kolab2.schema
No OneTemporary
Actions

Authored By

Unknown

Size

36 KB

Referenced Files

None

Subscribers

None

kolab2.schema
View Options

	# $Id: kolab2.schema,v 1.38 2009/07/08 10:26:06 gunnar Exp $
	# (c) 2003, 2004 Tassilo Erlewein <tassilo.erlewein@erfrakon.de>
	# (c) 2003-2009 Martin Konold <martin.konold@erfrakon.de>
	# (c) 2003 Achim Frank <achim.frank@erfrakon.de>
	#
	# Redistribution and use in source and binary forms, with or without
	# modification, are permitted provided that the following conditions are met:
	#
	# Redistributions of source code must retain the above copyright notice, this
	# list of conditions and the following disclaimer.
	#
	# Redistributions in binary form must reproduce the above copyright notice,
	# this list of conditions and the following disclaimer in the documentation
	# and/or other materials provided with the distribution.
	#
	# The name of the author may not be used to endorse or promote products derived
	# from this software without specific prior written permission.
	#
	#
	# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
	# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
	# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
	# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
	# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
	# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
	# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
	# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
	# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
	# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.

	# This schema highly depends on the core.schema, cosine.schema and the inetorgperson.schema
	# as provided by 3rd parties like OpenLDAP.
	#
	# slapd.conf then looks like
	# include /kolab/etc/openldap/schema/core.schema
	# include /kolab/etc/openldap/schema/cosine.schema
	# include /kolab/etc/openldap/schema/inetorgperson.schema
	# include /kolab/etc/openldap/schema/rfc2739.schema
	# include /kolab/etc/openldap/schema/kolab2.schema

	# Prefix for OIDs: 1.3.6.1.4.1.19414 <- registered
	# Prefix for OIDs: 1.3.6.1.4.1.19414.2000 <-- temporarily reserved for ob
	# Prefix for attributes: 1.3.6.1.4.1.19414.1
	# Prefix for attributes: 1.3.6.1.4.1.19414.2
	# Prefix for objectclasses: 1.3.6.1.4.1.19414.3
	# nameprefix: kolab
	#
	####################
	# kolab attributes #
	####################

	# helper attribute to make the kolab root easily findable in
	# a big ldap directory
	attributetype ( 1.3.6.1.4.1.19414.2.1.1
	NAME ( 'k' 'kolab' )
	DESC 'Kolab attribute'
	SUP name )

	# kolabDeleteflag used to be a boolean but describes with Kolab 2
	# the fqdn of the server which is requested to delete this objects
	# in its local store
	attributetype ( 1.3.6.1.4.1.19414.2.1.2
	NAME 'kolabDeleteflag'
	DESC 'Per host deletion status'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

	# alias used to provide alternative rfc822 email addresses for kolab users
	attributetype ( 1.3.6.1.4.1.19414.2.1.3
	NAME 'alias'
	DESC 'RFC1274: RFC822 Mailbox'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

	# kolabEncryptedPassword is an asymmetrically (RSA) encrypted copy of the
	# cleartext password. This is required in order to pass the password from
	# the maintainance/administration application to the kolabHomeServer running the
	# resource handler application in a secure manner.
	# Actually this attribute is deprecated as of Kolab 2.1. Instead we grant the
	# calendar user dn: cn=calendar,cn=internal,dc=yourcompany,dc=com access to
	# the respective calendar folder using IMAP ACLs.
	attributetype ( 1.3.6.1.4.1.19414.2.1.4
	NAME 'kolabEncryptedPassword'
	DESC 'base64 encoded public key encrypted Password'
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

	# hostname including the domain name like kolab-master.yourcompany.com
	attributetype ( 1.3.6.1.4.1.19414.2.1.5
	NAME ( 'fqhostname' 'fqdnhostname' )
	DESC 'Fully qualified Hostname including full domain component'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

	# fqdn of all hosts in a multi-location or cluster setup
	attributetype ( 1.3.6.1.4.1.19414.2.1.6
	NAME 'kolabHost'
	DESC 'Multivalued -- list of hostnames in a Kolab setup'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

	# fqdn of the server containg the actual user mailbox
	attributetype ( 1.3.6.1.4.1.19414.1.1.1.1
	NAME 'kolabHomeServer'
	DESC 'server which keeps the users mailbox'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

	# flag for allowing unrestriced length of mails
	attributetype ( 1.3.6.1.4.1.19414.1.1.1.2
	NAME 'unrestrictedMailSize'
	EQUALITY booleanMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

	# Specifies the email delegates.
	# An email delegate can send email on behalf of the account
	# which means using the "from" of the account.
	# Delegates are specified by the syntax of rfc822 email addresses.
	attributetype ( 1.3.6.1.4.1.19414.1.1.1.3
	NAME 'kolabDelegate'
	DESC 'Kolab user allowed to act as delegates - RFC822 Mailbox/Alias'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

