===== Openldap for AIX rfc2307aix =====
==== How to add a new schema to openldap ====
http://www.linuxquestions.org/questions/linux-server-73/how-to-add-a-new-schema-to-openldap-2-4-11-a-700452/
If anyone still needs help with this, I added my schema, this is how I did it: (I'm running openldap 2.4.23-7.2 over debian6) It's pretty much the same as bathory says, but I'm gonna write everything I did, just in case
vim /tmp/borrame.conf
(this is what goes in the file)
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/mypersonalschema.schema
mkdir /tmp/borrame.d
slaptest -f /tmp/borrame.conf -F /tmp/borrame.d
Edit the generated file
vim /tmp/borrame.d/cn\=config/cn\=schema/cn\=\{5\}mypersonalschema.ldif
I changed the three head lines to this:
dn: cn=mypersonalschema,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: mypersonalschema
Then I deleted these lines from the bottom of the file:
structuralObjectClass:
entryUUID:
creatorsName:
createTimestamp:
entryCSN:
modifiersName:
modifyTimestamp:
And at last I inserted the new schema to the ldap tree:
ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/borrame.d/cn\=config/cn\=schema/cn\=\{5\}mypersonalschema.ldif
==== MAP rfc2307aix ====
Here is the most recent Map file I have found.
http://patrickv.info/wordpress/wp-content/uploads/2009/06/rfc2307aix.schema
# Definitions from RFC2307AIX (Experimental)
# An Approach for Using LDAP as a Network Information Service for AIX
#
# Author: Patrick Vaughan
#
# Depends upon core.schema, cosine.schema, and nis.schema
#
# Note: The definitions in RFC2307aix are not entirely known,
# and this information is taken from the work of others.
# This schema may contain extra information not necessarily needed by AIX,
# but used by IBM with other products. Some modifications had to be made to
# work with OpenLDAP, mainly that boolean types were changed to text because
# of an incompatibility with some of the attributes and OpenLDAP. This seems
# to work with AIX, until a better solution is found.
# Attribute Type Definitions
attributetype ( 1.3.18.0.2.4.810 NAME 'adminGroupNames'
DESC 'list of groups a user adminstrates'
EQUALITY 2.5.13.5
ORDERING 2.5.13.6
SUBSTR 2.5.13.7
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.793 NAME 'AIXDefaultMACLevel'
DESC 'AIX default level mac'
EQUALITY 2.5.13.5
ORDERING 2.5.13.6
SUBSTR 2.5.13.7
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.766 NAME 'AIXFuncMode'
DESC 'AIX smit acl function modes'
EQUALITY 2.5.13.5
ORDERING 2.5.13.6
SUBSTR 2.5.13.7
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.797 NAME 'AIXisDCEExport'
DESC 'DCE integration flag'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.778 NAME 'AIXLowMACLevel'
DESC 'AIX low level mac'
EQUALITY 2.5.13.5
ORDERING 2.5.13.6
SUBSTR 2.5.13.7
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.777 NAME 'AIXPromptMAC'
DESC 'prompt MAC, Mandatory Access Control, or not'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.752 NAME 'AIXScreens'
DESC 'AIX SMIT screen access list'
EQUALITY 2.5.13.5
ORDERING 2.5.13.6
SUBSTR 2.5.13.7
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.746 NAME 'AIXUpperMACLevel'
DESC 'AIX upper level mac'
EQUALITY 2.5.13.5
ORDERING 2.5.13.6
SUBSTR 2.5.13.7
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.812 NAME 'auditClasses'
DESC 'classes, events, a user will be audited on'
EQUALITY 2.5.13.5
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.762 NAME 'authMethod1' DESC 'the primary method for authenticating a user'
EQUALITY 2.5.13.5
ORDERING 2.5.13.6
SUBSTR 2.5.13.7
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.780 NAME 'authMethod2'
DESC 'secondary method for authenticating a user'
EQUALITY 2.5.13.5
ORDERING 2.5.13.6
SUBSTR 2.5.13.7
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.483 NAME 'caption'
DESC 'CIM-derived attribute to provide short description of the directory object entry for display purposes.'
