Issue 7766 - Account unlocked in slave after two modifications on a master (overlay ppolicy)
Summary: Account unlocked in slave after two modifications on a master (overlay ppolicy)
Status: VERIFIED FIXED
Alias: None
Product: OpenLDAP
Classification: Unclassified
Component: slapd (show other issues)
Version: 2.4.38
Hardware: All All
: --- normal
Target Milestone: 2.5.1
Assignee: Ondřej Kuzník
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2013-12-16 14:55 UTC by Clément OUDOT
Modified: 2021-02-08 17:51 UTC (History)
0 users

See Also:


Attachments

Note You need to log in before you can comment on or make changes to this issue.
Description Clément OUDOT 2013-12-16 14:55:12 UTC
Full_Name: Cl�ment OUDOT
Version: 2.4.38
OS: GNU/Linux
URL: ftp://ftp.openldap.org/incoming/
Submission from: (NULL) (88.173.78.196)


I have a simple setup with a master (overlay syncprov + overlay ppolicy) and a
slave (syncrepl client, overlay ppolicy).

1. I lock my account in the slave
2. I change the description attribute of my account a first time in the master
3. My account is still locked in the slave
4. I change the description attribute of my account a second time in the master
5. My account is no more locked in the slave: the password policy operational
attributes pwdFailureTime and pwdAccountUnlockTime were erased by the one of the
master

Seems like a control is done the first time that syncrepl update the entry (the
first time, pwdAccountLockTime and pwdFailureTime are not erased), but the
second time the control is not done.
Comment 1 Christian Kratzer 2013-12-16 21:10:46 UTC
Hi,

On Mon, 16 Dec 2013, coudot@linagora.com wrote:
> Full_Name: Cl?ment OUDOT
> Version: 2.4.38
> OS: GNU/Linux
> URL: ftp://ftp.openldap.org/incoming/
> Submission from: (NULL) (88.173.78.196)
>
>
> I have a simple setup with a master (overlay syncprov + overlay ppolicy) and a
> slave (syncrepl client, overlay ppolicy).
>
> 1. I lock my account in the slave
> 2. I change the description attribute of my account a first time in the master
> 3. My account is still locked in the slave
> 4. I change the description attribute of my account a second time in the master
> 5. My account is no more locked in the slave: the password policy operational
> attributes pwdFailureTime and pwdAccountUnlockTime were erased by the one of the
> master
>
> Seems like a control is done the first time that syncrepl update the entry (the
> first time, pwdAccountLockTime and pwdFailureTime are not erased), but the
> second time the control is not done.

I have had a very similar setup for some time now and have never observed this kind of behaviour from the ppolicy overlay. I am quite confident it should work correctly in the situation you describe.

There might be a valid reason for pwdAccountLockedtime and pwdFailureTime attributes disappearing like perhaps expiry of pwdLockoutDuration. Please see the account_locked() function in servers/slapd/overlay/ppolicy.c for this.

It is of course also quite possible that you have hit a special corner case that nobody else has yet found.

The best thing you could do would be to setup a small self contained test case to illustrate the problem.

Greetings
Christian

-- 
Christian Kratzer                      CK Software GmbH
Email:   ck@cksoft.de                  Wildberger Weg 24/2
Phone:   +49 7032 893 997 - 0          D-71126 Gaeufelden
Fax:     +49 7032 893 997 - 9          HRB 245288, Amtsgericht Stuttgart
Web:     http://www.cksoft.de/         Geschaeftsfuehrer: Christian Kratzer

Comment 2 Clément OUDOT 2013-12-18 11:25:26 UTC
On 16/12/2013 22:10, Christian Kratzer wrote:
> Hi,
>
> On Mon, 16 Dec 2013, coudot@linagora.com wrote:
>> Full_Name: Cl?ment OUDOT
>> Version: 2.4.38
>> OS: GNU/Linux
>> URL: ftp://ftp.openldap.org/incoming/
>> Submission from: (NULL) (88.173.78.196)
>>
>>
>> I have a simple setup with a master (overlay syncprov + overlay
>> ppolicy) and a
>> slave (syncrepl client, overlay ppolicy).
>>
>> 1. I lock my account in the slave
>> 2. I change the description attribute of my account a first time in
>> the master
>> 3. My account is still locked in the slave
>> 4. I change the description attribute of my account a second time in
>> the master
>> 5. My account is no more locked in the slave: the password policy
>> operational
>> attributes pwdFailureTime and pwdAccountUnlockTime were erased by the
>> one of the
>> master
>>
>> Seems like a control is done the first time that syncrepl update the
>> entry (the
>> first time, pwdAccountLockTime and pwdFailureTime are not erased),
>> but the
>> second time the control is not done.
>
> I have had a very similar setup for some time now and have never
> observed this kind of behaviour from the ppolicy overlay. I am quite
> confident it should work correctly in the situation you describe.
>
> There might be a valid reason for pwdAccountLockedtime and
> pwdFailureTime attributes disappearing like perhaps expiry of
> pwdLockoutDuration. Please see the account_locked() function in
> servers/slapd/overlay/ppolicy.c for this.
>

Well, I checked that the pwdLockoutDuration was correctly set (The value
in my case is 1200, so 20 minutes, much more than my tests). Other
proof, the values of pwdFailureTime are not erased, but replaced by
those of the master.


> It is of course also quite possible that you have hit a special corner
> case that nobody else has yet found.


I think so. I have to say that I use standard syncrepl, not delta-syncrepl.


>
> The best thing you could do would be to setup a small self contained
> test case to illustrate the problem.
>

I will try to, but seems really easy to reproduce : configure master and
slave with ppolicy, lock an account in slave, update same account on
master (change description) a first time and a second time.


This behavior was detected by one of my customer, and I was able to
reproduce it on my own computer.




Clément.

Comment 3 Christian Kratzer 2013-12-18 12:02:13 UTC
Hi,

On Wed, 18 Dec 2013, Clément OUDOT wrote:
<snipp/>
> Well, I checked that the pwdLockoutDuration was correctly set (The value
> in my case is 1200, so 20 minutes, much more than my tests). Other
> proof, the values of pwdFailureTime are not erased, but replaced by
> those of the master.
>
>
>> It is of course also quite possible that you have hit a special corner
>> case that nobody else has yet found.
>
>
> I think so. I have to say that I use standard syncrepl, not delta-syncrepl.
>
>
>>
>> The best thing you could do would be to setup a small self contained
>> test case to illustrate the problem.
>>
>
> I will try to, but seems really easy to reproduce : configure master and
> slave with ppolicy, lock an account in slave, update same account on
> master (change description) a first time and a second time.

are you sure the account lock actually arrives on the master ?

Are you using olcPPolicyForwardUpdates to actually get the account
locked on the master and not only on the slaves ?

If you do not have all the lock attributes on the master and you modify
the entry it will get replaced on the slaves.

Can you post your master and slave configs somewhere ?

Greetings
Christian

-- 
Christian Kratzer                      CK Software GmbH
Email:   ck@cksoft.de                  Wildberger Weg 24/2
Phone:   +49 7032 893 997 - 0          D-71126 Gaeufelden
Fax:     +49 7032 893 997 - 9          HRB 245288, Amtsgericht Stuttgart
Web:     http://www.cksoft.de/         Geschaeftsfuehrer: Christian Kratzer
Comment 4 Clément OUDOT 2013-12-18 13:03:36 UTC
On 18/12/2013 13:02, Christian Kratzer wrote:
> Hi,
>
> On Wed, 18 Dec 2013, Clément OUDOT wrote:
> <snipp/>
>> Well, I checked that the pwdLockoutDuration was correctly set (The value
>> in my case is 1200, so 20 minutes, much more than my tests). Other
>> proof, the values of pwdFailureTime are not erased, but replaced by
>> those of the master.
>>
>>
>>> It is of course also quite possible that you have hit a special corner
>>> case that nobody else has yet found.
>>
>>
>> I think so. I have to say that I use standard syncrepl, not
>> delta-syncrepl.
>>
>>
>>>
>>> The best thing you could do would be to setup a small self contained
>>> test case to illustrate the problem.
>>>
>>
>> I will try to, but seems really easy to reproduce : configure master and
>> slave with ppolicy, lock an account in slave, update same account on
>> master (change description) a first time and a second time.
>
> are you sure the account lock actually arrives on the master ?

Yes.

>
> Are you using olcPPolicyForwardUpdates to actually get the account
> locked on the master and not only on the slaves ?


No the test don't use the forward updates. It just try to lock an
account on a slave and not on the master.


>
> If you do not have all the lock attributes on the master and you modify
> the entry it will get replaced on the slaves.
>
> Can you post your master and slave configs somewhere ?


So here is the configuration of the master :


dn: cn=config
objectClass: olcGlobal
cn: config
olcConfigFile: slapd.conf
olcConfigDir: slapd.d
olcArgsFile: /home/clement/Programmes/openldap/var/run/slapd.args
olcAttributeOptions: lang-
olcAuthzPolicy: any
olcConcurrency: 0
olcConnMaxPending: 100
olcConnMaxPendingAuth: 1000
olcGentleHUP: FALSE
olcIdleTimeout: 0
olcIndexSubstrIfMaxLen: 4
olcIndexSubstrIfMinLen: 2
olcIndexSubstrAnyLen: 4
olcIndexSubstrAnyStep: 2
olcIndexIntLen: 4
olcLocalSSF: 71
olcLogLevel: Stats
olcPasswordHash: {SSHA}
olcPidFile: /home/clement/Programmes/openldap/var/run/slapd.pid
olcReadOnly: FALSE
olcSaslSecProps: noplain,noanonymous
olcServerID: 1
olcSockbufMaxIncoming: 262143
olcSockbufMaxIncomingAuth: 16777215
olcThreads: 16
olcTLSCRLCheck: none
olcTLSVerifyClient: never
olcToolThreads: 1
olcWriteTimeout: 0
structuralObjectClass: olcGlobal
entryUUID: 653034b2-9721-102f-955c-4b8bb57ada73
creatorsName: cn=config
createTimestamp: 20101208141546Z
entryCSN: 20120210082417.222541Z#000000#001#000000
modifiersName: cn=config
modifyTimestamp: 20120210082417Z

dn: cn=module{0},cn=config
objectClass: olcModuleList
objectClass: olcConfig
objectClass: top
cn: module{0}
olcModulePath: /home/clement/Programmes/openldap/lib
structuralObjectClass: olcModuleList
entryUUID: fb35dc44-e7c5-1032-8723-c9f2ac4bf34d
creatorsName: cn=config
createTimestamp: 20131122133021Z
entryCSN: 20131122133145.702931Z#000000#001#000000
modifiersName: cn=config
modifyTimestamp: 20131122133145Z

dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
olcObjectIdentifier: OLcfg 1.3.6.1.4.1.4203.1.12.2
olcObjectIdentifier: OLcfgAt OLcfg:3
olcObjectIdentifier: OLcfgGlAt OLcfgAt:0
olcObjectIdentifier: OLcfgBkAt OLcfgAt:1
olcObjectIdentifier: OLcfgDbAt OLcfgAt:2
olcObjectIdentifier: OLcfgOvAt OLcfgAt:3
olcObjectIdentifier: OLcfgCtAt OLcfgAt:4
olcObjectIdentifier: OLcfgOc OLcfg:4
olcObjectIdentifier: OLcfgGlOc OLcfgOc:0
olcObjectIdentifier: OLcfgBkOc OLcfgOc:1
olcObjectIdentifier: OLcfgDbOc OLcfgOc:2
olcObjectIdentifier: OLcfgOvOc OLcfgOc:3
olcObjectIdentifier: OLcfgCtOc OLcfgOc:4
olcObjectIdentifier: OMsyn 1.3.6.1.4.1.1466.115.121.1
olcObjectIdentifier: OMsBoolean OMsyn:7
olcObjectIdentifier: OMsDN OMsyn:12
olcObjectIdentifier: OMsDirectoryString OMsyn:15
olcObjectIdentifier: OMsIA5String OMsyn:26
olcObjectIdentifier: OMsInteger OMsyn:27
olcObjectIdentifier: OMsOID OMsyn:38
olcObjectIdentifier: OMsOctetString OMsyn:40
olcObjectIdentifier: olmAttributes 1.3.6.1.4.1.4203.666.1.55
olcObjectIdentifier: olmSubSystemAttributes olmAttributes:0
olcObjectIdentifier: olmGenericAttributes olmSubSystemAttributes:0
olcObjectIdentifier: olmDatabaseAttributes olmSubSystemAttributes:1
olcObjectIdentifier: olmObjectClasses 1.3.6.1.4.1.4203.666.3.16
olcObjectIdentifier: olmSubSystemObjectClasses olmObjectClasses:0
olcObjectIdentifier: olmGenericObjectClasses olmSubSystemObjectClasses:0
olcObjectIdentifier: olmDatabaseObjectClasses olmSubSystemObjectClasses:1
olcObjectIdentifier: PCacheOID 1.3.6.1.4.1.4203.666.11.9.1
olcObjectIdentifier: PCacheAttributes PCacheOID:1
olcObjectIdentifier: PCacheObjectClasses PCacheOID:2
olcObjectIdentifier: olmBDBAttributes olmDatabaseAttributes:1
olcObjectIdentifier: olmBDBObjectClasses olmDatabaseObjectClasses:1
olcAttributeTypes: ( 2.5.4.0 NAME 'objectClass' DESC 'RFC4512: object
classes
 of the entity' EQUALITY objectIdentifierMatch SYNTAX
1.3.6.1.4.1.1466.115.121
 .1.38 )
olcAttributeTypes: ( 2.5.21.9 NAME 'structuralObjectClass' DESC
'RFC4512: stru
 ctural object class of entry' EQUALITY objectIdentifierMatch SYNTAX
1.3.6.1.4
 .1.1466.115.121.1.38 SINGLE-VALUE NO-USER-MODIFICATION USAGE
directoryOperati
 on )
olcAttributeTypes: ( 2.5.18.1 NAME 'createTimestamp' DESC 'RFC4512: time
which
  object was created' EQUALITY generalizedTimeMatch ORDERING
generalizedTimeOr
 deringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE
NO-USER-MODIFIC
 ATION USAGE directoryOperation )
olcAttributeTypes: ( 2.5.18.2 NAME 'modifyTimestamp' DESC 'RFC4512: time
which
  object was last modified' EQUALITY generalizedTimeMatch ORDERING
generalized
 TimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE
NO-USER-M
 ODIFICATION USAGE directoryOperation )
olcAttributeTypes: ( 2.5.18.3 NAME 'creatorsName' DESC 'RFC4512: name of
creat
 or' EQUALITY distinguishedNameMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.12 SING
 LE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
olcAttributeTypes: ( 2.5.18.4 NAME 'modifiersName' DESC 'RFC4512: name
of last
  modifier' EQUALITY distinguishedNameMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.
 12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
olcAttributeTypes: ( 2.5.18.9 NAME 'hasSubordinates' DESC 'X.501: entry
has ch
 ildren' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALU
 E NO-USER-MODIFICATION USAGE directoryOperation )
olcAttributeTypes: ( 2.5.18.10 NAME 'subschemaSubentry' DESC 'RFC4512:
name of
  controlling subschema entry' EQUALITY distinguishedNameMatch SYNTAX
1.3.6.1.
 4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE
directoryOperat
 ion )
olcAttributeTypes: ( 1.3.6.1.1.20 NAME 'entryDN' DESC 'DN of the entry'
EQUALI
 TY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
SINGLE-VALUE N
 O-USER-MODIFICATION USAGE directoryOperation )
olcAttributeTypes: ( 1.3.6.1.1.16.4 NAME 'entryUUID' DESC 'UUID of the
entry'
 EQUALITY UUIDMatch ORDERING UUIDOrderingMatch SYNTAX 1.3.6.1.1.16.1
SINGLE-VA
 LUE NO-USER-MODIFICATION USAGE directoryOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.7 NAME 'entryCSN' DESC
'change seq
 uence number of the entry content' EQUALITY CSNMatch ORDERING
CSNOrderingMatc
 h SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} SINGLE-VALUE
NO-USER-MODIFICATION US
 AGE directoryOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.13 NAME 'namingCSN' DESC
'change s
 equence number of the entry naming (RDN)' EQUALITY CSNMatch ORDERING
CSNOrder
 ingMatch SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} SINGLE-VALUE
NO-USER-MODIFICA
 TION USAGE directoryOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.23 NAME 'syncreplCookie'
DESC 'syn
 crepl Cookie for shadow copy' EQUALITY octetStringMatch ORDERING
octetStringO
 rderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE
NO-USER-MODIFI
 CATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.25 NAME 'contextCSN' DESC
'the lar
 gest committed CSN of a context' EQUALITY CSNMatch ORDERING
CSNOrderingMatch
 SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} NO-USER-MODIFICATION USAGE
dSAOperatio
 n )
olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer' DESC
'RFC4512
 : alternative servers' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE
dSAOperatio
 n )
olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts'
DESC 'RF
 C4512: naming contexts' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE
dSAOperati
 on )
olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl'
DESC
 'RFC4512: supported controls' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
USAGE dSAO
 peration )
olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.7 NAME
'supportedExtension' DESC
  'RFC4512: supported extended operations' SYNTAX
1.3.6.1.4.1.1466.115.121.1.3
 8 USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.15 NAME
'supportedLDAPVersion' D
 ESC 'RFC4512: supported LDAP versions' SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 U
 SAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.14 NAME
'supportedSASLMechanisms
 ' DESC 'RFC4512: supported SASL mechanisms' SYNTAX
1.3.6.1.4.1.1466.115.121.1
 .15 USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.1.3.5 NAME 'supportedFeatures'
DESC 'RFC
 4512: features supported by the server' EQUALITY objectIdentifierMatch
SYNTAX
  1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.10 NAME 'monitorContext'
DESC 'mon
 itor context' EQUALITY distinguishedNameMatch SYNTAX
1.3.6.1.4.1.1466.115.121
 .1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.1 NAME 'configContext' DESC
'conf
 ig context' EQUALITY distinguishedNameMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1
 .12 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.1.4 NAME 'vendorName' DESC 'RFC3045: name
of impl
 ementation vendor' EQUALITY caseExactMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.
 15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.1.5 NAME 'vendorVersion' DESC 'RFC3045:
version o
 f implementation' EQUALITY caseExactMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.1
 5 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 2.5.18.5 NAME 'administrativeRole' DESC 'RFC3672:
adminis
 trative role' EQUALITY objectIdentifierMatch SYNTAX
1.3.6.1.4.1.1466.115.121.
 1.38 USAGE directoryOperation )
olcAttributeTypes: ( 2.5.18.6 NAME 'subtreeSpecification' DESC 'RFC3672:
subtr
 ee specification' SYNTAX 1.3.6.1.4.1.1466.115.121.1.45 SINGLE-VALUE
USAGE dir
 ectoryOperation )
olcAttributeTypes: ( 2.5.21.1 NAME 'dITStructureRules' DESC 'RFC4512:
DIT stru
 cture rules' EQUALITY integerFirstComponentMatch SYNTAX
1.3.6.1.4.1.1466.115.
 121.1.17 USAGE directoryOperation )
olcAttributeTypes: ( 2.5.21.2 NAME 'dITContentRules' DESC 'RFC4512: DIT
conten
 t rules' EQUALITY objectIdentifierFirstComponentMatch SYNTAX
1.3.6.1.4.1.1466
 .115.121.1.16 USAGE directoryOperation )
olcAttributeTypes: ( 2.5.21.4 NAME 'matchingRules' DESC 'RFC4512:
matching rul
 es' EQUALITY objectIdentifierFirstComponentMatch SYNTAX
1.3.6.1.4.1.1466.115.
 121.1.30 USAGE directoryOperation )
olcAttributeTypes: ( 2.5.21.5 NAME 'attributeTypes' DESC 'RFC4512:
attribute t
 ypes' EQUALITY objectIdentifierFirstComponentMatch SYNTAX
1.3.6.1.4.1.1466.11
 5.121.1.3 USAGE directoryOperation )
olcAttributeTypes: ( 2.5.21.6 NAME 'objectClasses' DESC 'RFC4512: object
class
 es' EQUALITY objectIdentifierFirstComponentMatch SYNTAX
1.3.6.1.4.1.1466.115.
 121.1.37 USAGE directoryOperation )
olcAttributeTypes: ( 2.5.21.7 NAME 'nameForms' DESC 'RFC4512: name forms
' EQU
 ALITY objectIdentifierFirstComponentMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.3
 5 USAGE directoryOperation )
olcAttributeTypes: ( 2.5.21.8 NAME 'matchingRuleUse' DESC 'RFC4512:
matching r
 ule uses' EQUALITY objectIdentifierFirstComponentMatch SYNTAX
1.3.6.1.4.1.146
 6.115.121.1.31 USAGE directoryOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes'
DESC 'RFC
 4512: LDAP syntaxes' EQUALITY objectIdentifierFirstComponentMatch
SYNTAX 1.3.
 6.1.4.1.1466.115.121.1.54 USAGE directoryOperation )
olcAttributeTypes: ( 2.5.4.1 NAME ( 'aliasedObjectName'
'aliasedEntryName' ) D
 ESC 'RFC4512: name of aliased object' EQUALITY distinguishedNameMatch
SYNTAX
 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
olcAttributeTypes: ( 2.16.840.1.113730.3.1.34 NAME 'ref' DESC 'RFC3296:
subord
 inate referral URL' EQUALITY caseExactMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1
 .15 USAGE distributedOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.1.3.1 NAME 'entry' DESC 'OpenLDAP
ACL en
 try pseudo-attribute' SYNTAX 1.3.6.1.4.1.4203.1.1.1 SINGLE-VALUE
NO-USER-MODI
 FICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.1.3.2 NAME 'children' DESC
'OpenLDAP ACL
  children pseudo-attribute' SYNTAX 1.3.6.1.4.1.4203.1.1.1 SINGLE-VALUE
NO-USE
 R-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.8 NAME ( 'authzTo'
'saslAuthzTo' )
  DESC 'proxy authorization targets' EQUALITY authzMatch SYNTAX
1.3.6.1.4.1.42
 03.666.2.7 USAGE distributedOperation X-ORDERED 'VALUES' )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.9 NAME ( 'authzFrom'
'saslAuthzFro
 m' ) DESC 'proxy authorization sources' EQUALITY authzMatch SYNTAX
1.3.6.1.4.
 1.4203.666.2.7 USAGE distributedOperation X-ORDERED 'VALUES' )
olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.119.3 NAME 'entryTtl' DESC
'RFC2589:
  entry time-to-live' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE
NO-USE
 R-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.119.4 NAME 'dynamicSubtrees'
DESC 'R
 FC2589: dynamic subtrees' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
NO-USER-MODIFI
 CATION USAGE dSAOperation )
olcAttributeTypes: ( 2.5.4.49 NAME 'distinguishedName' DESC 'RFC4519:
common s
 upertype of DN attributes' EQUALITY distinguishedNameMatch SYNTAX
1.3.6.1.4.1
 .1466.115.121.1.12 )
olcAttributeTypes: ( 2.5.4.41 NAME 'name' DESC 'RFC4519: common
supertype of n
 ame attributes' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SYN
 TAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
olcAttributeTypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' ) DESC 'RFC4519:
common
 name(s) for which the entity is known by' SUP name )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' )
DESC 'R
 FC4519: user identifier' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstrings
 Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: ( 1.3.6.1.1.1.1.0 NAME 'uidNumber' DESC 'RFC2307: An
intege
 r uniquely identifying a user in an administrative domain' EQUALITY
integerMa
 tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.1.1.1.1 NAME 'gidNumber' DESC 'RFC2307: An
intege
 r uniquely identifying a group in an administrative domain' EQUALITY
integerM
 atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: ( 2.5.4.35 NAME 'userPassword' DESC 'RFC4519/2307:
password
  of user' EQUALITY octetStringMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.40{128}
  )
olcAttributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' DESC
'RFC2079: Uni
 form Resource Identifier with optional label' EQUALITY caseExactMatch
SYNTAX
 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: ( 2.5.4.13 NAME 'description' DESC 'RFC4519:
descriptive in
 formation' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1
 .3.6.1.4.1.1466.115.121.1.15{1024} )
olcAttributeTypes: ( 2.5.4.34 NAME 'seeAlso' DESC 'RFC4519: DN of
related obje
 ct' SUP distinguishedName )
olcAttributeTypes: ( OLcfgGlAt:78 NAME 'olcConfigFile' DESC 'File for
slapd co
 nfiguration directives' EQUALITY caseIgnoreMatch SYNTAX
OMsDirectoryString SI
 NGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:79 NAME 'olcConfigDir' DESC 'Directory
for slap
 d configuration backend' EQUALITY caseIgnoreMatch SYNTAX
OMsDirectoryString S
 INGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:1 NAME 'olcAccess' DESC 'Access Control
List' E
 QUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
olcAttributeTypes: ( OLcfgGlAt:86 NAME 'olcAddContentAcl' DESC 'Check
ACLs aga
 inst content of Add ops' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:2 NAME 'olcAllows' DESC 'Allowed set of
depreca
 ted features' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgGlAt:3 NAME 'olcArgsFile' DESC 'File for slapd
comma
 nd line options' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString
SINGLE-VA
 LUE )
olcAttributeTypes: ( OLcfgGlAt:5 NAME 'olcAttributeOptions' EQUALITY
caseIgnor
 eMatch SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgGlAt:4 NAME 'olcAttributeTypes' DESC 'OpenLDAP
attri
 buteTypes' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED
'VALU
 ES' )
olcAttributeTypes: ( OLcfgGlAt:6 NAME 'olcAuthIDRewrite' EQUALITY
caseIgnoreMa
 tch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
olcAttributeTypes: ( OLcfgGlAt:7 NAME 'olcAuthzPolicy' EQUALITY
caseIgnoreMatc
 h SYNTAX OMsDirectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:8 NAME 'olcAuthzRegexp' EQUALITY
caseIgnoreMatc
 h SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
olcAttributeTypes: ( OLcfgGlAt:9 NAME 'olcBackend' DESC 'A type of
backend' EQ
 UALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGLE-VALUE X-ORDERED
'SIBL
 INGS' )
olcAttributeTypes: ( OLcfgGlAt:10 NAME 'olcConcurrency' SYNTAX
OMsInteger SING
 LE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:11 NAME 'olcConnMaxPending' SYNTAX
OMsInteger S
 INGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:12 NAME 'olcConnMaxPendingAuth' SYNTAX
OMsInteg
 er SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:13 NAME 'olcDatabase' DESC 'The backend
type fo
 r a database instance' SUP olcBackend SINGLE-VALUE X-ORDERED 'SIBLINGS' )
olcAttributeTypes: ( OLcfgGlAt:14 NAME 'olcDefaultSearchBase' SYNTAX
OMsDN SIN
 GLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:15 NAME 'olcDisallows' EQUALITY
caseIgnoreMatch
  SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgGlAt:16 NAME 'olcDitContentRules' DESC
'OpenLDAP DIT
  content rules' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString
X-ORDERED
 'VALUES' )
olcAttributeTypes: ( OLcfgGlAt:17 NAME 'olcGentleHUP' SYNTAX OMsBoolean
SINGLE
 -VALUE )
olcAttributeTypes: ( OLcfgDbAt:0.17 NAME 'olcHidden' SYNTAX OMsBoolean
SINGLE-
 VALUE )
olcAttributeTypes: ( OLcfgGlAt:18 NAME 'olcIdleTimeout' SYNTAX
OMsInteger SING
 LE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:19 NAME 'olcInclude' SUP labeledURI )
olcAttributeTypes: ( OLcfgGlAt:20 NAME 'olcIndexSubstrIfMinLen' SYNTAX
OMsInte
 ger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:21 NAME 'olcIndexSubstrIfMaxLen' SYNTAX
OMsInte
 ger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:22 NAME 'olcIndexSubstrAnyLen' SYNTAX
OMsIntege
 r SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:23 NAME 'olcIndexSubstrAnyStep' SYNTAX
OMsInteg
 er SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:84 NAME 'olcIndexIntLen' SYNTAX
OMsInteger SING
 LE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:0.4 NAME 'olcLastMod' SYNTAX OMsBoolean
SINGLE-
 VALUE )
olcAttributeTypes: ( OLcfgGlAt:85 NAME 'olcLdapSyntaxes' DESC 'OpenLDAP
ldapSy
 ntax' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED
'VALUES' )
olcAttributeTypes: ( OLcfgDbAt:0.5 NAME 'olcLimits' EQUALITY
caseIgnoreMatch S
 YNTAX OMsDirectoryString X-ORDERED 'VALUES' )
olcAttributeTypes: ( OLcfgGlAt:26 NAME 'olcLocalSSF' SYNTAX OMsInteger
SINGLE-
 VALUE )
olcAttributeTypes: ( OLcfgGlAt:27 NAME 'olcLogFile' SYNTAX
OMsDirectoryString
 SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:28 NAME 'olcLogLevel' EQUALITY
caseIgnoreMatch
 SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgDbAt:0.6 NAME 'olcMaxDerefDepth' SYNTAX
OMsInteger S
 INGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:0.16 NAME 'olcMirrorMode' SYNTAX
OMsBoolean SIN
 GLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:30 NAME 'olcModuleLoad' EQUALITY
caseIgnoreMatc
 h SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
olcAttributeTypes: ( OLcfgGlAt:31 NAME 'olcModulePath' SYNTAX
OMsDirectoryStri
 ng SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:0.18 NAME 'olcMonitoring' SYNTAX
OMsBoolean SIN
 GLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:32 NAME 'olcObjectClasses' DESC 'OpenLDAP
objec
 t classes' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED
'VALU
 ES' )
olcAttributeTypes: ( OLcfgGlAt:33 NAME 'olcObjectIdentifier' EQUALITY
caseIgno
 reMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
olcAttributeTypes: ( OLcfgGlAt:34 NAME 'olcOverlay' SUP olcDatabase
SINGLE-VAL
 UE X-ORDERED 'SIBLINGS' )
olcAttributeTypes: ( OLcfgGlAt:35 NAME 'olcPasswordCryptSaltFormat'
SYNTAX OMs
 DirectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:36 NAME 'olcPasswordHash' EQUALITY
caseIgnoreMa
 tch SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgGlAt:37 NAME 'olcPidFile' SYNTAX
OMsDirectoryString
 SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:38 NAME 'olcPlugin' EQUALITY
caseIgnoreMatch SY
 NTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgGlAt:39 NAME 'olcPluginLogFile' SYNTAX
OMsDirectoryS
 tring SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:40 NAME 'olcReadOnly' SYNTAX OMsBoolean
SINGLE-
 VALUE )
olcAttributeTypes: ( OLcfgGlAt:41 NAME 'olcReferral' SUP labeledURI
SINGLE-VAL
 UE )
olcAttributeTypes: ( OLcfgDbAt:0.7 NAME 'olcReplica' SUP labeledURI
EQUALITY c
 aseIgnoreMatch X-ORDERED 'VALUES' )
olcAttributeTypes: ( OLcfgGlAt:43 NAME 'olcReplicaArgsFile' SYNTAX
OMsDirector
 yString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:44 NAME 'olcReplicaPidFile' SYNTAX
OMsDirectory
 String SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:45 NAME 'olcReplicationInterval' SYNTAX
OMsInte
 ger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:46 NAME 'olcReplogFile' SYNTAX
OMsDirectoryStri
 ng SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:47 NAME 'olcRequires' EQUALITY
caseIgnoreMatch
 SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgGlAt:48 NAME 'olcRestrict' EQUALITY
caseIgnoreMatch
 SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgGlAt:49 NAME 'olcReverseLookup' SYNTAX
OMsBoolean SI
 NGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:0.8 NAME 'olcRootDN' EQUALITY
distinguishedName
 Match SYNTAX OMsDN SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:51 NAME 'olcRootDSE' EQUALITY
caseIgnoreMatch S
 YNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgDbAt:0.9 NAME 'olcRootPW' SYNTAX
OMsDirectoryString
 SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:89 NAME 'olcSaslAuxprops' SYNTAX
OMsDirectorySt
 ring SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:53 NAME 'olcSaslHost' SYNTAX
OMsDirectoryString
  SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:54 NAME 'olcSaslRealm' SYNTAX
OMsDirectoryStrin
 g SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:56 NAME 'olcSaslSecProps' SYNTAX
OMsDirectorySt
 ring SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:58 NAME 'olcSchemaDN' EQUALITY
distinguishedNam
 eMatch SYNTAX OMsDN SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:59 NAME 'olcSecurity' EQUALITY
caseIgnoreMatch
 SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgGlAt:81 NAME 'olcServerID' EQUALITY
caseIgnoreMatch
 SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgGlAt:60 NAME 'olcSizeLimit' SYNTAX
OMsDirectoryStrin
 g SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:61 NAME 'olcSockbufMaxIncoming' SYNTAX
OMsInteg
 er SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:62 NAME 'olcSockbufMaxIncomingAuth'
SYNTAX OMsI
 nteger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:83 NAME 'olcSortVals' DESC 'Attributes
whose va
 lues will always be sorted' EQUALITY caseIgnoreMatch SYNTAX
OMsDirectoryStrin
 g )
olcAttributeTypes: ( OLcfgDbAt:0.15 NAME 'olcSubordinate' SYNTAX
OMsDirectoryS
 tring SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:0.10 NAME 'olcSuffix' EQUALITY
distinguishedNam
 eMatch SYNTAX OMsDN )
olcAttributeTypes: ( OLcfgDbAt:0.19 NAME 'olcSyncUseSubentry' DESC
'Store sync
  context in a subentry' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:0.11 NAME 'olcSyncrepl' EQUALITY
caseIgnoreMatc
 h SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
olcAttributeTypes: ( OLcfgGlAt:90 NAME 'olcTCPBuffer' DESC 'Custom TCP
buffer
 size' SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgGlAt:66 NAME 'olcThreads' SYNTAX OMsInteger
SINGLE-V
 ALUE )
olcAttributeTypes: ( OLcfgGlAt:67 NAME 'olcTimeLimit' SYNTAX
OMsDirectoryStrin
 g )
olcAttributeTypes: ( OLcfgGlAt:68 NAME 'olcTLSCACertificateFile' SYNTAX
OMsDir
 ectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:69 NAME 'olcTLSCACertificatePath' SYNTAX
OMsDir
 ectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:70 NAME 'olcTLSCertificateFile' SYNTAX
OMsDirec
 toryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:71 NAME 'olcTLSCertificateKeyFile' SYNTAX
OMsDi
 rectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:72 NAME 'olcTLSCipherSuite' SYNTAX
OMsDirectory
 String SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:73 NAME 'olcTLSCRLCheck' SYNTAX
OMsDirectoryStr
 ing SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:82 NAME 'olcTLSCRLFile' SYNTAX
OMsDirectoryStri
 ng SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:74 NAME 'olcTLSRandFile' SYNTAX
OMsDirectoryStr
 ing SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:75 NAME 'olcTLSVerifyClient' SYNTAX
OMsDirector
 yString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:77 NAME 'olcTLSDHParamFile' SYNTAX
OMsDirectory
 String SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:87 NAME 'olcTLSProtocolMin' SYNTAX
OMsDirectory
 String SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:80 NAME 'olcToolThreads' SYNTAX
OMsInteger SING
 LE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:0.12 NAME 'olcUpdateDN' SYNTAX OMsDN
SINGLE-VAL
 UE )
olcAttributeTypes: ( OLcfgDbAt:0.13 NAME 'olcUpdateRef' SUP labeledURI
EQUALIT
 Y caseIgnoreMatch )
olcAttributeTypes: ( OLcfgGlAt:88 NAME 'olcWriteTimeout' SYNTAX
OMsInteger SIN
 GLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:0.1 NAME 'olcDbDirectory' DESC 'Directory
for d
 atabase content' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString
SINGLE-VA
 LUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.1 NAME 'monitoredInfo'
DESC 'mo
 nitored info' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
SYNTA
 X 1.3.6.1.4.1.1466.115.121.1.15{32768} NO-USER-MODIFICATION USAGE
dSAOperatio
 n )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.2 NAME 'managedInfo' DESC
'moni
 tor managed info' SUP name )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.3 NAME 'monitorCounter'
DESC 'm
 onitor counter' EQUALITY integerMatch ORDERING integerOrderingMatch
SYNTAX 1.
 3.6.1.4.1.1466.115.121.1.27 NO-USER-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.4 NAME
'monitorOpCompleted' DES
 C 'monitor completed operations' SUP monitorCounter
NO-USER-MODIFICATION USAG
 E dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.5 NAME
'monitorOpInitiated' DES
 C 'monitor initiated operations' SUP monitorCounter
NO-USER-MODIFICATION USAG
 E dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.6 NAME
'monitorConnectionNumber
 ' DESC 'monitor connection number' SUP monitorCounter
NO-USER-MODIFICATION US
 AGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.7 NAME
'monitorConnectionAuthzD
 N' DESC 'monitor connection authorization DN' EQUALITY
distinguishedNameMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE
dSAOperation
  )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.8 NAME
'monitorConnectionLocalA
 ddress' DESC 'monitor connection local address' SUP monitoredInfo
NO-USER-MOD
 IFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.9 NAME
'monitorConnectionPeerAd
 dress' DESC 'monitor connection peer address' SUP monitoredInfo
NO-USER-MODIF
 ICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.10 NAME
'monitorTimestamp' DESC
  'monitor timestamp' EQUALITY generalizedTimeMatch ORDERING
generalizedTimeOr
 deringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE
NO-USER-MODIFIC
 ATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.11 NAME 'monitorOverlay'
DESC '
 name of overlays defined for a given database' SUP monitoredInfo
NO-USER-MODI
 FICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.12 NAME 'readOnly' DESC
'read/w
 rite status of a given database' EQUALITY booleanMatch SYNTAX
1.3.6.1.4.1.146
 6.115.121.1.7 SINGLE-VALUE USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.13 NAME
'restrictedOperation' D
 ESC 'name of restricted operation for a given database' SUP managedInfo )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.14 NAME
'monitorConnectionProto
 col' DESC 'monitor connection protocol' SUP monitoredInfo
NO-USER-MODIFICATIO
 N USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.15 NAME
'monitorConnectionOpsRe
 ceived' DESC 'monitor number of operations received by the connection'
SUP mo
 nitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.16 NAME
'monitorConnectionOpsEx
 ecuting' DESC 'monitor number of operations in execution within the
connectio
 n' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.17 NAME
'monitorConnectionOpsPe
 nding' DESC 'monitor number of pending operations within the
connection' SUP
 monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.18 NAME
'monitorConnectionOpsCo
 mpleted' DESC 'monitor number of operations completed within the
connection'
 SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.19 NAME
'monitorConnectionGet'
 DESC 'number of times connection_get() was called so far' SUP
monitorCounter
 NO-USER-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.20 NAME
'monitorConnectionRead'
  DESC 'number of times connection_read() was called so far' SUP
monitorCounte
 r NO-USER-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.21 NAME
'monitorConnectionWrite
 ' DESC 'number of times connection_write() was called so far' SUP
monitorCoun
 ter NO-USER-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.22 NAME
'monitorConnectionMask'
  DESC 'monitor connection mask' SUP monitoredInfo NO-USER-MODIFICATION
USAGE
 dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.23 NAME
'monitorConnectionListe
 ner' DESC 'monitor connection listener' SUP monitoredInfo
NO-USER-MODIFICATIO
 N USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.24 NAME
'monitorConnectionPeerD
 omain' DESC 'monitor connection peer domain' SUP monitoredInfo
NO-USER-MODIFI
 CATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.25 NAME
'monitorConnectionStart
 Time' DESC 'monitor connection start time' SUP monitorTimestamp
SINGLE-VALUE
 NO-USER-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.26 NAME
'monitorConnectionActiv
 ityTime' DESC 'monitor connection activity time' SUP monitorTimestamp
SINGLE-
 VALUE NO-USER-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.27 NAME 'monitorIsShadow'
DESC
 'TRUE if the database is shadow' EQUALITY booleanMatch SYNTAX
1.3.6.1.4.1.146
 6.115.121.1.7 SINGLE-VALUE USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.28 NAME
'monitorUpdateRef' DESC
  'update referral for shadow databases' SUP monitoredInfo SINGLE-VALUE
USAGE
 dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.29 NAME
'monitorRuntimeConfig'
 DESC 'TRUE if component allows runtime configuration' EQUALITY
booleanMatch S
 YNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.30 NAME
'monitorSuperiorDN' DES
 C 'monitor superior DN' EQUALITY distinguishedNameMatch SYNTAX
1.3.6.1.4.1.14
 66.115.121.1.12 NO-USER-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( OLcfgDbAt:1.11 NAME 'olcDbCacheFree' DESC 'Number
of extr
 a entries to free when max is reached' SYNTAX OMsInteger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:1.1 NAME 'olcDbCacheSize' DESC 'Entry
cache siz
 e in entries' SYNTAX OMsInteger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:1.2 NAME 'olcDbCheckpoint' DESC 'Database
check
 point interval in kbytes and minutes' SYNTAX OMsDirectoryString
SINGLE-VALUE
 )
olcAttributeTypes: ( OLcfgDbAt:1.16 NAME 'olcDbChecksum' DESC 'Enable
database
  checksum validation' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:1.13 NAME 'olcDbCryptFile' DESC 'Pathname
of fi
 le containing the DB encryption key' SYNTAX OMsDirectoryString
SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:1.14 NAME 'olcDbCryptKey' DESC 'DB
encryption k
 ey' SYNTAX OMsOctetString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:1.3 NAME 'olcDbConfig' DESC 'BerkeleyDB
DB_CONF
 IG configuration directives' SYNTAX OMsIA5String X-ORDERED 'VALUES' )
olcAttributeTypes: ( OLcfgDbAt:1.4 NAME 'olcDbNoSync' DESC 'Disable
synchronou
 s database writes' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:1.15 NAME 'olcDbPageSize' DESC 'Page size
of sp
 ecified DB, in Kbytes' EQUALITY caseExactMatch SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgDbAt:1.5 NAME 'olcDbDirtyRead' DESC 'Allow
reads of
 uncommitted data' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:1.12 NAME 'olcDbDNcacheSize' DESC 'DN
cache siz
 e' SYNTAX OMsInteger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:1.6 NAME 'olcDbIDLcacheSize' DESC 'IDL
cache si
 ze in IDLs' SYNTAX OMsInteger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:0.2 NAME 'olcDbIndex' DESC 'Attribute
index par
 ameters' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgDbAt:1.7 NAME 'olcDbLinearIndex' DESC 'Index
attribu
 tes one at a time' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:1.8 NAME 'olcDbLockDetect' DESC 'Deadlock
detec
 tion algorithm' SYNTAX OMsDirectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:0.3 NAME 'olcDbMode' DESC 'Unix
permissions of
 database files' SYNTAX OMsDirectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:1.9 NAME 'olcDbSearchStack' DESC 'Depth
of sear
 ch stack in IDLs' SYNTAX OMsInteger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:1.10 NAME 'olcDbShmKey' DESC 'Key for
shared me
 mory region' SYNTAX OMsInteger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:5.1 NAME 'olcRelay' DESC 'Relay DN'
SYNTAX OMsD
 N SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:4.1 NAME 'olcAccessLogDB' DESC 'Suffix of
datab
 ase for log content' SUP distinguishedName SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:4.2 NAME 'olcAccessLogOps' DESC
'Operation type
 s to log' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgOvAt:4.3 NAME 'olcAccessLogPurge' DESC 'Log
cleanup
 parameters' SYNTAX OMsDirectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:4.4 NAME 'olcAccessLogSuccess' DESC 'Log
succes
 sful ops only' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:4.5 NAME 'olcAccessLogOld' DESC 'Log old
values
  when modifying entries matching the filter' SYNTAX OMsDirectoryString
SINGLE
 -VALUE )
olcAttributeTypes: ( OLcfgOvAt:4.6 NAME 'olcAccessLogOldAttr' DESC 'Log
old va
 lues of these attributes even if unmodified' EQUALITY caseIgnoreMatch
SYNTAX
 OMsDirectoryString )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.1 NAME 'reqDN' DESC
'Target D
 N of request' EQUALITY distinguishedNameMatch SYNTAX OMsDN SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.2 NAME 'reqStart' DESC
'Start
  time of request' EQUALITY generalizedTimeMatch ORDERING
generalizedTimeOrder
 ingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.3 NAME 'reqEnd' DESC
'End tim
 e of request' EQUALITY generalizedTimeMatch ORDERING
generalizedTimeOrderingM
 atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.4 NAME 'reqType' DESC
'Type o
 f request' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString
SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.5 NAME 'reqSession'
DESC 'Ses
 sion ID of request' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString
SINGLE
 -VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.6 NAME 'reqAuthzID'
DESC 'Aut
 horization ID of requestor' EQUALITY distinguishedNameMatch SYNTAX
OMsDN SING
 LE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.7 NAME 'reqResult' DESC
'Resu
 lt code of request' EQUALITY integerMatch ORDERING integerOrderingMatch
SYNTA
 X OMsInteger SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.8 NAME 'reqMessage'
DESC 'Err
 or text of request' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch
  SYNTAX OMsDirectoryString SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.9 NAME 'reqReferral'
DESC 'Re
 ferrals returned for request' SUP labeledURI )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.10 NAME 'reqControls'
DESC 'R
 equest controls' EQUALITY objectIdentifierFirstComponentMatch SYNTAX
1.3.6.1.
 4.1.4203.666.11.5.3.1 X-ORDERED 'VALUES' )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.11 NAME
'reqRespControls' DES
 C 'Response controls of request' EQUALITY
objectIdentifierFirstComponentMatch
  SYNTAX 1.3.6.1.4.1.4203.666.11.5.3.1 X-ORDERED 'VALUES' )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.12 NAME 'reqId' DESC
'ID of R
 equest to Abandon' EQUALITY integerMatch ORDERING integerOrderingMatch
SYNTAX
  OMsInteger SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.13 NAME 'reqVersion'
DESC 'Pr
 otocol version of Bind request' EQUALITY integerMatch ORDERING
integerOrderin
 gMatch SYNTAX OMsInteger SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.14 NAME 'reqMethod'
DESC 'Bin
 d method of request' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString
SINGL
 E-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.15 NAME 'reqAssertion'
DESC '
 Compare Assertion of request' SYNTAX OMsDirectoryString SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.16 NAME 'reqMod' DESC
'Modifi
 cations of request' EQUALITY octetStringMatch SUBSTR
octetStringSubstringsMat
 ch SYNTAX OMsOctetString )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.17 NAME 'reqOld' DESC
'Old va
 lues of entry before request completed' EQUALITY octetStringMatch
SUBSTR octe
 tStringSubstringsMatch SYNTAX OMsOctetString )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.18 NAME 'reqNewRDN'
DESC 'New
  RDN of request' EQUALITY distinguishedNameMatch SYNTAX OMsDN
SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.19 NAME
'reqDeleteOldRDN' DES
 C 'Delete old RDN' EQUALITY booleanMatch SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.20 NAME
'reqNewSuperior' DESC
  'New superior DN of request' EQUALITY distinguishedNameMatch SYNTAX
OMsDN SI
 NGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.21 NAME 'reqScope' DESC
'Scop
 e of request' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString
SINGLE-VALUE
  )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.22 NAME
'reqDerefAliases' DES
 C 'Disposition of Aliases in request' EQUALITY caseIgnoreMatch SYNTAX
OMsDire
 ctoryString SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.23 NAME 'reqAttrsOnly'
DESC '
 Attributes and values of request' EQUALITY booleanMatch SYNTAX
OMsBoolean SIN
 GLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.24 NAME 'reqFilter'
DESC 'Fil
 ter of request' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SYN
 TAX OMsDirectoryString SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.25 NAME 'reqAttr' DESC
'Attri
 butes of request' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.26 NAME 'reqSizeLimit'
DESC '
 Size limit of request' EQUALITY integerMatch ORDERING
integerOrderingMatch SY
 NTAX OMsInteger SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.27 NAME 'reqTimeLimit'
DESC '
 Time limit of request' EQUALITY integerMatch ORDERING
integerOrderingMatch SY
 NTAX OMsInteger SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.28 NAME 'reqEntries'
DESC 'Nu
 mber of entries returned' EQUALITY integerMatch ORDERING
integerOrderingMatch
  SYNTAX OMsInteger SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.29 NAME 'reqData' DESC
'Data
 of extended request' EQUALITY octetStringMatch SUBSTR
octetStringSubstringsMa
 tch SYNTAX OMsOctetString SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.30 NAME 'auditContext'
DESC '
 DN of auditContainer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE
NO-US
 ER-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( OLcfgOvAt:15.1 NAME 'olcAuditlogFile' DESC
'Filename for
 auditlogging' SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgOvAt:19.1 NAME 'olcCollectInfo' DESC 'DN of
entry an
 d attribute to distribute' EQUALITY caseIgnoreMatch SYNTAX
OMsDirectoryString
  )
olcAttributeTypes: ( OLcfgOvAt:13.1 NAME 'olcConstraintAttribute' DESC
'constr
 aint for list of attributes' EQUALITY caseIgnoreMatch SYNTAX
OMsDirectoryStri
 ng )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.57 NAME
'entryExpireTimestamp' DES
 C 'RFC2589 OpenLDAP extension: expire time of a dynamic object,
computed as n
 ow + entryTtl' EQUALITY generalizedTimeMatch ORDERING
generalizedTimeOrdering
 Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE
NO-USER-MODIFICATION
 USAGE dSAOperation )
olcAttributeTypes: ( OLcfgOvAt:9.1 NAME 'olcDDSstate' DESC 'RFC2589
Dynamic di
 rectory services state' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:9.2 NAME 'olcDDSmaxTtl' DESC 'RFC2589
Dynamic d
 irectory services max TTL' SYNTAX OMsDirectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:9.3 NAME 'olcDDSminTtl' DESC 'RFC2589
Dynamic d
 irectory services min TTL' SYNTAX OMsDirectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:9.4 NAME 'olcDDSdefaultTtl' DESC 'RFC2589
Dynam
 ic directory services default TTL' SYNTAX OMsDirectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:9.5 NAME 'olcDDSinterval' DESC 'RFC2589
Dynamic
  directory services expiration task run interval' SYNTAX
OMsDirectoryString S
 INGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:9.6 NAME 'olcDDStolerance' DESC 'RFC2589
Dynami
 c directory services additional TTL in expiration scheduling' SYNTAX
OMsDirec
 toryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:9.7 NAME 'olcDDSmaxDynamicObjects' DESC
'RFC258
 9 Dynamic directory services max number of dynamic objects' SYNTAX
OMsInteger
  SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:17.1 NAME 'olcDGAttrPair' DESC 'Member
and Memb
 erURL attribute pair' SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgOvAt:8.1 NAME 'olcDlAttrSet' DESC 'Dynamic
list: <gr
 oup objectClass>, <URL attributeDescription>, <member
attributeDescription>'
 EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
olcAttributeTypes: ( 1.2.840.113556.1.2.102 NAME 'memberOf' DESC 'Group
that t
 he entry belongs to' EQUALITY distinguishedNameMatch SYNTAX
1.3.6.1.4.1.1466.
 115.121.1.12 USAGE dSAOperation X-ORIGIN 'iPlanet Delegated
Administrator' )
olcAttributeTypes: ( OLcfgOvAt:18.0 NAME 'olcMemberOfDN' DESC 'DN to be
used a
 s modifiersName' SYNTAX OMsDN SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:18.1 NAME 'olcMemberOfDangling' DESC
'Behavior
 with respect to dangling members, constrained to ignore, drop, error'
SYNTAX
 OMsDirectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:18.2 NAME 'olcMemberOfRefInt' DESC 'Take
care o
 f referential integrity' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:18.3 NAME 'olcMemberOfGroupOC' DESC
'Group obje
 ctClass' SYNTAX OMsDirectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:18.4 NAME 'olcMemberOfMemberAD' DESC
'member at
 tribute' SYNTAX OMsDirectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:18.5 NAME 'olcMemberOfMemberOfAD' DESC
'memberO
 f attribute' SYNTAX OMsDirectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:18.7 NAME 'olcMemberOfDanglingError' DESC
'Erro
 r code returned in case of dangling back reference' SYNTAX
OMsDirectoryString
  SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.16 NAME 'pwdChangedTime'
DESC 'Th
 e time the password was last changed' EQUALITY generalizedTimeMatch
ORDERING
 generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-VALU
 E NO-USER-MODIFICATION USAGE directoryOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.17 NAME
'pwdAccountLockedTime' DE
 SC 'The time an user account was locked' EQUALITY generalizedTimeMatch
ORDERI
 NG generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-V
 ALUE USAGE directoryOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.19 NAME 'pwdFailureTime'
DESC 'Th
 e timestamps of the last consecutive authentication failures' EQUALITY
genera
 lizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX
1.3.6.1.4.1.1466.
 115.121.1.24 NO-USER-MODIFICATION USAGE directoryOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.20 NAME 'pwdHistory' DESC
'The hi
 story of users passwords' EQUALITY octetStringMatch SYNTAX
1.3.6.1.4.1.1466.1
 15.121.1.40 NO-USER-MODIFICATION USAGE directoryOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.21 NAME 'pwdGraceUseTime'
DESC 'T
 he timestamps of the grace login once the password has expired'
EQUALITY gene
 ralizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
NO-USER-MODIFICATION US
 AGE directoryOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.22 NAME 'pwdReset' DESC
'The indi
 cation that the password has been reset' EQUALITY booleanMatch SYNTAX
1.3.6.1
 .4.1.1466.115.121.1.7 SINGLE-VALUE USAGE directoryOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.23 NAME 'pwdPolicySubentry'
DESC
 'The pwdPolicy subentry in effect for this object' EQUALITY
distinguishedName
 Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE USAGE
directoryOperat
 ion )
olcAttributeTypes: ( OLcfgOvAt:12.1 NAME 'olcPPolicyDefault' DESC 'DN of
a pwd
 Policy object for uncustomized objects' SYNTAX OMsDN SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:12.2 NAME 'olcPPolicyHashCleartext' DESC
'Hash
 passwords on add or modify' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:12.4 NAME 'olcPPolicyForwardUpdates' DESC
'Allo
 w policy state updates to be forwarded via updateref' SYNTAX OMsBoolean
SINGL
 E-VALUE )
olcAttributeTypes: ( OLcfgOvAt:12.3 NAME 'olcPPolicyUseLockout' DESC
'Warn cli
 ents with AccountLocked' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( PCacheAttributes:1 NAME 'pcacheQueryID' DESC 'ID of
query
  the entry belongs to, formatted as a UUID' EQUALITY octetStringMatch
SYNTAX
 1.3.6.1.4.1.1466.115.121.1.40{64} NO-USER-MODIFICATION USAGE
directoryOperati
 on )
olcAttributeTypes: ( PCacheAttributes:2 NAME 'pcacheQueryURL' DESC 'URI
descri
 bing a cached query' EQUALITY caseExactMatch SYNTAX
1.3.6.1.4.1.1466.115.121.
 1.15 NO-USER-MODIFICATION USAGE directoryOperation )
olcAttributeTypes: ( OLcfgOvAt:2.1 NAME ( 'olcPcache' 'olcProxyCache' )
DESC '
 Proxy Cache basic parameters' SYNTAX OMsDirectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:2.2 NAME ( 'olcPcacheAttrset'
'olcProxyAttrset'
  ) DESC 'A set of attributes to cache' SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgOvAt:2.3 NAME ( 'olcPcacheTemplate'
'olcProxyCacheTe
 mplate' ) DESC 'Filter template, attrset, cache TTL, optional negative
TTL, o
 ptional sizelimit TTL, optional TTR' SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgOvAt:2.4 NAME 'olcPcachePosition' DESC
'Response cal
 lback position in overlay stack' SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgOvAt:2.5 NAME ( 'olcPcacheMaxQueries'
'olcProxyCache
 Queries' ) DESC 'Maximum number of queries to cache' SYNTAX OMsInteger )
olcAttributeTypes: ( OLcfgOvAt:2.6 NAME ( 'olcPcachePersist'
'olcProxySaveQuer
 ies' ) DESC 'Save cached queries for hot restart' SYNTAX OMsBoolean )
olcAttributeTypes: ( OLcfgOvAt:2.7 NAME ( 'olcPcacheValidate'
'olcProxyCheckCa
 cheability' ) DESC 'Check whether the results of a query are cacheable,
e.g.
 for schema issues' SYNTAX OMsBoolean )
olcAttributeTypes: ( OLcfgOvAt:2.8 NAME 'olcPcacheOffline' DESC 'Set
cache to
 offline mode and disable expiration' SYNTAX OMsBoolean )
olcAttributeTypes: ( OLcfgOvAt:2.9 NAME 'olcPcacheBind' DESC 'Parameters
for c
 aching Binds' SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgOvAt:11.1 NAME 'olcRefintAttribute' DESC
'Attributes
  for referential integrity' EQUALITY caseIgnoreMatch SYNTAX
OMsDirectoryStrin
 g )
olcAttributeTypes: ( OLcfgOvAt:11.2 NAME 'olcRefintNothing' DESC
'Replacement
 DN to supply when needed' SYNTAX OMsDN SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:11.3 NAME 'olcRefintModifiersName' DESC
'The DN
  to use as modifiersName' SYNTAX OMsDN SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.4.1.1 NAME 'errCode' DESC
'LDAP e
 rror code' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX
1.3.6.1
 .4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.4.1.2 NAME 'errOp' DESC
'Operatio
 ns the errObject applies to' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstr
 ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.4.1.3 NAME 'errText' DESC
'LDAP e
 rror textual description' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstring
 sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.4.1.4 NAME 'errSleepTime'
DESC 'T
 ime to wait before returning the error' EQUALITY integerMatch SYNTAX
1.3.6.1.
 4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.4.1.5 NAME 'errMatchedDN'
DESC 'V
 alue to be returned as matched DN' EQUALITY distinguishedNameMatch
SYNTAX 1.3
 .6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.4.1.6 NAME
'errUnsolicitedOID' DE
 SC 'OID to be returned within unsolicited response' EQUALITY
objectIdentifier
 Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.4.1.7 NAME
'errUnsolicitedData' D
 ESC 'Data to be returned within unsolicited response' SYNTAX
1.3.6.1.4.1.1466
 .115.121.1.40 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.4.1.8 NAME 'errDisconnect'
DESC '
 Disconnect without notice' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:20.1 NAME 'olcRetcodeParent' DESC ''
SYNTAX OMs
 DN SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:20.2 NAME 'olcRetcodeItem' DESC ''
EQUALITY cas
 eIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
olcAttributeTypes: ( OLcfgOvAt:20.3 NAME 'olcRetcodeInDir' DESC ''
SYNTAX OMsB
 oolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:20.4 NAME 'olcRetcodeSleep' DESC ''
SYNTAX OMsI
 nteger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:16.1 NAME 'olcRwmRewrite' DESC 'Rewrites
string
 s' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
olcAttributeTypes: ( OLcfgOvAt:16.2 NAME 'olcRwmTFSupport' DESC
'Absolute filt
 ers support' SYNTAX OMsDirectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:16.3 NAME 'olcRwmMap' DESC 'maps
attributes/obj
 ectClasses' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString
X-ORDERED 'VAL
 UES' )
olcAttributeTypes: ( OLcfgOvAt:16.4 NAME 'olcRwmNormalizeMapped' DESC
'Normali
 ze mapped attributes/objectClasses' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:16.5 NAME 'olcRwmDropUnrequested' DESC
'Drop un
 requested attributes' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:21.1 NAME 'olcSssVlvMax' DESC 'Maximum
number o
 f concurrent Sort requests' SYNTAX OMsInteger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:21.2 NAME 'olcSssVlvMaxKeys' DESC
'Maximum numb
 er of Keys in a Sort request' SYNTAX OMsInteger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:1.1 NAME 'olcSpCheckpoint' DESC
'ContextCSN che
 ckpoint interval in ops and minutes' SYNTAX OMsDirectoryString
SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:1.2 NAME 'olcSpSessionlog' DESC 'Session
log si
 ze in ops' SYNTAX OMsInteger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:1.3 NAME 'olcSpNoPresent' DESC 'Omit
Present ph
 ase processing' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:1.4 NAME 'olcSpReloadHint' DESC 'Observe
Reload
  Hint in Request control' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:14.1 NAME 'olcTranslucentStrict' DESC
'Reveal a
 ttribute deletion constraint violations' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:14.2 NAME 'olcTranslucentNoGlue' DESC
'Disable
 automatic glue records for ADD and MODRDN' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:14.3 NAME 'olcTranslucentLocal' DESC
'Attribute
 s to use in local search filter' SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgOvAt:14.4 NAME 'olcTranslucentRemote' DESC
'Attribut
 es to use in remote search filter' SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgOvAt:14.5 NAME 'olcTranslucentBindLocal' DESC
'Enabl
 e local bind' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:14.6 NAME 'olcTranslucentPwModLocal' DESC
'Enab
 le local RFC 3062 Password Modify extended operation' SYNTAX OMsBoolean
SINGL
 E-VALUE )
olcAttributeTypes: ( OLcfgOvAt:10.1 NAME 'olcUniqueBase' DESC 'Subtree
for uni
 queness searches' EQUALITY distinguishedNameMatch SYNTAX OMsDN
SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:10.2 NAME 'olcUniqueIgnore' DESC
'Attributes fo
 r which uniqueness shall not be enforced' EQUALITY caseIgnoreMatch
ORDERING c
 aseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
OMsDirectorySt
 ring )
olcAttributeTypes: ( OLcfgOvAt:10.3 NAME 'olcUniqueAttribute' DESC
'Attributes
  for which uniqueness shall be enforced' EQUALITY caseIgnoreMatch
ORDERING ca
 seIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
OMsDirectoryStr
 ing )
olcAttributeTypes: ( OLcfgOvAt:10.4 NAME 'olcUniqueStrict' DESC 'Enforce
uniqu
 eness of null values' EQUALITY booleanMatch SYNTAX OMsBoolean
SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:10.5 NAME 'olcUniqueURI' DESC 'List of
keywords
  and LDAP URIs for a uniqueness domain' EQUALITY caseExactMatch
ORDERING case
 ExactOrderingMatch SUBSTR caseExactSubstringsMatch SYNTAX
OMsDirectoryString
 )
olcAttributeTypes: ( OLcfgOvAt:5.1 NAME 'olcValSortAttr' DESC 'Sorting
rule fo
 r attribute under given DN' EQUALITY caseIgnoreMatch SYNTAX
OMsDirectoryStrin
 g )
olcAttributeTypes: ( olmBDBAttributes:1 NAME 'olmBDBEntryCache' DESC
'Number o
 f items in Entry Cache' SUP monitorCounter NO-USER-MODIFICATION USAGE
dSAOper
 ation )
olcAttributeTypes: ( olmBDBAttributes:2 NAME 'olmBDBDNCache' DESC
'Number of i
 tems in DN Cache' SUP monitorCounter NO-USER-MODIFICATION USAGE
dSAOperation
 )
olcAttributeTypes: ( olmBDBAttributes:3 NAME 'olmBDBIDLCache' DESC
'Number of
 items in IDL Cache' SUP monitorCounter NO-USER-MODIFICATION USAGE
dSAOperatio
 n )
olcAttributeTypes: ( olmBDBAttributes:4 NAME 'olmDbDirectory' DESC 'Path
name
 of the directory where the database environment resides' SUP
monitoredInfo NO
 -USER-MODIFICATION USAGE dSAOperation )
olcObjectClasses: ( 2.5.6.0 NAME 'top' DESC 'top of the superclass
chain' ABST
 RACT MUST objectClass )
olcObjectClasses: ( 1.3.6.1.4.1.1466.101.120.111 NAME 'extensibleObject'
DESC
 'RFC4512: extensible object' SUP top AUXILIARY )
olcObjectClasses: ( 2.5.6.1 NAME 'alias' DESC 'RFC4512: an alias' SUP
top STRU
 CTURAL MUST aliasedObjectName )
olcObjectClasses: ( 2.16.840.1.113730.3.2.6 NAME 'referral' DESC
'namedref: na
 med subordinate referral' SUP top STRUCTURAL MUST ref )
olcObjectClasses: ( 1.3.6.1.4.1.4203.1.4.1 NAME ( 'OpenLDAProotDSE'
'LDAProotD
 SE' ) DESC 'OpenLDAP Root DSE object' SUP top STRUCTURAL MAY cn )
olcObjectClasses: ( 2.5.17.0 NAME 'subentry' DESC 'RFC3672: subentry'
SUP top
 STRUCTURAL MUST ( cn $ subtreeSpecification ) )
olcObjectClasses: ( 2.5.20.1 NAME 'subschema' DESC 'RFC4512: controlling
subsc
 hema (sub)entry' AUXILIARY MAY ( dITStructureRules $ nameForms $
dITContentRu
 les $ objectClasses $ attributeTypes $ matchingRules $ matchingRuleUse ) )
olcObjectClasses: ( 1.3.6.1.4.1.1466.101.119.2 NAME 'dynamicObject' DESC
'RFC2
 589: Dynamic Object' SUP top AUXILIARY )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.4 NAME 'glue' DESC 'Glue
Entry' SUP
  top STRUCTURAL )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.5 NAME 'syncConsumerSubentry'
DESC
 'Persistent Info for SyncRepl Consumer' AUXILIARY MAY syncreplCookie )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.6 NAME 'syncProviderSubentry'
DESC
 'Persistent Info for SyncRepl Producer' AUXILIARY MAY contextCSN )
olcObjectClasses: ( OLcfgGlOc:0 NAME 'olcConfig' DESC 'OpenLDAP
configuration
 object' SUP top ABSTRACT )
olcObjectClasses: ( OLcfgGlOc:1 NAME 'olcGlobal' DESC 'OpenLDAP Global
configu
 ration options' SUP olcConfig STRUCTURAL MAY ( cn $ olcConfigFile $
olcConfig
 Dir $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAuthIDRewrite
$ olcA
 uthzPolicy $ olcAuthzRegexp $ olcConcurrency $ olcConnMaxPending $
olcConnMax
 PendingAuth $ olcDisallows $ olcGentleHUP $ olcIdleTimeout $
olcIndexSubstrIf
 MaxLen $ olcIndexSubstrIfMinLen $ olcIndexSubstrAnyLen $
olcIndexSubstrAnySte
 p $ olcIndexIntLen $ olcLocalSSF $ olcLogFile $ olcLogLevel $
olcPasswordCryp
 tSaltFormat $ olcPasswordHash $ olcPidFile $ olcPluginLogFile $
olcReadOnly $
  olcReferral $ olcReplogFile $ olcRequires $ olcRestrict $
olcReverseLookup $
  olcRootDSE $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $
olcSaslSecProps
 $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSockbufMaxIncoming $
olcSockb
 ufMaxIncomingAuth $ olcTCPBuffer $ olcThreads $ olcTimeLimit $
olcTLSCACertif
 icateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $
olcTLSCertifica
 teKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSRandFile $
olcTLSVerif
 yClient $ olcTLSDHParamFile $ olcTLSCRLFile $ olcToolThreads $
olcWriteTimeou
 t $ olcObjectIdentifier $ olcAttributeTypes $ olcObjectClasses $
olcDitConten
 tRules $ olcLdapSyntaxes ) )
olcObjectClasses: ( OLcfgGlOc:2 NAME 'olcSchemaConfig' DESC 'OpenLDAP
schema o
 bject' SUP olcConfig STRUCTURAL MAY ( cn $ olcObjectIdentifier $
olcAttribute
 Types $ olcObjectClasses $ olcDitContentRules $ olcLdapSyntaxes ) )
olcObjectClasses: ( OLcfgGlOc:3 NAME 'olcBackendConfig' DESC 'OpenLDAP
Backend
 -specific options' SUP olcConfig STRUCTURAL MUST olcBackend )
olcObjectClasses: ( OLcfgGlOc:4 NAME 'olcDatabaseConfig' DESC 'OpenLDAP
Databa
 se-specific options' SUP olcConfig STRUCTURAL MUST olcDatabase MAY (
olcHidde
 n $ olcSuffix $ olcSubordinate $ olcAccess $ olcAddContentAcl $
olcLastMod $
 olcLimits $ olcMaxDerefDepth $ olcPlugin $ olcReadOnly $ olcReplica $
olcRepl
 icaArgsFile $ olcReplicaPidFile $ olcReplicationInterval $
olcReplogFile $ ol
 cRequires $ olcRestrict $ olcRootDN $ olcRootPW $ olcSchemaDN $
olcSecurity $
  olcSizeLimit $ olcSyncUseSubentry $ olcSyncrepl $ olcTimeLimit $
olcUpdateDN
  $ olcUpdateRef $ olcMirrorMode $ olcMonitoring ) )
olcObjectClasses: ( OLcfgGlOc:5 NAME 'olcOverlayConfig' DESC 'OpenLDAP
Overlay
 -specific options' SUP olcConfig STRUCTURAL MUST olcOverlay )
olcObjectClasses: ( OLcfgGlOc:6 NAME 'olcIncludeFile' DESC 'OpenLDAP
configura
 tion include file' SUP olcConfig STRUCTURAL MUST olcInclude MAY ( cn $
olcRoo
 tDSE ) )
olcObjectClasses: ( OLcfgGlOc:7 NAME 'olcFrontendConfig' DESC 'OpenLDAP
fronte
 nd configuration' AUXILIARY MAY ( olcDefaultSearchBase $
olcPasswordHash $ ol
 cSortVals ) )
olcObjectClasses: ( OLcfgGlOc:8 NAME 'olcModuleList' DESC 'OpenLDAP
dynamic mo
 dule info' SUP olcConfig STRUCTURAL MAY ( cn $ olcModulePath $
olcModuleLoad
 ) )
olcObjectClasses: ( OLcfgDbOc:2.1 NAME 'olcLdifConfig' DESC 'LDIF
backend conf
 iguration' SUP olcDatabaseConfig STRUCTURAL MUST olcDbDirectory )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.16.1 NAME 'monitor' DESC
'OpenLDAP
 system monitoring' SUP top STRUCTURAL MUST cn MAY ( description $
seeAlso $ l
 abeledURI $ monitoredInfo $ managedInfo $ monitorOverlay ) )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.16.2 NAME 'monitorServer'
DESC 'Ser
 ver monitoring root entry' SUP monitor STRUCTURAL )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.16.3 NAME 'monitorContainer'
DESC '
 monitor container class' SUP monitor STRUCTURAL )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.16.4 NAME
'monitorCounterObject' DE
 SC 'monitor counter class' SUP monitor STRUCTURAL )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.16.5 NAME 'monitorOperation'
DESC '
 monitor operation class' SUP monitor STRUCTURAL )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.16.6 NAME 'monitorConnection'
DESC
 'monitor connection class' SUP monitor STRUCTURAL )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.16.7 NAME 'managedObject'
DESC 'mon
 itor managed entity class' SUP monitor STRUCTURAL )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.16.8 NAME 'monitoredObject'
DESC 'm
 onitor monitored entity class' SUP monitor STRUCTURAL )
olcObjectClasses: ( OLcfgDbOc:4.1 NAME 'olcMonitorConfig' DESC 'Monitor
backen
 d configuration' SUP olcDatabaseConfig STRUCTURAL )
olcObjectClasses: ( OLcfgDbOc:1.1 NAME 'olcBdbConfig' DESC 'BDB backend
config
 uration' SUP olcDatabaseConfig STRUCTURAL MUST olcDbDirectory MAY (
olcDbCach
 eSize $ olcDbCheckpoint $ olcDbConfig $ olcDbCryptFile $ olcDbCryptKey
$ olcD
 bNoSync $ olcDbDirtyRead $ olcDbIDLcacheSize $ olcDbIndex $
olcDbLinearIndex
 $ olcDbLockDetect $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $
olcDbCacheFr
 ee $ olcDbDNcacheSize $ olcDbPageSize ) )
olcObjectClasses: ( OLcfgDbOc:1.2 NAME 'olcHdbConfig' DESC 'HDB backend
config
 uration' SUP olcDatabaseConfig STRUCTURAL MUST olcDbDirectory MAY (
olcDbCach
 eSize $ olcDbCheckpoint $ olcDbConfig $ olcDbCryptFile $ olcDbCryptKey
$ olcD
 bNoSync $ olcDbDirtyRead $ olcDbIDLcacheSize $ olcDbIndex $
olcDbLinearIndex
 $ olcDbLockDetect $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $
olcDbCacheFr
 ee $ olcDbDNcacheSize $ olcDbPageSize ) )
olcObjectClasses: ( OLcfgDbOc:5.1 NAME 'olcRelayConfig' DESC 'Relay
backend co
 nfiguration' SUP olcDatabaseConfig STRUCTURAL MAY olcRelay )
olcObjectClasses: ( OLcfgOvOc:4.1 NAME 'olcAccessLogConfig' DESC 'Access
log c
 onfiguration' SUP olcOverlayConfig STRUCTURAL MUST olcAccessLogDB MAY (
olcAc
 cessLogOps $ olcAccessLogPurge $ olcAccessLogSuccess $ olcAccessLogOld
$ olcA
 ccessLogOldAttr ) )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.0 NAME 'auditContainer'
DESC '
 AuditLog container' SUP top STRUCTURAL MAY ( cn $ reqStart $ reqEnd ) )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.1 NAME 'auditObject'
DESC 'Ope
 nLDAP request auditing' SUP top STRUCTURAL MUST ( reqStart $ reqType $
reqSes
 sion ) MAY ( reqDN $ reqAuthzID $ reqControls $ reqRespControls $
reqEnd $ re
 qResult $ reqMessage $ reqReferral ) )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.2 NAME 'auditReadObject'
DESC
 'OpenLDAP read request record' SUP auditObject STRUCTURAL )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.3 NAME
'auditWriteObject' DESC
  'OpenLDAP write request record' SUP auditObject STRUCTURAL )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.4 NAME 'auditAbandon'
DESC 'Ab
 andon operation' SUP auditObject STRUCTURAL MUST reqId )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.5 NAME 'auditAdd' DESC
'Add op
 eration' SUP auditWriteObject STRUCTURAL MUST reqMod )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.6 NAME 'auditBind' DESC
'Bind
 operation' SUP auditObject STRUCTURAL MUST ( reqVersion $ reqMethod ) )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.7 NAME 'auditCompare'
DESC 'Co
 mpare operation' SUP auditReadObject STRUCTURAL MUST reqAssertion )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.8 NAME 'auditDelete'
DESC 'Del
 ete operation' SUP auditWriteObject STRUCTURAL MAY reqOld )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.9 NAME 'auditModify'
DESC 'Mod
 ify operation' SUP auditWriteObject STRUCTURAL MUST reqMod MAY reqOld )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.10 NAME 'auditModRDN'
DESC 'Mo
 dRDN operation' SUP auditWriteObject STRUCTURAL MUST ( reqNewRDN $
reqDeleteO
 ldRDN ) MAY ( reqNewSuperior $ reqMod $ reqOld ) )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.11 NAME 'auditSearch'
DESC 'Se
 arch operation' SUP auditReadObject STRUCTURAL MUST ( reqScope $
reqDerefAlia
 ses $ reqAttrsonly ) MAY ( reqFilter $ reqAttr $ reqEntries $
reqSizeLimit $
 reqTimeLimit ) )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.12 NAME 'auditExtended'
DESC '
 Extended operation' SUP auditObject STRUCTURAL MAY reqData )
olcObjectClasses: ( OLcfgOvOc:15.1 NAME 'olcAuditlogConfig' DESC
'Auditlog con
 figuration' SUP olcOverlayConfig STRUCTURAL MAY olcAuditlogFile )
olcObjectClasses: ( OLcfgOvOc:19.1 NAME 'olcCollectConfig' DESC
'Collective At
 tribute configuration' SUP olcOverlayConfig STRUCTURAL MAY olcCollectInfo )
olcObjectClasses: ( OLcfgOvOc:13.1 NAME 'olcConstraintConfig' DESC
'Constraint
  overlay configuration' SUP olcOverlayConfig STRUCTURAL MAY
olcConstraintAttr
 ibute )
olcObjectClasses: ( OLcfgOvOc:9.1 NAME 'olcDDSConfig' DESC 'RFC2589
Dynamic di
 rectory services configuration' SUP olcOverlayConfig STRUCTURAL MAY (
olcDDSs
 tate $ olcDDSmaxTtl $ olcDDSminTtl $ olcDDSdefaultTtl $ olcDDSinterval
$ olcD
 DStolerance $ olcDDSmaxDynamicObjects ) )
olcObjectClasses: ( OLcfgOvOc:17.1 NAME 'olcDGConfig' DESC 'Dynamic
Group conf
 iguration' SUP olcOverlayConfig STRUCTURAL MAY olcDGAttrPair )
olcObjectClasses: ( OLcfgOvOc:8.1 NAME 'olcDynamicList' DESC 'Dynamic
list con
 figuration' SUP olcOverlayConfig STRUCTURAL MAY olcDLattrSet )
olcObjectClasses: ( OLcfgOvOc:18.1 NAME 'olcMemberOf' DESC 'Member-of
configur
 ation' SUP olcOverlayConfig STRUCTURAL MAY ( olcMemberOfDN $
olcMemberOfDangl
 ing $ olcMemberOfDanglingError $ olcMemberOfRefInt $ olcMemberOfGroupOC
$ olc
 MemberOfMemberAD $ olcMemberOfMemberOfAD ) )
olcObjectClasses: ( OLcfgOvOc:12.1 NAME 'olcPPolicyConfig' DESC
'Password Poli
 cy configuration' SUP olcOverlayConfig STRUCTURAL MAY (
olcPPolicyDefault $ o
 lcPPolicyHashCleartext $ olcPPolicyUseLockout $
olcPPolicyForwardUpdates ) )
olcObjectClasses: ( OLcfgOvOc:2.1 NAME 'olcPcacheConfig' DESC
'ProxyCache conf
 iguration' SUP olcOverlayConfig STRUCTURAL MUST ( olcPcache $
olcPcacheAttrse
 t $ olcPcacheTemplate ) MAY ( olcPcachePosition $ olcPcacheMaxQueries $
olcPc
 achePersist $ olcPcacheValidate $ olcPcacheOffline $ olcPcacheBind ) )
olcObjectClasses: ( OLcfgOvOc:2.2 NAME 'olcPcacheDatabase' DESC 'Cache
databas
 e configuration' AUXILIARY )
olcObjectClasses: ( OLcfgOvOc:11.1 NAME 'olcRefintConfig' DESC
'Referential in
 tegrity configuration' SUP olcOverlayConfig STRUCTURAL MAY (
olcRefintAttribu
 te $ olcRefintNothing $ olcRefintModifiersName ) )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.4.3.0 NAME 'errAbsObject'
SUP top
 ABSTRACT MUST errCode MAY ( cn $ description $ errOp $ errText $
errSleepTime
  $ errMatchedDN $ errUnsolicitedOID $ errUnsolicitedData $
errDisconnect ) )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.4.3.1 NAME 'errObject' SUP
errAbsO
 bject STRUCTURAL )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.4.3.2 NAME 'errAuxObject'
SUP errA
 bsObject AUXILIARY )
olcObjectClasses: ( OLcfgOvOc:20.1 NAME 'olcRetcodeConfig' DESC 'Retcode
confi
 guration' SUP olcOverlayConfig STRUCTURAL MAY ( olcRetcodeParent $
olcRetcode
 Item $ olcRetcodeInDir $ olcRetcodeSleep ) )
olcObjectClasses: ( OLcfgOvOc:16.1 NAME 'olcRwmConfig' DESC
'Rewrite/remap con
 figuration' SUP olcOverlayConfig STRUCTURAL MAY ( olcRwmRewrite $
olcRwmTFSup
 port $ olcRwmMap $ olcRwmNormalizeMapped ) )
olcObjectClasses: ( OLcfgOvOc:21.1 NAME 'olcSssVlvConfig' DESC 'SSS VLV
config
 uration' SUP olcOverlayConfig STRUCTURAL MAY ( olcSssVlvMax $
olcSssVlvMaxKey
 s ) )
olcObjectClasses: ( OLcfgOvOc:1.1 NAME 'olcSyncProvConfig' DESC
'SyncRepl Prov
 ider configuration' SUP olcOverlayConfig STRUCTURAL MAY (
olcSpCheckpoint $ o
 lcSpSessionlog $ olcSpNoPresent $ olcSpReloadHint ) )
olcObjectClasses: ( OLcfgOvOc:14.1 NAME 'olcTranslucentConfig' DESC
'Transluce
 nt configuration' SUP olcOverlayConfig STRUCTURAL MAY (
olcTranslucentStrict
 $ olcTranslucentNoGlue $ olcTranslucentLocal $ olcTranslucentRemote $
olcTran
 slucentBindLocal $ olcTranslucentPwModLocal ) )
olcObjectClasses: ( OLcfgOvOc:14.2 NAME 'olcTranslucentDatabase' DESC
'Translu
 cent target database configuration' AUXILIARY )
olcObjectClasses: ( OLcfgOvOc:10.1 NAME 'olcUniqueConfig' DESC
'Attribute valu
 e uniqueness configuration' SUP olcOverlayConfig STRUCTURAL MAY (
olcUniqueBa
 se $ olcUniqueIgnore $ olcUniqueAttribute $ olcUniqueStrict $
olcUniqueURI )
 )
olcObjectClasses: ( OLcfgOvOc:5.1 NAME 'olcValSortConfig' DESC 'Value
Sorting
 configuration' SUP olcOverlayConfig STRUCTURAL MUST olcValSortAttr )
olcObjectClasses: ( olmBDBObjectClasses:1 NAME 'olmBDBDatabase' SUP top
AUXILI
 ARY MAY ( olmBDBEntryCache $ olmBDBDNCache $ olmBDBIDLCache $
olmDbDirectory
 ) )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.1 DESC 'ACI Item'
X-BINARY-TRANS
 FER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.2 DESC 'Access Point'
X-NOT-HUMA
 N-READABLE 'TRUE' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.3 DESC 'Attribute Type
Descripti
 on' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.4 DESC 'Audio'
X-NOT-HUMAN-READA
 BLE 'TRUE' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.5 DESC 'Binary'
X-NOT-HUMAN-READ
 ABLE 'TRUE' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.6 DESC 'Bit String' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.7 DESC 'Boolean' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'Certificate'
X-BINARY-TR
 ANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.9 DESC 'Certificate List'
X-BINA
 RY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.10 DESC 'Certificate Pair'
X-BIN
 ARY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.666.11.10.2.1 DESC 'X.509
AttributeCertifi
 cate' X-BINARY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.12 DESC 'Distinguished Name' )
olcLdapSyntaxes: ( 1.2.36.79672281.1.5.0 DESC 'RDN' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.13 DESC 'Data Quality' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.14 DESC 'Delivery Method' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.15 DESC 'Directory String' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.16 DESC 'DIT Content Rule
Descri
 ption' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.17 DESC 'DIT Structure
Rule Desc
 ription' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.19 DESC 'DSA Quality' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.20 DESC 'DSE Type' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.21 DESC 'Enhanced Guide' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.22 DESC 'Facsimile
Telephone Num
 ber' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.23 DESC 'Fax'
X-NOT-HUMAN-READAB
 LE 'TRUE' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.24 DESC 'Generalized Time' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.25 DESC 'Guide' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.26 DESC 'IA5 String' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.27 DESC 'Integer' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.28 DESC 'JPEG'
X-NOT-HUMAN-READA
 BLE 'TRUE' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.29 DESC 'Master And Shadow
Acces
 s Points' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.30 DESC 'Matching Rule
Descripti
 on' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.31 DESC 'Matching Rule Use
Descr
 iption' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.32 DESC 'Mail Preference' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.33 DESC 'MHS OR Address' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.34 DESC 'Name And Optional
UID'
 )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.35 DESC 'Name Form
Description'
 )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.36 DESC 'Numeric String' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.37 DESC 'Object Class
Descriptio
 n' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.38 DESC 'OID' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.39 DESC 'Other Mailbox' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.40 DESC 'Octet String' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.41 DESC 'Postal Address' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.42 DESC 'Protocol
Information' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.43 DESC 'Presentation
Address' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.44 DESC 'Printable String' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.11 DESC 'Country String' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.45 DESC
'SubtreeSpecification' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.49 DESC 'Supported
Algorithm' X-
 BINARY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.50 DESC 'Telephone Number' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.51 DESC 'Teletex Terminal
Identi
 fier' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.52 DESC 'Telex Number' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.54 DESC 'LDAP Syntax
Description
 ' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.55 DESC 'Modify Rights' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.56 DESC 'LDAP Schema
Definition'
  )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.57 DESC 'LDAP Schema
Description
 ' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.58 DESC 'Substring
Assertion' )
olcLdapSyntaxes: ( 1.3.6.1.1.1.0.0 DESC 'RFC2307 NIS Netgroup Triple' )
olcLdapSyntaxes: ( 1.3.6.1.1.1.0.1 DESC 'RFC2307 Boot Parameter' )
olcLdapSyntaxes: ( 1.3.6.1.1.15.1 DESC 'Certificate Exact Assertion' )
olcLdapSyntaxes: ( 1.3.6.1.1.15.2 DESC 'Certificate Assertion' )
olcLdapSyntaxes: ( 1.3.6.1.1.15.3 DESC 'Certificate Pair Exact Assertion' )
olcLdapSyntaxes: ( 1.3.6.1.1.15.4 DESC 'Certificate Pair Assertion' )
olcLdapSyntaxes: ( 1.3.6.1.1.15.5 DESC 'Certificate List Exact Assertion' )
olcLdapSyntaxes: ( 1.3.6.1.1.15.6 DESC 'Certificate List Assertion' )
olcLdapSyntaxes: ( 1.3.6.1.1.15.7 DESC 'Algorithm Identifier' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.666.11.10.2.2 DESC
'AttributeCertificate E
 xact Assertion' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.666.11.10.2.3 DESC
'AttributeCertificate A
 ssertion' )
olcLdapSyntaxes: ( 1.3.6.1.1.16.1 DESC 'UUID' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.666.11.2.1 DESC 'CSN' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.666.11.2.4 DESC 'CSN SID' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.1.1.1 DESC 'OpenLDAP void' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.666.2.7 DESC 'OpenLDAP authz' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.666.11.5.3.1 DESC 'Control' )
structuralObjectClass: olcSchemaConfig
entryUUID: 65307d96-9721-102f-955d-4b8bb57ada73
creatorsName: cn=config
createTimestamp: 20101208141546Z
entryCSN: 20101208141546.777296Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20101208141546Z

