------=_Part_162959_15053760.1201154655304 Content-Type: text/plain; charset=gbk Content-Transfer-Encoding: 7bit
this is my slapd.conf: /////////////////////////////////////////////////////// # # See slapd.conf(5) for details on configuration options. # This file should NOT be world readable. # include /usr/local/etc/openldap/schema/core.schema #include /usr/local/etc/openldap/schema/corba.schema #include /usr/local/etc/openldap/schema/cosine.schema #include /usr/local/etc/openldap/schema/inetorgperson.schema #include /usr/local/etc/openldap/schema/misc.schema #include /usr/local/etc/openldap/schema/openldap.schema #include /usr/local/etc/openldap/schema/nis.schema #include /usr/local/etc/openldap/schema/samba.schema
# Define global ACLs to disable default read access. # Do not enable referrals until AFTER you have a working directory # service AND an understanding of referrals. #referral ldap://root.openldap.org pidfile /usr/local/var/run/slapd.pid argsfile /usr/local/var/run/slapd.args # Load dynamic backend modules: # modulepath /usr/local/libexec/openldap # moduleload back_bdb.la # moduleload back_hdb.la # moduleload back_ldap.la # Sample security restrictions # Require integrity protection (prevent hijacking) # Require 112-bit (3DES or better) encryption for updates # Require 63-bit encryption for simple bind # security ssf=1 update_ssf=112 simple_bind=64 # Sample access control policy: # Root DSE: allow anyone to read it # Subschema (sub)entry DSE: allow anyone to read it # Other DSEs: # Allow self write access # Allow authenticated users read access # Allow anonymous users to authenticate # Directives needed to implement policy: # access to dn.base="" by * read # access to dn.base="cn=Subschema" by * read # access to * # by self write # by users read # by anonymous auth # # if no access controls are present, the default policy # allows anyone and everyone to read anything but restricts # updates to rootdn. (e.g., "access to * by * read") # # rootdn can always read and write EVERYTHING! ####################################################################### # BDB database definitions ####################################################################### database bdb suffix "dc=gfdu,dc=com" rootdn "cn=Manager,dc=gfdu,dc=com" # Cleartext passwords, especially for the rootdn, should # be avoid. See slappasswd(8) and slapd.conf(5) for details. # Use of strong authentication encouraged. rootpw secret # The database directory MUST exist prior to running slapd AND # should only be accessible by the slapd and slap tools. # Mode 700 recommended. directory /usr/local/var/openldap-data # Indices to maintain index objectClass eq
///////////////////////////////////////////////////////////////////
this is my core.schema:
# OpenLDAP Core schema # $OpenLDAP: pkg/ldap/servers/slapd/schema/core.schema,v 1.88.2.5 2007/12/13 07:31:15 hyc Exp $ ## This work is part of OpenLDAP Software http://www.openldap.org/. ## ## Copyright 1998-2007 The OpenLDAP Foundation. ## All rights reserved. ## ## Redistribution and use in source and binary forms, with or without ## modification, are permitted only as authorized by the OpenLDAP ## Public License. ## ## A copy of this license is available in the file LICENSE in the ## top-level directory of the distribution or, alternatively, at ## http://www.OpenLDAP.org/license.html. # ## Portions Copyright (C) The Internet Society (1997-2006). ## All Rights Reserved. ## ## This document and translations of it may be copied and furnished to ## others, and derivative works that comment on or otherwise explain it ## or assist in its implementation may be prepared, copied, published ## and distributed, in whole or in part, without restriction of any ## kind, provided that the above copyright notice and this paragraph are ## included on all such copies and derivative works. However, this ## document itself may not be modified in any way, such as by removing ## the copyright notice or references to the Internet Society or other ## Internet organizations, except as needed for the purpose of ## developing Internet standards in which case the procedures for ## copyrights defined in the Internet Standards process must be ## followed, or as required to translate it into languages other than ## English. ## ## The limited permissions granted above are perpetual and will not be ## revoked by the Internet Society or its successors or assigns. ## ## This document and the information contained herein is provided on an ## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING ## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING ## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION ## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF ## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. # # # Includes LDAPv3 schema items from: # RFC 2252/2256 (LDAPv3) # # Select standard track schema items: # RFC 1274 (uid/dc) # RFC 2079 (URI) # RFC 2247 (dc/dcObject) # RFC 2587 (PKI) # RFC 2589 (Dynamic Directory Services) # RFC 4524 (associatedDomain) # # Select informational schema items: # RFC 2377 (uidObject) # # Standard attribute types from RFC 2256 # # system schema #attributetype ( 2.5.4.0 NAME 'objectClass' # DESC 'RFC2256: object classes of the entity' # EQUALITY objectIdentifierMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) # system schema #attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' ) # DESC 'RFC2256: name of aliased object' # EQUALITY distinguishedNameMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributetype ( 2.5.4.2 NAME 'knowledgeInformation' DESC 'RFC2256: knowledge information' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) # system schema #attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' ) # DESC 'RFC2256: common name(s) for which the entity is known by' # SUP name ) attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256: last (family) name(s) for which