diff --git a/kolab2.schema b/kolab2.schema index 38ad6c3..3e33e97 100644 --- a/kolab2.schema +++ b/kolab2.schema @@ -1,985 +1,997 @@ # $Id$ -# (c) 2003, 2004 Tassilo Erlewein -# (c) 2003-2009 Martin Konold -# (c) 2003 Achim Frank +# (c) 2003-2004 Tassilo Erlewein +# (c) 2003-2009 Martin Konold +# (c) 2003 Achim Frank # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions are met: # # Redistributions of source code must retain the above copyright notice, this # list of conditions and the following disclaimer. # # Redistributions in binary form must reproduce the above copyright notice, # this list of conditions and the following disclaimer in the documentation # and/or other materials provided with the distribution. # # The name of the author may not be used to endorse or promote products derived # from this software without specific prior written permission. # # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED # WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF # MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO # EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, # SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, # PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; # OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, # WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR # OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF # ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. # This schema highly depends on the core.schema, cosine.schema and the inetorgperson.schema # as provided by 3rd parties like OpenLDAP. # # slapd.conf then looks like # include /kolab/etc/openldap/schema/core.schema # include /kolab/etc/openldap/schema/cosine.schema # include /kolab/etc/openldap/schema/inetorgperson.schema # include /kolab/etc/openldap/schema/rfc2739.schema # include /kolab/etc/openldap/schema/kolab2.schema # Prefix for OIDs: 1.3.6.1.4.1.19414 <- registered # Prefix for OIDs: 1.3.6.1.4.1.19414.2000 <-- temporarily reserved for ob # Prefix for attributes: 1.3.6.1.4.1.19414.1 # Prefix for attributes: 1.3.6.1.4.1.19414.2 # Prefix for objectclasses: 1.3.6.1.4.1.19414.3 # nameprefix: kolab # #################### # kolab attributes # #################### # helper attribute to make the kolab root easily findable in # a big ldap directory attributetype ( 1.3.6.1.4.1.19414.2.1.1 NAME ( 'k' 'kolab' ) DESC 'Kolab attribute' SUP name ) # kolabDeleteflag used to be a boolean but describes with Kolab 2 # the fqdn of the server which is requested to delete this objects # in its local store attributetype ( 1.3.6.1.4.1.19414.2.1.2 NAME 'kolabDeleteflag' DESC 'Per host deletion status' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # alias used to provide alternative rfc822 email addresses for kolab users attributetype ( 1.3.6.1.4.1.19414.2.1.3 NAME 'alias' DESC 'RFC1274: RFC822 Mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # kolabEncryptedPassword is an asymmetrically (RSA) encrypted copy of the # cleartext password. This is required in order to pass the password from # the maintainance/administration application to the kolabHomeServer running the # resource handler application in a secure manner. # Actually this attribute is deprecated as of Kolab 2.1. Instead we grant the # calendar user dn: cn=calendar,cn=internal,dc=yourcompany,dc=com access to # the respective calendar folder using IMAP ACLs. attributetype ( 1.3.6.1.4.1.19414.2.1.4 NAME 'kolabEncryptedPassword' DESC 'base64 encoded public key encrypted Password' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # hostname including the domain name like kolab-master.yourcompany.com attributetype ( 1.3.6.1.4.1.19414.2.1.5 NAME ( 'fqhostname' 'fqdnhostname' ) DESC 'Fully qualified Hostname including full domain component' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # fqdn of all hosts in a multi-location or cluster setup attributetype ( 1.3.6.1.4.1.19414.2.1.6 NAME 'kolabHost' DESC 'Multivalued -- list of hostnames in a Kolab setup' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # fqdn of the server containg the actual user mailbox attributetype ( 1.3.6.1.4.1.19414.1.1.1.1 NAME 'kolabHomeServer' DESC 'server which keeps the users mailbox' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # flag for allowing unrestriced length of