[Date Prev][Date Next]
[Chronological]
[Thread]
[Top]
Re:Re: (ITS#5337) Start Slapd failure!!!
------=_Part_162959_15053760.1201154655304
Content-Type: text/plain; charset=gbk
Content-Transfer-Encoding: 7bit
this is my slapd.conf:
///////////////////////////////////////////////////////
#
# See slapd.conf(5) for details on configuration options.
# This file should NOT be world readable.
#
include /usr/local/etc/openldap/schema/core.schema
#include /usr/local/etc/openldap/schema/corba.schema
#include /usr/local/etc/openldap/schema/cosine.schema
#include /usr/local/etc/openldap/schema/inetorgperson.schema
#include /usr/local/etc/openldap/schema/misc.schema
#include /usr/local/etc/openldap/schema/openldap.schema
#include /usr/local/etc/openldap/schema/nis.schema
#include /usr/local/etc/openldap/schema/samba.schema
# Define global ACLs to disable default read access.
# Do not enable referrals until AFTER you have a working directory
# service AND an understanding of referrals.
#referral ldap://root.openldap.org
pidfile /usr/local/var/run/slapd.pid
argsfile /usr/local/var/run/slapd.args
# Load dynamic backend modules:
# modulepath /usr/local/libexec/openldap
# moduleload back_bdb.la
# moduleload back_hdb.la
# moduleload back_ldap.la
# Sample security restrictions
# Require integrity protection (prevent hijacking)
# Require 112-bit (3DES or better) encryption for updates
# Require 63-bit encryption for simple bind
# security ssf=1 update_ssf=112 simple_bind=64
# Sample access control policy:
# Root DSE: allow anyone to read it
# Subschema (sub)entry DSE: allow anyone to read it
# Other DSEs:
# Allow self write access
# Allow authenticated users read access
# Allow anonymous users to authenticate
# Directives needed to implement policy:
# access to dn.base="" by * read
# access to dn.base="cn=Subschema" by * read
# access to *
# by self write
# by users read
# by anonymous auth
#
# if no access controls are present, the default policy
# allows anyone and everyone to read anything but restricts
# updates to rootdn. (e.g., "access to * by * read")
#
# rootdn can always read and write EVERYTHING!
#######################################################################
# BDB database definitions
#######################################################################
database bdb
suffix "dc=gfdu,dc=com"
rootdn "cn=Manager,dc=gfdu,dc=com"
# Cleartext passwords, especially for the rootdn, should
# be avoid. See slappasswd(8) and slapd.conf(5) for details.
# Use of strong authentication encouraged.
rootpw secret
# The database directory MUST exist prior to running slapd AND
# should only be accessible by the slapd and slap tools.
# Mode 700 recommended.
directory /usr/local/var/openldap-data
# Indices to maintain
index objectClass eq
///////////////////////////////////////////////////////////////////
this is my core.schema:
# OpenLDAP Core schema
# $OpenLDAP: pkg/ldap/servers/slapd/schema/core.schema,v 1.88.2.5 2007/12/13 07:31:15 hyc Exp $
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
##
## Copyright 1998-2007 The OpenLDAP Foundation.
## All rights reserved.
##
## Redistribution and use in source and binary forms, with or without
## modification, are permitted only as authorized by the OpenLDAP
## Public License.
##
## A copy of this license is available in the file LICENSE in the
## top-level directory of the distribution or, alternatively, at
## <http://www.OpenLDAP.org/license.html>.
#
## Portions Copyright (C) The Internet Society (1997-2006).
## All Rights Reserved.
##
## This document and translations of it may be copied and furnished to
## others, and derivative works that comment on or otherwise explain it
## or assist in its implementation may be prepared, copied, published
## and distributed, in whole or in part, without restriction of any
## kind, provided that the above copyright notice and this paragraph are
## included on all such copies and derivative works. However, this
## document itself may not be modified in any way, such as by removing
## the copyright notice or references to the Internet Society or other
## Internet organizations, except as needed for the purpose of
## developing Internet standards in which case the procedures for
## copyrights defined in the Internet Standards process must be
## followed, or as required to translate it into languages other than
## English.
##
## The limited permissions granted above are perpetual and will not be
## revoked by the Internet Society or its successors or assigns.
##
## This document and the information contained herein is provided on an
## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
#
#
# Includes LDAPv3 schema items from:
# RFC 2252/2256 (LDAPv3)
#
# Select standard track schema items:
# RFC 1274 (uid/dc)
# RFC 2079 (URI)
# RFC 2247 (dc/dcObject)
# RFC 2587 (PKI)
# RFC 2589 (Dynamic Directory Services)
# RFC 4524 (associatedDomain)
#
# Select informational schema items:
# RFC 2377 (uidObject)
#
# Standard attribute types from RFC 2256
#
# system schema
#attributetype ( 2.5.4.0 NAME 'objectClass'
# DESC 'RFC2256: object classes of the entity'
# EQUALITY objectIdentifierMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
# system schema
#attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
# DESC 'RFC2256: name of aliased object'
# EQUALITY distinguishedNameMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
attributetype ( 2.5.4.2 NAME 'knowledgeInformation'
DESC 'RFC2256: knowledge information'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
# system schema
#attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' )
# DESC 'RFC2256: common name(s) for which the entity is known by'
# SUP name )
attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' )
DESC 'RFC2256: last (family) name(s) for which the entity is known by'
SUP name )
attributetype ( 2.5.4.5 NAME 'serialNumber'
DESC 'RFC2256: serial number of the entity'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
# RFC 4519 definition ('countryName' in X.500 and RFC2256)
attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
DESC 'RFC2256: two-letter ISO-3166 country code'
SUP name
SYNTAX 1.3.6.1.4.1.1466.115.121.1.11
SINGLE-VALUE )
#attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
