diff --git a/kolab3.ldif b/kolab3.ldif index 565c946..222891d 100644 --- a/kolab3.ldif +++ b/kolab3.ldif @@ -1,383 +1,384 @@ # $Id$ # (c) 2003, 2004 Tassilo Erlewein # (c) 2003-2009 Martin Konold # (c) 2003 Achim Frank # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: # # Redistributions of source code must retain the above copyright notice, this # list of conditions and the following disclaimer. # # Redistributions in binary form must reproduce the above copyright notice, # this list of conditions and the following disclaimer in the documentation # and/or other materials provided with the distribution. # # The name of the author may not be used to endorse or promote products derived # from this software without specific prior written permission. # # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED # WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO # EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, # PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; # OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR # OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # This schema highly depends on the core.schema, cosine.schema and the inetorgperson.schema # as provided by 3rd parties like OpenLDAP. # # slapd.conf then looks like # include /kolab/etc/openldap/schema/core.schema # include /kolab/etc/openldap/schema/cosine.schema # include /kolab/etc/openldap/schema/inetorgperson.schema # include /kolab/etc/openldap/schema/rfc2739.schema # include /kolab/etc/openldap/schema/kolab3.schema # Prefix for OIDs: 1.3.6.1.4.1.19414 <- registered # Prefix for OIDs: 1.3.6.1.4.1.19414.2000 <-- temporarily reserved for ob # Prefix for attributes: 1.3.6.1.4.1.19414.1 # Prefix for attributes: 1.3.6.1.4.1.19414.2 # Prefix for objectclasses: 1.3.6.1.4.1.19414.3 # nameprefix: kolab # dn: cn=schema #################### # kolab attributes # #################### # kolabDeleteflag used to be a boolean but describes with Kolab 2 # the fqdn of the server which is requested to delete this objects # in its local store attributeTypes: ( 1.3.6.1.4.1.19414.2.1.2 NAME 'kolabDeleteflag' DESC 'Per host deletion status' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # alias used to provide alternative rfc822 email addresses for kolab users attributeTypes: ( 1.3.6.1.4.1.19414.2.1.3 NAME 'alias' DESC 'RFC1274: RFC822 Mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # Specifies the email delegates. # An email delegate can send email on behalf of the account # which means using the "from" of the account. # Delegates are specified by the syntax of rfc822 email addresses. attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.3 NAME 'kolabDelegate' DESC 'Kolab user allowed to act as delegates - RFC822 Mailbox/Alias' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # For user, group and resource Kolab accounts # Describes how to respond to invitations # We keep the attribute as a string, but actually it can only have one # of the following values: # # ACT_ALWAYS_ACCEPT # ACT_ALWAYS_REJECT # ACT_REJECT_IF_CONFLICTS # ACT_MANUAL_IF_CONFLICTS # ACT_MANUAL # In addition one of these values may be prefixed with a primary email # address followed by a colon like # user@domain.tld: ACT_ALWAYS_ACCEPT attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.4 NAME ( 'kolabInvitationPolicy' 'kolabResourceAction' ) DESC 'defines how to respond to invitations' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # Begin date of Kolab vacation period. Sender will # be notified every kolabVacationResendIntervall days # that recipient is absent until kolabVacationEnd. # Values in this syntax are encoded as printable strings, # represented as specified in X.208. # Note that the time zone must be specified. # For Kolab we limit ourself to GMT # YYYYMMDDHHMMZ e.g. 200512311458Z. # see also: rfc 2252. # Currently this attribute is not used in Kolab. attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.8 NAME 'kolabVacationBeginDateTime' DESC 'Begin date of vacation' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) # End date of Kolab vacation period. Sender will # be notified every kolabVacationResendIntervall days # that recipient is absent starting from kolabVacationBeginDateTime. # Values in this syntax are encoded as printable strings, # represented as specified in X.208. # Note that the time zone must be specified. # For Kolab we limit ourself to GMT # YYYYMMDDHHMMZ e.g. 200601012258Z. # see also: rfc 2252. # Currently this attribute is not used in