	# For user, group and resource Kolab accounts
	# Describes how to respond to invitations
	# We keep the attribute as a string, but actually it can only have one
	# of the following values:
	#
	# ACT_ALWAYS_ACCEPT
	# ACT_ALWAYS_REJECT
	# ACT_REJECT_IF_CONFLICTS
	# ACT_MANUAL_IF_CONFLICTS
	# ACT_MANUAL
	# In addition one of these values may be prefixed with a primary email
	# address followed by a colon like
	# user@domain.tld: ACT_ALWAYS_ACCEPT
	attributetype ( 1.3.6.1.4.1.19414.1.1.1.4
	NAME ( 'kolabInvitationPolicy' 'kolabResourceAction' )
	DESC 'defines how to respond to invitations'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

	# time span from now to the future used for the free busy data
	# measured in days
	attributetype ( 1.3.6.1.4.1.19414.1.1.1.5
	NAME 'kolabFreeBusyFuture'
	DESC 'time in days for fb data towards the future'
	EQUALITY integerMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
	SINGLE-VALUE )

	# time span from now to the past used for the free busy data
	# measured in days
	attributetype ( 1.3.6.1.4.1.19414.1.1.1.6
	NAME 'kolabFreeBusyPast'
	DESC 'time in days for fb data towards the past'
	EQUALITY integerMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
	SINGLE-VALUE )

	# fqdn of the server as the default SMTP MTA
	# not used in Kolab 2 currently as in Kolab 2 the
	# default MTA is equivalent to the kolabHomeServer
	attributetype ( 1.3.6.1.4.1.19414.1.1.1.7
	NAME 'kolabHomeMTA'
	DESC 'fqdn of default MTA'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
	SINGLE-VALUE )

	# Begin date of Kolab vacation period. Sender will
	# be notified every kolabVacationResendIntervall days
	# that recipient is absent until kolabVacationEnd.
	# Values in this syntax are encoded as printable strings,
	# represented as specified in X.208.
	# Note that the time zone must be specified.
	# For Kolab we limit ourself to GMT
	# YYYYMMDDHHMMZ e.g. 200512311458Z.
	# see also: rfc 2252.
	# Currently this attribute is not used in Kolab.
	attributetype ( 1.3.6.1.4.1.19414.1.1.1.8
	NAME 'kolabVacationBeginDateTime'
	DESC 'Begin date of vacation'
	EQUALITY generalizedTimeMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
	SINGLE-VALUE )

	# End date of Kolab vacation period. Sender will
	# be notified every kolabVacationResendIntervall days
	# that recipient is absent starting from kolabVacationBeginDateTime.
	# Values in this syntax are encoded as printable strings,
	# represented as specified in X.208.
	# Note that the time zone must be specified.
	# For Kolab we limit ourself to GMT
	# YYYYMMDDHHMMZ e.g. 200601012258Z.
	# see also: rfc 2252.
	# Currently this attribute is not used in Kolab.
	attributetype ( 1.3.6.1.4.1.19414.1.1.1.9
	NAME 'kolabVacationEndDateTime'
	DESC 'End date of vacation'
	EQUALITY generalizedTimeMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
	SINGLE-VALUE )

	# Intervall in days after which senders get
	# another vacation message.
	# Currently this attribute is not used in Kolab.
	attributetype ( 1.3.6.1.4.1.19414.1.1.1.10
	NAME 'kolabVacationResendInterval'
	DESC 'Vacation notice interval in days'
	EQUALITY integerMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
	SINGLE-VALUE )

	# Email recipient addresses which are handled by the
	# vacation script. There can be multiple kolabVacationAddress
	# entries for each kolabInetOrgPerson.
	# Default is the primary email address and all
	# email aliases of the kolabInetOrgPerson.
	# Currently this attribute is not used in Kolab.
	attributetype ( 1.3.6.1.4.1.19414.1.1.1.11
	NAME 'kolabVacationAddress'
	DESC 'Email address for vacation to response upon'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

	# Enable sending vacation notices in reaction
	# unsolicited commercial email.
	# Default is no.
	# Currently this attribute is not used in Kolab.
	attributetype ( 1.3.6.1.4.1.19414.1.1.1.12
	NAME 'kolabVacationReplyToUCE'
	DESC 'Enable vacation notices to UCE'
	EQUALITY booleanMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
	SINGLE-VALUE )

	# Email recipient domains which are handled by the
	# vacation script. There can be multiple kolabVacationReactDomain
	# entries for each kolabInetOrgPerson
	# Default is to handle all domains.
	# Currently this attribute is not used in Kolab.
	attributetype ( 1.3.6.1.4.1.19414.1.1.1.13
	NAME 'kolabVacationReactDomain'
	DESC 'Multivalued -- Email domain for vacation to response upon'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