# DESC 'RFC2256: ISO-3166 country 2-letter code'
# SUP name SINGLE-VALUE )
attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' )
DESC 'RFC2256: locality which this object resides in'
SUP name )
attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )
DESC 'RFC2256: state or province which this object resides in'
SUP name )
attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' )
DESC 'RFC2256: street address of this object'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' )
DESC 'RFC2256: organization this object belongs to'
SUP name )
attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
DESC 'RFC2256: organizational unit this object belongs to'
SUP name )
attributetype ( 2.5.4.12 NAME 'title'
DESC 'RFC2256: title associated with the entity'
SUP name )
# system schema
#attributetype ( 2.5.4.13 NAME 'description'
# DESC 'RFC2256: descriptive information'
# EQUALITY caseIgnoreMatch
# SUBSTR caseIgnoreSubstringsMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
# Deprecated by enhancedSearchGuide
attributetype ( 2.5.4.14 NAME 'searchGuide'
DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
attributetype ( 2.5.4.15 NAME 'businessCategory'
DESC 'RFC2256: business category'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
attributetype ( 2.5.4.16 NAME 'postalAddress'
DESC 'RFC2256: postal address'
EQUALITY caseIgnoreListMatch
SUBSTR caseIgnoreListSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
attributetype ( 2.5.4.17 NAME 'postalCode'
DESC 'RFC2256: postal code'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
attributetype ( 2.5.4.18 NAME 'postOfficeBox'
DESC 'RFC2256: Post Office Box'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
DESC 'RFC2256: Physical Delivery Office Name'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
attributetype ( 2.5.4.20 NAME 'telephoneNumber'
DESC 'RFC2256: Telephone Number'
EQUALITY telephoneNumberMatch
SUBSTR telephoneNumberSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
attributetype ( 2.5.4.21 NAME 'telexNumber'
DESC 'RFC2256: Telex Number'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
DESC 'RFC2256: Teletex Terminal Identifier'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
DESC 'RFC2256: Facsimile (Fax) Telephone Number'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
attributetype ( 2.5.4.24 NAME 'x121Address'
DESC 'RFC2256: X.121 Address'
EQUALITY numericStringMatch
SUBSTR numericStringSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber'
DESC 'RFC2256: international ISDN number'
EQUALITY numericStringMatch
SUBSTR numericStringSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
attributetype ( 2.5.4.26 NAME 'registeredAddress'
DESC 'RFC2256: registered postal address'
SUP postalAddress
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
attributetype ( 2.5.4.27 NAME 'destinationIndicator'
DESC 'RFC2256: destination indicator'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod'
DESC 'RFC2256: preferred delivery method'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
SINGLE-VALUE )
attributetype ( 2.5.4.29 NAME 'presentationAddress'
DESC 'RFC2256: presentation address'
EQUALITY presentationAddressMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
SINGLE-VALUE )
attributetype ( 2.5.4.30 NAME 'supportedApplicationContext'
DESC 'RFC2256: supported application context'
EQUALITY objectIdentifierMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
attributetype ( 2.5.4.31 NAME 'member'
DESC 'RFC2256: member of a group'
SUP distinguishedName )
attributetype ( 2.5.4.32 NAME 'owner'
DESC 'RFC2256: owner (of the object)'
SUP distinguishedName )
attributetype ( 2.5.4.33 NAME 'roleOccupant'
DESC 'RFC2256: occupant of role'
SUP distinguishedName )
# system schema
#attributetype ( 2.5.4.34 NAME 'seeAlso'
# DESC 'RFC2256: DN of related object'
# SUP distinguishedName )
# system schema
#attributetype ( 2.5.4.35 NAME 'userPassword'
# DESC 'RFC2256/2307: password of user'
# EQUALITY octetStringMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
# Must be transferred using ;binary
# with certificateExactMatch rule (per X.509)
attributetype ( 2.5.4.36 NAME 'userCertificate'
DESC 'RFC2256: X.509 user certificate, use ;binary'
EQUALITY certificateExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
# Must be transferred using ;binary
# with certificateExactMatch rule (per X.509)
attributetype ( 2.5.4.37 NAME 'cACertificate'
DESC 'RFC2256: X.509 CA certificate, use ;binary'
EQUALITY certificateExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
# Must be transferred using ;binary
attributetype ( 2.5.4.38 NAME 'authorityRevocationList'
DESC 'RFC2256: X.509 authority revocation list, use ;binary'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
# Must be transferred using ;binary
attributetype ( 2.5.4.39 NAME 'certificateRevocationList'
DESC 'RFC2256: X.509 certificate revocation list, use ;binary'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
# Must be stored and requested in the binary form
attributetype ( 2.5.4.40 NAME 'crossCertificatePair'
DESC 'RFC2256: X.509 cross certificate pair, use ;binary'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
# system schema
#attributetype ( 2.5.4.41 NAME 'name'
# EQUALITY caseIgnoreMatch
# SUBSTR caseIgnoreSubstringsMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' )
DESC 'RFC2256: first name(s) for which the entity is known by'
SUP name )
attributetype ( 2.5.4.43 NAME 'initials'
DESC 'RFC2256: initials of some or all of names, but not the surname(s).'
SUP name )
attributetype ( 2.5.4.44 NAME 'generationQualifier'
DESC 'RFC2256: name qualifier indicating a generation'
SUP name )
attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier'
DESC 'RFC2256: X.500 unique identifier'
EQUALITY bitStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
attributetype ( 2.5.4.46 NAME 'dnQualifier'
DESC 'RFC2256: DN qualifier'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide'
DESC 'RFC2256: enhanced search guide'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
attributetype ( 2.5.4.48 NAME 'protocolInformation'
DESC 'RFC2256: protocol information'
EQUALITY protocolInformationMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
# system schema
#attributetype ( 2.5.4.49 NAME 'distinguishedName'
# EQUALITY distinguishedNameMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
attributetype ( 2.5.4.50 NAME 'uniqueMember'