Kolab. attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.9 NAME 'kolabVacationEndDateTime' DESC 'End date of vacation' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) # Intervall in days after which senders get # another vacation message. # Currently this attribute is not used in Kolab. attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.10 NAME 'kolabVacationResendInterval' DESC 'Vacation notice interval in days' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) # Email recipient addresses which are handled by the # vacation script. There can be multiple kolabVacationAddress # entries for each kolabInetOrgPerson. # Default is the primary email address and all # email aliases of the kolabInetOrgPerson. # Currently this attribute is not used in Kolab. attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.11 NAME 'kolabVacationAddress' DESC 'Email address for vacation to response upon' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # Enable sending vacation notices in reaction # unsolicited commercial email. # Default is no. # Currently this attribute is not used in Kolab. attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.12 NAME 'kolabVacationReplyToUCE' DESC 'Enable vacation notices to UCE' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) # Email recipient domains which are handled by the # vacation script. There can be multiple kolabVacationReactDomain # entries for each kolabInetOrgPerson # Default is to handle all domains. # Currently this attribute is not used in Kolab. attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.13 NAME 'kolabVacationReactDomain' DESC 'Multivalued -- Email domain for vacation to response upon' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # Keep local copy when forwarding emails to list of # kolabForwardAddress. # Default is no. # Currently this attribute is not used in Kolab. attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.15 NAME 'kolabForwardKeepCopy' DESC 'Keep copy when forwarding' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) # Enable forwarding of UCE. # Default is yes. # Currently this attribute is not used in Kolab. attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.16 NAME 'kolabForwardUCE' DESC 'Enable forwarding of mails known as UCE' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) # Describes the allowed or disallowed smtp recipient addresses for mail sent # by the user associated with the LDAP object this attribute is associated with. # # If this attribute is not set for a user or distribution group, # no Kolab recipient policy does apply. # # Example entries: # .tld - allow mail to every recipient for this tld # domain.tld - allow mail to everyone in domain.tld # .domain.tld - allow mail to everyone in domain.tld and its subdomains # user@domain.tld - allow mail to explicit user@domain.tld # user@ - allow mail to this user but any domain # -.tld - disallow mail to every recipient for this tld # -domain.tld - disallow mail to everyone in domain.tld # -.domain.tld - disallow mail to everyone in domain.tld and its subdomains # -user@domain.tld - disallow mail to explicit user@domain.tld # -user@ - disallow mail to this user but any domain attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.18 NAME 'kolabAllowSMTPRecipient' DESC 'SMTP address allowed for destination (multi-valued)' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} ) # Jeroen van Meeuwen (Kolab Systems): Unnecessary in this deployment, as users # will be created on one server only, however we keep this in here to allow the # mail server to use to be specified from the user provisioning batch operation. # # Create the user mailbox on the kolabHomeServer only. # Default is no. attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.19 NAME 'kolabHomeServerOnly' DESC 'Create the user mailbox on the kolabHomeServer only' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) # Describes the allowed or disallowed smtp envelope sender addresses used for # the recipient this attribute is associated with. # # If this attribute is not set for a user or distribution # kolab sender policy does apply. # # Example entries: # .tld - allow mail to every recipient for this tld # domain.tld - allow mail to everyone in domain.tld # .domain.tld - allow mail to everyone in domain.tld and its subdomains # user@domain.tld - allow mail to explicit user@domain.tld # user@ - allow mail to this user but any domain # -.tld - disallow mail to every recipient for this tld # -domain.tld - disallow mail to everyone in domain.tld # -.domain.tld - disallow mail to everyone in domain.tld and its subdomains # -user@domain.tld - disallow mail to explicit user@domain.tld # -user@ - disallow mail to this user but any domain attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.43 NAME 'kolabAllowSMTPSender' DESC 'SMTP envelope sender address accepted for delivery (multi-valued)' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} ) # kolabFolderType describes the kind of Kolab folder # as defined in the kolab format specification. # We will annotate all folders with an entry # /vendor/kolab/folder-type containing the attribute # value.shared set to: [.]