207 lines
6.5 KiB
Plaintext
207 lines
6.5 KiB
Plaintext
# ===========================================================================
|
|
# Enterprise Platform LDAP Schema
|
|
# Version: 1.0
|
|
#
|
|
# OID Base: 1.3.6.1.4.1.99999 (DEVELOPMENT - Apply for your own from IANA)
|
|
#
|
|
# Structure:
|
|
# 1.3.6.1.4.1.99999.1 - Enterprise Platform
|
|
# 1.3.6.1.4.1.99999.1.1 - Attribute Types
|
|
# 1.3.6.1.4.1.99999.1.2 - Object Classes
|
|
#
|
|
# Includes:
|
|
# - Virtual Mail (Postfix/Dovecot)
|
|
# - Nextcloud integration
|
|
# - Service access control
|
|
#
|
|
# Dependencies (must be loaded first):
|
|
# - core.schema
|
|
# - cosine.schema
|
|
# - inetorgperson.schema
|
|
# - rfc2307bis.schema
|
|
# ===========================================================================
|
|
|
|
|
|
# ===========================================================================
|
|
# SECTION 1: VIRTUAL MAIL ATTRIBUTES AND OBJECTS
|
|
# ===========================================================================
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# Mail Attribute Types
|
|
# ---------------------------------------------------------------------------
|
|
|
|
attributetype ( 1.3.6.1.4.1.99999.1.1.1
|
|
NAME 'mailDomain'
|
|
DESC 'Virtual mail domain name'
|
|
EQUALITY caseIgnoreIA5Match
|
|
SUBSTR caseIgnoreIA5SubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
|
SINGLE-VALUE )
|
|
|
|
attributetype ( 1.3.6.1.4.1.99999.1.1.2
|
|
NAME 'mailTransport'
|
|
DESC 'Postfix transport (e.g., lmtp:unix:private/dovecot-lmtp)'
|
|
EQUALITY caseExactIA5Match
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
|
SINGLE-VALUE )
|
|
|
|
attributetype ( 1.3.6.1.4.1.99999.1.1.3
|
|
NAME 'mailbox'
|
|
DESC 'Relative mailbox path (e.g., domain.com/user/)'
|
|
EQUALITY caseExactIA5Match
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
|
SINGLE-VALUE )
|
|
|
|
attributetype ( 1.3.6.1.4.1.99999.1.1.4
|
|
NAME 'mailQuota'
|
|
DESC 'Mailbox quota in bytes'
|
|
EQUALITY integerMatch
|
|
ORDERING integerOrderingMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
|
SINGLE-VALUE )
|
|
|
|
attributetype ( 1.3.6.1.4.1.99999.1.1.5
|
|
NAME 'mailEnabled'
|
|
DESC 'Mail account or domain enabled (TRUE/FALSE)'
|
|
EQUALITY booleanMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
|
|
SINGLE-VALUE )
|
|
|
|
attributetype ( 1.3.6.1.4.1.99999.1.1.6
|
|
NAME 'maildrop'
|
|
DESC 'Final delivery address or forward destination'
|
|
EQUALITY caseIgnoreIA5Match
|
|
SUBSTR caseIgnoreIA5SubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
|
attributetype ( 1.3.6.1.4.1.99999.1.1.7
|
|
NAME 'mailAlias'
|
|
DESC 'Additional email addresses for this account'
|
|
EQUALITY caseIgnoreIA5Match
|
|
SUBSTR caseIgnoreIA5SubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
|
|
attributetype ( 1.3.6.1.4.1.99999.1.1.8
|
|
NAME 'mailHomeDirectory'
|
|
DESC 'Base path for mail storage'
|
|
EQUALITY caseExactIA5Match
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
|
SINGLE-VALUE )
|
|
|
|
attributetype ( 1.3.6.1.4.1.99999.1.1.9
|
|
NAME 'domainQuota'
|
|
DESC 'Total quota for all accounts in domain (bytes)'
|
|
EQUALITY integerMatch
|
|
ORDERING integerOrderingMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
|
SINGLE-VALUE )
|
|
|
|
attributetype ( 1.3.6.1.4.1.99999.1.1.10
|
|
NAME 'domainMaxAccounts'
|
|
DESC 'Maximum number of accounts in domain'
|
|
EQUALITY integerMatch
|
|
ORDERING integerOrderingMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
