diff --git a/kolab2.ldif b/kolab2.ldif new file mode 100644 index 0000000..3c775a1 --- /dev/null +++ b/kolab2.ldif @@ -0,0 +1,346 @@ +# $Id$ +# (c) 2003, 2004 Tassilo Erlewein +# (c) 2003-2009 Martin Konold +# (c) 2003 Achim Frank +# +# Redistribution and use in source and binary forms, with or without +# modification, are permitted provided that the following conditions are met: +# +# Redistributions of source code must retain the above copyright notice, this +# list of conditions and the following disclaimer. +# +# Redistributions in binary form must reproduce the above copyright notice, +# this list of conditions and the following disclaimer in the documentation +# and/or other materials provided with the distribution. +# +# The name of the author may not be used to endorse or promote products derived +# from this software without specific prior written permission. +# +# +# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED +# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF +# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO +# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, +# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, +# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; +# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, +# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR +# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF +# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. +# This schema highly depends on the core.schema, cosine.schema and the inetorgperson.schema +# as provided by 3rd parties like OpenLDAP. +# +# slapd.conf then looks like +# include /kolab/etc/openldap/schema/core.schema +# include /kolab/etc/openldap/schema/cosine.schema +# include /kolab/etc/openldap/schema/inetorgperson.schema +# include /kolab/etc/openldap/schema/rfc2739.schema +# include /kolab/etc/openldap/schema/kolab2.schema +# Prefix for OIDs: 1.3.6.1.4.1.19414 <- registered +# Prefix for OIDs: 1.3.6.1.4.1.19414.2000 <-- temporarily reserved for ob +# Prefix for attributes: 1.3.6.1.4.1.19414.1 +# Prefix for attributes: 1.3.6.1.4.1.19414.2 +# Prefix for objectclasses: 1.3.6.1.4.1.19414.3 +# nameprefix: kolab +# +dn: cn=schema +#################### +# kolab attributes # +#################### +# kolabDeleteflag used to be a boolean but describes with Kolab 2 +# the fqdn of the server which is requested to delete this objects +# in its local store +attributeTypes: ( 1.3.6.1.4.1.19414.2.1.2 + NAME 'kolabDeleteflag' + DESC 'Per host deletion status' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) +# alias used to provide alternative rfc822 email addresses for kolab users +attributeTypes: ( 1.3.6.1.4.1.19414.2.1.3 + NAME 'alias' + DESC 'RFC1274: RFC822 Mailbox' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) +# Specifies the email delegates. +# An email delegate can send email on behalf of the account +# which means using the "from" of the account. +# Delegates are specified by the syntax of rfc822 email addresses. +attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.3 + NAME 'kolabDelegate' + DESC 'Kolab user allowed to act as delegates - RFC822 Mailbox/Alias' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) +# For user, group and resource Kolab accounts +# Describes how to respond to invitations +# We keep the attribute as a string, but actually it can only have one +# of the following values: +# +# ACT_ALWAYS_ACCEPT +# ACT_ALWAYS_REJECT +# ACT_REJECT_IF_CONFLICTS +# ACT_MANUAL_IF_CONFLICTS +# ACT_MANUAL +# In addition one of these values may be prefixed with a primary email +# address followed by a colon like +# user@domain.tld: ACT_ALWAYS_ACCEPT +attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.4 + NAME ( 'kolabInvitationPolicy' 'kolabResourceAction' ) + DESC 'defines how to respond to invitations' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) +# Begin date of Kolab vacation period. Sender will +# be notified every kolabVacationResendIntervall days +# that recipient is absent until kolabVacationEnd. +# Values in this syntax are encoded as printable strings, +# represented as specified in X.208. +# Note that the time zone must be specified. +# For Kolab we limit ourself to GMT +# YYYYMMDDHHMMZ e.g. 200512311458Z. +# see also: rfc 2252. +# Currently this attribute is not used in Kolab. +attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.8 + NAME 'kolabVacationBeginDateTime' + DESC 'Begin date of vacation' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + SINGLE-VALUE ) +# End date of Kolab vacation period. Sender will +# be notified every kolabVacationResendIntervall days +# that recipient is absent starting from kolabVacationBeginDateTime. +# Values in this syntax are encoded as printable strings, +# represented as specified in X.208. +# Note that the time zone must be specified. +# For Kolab we limit ourself to GMT +# YYYYMMDDHHMMZ e.g. 200601012258Z. +# see also: rfc 2252. +# Currently this attribute is not used in Kolab. +attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.9 + NAME 'kolabVacationEndDateTime' + DESC 'End date of vacation' + EQUALITY generalizedTimeMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + SINGLE-VALUE ) +# Intervall in days after which senders get +# another vacation message. +# Currently this attribute is not used in Kolab. +attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.10 + NAME 'kolabVacationResendInterval' + DESC 'Vacation notice interval in days' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) +# Email recipient addresses which are handled by the +# vacation script. There can be multiple kolabVacationAddress +# entries for each kolabInetOrgPerson. +# Default is the primary email address and all +# email aliases of the kolabInetOrgPerson. +# Currently this attribute is not used in Kolab. +attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.11 + NAME 'kolabVacationAddress' + DESC 'Email address for vacation to response upon' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) +# Enable sending vacation notices in reaction +# unsolicited commercial email. +# Default is