	# Forward all incoming emails except UCE if kolabForwardUCE
	# is not set to this email address.
	# There can be multiple kolabForwardAddress entries for
	# each kolabInetOrgPerson.
	# Currently this attribute is not used in Kolab.
	attributetype ( 1.3.6.1.4.1.19414.1.1.1.14
	NAME 'kolabForwardAddress'
	DESC 'Forward email to this address'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

	# Keep local copy when forwarding emails to list of
	# kolabForwardAddress.
	# Default is no.
	# Currently this attribute is not used in Kolab.
	attributetype ( 1.3.6.1.4.1.19414.1.1.1.15
	NAME 'kolabForwardKeepCopy'
	DESC 'Keep copy when forwarding'
	EQUALITY booleanMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
	SINGLE-VALUE )

	# Enable forwarding of UCE.
	# Default is yes.
	# Currently this attribute is not used in Kolab.
	attributetype ( 1.3.6.1.4.1.19414.1.1.1.16
	NAME 'kolabForwardUCE'
	DESC 'Enable forwarding of mails known as UCE'
	EQUALITY booleanMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
	SINGLE-VALUE )

	# comment when creating or deleting a kolab object
	# a comment might be appropriate. This is most useful
	# for tracability when users get moved to the graveyard
	# instead of being really deleted. Every entry must be prefixed
	# with an ISO 8601 date string e.g 200604301458Z. All times must
	# be in zulu timezone.
	attributetype ( 1.3.6.1.4.1.19414.1.1.1.17
	NAME 'kolabComment'
	DESC 'multi-value comment'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )

	# describes the allowed or disallowed smtp addresses for
	# recipients. If this attribute is not set for a user no
	# kolab recipient policy does apply.
	# example entries:
	# .tld - allow mail to every recipient for this tld
	# domain.tld - allow mail to everyone in domain.tld
	# .domain.tld - allow mail to everyone in domain.tld and its subdomains
	# user@domain.tld - allow mail to explicit user@domain.tld
	# user@ - allow mail to this user but any domain
	# -.tld - disallow mail to every recipient for this tld
	# -domain.tld - disallow mail to everyone in domain.tld
	# -.domain.tld - disallow mail to everyone in domain.tld and its subdomains
	# -user@domain.tld - disallow mail to explicit user@domain.tld
	# -user@ - disallow mail to this user but any domain
	attributetype ( 1.3.6.1.4.1.19414.1.1.1.18
	NAME 'kolabAllowSMTPRecipient'
	DESC 'SMTP address allowed for destination (multi-valued)'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} )

	# Create the user mailbox on the kolabHomeServer only.
	# Default is no.
	attributetype ( 1.3.6.1.4.1.19414.1.1.1.19
	NAME 'kolabHomeServerOnly'
	DESC 'Create the user mailbox on the kolabHomeServer only'
	EQUALITY booleanMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
	SINGLE-VALUE )

	attributetype ( 1.3.6.1.4.1.19414.1.1.1.20
	NAME 'kolabMaritalStatus'
	DESC 'ledig(0), verh.(1)} DEFAULT ledig'
	EQUALITY integerMatch
	SINGLE-VALUE
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{1} )

	attributetype ( 1.3.6.1.4.1.19414.1.1.1.21
	NAME ( 'homeFacsimileTelephoneNumber' 'homeFaxNumber' )
	DESC 'private facsimilie telephone number'
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )

	attributetype ( 1.3.6.1.4.1.19414.1.1.1.25
	NAME 'bylawURI'
	DESC 'URI pointing at the bylaw'
	SUP labeledURI
	SINGLE-VALUE )

	# Single string with $ seperated lines consisting of
	# surname $
	# givenName $
	# dateOfBirth $
	# restrictions $
	# signer of contract ('true'/'false')
	attributetype ( 1.3.6.1.4.1.19414.1.1.1.27
	NAME 'legalRepresentative'
	DESC 'legal representative'
	EQUALITY caseIgnoreListMatch
	SUBSTR caseIgnoreListSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )

	# Single string with $ seperated lines consisting of
	# surname $
	# givenName $
	# dateOfBirth $
	# restrictions $
	# signer of contract ('true'/'false')
	attributetype ( 1.3.6.1.4.1.19414.1.1.1.28
	NAME 'commercialProcuration'
	DESC 'described person which has commercial procuration'
	EQUALITY caseIgnoreListMatch
	SUBSTR caseIgnoreListSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )

	attributetype ( 1.3.6.1.4.1.19414.1.1.1.29
	NAME 'legalRepresentationPolicy'
	DESC 'described how legal representation works'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

	attributetype ( 1.3.6.1.4.1.19414.1.1.1.31
	NAME 'inLiquidation'
	EQUALITY booleanMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