the entity is known by' SUP name ) attributetype ( 2.5.4.5 NAME 'serialNumber' DESC 'RFC2256: serial number of the entity' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} ) # RFC 4519 definition ('countryName' in X.500 and RFC2256) attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' ) DESC 'RFC2256: two-letter ISO-3166 country code' SUP name SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 SINGLE-VALUE ) #attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' ) # DESC 'RFC2256: ISO-3166 country 2-letter code' # SUP name SINGLE-VALUE ) attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' ) DESC 'RFC2256: locality which this object resides in' SUP name ) attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) DESC 'RFC2256: state or province which this object resides in' SUP name ) attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' ) DESC 'RFC2256: street address of this object' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' ) DESC 'RFC2256: organization this object belongs to' SUP name ) attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) DESC 'RFC2256: organizational unit this object belongs to' SUP name ) attributetype ( 2.5.4.12 NAME 'title' DESC 'RFC2256: title associated with the entity' SUP name ) # system schema #attributetype ( 2.5.4.13 NAME 'description' # DESC 'RFC2256: descriptive information' # EQUALITY caseIgnoreMatch # SUBSTR caseIgnoreSubstringsMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) # Deprecated by enhancedSearchGuide attributetype ( 2.5.4.14 NAME 'searchGuide' DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 ) attributetype ( 2.5.4.15 NAME 'businessCategory' DESC 'RFC2256: business category' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) attributetype ( 2.5.4.16 NAME 'postalAddress' DESC 'RFC2256: postal address' EQUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) attributetype ( 2.5.4.17 NAME 'postalCode' DESC 'RFC2256: postal code' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) attributetype ( 2.5.4.18 NAME 'postOfficeBox' DESC 'RFC2256: Post Office Box' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' DESC 'RFC2256: Physical Delivery Office Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) attributetype ( 2.5.4.20 NAME 'telephoneNumber' DESC 'RFC2256: Telephone Number' EQUALITY telephoneNumberMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) attributetype ( 2.5.4.21 NAME 'telexNumber' DESC 'RFC2256: Telex Number' SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 ) attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier' DESC 'RFC2256: Teletex Terminal Identifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ) attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) DESC 'RFC2256: Facsimile (Fax) Telephone Number' SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 ) attributetype ( 2.5.4.24 NAME 'x121Address' DESC 'RFC2256: X.121 Address' EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} ) attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber' DESC 'RFC2256: international ISDN number' EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ) attributetype ( 2.5.4.26 NAME 'registeredAddress' DESC 'RFC2256: registered postal address' SUP postalAddress SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) attributetype ( 2.5.4.27 NAME 'destinationIndicator' DESC 'RFC2256: destination indicator' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ) attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod' DESC 'RFC2256: preferred delivery method' SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 SINGLE-VALUE ) attributetype ( 2.5.4.29 NAME 'presentationAddress' DESC 'RFC2256: presentation address' EQUALITY presentationAddressMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.43 SINGLE-VALUE ) attributetype ( 2.5.4.30 NAME 'supportedApplicationContext' DESC 'RFC2256: supported application context' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) attributetype ( 2.5.4.31 NAME 'member' DESC 'RFC2256: member of a group' SUP distinguishedName ) attributetype ( 2.5.4.32 NAME 'owner' DESC 'RFC2256: owner (of the object)' SUP distinguishedName ) attributetype ( 2.5.4.33 NAME 'roleOccupant' DESC 'RFC2256: occupant of role' SUP distinguishedName ) # system schema #attributetype ( 2.5.4.34 NAME 'seeAlso' # DESC 'RFC2256: DN of related object' # SUP distinguishedName ) # system schema #attributetype ( 2.5.4.35 NAME 'userPassword' # DESC 'RFC2256/2307: password of user' # EQUALITY octetStringMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) # Must be transferred using ;binary # with certificateExactMatch rule (per X.509) attributetype ( 2.5.4.36 NAME 'userCertificate' DESC 'RFC2256: X.509 user certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) # Must be transferred using ;binary # with certificateExactMatch rule (per X.509) attributetype ( 2.5.4.37 NAME 'cACertificate' DESC 'RFC2256: X.509 CA certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) # Must be transferred using ;binary attributetype ( 2.5.4.38 NAME 'authorityRevocationList' DESC 'RFC2256: X.509 authority revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) # Must be transferred using ;binary attributetype ( 2.5.4.39 NAME 'certificateRevocationList' DESC 'RFC2256: X.509 certificate revocation list, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) # Must be stored and requested in the binary form attributetype ( 2.5.4.40 NAME 'crossCertificatePair' DESC 'RFC2256: X.509 cross certificate pair, use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 ) # system schema #attributetype ( 2.5.4.41 NAME 'name' # EQUALITY caseIgnoreMatch # SUBSTR caseIgnoreSubstringsMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC 'RFC2256: first name(s) for which the entity is known by' SUP name ) attributetype ( 2.5.4.43 NAME 'initials' DESC 'RFC2256: initials of some or all of names, but not the