no. +# Currently this attribute is not used in Kolab. +attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.12 + NAME 'kolabVacationReplyToUCE' + DESC 'Enable vacation notices to UCE' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) +# Email recipient domains which are handled by the +# vacation script. There can be multiple kolabVacationReactDomain +# entries for each kolabInetOrgPerson +# Default is to handle all domains. +# Currently this attribute is not used in Kolab. +attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.13 + NAME 'kolabVacationReactDomain' + DESC 'Multivalued -- Email domain for vacation to response upon' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) +# Keep local copy when forwarding emails to list of +# kolabForwardAddress. +# Default is no. +# Currently this attribute is not used in Kolab. +attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.15 + NAME 'kolabForwardKeepCopy' + DESC 'Keep copy when forwarding' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) +# Enable forwarding of UCE. +# Default is yes. +# Currently this attribute is not used in Kolab. +attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.16 + NAME 'kolabForwardUCE' + DESC 'Enable forwarding of mails known as UCE' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) +# describes the allowed or disallowed smtp addresses for +# recipients. If this attribute is not set for a user no +# kolab recipient policy does apply. +# example entries: +# .tld - allow mail to every recipient for this tld +# domain.tld - allow mail to everyone in domain.tld +# .domain.tld - allow mail to everyone in domain.tld and its subdomains +# user@domain.tld - allow mail to explicit user@domain.tld +# user@ - allow mail to this user but any domain +# -.tld - disallow mail to every recipient for this tld +# -domain.tld - disallow mail to everyone in domain.tld +# -.domain.tld - disallow mail to everyone in domain.tld and its subdomains +# -user@domain.tld - disallow mail to explicit user@domain.tld +# -user@ - disallow mail to this user but any domain +attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.18 + NAME 'kolabAllowSMTPRecipient' + DESC 'SMTP address allowed for destination (multi-valued)' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} ) +# Jeroen van Meeuwen (Kolab Systems): Unnecessary in this deployment, as users will +# be created on one server only, however we keep this in here to allow the mail +# server to use to be specified from the user provisioning batch operation +# +# Create the user mailbox on the kolabHomeServer only. +# Default is no. +attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.19 + NAME 'kolabHomeServerOnly' + DESC 'Create the user mailbox on the kolabHomeServer only' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 + SINGLE-VALUE ) +# describes the allowed or disallowed smtp addresses for +# recipients. If this attribute is not set for a user no +# kolab recipient policy does apply. +# example entries: +# .tld - allow mail to every recipient for this tld +# domain.tld - allow mail to everyone in domain.tld +# .domain.tld - allow mail to everyone in domain.tld and its subdomains +# user@domain.tld - allow mail to explicit user@domain.tld +# user@ - allow mail to this user but any domain +# -.tld - disallow mail to every recipient for this tld +# -domain.tld - disallow mail to everyone in domain.tld +# -.domain.tld - disallow mail to everyone in domain.tld and its subdomains +# -user@domain.tld - disallow mail to explicit user@domain.tld +# -user@ - disallow mail to this user but any domain +attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.43 + NAME 'kolabAllowSMTPFrom' + DESC 'SMTP address accepted for receiving (multi-valued)' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} ) +# kolabFolderType describes the kind of Kolab folder +# as defined in the kolab format specification. +# We will annotate all folders with an entry +# /vendor/kolab/folder-type containing the attribute +# value.shared set to: [.]. +# The can be: mail, event, journal, task, note, +# or contact. The for a mail folder can be +# inbox, drafts, sentitems, or junkemail (this one holds +# spam mails). For the other s, it can only be +# default, or not set. For other types of folders +# supported by the clients, these should be prefixed with +# "k-" for KMail, "h-" for Horde and "o-" for Outlook, and +# look like for example "kolab.o-voicemail". Other third-party +# clients shall use the "x-" prefix. +# We then use the ANNOTATEMORE IMAP extension to +# associate the folder type with a folder. +attributeTypes: ( 1.3.6.1.4.1.19414.2.1.7 + NAME 'kolabFolderType' + DESC 'type of a kolab folder' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} + SINGLE-VALUE ) +# cyrus imapd access control list +# acls work with users and groups +attributeTypes: ( 1.3.6.1.4.1.19414.2.1.651 + NAME 'acl' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) +########################## +# kolabfilter attributes # +########################## +# enable trustable From: +attributeTypes: ( 1.3.6.1.4.1.19414.2.1.750 + NAME 'kolabfilter-verify-from-header' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) +# should Sender header be allowed instead of From +# when present? +attributeTypes: ( 1.3.6.1.4.1.19414.2.1.751 + NAME 'kolabfilter-allow-sender-header' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) +# Should reject messages with From headers that dont match +# the envelope? Default is to rewrite the header +attributeTypes: ( 1.3.6.1.4.1.19414.2.1.752 + NAME 'kolabfilter-reject-forged-from-header' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) +######################## +# kolab object classes # +######################## +# public folders are typically visible to everyone subscribed to +# the server without the need for an extra login. Subfolders are +# defined using the hiarchy seperator '/' e.g. "sf/sub1". Please note +# that the term public folder is prefered to shared folder because +# normal user mailboxes can also share folders using acls. +objectClasses: ( 1.3.6.1.4.1.19414.2.2.9 + NAME 'kolabSharedFolder' + DESC 'Kolab public shared folder' + SUP top STRUCTURAL + MUST cn + MAY ( acl $ + mailHost $ + kolabFolderType $ + kolabDeleteflag ) ) +# kolab account +# we use an auxiliary in order to ease integration +# with existing inetOrgPerson objects +# Please note that userPassword is a may +# attribute in the schema but is mandatory for +# Kolab +objectClasses: ( 1.3.6.1.4.1.19414.3.2.2 + NAME 'kolabInetOrgPerson' + DESC 'Kolab Internet Organizational Person' + SUP top AUXILIARY + MAY ( alias $ + mailHost $ + kolabHomeServerOnly $ + kolabDelegate $ + kolabInvitationPolicy $ + kolabVacationBeginDateTime $ + kolabVacationEndDateTime $ + kolabVacationResendInterval $ + kolabVacationAddress $ + kolabVacationReplyToUCE $ + kolabVacationReactDomain $ + kolabForwardKeepCopy $ + kolabForwardUCE $ + kolabAllowSMTPRecipient $ + kolabAllowSMTPFrom $ + kolabDeleteflag ) ) +# kolab groupOfNames with extra kolabDeleteflag and the required +# attribute mail. +# The mail attribute for kolab objects of the type kolabGroupOfNames +# is not arbitrary but MUST be a single attribute of the form +# of an valid SMTP address with the CN as the local part. +# E.g cn@kolabdomain (e.g. employees@mydomain.com). The +# mail attribute MUST be globally unique. +objectClasses: ( 1.3.6.1.4.1.19414.3.2.5 + NAME 'kolabGroupOfNames' + DESC 'Kolab group of names (DNs) derived from RFC2256' + SUP top AUXILIARY + MAY ( mail $ + kolabDeleteflag ) ) + diff --git a/kolab2.schema b/kolab2.schema index f8d8c41..5ef245e 100644 --- a/kolab2.schema +++ b/kolab2.schema @@ -1,1097 +1,346 @@ # $Id$ # (c) 2003, 2004 Tassilo Erlewein # (c) 2003-2009 Martin Konold # (c) 2003 Achim Frank # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: # # Redistributions of source code must retain the above copyright notice, this # list of conditions and the following disclaimer. # # Redistributions in binary form must reproduce the above copyright notice, # this list of conditions and the following disclaimer in the documentation # and/or other materials provided with the distribution. # # The name of the author may not be used to endorse or promote products derived # from this software without specific prior written permission. # # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED # WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO # EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, # PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; # OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR # OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - # This schema highly depends on the core.schema, cosine.schema and the inetorgperson.schema # as provided by 3rd parties like OpenLDAP. # # slapd.conf then looks like # include /kolab/etc/openldap/schema/core.schema # include /kolab/etc/openldap/schema/cosine.schema # include /kolab/etc/openldap/schema/inetorgperson.schema # include /kolab/etc/openldap/schema/rfc2739.schema # include /kolab/etc/openldap/schema/kolab2.schema - # Prefix for OIDs: 1.3.6.1.4.1.19414 <- registered # Prefix for OIDs: 1.3.6.1.4.1.19414.2000 <-- temporarily reserved for ob # Prefix for attributes: 1.3.6.1.4.1.19414.1 # Prefix for attributes: 1.3.6.1.4.1.19414.2 # Prefix for objectclasses: 1.3.6.1.4.1.19414.3 # nameprefix: kolab # +dn: cn=schema #################### # kolab attributes # #################### - -# helper attribute to make the kolab root easily findable in -# a big ldap directory -attributetype ( 1.3.6.1.4.1.19414.2.1.1 - NAME ( 'k' 'kolab' ) - DESC 'Kolab attribute' - SUP name ) - # kolabDeleteflag used to be a boolean but describes with Kolab 2 # the fqdn of the server which is requested to delete this objects # in its local store attributetype ( 1.3.6.1.4.1.19414.2.1.2 NAME 'kolabDeleteflag' DESC 'Per host deletion status' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) - # alias used to provide alternative rfc822 email addresses for kolab users attributetype ( 1.3.6.1.4.1.19414.2.1.3 NAME 'alias' DESC 'RFC1274: RFC822 Mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) - -# kolabEncryptedPassword is an asymmetrically (RSA) encrypted copy of the -# cleartext password. This is required in order to pass the password from -# the maintainance/administration application to the kolabHomeServer running the -# resource handler application in a secure manner. -# Actually this attribute is deprecated as of Kolab 2.1. Instead we grant the -# calendar user dn: cn=calendar,cn=internal,dc=yourcompany,dc=com access to -# the respective calendar folder using IMAP ACLs. -attributetype ( 1.3.6.1.4.1.19414.2.1.4 - NAME 'kolabEncryptedPassword' - DESC 'base64 encoded public key encrypted Password' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) - -# hostname including the domain name like kolab-master.yourcompany.com -attributetype ( 1.3.6.1.4.1.19414.2.1.5 - NAME ( 'fqhostname' 'fqdnhostname' ) - DESC 'Fully qualified Hostname including full domain component' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) - -# fqdn of all hosts in a multi-location or cluster setup -attributetype ( 1.3.6.1.4.1.19414.2.1.6 - NAME 'kolabHost' - DESC 'Multivalued -- list of hostnames in a Kolab setup' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) - -# fqdn of the server containg the actual user mailbox -attributetype ( 1.3.6.1.4.1.19414.1.1.1.1 - NAME 'kolabHomeServer' - DESC 'server which keeps the users mailbox' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) - -# flag for allowing unrestriced length of mails -attributetype ( 1.3.6.1.4.1.19414.1.1.1.2 - NAME 'unrestrictedMailSize' - EQUALITY booleanMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) - # Specifies the email delegates. # An email delegate can send email on behalf of the account # which means using the "from" of the account. # Delegates are specified by the syntax of rfc822 email addresses. attributetype ( 1.3.6.1.4.1.19414.1.1.1.3 NAME 'kolabDelegate' DESC 'Kolab user allowed to act as delegates - RFC822 Mailbox/Alias' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) - # For user, group and resource Kolab accounts # Describes