dn: cn={0}core,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {0}core
olcAttributeTypes: {0}( 2.5.4.2 NAME 'knowledgeInformation' DESC
'RFC2256: kno
 wledge information' EQUALITY caseIgnoreMatch SYNTAX
1.3.6.1.4.1.1466.115.121.
 1.15{32768} )
olcAttributeTypes: {1}( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256:
last (f
 amily) name(s) for which the entity is known by' SUP name )
olcAttributeTypes: {2}( 2.5.4.5 NAME 'serialNumber' DESC 'RFC2256:
serial numb
 er of the entity' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch S
 YNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
olcAttributeTypes: {3}( 2.5.4.6 NAME ( 'c' 'countryName' ) DESC
'RFC4519: two-
 letter ISO-3166 country code' SUP name SYNTAX
1.3.6.1.4.1.1466.115.121.1.11 S
 INGLE-VALUE )
olcAttributeTypes: {4}( 2.5.4.7 NAME ( 'l' 'localityName' ) DESC
'RFC2256: loc
 ality which this object resides in' SUP name )
olcAttributeTypes: {5}( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) DESC
'RFC2
 256: state or province which this object resides in' SUP name )
olcAttributeTypes: {6}( 2.5.4.9 NAME ( 'street' 'streetAddress' ) DESC
'RFC225
 6: street address of this object' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreS
 ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
olcAttributeTypes: {7}( 2.5.4.10 NAME ( 'o' 'organizationName' ) DESC
'RFC2256
 : organization this object belongs to' SUP name )
olcAttributeTypes: {8}( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
DESC '
 RFC2256: organizational unit this object belongs to' SUP name )
olcAttributeTypes: {9}( 2.5.4.12 NAME 'title' DESC 'RFC2256: title
associated
 with the entity' SUP name )
olcAttributeTypes: {10}( 2.5.4.14 NAME 'searchGuide' DESC 'RFC2256:
search gui
 de, deprecated by enhancedSearchGuide' SYNTAX
1.3.6.1.4.1.1466.115.121.1.25 )
olcAttributeTypes: {11}( 2.5.4.15 NAME 'businessCategory' DESC 'RFC2256:
busin
 ess category' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
SYNTA
 X 1.3.6.1.4.1.1466.115.121.1.15{128} )
olcAttributeTypes: {12}( 2.5.4.16 NAME 'postalAddress' DESC 'RFC2256:
postal a
 ddress' EQUALITY caseIgnoreListMatch SUBSTR
caseIgnoreListSubstringsMatch SYN
 TAX 1.3.6.1.4.1.1466.115.121.1.41 )
olcAttributeTypes: {13}( 2.5.4.17 NAME 'postalCode' DESC 'RFC2256:
postal code
 ' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.
 1.1466.115.121.1.15{40} )
olcAttributeTypes: {14}( 2.5.4.18 NAME 'postOfficeBox' DESC 'RFC2256:
Post Off
 ice Box' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3
 .6.1.4.1.1466.115.121.1.15{40} )
olcAttributeTypes: {15}( 2.5.4.19 NAME 'physicalDeliveryOfficeName' DESC
'RFC2
 256: Physical Delivery Office Name' EQUALITY caseIgnoreMatch SUBSTR
caseIgnor
 eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
olcAttributeTypes: {16}( 2.5.4.20 NAME 'telephoneNumber' DESC 'RFC2256:
Teleph
 one Number' EQUALITY telephoneNumberMatch SUBSTR
telephoneNumberSubstringsMat
 ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
olcAttributeTypes: {17}( 2.5.4.21 NAME 'telexNumber' DESC 'RFC2256:
Telex Numb
 er' SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
olcAttributeTypes: {18}( 2.5.4.22 NAME 'teletexTerminalIdentifier' DESC
'RFC22
 56: Teletex Terminal Identifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
olcAttributeTypes: {19}( 2.5.4.23 NAME ( 'facsimileTelephoneNumber'
'fax' ) DE
 SC 'RFC2256: Facsimile (Fax) Telephone Number' SYNTAX
1.3.6.1.4.1.1466.115.12
 1.1.22 )
olcAttributeTypes: {20}( 2.5.4.24 NAME 'x121Address' DESC 'RFC2256:
X.121 Addr
 ess' EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch
SYNTAX 1
 .3.6.1.4.1.1466.115.121.1.36{15} )
olcAttributeTypes: {21}( 2.5.4.25 NAME 'internationaliSDNNumber' DESC
'RFC2256
 : international ISDN number' EQUALITY numericStringMatch SUBSTR
numericString
 SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
olcAttributeTypes: {22}( 2.5.4.26 NAME 'registeredAddress' DESC
'RFC2256: regi
 stered postal address' SUP postalAddress SYNTAX
1.3.6.1.4.1.1466.115.121.1.41
  )
olcAttributeTypes: {23}( 2.5.4.27 NAME 'destinationIndicator' DESC
'RFC2256: d
 estination indicator' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMat
 ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
olcAttributeTypes: {24}( 2.5.4.28 NAME 'preferredDeliveryMethod' DESC
'RFC2256
 : preferred delivery method' SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
SINGLE-VALU
 E )
olcAttributeTypes: {25}( 2.5.4.29 NAME 'presentationAddress' DESC
'RFC2256: pr
 esentation address' EQUALITY presentationAddressMatch SYNTAX
1.3.6.1.4.1.1466
 .115.121.1.43 SINGLE-VALUE )
olcAttributeTypes: {26}( 2.5.4.30 NAME 'supportedApplicationContext'
DESC 'RFC
 2256: supported application context' EQUALITY objectIdentifierMatch
SYNTAX 1.
 3.6.1.4.1.1466.115.121.1.38 )
olcAttributeTypes: {27}( 2.5.4.31 NAME 'member' DESC 'RFC2256: member of
a gro
 up' SUP distinguishedName )
olcAttributeTypes: {28}( 2.5.4.32 NAME 'owner' DESC 'RFC2256: owner (of
the ob
 ject)' SUP distinguishedName )
olcAttributeTypes: {29}( 2.5.4.33 NAME 'roleOccupant' DESC 'RFC2256:
occupant
 of role' SUP distinguishedName )
olcAttributeTypes: {30}( 2.5.4.36 NAME 'userCertificate' DESC 'RFC2256:
X.509
 user certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX
1.3.6.1.
 4.1.1466.115.121.1.8 )
olcAttributeTypes: {31}( 2.5.4.37 NAME 'cACertificate' DESC 'RFC2256:
X.509 CA
  certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX
1.3.6.1.4.1.
 1466.115.121.1.8 )
olcAttributeTypes: {32}( 2.5.4.38 NAME 'authorityRevocationList' DESC
'RFC2256
 : X.509 authority revocation list, use ;binary' SYNTAX
1.3.6.1.4.1.1466.115.1
 21.1.9 )
olcAttributeTypes: {33}( 2.5.4.39 NAME 'certificateRevocationList' DESC
'RFC22
 56: X.509 certificate revocation list, use ;binary' SYNTAX
1.3.6.1.4.1.1466.1
 15.121.1.9 )
olcAttributeTypes: {34}( 2.5.4.40 NAME 'crossCertificatePair' DESC
'RFC2256: X
 .509 cross certificate pair, use ;binary' SYNTAX
1.3.6.1.4.1.1466.115.121.1.1
 0 )
olcAttributeTypes: {35}( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC
'RFC2256: fir
 st name(s) for which the entity is known by' SUP name )
olcAttributeTypes: {36}( 2.5.4.43 NAME 'initials' DESC 'RFC2256:
initials of s
 ome or all of names, but not the surname(s).' SUP name )
olcAttributeTypes: {37}( 2.5.4.44 NAME 'generationQualifier' DESC
'RFC2256: na
 me qualifier indicating a generation' SUP name )
olcAttributeTypes: {38}( 2.5.4.45 NAME 'x500UniqueIdentifier' DESC
'RFC2256: X
 .500 unique identifier' EQUALITY bitStringMatch SYNTAX
1.3.6.1.4.1.1466.115.1
 21.1.6 )
olcAttributeTypes: {39}( 2.5.4.46 NAME 'dnQualifier' DESC 'RFC2256: DN
qualifi
 er' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR
caseIgno
 reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
olcAttributeTypes: {40}( 2.5.4.47 NAME 'enhancedSearchGuide' DESC
'RFC2256: en
 hanced search guide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
olcAttributeTypes: {41}( 2.5.4.48 NAME 'protocolInformation' DESC
'RFC2256: pr
 otocol information' EQUALITY protocolInformationMatch SYNTAX
1.3.6.1.4.1.1466
 .115.121.1.42 )
olcAttributeTypes: {42}( 2.5.4.50 NAME 'uniqueMember' DESC 'RFC2256:
unique me
 mber of a group' EQUALITY uniqueMemberMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1
 .34 )
olcAttributeTypes: {43}( 2.5.4.51 NAME 'houseIdentifier' DESC 'RFC2256:
house
 identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX
 1.3.6.1.4.1.1466.115.121.1.15{32768} )
olcAttributeTypes: {44}( 2.5.4.52 NAME 'supportedAlgorithms' DESC
'RFC2256: su
 pported algorithms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
olcAttributeTypes: {45}( 2.5.4.53 NAME 'deltaRevocationList' DESC
'RFC2256: de
 lta revocation list; use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
olcAttributeTypes: {46}( 2.5.4.54 NAME 'dmdName' DESC 'RFC2256: name of
DMD' S
 UP name )
olcAttributeTypes: {47}( 2.5.4.65 NAME 'pseudonym' DESC 'X.520(4th):
pseudonym
  for the object' SUP name )
olcAttributeTypes: {48}( 0.9.2342.19200300.100.1.3 NAME ( 'mail'
'rfc822Mailbo
 x' ) DESC 'RFC1274: RFC822 Mailbox' EQUALITY caseIgnoreIA5Match SUBSTR
caseIg
 noreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
olcAttributeTypes: {49}( 0.9.2342.19200300.100.1.25 NAME ( 'dc'
'domainCompone
 nt' ) DESC 'RFC1274/2247: domain component' EQUALITY caseIgnoreIA5Match
SUBST
 R caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VA
 LUE )
olcAttributeTypes: {50}( 0.9.2342.19200300.100.1.37 NAME
'associatedDomain' DE
 SC 'RFC1274: domain associated with object' EQUALITY caseIgnoreIA5Match
SUBST
 R caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {51}( 1.2.840.113549.1.9.1 NAME ( 'email'
'emailAddress' 'p
 kcs9email' ) DESC 'RFC3280: legacy attribute for email addresses in
DNs' EQUA
 LITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX
1.3.6.1.4.
 1.1466.115.121.1.26{128} )
olcObjectClasses: {0}( 2.5.6.2 NAME 'country' DESC 'RFC2256: a country'
SUP to
 p STRUCTURAL MUST c MAY ( searchGuide $ description ) )
olcObjectClasses: {1}( 2.5.6.3 NAME 'locality' DESC 'RFC2256: a
locality' SUP
 top STRUCTURAL MAY ( street $ seeAlso $ searchGuide $ st $ l $
description )
 )
olcObjectClasses: {2}( 2.5.6.4 NAME 'organization' DESC 'RFC2256: an
organizat
 ion' SUP top STRUCTURAL MUST o MAY ( userPassword $ searchGuide $
seeAlso $ b
 usinessCategory $ x121Address $ registeredAddress $
destinationIndicator $ pr
 eferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNu
 mber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $
postOffi
 ceBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $
l $ de
 scription ) )
olcObjectClasses: {3}( 2.5.6.5 NAME 'organizationalUnit' DESC 'RFC2256:
an org
 anizational unit' SUP top STRUCTURAL MUST ou MAY ( userPassword $
searchGuide
  $ seeAlso $ businessCategory $ x121Address $ registeredAddress $
destination
 Indicator $ preferredDeliveryMethod $ telexNumber $
teletexTerminalIdentifier
  $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber
$ str
 eet $ postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName
  $ st $ l $ description ) )
olcObjectClasses: {4}( 2.5.6.6 NAME 'person' DESC 'RFC2256: a person'
SUP top
 STRUCTURAL MUST ( sn $ cn ) MAY ( userPassword $ telephoneNumber $
seeAlso $
 description ) )
olcObjectClasses: {5}( 2.5.6.7 NAME 'organizationalPerson' DESC
'RFC2256: an o
 rganizational person' SUP person STRUCTURAL MAY ( title $ x121Address $
regis
 teredAddress $ destinationIndicator $ preferredDeliveryMethod $
telexNumber $
  teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber
$ facs
 imileTelephoneNumber $ street $ postOfficeBox $ postalCode $
postalAddress $
 physicalDeliveryOfficeName $ ou $ st $ l ) )
olcObjectClasses: {6}( 2.5.6.8 NAME 'organizationalRole' DESC 'RFC2256:
an org
 anizational role' SUP top STRUCTURAL MUST cn MAY ( x121Address $
registeredAd
 dress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $
telete
 xTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
facsimileTe
 lephoneNumber $ seeAlso $ roleOccupant $ preferredDeliveryMethod $
street $ p
 ostOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName
$ ou $
  st $ l $ description ) )
olcObjectClasses: {7}( 2.5.6.9 NAME 'groupOfNames' DESC 'RFC2256: a
group of n
 ames (DNs)' SUP top STRUCTURAL MUST ( member $ cn ) MAY (
businessCategory $
 seeAlso $ owner $ ou $ o $ description ) )
olcObjectClasses: {8}( 2.5.6.10 NAME 'residentialPerson' DESC 'RFC2256:
an res
 idential person' SUP person STRUCTURAL MUST l MAY ( businessCategory $
x121Ad
 dress $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $
 telexNumber $ teletexTerminalIdentifier $ telephoneNumber $
internationaliSDN
 Number $ facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
postOf
 ficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st
$ l )
 )
olcObjectClasses: {9}( 2.5.6.11 NAME 'applicationProcess' DESC 'RFC2256:
an ap
 plication process' SUP top STRUCTURAL MUST cn MAY ( seeAlso $ ou $ l $
descri
 ption ) )
olcObjectClasses: {10}( 2.5.6.12 NAME 'applicationEntity' DESC 'RFC2256:
an ap
 plication entity' SUP top STRUCTURAL MUST ( presentationAddress $ cn )
MAY (
 supportedApplicationContext $ seeAlso $ ou $ o $ l $ description ) )
olcObjectClasses: {11}( 2.5.6.13 NAME 'dSA' DESC 'RFC2256: a directory
system
 agent (a server)' SUP applicationEntity STRUCTURAL MAY
knowledgeInformation )
olcObjectClasses: {12}( 2.5.6.14 NAME 'device' DESC 'RFC2256: a device'
SUP to
 p STRUCTURAL MUST cn MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l
$ desc
 ription ) )
olcObjectClasses: {13}( 2.5.6.15 NAME 'strongAuthenticationUser' DESC
'RFC2256
 : a strong authentication user' SUP top AUXILIARY MUST userCertificate )
olcObjectClasses: {14}( 2.5.6.16 NAME 'certificationAuthority' DESC
'RFC2256:
 a certificate authority' SUP top AUXILIARY MUST (
authorityRevocationList $ c
 ertificateRevocationList $ cACertificate ) MAY crossCertificatePair )
olcObjectClasses: {15}( 2.5.6.17 NAME 'groupOfUniqueNames' DESC
'RFC2256: a gr
 oup of unique names (DN and Unique Identifier)' SUP top STRUCTURAL MUST
( uni
 queMember $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $
descript
 ion ) )
olcObjectClasses: {16}( 2.5.6.18 NAME 'userSecurityInformation' DESC
'RFC2256:
  a user security information' SUP top AUXILIARY MAY supportedAlgorithms )
olcObjectClasses: {17}( 2.5.6.16.2 NAME 'certificationAuthority-V2' SUP
certif
 icationAuthority AUXILIARY MAY deltaRevocationList )
olcObjectClasses: {18}( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top
STRUCTURA
 L MUST cn MAY ( certificateRevocationList $ authorityRevocationList $
deltaRe
 vocationList ) )
olcObjectClasses: {19}( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST
dmdName MA
 Y ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ r
 egisteredAddress $ destinationIndicator $ preferredDeliveryMethod $
telexNumb
 er $ teletexTerminalIdentifier $ telephoneNumber $
internationaliSDNNumber $
 facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
postalAddres
 s $ physicalDeliveryOfficeName $ st $ l $ description ) )
olcObjectClasses: {20}( 2.5.6.21 NAME 'pkiUser' DESC 'RFC2587: a PKI
user' SUP
  top AUXILIARY MAY userCertificate )
olcObjectClasses: {21}( 2.5.6.22 NAME 'pkiCA' DESC 'RFC2587: PKI
certificate a
 uthority' SUP top AUXILIARY MAY ( authorityRevocationList $
certificateRevoca
 tionList $ cACertificate $ crossCertificatePair ) )
olcObjectClasses: {22}( 2.5.6.23 NAME 'deltaCRL' DESC 'RFC2587: PKI
user' SUP
 top AUXILIARY MAY deltaRevocationList )
olcObjectClasses: {23}( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
DESC 'RFC
 2079: object that contains the URI attribute type' SUP top AUXILIARY
MAY labe
 ledURI )
olcObjectClasses: {24}( 0.9.2342.19200300.100.4.19 NAME
'simpleSecurityObject'
  DESC 'RFC1274: simple security object' SUP top AUXILIARY MUST
userPassword )
olcObjectClasses: {25}( 1.3.6.1.4.1.1466.344 NAME 'dcObject' DESC
'RFC2247: do
 main component object' SUP top AUXILIARY MUST dc )
olcObjectClasses: {26}( 1.3.6.1.1.3.1 NAME 'uidObject' DESC 'RFC2377:
uid obje
 ct' SUP top AUXILIARY MUST uid )
structuralObjectClass: olcSchemaConfig
entryUUID: 6530a712-9721-102f-955e-4b8bb57ada73
creatorsName: cn=config
createTimestamp: 20101208141546Z
entryCSN: 20101208141546.777296Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20101208141546Z

