Hi All - I am trying to setup replication between a Centos 5 (2.3) and Centos 7 (2.4)
server.
Partial replication is working - however it has not fully replicated. I am receiving an
error of "syncrepl_message_to_entry: rid=123 mods check (postalAddress: value #0
invalid per syntax)" in the logs.
From the research I was doing, it looks like this is a reference to a
missing schema - however I am pretty sure they are all in place.
Below are the results from querying the schemas on both - ldapsearch -H ldap://localhost
-x -s base -b "cn=subschema" objectclasses as well as the slapd.conf files from
both hosts.
Any insight into what I am missing would be greatly appreciated!!
Please let me know if you need any more information.
Thank You!!
----- PRIMARY SERVER ----
#
#
# base <cn=subschema> with scope baseObject
dn: cn=Subschema
# extended LDIF
# filter: (objectclass=*)
# LDAPv3
# numEntries: 1
# numResponses: 2
objectClasses: ( 0.9.2342.19200300.100.4.13 NAME 'domain' SUP top STRUCTURAL MUST
domainComponent MAY ( associatedName $ organizationName $ description $ businessCategory $
seeAlso $ searchGuide $ userPassword $ localityName $ stateOrProvinceName $ streetAddress
$ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOfficeBox $ streetAddress
$ facsimileTelephoneNumber $ internationalISDNNumber $ telephoneNumber $
teletexTerminalIdentifier $ telexNumber $ preferredDeliveryMethod $ destinationIndicator $
registeredAddress $ x121Address ) )
objectClasses: ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' SUP domain
STRUCTURAL MAY ( commonName $ surname $ description $ seeAlso $ telephoneNumber $
physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOfficeBox $ streetAddress $
facsimileTelephoneNumber $ internationalISDNNumber $ telephoneNumber $
teletexTerminalIdentifier $ telexNumber $ preferredDeliveryMethod $ destinationIndicator $
registeredAddress $ x121Address ) )
objectClasses: ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' SUP domain STRUCTURAL
MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAMERecord ) )
objectClasses: ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' DESC
'RFC1274: an object related to an domain' SUP top AUXILIARY MUST associatedDomain
)
objectClasses: ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP country
STRUCTURAL MUST friendlyCountryName )
objectClasses: ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' DESC
'RFC1274: simple security object' SUP top AUXILIARY MUST userPassword )
objectClasses: ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization' SUP (
organization $ organizationalUnit ) STRUCTURAL MAY buildingName )
objectClasses: ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' SUP dsa STRUCTURAL MAY
dSAQuality )
objectClasses: ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData' SUP top
AUXILIARY MUST dsaQuality MAY ( subtreeMinimumQuality $ subtreeMaximumQuality ) )
objectClasses: ( 0.9.2342.19200300.100.4.4 NAME ( 'pilotPerson'
'newPilotPerson' ) SUP person STRUCTURAL MAY ( userid $ textEncodedORAddress $
rfc822Mailbox $ favouriteDrink $ roomNumber $ userClass $ homeTelephoneNumber $
homePostalAddress $ secretary $ personalTitle $ preferredDeliveryMethod $ businessCategory
$ janetMailbox $ otherMailbox $ mobileTelephoneNumber $ pagerTelephoneNumber $
organizationalStatus $ mailPreferenceOption $ personalSignature ) )
objectClasses: ( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top STRUCTURAL MUST
userid MAY ( description $ seeAlso $ localityName $ organizationName $
organizationalUnitName $ host ) )
objectClasses: ( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top STRUCTURAL MUST
documentIdentifier MAY ( commonName $ description $ seeAlso $ localityName $
organizationName $ organizationalUnitName $ documentTitle $ documentVersion $
documentAuthor $ documentLocation $ documentPublisher ) )
objectClasses: ( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTURAL MUST
commonName MAY ( roomNumber $ description $ seeAlso $ telephoneNumber ) )
objectClasses: ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP top
STRUCTURAL MUST commonName MAY ( description $ seeAlso $ telephonenumber $ localityName $
organizationName $ organizationalUnitName ) )
objectClasses: ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Abstraction of an
account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ uidNumber $
gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $ description ) )
objectClasses: ( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'An entry in a NIS
map' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $ nisMapName ) MAY description )
objectClasses: ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'A device with a
MAC address' SUP top AUXILIARY MAY macAddress )
objectClasses: ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'A device with
boot parameters' SUP top AUXILIARY MAY ( bootFile $ bootParameter ) )
