Branch 'kolab-schema-2.4' - kolab2.ldif kolab2.schema
Jeroen van Meeuwen
vanmeeuwen at kolabsys.com
Wed May 4 15:49:02 CEST 2011
kolab2.ldif | 346 +++++++++++++++++++++++++
kolab2.schema | 777 ----------------------------------------------------------
2 files changed, 359 insertions(+), 764 deletions(-)
New commits:
commit 01069967274eaaecde0ba4fcb70cbc347cb99113
Author: Jeroen van Meeuwen (Ergo Project) <jeroen.van.meeuwen at ergo-project.org>
Date: Wed May 4 09:44:24 2011 -0400
Strip down the schema to the relevant attributeTypes and objectClasses to extend Netscape-based LDAP implementations with Kolab functionality, and provide the LDIF format for the schema as well
diff --git a/kolab2.ldif b/kolab2.ldif
new file mode 100644
index 0000000..3c775a1
--- /dev/null
+++ b/kolab2.ldif
@@ -0,0 +1,346 @@
+# $Id$
+# (c) 2003, 2004 Tassilo Erlewein <tassilo.erlewein at erfrakon.de>
+# (c) 2003-2009 Martin Konold <martin.konold at erfrakon.de>
+# (c) 2003 Achim Frank <achim.frank at erfrakon.de>
+#
+# Redistribution and use in source and binary forms, with or without
+# modification, are permitted provided that the following conditions are met:
+#
+# Redistributions of source code must retain the above copyright notice, this
+# list of conditions and the following disclaimer.
+#
+# Redistributions in binary form must reproduce the above copyright notice,
+# this list of conditions and the following disclaimer in the documentation
+# and/or other materials provided with the distribution.
+#
+# The name of the author may not be used to endorse or promote products derived
+# from this software without specific prior written permission.
+#
+#
+# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
+# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
+# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
+# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
+# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
+# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
+# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
+# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
+# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
+# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
+# This schema highly depends on the core.schema, cosine.schema and the inetorgperson.schema
+# as provided by 3rd parties like OpenLDAP.
+#
+# slapd.conf then looks like
+# include /kolab/etc/openldap/schema/core.schema
+# include /kolab/etc/openldap/schema/cosine.schema
+# include /kolab/etc/openldap/schema/inetorgperson.schema
+# include /kolab/etc/openldap/schema/rfc2739.schema
+# include /kolab/etc/openldap/schema/kolab2.schema
+# Prefix for OIDs: 1.3.6.1.4.1.19414 <- registered
+# Prefix for OIDs: 1.3.6.1.4.1.19414.2000 <-- temporarily reserved for ob
+# Prefix for attributes: 1.3.6.1.4.1.19414.1
+# Prefix for attributes: 1.3.6.1.4.1.19414.2
+# Prefix for objectclasses: 1.3.6.1.4.1.19414.3
+# nameprefix: kolab
+#
+dn: cn=schema
+####################
+# kolab attributes #
+####################
+# kolabDeleteflag used to be a boolean but describes with Kolab 2
+# the fqdn of the server which is requested to delete this objects
+# in its local store
+attributeTypes: ( 1.3.6.1.4.1.19414.2.1.2
+ NAME 'kolabDeleteflag'
+ DESC 'Per host deletion status'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+# alias used to provide alternative rfc822 email addresses for kolab users
+attributeTypes: ( 1.3.6.1.4.1.19414.2.1.3
+ NAME 'alias'
+ DESC 'RFC1274: RFC822 Mailbox'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+# Specifies the email delegates.
+# An email delegate can send email on behalf of the account
+# which means using the "from" of the account.
+# Delegates are specified by the syntax of rfc822 email addresses.
+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.3
+ NAME 'kolabDelegate'
+ DESC 'Kolab user allowed to act as delegates - RFC822 Mailbox/Alias'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+# For user, group and resource Kolab accounts
+# Describes how to respond to invitations
+# We keep the attribute as a string, but actually it can only have one
+# of the following values:
+#
+# ACT_ALWAYS_ACCEPT
+# ACT_ALWAYS_REJECT
+# ACT_REJECT_IF_CONFLICTS
+# ACT_MANUAL_IF_CONFLICTS
+# ACT_MANUAL
+# In addition one of these values may be prefixed with a primary email
+# address followed by a colon like
+# user at domain.tld: ACT_ALWAYS_ACCEPT
+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.4
+ NAME ( 'kolabInvitationPolicy' 'kolabResourceAction' )
+ DESC 'defines how to respond to invitations'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+# Begin date of Kolab vacation period. Sender will
+# be notified every kolabVacationResendIntervall days
+# that recipient is absent until kolabVacationEnd.
+# Values in this syntax are encoded as printable strings,
+# represented as specified in X.208.
+# Note that the time zone must be specified.
+# For Kolab we limit ourself to GMT
+# YYYYMMDDHHMMZ e.g. 200512311458Z.
+# see also: rfc 2252.
+# Currently this attribute is not used in Kolab.
+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.8
+ NAME 'kolabVacationBeginDateTime'
+ DESC 'Begin date of vacation'
+ EQUALITY generalizedTimeMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+ SINGLE-VALUE )
+# End date of Kolab vacation period. Sender will
+# be notified every kolabVacationResendIntervall days
+# that recipient is absent starting from kolabVacationBeginDateTime.
+# Values in this syntax are encoded as printable strings,
+# represented as specified in X.208.
+# Note that the time zone must be specified.
+# For Kolab we limit ourself to GMT
+# YYYYMMDDHHMMZ e.g. 200601012258Z.
+# see also: rfc 2252.
+# Currently this attribute is not used in Kolab.
+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.9
+ NAME 'kolabVacationEndDateTime'
+ DESC 'End date of vacation'
+ EQUALITY generalizedTimeMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+ SINGLE-VALUE )
+# Intervall in days after which senders get
+# another vacation message.