dn: cn={1}cosine,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {1}cosine
olcAttributeTypes: {0}( 0.9.2342.19200300.100.1.2 NAME
'textEncodedORAddress'
 EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.
 1466.115.121.1.15{256} )
olcAttributeTypes: {1}( 0.9.2342.19200300.100.1.4 NAME 'info' DESC
'RFC1274: g
 eneral information' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )
olcAttributeTypes: {2}( 0.9.2342.19200300.100.1.5 NAME ( 'drink'
'favouriteDri
 nk' ) DESC 'RFC1274: favorite drink' EQUALITY caseIgnoreMatch SUBSTR
caseIgno
 reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {3}( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC
'RFC1
 274: room number' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch S
 YNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {4}( 0.9.2342.19200300.100.1.7 NAME 'photo' DESC
'RFC1274:
 photo (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} )
olcAttributeTypes: {5}( 0.9.2342.19200300.100.1.8 NAME 'userClass' DESC
'RFC12
 74: category of user' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMat
 ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {6}( 0.9.2342.19200300.100.1.9 NAME 'host' DESC
'RFC1274: h
 ost computer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
SYNTA
 X 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {7}( 0.9.2342.19200300.100.1.10 NAME 'manager' DESC
'RFC127
 4: DN of manager' EQUALITY distinguishedNameMatch SYNTAX
1.3.6.1.4.1.1466.115
 .121.1.12 )
olcAttributeTypes: {8}( 0.9.2342.19200300.100.1.11 NAME
'documentIdentifier' D
 ESC 'RFC1274: unique identifier of document' EQUALITY caseIgnoreMatch
SUBSTR
 caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {9}( 0.9.2342.19200300.100.1.12 NAME 'documentTitle'
DESC '
 RFC1274: title of document' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstri
 ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {10}( 0.9.2342.19200300.100.1.13 NAME
'documentVersion' DES
 C 'RFC1274: version of document' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSu
 bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {11}( 0.9.2342.19200300.100.1.14 NAME
'documentAuthor' DESC
  'RFC1274: DN of author of document' EQUALITY distinguishedNameMatch
SYNTAX 1
 .3.6.1.4.1.1466.115.121.1.12 )
olcAttributeTypes: {12}( 0.9.2342.19200300.100.1.15 NAME
'documentLocation' DE
 SC 'RFC1274: location of document original' EQUALITY caseIgnoreMatch
SUBSTR c
 aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {13}( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone'
'homeTe
 lephoneNumber' ) DESC 'RFC1274: home telephone number' EQUALITY
telephoneNumb
 erMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121
 .1.50 )
olcAttributeTypes: {14}( 0.9.2342.19200300.100.1.21 NAME 'secretary'
DESC 'RFC
 1274: DN of secretary' EQUALITY distinguishedNameMatch SYNTAX
1.3.6.1.4.1.146
 6.115.121.1.12 )
olcAttributeTypes: {15}( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox'
SYNTAX
  1.3.6.1.4.1.1466.115.121.1.39 )
olcAttributeTypes: {16}( 0.9.2342.19200300.100.1.26 NAME 'aRecord'
EQUALITY ca
 seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {17}( 0.9.2342.19200300.100.1.27 NAME 'mDRecord'
EQUALITY c
 aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {18}( 0.9.2342.19200300.100.1.28 NAME 'mXRecord'
EQUALITY c
 aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {19}( 0.9.2342.19200300.100.1.29 NAME 'nSRecord'
EQUALITY c
 aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {20}( 0.9.2342.19200300.100.1.30 NAME 'sOARecord'
EQUALITY
 caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {21}( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord'
EQUALIT
 Y caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {22}( 0.9.2342.19200300.100.1.38 NAME
'associatedName' DESC
  'RFC1274: DN of entry associated with domain' EQUALITY
distinguishedNameMatc
 h SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
olcAttributeTypes: {23}( 0.9.2342.19200300.100.1.39 NAME
'homePostalAddress' D
 ESC 'RFC1274: home postal address' EQUALITY caseIgnoreListMatch SUBSTR
caseIg
 noreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
olcAttributeTypes: {24}( 0.9.2342.19200300.100.1.40 NAME 'personalTitle'
DESC
 'RFC1274: personal title' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstring
 sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {25}( 0.9.2342.19200300.100.1.41 NAME ( 'mobile'
'mobileTel
 ephoneNumber' ) DESC 'RFC1274: mobile telephone number' EQUALITY
telephoneNum
 berMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.12
 1.1.50 )
olcAttributeTypes: {26}( 0.9.2342.19200300.100.1.42 NAME ( 'pager'
'pagerTelep
 honeNumber' ) DESC 'RFC1274: pager telephone number' EQUALITY
telephoneNumber
 Match SUBSTR telephoneNumberSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1
 .50 )
olcAttributeTypes: {27}( 0.9.2342.19200300.100.1.43 NAME ( 'co'
'friendlyCount
 ryName' ) DESC 'RFC1274: friendly country name' EQUALITY
caseIgnoreMatch SUBS
 TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {28}( 0.9.2342.19200300.100.1.44 NAME
'uniqueIdentifier' DE
 SC 'RFC1274: unique identifer' EQUALITY caseIgnoreMatch SYNTAX
1.3.6.1.4.1.14
 66.115.121.1.15{256} )
olcAttributeTypes: {29}( 0.9.2342.19200300.100.1.45 NAME
'organizationalStatus
 ' DESC 'RFC1274: organizational status' EQUALITY caseIgnoreMatch SUBSTR
caseI
 gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {30}( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox'
DESC '
 RFC1274: Janet mailbox' EQUALITY caseIgnoreIA5Match SUBSTR
caseIgnoreIA5Subst
 ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
olcAttributeTypes: {31}( 0.9.2342.19200300.100.1.47 NAME
'mailPreferenceOption
 ' DESC 'RFC1274: mail preference option' SYNTAX
1.3.6.1.4.1.1466.115.121.1.27
  )
olcAttributeTypes: {32}( 0.9.2342.19200300.100.1.48 NAME 'buildingName'
DESC '
 RFC1274: name of building' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstrin
 gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {33}( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality'
DESC 'RF
 C1274: DSA Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE )
olcAttributeTypes: {34}( 0.9.2342.19200300.100.1.50 NAME
'singleLevelQuality'
 DESC 'RFC1274: Single Level Quality' SYNTAX
1.3.6.1.4.1.1466.115.121.1.13 SIN
 GLE-VALUE )
olcAttributeTypes: {35}( 0.9.2342.19200300.100.1.51 NAME
'subtreeMinimumQualit
 y' DESC 'RFC1274: Subtree Mininum Quality' SYNTAX
1.3.6.1.4.1.1466.115.121.1.
 13 SINGLE-VALUE )
olcAttributeTypes: {36}( 0.9.2342.19200300.100.1.52 NAME
'subtreeMaximumQualit
 y' DESC 'RFC1274: Subtree Maximun Quality' SYNTAX
1.3.6.1.4.1.1466.115.121.1.
 13 SINGLE-VALUE )
olcAttributeTypes: {37}( 0.9.2342.19200300.100.1.53 NAME
'personalSignature' D
 ESC 'RFC1274: Personal Signature (G3 fax)' SYNTAX
1.3.6.1.4.1.1466.115.121.1.
 23 )
olcAttributeTypes: {38}( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect'
DESC 'R
 FC1274: DIT Redirect' EQUALITY distinguishedNameMatch SYNTAX
1.3.6.1.4.1.1466
 .115.121.1.12 )
olcAttributeTypes: {39}( 0.9.2342.19200300.100.1.55 NAME 'audio' DESC
'RFC1274
 : audio (u-law)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} )
olcAttributeTypes: {40}( 0.9.2342.19200300.100.1.56 NAME
'documentPublisher' D
 ESC 'RFC1274: publisher of document' EQUALITY caseIgnoreMatch SUBSTR
caseIgno
 reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcObjectClasses: {0}( 0.9.2342.19200300.100.4.4 NAME ( 'pilotPerson'
'newPilo
 tPerson' ) SUP person STRUCTURAL MAY ( userid $ textEncodedORAddress $
rfc822
 Mailbox $ favouriteDrink $ roomNumber $ userClass $ homeTelephoneNumber
$ hom
 ePostalAddress $ secretary $ personalTitle $ preferredDeliveryMethod $
busine
 ssCategory $ janetMailbox $ otherMailbox $ mobileTelephoneNumber $
pagerTelep
 honeNumber $ organizationalStatus $ mailPreferenceOption $
personalSignature
 ) )
olcObjectClasses: {1}( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top
STRUCT
 URAL MUST userid MAY ( description $ seeAlso $ localityName $
organizationNam
 e $ organizationalUnitName $ host ) )
olcObjectClasses: {2}( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top
STRUC
 TURAL MUST documentIdentifier MAY ( commonName $ description $ seeAlso
$ loca
 lityName $ organizationName $ organizationalUnitName $ documentTitle $
docume
 ntVersion $ documentAuthor $ documentLocation $ documentPublisher ) )
olcObjectClasses: {3}( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top
STRUCTURA
 L MUST commonName MAY ( roomNumber $ description $ seeAlso $
telephoneNumber
 ) )
olcObjectClasses: {4}( 0.9.2342.19200300.100.4.9 NAME 'documentSeries'
SUP top
  STRUCTURAL MUST commonName MAY ( description $ seeAlso $
telephonenumber $ l
 ocalityName $ organizationName $ organizationalUnitName ) )
olcObjectClasses: {5}( 0.9.2342.19200300.100.4.13 NAME 'domain' SUP top
STRUCT
 URAL MUST domainComponent MAY ( associatedName $ organizationName $
descripti
 on $ businessCategory $ seeAlso $ searchGuide $ userPassword $
localityName $
  stateOrProvinceName $ streetAddress $ physicalDeliveryOfficeName $
postalAdd
 ress $ postalCode $ postOfficeBox $ streetAddress $
facsimileTelephoneNumber
 $ internationalISDNNumber $ telephoneNumber $ teletexTerminalIdentifier
$ tel
 exNumber $ preferredDeliveryMethod $ destinationIndicator $
registeredAddress
  $ x121Address ) )
olcObjectClasses: {6}( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart'
SUP d
 omain STRUCTURAL MAY ( commonName $ surname $ description $ seeAlso $
telepho
 neNumber $ physicalDeliveryOfficeName $ postalAddress $ postalCode $
postOffi
 ceBox $ streetAddress $ facsimileTelephoneNumber $
internationalISDNNumber $
 telephoneNumber $ teletexTerminalIdentifier $ telexNumber $
preferredDelivery
 Method $ destinationIndicator $ registeredAddress $ x121Address ) )
olcObjectClasses: {7}( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' SUP
domain
 STRUCTURAL MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $
CNAME
 Record ) )
olcObjectClasses: {8}( 0.9.2342.19200300.100.4.17 NAME
'domainRelatedObject' D
 ESC 'RFC1274: an object related to an domain' SUP top AUXILIARY MUST
associat
 edDomain )
olcObjectClasses: {9}( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry'
SUP c
 ountry STRUCTURAL MUST friendlyCountryName )
olcObjectClasses: {10}( 0.9.2342.19200300.100.4.20 NAME
'pilotOrganization' SU
 P ( organization $ organizationalUnit ) STRUCTURAL MAY buildingName )
olcObjectClasses: {11}( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' SUP
dsa STR
 UCTURAL MAY dSAQuality )
olcObjectClasses: {12}( 0.9.2342.19200300.100.4.22 NAME
'qualityLabelledData'
 SUP top AUXILIARY MUST dsaQuality MAY ( subtreeMinimumQuality $
subtreeMaximu
 mQuality ) )
structuralObjectClass: olcSchemaConfig
entryUUID: 6530b824-9721-102f-955f-4b8bb57ada73
creatorsName: cn=config
createTimestamp: 20101208141546Z
entryCSN: 20101208141546.777296Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20101208141546Z

