martin: doc/architecture server.sgml,1.10,1.11
cvs at intevation.de
cvs at intevation.de
Tue Apr 13 04:11:31 CEST 2004
Author: martin
Update of /kolabrepository/doc/architecture
In directory doto:/tmp/cvs-serv23568
Modified Files:
server.sgml
Log Message:
Martin K.: LDAP server requirements, LDAP object classes
Index: server.sgml
===================================================================
RCS file: /kolabrepository/doc/architecture/server.sgml,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -d -r1.10 -r1.11
--- server.sgml 13 Apr 2004 01:56:20 -0000 1.10
+++ server.sgml 13 Apr 2004 02:11:28 -0000 1.11
@@ -22,6 +22,43 @@
then they must also create their own derivatives of the administration tools.
</para>
+
+<sect2><title>LDAP - Server requirements:</title>
+<para>
+We require the possible use of SSL/TLS secured LDAP connections to the LDAP Server.
+</para>
+<para>
+<programlisting>
+TLSCertificateFile cert.pem
+TLSCertificateKeyFile key.pem
+</programlisting>
+</para>
+<para>
+The Kolab daemon implements the LDAP replication protocol in order to get automatically notified
+when data in the LDAP directory changes. Therefore the LDAP server must enable replication for this
+ host and port where the Kolab daemon listens. In the common case this is the port 9999 on localhost.
+</para>
+<para>
+<programlisting>
+replica host=127.0.0.1:9999
+ binddn="cn=replicator"
+ bindmethod=simple credentials=secret
+</programlisting>
+</para>
+<para>
+A directory service is optimized for speed with regards to read operations. A typical Kolab LDAP directory
+server fits even for very large installation in the main memory of the machine running the servies. In order to
+further speed up common search operations we use indices.
+</para>
+<para>
+<programlisting>
+index objectClass eq
+index uid eq
+index mail eq
+index alias eq
+</programlisting>
+</para>
+
<sect2><title> Top Level LDAP Structure </title>
<para> It is difficult to find a commonly accepted LDAP scheme.
It seems, most real life LDAP installations go for the domain oriented apporach
@@ -274,7 +311,249 @@
<sect2><title>LDAP Object Classes</title>
<para>
<programlisting>
+objectclass ( 1.3.6.1.4.1.19414.2.2.1 NAME 'kolab'
+ DESC 'Kolab server config'
+ MUST k
+ SUP top STRUCTURAL
+ MAY ( fqhostname $
+ postfix-mydomain $
+ postfix-relaydomains $
+ postfix-mydestination $
+ postfix-mynetworks $
+ postfix-relayhost $
+ postfix-transport $
+ cyrus-autocreatequota $
+ cyrus-admins $
+ cyrus-imap $
+ cyrus-pop3 $
+ cyrus-imaps $
+ cyrus-pop3s $
+ cyrus-sieve $
+ apache-http $
+ proftpd-ftp $
+ proftpd-defaultquota $
+ uid $
+ userPassword ) )
+
+objectclass ( 1.3.6.1.4.1.19414.2.2.9 NAME 'sharedfolder'
+ DESC 'IMAP shared folder'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( acl $ userquota $ deleteflag ) )
+
+objectclass ( 1.3.6.1.4.1.5322.13.1.1 NAME 'namedObject'
+ SUP top STRUCTURAL
+ MAY cn )
+objectclass ( 2.5.6.2 NAME 'country'
+ DESC 'RFC2256: a country'
+ SUP top STRUCTURAL
+ MUST c
+ MAY ( searchGuide $ description $ deleteflag ) )
+
+objectclass ( 2.5.6.3 NAME 'locality'
+ DESC 'RFC2256: a locality'
+ SUP top STRUCTURAL
+ MAY ( street $ seeAlso $ searchGuide $ st $ l $ description $ deleteflag ) )
+
+objectclass ( 2.5.6.4 NAME 'organization'
+ DESC 'RFC2256: an organization'
+ SUP top STRUCTURAL
+ MUST o
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description $
+ c $ mail $ deleteflag $ alias ) )
+
+objectclass ( 2.5.6.5 NAME 'organizationalUnit'
+ DESC 'RFC2256: an organizational unit'
+ SUP top STRUCTURAL
+ MUST ou
+ MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description $
+ c $ mail $ deleteflag $ alias ) )
+
+objectclass ( 2.5.6.6 NAME 'person'
+ DESC 'RFC2256: a person'
+ SUP top STRUCTURAL
+ MUST ( sn $ cn )
+ MAY ( userPassword $ telephoneNumber $ seeAlso $ description $ deleteflag ) )
+
+objectclass ( 2.5.6.7 NAME 'organizationalPerson'
+ DESC 'RFC2256: an organizational person'
+ SUP person STRUCTURAL
+ MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $
+ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l $
+ c $ userquota $ deleteflag ) )
+
+objectclass ( 2.5.6.8 NAME 'organizationalRole'
+ DESC 'RFC2256: an organizational role'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( x121Address $ registeredAddress $ destinationIndicator $
+ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
+ postOfficeBox $ postalCode $ postalAddress $
+ physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