objectClasses: ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC 'Additional
attributes for shadow passwords' SUP top AUXILIARY MUST uid MAY ( userPassword $
shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $
shadowFlag $ description ) )
objectClasses: ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Abstraction of a
group of accounts' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY ( userPassword $
memberUid $ description ) )
objectClasses: ( 1.3.6.1.1.1.2.3 NAME 'ipService' DESC 'Abstraction an
Internet Protocol service' SUP top STRUCTURAL MUST ( cn $ ipServicePort $
ipServiceProtocol ) MAY description )
objectClasses: ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC 'Abstraction of an IP
protocol' SUP top STRUCTURAL MUST ( cn $ ipProtocolNumber $ description ) MAY
description )
objectClasses: ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' DESC 'Abstraction of an ONC/RPC
binding' SUP top STRUCTURAL MUST ( cn $ oncRpcNumber $ description ) MAY description
)
objectClasses: ( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Abstraction of a host, an
IP device' SUP top AUXILIARY MUST ( cn $ ipHostNumber ) MAY ( l $ description $
manager ) )
objectClasses: ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Abstraction of an IP
network' SUP top STRUCTURAL MUST ( cn $ ipNetworkNumber ) MAY ( ipNetmaskNumber $ l $
description $ manager ) )
objectClasses: ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC 'Abstraction of a
netgroup' SUP top STRUCTURAL MUST cn MAY ( nisNetgroupTriple $ memberNisNetgroup $
description ) )
objectClasses: ( 1.3.6.1.1.1.2.9 NAME 'nisMap' DESC 'A generic abstraction of
a NIS map' SUP top STRUCTURAL MUST nisMapName MAY description )
objectClasses: ( 1.3.6.1.1.3.1 NAME 'uidObject' DESC 'RFC2377: uid object'
SUP top AUXILIARY MUST uid )
objectClasses: ( 1.3.6.1.4.1.1466.101.120.111 NAME 'extensibleObject' DESC
'RFC2252: extensible object' SUP top AUXILIARY )
objectClasses: ( 1.3.6.1.4.1.1466.344 NAME 'dcObject' DESC 'RFC2247: domain
component object' SUP top AUXILIARY MUST dc )
objectClasses: ( 1.3.6.1.4.1.16331.2.2.2.1 NAME 'contactPerson' DESC 'Contact
- Addressbook entry' AUXILIARY MAY ( anniversary $ marker $ birthday $ sendHolidayCard
$ externalUID $ externalUIDSyncTimestamp $ modifyObjectTimestamp $ prefix $ middleName $
suffix $ custom1 $ custom2 $ custom3 $ custom4 $ country ) )
objectClasses: ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' DESC 'RFC2079:
object that contains the URI attribute type' SUP top AUXILIARY MAY labeledURI )
objectClasses: ( 1.3.6.1.4.1.4203.1.4.1 NAME ( 'OpenLDAProotDSE'
'LDAProotDSE' ) DESC 'OpenLDAP Root DSE object' SUP top STRUCTURAL MAY cn
)
objectClasses: ( 1.3.6.1.4.1.4203.666.11.1.4.0.0 NAME 'olcConfig' DESC
'OpenLDAP configuration object' SUP top ABSTRACT )
objectClasses: ( 1.3.6.1.4.1.4203.666.11.1.4.0.1 NAME 'olcGlobal' DESC
'OpenLDAP Global configuration options' SUP olcConfig STRUCTURAL MAY ( cn $
olcConfigFile $ olcConfigDir $ olcAllows $ olcArgsFile $ olcAttributeOptions $
olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcConcurrency $ olcConnMaxPending $
olcConnMaxPendingAuth $ olcDisallows $ olcGentleHUP $ olcIdleTimeout $
olcIndexSubstrIfMaxLen $ olcIndexSubstrIfMinLen $ olcIndexSubstrAnyLen $
olcIndexSubstrAnyStep $ olcLocalSSF $ olcLogLevel $ olcPasswordCryptSaltFormat $
olcPasswordHash $ olcPidFile $ olcPluginLogFile $ olcReadOnly $ olcReferral $
olcReplicaPidFile $ olcReplicaArgsFile $ olcReplicationInterval $ olcReplogFile $
olcRequires $ olcRestrict $ olcReverseLookup $ olcRootDSE $ olcSaslHost $ olcSaslRealm $
olcSaslSecProps $ olcSecurity $ olcSizeLimit $ olcSockbufMaxIncoming $
olcSockbufMaxIncomingAuth $ olcSrvtab $ olcThreads $ olcTimeLimit $
olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $
olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSRandFile $
olcTLSVerifyClient $ olcTLSDHParamFile $ olcToolThreads $ olcObjectIdentifier $
olcAttributeTypes $ olcObjectClasses $ olcDitContentRules ) )
objectClasses: ( 1.3.6.1.4.1.4203.666.11.1.4.0.2 NAME 'olcSchemaConfig' DESC
'OpenLDAP schema object' SUP olcConfig STRUCTURAL MAY ( cn $ olcObjectIdentifier $
olcAttributeTypes $ olcObjectClasses $ olcDitContentRules ) )
objectClasses: ( 1.3.6.1.4.1.4203.666.11.1.4.0.3 NAME 'olcBackendConfig' DESC
'OpenLDAP Backend-specific options' SUP olcConfig STRUCTURAL MUST olcBackend )
objectClasses: ( 1.3.6.1.4.1.4203.666.11.1.4.0.4 NAME 'olcDatabaseConfig' DESC
'OpenLDAP Database-specific options' SUP olcConfig STRUCTURAL MUST olcDatabase MAY
( olcSuffix $ olcSubordinate $ olcAccess $ olcLastMod $ olcLimits $ olcMaxDerefDepth $
olcPlugin $ olcReadOnly $ olcReplica $ olcReplogFile $ olcRequires $ olcRestrict $
olcRootDN $ olcRootPW $ olcSchemaDN $ olcSecurity $ olcSizeLimit $ olcSyncrepl $
olcTimeLimit $ olcUpdateDN $ olcUpdateRef ) )
objectClasses: ( 1.3.6.1.4.1.4203.666.11.1.4.0.5 NAME 'olcOverlayConfig' DESC
'OpenLDAP Overlay-specific options' SUP olcConfig STRUCTURAL MUST olcOverlay )