dn: cn={2}inetorgperson,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {2}inetorgperson
olcAttributeTypes: {0}( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC
'RFC279
 8: vehicle license or registration plate' EQUALITY caseIgnoreMatch
SUBSTR cas
 eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {1}( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber'
DESC '
 RFC2798: identifies a department within an organization' EQUALITY
caseIgnoreM
 atch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {2}( 2.16.840.1.113730.3.1.241 NAME 'displayName'
DESC 'RFC
 2798: preferred name to be used when displaying entries' EQUALITY
caseIgnoreM
 atch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 SI
 NGLE-VALUE )
olcAttributeTypes: {3}( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber'
DESC 'RF
 C2798: numerically identifies an employee within an organization'
EQUALITY ca
 seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.12
 1.1.15 SINGLE-VALUE )
olcAttributeTypes: {4}( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC
'RFC2
 798: type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR
caseIgn
 oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {5}( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC
'RFC2
 798: a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
olcAttributeTypes: {6}( 2.16.840.1.113730.3.1.39 NAME
'preferredLanguage' DESC
  'RFC2798: preferred written or spoken language for a person' EQUALITY
caseIg
 noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.
 15 SINGLE-VALUE )
olcAttributeTypes: {7}( 2.16.840.1.113730.3.1.40 NAME
'userSMIMECertificate' D
 ESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' SYNTAX
1.3.6.1.4.1.14
 66.115.121.1.5 )
olcAttributeTypes: {8}( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC
'RFC2
 798: personal identity information, a PKCS #12 PFX' SYNTAX
1.3.6.1.4.1.1466.1
 15.121.1.5 )
olcObjectClasses: {0}( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC
'RFC2
 798: Internet Organizational Person' SUP organizationalPerson
STRUCTURAL MAY
 ( audio $ businessCategory $ carLicense $ departmentNumber $
displayName $ em
 ployeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress
$ ini
 tials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $
photo
 $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier
$ pre
 ferredLanguage $ userSMIMECertificate $ userPKCS12 ) )
structuralObjectClass: olcSchemaConfig
entryUUID: 6530c03a-9721-102f-9560-4b8bb57ada73
creatorsName: cn=config
createTimestamp: 20101208141546Z
entryCSN: 20101208141546.777296Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20101208141546Z

