Merge branch 'hotfix-0.10.1' into stable

CHANGELOG.md

@@ -1,2 +1,8 @@
+## 0.10.1 (release date: 2015-05-17)
+  - Add ldapi
+  - Add custom ldap schema
+  - Auto convert .schema to .ldif
+  - Fixes issues #2 #3
+
 ## 0.10.0 (release date: 2015-03-03)
-  - New version initial release
+  - New version initial release

Makefile

@@ -1,5 +1,5 @@
 NAME = osixia/openldap
-VERSION = 0.10.0
+VERSION = 0.10.1
 
 .PHONY: all build test tag_latest release
 

README.md

@@ -27,7 +27,7 @@ make sure to replace `CONTAINER_ID` by your container id :
 You should now be in the container terminal, 
 and we can search on the ldap server :
 	
-	ldapsearch -x -h 127.0.0.1 -b dc=example,dc=org
+	ldapsearch -x -h 127.0.0.1 -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin
 	
 This should output :
 
@@ -65,7 +65,7 @@ By default the admin has the password **admin**. All those default settings can
 
 The directories `/var/lib/ldap` (LDAP database files) and `/etc/ldap/slapd.d`  (LDAP config files) has been declared as volumes, so your ldap files are saved outside the container in data volumes.
 
-This mean that you can stop, and restart the container and get back your ldap without losing any data. But if you remove the container, data volumes will me removed too, except if you have linked this data volume to an other container.
+Be careful, if you remove the container, data volumes will me removed too, except if you have linked this data volume to an other container.
 
 For more information about docker data volume, please refer to :
 

image/Dockerfile

@@ -1,4 +1,4 @@
-FROM osixia/baseimage:0.10.3
+FROM osixia/baseimage:0.10.4
 MAINTAINER Bertrand Gouny <[email protected]>
 
 # Use baseimage-docker's init system.

image/service/slapd/assets/schema-to-ldif.sh

@@ -0,0 +1,50 @@
+#!/bin/bash
+
+SCHEMAS=$1
+
+tmpd=`mktemp -d`
+pushd ${tmpd} >>/dev/null
+
+echo "include /etc/ldap/schema/core.schema" >> convert.dat
+echo "include /etc/ldap/schema/cosine.schema" >> convert.dat
+echo "include /etc/ldap/schema/nis.schema" >> convert.dat
+echo "include /etc/ldap/schema/inetorgperson.schema" >> convert.dat
+
+for schema in ${SCHEMAS} ; do
+    echo "include ${schema}" >> convert.dat
+done
+
+slaptest -f convert.dat -F .
+
+if [ $? -ne 0 ] ; then
+    echo "slaptest conversion failed"
+    exit 
+fi
+
+for schema in ${SCHEMAS} ; do
+    fullpath=${schema}
+    schema_name=`basename ${fullpath} .schema`
+    schema_dir=`dirname ${fullpath}`
+    ldif_file=${schema_name}.ldif
+
+    find . -name *${schema_name}.ldif -exec mv '{}' ./${ldif_file} \;
+
+    # TODO: these sed invocations could all be combined
+    sed -i "/dn:/ c dn: cn=${schema_name},cn=schema,cn=config" ${ldif_file}
+    sed -i "/cn:/ c cn: ${schema_name}" ${ldif_file}
+    sed -i '/structuralObjectClass/ d' ${ldif_file}
+    sed -i '/entryUUID/ d' ${ldif_file}
+    sed -i '/creatorsName/ d' ${ldif_file}
+    sed -i '/createTimestamp/ d' ${ldif_file}
+    sed -i '/entryCSN/ d' ${ldif_file}
+    sed -i '/modifiersName/ d' ${ldif_file}
+    sed -i '/modifyTimestamp/ d' ${ldif_file}
+    
+    # slapd seems to be very sensitive to how a file ends. There should be no blank lines.
+    sed -i '/^ *$/d' ${ldif_file}
+
+    mv ${ldif_file} ${schema_dir}
+done
+
+popd >>/dev/null
+rm -rf $tmpd

image/service/slapd/assets/schema/mmc/README.md

@@ -0,0 +1 @@
+Mandriva Management Console (MMC) ldap schemas, delete the forlder if not needed ;)

image/service/slapd/assets/schema/mmc/dhcp.schema

@@ -0,0 +1,466 @@
+attributetype ( 2.16.840.1.113719.1.203.4.1 
+        NAME 'dhcpPrimaryDN' 
+        EQUALITY distinguishedNameMatch
+        DESC 'The DN of the dhcpServer which is the primary server for the configuration.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.2 
+        NAME 'dhcpSecondaryDN' 
+        EQUALITY distinguishedNameMatch
+        DESC 'The DN of dhcpServer(s) which provide backup service for the configuration.'
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.3 
+        NAME 'dhcpStatements' 
+        EQUALITY caseIgnoreIA5Match
+        DESC 'Flexible storage for specific data depending on what object this exists in. Like conditional statements, server parameters, etc. This allows the standard to evolve without needing to adjust the schema.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.4 
+        NAME 'dhcpRange' 
+        EQUALITY caseIgnoreIA5Match
+        DESC 'The starting & ending IP Addresses in the range (inclusive), separated by a hyphen; if the range only contains one address, then just the address can be specified with no hyphen.  Each range is defined as a separate value.'
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.5 
+        NAME 'dhcpPermitList' 
+        EQUALITY caseIgnoreIA5Match
+        DESC 'This attribute contains the permit lists associated with a pool. Each permit list is defined as a separate value.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.6 
+        NAME 'dhcpNetMask' 
+        EQUALITY integerMatch
+        DESC 'The subnet mask length for the subnet.  The mask can be easily computed from this length.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.7 
+        NAME 'dhcpOption' 
+        EQUALITY caseIgnoreIA5Match
+        DESC 'Encoded option values to be sent to clients.  Each value represents a single option and contains (OptionTag, Length, OptionValue) encoded in the format used by DHCP.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.8 
+        NAME 'dhcpClassData' 
+        EQUALITY caseIgnoreIA5Match
+        DESC 'Encoded text string or list of bytes expressed in hexadecimal, separated by colons.  Clients match subclasses based on matching the class data with the results of match or spawn with statements in the class name declarations.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.9 
+        NAME 'dhcpOptionsDN' 
+        EQUALITY distinguishedNameMatch
+        DESC 'The distinguished name(s) of the dhcpOption objects containing the configuration options provided by the server.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.10 
+        NAME 'dhcpHostDN' 
+        EQUALITY distinguishedNameMatch
+        DESC 'the distinguished name(s) of the dhcpHost objects.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 
+
+attributetype ( 2.16.840.1.113719.1.203.4.11 
+        NAME 'dhcpPoolDN' 
+        EQUALITY distinguishedNameMatch
+        DESC 'The distinguished name(s) of pools.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.12 
+        NAME 'dhcpGroupDN' 
+        EQUALITY distinguishedNameMatch
+        DESC 'The distinguished name(s)   of the groups.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.13 
+        NAME 'dhcpSubnetDN' 
+        EQUALITY distinguishedNameMatch
+        DESC 'The distinguished name(s) of the subnets.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.14 
+        NAME 'dhcpLeaseDN' 
+        EQUALITY distinguishedNameMatch
+        DESC 'The distinguished name of a client address.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE)
+
+attributetype ( 2.16.840.1.113719.1.203.4.15 
+        NAME 'dhcpLeasesDN' 
+        DESC 'The distinguished name(s) client addresses.' 
+        EQUALITY distinguishedNameMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.16 
+        NAME 'dhcpClassesDN' 
+        EQUALITY distinguishedNameMatch
+        DESC 'The distinguished name(s) of a class(es) in a subclass.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.17 
+        NAME 'dhcpSubclassesDN' 
+        EQUALITY distinguishedNameMatch
+        DESC 'The distinguished name(s) of subclass(es).' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.18 
+        NAME 'dhcpSharedNetworkDN' 
+        EQUALITY distinguishedNameMatch
+        DESC 'The distinguished name(s) of sharedNetworks.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.19 
+        NAME 'dhcpServiceDN' 
+        EQUALITY distinguishedNameMatch
+        DESC 'The DN of dhcpService object(s)which contain the configuration information. Each dhcpServer object has this attribute identifying the DHCP configuration(s) that the server is associated with.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.20 
+        NAME 'dhcpVersion'
+        DESC 'The version attribute of this object.'
+        EQUALITY caseIgnoreIA5Match
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.21 
+        NAME 'dhcpImplementation' 
+        EQUALITY caseIgnoreIA5Match
+        DESC 'Description of the DHCP Server implementation e.g. DHCP Servers vendor.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.22 
+        NAME 'dhcpAddressState' 
+        EQUALITY caseIgnoreIA5Match
+        DESC 'This stores information about the current binding-status of an address.  For dynamic addresses managed by DHCP, the values should be restricted to the following: "FREE", "ACTIVE", "EXPIRED", "RELEASED", "RESET", "ABANDONED", "BACKUP".  For other addresses, it SHOULD be one of the following: "UNKNOWN", "RESERVED" (an address that is managed by DHCP that is reserved for a specific client), "RESERVED-ACTIVE" (same as reserved, but address is currently in use), "ASSIGNED" (assigned manually or by some other mechanism), "UNASSIGNED", "NOTASSIGNABLE".'
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.23 
+        NAME 'dhcpExpirationTime' 
+        EQUALITY generalizedTimeMatch 
+        DESC 'This is the time the current lease for an address expires.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.24 
+        NAME 'dhcpStartTimeOfState' 
+        EQUALITY generalizedTimeMatch 
+        DESC 'This is the time of the last state change for a leased address.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.25 
+        NAME 'dhcpLastTransactionTime' 
+        EQUALITY generalizedTimeMatch 
+        DESC 'This is the last time a valid DHCP packet was received from the client.'
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.26 
+        NAME 'dhcpBootpFlag' 
+        EQUALITY booleanMatch 
+        DESC 'This indicates whether the address was assigned via BOOTP.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.27 
+        NAME 'dhcpDomainName' 
+        EQUALITY caseIgnoreIA5Match
+        DESC 'This is the name of the domain sent to the client by the server.  It is essentially the same as the value for DHCP option 15 sent to the client, and represents only the domain - not the full FQDN.  To obtain the full FQDN assigned to the client you must prepend the "dhcpAssignedHostName" to this value with a ".".' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.28 
+        NAME 'dhcpDnsStatus' 
+        EQUALITY integerMatch
+        DESC 'This indicates the status of updating DNS resource records on behalf of the client by the DHCP server for this address.  The value is a 16-bit bitmask.'
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.29 
+        NAME 'dhcpRequestedHostName' 
+        EQUALITY caseIgnoreIA5Match
+        DESC 'This is the hostname that was requested by the client.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.30 
+        NAME 'dhcpAssignedHostName' 
+        EQUALITY caseIgnoreIA5Match
+        DESC 'This is the actual hostname that was assigned to a client. It may not be the name that was requested by the client.  The fully qualified domain name can be determined by appending the value of "dhcpDomainName" (with a dot separator) to this name.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.31 
+        NAME 'dhcpReservedForClient' 
+        EQUALITY distinguishedNameMatch
+        DESC 'The distinguished name of a "dhcpClient" that an address is reserved for.  This may not be the same as the "dhcpAssignedToClient" attribute if the address is being reassigned but the current lease has not yet expired.'
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.32 
+        NAME 'dhcpAssignedToClient' 
+        EQUALITY distinguishedNameMatch
+        DESC 'This is the distinguished name of a "dhcpClient" that an address is currently assigned to.  This attribute is only present in the class when the address is leased.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.33 
+        NAME 'dhcpRelayAgentInfo' 
+        EQUALITY octetStringMatch
+        DESC 'If the client request was received via a relay agent, this contains information about the relay agent that was available from the DHCP request.  This is a hex-encoded option value.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.34 
+        NAME 'dhcpHWAddress' 
+        EQUALITY caseIgnoreIA5Match
+        DESC 'The clients hardware address that requested this IP address.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.35 
+        NAME 'dhcpHashBucketAssignment' 
+        EQUALITY octetStringMatch
+        DESC 'HashBucketAssignment bit map for the DHCP Server, as defined in DHC Load Balancing Algorithm [RFC 3074].' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.36 
+        NAME 'dhcpDelayedServiceParameter' 
+        EQUALITY integerMatch
+        DESC 'Delay in seconds corresponding to Delayed Service Parameter configuration, as defined in  DHC Load Balancing Algorithm [RFC 3074]. '
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.37 
+        NAME 'dhcpMaxClientLeadTime' 
+        EQUALITY integerMatch
+        DESC 'Maximum Client Lead Time configuration in seconds, as defined in DHCP Failover Protocol [FAILOVR]' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.38 
+        NAME 'dhcpFailOverEndpointState' 
+        EQUALITY caseIgnoreIA5Match
+        DESC 'Server (Failover Endpoint) state, as defined in DHCP Failover Protocol [FAILOVR]' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.39 
+        NAME 'dhcpErrorLog' 
+        EQUALITY caseIgnoreIA5Match
+        DESC 'Generic error log attribute that allows logging error conditions within a dhcpService or a dhcpSubnet, like no IP addresses available for lease.'
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.40 
+        NAME 'dhcpLocatorDN' 
+        EQUALITY distinguishedNameMatch 
+        DESC 'The DN of dhcpLocator object which contain the DNs of all DHCP configuration objects. There will be a single dhcpLocator object in the tree with links to all the DHCP objects in the tree' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype  ( 2.16.840.1.113719.1.203.4.41 
+        NAME 'dhcpKeyAlgorithm' 
+        EQUALITY caseIgnoreIA5Match 
+        DESC 'Algorithm to generate TSIG Key' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype  ( 2.16.840.1.113719.1.203.4.42 
+        NAME 'dhcpKeySecret' 
+        EQUALITY octetStringMatch 
+        DESC 'Secret to generate TSIG Key' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.43 
+        NAME 'dhcpDnsZoneServer' 
+        EQUALITY caseIgnoreIA5Match 
+        DESC 'Master server of the DNS Zone' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 2.16.840.1.113719.1.203.4.44 
+        NAME 'dhcpKeyDN' 
+        EQUALITY distinguishedNameMatch 
+        DESC 'The DNs of TSIG Key to use in secure dynamic updates. In case of locator object, this will be list of TSIG keys.  In case of DHCP Service, Shared Network, Subnet and DNS Zone, it will be a single key.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
+
+attributetype ( 2.16.840.1.113719.1.203.4.45 
+        NAME 'dhcpZoneDN' 
+        EQUALITY distinguishedNameMatch 
+        DESC 'The DNs of DNS Zone. In case of locator object, this will be list of DNS Zones in the tree. In case of DHCP Service, Shared Network and Subnet, it will be a single DNS Zone.' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
+
+attributetype ( 2.16.840.1.113719.1.203.4.46 
+        NAME 'dhcpFailOverRole' 
+        EQUALITY caseIgnoreIA5Match 
+        DESC 'Role of the DHCP Server. Either primary or secondary' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26  )
+
+attributetype ( 2.16.840.1.113719.1.203.4.47 
+        NAME 'dhcpFailOverReceiveAddress' 
+        EQUALITY caseIgnoreIA5Match 
+        DESC 'IP address or DNS  name  on  which the server should listen for connections from its fail over peer' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26  )
+
+attributetype ( 2.16.840.1.113719.1.203.4.48 
+        NAME 'dhcpFailOverPeerAddress' 
+        EQUALITY caseIgnoreIA5Match 
+        DESC 'IP address  or  DNS  name  to which  the  server  should  connect  to  reach  its fail over peer' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26  )
+
+attributetype ( 2.16.840.1.113719.1.203.4.49 
+        NAME 'dhcpFailOverPeerPort' 
+        EQUALITY integerMatch 
+        DESC 'Port to which server should connect to reach its fail over peer' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27  )
+        
+attributetype ( 2.16.840.1.113719.1.203.4.50 
+        NAME 'dhcpFailOverReceivePort' 
+        EQUALITY integerMatch 
+        DESC 'Port on which server should listen for connections from its fail over peer' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27  )
+
+attributetype ( 2.16.840.1.113719.1.203.4.51 
+        NAME 'dhcpFailOverResponseDelay' 
+        EQUALITY integerMatch 
+        DESC 'Maximum response time in seconds, before Server assumes that connection to fail over peer has failed' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27  )
+
+attributetype ( 2.16.840.1.113719.1.203.4.52 
+        NAME 'dhcpFailOverUnpackedUpdates' 
+        EQUALITY integerMatch 
+        DESC 'Number of BNDUPD messages that server can send before it receives BNDACK from its fail over peer' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27  )
+
+attributetype ( 2.16.840.1.113719.1.203.4.53 
+        NAME 'dhcpFailOverSplit' 
+        EQUALITY integerMatch 
+        DESC 'Split between the primary and secondary servers for fail over purpose' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27  )
+
+attributetype ( 2.16.840.1.113719.1.203.4.54 
+        NAME 'dhcpFailOverLoadBalanceTime' 
+        EQUALITY integerMatch 
+        DESC 'Cutoff time in seconds, after which load balance is disabled' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27  )
+
+attributetype ( 2.16.840.1.113719.1.203.4.55 
+        NAME 'dhcpFailOverPeerDN' 
+        EQUALITY distinguishedNameMatch 
+        DESC 'The DNs of Fail over peers. In case of locator object, this will be list of fail over peers in the tree. In case of Subnet and pool, it will be a single Fail Over Peer' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 
+
+#List of all servers in the tree
+attributetype ( 2.16.840.1.113719.1.203.4.56 
+        NAME 'dhcpServerDN' 
+        EQUALITY distinguishedNameMatch 
+        DESC 'List of all  DHCP Servers in the tree. Used by dhcpLocatorObject' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attributetype ( 2.16.840.1.113719.1.203.4.57 
+        NAME 'dhcpComments' 
+        EQUALITY caseIgnoreIA5Match 
+        DESC 'Generic attribute that allows coments  within any DHCP object' 
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+# Classes
+
+objectclass ( 2.16.840.1.113719.1.203.6.1 
+        NAME 'dhcpService' 
+        DESC 'Service object that represents the actual DHCP Service configuration. This is a container object.' 
+        SUP top 
+        MUST (cn) 
+        MAY ( dhcpPrimaryDN $ dhcpSecondaryDN $ dhcpServerDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ dhcpGroupDN $ dhcpHostDN $  dhcpClassesDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpKeyDN $ dhcpFailOverPeerDN $ dhcpStatements $dhcpComments $ dhcpOption) )
+
+objectclass ( 2.16.840.1.113719.1.203.6.2 
+        NAME 'dhcpSharedNetwork' 
+        DESC 'This stores configuration information for a shared network.' 
+        SUP top 
+        MUST cn 
+        MAY ( dhcpSubnetDN $ dhcpPoolDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpStatements $dhcpComments $ dhcpOption) X-NDS_CONTAINMENT ('dhcpService' ) )
+
+objectclass ( 2.16.840.1.113719.1.203.6.3 
+        NAME 'dhcpSubnet' 
+        DESC 'This class defines a subnet. This is a container object.' 
+        SUP top 
+        MUST ( cn $ dhcpNetMask ) 
+        MAY ( dhcpRange $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpKeyDN $ dhcpFailOverPeerDN $ dhcpStatements $ dhcpComments $ dhcpOption ) X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork') )
+
+objectclass ( 2.16.840.1.113719.1.203.6.4 
+        NAME 'dhcpPool' 
+        DESC 'This stores configuration information about a pool.' 
+        SUP top 
+        MUST ( cn $ dhcpRange ) 
+        MAY ( dhcpClassesDN $ dhcpPermitList $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpZoneDN $dhcpKeyDN $ dhcpStatements $ dhcpComments $ dhcpOption ) 
+        X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpSharedNetwork') )
+
+objectclass ( 2.16.840.1.113719.1.203.6.5 
+        NAME 'dhcpGroup' 
+        DESC 'Group object that lists host DNs and parameters. This is a container object.' 
+        SUP top 
+        MUST cn 
+        MAY ( dhcpHostDN $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption )
+        X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpService' ) )
+
+objectclass ( 2.16.840.1.113719.1.203.6.6 
+        NAME 'dhcpHost' 
+        DESC 'This represents information about a particular client' 
+        SUP top 
+        MUST cn 
+        MAY  (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption) 
+        X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' 'dhcpGroup') )
+
+objectclass ( 2.16.840.1.113719.1.203.6.7 
+        NAME 'dhcpClass' 
+        DESC 'Represents information about a collection of related clients.' 
+        SUP top 
+        MUST cn 
+        MAY (dhcpSubClassesDN $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption) 
+        X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' ) )
+
+objectclass ( 2.16.840.1.113719.1.203.6.8 
+        NAME 'dhcpSubClass' 
+        DESC 'Represents information about a collection of related classes.' 
+        SUP top 
+        MUST cn 
+        MAY (dhcpClassData $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption) X-NDS_CONTAINMENT 'dhcpClass' )
+
+objectclass ( 2.16.840.1.113719.1.203.6.9 
+        NAME 'dhcpOptions' 
+        DESC 'Represents information about a collection of options defined.' 
+        SUP top AUXILIARY
+        MUST cn 
+        MAY ( dhcpOption $ dhcpComments ) 
+        X-NDS_CONTAINMENT  ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet' 'dhcpPool' 'dhcpGroup' 'dhcpHost' 'dhcpClass' ) )
+
+objectclass ( 2.16.840.1.113719.1.203.6.10 
+        NAME 'dhcpLeases' 
+        DESC 'This class represents an IP Address, which may or may not have been leased.' 
+        SUP top 
+        MUST ( cn $ dhcpAddressState ) 
+        MAY ( dhcpExpirationTime $ dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress $ dhcpOption ) 
+        X-NDS_CONTAINMENT ( 'dhcpService' 'dhcpSubnet' 'dhcpPool') )
+
+objectclass ( 2.16.840.1.113719.1.203.6.11 
+        NAME 'dhcpLog' 
+        DESC 'This is the object that holds past information about the IP address. The cn is the time/date stamp when the address was assigned or released, the address state at the time, if the address was assigned or released.' 
+        SUP top 
+        MUST ( cn ) 
+        MAY ( dhcpAddressState $ dhcpExpirationTime $ dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress $ dhcpErrorLog) 
+        X-NDS_CONTAINMENT ('dhcpLeases' 'dhcpPool' 'dhcpSubnet' 'dhcpSharedNetwork' 'dhcpService' ) )
+
+objectclass ( 2.16.840.1.113719.1.203.6.12 
+        NAME 'dhcpServer' 
+        DESC 'DHCP Server Object' 
+        SUP top 
+        MUST ( cn ) 
+        MAY (dhcpServiceDN  $ dhcpLocatorDN $ dhcpVersion $ dhcpImplementation $ dhcpHashBucketAssignment $ dhcpDelayedServiceParameter $ dhcpMaxClientLeadTime $ dhcpFailOverEndpointState $ dhcpStatements $ dhcpComments $ dhcpOption) 
+        X-NDS_CONTAINMENT ('organization' 'organizationalunit' 'domain') )
+
+objectclass ( 2.16.840.1.113719.1.203.6.13 
+        NAME 'dhcpTSigKey' 
+        DESC 'TSIG key for secure dynamic updates' 
+        SUP top 
+        MUST (cn $ dhcpKeyAlgorithm $ dhcpKeySecret ) 
+        MAY ( dhcpComments ) 
+        X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
+
+objectclass ( 2.16.840.1.113719.1.203.6.14 
+        NAME 'dhcpDnsZone' 
+        DESC 'DNS Zone for updating leases' 
+        SUP top 
+        MUST (cn $ dhcpDnsZoneServer ) 
+        MAY (dhcpKeyDN $ dhcpComments) 
+        X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
+
+objectclass ( 2.16.840.1.113719.1.203.6.15 
+        NAME 'dhcpFailOverPeer' 
+        DESC 'This class defines the Fail over peer' 
+        SUP top 
+        MUST ( cn $ dhcpFailOverRole $ dhcpFailOverReceiveAddress $ dhcpFailOverPeerAddress $ dhcpFailoverReceivePort $ dhcpFailOverPeerPort ) MAY ( dhcpFailOverResponseDelay  $ dhcpFailOverUnpackedUpdates $ dhcpMaxClientLeadTime $ dhcpFailOverSplit $ dhcpHashBucketAssignment $ dhcpFailOverLoadBalanceTime $ dhcpComments $ dhcpOption) X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
+
+objectclass ( 2.16.840.1.113719.1.203.6.16 
+        NAME 'dhcpLocator' 
+        DESC 'Locator object for DHCP configuration in the tree. There will be a single dhcpLocator object in the tree with links to all the DHCP objects in the tree' 
+        SUP top 
+        MUST ( cn ) 
+        MAY ( dhcpServiceDN $dhcpServerDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $  dhcpClassesDN $ dhcpKeyDN $ dhcpZoneDN $ dhcpFailOverPeerDN $ dhcpOption $ dhcpComments) 
+        X-NDS_CONTAINMENT ('organization' 'organizationalunit' 'domain') )
+