objectClasses: ( 1.3.6.1.4.1.4203.666.11.1.4.0.6 NAME 'olcIncludeFile' DESC
'OpenLDAP configuration include file' SUP olcConfig STRUCTURAL MUST olcInclude MAY
( cn $ olcRootDSE ) )
objectClasses: ( 1.3.6.1.4.1.4203.666.11.1.4.0.7 NAME 'olcFrontendConfig' DESC
'OpenLDAP frontend configuration' AUXILIARY MAY ( olcDefaultSearchBase $
olcPasswordHash ) )
objectClasses: ( 1.3.6.1.4.1.4203.666.11.1.4.0.8 NAME 'olcModuleList' DESC
'OpenLDAP dynamic module info' SUP olcConfig STRUCTURAL MAY ( cn $ olcModulePath $
olcModuleLoad ) )
objectClasses: ( 1.3.6.1.4.1.4203.666.11.1.4.2.1.1 NAME 'olcBdbConfig' DESC
'BDB backend configuration' SUP olcDatabaseConfig STRUCTURAL MUST olcDbDirectory
MAY ( olcDbCacheSize $ olcDbCheckpoint $ olcDbConfig $ olcDbNoSync $ olcDbDirtyRead $
olcDbIDLcacheSize $ olcDbIndex $ olcDbLinearIndex $ olcDbLockDetect $ olcDbMode $
olcDbSearchStack $ olcDbShmKey $ olcDbCacheFree ) )
objectClasses: ( 1.3.6.1.4.1.4203.666.11.1.4.2.1.2 NAME 'olcHdbConfig' DESC
'HDB backend configuration' SUP olcDatabaseConfig STRUCTURAL MUST olcDbDirectory
MAY ( olcDbCacheSize $ olcDbCheckpoint $ olcDbConfig $ olcDbNoSync $ olcDbDirtyRead $
olcDbIDLcacheSize $ olcDbIndex $ olcDbLinearIndex $ olcDbLockDetect $ olcDbMode $
olcDbSearchStack $ olcDbShmKey $ olcDbCacheFree ) )
objectClasses: ( 1.3.6.1.4.1.4203.666.11.1.4.2.2.1 NAME 'olcLdifConfig' DESC
'LDIF backend configuration' SUP olcDatabaseConfig STRUCTURAL MUST olcDbDirectory
)
objectClasses: ( 1.3.6.1.4.1.4203.666.11.1.4.2.3.1 NAME 'olcLDAPConfig' DESC
'LDAP backend configuration' SUP olcDatabaseConfig STRUCTURAL MAY ( olcDbURI $
olcDbStartTLS $ olcDbACLAuthcDn $ olcDbACLPasswd $ olcDbACLBind $ olcDbIDAssertAuthcDn $
olcDbIDAssertPasswd $ olcDbIDAssertBind $ olcDbIDAssertMode $ olcDbIDAssertAuthzFrom $
olcDbRebindAsUser $ olcDbChaseReferrals $ olcDbTFSupport $ olcDbProxyWhoAmI $ olcDbTimeout
$ olcDbIdleTimeout $ olcDbSingleConn $ olcDbCancel $ olcDbQuarantine $
olcDbUseTemporaryConn $ olcDbConnectionPoolMax ) )
objectClasses: ( 1.3.6.1.4.1.4203.666.11.1.4.2.4.1 NAME 'olcMonitorConfig' DESC
'Monitor backend configuration' SUP olcDatabaseConfig STRUCTURAL )
objectClasses: ( 1.3.6.1.4.1.4203.666.11.1.4.3.1.1 NAME 'olcSyncProvConfig' DESC
'SyncRepl Provider configuration' SUP olcOverlayConfig STRUCTURAL MAY (
olcSpCheckpoint $ olcSpSessionlog $ olcSpNoPresent ) )
objectClasses: ( 1.3.6.1.4.1.4203.666.11.1.4.3.12.1 NAME 'olcPPolicyConfig' DESC
'Password Policy configuration' SUP olcOverlayConfig STRUCTURAL MAY (
olcPPolicyDefault $ olcPPolicyHashCleartext $ olcPPolicyUseLockout ) )
objectClasses: ( 1.3.6.1.4.1.4203.666.11.1.4.3.3.1 NAME 'olcChainConfig' DESC
'Chain configuration' SUP olcOverlayConfig STRUCTURAL MAY ( olcChainCacheURI $
olcChainMaxReferralDepth $ olcChainReturnError ) )
objectClasses: ( 1.3.6.1.4.1.4203.666.11.1.4.3.3.2 NAME 'olcChainDatabase' DESC
'Chain remote server configuration' AUXILIARY )
objectClasses: ( 1.3.6.1.4.1.42.2.27.8.2.1 NAME 'pwdPolicy' SUP top AUXILIARY MUST
pwdAttribute MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheckQuality $ pwdMinLength $
pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout $ pwdLockoutDuration $ pwdMaxFailure $
pwdFailureCountInterval $ pwdMustChange $ pwdAllowUserChange $ pwdSafeModify ) )
objectClasses: ( 1.3.6.1.4.1.4754.2.99.1 NAME 'pwdPolicyChecker' SUP top AUXILIARY
MAY pwdCheckModule )
objectClasses: ( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RFC2798:
Internet Organizational Person' SUP organizationalPerson STRUCTURAL MAY ( audio $
businessCategory $ carLicense $ departmentNumber $ displayName $ employeeNumber $
employeeType $ givenName $ homePhone $ homePostalAddress $ initials $ jpegPhoto $
labeledURI $ mail $ manager $ mobile $ o $ pager $ photo $ roomNumber $ secretary $ uid $
userCertificate $ x500uniqueIdentifier $ preferredLanguage $ userSMIMECertificate $
userPKCS12 ) )
objectClasses: ( 2.16.840.1.113730.3.2.6 NAME 'referral' DESC 'namedref: named
subordinate referral' SUP top STRUCTURAL MUST ref )
objectClasses: ( 2.5.17.0 NAME 'subentry' SUP top STRUCTURAL MUST ( cn $
subtreeSpecification ) )
objectClasses: ( 2.5.20.1 NAME 'subschema' DESC 'RFC2252: controlling
subschema (sub)entry' AUXILIARY MAY ( dITStructureRules $ nameForms $ dITContentRules
$ objectClasses $ attributeTypes $ matchingRules $ matchingRuleUse ) )
objectClasses: ( 2.5.6.0 NAME 'top' DESC 'top of the superclass chain'
ABSTRACT MUST objectClass )
objectClasses: ( 2.5.6.10 NAME 'residentialPerson' DESC 'RFC2256: an
residential person' SUP person STRUCTURAL MUST l MAY ( businessCategory $ x121Address
$ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $
teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ st $ l ) )
objectClasses: ( 2.5.6.11 NAME 'applicationProcess' DESC 'RFC2256: an
application process' SUP top STRUCTURAL MUST cn MAY ( seeAlso $ ou $ l $ description )
)
objectClasses: ( 2.5.6.12 NAME 'applicationEntity' DESC 'RFC2256: an