mails attributetype ( 1.3.6.1.4.1.19414.1.1.1.2 NAME 'unrestrictedMailSize' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) # Specifies the email delegates. # An email delegate can send email on behalf of the account # which means using the "from" of the account. # Delegates are specified by the syntax of rfc822 email addresses. attributetype ( 1.3.6.1.4.1.19414.1.1.1.3 NAME 'kolabDelegate' DESC 'Kolab user allowed to act as delegates - RFC822 Mailbox/Alias' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # For user, group and resource Kolab accounts # Describes how to respond to invitations # We keep the attribute as a string, but actually it can only have one # of the following values: # # ACT_ALWAYS_ACCEPT # ACT_ALWAYS_REJECT # ACT_REJECT_IF_CONFLICTS # ACT_MANUAL_IF_CONFLICTS # ACT_MANUAL # In addition one of these values may be prefixed with a primary email # address followed by a colon like # user@domain.tld: ACT_ALWAYS_ACCEPT attributetype ( 1.3.6.1.4.1.19414.1.1.1.4 NAME ( 'kolabInvitationPolicy' 'kolabResourceAction' ) DESC 'defines how to respond to invitations' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # time span from now to the future used for the free busy data # measured in days attributetype ( 1.3.6.1.4.1.19414.1.1.1.5 NAME 'kolabFreeBusyFuture' DESC 'time in days for fb data towards the future' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) # time span from now to the past used for the free busy data # measured in days attributetype ( 1.3.6.1.4.1.19414.1.1.1.6 NAME 'kolabFreeBusyPast' DESC 'time in days for fb data towards the past' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) # fqdn of the server as the default SMTP MTA # not used in Kolab 2 currently as in Kolab 2 the # default MTA is equivalent to the kolabHomeServer attributetype ( 1.3.6.1.4.1.19414.1.1.1.7 NAME 'kolabHomeMTA' DESC 'fqdn of default MTA' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) # Begin date of Kolab vacation period. Sender will # be notified every kolabVacationResendIntervall days # that recipient is absent until kolabVacationEnd. # Values in this syntax are encoded as printable strings, # represented as specified in X.208. # Note that the time zone must be specified. # For Kolab we limit ourself to GMT # YYYYMMDDHHMMZ e.g. 200512311458Z. # see also: rfc 2252. # Currently this attribute is not used in Kolab. attributetype ( 1.3.6.1.4.1.19414.1.1.1.8 NAME 'kolabVacationBeginDateTime' DESC 'Begin date of vacation' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) # End date of Kolab vacation period. Sender will # be notified every kolabVacationResendIntervall days # that recipient is absent starting from kolabVacationBeginDateTime. # Values in this syntax are encoded as printable strings, # represented as specified in X.208. # Note that the time zone must be specified. # For Kolab we limit ourself to GMT # YYYYMMDDHHMMZ e.g. 200601012258Z. # see also: rfc 2252. # Currently this attribute is not used in Kolab. attributetype ( 1.3.6.1.4.1.19414.1.1.1.9 NAME 'kolabVacationEndDateTime' DESC 'End date of vacation' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) # Intervall in days after which senders get # another vacation message. # Currently this attribute is not used in Kolab. attributetype ( 1.3.6.1.4.1.19414.1.1.1.10 NAME 'kolabVacationResendInterval' DESC 'Vacation notice interval in days' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) # Email recipient addresses which are handled by the # vacation script. There can be multiple kolabVacationAddress # entries for each kolabInetOrgPerson. # Default is the primary email address and all # email aliases of the kolabInetOrgPerson. # Currently this attribute is not used in Kolab. attributetype ( 1.3.6.1.4.1.19414.1.1.1.11 NAME 'kolabVacationAddress' DESC 'Email address for vacation to response upon' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # Enable sending vacation notices in reaction # unsolicited commercial email. # Default is no. # Currently this attribute is not used in Kolab. attributetype ( 1.3.6.1.4.1.19414.1.1.1.12 NAME 'kolabVacationReplyToUCE' DESC 'Enable vacation notices to UCE' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) # Email recipient domains which are handled by the # vacation script. There can be multiple