ldap:openldap_aix
Table of Contents
Openldap for AIX rfc2307aix
How to add a new schema to openldap
If anyone still needs help with this, I added my schema, this is how I did it: (I'm running openldap 2.4.23-7.2 over debian6) It's pretty much the same as bathory says, but I'm gonna write everything I did, just in case
vim /tmp/borrame.conf
(this is what goes in the file)
include /etc/ldap/schema/core.schema
include /etc/ldap/schema/cosine.schema
include /etc/ldap/schema/nis.schema
include /etc/ldap/schema/inetorgperson.schema
include /etc/ldap/schema/misc.schema
include /etc/ldap/schema/mypersonalschema.schema
mkdir /tmp/borrame.d
slaptest -f /tmp/borrame.conf -F /tmp/borrame.d
Edit the generated file
vim /tmp/borrame.d/cn\=config/cn\=schema/cn\=\{5\}mypersonalschema.ldif
I changed the three head lines to this:
dn: cn=mypersonalschema,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: mypersonalschema
Then I deleted these lines from the bottom of the file:
structuralObjectClass:
entryUUID:
creatorsName:
createTimestamp:
entryCSN:
modifiersName:
modifyTimestamp:
And at last I inserted the new schema to the ldap tree:
ldapadd -Y EXTERNAL -H ldapi:/// -f /tmp/borrame.d/cn\=config/cn\=schema/cn\=\{5\}mypersonalschema.ldif
MAP rfc2307aix
Here is the most recent Map file I have found.
http://patrickv.info/wordpress/wp-content/uploads/2009/06/rfc2307aix.schema
# Definitions from RFC2307AIX (Experimental) # An Approach for Using LDAP as a Network Information Service for AIX # # Author: Patrick Vaughan <patrick_a_vaughan@hotmail.com> # # Depends upon core.schema, cosine.schema, and nis.schema # # Note: The definitions in RFC2307aix are not entirely known, # and this information is taken from the work of others. # This schema may contain extra information not necessarily needed by AIX, # but used by IBM with other products. Some modifications had to be made to # work with OpenLDAP, mainly that boolean types were changed to text because # of an incompatibility with some of the attributes and OpenLDAP. This seems # to work with AIX, until a better solution is found. # Attribute Type Definitions attributetype ( 1.3.18.0.2.4.810 NAME 'adminGroupNames' DESC 'list of groups a user adminstrates' EQUALITY 2.5.13.5 ORDERING 2.5.13.6 SUBSTR 2.5.13.7 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.793 NAME 'AIXDefaultMACLevel' DESC 'AIX default level mac' EQUALITY 2.5.13.5 ORDERING 2.5.13.6 SUBSTR 2.5.13.7 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.766 NAME 'AIXFuncMode' DESC 'AIX smit acl function modes' EQUALITY 2.5.13.5 ORDERING 2.5.13.6 SUBSTR 2.5.13.7 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.797 NAME 'AIXisDCEExport' DESC 'DCE integration flag' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.778 NAME 'AIXLowMACLevel' DESC 'AIX low level mac' EQUALITY 2.5.13.5 ORDERING 2.5.13.6 SUBSTR 2.5.13.7 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.777 NAME 'AIXPromptMAC' DESC 'prompt MAC, Mandatory Access Control, or not' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.752 NAME 'AIXScreens' DESC 'AIX SMIT screen access list' EQUALITY 2.5.13.5 ORDERING 2.5.13.6 SUBSTR 2.5.13.7 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.746 NAME 'AIXUpperMACLevel' DESC 'AIX upper level mac' EQUALITY 2.5.13.5 ORDERING 2.5.13.6 SUBSTR 2.5.13.7 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.812 NAME 'auditClasses' DESC 'classes, events, a user will be audited on' EQUALITY 2.5.13.5 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.762 NAME 'authMethod1' DESC 'the primary method for authenticating a user' EQUALITY 2.5.13.5 ORDERING 2.5.13.6 SUBSTR 2.5.13.7 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.780 NAME 'authMethod2' DESC 'secondary method for authenticating a user' EQUALITY 2.5.13.5 ORDERING 2.5.13.6 SUBSTR 2.5.13.7 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.483 NAME 'caption' DESC 'CIM-derived attribute to provide short description of the directory object entry for display