how to respond to invitations # We keep the attribute as a string, but actually it can only have one # of the following values: # # ACT_ALWAYS_ACCEPT # ACT_ALWAYS_REJECT # ACT_REJECT_IF_CONFLICTS # ACT_MANUAL_IF_CONFLICTS # ACT_MANUAL # In addition one of these values may be prefixed with a primary email # address followed by a colon like # user@domain.tld: ACT_ALWAYS_ACCEPT attributetype ( 1.3.6.1.4.1.19414.1.1.1.4 NAME ( 'kolabInvitationPolicy' 'kolabResourceAction' ) DESC 'defines how to respond to invitations' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) - -# time span from now to the future used for the free busy data -# measured in days -attributetype ( 1.3.6.1.4.1.19414.1.1.1.5 - NAME 'kolabFreeBusyFuture' - DESC 'time in days for fb data towards the future' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - SINGLE-VALUE ) - -# time span from now to the past used for the free busy data -# measured in days -attributetype ( 1.3.6.1.4.1.19414.1.1.1.6 - NAME 'kolabFreeBusyPast' - DESC 'time in days for fb data towards the past' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - SINGLE-VALUE ) - -# fqdn of the server as the default SMTP MTA -# not used in Kolab 2 currently as in Kolab 2 the -# default MTA is equivalent to the kolabHomeServer -attributetype ( 1.3.6.1.4.1.19414.1.1.1.7 - NAME 'kolabHomeMTA' - DESC 'fqdn of default MTA' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} - SINGLE-VALUE ) - # Begin date of Kolab vacation period. Sender will # be notified every kolabVacationResendIntervall days # that recipient is absent until kolabVacationEnd. # Values in this syntax are encoded as printable strings, # represented as specified in X.208. # Note that the time zone must be specified. # For Kolab we limit ourself to GMT # YYYYMMDDHHMMZ e.g. 200512311458Z. # see also: rfc 2252. # Currently this attribute is not used in Kolab. attributetype ( 1.3.6.1.4.1.19414.1.1.1.8 NAME 'kolabVacationBeginDateTime' DESC 'Begin date of vacation' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) - # End date of Kolab vacation period. Sender will # be notified every kolabVacationResendIntervall days # that recipient is absent starting from kolabVacationBeginDateTime. # Values in this syntax are encoded as printable strings, # represented as specified in X.208. # Note that the time zone must be specified. # For Kolab we limit ourself to GMT # YYYYMMDDHHMMZ e.g. 200601012258Z. # see also: rfc 2252. # Currently this attribute is not used in Kolab. attributetype ( 1.3.6.1.4.1.19414.1.1.1.9 NAME 'kolabVacationEndDateTime' DESC 'End date of vacation' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) - # Intervall in days after which senders get # another vacation message. # Currently this attribute is not used in Kolab. attributetype ( 1.3.6.1.4.1.19414.1.1.1.10 NAME 'kolabVacationResendInterval' DESC 'Vacation notice interval in days' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) - # Email recipient addresses which are handled by the # vacation script. There can be multiple kolabVacationAddress # entries for each kolabInetOrgPerson. # Default is the primary email address and all # email aliases of the kolabInetOrgPerson. # Currently this attribute is not used in Kolab. attributetype ( 1.3.6.1.4.1.19414.1.1.1.11 NAME 'kolabVacationAddress' DESC 'Email address for vacation to response upon' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) - # Enable sending vacation notices in reaction # unsolicited commercial email. # Default is no. # Currently this attribute is not used in Kolab. attributetype ( 1.3.6.1.4.1.19414.1.1.1.12 NAME 'kolabVacationReplyToUCE' DESC 'Enable vacation notices to UCE' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) - # Email recipient domains which are handled by the # vacation script. There can be multiple kolabVacationReactDomain # entries for each kolabInetOrgPerson # Default is to handle all domains. # Currently this attribute is not used in Kolab. attributetype ( 1.3.6.1.4.1.19414.1.1.1.13 NAME 'kolabVacationReactDomain' DESC 'Multivalued -- Email domain for vacation to response upon' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) - -# Forward all incoming emails except UCE if kolabForwardUCE -# is not set to this email address. -# There can be multiple kolabForwardAddress entries for -# each kolabInetOrgPerson. -# Currently this attribute is not used in Kolab. -attributetype ( 1.3.6.1.4.1.19414.1.1.1.14 - NAME 'kolabForwardAddress' - DESC 'Forward email to this address' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) - # Keep local copy when forwarding emails to list of # kolabForwardAddress. # Default is no. # Currently this attribute is not used in Kolab. attributetype ( 1.3.6.1.4.1.19414.1.1.1.15 NAME 'kolabForwardKeepCopy' DESC 'Keep copy when forwarding' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) - # Enable forwarding of UCE. # Default is yes. # Currently this attribute is not used in Kolab. attributetype ( 1.3.6.1.4.1.19414.1.1.1.16 NAME 'kolabForwardUCE' DESC 'Enable forwarding of mails known as UCE' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) - -# comment when creating or deleting a kolab object -# a comment might be appropriate. This is most useful -# for tracability when users get moved to the graveyard -# instead of being really deleted. Every entry must be prefixed -# with an ISO 8601 date string e.g 200604301458Z. All times must -# be in zulu timezone. -attributetype ( 1.3.6.1.4.1.19414.1.1.1.17 - NAME 'kolabComment' - DESC 'multi-value comment' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) - # describes the allowed or disallowed smtp addresses for # recipients. If this attribute is not set for a user no # kolab recipient policy does apply. # example entries: # .tld - allow mail to every recipient for this tld # domain.tld - allow mail to everyone in domain.tld # .domain.tld - allow mail to everyone in domain.tld and its subdomains # user@domain.tld - allow mail to explicit user@domain.tld # user@ - allow mail to this user but any domain # -.tld - disallow mail to every recipient for this tld # -domain.tld - disallow mail to everyone in domain.tld # -.domain.tld - disallow mail to everyone in domain.tld and its subdomains # -user@domain.tld - disallow mail to explicit user@domain.tld # -user@ - disallow mail to this user but any domain attributetype ( 1.3.6.1.4.1.19414.1.1.1.18 NAME 'kolabAllowSMTPRecipient' DESC 'SMTP address allowed for destination (multi-valued)' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} ) - +# Jeroen van Meeuwen (Kolab Systems): Unnecessary in this deployment, as users will +# be created on one server only, however we keep this in here to allow the mail +# server to use to be specified from the user provisioning batch operation +# # Create the user mailbox on the kolabHomeServer only. # Default is no. attributetype ( 1.3.6.1.4.1.19414.1.1.1.19 NAME 'kolabHomeServerOnly' DESC 'Create the user mailbox on the kolabHomeServer only' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) - -attributetype ( 1.3.6.1.4.1.19414.1.1.1.20 - NAME 'kolabMaritalStatus' - DESC 'ledig(0), verh.(1)} DEFAULT ledig' - EQUALITY integerMatch - SINGLE-VALUE - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{1} ) - -attributetype ( 1.3.6.1.4.1.19414.1.1.1.21 - NAME ( 'homeFacsimileTelephoneNumber' 'homeFaxNumber' ) - DESC 'private facsimilie telephone number' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) - -attributetype ( 1.3.6.1.4.1.19414.1.1.1.25 - NAME 'bylawURI' - DESC 'URI pointing at the bylaw' - SUP labeledURI - SINGLE-VALUE ) - -# Single string with $ seperated lines consisting of -# surname $ -# givenName $ -# dateOfBirth $ -# restrictions $ -# signer of contract ('true'/'false') -attributetype ( 1.3.6.1.4.1.19414.1.1.1.27 - NAME 'legalRepresentative' - DESC 'legal representative' - EQUALITY caseIgnoreListMatch - SUBSTR caseIgnoreListSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) - -# Single string with $ seperated lines consisting of -# surname $ -# givenName $ -# dateOfBirth $ -# restrictions $ -# signer of contract ('true'/'false') -attributetype ( 1.3.6.1.4.1.19414.1.1.1.28 - NAME 'commercialProcuration' - DESC 'described person which has commercial procuration' - EQUALITY caseIgnoreListMatch - SUBSTR caseIgnoreListSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) - -attributetype ( 1.3.6.1.4.1.19414.1.1.1.29 - NAME 'legalRepresentationPolicy' - DESC 'described how legal representation works' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) - -attributetype ( 1.3.6.1.4.1.19414.1.1.1.31 - NAME 'inLiquidation' - EQUALITY booleanMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) - -attributetype ( 1.3.6.1.4.1.19414.1.1.1.32 - NAME 'tradeRegisterRegisteredCapital' - EQUALITY integerMatch - SINGLE-VALUE - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) - -attributetype ( 1.3.6.1.4.1.19414.1.1.1.33 - NAME 'tradeRegisterType' - SINGLE-VALUE - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -attributetype ( 1.3.6.1.4.1.19414.1.1.1.36 - NAME 'tradeRegisterURI' - SUP labeledURI - SINGLE-VALUE ) - -attributetype ( 1.3.6.1.4.1.19414.1.1.1.37 - NAME 'tradeRegisterLastChangedDate' - EQUALITY generalizedTimeMatch - SINGLE-VALUE - SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) - -attributetype ( 1.3.6.1.4.1.19414.1.1.1.38 - NAME 'kolabGermanBankAccountNumber' - DESC 'The 8-digits number of a german bank account without spaces' - SINGLE-VALUE - SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{10} ) - -attributetype ( 1.3.6.1.4.1.19414.1.1.1.39 - NAME 'kolabGermanBankCode' - DESC 'The 8-digits number of a german bank code (BLZ) without spaces' - SINGLE-VALUE - SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{8} ) - -attributetype ( 1.3.6.1.4.1.19414.1.1.1.40 - NAME 'kolabGermanBankName' - DESC 'The name of a german bank registered in the BLZ table published by Deutsche Bundesbank.' - SUP name - SINGLE-VALUE ) - -attributetype ( 1.3.6.1.4.1.19414.1.1.1.41 - NAME 'kolabGermanBankAccountInfo' - DESC 'Composed field containing a one-line human-readable representation of all necessary information.' - SINGLE-VALUE - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) - -attributetype ( 1.3.6.1.4.1.19414.1.1.1.42 - NAME 'kolabGermanBankAccountHolder' - DESC 'The name of the holder of a german bank account commonly used as recipient name.' - SINGLE-VALUE - SUP name ) - # describes the allowed or disallowed smtp addresses for # recipients. If this attribute is not set for a user no # kolab recipient policy does apply. # example entries: # .tld - allow mail to every recipient for this tld # domain.tld - allow mail to everyone in domain.tld # .domain.tld - allow mail to everyone in domain.tld and its subdomains # user@domain.tld - allow mail to explicit user@domain.tld # user@ - allow mail to this user but any domain # -.tld - disallow mail to every recipient for this tld # -domain.tld - disallow mail to everyone in domain.tld # -.domain.tld - disallow mail to everyone in domain.tld and its subdomains # -user@domain.tld - disallow mail to explicit user@domain.tld # -user@ - disallow mail to this user but any domain - attributetype ( 1.3.6.1.4.1.19414.1.1.1.43 NAME 'kolabAllowSMTPFrom' DESC 'SMTP address accepted for receiving (multi-valued)' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} ) - -attributetype ( 1.3.6.1.4.1.19414.1.1.1.44 - NAME 'kolabSalutation' - DESC 'Salutation like Mr., Mrs, Herr, Frau)' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} ) - # kolabFolderType describes the kind of Kolab folder # as defined in the kolab format specification. # We will annotate all folders with an entry # /vendor/kolab/folder-type containing the attribute # value.shared set to: [.]