surname(s).' SUP name ) attributetype ( 2.5.4.44 NAME 'generationQualifier' DESC 'RFC2256: name qualifier indicating a generation' SUP name ) attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier' DESC 'RFC2256: X.500 unique identifier' EQUALITY bitStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) attributetype ( 2.5.4.46 NAME 'dnQualifier' DESC 'RFC2256: DN qualifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide' DESC 'RFC2256: enhanced search guide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 ) attributetype ( 2.5.4.48 NAME 'protocolInformation' DESC 'RFC2256: protocol information' EQUALITY protocolInformationMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 ) # system schema #attributetype ( 2.5.4.49 NAME 'distinguishedName' # EQUALITY distinguishedNameMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributetype ( 2.5.4.50 NAME 'uniqueMember' DESC 'RFC2256: unique member of a group' EQUALITY uniqueMemberMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 ) attributetype ( 2.5.4.51 NAME 'houseIdentifier' DESC 'RFC2256: house identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) # Must be transferred using ;binary attributetype ( 2.5.4.52 NAME 'supportedAlgorithms' DESC 'RFC2256: supported algorithms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 ) # Must be transferred using ;binary attributetype ( 2.5.4.53 NAME 'deltaRevocationList' DESC 'RFC2256: delta revocation list; use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) attributetype ( 2.5.4.54 NAME 'dmdName' DESC 'RFC2256: name of DMD' SUP name ) attributetype ( 2.5.4.65 NAME 'pseudonym' DESC 'X.520(4th): pseudonym for the object' SUP name ) # Standard object classes from RFC2256 # system schema #objectclass ( 2.5.6.0 NAME 'top' # DESC 'RFC2256: top of the superclass chain' # ABSTRACT # MUST objectClass ) # system schema #objectclass ( 2.5.6.1 NAME 'alias' # DESC 'RFC2256: an alias' # SUP top STRUCTURAL # MUST aliasedObjectName ) objectclass ( 2.5.6.2 NAME 'country' DESC 'RFC2256: a country' SUP top STRUCTURAL MUST c MAY ( searchGuide $ description ) ) objectclass ( 2.5.6.3 NAME 'locality' DESC 'RFC2256: a locality' SUP top STRUCTURAL MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) ) objectclass ( 2.5.6.4 NAME 'organization' DESC 'RFC2256: an organization' SUP top STRUCTURAL MUST o MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) objectclass ( 2.5.6.5 NAME 'organizationalUnit' DESC 'RFC2256: an organizational unit' SUP top STRUCTURAL MUST ou MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) objectclass ( 2.5.6.6 NAME 'person' DESC 'RFC2256: a person' SUP top STRUCTURAL MUST ( sn $ cn ) MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) ) objectclass ( 2.5.6.7 NAME 'organizationalPerson' DESC 'RFC2256: an organizational person' SUP person STRUCTURAL MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) ) objectclass ( 2.5.6.8 NAME 'organizationalRole' DESC 'RFC2256: an organizational role' SUP top STRUCTURAL MUST cn MAY ( x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l $ description ) ) objectclass ( 2.5.6.9 NAME 'groupOfNames' DESC 'RFC2256: a group of names (DNs)' SUP top STRUCTURAL MUST ( member $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) objectclass ( 2.5.6.10 NAME 'residentialPerson' DESC 'RFC2256: an residential person' SUP person STRUCTURAL MUST l MAY ( businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l ) ) objectclass ( 2.5.6.11 NAME 'applicationProcess' DESC 'RFC2256: an application process' SUP top STRUCTURAL MUST cn MAY ( seeAlso $ ou $ l $ description ) ) objectclass ( 2.5.6.12 NAME 'applicationEntity' DESC 'RFC2256: an application entity' SUP top STRUCTURAL MUST ( presentationAddress $ cn ) MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $ description ) ) objectclass ( 2.5.6.13 NAME 'dSA' DESC 'RFC2256: a directory system agent (a server)' SUP applicationEntity STRUCTURAL MAY knowledgeInformation ) objectclass ( 2.5.6.14 NAME 'device' DESC 'RFC2256: a device' SUP top STRUCTURAL MUST cn MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) ) objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser' DESC 'RFC2256: a strong authentication user' SUP top AUXILIARY MUST userCertificate ) objectclass ( 2.5.6.16 NAME 'certificationAuthority' DESC 'RFC2256: a certificate authority' SUP top AUXILIARY MUST ( authorityRevocationList $ certificateRevocationList $ cACertificate ) MAY crossCertificatePair ) objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames' DESC 'RFC2256: a group of unique names (DN and Unique Identifier)' SUP top STRUCTURAL MUST ( uniqueMember $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) objectclass ( 2.5.6.18 NAME 'userSecurityInformation' DESC 'RFC2256: a user security information' SUP top AUXILIARY MAY ( supportedAlgorithms ) ) objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2' SUP certificationAuthority AUXILIARY MAY ( deltaRevocationList ) ) objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top STRUCTURAL MUST ( cn ) MAY ( certificateRevocationList $ authorityRevocationList $ deltaRevocationList ) ) objectclass ( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST ( dmdName ) MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) # # Object Classes from RFC 2587 # objectclass ( 2.5.6.21 NAME 'pkiUser' DESC 'RFC2587: a PKI user' SUP top AUXILIARY MAY userCertificate ) objectclass ( 2.5.6.22 NAME 'pkiCA' DESC 'RFC2587: PKI certificate authority' SUP top AUXILIARY MAY ( authorityRevocationList $ certificateRevocationList $ cACertificate $ crossCertificatePair ) ) objectclass ( 2.5.6.23 NAME 'deltaCRL' DESC 'RFC2587: PKI user' SUP top AUXILIARY MAY deltaRevocationList ) # # Standard Track URI label schema from RFC 2079 # system schema #attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' # DESC 'RFC2079: Uniform Resource Identifier with optional label' # EQUALITY caseExactMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' DESC 'RFC2079: object that contains the URI attribute type' SUP top AUXILIARY MAY ( labeledURI ) ) # # Derived from RFC 1274, but with new "short names" # #attributetype ( 0.9.2342.19200300.100.1.1 # NAME ( 'uid' 'userid' ) # DESC 'RFC1274: user identifier' # EQUALITY caseIgnoreMatch # SUBSTR caseIgnoreSubstringsMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) attributetype ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' ) DESC 'RFC1274: RFC822 Mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' DESC 'RFC1274: simple security object' SUP top AUXILIARY MUST userPassword ) # RFC 1274 + RFC 2247 attributetype ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainComponent' ) DESC 'RFC1274/2247: domain component' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) # RFC 2247 objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject' DESC 'RFC2247: domain component object' SUP top AUXILIARY MUST dc ) # RFC 2377 objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject' DESC 'RFC2377: uid object' SUP top AUXILIARY MUST uid ) # RFC 4524 # The 'associatedDomain' attribute specifies DNS [RFC1034][RFC2181] # host names [RFC1123] that are associated with an object. That is, # values of this attribute should conform to the following ABNF: # # domain = root / label *( DOT label ) # root = SPACE # label = LETDIG [ *61( LETDIG / HYPHEN ) LETDIG ] # LETDIG = %x30-39 / %x41-5A / %x61-7A ; "0" - "9" / "A"-"Z" / "a"-"z" # SPACE = %x20 ; space (" ") # HYPHEN = %x2D ; hyphen ("-") # DOT = %x2E ; period (".") attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' DESC 'RFC1274: domain associated with object' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) # RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema) attributetype ( 1.2.840.113549.1.9.1 NAME ( 'email' 'emailAddress' 'pkcs9email' ) DESC 'RFC3280: legacy attribute for email addresses in DNs' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
------=_Part_162959_15053760.1201154655304 Content-Type: text/html; charset=gbk Content-Transfer-Encoding: quoted-printable
<DIV>this is my slapd.conf:</DIV> <DIV>///////////////////////////////////////////////////////</DIV> <DIV>#<BR># See slapd.conf(5) for details on configuration options.<BR># Th= is file should NOT be world readable.<BR>#<BR>include /usr/local= /etc/openldap/schema/core.schema<BR>#include &= nbsp; /usr/local/etc/openldap/schema/corba.schema<BR>#include&n= bsp; /usr/local/etc/openldap/sche= ma/cosine.schema<BR>#include  = ; /usr/local/etc/openldap/schema/inetorgperson.schema<BR>#include &nbs= p; /usr/local/etc/openldap/schema/misc.= schema<BR>#include /usr/loc= al/etc/openldap/schema/openldap.schema<BR>#include &= nbsp; /usr/local/etc/openldap/schema/nis.schema<BR>#inclu= de /usr/local/etc/openldap/= schema/samba.schema</DIV> <DIV> </DIV> <DIV># Define global ACLs to disable default read access.</DIV> <DIV># Do not enable referrals until AFTER you have a working directory<BR>= # service AND an understanding of referrals.<BR>#referral <A href=3D"l= dap://root.openldap.org">ldap://root.openldap.org</A></DIV> <DIV>pidfile /usr/local/var/run/slapd.pid<BR>argsfile /usr/= local/var/run/slapd.args</DIV> <DIV># Load dynamic backend modules:<BR># modulepath /usr/local/libexe= c/openldap<BR># moduleload back_bdb.la<BR># moduleload back_hdb.l= a<BR># moduleload back_ldap.la</DIV> <DIV># Sample security restrictions<BR># Require integrity protection = (prevent hijacking)<BR># Require 112-bit (3DES or better) encryption f= or updates<BR># Require 63-bit encryption for simple bind<BR># securit= y ssf=3D1 update_ssf=3D112 simple_bind=3D64</DIV> <DIV># Sample access control policy:<BR># Root DSE: allow anyone to re= ad it<BR># Subschema (sub)entry DSE: allow anyone to read it<BR># = ;Other DSEs:<BR># Allow self write access<BR># Allow = authenticated users read access<BR># Allow anonymous users to au= thenticate<BR># Directives needed to implement policy:<BR># access to = dn.base=3D"" by * read<BR># access to dn.base=3D"cn=3DSubschema" by * read<= BR># access to *<BR># by self write<BR># by users read<BR># = by anonymous auth<BR>#<BR># if no access controls are present, the default = policy<BR># allows anyone and everyone to read anything but restricts<BR># = updates to rootdn. (e.g., "access to * by * read")<BR>#<BR># rootdn c= an always read and write EVERYTHING!</DIV> <DIV>######################################################################= #<BR># BDB database definitions<BR>########################################= ###############################</DIV> <DIV>database bdb<BR>suffix "dc=3Dgfdu,dc=3Dcom"<BR>rootdn&= nbsp; "cn=3DManager,dc=3Dgfdu,dc=3Dcom"<BR># Cleartext passwords, espe= cially for the rootdn, should<BR># be avoid. See slappasswd(8) and sl= apd.conf(5) for details.<BR># Use of strong authentication encouraged.<BR>r= ootpw secret<BR># The database directory MUST exist prior to run= ning slapd AND <BR># should only be accessible by the slapd and slap tools.= <BR># Mode 700 recommended.<BR>directory /usr/local/var/openldap-data<= BR># Indices to maintain<BR>index objectClass eq<BR></DIV> <DIV>///////////////////////////////////////////////////////////////////</D= IV> <DIV> </DIV> <DIV>this is my core.schema:</DIV> <DIV> </DIV> <DIV># OpenLDAP Core schema<BR># $OpenLDAP: pkg/ldap/servers/slapd/schema/c= ore.schema,v 1.88.2.5 2007/12/13 07:31:15 hyc Exp $<BR>## This work is part= of OpenLDAP Software <<A href=3D"http://www.openldap.org/%22%3Ehttp://www.o= penldap.org/</A>>.<BR>##<BR>## Copyright 1998-2007 The OpenLDAP Foundati= on.<BR>## All rights reserved.<BR>##<BR>## Redistribution and use in source= and binary forms, with or without<BR>## modification, are permitted only a= s authorized by the OpenLDAP<BR>## Public License.