# =========================================================================== # Enterprise Platform LDAP Schema # Version: 1.0 # # OID Base: 1.3.6.1.4.1.99999 (DEVELOPMENT - Apply for your own from IANA) # # Structure: # 1.3.6.1.4.1.99999.1 - Enterprise Platform # 1.3.6.1.4.1.99999.1.1 - Attribute Types # 1.3.6.1.4.1.99999.1.2 - Object Classes # # Includes: # - Virtual Mail (Postfix/Dovecot) # - Nextcloud integration # - Service access control # # Dependencies (must be loaded first): # - core.schema # - cosine.schema # - inetorgperson.schema # - rfc2307bis.schema # =========================================================================== # =========================================================================== # SECTION 1: VIRTUAL MAIL ATTRIBUTES AND OBJECTS # =========================================================================== # --------------------------------------------------------------------------- # Mail Attribute Types # --------------------------------------------------------------------------- attributetype ( 1.3.6.1.4.1.99999.1.1.1 NAME 'mailDomain' DESC 'Virtual mail domain name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.99999.1.1.2 NAME 'mailTransport' DESC 'Postfix transport (e.g., lmtp:unix:private/dovecot-lmtp)' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.99999.1.1.3 NAME 'mailbox' DESC 'Relative mailbox path (e.g., domain.com/user/)' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.99999.1.1.4 NAME 'mailQuota' DESC 'Mailbox quota in bytes' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.99999.1.1.5 NAME 'mailEnabled' DESC 'Mail account or domain enabled (TRUE/FALSE)' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.99999.1.1.6 NAME 'maildrop' DESC 'Final delivery address or forward destination' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.99999.1.1.7 NAME 'mailAlias' DESC 'Additional email addresses for this account' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.99999.1.1.8 NAME 'mailHomeDirectory' DESC 'Base path for mail storage' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.99999.1.1.9 NAME 'domainQuota' DESC 'Total quota for all accounts in domain (bytes)' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.99999.1.1.10 NAME 'domainMaxAccounts' DESC 'Maximum number of accounts in domain' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.99999.1.1.11 NAME 'domainMaxAliases' DESC 'Maximum number of aliases in domain' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) # --------------------------------------------------------------------------- # Mail Object Classes # --------------------------------------------------------------------------- objectclass ( 1.3.6.1.4.1.99999.1.2.1 NAME 'mailDomainObject' DESC 'Virtual mail domain' SUP top STRUCTURAL MUST ( mailDomain $ mailEnabled ) MAY ( mailTransport $ mailHomeDirectory $ domainQuota $ domainMaxAccounts $ domainMaxAliases $ description ) ) objectclass ( 1.3.6.1.4.1.99999.1.2.2 NAME 'mailAccountObject' DESC 'Virtual mail account - extends inetOrgPerson' SUP inetOrgPerson STRUCTURAL MUST ( mail $ mailEnabled ) MAY ( mailbox $ mailQuota $ maildrop $ mailAlias $ mailHomeDirectory $ description ) ) objectclass ( 1.3.6.1.4.1.99999.1.2.3 NAME 'mailAliasObject' DESC 'Mail alias or distribution list' SUP top STRUCTURAL MUST ( mail $ maildrop $ mailEnabled ) MAY ( cn $ description ) ) # =========================================================================== # SECTION 2: NEXTCLOUD ATTRIBUTES AND OBJECTS # Using official Nextcloud OIDs (1.3.6.1.4.1.49213.1) for compatibility # =========================================================================== attributetype ( 1.3.6.1.4.1.49213.1.1.1 NAME 'nextcloudEnabled' DESC 'Whether user or group should be available in Nextcloud' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.49213.1.1.2 NAME 'nextcloudQuota' DESC 'Nextcloud disk quota (e.g., 15 GB)' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) objectclass ( 1.3.6.1.4.1.49213.1.2.1 NAME 'nextcloudUser' DESC 'Nextcloud user account' SUP top AUXILIARY MAY ( nextcloudEnabled $ nextcloudQuota ) ) objectclass ( 1.3.6.1.4.1.49213.1.2.2 NAME 'nextcloudGroup' DESC 'Nextcloud group' SUP top AUXILIARY MAY ( nextcloudEnabled ) ) # =========================================================================== # SECTION 3: SERVICE ACCESS CONTROL # Based on PADL ldapns schema (OID 1.3.6.1.4.1.5765) # =========================================================================== attributetype ( 1.3.6.1.4.1.5765.100.1 NAME 'authorizedService' DESC 'Service authorized for this account' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) objectclass ( 1.3.6.1.4.1.5765.100.2 NAME 'authorizedServiceObject' DESC 'Service authorization object' SUP top AUXILIARY MAY ( authorizedService ) ) # =========================================================================== # SECTION 4: ADDITIONAL UTILITY OBJECTS # =========================================================================== # Service account object for bind DNs objectclass ( 1.3.6.1.4.1.99999.1.2.10 NAME 'serviceAccount' DESC 'Service account for application binding' SUP top STRUCTURAL MUST ( cn ) MAY ( description $ userPassword ) )