. # The can be: mail, event, journal, task, note, # or contact. The for a mail folder can be # inbox, drafts, sentitems, or junkemail (this one holds # spam mails). For the other s, it can only be # default, or not set. For other types of folders # supported by the clients, these should be prefixed with # "k-" for KMail, "h-" for Horde and "o-" for Outlook, and # look like for example "kolab.o-voicemail". Other third-party # clients shall use the "x-" prefix. # We then use the ANNOTATEMORE IMAP extension to # associate the folder type with a folder. attributetype ( 1.3.6.1.4.1.19414.2.1.7 NAME 'kolabFolderType' DESC 'type of a kolab folder' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) - -###################### -# postfix attributes # -###################### - -attributetype ( 1.3.6.1.4.1.19414.2.1.501 - NAME 'postfix-mydomain' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) - -attributetype ( 1.3.6.1.4.1.19414.2.1.502 - NAME 'postfix-relaydomains' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) - -attributetype ( 1.3.6.1.4.1.19414.2.1.503 - NAME 'postfix-mydestination' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) - -attributetype ( 1.3.6.1.4.1.19414.2.1.504 - NAME 'postfix-mynetworks' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) - -attributetype ( 1.3.6.1.4.1.19414.2.1.505 - NAME 'postfix-relayhost' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) - -attributetype ( 1.3.6.1.4.1.19414.2.1.506 - NAME 'postfix-transport' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) - -attributetype ( 1.3.6.1.4.1.19414.2.1.507 - NAME 'postfix-enable-virus-scan' - EQUALITY booleanMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 - SINGLE-VALUE ) - -attributetype ( 1.3.6.1.4.1.19414.2.1.508 - NAME 'postfix-allow-unauthenticated' - EQUALITY booleanMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 - SINGLE-VALUE ) - -attributetype ( 1.3.6.1.4.1.19414.2.1.509 - NAME 'postfix-virtual' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) - -attributetype ( 1.3.6.1.4.1.19414.2.1.510 - NAME 'postfix-relayport' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) - -attributetype ( 1.3.6.1.4.1.19414.2.1.511 - NAME 'postfix-message-size-limit' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) - -########################## -# cyrus imapd attributes # -########################## - -attributetype ( 1.3.6.1.4.1.19414.2.1.601 - NAME 'cyrus-autocreatequota' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 - SINGLE-VALUE ) - -attributetype ( 1.3.6.1.4.1.19414.2.1.602 - NAME 'cyrus-admins' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) - -# enable plain imap without ssl -attributetype ( 1.3.6.1.4.1.19414.2.1.603 - NAME 'cyrus-imap' - EQUALITY booleanMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 - SINGLE-VALUE ) - -# enable legacy pop3 -attributetype ( 1.3.6.1.4.1.19414.2.1.604 - NAME 'cyrus-pop3' - EQUALITY booleanMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) - -# user specific quota on the cyrus imap server -attributetype ( 1.3.6.1.4.1.19414.2.1.605 - NAME 'cyrus-userquota' - DESC 'Mailbox hard quota limit in MB' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) - # cyrus imapd access control list # acls work with users and groups attributetype ( 1.3.6.1.4.1.19414.2.1.651 NAME 'acl' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) - -# enable secure imap -attributetype ( 1.3.6.1.4.1.19414.2.1.606 - NAME 'cyrus-imaps' - EQUALITY booleanMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) - -# enable secure pop3 -attributetype ( 1.3.6.1.4.1.19414.2.1.607 - NAME 'cyrus-pop3s' - EQUALITY booleanMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) - -# enable sieve support (required for forward and vacation services) -attributetype ( 1.3.6.1.4.1.19414.2.1.608 - NAME 'cyrus-sieve' - EQUALITY booleanMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) - -# installation wide percentage which determines when to send a -# warning to the user -attributetype ( 1.3.6.1.4.1.19414.2.1.609 - NAME 'cyrus-quotawarn' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) - -# enable smmap support -attributetype ( 1.3.6.1.4.1.19414.2.1.610 - NAME 'cyrus-smmap' - EQUALITY booleanMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) - -# enable fulldirhash support -attributetype ( 1.3.6.1.4.1.19414.2.1.611 - NAME 'cyrus-fulldirhash' - EQUALITY booleanMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) - -# enable hashimapspool support -attributetype ( 1.3.6.1.4.1.19414.2.1.612 - NAME 'cyrus-hashimapspool' - EQUALITY booleanMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) - -# enable squatter support -attributetype ( 1.3.6.1.4.1.19414.2.1.613 - NAME 'cyrus-squatter' - EQUALITY booleanMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) - - -############################# -# apache and php attributes # -############################# - -# enable plain http (no ssl) -attributetype ( 1.3.6.1.4.1.19414.2.1.701 - NAME 'apache-http' - EQUALITY booleanMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) - -# Allow freebusy download without authenticating first -attributetype ( 1.3.6.1.4.1.19414.2.1.702 - NAME 'apache-allow-unauthenticated-fb' - EQUALITY booleanMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) - ########################## # kolabfilter attributes # ########################## - # enable trustable From: attributetype ( 1.3.6.1.4.1.19414.2.1.750 NAME 'kolabfilter-verify-from-header' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) - # should Sender header be allowed instead of From # when present? attributetype ( 1.3.6.1.4.1.19414.2.1.751 NAME 'kolabfilter-allow-sender-header' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) - # Should reject messages with From headers that dont match # the envelope? Default is to rewrite the header attributetype ( 1.3.6.1.4.1.19414.2.1.752 NAME 'kolabfilter-reject-forged-from-header' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) - -# Enable the Kolab Policy Daemon. If false or not -# set don't use the Kolab Policy Daemon -attributetype ( 1.3.6.1.4.1.19414.2.1.800 - NAME 'kolabPolicyDaemon' - EQUALITY booleanMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) - -# Configurable list of ciphers considered to be secure enough for our purposes. -# E.g. TLS 1.0 and SSL 3.0 -attributetype ( 1.3.6.1.4.1.19414.2.1.801 - NAME 'kolabSecureCiphers' - DESC 'comma separated list of ciphers considered to be secure' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SINGLE-VALUE - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) - - -###################################################### -# proftpd