	attributetype ( 1.3.6.1.4.1.19414.1.1.1.32
	NAME 'tradeRegisterRegisteredCapital'
	EQUALITY integerMatch
	SINGLE-VALUE
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )

	attributetype ( 1.3.6.1.4.1.19414.1.1.1.33
	NAME 'tradeRegisterType'
	SINGLE-VALUE
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

	attributetype ( 1.3.6.1.4.1.19414.1.1.1.36
	NAME 'tradeRegisterURI'
	SUP labeledURI
	SINGLE-VALUE )

	attributetype ( 1.3.6.1.4.1.19414.1.1.1.37
	NAME 'tradeRegisterLastChangedDate'
	EQUALITY generalizedTimeMatch
	SINGLE-VALUE
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )

	attributetype ( 1.3.6.1.4.1.19414.1.1.1.38
	NAME 'kolabGermanBankAccountNumber'
	DESC 'The 8-digits number of a german bank account without spaces'
	SINGLE-VALUE
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{10} )

	attributetype ( 1.3.6.1.4.1.19414.1.1.1.39
	NAME 'kolabGermanBankCode'
	DESC 'The 8-digits number of a german bank code (BLZ) without spaces'
	SINGLE-VALUE
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{8} )

	attributetype ( 1.3.6.1.4.1.19414.1.1.1.40
	NAME 'kolabGermanBankName'
	DESC 'The name of a german bank registered in the BLZ table published by Deutsche Bundesbank.'
	SUP name
	SINGLE-VALUE )

	attributetype ( 1.3.6.1.4.1.19414.1.1.1.41
	NAME 'kolabGermanBankAccountInfo'
	DESC 'Composed field containing a one-line human-readable representation of all necessary information.'
	SINGLE-VALUE
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

	attributetype ( 1.3.6.1.4.1.19414.1.1.1.42
	NAME 'kolabGermanBankAccountHolder'
	DESC 'The name of the holder of a german bank account commonly used as recipient name.'
	SINGLE-VALUE
	SUP name )

	# describes the allowed or disallowed smtp addresses for
	# recipients. If this attribute is not set for a user no
	# kolab recipient policy does apply.
	# example entries:
	# .tld - allow mail to every recipient for this tld
	# domain.tld - allow mail to everyone in domain.tld
	# .domain.tld - allow mail to everyone in domain.tld and its subdomains
	# user@domain.tld - allow mail to explicit user@domain.tld
	# user@ - allow mail to this user but any domain
	# -.tld - disallow mail to every recipient for this tld
	# -domain.tld - disallow mail to everyone in domain.tld
	# -.domain.tld - disallow mail to everyone in domain.tld and its subdomains
	# -user@domain.tld - disallow mail to explicit user@domain.tld
	# -user@ - disallow mail to this user but any domain

	attributetype ( 1.3.6.1.4.1.19414.1.1.1.43
	NAME 'kolabAllowSMTPFrom'
	DESC 'SMTP address accepted for receiving (multi-valued)'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} )

	attributetype ( 1.3.6.1.4.1.19414.1.1.1.44
	NAME 'kolabSalutation'
	DESC 'Salutation like Mr., Mrs, Herr, Frau)'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )

	# kolabFolderType describes the kind of Kolab folder
	# as defined in the kolab format specification.
	# We will annotate all folders with an entry
	# /vendor/kolab/folder-type containing the attribute
	# value.shared set to: <type>[.<subtype>].
	# The <type> can be: mail, event, journal, task, note,
	# or contact. The <subtype> for a mail folder can be
	# inbox, drafts, sentitems, or junkemail (this one holds
	# spam mails). For the other <type>s, it can only be
	# default, or not set. For other types of folders
	# supported by the clients, these should be prefixed with
	# "k-" for KMail, "h-" for Horde and "o-" for Outlook, and
	# look like for example "kolab.o-voicemail". Other third-party
	# clients shall use the "x-" prefix.
	# We then use the ANNOTATEMORE IMAP extension to
	# associate the folder type with a folder.
	attributetype ( 1.3.6.1.4.1.19414.2.1.7
	NAME 'kolabFolderType'
	DESC 'type of a kolab folder'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
	SINGLE-VALUE )

	######################
	# postfix attributes #
	######################

	attributetype ( 1.3.6.1.4.1.19414.2.1.501
	NAME 'postfix-mydomain'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

	attributetype ( 1.3.6.1.4.1.19414.2.1.502
	NAME 'postfix-relaydomains'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

	attributetype ( 1.3.6.1.4.1.19414.2.1.503
	NAME 'postfix-mydestination'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

	attributetype ( 1.3.6.1.4.1.19414.2.1.504
	NAME 'postfix-mynetworks'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

	attributetype ( 1.3.6.1.4.1.19414.2.1.505
	NAME 'postfix-relayhost'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

	attributetype ( 1.3.6.1.4.1.19414.2.1.506
	NAME 'postfix-transport'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

