schema update

EndFirstCorp · Jan 21, 2017 · 5a40631 · 5a40631
1 parent 085ce17
commit 5a40631
Show file tree

Hide file tree

Showing 2 changed files with 101 additions and 28 deletions.
diff --git a/endfirst.ldif b/endfirst.ldif
@@ -1,10 +1,6 @@
 #
 # SCHEMA 'endfirst' for OpenLDAP OLC (cn=config)
 #
-# userHash Field:
-# endfirst userHash is used to maintain referential integrity between LDAP, 
-# Postgres and Redis databases. It is a surrogate key for the Postgres UserId
-#
 # INSTALLATION:
 # sudo ldapadd -Y EXTERNAL -H ldapi:/// -f endfirst.ldif 
 #
@@ -18,21 +14,57 @@
 #          1.3.6.1.4.1.47049.1.1 - LDAP Attribute Types
 #          1.3.6.1.4.1.47049.1.2 - LDAP Object Classes 
 # See http://www.openldap.org/doc/admin24/schema.html for naming info
+# See http://www.zytrax.com/books/ldap/apa/types.html for data types
 #
 # WARNING: the spaces ' ' in the definitions are very important!!!
 
 dn: cn=endfirst,cn=schema,cn=config
 objectClass: olcSchemaConfig
 cn: endfirst
-olcAttributeTypes: ( 1.3.6.1.4.1.47049.1.1.1 
- NAME 'userHash' 
- DESC 'EndFirst User Hash' 
- EQUALITY caseExactMatch 
- SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 
+olcAttributeTypes: ( 1.3.6.1.4.1.47049.1.1.1
+ NAME 'fileQuota'
+ DESC 'File Sharing Quota (e.g. 2 GB)'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{50}
  SINGLE-VALUE )
-olcObjectClasses: ( 1.3.6.1.4.1.47049.1.2.1 
- NAME 'endfirst' 
- DESC 'endfirst LDAP Schema' 
- AUXILIARY 
- MUST ( userHash ) )
-
+olcAttributeTypes: ( 1.3.6.1.4.1.47049.1.1.2
+ NAME 'mailQuota'
+ DESC 'Mail Quota (e.g. 2 GB)'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{50}
+ SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.47049.1.1.3
+ NAME 'proxy'
+ DESC 'Mail Proxy setting'
+ EQUALITY caseIgnoreIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{100}
+ SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.47049.1.1.4
+ NAME 'mailFolder'
+ DESC 'The absolute path to the mail directory'
+ EQUALITY caseExactIA5Match
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255}
+ SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.47049.1.1.5
+ NAME 'nologin'
+ DESC 'Flag to lockout a user from logging in'
+ EQUALITY booleanMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+ SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.47049.1.1.6
+ NAME 'dbUserId'
+ DESC 'Database User ID to maintain referential integrity'
+ EQUALITY integerMatch
+ SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+ SINGLE-VALUE )
+olcObjectClasses: ( 1.3.6.1.4.1.47049.1.2.1
+ NAME 'endfirstUser'
+ DESC 'endfirst user account'
+ SUP top STRUCTURAL
+ MUST ( uid $ dbUserId $ cn $ userPassword ) )
+olcObjectClasses: ( 1.3.6.1.4.1.47049.1.2.2
+ NAME 'endfirstSubscriber'
+ DESC 'endfirst LDAP Schema'
+ SUP endfirstUser AUXILIARY
+ MUST ( fileQuota $ mailQuota )
+ MAY ( host $ proxy $ mailFolder $ gidNumber $ uidNumber $ nologin ) )
diff --git a/endfirst.schema b/endfirst.schema
@@ -1,9 +1,8 @@
 #
 # SCHEMA 'endfirst' for OpenLDAP OLC (cn=config)
 #
-# userHash Field:
-# endfirst userHash is used to maintain referential integrity between LDAP,
-# Postgres and Redis databases. It is a surrogate key for the Postgres UserId
+# INSTALLATION:
+# sudo ldapadd -Y EXTERNAL -H ldapi:/// -f endfirst.ldif
 #
 # SOURCE:
 # https://github.com/robarchibald/endfirstLdapSchema
@@ -15,20 +14,62 @@
 #          1.3.6.1.4.1.47049.1.1 - LDAP Attribute Types
 #          1.3.6.1.4.1.47049.1.2 - LDAP Object Classes
 # See http://www.openldap.org/doc/admin24/schema.html for naming info
+# See http://www.zytrax.com/books/ldap/apa/types.html for data types
 #
 # WARNING: the spaces ' ' in the definitions are very important!!!
-#
 
-attributetype ( 1.3.6.1.4.1.47049.1.1.1
-    NAME 'userHash'
-    DESC 'EndFirst User Hash'
-    EQUALITY caseExactMatch
-    SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
+attributeType ( 1.3.6.1.4.1.47049.1.1.1
+    NAME 'fileQuota'
+    DESC 'File Sharing Quota (e.g. 2 GB)'
+    EQUALITY caseIgnoreIA5Match
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{50}
+    SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.4.1.47049.1.1.2
+    NAME 'mailQuota'
+    DESC 'Mail Quota (e.g. 2 GB)'
+    EQUALITY caseIgnoreIA5Match
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{50}
+    SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.4.1.47049.1.1.3
+    NAME 'proxy'
+    DESC 'Mail Proxy setting'
+    EQUALITY caseIgnoreIA5Match
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{100}
+    SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.4.1.47049.1.1.4
+    NAME 'mailFolder'
+    DESC 'The absolute path to the mail directory'
+    EQUALITY caseExactIA5Match
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255}
+    SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.4.1.47049.1.1.5
+    NAME 'nologin'
+    DESC 'Flag to lockout a user from logging in'
+    EQUALITY booleanMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+    SINGLE-VALUE )
+
+attributeType ( 1.3.6.1.4.1.47049.1.1.6
+    NAME 'dbUserId'
+    DESC 'Database User ID to maintain referential integrity'
+    EQUALITY integerMatch
+    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
     SINGLE-VALUE )
 
-objectclass ( 1.3.6.1.4.1.47049.1.2.1
-    NAME 'endfirst'
+objectClass ( 1.3.6.1.4.1.47049.1.2.1
+    NAME 'endfirstUser'
+    DESC 'endfirst user account'
+    SUP top STRUCTURAL
+    MUST ( uid $ dbUserId $ cn $ userPassword ) )
+
+objectClass ( 1.3.6.1.4.1.47049.1.2.2
+    NAME 'endfirstSubscriber'
     DESC 'endfirst LDAP Schema'
-    AUXILIARY
-    MUST ( userHash ) )
+    SUP endfirstUser AUXILIARY
+    MUST ( fileQuota $ mailQuota )
+    MAY ( host $ proxy $ mailFolder $ gidNumber $ uidNumber $ nologin ) )