image/service/slapd/assets/schema/mmc/dnszone.schema

@@ -0,0 +1,155 @@
+# A schema for storing DNS zones in LDAP
+#
+attributetype ( 1.3.6.1.4.1.2428.20.0.0  NAME 'dNSTTL'
+    DESC 'An integer denoting time to live'
+    EQUALITY integerMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass'
+    DESC 'The class of a resource record'
+    EQUALITY caseIgnoreIA5Match
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.0.2 NAME 'zoneName'
+    DESC 'The name of a zone, i.e. the name of the highest node in the zone'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.0.3 NAME 'relativeDomainName'
+    DESC 'The starting labels of a domain name'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.12 NAME 'pTRRecord'
+    DESC 'domain name pointer, RFC 1035'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.13 NAME 'hInfoRecord'
+    DESC 'host information, RFC 1035'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.14 NAME 'mInfoRecord'
+    DESC 'mailbox or mail list information, RFC 1035'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.16 NAME 'tXTRecord'
+    DESC 'text string, RFC 1035'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.18 NAME 'aFSDBRecord'
+    DESC 'for AFS Data Base location, RFC 1183'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.24 NAME 'SigRecord'
+    DESC 'Signature, RFC 2535'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.25 NAME 'KeyRecord'
+    DESC 'Key, RFC 2535'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.28 NAME 'aAAARecord'
+    DESC 'IPv6 address, RFC 1886'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.29 NAME 'LocRecord'
+    DESC 'Location, RFC 1876'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.30 NAME 'nXTRecord'
+    DESC 'non-existant, RFC 2535'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.33 NAME 'sRVRecord'
+    DESC 'service location, RFC 2782'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.35 NAME 'nAPTRRecord'
+    DESC 'Naming Authority Pointer, RFC 2915'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.36 NAME 'kXRecord'
+    DESC 'Key Exchange Delegation, RFC 2230'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.37 NAME 'certRecord'
+    DESC 'certificate, RFC 2538'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.38 NAME 'a6Record'
+    DESC 'A6 Record Type, RFC 2874'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.39 NAME 'dNameRecord'
+    DESC 'Non-Terminal DNS Name Redirection, RFC 2672'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.43 NAME 'dSRecord'
+    DESC 'Delegation Signer, RFC 3658'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.44 NAME 'sSHFPRecord'
+    DESC 'SSH Key Fingerprint, draft-ietf-secsh-dns-05.txt'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.46 NAME 'rRSIGRecord'
+    DESC 'RRSIG, RFC 3755'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.2428.20.1.47 NAME 'nSECRecord'
+    DESC 'NSEC, RFC 3755'
+    EQUALITY caseIgnoreIA5Match
+    SUBSTR caseIgnoreIA5SubstringsMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+objectclass ( 1.3.6.1.4.1.2428.20.3 NAME 'dNSZone'
+        SUP top STRUCTURAL
+    MUST ( zoneName $ relativeDomainName )
+        MAY ( DNSTTL $ DNSClass $
+              ARecord $ MDRecord $ MXRecord $ NSRecord $
+          SOARecord $ CNAMERecord $ PTRRecord $ HINFORecord $
+              MINFORecord $ TXTRecord $ AFSDBRecord $ SIGRecord $
+              KEYRecord $ AAAARecord $ LOCRecord $ NXTRecord $
+              SRVRecord $ NAPTRRecord $ KXRecord $ CERTRecord $
+              A6Record $ DNAMERecord $ DSRecord $ SSHFPRecord $
+              RRSIGRecord $ NSECRecord ) )

image/service/slapd/assets/schema/mmc/mail.schema

@@ -0,0 +1,128 @@
+##
+## Needed attributes for MMC Mail Plugin
+##
+## Cédric Delfosse ([email protected])
+## Matthieu Vogelweith ([email protected])
+## Jean-Philippe Braun ([email protected])
+
+# Attributes
+attributetype ( 1.3.6.1.4.1.21103.1.1.13.1
+        NAME 'maildrop'
+        DESC 'Mail addresses where mails are forwarded -- ie forwards'
+        EQUALITY caseIgnoreMatch
+        SUBSTR caseIgnoreSubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512})
+
+attributetype ( 1.3.6.1.4.1.21103.1.1.13.2
+        NAME 'mailalias'
+        DESC 'Mail addresses accepted by this account -- ie aliases'
+        EQUALITY caseIgnoreMatch
+        SUBSTR caseIgnoreSubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512})
+
+attributetype ( 1.3.6.1.4.1.21103.1.1.13.3
+        NAME 'mailenable'
+        DESC 'Mail Account / Virtual alias validity'
+        EQUALITY caseIgnoreMatch
+        SUBSTR caseIgnoreSubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{8})
+
+attributetype ( 1.3.6.1.4.1.21103.1.1.13.4
+        NAME 'mailbox'
+        DESC 'Mailbox path where mails are delivered'
+        EQUALITY caseIgnoreMatch
+        SUBSTR caseIgnoreSubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512})
+
+attributetype ( 1.3.6.1.4.1.21103.1.1.13.5
+        NAME 'virtualdomain'
+        DESC 'A mail domain name'
+        EQUALITY caseIgnoreMatch
+        SUBSTR caseIgnoreSubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512})
+
+attributetype ( 1.3.6.1.4.1.21103.1.1.13.6
+        NAME 'virtualdomaindescription'
+        DESC 'Virtual domain description'
+        EQUALITY caseIgnoreMatch
+        SUBSTR caseIgnoreSubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512})
+
+attributetype ( 1.3.6.1.4.1.21103.1.1.13.7
+        NAME 'mailuserquota'
+        DESC 'Mailbox quota for a user in kilo-bytes'
+        EQUALITY integerMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.21103.1.1.13.8
+        NAME 'mailhost'
+        DESC 'The mail server IP address or FQDN for a user'
+        EQUALITY caseIgnoreIA5Match
+        SUBSTR caseIgnoreIA5SubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.21103.1.1.13.9
+        NAME 'mailaliasmember'
+        DESC 'Member of a virtual alias'
+        SUP distinguishedName )
+
+attributetype ( 1.3.6.1.4.1.21103.1.1.13.10
+        NAME 'mailproxy'
+        DESC 'Mail proxy'
+        EQUALITY caseIgnoreIA5Match
+        SUBSTR caseIgnoreIA5SubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.21103.1.1.13.11
+        NAME 'mailhidden'
+        DESC 'Mail Account hidden in address book'
+        EQUALITY caseIgnoreMatch
+        SUBSTR caseIgnoreSubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{8})
+
+# Mail Account Objectclass
+objectclass ( 1.3.6.1.4.1.21103.1.2.13.1
+        NAME 'mailAccount'
+        DESC 'Mail Account'
+        SUP top
+        AUXILIARY
+        MUST (
+            mail
+            )
+        MAY (
+            mailalias $ maildrop $ mailenable $ mailbox $ mailuserquota $
+            mailhost $ mailproxy $ mailhidden
+            )
+        )
+
+# Mail Domain Objectclass
+objectclass ( 1.3.6.1.4.1.21103.1.2.13.2
+        NAME 'mailDomain'
+        DESC 'Domain mail entry'
+        SUP top
+        STRUCTURAL
+        MUST (
+            virtualdomain
+            )
+        MAY (
+            virtualdomaindescription $ mailuserquota
+            )
+        )
+
+# Mail Group Objectclass
+objectclass ( 1.3.6.1.4.1.21103.1.2.13.3
+        NAME 'mailGroup' SUP top AUXILIARY
+        DESC 'Mail Group'
+        MUST ( mail )
+        MAY ( mailhidden )
+        )
+
+# Virtual Alias Objectclass
+objectclass ( 1.3.6.1.4.1.21103.1.2.13.4
+        NAME 'mailAlias'
+        DESC 'Mail Alias'
+        SUP top
+        STRUCTURAL
+        MUST ( mailalias )
+        MAY ( mail $ mailaliasmember $ mailenable )
+        )

image/service/slapd/assets/schema/mmc/mmc.schema

@@ -0,0 +1,31 @@
+##
+## Needed attributes for MMC (Mandriva Management Console)
+##
+## Version 01
+##
+## J�r�me Wax ([email protected])
+##
+
+# Attributes
+attributetype ( 1.3.6.1.4.1.40098.1.1.12.1 NAME 'lmcACL'
+        DESC 'LMC acl entry'
+        EQUALITY caseIgnoreMatch
+        SUBSTR caseIgnoreSubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.40098.1.1.12.2 NAME 'lmcPrefMode'
+        DESC 'LMC user preferences'
+        EQUALITY caseIgnoreMatch
+        SUBSTR caseIgnoreSubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype ( 1.3.6.1.4.1.40098.1.1.12.3 NAME 'lmcPrinterAllowed'
+        DESC 'LMC a printer where the user has the rights to print'
+        EQUALITY caseIgnoreIA5Match
+        SUBSTR caseIgnoreSubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+
+# Objectclass
+objectclass ( 1.3.6.1.4.1.40098.1.2.1.19.1 NAME 'lmcUserObject' AUXILIARY
+        DESC 'Objectclass for LMC user settings '
+        MAY  ( lmcACL $ lmcPrefMode $ lmcPrinterAllowed ))

image/service/slapd/assets/schema/mmc/openssh-lpk.schema

@@ -0,0 +1,19 @@
+#
+# LDAP Public Key Patch schema for use with openssh-ldappubkey
+# Author: Eric AUGE <[email protected]>
+# 
+# Based on the proposal of : Mark Ruijter
+#
+
+
+# octetString SYNTAX
+attributetype ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' 
+	DESC 'MANDATORY: OpenSSH Public key' 
+	EQUALITY octetStringMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+
+# printableString SYNTAX yes|no
+objectclass ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY
+	DESC 'MANDATORY: OpenSSH LPK objectclass'
+	MAY ( sshPublicKey $ uid ) 
+	)

image/service/slapd/assets/schema/mmc/quota.schema

@@ -0,0 +1,29 @@
+##
+## schema file for Unix Quotas
+## Schema for storing Unix Quotas in LDAP
+## OIDs are owned by Cogent Innovators, LLC
+##
+## 1.3.6.1.4.1.19937.1.1.x - attributetypes
+## 1.3.6.1.4.1.19937.1.2.x - objectclasses
+##
+
+attributetype ( 1.3.6.1.4.1.19937.1.1.1 NAME 'quota'
+        DESC 'Quotas (FileSystem:BlocksSoft,BlocksHard,InodesSoft,InodesHard)'
+        EQUALITY caseIgnoreIA5Match
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} )
+
+attributetype ( 1.3.6.1.4.1.19937.1.1.2 NAME 'networkquota'
+        DESC 'Network Quotas (network,protocol,bytes)'
+        EQUALITY caseIgnoreIA5Match
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} )
+
+objectclass ( 1.3.6.1.4.1.19937.1.2.1 NAME 'systemQuotas' SUP posixAccount AUXILIARY
+        DESC 'System Quotas'
+        MUST ( uid )
+        MAY  ( quota $ networkquota ))
+
+objectclass ( 1.3.6.1.4.1.19937.1.2.2 NAME 'defaultQuotas'
+        DESC 'Quota defaults to apply to members of a group'
+        SUP top AUXILIARY
+        MUST ( cn )
+        MAY ( quota $ networkquota ))

image/service/slapd/assets/schema/mmc/radius.schema

@@ -0,0 +1,589 @@
+# This is a LDAPv3 schema for RADIUS attributes.
+# Tested on OpenLDAP 2.0.7
+# Posted by Javier Fernandez-Sanguino Pena <[email protected]>
+# LDAP v3 version by Jochen Friedrich <[email protected]>
+# Updates by Adrian Pavlykevych <[email protected]>
+##############
+# This version is customized
+# so that the radiusCallingStationId attribute
+# is multi evaluated
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.1
+      NAME 'radiusArapFeatures'
+      DESC ''
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.2
+      NAME 'radiusArapSecurity'
+      DESC ''
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.3
+      NAME 'radiusArapZoneAccess'
+      DESC ''
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.44
+     NAME 'radiusAuthType'
+     DESC 'checkItem: Auth-Type'
+     EQUALITY caseIgnoreIA5Match
+     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+     SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.4
+      NAME 'radiusCallbackId'
+      DESC 'replyItem: Callback-Id'
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.5
+      NAME 'radiusCallbackNumber'
+      DESC 'replyItem: Callback-Number'
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.6
+      NAME 'radiusCalledStationId'
+      DESC 'checkItem: Called-Station-Id'
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.7
+      NAME 'radiusCallingStationId'
+      DESC 'checkItem: Calling-Station-Id'
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.8
+      NAME 'radiusClass'
+      DESC 'replyItem: Class'
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.45
+     NAME 'radiusClientIPAddress'
+     DESC ''
+     EQUALITY caseIgnoreIA5Match
+     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+     SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.9
+      NAME 'radiusFilterId'
+      DESC 'replyItem: Filter-Id'
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.10
+      NAME 'radiusFramedAppleTalkLink'
+      DESC 'replyItem: Framed-AppleTalk-Link'
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.11
+      NAME 'radiusFramedAppleTalkNetwork'
+      DESC 'replyItem: Framed-AppleTalk-Network'
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.12
+      NAME 'radiusFramedAppleTalkZone'
+      DESC 'replyItem: Framed-AppleTalk-Zone'
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.13
+      NAME 'radiusFramedCompression'
+      DESC 'replyItem: Framed-Compression'
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.14
+      NAME 'radiusFramedIPAddress'
+      DESC 'replyItem: Framed-IP-Address'
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.15
+      NAME 'radiusFramedIPNetmask'
+      DESC 'replyItem: Framed-IP-Netmask'
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.16
+      NAME 'radiusFramedIPXNetwork'
+      DESC 'replyItem: Framed-IPX-Network'
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.17
+      NAME 'radiusFramedMTU'
+      DESC 'replyItem: Framed-MTU'
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.18
+      NAME 'radiusFramedProtocol'
+      DESC 'replyItem: Framed-Protocol'
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.19
+      NAME 'radiusFramedRoute'
+      DESC 'replyItem: Framed-Route'
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.20
+      NAME 'radiusFramedRouting'
+      DESC 'replyItem: Framed-Routing'
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.46
+      NAME 'radiusGroupName'
+      DESC ''
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.47
+      NAME 'radiusHint'
+      DESC ''
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.48
+      NAME 'radiusHuntgroupName'
+      DESC ''
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.21
+      NAME 'radiusIdleTimeout'
+      DESC 'replyItem: Idle-Timeout'
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.22
+      NAME 'radiusLoginIPHost'
+      DESC 'replyItem: Login-IP-Host'
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.23
+      NAME 'radiusLoginLATGroup'
+      DESC 'replyItem: Login-LAT-Group'
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.24
+      NAME 'radiusLoginLATNode'
+      DESC 'replyItem: Login-LAT-Node'
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.25
+      NAME 'radiusLoginLATPort'
+      DESC 'replyItem: Login-LAT-Port'
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.26
+      NAME 'radiusLoginLATService'
+      DESC 'replyItem: Login-LAT-Service'
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.27
+      NAME 'radiusLoginService'
+      DESC 'replyItem: Login-Service'
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.28
+      NAME 'radiusLoginTCPPort'
+      DESC 'replyItem: Login-TCP-Port'
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.29
+      NAME 'radiusPasswordRetry'
+      DESC ''
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.30
+      NAME 'radiusPortLimit'
+      DESC 'replyItem: Port-Limit'
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.49
+      NAME 'radiusProfileDn'
+      DESC ''
+      EQUALITY distinguishedNameMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.31
+      NAME 'radiusPrompt'
+      DESC ''
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.50
+      NAME 'radiusProxyToRealm'
+      DESC ''
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.51
+      NAME 'radiusReplicateToRealm'
+      DESC ''
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.52
+      NAME 'radiusRealm'
+      DESC ''
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.32
+      NAME 'radiusServiceType'
+      DESC 'replyItem: Service-Type'
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.33
+      NAME 'radiusSessionTimeout'
+      DESC 'replyItem: Session-Timeout'
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.34
+      NAME 'radiusTerminationAction'
+      DESC 'replyItem: Termination-Action'
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.35
+      NAME 'radiusTunnelAssignmentId'
+      DESC ''
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.36
+      NAME 'radiusTunnelMediumType'
+      DESC ''
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.37
+      NAME 'radiusTunnelPassword'
+      DESC ''
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.38
+      NAME 'radiusTunnelPreference'
+      DESC ''
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.39
+      NAME 'radiusTunnelPrivateGroupId'
+      DESC ''
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.40
+      NAME 'radiusTunnelServerEndpoint'
+      DESC ''
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.41
+      NAME 'radiusTunnelType'
+      DESC ''
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.42
+      NAME 'radiusVSA'
+      DESC ''
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.43
+      NAME 'radiusTunnelClientEndpoint'
+      DESC ''
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+   )
+
+
+#need to change asn1.id
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.53
+      NAME 'radiusSimultaneousUse'
+      DESC 'checkItem: Simultaneous-Use'
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.54
+      NAME 'radiusLoginTime'
+      DESC ''
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.55
+      NAME 'radiusUserCategory'
+      DESC ''
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.56
+      NAME 'radiusStripUserName'
+      DESC ''
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.57
+      NAME 'dialupAccess'
+      DESC ''
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.58
+      NAME 'radiusExpiration'
+      DESC 'checkItem: Expiration'
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.59
+      NAME 'radiusCheckItem'
+      DESC 'checkItem: $GENERIC$'
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.60
+      NAME 'radiusReplyItem'
+      DESC 'replyItem: $GENERIC$'
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.61
+      NAME 'radiusNASIpAddress'
+      DESC ''
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+      SINGLE-VALUE
+   )
+
+attributetype
+   ( 1.3.6.1.4.1.3317.4.3.1.62
+      NAME 'radiusReplyMessage'
+      DESC 'replyItem: Reply-Message'
+      EQUALITY caseIgnoreIA5Match
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+   )
+
+
+objectclass
+   ( 1.3.6.1.4.1.3317.4.3.2.1
+      NAME 'radiusprofile'
+      SUP top AUXILIARY
+      DESC ''
+      MUST cn
+      MAY ( radiusArapFeatures $ radiusArapSecurity $ radiusArapZoneAccess $
+            radiusAuthType $ radiusCallbackId $ radiusCallbackNumber $
+            radiusCalledStationId $ radiusCallingStationId $ radiusClass $
+            radiusClientIPAddress $ radiusFilterId $ radiusFramedAppleTalkLink $
+            radiusFramedAppleTalkNetwork $ radiusFramedAppleTalkZone $
+            radiusFramedCompression $ radiusFramedIPAddress $
+            radiusFramedIPNetmask $ radiusFramedIPXNetwork $
+            radiusFramedMTU $ radiusFramedProtocol $
+       radiusCheckItem $ radiusReplyItem $
+            radiusFramedRoute $ radiusFramedRouting $ radiusIdleTimeout $
+            radiusGroupName $ radiusHint $ radiusHuntgroupName $
+            radiusLoginIPHost $ radiusLoginLATGroup $ radiusLoginLATNode $
+            radiusLoginLATPort $ radiusLoginLATService $ radiusLoginService $
+            radiusLoginTCPPort $ radiusLoginTime $ radiusPasswordRetry $
+            radiusPortLimit $ radiusPrompt $ radiusProxyToRealm $
+            radiusRealm $ radiusReplicateToRealm $ radiusServiceType $
+            radiusSessionTimeout $ radiusStripUserName $
+            radiusTerminationAction $ radiusTunnelClientEndpoint $ radiusProfileDn $
+            radiusSimultaneousUse $ radiusTunnelAssignmentId $
+            radiusTunnelMediumType $ radiusTunnelPassword $ radiusTunnelPreference $
+            radiusTunnelPrivateGroupId $ radiusTunnelServerEndpoint $
+            radiusTunnelType $ radiusUserCategory $ radiusVSA $
+            radiusExpiration $ dialupAccess $ radiusNASIpAddress $
+            radiusReplyMessage )
+   )
+
+objectclass
+  ( 1.3.6.1.4.1.3317.4.3.2.2
+   NAME 'radiusObjectProfile'
+   SUP top STRUCTURAL
+   DESC 'A Container Objectclass to be used for creating radius profile object'
+   MUST cn
+   MAY ( uid $ userPassword $ description )
+  )