EQUALITY 2.5.13.2
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.751 NAME 'coreSizeLimit'
DESC 'core file size limit'
EQUALITY 2.5.13.14
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.798 NAME 'coreSizeLimitHard'
DESC 'hard core file size limit'
EQUALITY 2.5.13.14
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.805 NAME 'cpuSize'
DESC 'limit of system units a process can use'
EQUALITY 2.5.13.14
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.789 NAME 'cpuSizeHard'
DESC 'largest amount of system time process can use'
EQUALITY 2.5.13.14
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.763 NAME 'dataSegSize'
DESC 'size for data segment'
EQUALITY 2.5.13.14
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.758 NAME 'dataSegSizeHard'
DESC 'largest size of data segment'
EQUALITY 2.5.13.14
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.757 NAME 'filePermMask'
DESC 'mask to set file permission'
EQUALITY 2.5.13.8
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.785 NAME 'fileSizeLimit'
DESC 'file size limit'
EQUALITY 2.5.13.14
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.779 NAME 'fileSizeLimitHard'
DESC 'file size limit'
EQUALITY 2.5.13.14
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.803 NAME 'groupList'
DESC 'list of groups a user or role can belong to'
EQUALITY 2.5.13.5
ORDERING 2.5.13.6
SUBSTR 2.5.13.7
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.538 NAME 'groupid'
DESC 'Required attribute for eDominoGroup'
EQUALITY 2.5.13.2
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.773 NAME 'groupSwitchUserAllowed'
DESC 'list of groups that can switch user to this user'
EQUALITY 2.5.13.5
ORDERING 2.5.13.6
SUBSTR 2.5.13.7
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.787 NAME 'hostLastLogin'
DESC 'host name of the last successful login'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.748 NAME 'hostLastUnsuccessfulLogin'
DESC 'host name of last unsuccessful login'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.726 NAME 'isAccountEnabled'
DESC 'indicates whether users are allowed to login using an account (true) or not (false)'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.728 NAME 'isAdministrator'
DESC 'indicates whether an account has administrative authority'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.761 NAME 'isDaemon'
DESC 'AIX indicator whether a user can run programs under cron or src'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.743 NAME 'isLoginAllowed'
DESC 'indicate wheter a user can login'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.799 NAME 'isRemoteAccessAllowed'
DESC 'permits access from a remote system'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.808 NAME 'isSwitchUserAllowed'
DESC 'indicate whether a user can switch to this users account'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.760 NAME 'ixLastUpdate'
DESC 'time of last update'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.771 NAME 'ixTimeLastLogin'
DESC 'time of users last login'
EQUALITY 2.5.13.14
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.749 NAME 'ixTimeLastUnsuccessfulLogin'
DESC 'user time of last unsuccessful'
EQUALITY 2.5.13.14
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.801 NAME 'loginTimes'
DESC 'valid times a user is allowed to login'
EQUALITY 2.5.13.5
ORDERING 2.5.13.6
SUBSTR 2.5.13.7
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.710 NAME 'maxFailedLogins'
DESC 'Maximum number of failed logins before the account is locked'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.807 NAME 'maxLogin'
DESC 'maximum number of logins'
EQUALITY 2.5.13.14
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.464 NAME 'numberWarnDays'
DESC ' '
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.781 NAME 'openFileLimit'
DESC 'limit for number of open files'
EQUALITY 2.5.13.14
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.784 NAME 'openFileLimitHard'
DESC 'maximun number of open files'
EQUALITY 2.5.13.14
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.458 NAME 'passwordCheckMethods'
DESC 'Methods for checking passwords.'
EQUALITY 2.5.13.5
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.463 NAME 'passwordDictFiles'
DESC 'Password dictionary files.'