purposes.' EQUALITY 2.5.13.2 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.751 NAME 'coreSizeLimit' DESC 'core file size limit' EQUALITY 2.5.13.14 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.798 NAME 'coreSizeLimitHard' DESC 'hard core file size limit' EQUALITY 2.5.13.14 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.805 NAME 'cpuSize' DESC 'limit of system units a process can use' EQUALITY 2.5.13.14 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.789 NAME 'cpuSizeHard' DESC 'largest amount of system time process can use' EQUALITY 2.5.13.14 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.763 NAME 'dataSegSize' DESC 'size for data segment' EQUALITY 2.5.13.14 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.758 NAME 'dataSegSizeHard' DESC 'largest size of data segment' EQUALITY 2.5.13.14 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.757 NAME 'filePermMask' DESC 'mask to set file permission' EQUALITY 2.5.13.8 SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.785 NAME 'fileSizeLimit' DESC 'file size limit' EQUALITY 2.5.13.14 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.779 NAME 'fileSizeLimitHard' DESC 'file size limit' EQUALITY 2.5.13.14 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.803 NAME 'groupList' DESC 'list of groups a user or role can belong to' EQUALITY 2.5.13.5 ORDERING 2.5.13.6 SUBSTR 2.5.13.7 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.538 NAME 'groupid' DESC 'Required attribute for eDominoGroup' EQUALITY 2.5.13.2 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.773 NAME 'groupSwitchUserAllowed' DESC 'list of groups that can switch user to this user' EQUALITY 2.5.13.5 ORDERING 2.5.13.6 SUBSTR 2.5.13.7 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.787 NAME 'hostLastLogin' DESC 'host name of the last successful login' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.748 NAME 'hostLastUnsuccessfulLogin' DESC 'host name of last unsuccessful login' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.726 NAME 'isAccountEnabled' DESC 'indicates whether users are allowed to login using an account (true) or not (false)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.728 NAME 'isAdministrator' DESC 'indicates whether an account has administrative authority' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.761 NAME 'isDaemon' DESC 'AIX indicator whether a user can run programs under cron or src' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.743 NAME 'isLoginAllowed' DESC 'indicate wheter a user can login' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.799 NAME 'isRemoteAccessAllowed' DESC 'permits access from a remote system' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.808 NAME 'isSwitchUserAllowed' DESC 'indicate whether a user can switch to this users account' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.760 NAME 'ixLastUpdate' DESC 'time of last update' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.771 NAME 'ixTimeLastLogin' DESC 'time of users last login' EQUALITY 2.5.13.14 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.749 NAME 'ixTimeLastUnsuccessfulLogin' DESC 'user time of last unsuccessful' EQUALITY 2.5.13.14 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.801 NAME 'loginTimes' DESC 'valid times a user is allowed to login' EQUALITY 2.5.13.5 ORDERING 2.5.13.6 SUBSTR 2.5.13.7 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.710 NAME 'maxFailedLogins' DESC 'Maximum number of failed logins before the account is locked' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE userApplications ) attributetype ( 1.3.18.0.2.4.807 NAME 'maxLogin' DESC 'maximum number of logins' EQUALITY 2.5.13.14 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.464 NAME 'numberWarnDays' DESC ' ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE userApplications ) attributetype ( 1.3.18.0.2.4.781 NAME 'openFileLimit' DESC 'limit for number of open files' EQUALITY 2.5.13.14 