image/service/slapd/assets/schema/mmc/samba.schema

@@ -0,0 +1,554 @@
+##
+## schema file for OpenLDAP 2.x
+## Schema for storing Samba user accounts and group maps in LDAP
+## OIDs are owned by the Samba Team
+##
+## Prerequisite schemas - uid         (cosine.schema)
+##                      - displayName (inetorgperson.schema)
+##                      - gidNumber   (nis.schema)
+##
+## 1.3.6.1.4.1.7165.2.1.x - attributetypes
+## 1.3.6.1.4.1.7165.2.2.x - objectclasses
+##
+## Printer support
+## 1.3.6.1.4.1.7165.2.3.1.x - attributetypes
+## 1.3.6.1.4.1.7165.2.3.2.x - objectclasses
+##
+## Samba4
+## 1.3.6.1.4.1.7165.4.1.x - attributetypes
+## 1.3.6.1.4.1.7165.4.2.x - objectclasses
+## 1.3.6.1.4.1.7165.4.3.x - LDB/LDAP Controls
+## 1.3.6.1.4.1.7165.4.4.x - LDB/LDAP Extended Operations
+## 1.3.6.1.4.1.7165.4.255.x - mapped OIDs due to conflicts between AD and standards-track
+##
+## ----- READ THIS WHEN ADDING A NEW ATTRIBUTE OR OBJECT CLASS ------
+##
+## Run the 'get_next_oid' bash script in this directory to find the 
+## next available OID for attribute type and object classes.
+##
+##   $ ./get_next_oid
+##   attributetype ( 1.3.6.1.4.1.7165.2.1.XX NAME ....
+##   objectclass ( 1.3.6.1.4.1.7165.2.2.XX NAME ....
+##
+## Also ensure that new entries adhere to the declaration style
+## used throughout this file
+##
+##    <attributetype|objectclass> ( 1.3.6.1.4.1.7165.2.XX.XX NAME ....
+##                               ^ ^                        ^
+##
+## The spaces are required for the get_next_oid script (and for 
+## readability).
+##
+## ------------------------------------------------------------------
+
+# objectIdentifier SambaRoot 1.3.6.1.4.1.7165
+# objectIdentifier Samba3 SambaRoot:2
+# objectIdentifier Samba3Attrib Samba3:1
+# objectIdentifier Samba3ObjectClass Samba3:2
+# objectIdentifier Samba4 SambaRoot:4
+
+########################################################################
+##                            HISTORICAL                              ##
+########################################################################
+
+##
+## Password hashes
+##
+#attributetype ( 1.3.6.1.4.1.7165.2.1.1 NAME 'lmPassword'
+#       DESC 'LanManager Passwd'
+#       EQUALITY caseIgnoreIA5Match
+#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.2 NAME 'ntPassword'
+#       DESC 'NT Passwd'
+#       EQUALITY caseIgnoreIA5Match
+#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
+
+##
+## Account flags in string format ([UWDX     ])
+##
+#attributetype ( 1.3.6.1.4.1.7165.2.1.4 NAME 'acctFlags'
+#       DESC 'Account Flags'
+#       EQUALITY caseIgnoreIA5Match
+#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
+
+##
+## Password timestamps & policies
+##
+#attributetype ( 1.3.6.1.4.1.7165.2.1.3 NAME 'pwdLastSet'
+#       DESC 'NT pwdLastSet'
+#       EQUALITY integerMatch
+#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.5 NAME 'logonTime'
+#       DESC 'NT logonTime'
+#       EQUALITY integerMatch
+#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.6 NAME 'logoffTime'
+#       DESC 'NT logoffTime'
+#       EQUALITY integerMatch
+#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.7 NAME 'kickoffTime'
+#       DESC 'NT kickoffTime'
+#       EQUALITY integerMatch
+#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.8 NAME 'pwdCanChange'
+#       DESC 'NT pwdCanChange'
+#       EQUALITY integerMatch
+#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.9 NAME 'pwdMustChange'
+#       DESC 'NT pwdMustChange'
+#       EQUALITY integerMatch
+#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+##
+## string settings
+##
+#attributetype ( 1.3.6.1.4.1.7165.2.1.10 NAME 'homeDrive'
+#       DESC 'NT homeDrive'
+#       EQUALITY caseIgnoreIA5Match
+#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.11 NAME 'scriptPath'
+#       DESC 'NT scriptPath'
+#       EQUALITY caseIgnoreIA5Match
+#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.12 NAME 'profilePath'
+#       DESC 'NT profilePath'
+#       EQUALITY caseIgnoreIA5Match
+#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.13 NAME 'userWorkstations'
+#       DESC 'userWorkstations'
+#       EQUALITY caseIgnoreIA5Match
+#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.17 NAME 'smbHome'
+#       DESC 'smbHome'
+#       EQUALITY caseIgnoreIA5Match
+#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.18 NAME 'domain'
+#       DESC 'Windows NT domain to which the user belongs'
+#       EQUALITY caseIgnoreIA5Match
+#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+
+##
+## user and group RID
+##
+#attributetype ( 1.3.6.1.4.1.7165.2.1.14 NAME 'rid'
+#       DESC 'NT rid'
+#       EQUALITY integerMatch
+#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID'
+#       DESC 'NT Group RID'
+#       EQUALITY integerMatch
+#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+##
+## The smbPasswordEntry objectclass has been depreciated in favor of the
+## sambaAccount objectclass
+##
+#objectclass ( 1.3.6.1.4.1.7165.2.2.1 NAME 'smbPasswordEntry' SUP top AUXILIARY
+#        DESC 'Samba smbpasswd entry'
+#        MUST ( uid $ uidNumber )
+#        MAY  ( lmPassword $ ntPassword $ pwdLastSet $ acctFlags ))
+
+#objectclass ( 1.3.6.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
+#       DESC 'Samba Account'
+#       MUST ( uid $ rid )
+#       MAY  ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
+#               logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
+#               displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
+#               description $ userWorkstations $ primaryGroupID $ domain ))
+
+#objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY
+#       DESC 'Samba Auxiliary Account'
+#       MUST ( uid $ rid )
+#       MAY  ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
+#              logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
+#              displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
+#              description $ userWorkstations $ primaryGroupID $ domain ))
+
+########################################################################
+##                        END OF HISTORICAL                           ##
+########################################################################
+
+#######################################################################
+##                Attributes used by Samba 3.0 schema                ##
+#######################################################################
+
+##
+## Password hashes
+##
+attributetype ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword'
+        DESC 'LanManager Password'
+        EQUALITY caseIgnoreIA5Match
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword'
+        DESC 'MD4 hash of the unicode password'
+        EQUALITY caseIgnoreIA5Match
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
+
+##
+## Account flags in string format ([UWDX     ])
+##
+attributetype ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags'
+        DESC 'Account Flags'
+        EQUALITY caseIgnoreIA5Match
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
+
+##
+## Password timestamps & policies
+##
+attributetype ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet'
+        DESC 'Timestamp of the last password update'
+        EQUALITY integerMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange'
+        DESC 'Timestamp of when the user is allowed to update the password'
+        EQUALITY integerMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange'
+        DESC 'Timestamp of when the password will expire'
+        EQUALITY integerMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime'
+        DESC 'Timestamp of last logon'
+        EQUALITY integerMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime'
+        DESC 'Timestamp of last logoff'
+        EQUALITY integerMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime'
+        DESC 'Timestamp of when the user will be logged off automatically'
+        EQUALITY integerMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount'
+        DESC 'Bad password attempt count'
+        EQUALITY integerMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime'
+        DESC 'Time of the last bad password attempt'
+        EQUALITY integerMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours'
+        DESC 'Logon Hours'
+        EQUALITY caseIgnoreIA5Match
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42} SINGLE-VALUE )
+
+##
+## string settings
+##
+attributetype ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive'
+        DESC 'Driver letter of home directory mapping'
+        EQUALITY caseIgnoreIA5Match
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript'
+        DESC 'Logon script path'
+        EQUALITY caseIgnoreMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath'
+        DESC 'Roaming profile path'
+        EQUALITY caseIgnoreMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations'
+        DESC 'List of user workstations the user is allowed to logon to'
+        EQUALITY caseIgnoreMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath'
+        DESC 'Home directory UNC path'
+        EQUALITY caseIgnoreMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName'
+        DESC 'Windows NT domain to which the user belongs'
+        EQUALITY caseIgnoreMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial'
+        DESC 'Base64 encoded user parameter string'
+        EQUALITY caseExactMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory'
+        DESC 'Concatenated MD5 hashes of the salted NT passwords used on this account'
+        EQUALITY caseIgnoreIA5Match
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} )
+
+##
+## SID, of any type
+##
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID'
+        DESC 'Security ID'
+        EQUALITY caseIgnoreIA5Match
+        SUBSTR caseExactIA5SubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
+
+##
+## Primary group SID, compatible with ntSid
+##
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID'
+        DESC 'Primary Group Security ID'
+        EQUALITY caseIgnoreIA5Match
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList'
+        DESC 'Security ID List'
+        EQUALITY caseIgnoreIA5Match
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} )
+
+##
+## group mapping attributes
+##
+attributetype ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType'
+        DESC 'NT Group Type'
+        EQUALITY integerMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+##
+## Store info on the domain
+##
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid'
+        DESC 'Next NT rid to give our for users'
+        EQUALITY integerMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid'
+        DESC 'Next NT rid to give out for groups'
+        EQUALITY integerMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid'
+        DESC 'Next NT rid to give out for anything'
+        EQUALITY integerMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase'
+        DESC 'Base at which the samba RID generation algorithm should operate'
+        EQUALITY integerMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName'
+        DESC 'Share Name'
+        EQUALITY caseIgnoreMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName'
+        DESC 'Option Name'
+        EQUALITY caseIgnoreMatch
+        SUBSTR caseIgnoreSubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption'
+        DESC 'A boolean option'
+        EQUALITY booleanMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption'
+        DESC 'An integer option'
+        EQUALITY integerMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption'
+        DESC 'A string option'
+        EQUALITY caseExactIA5Match
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption'
+        DESC 'A string list option'
+        EQUALITY caseIgnoreMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+
+##attributetype ( 1.3.6.1.4.1.7165.2.1.50 NAME 'sambaPrivName' 
+##      SUP name )
+
+##attributetype ( 1.3.6.1.4.1.7165.2.1.52 NAME 'sambaPrivilegeList'
+##      DESC 'Privileges List'
+##      EQUALITY caseIgnoreIA5Match
+##      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags'
+        DESC 'Trust Password Flags'
+        EQUALITY caseIgnoreIA5Match
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# "min password length"
+attributetype ( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength'
+        DESC 'Minimal password length (default: 5)'
+        EQUALITY integerMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# "password history"
+attributetype ( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength'
+        DESC 'Length of Password History Entries (default: 0 => off)'
+        EQUALITY integerMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# "user must logon to change password"
+attributetype ( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd'
+        DESC 'Force Users to logon for password change (default: 0 => off, 2 => on)'
+        EQUALITY integerMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# "maximum password age"
+attributetype ( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge'
+        DESC 'Maximum password age, in seconds (default: -1 => never expire passwords)'
+        EQUALITY integerMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# "minimum password age"
+attributetype ( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge'
+        DESC 'Minimum password age, in seconds (default: 0 => allow immediate password change)'
+        EQUALITY integerMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# "lockout duration"
+attributetype ( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration'
+        DESC 'Lockout duration in minutes (default: 30, -1 => forever)'
+        EQUALITY integerMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# "reset count minutes"
+attributetype ( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservationWindow'
+        DESC 'Reset time after lockout in minutes (default: 30)'
+        EQUALITY integerMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# "bad lockout attempt"
+attributetype ( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold'
+        DESC 'Lockout users after bad logon attempts (default: 0 => off)'
+        EQUALITY integerMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# "disconnect time"
+attributetype ( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff'
+        DESC 'Disconnect Users outside logon hours (default: -1 => off, 0 => on)'
+        EQUALITY integerMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# "refuse machine password change"
+attributetype ( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange'
+        DESC 'Allow Machine Password changes (default: 0 => off)'
+        EQUALITY integerMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+
+
+
+#######################################################################
+##              objectClasses used by Samba 3.0 schema               ##
+#######################################################################
+
+## The X.500 data model (and therefore LDAPv3) says that each entry can
+## only have one structural objectclass.  OpenLDAP 2.0 does not enforce
+## this currently but will in v2.1
+
+##
+## added new objectclass (and OID) for 3.0 to help us deal with backwards
+## compatibility with 2.2 installations (e.g. ldapsam_compat)  --jerry
+##
+objectclass ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY
+        DESC 'Samba 3.0 Auxilary SAM Account'
+        MUST ( uid $ sambaSID )
+        MAY  ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $
+               sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $
+               sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $
+               displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $
+               sambaProfilePath $ description $ sambaUserWorkstations $
+               sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $
+               sambaBadPasswordCount $ sambaBadPasswordTime $
+               sambaPasswordHistory $ sambaLogonHours))
+
+##
+## Group mapping info
+##
+objectclass ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY
+        DESC 'Samba Group Mapping'
+        MUST ( gidNumber $ sambaSID $ sambaGroupType )
+        MAY  ( displayName $ description $ sambaSIDList ))
+
+##
+## Trust password for trust relationships (any kind)
+##
+objectclass ( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' SUP top STRUCTURAL
+        DESC 'Samba Trust Password'
+        MUST ( sambaDomainName $ sambaNTPassword $ sambaTrustFlags )
+        MAY ( sambaSID $ sambaPwdLastSet ))
+
+##
+## Whole-of-domain info
+##
+objectclass ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL
+        DESC 'Samba Domain Information'
+        MUST ( sambaDomainName $ 
+               sambaSID ) 
+        MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $
+              sambaAlgorithmicRidBase $ 
+              sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd $
+              sambaMaxPwdAge $ sambaMinPwdAge $
+              sambaLockoutDuration $ sambaLockoutObservationWindow $ sambaLockoutThreshold $
+              sambaForceLogoff $ sambaRefuseMachinePwdChange ))
+
+##
+## used for idmap_ldap module
+##
+objectclass ( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' SUP top AUXILIARY
+        DESC 'Pool for allocating UNIX uids/gids'
+        MUST ( uidNumber $ gidNumber ) )
+
+
+objectclass ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' SUP top AUXILIARY
+        DESC 'Mapping from a SID to an ID'
+        MUST ( sambaSID )
+        MAY ( uidNumber $ gidNumber ) )
+
+objectclass ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' SUP top STRUCTURAL
+        DESC 'Structural Class for a SID'
+        MUST ( sambaSID ) )
+
+objectclass ( 1.3.6.1.4.1.7165.2.2.10 NAME 'sambaConfig' SUP top AUXILIARY
+        DESC 'Samba Configuration Section'
+        MAY ( description ) )
+
+objectclass ( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' SUP top STRUCTURAL
+        DESC 'Samba Share Section'
+        MUST ( sambaShareName )
+        MAY ( description ) )
+
+objectclass ( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' SUP top STRUCTURAL
+        DESC 'Samba Configuration Option'
+        MUST ( sambaOptionName )
+        MAY ( sambaBoolOption $ sambaIntegerOption $ sambaStringOption $ 
+              sambaStringListoption $ description ) )
+
+
+## retired during privilege rewrite
+##objectclass ( 1.3.6.1.4.1.7165.2.2.13 NAME 'sambaPrivilege' SUP top AUXILIARY
+##      DESC 'Samba Privilege'
+##      MUST ( sambaSID )
+##      MAY ( sambaPrivilegeList ) )

image/service/slapd/assets/schema/mmc/zarafa.schema

@@ -0,0 +1,300 @@
+attributetype ( 1.3.6.1.4.1.26278.1.1.1.1
+	NAME 'zarafaQuotaOverride'
+	DESC 'ZARAFA: Override child quota'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.26278.1.1.1.2
+	NAME 'zarafaQuotaWarn'
+	DESC 'ZARAFA: Warning quota size in MB'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.26278.1.1.1.3
+	NAME 'zarafaQuotaSoft'
+	DESC 'ZARAFA: Soft quota size in MB'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.26278.1.1.1.4
+	NAME 'zarafaQuotaHard'
+	DESC 'ZARAFA: Hard quota size in MB'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
+
+attributetype ( 1.3.6.1.4.1.26278.1.1.1.5
+	NAME 'zarafaUserDefaultQuotaOverride'
+	DESC 'ZARAFA: Override User default quota for children'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.26278.1.1.1.6
+	NAME 'zarafaUserDefaultQuotaWarn'
+	DESC 'ZARAFA: User default warning quota size in MB'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.26278.1.1.1.7
+	NAME 'zarafaUserDefaultQuotaSoft'
+	DESC 'ZARAFA: User default soft quota size in MB'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.26278.1.1.1.8
+	NAME 'zarafaUserDefaultQuotaHard'
+	DESC 'ZARAFA: User default hard quota size in MB'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
+
+attributetype ( 1.3.6.1.4.1.26278.1.1.2.1
+	NAME 'zarafaAdmin'
+	DESC 'ZARAFA: Administrator of zarafa'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
+
+attributetype ( 1.3.6.1.4.1.26278.1.1.2.2
+	NAME 'zarafaSharedStoreOnly'
+	DESC 'ZARAFA: is store a shared store'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
+
+attributetype ( 1.3.6.1.4.1.26278.1.1.2.3
+	NAME 'zarafaAccount'
+	DESC 'ZARAFA: entry is a part of zarafa'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
+
+attributetype ( 1.3.6.1.4.1.26278.1.1.2.4
+	NAME 'zarafaSendAsPrivilege'
+	DESC 'ZARAFA: Users may directly send email as this user'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.26278.1.1.2.5
+	NAME 'zarafaMrAccept'
+	DESC 'ZARAFA: user should auto-accept meeting requests'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
+
+attributetype ( 1.3.6.1.4.1.26278.1.1.2.6
+	NAME 'zarafaMrDeclineConflict'
+	DESC 'ZARAFA: user should automatically decline conflicting meeting requests'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
+
+attributetype ( 1.3.6.1.4.1.26278.1.1.2.7
+	NAME 'zarafaMrDeclineRecurring'
+	DESC 'ZARAFA: user should automatically decline recurring meeting requests'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
+	
+attributetype ( 1.3.6.1.4.1.26278.1.1.2.8
+	NAME 'zarafaId'
+	DESC 'ZARAFA: Generic unique ID'
+	EQUALITY octetStringMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )	
+	
+attributetype ( 1.3.6.1.4.1.26278.1.1.2.9
+	NAME 'zarafaResourceType'
+	DESC 'ZARAFA: for shared stores, resource is type Room or Equipment'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )	
+
+attributetype ( 1.3.6.1.4.1.26278.1.1.2.10
+	NAME 'zarafaResourceCapacity'
+	DESC 'ZARAFA: number of rooms or equipment available'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
+
+attributetype ( 1.3.6.1.4.1.26278.1.1.2.11
+	NAME 'zarafaHidden'
+	DESC 'ZARAFA: This object should be hidden from address book'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.26278.1.1.3.1
+	NAME 'zarafaAliases'
+	DESC 'ZARAFA: All other email addresses for this user'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.26278.1.1.4.1
+	NAME 'zarafaUserServer'
+	DESC 'ZARAFA: Home server for the user'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+objectclass	( 1.3.6.1.4.1.26278.1.1.0.0
+	NAME 'zarafa-user'
+	DESC 'Zarafa: an user of Zarafa'
+	SUP top AUXILIARY
+	MUST ( cn )
+	MAY (
+		zarafaQuotaOverride $ zarafaQuotaWarn $ zarafaQuotaSoft $ zarafaSendAsPrivilege $
+		zarafaQuotaHard $ zarafaAdmin $ zarafaSharedStoreOnly $ zarafaResourceType $
+		zarafaResourceCapacity $ zarafaAccount $ zarafaHidden $ zarafaAliases $
+		zarafaUserServer
+		)
+	)
+
+objectclass	( 1.3.6.1.4.1.26278.1.6.0.0
+	NAME 'zarafa-contact'
+	DESC 'Zarafa: a contact of Zarafa'
+	SUP top AUXILIARY
+	MUST ( cn $ uidNumber )
+	MAY (
+		zarafaSendAsPrivilege $ zarafaHidden $ zarafaAliases
+		)
+	)
+
+
+attributetype ( 1.3.6.1.4.1.26278.1.2.2.1
+	NAME 'zarafaSecurityGroup'
+	DESC 'ZARAFA: group has security possibilities'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+objectclass	( 1.3.6.1.4.1.26278.1.2.0.0
+	NAME 'zarafa-group'
+	DESC 'Zarafa: a group of Zarafa'
+	SUP top	AUXILIARY
+	MUST ( cn )
+	MAY (
+		zarafaAccount $ zarafaHidden $ mail $ zarafaAliases $ zarafaSecurityGroup
+		)
+	)
+	
+attributetype ( 1.3.6.1.4.1.26278.1.3.2.4
+	NAME 'zarafaViewPrivilege'
+	DESC 'ZARAFA: Companies with view privileges over selected company'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	)
+
+attributetype ( 1.3.6.1.4.1.26278.1.3.2.5
+	NAME 'zarafaAdminPrivilege'
+	DESC 'ZARAFA: Users from different companies which are administrator over selected company'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	)
+
+attributetype ( 1.3.6.1.4.1.26278.1.3.2.6
+	NAME 'zarafaSystemAdmin'
+	DESC 'ZARAFA: The user who is the system administrator for this company'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE
+	)
+
+attributetype (1.3.6.1.4.1.26278.1.3.1.5
+	NAME 'zarafaQuotaUserWarningRecipients'
+	DESC 'ZARAFA: Users who will recieve a notification email when a user exceeds his quota'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	)
+
+attributetype (1.3.6.1.4.1.26278.1.3.1.6
+	NAME 'zarafaQuotaCompanyWarningRecipients'
+	DESC 'ZARAFA: Users who will recieve a notification email when a company exceeds its quota'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	)
+	
+attributetype ( 1.3.6.1.4.1.26278.1.3.4.1
+	NAME 'zarafaCompanyServer'
+	DESC 'ZARAFA: Home server for the user'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.26278.1.3.0.0
+	NAME 'zarafa-company'
+	DESC 'ZARAFA: a company of Zarafa' 
+	SUP top AUXILIARY
+	MUST ( cn )
+	MAY (
+		zarafaAccount $ zarafaHidden $
+		zarafaViewPrivilege $ zarafaAdminPrivilege $ zarafaSystemAdmin $
+		zarafaQuotaOverride $ zarafaQuotaWarn $
+		zarafaUserDefaultQuotaOverride $ zarafaUserDefaultQuotaWarn $ zarafaUserDefaultQuotaSoft $ zarafaUserDefaultQuotaHard $
+		zarafaQuotaUserWarningRecipients $ zarafaQuotaCompanyWarningRecipients $
+		zarafaCompanyServer
+		)
+	)
+
+attributetype (1.3.6.1.4.1.26278.1.4.4.1
+	NAME 'zarafaHttpPort'
+	DESC 'ZARAFA: Port for the http connection'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype (1.3.6.1.4.1.26278.1.4.4.2
+	NAME 'zarafaSslPort'
+	DESC 'ZARAFA: Port for the ssl connection'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype (1.3.6.1.4.1.26278.1.4.4.3
+	NAME 'zarafaFilePath'
+	DESC 'ZARAFA: The unix socket or named pipe to the server'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+	
+attributetype (1.3.6.1.4.1.26278.1.4.4.4
+	NAME 'zarafaContainsPublic'
+	DESC 'ZARAFA: This server contains the public store'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.26278.1.4.0.0
+	NAME 'zarafa-server'
+	DESC 'ZARAFA: a Zarafa server'
+	SUP top AUXILIARY
+	MUST ( cn )
+	MAY (
+		zarafaAccount $ zarafaHidden $ zarafaHttpPort $ zarafaSslPort $ zarafaFilePath $ zarafaContainsPublic
+		)
+	)
+
+attributetype (1.3.6.1.4.1.26278.1.5.5.1
+	NAME 'zarafaFilter'
+	DESC 'ZARAFA: LDAP Filter to apply'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype (1.3.6.1.4.1.26278.1.5.5.2
+	NAME 'zarafaBase'
+	DESC 'ZARAFA: LDAP Search base to apply'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.26278.1.5.0.0
+	NAME 'zarafa-addresslist'
+	DESC 'ZARAFA: a Zarafa Addresslist'
+	SUP top STRUCTURAL
+	MUST ( cn )
+    MAY (
+		zarafaAccount $ zarafaHidden $ zarafaFilter $ zarafaBase
+		)
+	)
+
+objectclass ( 1.3.6.1.4.1.26278.1.7.0.0
+	NAME 'zarafa-dynamicgroup'
+	DESC 'ZARAFA: a Zarafa dynamic group'
+	SUP top STRUCTURAL
+	MUST ( cn )
+    MAY (
+		zarafaAccount $ zarafaHidden $ mail $ zarafaAliases $ zarafaFilter $ zarafaBase
+		)
+	)

image/service/slapd/assets/security.ldif

@@ -0,0 +1,13 @@
+dn: olcDatabase={1}hdb,cn=config 
+changetype: modify
+delete: olcAccess
+-
+add: olcAccess
+olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymous auth by dn="cn=admin,dc=example,dc=org" write by * none
+-
+add: olcAccess
+olcAccess: {1}to dn.base="" by * read
+-
+add: olcAccess
+olcAccess: {2}to * by self write by dn="cn=admin,dc=example,dc=org" write by * none
+-

image/service/slapd/assets/ssl/dhparam.pem

@@ -0,0 +1,8 @@
+-----BEGIN DH PARAMETERS-----
+MIIBCAKCAQEA7adhygsX/CvbcQBlSEKBmm0D0+hVfIttcftyFTuDPNok4yDJUBUF
+zzc7X/i3PUMzANhShBrngBaXbOhVk3QcjMC623TPhFmILx0r236+aQEUGnlwN73M
+RUFM6EblYgH4+E4nv+JLwzHdO72+qMAd92rtzVMiaDlCWghH6wdAFoasTsT6Posc
+F5T8WCkzFAZeVhNGRKPP6k3l2BjvRJzkwYMMJrxaIYznMEK6H5CYIqZcpeAB3d2B
+NaZXLxFCemLrSS16UHrH1modEe8yjrOaE5+ZesGAA9onsNRZkAJp0x/pRaO/+rHn
+Q5QVCQCzxY16UsLzH0q/P80xPMU7BMoocwIBAg==
+-----END DH PARAMETERS-----

image/service/slapd/assets/tls.ldif

@@ -1,6 +1,6 @@
 dn: cn=config
 changetype: modify
-add: olcTLSCipherSuite
+replace: olcTLSCipherSuite
 olcTLSCipherSuite: SECURE256:-VERS-SSL3.0
 -
 replace: olcTLSCACertificateFile

image/service/slapd/container-start.sh

@@ -9,6 +9,26 @@ chown -R openldap:openldap /etc/ldap
 # container first start
 if [ ! -e "$FIRST_START_DONE" ]; then
 