	attributetype ( 1.3.6.1.4.1.19414.2.1.507
	NAME 'postfix-enable-virus-scan'
	EQUALITY booleanMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
	SINGLE-VALUE )

	attributetype ( 1.3.6.1.4.1.19414.2.1.508
	NAME 'postfix-allow-unauthenticated'
	EQUALITY booleanMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
	SINGLE-VALUE )

	attributetype ( 1.3.6.1.4.1.19414.2.1.509
	NAME 'postfix-virtual'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

	attributetype ( 1.3.6.1.4.1.19414.2.1.510
	NAME 'postfix-relayport'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

	attributetype ( 1.3.6.1.4.1.19414.2.1.511
	NAME 'postfix-message-size-limit'
	EQUALITY integerMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )

	##########################
	# cyrus imapd attributes #
	##########################

	attributetype ( 1.3.6.1.4.1.19414.2.1.601
	NAME 'cyrus-autocreatequota'
	EQUALITY integerMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
	SINGLE-VALUE )

	attributetype ( 1.3.6.1.4.1.19414.2.1.602
	NAME 'cyrus-admins'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

	# enable plain imap without ssl
	attributetype ( 1.3.6.1.4.1.19414.2.1.603
	NAME 'cyrus-imap'
	EQUALITY booleanMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
	SINGLE-VALUE )

	# enable legacy pop3
	attributetype ( 1.3.6.1.4.1.19414.2.1.604
	NAME 'cyrus-pop3'
	EQUALITY booleanMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

	# user specific quota on the cyrus imap server
	attributetype ( 1.3.6.1.4.1.19414.2.1.605
	NAME 'cyrus-userquota'
	DESC 'Mailbox hard quota limit in MB'
	EQUALITY integerMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )

	# cyrus imapd access control list
	# acls work with users and groups
	attributetype ( 1.3.6.1.4.1.19414.2.1.651
	NAME 'acl'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

	# enable secure imap
	attributetype ( 1.3.6.1.4.1.19414.2.1.606
	NAME 'cyrus-imaps'
	EQUALITY booleanMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

	# enable secure pop3
	attributetype ( 1.3.6.1.4.1.19414.2.1.607
	NAME 'cyrus-pop3s'
	EQUALITY booleanMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

	# enable sieve support (required for forward and vacation services)
	attributetype ( 1.3.6.1.4.1.19414.2.1.608
	NAME 'cyrus-sieve'
	EQUALITY booleanMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

	# installation wide percentage which determines when to send a
	# warning to the user
	attributetype ( 1.3.6.1.4.1.19414.2.1.609
	NAME 'cyrus-quotawarn'
	EQUALITY integerMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )

	# enable smmap support
	attributetype ( 1.3.6.1.4.1.19414.2.1.610
	NAME 'cyrus-smmap'
	EQUALITY booleanMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

	# enable fulldirhash support
	attributetype ( 1.3.6.1.4.1.19414.2.1.611
	NAME 'cyrus-fulldirhash'
	EQUALITY booleanMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

	# enable hashimapspool support
	attributetype ( 1.3.6.1.4.1.19414.2.1.612
	NAME 'cyrus-hashimapspool'
	EQUALITY booleanMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

	# enable squatter support
	attributetype ( 1.3.6.1.4.1.19414.2.1.613
	NAME 'cyrus-squatter'
	EQUALITY booleanMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )


	#############################
	# apache and php attributes #
	#############################

	# enable plain http (no ssl)
	attributetype ( 1.3.6.1.4.1.19414.2.1.701
	NAME 'apache-http'
	EQUALITY booleanMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

	# Allow freebusy download without authenticating first
	attributetype ( 1.3.6.1.4.1.19414.2.1.702
	NAME 'apache-allow-unauthenticated-fb'
	EQUALITY booleanMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

	##########################
	# kolabfilter attributes #
	##########################

	# enable trustable From:
	attributetype ( 1.3.6.1.4.1.19414.2.1.750
	NAME 'kolabfilter-verify-from-header'
	EQUALITY booleanMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

	# should Sender header be allowed instead of From
	# when present?
	attributetype ( 1.3.6.1.4.1.19414.2.1.751
	NAME 'kolabfilter-allow-sender-header'
	EQUALITY booleanMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

	# Should reject messages with From headers that dont match
	# the envelope? Default is to rewrite the header
	attributetype ( 1.3.6.1.4.1.19414.2.1.752
	NAME 'kolabfilter-reject-forged-from-header'
	EQUALITY booleanMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

	# Enable the Kolab Policy Daemon. If false or not
	# set don't use the Kolab Policy Daemon
	attributetype ( 1.3.6.1.4.1.19414.2.1.800
	NAME 'kolabPolicyDaemon'
	EQUALITY booleanMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