dn: cn={3}ppolicy,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {3}ppolicy
olcAttributeTypes: {0}( 1.3.6.1.4.1.42.2.27.8.1.1 NAME 'pwdAttribute'
EQUALITY
  objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
olcAttributeTypes: {1}( 1.3.6.1.4.1.42.2.27.8.1.2 NAME 'pwdMinAge'
EQUALITY in
 tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {2}( 1.3.6.1.4.1.42.2.27.8.1.3 NAME 'pwdMaxAge'
EQUALITY in
 tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {3}( 1.3.6.1.4.1.42.2.27.8.1.4 NAME 'pwdInHistory'
EQUALITY
  integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {4}( 1.3.6.1.4.1.42.2.27.8.1.5 NAME 'pwdCheckQuality'
EQUAL
 ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {5}( 1.3.6.1.4.1.42.2.27.8.1.6 NAME 'pwdMinLength'
EQUALITY
  integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {6}( 1.3.6.1.4.1.42.2.27.8.1.7 NAME
'pwdExpireWarning' EQUA
 LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {7}( 1.3.6.1.4.1.42.2.27.8.1.8 NAME
'pwdGraceAuthNLimit' EQ
 UALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {8}( 1.3.6.1.4.1.42.2.27.8.1.9 NAME 'pwdLockout'
EQUALITY b
 ooleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
olcAttributeTypes: {9}( 1.3.6.1.4.1.42.2.27.8.1.10 NAME
'pwdLockoutDuration' E
 QUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {10}( 1.3.6.1.4.1.42.2.27.8.1.11 NAME 'pwdMaxFailure'
EQUAL
 ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {11}( 1.3.6.1.4.1.42.2.27.8.1.12 NAME
'pwdFailureCountInter
 val' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
 )
olcAttributeTypes: {12}( 1.3.6.1.4.1.42.2.27.8.1.13 NAME 'pwdMustChange'
EQUAL
 ITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
olcAttributeTypes: {13}( 1.3.6.1.4.1.42.2.27.8.1.14 NAME
'pwdAllowUserChange'
 EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
olcAttributeTypes: {14}( 1.3.6.1.4.1.42.2.27.8.1.15 NAME 'pwdSafeModify'
EQUAL
 ITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
olcAttributeTypes: {15}( 1.3.6.1.4.1.4754.1.99.1 NAME 'pwdCheckModule'
DESC 'L
 oadable module that instantiates "check_password() function' EQUALITY
caseExa
 ctIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcObjectClasses: {0}( 1.3.6.1.4.1.4754.2.99.1 NAME 'pwdPolicyChecker'
SUP top
  AUXILIARY MAY pwdCheckModule )
olcObjectClasses: {1}( 1.3.6.1.4.1.42.2.27.8.2.1 NAME 'pwdPolicy' SUP
top AUXI
 LIARY MUST pwdAttribute MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $
pwdCheck
 Quality $ pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $
pwdLockout $
  pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $
pwdMustChange
  $ pwdAllowUserChange $ pwdSafeModify ) )
structuralObjectClass: olcSchemaConfig
entryUUID: 6530c5bc-9721-102f-9561-4b8bb57ada73
creatorsName: cn=config
createTimestamp: 20101208141546Z
entryCSN: 20101208141546.777296Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20101208141546Z

dn: cn={4}sso,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {4}sso
olcObjectIdentifier: {0}SSOOID 1.3.6.1.4.1.10943.10.2
olcAttributeTypes: {0}( SSOOID:1:1 NAME 'ssoName' DESC 'An application
name' E
 QUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1
 466.115.121.1.15 )
olcAttributeTypes: {1}( SSOOID:1:2 NAME 'ssoRoles' DESC 'One or more
roles' EQ
 UALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.14
 66.115.121.1.15 )
olcAttributeTypes: {2}( SSOOID:1:3 NAME 'ssoLogonHours' DESC 'Allowed
logon ho
 urs' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1
 .4.1.1466.115.121.1.15 )
olcAttributeTypes: {3}( SSOOID:1:4 NAME 'ssoStartDate' DESC 'Start date'
EQUAL
 ITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.
 115.121.1.15 )
olcAttributeTypes: {4}( SSOOID:1:5 NAME 'ssoEndDate' DESC 'End date'
EQUALITY
 caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.
 121.1.15 )
olcObjectClasses: {0}( SSOOID:2:1 NAME 'ssoUser' DESC 'SSO extended
informatio
 ns for a user' SUP top AUXILIARY MAY ( ssoName $ ssoRoles $
ssoLogonHours $ s
 soStartDate $ ssoEndDate ) )
structuralObjectClass: olcSchemaConfig
entryUUID: 6530c9d6-9721-102f-9562-4b8bb57ada73
creatorsName: cn=config
createTimestamp: 20101208141546Z
entryCSN: 20101208141546.777296Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20101208141546Z

dn: cn={5}samba,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {5}samba
olcAttributeTypes: {0}( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword'
DESC 'L
 anManager Password' EQUALITY caseIgnoreIA5Match SYNTAX
1.3.6.1.4.1.1466.115.1
 21.1.26{32} SINGLE-VALUE )
olcAttributeTypes: {1}( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword'
DESC 'M
 D4 hash of the unicode password' EQUALITY caseIgnoreIA5Match SYNTAX
1.3.6.1.4
 .1.1466.115.121.1.26{32} SINGLE-VALUE )
olcAttributeTypes: {2}( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags'
DESC 'Ac
 count Flags' EQUALITY caseIgnoreIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26
 {16} SINGLE-VALUE )
olcAttributeTypes: {3}( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet'
DESC 'T
 imestamp of the last password update' EQUALITY integerMatch SYNTAX
1.3.6.1.4.
 1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {4}( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange'
DESC
 'Timestamp of when the user is allowed to update the password' EQUALITY
integ
 erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {5}( 1.3.6.1.4.1.7165.2.1.29 NAME
'sambaPwdMustChange' DESC
  'Timestamp of when the password will expire' EQUALITY integerMatch
SYNTAX 1.
 3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {6}( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime'
DESC 'Ti
 mestamp of last logon' EQUALITY integerMatch SYNTAX
1.3.6.1.4.1.1466.115.121.
 1.27 SINGLE-VALUE )
olcAttributeTypes: {7}( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime'
DESC 'T
 imestamp of last logoff' EQUALITY integerMatch SYNTAX
1.3.6.1.4.1.1466.115.12
 1.1.27 SINGLE-VALUE )
olcAttributeTypes: {8}( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime'
DESC '
 Timestamp of when the user will be logged off automatically' EQUALITY
integer
 Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {9}( 1.3.6.1.4.1.7165.2.1.48 NAME
'sambaBadPasswordCount' D
 ESC 'Bad password attempt count' EQUALITY integerMatch SYNTAX
1.3.6.1.4.1.146
 6.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {10}( 1.3.6.1.4.1.7165.2.1.49 NAME
'sambaBadPasswordTime' D
 ESC 'Time of the last bad password attempt' EQUALITY integerMatch
SYNTAX 1.3.
 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {11}( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours'
DESC '
 Logon Hours' EQUALITY caseIgnoreIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26
 {42} SINGLE-VALUE )
olcAttributeTypes: {12}( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive'
DESC 'D
 river letter of home directory mapping' EQUALITY caseIgnoreIA5Match
SYNTAX 1.
 3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
olcAttributeTypes: {13}( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript'
DESC
 'Logon script path' EQUALITY caseIgnoreMatch SYNTAX
1.3.6.1.4.1.1466.115.121.
 1.15{255} SINGLE-VALUE )
olcAttributeTypes: {14}( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath'
DESC
 'Roaming profile path' EQUALITY caseIgnoreMatch SYNTAX
1.3.6.1.4.1.1466.115.1
 21.1.15{255} SINGLE-VALUE )
olcAttributeTypes: {15}( 1.3.6.1.4.1.7165.2.1.36 NAME
'sambaUserWorkstations'
 DESC 'List of user workstations the user is allowed to logon to'
EQUALITY cas
 eIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
olcAttributeTypes: {16}( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath'
DESC 'Ho
 me directory UNC path' EQUALITY caseIgnoreMatch SYNTAX
1.3.6.1.4.1.1466.115.1
 21.1.15{128} )
olcAttributeTypes: {17}( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName'
DESC '
 Windows NT domain to which the user belongs' EQUALITY caseIgnoreMatch
SYNTAX
 1.3.6.1.4.1.1466.115.121.1.15{128} )
olcAttributeTypes: {18}( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial'
DESC '
 Base64 encoded user parameter string' EQUALITY caseExactMatch SYNTAX
1.3.6.1.
 4.1.1466.115.121.1.15{1050} )
olcAttributeTypes: {19}( 1.3.6.1.4.1.7165.2.1.54 NAME
'sambaPasswordHistory' D
 ESC 'Concatenated MD5 hashes of the salted NT passwords used on this
account'
  EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} )
olcAttributeTypes: {20}( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC
'Securit
 y ID' EQUALITY caseIgnoreIA5Match SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1
 .3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
olcAttributeTypes: {21}( 1.3.6.1.4.1.7165.2.1.23 NAME
'sambaPrimaryGroupSID' D
 ESC 'Primary Group Security ID' EQUALITY caseIgnoreIA5Match SYNTAX
1.3.6.1.4.
 1.1466.115.121.1.26{64} SINGLE-VALUE )
olcAttributeTypes: {22}( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList'
DESC 'Sec
 urity ID List' EQUALITY caseIgnoreIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.
 26{64} )
olcAttributeTypes: {23}( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType'
DESC 'N
 T Group Type' EQUALITY integerMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 SING
 LE-VALUE )
olcAttributeTypes: {24}( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid'
DESC
 'Next NT rid to give our for users' EQUALITY integerMatch SYNTAX
1.3.6.1.4.1.
 1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {25}( 1.3.6.1.4.1.7165.2.1.22 NAME
'sambaNextGroupRid' DESC
  'Next NT rid to give out for groups' EQUALITY integerMatch SYNTAX
1.3.6.1.4.
 1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {26}( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid'
DESC 'Nex
 t NT rid to give out for anything' EQUALITY integerMatch SYNTAX
1.3.6.1.4.1.1
 466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {27}( 1.3.6.1.4.1.7165.2.1.40 NAME
'sambaAlgorithmicRidBase
 ' DESC 'Base at which the samba RID generation algorithm should
operate' EQUA
 LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {28}( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName'
DESC 'S
 hare Name' EQUALITY caseIgnoreMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 SING
 LE-VALUE )
olcAttributeTypes: {29}( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName'
DESC '
 Option Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX
  1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {30}( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption'
DESC '
 A boolean option' EQUALITY booleanMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.7 S
 INGLE-VALUE )
olcAttributeTypes: {31}( 1.3.6.1.4.1.7165.2.1.44 NAME
'sambaIntegerOption' DES
 C 'An integer option' EQUALITY integerMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1
 .27 SINGLE-VALUE )
olcAttributeTypes: {32}( 1.3.6.1.4.1.7165.2.1.45 NAME
'sambaStringOption' DESC
  'A string option' EQUALITY caseExactIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121
 .1.26 SINGLE-VALUE )
olcAttributeTypes: {33}( 1.3.6.1.4.1.7165.2.1.46 NAME
'sambaStringListOption'
 DESC 'A string list option' EQUALITY caseIgnoreMatch SYNTAX
1.3.6.1.4.1.1466.
 115.121.1.15 )
olcAttributeTypes: {34}( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags'
DESC '
 Trust Password Flags' EQUALITY caseIgnoreIA5Match SYNTAX
1.3.6.1.4.1.1466.115
 .121.1.26 )
olcAttributeTypes: {35}( 1.3.6.1.4.1.7165.2.1.58 NAME
'sambaMinPwdLength' DESC
  'Minimal password length (default: 5)' EQUALITY integerMatch SYNTAX
1.3.6.1.
 4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {36}( 1.3.6.1.4.1.7165.2.1.59 NAME
'sambaPwdHistoryLength'
 DESC 'Length of Password History Entries (default: 0 => off)' EQUALITY
intege
 rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {37}( 1.3.6.1.4.1.7165.2.1.60 NAME
'sambaLogonToChgPwd' DES
 C 'Force Users to logon for password change (default: 0 => off, 2 =>
on)' EQU
 ALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {38}( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge'
DESC 'M
 aximum password age, in seconds (default: -1 => never expire
passwords)' EQUA
 LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {39}( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge'
DESC 'M
 inimum password age, in seconds (default: 0 => allow immediate password
chang
 e)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
olcAttributeTypes: {40}( 1.3.6.1.4.1.7165.2.1.63 NAME
'sambaLockoutDuration' D
 ESC 'Lockout duration in minutes (default: 30, -1 => forever)' EQUALITY
integ
 erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {41}( 1.3.6.1.4.1.7165.2.1.64 NAME
'sambaLockoutObservation
 Window' DESC 'Reset time after lockout in minutes (default: 30)'
EQUALITY int
 egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {42}( 1.3.6.1.4.1.7165.2.1.65 NAME
'sambaLockoutThreshold'
 DESC 'Lockout users after bad logon attempts (default: 0 => off)'
EQUALITY in
 tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {43}( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff'
DESC
 'Disconnect Users outside logon hours (default: -1 => off, 0 => on)'
EQUALITY
  integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {44}( 1.3.6.1.4.1.7165.2.1.67 NAME
'sambaRefuseMachinePwdCh
 ange' DESC 'Allow Machine Password changes (default: 0 => off)'
EQUALITY inte
 gerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {45}( 1.3.6.1.4.1.7165.2.1.68 NAME
'sambaClearTextPassword'
  DESC 'Clear text password (used for trusted domain passwords)'
EQUALITY octe
 tStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
olcAttributeTypes: {46}( 1.3.6.1.4.1.7165.2.1.69 NAME
'sambaPreviousClearTextP
 assword' DESC 'Previous clear text password (used for trusted domain
password
 s)' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
olcObjectClasses: {0}( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount'
DESC 'Sam
 ba 3.0 Auxilary SAM Account' SUP top AUXILIARY MUST ( uid $ sambaSID )
MAY (
 cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $
sambaLogonTime $ s
 ambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $
sambaPwdMustChange $
 sambaAcctFlags $ displayName $ sambaHomePath $ sambaHomeDrive $
sambaLogonScr
 ipt $ sambaProfilePath $ description $ sambaUserWorkstations $
sambaPrimaryGr
 oupSID $ sambaDomainName $ sambaMungedDial $ sambaBadPasswordCount $
sambaBad
 PasswordTime $ sambaPasswordHistory $ sambaLogonHours ) )
olcObjectClasses: {1}( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping'
DESC 'S
 amba Group Mapping' SUP top AUXILIARY MUST ( gidNumber $ sambaSID $
sambaGrou
 pType ) MAY ( displayName $ description $ sambaSIDList ) )
olcObjectClasses: {2}( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword'
DESC
 'Samba Trust Password' SUP top STRUCTURAL MUST ( sambaDomainName $
sambaNTPas
 sword $ sambaTrustFlags ) MAY ( sambaSID $ sambaPwdLastSet ) )
olcObjectClasses: {3}( 1.3.6.1.4.1.7165.2.2.15 NAME
'sambaTrustedDomainPasswor
 d' DESC 'Samba Trusted Domain Password' SUP top STRUCTURAL MUST (
sambaDomain
 Name $ sambaSID $ sambaClearTextPassword $ sambaPwdLastSet ) MAY
sambaPreviou
 sClearTextPassword )
olcObjectClasses: {4}( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' DESC
'Samba D
 omain Information' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaSID
) MAY
  ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $
sambaAlgorithmicRidB
 ase $ sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd $
sambaM
 axPwdAge $ sambaMinPwdAge $ sambaLockoutDuration $
sambaLockoutObservationWin
 dow $ sambaLockoutThreshold $ sambaForceLogoff $
sambaRefuseMachinePwdChange
 ) )
olcObjectClasses: {5}( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool'
DESC 'Poo
 l for allocating UNIX uids/gids' SUP top AUXILIARY MUST ( uidNumber $
gidNumb
 er ) )
olcObjectClasses: {6}( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry'
DESC 'Map
 ping from a SID to an ID' SUP top AUXILIARY MUST sambaSID MAY (
uidNumber $ g
 idNumber ) )
olcObjectClasses: {7}( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' DESC
'Struc
 tural Class for a SID' SUP top STRUCTURAL MUST sambaSID )
olcObjectClasses: {8}( 1.3.6.1.4.1.7165.2.2.10 NAME 'sambaConfig' DESC
'Samba
 Configuration Section' SUP top AUXILIARY MAY description )
olcObjectClasses: {9}( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' DESC
'Samba S
 hare Section' SUP top STRUCTURAL MUST sambaShareName MAY description )
olcObjectClasses: {10}( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption'
DESC
 'Samba Configuration Option' SUP top STRUCTURAL MUST sambaOptionName
MAY ( sa
 mbaBoolOption $ sambaIntegerOption $ sambaStringOption $
sambaStringListoptio
 n $ description ) )
structuralObjectClass: olcSchemaConfig
entryUUID: 6530d6ba-9721-102f-9563-4b8bb57ada73
creatorsName: cn=config
createTimestamp: 20101208141546Z
entryCSN: 20101208141546.777296Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20101208141546Z