+  function get_base_dn(){
+    BASE_DN=""
+    IFS='.' read -ra BASE_DN_TABLE <<< "$LDAP_DOMAIN"
+    for i in "${BASE_DN_TABLE[@]}"; do
+      EXT="dc=$i,"
+      BASE_DN=$BASE_DN$EXT
+    done
+
+    BASE_DN=${BASE_DN::-1}
+  }
+
+  function is_new_schema(){
+    local COUNT=$(ldapsearch -Q -Y EXTERNAL -H ldapi:/// -b cn=schema,cn=config cn | grep -c $1)
+    if [ "$COUNT" -eq 0 ]; then
+      echo 1
+    else
+      echo 0
+    fi
+  }
+
   # database is uninitialized
   if [ -z "$(ls -A /var/lib/ldap)" ]; then
 
@@ -29,11 +49,22 @@ slapd slapd/dump_database select when needed
 EOF
 
     dpkg-reconfigure -f noninteractive slapd
-  fi
 
+    # start OpenLDAP
+    slapd -h "ldapi:///" -u openldap -g openldap
+
+    get_base_dn 
+    sed -i "s|dc=example,dc=org|$BASE_DN|g" /osixia/slapd/security.ldif
+
+    ldapmodify -Y EXTERNAL -Q -H ldapi:/// -f /osixia/slapd/security.ldif
+
+  else
+
+    # start OpenLDAP
+    slapd -h "ldapi:///" -u openldap -g openldap
+
+  fi
 
-  # start OpenLDAP
-  slapd -h "ldapi:///" -u openldap -g openldap
 
   # TLS config
   if [ "${USE_TLS,,}" == "true" ]; then
@@ -49,8 +80,7 @@ EOF
     sed -i "s,/osixia/slapd/ssl/ldap.crt,/osixia/slapd/ssl/${SSL_CRT_FILENAME},g" /osixia/slapd/tls.ldif
     sed -i "s,/osixia/slapd/ssl/ldap.key,/osixia/slapd/ssl/${SSL_KEY_FILENAME},g" /osixia/slapd/tls.ldif
 
-    # set tls config
-    ldapmodify -Y EXTERNAL -H ldapi:/// -f /osixia/slapd/tls.ldif -Q
+    ldapmodify -Y EXTERNAL -Q -H ldapi:/// -f /osixia/slapd/tls.ldif
 
     # add localhost route to certificate cn (need docker 1.5.0)
     cn=$(openssl x509 -in /osixia/slapd/ssl/$SSL_CRT_FILENAME -subject -noout | sed -n 's/.*CN=\(.*\)\/*\(.*\)/\1/p')
@@ -60,10 +90,37 @@ EOF
     sed -i "s,TLS_CACERT.*,TLS_CACERT /osixia/slapd/ssl/${SSL_CA_CRT_FILENAME},g" /etc/ldap/ldap.conf
   fi
 
+  # add ppolicy schema if not already exists
+  ADD_PPOLICY=$(is_new_schema ppolicy)
+  if [ "$ADD_PPOLICY" -eq 1 ]; then
+    ldapadd -c -Y EXTERNAL -Q -H ldapi:/// -f /etc/ldap/schema/ppolicy.ldif
+  fi
+
+  # convert  schemas to ldif
+  SCHEMAS=""
+  for f in $(find /osixia/slapd/schema -name \*.schema -type f); do
+    SCHEMAS="$SCHEMAS ${f}"
+  done
+  /osixia/slapd/schema-to-ldif.sh "$SCHEMAS"
+
+  for f in $(find /osixia/slapd/schema -name \*.ldif -type f); do
+    echo "Processing file ${f}"
+    # add schema if not already exists
+    SCHEMA=$(basename "${f}" .ldif)
+    ADD_SCHEMA=$(is_new_schema $SCHEMA)
+    if [ "$ADD_SCHEMA" -eq 1 ]; then
+      echo "add schema ${SCHEMA}"
+      ldapadd -c -Y EXTERNAL -Q -H ldapi:/// -f $f
+    else
+      echo "schema ${f} already exists"
+    fi
+
+  done
+
   # OpenLDAP config 
   for f in $(find /osixia/slapd/config -name \*.ldif -type f); do
-    status "Processing file ${f}"
-    ldapmodify -r -Y EXTERNAL -H ldapi:/// -f $f -Q
+    echo "Processing file ${f}"
+    ldapmodify -Y EXTERNAL -Q -H ldapi:/// -f $f
   done
 
   # stop OpenLDAP

test/config/cn=config.ldif

@@ -1,5 +1,5 @@
 # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
-# CRC32 e072c71d
+# CRC32 70d65a48
 dn: cn=config
 objectClass: olcGlobal
 cn: config
@@ -7,10 +7,10 @@ olcArgsFile: /var/run/slapd/slapd.args
 olcPidFile: /var/run/slapd/slapd.pid
 olcToolThreads: 1
 structuralObjectClass: olcGlobal
-entryUUID: db089696-51e1-1034-95ec-9d03bc6be361
+entryUUID: 1dcfba2a-8c54-1034-90f5-f5ce8ee3f703
 creatorsName: cn=config
-createTimestamp: 20150226090154Z
+createTimestamp: 20150511180556Z
 olcLogLevel: stats
-entryCSN: 20150303142212.168245Z#000000#000#000000
+entryCSN: 20150511180733.754309Z#000000#000#000000
 modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
-modifyTimestamp: 20150303142212Z
+modifyTimestamp: 20150511180733Z

test/config/cn=config/cn=module{0}.ldif

@@ -1,14 +1,14 @@
 # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
-# CRC32 d5bd456a
+# CRC32 293774ce
 dn: cn=module{0}
 objectClass: olcModuleList
 cn: module{0}
 olcModulePath: /usr/lib/ldap
 olcModuleLoad: {0}back_hdb
 structuralObjectClass: olcModuleList
-entryUUID: db093e98-51e1-1034-95f4-9d03bc6be361
+entryUUID: 1dd019de-8c54-1034-90fd-f5ce8ee3f703
 creatorsName: cn=config
-createTimestamp: 20150226090154Z
-entryCSN: 20150226090154.826169Z#000000#000#000000
+createTimestamp: 20150511180556Z
+entryCSN: 20150511180556.927297Z#000000#000#000000
 modifiersName: cn=config
-modifyTimestamp: 20150226090154Z
+modifyTimestamp: 20150511180556Z

test/config/cn=config/cn=schema.ldif

@@ -1,12 +1,12 @@
 # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
-# CRC32 deed6c98
+# CRC32 c62fefae
 dn: cn=schema
 objectClass: olcSchemaConfig
 cn: schema
 structuralObjectClass: olcSchemaConfig
-entryUUID: db08b2b6-51e1-1034-95ef-9d03bc6be361
+entryUUID: 1dcfc8b2-8c54-1034-90f8-f5ce8ee3f703
 creatorsName: cn=config
-createTimestamp: 20150226090154Z
-entryCSN: 20150226090154.822586Z#000000#000#000000
+createTimestamp: 20150511180556Z
+entryCSN: 20150511180556.925219Z#000000#000#000000
 modifiersName: cn=config
-modifyTimestamp: 20150226090154Z
+modifyTimestamp: 20150511180556Z

test/config/cn=config/cn=schema/cn={0}core.ldif

@@ -1,5 +1,5 @@
 # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
-# CRC32 f54534bb
+# CRC32 5b59ad61
 dn: cn={0}core
 objectClass: olcSchemaConfig
 cn: {0}core
@@ -235,9 +235,9 @@ olcObjectClasses: {25}( 1.3.6.1.4.1.1466.344 NAME 'dcObject' DESC 'RFC2247: do
 olcObjectClasses: {26}( 1.3.6.1.1.3.1 NAME 'uidObject' DESC 'RFC2377: uid obje
  ct' SUP top AUXILIARY MUST uid )
 structuralObjectClass: olcSchemaConfig
-entryUUID: db08c7ba-51e1-1034-95f0-9d03bc6be361
+entryUUID: 1dcfd1cc-8c54-1034-90f9-f5ce8ee3f703
 creatorsName: cn=config
-createTimestamp: 20150226090154Z
-entryCSN: 20150226090154.823123Z#000000#000#000000
+createTimestamp: 20150511180556Z
+entryCSN: 20150511180556.925451Z#000000#000#000000
 modifiersName: cn=config
-modifyTimestamp: 20150226090154Z
+modifyTimestamp: 20150511180556Z

test/config/cn=config/cn=schema/cn={10}radius.ldif

@@ -0,0 +1,213 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 64b035b5
+dn: cn={10}radius
+objectClass: olcSchemaConfig
+cn: {10}radius
+olcAttributeTypes: {0}( 1.3.6.1.4.1.3317.4.3.1.1 NAME 'radiusArapFeatures' DES
+ C '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-
+ VALUE )
+olcAttributeTypes: {1}( 1.3.6.1.4.1.3317.4.3.1.2 NAME 'radiusArapSecurity' DES
+ C '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-
+ VALUE )
+olcAttributeTypes: {2}( 1.3.6.1.4.1.3317.4.3.1.3 NAME 'radiusArapZoneAccess' D
+ ESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGL
+ E-VALUE )
+olcAttributeTypes: {3}( 1.3.6.1.4.1.3317.4.3.1.44 NAME 'radiusAuthType' DESC '
+ checkItem: Auth-Type' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115
+ .121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {4}( 1.3.6.1.4.1.3317.4.3.1.4 NAME 'radiusCallbackId' DESC 
+ 'replyItem: Callback-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.
+ 115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {5}( 1.3.6.1.4.1.3317.4.3.1.5 NAME 'radiusCallbackNumber' D
+ ESC 'replyItem: Callback-Number' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4
+ .1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {6}( 1.3.6.1.4.1.3317.4.3.1.6 NAME 'radiusCalledStationId' 
+ DESC 'checkItem: Called-Station-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.
+ 1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {7}( 1.3.6.1.4.1.3317.4.3.1.7 NAME 'radiusCallingStationId'
+  DESC 'checkItem: Calling-Station-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.
+ 6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {8}( 1.3.6.1.4.1.3317.4.3.1.8 NAME 'radiusClass' DESC 'repl
+ yItem: Class' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.2
+ 6 )
+olcAttributeTypes: {9}( 1.3.6.1.4.1.3317.4.3.1.45 NAME 'radiusClientIPAddress'
+  DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SIN
+ GLE-VALUE )
+olcAttributeTypes: {10}( 1.3.6.1.4.1.3317.4.3.1.9 NAME 'radiusFilterId' DESC '
+ replyItem: Filter-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115
+ .121.1.26 )
+olcAttributeTypes: {11}( 1.3.6.1.4.1.3317.4.3.1.10 NAME 'radiusFramedAppleTalk
+ Link' DESC 'replyItem: Framed-AppleTalk-Link' EQUALITY caseIgnoreIA5Match SYN
+ TAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {12}( 1.3.6.1.4.1.3317.4.3.1.11 NAME 'radiusFramedAppleTalk
+ Network' DESC 'replyItem: Framed-AppleTalk-Network' EQUALITY caseIgnoreIA5Mat
+ ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {13}( 1.3.6.1.4.1.3317.4.3.1.12 NAME 'radiusFramedAppleTalk
+ Zone' DESC 'replyItem: Framed-AppleTalk-Zone' EQUALITY caseIgnoreIA5Match SYN
+ TAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {14}( 1.3.6.1.4.1.3317.4.3.1.13 NAME 'radiusFramedCompressi
+ on' DESC 'replyItem: Framed-Compression' EQUALITY caseIgnoreIA5Match SYNTAX 1
+ .3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {15}( 1.3.6.1.4.1.3317.4.3.1.14 NAME 'radiusFramedIPAddress
+ ' DESC 'replyItem: Framed-IP-Address' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.
+ 6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {16}( 1.3.6.1.4.1.3317.4.3.1.15 NAME 'radiusFramedIPNetmask
+ ' DESC 'replyItem: Framed-IP-Netmask' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.
+ 6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {17}( 1.3.6.1.4.1.3317.4.3.1.16 NAME 'radiusFramedIPXNetwor
+ k' DESC 'replyItem: Framed-IPX-Network' EQUALITY caseIgnoreIA5Match SYNTAX 1.
+ 3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {18}( 1.3.6.1.4.1.3317.4.3.1.17 NAME 'radiusFramedMTU' DESC
+  'replyItem: Framed-MTU' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.
+ 115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {19}( 1.3.6.1.4.1.3317.4.3.1.18 NAME 'radiusFramedProtocol'
+  DESC 'replyItem: Framed-Protocol' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1
+ .4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {20}( 1.3.6.1.4.1.3317.4.3.1.19 NAME 'radiusFramedRoute' DE
+ SC 'replyItem: Framed-Route' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1
+ 466.115.121.1.26 )
+olcAttributeTypes: {21}( 1.3.6.1.4.1.3317.4.3.1.20 NAME 'radiusFramedRouting' 
+ DESC 'replyItem: Framed-Routing' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4
+ .1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {22}( 1.3.6.1.4.1.3317.4.3.1.46 NAME 'radiusGroupName' DESC
+  '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {23}( 1.3.6.1.4.1.3317.4.3.1.47 NAME 'radiusHint' DESC '' E
+ QUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE 
+ )
+olcAttributeTypes: {24}( 1.3.6.1.4.1.3317.4.3.1.48 NAME 'radiusHuntgroupName' 
+ DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {25}( 1.3.6.1.4.1.3317.4.3.1.21 NAME 'radiusIdleTimeout' DE
+ SC 'replyItem: Idle-Timeout' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1
+ 466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {26}( 1.3.6.1.4.1.3317.4.3.1.22 NAME 'radiusLoginIPHost' DE
+ SC 'replyItem: Login-IP-Host' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.
+ 1466.115.121.1.26 )
+olcAttributeTypes: {27}( 1.3.6.1.4.1.3317.4.3.1.23 NAME 'radiusLoginLATGroup' 
+ DESC 'replyItem: Login-LAT-Group' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.
+ 4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {28}( 1.3.6.1.4.1.3317.4.3.1.24 NAME 'radiusLoginLATNode' D
+ ESC 'replyItem: Login-LAT-Node' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.
+ 1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {29}( 1.3.6.1.4.1.3317.4.3.1.25 NAME 'radiusLoginLATPort' D
+ ESC 'replyItem: Login-LAT-Port' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.
+ 1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {30}( 1.3.6.1.4.1.3317.4.3.1.26 NAME 'radiusLoginLATService
+ ' DESC 'replyItem: Login-LAT-Service' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.
+ 6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {31}( 1.3.6.1.4.1.3317.4.3.1.27 NAME 'radiusLoginService' D
+ ESC 'replyItem: Login-Service' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1
+ .1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {32}( 1.3.6.1.4.1.3317.4.3.1.28 NAME 'radiusLoginTCPPort' D
+ ESC 'replyItem: Login-TCP-Port' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.
+ 1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {33}( 1.3.6.1.4.1.3317.4.3.1.29 NAME 'radiusPasswordRetry' 
+ DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SING
+ LE-VALUE )
+olcAttributeTypes: {34}( 1.3.6.1.4.1.3317.4.3.1.30 NAME 'radiusPortLimit' DESC
+  'replyItem: Port-Limit' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.
+ 115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {35}( 1.3.6.1.4.1.3317.4.3.1.49 NAME 'radiusProfileDn' DESC
+  '' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SING
+ LE-VALUE )
+olcAttributeTypes: {36}( 1.3.6.1.4.1.3317.4.3.1.31 NAME 'radiusPrompt' DESC ''
+  EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALU
+ E )
+olcAttributeTypes: {37}( 1.3.6.1.4.1.3317.4.3.1.50 NAME 'radiusProxyToRealm' D
+ ESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGL
+ E-VALUE )
+olcAttributeTypes: {38}( 1.3.6.1.4.1.3317.4.3.1.51 NAME 'radiusReplicateToReal
+ m' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 S
+ INGLE-VALUE )
+olcAttributeTypes: {39}( 1.3.6.1.4.1.3317.4.3.1.52 NAME 'radiusRealm' DESC '' 
+ EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE
+  )
+olcAttributeTypes: {40}( 1.3.6.1.4.1.3317.4.3.1.32 NAME 'radiusServiceType' DE
+ SC 'replyItem: Service-Type' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1
+ 466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {41}( 1.3.6.1.4.1.3317.4.3.1.33 NAME 'radiusSessionTimeout'
+  DESC 'replyItem: Session-Timeout' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1
+ .4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {42}( 1.3.6.1.4.1.3317.4.3.1.34 NAME 'radiusTerminationActi
+ on' DESC 'replyItem: Termination-Action' EQUALITY caseIgnoreIA5Match SYNTAX 1
+ .3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {43}( 1.3.6.1.4.1.3317.4.3.1.35 NAME 'radiusTunnelAssignmen
+ tId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  )
+olcAttributeTypes: {44}( 1.3.6.1.4.1.3317.4.3.1.36 NAME 'radiusTunnelMediumTyp
+ e' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {45}( 1.3.6.1.4.1.3317.4.3.1.37 NAME 'radiusTunnelPassword'
+  DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SIN
+ GLE-VALUE )
+olcAttributeTypes: {46}( 1.3.6.1.4.1.3317.4.3.1.38 NAME 'radiusTunnelPreferenc
+ e' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {47}( 1.3.6.1.4.1.3317.4.3.1.39 NAME 'radiusTunnelPrivateGr
+ oupId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.
+ 26 )
+olcAttributeTypes: {48}( 1.3.6.1.4.1.3317.4.3.1.40 NAME 'radiusTunnelServerEnd
+ point' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.
+ 26 )
+olcAttributeTypes: {49}( 1.3.6.1.4.1.3317.4.3.1.41 NAME 'radiusTunnelType' DES
+ C '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {50}( 1.3.6.1.4.1.3317.4.3.1.42 NAME 'radiusVSA' DESC '' EQ
+ UALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {51}( 1.3.6.1.4.1.3317.4.3.1.43 NAME 'radiusTunnelClientEnd
+ point' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.
+ 26 )
+olcAttributeTypes: {52}( 1.3.6.1.4.1.3317.4.3.1.53 NAME 'radiusSimultaneousUse
+ ' DESC 'checkItem: Simultaneous-Use' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SIN
+ GLE-VALUE )
+olcAttributeTypes: {53}( 1.3.6.1.4.1.3317.4.3.1.54 NAME 'radiusLoginTime' DESC
+  '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-V
+ ALUE )
+olcAttributeTypes: {54}( 1.3.6.1.4.1.3317.4.3.1.55 NAME 'radiusUserCategory' D
+ ESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGL
+ E-VALUE )
+olcAttributeTypes: {55}( 1.3.6.1.4.1.3317.4.3.1.56 NAME 'radiusStripUserName' 
+ DESC '' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {56}( 1.3.6.1.4.1.3317.4.3.1.57 NAME 'dialupAccess' DESC ''
+  EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALU
+ E )
+olcAttributeTypes: {57}( 1.3.6.1.4.1.3317.4.3.1.58 NAME 'radiusExpiration' DES
+ C 'checkItem: Expiration' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466
+ .115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {58}( 1.3.6.1.4.1.3317.4.3.1.59 NAME 'radiusCheckItem' DESC
+  'checkItem: $GENERIC$' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.1
+ 15.121.1.26 )
+olcAttributeTypes: {59}( 1.3.6.1.4.1.3317.4.3.1.60 NAME 'radiusReplyItem' DESC
+  'replyItem: $GENERIC$' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.1
+ 15.121.1.26 )
+olcAttributeTypes: {60}( 1.3.6.1.4.1.3317.4.3.1.61 NAME 'radiusNASIpAddress' D
+ ESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGL
+ E-VALUE )
+olcAttributeTypes: {61}( 1.3.6.1.4.1.3317.4.3.1.62 NAME 'radiusReplyMessage' D
+ ESC 'replyItem: Reply-Message' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1
+ .1466.115.121.1.26 )
+olcObjectClasses: {0}( 1.3.6.1.4.1.3317.4.3.2.1 NAME 'radiusprofile' DESC '' S
+ UP top AUXILIARY MUST cn MAY ( radiusArapFeatures $ radiusArapSecurity $ radi
+ usArapZoneAccess $ radiusAuthType $ radiusCallbackId $ radiusCallbackNumber $
+  radiusCalledStationId $ radiusCallingStationId $ radiusClass $ radiusClientI
+ PAddress $ radiusFilterId $ radiusFramedAppleTalkLink $ radiusFramedAppleTalk
+ Network $ radiusFramedAppleTalkZone $ radiusFramedCompression $ radiusFramedI
+ PAddress $ radiusFramedIPNetmask $ radiusFramedIPXNetwork $ radiusFramedMTU $
+  radiusFramedProtocol $ radiusCheckItem $ radiusReplyItem $ radiusFramedRoute
+  $ radiusFramedRouting $ radiusIdleTimeout $ radiusGroupName $ radiusHint $ r
+ adiusHuntgroupName $ radiusLoginIPHost $ radiusLoginLATGroup $ radiusLoginLAT
+ Node $ radiusLoginLATPort $ radiusLoginLATService $ radiusLoginService $ radi
+ usLoginTCPPort $ radiusLoginTime $ radiusPasswordRetry $ radiusPortLimit $ ra
+ diusPrompt $ radiusProxyToRealm $ radiusRealm $ radiusReplicateToRealm $ radi
+ usServiceType $ radiusSessionTimeout $ radiusStripUserName $ radiusTerminatio
+ nAction $ radiusTunnelClientEndpoint $ radiusProfileDn $ radiusSimultaneousUs
+ e $ radiusTunnelAssignmentId $ radiusTunnelMediumType $ radiusTunnelPassword 
+ $ radiusTunnelPreference $ radiusTunnelPrivateGroupId $ radiusTunnelServerEnd
+ point $ radiusTunnelType $ radiusUserCategory $ radiusVSA $ radiusExpiration 
+ $ dialupAccess $ radiusNASIpAddress $ radiusReplyMessage ) )
+olcObjectClasses: {1}( 1.3.6.1.4.1.3317.4.3.2.2 NAME 'radiusObjectProfile' DES
+ C 'A Container Objectclass to be used for creating radius profile object' SUP
+  top STRUCTURAL MUST cn MAY ( uid $ userPassword $ description ) )
+structuralObjectClass: olcSchemaConfig
+entryUUID: 1e48c0be-8c54-1034-9815-2f3e74c83a84
+creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
+createTimestamp: 20150511180557Z
+entryCSN: 20150511180557.717999Z#000000#000#000000
+modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
+modifyTimestamp: 20150511180557Z

test/config/cn=config/cn=schema/cn={11}quota.ldif

@@ -0,0 +1,23 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 75183a81
+dn: cn={11}quota
+objectClass: olcSchemaConfig
+cn: {11}quota
+olcAttributeTypes: {0}( 1.3.6.1.4.1.19937.1.1.1 NAME 'quota' DESC 'Quotas (Fil
+ eSystem:BlocksSoft,BlocksHard,InodesSoft,InodesHard)' EQUALITY caseIgnoreIA5M
+ atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} )
+olcAttributeTypes: {1}( 1.3.6.1.4.1.19937.1.1.2 NAME 'networkquota' DESC 'Netw
+ ork Quotas (network,protocol,bytes)' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6
+ .1.4.1.1466.115.121.1.26{255} )
+olcObjectClasses: {0}( 1.3.6.1.4.1.19937.1.2.1 NAME 'systemQuotas' DESC 'Syste
+ m Quotas' SUP posixAccount AUXILIARY MUST uid MAY ( quota $ networkquota ) )
+olcObjectClasses: {1}( 1.3.6.1.4.1.19937.1.2.2 NAME 'defaultQuotas' DESC 'Quot
+ a defaults to apply to members of a group' SUP top AUXILIARY MUST cn MAY ( qu
+ ota $ networkquota ) )
+structuralObjectClass: olcSchemaConfig
+entryUUID: 1e4a04d8-8c54-1034-9816-2f3e74c83a84
+creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
+createTimestamp: 20150511180557Z
+entryCSN: 20150511180557.726296Z#000000#000#000000
+modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
+modifyTimestamp: 20150511180557Z