application entity' SUP top STRUCTURAL MUST ( presentationAddress $ cn ) MAY (
supportedApplicationContext $ seeAlso $ ou $ o $ l $ description ) )
objectClasses: ( 2.5.6.13 NAME 'dSA' DESC 'RFC2256: a directory system agent
(a server)' SUP applicationEntity STRUCTURAL MAY knowledgeInformation )
objectClasses: ( 2.5.6.14 NAME 'device' DESC 'RFC2256: a device' SUP top
STRUCTURAL MUST cn MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
objectClasses: ( 2.5.6.15 NAME 'strongAuthenticationUser' DESC 'RFC2256: a
strong authentication user' SUP top AUXILIARY MUST userCertificate )
objectClasses: ( 2.5.6.16.2 NAME 'certificationAuthority-V2' SUP
certificationAuthority AUXILIARY MAY deltaRevocationList )
objectClasses: ( 2.5.6.16 NAME 'certificationAuthority' DESC 'RFC2256: a
certificate authority' SUP top AUXILIARY MUST ( authorityRevocationList $
certificateRevocationList $ cACertificate ) MAY crossCertificatePair )
objectClasses: ( 2.5.6.17 NAME 'groupOfUniqueNames' DESC 'RFC2256: a group of
unique names (DN and Unique Identifier)' SUP top STRUCTURAL MUST ( uniqueMember $ cn )
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
objectClasses: ( 2.5.6.18 NAME 'userSecurityInformation' DESC 'RFC2256: a user
security information' SUP top AUXILIARY MAY supportedAlgorithms )
objectClasses: ( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top STRUCTURAL MUST cn
MAY ( certificateRevocationList $ authorityRevocationList $ deltaRevocationList ) )
objectClasses: ( 2.5.6.1 NAME 'alias' DESC 'RFC2256: an alias' SUP top
STRUCTURAL MUST aliasedObjectName )
objectClasses: ( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST dmdName MAY (
userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress
$ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier
$ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $
postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $
description ) )
objectClasses: ( 2.5.6.21 NAME 'pkiUser' DESC 'RFC2587: a PKI user' SUP
top AUXILIARY MAY userCertificate )
objectClasses: ( 2.5.6.22 NAME 'pkiCA' DESC 'RFC2587: PKI certificate
authority' SUP top AUXILIARY MAY ( authorityRevocationList $ certificateRevocationList
$ cACertificate $ crossCertificatePair ) )
objectClasses: ( 2.5.6.23 NAME 'deltaCRL' DESC 'RFC2587: PKI user' SUP top
AUXILIARY MAY deltaRevocationList )
objectClasses: ( 2.5.6.2 NAME 'country' DESC 'RFC2256: a country' SUP top
STRUCTURAL MUST c MAY ( searchGuide $ description ) )
objectClasses: ( 2.5.6.3 NAME 'locality' DESC 'RFC2256: a locality' SUP
top STRUCTURAL MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
objectClasses: ( 2.5.6.4 NAME 'organization' DESC 'RFC2256: an
organization' SUP top STRUCTURAL MUST o MAY ( userPassword $ searchGuide $ seeAlso $
businessCategory $ x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $
internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
objectClasses: ( 2.5.6.5 NAME 'organizationalUnit' DESC 'RFC2256: an
organizational unit' SUP top STRUCTURAL MUST ou MAY ( userPassword $ searchGuide $
seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $
internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
objectClasses: ( 2.5.6.6 NAME 'person' DESC 'RFC2256: a person' SUP top
STRUCTURAL MUST ( sn $ cn ) MAY ( userPassword $ telephoneNumber $ seeAlso $ description )
)
objectClasses: ( 2.5.6.7 NAME 'organizationalPerson' DESC 'RFC2256: an
organizational person' SUP person STRUCTURAL MAY ( title $ x121Address $
registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $
teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ ou $ st $ l ) )
objectClasses: ( 2.5.6.8 NAME 'organizationalRole' DESC 'RFC2256: an
organizational role' SUP top STRUCTURAL MUST cn MAY ( x121Address $ registeredAddress
$ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier
$ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ seeAlso $
roleOccupant $ preferredDeliveryMethod $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
objectClasses: ( 2.5.6.9 NAME 'groupOfNames' DESC 'RFC2256: a group of names
(DNs)' SUP top STRUCTURAL MUST ( member $ cn ) MAY ( businessCategory $ seeAlso $
owner $ ou $ o $ description ) )
# requesting: objectclasses
result: 0 Success
search: 2
# search result
# Subschema
---- REPLICA SERVER ----
#
#
# base <cn=subschema> with scope baseObject
dn: cn=Subschema
# extended LDIF
# filter: (objectclass=*)
# LDAPv3
# numEntries: 1
# numResponses: 2
objectClasses: ( 0.9.2342.19200300.100.4.13 NAME 'domain' SUP top STRUCTURAL MUST
domainComponent MAY ( associatedName $ organizationName $ description $ businessCategory $
seeAlso $ searchGuide $ userPassword $ localityName $ stateOrProvinceName $ streetAddress
$ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOfficeBox $ streetAddress
$ facsimileTelephoneNumber $ internationalISDNNumber $ telephoneNumber $
teletexTerminalIdentifier $ telexNumber $ preferredDeliveryMethod $ destinationIndicator $
registeredAddress $ x121Address ) )