kolabVacationReactDomain # entries for each kolabInetOrgPerson # Default is to handle all domains. # Currently this attribute is not used in Kolab. attributetype ( 1.3.6.1.4.1.19414.1.1.1.13 NAME 'kolabVacationReactDomain' DESC 'Multivalued -- Email domain for vacation to response upon' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # Forward all incoming emails except UCE if kolabForwardUCE # is not set to this email address. # There can be multiple kolabForwardAddress entries for # each kolabInetOrgPerson. # Currently this attribute is not used in Kolab. attributetype ( 1.3.6.1.4.1.19414.1.1.1.14 NAME 'kolabForwardAddress' DESC 'Forward email to this address' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # Keep local copy when forwarding emails to list of # kolabForwardAddress. # Default is no. # Currently this attribute is not used in Kolab. attributetype ( 1.3.6.1.4.1.19414.1.1.1.15 NAME 'kolabForwardKeepCopy' DESC 'Keep copy when forwarding' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) # Enable forwarding of UCE. # Default is yes. # Currently this attribute is not used in Kolab. attributetype ( 1.3.6.1.4.1.19414.1.1.1.16 NAME 'kolabForwardUCE' DESC 'Enable forwarding of mails known as UCE' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) # comment when creating or deleting a kolab object # a comment might be appropriate. This is most useful # for tracability when users get moved to the graveyard # instead of being really deleted. Every entry must be prefixed # with an ISO 8601 date string e.g 200604301458Z. All times must # be in zulu timezone. attributetype ( 1.3.6.1.4.1.19414.1.1.1.17 NAME 'kolabComment' DESC 'multi-value comment' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) # describes the allowed or disallowed smtp addresses for # recipients. If this attribute is not set for a user no # kolab recipient policy does apply. # example entries: # .tld - allow mail to every recipient for this tld # domain.tld - allow mail to everyone in domain.tld # .domain.tld - allow mail to everyone in domain.tld and its subdomains # user@domain.tld - allow mail to explicit user@domain.tld # user@ - allow mail to this user but any domain # -.tld - disallow mail to every recipient for this tld # -domain.tld - disallow mail to everyone in domain.tld # -.domain.tld - disallow mail to everyone in domain.tld and its subdomains # -user@domain.tld - disallow mail to explicit user@domain.tld # -user@ - disallow mail to this user but any domain attributetype ( 1.3.6.1.4.1.19414.1.1.1.18 NAME 'kolabAllowSMTPRecipient' DESC 'SMTP address allowed for destination (multi-valued)' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} ) # Create the user mailbox on the kolabHomeServer only. # Default is no. attributetype ( 1.3.6.1.4.1.19414.1.1.1.19 NAME 'kolabHomeServerOnly' DESC 'Create the user mailbox on the kolabHomeServer only' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.19414.1.1.1.19 NAME 'kolabSalutation' DESC 'Salutation like Mr., Mrs, Herr, Frau)' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} ) attributetype ( 1.3.6.1.4.1.19414.1.1.1.20 NAME 'kolabMaritalStatus' DESC 'ledig(0), verh.(1)} DEFAULT ledig' EQUALITY integerMatch SINGLE-VALUE SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{1} ) attributetype ( 1.3.6.1.4.1.19414.1.1.1.21 NAME ( 'homeFacsimileTelephoneNumber' 'homeFaxNumber' ) DESC 'private facsimilie telephone number' SUP telephoneNumber ) attributetype ( 1.3.6.1.4.1.19414.1.1.1.25 NAME 'bylawURI' DESC 'URI pointing at the bylaw' SUP labeledURI SINGLE-VALUE ) # Single string with $ seperated lines consisting of # surname $ # givenName $ # dateOfBirth $ # restrictions $ # signer of contract ('true'/'false') attributetype ( 1.3.6.1.4.1.19414.1.1.1.27 NAME 'legalRepresentative' DESC 'legal representative' EQUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) # Single string with $ seperated lines consisting of # surname $ # givenName $ # dateOfBirth $ # restrictions $ # signer of contract ('true'/'false') attributetype ( 1.3.6.1.4.1.19414.1.1.1.28 NAME 'commercialProcuration' DESC 'described person which has commercial procuration' EQUALITY caseIgnoreListMatch SUBSTR caseIgnoreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) attributetype ( 1.3.6.1.4.1.19414.1.1.1.29 NAME 