+# Currently this attribute is not used in Kolab.
+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.10
+ NAME 'kolabVacationResendInterval'
+ DESC 'Vacation notice interval in days'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+# Email recipient addresses which are handled by the
+# vacation script. There can be multiple kolabVacationAddress
+# entries for each kolabInetOrgPerson.
+# Default is the primary email address and all
+# email aliases of the kolabInetOrgPerson.
+# Currently this attribute is not used in Kolab.
+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.11
+ NAME 'kolabVacationAddress'
+ DESC 'Email address for vacation to response upon'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+# Enable sending vacation notices in reaction
+# unsolicited commercial email.
+# Default is no.
+# Currently this attribute is not used in Kolab.
+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.12
+ NAME 'kolabVacationReplyToUCE'
+ DESC 'Enable vacation notices to UCE'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+# Email recipient domains which are handled by the
+# vacation script. There can be multiple kolabVacationReactDomain
+# entries for each kolabInetOrgPerson
+# Default is to handle all domains.
+# Currently this attribute is not used in Kolab.
+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.13
+ NAME 'kolabVacationReactDomain'
+ DESC 'Multivalued -- Email domain for vacation to response upon'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+# Keep local copy when forwarding emails to list of
+# kolabForwardAddress.
+# Default is no.
+# Currently this attribute is not used in Kolab.
+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.15
+ NAME 'kolabForwardKeepCopy'
+ DESC 'Keep copy when forwarding'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+# Enable forwarding of UCE.
+# Default is yes.
+# Currently this attribute is not used in Kolab.
+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.16
+ NAME 'kolabForwardUCE'
+ DESC 'Enable forwarding of mails known as UCE'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+# describes the allowed or disallowed smtp addresses for
+# recipients. If this attribute is not set for a user no
+# kolab recipient policy does apply.
+# example entries:
+# .tld - allow mail to every recipient for this tld
+# domain.tld - allow mail to everyone in domain.tld
+# .domain.tld - allow mail to everyone in domain.tld and its subdomains
+# user at domain.tld - allow mail to explicit user at domain.tld
+# user@ - allow mail to this user but any domain
+# -.tld - disallow mail to every recipient for this tld
+# -domain.tld - disallow mail to everyone in domain.tld
+# -.domain.tld - disallow mail to everyone in domain.tld and its subdomains
+# -user at domain.tld - disallow mail to explicit user at domain.tld
+# -user@ - disallow mail to this user but any domain
+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.18
+ NAME 'kolabAllowSMTPRecipient'
+ DESC 'SMTP address allowed for destination (multi-valued)'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} )
+# Jeroen van Meeuwen (Kolab Systems): Unnecessary in this deployment, as users will
+# be created on one server only, however we keep this in here to allow the mail
+# server to use to be specified from the user provisioning batch operation
+#
+# Create the user mailbox on the kolabHomeServer only.
+# Default is no.
+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.19
+ NAME 'kolabHomeServerOnly'
+ DESC 'Create the user mailbox on the kolabHomeServer only'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+# describes the allowed or disallowed smtp addresses for
+# recipients. If this attribute is not set for a user no
+# kolab recipient policy does apply.
+# example entries:
+# .tld - allow mail to every recipient for this tld
+# domain.tld - allow mail to everyone in domain.tld
+# .domain.tld - allow mail to everyone in domain.tld and its subdomains
+# user at domain.tld - allow mail to explicit user at domain.tld
+# user@ - allow mail to this user but any domain
+# -.tld - disallow mail to every recipient for this tld
+# -domain.tld - disallow mail to everyone in domain.tld
+# -.domain.tld - disallow mail to everyone in domain.tld and its subdomains
+# -user at domain.tld - disallow mail to explicit user at domain.tld
+# -user@ - disallow mail to this user but any domain
+attributeTypes: ( 1.3.6.1.4.1.19414.1.1.1.43
+ NAME 'kolabAllowSMTPFrom'
+ DESC 'SMTP address accepted for receiving (multi-valued)'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} )
+# kolabFolderType describes the kind of Kolab folder
+# as defined in the kolab format specification.
+# We will annotate all folders with an entry
+# /vendor/kolab/folder-type containing the attribute
+# value.shared set to: <type>[.<subtype>].
+# The <type> can be: mail, event, journal, task, note,
+# or contact. The <subtype> for a mail folder can be
+# inbox, drafts, sentitems, or junkemail (this one holds
+# spam mails). For the other <type>s, it can only be
+# default, or not set. For other types of folders
+# supported by the clients, these should be prefixed with
+# "k-" for KMail, "h-" for Horde and "o-" for Outlook, and
+# look like for example "kolab.o-voicemail". Other third-party
+# clients shall use the "x-" prefix.
+# We then use the ANNOTATEMORE IMAP extension to
+# associate the folder type with a folder.
+attributeTypes: ( 1.3.6.1.4.1.19414.2.1.7
+ NAME 'kolabFolderType'
+ DESC 'type of a kolab folder'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+ SINGLE-VALUE )
+# cyrus imapd access control list
+# acls work with users and groups
+attributeTypes: ( 1.3.6.1.4.1.19414.2.1.651
+ NAME 'acl'
+ EQUALITY caseIgnoreIA5Match
+ SUBSTR caseIgnoreIA5SubstringsMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+##########################
+# kolabfilter attributes #
+##########################
+# enable trustable From:
+attributeTypes: ( 1.3.6.1.4.1.19414.2.1.750
+ NAME 'kolabfilter-verify-from-header'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+# should Sender header be allowed instead of From
+# when present?