DESC 'RFC2256: unique member of a group'
EQUALITY uniqueMemberMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
attributetype ( 2.5.4.51 NAME 'houseIdentifier'
DESC 'RFC2256: house identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
# Must be transferred using ;binary
attributetype ( 2.5.4.52 NAME 'supportedAlgorithms'
DESC 'RFC2256: supported algorithms'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
# Must be transferred using ;binary
attributetype ( 2.5.4.53 NAME 'deltaRevocationList'
DESC 'RFC2256: delta revocation list; use ;binary'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
attributetype ( 2.5.4.54 NAME 'dmdName'
DESC 'RFC2256: name of DMD'
SUP name )
attributetype ( 2.5.4.65 NAME 'pseudonym'
DESC 'X.520(4th): pseudonym for the object'
SUP name )
# Standard object classes from RFC2256
# system schema
#objectclass ( 2.5.6.0 NAME 'top'
# DESC 'RFC2256: top of the superclass chain'
# ABSTRACT
# MUST objectClass )
# system schema
#objectclass ( 2.5.6.1 NAME 'alias'
# DESC 'RFC2256: an alias'
# SUP top STRUCTURAL
# MUST aliasedObjectName )
objectclass ( 2.5.6.2 NAME 'country'
DESC 'RFC2256: a country'
SUP top STRUCTURAL
MUST c
MAY ( searchGuide $ description ) )
objectclass ( 2.5.6.3 NAME 'locality'
DESC 'RFC2256: a locality'
SUP top STRUCTURAL
MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
objectclass ( 2.5.6.4 NAME 'organization'
DESC 'RFC2256: an organization'
SUP top STRUCTURAL
MUST o
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
objectclass ( 2.5.6.5 NAME 'organizationalUnit'
DESC 'RFC2256: an organizational unit'
SUP top STRUCTURAL
MUST ou
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
objectclass ( 2.5.6.6 NAME 'person'
DESC 'RFC2256: a person'
SUP top STRUCTURAL
MUST ( sn $ cn )
MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
objectclass ( 2.5.6.7 NAME 'organizationalPerson'
DESC 'RFC2256: an organizational person'
SUP person STRUCTURAL
MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
objectclass ( 2.5.6.8 NAME 'organizationalRole'
DESC 'RFC2256: an organizational role'
SUP top STRUCTURAL
MUST cn
MAY ( x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
objectclass ( 2.5.6.9 NAME 'groupOfNames'
DESC 'RFC2256: a group of names (DNs)'
SUP top STRUCTURAL
MUST ( member $ cn )
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
objectclass ( 2.5.6.10 NAME 'residentialPerson'
DESC 'RFC2256: an residential person'
SUP person STRUCTURAL
MUST l
MAY ( businessCategory $ x121Address $ registeredAddress $
destinationIndicator $ preferredDeliveryMethod $ telexNumber $
teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ st $ l ) )
objectclass ( 2.5.6.11 NAME 'applicationProcess'
DESC 'RFC2256: an application process'
SUP top STRUCTURAL
MUST cn
MAY ( seeAlso $ ou $ l $ description ) )
objectclass ( 2.5.6.12 NAME 'applicationEntity'
DESC 'RFC2256: an application entity'
SUP top STRUCTURAL
MUST ( presentationAddress $ cn )
MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
description ) )
objectclass ( 2.5.6.13 NAME 'dSA'
DESC 'RFC2256: a directory system agent (a server)'
SUP applicationEntity STRUCTURAL
MAY knowledgeInformation )
objectclass ( 2.5.6.14 NAME 'device'
DESC 'RFC2256: a device'
SUP top STRUCTURAL
MUST cn
MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser'
DESC 'RFC2256: a strong authentication user'
SUP top AUXILIARY
MUST userCertificate )
objectclass ( 2.5.6.16 NAME 'certificationAuthority'
DESC 'RFC2256: a certificate authority'
SUP top AUXILIARY
MUST ( authorityRevocationList $ certificateRevocationList $
cACertificate ) MAY crossCertificatePair )
objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames'
DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
SUP top STRUCTURAL
MUST ( uniqueMember $ cn )
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
objectclass ( 2.5.6.18 NAME 'userSecurityInformation'
DESC 'RFC2256: a user security information'
SUP top AUXILIARY
MAY ( supportedAlgorithms ) )
objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
SUP certificationAuthority
AUXILIARY MAY ( deltaRevocationList ) )
objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint'
SUP top STRUCTURAL
MUST ( cn )
MAY ( certificateRevocationList $ authorityRevocationList $
deltaRevocationList ) )
objectclass ( 2.5.6.20 NAME 'dmd'
SUP top STRUCTURAL
MUST ( dmdName )
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
street $ postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName $ st $ l $ description ) )
#
# Object Classes from RFC 2587
#
objectclass ( 2.5.6.21 NAME 'pkiUser'
DESC 'RFC2587: a PKI user'
SUP top AUXILIARY
MAY userCertificate )
objectclass ( 2.5.6.22 NAME 'pkiCA'
DESC 'RFC2587: PKI certificate authority'
SUP top AUXILIARY
MAY ( authorityRevocationList $ certificateRevocationList $
cACertificate $ crossCertificatePair ) )
objectclass ( 2.5.6.23 NAME 'deltaCRL'
DESC 'RFC2587: PKI user'
SUP top AUXILIARY
MAY deltaRevocationList )
#
# Standard Track URI label schema from RFC 2079
# system schema
#attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
# DESC 'RFC2079: Uniform Resource Identifier with optional label'
# EQUALITY caseExactMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
DESC 'RFC2079: object that contains the URI attribute type'
SUP top AUXILIARY
MAY ( labeledURI ) )
#
# Derived from RFC 1274, but with new "short names"
#
#attributetype ( 0.9.2342.19200300.100.1.1
# NAME ( 'uid' 'userid' )
# DESC 'RFC1274: user identifier'
# EQUALITY caseIgnoreMatch
# SUBSTR caseIgnoreSubstringsMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( 0.9.2342.19200300.100.1.3
NAME ( 'mail' 'rfc822Mailbox' )
DESC 'RFC1274: RFC822 Mailbox'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
DESC 'RFC1274: simple security object'
SUP top AUXILIARY
MUST userPassword )
# RFC 1274 + RFC 2247
attributetype ( 0.9.2342.19200300.100.1.25
NAME ( 'dc' 'domainComponent' )
DESC 'RFC1274/2247: domain component'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
# RFC 2247
objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
DESC 'RFC2247: domain component object'
SUP top AUXILIARY MUST dc )
# RFC 2377
objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject'
DESC 'RFC2377: uid object'
SUP top AUXILIARY MUST uid )
