1. Schema cleanup

The ipaAssociation is the core of different association object.
It seems that the service is an exception rather then rule.
So it is moved into the object where it belongs.

Fixed matching rules and some attribute types.

Addressing ticket: https://fedorahosted.org/freeipa/ticket/89

Removed unused password attribute and realigned OIDs.
This commit is contained in:
Dmitri Pal 2010-07-14 11:58:19 -04:00 committed by Rob Crittenden
parent a0dfbc069d
commit fd1ff372dc

View File

@ -6,12 +6,11 @@
## ObjectClasses: 2.16.840.1.113730.3.8.6 - V2 DNS related objectclasses
dn: cn=schema
attributeTypes: (2.16.840.1.113730. NAME 'ipaUniqueID' DESC 'Unique identifier' SYNTAX X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730. NAME 'ipaClientVersion' DESC 'Text string describing client version of the IPA software installed' SYNTAX X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730. NAME 'ipaUniqueID' DESC 'Unique identifier' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730. NAME 'ipaClientVersion' DESC 'Text string describing client version of the IPA software installed' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730. NAME 'enrolledBy' DESC 'DN of administrator who performed manual enrollment of the host' SYNTAX X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730. NAME 'enrollmentPwd' DESC 'Password used to bulk enroll machines' EQUALITY octetStringMatch SYNTAX{128} X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730. NAME 'fqdn' DESC 'FQDN' SYNTAX X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730. NAME 'managedBy' DESC 'DNs of entries allowed to manage' SYNTAX X-ORIGIN 'IPA v2')
attributeTypes: (2.16.840.1.113730. NAME 'fqdn' DESC 'FQDN' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730. NAME 'managedBy' DESC 'DNs of entries allowed to manage' SUP distinguishedName EQUALITY distinguishedNameMatch ORDERING distinguishedNameMatch SUBSTR distinguishedNameMatch SYNTAX X-ORIGIN 'IPA v2')
objectClasses: (2.16.840.1.113730. NAME 'ipaHost' AUXILIARY MUST ( fqdn ) MAY ( userPassword $ ipaClientVersion $ enrolledBy $ memberOf) X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730. NAME 'ipaObject' DESC 'IPA objectclass' AUXILIARY MUST ( ipaUniqueId ) X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730. NAME 'ipaService' DESC 'IPA service objectclass' AUXILIARY MAY ( memberOf $ managedBy ) X-ORIGIN 'IPA v2' )
@ -22,17 +21,17 @@ attributeTypes: (2.16.840.1.113730. NAME 'memberUser' DESC 'Reference to
attributeTypes: (2.16.840.1.113730. NAME 'userCategory' DESC 'Additional classification for users' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730. NAME 'memberHost' DESC 'Reference to a device where the operation takes place (usually host).' SUP distinguishedName EQUALITY distinguishedNameMatch ORDERING distinguishedNameMatch SUBSTR distinguishedNameMatch SYNTAX X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730. NAME 'hostCategory' DESC 'Additional classification for hosts' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730. NAME 'serviceCategory' DESC 'Additional classification for services' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730. NAME 'memberService' DESC 'Reference to the pam service of this operation.' SUP distinguishedName EQUALITY distinguishedNameMatch ORDERING distinguishedNameMatch SUBSTR distinguishedNameMatch SYNTAX X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730. NAME 'serviceCategory' DESC 'Additional classification for services' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730. NAME 'memberService' DESC 'Reference to the pam service of this operation.' SUP distinguishedName EQUALITY distinguishedNameMatch ORDERING distinguishedNameMatch SUBSTR distinguishedNameMatch SYNTAX X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730. NAME 'ipaEnabledFlag' DESC 'The flag to show if the association is active or should be ignored' EQUALITY booleanMatch ORDERING booleanMatch SUBSTR booleanMatch SYNTAX SINGLE-VALUE X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730. NAME 'ipaAssociation' ABSTRACT MUST ( ipaUniqueID $ cn ) MAY ( memberUser $ userCategory $ memberHost $ hostCategory $ serviceCategory $ memberService $ ipaEnabledFlag $ description ) X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730. NAME 'ipaAssociation' ABSTRACT MUST ( ipaUniqueID $ cn ) MAY ( memberUser $ userCategory $ memberHost $ hostCategory $ ipaEnabledFlag $ description ) X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730. NAME 'sourceHost' DESC 'Link to the host or group of hosts' SUP memberHost SYNTAX X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730. NAME 'externalHost' DESC 'Multivalue string attribute that allows storing host names.' SYNTAX X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730. NAME 'externalHost' DESC 'Multivalue string attribute that allows storing host names.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730. NAME 'sourceHostCategory' DESC 'Additional classification for hosts' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730. NAME 'accessRuleType' DESC 'The flag to represent if it is allow or deny rule.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730. NAME 'accessTime' DESC 'Access time' SYNTAX X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730. NAME 'ipaHBACRule' SUP ipaAssociation STRUCTURAL MUST accessRuleType MAY ( sourceHost $ sourceHostCategory $ externalHost $ accessTime ) X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730. NAME 'nisDomainName' DESC 'NIS domain name.' SYNTAX X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730. NAME 'accessTime' DESC 'Access time' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SYNTAX X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730. NAME 'ipaHBACRule' SUP ipaAssociation STRUCTURAL MUST accessRuleType MAY ( sourceHost $ sourceHostCategory $ serviceCategory $ memberService $ externalHost $ accessTime ) X-ORIGIN 'IPA v2' )
attributeTypes: (2.16.840.1.113730. NAME 'nisDomainName' DESC 'NIS domain name.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730. NAME 'ipaNISNetgroup' DESC 'IPA version of NIS netgroup' SUP ipaAssociation STRUCTURAL MAY ( externalHost $ nisDomainName $ member $ memberOf ) X-ORIGIN 'IPA v2' )
attributeTypes: ( NAME 'automountMapName' DESC 'automount Map Name' EQUALITY caseExactIA5Match SYNTAX SINGLE-VALUE X-ORIGIN 'RFC 2307bis' )
attributeTypes: ( NAME 'automountKey' DESC 'Automount Key value' EQUALITY caseExactIA5Match SYNTAX SINGLE-VALUE X-ORIGIN 'RFC 2307bis' )
@ -41,7 +40,7 @@ objectClasses: ( NAME 'automountMap' DESC 'Automount Map informa
objectClasses: ( NAME 'automount' DESC 'Automount information' SUP top STRUCTURAL MUST ( automountKey $ automountInformation ) MAY description X-ORIGIN 'RFC 2307bis' )
attributeTypes: (2.16.840.1.113730. NAME 'hostCApolicy' DESC 'Policy on how to treat host requests for cert operations.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX SINGLE-VALUE X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730. NAME 'ipaCAaccess' STRUCTURAL MAY (member $ hostCApolicy) X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730. NAME 'ipaHBACService' AUXILIARY MUST ( cn ) MAY ( description $ memberOf ) X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730. NAME 'ipaHBACService' STRUCTURAL MUST ( cn ) MAY ( description $ memberOf ) X-ORIGIN 'IPA v2' )
objectClasses: (2.16.840.1.113730. NAME 'ipaHBACServiceGroup' DESC 'IPA HBAC service group object class' SUP nestedGroup STRUCTURAL X-ORIGIN 'IPA v2' )
attributeTypes: ( NAME 'dNSTTL' DESC 'An integer denoting time to live' EQUALITY integerMatch SYNTAX )
attributeTypes: ( NAME 'dNSClass' DESC 'The class of a resource record' EQUALITY caseIgnoreIA5Match SYNTAX )