<BR>##<BR>## A copy of th= is license is available in the file LICENSE in the<BR>## top-level director= y of the distribution or, alternatively, at<BR>## <<A href=3D"http://www= .OpenLDAP.org/license.html">http://www.OpenLDAP.org/license.html</A>>.<B= R>#<BR>## Portions Copyright (C) The Internet Society (1997-2006).<BR>## Al= l Rights Reserved.<BR>##<BR>## This document and translations of it may be = copied and furnished to<BR>## others, and derivative works that comment on = or otherwise explain it<BR>## or assist in its implementation may be prepar= ed, copied, published<BR>## and distributed, in whole or in part, without r= estriction of any<BR>## kind, provided that the above copyright notice and = this paragraph are<BR>## included on all such copies and derivative works.&= nbsp; However, this<BR>## document itself may not be modified in any way, s= uch as by removing<BR>## the copyright notice or references to the Internet= Society or other<BR>## Internet organizations, except as needed for the pu= rpose of<BR>## developing Internet standards in which case the procedures f= or<BR>## copyrights defined in the Internet Standards process must be = <BR>## followed, or as required = to translate it into languages other than<BR>## English.<BR>## &= nbsp; &nbs= p; &= nbsp; &nbs= p; &= nbsp; &nbs= p; <BR>## The limited permissions granted above are= perpetual and will not be <BR>## revoked by the Internet Society or = its successors or assigns. <BR>##= <BR>## This document and the information contained herein is provided on a= n <BR>## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERIN= G<BR>## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING<= BR>## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION<BR>##= HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF<BR>## MER= CHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.</DIV> <DIV>#<BR>#<BR># Includes LDAPv3 schema items from:<BR># RFC 2252/2256= (LDAPv3)<BR>#<BR># Select standard track schema items:<BR># RFC 1274 = (uid/dc)<BR># RFC 2079 (URI)<BR># RFC 2247 (dc/dcObject)<BR>#&nbs= p;RFC 2587 (PKI)<BR># RFC 2589 (Dynamic Directory Services)<BR># = RFC 4524 (associatedDomain)<BR>#<BR># Select informational schema items:<BR=
# RFC 2377 (uidObject)</DIV>
<DIV>#<BR># Standard attribute types from RFC 2256<BR>#</DIV> <DIV># system schema<BR>#attributetype ( 2.5.4.0 NAME 'objectClass'<BR>#&nb= sp;DESC 'RFC2256: object classes of the entity'<BR># EQUALITY objectId= entifierMatch<BR># SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )</DIV> <DIV># system schema<BR>#attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName'= 'aliasedEntryName' )<BR># DESC 'RFC2256: name of aliased object'<BR>#= EQUALITY distinguishedNameMatch<BR># SYNTAX 1.3.6.1.4.1.1466.115= .121.1.12 SINGLE-VALUE )</DIV> <DIV>attributetype ( 2.5.4.2 NAME 'knowledgeInformation'<BR> DESC 'RFC= 2256: knowledge information'<BR> EQUALITY caseIgnoreMatch<BR> SYN= TAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )</DIV> <DIV># system schema<BR>#attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' )= <BR># DESC 'RFC2256: common name(s) for which the entity is known by'<= BR># SUP name )</DIV> <DIV>attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' )<BR> DESC 'RFC2256= : last (family) name(s) for which the entity is known by'<BR> SUP name= )</DIV> <DIV>attributetype ( 2.5.4.5 NAME 'serialNumber'<BR> DESC 'RFC2256: se= rial number of the entity'<BR> EQUALITY caseIgnoreMatch<BR> SUBST= R caseIgnoreSubstringsMatch<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{6= 4} )</DIV> <DIV># RFC 4519 definition ('countryName' in X.500 and RFC2256)<BR>attribut= etype ( 2.5.4.6 NAME ( 'c' 'countryName' )<BR> DESC 'RFC2256: two-lett= er ISO-3166 country code'<BR> SUP name<BR> SYNTAX 1.3.6.1.4.1.146= 6.115.121.1.11<BR> SINGLE-VALUE )</DIV> <DIV>#attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )<BR># DESC 'RF= C2256: ISO-3166 country 2-letter code'<BR># SUP name SINGLE-VALUE )</D= IV> <DIV>attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' )<BR> DESC 'RFC= 2256: locality which this object resides in'<BR> SUP name )</DIV> <DIV>attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )<BR> D= ESC 'RFC2256: state or province which this object resides in'<BR> SUP = name )</DIV> <DIV>attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' )<BR> DES= C 'RFC2256: street address of this object'<BR> EQUALITY caseIgnoreMatc= h<BR> SUBSTR caseIgnoreSubstringsMatch<BR> SYNTAX 1.3.6.1.4.1.146= 6.115.121.1.15{128} )</DIV> <DIV>attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' )<BR> DESC= 'RFC2256: organization this object belongs to'<BR> SUP name )</DIV> <DIV>attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )<BR>&nb= sp;DESC 'RFC2256: organizational unit this object belongs to'<BR> SUP = name )</DIV> <DIV>attributetype ( 2.5.4.12 NAME 'title'<BR> DESC 'RFC2256: title as= sociated with the entity'<BR> SUP name )</DIV> <DIV># system schema<BR>#attributetype ( 2.5.4.13 NAME 'description'<BR>#&n= bsp;DESC 'RFC2256: descriptive information'<BR># EQUALITY caseIgnoreMa= tch<BR># SUBSTR caseIgnoreSubstringsMatch<BR># SYNTAX 1.3.6.1.4.1= .1466.115.121.1.15{1024} )</DIV> <DIV># Deprecated by enhancedSearchGuide<BR>attributetype ( 2.5.4.14 NAME '= searchGuide'<BR> DESC 'RFC2256: search guide, deprecated by enhancedSe= archGuide'<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )</DIV> <DIV>attributetype ( 2.5.4.15 NAME 'businessCategory'<BR> DESC 'RFC225= 6: business category'<BR> EQUALITY caseIgnoreMatch<BR> SUBSTR cas= eIgnoreSubstringsMatch<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )= </DIV> <DIV>attributetype ( 2.5.4.16 NAME 'postalAddress'<BR> DESC 'RFC2256: = postal address'<BR> EQUALITY caseIgnoreListMatch<BR> SUBSTR caseI= gnoreListSubstringsMatch<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )</D= IV> <DIV>attributetype ( 2.5.4.17 NAME 'postalCode'<BR> DESC 'RFC2256: pos= tal code'<BR> EQUALITY caseIgnoreMatch<BR> SUBSTR