dn: cn={6}nis,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {6}nis
olcAttributeTypes: {0}( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS
field; th
 e common name' EQUALITY caseIgnoreIA5Match SUBSTR
caseIgnoreIA5SubstringsMatc
 h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {1}( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The
absolut
 e path to the home directory' EQUALITY caseExactIA5Match SYNTAX
1.3.6.1.4.1.1
 466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {2}( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path
to th
 e login shell' EQUALITY caseExactIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.2
 6 SINGLE-VALUE )
olcAttributeTypes: {3}( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY
integ
 erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {4}( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY
integerMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {5}( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY
integerMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {6}( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY
integerM
 atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {7}( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY
integer
 Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {8}( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY
integerM
 atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {9}( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY
integerMat
 ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {10}( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY
caseExactI
 A5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.
 26 )
olcAttributeTypes: {11}( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup'
EQUALITY ca
 seExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX
1.3.6.1.4.1.1466.11
 5.121.1.26 )
olcAttributeTypes: {12}( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC
'Netgr
 oup triple' SYNTAX 1.3.6.1.1.1.0.0 )
olcAttributeTypes: {13}( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' EQUALITY
intege
 rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {14}( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' SUP
name )
olcAttributeTypes: {15}( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber'
EQUALITY int
 egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {16}( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' EQUALITY
integer
 Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {17}( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IP
address
 ' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
olcAttributeTypes: {18}( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC
'IP netw
 ork' EQUALITY caseIgnoreIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26{128} SI
 NGLE-VALUE )
olcAttributeTypes: {19}( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC
'IP netm
 ask' EQUALITY caseIgnoreIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26{128} SI
 NGLE-VALUE )
olcAttributeTypes: {20}( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC
address'
  EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
olcAttributeTypes: {21}( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC
'rpc.bootp
 aramd parameter' SYNTAX 1.3.6.1.1.1.0.1 )
olcAttributeTypes: {22}( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot
image nam
 e' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {23}( 1.3.6.1.1.1.1.26 NAME 'nisMapName' SUP name )
olcAttributeTypes: {24}( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' EQUALITY
caseExac
 tIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.
 1.26{1024} SINGLE-VALUE )
olcObjectClasses: {0}( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC
'Abstraction o
 f an account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $
uidNu
 mber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $
gecos $
 description ) )
olcObjectClasses: {1}( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC
'Additional a
 ttributes for shadow passwords' SUP top AUXILIARY MUST uid MAY (
userPassword
  $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $
shadowInactive
 $ shadowExpire $ shadowFlag $ description ) )
olcObjectClasses: {2}( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC
'Abstraction of
 a group of accounts' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY (
userPas
 sword $ memberUid $ description ) )
olcObjectClasses: {3}( 1.3.6.1.1.1.2.3 NAME 'ipService' DESC
'Abstraction an I
 nternet Protocol service' SUP top STRUCTURAL MUST ( cn $ ipServicePort
$ ipSe
 rviceProtocol ) MAY description )
olcObjectClasses: {4}( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC
'Abstraction of
 an IP protocol' SUP top STRUCTURAL MUST ( cn $ ipProtocolNumber $
description
  ) MAY description )
olcObjectClasses: {5}( 1.3.6.1.1.1.2.5 NAME 'oncRpc' DESC 'Abstraction
of an O
 NC/RPC binding' SUP top STRUCTURAL MUST ( cn $ oncRpcNumber $
description ) M
 AY description )
olcObjectClasses: {6}( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Abstraction
of a ho
 st, an IP device' SUP top AUXILIARY MUST ( cn $ ipHostNumber ) MAY ( l
$ desc
 ription $ manager ) )
olcObjectClasses: {7}( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC
'Abstraction of a
 n IP network' SUP top STRUCTURAL MUST ( cn $ ipNetworkNumber ) MAY (
ipNetmas
 kNumber $ l $ description $ manager ) )
olcObjectClasses: {8}( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC
'Abstraction of
  a netgroup' SUP top STRUCTURAL MUST cn MAY ( nisNetgroupTriple $
memberNisNe
 tgroup $ description ) )
olcObjectClasses: {9}( 1.3.6.1.1.1.2.9 NAME 'nisMap' DESC 'A generic
abstracti
 on of a NIS map' SUP top STRUCTURAL MUST nisMapName MAY description )
olcObjectClasses: {10}( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'An entry
in a
 NIS map' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $ nisMapName ) MAY
descri
 ption )
olcObjectClasses: {11}( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'A
device w
 ith a MAC address' SUP top AUXILIARY MAY macAddress )
olcObjectClasses: {12}( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'A
device
 with boot parameters' SUP top AUXILIARY MAY ( bootFile $ bootParameter ) )
structuralObjectClass: olcSchemaConfig
entryUUID: 21e5fef6-b10d-1030-8a33-11dbca5edf22
creatorsName: cn=config
createTimestamp: 20111202084111Z
entryCSN: 20111202084111.852375Z#000000#001#000000
modifiersName: cn=config
modifyTimestamp: 20111202084111Z

dn: cn={7}dyngroup,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {7}dyngroup
olcObjectIdentifier: {0}NetscapeRoot 2.16.840.1.113730
olcObjectIdentifier: {1}NetscapeLDAP NetscapeRoot:3
olcObjectIdentifier: {2}NetscapeLDAPattributeType NetscapeLDAP:1
olcObjectIdentifier: {3}NetscapeLDAPobjectClass NetscapeLDAP:2
olcObjectIdentifier: {4}OpenLDAPExp11 1.3.6.1.4.1.4203.666.11
olcObjectIdentifier: {5}DynGroupBase OpenLDAPExp11:8
olcObjectIdentifier: {6}DynGroupAttr DynGroupBase:1
olcObjectIdentifier: {7}DynGroupOC DynGroupBase:2
olcAttributeTypes: {0}( NetscapeLDAPattributeType:198 NAME 'memberURL'
DESC 'I
 dentifies an URL associated with each member of a group. Any type of
labeled
 URL can be used.' SUP labeledURI )
olcAttributeTypes: {1}( DynGroupAttr:1 NAME 'dgIdentity' DESC 'Identity
to use
  when processing the memberURL' SUP distinguishedName SINGLE-VALUE )
olcAttributeTypes: {2}( DynGroupAttr:2 NAME 'dgAuthz' DESC 'Optional
authoriza
 tion rules that determine who is allowed to assume the dgIdentity'
EQUALITY a
 uthzMatch SYNTAX 1.3.6.1.4.1.4203.666.2.7 X-ORDERED 'VALUES' )
olcObjectClasses: {0}( NetscapeLDAPobjectClass:33 NAME 'groupOfURLs' SUP
top S
 TRUCTURAL MUST cn MAY ( memberURL $ businessCategory $ description $ o
$ ou $
  owner $ seeAlso ) )
olcObjectClasses: {1}( DynGroupOC:1 NAME 'dgIdentityAux' SUP top
AUXILIARY MAY
  ( dgIdentity $ dgAuthz ) )
structuralObjectClass: olcSchemaConfig
entryUUID: fe9ba1e6-ed18-1031-8f79-fdfd31b132a1
creatorsName: cn=config
createTimestamp: 20130107132214Z
entryCSN: 20130107132214.043246Z#000000#001#000000
modifiersName: cn=config
modifyTimestamp: 20130107132214Z

dn: olcDatabase={-1}frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 0
olcReadOnly: FALSE
olcSchemaDN: cn=Subschema
olcSyncUseSubentry: FALSE
olcMonitoring: FALSE
olcSortVals: uniqueMember
structuralObjectClass: olcDatabaseConfig
entryUUID: 6530dd36-9721-102f-9564-4b8bb57ada73
creatorsName: cn=config
createTimestamp: 20101208141546Z
entryCSN: 20101208141546.777296Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20101208141546Z

dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to *  by * none
olcAddContentAcl: TRUE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=config
olcRootPW:: c2VjcmV0
olcSyncUseSubentry: FALSE
olcMonitoring: FALSE
structuralObjectClass: olcDatabaseConfig
entryUUID: 6530e0e2-9721-102f-9565-4b8bb57ada73
creatorsName: cn=config
createTimestamp: 20101208141546Z
entryCSN: 20110128100718.624757Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20110128100718Z

dn: olcDatabase={1}bdb,cn=config
objectClass: olcDatabaseConfig
objectClass: olcBdbConfig
olcDatabase: {1}bdb
olcDbDirectory: /home/clement/Programmes/openldap/var/openldap-data
olcSuffix: dc=example,dc=com
olcAccess: {0}to attrs=userPassword,pwdReset  by
dn.base="uid=websso,ou=applic
 ations,dc=example,dc=com" write by
dn.base="uid=syncrepl,ou=applications,dc=e
 xample,dc=com" read by self write  by * auth
olcAccess: {1}to *  by * read
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcLimits: {0}dn.base="uid=syncrepl,ou=applications,dc=example,dc=com" 
size=u
 nlimited  time=unlimited
olcMaxDerefDepth: 15
olcRootDN: cn=admin,dc=example,dc=com
olcRootPW:: c2VjcmV0
olcSyncUseSubentry: FALSE
olcMonitoring: TRUE
olcDbCacheSize: 1000
olcDbNoSync: FALSE
olcDbDirtyRead: FALSE
olcDbIDLcacheSize: 0
olcDbIndex: entryCSN eq
olcDbIndex: entryUUID eq
olcDbIndex: cn pres,eq,sub
olcDbIndex: objectClass eq
olcDbIndex: uid pres,eq,sub
olcDbLinearIndex: FALSE
olcDbMode: 0600
olcDbSearchStack: 16
olcDbShmKey: 0
olcDbCacheFree: 1
olcDbDNcacheSize: 0
structuralObjectClass: olcBdbConfig
entryUUID: 6530e5ce-9721-102f-9566-4b8bb57ada73
creatorsName: cn=config
createTimestamp: 20101208141546Z
entryCSN: 20131216111237.610457Z#000000#001#000000
modifiersName: cn=config
modifyTimestamp: 20131216111237Z

dn: olcOverlay={0}ppolicy,olcDatabase={1}bdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcPPolicyConfig
olcOverlay: {0}ppolicy
olcPPolicyHashCleartext: TRUE
olcPPolicyUseLockout: TRUE
structuralObjectClass: olcPPolicyConfig
entryUUID: 6530e920-9721-102f-9567-4b8bb57ada73
creatorsName: cn=config
createTimestamp: 20101208141546Z
entryCSN: 20130114105653.360546Z#000000#001#000000
modifiersName: cn=config
modifyTimestamp: 20130114105653Z

dn: olcOverlay={1}refint,olcDatabase={1}bdb,cn=config
objectClass: top
objectClass: olcRefintConfig
objectClass: olcOverlayConfig
objectClass: olcConfig
olcOverlay: {1}refint
olcRefintAttribute: uniqueMember
structuralObjectClass: olcRefintConfig
entryUUID: 09e6dbf2-bf39-102f-9c50-3952f948c50c
creatorsName: cn=config
createTimestamp: 20110128144548Z
entryCSN: 20130107132318.183175Z#000000#001#000000
modifiersName: cn=config
modifyTimestamp: 20130107132318Z

dn: olcOverlay={2}dynlist,olcDatabase={1}bdb,cn=config
objectClass: olcOverlayConfig
objectClass: olcDynamicList
olcOverlay: {2}dynlist
olcDlAttrSet: {0}groupOfURLs memberURL uniqueMember
structuralObjectClass: olcDynamicList
entryUUID: fe9cabd6-ed18-1031-8f7a-fdfd31b132a1
creatorsName: cn=config
createTimestamp: 20130107132214Z
entryCSN: 20130107132214.050054Z#000000#001#000000
modifiersName: cn=config
modifyTimestamp: 20130107132214Z

dn: olcOverlay={3}constraint,olcDatabase={1}bdb,cn=config
objectClass: top
objectClass: olcConfig
objectClass: olcOverlayConfig
objectClass: olcConstraintConfig
olcOverlay: {3}constraint
olcConstraintAttribute: manager uri
ldap:///ou=users,dc=example,dc=com?entrydn
 ?one?(objectClass=inetOrgPerson)
olcConstraintAttribute: secretary uri
ldap:///ou=users,dc=example,dc=com?entry
 dn?one?(objectClass=inetOrgPerson)
structuralObjectClass: olcConstraintConfig
entryUUID: eae8d7e6-5d6a-1032-9a5b-79f276fc875e
creatorsName: cn=config
createTimestamp: 20130530115049Z
entryCSN: 20130530115136.024979Z#000000#001#000000
modifiersName: cn=config
modifyTimestamp: 20130530115136Z

dn: olcOverlay={4}syncprov,olcDatabase={1}bdb,cn=config
objectClass: top
objectClass: olcConfig
objectClass: olcOverlayConfig
objectClass: olcSyncProvConfig
olcOverlay: {4}syncprov
structuralObjectClass: olcSyncProvConfig
entryUUID: d81603b2-e49e-1032-9fd1-c7f9d83f3e67
creatorsName: cn=config
createTimestamp: 20131118131239Z
entryCSN: 20131118131239.181964Z#000000#001#000000
modifiersName: cn=config
modifyTimestamp: 20131118131239Z

dn: olcDatabase={2}monitor,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {2}monitor
structuralObjectClass: olcDatabaseConfig
entryUUID: 6530ed6c-9721-102f-9568-4b8bb57ada73
creatorsName: cn=config
createTimestamp: 20101208141546Z
entryCSN: 20101208141546.777296Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20101208141546Z


And the configuration of the slave :


dn: cn=config
objectClass: olcGlobal
cn: config
olcArgsFile: /home/clement/Programmes/openldap/var/run/slapd-slave.args
olcAttributeOptions: lang-
olcAuthzPolicy: any
olcConcurrency: 0
olcConnMaxPending: 100
olcConnMaxPendingAuth: 1000
olcGentleHUP: FALSE
olcIdleTimeout: 0
olcIndexSubstrIfMaxLen: 4
olcIndexSubstrIfMinLen: 2
olcIndexSubstrAnyLen: 4
olcIndexSubstrAnyStep: 2
olcIndexIntLen: 4
olcLocalSSF: 71
olcLogLevel: Stats
olcPasswordHash: {SSHA}
olcPidFile: /home/clement/Programmes/openldap/var/run/slapd-slave.pid
olcReadOnly: FALSE
olcSaslSecProps: noplain,noanonymous
olcServerID: 1
olcSockbufMaxIncoming: 262143
olcSockbufMaxIncomingAuth: 16777215
olcThreads: 16
olcTLSCRLCheck: none
olcTLSVerifyClient: never
olcToolThreads: 1
olcWriteTimeout: 0
structuralObjectClass: olcGlobal
entryUUID: 653034b2-9721-102f-955c-4b8bb57ada73
creatorsName: cn=config
createTimestamp: 20101208141546Z
entryCSN: 20120210082417.222541Z#000000#001#000000
modifiersName: cn=config
modifyTimestamp: 20120210082417Z