EQUALITY 2.5.13.5
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.788 NAME 'passwordExpiredWeeks'
DESC 'number of weeks a user passwd history expired'
EQUALITY 2.5.13.14
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.485 NAME 'passwordExpireTime'
DESC 'Defines, in YYYYMMDDHHMMSS format, the date and time when a user password expires.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.753 NAME 'passwordFlags'
DESC 'password flags'
EQUALITY 2.5.13.5
ORDERING 2.5.13.6
SUBSTR 2.5.13.7
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.772 NAME 'passwordHistSize'
DESC 'number of previous passwords that can be stored in password history'
EQUALITY 2.5.13.14
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
USAGE userApplications )
attributetype ( 2.16.840.1.113730.3.1.97 NAME 'passwordMaxAge'
DESC 'Specifies, in seconds, the period of time passwords can be used before they expire.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.802 NAME 'passwordChar'
DESC 'password existance character'
EQUALITY 2.5.13.5
ORDERING 2.5.13.6
SUBSTR 2.5.13.7
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.454 NAME 'passwordMaxRepeatedChars'
DESC ' '
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.473 NAME 'passwordMinAlphaChars'
DESC 'Specifies the minimum number of characters required for a users password.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.499 NAME 'passwordMinDiffChars'
DESC 'Specifies the minimum number of different (unique) characters required for a users password.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
USAGE userApplications )
attributetype ( 2.16.840.1.113730.3.1.99 NAME 'passwordMinLength'
DESC 'Specifies the minimum number of characters required for a user\27s password.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.469 NAME 'passwordMinOtherChars'
DESC ' '
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.790 NAME 'physicalMemLimit'
DESC 'limit for the amount fo physical memory that can be allocated'
EQUALITY 2.5.13.14
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.744 NAME 'physicalMemLimitHard'
DESC 'largest amount of physical memory that can be allocated'
EQUALITY 2.5.13.14
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.319 NAME 'principalPtr'
DESC 'DN pointer to a principal object (e.g. person, user, service, etc.)'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.786 NAME 'roleList'
DESC 'list of roles a user or role may belong to'
EQUALITY 2.5.13.5
ORDERING 2.5.13.6
SUBSTR 2.5.13.7
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE USAGE userApplications )
attributetype ( 1.3.18.0.2.4.759 NAME 'stackSizeLimit'
DESC 'size limit for process stack'
EQUALITY 2.5.13.14
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE USAGE userApplications )
attributetype ( 1.3.18.0.2.4.754 NAME 'stackSizeLimitHard'
DESC 'largest stack segment for a process'
EQUALITY 2.5.13.14
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE USAGE userApplications )
attributetype ( 1.3.18.0.2.4.804 NAME 'systemEnvironment'
DESC 'protect environment'
EQUALITY 2.5.13.5
ORDERING 2.5.13.6
SUBSTR 2.5.13.7
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE USAGE userApplications )
attributetype ( 1.3.18.0.2.4.809 NAME 'terminalAccess'
DESC 'list of terminals that can access users account'
EQUALITY 2.5.13.5
ORDERING 2.5.13.6
SUBSTR 2.5.13.7
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE USAGE userApplications )
attributetype ( 1.3.18.0.2.4.767 NAME 'terminalLastLogin'
DESC 'terminal users last successfully login'
EQUALITY 2.5.13.5
ORDERING 2.5.13.6
SUBSTR 2.5.13.7
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE USAGE userApplications )
attributetype ( 1.3.18.0.2.4.769 NAME 'terminalLastUnsuccessfulLogin'
DESC 'terminal of users last unsuccessful login'
EQUALITY 2.5.13.5
ORDERING 2.5.13.6
SUBSTR 2.5.13.7
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.806 NAME 'timeExpiredLogout'
DESC 'inactivity time out'
EQUALITY 2.5.13.14
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.474 NAME 'timeExpireLockout'
DESC ' '
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.800 NAME 'trustedPathStatus'
DESC 'indicates the users trusted path status'
EQUALITY 2.5.13.5
ORDERING 2.5.13.6
SUBSTR 2.5.13.7
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.811 NAME 'unsuccessfulLoginCount'
DESC 'count of unsuccessful logins'
EQUALITY 2.5.13.14