# RFC 4524
# The 'associatedDomain' attribute specifies DNS [RFC1034][RFC2181]
# host names [RFC1123] that are associated with an object. That is,
# values of this attribute should conform to the following ABNF:
#
# domain = root / label *( DOT label )
# root = SPACE
# label = LETDIG [ *61( LETDIG / HYPHEN ) LETDIG ]
# LETDIG = %x30-39 / %x41-5A / %x61-7A ; "0" - "9" / "A"-"Z" / "a"-"z"
# SPACE = %x20 ; space (" ")
# HYPHEN = %x2D ; hyphen ("-")
# DOT = %x2E ; period (".")
attributetype ( 0.9.2342.19200300.100.1.37
NAME 'associatedDomain'
DESC 'RFC1274: domain associated with object'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema)
attributetype ( 1.2.840.113549.1.9.1
NAME ( 'email' 'emailAddress' 'pkcs9email' )
DESC 'RFC3280: legacy attribute for email addresses in DNs'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
------=_Part_162959_15053760.1201154655304
Content-Type: text/html; charset=gbk
Content-Transfer-Encoding: quoted-printable
<DIV>this is my slapd.conf:</DIV>
<DIV>///////////////////////////////////////////////////////</DIV>
<DIV>#<BR># See slapd.conf(5) for details on configuration options.<BR># Th=
is file should NOT be world readable.<BR>#<BR>include /usr/local=
/etc/openldap/schema/core.schema<BR>#include &=
nbsp; /usr/local/etc/openldap/schema/corba.schema<BR>#include&n=
bsp; /usr/local/etc/openldap/sche=
ma/cosine.schema<BR>#include  =
; /usr/local/etc/openldap/schema/inetorgperson.schema<BR>#include &nbs=
p; /usr/local/etc/openldap/schema/misc.=
schema<BR>#include /usr/loc=
al/etc/openldap/schema/openldap.schema<BR>#include &=
nbsp; /usr/local/etc/openldap/schema/nis.schema<BR>#inclu=
de /usr/local/etc/openldap/=
schema/samba.schema</DIV>
<DIV> </DIV>
<DIV># Define global ACLs to disable default read access.</DIV>
<DIV># Do not enable referrals until AFTER you have a working directory<BR>=
# service AND an understanding of referrals.<BR>#referral <A href=3D"l=
dap://root.openldap.org">ldap://root.openldap.org</A></DIV>
<DIV>pidfile /usr/local/var/run/slapd.pid<BR>argsfile /usr/=
local/var/run/slapd.args</DIV>
<DIV># Load dynamic backend modules:<BR># modulepath /usr/local/libexe=
c/openldap<BR># moduleload back_bdb.la<BR># moduleload back_hdb.l=
a<BR># moduleload back_ldap.la</DIV>
<DIV># Sample security restrictions<BR># Require integrity protection =
(prevent hijacking)<BR># Require 112-bit (3DES or better) encryption f=
or updates<BR># Require 63-bit encryption for simple bind<BR># securit=
y ssf=3D1 update_ssf=3D112 simple_bind=3D64</DIV>
<DIV># Sample access control policy:<BR># Root DSE: allow anyone to re=
ad it<BR># Subschema (sub)entry DSE: allow anyone to read it<BR># =
;Other DSEs:<BR># Allow self write access<BR># Allow =
authenticated users read access<BR># Allow anonymous users to au=
thenticate<BR># Directives needed to implement policy:<BR># access to =
dn.base=3D"" by * read<BR># access to dn.base=3D"cn=3DSubschema" by * read<=
BR># access to *<BR># by self write<BR># by users read<BR># =
by anonymous auth<BR>#<BR># if no access controls are present, the default =
policy<BR># allows anyone and everyone to read anything but restricts<BR># =
updates to rootdn. (e.g., "access to * by * read")<BR>#<BR># rootdn c=
an always read and write EVERYTHING!</DIV>
<DIV>######################################################################=
#<BR># BDB database definitions<BR>########################################=
###############################</DIV>
<DIV>database bdb<BR>suffix "dc=3Dgfdu,dc=3Dcom"<BR>rootdn&=
nbsp; "cn=3DManager,dc=3Dgfdu,dc=3Dcom"<BR># Cleartext passwords, espe=
cially for the rootdn, should<BR># be avoid. See slappasswd(8) and sl=
apd.conf(5) for details.<BR># Use of strong authentication encouraged.<BR>r=
ootpw secret<BR># The database directory MUST exist prior to run=
ning slapd AND <BR># should only be accessible by the slapd and slap tools.=
<BR># Mode 700 recommended.<BR>directory /usr/local/var/openldap-data<=
BR># Indices to maintain<BR>index objectClass eq<BR></DIV>
<DIV>///////////////////////////////////////////////////////////////////</D=
IV>
<DIV> </DIV>
<DIV>this is my core.schema:</DIV>
<DIV> </DIV>
<DIV># OpenLDAP Core schema<BR># $OpenLDAP: pkg/ldap/servers/slapd/schema/c=
ore.schema,v 1.88.2.5 2007/12/13 07:31:15 hyc Exp $<BR>## This work is part=
of OpenLDAP Software <<A href=3D"http://www.openldap.org/";>http://www.o=
penldap.org/</A>>.<BR>##<BR>## Copyright 1998-2007 The OpenLDAP Foundati=
on.<BR>## All rights reserved.<BR>##<BR>## Redistribution and use in source=
and binary forms, with or without<BR>## modification, are permitted only a=
s authorized by the OpenLDAP<BR>## Public License.<BR>##<BR>## A copy of th=
is license is available in the file LICENSE in the<BR>## top-level director=
y of the distribution or, alternatively, at<BR>## <<A href=3D"http://www=
.OpenLDAP.org/license.html">http://www.OpenLDAP.org/license.html</A>>.<B=
R>#<BR>## Portions Copyright (C) The Internet Society (1997-2006).<BR>## Al=
l Rights Reserved.<BR>##<BR>## This document and translations of it may be =
copied and furnished to<BR>## others, and derivative works that comment on =
or otherwise explain it<BR>## or assist in its implementation may be prepar=
ed, copied, published<BR>## and distributed, in whole or in part, without r=
estriction of any<BR>## kind, provided that the above copyright notice and =
this paragraph are<BR>## included on all such copies and derivative works.&=
nbsp; However, this<BR>## document itself may not be modified in any way, s=
uch as by removing<BR>## the copyright notice or references to the Internet=
Society or other<BR>## Internet organizations, except as needed for the pu=