+attributeTypes: ( 1.3.6.1.4.1.19414.2.1.751
+ NAME 'kolabfilter-allow-sender-header'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+# Should reject messages with From headers that dont match
+# the envelope? Default is to rewrite the header
+attributeTypes: ( 1.3.6.1.4.1.19414.2.1.752
+ NAME 'kolabfilter-reject-forged-from-header'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
+########################
+# kolab object classes #
+########################
+# public folders are typically visible to everyone subscribed to
+# the server without the need for an extra login. Subfolders are
+# defined using the hiarchy seperator '/' e.g. "sf/sub1". Please note
+# that the term public folder is prefered to shared folder because
+# normal user mailboxes can also share folders using acls.
+objectClasses: ( 1.3.6.1.4.1.19414.2.2.9
+ NAME 'kolabSharedFolder'
+ DESC 'Kolab public shared folder'
+ SUP top STRUCTURAL
+ MUST cn
+ MAY ( acl $
+ mailHost $
+ kolabFolderType $
+ kolabDeleteflag ) )
+# kolab account
+# we use an auxiliary in order to ease integration
+# with existing inetOrgPerson objects
+# Please note that userPassword is a may
+# attribute in the schema but is mandatory for
+# Kolab
+objectClasses: ( 1.3.6.1.4.1.19414.3.2.2
+ NAME 'kolabInetOrgPerson'
+ DESC 'Kolab Internet Organizational Person'
+ SUP top AUXILIARY
+ MAY ( alias $
+ mailHost $
+ kolabHomeServerOnly $
+ kolabDelegate $
+ kolabInvitationPolicy $
+ kolabVacationBeginDateTime $
+ kolabVacationEndDateTime $
+ kolabVacationResendInterval $
+ kolabVacationAddress $
+ kolabVacationReplyToUCE $
+ kolabVacationReactDomain $
+ kolabForwardKeepCopy $
+ kolabForwardUCE $
+ kolabAllowSMTPRecipient $
+ kolabAllowSMTPFrom $
+ kolabDeleteflag ) )
+# kolab groupOfNames with extra kolabDeleteflag and the required
+# attribute mail.
+# The mail attribute for kolab objects of the type kolabGroupOfNames
+# is not arbitrary but MUST be a single attribute of the form
+# of an valid SMTP address with the CN as the local part.
+# E.g cn at kolabdomain (e.g. employees at mydomain.com). The
+# mail attribute MUST be globally unique.
+objectClasses: ( 1.3.6.1.4.1.19414.3.2.5
+ NAME 'kolabGroupOfNames'
+ DESC 'Kolab group of names (DNs) derived from RFC2256'
+ SUP top AUXILIARY
+ MAY ( mail $
+ kolabDeleteflag ) )
+
diff --git a/kolab2.schema b/kolab2.schema
index f8d8c41..5ef245e 100644
--- a/kolab2.schema
+++ b/kolab2.schema
@@ -27,7 +27,6 @@
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
# This schema highly depends on the core.schema, cosine.schema and the inetorgperson.schema
# as provided by 3rd parties like OpenLDAP.
#
@@ -37,7 +36,6 @@
# include /kolab/etc/openldap/schema/inetorgperson.schema
# include /kolab/etc/openldap/schema/rfc2739.schema
# include /kolab/etc/openldap/schema/kolab2.schema
-
# Prefix for OIDs: 1.3.6.1.4.1.19414 <- registered
# Prefix for OIDs: 1.3.6.1.4.1.19414.2000 <-- temporarily reserved for ob
# Prefix for attributes: 1.3.6.1.4.1.19414.1
@@ -45,17 +43,10 @@
# Prefix for objectclasses: 1.3.6.1.4.1.19414.3
# nameprefix: kolab
#
+dn: cn=schema
####################
# kolab attributes #
####################
-
-# helper attribute to make the kolab root easily findable in
-# a big ldap directory
-attributetype ( 1.3.6.1.4.1.19414.2.1.1
- NAME ( 'k' 'kolab' )
- DESC 'Kolab attribute'
- SUP name )
-
# kolabDeleteflag used to be a boolean but describes with Kolab 2
# the fqdn of the server which is requested to delete this objects
# in its local store
@@ -65,7 +56,6 @@ attributetype ( 1.3.6.1.4.1.19414.2.1.2
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-
# alias used to provide alternative rfc822 email addresses for kolab users
attributetype ( 1.3.6.1.4.1.19414.2.1.3
NAME 'alias'
@@ -73,49 +63,6 @@ attributetype ( 1.3.6.1.4.1.19414.2.1.3
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-
-# kolabEncryptedPassword is an asymmetrically (RSA) encrypted copy of the
-# cleartext password. This is required in order to pass the password from
-# the maintainance/administration application to the kolabHomeServer running the
-# resource handler application in a secure manner.
-# Actually this attribute is deprecated as of Kolab 2.1. Instead we grant the
-# calendar user dn: cn=calendar,cn=internal,dc=yourcompany,dc=com access to
-# the respective calendar folder using IMAP ACLs.
-attributetype ( 1.3.6.1.4.1.19414.2.1.4
- NAME 'kolabEncryptedPassword'
- DESC 'base64 encoded public key encrypted Password'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
-# hostname including the domain name like kolab-master.yourcompany.com
-attributetype ( 1.3.6.1.4.1.19414.2.1.5
- NAME ( 'fqhostname' 'fqdnhostname' )
- DESC 'Fully qualified Hostname including full domain component'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-
-# fqdn of all hosts in a multi-location or cluster setup
-attributetype ( 1.3.6.1.4.1.19414.2.1.6
- NAME 'kolabHost'
- DESC 'Multivalued -- list of hostnames in a Kolab setup'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-
-# fqdn of the server containg the actual user mailbox
-attributetype ( 1.3.6.1.4.1.19414.1.1.1.1
- NAME 'kolabHomeServer'
- DESC 'server which keeps the users mailbox'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-
-# flag for allowing unrestriced length of mails
-attributetype ( 1.3.6.1.4.1.19414.1.1.1.2
- NAME 'unrestrictedMailSize'