. # The can be: mail, event, journal, task, note, # or contact. The for a mail folder can be # inbox, drafts, sentitems, or junkemail (this one holds # spam mails). For the other s, it can only be # default, or not set. For other types of folders # supported by the clients, these should be prefixed with # "k-" for KMail, "h-" for Horde and "o-" for Outlook, and # look like for example "kolab.o-voicemail". Other third-party # clients shall use the "x-" prefix. # We then use the ANNOTATEMORE IMAP extension to # associate the folder type with a folder. attributeTypes: ( 1.3.6.1.4.1.19414.2.1.7 NAME 'kolabFolderType' DESC 'type of a kolab folder' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) attributeTypes: ( 1.3.6.1.4.1.19414.2.1.8 NAME 'kolabTargetFolder' DESC 'Target for a Kolab Shared Folder delivery' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512} SINGLE-VALUE ) # cyrus imapd access control list # acls work with users and groups attributeTypes: ( 1.3.6.1.4.1.19414.2.1.651 NAME 'acl' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # Extended attributes for Resources attributeTypes: ( 1.3.6.1.4.1.19414.3.1.1 NAME 'kolabDescAttribute' DESC 'Descriptive attribute or parameter for a Resource' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) ########################## # kolabfilter attributes # ########################## # enable trustable From: attributeTypes: ( 1.3.6.1.4.1.19414.2.1.750 NAME 'kolabfilter-verify-from-header' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) # should Sender header be allowed instead of From # when present? attributeTypes: ( 1.3.6.1.4.1.19414.2.1.751 NAME 'kolabfilter-allow-sender-header' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) # Should reject messages with From headers that dont match # the envelope? Default is to rewrite the header attributeTypes: ( 1.3.6.1.4.1.19414.2.1.752 NAME 'kolabfilter-reject-forged-from-header' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) ######################## # kolab object classes # ######################## # public folders are typically visible to everyone subscribed to # the server without the need for an extra login. Subfolders are # defined using the hiarchy seperator '/' e.g. "sf/sub1". Please note # that the term public folder is prefered to shared folder because # normal user mailboxes can also share folders using acls. objectClasses: ( 1.3.6.1.4.1.19414.2.2.9 NAME 'kolabSharedFolder' DESC 'Kolab public shared folder' SUP top AUXILIARY MUST cn MAY ( acl $ alias $ mailHost $ kolabFolderType $ kolabDeleteflag $ kolabDelegate $ kolabTargetFolder $ kolabAllowSMTPRecipient $ kolabAllowSMTPSender $ owner ) ) # kolab account # we use an auxiliary in order to ease integration # with existing inetOrgPerson objects # Please note that userPassword is a may # attribute in the schema but is mandatory for # Kolab objectClasses: ( 1.3.6.1.4.1.19414.3.2.2 NAME 'kolabInetOrgPerson' DESC 'Kolab Internet Organizational Person' SUP top AUXILIARY MAY ( alias $ mailHost $ kolabHomeServerOnly $ kolabDelegate $ kolabInvitationPolicy $ kolabVacationBeginDateTime $ kolabVacationEndDateTime $ kolabVacationResendInterval $ kolabVacationAddress $ kolabVacationReplyToUCE $ kolabVacationReactDomain $ kolabForwardKeepCopy $ kolabForwardUCE $ kolabAllowSMTPRecipient $ kolabAllowSMTPSender $ kolabDeleteflag ) ) # kolab groupOfNames with extra kolabDeleteflag and the required # attribute mail. # The mail attribute for kolab objects of the type kolabGroupOfNames # is not arbitrary but MUST be a single attribute of the form # of an valid SMTP address with the CN as the local part. # E.g cn@kolabdomain (e.g. employees@mydomain.com). The # mail attribute MUST be globally unique. objectClasses: ( 1.3.6.1.4.1.19414.3.2.8 NAME 'kolabGroupOfUniqueNames' DESC 'Kolab group of names (DNs) derived from RFC2256' SUP top