rpose of<BR>## developing Internet standards in which case the procedures f=
or<BR>## copyrights defined in the Internet Standards process must be =
<BR>## followed, or as required =
to translate it into languages other than<BR>## English.<BR>## &=
nbsp; &nbs=
p; &=
nbsp; &nbs=
p; &=
nbsp; &nbs=
p; <BR>## The limited permissions granted above are=
perpetual and will not be <BR>## revoked by the Internet Society or =
its successors or assigns. <BR>##=
<BR>## This document and the information contained herein is provided on a=
n <BR>## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERIN=
G<BR>## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING<=
BR>## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION<BR>##=
HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF<BR>## MER=
CHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.</DIV>
<DIV>#<BR>#<BR># Includes LDAPv3 schema items from:<BR># RFC 2252/2256=
(LDAPv3)<BR>#<BR># Select standard track schema items:<BR># RFC 1274 =
(uid/dc)<BR># RFC 2079 (URI)<BR># RFC 2247 (dc/dcObject)<BR>#&nbs=
p;RFC 2587 (PKI)<BR># RFC 2589 (Dynamic Directory Services)<BR># =
RFC 4524 (associatedDomain)<BR>#<BR># Select informational schema items:<BR=
># RFC 2377 (uidObject)</DIV>
<DIV>#<BR># Standard attribute types from RFC 2256<BR>#</DIV>
<DIV># system schema<BR>#attributetype ( 2.5.4.0 NAME 'objectClass'<BR>#&nb=
sp;DESC 'RFC2256: object classes of the entity'<BR># EQUALITY objectId=
entifierMatch<BR># SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )</DIV>
<DIV># system schema<BR>#attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName'=
'aliasedEntryName' )<BR># DESC 'RFC2256: name of aliased object'<BR>#=
EQUALITY distinguishedNameMatch<BR># SYNTAX 1.3.6.1.4.1.1466.115=
.121.1.12 SINGLE-VALUE )</DIV>
<DIV>attributetype ( 2.5.4.2 NAME 'knowledgeInformation'<BR> DESC 'RFC=
2256: knowledge information'<BR> EQUALITY caseIgnoreMatch<BR> SYN=
TAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )</DIV>
<DIV># system schema<BR>#attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' )=
<BR># DESC 'RFC2256: common name(s) for which the entity is known by'<=
BR># SUP name )</DIV>
<DIV>attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' )<BR> DESC 'RFC2256=
: last (family) name(s) for which the entity is known by'<BR> SUP name=
)</DIV>
<DIV>attributetype ( 2.5.4.5 NAME 'serialNumber'<BR> DESC 'RFC2256: se=
rial number of the entity'<BR> EQUALITY caseIgnoreMatch<BR> SUBST=
R caseIgnoreSubstringsMatch<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{6=
4} )</DIV>
<DIV># RFC 4519 definition ('countryName' in X.500 and RFC2256)<BR>attribut=
etype ( 2.5.4.6 NAME ( 'c' 'countryName' )<BR> DESC 'RFC2256: two-lett=
er ISO-3166 country code'<BR> SUP name<BR> SYNTAX 1.3.6.1.4.1.146=
6.115.121.1.11<BR> SINGLE-VALUE )</DIV>
<DIV>#attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )<BR># DESC 'RF=
C2256: ISO-3166 country 2-letter code'<BR># SUP name SINGLE-VALUE )</D=
IV>
<DIV>attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' )<BR> DESC 'RFC=
2256: locality which this object resides in'<BR> SUP name )</DIV>
<DIV>attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )<BR> D=
ESC 'RFC2256: state or province which this object resides in'<BR> SUP =
name )</DIV>
<DIV>attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' )<BR> DES=
C 'RFC2256: street address of this object'<BR> EQUALITY caseIgnoreMatc=
h<BR> SUBSTR caseIgnoreSubstringsMatch<BR> SYNTAX 1.3.6.1.4.1.146=
6.115.121.1.15{128} )</DIV>
<DIV>attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' )<BR> DESC=
'RFC2256: organization this object belongs to'<BR> SUP name )</DIV>
<DIV>attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )<BR>&nb=
sp;DESC 'RFC2256: organizational unit this object belongs to'<BR> SUP =
name )</DIV>
<DIV>attributetype ( 2.5.4.12 NAME 'title'<BR> DESC 'RFC2256: title as=
sociated with the entity'<BR> SUP name )</DIV>
<DIV># system schema<BR>#attributetype ( 2.5.4.13 NAME 'description'<BR>#&n=
bsp;DESC 'RFC2256: descriptive information'<BR># EQUALITY caseIgnoreMa=
tch<BR># SUBSTR caseIgnoreSubstringsMatch<BR># SYNTAX 1.3.6.1.4.1=
.1466.115.121.1.15{1024} )</DIV>
<DIV># Deprecated by enhancedSearchGuide<BR>attributetype ( 2.5.4.14 NAME '=
searchGuide'<BR> DESC 'RFC2256: search guide, deprecated by enhancedSe=
archGuide'<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )</DIV>
<DIV>attributetype ( 2.5.4.15 NAME 'businessCategory'<BR> DESC 'RFC225=
6: business category'<BR> EQUALITY caseIgnoreMatch<BR> SUBSTR cas=
eIgnoreSubstringsMatch<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )=
</DIV>
<DIV>attributetype ( 2.5.4.16 NAME 'postalAddress'<BR> DESC 'RFC2256: =
postal address'<BR> EQUALITY caseIgnoreListMatch<BR> SUBSTR caseI=
gnoreListSubstringsMatch<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )</D=
IV>
<DIV>attributetype ( 2.5.4.17 NAME 'postalCode'<BR> DESC 'RFC2256: pos=
tal code'<BR> EQUALITY caseIgnoreMatch<BR> SUBSTR caseIgnoreSubst=
ringsMatch<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )</DIV>
<DIV>attributetype ( 2.5.4.18 NAME 'postOfficeBox'<BR> DESC 'RFC2256: =
Post Office Box'<BR> EQUALITY caseIgnoreMatch<BR> SUBSTR caseIgno=
reSubstringsMatch<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )</DIV>
<DIV>attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'<BR> DE=
SC 'RFC2256: Physical Delivery Office Name'<BR> EQUALITY caseIgnoreMat=
ch<BR> SUBSTR caseIgnoreSubstringsMatch<BR> SYNTAX 1.3.6.1.4.1.14=
66.115.121.1.15{128} )</DIV>
<DIV>attributetype ( 2.5.4.20 NAME 'telephoneNumber'<BR> DESC 'RFC2256=
: Telephone Number'<BR> EQUALITY telephoneNumberMatch<BR> SUBSTR =