- EQUALITY booleanMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
-
# Specifies the email delegates.
# An email delegate can send email on behalf of the account
# which means using the "from" of the account.
@@ -126,7 +73,6 @@ attributetype ( 1.3.6.1.4.1.19414.1.1.1.3
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-
# For user, group and resource Kolab accounts
# Describes how to respond to invitations
# We keep the attribute as a string, but actually it can only have one
@@ -146,36 +92,6 @@ attributetype ( 1.3.6.1.4.1.19414.1.1.1.4
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-
-# time span from now to the future used for the free busy data
-# measured in days
-attributetype ( 1.3.6.1.4.1.19414.1.1.1.5
- NAME 'kolabFreeBusyFuture'
- DESC 'time in days for fb data towards the future'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
-
-# time span from now to the past used for the free busy data
-# measured in days
-attributetype ( 1.3.6.1.4.1.19414.1.1.1.6
- NAME 'kolabFreeBusyPast'
- DESC 'time in days for fb data towards the past'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
-
-# fqdn of the server as the default SMTP MTA
-# not used in Kolab 2 currently as in Kolab 2 the
-# default MTA is equivalent to the kolabHomeServer
-attributetype ( 1.3.6.1.4.1.19414.1.1.1.7
- NAME 'kolabHomeMTA'
- DESC 'fqdn of default MTA'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
- SINGLE-VALUE )
-
# Begin date of Kolab vacation period. Sender will
# be notified every kolabVacationResendIntervall days
# that recipient is absent until kolabVacationEnd.
@@ -192,7 +108,6 @@ attributetype ( 1.3.6.1.4.1.19414.1.1.1.8
EQUALITY generalizedTimeMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-VALUE )
-
# End date of Kolab vacation period. Sender will
# be notified every kolabVacationResendIntervall days
# that recipient is absent starting from kolabVacationBeginDateTime.
@@ -209,7 +124,6 @@ attributetype ( 1.3.6.1.4.1.19414.1.1.1.9
EQUALITY generalizedTimeMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-VALUE )
-
# Intervall in days after which senders get
# another vacation message.
# Currently this attribute is not used in Kolab.
@@ -219,7 +133,6 @@ attributetype ( 1.3.6.1.4.1.19414.1.1.1.10
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
-
# Email recipient addresses which are handled by the
# vacation script. There can be multiple kolabVacationAddress
# entries for each kolabInetOrgPerson.
@@ -232,7 +145,6 @@ attributetype ( 1.3.6.1.4.1.19414.1.1.1.11
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-
# Enable sending vacation notices in reaction
# unsolicited commercial email.
# Default is no.
@@ -243,7 +155,6 @@ attributetype ( 1.3.6.1.4.1.19414.1.1.1.12
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
-
# Email recipient domains which are handled by the
# vacation script. There can be multiple kolabVacationReactDomain
# entries for each kolabInetOrgPerson
@@ -255,19 +166,6 @@ attributetype ( 1.3.6.1.4.1.19414.1.1.1.13
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-
-# Forward all incoming emails except UCE if kolabForwardUCE
-# is not set to this email address.
-# There can be multiple kolabForwardAddress entries for
-# each kolabInetOrgPerson.
-# Currently this attribute is not used in Kolab.
-attributetype ( 1.3.6.1.4.1.19414.1.1.1.14
- NAME 'kolabForwardAddress'
- DESC 'Forward email to this address'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-
# Keep local copy when forwarding emails to list of
# kolabForwardAddress.
# Default is no.
@@ -278,7 +176,6 @@ attributetype ( 1.3.6.1.4.1.19414.1.1.1.15
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
-
# Enable forwarding of UCE.
# Default is yes.
# Currently this attribute is not used in Kolab.
@@ -288,20 +185,6 @@ attributetype ( 1.3.6.1.4.1.19414.1.1.1.16
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
-
-# comment when creating or deleting a kolab object
-# a comment might be appropriate. This is most useful
-# for tracability when users get moved to the graveyard
-# instead of being really deleted. Every entry must be prefixed
-# with an ISO 8601 date string e.g 200604301458Z. All times must
-# be in zulu timezone.
-attributetype ( 1.3.6.1.4.1.19414.1.1.1.17
- NAME 'kolabComment'
- DESC 'multi-value comment'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
-
# describes the allowed or disallowed smtp addresses for
# recipients. If this attribute is not set for a user no
# kolab recipient policy does apply.
@@ -322,7 +205,10 @@ attributetype ( 1.3.6.1.4.1.19414.1.1.1.18
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} )
-
+# Jeroen van Meeuwen (Kolab Systems): Unnecessary in this deployment, as users will