AUXILIARY MAY ( mail $ alias $ + kolabDelegate $ kolabDeleteflag $ kolabAllowSMTPRecipient $ kolabAllowSMTPSender ) ) # kolab resources objectClasses: ( 1.3.6.1.4.1.19414.3.2.9 NAME 'kolabResource' DESC 'Kolab Resource' SUP top AUXILIARY MAY ( kolabInvitationPolicy $ kolabDescAttribute $ description $ owner ) ) diff --git a/kolab3.schema b/kolab3.schema index c589e40..8465f74 100644 --- a/kolab3.schema +++ b/kolab3.schema @@ -1,368 +1,369 @@ # $Id$ # (c) 2003, 2004 Tassilo Erlewein # (c) 2003-2009 Martin Konold # (c) 2003 Achim Frank # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: # # Redistributions of source code must retain the above copyright notice, this # list of conditions and the following disclaimer. # # Redistributions in binary form must reproduce the above copyright notice, # this list of conditions and the following disclaimer in the documentation # and/or other materials provided with the distribution. # # The name of the author may not be used to endorse or promote products derived # from this software without specific prior written permission. # # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED # WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO # EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, # PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; # OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR # OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # This schema highly depends on the core.schema, cosine.schema and the inetorgperson.schema # as provided by 3rd parties like OpenLDAP. # # slapd.conf then looks like # include /kolab/etc/openldap/schema/core.schema # include /kolab/etc/openldap/schema/cosine.schema # include /kolab/etc/openldap/schema/inetorgperson.schema # include /kolab/etc/openldap/schema/rfc2739.schema # include /kolab/etc/openldap/schema/kolab3.schema # Prefix for OIDs: 1.3.6.1.4.1.19414 <- registered # Prefix for OIDs: 1.3.6.1.4.1.19414.2000 <-- temporarily reserved for ob # Prefix for attributes: 1.3.6.1.4.1.19414.1 # Prefix for attributes: 1.3.6.1.4.1.19414.2 # Prefix for objectclasses: 1.3.6.1.4.1.19414.3 # nameprefix: kolab # dn: cn=schema #################### # kolab attributes # #################### # kolabDeleteflag used to be a boolean but describes with Kolab 2 # the fqdn of the server which is requested to delete this objects # in its local store attributetype ( 1.3.6.1.4.1.19414.2.1.2 NAME 'kolabDeleteflag' DESC 'Per host deletion status' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # alias used to provide alternative rfc822 email addresses for kolab users attributetype ( 1.3.6.1.4.1.19414.2.1.3 NAME 'alias' DESC 'RFC1274: RFC822 Mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # Specifies the email delegates. # An email delegate can send email on behalf of the account # which means using the "from" of the account. # Delegates are specified by the syntax of rfc822 email addresses. attributetype ( 1.3.6.1.4.1.19414.1.1.1.3 NAME 'kolabDelegate' DESC 'Kolab user allowed to act as delegates - RFC822 Mailbox/Alias' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # For user, group and resource Kolab accounts # Describes how to respond to invitations # We keep the attribute as a string, but actually it can only have one # of the following values: # # ACT_ALWAYS_ACCEPT # ACT_ALWAYS_REJECT # ACT_REJECT_IF_CONFLICTS # ACT_MANUAL_IF_CONFLICTS # ACT_MANUAL # In addition one of these values may be prefixed with a primary email # address followed by a colon like # user@domain.tld: ACT_ALWAYS_ACCEPT attributetype ( 1.3.6.1.4.1.19414.1.1.1.4 NAME ( 'kolabInvitationPolicy' 'kolabResourceAction' ) DESC 'defines how to respond to invitations' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # Begin date of Kolab vacation period. Sender will # be notified every kolabVacationResendIntervall days # that recipient is absent until kolabVacationEnd. # Values in this syntax are encoded as printable strings, # represented as specified in X.208. # Note that the time zone must be specified. # For Kolab we limit ourself to GMT # YYYYMMDDHHMMZ e.g. 200512311458Z. # see also: rfc 2252. # Currently this attribute is not used in Kolab. attributetype ( 1.3.6.1.4.1.19414.1.1.1.8 NAME 'kolabVacationBeginDateTime' DESC 'Begin date of vacation' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) # End date of Kolab vacation period. Sender will # be notified every kolabVacationResendIntervall days # that recipient is absent starting from kolabVacationBeginDateTime. # Values in this