objectClasses: ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' SUP domain
STRUCTURAL MAY ( commonName $ surname $ description $ seeAlso $ telephoneNumber $
physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOfficeBox $ streetAddress $
facsimileTelephoneNumber $ internationalISDNNumber $ telephoneNumber $
teletexTerminalIdentifier $ telexNumber $ preferredDeliveryMethod $ destinationIndicator $
registeredAddress $ x121Address ) )
objectClasses: ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' SUP domain STRUCTURAL
MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAMERecord ) )
objectClasses: ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' DESC
'RFC1274: an object related to an domain' SUP top AUXILIARY MUST associatedDomain
)
objectClasses: ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP country
STRUCTURAL MUST friendlyCountryName )
objectClasses: ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' DESC
'RFC1274: simple security object' SUP top AUXILIARY MUST userPassword )
objectClasses: ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization' SUP (
organization $ organizationalUnit ) STRUCTURAL MAY buildingName )
objectClasses: ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' SUP dsa STRUCTURAL MAY
dSAQuality )
objectClasses: ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData' SUP top
AUXILIARY MUST dsaQuality MAY ( subtreeMinimumQuality $ subtreeMaximumQuality ) )
objectClasses: ( 0.9.2342.19200300.100.4.4 NAME ( 'pilotPerson'
'newPilotPerson' ) SUP person STRUCTURAL MAY ( userid $ textEncodedORAddress $
rfc822Mailbox $ favouriteDrink $ roomNumber $ userClass $ homeTelephoneNumber $
homePostalAddress $ secretary $ personalTitle $ preferredDeliveryMethod $ businessCategory
$ janetMailbox $ otherMailbox $ mobileTelephoneNumber $ pagerTelephoneNumber $
organizationalStatus $ mailPreferenceOption $ personalSignature ) )
objectClasses: ( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top STRUCTURAL MUST
userid MAY ( description $ seeAlso $ localityName $ organizationName $
organizationalUnitName $ host ) )
objectClasses: ( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top STRUCTURAL MUST
documentIdentifier MAY ( commonName $ description $ seeAlso $ localityName $
organizationName $ organizationalUnitName $ documentTitle $ documentVersion $
documentAuthor $ documentLocation $ documentPublisher ) )
objectClasses: ( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTURAL MUST
commonName MAY ( roomNumber $ description $ seeAlso $ telephoneNumber ) )
objectClasses: ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP top
STRUCTURAL MUST commonName MAY ( description $ seeAlso $ telephonenumber $ localityName $
organizationName $ organizationalUnitName ) )
objectClasses: ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC 'Abstraction of an
account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $ uidNumber $
gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $ gecos $ description ) )
objectClasses: ( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'An entry in a NIS
map' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $ nisMapName ) MAY description )
objectClasses: ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'A device with a
MAC address' SUP top AUXILIARY MAY macAddress )
objectClasses: ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'A device with
boot parameters' SUP top AUXILIARY MAY ( bootFile $ bootParameter ) )
objectClasses: ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC 'Additional
attributes for shadow passwords' SUP top AUXILIARY MUST uid MAY ( userPassword $
shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $
shadowFlag $ description ) )
objectClasses: ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC 'Abstraction of a
group of accounts' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY ( userPassword $
memberUid $ description ) )
objectClasses: ( 1.3.6.1.1.1.2.3 NAME 'ipService' DESC 'Abstraction an
Internet Protocol service' SUP top STRUCTURAL MUST ( cn $ ipServicePort $
ipServiceProtocol ) MAY description )
objectClasses: ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC 'Abstraction of an IP
protocol' SUP top STRUCTURAL MUST ( cn $ ipProtocolNumber $ description ) MAY
description )
objectClasses: ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' DESC 'Abstraction of an ONC/RPC
binding' SUP top STRUCTURAL MUST ( cn $ oncRpcNumber $ description ) MAY description
)
objectClasses: ( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Abstraction of a host, an
IP device' SUP top AUXILIARY MUST ( cn $ ipHostNumber ) MAY ( l $ description $
manager ) )
objectClasses: ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC 'Abstraction of an IP
network' SUP top STRUCTURAL MUST ( cn $ ipNetworkNumber ) MAY ( ipNetmaskNumber $ l $
description $ manager ) )
objectClasses: ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC 'Abstraction of a