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.784 NAME 'openFileLimitHard' DESC 'maximun number of open files' EQUALITY 2.5.13.14 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.458 NAME 'passwordCheckMethods' DESC 'Methods for checking passwords.' EQUALITY 2.5.13.5 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE userApplications ) attributetype ( 1.3.18.0.2.4.463 NAME 'passwordDictFiles' DESC 'Password dictionary files.' EQUALITY 2.5.13.5 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE userApplications ) attributetype ( 1.3.18.0.2.4.788 NAME 'passwordExpiredWeeks' DESC 'number of weeks a user passwd history expired' EQUALITY 2.5.13.14 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.485 NAME 'passwordExpireTime' DESC 'Defines, in YYYYMMDDHHMMSS format, the date and time when a user password expires.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 USAGE userApplications ) attributetype ( 1.3.18.0.2.4.753 NAME 'passwordFlags' DESC 'password flags' EQUALITY 2.5.13.5 ORDERING 2.5.13.6 SUBSTR 2.5.13.7 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.772 NAME 'passwordHistSize' DESC 'number of previous passwords that can be stored in password history' EQUALITY 2.5.13.14 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE userApplications ) attributetype ( 2.16.840.1.113730.3.1.97 NAME 'passwordMaxAge' DESC 'Specifies, in seconds, the period of time passwords can be used before they expire.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE userApplications ) attributetype ( 1.3.18.0.2.4.802 NAME 'passwordChar' DESC 'password existance character' EQUALITY 2.5.13.5 ORDERING 2.5.13.6 SUBSTR 2.5.13.7 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.454 NAME 'passwordMaxRepeatedChars' DESC ' ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE userApplications ) attributetype ( 1.3.18.0.2.4.473 NAME 'passwordMinAlphaChars' DESC 'Specifies the minimum number of characters required for a users password.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE userApplications ) attributetype ( 1.3.18.0.2.4.499 NAME 'passwordMinDiffChars' DESC 'Specifies the minimum number of different (unique) characters required for a users password.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE userApplications ) attributetype ( 2.16.840.1.113730.3.1.99 NAME 'passwordMinLength' DESC 'Specifies the minimum number of characters required for a user\27s password.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE userApplications ) attributetype ( 1.3.18.0.2.4.469 NAME 'passwordMinOtherChars' DESC ' ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE userApplications ) attributetype ( 1.3.18.0.2.4.790 NAME 'physicalMemLimit' DESC 'limit for the amount fo physical memory that can be allocated' EQUALITY 2.5.13.14 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.744 NAME 'physicalMemLimitHard' DESC 'largest amount of physical memory that can be allocated' EQUALITY 2.5.13.14 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.319 NAME 'principalPtr' DESC 'DN pointer to a principal object (e.g. person, user, service, etc.)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE userApplications ) attributetype ( 1.3.18.0.2.4.786 NAME 'roleList' DESC 'list of roles a user or role may belong to' EQUALITY 2.5.13.5 ORDERING 2.5.13.6 SUBSTR 2.5.13.7 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.759 NAME 'stackSizeLimit' DESC 'size limit for process stack' EQUALITY 2.5.13.14 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.754 NAME 'stackSizeLimitHard' DESC 'largest stack segment for a process' EQUALITY 2.5.13.14 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.804 NAME 'systemEnvironment' DESC 'protect environment' EQUALITY 2.5.13.5 ORDERING 2.5.13.6 SUBSTR 2.5.13.7 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.809 NAME 'terminalAccess' DESC 'list of terminals that can access users account' EQUALITY 2.5.13.5 ORDERING 2.5.13.6 SUBSTR 2.5.13.7 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.767 