syntax are encoded as printable strings, # represented as specified in X.208. # Note that the time zone must be specified. # For Kolab we limit ourself to GMT # YYYYMMDDHHMMZ e.g. 200601012258Z. # see also: rfc 2252. # Currently this attribute is not used in Kolab. attributetype ( 1.3.6.1.4.1.19414.1.1.1.9 NAME 'kolabVacationEndDateTime' DESC 'End date of vacation' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) # Intervall in days after which senders get # another vacation message. # Currently this attribute is not used in Kolab. attributetype ( 1.3.6.1.4.1.19414.1.1.1.10 NAME 'kolabVacationResendInterval' DESC 'Vacation notice interval in days' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) # Email recipient addresses which are handled by the # vacation script. There can be multiple kolabVacationAddress # entries for each kolabInetOrgPerson. # Default is the primary email address and all # email aliases of the kolabInetOrgPerson. # Currently this attribute is not used in Kolab. attributetype ( 1.3.6.1.4.1.19414.1.1.1.11 NAME 'kolabVacationAddress' DESC 'Email address for vacation to response upon' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # Enable sending vacation notices in reaction # unsolicited commercial email. # Default is no. # Currently this attribute is not used in Kolab. attributetype ( 1.3.6.1.4.1.19414.1.1.1.12 NAME 'kolabVacationReplyToUCE' DESC 'Enable vacation notices to UCE' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) # Email recipient domains which are handled by the # vacation script. There can be multiple kolabVacationReactDomain # entries for each kolabInetOrgPerson # Default is to handle all domains. # Currently this attribute is not used in Kolab. attributetype ( 1.3.6.1.4.1.19414.1.1.1.13 NAME 'kolabVacationReactDomain' DESC 'Multivalued -- Email domain for vacation to response upon' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # Keep local copy when forwarding emails to list of # kolabForwardAddress. # Default is no. # Currently this attribute is not used in Kolab. attributetype ( 1.3.6.1.4.1.19414.1.1.1.15 NAME 'kolabForwardKeepCopy' DESC 'Keep copy when forwarding' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) # Enable forwarding of UCE. # Default is yes. # Currently this attribute is not used in Kolab. attributetype ( 1.3.6.1.4.1.19414.1.1.1.16 NAME 'kolabForwardUCE' DESC 'Enable forwarding of mails known as UCE' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) # Describes the allowed or disallowed smtp recipient addresses for mail sent # by the user associated with the LDAP object this attribute is associated with. # # If this attribute is not set for a user or distribution group, # no Kolab recipient policy does apply. # # Example entries: # .tld - allow mail to every recipient for this tld # domain.tld - allow mail to everyone in domain.tld # .domain.tld - allow mail to everyone in domain.tld and its subdomains # user@domain.tld - allow mail to explicit user@domain.tld # user@ - allow mail to this user but any domain # -.tld - disallow mail to every recipient for this tld # -domain.tld - disallow mail to everyone in domain.tld # -.domain.tld - disallow mail to everyone in domain.tld and its subdomains # -user@domain.tld - disallow mail to explicit user@domain.tld # -user@ - disallow mail to this user but any domain attributetype ( 1.3.6.1.4.1.19414.1.1.1.18 NAME 'kolabAllowSMTPRecipient' DESC 'SMTP address allowed for destination (multi-valued)' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} ) # Jeroen van Meeuwen (Kolab Systems): Unnecessary in this deployment, as users will # be created on one server only, however we keep this in here to allow the mail # server to use to be specified from the user provisioning batch operation # # Create the user mailbox on the kolabHomeServer only. # Default is no. attributetype ( 1.3.6.1.4.1.19414.1.1.1.19 NAME 'kolabHomeServerOnly' DESC 'Create the user mailbox on the kolabHomeServer only' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) # Describes the allowed or disallowed smtp envelope sender addresses used for # the recipient this attribute is associated with. # # If this attribute is not set for a user or distribution # kolab sender policy does apply. # # Example entries: # .tld - allow mail to every recipient for this tld # domain.tld - allow mail to everyone in domain.tld # .domain.tld - allow mail to everyone in domain.tld and its subdomains # user@domain.tld - allow mail to explicit user@domain.tld # user@ - allow mail to this user but any domain # -.tld - disallow mail to every recipient for this tld # -domain.tld - disallow mail to everyone in domain.tld # -.domain.tld - disallow mail to everyone in domain.tld and its subdomains # -user@domain.tld - disallow mail to explicit user@domain.tld # -user@ - disallow mail to this user but any domain attributetype ( 1.3.6.1.4.1.19414.1.1.1.43 NAME 'kolabAllowSMTPSender' DESC 'SMTP address accepted for receiving (multi-valued)' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} ) # kolabFolderType describes the kind of Kolab folder # as defined in the kolab format specification. # We will annotate all folders with an entry # /vendor/kolab/folder-type containing the attribute # value.shared set to: [.]. # The can be: mail, event, journal, task, note, # or contact. The for a mail folder can be # inbox, drafts, sentitems, or junkemail (this one holds # spam mails). For the other s, it can only be # default, or not set. For other types of folders # supported by the clients, these should be prefixed with # "k-" for KMail, "h-" for Horde and "o-" for Outlook, and # look like for example "kolab.o-voicemail". Other third-party # clients shall use the "x-" prefix. # We then use the ANNOTATEMORE IMAP extension to # associate the folder type with a folder. attributetype ( 1.3.6.1.4.1.19414.2.1.7 NAME 'kolabFolderType' DESC 'type of a kolab folder' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) # The path to a shared IMAP folder. attributetype ( 1.3.6.1.4.1.19414.2.1.8 NAME 'kolabTargetFolder' DESC 'Target for a Kolab Shared Folder delivery' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512} SINGLE-VALUE ) # cyrus imapd access control list # acls work with users and groups attributetype ( 1.3.6.1.4.1.19414.2.1.651 NAME 'acl' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) ########################## # kolabfilter attributes # ########################## # enable trustable From: attributetype ( 1.3.6.1.4.1.19414.2.1.750 NAME 'kolabfilter-verify-from-header' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) # should Sender header be allowed instead of From # when present? attributetype ( 1.3.6.1.4.1.19414.2.1.751 NAME 'kolabfilter-allow-sender-header' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) # Should reject messages with From headers that dont match # the envelope? Default is to rewrite the header attributetype ( 1.3.6.1.4.1.19414.2.1.752 NAME 'kolabfilter-reject-forged-from-header' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) ######################## # kolab object classes # ######################## # public folders are typically visible to everyone subscribed to # the server without the need for an extra login. Subfolders are # defined using the hiarchy seperator '/' e.g. "sf/sub1". Please note # that the term public folder is prefered to shared folder because # normal user mailboxes can also share folders using acls. objectclass ( 1.3.6.1.4.1.19414.2.2.9 NAME 'kolabSharedFolder' DESC 'Kolab public shared folder' SUP top AUXILIARY MUST cn MAY ( acl $ alias $ mailHost $ kolabFolderType $ kolabDeleteflag $ kolabDelegate $ kolabTargetFolder $ kolabAllowSMTPRecipient $ kolabAllowSMTPSender ) ) # kolab account # we use an auxiliary in order to ease integration # with existing inetOrgPerson objects # Please note that userPassword is a may # attribute in the schema but is mandatory for # Kolab objectclass ( 1.3.6.1.4.1.19414.3.2.2 NAME 'kolabInetOrgPerson' DESC 'Kolab Internet Organizational Person' SUP top AUXILIARY MAY ( alias $ mailHost $ kolabHomeServerOnly $ kolabDelegate $ kolabInvitationPolicy $ kolabVacationBeginDateTime $ kolabVacationEndDateTime $ kolabVacationResendInterval $ kolabVacationAddress $ kolabVacationReplyToUCE $ kolabVacationReactDomain $ kolabForwardKeepCopy $ kolabForwardUCE $ kolabAllowSMTPRecipient $ kolabAllowSMTPSender $ kolabDeleteflag ) ) # kolab groupOfNames with extra kolabDeleteflag and the required # attribute mail. # The mail attribute for kolab objects of the type kolabGroupOfNames # is not arbitrary but MUST be a single attribute of the form # of an valid SMTP address with the CN as the local part. # E.g cn@kolabdomain (e.g. employees@mydomain.com). The # mail attribute MUST be globally unique. objectclass ( 1.3.6.1.4.1.19414.3.2.8 NAME 'kolabGroupOfUniqueNames' DESC 'Kolab group of unique names (DNs) derived from RFC2256' SUP top AUXILIARY MAY ( mail $ alias $ + kolabDelegate $ kolabDeleteflag $ kolabAllowSMTPRecipient $ kolabAllowSMTPSender ) )