+# be created on one server only, however we keep this in here to allow the mail
+# server to use to be specified from the user provisioning batch operation
+#
# Create the user mailbox on the kolabHomeServer only.
# Default is no.
attributetype ( 1.3.6.1.4.1.19414.1.1.1.19
@@ -331,115 +217,6 @@ attributetype ( 1.3.6.1.4.1.19414.1.1.1.19
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.19414.1.1.1.20
- NAME 'kolabMaritalStatus'
- DESC 'ledig(0), verh.(1)} DEFAULT ledig'
- EQUALITY integerMatch
- SINGLE-VALUE
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{1} )
-
-attributetype ( 1.3.6.1.4.1.19414.1.1.1.21
- NAME ( 'homeFacsimileTelephoneNumber' 'homeFaxNumber' )
- DESC 'private facsimilie telephone number'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
-
-attributetype ( 1.3.6.1.4.1.19414.1.1.1.25
- NAME 'bylawURI'
- DESC 'URI pointing at the bylaw'
- SUP labeledURI
- SINGLE-VALUE )
-
-# Single string with $ seperated lines consisting of
-# surname $
-# givenName $
-# dateOfBirth $
-# restrictions $
-# signer of contract ('true'/'false')
-attributetype ( 1.3.6.1.4.1.19414.1.1.1.27
- NAME 'legalRepresentative'
- DESC 'legal representative'
- EQUALITY caseIgnoreListMatch
- SUBSTR caseIgnoreListSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
-
-# Single string with $ seperated lines consisting of
-# surname $
-# givenName $
-# dateOfBirth $
-# restrictions $
-# signer of contract ('true'/'false')
-attributetype ( 1.3.6.1.4.1.19414.1.1.1.28
- NAME 'commercialProcuration'
- DESC 'described person which has commercial procuration'
- EQUALITY caseIgnoreListMatch
- SUBSTR caseIgnoreListSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
-
-attributetype ( 1.3.6.1.4.1.19414.1.1.1.29
- NAME 'legalRepresentationPolicy'
- DESC 'described how legal representation works'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
-attributetype ( 1.3.6.1.4.1.19414.1.1.1.31
- NAME 'inLiquidation'
- EQUALITY booleanMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
-
-attributetype ( 1.3.6.1.4.1.19414.1.1.1.32
- NAME 'tradeRegisterRegisteredCapital'
- EQUALITY integerMatch
- SINGLE-VALUE
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
-
-attributetype ( 1.3.6.1.4.1.19414.1.1.1.33
- NAME 'tradeRegisterType'
- SINGLE-VALUE
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 1.3.6.1.4.1.19414.1.1.1.36
- NAME 'tradeRegisterURI'
- SUP labeledURI
- SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.19414.1.1.1.37
- NAME 'tradeRegisterLastChangedDate'
- EQUALITY generalizedTimeMatch
- SINGLE-VALUE
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
-
-attributetype ( 1.3.6.1.4.1.19414.1.1.1.38
- NAME 'kolabGermanBankAccountNumber'
- DESC 'The 8-digits number of a german bank account without spaces'
- SINGLE-VALUE
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{10} )
-
-attributetype ( 1.3.6.1.4.1.19414.1.1.1.39
- NAME 'kolabGermanBankCode'
- DESC 'The 8-digits number of a german bank code (BLZ) without spaces'
- SINGLE-VALUE
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{8} )
-
-attributetype ( 1.3.6.1.4.1.19414.1.1.1.40
- NAME 'kolabGermanBankName'
- DESC 'The name of a german bank registered in the BLZ table published by Deutsche Bundesbank.'
- SUP name
- SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.19414.1.1.1.41
- NAME 'kolabGermanBankAccountInfo'
- DESC 'Composed field containing a one-line human-readable representation of all necessary information.'
- SINGLE-VALUE
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
-attributetype ( 1.3.6.1.4.1.19414.1.1.1.42
- NAME 'kolabGermanBankAccountHolder'
- DESC 'The name of the holder of a german bank account commonly used as recipient name.'
- SINGLE-VALUE
- SUP name )
-
# describes the allowed or disallowed smtp addresses for
# recipients. If this attribute is not set for a user no
# kolab recipient policy does apply.
@@ -454,21 +231,12 @@ attributetype ( 1.3.6.1.4.1.19414.1.1.1.42
# -.domain.tld - disallow mail to everyone in domain.tld and its subdomains
# -user at domain.tld - disallow mail to explicit user at domain.tld
# -user@ - disallow mail to this user but any domain
-
attributetype ( 1.3.6.1.4.1.19414.1.1.1.43
NAME 'kolabAllowSMTPFrom'
DESC 'SMTP address accepted for receiving (multi-valued)'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} )
-
-attributetype ( 1.3.6.1.4.1.19414.1.1.1.44
- NAME 'kolabSalutation'
- DESC 'Salutation like Mr., Mrs, Herr, Frau)'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{64} )
-
# kolabFolderType describes the kind of Kolab folder
# as defined in the kolab format specification.
# We will annotate all folders with an entry
@@ -492,112 +260,6 @@ attributetype ( 1.3.6.1.4.1.19414.2.1.7
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
SINGLE-VALUE )
-
-######################
-# postfix attributes #
-######################
-
-attributetype ( 1.3.6.1.4.1.19414.2.1.501
- NAME 'postfix-mydomain'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-
-attributetype ( 1.3.6.1.4.1.19414.2.1.502
- NAME 'postfix-relaydomains'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-
-attributetype ( 1.3.6.1.4.1.19414.2.1.503
- NAME 'postfix-mydestination'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-
-attributetype ( 1.3.6.1.4.1.19414.2.1.504
- NAME 'postfix-mynetworks'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-
-attributetype ( 1.3.6.1.4.1.19414.2.1.505
- NAME 'postfix-relayhost'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-
-attributetype ( 1.3.6.1.4.1.19414.2.1.506
- NAME 'postfix-transport'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-
-attributetype ( 1.3.6.1.4.1.19414.2.1.507
- NAME 'postfix-enable-virus-scan'
- EQUALITY booleanMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.19414.2.1.508
- NAME 'postfix-allow-unauthenticated'
- EQUALITY booleanMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.19414.2.1.509
- NAME 'postfix-virtual'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-
-attributetype ( 1.3.6.1.4.1.19414.2.1.510
- NAME 'postfix-relayport'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-
-attributetype ( 1.3.6.1.4.1.19414.2.1.511
- NAME 'postfix-message-size-limit'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
-
-##########################
-# cyrus imapd attributes #
-##########################
-
-attributetype ( 1.3.6.1.4.1.19414.2.1.601
- NAME 'cyrus-autocreatequota'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
- SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.19414.2.1.602
- NAME 'cyrus-admins'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-