telephoneNumberSubstringsMatch<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.5=
0{32} )</DIV>
<DIV>attributetype ( 2.5.4.21 NAME 'telexNumber'<BR> DESC 'RFC2256: Te=
lex Number'<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )</DIV>
<DIV>attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier'<BR> DES=
C 'RFC2256: Teletex Terminal Identifier'<BR> SYNTAX 1.3.6.1.4.1.1466.1=
15.121.1.51 )</DIV>
<DIV>attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )<BR>=
DESC 'RFC2256: Facsimile (Fax) Telephone Number'<BR> SYNTAX 1.3.=
6.1.4.1.1466.115.121.1.22 )</DIV>
<DIV>attributetype ( 2.5.4.24 NAME 'x121Address'<BR> DESC 'RFC2256: X.=
121 Address'<BR> EQUALITY numericStringMatch<BR> SUBSTR numericSt=
ringSubstringsMatch<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )</DI=
V>
<DIV>attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber'<BR> DESC =
'RFC2256: international ISDN number'<BR> EQUALITY numericStringMatch<B=
R> SUBSTR numericStringSubstringsMatch<BR> SYNTAX 1.3.6.1.4.1.146=
6.115.121.1.36{16} )</DIV>
<DIV>attributetype ( 2.5.4.26 NAME 'registeredAddress'<BR> DESC 'RFC22=
56: registered postal address'<BR> SUP postalAddress<BR> SYNTAX 1=
.3.6.1.4.1.1466.115.121.1.41 )</DIV>
<DIV>attributetype ( 2.5.4.27 NAME 'destinationIndicator'<BR> DESC 'RF=
C2256: destination indicator'<BR> EQUALITY caseIgnoreMatch<BR> SU=
BSTR caseIgnoreSubstringsMatch<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.4=
4{128} )</DIV>
<DIV>attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod'<BR> DESC =
'RFC2256: preferred delivery method'<BR> SYNTAX 1.3.6.1.4.1.1466.115.1=
21.1.14<BR> SINGLE-VALUE )</DIV>
<DIV>attributetype ( 2.5.4.29 NAME 'presentationAddress'<BR> DESC 'RFC=
2256: presentation address'<BR> EQUALITY presentationAddressMatch<BR>&=
nbsp;SYNTAX 1.3.6.1.4.1.1466.115.121.1.43<BR> SINGLE-VALUE )</DIV>
<DIV>attributetype ( 2.5.4.30 NAME 'supportedApplicationContext'<BR> D=
ESC 'RFC2256: supported application context'<BR> EQUALITY objectIdenti=
fierMatch<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )</DIV>
<DIV>attributetype ( 2.5.4.31 NAME 'member'<BR> DESC 'RFC2256: member =
of a group'<BR> SUP distinguishedName )</DIV>
<DIV>attributetype ( 2.5.4.32 NAME 'owner'<BR> DESC 'RFC2256: owner (o=
f the object)'<BR> SUP distinguishedName )</DIV>
<DIV>attributetype ( 2.5.4.33 NAME 'roleOccupant'<BR> DESC 'RFC2256: o=
ccupant of role'<BR> SUP distinguishedName )</DIV>
<DIV># system schema<BR>#attributetype ( 2.5.4.34 NAME 'seeAlso'<BR># =
DESC 'RFC2256: DN of related object'<BR># SUP distinguishedName )</DIV=
>
<DIV># system schema<BR>#attributetype ( 2.5.4.35 NAME 'userPassword'<BR>#&=
nbsp;DESC 'RFC2256/2307: password of user'<BR># EQUALITY octetStringMa=
tch<BR># SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )</DIV>
<DIV># Must be transferred using ;binary<BR># with certificateExactMatch ru=
le (per X.509)<BR>attributetype ( 2.5.4.36 NAME 'userCertificate'<BR> =
DESC 'RFC2256: X.509 user certificate, use ;binary'<BR> EQUALITY certi=
ficateExactMatch<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )</DIV>
<DIV># Must be transferred using ;binary<BR># with certificateExactMatch ru=
le (per X.509)<BR>attributetype ( 2.5.4.37 NAME 'cACertificate'<BR> DE=
SC 'RFC2256: X.509 CA certificate, use ;binary'<BR> EQUALITY certifica=
teExactMatch<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )</DIV>
<DIV># Must be transferred using ;binary<BR>attributetype ( 2.5.4.38 NAME '=
authorityRevocationList'<BR> DESC 'RFC2256: X.509 authority revocation=
list, use ;binary'<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )</DIV>
<DIV># Must be transferred using ;binary<BR>attributetype ( 2.5.4.39 NAME '=
certificateRevocationList'<BR> DESC 'RFC2256: X.509 certificate revoca=
tion list, use ;binary'<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )</DIV=
>
<DIV># Must be stored and requested in the binary form<BR>attributetype ( 2=
.5.4.40 NAME 'crossCertificatePair'<BR> DESC 'RFC2256: X.509 cross cer=
tificate pair, use ;binary'<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )=
</DIV>
<DIV># system schema<BR>#attributetype ( 2.5.4.41 NAME 'name'<BR># EQU=
ALITY caseIgnoreMatch<BR># SUBSTR caseIgnoreSubstringsMatch<BR># =
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )</DIV>
<DIV>attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' )<BR> DESC 'RFC2=
256: first name(s) for which the entity is known by'<BR> SUP name )</D=
IV>
<DIV>attributetype ( 2.5.4.43 NAME 'initials'<BR> DESC 'RFC2256: initi=
als of some or all of names, but not the surname(s).'<BR> SUP name )</=
DIV>
<DIV>attributetype ( 2.5.4.44 NAME 'generationQualifier'<BR> DESC 'RFC=
2256: name qualifier indicating a generation'<BR> SUP name )</DIV>
<DIV>attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier'<BR> DESC 'RF=
C2256: X.500 unique identifier'<BR> EQUALITY bitStringMatch<BR> S=
YNTAX 1.3.6.1.4.1.1466.115.121.1.6 )</DIV>
<DIV>attributetype ( 2.5.4.46 NAME 'dnQualifier'<BR> DESC 'RFC2256: DN=
qualifier'<BR> EQUALITY caseIgnoreMatch<BR> ORDERING caseIgnoreO=
rderingMatch<BR> SUBSTR caseIgnoreSubstringsMatch<BR> SYNTAX 1.3.=
6.1.4.1.1466.115.121.1.44 )</DIV>
<DIV>attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide'<BR> DESC 'RFC=
2256: enhanced search guide'<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 =
)</DIV>
<DIV>attributetype ( 2.5.4.48 NAME 'protocolInformation'<BR> DESC 'RFC=
2256: protocol information'<BR> EQUALITY protocolInformationMatch<BR>&=
nbsp;SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )</DIV>
<DIV># system schema<BR>#attributetype ( 2.5.4.49 NAME 'distinguishedName'<=
BR># EQUALITY distinguishedNameMatch<BR># SYNTAX 1.3.6.1.4.1.1466=
