martin: doc/architecture server.sgml,1.10,1.11

cvs at intevation.de cvs at intevation.de
Tue Apr 13 04:11:31 CEST 2004 

Author: martin

Update of /kolabrepository/doc/architecture
In directory doto:/tmp/cvs-serv23568

Modified Files:
	server.sgml 
Log Message:
Martin K.: LDAP server requirements, LDAP object classes


Index: server.sgml
===================================================================
RCS file: /kolabrepository/doc/architecture/server.sgml,v
retrieving revision 1.10
retrieving revision 1.11
diff -u -d -r1.10 -r1.11
--- server.sgml	13 Apr 2004 01:56:20 -0000	1.10
+++ server.sgml	13 Apr 2004 02:11:28 -0000	1.11
@@ -22,6 +22,43 @@
 then they must also create their own derivatives of the administration tools.
 </para>
 
+
+<sect2><title>LDAP - Server requirements:</title>
+<para> 
+We require the possible use of SSL/TLS secured LDAP connections to the LDAP Server.
+</para>
+<para>
+<programlisting>
+TLSCertificateFile     cert.pem
+TLSCertificateKeyFile  key.pem
+</programlisting>
+</para>
+<para>
+The Kolab daemon implements the LDAP replication protocol in order to get automatically notified 
+when data in the LDAP directory changes. Therefore the LDAP server must enable replication for this
+ host and port where the Kolab daemon listens. In the common case this is the port 9999 on localhost.
+</para>
+<para>
+<programlisting>
+replica host=127.0.0.1:9999
+        binddn="cn=replicator"
+        bindmethod=simple credentials=secret
+</programlisting>
+</para>
+<para>
+A directory service is optimized for speed with regards to read operations. A typical Kolab LDAP directory
+server fits even for very large installation in the main memory of the machine running the servies. In order to 
+further speed up common search operations we use indices.
+</para>
+<para>
+<programlisting>
+index   objectClass     eq
+index   uid             eq
+index   mail            eq
+index   alias           eq
+</programlisting>
+</para>
+
 <sect2><title> Top Level LDAP Structure </title>
 <para> It is difficult to find a commonly accepted LDAP scheme. 
 It seems, most real life LDAP installations go for the domain oriented apporach
@@ -274,7 +311,249 @@
 <sect2><title>LDAP Object Classes</title>
 <para>
 <programlisting>
+objectclass ( 1.3.6.1.4.1.19414.2.2.1 NAME 'kolab'
+	DESC 'Kolab server config'
+	MUST k
+	SUP top STRUCTURAL
+	MAY ( 	fqhostname $
+	      	postfix-mydomain $ 
+ 		postfix-relaydomains $ 
+		postfix-mydestination $ 
+		postfix-mynetworks $ 
+ 		postfix-relayhost $ 
+		postfix-transport $
+	      	cyrus-autocreatequota $ 
+		cyrus-admins $ 
+		cyrus-imap $ 
+		cyrus-pop3 $ 
+		cyrus-imaps $ 
+		cyrus-pop3s $ 
+		cyrus-sieve $
+	      	apache-http $
+	      	proftpd-ftp $ 
+		proftpd-defaultquota $ 
+		uid $
+		userPassword ) )
+
+objectclass ( 1.3.6.1.4.1.19414.2.2.9 NAME 'sharedfolder'
+	DESC 'IMAP shared folder'
+	SUP top STRUCTURAL
+	MUST cn
+	MAY ( acl $ userquota $ deleteflag ) ) 
+
+objectclass ( 1.3.6.1.4.1.5322.13.1.1 NAME 'namedObject' 
+	SUP top STRUCTURAL 
+	MAY cn )
 
