Page MenuHomePhorge
Differential D1522 Diff 3997 docker/ds389/kolab-schema.ldif

Changeset View

Standalone View

View Options

docker/ds389/kolab-schema.ldif

  • This file was added.
# $Id$
# (c) 2003, 2004 Tassilo Erlewein <tassilo.erlewein@erfrakon.de>
# (c) 2003-2009 Martin Konold <martin.konold@erfrakon.de>
# (c) 2003 Achim Frank <achim.frank@erfrakon.de>
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# Redistributions of source code must retain the above copyright notice, this
# list of conditions and the following disclaimer.
#
# Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
#
# The name of the author may not be used to endorse or promote products derived
# from this software without specific prior written permission.
#
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# This schema highly depends on the core.schema, cosine.schema and the inetorgperson.schema
# as provided by 3rd parties like OpenLDAP.
#
# slapd.conf then looks like
# include /kolab/etc/openldap/schema/core.schema
# include /kolab/etc/openldap/schema/cosine.schema
# include /kolab/etc/openldap/schema/inetorgperson.schema
# include /kolab/etc/openldap/schema/rfc2739.schema
# include /kolab/etc/openldap/schema/kolab3.schema
# Prefix for OIDs: 1.3.6.1.4.1.19414 <- registered
# Prefix for OIDs: 1.3.6.1.4.1.19414.2000 <-- temporarily reserved for ob
# Prefix for attributes: 1.3.6.1.4.1.19414.1
# Prefix for attributes: 1.3.6.1.4.1.19414.2
# Prefix for objectclasses: 1.3.6.1.4.1.19414.3
# nameprefix: kolab
#
dn: cn=schema
####################
# kolab attributes #
####################
# kolabDeleteflag used to be a boolean but describes with Kolab 2
# the fqdn of the server which is requested to delete this objects
# in its local store
attributeTypes: ( 1.3.6.1.4.1.19414.2.1.2
NAME 'kolabDeleteflag'
DESC 'Per host deletion status'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
# alias used to provide alternative rfc822 email addresses for kolab users
attributeTypes: ( 1.3.6.1.4.1.19414.2.1.3
NAME 'alias'
DESC 'RFC1274: RFC822 Mailbox'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
# Specifies the email delegates.
# An email delegate can send email on behalf of the account
# which means using the "from" of the account.
# Delegates are specified by the syntax of rfc822 email addresses.
attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.3
NAME 'kolabDelegate'
DESC 'Kolab user allowed to act as delegates - RFC822 Mailbox/Alias'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
# For user, group and resource Kolab accounts
# Describes how to respond to invitations
# We keep the attribute as a string, but actually it can only have one
# of the following values:
#
# ACT_ALWAYS_ACCEPT
# ACT_ALWAYS_REJECT
# ACT_REJECT_IF_CONFLICTS
# ACT_MANUAL_IF_CONFLICTS
# ACT_MANUAL
# In addition one of these values may be prefixed with a primary email
# address followed by a colon like
# user@domain.tld: ACT_ALWAYS_ACCEPT
attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.4
NAME ( 'kolabInvitationPolicy' 'kolabResourceAction' )
DESC 'defines how to respond to invitations'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
# Begin date of Kolab vacation period. Sender will
# be notified every kolabVacationResendIntervall days
# that recipient is absent until kolabVacationEnd.
# Values in this syntax are encoded as printable strings,
# represented as specified in X.208.
# Note that the time zone must be specified.
# For Kolab we limit ourself to GMT
# YYYYMMDDHHMMZ e.g. 200512311458Z.
# see also: rfc 2252.
# Currently this attribute is not used in Kolab.
attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.8
NAME 'kolabVacationBeginDateTime'
DESC 'Begin date of vacation'
EQUALITY generalizedTimeMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-VALUE )
# End date of Kolab vacation period. Sender will
# be notified every kolabVacationResendIntervall days
# that recipient is absent starting from kolabVacationBeginDateTime.
# Values in this syntax are encoded as printable strings,
# represented as specified in X.208.
# Note that the time zone must be specified.
# For Kolab we limit ourself to GMT
# YYYYMMDDHHMMZ e.g. 200601012258Z.
# see also: rfc 2252.
# Currently this attribute is not used in Kolab.
attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.9
NAME 'kolabVacationEndDateTime'
DESC 'End date of vacation'
EQUALITY generalizedTimeMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-VALUE )
# Intervall in days after which senders get
# another vacation message.
# Currently this attribute is not used in Kolab.
attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.10