test/config/cn=config/cn=schema/cn={12}dnszone.ldif

@@ -0,0 +1,92 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 094bad5a
+dn: cn={12}dnszone
+objectClass: olcSchemaConfig
+cn: {12}dnszone
+olcAttributeTypes: {0}( 1.3.6.1.4.1.2428.20.0.0 NAME 'dNSTTL' DESC 'An integer
+  denoting time to live' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121
+ .1.27 )
+olcAttributeTypes: {1}( 1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass' DESC 'The clas
+ s of a resource record' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.1
+ 15.121.1.26 )
+olcAttributeTypes: {2}( 1.3.6.1.4.1.2428.20.0.2 NAME 'zoneName' DESC 'The name
+  of a zone, i.e. the name of the highest node in the zone' EQUALITY caseIgnor
+ eIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121
+ .1.26 )
+olcAttributeTypes: {3}( 1.3.6.1.4.1.2428.20.0.3 NAME 'relativeDomainName' DESC
+  'The starting labels of a domain name' EQUALITY caseIgnoreIA5Match SUBSTR ca
+ seIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {4}( 1.3.6.1.4.1.2428.20.1.12 NAME 'pTRRecord' DESC 'domain
+  name pointer, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subs
+ tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {5}( 1.3.6.1.4.1.2428.20.1.13 NAME 'hInfoRecord' DESC 'host
+  information, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Subst
+ ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {6}( 1.3.6.1.4.1.2428.20.1.14 NAME 'mInfoRecord' DESC 'mail
+ box or mail list information, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR ca
+ seIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {7}( 1.3.6.1.4.1.2428.20.1.16 NAME 'tXTRecord' DESC 'text s
+ tring, RFC 1035' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMa
+ tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {8}( 1.3.6.1.4.1.2428.20.1.18 NAME 'aFSDBRecord' DESC 'for 
+ AFS Data Base location, RFC 1183' EQUALITY caseIgnoreIA5Match SUBSTR caseIgno
+ reIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {9}( 1.3.6.1.4.1.2428.20.1.24 NAME 'SigRecord' DESC 'Signat
+ ure, RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc
+ h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {10}( 1.3.6.1.4.1.2428.20.1.25 NAME 'KeyRecord' DESC 'Key, 
+ RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYN
+ TAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {11}( 1.3.6.1.4.1.2428.20.1.28 NAME 'aAAARecord' DESC 'IPv6
+  address, RFC 1886' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substring
+ sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {12}( 1.3.6.1.4.1.2428.20.1.29 NAME 'LocRecord' DESC 'Locat
+ ion, RFC 1876' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc
+ h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {13}( 1.3.6.1.4.1.2428.20.1.30 NAME 'nXTRecord' DESC 'non-e
+ xistant, RFC 2535' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrings
+ Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {14}( 1.3.6.1.4.1.2428.20.1.33 NAME 'sRVRecord' DESC 'servi
+ ce location, RFC 2782' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substr
+ ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {15}( 1.3.6.1.4.1.2428.20.1.35 NAME 'nAPTRRecord' DESC 'Nam
+ ing Authority Pointer, RFC 2915' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnor
+ eIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {16}( 1.3.6.1.4.1.2428.20.1.36 NAME 'kXRecord' DESC 'Key Ex
+ change Delegation, RFC 2230' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5
+ SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {17}( 1.3.6.1.4.1.2428.20.1.37 NAME 'certRecord' DESC 'cert
+ ificate, RFC 2538' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substrings
+ Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {18}( 1.3.6.1.4.1.2428.20.1.38 NAME 'a6Record' DESC 'A6 Rec
+ ord Type, RFC 2874' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substring
+ sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {19}( 1.3.6.1.4.1.2428.20.1.39 NAME 'dNameRecord' DESC 'Non
+ -Terminal DNS Name Redirection, RFC 2672' EQUALITY caseIgnoreIA5Match SUBSTR 
+ caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {20}( 1.3.6.1.4.1.2428.20.1.43 NAME 'dSRecord' DESC 'Delega
+ tion Signer, RFC 3658' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5Substr
+ ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {21}( 1.3.6.1.4.1.2428.20.1.44 NAME 'sSHFPRecord' DESC 'SSH
+  Key Fingerprint, draft-ietf-secsh-dns-05.txt' EQUALITY caseIgnoreIA5Match SU
+ BSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {22}( 1.3.6.1.4.1.2428.20.1.46 NAME 'rRSIGRecord' DESC 'RRS
+ IG, RFC 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {23}( 1.3.6.1.4.1.2428.20.1.47 NAME 'nSECRecord' DESC 'NSEC
+ , RFC 3755' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch S
+ YNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcObjectClasses: {0}( 1.3.6.1.4.1.2428.20.3 NAME 'dNSZone' SUP top STRUCTURAL
+  MUST ( zoneName $ relativeDomainName ) MAY ( DNSTTL $ DNSClass $ ARecord $ M
+ DRecord $ MXRecord $ NSRecord $ SOARecord $ CNAMERecord $ PTRRecord $ HINFORe
+ cord $ MINFORecord $ TXTRecord $ AFSDBRecord $ SIGRecord $ KEYRecord $ AAAARe
+ cord $ LOCRecord $ NXTRecord $ SRVRecord $ NAPTRRecord $ KXRecord $ CERTRecor
+ d $ A6Record $ DNAMERecord $ DSRecord $ SSHFPRecord $ RRSIGRecord $ NSECRecor
+ d ) )
+structuralObjectClass: olcSchemaConfig
+entryUUID: 1e4b395c-8c54-1034-9817-2f3e74c83a84
+creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
+createTimestamp: 20150511180557Z
+entryCSN: 20150511180557.734194Z#000000#000#000000
+modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
+modifyTimestamp: 20150511180557Z

test/config/cn=config/cn=schema/cn={13}mmc.ldif

@@ -0,0 +1,25 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 ab1eec7a
+dn: cn={13}mmc
+objectClass: olcSchemaConfig
+cn: {13}mmc
+olcAttributeTypes: {0}( 1.3.6.1.4.1.40098.1.1.12.1 NAME 'lmcACL' DESC 'LMC acl
+  entry' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.
+ 6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: {1}( 1.3.6.1.4.1.40098.1.1.12.2 NAME 'lmcPrefMode' DESC 'LM
+ C user preferences' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: {2}( 1.3.6.1.4.1.40098.1.1.12.3 NAME 'lmcPrinterAllowed' DE
+ SC 'LMC a printer where the user has the rights to print' EQUALITY caseIgnore
+ IA5Match SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.2
+ 6 )
+olcObjectClasses: {0}( 1.3.6.1.4.1.40098.1.2.1.19.1 NAME 'lmcUserObject' DESC 
+ 'Objectclass for LMC user settings ' AUXILIARY MAY ( lmcACL $ lmcPrefMode $ l
+ mcPrinterAllowed ) )
+structuralObjectClass: olcSchemaConfig
+entryUUID: 1e4cd546-8c54-1034-9818-2f3e74c83a84
+creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
+createTimestamp: 20150511180557Z
+entryCSN: 20150511180557.744737Z#000000#000#000000
+modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
+modifyTimestamp: 20150511180557Z

test/config/cn=config/cn=schema/cn={1}cosine.ldif

@@ -1,5 +1,5 @@
 # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
-# CRC32 798d0f53
+# CRC32 d740867f
 dn: cn={1}cosine
 objectClass: olcSchemaConfig
 cn: {1}cosine
@@ -169,9 +169,9 @@ olcObjectClasses: {12}( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData'
  SUP top AUXILIARY MUST dsaQuality MAY ( subtreeMinimumQuality $ subtreeMaximu
  mQuality ) )
 structuralObjectClass: olcSchemaConfig
-entryUUID: db090c34-51e1-1034-95f1-9d03bc6be361
+entryUUID: 1dcfeff4-8c54-1034-90fa-f5ce8ee3f703
 creatorsName: cn=config
-createTimestamp: 20150226090154Z
-entryCSN: 20150226090154.824875Z#000000#000#000000
+createTimestamp: 20150511180556Z
+entryCSN: 20150511180556.926224Z#000000#000#000000
 modifiersName: cn=config
-modifyTimestamp: 20150226090154Z
+modifyTimestamp: 20150511180556Z

test/config/cn=config/cn=schema/cn={2}nis.ldif

@@ -1,5 +1,5 @@
 # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
-# CRC32 b5000483
+# CRC32 28a1d01d
 dn: cn={2}nis
 objectClass: olcSchemaConfig
 cn: {2}nis
@@ -98,9 +98,9 @@ olcObjectClasses: {11}( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'A device w
 olcObjectClasses: {12}( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'A device 
  with boot parameters' SUP top AUXILIARY MAY ( bootFile $ bootParameter ) )
 structuralObjectClass: olcSchemaConfig
-entryUUID: db09273c-51e1-1034-95f2-9d03bc6be361
+entryUUID: 1dd0050c-8c54-1034-90fb-f5ce8ee3f703
 creatorsName: cn=config
-createTimestamp: 20150226090154Z
-entryCSN: 20150226090154.825570Z#000000#000#000000
+createTimestamp: 20150511180556Z
+entryCSN: 20150511180556.926764Z#000000#000#000000
 modifiersName: cn=config
-modifyTimestamp: 20150226090154Z
+modifyTimestamp: 20150511180556Z

test/config/cn=config/cn=schema/cn={3}inetorgperson.ldif

@@ -1,5 +1,5 @@
 # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
-# CRC32 bf5eae1c
+# CRC32 5354e786
 dn: cn={3}inetorgperson
 objectClass: olcSchemaConfig
 cn: {3}inetorgperson
@@ -40,9 +40,9 @@ olcObjectClasses: {0}( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RFC2
  $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ pre
  ferredLanguage $ userSMIMECertificate $ userPKCS12 ) )
 structuralObjectClass: olcSchemaConfig
-entryUUID: db093722-51e1-1034-95f3-9d03bc6be361
+entryUUID: 1dd01362-8c54-1034-90fc-f5ce8ee3f703
 creatorsName: cn=config
-createTimestamp: 20150226090154Z
-entryCSN: 20150226090154.825977Z#000000#000#000000
+createTimestamp: 20150511180556Z
+entryCSN: 20150511180556.927130Z#000000#000#000000
 modifiersName: cn=config
-modifyTimestamp: 20150226090154Z
+modifyTimestamp: 20150511180556Z

test/config/cn=config/cn=schema/cn={4}ppolicy.ldif

@@ -0,0 +1,53 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 77e3a190
+dn: cn={4}ppolicy
+objectClass: olcSchemaConfig
+cn: {4}ppolicy
+olcAttributeTypes: {0}( 1.3.6.1.4.1.42.2.27.8.1.1 NAME 'pwdAttribute' EQUALITY
+  objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+olcAttributeTypes: {1}( 1.3.6.1.4.1.42.2.27.8.1.2 NAME 'pwdMinAge' EQUALITY in
+ tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {2}( 1.3.6.1.4.1.42.2.27.8.1.3 NAME 'pwdMaxAge' EQUALITY in
+ tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {3}( 1.3.6.1.4.1.42.2.27.8.1.4 NAME 'pwdInHistory' EQUALITY
+  integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {4}( 1.3.6.1.4.1.42.2.27.8.1.5 NAME 'pwdCheckQuality' EQUAL
+ ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {5}( 1.3.6.1.4.1.42.2.27.8.1.6 NAME 'pwdMinLength' EQUALITY
+  integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {6}( 1.3.6.1.4.1.42.2.27.8.1.7 NAME 'pwdExpireWarning' EQUA
+ LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {7}( 1.3.6.1.4.1.42.2.27.8.1.8 NAME 'pwdGraceAuthNLimit' EQ
+ UALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {8}( 1.3.6.1.4.1.42.2.27.8.1.9 NAME 'pwdLockout' EQUALITY b
+ ooleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {9}( 1.3.6.1.4.1.42.2.27.8.1.10 NAME 'pwdLockoutDuration' E
+ QUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {10}( 1.3.6.1.4.1.42.2.27.8.1.11 NAME 'pwdMaxFailure' EQUAL
+ ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {11}( 1.3.6.1.4.1.42.2.27.8.1.12 NAME 'pwdFailureCountInter
+ val' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE 
+ )
+olcAttributeTypes: {12}( 1.3.6.1.4.1.42.2.27.8.1.13 NAME 'pwdMustChange' EQUAL
+ ITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {13}( 1.3.6.1.4.1.42.2.27.8.1.14 NAME 'pwdAllowUserChange' 
+ EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {14}( 1.3.6.1.4.1.42.2.27.8.1.15 NAME 'pwdSafeModify' EQUAL
+ ITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {15}( 1.3.6.1.4.1.4754.1.99.1 NAME 'pwdCheckModule' DESC 'L
+ oadable module that instantiates "check_password() function' EQUALITY caseExa
+ ctIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcObjectClasses: {0}( 1.3.6.1.4.1.4754.2.99.1 NAME 'pwdPolicyChecker' SUP top
+  AUXILIARY MAY pwdCheckModule )
+olcObjectClasses: {1}( 1.3.6.1.4.1.42.2.27.8.2.1 NAME 'pwdPolicy' SUP top AUXI
+ LIARY MUST pwdAttribute MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $ pwdCheck
+ Quality $ pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout $
+  pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $ pwdMustChange
+  $ pwdAllowUserChange $ pwdSafeModify ) )
+structuralObjectClass: olcSchemaConfig
+entryUUID: 1e281846-8c54-1034-980f-2f3e74c83a84
+creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
+createTimestamp: 20150511180557Z
+entryCSN: 20150511180557.503971Z#000000#000#000000
+modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
+modifyTimestamp: 20150511180557Z