.115.121.1.12 )</DIV>
<DIV>attributetype ( 2.5.4.50 NAME 'uniqueMember'<BR> DESC 'RFC2256: u=
nique member of a group'<BR> EQUALITY uniqueMemberMatch<BR> SYNTA=
X 1.3.6.1.4.1.1466.115.121.1.34 )</DIV>
<DIV>attributetype ( 2.5.4.51 NAME 'houseIdentifier'<BR> DESC 'RFC2256=
: house identifier'<BR> EQUALITY caseIgnoreMatch<BR> SUBSTR caseI=
gnoreSubstringsMatch<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )=
</DIV>
<DIV># Must be transferred using ;binary<BR>attributetype ( 2.5.4.52 NAME '=
supportedAlgorithms'<BR> DESC 'RFC2256: supported algorithms'<BR> =
;SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )</DIV>
<DIV># Must be transferred using ;binary<BR>attributetype ( 2.5.4.53 NAME '=
deltaRevocationList'<BR> DESC 'RFC2256: delta revocation list; use ;bi=
nary'<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )</DIV>
<DIV>attributetype ( 2.5.4.54 NAME 'dmdName'<BR> DESC 'RFC2256: name o=
f DMD'<BR> SUP name )</DIV>
<DIV>attributetype ( 2.5.4.65 NAME 'pseudonym'<BR> DESC 'X.520(4th): p=
seudonym for the object'<BR> SUP name )</DIV>
<DIV># Standard object classes from RFC2256</DIV>
<DIV># system schema<BR>#objectclass ( 2.5.6.0 NAME 'top'<BR># DESC 'R=
FC2256: top of the superclass chain'<BR># ABSTRACT<BR># MUST obje=
ctClass )</DIV>
<DIV># system schema<BR>#objectclass ( 2.5.6.1 NAME 'alias'<BR># DESC =
'RFC2256: an alias'<BR># SUP top STRUCTURAL<BR># MUST aliasedObje=
ctName )</DIV>
<DIV>objectclass ( 2.5.6.2 NAME 'country'<BR> DESC 'RFC2256: a country=
'<BR> SUP top STRUCTURAL<BR> MUST c<BR> MAY ( searchGuide $ =
description ) )</DIV>
<DIV>objectclass ( 2.5.6.3 NAME 'locality'<BR> DESC 'RFC2256: a locali=
ty'<BR> SUP top STRUCTURAL<BR> MAY ( street $ seeAlso $ searchGui=
de $ st $ l $ description ) )</DIV>
<DIV>objectclass ( 2.5.6.4 NAME 'organization'<BR> DESC 'RFC2256: an o=
rganization'<BR> SUP top STRUCTURAL<BR> MUST o<BR> MAY ( use=
rPassword $ searchGuide $ seeAlso $ businessCategory $<BR> x121A=
ddress $ registeredAddress $ destinationIndicator $<BR> preferre=
dDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $<BR> =
telephoneNumber $ internationaliSDNNumber $ <BR> facsimileTeleph=
oneNumber $ street $ postOfficeBox $ postalCode $<BR> postalAddr=
ess $ physicalDeliveryOfficeName $ st $ l $ description ) )</DIV>
<DIV>objectclass ( 2.5.6.5 NAME 'organizationalUnit'<BR> DESC 'RFC2256=
: an organizational unit'<BR> SUP top STRUCTURAL<BR> MUST ou<BR>&=
nbsp;MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $<BR>&nb=
sp; x121Address $ registeredAddress $ destinationIndicator $<BR> =
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $<B=
R> telephoneNumber $ internationaliSDNNumber $<BR> fa=
csimileTelephoneNumber $ street $ postOfficeBox $ postalCode $<BR> &nb=
sp;postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )</D=
IV>
<DIV>objectclass ( 2.5.6.6 NAME 'person'<BR> DESC 'RFC2256: a person'<=
BR> SUP top STRUCTURAL<BR> MUST ( sn $ cn )<BR> MAY ( userPa=
ssword $ telephoneNumber $ seeAlso $ description ) )</DIV>
<DIV>objectclass ( 2.5.6.7 NAME 'organizationalPerson'<BR> DESC 'RFC22=
56: an organizational person'<BR> SUP person STRUCTURAL<BR> MAY (=
title $ x121Address $ registeredAddress $ destinationIndicator $<BR> =
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $<B=
R> telephoneNumber $ internationaliSDNNumber $ <BR> f=
acsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $<BR> &n=
bsp;postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )</DIV>
<DIV>objectclass ( 2.5.6.8 NAME 'organizationalRole'<BR> DESC 'RFC2256=
: an organizational role'<BR> SUP top STRUCTURAL<BR> MUST cn<BR>&=
nbsp;MAY ( x121Address $ registeredAddress $ destinationIndicator $<BR>&nbs=
p; preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $=
<BR> telephoneNumber $ internationaliSDNNumber $ facsimileTeleph=
oneNumber $<BR> seeAlso $ roleOccupant $ preferredDeliveryMethod=
$ street $<BR> postOfficeBox $ postalCode $ postalAddress $<BR>=
physicalDeliveryOfficeName $ ou $ st $ l $ description ) )</DIV=
>
<DIV>objectclass ( 2.5.6.9 NAME 'groupOfNames'<BR> DESC 'RFC2256: a gr=
oup of names (DNs)'<BR> SUP top STRUCTURAL<BR> MUST ( member $ cn=
)<BR> MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description=
) )</DIV>
<DIV>objectclass ( 2.5.6.10 NAME 'residentialPerson'<BR> DESC 'RFC2256=
: an residential person'<BR> SUP person STRUCTURAL<BR> MUST l<BR>=
MAY ( businessCategory $ x121Address $ registeredAddress $<BR> &=
nbsp;destinationIndicator $ preferredDeliveryMethod $ telexNumber $<BR>&nbs=
p; teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumb=
er $<BR> facsimileTelephoneNumber $ preferredDeliveryMethod $ st=
reet $<BR> postOfficeBox $ postalCode $ postalAddress $<BR> =
; physicalDeliveryOfficeName $ st $ l ) )</DIV>
<DIV>objectclass ( 2.5.6.11 NAME 'applicationProcess'<BR> DESC 'RFC225=
6: an application process'<BR> SUP top STRUCTURAL<BR> MUST cn<BR>=
MAY ( seeAlso $ ou $ l $ description ) )</DIV>
<DIV>objectclass ( 2.5.6.12 NAME 'applicationEntity'<BR> DESC 'RFC2256=
: an application entity'<BR> SUP top STRUCTURAL<BR> MUST ( presen=
tationAddress $ cn )<BR> MAY ( supportedApplicationContext $ seeAlso $=
ou $ o $ l $<BR> description ) )</DIV>
<DIV>objectclass ( 2.5.6.13 NAME 'dSA'<BR> DESC 'RFC2256: a directory =
system agent (a server)'<BR> SUP applicationEntity STRUCTURAL<BR> =
;MAY knowledgeInformation )</DIV>
<DIV>objectclass ( 2.5.6.14 NAME 'device'<BR> DESC 'RFC2256: a device'=
<BR> SUP top STRUCTURAL<BR> MUST cn<BR> MAY ( serialNumber $=
seeAlso $ owner $ ou $ o $ l $ description ) )</DIV>
<DIV>objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser'<BR> DESC '=
RFC2256: a strong authentication user'<BR> SUP top AUXILIARY<BR> =