NAME 'kolabVacationResendInterval'
DESC 'Vacation notice interval in days'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
# Email recipient addresses which are handled by the
# vacation script. There can be multiple kolabVacationAddress
# entries for each kolabInetOrgPerson.
# Default is the primary email address and all
# email aliases of the kolabInetOrgPerson.
# Currently this attribute is not used in Kolab.
attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.11
NAME 'kolabVacationAddress'
DESC 'Email address for vacation to response upon'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
# Enable sending vacation notices in reaction
# unsolicited commercial email.
# Default is no.
# Currently this attribute is not used in Kolab.
attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.12
NAME 'kolabVacationReplyToUCE'
DESC 'Enable vacation notices to UCE'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
# Email recipient domains which are handled by the
# vacation script. There can be multiple kolabVacationReactDomain
# entries for each kolabInetOrgPerson
# Default is to handle all domains.
# Currently this attribute is not used in Kolab.
attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.13
NAME 'kolabVacationReactDomain'
DESC 'Multivalued -- Email domain for vacation to response upon'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
# Keep local copy when forwarding emails to list of
# kolabForwardAddress.
# Default is no.
# Currently this attribute is not used in Kolab.
attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.15
NAME 'kolabForwardKeepCopy'
DESC 'Keep copy when forwarding'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
# Enable forwarding of UCE.
# Default is yes.
# Currently this attribute is not used in Kolab.
attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.16
NAME 'kolabForwardUCE'
DESC 'Enable forwarding of mails known as UCE'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
# Describes the allowed or disallowed smtp recipient addresses for mail sent
# by the user associated with the LDAP object this attribute is associated with.
#
# If this attribute is not set for a user or distribution group,
# no Kolab recipient policy does apply.
#
# Example entries:
# .tld - allow mail to every recipient for this tld
# domain.tld - allow mail to everyone in domain.tld
# .domain.tld - allow mail to everyone in domain.tld and its subdomains
# user@domain.tld - allow mail to explicit user@domain.tld
# user@ - allow mail to this user but any domain
# -.tld - disallow mail to every recipient for this tld
# -domain.tld - disallow mail to everyone in domain.tld
# -.domain.tld - disallow mail to everyone in domain.tld and its subdomains
# -user@domain.tld - disallow mail to explicit user@domain.tld
# -user@ - disallow mail to this user but any domain
attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.18
NAME 'kolabAllowSMTPRecipient'
DESC 'SMTP address allowed for destination (multi-valued)'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} )
# Jeroen van Meeuwen (Kolab Systems): Unnecessary in this deployment, as users
# will be created on one server only, however we keep this in here to allow the
# mail server to use to be specified from the user provisioning batch operation.
#
# Create the user mailbox on the kolabHomeServer only.
# Default is no.
attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.19
NAME 'kolabHomeServerOnly'
DESC 'Create the user mailbox on the kolabHomeServer only'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
# Describes the allowed or disallowed smtp envelope sender addresses used for
# the recipient this attribute is associated with.
#
# If this attribute is not set for a user or distribution
# kolab sender policy does apply.
#
# Example entries:
# .tld - allow mail to every recipient for this tld
# domain.tld - allow mail to everyone in domain.tld
# .domain.tld - allow mail to everyone in domain.tld and its subdomains
# user@domain.tld - allow mail to explicit user@domain.tld
# user@ - allow mail to this user but any domain
# -.tld - disallow mail to every recipient for this tld
# -domain.tld - disallow mail to everyone in domain.tld
# -.domain.tld - disallow mail to everyone in domain.tld and its subdomains
# -user@domain.tld - disallow mail to explicit user@domain.tld
# -user@ - disallow mail to this user but any domain
attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.43
NAME 'kolabAllowSMTPSender'