test/config/cn=config/cn=schema/cn={5}dhcp.ldif

@@ -0,0 +1,327 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 7e6e0285
+dn: cn={5}dhcp
+objectClass: olcSchemaConfig
+cn: {5}dhcp
+olcAttributeTypes: {0}( 2.16.840.1.113719.1.203.4.1 NAME 'dhcpPrimaryDN' DESC 
+ 'The DN of the dhcpServer which is the primary server for the configuration.'
+  EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-
+ VALUE )
+olcAttributeTypes: {1}( 2.16.840.1.113719.1.203.4.2 NAME 'dhcpSecondaryDN' DES
+ C 'The DN of dhcpServer(s) which provide backup service for the configuration
+ .' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+olcAttributeTypes: {2}( 2.16.840.1.113719.1.203.4.3 NAME 'dhcpStatements' DESC
+  'Flexible storage for specific data depending on what object this exists in.
+  Like conditional statements, server parameters, etc. This allows the standar
+ d to evolve without needing to adjust the schema.' EQUALITY caseIgnoreIA5Matc
+ h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {3}( 2.16.840.1.113719.1.203.4.4 NAME 'dhcpRange' DESC 'The
+  starting & ending IP Addresses in the range (inclusive), separated by a hyph
+ en; if the range only contains one address, then just the address can be spec
+ ified with no hyphen.  Each range is defined as a separate value.' EQUALITY c
+ aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {4}( 2.16.840.1.113719.1.203.4.5 NAME 'dhcpPermitList' DESC
+  'This attribute contains the permit lists associated with a pool. Each permi
+ t list is defined as a separate value.' EQUALITY caseIgnoreIA5Match SYNTAX 1.
+ 3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {5}( 2.16.840.1.113719.1.203.4.6 NAME 'dhcpNetMask' DESC 'T
+ he subnet mask length for the subnet.  The mask can be easily computed from t
+ his length.' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGL
+ E-VALUE )
+olcAttributeTypes: {6}( 2.16.840.1.113719.1.203.4.7 NAME 'dhcpOption' DESC 'En
+ coded option values to be sent to clients.  Each value represents a single op
+ tion and contains (OptionTag, Length, OptionValue) encoded in the format used
+  by DHCP.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {7}( 2.16.840.1.113719.1.203.4.8 NAME 'dhcpClassData' DESC 
+ 'Encoded text string or list of bytes expressed in hexadecimal, separated by 
+ colons.  Clients match subclasses based on matching the class data with the r
+ esults of match or spawn with statements in the class name declarations.' EQU
+ ALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {8}( 2.16.840.1.113719.1.203.4.9 NAME 'dhcpOptionsDN' DESC 
+ 'The distinguished name(s) of the dhcpOption objects containing the configura
+ tion options provided by the server.' EQUALITY distinguishedNameMatch SYNTAX 
+ 1.3.6.1.4.1.1466.115.121.1.12 )
+olcAttributeTypes: {9}( 2.16.840.1.113719.1.203.4.10 NAME 'dhcpHostDN' DESC 't
+ he distinguished name(s) of the dhcpHost objects.' EQUALITY distinguishedName
+ Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+olcAttributeTypes: {10}( 2.16.840.1.113719.1.203.4.11 NAME 'dhcpPoolDN' DESC '
+ The distinguished name(s) of pools.' EQUALITY distinguishedNameMatch SYNTAX 1
+ .3.6.1.4.1.1466.115.121.1.12 )
+olcAttributeTypes: {11}( 2.16.840.1.113719.1.203.4.12 NAME 'dhcpGroupDN' DESC 
+ 'The distinguished name(s)   of the groups.' EQUALITY distinguishedNameMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+olcAttributeTypes: {12}( 2.16.840.1.113719.1.203.4.13 NAME 'dhcpSubnetDN' DESC
+  'The distinguished name(s) of the subnets.' EQUALITY distinguishedNameMatch 
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+olcAttributeTypes: {13}( 2.16.840.1.113719.1.203.4.14 NAME 'dhcpLeaseDN' DESC 
+ 'The distinguished name of a client address.' EQUALITY distinguishedNameMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+olcAttributeTypes: {14}( 2.16.840.1.113719.1.203.4.15 NAME 'dhcpLeasesDN' DESC
+  'The distinguished name(s) client addresses.' EQUALITY distinguishedNameMatc
+ h SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+olcAttributeTypes: {15}( 2.16.840.1.113719.1.203.4.16 NAME 'dhcpClassesDN' DES
+ C 'The distinguished name(s) of a class(es) in a subclass.' EQUALITY distingu
+ ishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+olcAttributeTypes: {16}( 2.16.840.1.113719.1.203.4.17 NAME 'dhcpSubclassesDN' 
+ DESC 'The distinguished name(s) of subclass(es).' EQUALITY distinguishedNameM
+ atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+olcAttributeTypes: {17}( 2.16.840.1.113719.1.203.4.18 NAME 'dhcpSharedNetworkD
+ N' DESC 'The distinguished name(s) of sharedNetworks.' EQUALITY distinguished
+ NameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+olcAttributeTypes: {18}( 2.16.840.1.113719.1.203.4.19 NAME 'dhcpServiceDN' DES
+ C 'The DN of dhcpService object(s)which contain the configuration information
+ . Each dhcpServer object has this attribute identifying the DHCP configuratio
+ n(s) that the server is associated with.' EQUALITY distinguishedNameMatch SYN
+ TAX 1.3.6.1.4.1.1466.115.121.1.12 )
+olcAttributeTypes: {19}( 2.16.840.1.113719.1.203.4.20 NAME 'dhcpVersion' DESC 
+ 'The version attribute of this object.' EQUALITY caseIgnoreIA5Match SYNTAX 1.
+ 3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {20}( 2.16.840.1.113719.1.203.4.21 NAME 'dhcpImplementation
+ ' DESC 'Description of the DHCP Server implementation e.g. DHCP Servers vendo
+ r.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-V
+ ALUE )
+olcAttributeTypes: {21}( 2.16.840.1.113719.1.203.4.22 NAME 'dhcpAddressState' 
+ DESC 'This stores information about the current binding-status of an address.
+   For dynamic addresses managed by DHCP, the values should be restricted to t
+ he following: "FREE", "ACTIVE", "EXPIRED", "RELEASED", "RESET", "ABANDONED", 
+ "BACKUP".  For other addresses, it SHOULD be one of the following: "UNKNOWN",
+  "RESERVED" (an address that is managed by DHCP that is reserved for a specif
+ ic client), "RESERVED-ACTIVE" (same as reserved, but address is currently in 
+ use), "ASSIGNED" (assigned manually or by some other mechanism), "UNASSIGNED"
+ , "NOTASSIGNABLE".' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1
+ 21.1.26 SINGLE-VALUE )
+olcAttributeTypes: {22}( 2.16.840.1.113719.1.203.4.23 NAME 'dhcpExpirationTime
+ ' DESC 'This is the time the current lease for an address expires.' EQUALITY 
+ generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
+olcAttributeTypes: {23}( 2.16.840.1.113719.1.203.4.24 NAME 'dhcpStartTimeOfSta
+ te' DESC 'This is the time of the last state change for a leased address.' EQ
+ UALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE
+  )
+olcAttributeTypes: {24}( 2.16.840.1.113719.1.203.4.25 NAME 'dhcpLastTransactio
+ nTime' DESC 'This is the last time a valid DHCP packet was received from the 
+ client.' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 S
+ INGLE-VALUE )
+olcAttributeTypes: {25}( 2.16.840.1.113719.1.203.4.26 NAME 'dhcpBootpFlag' DES
+ C 'This indicates whether the address was assigned via BOOTP.' EQUALITY boole
+ anMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+olcAttributeTypes: {26}( 2.16.840.1.113719.1.203.4.27 NAME 'dhcpDomainName' DE
+ SC 'This is the name of the domain sent to the client by the server.  It is e
+ ssentially the same as the value for DHCP option 15 sent to the client, and r
+ epresents only the domain - not the full FQDN.  To obtain the full FQDN assig
+ ned to the client you must prepend the "dhcpAssignedHostName" to this value w
+ ith a ".".' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 
+ SINGLE-VALUE )
+olcAttributeTypes: {27}( 2.16.840.1.113719.1.203.4.28 NAME 'dhcpDnsStatus' DES
+ C 'This indicates the status of updating DNS resource records on behalf of th
+ e client by the DHCP server for this address.  The value is a 16-bit bitmask.
+ ' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {28}( 2.16.840.1.113719.1.203.4.29 NAME 'dhcpRequestedHostN
+ ame' DESC 'This is the hostname that was requested by the client.' EQUALITY c
+ aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {29}( 2.16.840.1.113719.1.203.4.30 NAME 'dhcpAssignedHostNa
+ me' DESC 'This is the actual hostname that was assigned to a client. It may n
+ ot be the name that was requested by the client.  The fully qualified domain 
+ name can be determined by appending the value of "dhcpDomainName" (with a dot
+  separator) to this name.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.146
+ 6.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {30}( 2.16.840.1.113719.1.203.4.31 NAME 'dhcpReservedForCli
+ ent' DESC 'The distinguished name of a "dhcpClient" that an address is reserv
+ ed for.  This may not be the same as the "dhcpAssignedToClient" attribute if 
+ the address is being reassigned but the current lease has not yet expired.' E
+ QUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VA
+ LUE )
+olcAttributeTypes: {31}( 2.16.840.1.113719.1.203.4.32 NAME 'dhcpAssignedToClie
+ nt' DESC 'This is the distinguished name of a "dhcpClient" that an address is
+  currently assigned to.  This attribute is only present in the class when the
+  address is leased.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.
+ 115.121.1.12 SINGLE-VALUE )
+olcAttributeTypes: {32}( 2.16.840.1.113719.1.203.4.33 NAME 'dhcpRelayAgentInfo
+ ' DESC 'If the client request was received via a relay agent, this contains i
+ nformation about the relay agent that was available from the DHCP request.  T
+ his is a hex-encoded option value.' EQUALITY octetStringMatch SYNTAX 1.3.6.1.
+ 4.1.1466.115.121.1.40 SINGLE-VALUE )
+olcAttributeTypes: {33}( 2.16.840.1.113719.1.203.4.34 NAME 'dhcpHWAddress' DES
+ C 'The clients hardware address that requested this IP address.' EQUALITY cas
+ eIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {34}( 2.16.840.1.113719.1.203.4.35 NAME 'dhcpHashBucketAssi
+ gnment' DESC 'HashBucketAssignment bit map for the DHCP Server, as defined in
+  DHC Load Balancing Algorithm [RFC 3074].' EQUALITY octetStringMatch SYNTAX 1
+ .3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
+olcAttributeTypes: {35}( 2.16.840.1.113719.1.203.4.36 NAME 'dhcpDelayedService
+ Parameter' DESC 'Delay in seconds corresponding to Delayed Service Parameter 
+ configuration, as defined in  DHC Load Balancing Algorithm [RFC 3074]. ' EQUA
+ LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {36}( 2.16.840.1.113719.1.203.4.37 NAME 'dhcpMaxClientLeadT
+ ime' DESC 'Maximum Client Lead Time configuration in seconds, as defined in D
+ HCP Failover Protocol [FAILOVR]' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.146
+ 6.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {37}( 2.16.840.1.113719.1.203.4.38 NAME 'dhcpFailOverEndpoi
+ ntState' DESC 'Server (Failover Endpoint) state, as defined in DHCP Failover 
+ Protocol [FAILOVR]' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1
+ 21.1.26 SINGLE-VALUE )
+olcAttributeTypes: {38}( 2.16.840.1.113719.1.203.4.39 NAME 'dhcpErrorLog' DESC
+  'Generic error log attribute that allows logging error conditions within a d
+ hcpService or a dhcpSubnet, like no IP addresses available for lease.' EQUALI
+ TY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {39}( 2.16.840.1.113719.1.203.4.40 NAME 'dhcpLocatorDN' DES
+ C 'The DN of dhcpLocator object which contain the DNs of all DHCP configurati
+ on objects. There will be a single dhcpLocator object in the tree with links 
+ to all the DHCP objects in the tree' EQUALITY distinguishedNameMatch SYNTAX 1
+ .3.6.1.4.1.1466.115.121.1.12 )
+olcAttributeTypes: {40}( 2.16.840.1.113719.1.203.4.41 NAME 'dhcpKeyAlgorithm' 
+ DESC 'Algorithm to generate TSIG Key' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.
+ 6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {41}( 2.16.840.1.113719.1.203.4.42 NAME 'dhcpKeySecret' DES
+ C 'Secret to generate TSIG Key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.
+ 1466.115.121.1.40 SINGLE-VALUE )
+olcAttributeTypes: {42}( 2.16.840.1.113719.1.203.4.43 NAME 'dhcpDnsZoneServer'
+  DESC 'Master server of the DNS Zone' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.
+ 6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcAttributeTypes: {43}( 2.16.840.1.113719.1.203.4.44 NAME 'dhcpKeyDN' DESC 'T
+ he DNs of TSIG Key to use in secure dynamic updates. In case of locator objec
+ t, this will be list of TSIG keys.  In case of DHCP Service, Shared Network, 
+ Subnet and DNS Zone, it will be a single key.' EQUALITY distinguishedNameMatc
+ h SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+olcAttributeTypes: {44}( 2.16.840.1.113719.1.203.4.45 NAME 'dhcpZoneDN' DESC '
+ The DNs of DNS Zone. In case of locator object, this will be list of DNS Zone
+ s in the tree. In case of DHCP Service, Shared Network and Subnet, it will be
+  a single DNS Zone.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.
+ 115.121.1.12 )
+olcAttributeTypes: {45}( 2.16.840.1.113719.1.203.4.46 NAME 'dhcpFailOverRole' 
+ DESC 'Role of the DHCP Server. Either primary or secondary' EQUALITY caseIgno
+ reIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {46}( 2.16.840.1.113719.1.203.4.47 NAME 'dhcpFailOverReceiv
+ eAddress' DESC 'IP address or DNS  name  on  which the server should listen f
+ or connections from its fail over peer' EQUALITY caseIgnoreIA5Match SYNTAX 1.
+ 3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: {47}( 2.16.840.1.113719.1.203.4.48 NAME 'dhcpFailOverPeerAd
+ dress' DESC 'IP address  or  DNS  name  to which  the  server  should  connec
+ t  to  reach  its fail over peer' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.
+ 4.1.1466.115.121.1.26 )
+olcAttributeTypes: {48}( 2.16.840.1.113719.1.203.4.49 NAME 'dhcpFailOverPeerPo
+ rt' DESC 'Port to which server should connect to reach its fail over peer' EQ
+ UALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+olcAttributeTypes: {49}( 2.16.840.1.113719.1.203.4.50 NAME 'dhcpFailOverReceiv
+ ePort' DESC 'Port on which server should listen for connections from its fail
+  over peer' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+olcAttributeTypes: {50}( 2.16.840.1.113719.1.203.4.51 NAME 'dhcpFailOverRespon
+ seDelay' DESC 'Maximum response time in seconds, before Server assumes that c
+ onnection to fail over peer has failed' EQUALITY integerMatch SYNTAX 1.3.6.1.
+ 4.1.1466.115.121.1.27 )
+olcAttributeTypes: {51}( 2.16.840.1.113719.1.203.4.52 NAME 'dhcpFailOverUnpack
+ edUpdates' DESC 'Number of BNDUPD messages that server can send before it rec
+ eives BNDACK from its fail over peer' EQUALITY integerMatch SYNTAX 1.3.6.1.4.
+ 1.1466.115.121.1.27 )
+olcAttributeTypes: {52}( 2.16.840.1.113719.1.203.4.53 NAME 'dhcpFailOverSplit'
+  DESC 'Split between the primary and secondary servers for fail over purpose'
+  EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+olcAttributeTypes: {53}( 2.16.840.1.113719.1.203.4.54 NAME 'dhcpFailOverLoadBa
+ lanceTime' DESC 'Cutoff time in seconds, after which load balance is disabled
+ ' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+olcAttributeTypes: {54}( 2.16.840.1.113719.1.203.4.55 NAME 'dhcpFailOverPeerDN
+ ' DESC 'The DNs of Fail over peers. In case of locator object, this will be l
+ ist of fail over peers in the tree. In case of Subnet and pool, it will be a 
+ single Fail Over Peer' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.146
+ 6.115.121.1.12 )
+olcAttributeTypes: {55}( 2.16.840.1.113719.1.203.4.56 NAME 'dhcpServerDN' DESC
+  'List of all  DHCP Servers in the tree. Used by dhcpLocatorObject' EQUALITY 
+ distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+olcAttributeTypes: {56}( 2.16.840.1.113719.1.203.4.57 NAME 'dhcpComments' DESC
+  'Generic attribute that allows coments  within any DHCP object' EQUALITY cas
+ eIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+olcObjectClasses: {0}( 2.16.840.1.113719.1.203.6.1 NAME 'dhcpService' DESC 'Se
+ rvice object that represents the actual DHCP Service configuration. This is a
+  container object.' SUP top STRUCTURAL MUST cn MAY ( dhcpPrimaryDN $ dhcpSeco
+ ndaryDN $ dhcpServerDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ dhcpGroupDN $ d
+ hcpHostDN $ dhcpClassesDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpKeyDN $ dhcpFail
+ OverPeerDN $ dhcpStatements $ dhcpComments $ dhcpOption ) )
+olcObjectClasses: {1}( 2.16.840.1.113719.1.203.6.2 NAME 'dhcpSharedNetwork' DE
+ SC 'This stores configuration information for a shared network.' SUP top STRU
+ CTURAL MUST cn MAY ( dhcpSubnetDN $ dhcpPoolDN $ dhcpOptionsDN $ dhcpZoneDN $
+  dhcpStatements $ dhcpComments $ dhcpOption ) X-NDS_CONTAINMENT 'dhcpService'
+  )
+olcObjectClasses: {2}( 2.16.840.1.113719.1.203.6.3 NAME 'dhcpSubnet' DESC 'Thi
+ s class defines a subnet. This is a container object.' SUP top STRUCTURAL MUS
+ T ( cn $ dhcpNetMask ) MAY ( dhcpRange $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostD
+ N $ dhcpClassesDN $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpKeyDN $ d
+ hcpFailOverPeerDN $ dhcpStatements $ dhcpComments $ dhcpOption ) X-NDS_CONTAI
+ NMENT ( 'dhcpService' 'dhcpSharedNetwork' ) )
+olcObjectClasses: {3}( 2.16.840.1.113719.1.203.6.4 NAME 'dhcpPool' DESC 'This 
+ stores configuration information about a pool.' SUP top STRUCTURAL MUST ( cn 
+ $ dhcpRange ) MAY ( dhcpClassesDN $ dhcpPermitList $ dhcpLeasesDN $ dhcpOptio
+ nsDN $ dhcpZoneDN $ dhcpKeyDN $ dhcpStatements $ dhcpComments $ dhcpOption ) 
+ X-NDS_CONTAINMENT ( 'dhcpSubnet' 'dhcpSharedNetwork' ) )
+olcObjectClasses: {4}( 2.16.840.1.113719.1.203.6.5 NAME 'dhcpGroup' DESC 'Grou
+ p object that lists host DNs and parameters. This is a container object.' SUP
+  top STRUCTURAL MUST cn MAY ( dhcpHostDN $ dhcpOptionsDN $ dhcpStatements $ d
+ hcpComments $ dhcpOption ) X-NDS_CONTAINMENT ( 'dhcpSubnet' 'dhcpService' ) )
+olcObjectClasses: {5}( 2.16.840.1.113719.1.203.6.6 NAME 'dhcpHost' DESC 'This 
+ represents information about a particular client' SUP top STRUCTURAL MUST cn 
+ MAY ( dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComm
+ ents $ dhcpOption ) X-NDS_CONTAINMENT ( 'dhcpService' 'dhcpSubnet' 'dhcpGroup
+ ' ) )
+olcObjectClasses: {6}( 2.16.840.1.113719.1.203.6.7 NAME 'dhcpClass' DESC 'Repr
+ esents information about a collection of related clients.' SUP top STRUCTURAL
+  MUST cn MAY ( dhcpSubClassesDN $ dhcpOptionsDN $ dhcpStatements $ dhcpCommen
+ ts $ dhcpOption ) X-NDS_CONTAINMENT ( 'dhcpService' 'dhcpSubnet' ) )
+olcObjectClasses: {7}( 2.16.840.1.113719.1.203.6.8 NAME 'dhcpSubClass' DESC 'R
+ epresents information about a collection of related classes.' SUP top STRUCTU
+ RAL MUST cn MAY ( dhcpClassData $ dhcpOptionsDN $ dhcpStatements $ dhcpCommen
+ ts $ dhcpOption ) X-NDS_CONTAINMENT 'dhcpClass' )
+olcObjectClasses: {8}( 2.16.840.1.113719.1.203.6.9 NAME 'dhcpOptions' DESC 'Re
+ presents information about a collection of options defined.' SUP top AUXILIAR
+ Y MUST cn MAY ( dhcpOption $ dhcpComments ) X-NDS_CONTAINMENT ( 'dhcpService'
+  'dhcpSharedNetwork' 'dhcpSubnet' 'dhcpPool' 'dhcpGroup' 'dhcpHost' 'dhcpClas
+ s' ) )
+olcObjectClasses: {9}( 2.16.840.1.113719.1.203.6.10 NAME 'dhcpLeases' DESC 'Th
+ is class represents an IP Address, which may or may not have been leased.' SU
+ P top STRUCTURAL MUST ( cn $ dhcpAddressState ) MAY ( dhcpExpirationTime $ dh
+ cpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName
+  $ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReserve
+ dForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress $ dhcp
+ Option ) X-NDS_CONTAINMENT ( 'dhcpService' 'dhcpSubnet' 'dhcpPool' ) )
+olcObjectClasses: {10}( 2.16.840.1.113719.1.203.6.11 NAME 'dhcpLog' DESC 'This
+  is the object that holds past information about the IP address. The cn is th
+ e time/date stamp when the address was assigned or released, the address stat
+ e at the time, if the address was assigned or released.' SUP top STRUCTURAL M
+ UST cn MAY ( dhcpAddressState $ dhcpExpirationTime $ dhcpStartTimeOfState $ d
+ hcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhc
+ pRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssig
+ nedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress $ dhcpErrorLog ) X-NDS_CONTA
+ INMENT ( 'dhcpLeases' 'dhcpPool' 'dhcpSubnet' 'dhcpSharedNetwork' 'dhcpServic
+ e' ) )
+olcObjectClasses: {11}( 2.16.840.1.113719.1.203.6.12 NAME 'dhcpServer' DESC 'D
+ HCP Server Object' SUP top STRUCTURAL MUST cn MAY ( dhcpServiceDN $ dhcpLocat
+ orDN $ dhcpVersion $ dhcpImplementation $ dhcpHashBucketAssignment $ dhcpDela
+ yedServiceParameter $ dhcpMaxClientLeadTime $ dhcpFailOverEndpointState $ dhc
+ pStatements $ dhcpComments $ dhcpOption ) X-NDS_CONTAINMENT ( 'organization' 
+ 'organizationalunit' 'domain' ) )
+olcObjectClasses: {12}( 2.16.840.1.113719.1.203.6.13 NAME 'dhcpTSigKey' DESC '
+ TSIG key for secure dynamic updates' SUP top STRUCTURAL MUST ( cn $ dhcpKeyAl
+ gorithm $ dhcpKeySecret ) MAY dhcpComments X-NDS_CONTAINMENT ( 'dhcpService' 
+ 'dhcpSharedNetwork' 'dhcpSubnet' ) )
+olcObjectClasses: {13}( 2.16.840.1.113719.1.203.6.14 NAME 'dhcpDnsZone' DESC '
+ DNS Zone for updating leases' SUP top STRUCTURAL MUST ( cn $ dhcpDnsZoneServe
+ r ) MAY ( dhcpKeyDN $ dhcpComments ) X-NDS_CONTAINMENT ( 'dhcpService' 'dhcpS
+ haredNetwork' 'dhcpSubnet' ) )
+olcObjectClasses: {14}( 2.16.840.1.113719.1.203.6.15 NAME 'dhcpFailOverPeer' D
+ ESC 'This class defines the Fail over peer' SUP top STRUCTURAL MUST ( cn $ dh
+ cpFailOverRole $ dhcpFailOverReceiveAddress $ dhcpFailOverPeerAddress $ dhcpF
+ ailoverReceivePort $ dhcpFailOverPeerPort ) MAY ( dhcpFailOverResponseDelay $
+  dhcpFailOverUnpackedUpdates $ dhcpMaxClientLeadTime $ dhcpFailOverSplit $ dh
+ cpHashBucketAssignment $ dhcpFailOverLoadBalanceTime $ dhcpComments $ dhcpOpt
+ ion ) X-NDS_CONTAINMENT ( 'dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet' ) )
+olcObjectClasses: {15}( 2.16.840.1.113719.1.203.6.16 NAME 'dhcpLocator' DESC '
+ Locator object for DHCP configuration in the tree. There will be a single dhc
+ pLocator object in the tree with links to all the DHCP objects in the tree' S
+ UP top STRUCTURAL MUST cn MAY ( dhcpServiceDN $ dhcpServerDN $ dhcpSharedNetw
+ orkDN $ dhcpSubnetDN $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN 
+ $ dhcpKeyDN $ dhcpZoneDN $ dhcpFailOverPeerDN $ dhcpOption $ dhcpComments ) X
+ -NDS_CONTAINMENT ( 'organization' 'organizationalunit' 'domain' ) )
+structuralObjectClass: olcSchemaConfig
+entryUUID: 1e41c53e-8c54-1034-9810-2f3e74c83a84
+creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
+createTimestamp: 20150511180557Z
+entryCSN: 20150511180557.672238Z#000000#000#000000
+modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
+modifyTimestamp: 20150511180557Z

test/config/cn=config/cn=schema/cn={6}zarafa.ldif

@@ -0,0 +1,151 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 12b63e24
+dn: cn={6}zarafa
+objectClass: olcSchemaConfig
+cn: {6}zarafa
+olcAttributeTypes: {0}( 1.3.6.1.4.1.26278.1.1.1.1 NAME 'zarafaQuotaOverride' D
+ ESC 'ZARAFA: Override child quota' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1
+ 466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {1}( 1.3.6.1.4.1.26278.1.1.1.2 NAME 'zarafaQuotaWarn' DESC 
+ 'ZARAFA: Warning quota size in MB' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1
+ 466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {2}( 1.3.6.1.4.1.26278.1.1.1.3 NAME 'zarafaQuotaSoft' DESC 
+ 'ZARAFA: Soft quota size in MB' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466
+ .115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {3}( 1.3.6.1.4.1.26278.1.1.1.4 NAME 'zarafaQuotaHard' DESC 
+ 'ZARAFA: Hard quota size in MB' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466
+ .115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {4}( 1.3.6.1.4.1.26278.1.1.1.5 NAME 'zarafaUserDefaultQuota
+ Override' DESC 'ZARAFA: Override User default quota for children' EQUALITY in
+ tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {5}( 1.3.6.1.4.1.26278.1.1.1.6 NAME 'zarafaUserDefaultQuota
+ Warn' DESC 'ZARAFA: User default warning quota size in MB' EQUALITY integerMa
+ tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {6}( 1.3.6.1.4.1.26278.1.1.1.7 NAME 'zarafaUserDefaultQuota
+ Soft' DESC 'ZARAFA: User default soft quota size in MB' EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {7}( 1.3.6.1.4.1.26278.1.1.1.8 NAME 'zarafaUserDefaultQuota
+ Hard' DESC 'ZARAFA: User default hard quota size in MB' EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {8}( 1.3.6.1.4.1.26278.1.1.2.1 NAME 'zarafaAdmin' DESC 'ZAR
+ AFA: Administrator of zarafa' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.1
+ 15.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {9}( 1.3.6.1.4.1.26278.1.1.2.2 NAME 'zarafaSharedStoreOnly'
+  DESC 'ZARAFA: is store a shared store' EQUALITY integerMatch SYNTAX 1.3.6.1.
+ 4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {10}( 1.3.6.1.4.1.26278.1.1.2.3 NAME 'zarafaAccount' DESC '
+ ZARAFA: entry is a part of zarafa' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1
+ 466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {11}( 1.3.6.1.4.1.26278.1.1.2.4 NAME 'zarafaSendAsPrivilege
+ ' DESC 'ZARAFA: Users may directly send email as this user' EQUALITY caseIgno
+ reMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+  )
+olcAttributeTypes: {12}( 1.3.6.1.4.1.26278.1.1.2.5 NAME 'zarafaMrAccept' DESC 
+ 'ZARAFA: user should auto-accept meeting requests' EQUALITY integerMatch SYNT
+ AX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {13}( 1.3.6.1.4.1.26278.1.1.2.6 NAME 'zarafaMrDeclineConfli
+ ct' DESC 'ZARAFA: user should automatically decline conflicting meeting reque
+ sts' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE 
+ )
+olcAttributeTypes: {14}( 1.3.6.1.4.1.26278.1.1.2.7 NAME 'zarafaMrDeclineRecurr
+ ing' DESC 'ZARAFA: user should automatically decline recurring meeting reques
+ ts' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {15}( 1.3.6.1.4.1.26278.1.1.2.8 NAME 'zarafaId' DESC 'ZARAF
+ A: Generic unique ID' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.1
+ 21.1.40 SINGLE-VALUE )
+olcAttributeTypes: {16}( 1.3.6.1.4.1.26278.1.1.2.9 NAME 'zarafaResourceType' D
+ ESC 'ZARAFA: for shared stores, resource is type Room or Equipment' EQUALITY 
+ caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.
+ 121.1.15 SINGLE-VALUE )
+olcAttributeTypes: {17}( 1.3.6.1.4.1.26278.1.1.2.10 NAME 'zarafaResourceCapaci
+ ty' DESC 'ZARAFA: number of rooms or equipment available' EQUALITY integerMat
+ ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {18}( 1.3.6.1.4.1.26278.1.1.2.11 NAME 'zarafaHidden' DESC '
+ ZARAFA: This object should be hidden from address book' EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {19}( 1.3.6.1.4.1.26278.1.1.3.1 NAME 'zarafaAliases' DESC '
+ ZARAFA: All other email addresses for this user' EQUALITY caseIgnoreMatch SUB
+ STR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: {20}( 1.3.6.1.4.1.26278.1.1.4.1 NAME 'zarafaUserServer' DES
+ C 'ZARAFA: Home server for the user' EQUALITY caseIgnoreMatch SUBSTR caseIgno
+ reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: {21}( 1.3.6.1.4.1.26278.1.2.2.1 NAME 'zarafaSecurityGroup' 
+ DESC 'ZARAFA: group has security possibilities' EQUALITY integerMatch SYNTAX 
+ 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {22}( 1.3.6.1.4.1.26278.1.3.2.4 NAME 'zarafaViewPrivilege' 
+ DESC 'ZARAFA: Companies with view privileges over selected company' EQUALITY 
+ caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.
+ 121.1.15 )
+olcAttributeTypes: {23}( 1.3.6.1.4.1.26278.1.3.2.5 NAME 'zarafaAdminPrivilege'
+  DESC 'ZARAFA: Users from different companies which are administrator over se
+ lected company' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYN
+ TAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: {24}( 1.3.6.1.4.1.26278.1.3.2.6 NAME 'zarafaSystemAdmin' DE
+ SC 'ZARAFA: The user who is the system administrator for this company' EQUALI
+ TY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.1
+ 15.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: {25}( 1.3.6.1.4.1.26278.1.3.1.5 NAME 'zarafaQuotaUserWarnin
+ gRecipients' DESC 'ZARAFA: Users who will recieve a notification email when a
+  user exceeds his quota' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstrings
+ Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: {26}( 1.3.6.1.4.1.26278.1.3.1.6 NAME 'zarafaQuotaCompanyWar
+ ningRecipients' DESC 'ZARAFA: Users who will recieve a notification email whe
+ n a company exceeds its quota' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubs
+ tringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+olcAttributeTypes: {27}( 1.3.6.1.4.1.26278.1.3.4.1 NAME 'zarafaCompanyServer' 
+ DESC 'ZARAFA: Home server for the user' EQUALITY caseIgnoreMatch SUBSTR caseI
+ gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: {28}( 1.3.6.1.4.1.26278.1.4.4.1 NAME 'zarafaHttpPort' DESC 
+ 'ZARAFA: Port for the http connection' EQUALITY integerMatch SYNTAX 1.3.6.1.4
+ .1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {29}( 1.3.6.1.4.1.26278.1.4.4.2 NAME 'zarafaSslPort' DESC '
+ ZARAFA: Port for the ssl connection' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1
+ .1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {30}( 1.3.6.1.4.1.26278.1.4.4.3 NAME 'zarafaFilePath' DESC 
+ 'ZARAFA: The unix socket or named pipe to the server' EQUALITY caseIgnoreMatc
+ h SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGL
+ E-VALUE )
+olcAttributeTypes: {31}( 1.3.6.1.4.1.26278.1.4.4.4 NAME 'zarafaContainsPublic'
+  DESC 'ZARAFA: This server contains the public store' EQUALITY integerMatch S
+ YNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {32}( 1.3.6.1.4.1.26278.1.5.5.1 NAME 'zarafaFilter' DESC 'Z
+ ARAFA: LDAP Filter to apply' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstr
+ ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: {33}( 1.3.6.1.4.1.26278.1.5.5.2 NAME 'zarafaBase' DESC 'ZAR
+ AFA: LDAP Search base to apply' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSub
+ stringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcObjectClasses: {0}( 1.3.6.1.4.1.26278.1.1.0.0 NAME 'zarafa-user' DESC 'Zara
+ fa: an user of Zarafa' SUP top AUXILIARY MUST cn MAY ( zarafaQuotaOverride $ 
+ zarafaQuotaWarn $ zarafaQuotaSoft $ zarafaSendAsPrivilege $ zarafaQuotaHard $
+  zarafaAdmin $ zarafaSharedStoreOnly $ zarafaResourceType $ zarafaResourceCap
+ acity $ zarafaAccount $ zarafaHidden $ zarafaAliases $ zarafaUserServer ) )
+olcObjectClasses: {1}( 1.3.6.1.4.1.26278.1.6.0.0 NAME 'zarafa-contact' DESC 'Z
+ arafa: a contact of Zarafa' SUP top AUXILIARY MUST ( cn $ uidNumber ) MAY ( z
+ arafaSendAsPrivilege $ zarafaHidden $ zarafaAliases ) )
+olcObjectClasses: {2}( 1.3.6.1.4.1.26278.1.2.0.0 NAME 'zarafa-group' DESC 'Zar
+ afa: a group of Zarafa' SUP top AUXILIARY MUST cn MAY ( zarafaAccount $ zaraf
+ aHidden $ mail $ zarafaAliases $ zarafaSecurityGroup ) )
+olcObjectClasses: {3}( 1.3.6.1.4.1.26278.1.3.0.0 NAME 'zarafa-company' DESC 'Z
+ ARAFA: a company of Zarafa' SUP top AUXILIARY MUST cn MAY ( zarafaAccount $ z
+ arafaHidden $ zarafaViewPrivilege $ zarafaAdminPrivilege $ zarafaSystemAdmin 
+ $ zarafaQuotaOverride $ zarafaQuotaWarn $ zarafaUserDefaultQuotaOverride $ za
+ rafaUserDefaultQuotaWarn $ zarafaUserDefaultQuotaSoft $ zarafaUserDefaultQuot
+ aHard $ zarafaQuotaUserWarningRecipients $ zarafaQuotaCompanyWarningRecipient
+ s $ zarafaCompanyServer ) )
+olcObjectClasses: {4}( 1.3.6.1.4.1.26278.1.4.0.0 NAME 'zarafa-server' DESC 'ZA
+ RAFA: a Zarafa server' SUP top AUXILIARY MUST cn MAY ( zarafaAccount $ zarafa
+ Hidden $ zarafaHttpPort $ zarafaSslPort $ zarafaFilePath $ zarafaContainsPubl
+ ic ) )
+olcObjectClasses: {5}( 1.3.6.1.4.1.26278.1.5.0.0 NAME 'zarafa-addresslist' DES
+ C 'ZARAFA: a Zarafa Addresslist' SUP top STRUCTURAL MUST cn MAY ( zarafaAccou
+ nt $ zarafaHidden $ zarafaFilter $ zarafaBase ) )
+olcObjectClasses: {6}( 1.3.6.1.4.1.26278.1.7.0.0 NAME 'zarafa-dynamicgroup' DE
+ SC 'ZARAFA: a Zarafa dynamic group' SUP top STRUCTURAL MUST cn MAY ( zarafaAc
+ count $ zarafaHidden $ mail $ zarafaAliases $ zarafaFilter $ zarafaBase ) )
+structuralObjectClass: olcSchemaConfig
+entryUUID: 1e435106-8c54-1034-9811-2f3e74c83a84
+creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
+createTimestamp: 20150511180557Z
+entryCSN: 20150511180557.682369Z#000000#000#000000
+modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
+modifyTimestamp: 20150511180557Z