	# Configurable list of ciphers considered to be secure enough for our purposes.
	# E.g. TLS 1.0 and SSL 3.0
	attributetype ( 1.3.6.1.4.1.19414.2.1.801
	NAME 'kolabSecureCiphers'
	DESC 'comma separated list of ciphers considered to be secure'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SINGLE-VALUE
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )


	######################################################
	# proftpd attributes (unused since Kolab Server 2.2) #
	######################################################

	attributetype ( 1.3.6.1.4.1.19414.2.1.901
	NAME 'proftpd-defaultquota'
	EQUALITY integerMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )

	attributetype ( 1.3.6.1.4.1.19414.2.1.902
	NAME 'proftpd-ftp'
	EQUALITY booleanMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

	attributetype ( 1.3.6.1.4.1.19414.2.1.903
	NAME 'proftpd-userPassword'
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

	########################################################################
	# pop3 service attributes (suitable to integrate external pop3 sources #
	########################################################################

	attributetype ( 1.3.6.1.4.1.19414.2.1.1001
	NAME 'externalPop3AccountDescription'
	DESC 'a human readable description of the external POP3 account e.g. my gmail account'
	SINGLE-VALUE
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )

	attributetype ( 1.3.6.1.4.1.19414.2.1.1002
	NAME 'externalPop3AccountMail'
	DESC 'email address associated with the external POP3 account e.g. givenname.surname@gmail.com'
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

	attributetype ( 1.3.6.1.4.1.19414.2.1.1003
	NAME 'externalPop3AccountServer'
	DESC 'Pop3 server associated with the external POP3 account e.g. pop3.provider.com'
	SINGLE-VALUE
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )

	attributetype ( 1.3.6.1.4.1.19414.2.1.1004
	NAME 'externalPop3AccountPort'
	DESC 'TCP port number used for pop3 service associated with the external POP3 account e.g. 110'
	EQUALITY integerMatch
	SINGLE-VALUE
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{5} )

	attributetype ( 1.3.6.1.4.1.19414.2.1.1005
	NAME 'externalPop3AccountUseSSL'
	DESC 'boolean defining if SSL must be used for external POP3 account - requires suitable externalPop3AccountPort'
	EQUALITY booleanMatch
	SINGLE-VALUE
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

	attributetype ( 1.3.6.1.4.1.19414.2.1.1006
	NAME 'externalPop3AccountUseTLS'
	DESC 'boolean defining if TLS must be used for external POP3 account'
	EQUALITY booleanMatch
	SINGLE-VALUE
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

	# sometimes useful for self-signed certificates
	attributetype ( 1.3.6.1.4.1.19414.2.1.1007
	NAME 'externalPop3AccountCheckServerCertificate'
	DESC 'allows to disable checking server certificates when using SSL or TLS - beware of MIT-attacks!'
	EQUALITY booleanMatch
	SINGLE-VALUE
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

	attributetype ( 1.3.6.1.4.1.19414.2.1.1008
	NAME 'externalPop3AccountLoginName'
	DESC 'name used to login into pop3 account often this uid is equivalent to the email address'
	SINGLE-VALUE
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

	attributetype ( 1.3.6.1.4.1.19414.2.1.1009
	NAME 'externalPop3EncryptedAccountPassword'
	DESC 'encryped password for the external POP3 account - secret key must be known to the pop3 fetch service'
	SINGLE-VALUE
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40)

	attributetype ( 1.3.6.1.4.1.19414.2.1.1010
	NAME 'externalPop3AccountKeepMailOnServer'
	DESC 'controls if fetched message shall remain on external POP3 server - beware this is often unreliable'
	EQUALITY booleanMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

	attributetype ( 1.3.6.1.4.1.19414.2.1.1011
	NAME 'externalPop3AccountLoginMethod'
	DESC 'login method used for external POP3 account - currently these are plainText, LOGIN, PLAIN, NTLM, DIGEST-MD5, CRAM-MD5, GSSAPI and APOP'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} )

	########################
	# external definitions #
	########################

	# extended from apple.schema
	attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.27
	NAME ( 'apple-birthday' 'dateOfBirth' 'dateOfIncorporation' )
	DESC 'Birthday or date of incorporation'
	EQUALITY generalizedTimeMatch
	SUBSTR caseExactIA5SubstringsMatch
	SINGLE-VALUE
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )

	# from http://www.stroeder.com/stroeder.com.schema
	attributetype ( 1.3.6.1.4.1.5427.1.389.4.12
	NAME ( 'birthPlace' 'placeOfBirth' )
	DESC 'Place of birth'
	SUP name
	SINGLE-VALUE )

	# from http://www.stroeder.com/stroeder.com.schema
	attributetype ( 1.3.6.1.4.1.5427.1.389.4.14
	NAME 'birthName'
	DESC 'Last name at time of birth, e.g. maiden name'
	SUP name
	SINGLE-VALUE )

