 wrstuden # 23 1.1.1.1.6.2 wrstuden # depends upon: 24 1.1.1.1.6.2 wrstuden # core.schema 25 1.1.1.1.6.2 wrstuden # 26 1.1.1.1.6.2 wrstuden # These definitions are considered experimental due to the lack of 27 1.1.1.1.6.2 wrstuden # a formal specification (e.g., RFC). 28 1.1.1.1.6.2 wrstuden # 29 1.1.1.1.6.2 wrstuden # NOT RECOMMENDED FOR PRODUCTION USE! USE WITH CAUTION! 30 1.1.1.1.6.2 wrstuden # 31 1.1.1.1.6.2 wrstuden # The Netscape documentation describes this as an auxiliary objectclass 32 1.1.1.1.6.2 wrstuden # but their implementations have always defined it as a structural class. 33 1.1.1.1.6.2 wrstuden # The sloppiness here is because Netscape-derived servers don't actually 34 1.1.1.1.6.2 wrstuden # implement the X.500 data model, and they don't honor the distinction 35 1.1.1.1.6.2 wrstuden # between structural and auxiliary classes. This fact is noted here: 36 1.1.1.1.6.2 wrstuden # http://forum.java.sun.com/thread.jspa?threadID=5016864&messageID=9034636 37 1.1.1.1.6.2 wrstuden # 38 1.1.1.1.6.2 wrstuden # In accordance with other existing implementations, we define it as a 39 1.1.1.1.6.2 wrstuden # structural class. 40 1.1.1.1.6.2 wrstuden # 41 1.1.1.1.6.2 wrstuden # Our definition of memberURL also does not match theirs but again 42 1.1.1.1.6.2 wrstuden # their published definition and what works in practice do not agree. 43 1.1.1.1.6.2 wrstuden # In other words, the Netscape definitions are broken and interoperability 44 1.1.1.1.6.2 wrstuden # is not guaranteed. 45 1.1.1.1.6.2 wrstuden # 46 1.1.1.1.6.2 wrstuden # Also see the new DynGroup proposed spec at 47 1.1.1.1.6.2 wrstuden # http://tools.ietf.org/html/draft-haripriya-dynamicgroup-02 48 1.1.1.1.6.2 wrstuden 49 1.1.1.1.6.2 wrstuden objectIdentifier NetscapeRoot 2.16.840.1.113730 50 1.1.1.1.6.2 wrstuden 51 1.1.1.1.6.2 wrstuden objectIdentifier NetscapeLDAP NetscapeRoot:3 52 1.1.1.1.6.2 wrstuden objectIdentifier NetscapeLDAPattributeType NetscapeLDAP:1 53 1.1.1.1.6.2 wrstuden objectIdentifier NetscapeLDAPobjectClass NetscapeLDAP:2 54 1.1.1.1.6.2 wrstuden 55 1.1.1.1.6.2 wrstuden objectIdentifier OpenLDAPExp11 1.3.6.1.4.1.4203.666.11 56 1.1.1.1.6.2 wrstuden objectIdentifier DynGroupBase OpenLDAPExp11:8 57 1.1.1.1.6.2 wrstuden objectIdentifier DynGroupAttr DynGroupBase:1 58 1.1.1.1.6.2 wrstuden objectIdentifier DynGroupOC DynGroupBase:2 59 1.1.1.1.6.2 wrstuden 60 1.1.1.1.6.2 wrstuden attributetype ( NetscapeLDAPattributeType:198 61 1.1.1.1.6.2 wrstuden NAME 'memberURL' 62 1.1.1.1.6.2 wrstuden DESC 'Identifies an URL associated with each member of a group. Any type of labeled URL can be used.' 63 1.1.1.1.6.2 wrstuden SUP labeledURI ) 64 1.1.1.1.6.2 wrstuden 65 1.1.1.1.6.2 wrstuden attributetype ( DynGroupAttr:1 66 1.1.1.1.6.2 wrstuden NAME 'dgIdentity' 67 1.1.1.1.6.2 wrstuden DESC 'Identity to use when processing the memberURL' 68 1.1.1.1.6.2 wrstuden SUP distinguishedName SINGLE-VALUE ) 69 1.1.1.1.6.2 wrstuden 70 1.1.1.1.6.2 wrstuden attributeType ( DynGroupAttr:2 71 1.1.1.1.6.2 wrstuden NAME 'dgAuthz' 72 1.1.1.1.6.2 wrstuden DESC 'Optional authorization rules that determine who is allowed to assume the dgIdentity' 73 1.1.1.1.6.2 wrstuden EQUALITY authzMatch 74 1.1.1.1.6.2 wrstuden SYNTAX 1.3.6.1.4.1.4203.666.2.7 75 1.1.1.1.6.2 wrstuden X-ORDERED 'VALUES' ) 76 1.1.1.1.6.2 wrstuden 77 1.1.1.1.6.2 wrstuden objectClass ( NetscapeLDAPobjectClass:33 78 1.1.1.1.6.2 wrstuden NAME 'groupOfURLs' 79 1.1.1.1.6.2 wrstuden SUP top STRUCTURAL 80 1.1.1.1.6.2 wrstuden MUST cn 81 1.1.1.1.6.2 wrstuden MAY ( memberURL $ businessCategory $ description $ o $ ou $ 82 1.1.1.1.6.2 wrstuden owner $ seeAlso ) ) 83 1.1.1.1.6.2 wrstuden 84 1.1.1.1.6.2 wrstuden # The Haripriya dyngroup schema still needs a lot of work. 85 1.1.1.1.6.2 wrstuden # We're just adding support for the dgIdentity attribute for now... 86 1.1.1.1.6.2 wrstuden objectClass ( DynGroupOC:1 87 1.1.1.1.6.2 wrstuden NAME 'dgIdentityAux' 88 1.1.1.1.6.2 wrstuden SUP top AUXILIARY 89 1.1.1.1.6.2 wrstuden MAY ( dgIdentity $ dgAuthz ) ) 90 1.1.1.1.6.2 wrstuden 91 1.1.1.1.6.2 wrstuden 92
Indexes created Tue May 05 00:25:04 UTC 2026