-# enable plain imap without ssl
-attributetype ( 1.3.6.1.4.1.19414.2.1.603
- NAME 'cyrus-imap'
- EQUALITY booleanMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
- SINGLE-VALUE )
-
-# enable legacy pop3
-attributetype ( 1.3.6.1.4.1.19414.2.1.604
- NAME 'cyrus-pop3'
- EQUALITY booleanMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
-
-# user specific quota on the cyrus imap server
-attributetype ( 1.3.6.1.4.1.19414.2.1.605
- NAME 'cyrus-userquota'
- DESC 'Mailbox hard quota limit in MB'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
-
# cyrus imapd access control list
# acls work with users and groups
attributetype ( 1.3.6.1.4.1.19414.2.1.651
@@ -605,360 +267,29 @@ attributetype ( 1.3.6.1.4.1.19414.2.1.651
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-
-# enable secure imap
-attributetype ( 1.3.6.1.4.1.19414.2.1.606
- NAME 'cyrus-imaps'
- EQUALITY booleanMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
-
-# enable secure pop3
-attributetype ( 1.3.6.1.4.1.19414.2.1.607
- NAME 'cyrus-pop3s'
- EQUALITY booleanMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
-
-# enable sieve support (required for forward and vacation services)
-attributetype ( 1.3.6.1.4.1.19414.2.1.608
- NAME 'cyrus-sieve'
- EQUALITY booleanMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
-
-# installation wide percentage which determines when to send a
-# warning to the user
-attributetype ( 1.3.6.1.4.1.19414.2.1.609
- NAME 'cyrus-quotawarn'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
-
-# enable smmap support
-attributetype ( 1.3.6.1.4.1.19414.2.1.610
- NAME 'cyrus-smmap'
- EQUALITY booleanMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
-
-# enable fulldirhash support
-attributetype ( 1.3.6.1.4.1.19414.2.1.611
- NAME 'cyrus-fulldirhash'
- EQUALITY booleanMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
-
-# enable hashimapspool support
-attributetype ( 1.3.6.1.4.1.19414.2.1.612
- NAME 'cyrus-hashimapspool'
- EQUALITY booleanMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
-
-# enable squatter support
-attributetype ( 1.3.6.1.4.1.19414.2.1.613
- NAME 'cyrus-squatter'
- EQUALITY booleanMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
-
-
-#############################
-# apache and php attributes #
-#############################
-
-# enable plain http (no ssl)
-attributetype ( 1.3.6.1.4.1.19414.2.1.701
- NAME 'apache-http'
- EQUALITY booleanMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
-
-# Allow freebusy download without authenticating first
-attributetype ( 1.3.6.1.4.1.19414.2.1.702
- NAME 'apache-allow-unauthenticated-fb'
- EQUALITY booleanMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
-
##########################
# kolabfilter attributes #
##########################
-
# enable trustable From:
attributetype ( 1.3.6.1.4.1.19414.2.1.750
NAME 'kolabfilter-verify-from-header'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
-
# should Sender header be allowed instead of From
# when present?
attributetype ( 1.3.6.1.4.1.19414.2.1.751
NAME 'kolabfilter-allow-sender-header'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
-
# Should reject messages with From headers that dont match
# the envelope? Default is to rewrite the header
attributetype ( 1.3.6.1.4.1.19414.2.1.752
NAME 'kolabfilter-reject-forged-from-header'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
-
-# Enable the Kolab Policy Daemon. If false or not
-# set don't use the Kolab Policy Daemon
-attributetype ( 1.3.6.1.4.1.19414.2.1.800
- NAME 'kolabPolicyDaemon'
- EQUALITY booleanMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
-
-# Configurable list of ciphers considered to be secure enough for our purposes.
-# E.g. TLS 1.0 and SSL 3.0
-attributetype ( 1.3.6.1.4.1.19414.2.1.801
- NAME 'kolabSecureCiphers'
- DESC 'comma separated list of ciphers considered to be secure'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SINGLE-VALUE
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-
-
-######################################################
-# proftpd attributes (unused since Kolab Server 2.2) #
-######################################################
-
-attributetype ( 1.3.6.1.4.1.19414.2.1.901
- NAME 'proftpd-defaultquota'
- EQUALITY integerMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
-
-attributetype ( 1.3.6.1.4.1.19414.2.1.902
- NAME 'proftpd-ftp'
- EQUALITY booleanMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
-
-attributetype ( 1.3.6.1.4.1.19414.2.1.903
- NAME 'proftpd-userPassword'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
-########################################################################
-# pop3 service attributes (suitable to integrate external pop3 sources #
-########################################################################
-
-attributetype ( 1.3.6.1.4.1.19414.2.1.1001
- NAME 'externalPop3AccountDescription'
- DESC 'a human readable description of the external POP3 account e.g. my gmail account'
- SINGLE-VALUE
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
-
-attributetype ( 1.3.6.1.4.1.19414.2.1.1002
- NAME 'externalPop3AccountMail'
- DESC 'email address associated with the external POP3 account e.g. givenname.surname at gmail.com'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-
-attributetype ( 1.3.6.1.4.1.19414.2.1.1003
- NAME 'externalPop3AccountServer'
- DESC 'Pop3 server associated with the external POP3 account e.g. pop3.provider.com'
- SINGLE-VALUE
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
-
-attributetype ( 1.3.6.1.4.1.19414.2.1.1004
- NAME 'externalPop3AccountPort'
- DESC 'TCP port number used for pop3 service associated with the external POP3 account e.g. 110'
- EQUALITY integerMatch
- SINGLE-VALUE
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{5} )
-
-attributetype ( 1.3.6.1.4.1.19414.2.1.1005
- NAME 'externalPop3AccountUseSSL'
- DESC 'boolean defining if SSL must be used for external POP3 account - requires suitable externalPop3AccountPort'
- EQUALITY booleanMatch
- SINGLE-VALUE
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
-
-attributetype ( 1.3.6.1.4.1.19414.2.1.1006
- NAME 'externalPop3AccountUseTLS'
- DESC 'boolean defining if TLS must be used for external POP3 account'
- EQUALITY booleanMatch
- SINGLE-VALUE
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
-
-# sometimes useful for self-signed certificates
-attributetype ( 1.3.6.1.4.1.19414.2.1.1007
- NAME 'externalPop3AccountCheckServerCertificate'
- DESC 'allows to disable checking server certificates when using SSL or TLS - beware of MIT-attacks!'