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.795 NAME 'userEnvironment'
DESC 'user public environment'
EQUALITY 2.5.13.5
ORDERING 2.5.13.6
SUBSTR 2.5.13.7
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.783 NAME 'userName'
DESC 'user name'
EQUALITY 2.5.13.5
ORDERING 2.5.13.6
SUBSTR 2.5.13.7
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.1101 NAME 'passwordHistList'
DESC 'list of user passwords'
EQUALITY 2.5.13.5
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.2321 NAME 'hostsAllowedLogin'
DESC 'The names or addresses of computer systems or networks to which a user is allowed to login.'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
USAGE userApplications)
attributetype ( 1.3.18.0.2.4.2322 NAME 'hostsDeniedLogin'
DESC 'The names or addresses of a computer systems or networks to which a user is not allowed to login.'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
USAGE userApplications)
attributetype ( 1.3.18.0.2.4.2504 NAME 'passwordHistExpire'
DESC 'number of weeks a user passwd history expired'
EQUALITY 2.5.13.14
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.145 NAME 'capability'
DESC 'Indicates the capabilities this GSO Target Service Type allows.'
EQUALITY 2.5.13.2
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.814 NAME 'GroupName'
DESC 'Name of DCE group'
EQUALITY 2.5.13.5
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.768 NAME 'AIXGroupAdminList'
DESC 'list of administrators'
EQUALITY 2.5.13.5
ORDERING 2.5.13.6
SUBSTR 2.5.13.7
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.765 NAME 'groupPassword'
DESC 'Group Password'
EQUALITY 2.5.13.5
ORDERING 2.5.13.6
SUBSTR 2.5.13.7
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.2.840.113556.1.4.867 NAME 'altSecurityIdentities'
DESC 'Alternate security identities. A Kerberos identity must be defined in the format kerberos:@; for example, kerberos:alice@austin.ibm.com. This attribute is defined on Active Directory.'
EQUALITY 2.5.13.2
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
USAGE userApplications )
attributetype ( 1.2.840.113556.1.4.656 NAME 'userPrincipalName'
DESC 'Primary security identity in the form @; for example, alice@austin.ibm.com. This attribute is defined on Active Directory.'
EQUALITY 2.5.13.5
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.813 NAME 'gid'
DESC 'integer ID of the group name. Used for access control of resources.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.3396 NAME 'passwordMaxConsecutiveRepeatedChars'
DESC 'Attribute used to impose the maximum number of consecutive repeated characters in the password field.'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.3107 NAME 'rcmds'
DESC 'allow, deny, hostlogincontrol. Specifies whether a user is allowed to run remote commands.'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.756 NAME 'AIXAdminGroupId'
DESC 'AIX new admin group id storage'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.776 NAME 'AIXAdminUserId'
DESC 'AIX new admin user id storage'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.782 NAME 'AIXGroupID'
DESC 'AIX new group id storage'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.770 NAME 'AIXUserID'
DESC 'Aix new user id storage attribute'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.3237 NAME 'ibm-aixProjectNameList'
DESC 'Advanced accounting, list of project names'
EQUALITY caseExactMatch
ORDERING caseExactOrderingMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications )
attributetypes: ( 1.3.18.0.2.4.3349 NAME 'ibm-defaultRoles'
DESC 'List of default roles'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.3337 NAME 'ibm-coreNamingPolicy'
DESC 'Specifies core file naming policy'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications )
attributetypes: ( 1.3.18.0.2.4.3336 NAME 'ibm-coreCompressionEnable'
DESC 'Enable or disable corefile compression'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.3338 NAME 'ibm-corePathEnable'
DESC 'Enable or disable core file path specification.'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.3339 NAME 'ibm-corePathName'
DESC 'Specifies a location for core files'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.3233 NAME 'ibm-aixAdminPolicyEntry'
DESC 'Advanced accounting, admin policy rule'
EQUALITY caseExactMatch
ORDERING caseExactOrderingMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.3234 NAME 'ibm-aixAdminPolicyName'