caseIgnoreSubst= ringsMatch<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )</DIV> <DIV>attributetype ( 2.5.4.18 NAME 'postOfficeBox'<BR> DESC 'RFC2256: = Post Office Box'<BR> EQUALITY caseIgnoreMatch<BR> SUBSTR caseIgno= reSubstringsMatch<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )</DIV> <DIV>attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'<BR> DE= SC 'RFC2256: Physical Delivery Office Name'<BR> EQUALITY caseIgnoreMat= ch<BR> SUBSTR caseIgnoreSubstringsMatch<BR> SYNTAX 1.3.6.1.4.1.14= 66.115.121.1.15{128} )</DIV> <DIV>attributetype ( 2.5.4.20 NAME 'telephoneNumber'<BR> DESC 'RFC2256= : Telephone Number'<BR> EQUALITY telephoneNumberMatch<BR> SUBSTR = telephoneNumberSubstringsMatch<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.5= 0{32} )</DIV> <DIV>attributetype ( 2.5.4.21 NAME 'telexNumber'<BR> DESC 'RFC2256: Te= lex Number'<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )</DIV> <DIV>attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier'<BR> DES= C 'RFC2256: Teletex Terminal Identifier'<BR> SYNTAX 1.3.6.1.4.1.1466.1= 15.121.1.51 )</DIV> <DIV>attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )<BR>= DESC 'RFC2256: Facsimile (Fax) Telephone Number'<BR> SYNTAX 1.3.= 6.1.4.1.1466.115.121.1.22 )</DIV> <DIV>attributetype ( 2.5.4.24 NAME 'x121Address'<BR> DESC 'RFC2256: X.= 121 Address'<BR> EQUALITY numericStringMatch<BR> SUBSTR numericSt= ringSubstringsMatch<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )</DI= V> <DIV>attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber'<BR> DESC = 'RFC2256: international ISDN number'<BR> EQUALITY numericStringMatch<B= R> SUBSTR numericStringSubstringsMatch<BR> SYNTAX 1.3.6.1.4.1.146= 6.115.121.1.36{16} )</DIV> <DIV>attributetype ( 2.5.4.26 NAME 'registeredAddress'<BR> DESC 'RFC22= 56: registered postal address'<BR> SUP postalAddress<BR> SYNTAX 1= .3.6.1.4.1.1466.115.121.1.41 )</DIV> <DIV>attributetype ( 2.5.4.27 NAME 'destinationIndicator'<BR> DESC 'RF= C2256: destination indicator'<BR> EQUALITY caseIgnoreMatch<BR> SU= BSTR caseIgnoreSubstringsMatch<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.4= 4{128} )</DIV> <DIV>attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod'<BR> DESC = 'RFC2256: preferred delivery method'<BR> SYNTAX 1.3.6.1.4.1.1466.115.1= 21.1.14<BR> SINGLE-VALUE )</DIV> <DIV>attributetype ( 2.5.4.29 NAME 'presentationAddress'<BR> DESC 'RFC= 2256: presentation address'<BR> EQUALITY presentationAddressMatch<BR>&= nbsp;SYNTAX 1.3.6.1.4.1.1466.115.121.1.43<BR> SINGLE-VALUE )</DIV> <DIV>attributetype ( 2.5.4.30 NAME 'supportedApplicationContext'<BR> D= ESC 'RFC2256: supported application context'<BR> EQUALITY objectIdenti= fierMatch<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )</DIV> <DIV>attributetype ( 2.5.4.31 NAME 'member'<BR> DESC 'RFC2256: member = of a group'<BR> SUP distinguishedName )</DIV> <DIV>attributetype ( 2.5.4.32 NAME 'owner'<BR> DESC 'RFC2256: owner (o= f the object)'<BR> SUP distinguishedName )</DIV> <DIV>attributetype ( 2.5.4.33 NAME 'roleOccupant'<BR> DESC 'RFC2256: o= ccupant of role'<BR> SUP distinguishedName )</DIV> <DIV># system schema<BR>#attributetype ( 2.5.4.34 NAME 'seeAlso'<BR># = DESC 'RFC2256: DN of related object'<BR># SUP distinguishedName )</DIV=
<DIV># system schema<BR>#attributetype ( 2.5.4.35 NAME 'userPassword'<BR>#&= nbsp;DESC 'RFC2256/2307: password of user'<BR># EQUALITY octetStringMa= tch<BR># SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )</DIV> <DIV># Must be transferred using ;binary<BR># with certificateExactMatch ru= le (per X.509)<BR>attributetype ( 2.5.4.36 NAME 'userCertificate'<BR> = DESC 'RFC2256: X.509 user certificate, use ;binary'<BR> EQUALITY certi= ficateExactMatch<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )</DIV> <DIV># Must be transferred using ;binary<BR># with certificateExactMatch ru= le (per X.509)<BR>attributetype ( 2.5.4.37 NAME 'cACertificate'<BR> DE= SC 'RFC2256: X.509 CA certificate, use ;binary'<BR> EQUALITY certifica= teExactMatch<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )</DIV> <DIV># Must be transferred using ;binary<BR>attributetype ( 2.5.4.38 NAME '= authorityRevocationList'<BR> DESC 'RFC2256: X.509 authority revocation= list, use ;binary'<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )</DIV> <DIV># Must be transferred using ;binary<BR>attributetype ( 2.5.4.39 NAME '= certificateRevocationList'<BR> DESC 'RFC2256: X.509 certificate revoca= tion list, use ;binary'<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )</DIV=
<DIV># Must be stored and requested in the binary form<BR>attributetype ( 2= .5.4.40 NAME 'crossCertificatePair'<BR> DESC 'RFC2256: X.509 cross cer= tificate pair, use ;binary'<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )= </DIV> <DIV># system schema<BR>#attributetype ( 2.5.4.41 NAME 'name'<BR># EQU= ALITY caseIgnoreMatch<BR># SUBSTR caseIgnoreSubstringsMatch<BR># = SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )</DIV> <DIV>attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' )<BR> DESC 'RFC2= 256: first name(s) for which the entity is known by'<BR> SUP name )</D= IV> <DIV>attributetype ( 2.5.4.43 NAME 'initials'<BR> DESC 'RFC2256: initi= als of some or all of names, but not the surname(s).'<BR> SUP name )</= DIV> <DIV>attributetype ( 2.5.4.44 NAME 'generationQualifier'<BR> DESC 'RFC= 2256: name qualifier indicating a generation'<BR> SUP name )</DIV> <DIV>attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier'<BR> DESC 'RF= C2256: X.500 unique identifier'<BR> EQUALITY bitStringMatch<BR> S= YNTAX 1.3.6.1.4.1.1466.115.121.1.6 )</DIV> <DIV>attributetype ( 2.5.4.46 NAME 'dnQualifier'<BR> DESC 'RFC2256: DN= qualifier'<BR> EQUALITY caseIgnoreMatch<BR> ORDERING caseIgnoreO= rderingMatch<BR> SUBSTR caseIgnoreSubstringsMatch<BR> SYNTAX 1.3.