netgroup' SUP top STRUCTURAL MUST cn MAY ( nisNetgroupTriple $ memberNisNetgroup $
description ) )
objectClasses: ( 1.3.6.1.1.1.2.9 NAME 'nisMap' DESC 'A generic abstraction of
a NIS map' SUP top STRUCTURAL MUST nisMapName MAY description )
objectClasses: ( 1.3.6.1.1.3.1 NAME 'uidObject' DESC 'RFC2377: uid object'
SUP top AUXILIARY MUST uid )
objectClasses: ( 1.3.6.1.4.1.1466.101.120.111 NAME 'extensibleObject' DESC
'RFC2252: extensible object' SUP top AUXILIARY )
objectClasses: ( 1.3.6.1.4.1.1466.344 NAME 'dcObject' DESC 'RFC2247: domain
component object' SUP top AUXILIARY MUST dc )
objectClasses: ( 1.3.6.1.4.1.16331.2.2.2.1 NAME 'contactPerson' DESC 'Contact
- Addressbook entry' AUXILIARY MAY ( anniversary $ marker $ birthday $ sendHolidayCard
$ externalUID $ externalUIDSyncTimestamp $ modifyObjectTimestamp $ prefix $ middleName $
suffix $ custom1 $ custom2 $ custom3 $ custom4 $ country ) )
objectClasses: ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' DESC 'RFC2079:
object that contains the URI attribute type' SUP top AUXILIARY MAY labeledURI )
objectClasses: ( 1.3.6.1.4.1.4203.1.4.1 NAME ( 'OpenLDAProotDSE'
'LDAProotDSE' ) DESC 'OpenLDAP Root DSE object' SUP top STRUCTURAL MAY cn
)
objectClasses: ( 1.3.6.1.4.1.4203.666.11.1.4.0.0 NAME 'olcConfig' DESC
'OpenLDAP configuration object' SUP top ABSTRACT )
objectClasses: ( 1.3.6.1.4.1.4203.666.11.1.4.0.1 NAME 'olcGlobal' DESC
'OpenLDAP Global configuration options' SUP olcConfig STRUCTURAL MAY ( cn $
olcConfigFile $ olcConfigDir $ olcAllows $ olcArgsFile $ olcAttributeOptions $
olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcConcurrency $ olcConnMaxPending $
olcConnMaxPendingAuth $ olcDisallows $ olcGentleHUP $ olcIdleTimeout $
olcIndexSubstrIfMaxLen $ olcIndexSubstrIfMinLen $ olcIndexSubstrAnyLen $
olcIndexSubstrAnyStep $ olcLocalSSF $ olcLogLevel $ olcPasswordCryptSaltFormat $
olcPasswordHash $ olcPidFile $ olcPluginLogFile $ olcReadOnly $ olcReferral $
olcReplicaPidFile $ olcReplicaArgsFile $ olcReplicationInterval $ olcReplogFile $
olcRequires $ olcRestrict $ olcReverseLookup $ olcRootDSE $ olcSaslHost $ olcSaslRealm $
olcSaslSecProps $ olcSecurity $ olcSizeLimit $ olcSockbufMaxIncoming $
olcSockbufMaxIncomingAuth $ olcSrvtab $ olcThreads $ olcTimeLimit $
olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $
olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSRandFile $
olcTLSVerifyClient $ olcTLSDHParamFile $ olcToolThreads $ olcObjectIdentifier $
olcAttributeTypes $ olcObjectClasses $ olcDitContentRules ) )
objectClasses: ( 1.3.6.1.4.1.4203.666.11.1.4.0.2 NAME 'olcSchemaConfig' DESC
'OpenLDAP schema object' SUP olcConfig STRUCTURAL MAY ( cn $ olcObjectIdentifier $
olcAttributeTypes $ olcObjectClasses $ olcDitContentRules ) )
objectClasses: ( 1.3.6.1.4.1.4203.666.11.1.4.0.3 NAME 'olcBackendConfig' DESC
'OpenLDAP Backend-specific options' SUP olcConfig STRUCTURAL MUST olcBackend )
objectClasses: ( 1.3.6.1.4.1.4203.666.11.1.4.0.4 NAME 'olcDatabaseConfig' DESC
'OpenLDAP Database-specific options' SUP olcConfig STRUCTURAL MUST olcDatabase MAY
( olcSuffix $ olcSubordinate $ olcAccess $ olcLastMod $ olcLimits $ olcMaxDerefDepth $
olcPlugin $ olcReadOnly $ olcReplica $ olcReplogFile $ olcRequires $ olcRestrict $
olcRootDN $ olcRootPW $ olcSchemaDN $ olcSecurity $ olcSizeLimit $ olcSyncrepl $
olcTimeLimit $ olcUpdateDN $ olcUpdateRef ) )
objectClasses: ( 1.3.6.1.4.1.4203.666.11.1.4.0.5 NAME 'olcOverlayConfig' DESC
'OpenLDAP Overlay-specific options' SUP olcConfig STRUCTURAL MUST olcOverlay )
objectClasses: ( 1.3.6.1.4.1.4203.666.11.1.4.0.6 NAME 'olcIncludeFile' DESC
'OpenLDAP configuration include file' SUP olcConfig STRUCTURAL MUST olcInclude MAY
( cn $ olcRootDSE ) )
objectClasses: ( 1.3.6.1.4.1.4203.666.11.1.4.0.7 NAME 'olcFrontendConfig' DESC
'OpenLDAP frontend configuration' AUXILIARY MAY ( olcDefaultSearchBase $
olcPasswordHash ) )
objectClasses: ( 1.3.6.1.4.1.4203.666.11.1.4.0.8 NAME 'olcModuleList' DESC
'OpenLDAP dynamic module info' SUP olcConfig STRUCTURAL MAY ( cn $ olcModulePath $
olcModuleLoad ) )
objectClasses: ( 1.3.6.1.4.1.4203.666.11.1.4.2.1.1 NAME 'olcBdbConfig' DESC
'BDB backend configuration' SUP olcDatabaseConfig STRUCTURAL MUST olcDbDirectory
MAY ( olcDbCacheSize $ olcDbCheckpoint $ olcDbConfig $ olcDbNoSync $ olcDbDirtyRead $
olcDbIDLcacheSize $ olcDbIndex $ olcDbLinearIndex $ olcDbLockDetect $ olcDbMode $
olcDbSearchStack $ olcDbShmKey $ olcDbCacheFree ) )
objectClasses: ( 1.3.6.1.4.1.4203.666.11.1.4.2.1.2 NAME 'olcHdbConfig' DESC
'HDB backend configuration' SUP olcDatabaseConfig STRUCTURAL MUST olcDbDirectory
MAY ( olcDbCacheSize $ olcDbCheckpoint $ olcDbConfig $ olcDbNoSync $ olcDbDirtyRead $
olcDbIDLcacheSize $ olcDbIndex $ olcDbLinearIndex $ olcDbLockDetect $ olcDbMode $
olcDbSearchStack $ olcDbShmKey $ olcDbCacheFree ) )
objectClasses: ( 1.3.6.1.4.1.4203.666.11.1.4.2.2.1 NAME 'olcLdifConfig' DESC
'LDIF backend configuration' SUP olcDatabaseConfig STRUCTURAL MUST olcDbDirectory
)