attributes (unused since Kolab Server 2.2) # -###################################################### - -attributetype ( 1.3.6.1.4.1.19414.2.1.901 - NAME 'proftpd-defaultquota' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) - -attributetype ( 1.3.6.1.4.1.19414.2.1.902 - NAME 'proftpd-ftp' - EQUALITY booleanMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) - -attributetype ( 1.3.6.1.4.1.19414.2.1.903 - NAME 'proftpd-userPassword' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) - -######################################################################## -# pop3 service attributes (suitable to integrate external pop3 sources # -######################################################################## - -attributetype ( 1.3.6.1.4.1.19414.2.1.1001 - NAME 'externalPop3AccountDescription' - DESC 'a human readable description of the external POP3 account e.g. my gmail account' - SINGLE-VALUE - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) - -attributetype ( 1.3.6.1.4.1.19414.2.1.1002 - NAME 'externalPop3AccountMail' - DESC 'email address associated with the external POP3 account e.g. givenname.surname@gmail.com' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) - -attributetype ( 1.3.6.1.4.1.19414.2.1.1003 - NAME 'externalPop3AccountServer' - DESC 'Pop3 server associated with the external POP3 account e.g. pop3.provider.com' - SINGLE-VALUE - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) - -attributetype ( 1.3.6.1.4.1.19414.2.1.1004 - NAME 'externalPop3AccountPort' - DESC 'TCP port number used for pop3 service associated with the external POP3 account e.g. 110' - EQUALITY integerMatch - SINGLE-VALUE - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{5} ) - -attributetype ( 1.3.6.1.4.1.19414.2.1.1005 - NAME 'externalPop3AccountUseSSL' - DESC 'boolean defining if SSL must be used for external POP3 account - requires suitable externalPop3AccountPort' - EQUALITY booleanMatch - SINGLE-VALUE - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) - -attributetype ( 1.3.6.1.4.1.19414.2.1.1006 - NAME 'externalPop3AccountUseTLS' - DESC 'boolean defining if TLS must be used for external POP3 account' - EQUALITY booleanMatch - SINGLE-VALUE - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) - -# sometimes useful for self-signed certificates -attributetype ( 1.3.6.1.4.1.19414.2.1.1007 - NAME 'externalPop3AccountCheckServerCertificate' - DESC 'allows to disable checking server certificates when using SSL or TLS - beware of MIT-attacks!' - EQUALITY booleanMatch - SINGLE-VALUE - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) - -attributetype ( 1.3.6.1.4.1.19414.2.1.1008 - NAME 'externalPop3AccountLoginName' - DESC 'name used to login into pop3 account often this uid is equivalent to the email address' - SINGLE-VALUE - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) - -attributetype ( 1.3.6.1.4.1.19414.2.1.1009 - NAME 'externalPop3EncryptedAccountPassword' - DESC 'encryped password for the external POP3 account - secret key must be known to the pop3 fetch service' - SINGLE-VALUE - SYNTAX 1.3.6.1.4.1.1466.115.121.1.40) - -attributetype ( 1.3.6.1.4.1.19414.2.1.1010 - NAME 'externalPop3AccountKeepMailOnServer' - DESC 'controls if fetched message shall remain on external POP3 server - beware this is often unreliable' - EQUALITY booleanMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) - -attributetype ( 1.3.6.1.4.1.19414.2.1.1011 - NAME 'externalPop3AccountLoginMethod' - DESC 'login method used for external POP3 account - currently these are plainText, LOGIN, PLAIN, NTLM, DIGEST-MD5, CRAM-MD5, GSSAPI and APOP' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} ) - -######################## -# external definitions # -######################## - -# extended from apple.schema -attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.27 - NAME ( 'apple-birthday' 'dateOfBirth' 'dateOfIncorporation' ) - DESC 'Birthday or date of incorporation' - EQUALITY generalizedTimeMatch - SUBSTR caseExactIA5SubstringsMatch - SINGLE-VALUE - SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) - -# from http://www.stroeder.com/stroeder.com.schema -attributetype ( 1.3.6.1.4.1.5427.1.389.4.12 - NAME ( 'birthPlace' 'placeOfBirth' ) - DESC 'Place of birth' - SUP name - SINGLE-VALUE ) - -# from http://www.stroeder.com/stroeder.com.schema -attributetype ( 1.3.6.1.4.1.5427.1.389.4.14 - NAME 'birthName' - DESC 'Last name at time of birth, e.g. maiden name' - SUP name - SINGLE-VALUE ) - -# from http://www.stroeder.com/stroeder.com.schema -# The following data items and codes are used (see ISO 5218): -# Not known 0 -# Male 1 -# Female 2 -# Not specified 9 -# -attributetype ( 1.3.6.1.4.1.5427.1.389.4.7 - NAME 'gender' - DESC 'Representation of human sex (see ISO 5218)' - EQUALITY integerMatch - SINGLE-VALUE - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{1} ) - -# from http://www.stroeder.com/stroeder.com.schema -# tax ID of person or company within Germany -# -attributetype ( 1.3.6.1.4.1.5427.1.389.4.666 - NAME 'germanTaxId' - DESC 'tax ID of person or company within Germany' - EQUALITY caseIgnoreMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{20} ) - -# rfc 3039 -# ISO 3166 Country Code -# multiple citizenships are possible! -attributetype ( 1.3.6.1.5.5.7.9.4 - NAME 'countryOfCitizenship' - DESC 'Country of citizenship' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 ) - -# ISO 3166 Country Code -attributetype ( 1.3.6.1.5.5.7.9.5 - NAME 'countryOfResidence' - DESC 'Country of residence' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 ) - -# http://www.daasi.de/ -attributetype ( 1.3.6.1.4.1.5062.1.1.3.16 - NAME 'legalForm' - DESC 'legal form of a company' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SINGLE-VALUE - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) - -# http://www.daasi.de/ -# location of the trade register authority -attributetype ( 1.3.6.1.4.1.5062.1.1.3.17 - NAME 'tradeRegisterLocation' - DESC 'Location of the trade registrar where the organization is registered' - SUP name - SINGLE-VALUE ) - -# http://www.daasi.de/ -# registration number a the trade register authority -attributetype ( 1.3.6.1.4.1.5062.1.1.3.18 - NAME 'tradeRegisterIdentifier' - DESC 'Idientifier with which an organization is registered' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SINGLE-VALUE - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) - -# https://forxa.mancomun.org/plugins/scmsvn/viewcvs.php/trunk/ldap/dxpisi.schema?annotate=29&root=mancomun -# VATNumber -# Identifier number for companies and persons. In Spain it is the same as NIF/CIF. -# In Germany it is called Umsatzsteueridentifikationsnummer. -attributetype ( 1.3.6.1.4.1.27994.1.3.4 - NAME 'VATNumber' - DESC 'Identifier number for companies and persons' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{10} ) - ######################## # kolab object classes # ######################## - -# main kolab server configuration -# storing global values and user specific default values -# like kolabFreeBusyFuture and kolabFreeBusyPast -objectclass ( 1.3.6.1.4.1.19414.2.2.1 - NAME 'kolab' - DESC 'Kolab server configuration' - SUP top STRUCTURAL - MUST k - MAY ( kolabHost $ - postfix-mydomain $ - postfix-relaydomains $ - postfix-mydestination $ - postfix-mynetworks $ - postfix-relayhost $ - postfix-relayport $ - postfix-transport $ - postfix-virtual $ - postfix-enable-virus-scan $ - postfix-allow-unauthenticated $ - postfix-message-size-limit $ - cyrus-quotawarn $ - cyrus-autocreatequota $ - cyrus-admins $ - cyrus-imap $ - cyrus-pop3 $ - cyrus-imaps $ - cyrus-pop3s $ - cyrus-sieve $ - cyrus-smmap $ - cyrus-fulldirhash $ - cyrus-hashimapspool $ - cyrus-squatter $ - apache-http $ - apache-allow-unauthenticated-fb $ - kolabfilter-verify-from-header $ - kolabfilter-allow-sender-header $ - kolabfilter-reject-forged-from-header $ - kolabPolicyDaemon $ - kolabSecureCiphers $ - proftpd-ftp $ - proftpd-defaultquota $ - kolabFreeBusyFuture $ - kolabFreeBusyPast $ - uid $ - userPassword ) ) - # public folders are typically visible to everyone subscribed to # the server without the need for an extra login. Subfolders are # defined using the hiarchy seperator '/' e.g. "sf/sub1". Please note # that the term public folder is prefered to shared folder because # normal user mailboxes can also share folders using acls. objectclass ( 1.3.6.1.4.1.19414.2.2.9 NAME 'kolabSharedFolder' DESC 'Kolab public shared folder' SUP top STRUCTURAL MUST cn MAY ( acl $ - alias $ - cyrus-userquota $ - kolabHomeServer $ + mailHost $ kolabFolderType $ kolabDeleteflag ) ) - -# kolabNamedObject is used as a plain node for the LDAP tree. -# In contrast to unix filesystem directories LDAP nodes can -# and often do also have contents/attributes. We use the -# kolabNamedObject in order to put some structure in the -# LDAP directory tree. -objectclass ( 1.3.6.1.4.1.5322.13.1.1 - NAME 'kolabNamedObject' - SUP top STRUCTURAL - MAY (cn $ ou) ) - # kolab account # we use an auxiliary in order to ease integration # with existing inetOrgPerson objects # Please note that userPassword is a may # attribute in the schema but is mandatory for # Kolab objectclass ( 1.3.6.1.4.1.19414.3.2.2 NAME 'kolabInetOrgPerson' DESC 'Kolab Internet Organizational Person' SUP top AUXILIARY - MAY ( c $ - alias $ - pseudonym $ - kolabHomeServer $ + MAY ( alias $ + mailHost $ kolabHomeServerOnly $ - kolabHomeMTA $ - unrestrictedMailSize $ kolabDelegate $ - kolabEncryptedPassword $ - cyrus-userquota $ kolabInvitationPolicy $ - kolabFreeBusyFuture $ kolabVacationBeginDateTime $ kolabVacationEndDateTime $ kolabVacationResendInterval $ kolabVacationAddress $ kolabVacationReplyToUCE $ kolabVacationReactDomain $ - kolabForwardAddress $ kolabForwardKeepCopy $ kolabForwardUCE $ kolabAllowSMTPRecipient $ kolabAllowSMTPFrom $ - kolabSalutation $ - kolabMaritalStatus $ - dateOfBirth $ - placeOfBirth $ - birthName $ - gender $ - homeFacsimileTelephoneNumber $ - countryOfCitizenship $ - countryOfResidence $ - legalForm $ - tradeRegisterLocation $ - tradeRegisterIdentifier $ - VATNumber $ - germanTaxId $ - kolabDeleteflag $ - kolabComment ) ) - -# kolab organization with country support -objectclass ( 1.3.6.1.4.1.19414.3.2.3 - NAME 'kolabOrganization' - DESC 'RFC2256: a Kolab organization' - SUP organization STRUCTURAL - MAY ( c $ - mail $ - kolabDeleteflag $ - alias ) ) - -# kolab organizational unit with country support -objectclass ( 1.3.6.1.4.1.19414.3.2.4 - NAME 'kolabOrganizationalUnit' - DESC 'a Kolab organizational unit' - SUP organizationalUnit STRUCTURAL - MAY ( c $ - mail $ - kolabDeleteflag $ - alias ) ) - + kolabDeleteflag ) ) # kolab groupOfNames with extra kolabDeleteflag and the required # attribute mail. # The mail attribute for kolab objects of the type kolabGroupOfNames # is not arbitrary but MUST be a single attribute of the form # of an valid SMTP address with the CN as the local part. # E.g cn@kolabdomain (e.g. employees@mydomain.com). The # mail attribute MUST be globally unique. -objectclass ( 1.3.6.1.4.1.19414.3.2.5 - NAME 'kolabGroupOfNames' - DESC 'Kolab group of names (DNs) derived from RFC2256' - SUP groupOfNames STRUCTURAL +objectclass ( 1.3.6.1.4.1.19414.3.2.8 + NAME 'kolabGroupOfUniqueNames' + DESC 'Kolab group of unique names (DNs) derived from RFC2256' + SUP top AUXILIARY MAY ( mail $ kolabDeleteflag ) ) -objectclass ( 1.3.6.1.4.1.19414.3.2.6 - NAME 'kolabExternalPop3Account' - DESC 'kolab fetch messages via POP3 from external sources' - SUP top STRUCTURAL - MUST ( externalPop3AccountServer $ - externalPop3AccountLoginName $ - externalPop3EncryptedAccountPassword ) - MAY ( externalPop3AccountDescription $ - externalPop3AccountMail $ - externalPop3AccountPort $ - externalPop3AccountUseSSL $ - externalPop3AccountUseTLS $ - externalPop3AccountLoginMethod $ - externalPop3AccountCheckServerCertificate $ - externalPop3AccountKeepMailOnServer ) ) - -objectclass ( 1.3.6.1.4.1.19414.3.2.7 - NAME 'kolabGermanBankArrangement' - DESC 'German bank account information' - SUP top STRUCTURAL - MUST ( kolabGermanBankAccountNumber $ - kolabGermanBankCode ) - MAY ( kolabGermanBankAccountHolder $ - kolabGermanBankName $ - kolabGermanBankAccountInfo ) )