+
+objectclass ( 2.5.6.9 NAME 'groupOfNames'
+ DESC 'RFC2256: a group of names (DNs)'
+ SUP top STRUCTURAL
+ MUST ( cn )
+ MAY ( member $ businessCategory $ seeAlso $ owner $ ou $ o $ description $ deleteflag ) )
+
+objectclass ( 2.5.6.11 NAME 'applicationProcess'
+ DESC 'RFC2256: an application process'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( seeAlso $ ou $ l $ description ) )
+
+objectclass ( 2.5.6.12 NAME 'applicationEntity'
+ DESC 'RFC2256: an application entity'
+ SUP top STRUCTURAL
+ MUST ( presentationAddress $ cn )
+ MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
+ description ) )
+
+objectclass ( 2.5.6.16 NAME 'certificationAuthority'
+ DESC 'RFC2256: a certificate authority'
+ SUP top AUXILIARY
+ MUST ( authorityRevocationList $ certificateRevocationList $
+ cACertificate ) MAY crossCertificatePair )
+
+objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames'
+ DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
+ SUP top STRUCTURAL
+ MUST ( uniqueMember $ cn )
+ MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+
+objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
+ SUP certificationAuthority
+ AUXILIARY MAY ( deltaRevocationList ) )
+
+objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint'
+ SUP top STRUCTURAL
+ MUST ( cn )
+ MAY ( certificateRevocationList $ authorityRevocationList $
+ deltaRevocationList ) )
+
+objectclass ( 2.5.6.21 NAME 'pkiUser'
+ DESC 'RFC2587: a PKI user'
+ SUP top AUXILIARY
+ MAY userCertificate )
+
+objectclass ( 2.5.6.22 NAME 'pkiCA'
+ DESC 'RFC2587: PKI certificate authority'
+ SUP top AUXILIARY
+ MAY ( authorityRevocationList $ certificateRevocationList $
+ cACertificate $ crossCertificatePair ) )
+
+objectclass ( 2.5.6.23 NAME 'deltaCRL'
+ DESC 'RFC2587: PKI user'
+ SUP top AUXILIARY
+ MAY deltaRevocationList )
+
+objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
+ DESC 'RFC2079: object that contains the URI attribute type'
+ MAY ( labeledURI )
+ SUP top AUXILIARY )
+
+objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
+ DESC 'RFC1274: simple security object'
+ SUP top AUXILIARY
+ MUST userPassword )
+
+objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
+ DESC 'RFC2247: domain component object'
+ SUP top AUXILIARY MUST dc )
+
+objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject'
+ DESC 'RFC2377: uid object'
+ SUP top AUXILIARY MUST uid )
+
+
+objectclass ( 0.9.2342.19200300.100.4.7 NAME 'room'
+ SUP top STRUCTURAL
+ MUST commonName
+ MAY ( roomNumber $ description $ seeAlso $ telephoneNumber )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.13 NAME 'domain'
+ SUP top STRUCTURAL
+ MUST domainComponent
+ MAY ( associatedName $ organizationName $ description $
+ businessCategory $ seeAlso $ searchGuide $ userPassword $
+ localityName $ stateOrProvinceName $ streetAddress $
+ physicalDeliveryOfficeName $ postalAddress $ postalCode $
+ postOfficeBox $ streetAddress $
+ facsimileTelephoneNumber $ internationalISDNNumber $
+ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $
+ preferredDeliveryMethod $ destinationIndicator $
+ registeredAddress $ x121Address )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain'
+ SUP 'domain' STRUCTURAL
+ MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $
+ SOARecord $ CNAMERecord )
+ )
+
+objectclass ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject'
+ DESC 'RFC1274: an object related to an domain'
+ SUP top AUXILIARY
+ MUST associatedDomain )
+
+objectclass ( 2.16.840.1.113730.3.2.2
+ NAME 'inetOrgPerson'
+ DESC 'RFC2798: Internet Organizational Person'
+ SUP organizationalPerson
+ STRUCTURAL
+ MAY (
+ audio $ businessCategory $ carLicense $ departmentNumber $
+ displayName $ employeeNumber $ employeeType $ givenName $
+ homePhone $ homePostalAddress $ initials $ jpegPhoto $
+ labeledURI $ mail $ manager $ mobile $ o $ pager $
+ photo $ roomNumber $ secretary $ uid $ userCertificate $
+ x500uniqueIdentifier $ preferredLanguage $
+ userSMIMECertificate $ userPKCS12 $ deleteflag $ alias )
+ )
+
+
+objectclass ( XXXXXXXX
+ NAME 'kInetOrgPerson'
+ DESC 'Kolab Internet Organizational Person'
+ SUP inetOrgPerson
+ STRUCTURAL
+ MAY (
+ delegate $
+ kolabServer)
+ )
+
+
+objectclass (2.5.6.9
+ NAME 'groupOfNames'
+ DESC
+ SUB top
+ MUST cn
+ member
+ MAY businessCategory $
+ seeAlso $
+ owner $
+ ou $
+ o $
+ description )
+
</programlisting>
</para>
</sect2>
More information about the commits
mailing list