objectClasses: ( 1.3.6.1.4.1.4203.666.11.1.4.2.3.1 NAME 'olcLDAPConfig' DESC
'LDAP backend configuration' SUP olcDatabaseConfig STRUCTURAL MAY ( olcDbURI $
olcDbStartTLS $ olcDbACLAuthcDn $ olcDbACLPasswd $ olcDbACLBind $ olcDbIDAssertAuthcDn $
olcDbIDAssertPasswd $ olcDbIDAssertBind $ olcDbIDAssertMode $ olcDbIDAssertAuthzFrom $
olcDbRebindAsUser $ olcDbChaseReferrals $ olcDbTFSupport $ olcDbProxyWhoAmI $ olcDbTimeout
$ olcDbIdleTimeout $ olcDbSingleConn $ olcDbCancel $ olcDbQuarantine $
olcDbUseTemporaryConn $ olcDbConnectionPoolMax ) )
objectClasses: ( 1.3.6.1.4.1.4203.666.11.1.4.2.4.1 NAME 'olcMonitorConfig' DESC
'Monitor backend configuration' SUP olcDatabaseConfig STRUCTURAL )
objectClasses: ( 1.3.6.1.4.1.4203.666.11.1.4.3.1.1 NAME 'olcSyncProvConfig' DESC
'SyncRepl Provider configuration' SUP olcOverlayConfig STRUCTURAL MAY (
olcSpCheckpoint $ olcSpSessionlog $ olcSpNoPresent ) )
objectClasses: ( 1.3.6.1.4.1.4203.666.11.1.4.3.12.1 NAME 'olcPPolicyConfig' DESC
'Password Policy configuration' SUP olcOverlayConfig STRUCTURAL MAY (
olcPPolicyDefault $ olcPPolicyHashCleartext $ olcPPolicyUseLockout ) )
objectClasses: ( 1.3.6.1.4.1.4203.666.11.1.4.3.3.1 NAME 'olcChainConfig' DESC
'Chain configuration' SUP olcOverlayConfig STRUCTURAL MAY ( olcChainCacheURI $
olcChainMaxReferralDepth $ olcChainReturnError ) )
objectClasses: ( 1.3.6.1.4.1.4203.666.11.1.4.3.3.2 NAME 'olcChainDatabase' DESC
'Chain remote server configuration' AUXILIARY )
objectClasses: ( 1.3.6.1.4.1.42.2.27.8.2.1 NAME 'pwdPolicy' SUP top AUXILIARY MUST
pwdAttribute MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheckQuality $ pwdMinLength $
pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout $ pwdLockoutDuration $ pwdMaxFailure $
pwdFailureCountInterval $ pwdMustChange $ pwdAllowUserChange $ pwdSafeModify ) )
objectClasses: ( 1.3.6.1.4.1.4754.2.99.1 NAME 'pwdPolicyChecker' SUP top AUXILIARY
MAY pwdCheckModule )
objectClasses: ( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RFC2798:
Internet Organizational Person' SUP organizationalPerson STRUCTURAL MAY ( audio $
businessCategory $ carLicense $ departmentNumber $ displayName $ employeeNumber $
employeeType $ givenName $ homePhone $ homePostalAddress $ initials $ jpegPhoto $
labeledURI $ mail $ manager $ mobile $ o $ pager $ photo $ roomNumber $ secretary $ uid $
userCertificate $ x500uniqueIdentifier $ preferredLanguage $ userSMIMECertificate $
userPKCS12 ) )
objectClasses: ( 2.16.840.1.113730.3.2.6 NAME 'referral' DESC 'namedref: named
subordinate referral' SUP top STRUCTURAL MUST ref )
objectClasses: ( 2.5.17.0 NAME 'subentry' SUP top STRUCTURAL MUST ( cn $
subtreeSpecification ) )
objectClasses: ( 2.5.20.1 NAME 'subschema' DESC 'RFC2252: controlling
subschema (sub)entry' AUXILIARY MAY ( dITStructureRules $ nameForms $ dITContentRules
$ objectClasses $ attributeTypes $ matchingRules $ matchingRuleUse ) )
objectClasses: ( 2.5.6.0 NAME 'top' DESC 'top of the superclass chain'
ABSTRACT MUST objectClass )
objectClasses: ( 2.5.6.10 NAME 'residentialPerson' DESC 'RFC2256: an
residential person' SUP person STRUCTURAL MUST l MAY ( businessCategory $ x121Address
$ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $
teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ st $ l ) )
objectClasses: ( 2.5.6.11 NAME 'applicationProcess' DESC 'RFC2256: an
application process' SUP top STRUCTURAL MUST cn MAY ( seeAlso $ ou $ l $ description )
)
objectClasses: ( 2.5.6.12 NAME 'applicationEntity' DESC 'RFC2256: an
application entity' SUP top STRUCTURAL MUST ( presentationAddress $ cn ) MAY (
supportedApplicationContext $ seeAlso $ ou $ o $ l $ description ) )
objectClasses: ( 2.5.6.13 NAME 'dSA' DESC 'RFC2256: a directory system agent
(a server)' SUP applicationEntity STRUCTURAL MAY knowledgeInformation )
objectClasses: ( 2.5.6.14 NAME 'device' DESC 'RFC2256: a device' SUP top
STRUCTURAL MUST cn MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
objectClasses: ( 2.5.6.15 NAME 'strongAuthenticationUser' DESC 'RFC2256: a
strong authentication user' SUP top AUXILIARY MUST userCertificate )
objectClasses: ( 2.5.6.16.2 NAME 'certificationAuthority-V2' SUP
certificationAuthority AUXILIARY MAY deltaRevocationList )
objectClasses: ( 2.5.6.16 NAME 'certificationAuthority' DESC 'RFC2256: a
certificate authority' SUP top AUXILIARY MUST ( authorityRevocationList $
certificateRevocationList $ cACertificate ) MAY crossCertificatePair )
objectClasses: ( 2.5.6.17 NAME 'groupOfUniqueNames' DESC 'RFC2256: a group of
unique names (DN and Unique Identifier)' SUP top STRUCTURAL MUST ( uniqueMember $ cn )
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
objectClasses: ( 2.5.6.18 NAME 'userSecurityInformation' DESC 'RFC2256: a user
security information' SUP top AUXILIARY MAY supportedAlgorithms )
objectClasses: ( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top STRUCTURAL MUST cn
MAY ( certificateRevocationList $ authorityRevocationList $ deltaRevocationList ) )