NAME 'terminalLastLogin' DESC 'terminal users last successfully login' EQUALITY 2.5.13.5 ORDERING 2.5.13.6 SUBSTR 2.5.13.7 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.769 NAME 'terminalLastUnsuccessfulLogin' DESC 'terminal of users last unsuccessful login' EQUALITY 2.5.13.5 ORDERING 2.5.13.6 SUBSTR 2.5.13.7 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.806 NAME 'timeExpiredLogout' DESC 'inactivity time out' EQUALITY 2.5.13.14 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.474 NAME 'timeExpireLockout' DESC ' ' SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 USAGE userApplications ) attributetype ( 1.3.18.0.2.4.800 NAME 'trustedPathStatus' DESC 'indicates the users trusted path status' EQUALITY 2.5.13.5 ORDERING 2.5.13.6 SUBSTR 2.5.13.7 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.811 NAME 'unsuccessfulLoginCount' DESC 'count of unsuccessful logins' EQUALITY 2.5.13.14 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.795 NAME 'userEnvironment' DESC 'user public environment' EQUALITY 2.5.13.5 ORDERING 2.5.13.6 SUBSTR 2.5.13.7 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.783 NAME 'userName' DESC 'user name' EQUALITY 2.5.13.5 ORDERING 2.5.13.6 SUBSTR 2.5.13.7 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.1101 NAME 'passwordHistList' DESC 'list of user passwords' EQUALITY 2.5.13.5 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.2321 NAME 'hostsAllowedLogin' DESC 'The names or addresses of computer systems or networks to which a user is allowed to login.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE userApplications) attributetype ( 1.3.18.0.2.4.2322 NAME 'hostsDeniedLogin' DESC 'The names or addresses of a computer systems or networks to which a user is not allowed to login.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE userApplications) attributetype ( 1.3.18.0.2.4.2504 NAME 'passwordHistExpire' DESC 'number of weeks a user passwd history expired' EQUALITY 2.5.13.14 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.145 NAME 'capability' DESC 'Indicates the capabilities this GSO Target Service Type allows.' EQUALITY 2.5.13.2 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE userApplications ) attributetype ( 1.3.18.0.2.4.814 NAME 'GroupName' DESC 'Name of DCE group' EQUALITY 2.5.13.5 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.768 NAME 'AIXGroupAdminList' DESC 'list of administrators' EQUALITY 2.5.13.5 ORDERING 2.5.13.6 SUBSTR 2.5.13.7 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE userApplications ) attributetype ( 1.3.18.0.2.4.765 NAME 'groupPassword' DESC 'Group Password' EQUALITY 2.5.13.5 ORDERING 2.5.13.6 SUBSTR 2.5.13.7 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.2.840.113556.1.4.867 NAME 'altSecurityIdentities' DESC 'Alternate security identities. A Kerberos identity must be defined in the format kerberos:<principal>@<realm>; for example, kerberos:alice@austin.ibm.com. This attribute is defined on Active Directory.' EQUALITY 2.5.13.2 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE userApplications ) attributetype ( 1.2.840.113556.1.4.656 NAME 'userPrincipalName' DESC 'Primary security identity in the form <principal>@<realm>; for example, alice@austin.ibm.com. This attribute is defined on Active Directory.' EQUALITY 2.5.13.5 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.813 NAME 'gid' DESC 'integer ID of the group name. Used for access control of resources.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.3396 NAME 'passwordMaxConsecutiveRepeatedChars' DESC 'Attribute used to impose the maximum number of consecutive repeated characters in the password field.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE userApplications ) attributetype ( 1.3.18.0.2.4.3107 NAME 'rcmds' DESC 'allow, deny, hostlogincontrol. Specifies whether a user is allowed to run remote commands.