	# from http://www.stroeder.com/stroeder.com.schema
	# The following data items and codes are used (see ISO 5218):
	# Not known 0
	# Male 1
	# Female 2
	# Not specified 9
	#
	attributetype ( 1.3.6.1.4.1.5427.1.389.4.7
	NAME 'gender'
	DESC 'Representation of human sex (see ISO 5218)'
	EQUALITY integerMatch
	SINGLE-VALUE
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{1} )

	# from http://www.stroeder.com/stroeder.com.schema
	# tax ID of person or company within Germany
	#
	attributetype ( 1.3.6.1.4.1.5427.1.389.4.666
	NAME 'germanTaxId'
	DESC 'tax ID of person or company within Germany'
	EQUALITY caseIgnoreMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{20} )

	# rfc 3039
	# ISO 3166 Country Code
	# multiple citizenships are possible!
	attributetype ( 1.3.6.1.5.5.7.9.4
	NAME 'countryOfCitizenship'
	DESC 'Country of citizenship'
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 )

	# ISO 3166 Country Code
	attributetype ( 1.3.6.1.5.5.7.9.5
	NAME 'countryOfResidence'
	DESC 'Country of residence'
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 )

	# http://www.daasi.de/
	attributetype ( 1.3.6.1.4.1.5062.1.1.3.16
	NAME 'legalForm'
	DESC 'legal form of a company'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SINGLE-VALUE
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

	# http://www.daasi.de/
	# location of the trade register authority
	attributetype ( 1.3.6.1.4.1.5062.1.1.3.17
	NAME 'tradeRegisterLocation'
	DESC 'Location of the trade registrar where the organization is registered'
	SUP name
	SINGLE-VALUE )

	# http://www.daasi.de/
	# registration number a the trade register authority
	attributetype ( 1.3.6.1.4.1.5062.1.1.3.18
	NAME 'tradeRegisterIdentifier'
	DESC 'Idientifier with which an organization is registered'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SINGLE-VALUE
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

	# https://forxa.mancomun.org/plugins/scmsvn/viewcvs.php/trunk/ldap/dxpisi.schema?annotate=29&root=mancomun
	# VATNumber
	# Identifier number for companies and persons. In Spain it is the same as NIF/CIF.
	# In Germany it is called Umsatzsteueridentifikationsnummer.
	attributetype ( 1.3.6.1.4.1.27994.1.3.4
	NAME 'VATNumber'
	DESC 'Identifier number for companies and persons'
	EQUALITY caseIgnoreMatch
	SUBSTR caseIgnoreSubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{10} )

	########################
	# kolab object classes #
	########################

	# main kolab server configuration
	# storing global values and user specific default values
	# like kolabFreeBusyFuture and kolabFreeBusyPast
	objectclass ( 1.3.6.1.4.1.19414.2.2.1
	NAME 'kolab'
	DESC 'Kolab server configuration'
	SUP top STRUCTURAL
	MUST k
	MAY ( kolabHost $
	postfix-mydomain $
	postfix-relaydomains $
	postfix-mydestination $
	postfix-mynetworks $
	postfix-relayhost $
	postfix-relayport $
	postfix-transport $
	postfix-virtual $
	postfix-enable-virus-scan $
	postfix-allow-unauthenticated $
	postfix-message-size-limit $
	cyrus-quotawarn $
	cyrus-autocreatequota $
	cyrus-admins $
	cyrus-imap $
	cyrus-pop3 $
	cyrus-imaps $
	cyrus-pop3s $
	cyrus-sieve $
	cyrus-smmap $
	cyrus-fulldirhash $
	cyrus-hashimapspool $
	cyrus-squatter $
	apache-http $
	apache-allow-unauthenticated-fb $
	kolabfilter-verify-from-header $
	kolabfilter-allow-sender-header $
	kolabfilter-reject-forged-from-header $
	kolabPolicyDaemon $
	kolabSecureCiphers $
	proftpd-ftp $
	proftpd-defaultquota $
	kolabFreeBusyFuture $
	kolabFreeBusyPast $
	uid $
	userPassword ) )

	# public folders are typically visible to everyone subscribed to
	# the server without the need for an extra login. Subfolders are
	# defined using the hiarchy seperator '/' e.g. "sf/sub1". Please note
	# that the term public folder is prefered to shared folder because
	# normal user mailboxes can also share folders using acls.
	objectclass ( 1.3.6.1.4.1.19414.2.2.9
	NAME 'kolabSharedFolder'
	DESC 'Kolab public shared folder'
	SUP top STRUCTURAL
	MUST cn
	MAY ( acl $
	alias $
	cyrus-userquota $
	kolabHomeServer $
	kolabFolderType $
	kolabDeleteflag ) )