'legalRepresentationPolicy' DESC 'described how legal representation works' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.19414.1.1.1.31 NAME 'inLiquidation' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ): attributetype ( 1.3.6.1.4.1.19414.1.1.1.32 NAME 'tradeRegisterRegisteredCapital' EQUALITY integerMatch SINGLE-VALUE SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributetype ( 1.3.6.1.4.1.19414.1.1.1.33 NAME 'tradeRegisterType' SINGLE-VALUE SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.19414.1.1.1.36 NAME 'tradeRegisterURI' SUP labeledURI SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.19414.1.1.1.37 NAME 'tradeRegisterLastChangedDate' EQUALITY generalizedTimeMatch SINGLE-VALUE SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 ) attributetype ( 1.3.6.1.4.1.19414.1.1.1.38 NAME 'kolabGermanBankAccountNumber' DESC 'The 8-digits number of a german bank account without spaces' SINGLE-VALUE SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{10} ) attributetype ( 1.3.6.1.4.1.19414.1.1.1.39 NAME 'kolabGermanBankCode' DESC 'The 8-digits number of a german bank code (BLZ) without spaces' SINGLE-VALUE SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{8} ) attributetype ( 1.3.6.1.4.1.19414.1.1.1.40 NAME 'kolabGermanBankName' DESC 'The name of a german bank registered in the BLZ table published by Deutsche Bundesbank.' SUP name SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.19414.1.1.1.41 NAME 'kolabGermanBankAccountInfo' DESC 'Composed field containing a one-line human-readable representation of all necessary information.' SINGLE-VALUE SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.19414.1.1.1.42 NAME 'kolabGermanBankAccountHolder' DESC 'The name of the holder of a german bank account commonly used as recipient name.' SINGLE-VALUE SUP name ) # describes the allowed or disallowed smtp addresses for # receiving. If this attribute is not set for a user no # kolab recieving address policy does apply. # example entries: # .tld - allow mail from every sender for this tld # domain.tld - allow mail from everyone in domain.tld # .domain.tld - allow mail from everyone in domain.tld and its subdomains # user@domain.tld - allow mail from explicit user@domain.tld # user@ - allow mail from this user but any domain # -.tld - disallow mail from every sender for this tld # -domain.tld - disallow mail from everyone in domain.tld # -.domain.tld - disallow mail from everyone in domain.tld and its subdomains # -user@domain.tld - disallow mail from explicit user@domain.tld # -user@ - disallow mail from this user but any domain attributetype ( 1.3.6.1.4.1.19414.1.1.1.43 NAME 'kolabAllowSMTPFrom' DESC 'SMTP address accepted for receiving (multi-valued)' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} ) # kolabFolderType describes the kind of Kolab folder # as defined in the kolab format specification. # We will annotate all folders with an entry # /vendor/kolab/folder-type containing the attribute # value.shared set to: [.]. # The can be: mail, event, journal, task, note, # or contact. The for a mail folder can be # inbox, drafts, sentitems, or junkemail (this one holds # spam mails). For the other s, it can only be # default, or not set. For other types of folders # supported by the clients, these should be prefixed with # "k-" for KMail, "h-" for Horde and "o-" for Outlook, and # look like for example "kolab.o-voicemail". Other third-party # clients shall use the "x-" prefix. # We then use the ANNOTATEMORE IMAP extension to # associate the folder type with a folder. attributetype ( 1.3.6.1.4.1.19414.2.1.7 NAME 'kolabFolderType' DESC 'type of a kolab folder' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) ###################### # postfix attributes # ###################### attributetype ( 1.3.6.1.4.1.19414.2.1.501 NAME 'postfix-mydomain' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) attributetype ( 1.3.6.1.4.1.19414.2.1.502 NAME 'postfix-relaydomains' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) attributetype ( 1.3.6.1.4.1.19414.2.1.503 NAME 'postfix-mydestination' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) attributetype ( 1.3.6.1.4.1.19414.2.1.504 NAME 'postfix-mynetworks' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) attributetype ( 1.3.6.1.4.1.19414.2.1.505 