DESC 'Advanced accounting, name of admin policy'
EQUALITY caseExactMatch
ORDERING caseExactOrderingMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.3235 NAME 'ibm-aixProjectDefinition'
DESC 'Advanced accounting, project definition entry'
EQUALITY caseExactMatch
ORDERING caseExactOrderingMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.3236 NAME 'ibm-aixProjectName'
DESC 'Advanced accounting, name of project definition file'
EQUALITY caseExactMatch
ORDERING caseExactOrderingMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.3340 NAME 'ibm-aixpertLabel'
DESC 'An unique label for a XML file'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.3341 NAME 'ibm-aixpertXmlConfigFile'
DESC 'Aixpert XML configuration file'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5
SINGLE-VALUE
USAGE userApplications )
# EQUALITY octetStringMatch
attributetype ( 1.3.18.0.2.4.3363 NAME 'ibm-authorizationID'
DESC 'authorization numeric ID'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.332 NAME 'msgFileName'
DESC 'This attribute is used to indicate a message file name which contains displayable/translatable strings for those attributes which are displayable.'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.774 NAME 'msgNumber'
DESC 'index into a message catalog'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.3364 NAME 'ibm-msgSet'
DESC 'Message set'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.3359 NAME 'ibm-accessAuths'
DESC 'Access authorizations'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.3354 NAME 'ibm-authPrivs'
DESC 'Authorized privieges'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.3361 NAME 'ibm-egid'
DESC 'The effective group id'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.3362 NAME 'ibm-euid'
DESC 'The effective user id'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.3358 NAME 'ibm-innatePrivs'
DESC 'Innate privileges'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.3365 NAME 'ibm-inheritPrivs'
DESC 'Inheritable privileges'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.3357 NAME 'ibm-secFlags'
DESC 'Security flags'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
USAGE userApplications )
attributetype ( 1.3.18.0.2.4.3356 NAME 'ibm-readPrivs'
DESC 'Privileges required to read an object'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
USAGE userApplications )
attributetypes: ( 1.3.18.0.2.4.3355 NAME 'ibm-writePrivs'
DESC 'Privileges required to write to an object'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
USAGE userApplications )
attributetypes: ( 1.3.18.0.2.4.3353 NAME 'ibm-readAuths'
DESC 'Authorizations required to read an object'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
USAGE userApplications )
attributetypes: ( 1.3.18.0.2.4.3352 NAME 'ibm-writeAuths'
DESC 'Authorizations requried to write to an object'
EQUALITY caseExactIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
USAGE userApplications )
# No OID
#attributetype ( NAME 'IBM-ENTRYUUID' DESC 'A Unique Entry UUID from TDS' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
#attributetype ( NAME 'control' DESC 'Some IBM Control attribute from TDS' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# Invalid Name 'userCertificate;binary'
#attributetype ( 2.5.4.36 NAME ( 'userCertificate' 'userCertificate;binary' ) DESC 'Used to represent certificates from one or more Certification Authorities representing a user.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 USAGE userApplications )
# Attributes already in the core.schema
#attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' ) DESC 'This attribute contains the name of a locality, such as a city, county or other geographic region (localityName).' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE userApplications )
#attributetype ( 2.5.4.31 NAME 'member' DESC 'Identifies the distinguished names for each member of the group.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE userApplications )
#attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' 'organization' ) DESC 'This attribute contains the name of an organization (organizationName).' SUP 2.5.4.11 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE userApplications )
objectclass ( 1.3.18.0.2.6.78 NAME 'eAccount'
DESC 'Account information as used and maintained by the system.'