- EQUALITY booleanMatch
- SINGLE-VALUE
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
-
-attributetype ( 1.3.6.1.4.1.19414.2.1.1008
- NAME 'externalPop3AccountLoginName'
- DESC 'name used to login into pop3 account often this uid is equivalent to the email address'
- SINGLE-VALUE
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-attributetype ( 1.3.6.1.4.1.19414.2.1.1009
- NAME 'externalPop3EncryptedAccountPassword'
- DESC 'encryped password for the external POP3 account - secret key must be known to the pop3 fetch service'
- SINGLE-VALUE
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.40)
-
-attributetype ( 1.3.6.1.4.1.19414.2.1.1010
- NAME 'externalPop3AccountKeepMailOnServer'
- DESC 'controls if fetched message shall remain on external POP3 server - beware this is often unreliable'
- EQUALITY booleanMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
-
-attributetype ( 1.3.6.1.4.1.19414.2.1.1011
- NAME 'externalPop3AccountLoginMethod'
- DESC 'login method used for external POP3 account - currently these are plainText, LOGIN, PLAIN, NTLM, DIGEST-MD5, CRAM-MD5, GSSAPI and APOP'
- EQUALITY caseIgnoreIA5Match
- SUBSTR caseIgnoreIA5SubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} )
-
-########################
-# external definitions #
-########################
-
-# extended from apple.schema
-attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.27
- NAME ( 'apple-birthday' 'dateOfBirth' 'dateOfIncorporation' )
- DESC 'Birthday or date of incorporation'
- EQUALITY generalizedTimeMatch
- SUBSTR caseExactIA5SubstringsMatch
- SINGLE-VALUE
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
-
-# from http://www.stroeder.com/stroeder.com.schema
-attributetype ( 1.3.6.1.4.1.5427.1.389.4.12
- NAME ( 'birthPlace' 'placeOfBirth' )
- DESC 'Place of birth'
- SUP name
- SINGLE-VALUE )
-
-# from http://www.stroeder.com/stroeder.com.schema
-attributetype ( 1.3.6.1.4.1.5427.1.389.4.14
- NAME 'birthName'
- DESC 'Last name at time of birth, e.g. maiden name'
- SUP name
- SINGLE-VALUE )
-
-# from http://www.stroeder.com/stroeder.com.schema
-# The following data items and codes are used (see ISO 5218):
-# Not known 0
-# Male 1
-# Female 2
-# Not specified 9
-#
-attributetype ( 1.3.6.1.4.1.5427.1.389.4.7
- NAME 'gender'
- DESC 'Representation of human sex (see ISO 5218)'
- EQUALITY integerMatch
- SINGLE-VALUE
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.27{1} )
-
-# from http://www.stroeder.com/stroeder.com.schema
-# tax ID of person or company within Germany
-#
-attributetype ( 1.3.6.1.4.1.5427.1.389.4.666
- NAME 'germanTaxId'
- DESC 'tax ID of person or company within Germany'
- EQUALITY caseIgnoreMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{20} )
-
-# rfc 3039
-# ISO 3166 Country Code
-# multiple citizenships are possible!
-attributetype ( 1.3.6.1.5.5.7.9.4
- NAME 'countryOfCitizenship'
- DESC 'Country of citizenship'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 )
-
-# ISO 3166 Country Code
-attributetype ( 1.3.6.1.5.5.7.9.5
- NAME 'countryOfResidence'
- DESC 'Country of residence'
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.11 )
-
-# http://www.daasi.de/
-attributetype ( 1.3.6.1.4.1.5062.1.1.3.16
- NAME 'legalForm'
- DESC 'legal form of a company'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SINGLE-VALUE
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
-# http://www.daasi.de/
-# location of the trade register authority
-attributetype ( 1.3.6.1.4.1.5062.1.1.3.17
- NAME 'tradeRegisterLocation'
- DESC 'Location of the trade registrar where the organization is registered'
- SUP name
- SINGLE-VALUE )
-
-# http://www.daasi.de/
-# registration number a the trade register authority
-attributetype ( 1.3.6.1.4.1.5062.1.1.3.18
- NAME 'tradeRegisterIdentifier'
- DESC 'Idientifier with which an organization is registered'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SINGLE-VALUE
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
-# https://forxa.mancomun.org/plugins/scmsvn/viewcvs.php/trunk/ldap/dxpisi.schema?annotate=29&root=mancomun
-# VATNumber
-# Identifier number for companies and persons. In Spain it is the same as NIF/CIF.
-# In Germany it is called Umsatzsteueridentifikationsnummer.