NAME 'postfix-relayhost' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) attributetype ( 1.3.6.1.4.1.19414.2.1.506 NAME 'postfix-transport' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) attributetype ( 1.3.6.1.4.1.19414.2.1.507 NAME 'postfix-enable-virus-scan' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.19414.2.1.508 NAME 'postfix-allow-unauthenticated' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.19414.2.1.509 NAME 'postfix-virtual' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) attributetype ( 1.3.6.1.4.1.19414.2.1.510 NAME 'postfix-relayport' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) attributetype ( 1.3.6.1.4.1.19414.2.1.511 NAME 'postfix-message-size-limit' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) ########################## # cyrus imapd attributes # ########################## attributetype ( 1.3.6.1.4.1.19414.2.1.601 NAME 'cyrus-autocreatequota' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.19414.2.1.602 NAME 'cyrus-admins' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # enable plain imap without ssl attributetype ( 1.3.6.1.4.1.19414.2.1.603 NAME 'cyrus-imap' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) # enable legacy pop3 attributetype ( 1.3.6.1.4.1.19414.2.1.604 NAME 'cyrus-pop3' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) # user specific quota on the cyrus imap server attributetype ( 1.3.6.1.4.1.19414.2.1.605 NAME 'cyrus-userquota' DESC 'Mailbox hard quota limit in MB' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) # cyrus imapd access control list # acls work with users and groups attributetype ( 1.3.6.1.4.1.19414.2.1.651 NAME 'acl' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # enable secure imap attributetype ( 1.3.6.1.4.1.19414.2.1.606 NAME 'cyrus-imaps' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) # enable secure pop3 attributetype ( 1.3.6.1.4.1.19414.2.1.607 NAME 'cyrus-pop3s' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) # enable sieve support (required for forward and vacation services) attributetype ( 1.3.6.1.4.1.19414.2.1.608 NAME 'cyrus-sieve' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) # installation wide percentage which determines when to send a # warning to the user attributetype ( 1.3.6.1.4.1.19414.2.1.609 NAME 'cyrus-quotawarn' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) # enable smmap support attributetype ( 1.3.6.1.4.1.19414.2.1.610 NAME 'cyrus-smmap' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) # enable fulldirhash support attributetype ( 1.3.6.1.4.1.19414.2.1.611 NAME 'cyrus-fulldirhash' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) # enable hashimapspool support attributetype ( 1.3.6.1.4.1.19414.2.1.612 NAME 'cyrus-hashimapspool' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) # enable squatter support attributetype ( 1.3.6.1.4.1.19414.2.1.613 NAME 'cyrus-squatter' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) ############################# # apache and php attributes # ############################# # enable plain http (no ssl) attributetype ( 1.3.6.1.4.1.19414.2.1.701 NAME 'apache-http' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) # Allow freebusy download without authenticating first attributetype ( 1.3.6.1.4.1.19414.2.1.702 NAME 'apache-allow-unauthenticated-fb' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) ########################## # kolabfilter attributes # ########################## # enable trustable From: attributetype ( 1.3.6.1.4.1.19414.2.1.750 NAME 'kolabfilter-verify-from-header' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) # should Sender header be allowed instead of From # when present? attributetype ( 1.3.6.1.4.1.19414.2.1.751 NAME 'kolabfilter-allow-sender-header' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) # Should reject messages with From headers that dont match # the envelope? Default is to rewrite the header attributetype ( 1.3.6.1.4.1.19414.2.1.752 NAME 'kolabfilter-reject-forged-from-header' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) # Enable the Kolab Policy Daemon. If false or not # set don't use the Kolab Policy Daemon attributetype ( 1.3.6.1.4.1.19414.2.1.800 NAME 'kolabPolicyDaemon' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) +# Configurable list