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.756 NAME 'AIXAdminGroupId' DESC 'AIX new admin group id storage' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.776 NAME 'AIXAdminUserId' DESC 'AIX new admin user id storage' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.782 NAME 'AIXGroupID' DESC 'AIX new group id storage' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.770 NAME 'AIXUserID' DESC 'Aix new user id storage attribute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.3237 NAME 'ibm-aixProjectNameList' DESC 'Advanced accounting, list of project names' EQUALITY caseExactMatch ORDERING caseExactOrderingMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetypes: ( 1.3.18.0.2.4.3349 NAME 'ibm-defaultRoles' DESC 'List of default roles' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE userApplications ) attributetype ( 1.3.18.0.2.4.3337 NAME 'ibm-coreNamingPolicy' DESC 'Specifies core file naming policy' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetypes: ( 1.3.18.0.2.4.3336 NAME 'ibm-coreCompressionEnable' DESC 'Enable or disable corefile compression' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.3338 NAME 'ibm-corePathEnable' DESC 'Enable or disable core file path specification.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.3339 NAME 'ibm-corePathName' DESC 'Specifies a location for core files' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.3233 NAME 'ibm-aixAdminPolicyEntry' DESC 'Advanced accounting, admin policy rule' EQUALITY caseExactMatch ORDERING caseExactOrderingMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE userApplications ) attributetype ( 1.3.18.0.2.4.3234 NAME 'ibm-aixAdminPolicyName' DESC 'Advanced accounting, name of admin policy' EQUALITY caseExactMatch ORDERING caseExactOrderingMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.3235 NAME 'ibm-aixProjectDefinition' DESC 'Advanced accounting, project definition entry' EQUALITY caseExactMatch ORDERING caseExactOrderingMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE userApplications ) attributetype ( 1.3.18.0.2.4.3236 NAME 'ibm-aixProjectName' DESC 'Advanced accounting, name of project definition file' EQUALITY caseExactMatch ORDERING caseExactOrderingMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.3340 NAME 'ibm-aixpertLabel' DESC 'An unique label for a XML file' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.3341 NAME 'ibm-aixpertXmlConfigFile' DESC 'Aixpert XML configuration file' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE USAGE userApplications ) # EQUALITY octetStringMatch attributetype ( 1.3.18.0.2.4.3363 NAME 'ibm-authorizationID' DESC 'authorization numeric ID' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.332 NAME 'msgFileName' DESC 'This attribute is used to indicate a message file name which contains displayable/translatable strings for those attributes which are displayable.' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.774 NAME 'msgNumber' DESC 'index into a message catalog' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.3364 NAME 'ibm-msgSet' DESC 'Message set' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.3359 NAME 'ibm-accessAuths' DESC 'Access authorizations' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE userApplications ) attributetype ( 1.3.18.0.2.4.3354 NAME 'ibm-authPrivs' DESC 'Authorized privieges' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE userApplications ) attributetype ( 1.3.18.0.2.4.3361 NAME 'ibm-egid' DESC 'The effective group id' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.3362 NAME 'ibm-euid' DESC 'The effective user id' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE USAGE userApplications ) attributetype ( 1.3.18.0.2.4.3358 NAME 'ibm-innatePrivs' DESC 'Innate privileges' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE userApplications ) attributetype ( 1.3.18.0.2.4.3365 NAME 'ibm-inheritPrivs' DESC 'Inheritable privileges' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE userApplications ) attributetype ( 1.3.18.0.2.4.3357 NAME 'ibm-secFlags' DESC 'Security