+objectclass ( 2.5.6.2 NAME 'country'
+	DESC 'RFC2256: a country'
+	SUP top STRUCTURAL
+	MUST c
+	MAY ( searchGuide $ description $ deleteflag ) )
+
+objectclass ( 2.5.6.3 NAME 'locality'
+	DESC 'RFC2256: a locality'
+	SUP top STRUCTURAL
+	MAY ( street $ seeAlso $ searchGuide $ st $ l $ description $ deleteflag ) )
+
+objectclass ( 2.5.6.4 NAME 'organization'
+	DESC 'RFC2256: an organization'
+	SUP top STRUCTURAL
+	MUST o
+	MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+		x121Address $ registeredAddress $ destinationIndicator $
+		preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+		telephoneNumber $ internationaliSDNNumber $
+		facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+		postalAddress $ physicalDeliveryOfficeName $ st $ l $ description $ 
+                c $ mail $ deleteflag $ alias ) )
+
+objectclass ( 2.5.6.5 NAME 'organizationalUnit'
+	DESC 'RFC2256: an organizational unit'
+	SUP top STRUCTURAL
+	MUST ou
+	MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+		x121Address $ registeredAddress $ destinationIndicator $
+		preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+		telephoneNumber $ internationaliSDNNumber $
+		facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+		postalAddress $ physicalDeliveryOfficeName $ st $ l $ description $ 
+                c $ mail $ deleteflag $ alias ) )
+
+objectclass ( 2.5.6.6 NAME 'person'
+	DESC 'RFC2256: a person'
+	SUP top STRUCTURAL
+	MUST ( sn $ cn )
+	MAY ( userPassword $ telephoneNumber $ seeAlso $ description $ deleteflag ) )
+
+objectclass ( 2.5.6.7 NAME 'organizationalPerson'
+	DESC 'RFC2256: an organizational person'
+	SUP person STRUCTURAL
+	MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
+		preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+		telephoneNumber $ internationaliSDNNumber $
+		facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
+		postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l $ 
+                c $ userquota $ deleteflag ) )
+
+objectclass ( 2.5.6.8 NAME 'organizationalRole'
+	DESC 'RFC2256: an organizational role'
+        SUP top STRUCTURAL
+	MUST cn
+	MAY ( x121Address $ registeredAddress $ destinationIndicator $
+		preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+		telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+		seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
+		postOfficeBox $ postalCode $ postalAddress $
+		physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
+
+objectclass ( 2.5.6.9 NAME 'groupOfNames'
+	DESC 'RFC2256: a group of names (DNs)'
+	SUP top STRUCTURAL
+	MUST ( cn )
+	MAY ( member $ businessCategory $ seeAlso $ owner $ ou $ o $ description $ deleteflag ) )
+
+objectclass ( 2.5.6.11 NAME 'applicationProcess'
+	DESC 'RFC2256: an application process'
+	SUP top STRUCTURAL
+	MUST cn
+	MAY ( seeAlso $ ou $ l $ description ) )
+
+objectclass ( 2.5.6.12 NAME 'applicationEntity'
+	DESC 'RFC2256: an application entity'
+	SUP top STRUCTURAL
+	MUST ( presentationAddress $ cn )
+	MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
+	description ) )
+
+objectclass ( 2.5.6.16 NAME 'certificationAuthority'
+	DESC 'RFC2256: a certificate authority'
+	SUP top AUXILIARY
+	MUST ( authorityRevocationList $ certificateRevocationList $
+		cACertificate ) MAY crossCertificatePair )
+
+objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames'
+	DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
+	SUP top STRUCTURAL
+	MUST ( uniqueMember $ cn )
+	MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+
+objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
+	SUP certificationAuthority
+	AUXILIARY MAY ( deltaRevocationList ) )
+
+objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint'
+	SUP top STRUCTURAL
+	MUST ( cn )
+	MAY ( certificateRevocationList $ authorityRevocationList $
+		deltaRevocationList ) )
+
+objectclass ( 2.5.6.21 NAME 'pkiUser'
+	DESC 'RFC2587: a PKI user'
+	SUP top AUXILIARY
+	MAY userCertificate )
+
+objectclass ( 2.5.6.22 NAME 'pkiCA'
+	DESC 'RFC2587: PKI certificate authority'
+	SUP top AUXILIARY
+	MAY ( authorityRevocationList $ certificateRevocationList $
+		cACertificate $ crossCertificatePair ) )
+
+objectclass ( 2.5.6.23 NAME 'deltaCRL'
+	DESC 'RFC2587: PKI user'
+	SUP top AUXILIARY
+	MAY deltaRevocationList )
+
+objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
+	DESC 'RFC2079: object that contains the URI attribute type'
+	MAY ( labeledURI )
+	SUP top AUXILIARY )
+
+objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
+	DESC 'RFC1274: simple security object'
+	SUP top AUXILIARY
+	MUST userPassword )
+
+objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
+	DESC 'RFC2247: domain component object'
+	SUP top AUXILIARY MUST dc )
+
+objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject'
+	DESC 'RFC2377: uid object'
+	SUP top AUXILIARY MUST uid )
+
+
+objectclass ( 0.9.2342.19200300.100.4.7 NAME 'room'
+	SUP top STRUCTURAL
+	MUST commonName
+	MAY ( roomNumber $ description $ seeAlso $ telephoneNumber )
+	)
+
+objectclass ( 0.9.2342.19200300.100.4.13 NAME 'domain'
+	SUP top STRUCTURAL
+	MUST domainComponent
+	MAY ( associatedName $ organizationName $ description $
+		businessCategory $ seeAlso $ searchGuide $ userPassword $
+		localityName $ stateOrProvinceName $ streetAddress $
+		physicalDeliveryOfficeName $ postalAddress $ postalCode $
+		postOfficeBox $ streetAddress $
+		facsimileTelephoneNumber $ internationalISDNNumber $
+		telephoneNumber $ teletexTerminalIdentifier $ telexNumber $
+		preferredDeliveryMethod $ destinationIndicator $
+		registeredAddress $ x121Address )
+	)
+
+objectclass ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain'
+	SUP 'domain' STRUCTURAL
+	MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $
+		SOARecord $ CNAMERecord )
+	)
+
+objectclass ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject'
+	DESC 'RFC1274: an object related to an domain'
+	SUP top AUXILIARY
+	MUST associatedDomain )
+
+objectclass	( 2.16.840.1.113730.3.2.2
+    NAME 'inetOrgPerson'
+	DESC 'RFC2798: Internet Organizational Person'
+    SUP organizationalPerson
+    STRUCTURAL
+	MAY (
+		audio $ businessCategory $ carLicense $ departmentNumber $
+		displayName $ employeeNumber $ employeeType $ givenName $
+		homePhone $ homePostalAddress $ initials $ jpegPhoto $
+		labeledURI $ mail $ manager $ mobile $ o $ pager $
+		photo $ roomNumber $ secretary $ uid $ userCertificate $
+		x500uniqueIdentifier $ preferredLanguage $
+		userSMIMECertificate $ userPKCS12 $ deleteflag $ alias )
+	)
+
+	
+objectclass	( XXXXXXXX
+    NAME 'kInetOrgPerson'
+	DESC 'Kolab Internet Organizational Person'
+    SUP inetOrgPerson
+    STRUCTURAL
+	MAY (
+		delegate $
+		kolabServer)
+	)
+	
+	
+objectclass    (2.5.6.9
+    NAME 'groupOfNames'
+        DESC 
+    SUB top
+    MUST cn
+    	 member
+    MAY  businessCategory $
+    	 seeAlso $
+	 owner $
+	 ou $
+	 o $
+	 description )
+	 
 </programlisting>
 </para>
 </sect2>

More information about the commits mailing list