test/config/cn=config/cn=schema/cn={7}samba.ldif

@@ -0,0 +1,184 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 2dd801cc
+dn: cn={7}samba
+objectClass: olcSchemaConfig
+cn: {7}samba
+olcAttributeTypes: {0}( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC 'L
+ anManager Password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1
+ 21.1.26{32} SINGLE-VALUE )
+olcAttributeTypes: {1}( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC 'M
+ D4 hash of the unicode password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4
+ .1.1466.115.121.1.26{32} SINGLE-VALUE )
+olcAttributeTypes: {2}( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC 'Ac
+ count Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ {16} SINGLE-VALUE )
+olcAttributeTypes: {3}( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' DESC 'T
+ imestamp of the last password update' EQUALITY integerMatch SYNTAX 1.3.6.1.4.
+ 1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {4}( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange' DESC 
+ 'Timestamp of when the user is allowed to update the password' EQUALITY integ
+ erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {5}( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' DESC
+  'Timestamp of when the password will expire' EQUALITY integerMatch SYNTAX 1.
+ 3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {6}( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime' DESC 'Ti
+ mestamp of last logon' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.
+ 1.27 SINGLE-VALUE )
+olcAttributeTypes: {7}( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' DESC 'T
+ imestamp of last logoff' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.12
+ 1.1.27 SINGLE-VALUE )
+olcAttributeTypes: {8}( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' DESC '
+ Timestamp of when the user will be logged off automatically' EQUALITY integer
+ Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {9}( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount' D
+ ESC 'Bad password attempt count' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.146
+ 6.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {10}( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime' D
+ ESC 'Time of the last bad password attempt' EQUALITY integerMatch SYNTAX 1.3.
+ 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {11}( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' DESC '
+ Logon Hours' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ {42} SINGLE-VALUE )
+olcAttributeTypes: {12}( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' DESC 'D
+ river letter of home directory mapping' EQUALITY caseIgnoreIA5Match SYNTAX 1.
+ 3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
+olcAttributeTypes: {13}( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript' DESC 
+ 'Logon script path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.
+ 1.15{255} SINGLE-VALUE )
+olcAttributeTypes: {14}( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' DESC 
+ 'Roaming profile path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.1
+ 21.1.15{255} SINGLE-VALUE )
+olcAttributeTypes: {15}( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations' 
+ DESC 'List of user workstations the user is allowed to logon to' EQUALITY cas
+ eIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
+olcAttributeTypes: {16}( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath' DESC 'Ho
+ me directory UNC path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.1
+ 21.1.15{128} )
+olcAttributeTypes: {17}( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' DESC '
+ Windows NT domain to which the user belongs' EQUALITY caseIgnoreMatch SYNTAX 
+ 1.3.6.1.4.1.1466.115.121.1.15{128} )
+olcAttributeTypes: {18}( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' DESC '
+ Base64 encoded user parameter string' EQUALITY caseExactMatch SYNTAX 1.3.6.1.
+ 4.1.1466.115.121.1.15{1050} )
+olcAttributeTypes: {19}( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' D
+ ESC 'Concatenated MD5 hashes of the salted NT passwords used on this account'
+  EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} )
+olcAttributeTypes: {20}( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Securit
+ y ID' EQUALITY caseIgnoreIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1
+ .3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
+olcAttributeTypes: {21}( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID' D
+ ESC 'Primary Group Security ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.
+ 1.1466.115.121.1.26{64} SINGLE-VALUE )
+olcAttributeTypes: {22}( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList' DESC 'Sec
+ urity ID List' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.
+ 26{64} )
+olcAttributeTypes: {23}( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' DESC 'N
+ T Group Type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING
+ LE-VALUE )
+olcAttributeTypes: {24}( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid' DESC 
+ 'Next NT rid to give our for users' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.
+ 1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {25}( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid' DESC
+  'Next NT rid to give out for groups' EQUALITY integerMatch SYNTAX 1.3.6.1.4.
+ 1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {26}( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid' DESC 'Nex
+ t NT rid to give out for anything' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1
+ 466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {27}( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase
+ ' DESC 'Base at which the samba RID generation algorithm should operate' EQUA
+ LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {28}( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName' DESC 'S
+ hare Name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SING
+ LE-VALUE )
+olcAttributeTypes: {29}( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName' DESC '
+ Option Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
+  1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: {30}( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption' DESC '
+ A boolean option' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 S
+ INGLE-VALUE )
+olcAttributeTypes: {31}( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption' DES
+ C 'An integer option' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1
+ .27 SINGLE-VALUE )
+olcAttributeTypes: {32}( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption' DESC
+  'A string option' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121
+ .1.26 SINGLE-VALUE )
+olcAttributeTypes: {33}( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption' 
+ DESC 'A string list option' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.
+ 115.121.1.15 )
+olcAttributeTypes: {34}( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags' DESC '
+ Trust Password Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115
+ .121.1.26 )
+olcAttributeTypes: {35}( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength' DESC
+  'Minimal password length (default: 5)' EQUALITY integerMatch SYNTAX 1.3.6.1.
+ 4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {36}( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength' 
+ DESC 'Length of Password History Entries (default: 0 => off)' EQUALITY intege
+ rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {37}( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd' DES
+ C 'Force Users to logon for password change (default: 0 => off, 2 => on)' EQU
+ ALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {38}( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge' DESC 'M
+ aximum password age, in seconds (default: -1 => never expire passwords)' EQUA
+ LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {39}( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge' DESC 'M
+ inimum password age, in seconds (default: 0 => allow immediate password chang
+ e)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {40}( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration' D
+ ESC 'Lockout duration in minutes (default: 30, -1 => forever)' EQUALITY integ
+ erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {41}( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservation
+ Window' DESC 'Reset time after lockout in minutes (default: 30)' EQUALITY int
+ egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {42}( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold' 
+ DESC 'Lockout users after bad logon attempts (default: 0 => off)' EQUALITY in
+ tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {43}( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff' DESC 
+ 'Disconnect Users outside logon hours (default: -1 => off, 0 => on)' EQUALITY
+  integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {44}( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdCh
+ ange' DESC 'Allow Machine Password changes (default: 0 => off)' EQUALITY inte
+ gerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcObjectClasses: {0}( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' DESC 'Sam
+ ba 3.0 Auxilary SAM Account' SUP top AUXILIARY MUST ( uid $ sambaSID ) MAY ( 
+ cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ sambaLogonTime $ s
+ ambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $ sambaPwdMustChange $ 
+ sambaAcctFlags $ displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScr
+ ipt $ sambaProfilePath $ description $ sambaUserWorkstations $ sambaPrimaryGr
+ oupSID $ sambaDomainName $ sambaMungedDial $ sambaBadPasswordCount $ sambaBad
+ PasswordTime $ sambaPasswordHistory $ sambaLogonHours ) )
+olcObjectClasses: {1}( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' DESC 'S
+ amba Group Mapping' SUP top AUXILIARY MUST ( gidNumber $ sambaSID $ sambaGrou
+ pType ) MAY ( displayName $ description $ sambaSIDList ) )
+olcObjectClasses: {2}( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' DESC 
+ 'Samba Trust Password' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaNTPas
+ sword $ sambaTrustFlags ) MAY ( sambaSID $ sambaPwdLastSet ) )
+olcObjectClasses: {3}( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' DESC 'Samba D
+ omain Information' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaSID ) MAY
+  ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithmicRidB
+ ase $ sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd $ sambaM
+ axPwdAge $ sambaMinPwdAge $ sambaLockoutDuration $ sambaLockoutObservationWin
+ dow $ sambaLockoutThreshold $ sambaForceLogoff $ sambaRefuseMachinePwdChange 
+ ) )
+olcObjectClasses: {4}( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' DESC 'Poo
+ l for allocating UNIX uids/gids' SUP top AUXILIARY MUST ( uidNumber $ gidNumb
+ er ) )
+olcObjectClasses: {5}( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' DESC 'Map
+ ping from a SID to an ID' SUP top AUXILIARY MUST sambaSID MAY ( uidNumber $ g
+ idNumber ) )
+olcObjectClasses: {6}( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' DESC 'Struc
+ tural Class for a SID' SUP top STRUCTURAL MUST sambaSID )
+olcObjectClasses: {7}( 1.3.6.1.4.1.7165.2.2.10 NAME 'sambaConfig' DESC 'Samba 
+ Configuration Section' SUP top AUXILIARY MAY description )
+olcObjectClasses: {8}( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' DESC 'Samba S
+ hare Section' SUP top STRUCTURAL MUST sambaShareName MAY description )
+olcObjectClasses: {9}( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' DESC '
+ Samba Configuration Option' SUP top STRUCTURAL MUST sambaOptionName MAY ( sam
+ baBoolOption $ sambaIntegerOption $ sambaStringOption $ sambaStringListoption
+  $ description ) )
+structuralObjectClass: olcSchemaConfig
+entryUUID: 1e45010e-8c54-1034-9812-2f3e74c83a84
+creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
+createTimestamp: 20150511180557Z
+entryCSN: 20150511180557.693431Z#000000#000#000000
+modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
+modifyTimestamp: 20150511180557Z

test/config/cn=config/cn=schema/cn={8}mail.ldif

@@ -0,0 +1,56 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 2acb9a1d
+dn: cn={8}mail
+objectClass: olcSchemaConfig
+cn: {8}mail
+olcAttributeTypes: {0}( 1.3.6.1.4.1.21103.1.1.13.1 NAME 'maildrop' DESC 'Mail 
+ addresses where mails are forwarded -- ie forwards' EQUALITY caseIgnoreMatch 
+ SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512} )
+olcAttributeTypes: {1}( 1.3.6.1.4.1.21103.1.1.13.2 NAME 'mailalias' DESC 'Mail
+  addresses accepted by this account -- ie aliases' EQUALITY caseIgnoreMatch S
+ UBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512} )
+olcAttributeTypes: {2}( 1.3.6.1.4.1.21103.1.1.13.3 NAME 'mailenable' DESC 'Mai
+ l Account / Virtual alias validity' EQUALITY caseIgnoreMatch SUBSTR caseIgnor
+ eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{8} )
+olcAttributeTypes: {3}( 1.3.6.1.4.1.21103.1.1.13.4 NAME 'mailbox' DESC 'Mailbo
+ x path where mails are delivered' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreS
+ ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512} )
+olcAttributeTypes: {4}( 1.3.6.1.4.1.21103.1.1.13.5 NAME 'virtualdomain' DESC '
+ A mail domain name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512} )
+olcAttributeTypes: {5}( 1.3.6.1.4.1.21103.1.1.13.6 NAME 'virtualdomaindescript
+ ion' DESC 'Virtual domain description' EQUALITY caseIgnoreMatch SUBSTR caseIg
+ noreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512} )
+olcAttributeTypes: {6}( 1.3.6.1.4.1.21103.1.1.13.7 NAME 'mailuserquota' DESC '
+ Mailbox quota for a user in kilo-bytes' EQUALITY integerMatch SYNTAX 1.3.6.1.
+ 4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {7}( 1.3.6.1.4.1.21103.1.1.13.8 NAME 'mailhost' DESC 'The m
+ ail server IP address or FQDN for a user' EQUALITY caseIgnoreIA5Match SUBSTR 
+ caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE
+ -VALUE )
+olcAttributeTypes: {8}( 1.3.6.1.4.1.21103.1.1.13.9 NAME 'mailaliasmember' DESC
+  'Member of a virtual alias' SUP distinguishedName )
+olcAttributeTypes: {9}( 1.3.6.1.4.1.21103.1.1.13.10 NAME 'mailproxy' DESC 'Mai
+ l proxy' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNT
+ AX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE )
+olcAttributeTypes: {10}( 1.3.6.1.4.1.21103.1.1.13.11 NAME 'mailhidden' DESC 'M
+ ail Account hidden in address book' EQUALITY caseIgnoreMatch SUBSTR caseIgnor
+ eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{8} )
+olcObjectClasses: {0}( 1.3.6.1.4.1.21103.1.2.13.1 NAME 'mailAccount' DESC 'Mai
+ l Account' SUP top AUXILIARY MUST mail MAY ( mailalias $ maildrop $ mailenabl
+ e $ mailbox $ mailuserquota $ mailhost $ mailproxy $ mailhidden ) )
+olcObjectClasses: {1}( 1.3.6.1.4.1.21103.1.2.13.2 NAME 'mailDomain' DESC 'Doma
+ in mail entry' SUP top STRUCTURAL MUST virtualdomain MAY ( virtualdomaindescr
+ iption $ mailuserquota ) )
+olcObjectClasses: {2}( 1.3.6.1.4.1.21103.1.2.13.3 NAME 'mailGroup' DESC 'Mail 
+ Group' SUP top AUXILIARY MUST mail MAY mailhidden )
+olcObjectClasses: {3}( 1.3.6.1.4.1.21103.1.2.13.4 NAME 'mailAlias' DESC 'Mail 
+ Alias' SUP top STRUCTURAL MUST mailalias MAY ( mail $ mailaliasmember $ maile
+ nable ) )
+structuralObjectClass: olcSchemaConfig
+entryUUID: 1e464bcc-8c54-1034-9813-2f3e74c83a84
+creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
+createTimestamp: 20150511180557Z
+entryCSN: 20150511180557.701898Z#000000#000#000000
+modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
+modifyTimestamp: 20150511180557Z

test/config/cn=config/cn=schema/cn={9}openssh-lpk.ldif

@@ -0,0 +1,18 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 7163b5da
+dn: cn={9}openssh-lpk
+objectClass: olcSchemaConfig
+cn: {9}openssh-lpk
+olcAttributeTypes: {0}( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' DES
+ C 'MANDATORY: OpenSSH Public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.
+ 1.1466.115.121.1.40 )
+olcObjectClasses: {0}( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' DESC
+  'MANDATORY: OpenSSH LPK objectclass' SUP top AUXILIARY MAY ( sshPublicKey $ 
+ uid ) )
+structuralObjectClass: olcSchemaConfig
+entryUUID: 1e47842e-8c54-1034-9814-2f3e74c83a84
+creatorsName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
+createTimestamp: 20150511180557Z
+entryCSN: 20150511180557.709895Z#000000#000#000000
+modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
+modifyTimestamp: 20150511180557Z

test/config/cn=config/olcBackend={0}hdb.ldif

@@ -1,12 +1,12 @@
 # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
-# CRC32 40b20094
+# CRC32 ce66638c
 dn: olcBackend={0}hdb
 objectClass: olcBackendConfig
 olcBackend: {0}hdb
 structuralObjectClass: olcBackendConfig
-entryUUID: db094f96-51e1-1034-95f5-9d03bc6be361
+entryUUID: 1dd028ac-8c54-1034-90fe-f5ce8ee3f703
 creatorsName: cn=config
-createTimestamp: 20150226090154Z
-entryCSN: 20150226090154.826604Z#000000#000#000000
+createTimestamp: 20150511180556Z
+entryCSN: 20150511180556.927675Z#000000#000#000000
 modifiersName: cn=config
-modifyTimestamp: 20150226090154Z
+modifyTimestamp: 20150511180556Z

test/config/cn=config/olcDatabase={-1}frontend.ldif

@@ -1,5 +1,5 @@
 # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
-# CRC32 1f64c20c
+# CRC32 0b63a07b
 dn: olcDatabase={-1}frontend
 objectClass: olcDatabaseConfig
 objectClass: olcFrontendConfig
@@ -10,9 +10,9 @@ olcAccess: {1}to dn.exact="" by * read
 olcAccess: {2}to dn.base="cn=Subschema" by * read
 olcSizeLimit: 500
 structuralObjectClass: olcDatabaseConfig
-entryUUID: db089fec-51e1-1034-95ed-9d03bc6be361
+entryUUID: 1dcfbf0c-8c54-1034-90f6-f5ce8ee3f703
 creatorsName: cn=config
-createTimestamp: 20150226090154Z
-entryCSN: 20150226090154.822104Z#000000#000#000000
+createTimestamp: 20150511180556Z
+entryCSN: 20150511180556.924972Z#000000#000#000000
 modifiersName: cn=config
-modifyTimestamp: 20150226090154Z
+modifyTimestamp: 20150511180556Z

test/config/cn=config/olcDatabase={0}config.ldif

@@ -1,14 +1,14 @@
 # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
-# CRC32 dcde46c0
+# CRC32 4291b3d7
 dn: olcDatabase={0}config
 objectClass: olcDatabaseConfig
 olcDatabase: {0}config
 olcAccess: {0}to * by dn.exact=gidNumber=0+uidNumber=0,cn=peercred,cn=external
  ,cn=auth manage by * break
 structuralObjectClass: olcDatabaseConfig
-entryUUID: db08ac08-51e1-1034-95ee-9d03bc6be361
+entryUUID: 1dcfc560-8c54-1034-90f7-f5ce8ee3f703
 creatorsName: cn=config
-createTimestamp: 20150226090154Z
-entryCSN: 20150226090154.822414Z#000000#000#000000
+createTimestamp: 20150511180556Z
+entryCSN: 20150511180556.925134Z#000000#000#000000
 modifiersName: cn=config
-modifyTimestamp: 20150226090154Z
+modifyTimestamp: 20150511180556Z

test/config/cn=config/olcDatabase={1}hdb.ldif

@@ -1,19 +1,14 @@
 # AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
-# CRC32 8b1aead3
+# CRC32 2b412e6d
 dn: olcDatabase={1}hdb
 objectClass: olcDatabaseConfig
 objectClass: olcHdbConfig
 olcDatabase: {1}hdb
 olcDbDirectory: /var/lib/ldap
-olcSuffix: dc=test,dc=osixia,dc=net
-olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou
- s auth by dn="cn=admin,dc=test,dc=osixia,dc=net" write by * none
-olcAccess: {1}to dn.base="" by * read
-olcAccess: {2}to * by self write by dn="cn=admin,dc=test,dc=osixia,dc=net" wri
- te by * read
+olcSuffix: dc=osixia,dc=net
 olcLastMod: TRUE
-olcRootDN: cn=admin,dc=test,dc=osixia,dc=net
-olcRootPW:: e1NTSEF9bU9FWlh4OUpPNmlhK1dkeFV4S0FKam43R3dmNVJrby8=
+olcRootDN: cn=admin,dc=osixia,dc=net
+olcRootPW:: e1NTSEF9R0llSUVKRW82eFJXOG5ybENtQXkyZjF3WXlxU0ZFL2M=
 olcDbCheckpoint: 512 30
 olcDbConfig: {0}set_cachesize 0 2097152 0
 olcDbConfig: {1}set_lk_max_objects 1500
@@ -21,9 +16,14 @@ olcDbConfig: {2}set_lk_max_locks 1500
 olcDbConfig: {3}set_lk_max_lockers 1500
 olcDbIndex: objectClass eq
 structuralObjectClass: olcHdbConfig
-entryUUID: db09539c-51e1-1034-95f6-9d03bc6be361
+entryUUID: 1dd02bcc-8c54-1034-90ff-f5ce8ee3f703
 creatorsName: cn=config
-createTimestamp: 20150226090154Z
-entryCSN: 20150226090154.826706Z#000000#000#000000
-modifiersName: cn=config
-modifyTimestamp: 20150226090154Z
+createTimestamp: 20150511180556Z
+olcAccess: {0}to attrs=userPassword,shadowLastChange by self write by anonymou
+ s auth by dn="cn=admin,dc=osixia,dc=net" write by * none
+olcAccess: {1}to dn.base="" by * read
+olcAccess: {2}to * by self write by dn="cn=admin,dc=osixia,dc=net" write by * 
+ none
+entryCSN: 20150511180557.496167Z#000000#000#000000
+modifiersName: gidNumber=0+uidNumber=0,cn=peercred,cn=external,cn=auth
+modifyTimestamp: 20150511180557Z