flags' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE userApplications ) attributetype ( 1.3.18.0.2.4.3356 NAME 'ibm-readPrivs' DESC 'Privileges required to read an object' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE userApplications ) attributetypes: ( 1.3.18.0.2.4.3355 NAME 'ibm-writePrivs' DESC 'Privileges required to write to an object' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE userApplications ) attributetypes: ( 1.3.18.0.2.4.3353 NAME 'ibm-readAuths' DESC 'Authorizations required to read an object' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE userApplications ) attributetypes: ( 1.3.18.0.2.4.3352 NAME 'ibm-writeAuths' DESC 'Authorizations requried to write to an object' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE userApplications ) # No OID #attributetype ( NAME 'IBM-ENTRYUUID' DESC 'A Unique Entry UUID from TDS' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15) #attributetype ( NAME 'control' DESC 'Some IBM Control attribute from TDS' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # Invalid Name 'userCertificate;binary' #attributetype ( 2.5.4.36 NAME ( 'userCertificate' 'userCertificate;binary' ) DESC 'Used to represent certificates from one or more Certification Authorities representing a user.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 USAGE userApplications ) # Attributes already in the core.schema #attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' ) DESC 'This attribute contains the name of a locality, such as a city, county or other geographic region (localityName).' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE userApplications ) #attributetype ( 2.5.4.31 NAME 'member' DESC 'Identifies the distinguished names for each member of the group.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE userApplications ) #attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' 'organization' ) DESC 'This attribute contains the name of an organization (organizationName).' SUP 2.5.4.11 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE userApplications ) objectclass ( 1.3.18.0.2.6.78 NAME 'eAccount' DESC 'Account information as used and maintained by the system.' SUP 'account' STRUCTURAL MAY ( caption $ userPassword $ userCertificate $ principalPtr ) ) objectclass ( 1.3.18.0.2.6.167 NAME 'AIXAccount' DESC 'AIX user information object class' SUP 'eAccount' STRUCTURAL MUST ( gid $ passwordChar $ userName ) MAY ( adminGroupNames $ AIXDefaultMACLevel $ AIXFuncMode $ AIXisDCEExport $ AIXLowMACLevel $ AIXPromptMAC $ AIXScreens $ AIXUpperMACLevel $ auditClasses $ authMethod1 $ authMethod2 $ coreSizeLimit $ coreSizeLimitHard $ cpuSize $ cpuSizeHard $ dataSegSize $ dataSegSizeHard $ filePermMask $ fileSizeLimit $ fileSizeLimitHard $ gecos $ groupList $ groupSwitchUserAllowed $ homeDirectory $ hostLastLogin $ hostLastUnsuccessfulLogin $ isAccountEnabled $ isadministrator $ isDaemon $ isLoginAllowed $ isRemoteAccessAllowed $ isSwitchUserAllowed $ ixLastUpdate $ ixTimeLastLogin $ ixTimeLastUnsuccessfulLogin $ loginShell $ loginTimes $ maxFailedLogins $ maxLogin $ numberWarnDays $ openFileLimit $ openFileLimitHard $ passwordCheckMethods $ passwordDictFiles $ passwordExpiredWeeks $ passwordExpireTime $ passwordFlags $ passwordHistSize $ passwordMaxAge $ passwordMaxRepeatedChars $ passwordMinAlphaChars $ passwordMinDiffChars $ passwordMinLength $ passwordMinOtherChars $ physicalMemLimit $ physicalMemLimitHard $ roleList $ stackSizeLimit $ stackSizeLimitHard $ systemEnvironment $ terminalAccess $ terminalLastLogin $ terminalLastUnsuccessfulLogin $ timeExpiredLogout $ timeExpireLockout $ trustedPathStatus $ unsuccessfulLoginCount $ userEnvironment $ passwordHistList $ passwordHistExpire $ hostsAllowedLogin $ hostsDeniedLogin ) ) objectclass ( 1.3.18.0.2.6.170 NAME 'AIXaccessGroup' DESC 'AIX group information' SUP 'top' STRUCTURAL MUST ( gid $ GroupName ) MAY ( AIXGroupAdminList $ AIXisDCEExport $ AIXScreens $ groupPassword $ isadministrator $ member ) ) objectclass ( 1.3.18.0.2.6.28 NAME 'container' DESC 'An object that can contain other objects.' SUP 'top' STRUCTURAL MUST ( cn ) ) objectclass ( 1.3.18.0.2.6.169 NAME 'AIXAdmin' DESC 'AIX class to store user/group administration attributes' SUP top STRUCTURAL MAY ( AIXAdminGroupId $ AIXAdminUserId $ AIXGroupID $ AIXUserID $ cn ) ) objectclass ( 1.3.18.0.2.6.473 NAME 'aixAuxGroup' DESC 'Auxiliary AIX group information objectclass, for use with the posixgroup objectclass.' SUP top AUXILIARY MAY ( aIXGroupAdminList $ aIXisDCEExport $ aIXScreens $ groupPassword $ isadministrator $ ibm-aixProjectNameList ) ) objectclass ( 1.3.18.0.2.6.620 NAME 'ibm-aixAccountingAdminPolicy' DESC 'Advanced Accounting admin policy object' SUP top STRUCTURAL MUST ( ibm-aixAdminPolicyEntry $ ibm-aixAdminPolicyName ) ) objectclass ( 1.3.18.0.2.6.621 NAME 'ibm-aixAccountingProject' DESC 'Advanced Accounting project defintion object' SUP top STRUCTURAL MUST ( ibm-aixProjectDefinition $ ibm-aixProjectName ) ) objectclass ( 1.3.18.0.2.6.637 NAME 'ibm-aixAixpert' DESC 'For storing Aixpert specific data' SUP top STRUCTURAL MUST ( ibm-aixpertLabel $ ibm-aixpertXmlConfigFile ) ) objectclass ( 1.3.18.0.2.6.640 NAME 'ibm-authorization' DESC 'Contains authorization definition' SUP top STRUCTURAL MUST ( cn $ ibm-authorizationID ) MAY ( msgFileName $ msgNumber $ ibm-msgSet $ description ) ) objectclass ( 1.3.18.0.2.6.642 NAME 'ibm-privcmd' DESC 'Contains privileged command definition' SUP top STRUCTURAL MUST cn MAY ( ibm-accessAuths $ ibm-authPrivs $ ibm-egid $ ibm-euid $ ibm-innatePrivs $ ibm-inheritPrivs $ ibm-secFlags $ description ) ) objectclass ( 1.3.18.0.2.6.641 NAME 'ibm-privdev' DESC 'Contains privileged device definition' SUP top STRUCTURAL MUST cn MAY ( ibm-readPrivs $ ibm-writePrivs $ description ) ) objectclass ( 1.3.18.0.2.6.639 NAME 'ibm-privfile' DESC 'Trusted configruation files' SUP top STRUCTURAL MUST cn MAY ( ibm-readAuths $ ibm-writeAuths $ description ) ) objectclass ( 1.3.18.0.2.6.241 NAME 'ibm-SecurityIdentities' DESC 'Defines the security identities of a user. The user could be a person or a service.' SUP top AUXILIARY MAY ( altSecurityIdentities $ userPrincipalName ) ) objectclass ( 1.3.18.0.2.6.472 NAME 'aixAuxAccount' DESC 'Auxiliary AIX user information objectclass, for use with posixaccount and shadowaccount objectclasses' SUP top AUXILIARY MAY ( passwordChar $ adminGroupNames $ aIXDefaultMACLevel $ aIXFuncMode $ aIXisDCEExport $ aIXLowMACLevel $ aIXPromptMAC $ aIXScreens $ aIXUpperMACLevel $ auditClasses $ authMethod1 $ authMethod2 $ coreSizeLimit $ coreSizeLimitHard $ cPuSize $ cPuSizeHard $ dataSegSize $ dataSegSizeHard $ filePermMask $ fileSizeLimit $ fileSizeLimitHard $ groupList $ groupSwitchUserAllowed $ hostLastLogin $ hostLastUnsuccessfulLogin $ hostsAllowedLogin $ hostsDeniedLogin $ isAdministrator $ isAccountEnabled $ isDaemon $ isLoginAllowed $ isRemoteAccessAllowed $ isSwitchUserAllowed $ ixTimeLastLogin $ ixTimeLastUnsuccessfulLogin $ loginTimes $ maxFailedLogins $ maxLogin $ openFileLimit $ openFileLimitHard $ passwordCheckMethods $ passwordDictFiles $ passwordExpireTime $ passwordHistSize $ passwordMaxRepeatedChars $ passwordMinAlphaChars $ passwordMinDiffChars $ passwordMinLength $ passwordMinOtherChars $ physicalMemLimit $ physicalMemLimitHard $ roleList $ StackSizeLimit $ StackSizeLimitHard $ SystemEnvironment $ terminalAccess $ terminalLastLogin $ terminalLastUnsuccessfulLogin $ timeExpiredLogout $ timeExpireLockout $ trustedPathStatus $ unsuccessfulLoginCount $ userEnvironment $ passwordFlags $ capability $ passwordHistExpire $ passwordHistList $ rcmds $ ibm-aixProjectNameList $ ibm-defaultRoles $ ibm-coreNamingPolicy $ ibm-coreCompressionEnable $ ibm-corePathEnable $ ibm-corePathName $ passwordMaxConsecutiveRepeatedChars ) )
ldap/openldap_aix.txt · Last modified: 2021/01/01 21:25 (external edit)
Except where otherwise noted, content on this wiki is licensed under the following license: GNU Free Documentation License 1.3