MUST userCertificate )</DIV>
<DIV>objectclass ( 2.5.6.16 NAME 'certificationAuthority'<BR> DESC 'RF=
C2256: a certificate authority'<BR> SUP top AUXILIARY<BR> MUST ( =
authorityRevocationList $ certificateRevocationList $<BR> cACert=
ificate ) MAY crossCertificatePair )</DIV>
<DIV>objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames'<BR> DESC 'RFC225=
6: a group of unique names (DN and Unique Identifier)'<BR> SUP top STR=
UCTURAL<BR> MUST ( uniqueMember $ cn )<BR> MAY ( businessCategory=
$ seeAlso $ owner $ ou $ o $ description ) )</DIV>
<DIV>objectclass ( 2.5.6.18 NAME 'userSecurityInformation'<BR> DESC 'R=
FC2256: a user security information'<BR> SUP top AUXILIARY<BR> MA=
Y ( supportedAlgorithms ) )</DIV>
<DIV>objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2'<BR> SUP=
certificationAuthority<BR> AUXILIARY MAY ( deltaRevocationList ) )</D=
IV>
<DIV>objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint'<BR> SUP top ST=
RUCTURAL<BR> MUST ( cn )<BR> MAY ( certificateRevocationList $ au=
thorityRevocationList $<BR> deltaRevocationList ) )</DIV>
<DIV>objectclass ( 2.5.6.20 NAME 'dmd'<BR> SUP top STRUCTURAL<BR> =
;MUST ( dmdName )<BR> MAY ( userPassword $ searchGuide $ seeAlso $ bus=
inessCategory $<BR> x121Address $ registeredAddress $ destinatio=
nIndicator $<BR> preferredDeliveryMethod $ telexNumber $ teletex=
TerminalIdentifier $<BR> telephoneNumber $ internationaliSDNNumb=
er $ facsimileTelephoneNumber $<BR> street $ postOfficeBox $ pos=
talCode $ postalAddress $<BR> physicalDeliveryOfficeName $ st $ =
l $ description ) )</DIV>
<DIV>#<BR># Object Classes from RFC 2587<BR>#<BR>objectclass ( 2.5.6.21 NAM=
E 'pkiUser'<BR> DESC 'RFC2587: a PKI user'<BR> SUP top AUXILIARY<=
BR> MAY userCertificate )</DIV>
<DIV>objectclass ( 2.5.6.22 NAME 'pkiCA'<BR> DESC 'RFC2587: PKI certif=
icate authority'<BR> SUP top AUXILIARY<BR> MAY ( authorityRevocat=
ionList $ certificateRevocationList $<BR> cACertificate $ crossC=
ertificatePair ) )</DIV>
<DIV>objectclass ( 2.5.6.23 NAME 'deltaCRL'<BR> DESC 'RFC2587: PKI use=
r'<BR> SUP top AUXILIARY<BR> MAY deltaRevocationList )</DIV>
<DIV>#<BR># Standard Track URI label schema from RFC 2079<BR># system schem=
a<BR>#attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'<BR># DESC=
'RFC2079: Uniform Resource Identifier with optional label'<BR># EQUAL=
ITY caseExactMatch<BR># SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )</DIV>
<DIV>objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'<BR> DE=
SC 'RFC2079: object that contains the URI attribute type'<BR> SUP top =
AUXILIARY<BR> MAY ( labeledURI ) )</DIV>
<DIV>#<BR># Derived from RFC 1274, but with new "short names"<BR>#<BR>#attr=
ibutetype ( 0.9.2342.19200300.100.1.1<BR># NAME ( 'uid' 'userid' )<BR>=
# DESC 'RFC1274: user identifier'<BR># EQUALITY caseIgnoreMatch<B=
R># SUBSTR caseIgnoreSubstringsMatch<BR># SYNTAX 1.3.6.1.4.1.1466=
.115.121.1.15{256} )</DIV>
<DIV>attributetype ( 0.9.2342.19200300.100.1.3<BR> NAME ( 'mail' 'rfc8=
22Mailbox' )<BR> DESC 'RFC1274: RFC822 Mailbox'<BR> =
EQUALITY caseIgnoreIA5Match<BR> SUBSTR caseIgnoreIA5Subst=
ringsMatch<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} =
)</DIV>
<DIV>objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'<B=
R> DESC 'RFC1274: simple security object'<BR> SUP top AUXILIARY<B=
R> MUST userPassword )</DIV>
<DIV># RFC 1274 + RFC 2247<BR>attributetype ( 0.9.2342.19200300.100.1.25<BR=
> NAME ( 'dc' 'domainComponent' )<BR> DESC 'RFC1274/2247: domain =
component'<BR> EQUALITY caseIgnoreIA5Match<BR> SUBSTR caseIgnoreI=
A5SubstringsMatch<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALU=
E )</DIV>
<DIV># RFC 2247<BR>objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'<BR>&n=
bsp;DESC 'RFC2247: domain component object'<BR> SUP top AUXILIARY MUST=
dc )</DIV>
<DIV># RFC 2377<BR>objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject'<BR> DE=
SC 'RFC2377: uid object'<BR> SUP top AUXILIARY MUST uid )</DIV>
<DIV># RFC 4524<BR># The 'associatedDomain' attribute specifies=
DNS [RFC1034][RFC2181]<BR># host names [RFC1123] that are asso=
ciated with an object. That is,<BR># values of this=
attribute should conform to the following ABNF:<BR>#<BR>#  =
; domain =3D root / label *( DOT label )<BR># root &=
nbsp; =3D SPACE<BR># label =3D LETDIG [ *61( LETDIG=
/ HYPHEN ) LETDIG ]<BR># LETDIG =3D %x30-39 / %x41-5A / =
%x61-7A ; "0" - "9" / "A"-"Z" / "a"-"z"<BR># SPACE =
=3D %x20 &=
nbsp; ; s=
pace (" ")<BR># HYPHEN =3D %x2D &n=
bsp;  =
; ; hyphen ("-")<BR># =
DOT =3D %x2E &n=
bsp;  =
; ; period (".")<BR>attributetype ( 0.9.2342.19200300.100=
.1.37<BR> NAME 'associatedDomain'<BR> DESC 'RFC1274: domain assoc=
iated with object'<BR> EQUALITY caseIgnoreIA5Match<BR> SUBSTR cas=
eIgnoreIA5SubstringsMatch<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )</=
DIV>
<DIV># RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema)<BR>attr=
ibutetype ( 1.2.840.113549.1.9.1<BR> NAME ( 'email' 'emailAddress' 'pk=
cs9email' )<BR> DESC 'RFC3280: legacy attribute for email addresses in=
DNs'<BR> EQUALITY caseIgnoreIA5Match<BR> SUBSTR caseIgnoreIA5Sub=
stringsMatch<BR> SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )</DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV>
<DIV> </DIV><br><!-- footer --><br>=20
<hr>
<font style=3D"font-size:12px;line-height:15px;">=C3=C0=C0=FB=C9=BD=BF=AA=
=C5=CC3000=C8=CB=C7=C0=B9=BA=A3=A1440=CC=D7=CA=DB=F3=C0=A3=AC</font><a styl=
e=3D"font-size:12px;line-height:15px; color:blue; text-decoration:underline=
;" href=3D"http://popme.163.com/netease/mail/003865footer.html";>=BC=D3=CD=
=C6300=CC=D717=BA=C5=BF=AA=CA=BC=B5=C7=BC=C7=A3=A1</a>
------=_Part_162959_15053760.1201154655304--