objectClasses: ( 2.5.6.1 NAME 'alias' DESC 'RFC2256: an alias' SUP top
STRUCTURAL MUST aliasedObjectName )
objectClasses: ( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST dmdName MAY (
userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress
$ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier
$ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $
postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $
description ) )
objectClasses: ( 2.5.6.21 NAME 'pkiUser' DESC 'RFC2587: a PKI user' SUP
top AUXILIARY MAY userCertificate )
objectClasses: ( 2.5.6.22 NAME 'pkiCA' DESC 'RFC2587: PKI certificate
authority' SUP top AUXILIARY MAY ( authorityRevocationList $ certificateRevocationList
$ cACertificate $ crossCertificatePair ) )
objectClasses: ( 2.5.6.23 NAME 'deltaCRL' DESC 'RFC2587: PKI user' SUP top
AUXILIARY MAY deltaRevocationList )
objectClasses: ( 2.5.6.2 NAME 'country' DESC 'RFC2256: a country' SUP top
STRUCTURAL MUST c MAY ( searchGuide $ description ) )
objectClasses: ( 2.5.6.3 NAME 'locality' DESC 'RFC2256: a locality' SUP
top STRUCTURAL MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
objectClasses: ( 2.5.6.4 NAME 'organization' DESC 'RFC2256: an
organization' SUP top STRUCTURAL MUST o MAY ( userPassword $ searchGuide $ seeAlso $
businessCategory $ x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $
internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
objectClasses: ( 2.5.6.5 NAME 'organizationalUnit' DESC 'RFC2256: an
organizational unit' SUP top STRUCTURAL MUST ou MAY ( userPassword $ searchGuide $
seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $
internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
objectClasses: ( 2.5.6.6 NAME 'person' DESC 'RFC2256: a person' SUP top
STRUCTURAL MUST ( sn $ cn ) MAY ( userPassword $ telephoneNumber $ seeAlso $ description )
)
objectClasses: ( 2.5.6.7 NAME 'organizationalPerson' DESC 'RFC2256: an
organizational person' SUP person STRUCTURAL MAY ( title $ x121Address $
registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $
teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ ou $ st $ l ) )
objectClasses: ( 2.5.6.8 NAME 'organizationalRole' DESC 'RFC2256: an
organizational role' SUP top STRUCTURAL MUST cn MAY ( x121Address $ registeredAddress
$ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier
$ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ seeAlso $
roleOccupant $ preferredDeliveryMethod $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
objectClasses: ( 2.5.6.9 NAME 'groupOfNames' DESC 'RFC2256: a group of names
(DNs)' SUP top STRUCTURAL MUST ( member $ cn ) MAY ( businessCategory $ seeAlso $
owner $ ou $ o $ description ) )
# requesting: objectclasses
result: 0 Success
search: 2
# search result
# Subschema
-------SLAPD - PRIMARY----------
include /etc/openldap/schema/core.schema
include /etc/openldap/schema/cosine.schema
include /etc/openldap/schema/inetorgperson.schema
include /etc/openldap/schema/nis.schema
include /etc/openldap/schema/ldapab.schema
include /etc/openldap/schema/ppolicy.schema
#include /etc/openldap/schema/apple.schema
allow bind_v2
pidfile /var/run/openldap/slapd.pid
argsfile /var/run/openldap/slapd.args
modulepath /usr/lib64/openldap
moduleload ppolicy.la
TLSCertificateFile /etc/openldap/ldap.cert
TLSCertificateKeyFile /etc/openldap/ldap.key
#######################################################################
# ldbm and/or bdb database definitions
#######################################################################
sizelimit 100000
database bdb
suffix "dc=domainname,dc=com"
rootdn "uid=rootdn,ou=People,dc=domainname,dc=com"
rootpw secret_here
overlay ppolicy
ppolicy_default "cn=default,ou=policies,dc=domainname,dc=com"
ppolicy_use_lockout
# sync stuff
overlay syncprov
syncprov-checkpoint 100 10
syncprov-sessionlog 100
loglevel 256
directory /var/lib/ldap
# Indices to maintain for this database
index objectClass eq,pres
index ou,cn,mail,surname,givenname eq,pres,sub
index uidNumber,gidNumber,loginShell eq,pres
index uid,memberUid eq,pres,sub
index nisMapName,nisMapEntry eq,pres,sub
replogfile /var/lib/ldap/openldap-master-replog
access to attrs=userPassword
by anonymous auth
by self write
by * none
access to dn.regex="(.*,)?ou=Contacts,uid=([^,]+),ou=People,(.*)$"
by dn.regex="uid=$2,ou=People,$3" write
by * none
access to dn.subtree="ou=Contacts,dc=domainname,dc=com"
by users write
by users read
access to *
by users read
by peername="IP=192\.168\.200\.5" read
access to *
by users read
by peername="IP=192\.168\.201\.12" read
----------SLAPD - REPLICA ----------
Same as above with sync repl at the bottom:
index entryCSN eq
index entryUUID eq
syncrepl rid=123
provider=ldap://192.168.200.12:389
type=refreshAndPersist
interval=00:00:00:01
searchbase="dc=domainname,dc=com"
filter="(objectClass=*)"
scope=sub
retry="5 5 300 +"
attrs="*,+"
bindmethod=simple
binddn="uid=rootdn,ou=People,dc=domainname,dc=com"
credentials=secret_here
updateref
ldap://primaryLDAP.domainname.com