-attributetype ( 1.3.6.1.4.1.27994.1.3.4
- NAME 'VATNumber'
- DESC 'Identifier number for companies and persons'
- EQUALITY caseIgnoreMatch
- SUBSTR caseIgnoreSubstringsMatch
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{10} )
-
########################
# kolab object classes #
########################
-
-# main kolab server configuration
-# storing global values and user specific default values
-# like kolabFreeBusyFuture and kolabFreeBusyPast
-objectclass ( 1.3.6.1.4.1.19414.2.2.1
- NAME 'kolab'
- DESC 'Kolab server configuration'
- SUP top STRUCTURAL
- MUST k
- MAY ( kolabHost $
- postfix-mydomain $
- postfix-relaydomains $
- postfix-mydestination $
- postfix-mynetworks $
- postfix-relayhost $
- postfix-relayport $
- postfix-transport $
- postfix-virtual $
- postfix-enable-virus-scan $
- postfix-allow-unauthenticated $
- postfix-message-size-limit $
- cyrus-quotawarn $
- cyrus-autocreatequota $
- cyrus-admins $
- cyrus-imap $
- cyrus-pop3 $
- cyrus-imaps $
- cyrus-pop3s $
- cyrus-sieve $
- cyrus-smmap $
- cyrus-fulldirhash $
- cyrus-hashimapspool $
- cyrus-squatter $
- apache-http $
- apache-allow-unauthenticated-fb $
- kolabfilter-verify-from-header $
- kolabfilter-allow-sender-header $
- kolabfilter-reject-forged-from-header $
- kolabPolicyDaemon $
- kolabSecureCiphers $
- proftpd-ftp $
- proftpd-defaultquota $
- kolabFreeBusyFuture $
- kolabFreeBusyPast $
- uid $
- userPassword ) )
-
# public folders are typically visible to everyone subscribed to
# the server without the need for an extra login. Subfolders are
# defined using the hiarchy seperator '/' e.g. "sf/sub1". Please note
@@ -970,22 +301,9 @@ objectclass ( 1.3.6.1.4.1.19414.2.2.9
SUP top STRUCTURAL
MUST cn
MAY ( acl $
- alias $
- cyrus-userquota $
- kolabHomeServer $
+ mailHost $
kolabFolderType $
kolabDeleteflag ) )
-
-# kolabNamedObject is used as a plain node for the LDAP tree.
-# In contrast to unix filesystem directories LDAP nodes can
-# and often do also have contents/attributes. We use the
-# kolabNamedObject in order to put some structure in the
-# LDAP directory tree.
-objectclass ( 1.3.6.1.4.1.5322.13.1.1
- NAME 'kolabNamedObject'
- SUP top STRUCTURAL
- MAY (cn $ ou) )
-
# kolab account
# we use an auxiliary in order to ease integration
# with existing inetOrgPerson objects
@@ -996,66 +314,22 @@ objectclass ( 1.3.6.1.4.1.19414.3.2.2
NAME 'kolabInetOrgPerson'
DESC 'Kolab Internet Organizational Person'
SUP top AUXILIARY
- MAY ( c $
- alias $
- pseudonym $
- kolabHomeServer $
+ MAY ( alias $
+ mailHost $
kolabHomeServerOnly $
- kolabHomeMTA $
- unrestrictedMailSize $
kolabDelegate $
- kolabEncryptedPassword $
- cyrus-userquota $
kolabInvitationPolicy $
- kolabFreeBusyFuture $
kolabVacationBeginDateTime $
kolabVacationEndDateTime $
kolabVacationResendInterval $
kolabVacationAddress $
kolabVacationReplyToUCE $
kolabVacationReactDomain $
- kolabForwardAddress $
kolabForwardKeepCopy $
kolabForwardUCE $
kolabAllowSMTPRecipient $
kolabAllowSMTPFrom $
- kolabSalutation $
- kolabMaritalStatus $
- dateOfBirth $
- placeOfBirth $
- birthName $
- gender $
- homeFacsimileTelephoneNumber $
- countryOfCitizenship $
- countryOfResidence $
- legalForm $
- tradeRegisterLocation $
- tradeRegisterIdentifier $
- VATNumber $
- germanTaxId $
- kolabDeleteflag $
- kolabComment ) )
-
-# kolab organization with country support
-objectclass ( 1.3.6.1.4.1.19414.3.2.3
- NAME 'kolabOrganization'
- DESC 'RFC2256: a Kolab organization'
- SUP organization STRUCTURAL
- MAY ( c $
- mail $
- kolabDeleteflag $
- alias ) )
-
-# kolab organizational unit with country support
-objectclass ( 1.3.6.1.4.1.19414.3.2.4
- NAME 'kolabOrganizationalUnit'
- DESC 'a Kolab organizational unit'
- SUP organizationalUnit STRUCTURAL
- MAY ( c $
- mail $
- kolabDeleteflag $
- alias ) )
-
+ kolabDeleteflag ) )
# kolab groupOfNames with extra kolabDeleteflag and the required
# attribute mail.
# The mail attribute for kolab objects of the type kolabGroupOfNames
@@ -1063,35 +337,10 @@ objectclass ( 1.3.6.1.4.1.19414.3.2.4
# of an valid SMTP address with the CN as the local part.
# E.g cn at kolabdomain (e.g. employees at mydomain.com). The
# mail attribute MUST be globally unique.
-objectclass ( 1.3.6.1.4.1.19414.3.2.5
- NAME 'kolabGroupOfNames'
- DESC 'Kolab group of names (DNs) derived from RFC2256'
- SUP groupOfNames STRUCTURAL
+objectclass ( 1.3.6.1.4.1.19414.3.2.8
+ NAME 'kolabGroupOfUniqueNames'
+ DESC 'Kolab group of unique names (DNs) derived from RFC2256'
+ SUP top AUXILIARY
MAY ( mail $
kolabDeleteflag ) )
-objectclass ( 1.3.6.1.4.1.19414.3.2.6
- NAME 'kolabExternalPop3Account'
- DESC 'kolab fetch messages via POP3 from external sources'
- SUP top STRUCTURAL
- MUST ( externalPop3AccountServer $
- externalPop3AccountLoginName $
- externalPop3EncryptedAccountPassword )
- MAY ( externalPop3AccountDescription $
- externalPop3AccountMail $
- externalPop3AccountPort $
- externalPop3AccountUseSSL $
- externalPop3AccountUseTLS $
- externalPop3AccountLoginMethod $
- externalPop3AccountCheckServerCertificate $
- externalPop3AccountKeepMailOnServer ) )
-
-objectclass ( 1.3.6.1.4.1.19414.3.2.7
- NAME 'kolabGermanBankArrangement'
- DESC 'German bank account information'
- SUP top STRUCTURAL
- MUST ( kolabGermanBankAccountNumber $
- kolabGermanBankCode )
- MAY ( kolabGermanBankAccountHolder $
- kolabGermanBankName $
- kolabGermanBankAccountInfo ) )
More information about the commits
mailing list