test/ssl/ca-test.crt

@@ -0,0 +1,25 @@
+-----BEGIN CERTIFICATE-----
+MIIEHzCCAtegAwIBAgIEVFyEFjANBgkqhkiG9w0BAQsFADB/MQswCQYDVQQGEwJG
+UjEWMBQGA1UEChMNRXhhbXBsZSBDb3JwLjEVMBMGA1UECxMMQ0EgQXV0aG9yaXR5
+MQ8wDQYDVQQHEwZOYW50ZXMxGTAXBgNVBAgTEFBheXMgZGUgbGEgTG9pcmUxFTAT
+BgNVBAMTDENBIEF1dGhvcml0eTAeFw0xNDExMDcwODM0MzJaFw0yNDExMDQwODM0
+MzdaMH8xCzAJBgNVBAYTAkZSMRYwFAYDVQQKEw1FeGFtcGxlIENvcnAuMRUwEwYD
+VQQLEwxDQSBBdXRob3JpdHkxDzANBgNVBAcTBk5hbnRlczEZMBcGA1UECBMQUGF5
+cyBkZSBsYSBMb2lyZTEVMBMGA1UEAxMMQ0EgQXV0aG9yaXR5MIIBUjANBgkqhkiG
+9w0BAQEFAAOCAT8AMIIBOgKCATEApYPsj6fBnRp03YPRqwRpq4Xe4PIBKhLjZx9G
+VyKdHRL1g4UUrimVXMQgIIdlr5Kb4XSvrLCO9giPeNG4bmG9viEjGWODr0krF3gr
++sUgJ49ufB3ti67NxbptckhF8tOU0icdvyaSrlOM/6fQXwn4PQ/0zE5pajomZ+Kc
+gpdftAHH/OJhN2JeQlh4TqquLUAKp/z/DjOssr0d6mjKWEVlf8vlvYIWM9kVNsCm
+CxGarHqETFPrK02akBcdEhd32praATezYXF3V2HQT/S1Mnamk9iT743SGVrpLx4s
+nwvzkpeZEjlhFHfEyiyi0lsZucaBxKX1IZdAcj3t6DbcNTBcacpqYOdcqykMj5m1
+PnbcyXPfndwjHNGCAtkeVHkNIviYK4d1v1YixhUXFk+FF7xDdwIDAQABo0MwQTAP
+BgNVHRMBAf8EBTADAQH/MA8GA1UdDwEB/wQFAwMHBAAwHQYDVR0OBBYEFNDAYqRu
+emxWOsrKTszI4ZkaB0bPMA0GCSqGSIb3DQEBCwUAA4IBMQCMPI+mdnEMBpOT5+2X
+wvRGmgGiXoTiB5jQ4xquk2b40rH6vlRW0dkP9fHf4DYEyIp0EVlEe1iBVURNoRjd
+9Yf/uYwbG8P23ZXJYuTZKLsGL2G8XkHCUyfztYyhZqi2I97cJdH1QLqSljKfxF7a
+DPVh88p7RTwDe0w+j1XELELdYCnn7YcamU/cBu7pPqm+QDpZAO4B/7+HlZvxsAfc
+m2vQRpgRLXAB32QixowK2cZQVB1ScT0Rbj9uKIDXXLnofOfvk7yCJvBuEDLex0gh
+orCm+bduZozNkLwl7yRwLxPj+BMY4xzmqFPz+IRLs9nLaT+irlSdODQMLw6OZG1n
+hVkV54HIfN4QLiuvhJKlzJFtfH7sVWkNUEBP3eX4UyeyohpHhrbPytBbTdqpbmNb
+ryej
+-----END CERTIFICATE-----

test/ssl/dhparam.pem

@@ -1,8 +1,8 @@
 -----BEGIN DH PARAMETERS-----
-MIIBCAKCAQEAwC8hQ6nZ2kNNmZAGGYN8++rUvNlDjKqdwWubUnqY08ng6FfGcouL
-VSvgsF3LeERW/h4hrkgN983QjwrbBOrNp+7B59lhCs6Acvi87dXf3iaGNy4Gca43
-ERVkAJ7IWdXydyb9COANRtmBb1JvvYMAeVeMdofk8EcOW/kUV2adAQKluAcVhgRQ
-Pesp5i6Lv1kN5zVHDGkrJz5h0Mzi35aYia0gSnVCqEzmU7Omnz/gXY3Jdx91ym5Y
-2dTZuUZgIhco2bfPbhDl/1g0a1PWz7rxw24KJloNZC3nEt3JqIto83GsgaUtYxFT
-EWINSpghTjl4Z0CGCamJ6HXsNJGaVUXuGwIBAg==
+MIIBCAKCAQEAr+i/FlEe5ZBsNzFqtP9DaPOq2Xb0Cz2j0EleWLssx14bHFAgs6zC
+XXM0DJavfoiUis1eC7mUdPhBo6Jq+ZJTTL0vsJVg9h7BWpwHSPwZgPOwyYnAR1K1
+6vVU+jajZegAJijJAyVLazvFKLqQn3hR88nkqkyB5hHpR4IosJhmclEPNBFPwogn
+xEG643rHyP5GIxN6t5OnEofmAu0rCcj05GzD94VqdWKCR+t7TYN0TixTnAvX8oI7
+N4+vs7iza5ex1dT818kGWAgIkXA4JKa8/WQ9Zv9GtYn/FpAsoC7TH4IPw9B6+UN6
+KNUN75UcSIooE+l2uuFBUknzkmwLHFchgwIBAg==
 -----END DH PARAMETERS-----

test/ssl/ldap-test.crt

@@ -0,0 +1,26 @@
+-----BEGIN CERTIFICATE-----
+MIIEajCCAyKgAwIBAgIEVVDpaDANBgkqhkiG9w0BAQsFADB/MQswCQYDVQQGEwJG
+UjEWMBQGA1UEChMNRXhhbXBsZSBDb3JwLjEVMBMGA1UECxMMQ0EgQXV0aG9yaXR5
+MQ8wDQYDVQQHEwZOYW50ZXMxGTAXBgNVBAgTEFBheXMgZGUgbGEgTG9pcmUxFTAT
+BgNVBAMTDENBIEF1dGhvcml0eTAeFw0xNTA1MTExNzM5NTJaFw0yNTA1MDgxNzM5
+NTJaMDExFTATBgNVBAoTDEExQSBDYXIgV2FzaDEYMBYGA1UEAxMPbGRhcC5vc2l4
+aWEubmV0MIIBuDANBgkqhkiG9w0BAQEFAAOCAaUAMIIBoAKCAZcApvdff3MSxehz
+ooPu7CW2bAG06+w3va1CEYggpcBSE7ULlRLwKiZZthug0TB7ghEp3mdkKVDQpOtr
+l1NDbrMYOAuuepWxCIFFvqv3LZbKEQpuXRRO5pMPSG38ZkTrYVcCDiKGhQ74wS/u
+ft0KNyaxyxrw5bU5wa0rMJC3T/A52cP0JnkkSqGXNIU8MwNtlCaRvSUvG04NCcd7
+G7jxfvAxaEfSPiEkacQ0lSX5t9RZfSfQ0+S2Ap0o4sbUgUeaKo+0EvSkZoaAqbox
+RTXKJwnkk/9Jgc6m/nDeYaqt1sTkivPANnH9ouc/m16HQRG1zIHMhyeu1QYdR7LU
+avY8h7eIppSJMB09IqNPBzUE7ltjmzgNsn2E47LdCgNfQ8nFkc9DFffNldNl3uau
+KlHiorwuiVSRCOPepZW8IaAgHEP7k2cEkm4QHbexJBKKADxS0s6Vz+S8dWDbUxyJ
+XACoA4zCAciKporijf2bToDTqlpYn2OC7bq53qzwAJokqC84653ziklRf9D2SydV
+Rd2J0edaX0AbJhImuQIDAQABo3YwdDAMBgNVHRMBAf8EAjAAMBMGA1UdJQQMMAoG
+CCsGAQUFBwMBMA8GA1UdDwEB/wQFAwMHoAAwHQYDVR0OBBYEFO6vK9EJh6rqCVVR
+B9xsFrLdqCRKMB8GA1UdIwQYMBaAFNDAYqRuemxWOsrKTszI4ZkaB0bPMA0GCSqG
+SIb3DQEBCwUAA4IBMQBuhyInHBcEP5DrFrQa9ZDRDblD99bNPu3M0JRDD6J76fGJ
+deQl9Q8OvZbR5ixOKvZmBWPvHAAlxIMbx+v5r+AhNRz3jqhv+mhI084kSuGuHBqM
+7t+rAnzjDTivTXgnGL26fMTbdyO9GiRE80dEQtS0Xdlyo60V10GqNPoAjBasK4ym
+Z269KOTvK/6EiCj0KB7Gr/0ke9/ModkmBlGtpeZmZcUM0MF2ytOucu3vG1P357SO
+jDNV8F06ln+ejE+i6+/HEtBKcwtCA09SnbeXGvL3ngSJCHl9/fczov+G9A0tdNaV
+g6xaywo5Yb6cN5VaAMJ9dCYclXbhzNp58nUxg24CSgcxbRoovdejywMePhyz0lA2
+nMS32cHKQ6sanemQATdeSiDx3sjdhmtJUoPmyXa9
+-----END CERTIFICATE-----

test/ssl/ldap-test.key

@@ -0,0 +1,41 @@
+-----BEGIN RSA PRIVATE KEY-----
+MIIHRgIBAAKCAZcApvdff3MSxehzooPu7CW2bAG06+w3va1CEYggpcBSE7ULlRLw
+KiZZthug0TB7ghEp3mdkKVDQpOtrl1NDbrMYOAuuepWxCIFFvqv3LZbKEQpuXRRO
+5pMPSG38ZkTrYVcCDiKGhQ74wS/uft0KNyaxyxrw5bU5wa0rMJC3T/A52cP0Jnkk
+SqGXNIU8MwNtlCaRvSUvG04NCcd7G7jxfvAxaEfSPiEkacQ0lSX5t9RZfSfQ0+S2
+Ap0o4sbUgUeaKo+0EvSkZoaAqboxRTXKJwnkk/9Jgc6m/nDeYaqt1sTkivPANnH9
+ouc/m16HQRG1zIHMhyeu1QYdR7LUavY8h7eIppSJMB09IqNPBzUE7ltjmzgNsn2E
+47LdCgNfQ8nFkc9DFffNldNl3uauKlHiorwuiVSRCOPepZW8IaAgHEP7k2cEkm4Q
+HbexJBKKADxS0s6Vz+S8dWDbUxyJXACoA4zCAciKporijf2bToDTqlpYn2OC7bq5
+3qzwAJokqC84653ziklRf9D2SydVRd2J0edaX0AbJhImuQIDAQABAoIBlg1A6y94
+gLe9hzpSCzvrFXM24nfsyRLxJyKxodfOb6V5VFlJxs8tuqbSRB5+4Pr25lItdl2y
+ONGyj1iUhzCJHmXKhZfc/I/OhS0IxQb1JoaaQ573Xvj+GPM4qdWraFzSdYsOMgvr
+X5MkPSQMY0Rz+Z6D/bXaQCKv3pMNFcQOb2UqIR4RtTAIajKE1f29qqvdMOnpAveB
+p1bMoyjU8jSPl/htZRLB+jw8Eyl4uX0eadkduT2stMb51zZDLrixaJsyy4pKqacq
+y5lNep5B8TPWEi+4FLKOxRqePp1sc8uCPyhAvRhf6zUguES5LxsY6mGt7zBGdJDY
+rYJUc8zg1QzzoM4arOTQs8BFzlXPpLEj8pn/DTogFj2KUAUimFCaOMujKjElZepI
+JyzBGuLmY9d0rSfEZ35plwryFwE4YDsBU/iVOG8hNEtgnjzgG62HSPwHdyv6HDBi
+Phw6qOP6dFAxczrkTxIoXTV3SI03Zi2NMsaaOfMIMS+mB8FeKwSsWaF4tC7EBsxp
+d1e2V2afmaVBdS9Mws9m6SECgcwAxIJ2W8ql8cyogMBnzXmBVHS1ZyeUz60IL3y0
+to2nu7sU3Bcw0yoBvs583wMGmxIWfSBQ9ZhqFZokPuXDgUYf7uBrPfVTW1u718h5
+r0HWMcUgjXat/awpqTR2eiALj2TZ4tXfH6rkMSFU1NeQyphcMIYeRWdVDtKe3B8G
+Snvy461K7qKPXI+gfYBMNjHz5Mt3mkQI2zMYCPtBwvGWGKKy21KysDf/MnLB+HHz
+iv8DUVikEChVj26yKXN7Pw6ERhgWA141MFvtMw0PPukCgcwA2YNMF+Xjv5T+Atd0
+EqhoRv4wFTlZ4OUXAZuT8DY0FzsKZXiG7SyYkQx3Vo2BMjuAcdkdb7+XcDQBD2nD
+ROvocNHViZU6eFY5ckUo1pwkAKri34Lgt3pVz0OAc8cCzPwmx4ZFiWDwhyIs542f
+R3cc6kpASTCZrcmrSK73MvAZnnGaLeH1B8xgb05TTSHPTzdc9cBQcc6s3en1BMzW
+0ked0uV7kxshHcUDQEUcuoZlokTb+670gYMOLb9IzE1SfEpO/FP5sWmYmz/D51EC
+gctPbEtaHjWj3QvdveY2bf2PnPwUjTLgHRdJ2iVQA0Df52Uu71CUiE3cSKi/mgF5
+e34LZJxUJx35TSuJIGQ8Q5N0gM/XYugl7JWnSSelZf6kbwARLP51oLfV45ZfFcSW
+WDSYMcjUi8Ve9hHLVLT4rUvVcN+bPYBrVUVPwlpQkHhC/S9j89/tkT9Ueh5TaS0i
+M/pLJ2RM9AGq36JcoDgCDQAtFOeTwY4rXaZ4O9YrP5afsivdO/AY4KyxhDMz8TIV
+AncjNVhaC017bLPUwQKBy3bsipYmYzdERv1Wv2fUG+902uU/zhxgJQwD/AbCHAj3
+ht+j3mGemGv13Om9xH2qerfEdYu7vRjj1hCPSuxL73J/x7jJloZk3lPT7FgqVqTm
+ydRawnKOuIvx5DFpBeb9llZQ24QZNGkuDk8r54IzZePTZQKfR+b09GlxAEchb2Bp
+zFp5yHbTD4bL1E+/xJETPAhBdbpDvdA3MnfFZ07hSTEdt0re8mRMa1KgduykvrzR
+2VTqe1S0SvRIOY06WXcLSdQ8NbECgyWe34WBAoHMAL0WwxtoOZoSh0TDy8vRL+Iv
+42M8Ls/z1Tuia+XcEPY85uPRphXzqRYRk4LTTZwbb0ASVHV5HwFKo7k5P6R0xZLe
+/EyVo087prCYdwWwrTPkHZVKJsJUOe6mc17d71o5b/mswHuspE9qYfwlJ8zWrGYM
+69V7J14eBsXaFAdEAjpwiQifR4DS8aM8IhnvmZ6KdzOlxs1lsMfXD62nvybS4CoA
+MjH698BjjHwDFBG0nal0MD5gnmGvsyPBwsIlSF1r34TJTT56RCz1xt9j
+-----END RSA PRIVATE KEY-----

test/ssl/test-ca.crt

@@ -1,21 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDZzCCAh+gAwIBAgIEU2ehnzANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDExhU
-ZXN0IENBIENvbXBhbnkgLSBPc2l4aWEwHhcNMTQwNTA1MTQzNTExWhcNMTUwNTA1
-MTQzNTExWjAjMSEwHwYDVQQDExhUZXN0IENBIENvbXBhbnkgLSBPc2l4aWEwggFS
-MA0GCSqGSIb3DQEBAQUAA4IBPwAwggE6AoIBMQDdf+DVT4rPGxNB1SwL6git8Lw1
-AsEvd+rHAMKyCSRxbJywvtN/OKxVz4qWCkoRvcffG0uyoWRE+1w6DnT8ON+8uvuI
-2wbrLydFxuZdouZZJiX0QbXWra9lQpDWO2EAiPFchbN/K9+fXwV4SpsI3B7bGwM/
-sVtn6khbxvtzn+9yUmjIpA7q8i9NLVoX8UwagANtFIVE/Dc/MwaX7ayu6yYiNLXx
-GHzWXzQcTS6vWcVaf+pkq6/zZdXn0jVNfqnwAu3ooTWO3BeuQvGaQeRpRVlM0lPh
-oM7YFhR8b13Y5EmkZtSjoM+7ZOKF5mqBvluj65gIcQxnx4l4YCZ4MUVAlZBYc87h
-2JSYrAlq6eBhJzkNDi21jqtqSr1i08XICZrz4Vk8lrexWbRGzyz537La1LYNAgMB
-AAGjQzBBMA8GA1UdEwEB/wQFMAMBAf8wDwYDVR0PAQH/BAUDAwcEADAdBgNVHQ4E
-FgQUnod7FQfSDLyWVeBSTTdCriQoEHYwDQYJKoZIhvcNAQELBQADggExAGtv/8Ot
-3Acs+KlR+0OBtnWe6sfzfQ2fRJvol7szp0Nto+zTZLbtCEvNGIVkd8eLrm9a9soa
-pY/pC6dAPPZHho/G46quSjtSARU/tlbabkRsCfHiWIvtjqKIyzqk+YjOc767pd0G
-iWKxF98sI4fKdlZ+Aqw+9vO2KwQMYEtrIiCbPUYMff/BzxkrwUBnYcTjISPwEd3Z
-JylfG78qsB8N6UOf89jRX2O7HCy6CGJvcuxbkwaCd5iqgLhBXj9bU7xgy/A2udav
-JV/uV+vWDcy8cI22Xz1jfPpimAZjv+Qb3NjDX5nxjTciAEsNges0QdxZ71dfEqo+
-DGSImtM8ORivPw7oXADztCC+11KcV4THa6wmu+Sblsxe46ldAwb6MLvMN04zALUN
-mW4ojToqYgz9Jgc=
------END CERTIFICATE-----

test/ssl/test-ldap.crt

@@ -1,19 +0,0 @@
------BEGIN CERTIFICATE-----
-MIIDAzCCAbugAwIBAgIEU2eiHTANBgkqhkiG9w0BAQsFADAjMSEwHwYDVQQDExhU
-ZXN0IENBIENvbXBhbnkgLSBPc2l4aWEwHhcNMTQwNTA1MTQzNzE3WhcNMjQwNTAy
-MTQzNzE3WjBAMR4wHAYDVQQKExVUZXN0IENvbXBhbnkgLSBPc2l4aWExHjAcBgNV
-BAMTFWxkYXAtdGVzdC5leGFtcGxlLmNvbTCBnzANBgkqhkiG9w0BAQEFAAOBjQAw
-gYkCgYEA0/9/VYQARBLg7TrEiO4DAjcBAt3u3IQNNo8YdsL9iGwmRTPOspxOBVuQ
-2AVEIuT+4KLnm01q1NA+tEvXdfXI9eIN5zjCVTdt6VqwrF9E3zWxYEkuSJ4FWOhN
-dc0837hWBg+mBl/d6fSTkmeRc9fpwwr1jK7t10/BIzMr/pCzf10CAwEAAaN2MHQw
-DAYDVR0TAQH/BAIwADATBgNVHSUEDDAKBggrBgEFBQcDATAPBgNVHQ8BAf8EBQMD
-B6AAMB0GA1UdDgQWBBThLwuObrBzlp4qsKs0NHFMrCgn8jAfBgNVHSMEGDAWgBSe
-h3sVB9IMvJZV4FJNN0KuJCgQdjANBgkqhkiG9w0BAQsFAAOCATEAiAl9RGibKsfQ
-5Vbz2ZjsykzYj9Dhkxp7fc7RdrK0SEHGXn8Qeg5jf+j9DtfhTrZPVF7Jn4WOvuqh
-okQPrwRaDox6rtFPjsIR9JIO3/N2OvA3ozQyWqzB1ksU7CHJ5jGRskHBftSH2xwF
-kdGvSMIAmr9VpZ/sp4ykmADWC/bfz8BXYJDOsCBzJMtss/12hBqiJQhSsuBAsOT7
-40hG0t2S7mjGHWDF9PoARmNQ7X3Xc8j7V+dXLpNfZfc+htgI27WcOv7al4kxd//p
-22a77U/q+9B1CV8T2q1UTRnQqPHxtgoRLd+5qzEtzBW37ecAs2eAs9Z7D3O/fScu
-v0RxHSpnZDtL/JZcf3KO96l4sqCp6Ue5Ldg3tOvD4O46hjrlvUYnHcDdJjNYZ7rD
-f5kGXs20Mg==
------END CERTIFICATE-----

test/ssl/test-ldap.key

@@ -1,15 +0,0 @@
------BEGIN RSA PRIVATE KEY-----
-MIICWwIBAAKBgQDT/39VhABEEuDtOsSI7gMCNwEC3e7chA02jxh2wv2IbCZFM86y
-nE4FW5DYBUQi5P7gouebTWrU0D60S9d19cj14g3nOMJVN23pWrCsX0TfNbFgSS5I
-ngVY6E11zTzfuFYGD6YGX93p9JOSZ5Fz1+nDCvWMru3XT8EjMyv+kLN/XQIDAQAB
-AoGAHY7OgKxWYydkr/7VHyhcSAdGP1GVN667ruM1rH1UXxyBG331MEcFw853+/6D
-+P+Hn+dmtmsNXZ2pWHcIk/xQZ+MEsAdm+OZ1qpBJjHA0izJ6sqZaNxSToKCR4SHM
-/ACPAKqM9r2g1jqXzLKzgHBVc25Fonb1vUilTpC3YfaN+sECQQDmQGEcEK9Lvyi9
-RV1fONDP3Z9cPRaSzpjUjlQAWNbhvcoUYV4AOy+tVClDErRIs/Oo+wCOL+bHlMom
-zghcmxThAkEA67SPV0pNFR32gXvRZT4uKvCJcAjmNY4LMpet5DJ41Spq6+lbqXwY
-1e87zEei1UvdmEXOjVsa1wXcg8Ks+/59/QJAHh+CFOfh5ykFLW3rv09xkiBOfwTG
-9UHuILDWMI1u322zCGOMpr8Xh7ehBlNmHrTcRdlAw1lk+etvXxBJa8QmQQJABbNT
-OCg63wTfflgxQ0KSuUUh/cypTKhHywxyDy/NTlJ9TYFSTzIKI7pqdtFQtdnk3Rbr
-HO4UIxkoMSOXLW0FPQJARScXqZd7Lmwlw+ovAubfdOZdxjWGFZLRRZifiYZqtnQ1
-aw8PjdkaIPxLjCwSOelV9SsMue6a7nvkxKEn6QbT0w==
------END RSA PRIVATE KEY-----

test/test.bats

@@ -12,7 +12,7 @@ load test_helper
 
   run_image -e USE_TLS=false
   wait_service slapd
-  run docker exec $CONTAINER_ID ldapsearch -x -h 127.0.0.1 -b dc=example,dc=org
+  run docker exec $CONTAINER_ID ldapsearch -x -h 127.0.0.1 -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin
   clear_container
 
   [ "$status" -eq 0 ]
@@ -23,7 +23,7 @@ load test_helper
 
   run_image
   wait_service slapd
-  run docker exec $CONTAINER_ID ldapsearch -x -h ldap.example.org -b dc=example,dc=org -ZZ
+  run docker exec $CONTAINER_ID ldapsearch -x -h ldap.example.org -b dc=example,dc=org -ZZ -D "cn=admin,dc=example,dc=org" -w admin
   clear_container
 
   [ "$status" -eq 0 ]
@@ -32,9 +32,9 @@ load test_helper
 
 @test "ldapsearch new database with strict TLS and custom ca/crt" {
 
-  run_image -v $BATS_TEST_DIRNAME/ssl:/osixia/slapd/ssl -e SSL_CRT_FILENAME=test-ldap.crt -e SSL_KEY_FILENAME=test-ldap.key -e SSL_CA_CRT_FILENAME=test-ca.crt
+  run_image -v $BATS_TEST_DIRNAME/ssl:/osixia/slapd/ssl -e SSL_CRT_FILENAME=ldap-test.crt -e SSL_KEY_FILENAME=ldap-test.key -e SSL_CA_CRT_FILENAME=ca-test.crt
   wait_service slapd
-  run docker exec $CONTAINER_ID ldapsearch -x -h ldap-test.example.com -b dc=example,dc=org -ZZ
+  run docker exec $CONTAINER_ID ldapsearch -x -h ldap.osixia.net -b dc=example,dc=org -ZZ -D "cn=admin,dc=example,dc=org" -w admin
   clear_container
 
   chown -R $UNAME:$UNAME $BATS_TEST_DIRNAME || true
@@ -47,7 +47,7 @@ load test_helper
 
   run_image -e USE_TLS=false -v $BATS_TEST_DIRNAME/database:/var/lib/ldap -v $BATS_TEST_DIRNAME/config:/etc/ldap/slapd.d
   wait_service slapd
-  run docker exec $CONTAINER_ID ldapsearch -x -h 127.0.0.1 -b dc=test,dc=osixia,dc=net
+  run docker exec $CONTAINER_ID ldapsearch -x -h 127.0.0.1 -b dc=osixia,dc=net -D "cn=admin,dc=osixia,dc=net" -w admin
   clear_container
 
   chown -R $UNAME:$UNAME $BATS_TEST_DIRNAME || true