DESC 'SMTP envelope sender address accepted for delivery (multi-valued)'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} )
# kolabFolderType describes the kind of Kolab folder
# as defined in the kolab format specification.
# We will annotate all folders with an entry
# /vendor/kolab/folder-type containing the attribute
# value.shared set to: <type>[.<subtype>].
# The <type> can be: mail, event, journal, task, note,
# or contact. The <subtype> for a mail folder can be
# inbox, drafts, sentitems, or junkemail (this one holds
# spam mails). For the other <type>s, it can only be
# default, or not set. For other types of folders
# supported by the clients, these should be prefixed with
# "k-" for KMail, "h-" for Horde and "o-" for Outlook, and
# look like for example "kolab.o-voicemail". Other third-party
# clients shall use the "x-" prefix.
# We then use the ANNOTATEMORE IMAP extension to
# associate the folder type with a folder.
attributeTypes: ( 1.3.6.1.4.1.19414.2.1.7
NAME 'kolabFolderType'
DESC 'type of a kolab folder'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
SINGLE-VALUE )
attributeTypes: ( 1.3.6.1.4.1.19414.2.1.8
NAME 'kolabTargetFolder'
DESC 'Target for a Kolab Shared Folder delivery'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512}
SINGLE-VALUE )
# cyrus imapd access control list
# acls work with users and groups
attributeTypes: ( 1.3.6.1.4.1.19414.2.1.651
NAME 'acl'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
# Extended attributes for Resources
attributeTypes: ( 1.3.6.1.4.1.19414.3.1.1
NAME 'kolabDescAttribute'
DESC 'Descriptive attribute or parameter for a Resource'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
##########################
# kolabfilter attributes #
##########################
# enable trustable From:
attributeTypes: ( 1.3.6.1.4.1.19414.2.1.750
NAME 'kolabfilter-verify-from-header'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
# should Sender header be allowed instead of From
# when present?
attributeTypes: ( 1.3.6.1.4.1.19414.2.1.751
NAME 'kolabfilter-allow-sender-header'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
# Should reject messages with From headers that dont match
# the envelope? Default is to rewrite the header
attributeTypes: ( 1.3.6.1.4.1.19414.2.1.752
NAME 'kolabfilter-reject-forged-from-header'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
########################
# kolab object classes #
########################
# public folders are typically visible to everyone subscribed to
# the server without the need for an extra login. Subfolders are
# defined using the hiarchy seperator '/' e.g. "sf/sub1". Please note
# that the term public folder is prefered to shared folder because
# normal user mailboxes can also share folders using acls.
objectClasses: ( 1.3.6.1.4.1.19414.2.2.9
NAME 'kolabSharedFolder'
DESC 'Kolab public shared folder'
SUP top AUXILIARY
MUST cn
MAY ( acl $
alias $
mailHost $
kolabFolderType $
kolabDeleteflag $
kolabDelegate $
kolabTargetFolder $
kolabAllowSMTPRecipient $
kolabAllowSMTPSender $
owner ) )
# kolab account
# we use an auxiliary in order to ease integration
# with existing inetOrgPerson objects
# Please note that userPassword is a may
# attribute in the schema but is mandatory for
# Kolab
objectClasses: ( 1.3.6.1.4.1.19414.3.2.2
NAME 'kolabInetOrgPerson'
DESC 'Kolab Internet Organizational Person'
SUP top AUXILIARY
MAY ( alias $
mailHost $
kolabHomeServerOnly $
kolabDelegate $
kolabInvitationPolicy $
kolabVacationBeginDateTime $
kolabVacationEndDateTime $
kolabVacationResendInterval $
kolabVacationAddress $
kolabVacationReplyToUCE $
kolabVacationReactDomain $
kolabForwardKeepCopy $
kolabForwardUCE $
kolabAllowSMTPRecipient $
kolabAllowSMTPSender $
kolabDeleteflag ) )
# kolab groupOfNames with extra kolabDeleteflag and the required
# attribute mail.
# The mail attribute for kolab objects of the type kolabGroupOfNames
# is not arbitrary but MUST be a single attribute of the form
# of an valid SMTP address with the CN as the local part.
# E.g cn@kolabdomain (e.g. employees@mydomain.com). The
# mail attribute MUST be globally unique.
objectClasses: ( 1.3.6.1.4.1.19414.3.2.8
NAME 'kolabGroupOfUniqueNames'
DESC 'Kolab group of names (DNs) derived from RFC2256'
SUP top AUXILIARY
MAY ( mail $
alias $
kolabDelegate $
kolabDeleteflag $
kolabAllowSMTPRecipient $
kolabAllowSMTPSender ) )
# kolab resources
objectClasses: ( 1.3.6.1.4.1.19414.3.2.9
NAME 'kolabResource'
DESC 'Kolab Resource'
SUP top AUXILIARY
MAY ( kolabInvitationPolicy $
kolabDescAttribute $
description $
owner ) )