= 6.1.4.1.1466.115.121.1.44 )</DIV> <DIV>attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide'<BR> DESC 'RFC= 2256: enhanced search guide'<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 = )</DIV> <DIV>attributetype ( 2.5.4.48 NAME 'protocolInformation'<BR> DESC 'RFC= 2256: protocol information'<BR> EQUALITY protocolInformationMatch<BR>&= nbsp;SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )</DIV> <DIV># system schema<BR>#attributetype ( 2.5.4.49 NAME 'distinguishedName'<= BR># EQUALITY distinguishedNameMatch<BR># SYNTAX 1.3.6.1.4.1.1466= .115.121.1.12 )</DIV> <DIV>attributetype ( 2.5.4.50 NAME 'uniqueMember'<BR> DESC 'RFC2256: u= nique member of a group'<BR> EQUALITY uniqueMemberMatch<BR> SYNTA= X 1.3.6.1.4.1.1466.115.121.1.34 )</DIV> <DIV>attributetype ( 2.5.4.51 NAME 'houseIdentifier'<BR> DESC 'RFC2256= : house identifier'<BR> EQUALITY caseIgnoreMatch<BR> SUBSTR caseI= gnoreSubstringsMatch<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )= </DIV> <DIV># Must be transferred using ;binary<BR>attributetype ( 2.5.4.52 NAME '= supportedAlgorithms'<BR> DESC 'RFC2256: supported algorithms'<BR> = ;SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )</DIV> <DIV># Must be transferred using ;binary<BR>attributetype ( 2.5.4.53 NAME '= deltaRevocationList'<BR> DESC 'RFC2256: delta revocation list; use ;bi= nary'<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )</DIV> <DIV>attributetype ( 2.5.4.54 NAME 'dmdName'<BR> DESC 'RFC2256: name o= f DMD'<BR> SUP name )</DIV> <DIV>attributetype ( 2.5.4.65 NAME 'pseudonym'<BR> DESC 'X.520(4th): p= seudonym for the object'<BR> SUP name )</DIV> <DIV># Standard object classes from RFC2256</DIV> <DIV># system schema<BR>#objectclass ( 2.5.6.0 NAME 'top'<BR># DESC 'R= FC2256: top of the superclass chain'<BR># ABSTRACT<BR># MUST obje= ctClass )</DIV> <DIV># system schema<BR>#objectclass ( 2.5.6.1 NAME 'alias'<BR># DESC = 'RFC2256: an alias'<BR># SUP top STRUCTURAL<BR># MUST aliasedObje= ctName )</DIV> <DIV>objectclass ( 2.5.6.2 NAME 'country'<BR> DESC 'RFC2256: a country= '<BR> SUP top STRUCTURAL<BR> MUST c<BR> MAY ( searchGuide $ = description ) )</DIV> <DIV>objectclass ( 2.5.6.3 NAME 'locality'<BR> DESC 'RFC2256: a locali= ty'<BR> SUP top STRUCTURAL<BR> MAY ( street $ seeAlso $ searchGui= de $ st $ l $ description ) )</DIV> <DIV>objectclass ( 2.5.6.4 NAME 'organization'<BR> DESC 'RFC2256: an o= rganization'<BR> SUP top STRUCTURAL<BR> MUST o<BR> MAY ( use= rPassword $ searchGuide $ seeAlso $ businessCategory $<BR> x121A= ddress $ registeredAddress $ destinationIndicator $<BR> preferre= dDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $<BR> = telephoneNumber $ internationaliSDNNumber $ <BR> facsimileTeleph= oneNumber $ street $ postOfficeBox $ postalCode $<BR> postalAddr= ess $ physicalDeliveryOfficeName $ st $ l $ description ) )</DIV> <DIV>objectclass ( 2.5.6.5 NAME 'organizationalUnit'<BR> DESC 'RFC2256= : an organizational unit'<BR> SUP top STRUCTURAL<BR> MUST ou<BR>&= nbsp;MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $<BR>&nb= sp; x121Address $ registeredAddress $ destinationIndicator $<BR> = preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $<B= R> telephoneNumber $ internationaliSDNNumber $<BR> fa= csimileTelephoneNumber $ street $ postOfficeBox $ postalCode $<BR> &nb= sp;postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )</D= IV> <DIV>objectclass ( 2.5.6.6 NAME 'person'<BR> DESC 'RFC2256: a person'<= BR> SUP top STRUCTURAL<BR> MUST ( sn $ cn )<BR> MAY ( userPa= ssword $ telephoneNumber $ seeAlso $ description ) )</DIV> <DIV>objectclass ( 2.5.6.7 NAME 'organizationalPerson'<BR> DESC 'RFC22= 56: an organizational person'<BR> SUP person STRUCTURAL<BR> MAY (= title $ x121Address $ registeredAddress $ destinationIndicator $<BR> = preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $<B= R> telephoneNumber $ internationaliSDNNumber $ <BR> f= acsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $<BR> &n= bsp;postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )</DIV> <DIV>objectclass ( 2.5.6.8 NAME 'organizationalRole'<BR> DESC 'RFC2256= : an organizational role'<BR> SUP top STRUCTURAL<BR> MUST cn<BR>&= nbsp;MAY ( x121Address $ registeredAddress $ destinationIndicator $<BR>&nbs= p; preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $= <BR> telephoneNumber $ internationaliSDNNumber $ facsimileTeleph= oneNumber $<BR> seeAlso $ roleOccupant $ preferredDeliveryMethod= $ street $<BR> postOfficeBox $ postalCode $ postalAddress $<BR>= physicalDeliveryOfficeName $ ou $ st $ l $ description ) )</DIV=
<DIV>objectclass ( 2.5.6.9 NAME 'groupOfNames'<BR> DESC 'RFC2256: a gr= oup of names (DNs)'<BR> SUP top STRUCTURAL<BR> MUST ( member $ cn= )<BR> MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description= ) )</DIV> <DIV>objectclass ( 2.5.6.10 NAME 'residentialPerson'<BR> DESC 'RFC2256= : an residential person'<BR> SUP person STRUCTURAL<BR> MUST l<BR>= MAY ( businessCategory $ x121Address $ registeredAddress $<BR> &= nbsp;destinationIndicator $ preferredDeliveryMethod $ telexNumber $<BR>&nbs= p; teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumb= er $<BR> facsimileTelephoneNumber $ preferredDeliveryMethod $ st= reet $<BR> postOfficeBox $ postalCode $ postalAddress $<BR> = ; physicalDeliveryOfficeName $ st $ l ) )</DIV> <DIV>objectclass ( 2.5.6.11 NAME 'applicationProcess'<BR> DESC 'RFC225= 6: an application process'<BR> SUP top STRUCTURAL<BR> MUST cn<BR>= MAY ( seeAlso $ ou $ l $ description ) )</DIV> <DIV>objectclass ( 2.5.6.12 NAME 'applicationEntity'<BR> DESC 'RFC2256= : an application entity'<BR> SUP top STRUCTURAL<BR> MUST ( presen= tationAddress $ cn )<BR> MAY ( supportedApplicationContext $ seeAlso $= ou $ o $ l $<BR> description ) )</DIV> <DIV>objectclass ( 2.5.6.13 NAME 'dSA'<BR> DESC 'RFC2256: a directory = system agent (a server)'<BR> SUP applicationEntity STRUCTURAL<BR> = ;MAY knowledgeInformation )</DIV> <DIV>objectclass ( 2.5.6.14 NAME 'device'<BR> DESC 'RFC2256: a device'= <BR> SUP top STRUCTURAL<BR> MUST cn<BR> MAY ( serialNumber $= seeAlso $ owner $ ou $ o $ l $ description ) )</DIV> <DIV>objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser'<BR> DESC '= RFC2256: a strong authentication user'<BR> SUP top AUXILIARY<BR> = MUST userCertificate )</DIV> <DIV>objectclass ( 2.5.6.16 NAME 'certificationAuthority'<BR> DESC 'RF= C2256: a certificate authority'<BR> SUP top AUXILIARY<BR> MUST ( = authorityRevocationList $ certificateRevocationList $<BR> cACert= ificate ) MAY crossCertificatePair )</DIV> <DIV>objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames'<BR> DESC 'RFC225= 6: a group of unique names (DN and Unique Identifier)'<BR> SUP top STR= UCTURAL<BR> MUST ( uniqueMember $ cn )<BR> MAY ( businessCategory= $ seeAlso $ owner $ ou $ o $ description ) )</DIV> <DIV>objectclass ( 2.5.6.18 NAME 'userSecurityInformation'<BR> DESC 'R= FC2256: a user security information'<BR> SUP top AUXILIARY<BR> MA= Y ( supportedAlgorithms ) )</DIV> <DIV>objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2'<BR> SUP= certificationAuthority<BR> AUXILIARY MAY ( deltaRevocationList ) )</D= IV> <DIV>objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint'<BR> SUP top ST= RUCTURAL<BR> MUST ( cn )<BR> MAY ( certificateRevocationList $ au= thorityRevocationList $<BR> deltaRevocationList ) )</DIV> <DIV>objectclass ( 2.5.6.20 NAME 'dmd'<BR> SUP top STRUCTURAL<BR> = ;MUST ( dmdName )<BR> MAY ( userPassword $ searchGuide $ seeAlso $ bus= inessCategory $<BR> x121Address $ registeredAddress $ destinatio= nIndicator $<BR> preferredDeliveryMethod $ telexNumber $ teletex= TerminalIdentifier $<BR> telephoneNumber $ internationaliSDNNumb= er $ facsimileTelephoneNumber $<BR> street $ postOfficeBox $ pos= talCode $ postalAddress $<BR> physicalDeliveryOfficeName $ st $ = l $ description ) )</DIV> <DIV>#<BR># Object Classes from RFC 2587<BR>#<BR>objectclass ( 2.5.6.21 NAM= E 'pkiUser'<BR> DESC 'RFC2587: a PKI user'<BR> SUP top AUXILIARY<= BR> MAY userCertificate )</DIV> <DIV>objectclass ( 2.5.6.22 NAME 'pkiCA'<BR> DESC 'RFC2587: PKI certif= icate authority'<BR> SUP top AUXILIARY<BR> MAY ( authorityRevocat= ionList $ certificateRevocationList $<BR> cACertificate $ crossC= ertificatePair ) )</DIV> <DIV>objectclass ( 2.5.6.23 NAME 'deltaCRL'<BR> DESC 'RFC2587: PKI use= r'<BR> SUP top AUXILIARY<BR> MAY deltaRevocationList )</DIV> <DIV>#<BR># Standard Track URI label schema from RFC 2079<BR># system schem= a<BR>#attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'<BR># DESC= 'RFC2079: Uniform Resource Identifier with optional label'<BR># EQUAL= ITY caseExactMatch<BR># SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )</DIV> <DIV>objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'<BR> DE= SC 'RFC2079: object that contains the URI attribute type'<BR> SUP top = AUXILIARY<BR> MAY ( labeledURI ) )</DIV> <DIV>#<BR># Derived from RFC 1274, but with new "short names"<BR>#<BR>#attr= ibutetype ( 0.9.2342.19200300.100.1.1<BR># NAME ( 'uid' 'userid' )<BR>= # DESC 'RFC1274: user identifier'<BR># EQUALITY caseIgnoreMatch<B= R># SUBSTR caseIgnoreSubstringsMatch<BR># SYNTAX 1.3.6.1.4.1.1466= .115.121.1.15{256} )</DIV> <DIV>attributetype ( 0.9.2342.19200300.100.1.3<BR> NAME ( 'mail' 'rfc8= 22Mailbox' )<BR> DESC 'RFC1274: RFC822 Mailbox'<BR> = EQUALITY caseIgnoreIA5Match<BR> SUBSTR caseIgnoreIA5Subst= ringsMatch<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} = )</DIV> <DIV>objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'<B= R> DESC 'RFC1274: simple security object'<BR> SUP top AUXILIARY<B= R> MUST userPassword )</DIV> <DIV># RFC 1274 + RFC 2247<BR>attributetype ( 0.9.2342.19200300.100.1.25<BR=
NAME ( 'dc' 'domainComponent' )<BR> DESC 'RFC1274/2247: domain =
component'<BR> EQUALITY caseIgnoreIA5Match<BR> SUBSTR caseIgnoreI= A5SubstringsMatch<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALU= E )</DIV> <DIV># RFC 2247<BR>objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'<BR>&n= bsp;DESC 'RFC2247: domain component object'<BR> SUP top AUXILIARY MUST= dc )</DIV> <DIV># RFC 2377<BR>objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject'<BR> DE= SC 'RFC2377: uid object'<BR> SUP top AUXILIARY MUST uid )</DIV> <DIV># RFC 4524<BR># The 'associatedDomain' attribute specifies= DNS [RFC1034][RFC2181]<BR># host names [RFC1123] that are asso= ciated with an object. That is,<BR># values of this= attribute should conform to the following ABNF:<BR>#<BR>#  = ; domain =3D root / label *( DOT label )<BR># root &= nbsp; =3D SPACE<BR># label =3D LETDIG [ *61( LETDIG= / HYPHEN ) LETDIG ]<BR># LETDIG =3D %x30-39 / %x41-5A / = %x61-7A ; "0" - "9" / "A"-"Z" / "a"-"z"<BR># SPACE = =3D %x20 &= nbsp; ; s= pace (" ")<BR># HYPHEN =3D %x2D &n= bsp;  = ; ; hyphen ("-")<BR># = DOT =3D %x2E &n= bsp;  = ; ; period (".")<BR>attributetype ( 0.9.2342.19200300.100= .1.37<BR> NAME 'associatedDomain'<BR> DESC 'RFC1274: domain assoc= iated with object'<BR> EQUALITY caseIgnoreIA5Match<BR> SUBSTR cas= eIgnoreIA5SubstringsMatch<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )</= DIV> <DIV># RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema)<BR>attr= ibutetype ( 1.2.840.113549.1.9.1<BR> NAME ( 'email' 'emailAddress' 'pk= cs9email' )<BR> DESC 'RFC3280: legacy attribute for email addresses in= DNs'<BR> EQUALITY caseIgnoreIA5Match<BR> SUBSTR caseIgnoreIA5Sub= stringsMatch<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )</DIV> <DIV> </DIV> <DIV> </DIV> <DIV> </DIV> <DIV> </DIV> <DIV> </DIV> <DIV> </DIV> <DIV> </DIV> <DIV> </DIV> <DIV> </DIV><br><!-- footer --><br>=20 <hr> <font style=3D"font-size:12px;line-height:15px;">=C3=C0=C0=FB=C9=BD=BF=AA= =C5=CC3000=C8=CB=C7=C0=B9=BA=A3=A1440=CC=D7=CA=DB=F3=C0=A3=AC</font><a styl= e=3D"font-size:12px;line-height:15px; color:blue; text-decoration:underline= ;" href=3D"http://popme.163.com/netease/mail/003865footer.html%22%3E=BC=D3=CD= =C6300=CC=D717=BA=C5=BF=AA=CA=BC=B5=C7=BC=C7=A3=A1</a> ------=_Part_162959_15053760.1201154655304--
-
dugangfeng@163.com