of ciphers considered to be secure enough for our purposes. +# E.g. TLS 1.0 and SSL 3.0 +attributetype ( 1.3.6.1.4.1.19414.2.1.801 + NAME 'kolabSecureCiphers' + DESC 'comma separated list of ciphers considered to be secure' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SINGLE-VALUE + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) + + ###################################################### # proftpd attributes (unused since Kolab Server 2.2) # ###################################################### attributetype ( 1.3.6.1.4.1.19414.2.1.901 NAME 'proftpd-defaultquota' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributetype ( 1.3.6.1.4.1.19414.2.1.902 NAME 'proftpd-ftp' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributetype ( 1.3.6.1.4.1.19414.2.1.903 NAME 'proftpd-userPassword' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) ######################################################################## # pop3 service attributes (suitable to integrate external pop3 sources # ######################################################################## attributetype ( 1.3.6.1.4.1.19414.2.1.1001 NAME 'externalPop3AccountDescription' DESC 'a human readable description of the external POP3 account e.g. my gmail account' SUP description SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.19414.2.1.1002 NAME 'externalPop3AccountMail' DESC 'email address associated with the external POP3 account e.g. givenname.surname@gmail.com' SUP mail ) attributetype ( 1.3.6.1.4.1.19414.2.1.1003 NAME 'externalPop3AccountServer' DESC 'Pop3 server associated with the external POP3 account e.g. pop3.provider.com' SUP fqdnhostname SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.19414.2.1.1004 NAME 'externalPop3AccountPort' DESC 'TCP port number used for pop3 service associated with the external POP3 account e.g. 110' EQUALITY integerMatch SINGLE-VALUE SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{5} ) attributetype ( 1.3.6.1.4.1.19414.2.1.1005 NAME 'externalPop3AccountUseSSL' DESC 'boolean defining if SSL must be used for external POP3 account - requires suitable externalPop3AccountPort' EQUALITY booleanMatch SINGLE-VALUE SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributetype ( 1.3.6.1.4.1.19414.2.1.1006 NAME 'externalPop3AccountUseTLS' DESC 'boolean defining if TLS must be used for external POP3 account' EQUALITY booleanMatch SINGLE-VALUE SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) # sometimes useful for self-signed certificates attributetype ( 1.3.6.1.4.1.19414.2.1.1007 NAME 'externalPop3AccountCheckServerCertificate' DESC 'allows to disable checking server certificates when using SSL or TLS - beware of MIT-attacks!' EQUALITY booleanMatch SINGLE-VALUE SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributetype ( 1.3.6.1.4.1.19414.2.1.1008 NAME 'externalPop3AccountLoginName' DESC 'name used to login into pop3 account often this uid is equivalent to the email address' SUP uid SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.19414.2.1.1009 NAME 'externalPop3EncryptedAccountPassword' DESC 'encryped password for the external POP3 account - secret key must be known to the pop3 fetch service' SINGLE-VALUE SYNTAX 1.3.6.1.4.1.1466.115.121.1.40) attributetype ( 1.3.6.1.4.1.19414.2.1.1010 NAME 'externalPop3AccountKeepMailOnServer' DESC 'controls if fetched message shall remain on external POP3 server - beware this is often unreliable' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 ) attributetype ( 1.3.6.1.4.1.19414.2.1.1011 NAME 'externalPop3AccountLoginMethod' DESC 'login method used for external POP3 account - currently these are plainText, LOGIN, PLAIN, NTLM, DIGEST-MD5, CRAM-MD5, GSSAPI and APOP' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} ) ######################## # kolab object classes # ######################## # main kolab server configuration # storing global values and user specific default values # like kolabFreeBusyFuture and kolabFreeBusyPast objectclass ( 1.3.6.1.4.1.19414.2.2.1 NAME 'kolab' DESC 'Kolab server configuration' SUP top STRUCTURAL MUST k MAY ( kolabHost $ postfix-mydomain $ postfix-relaydomains $ postfix-mydestination $ postfix-mynetworks $ postfix-relayhost $ postfix-relayport $ postfix-transport $ postfix-virtual $ postfix-enable-virus-scan $ postfix-allow-unauthenticated $ postfix-message-size-limit $ cyrus-quotawarn $ cyrus-autocreatequota $ cyrus-admins $ cyrus-imap $ cyrus-pop3 $ cyrus-imaps $ cyrus-pop3s $ cyrus-sieve $ cyrus-smmap $ cyrus-fulldirhash $ cyrus-hashimapspool $ cyrus-squatter $ apache-http $ apache-allow-unauthenticated-fb $ kolabfilter-verify-from-header $ kolabfilter-allow-sender-header $ kolabfilter-reject-forged-from-header $ kolabPolicyDaemon $ + kolabSecureCiphers $ proftpd-ftp $ proftpd-defaultquota $ kolabFreeBusyFuture $ kolabFreeBusyPast $ uid $ userPassword ) ) # public folders are typically visible to everyone subscribed to # the server without the need for an extra login. Subfolders are # defined using the hiarchy seperator '/' e.g. "sf/sub1". Please note # that the term public folder is prefered to shared folder because # normal user mailboxes can also share folders using acls. objectclass ( 1.3.6.1.4.1.19414.2.2.9 NAME 'kolabSharedFolder' DESC 'Kolab public shared folder' SUP top STRUCTURAL MUST cn MAY ( acl $ alias $ cyrus-userquota $ kolabHomeServer $ kolabFolderType $ kolabDeleteflag ) ) # kolabNamedObject is used as a plain node for the LDAP tree. # In contrast to unix filesystem directories LDAP nodes can # and often do also have contents/attributes. We use the # kolabNamedObject in order to put some structure in the # LDAP directory tree. objectclass ( 1.3.6.1.4.1.5322.13.1.1 NAME 'kolabNamedObject' SUP top STRUCTURAL MAY (cn $ ou) ) # kolab account # we use an auxiliary in order to ease integration # with existing inetOrgPerson objects # Please note that userPassword is a may # attribute in the schema but is mandatory for # Kolab objectclass ( 1.3.6.1.4.1.19414.3.2.2 NAME 'kolabInetOrgPerson' DESC 'Kolab Internet Organizational Person' SUP top AUXILIARY MAY ( c $ alias $ pseudonym $ kolabHomeServer $ kolabHomeServerOnly $ kolabHomeMTA $ unrestrictedMailSize $ kolabDelegate $ kolabEncryptedPassword $ cyrus-userquota $ kolabInvitationPolicy $ kolabFreeBusyFuture $ calFBURL $ kolabVacationBeginDateTime $ kolabVacationEndDateTime $ kolabVacationResendInterval $ kolabVacationAddress $ kolabVacationReplyToUCE $ kolabVacationReactDomain $ kolabForwardAddress $ kolabForwardKeepCopy $ kolabForwardUCE $ kolabAllowSMTPRecipient $ kolabAllowSMTPFrom $ kolabSalutation $ kolabMaritalStatus $ dateOfBirth $ placeOfBirth $ birthName $ gender $ countryOfCitizenship $ countryOfResidence $ legalForm $ tradeRegisterLocation $ tradeRegisterIdentifier $ VATNumber $ germanTaxId $ kolabDeleteflag $ kolabComment ) ) # kolab organization with country support objectclass ( 1.3.6.1.4.1.19414.3.2.3 NAME 'kolabOrganization' DESC 'RFC2256: a Kolab organization' SUP organization STRUCTURAL MAY ( c $ mail $ kolabDeleteflag $ alias ) ) # kolab organizational unit with country support objectclass ( 1.3.6.1.4.1.19414.3.2.4 NAME 'kolabOrganizationalUnit' DESC 'a Kolab organizational unit' SUP organizationalUnit STRUCTURAL MAY ( c $ mail $ kolabDeleteflag $ alias ) ) # kolab groupOfNames with extra kolabDeleteflag and the required # attribute mail. # The mail attribute for kolab objects of the type kolabGroupOfNames # is not arbitrary but MUST be a single attribute of the form # of an valid SMTP address with the CN as the local part. # E.g cn@kolabdomain (e.g. employees@mydomain.com). The # mail attribute MUST be globally unique. objectclass ( 1.3.6.1.4.1.19414.3.2.5 NAME 'kolabGroupOfNames' DESC 'Kolab group of names (DNs) derived from RFC2256' SUP groupOfNames STRUCTURAL MAY ( mail $ kolabDeleteflag ) ) objectclass ( 1.3.6.1.4.1.19414.3.2.6 NAME 'kolabExternalPop3Account' DESC 'kolab fetch messages via POP3 from external sources' SUP top STRUCTURAL MUST ( externalPop3AccountServer $ externalPop3AccountLoginName $ externalPop3EncryptedAccountPassword ) MAY ( externalPop3AccountDescription $ externalPop3AccountMail $ externalPop3AccountPort $ externalPop3AccountUseSSL $ externalPop3AccountUseTLS $ externalPop3AccountLoginMethod $ externalPop3AccountCheckServerCertificate $ externalPop3AccountKeepMailOnServer ) ) objectclass ( 1.3.6.1.4.1.19414.3.2.7 NAME 'kolabGermanBankArrangement' DESC 'German bank account information' SUP top STRUCTURAL MUST ( kolabGermanBankAccountNumber $ kolabGermanBankCode ) MAY ( kolabGermanBankAccountHolder $ kolabGermanBankName $ kolabGermanBankAccountInfo ) )