|
SINGLE-VALUE )
|
|
|
|
attributetype ( 1.3.6.1.4.1.99999.1.1.11
|
|
NAME 'domainMaxAliases'
|
|
DESC 'Maximum number of aliases in domain'
|
|
EQUALITY integerMatch
|
|
ORDERING integerOrderingMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
|
|
SINGLE-VALUE )
|
|
|
|
# ---------------------------------------------------------------------------
|
|
# Mail Object Classes
|
|
# ---------------------------------------------------------------------------
|
|
|
|
objectclass ( 1.3.6.1.4.1.99999.1.2.1
|
|
NAME 'mailDomainObject'
|
|
DESC 'Virtual mail domain'
|
|
SUP top STRUCTURAL
|
|
MUST ( mailDomain $ mailEnabled )
|
|
MAY ( mailTransport $ mailHomeDirectory $ domainQuota $
|
|
domainMaxAccounts $ domainMaxAliases $ description ) )
|
|
|
|
objectclass ( 1.3.6.1.4.1.99999.1.2.2
|
|
NAME 'mailAccountObject'
|
|
DESC 'Virtual mail account - extends inetOrgPerson'
|
|
SUP inetOrgPerson STRUCTURAL
|
|
MUST ( mail $ mailEnabled )
|
|
MAY ( mailbox $ mailQuota $ maildrop $ mailAlias $
|
|
mailHomeDirectory $ description ) )
|
|
|
|
objectclass ( 1.3.6.1.4.1.99999.1.2.3
|
|
NAME 'mailAliasObject'
|
|
DESC 'Mail alias or distribution list'
|
|
SUP top STRUCTURAL
|
|
MUST ( mail $ maildrop $ mailEnabled )
|
|
MAY ( cn $ description ) )
|
|
|
|
|
|
# ===========================================================================
|
|
# SECTION 2: NEXTCLOUD ATTRIBUTES AND OBJECTS
|
|
# Using official Nextcloud OIDs (1.3.6.1.4.1.49213.1) for compatibility
|
|
# ===========================================================================
|
|
|
|
attributetype ( 1.3.6.1.4.1.49213.1.1.1
|
|
NAME 'nextcloudEnabled'
|
|
DESC 'Whether user or group should be available in Nextcloud'
|
|
EQUALITY caseIgnoreMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
|
SINGLE-VALUE )
|
|
|
|
attributetype ( 1.3.6.1.4.1.49213.1.1.2
|
|
NAME 'nextcloudQuota'
|
|
DESC 'Nextcloud disk quota (e.g., 15 GB)'
|
|
EQUALITY caseIgnoreMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
|
SINGLE-VALUE )
|
|
|
|
objectclass ( 1.3.6.1.4.1.49213.1.2.1
|
|
NAME 'nextcloudUser'
|
|
DESC 'Nextcloud user account'
|
|
SUP top AUXILIARY
|
|
MAY ( nextcloudEnabled $ nextcloudQuota ) )
|
|
|
|
objectclass ( 1.3.6.1.4.1.49213.1.2.2
|
|
NAME 'nextcloudGroup'
|
|
DESC 'Nextcloud group'
|
|
SUP top AUXILIARY
|
|
MAY ( nextcloudEnabled ) )
|
|
|
|
|
|
# ===========================================================================
|
|
# SECTION 3: SERVICE ACCESS CONTROL
|
|
# Based on PADL ldapns schema (OID 1.3.6.1.4.1.5765)
|
|
# ===========================================================================
|
|
|
|
attributetype ( 1.3.6.1.4.1.5765.100.1
|
|
NAME 'authorizedService'
|
|
DESC 'Service authorized for this account'
|
|
EQUALITY caseIgnoreMatch
|
|
SUBSTR caseIgnoreSubstringsMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
|
|
|
objectclass ( 1.3.6.1.4.1.5765.100.2
|
|
NAME 'authorizedServiceObject'
|
|
DESC 'Service authorization object'
|
|
SUP top AUXILIARY
|
|
MAY ( authorizedService ) )
|
|
|
|
|
|
# ===========================================================================
|
|
# SECTION 4: ADDITIONAL UTILITY OBJECTS
|
|
# ===========================================================================
|
|
|
|
# Service account object for bind DNs
|
|
objectclass ( 1.3.6.1.4.1.99999.1.2.10
|
|
NAME 'serviceAccount'
|
|
DESC 'Service account for application binding'
|
|
SUP top STRUCTURAL
|
|
MUST ( cn )
|
|
MAY ( description $ userPassword ) )
|