	# kolabNamedObject is used as a plain node for the LDAP tree.
	# In contrast to unix filesystem directories LDAP nodes can
	# and often do also have contents/attributes. We use the
	# kolabNamedObject in order to put some structure in the
	# LDAP directory tree.
	objectclass ( 1.3.6.1.4.1.5322.13.1.1
	NAME 'kolabNamedObject'
	SUP top STRUCTURAL
	MAY (cn $ ou) )

	# kolab account
	# we use an auxiliary in order to ease integration
	# with existing inetOrgPerson objects
	# Please note that userPassword is a may
	# attribute in the schema but is mandatory for
	# Kolab
	objectclass ( 1.3.6.1.4.1.19414.3.2.2
	NAME 'kolabInetOrgPerson'
	DESC 'Kolab Internet Organizational Person'
	SUP top AUXILIARY
	MAY ( c $
	alias $
	pseudonym $
	kolabHomeServer $
	kolabHomeServerOnly $
	kolabHomeMTA $
	unrestrictedMailSize $
	kolabDelegate $
	kolabEncryptedPassword $
	cyrus-userquota $
	kolabInvitationPolicy $
	kolabFreeBusyFuture $
	calFBURL $
	kolabVacationBeginDateTime $
	kolabVacationEndDateTime $
	kolabVacationResendInterval $
	kolabVacationAddress $
	kolabVacationReplyToUCE $
	kolabVacationReactDomain $
	kolabForwardAddress $
	kolabForwardKeepCopy $
	kolabForwardUCE $
	kolabAllowSMTPRecipient $
	kolabAllowSMTPFrom $
	kolabSalutation $
	kolabMaritalStatus $
	dateOfBirth $
	placeOfBirth $
	birthName $
	gender $
	homeFacsimileTelephoneNumber $
	countryOfCitizenship $
	countryOfResidence $
	legalForm $
	tradeRegisterLocation $
	tradeRegisterIdentifier $
	VATNumber $
	germanTaxId $
	kolabDeleteflag $
	kolabComment ) )

	# kolab organization with country support
	objectclass ( 1.3.6.1.4.1.19414.3.2.3
	NAME 'kolabOrganization'
	DESC 'RFC2256: a Kolab organization'
	SUP organization STRUCTURAL
	MAY ( c $
	mail $
	kolabDeleteflag $
	alias ) )

	# kolab organizational unit with country support
	objectclass ( 1.3.6.1.4.1.19414.3.2.4
	NAME 'kolabOrganizationalUnit'
	DESC 'a Kolab organizational unit'
	SUP organizationalUnit STRUCTURAL
	MAY ( c $
	mail $
	kolabDeleteflag $
	alias ) )

	# kolab groupOfNames with extra kolabDeleteflag and the required
	# attribute mail.
	# The mail attribute for kolab objects of the type kolabGroupOfNames
	# is not arbitrary but MUST be a single attribute of the form
	# of an valid SMTP address with the CN as the local part.
	# E.g cn@kolabdomain (e.g. employees@mydomain.com). The
	# mail attribute MUST be globally unique.
	objectclass ( 1.3.6.1.4.1.19414.3.2.5
	NAME 'kolabGroupOfNames'
	DESC 'Kolab group of names (DNs) derived from RFC2256'
	SUP groupOfNames STRUCTURAL
	MAY ( mail $
	kolabDeleteflag ) )

	objectclass ( 1.3.6.1.4.1.19414.3.2.6
	NAME 'kolabExternalPop3Account'
	DESC 'kolab fetch messages via POP3 from external sources'
	SUP top STRUCTURAL
	MUST ( externalPop3AccountServer $
	externalPop3AccountLoginName $
	externalPop3EncryptedAccountPassword )
	MAY ( externalPop3AccountDescription $
	externalPop3AccountMail $
	externalPop3AccountPort $
	externalPop3AccountUseSSL $
	externalPop3AccountUseTLS $
	externalPop3AccountLoginMethod $
	externalPop3AccountCheckServerCertificate $
	externalPop3AccountKeepMailOnServer ) )

	objectclass ( 1.3.6.1.4.1.19414.3.2.7
	NAME 'kolabGermanBankArrangement'
	DESC 'German bank account information'
	SUP top STRUCTURAL
	MUST ( kolabGermanBankAccountNumber $
	kolabGermanBankCode )
	MAY ( kolabGermanBankAccountHolder $
	kolabGermanBankName $
	kolabGermanBankAccountInfo ) )

File Metadata

Mime Type: text/plain
Expires: Mon, Apr 6, 1:17 AM (1 d, 1 h)
Storage Engine: local-disk
Storage Format: Raw Data
Storage Handle: ac/5e/40eed97894b524552cf29f398148
Default Alt Text: kolab2.schema (36 KB)

kolab2.schemaNo OneTemporaryActions

kolab2.schemaView Options

File Metadata

Event Timeline

kolab2.schema
No OneTemporary
Actions

kolab2.schema
View Options