SUP 'account'
STRUCTURAL
MAY ( caption $ userPassword $ userCertificate $ principalPtr ) )
objectclass ( 1.3.18.0.2.6.167 NAME 'AIXAccount'
DESC 'AIX user information object class'
SUP 'eAccount'
STRUCTURAL
MUST ( gid $ passwordChar $ userName )
MAY ( adminGroupNames $ AIXDefaultMACLevel $ AIXFuncMode $ AIXisDCEExport $ AIXLowMACLevel $ AIXPromptMAC $ AIXScreens $ AIXUpperMACLevel $ auditClasses $ authMethod1 $ authMethod2 $ coreSizeLimit $ coreSizeLimitHard $ cpuSize $ cpuSizeHard $ dataSegSize $ dataSegSizeHard $ filePermMask $ fileSizeLimit $ fileSizeLimitHard $ gecos $ groupList $ groupSwitchUserAllowed $ homeDirectory $ hostLastLogin $ hostLastUnsuccessfulLogin $ isAccountEnabled $ isadministrator $ isDaemon $ isLoginAllowed $ isRemoteAccessAllowed $ isSwitchUserAllowed $ ixLastUpdate $ ixTimeLastLogin $ ixTimeLastUnsuccessfulLogin $ loginShell $ loginTimes $ maxFailedLogins $ maxLogin $ numberWarnDays $ openFileLimit $ openFileLimitHard $ passwordCheckMethods $ passwordDictFiles $ passwordExpiredWeeks $ passwordExpireTime $ passwordFlags $ passwordHistSize $ passwordMaxAge $ passwordMaxRepeatedChars $ passwordMinAlphaChars $ passwordMinDiffChars $ passwordMinLength $ passwordMinOtherChars $ physicalMemLimit $ physicalMemLimitHard $ roleList $ stackSizeLimit $ stackSizeLimitHard $ systemEnvironment $ terminalAccess $ terminalLastLogin $ terminalLastUnsuccessfulLogin $ timeExpiredLogout $ timeExpireLockout $ trustedPathStatus $ unsuccessfulLoginCount $ userEnvironment $ passwordHistList $ passwordHistExpire $ hostsAllowedLogin $ hostsDeniedLogin ) )
objectclass ( 1.3.18.0.2.6.170 NAME 'AIXaccessGroup'
DESC 'AIX group information'
SUP 'top'
STRUCTURAL
MUST ( gid $ GroupName )
MAY ( AIXGroupAdminList $ AIXisDCEExport $ AIXScreens $ groupPassword $ isadministrator $ member ) )
objectclass ( 1.3.18.0.2.6.28 NAME 'container'
DESC 'An object that can contain other objects.'
SUP 'top'
STRUCTURAL
MUST ( cn ) )
objectclass ( 1.3.18.0.2.6.169 NAME 'AIXAdmin'
DESC 'AIX class to store user/group administration attributes'
SUP top
STRUCTURAL
MAY ( AIXAdminGroupId $ AIXAdminUserId $ AIXGroupID $ AIXUserID $ cn ) )
objectclass ( 1.3.18.0.2.6.473 NAME 'aixAuxGroup'
DESC 'Auxiliary AIX group information objectclass, for use with the posixgroup objectclass.'
SUP top
AUXILIARY
MAY ( aIXGroupAdminList $ aIXisDCEExport $ aIXScreens $ groupPassword $ isadministrator $ ibm-aixProjectNameList ) )
objectclass ( 1.3.18.0.2.6.620 NAME 'ibm-aixAccountingAdminPolicy'
DESC 'Advanced Accounting admin policy object'
SUP top
STRUCTURAL
MUST ( ibm-aixAdminPolicyEntry $ ibm-aixAdminPolicyName ) )
objectclass ( 1.3.18.0.2.6.621 NAME 'ibm-aixAccountingProject'
DESC 'Advanced Accounting project defintion object'
SUP top
STRUCTURAL
MUST ( ibm-aixProjectDefinition $ ibm-aixProjectName ) )
objectclass ( 1.3.18.0.2.6.637 NAME 'ibm-aixAixpert'
DESC 'For storing Aixpert specific data'
SUP top
STRUCTURAL
MUST ( ibm-aixpertLabel $ ibm-aixpertXmlConfigFile ) )
objectclass ( 1.3.18.0.2.6.640 NAME 'ibm-authorization'
DESC 'Contains authorization definition'
SUP top
STRUCTURAL
MUST ( cn $ ibm-authorizationID )
MAY ( msgFileName $ msgNumber $ ibm-msgSet $ description ) )
objectclass ( 1.3.18.0.2.6.642 NAME 'ibm-privcmd'
DESC 'Contains privileged command definition'
SUP top
STRUCTURAL
MUST cn
MAY ( ibm-accessAuths $ ibm-authPrivs $ ibm-egid $ ibm-euid $ ibm-innatePrivs $ ibm-inheritPrivs $ ibm-secFlags $ description ) )
objectclass ( 1.3.18.0.2.6.641 NAME 'ibm-privdev'
DESC 'Contains privileged device definition'
SUP top
STRUCTURAL
MUST cn
MAY ( ibm-readPrivs $ ibm-writePrivs $ description ) )
objectclass ( 1.3.18.0.2.6.639 NAME 'ibm-privfile'
DESC 'Trusted configruation files'
SUP top
STRUCTURAL
MUST cn
MAY ( ibm-readAuths $ ibm-writeAuths $ description ) )
objectclass ( 1.3.18.0.2.6.241 NAME 'ibm-SecurityIdentities'
DESC 'Defines the security identities of a user. The user could be a person or a service.'
SUP top
AUXILIARY
MAY ( altSecurityIdentities $ userPrincipalName ) )
objectclass ( 1.3.18.0.2.6.472 NAME 'aixAuxAccount'
DESC 'Auxiliary AIX user information objectclass, for use with posixaccount and shadowaccount objectclasses'
SUP top
AUXILIARY
MAY ( passwordChar $ adminGroupNames $ aIXDefaultMACLevel $ aIXFuncMode $ aIXisDCEExport $ aIXLowMACLevel $ aIXPromptMAC $ aIXScreens $ aIXUpperMACLevel $ auditClasses $ authMethod1 $ authMethod2 $ coreSizeLimit $ coreSizeLimitHard $ cPuSize $ cPuSizeHard $ dataSegSize $ dataSegSizeHard $ filePermMask $ fileSizeLimit $ fileSizeLimitHard $ groupList $ groupSwitchUserAllowed $ hostLastLogin $ hostLastUnsuccessfulLogin $ hostsAllowedLogin $ hostsDeniedLogin $ isAdministrator $ isAccountEnabled $ isDaemon $ isLoginAllowed $ isRemoteAccessAllowed $ isSwitchUserAllowed $ ixTimeLastLogin $ ixTimeLastUnsuccessfulLogin $ loginTimes $ maxFailedLogins $ maxLogin $ openFileLimit $ openFileLimitHard $ passwordCheckMethods $ passwordDictFiles $ passwordExpireTime $ passwordHistSize $ passwordMaxRepeatedChars $ passwordMinAlphaChars $ passwordMinDiffChars $ passwordMinLength $ passwordMinOtherChars $ physicalMemLimit $ physicalMemLimitHard $ roleList $ StackSizeLimit $ StackSizeLimitHard $ SystemEnvironment $ terminalAccess $ terminalLastLogin $ terminalLastUnsuccessfulLogin $ timeExpiredLogout $ timeExpireLockout $ trustedPathStatus $ unsuccessfulLoginCount $ userEnvironment $ passwordFlags $ capability $ passwordHistExpire $ passwordHistList $ rcmds $ ibm-aixProjectNameList $ ibm-defaultRoles $ ibm-coreNamingPolicy $ ibm-coreCompressionEnable $ ibm-corePathEnable $ ibm-corePathName $ passwordMaxConsecutiveRepeatedChars ) )