dn: cn=schema,cn=config
objectClass: olcSchemaConfig
cn: schema
olcObjectIdentifier: OLcfg 1.3.6.1.4.1.4203.1.12.2
olcObjectIdentifier: OLcfgAt OLcfg:3
olcObjectIdentifier: OLcfgGlAt OLcfgAt:0
olcObjectIdentifier: OLcfgBkAt OLcfgAt:1
olcObjectIdentifier: OLcfgDbAt OLcfgAt:2
olcObjectIdentifier: OLcfgOvAt OLcfgAt:3
olcObjectIdentifier: OLcfgCtAt OLcfgAt:4
olcObjectIdentifier: OLcfgOc OLcfg:4
olcObjectIdentifier: OLcfgGlOc OLcfgOc:0
olcObjectIdentifier: OLcfgBkOc OLcfgOc:1
olcObjectIdentifier: OLcfgDbOc OLcfgOc:2
olcObjectIdentifier: OLcfgOvOc OLcfgOc:3
olcObjectIdentifier: OLcfgCtOc OLcfgOc:4
olcObjectIdentifier: OMsyn 1.3.6.1.4.1.1466.115.121.1
olcObjectIdentifier: OMsBoolean OMsyn:7
olcObjectIdentifier: OMsDN OMsyn:12
olcObjectIdentifier: OMsDirectoryString OMsyn:15
olcObjectIdentifier: OMsIA5String OMsyn:26
olcObjectIdentifier: OMsInteger OMsyn:27
olcObjectIdentifier: OMsOID OMsyn:38
olcObjectIdentifier: OMsOctetString OMsyn:40
olcObjectIdentifier: olmAttributes 1.3.6.1.4.1.4203.666.1.55
olcObjectIdentifier: olmSubSystemAttributes olmAttributes:0
olcObjectIdentifier: olmGenericAttributes olmSubSystemAttributes:0
olcObjectIdentifier: olmDatabaseAttributes olmSubSystemAttributes:1
olcObjectIdentifier: olmObjectClasses 1.3.6.1.4.1.4203.666.3.16
olcObjectIdentifier: olmSubSystemObjectClasses olmObjectClasses:0
olcObjectIdentifier: olmGenericObjectClasses olmSubSystemObjectClasses:0
olcObjectIdentifier: olmDatabaseObjectClasses olmSubSystemObjectClasses:1
olcObjectIdentifier: PCacheOID 1.3.6.1.4.1.4203.666.11.9.1
olcObjectIdentifier: PCacheAttributes PCacheOID:1
olcObjectIdentifier: PCacheObjectClasses PCacheOID:2
olcObjectIdentifier: olmBDBAttributes olmDatabaseAttributes:1
olcObjectIdentifier: olmBDBObjectClasses olmDatabaseObjectClasses:1
olcAttributeTypes: ( 2.5.4.0 NAME 'objectClass' DESC 'RFC4512: object
classes
 of the entity' EQUALITY objectIdentifierMatch SYNTAX
1.3.6.1.4.1.1466.115.121
 .1.38 )
olcAttributeTypes: ( 2.5.21.9 NAME 'structuralObjectClass' DESC
'RFC4512: stru
 ctural object class of entry' EQUALITY objectIdentifierMatch SYNTAX
1.3.6.1.4
 .1.1466.115.121.1.38 SINGLE-VALUE NO-USER-MODIFICATION USAGE
directoryOperati
 on )
olcAttributeTypes: ( 2.5.18.1 NAME 'createTimestamp' DESC 'RFC4512: time
which
  object was created' EQUALITY generalizedTimeMatch ORDERING
generalizedTimeOr
 deringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE
NO-USER-MODIFIC
 ATION USAGE directoryOperation )
olcAttributeTypes: ( 2.5.18.2 NAME 'modifyTimestamp' DESC 'RFC4512: time
which
  object was last modified' EQUALITY generalizedTimeMatch ORDERING
generalized
 TimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE
NO-USER-M
 ODIFICATION USAGE directoryOperation )
olcAttributeTypes: ( 2.5.18.3 NAME 'creatorsName' DESC 'RFC4512: name of
creat
 or' EQUALITY distinguishedNameMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.12 SING
 LE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
olcAttributeTypes: ( 2.5.18.4 NAME 'modifiersName' DESC 'RFC4512: name
of last
  modifier' EQUALITY distinguishedNameMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.
 12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
olcAttributeTypes: ( 2.5.18.9 NAME 'hasSubordinates' DESC 'X.501: entry
has ch
 ildren' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALU
 E NO-USER-MODIFICATION USAGE directoryOperation )
olcAttributeTypes: ( 2.5.18.10 NAME 'subschemaSubentry' DESC 'RFC4512:
name of
  controlling subschema entry' EQUALITY distinguishedNameMatch SYNTAX
1.3.6.1.
 4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE
directoryOperat
 ion )
olcAttributeTypes: ( 1.3.6.1.1.20 NAME 'entryDN' DESC 'DN of the entry'
EQUALI
 TY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
SINGLE-VALUE N
 O-USER-MODIFICATION USAGE directoryOperation )
olcAttributeTypes: ( 1.3.6.1.1.16.4 NAME 'entryUUID' DESC 'UUID of the
entry'
 EQUALITY UUIDMatch ORDERING UUIDOrderingMatch SYNTAX 1.3.6.1.1.16.1
SINGLE-VA
 LUE NO-USER-MODIFICATION USAGE directoryOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.7 NAME 'entryCSN' DESC
'change seq
 uence number of the entry content' EQUALITY CSNMatch ORDERING
CSNOrderingMatc
 h SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} SINGLE-VALUE
NO-USER-MODIFICATION US
 AGE directoryOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.13 NAME 'namingCSN' DESC
'change s
 equence number of the entry naming (RDN)' EQUALITY CSNMatch ORDERING
CSNOrder
 ingMatch SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} SINGLE-VALUE
NO-USER-MODIFICA
 TION USAGE directoryOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.23 NAME 'syncreplCookie'
DESC 'syn
 crepl Cookie for shadow copy' EQUALITY octetStringMatch ORDERING
octetStringO
 rderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE
NO-USER-MODIFI
 CATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.25 NAME 'contextCSN' DESC
'the lar
 gest committed CSN of a context' EQUALITY CSNMatch ORDERING
CSNOrderingMatch
 SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} NO-USER-MODIFICATION USAGE
dSAOperatio
 n )
olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer' DESC
'RFC4512
 : alternative servers' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE
dSAOperatio
 n )
olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts'
DESC 'RF
 C4512: naming contexts' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE
dSAOperati
 on )
olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl'
DESC
 'RFC4512: supported controls' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
USAGE dSAO
 peration )
olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.7 NAME
'supportedExtension' DESC
  'RFC4512: supported extended operations' SYNTAX
1.3.6.1.4.1.1466.115.121.1.3
 8 USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.15 NAME
'supportedLDAPVersion' D
 ESC 'RFC4512: supported LDAP versions' SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 U
 SAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.14 NAME
'supportedSASLMechanisms
 ' DESC 'RFC4512: supported SASL mechanisms' SYNTAX
1.3.6.1.4.1.1466.115.121.1
 .15 USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.1.3.5 NAME 'supportedFeatures'
DESC 'RFC
 4512: features supported by the server' EQUALITY objectIdentifierMatch
SYNTAX
  1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.10 NAME 'monitorContext'
DESC 'mon
 itor context' EQUALITY distinguishedNameMatch SYNTAX
1.3.6.1.4.1.1466.115.121
 .1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.1.12.2.1 NAME 'configContext' DESC
'conf
 ig context' EQUALITY distinguishedNameMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1
 .12 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.1.4 NAME 'vendorName' DESC 'RFC3045: name
of impl
 ementation vendor' EQUALITY caseExactMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.
 15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.1.5 NAME 'vendorVersion' DESC 'RFC3045:
version o
 f implementation' EQUALITY caseExactMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.1
 5 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 2.5.18.5 NAME 'administrativeRole' DESC 'RFC3672:
adminis
 trative role' EQUALITY objectIdentifierMatch SYNTAX
1.3.6.1.4.1.1466.115.121.
 1.38 USAGE directoryOperation )
olcAttributeTypes: ( 2.5.18.6 NAME 'subtreeSpecification' DESC 'RFC3672:
subtr
 ee specification' SYNTAX 1.3.6.1.4.1.1466.115.121.1.45 SINGLE-VALUE
USAGE dir
 ectoryOperation )
olcAttributeTypes: ( 2.5.21.1 NAME 'dITStructureRules' DESC 'RFC4512:
DIT stru
 cture rules' EQUALITY integerFirstComponentMatch SYNTAX
1.3.6.1.4.1.1466.115.
 121.1.17 USAGE directoryOperation )
olcAttributeTypes: ( 2.5.21.2 NAME 'dITContentRules' DESC 'RFC4512: DIT
conten
 t rules' EQUALITY objectIdentifierFirstComponentMatch SYNTAX
1.3.6.1.4.1.1466
 .115.121.1.16 USAGE directoryOperation )
olcAttributeTypes: ( 2.5.21.4 NAME 'matchingRules' DESC 'RFC4512:
matching rul
 es' EQUALITY objectIdentifierFirstComponentMatch SYNTAX
1.3.6.1.4.1.1466.115.
 121.1.30 USAGE directoryOperation )
olcAttributeTypes: ( 2.5.21.5 NAME 'attributeTypes' DESC 'RFC4512:
attribute t
 ypes' EQUALITY objectIdentifierFirstComponentMatch SYNTAX
1.3.6.1.4.1.1466.11
 5.121.1.3 USAGE directoryOperation )
olcAttributeTypes: ( 2.5.21.6 NAME 'objectClasses' DESC 'RFC4512: object
class
 es' EQUALITY objectIdentifierFirstComponentMatch SYNTAX
1.3.6.1.4.1.1466.115.
 121.1.37 USAGE directoryOperation )
olcAttributeTypes: ( 2.5.21.7 NAME 'nameForms' DESC 'RFC4512: name forms
' EQU
 ALITY objectIdentifierFirstComponentMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.3
 5 USAGE directoryOperation )
olcAttributeTypes: ( 2.5.21.8 NAME 'matchingRuleUse' DESC 'RFC4512:
matching r
 ule uses' EQUALITY objectIdentifierFirstComponentMatch SYNTAX
1.3.6.1.4.1.146
 6.115.121.1.31 USAGE directoryOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes'
DESC 'RFC
 4512: LDAP syntaxes' EQUALITY objectIdentifierFirstComponentMatch
SYNTAX 1.3.
 6.1.4.1.1466.115.121.1.54 USAGE directoryOperation )
olcAttributeTypes: ( 2.5.4.1 NAME ( 'aliasedObjectName'
'aliasedEntryName' ) D
 ESC 'RFC4512: name of aliased object' EQUALITY distinguishedNameMatch
SYNTAX
 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
olcAttributeTypes: ( 2.16.840.1.113730.3.1.34 NAME 'ref' DESC 'RFC3296:
subord
 inate referral URL' EQUALITY caseExactMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1
 .15 USAGE distributedOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.1.3.1 NAME 'entry' DESC 'OpenLDAP
ACL en
 try pseudo-attribute' SYNTAX 1.3.6.1.4.1.4203.1.1.1 SINGLE-VALUE
NO-USER-MODI
 FICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.1.3.2 NAME 'children' DESC
'OpenLDAP ACL
  children pseudo-attribute' SYNTAX 1.3.6.1.4.1.4203.1.1.1 SINGLE-VALUE
NO-USE
 R-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.8 NAME ( 'authzTo'
'saslAuthzTo' )
  DESC 'proxy authorization targets' EQUALITY authzMatch SYNTAX
1.3.6.1.4.1.42
 03.666.2.7 USAGE distributedOperation X-ORDERED 'VALUES' )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.9 NAME ( 'authzFrom'
'saslAuthzFro
 m' ) DESC 'proxy authorization sources' EQUALITY authzMatch SYNTAX
1.3.6.1.4.
 1.4203.666.2.7 USAGE distributedOperation X-ORDERED 'VALUES' )
olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.119.3 NAME 'entryTtl' DESC
'RFC2589:
  entry time-to-live' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE
NO-USE
 R-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.119.4 NAME 'dynamicSubtrees'
DESC 'R
 FC2589: dynamic subtrees' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
NO-USER-MODIFI
 CATION USAGE dSAOperation )
olcAttributeTypes: ( 2.5.4.49 NAME 'distinguishedName' DESC 'RFC4519:
common s
 upertype of DN attributes' EQUALITY distinguishedNameMatch SYNTAX
1.3.6.1.4.1
 .1466.115.121.1.12 )
olcAttributeTypes: ( 2.5.4.41 NAME 'name' DESC 'RFC4519: common
supertype of n
 ame attributes' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SYN
 TAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
olcAttributeTypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' ) DESC 'RFC4519:
common
 name(s) for which the entity is known by' SUP name )
olcAttributeTypes: ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' )
DESC 'R
 FC4519: user identifier' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstrings
 Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: ( 1.3.6.1.1.1.1.0 NAME 'uidNumber' DESC 'RFC2307: An
intege
 r uniquely identifying a user in an administrative domain' EQUALITY
integerMa
 tch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.1.1.1.1 NAME 'gidNumber' DESC 'RFC2307: An
intege
 r uniquely identifying a group in an administrative domain' EQUALITY
integerM
 atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: ( 2.5.4.35 NAME 'userPassword' DESC 'RFC4519/2307:
password
  of user' EQUALITY octetStringMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.40{128}
  )
olcAttributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' DESC
'RFC2079: Uni
 form Resource Identifier with optional label' EQUALITY caseExactMatch
SYNTAX
 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: ( 2.5.4.13 NAME 'description' DESC 'RFC4519:
descriptive in
 formation' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1
 .3.6.1.4.1.1466.115.121.1.15{1024} )
olcAttributeTypes: ( 2.5.4.34 NAME 'seeAlso' DESC 'RFC4519: DN of
related obje
 ct' SUP distinguishedName )
olcAttributeTypes: ( OLcfgGlAt:78 NAME 'olcConfigFile' DESC 'File for
slapd co
 nfiguration directives' EQUALITY caseIgnoreMatch SYNTAX
OMsDirectoryString SI
 NGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:79 NAME 'olcConfigDir' DESC 'Directory
for slap
 d configuration backend' EQUALITY caseIgnoreMatch SYNTAX
OMsDirectoryString S
 INGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:1 NAME 'olcAccess' DESC 'Access Control
List' E
 QUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
olcAttributeTypes: ( OLcfgGlAt:86 NAME 'olcAddContentAcl' DESC 'Check
ACLs aga
 inst content of Add ops' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:2 NAME 'olcAllows' DESC 'Allowed set of
depreca
 ted features' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgGlAt:3 NAME 'olcArgsFile' DESC 'File for slapd
comma
 nd line options' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString
SINGLE-VA
 LUE )
olcAttributeTypes: ( OLcfgGlAt:5 NAME 'olcAttributeOptions' EQUALITY
caseIgnor
 eMatch SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgGlAt:4 NAME 'olcAttributeTypes' DESC 'OpenLDAP
attri
 buteTypes' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED
'VALU
 ES' )
olcAttributeTypes: ( OLcfgGlAt:6 NAME 'olcAuthIDRewrite' EQUALITY
caseIgnoreMa
 tch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
olcAttributeTypes: ( OLcfgGlAt:7 NAME 'olcAuthzPolicy' EQUALITY
caseIgnoreMatc
 h SYNTAX OMsDirectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:8 NAME 'olcAuthzRegexp' EQUALITY
caseIgnoreMatc
 h SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
olcAttributeTypes: ( OLcfgGlAt:9 NAME 'olcBackend' DESC 'A type of
backend' EQ
 UALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGLE-VALUE X-ORDERED
'SIBL
 INGS' )
olcAttributeTypes: ( OLcfgGlAt:10 NAME 'olcConcurrency' SYNTAX
OMsInteger SING
 LE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:11 NAME 'olcConnMaxPending' SYNTAX
OMsInteger S
 INGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:12 NAME 'olcConnMaxPendingAuth' SYNTAX
OMsInteg
 er SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:13 NAME 'olcDatabase' DESC 'The backend
type fo
 r a database instance' SUP olcBackend SINGLE-VALUE X-ORDERED 'SIBLINGS' )
olcAttributeTypes: ( OLcfgGlAt:14 NAME 'olcDefaultSearchBase' SYNTAX
OMsDN SIN
 GLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:15 NAME 'olcDisallows' EQUALITY
caseIgnoreMatch
  SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgGlAt:16 NAME 'olcDitContentRules' DESC
'OpenLDAP DIT
  content rules' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString
X-ORDERED
 'VALUES' )
olcAttributeTypes: ( OLcfgGlAt:17 NAME 'olcGentleHUP' SYNTAX OMsBoolean
SINGLE
 -VALUE )
olcAttributeTypes: ( OLcfgDbAt:0.17 NAME 'olcHidden' SYNTAX OMsBoolean
SINGLE-
 VALUE )
olcAttributeTypes: ( OLcfgGlAt:18 NAME 'olcIdleTimeout' SYNTAX
OMsInteger SING
 LE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:19 NAME 'olcInclude' SUP labeledURI )
olcAttributeTypes: ( OLcfgGlAt:20 NAME 'olcIndexSubstrIfMinLen' SYNTAX
OMsInte
 ger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:21 NAME 'olcIndexSubstrIfMaxLen' SYNTAX
OMsInte
 ger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:22 NAME 'olcIndexSubstrAnyLen' SYNTAX
OMsIntege
 r SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:23 NAME 'olcIndexSubstrAnyStep' SYNTAX
OMsInteg
 er SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:84 NAME 'olcIndexIntLen' SYNTAX
OMsInteger SING
 LE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:0.4 NAME 'olcLastMod' SYNTAX OMsBoolean
SINGLE-
 VALUE )
olcAttributeTypes: ( OLcfgGlAt:85 NAME 'olcLdapSyntaxes' DESC 'OpenLDAP
ldapSy
 ntax' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED
'VALUES' )
olcAttributeTypes: ( OLcfgDbAt:0.5 NAME 'olcLimits' EQUALITY
caseIgnoreMatch S
 YNTAX OMsDirectoryString X-ORDERED 'VALUES' )
olcAttributeTypes: ( OLcfgGlAt:26 NAME 'olcLocalSSF' SYNTAX OMsInteger
SINGLE-
 VALUE )
olcAttributeTypes: ( OLcfgGlAt:27 NAME 'olcLogFile' SYNTAX
OMsDirectoryString
 SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:28 NAME 'olcLogLevel' EQUALITY
caseIgnoreMatch
 SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgDbAt:0.6 NAME 'olcMaxDerefDepth' SYNTAX
OMsInteger S
 INGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:0.16 NAME 'olcMirrorMode' SYNTAX
OMsBoolean SIN
 GLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:30 NAME 'olcModuleLoad' EQUALITY
caseIgnoreMatc
 h SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
olcAttributeTypes: ( OLcfgGlAt:31 NAME 'olcModulePath' SYNTAX
OMsDirectoryStri
 ng SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:0.18 NAME 'olcMonitoring' SYNTAX
OMsBoolean SIN
 GLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:32 NAME 'olcObjectClasses' DESC 'OpenLDAP
objec
 t classes' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED
'VALU
 ES' )
olcAttributeTypes: ( OLcfgGlAt:33 NAME 'olcObjectIdentifier' EQUALITY
caseIgno
 reMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
olcAttributeTypes: ( OLcfgGlAt:34 NAME 'olcOverlay' SUP olcDatabase
SINGLE-VAL
 UE X-ORDERED 'SIBLINGS' )
olcAttributeTypes: ( OLcfgGlAt:35 NAME 'olcPasswordCryptSaltFormat'
SYNTAX OMs
 DirectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:36 NAME 'olcPasswordHash' EQUALITY
caseIgnoreMa
 tch SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgGlAt:37 NAME 'olcPidFile' SYNTAX
OMsDirectoryString
 SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:38 NAME 'olcPlugin' EQUALITY
caseIgnoreMatch SY
 NTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgGlAt:39 NAME 'olcPluginLogFile' SYNTAX
OMsDirectoryS
 tring SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:40 NAME 'olcReadOnly' SYNTAX OMsBoolean
SINGLE-
 VALUE )
olcAttributeTypes: ( OLcfgGlAt:41 NAME 'olcReferral' SUP labeledURI
SINGLE-VAL
 UE )
olcAttributeTypes: ( OLcfgDbAt:0.7 NAME 'olcReplica' SUP labeledURI
EQUALITY c
 aseIgnoreMatch X-ORDERED 'VALUES' )
olcAttributeTypes: ( OLcfgGlAt:43 NAME 'olcReplicaArgsFile' SYNTAX
OMsDirector
 yString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:44 NAME 'olcReplicaPidFile' SYNTAX
OMsDirectory
 String SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:45 NAME 'olcReplicationInterval' SYNTAX
OMsInte
 ger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:46 NAME 'olcReplogFile' SYNTAX
OMsDirectoryStri
 ng SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:47 NAME 'olcRequires' EQUALITY
caseIgnoreMatch
 SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgGlAt:48 NAME 'olcRestrict' EQUALITY
caseIgnoreMatch
 SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgGlAt:49 NAME 'olcReverseLookup' SYNTAX
OMsBoolean SI
 NGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:0.8 NAME 'olcRootDN' EQUALITY
distinguishedName
 Match SYNTAX OMsDN SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:51 NAME 'olcRootDSE' EQUALITY
caseIgnoreMatch S
 YNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgDbAt:0.9 NAME 'olcRootPW' SYNTAX
OMsDirectoryString
 SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:89 NAME 'olcSaslAuxprops' SYNTAX
OMsDirectorySt
 ring SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:53 NAME 'olcSaslHost' SYNTAX
OMsDirectoryString
  SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:54 NAME 'olcSaslRealm' SYNTAX
OMsDirectoryStrin
 g SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:56 NAME 'olcSaslSecProps' SYNTAX
OMsDirectorySt
 ring SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:58 NAME 'olcSchemaDN' EQUALITY
distinguishedNam
 eMatch SYNTAX OMsDN SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:59 NAME 'olcSecurity' EQUALITY
caseIgnoreMatch
 SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgGlAt:81 NAME 'olcServerID' EQUALITY
caseIgnoreMatch
 SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgGlAt:60 NAME 'olcSizeLimit' SYNTAX
OMsDirectoryStrin
 g SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:61 NAME 'olcSockbufMaxIncoming' SYNTAX
OMsInteg
 er SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:62 NAME 'olcSockbufMaxIncomingAuth'
SYNTAX OMsI
 nteger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:83 NAME 'olcSortVals' DESC 'Attributes
whose va
 lues will always be sorted' EQUALITY caseIgnoreMatch SYNTAX
OMsDirectoryStrin
 g )
olcAttributeTypes: ( OLcfgDbAt:0.15 NAME 'olcSubordinate' SYNTAX
OMsDirectoryS
 tring SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:0.10 NAME 'olcSuffix' EQUALITY
distinguishedNam
 eMatch SYNTAX OMsDN )
olcAttributeTypes: ( OLcfgDbAt:0.19 NAME 'olcSyncUseSubentry' DESC
'Store sync
  context in a subentry' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:0.11 NAME 'olcSyncrepl' EQUALITY
caseIgnoreMatc
 h SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
olcAttributeTypes: ( OLcfgGlAt:90 NAME 'olcTCPBuffer' DESC 'Custom TCP
buffer
 size' SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgGlAt:66 NAME 'olcThreads' SYNTAX OMsInteger
SINGLE-V
 ALUE )
olcAttributeTypes: ( OLcfgGlAt:67 NAME 'olcTimeLimit' SYNTAX
OMsDirectoryStrin
 g )
olcAttributeTypes: ( OLcfgGlAt:68 NAME 'olcTLSCACertificateFile' SYNTAX
OMsDir
 ectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:69 NAME 'olcTLSCACertificatePath' SYNTAX
OMsDir
 ectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:70 NAME 'olcTLSCertificateFile' SYNTAX
OMsDirec
 toryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:71 NAME 'olcTLSCertificateKeyFile' SYNTAX
OMsDi
 rectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:72 NAME 'olcTLSCipherSuite' SYNTAX
OMsDirectory
 String SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:73 NAME 'olcTLSCRLCheck' SYNTAX
OMsDirectoryStr
 ing SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:82 NAME 'olcTLSCRLFile' SYNTAX
OMsDirectoryStri
 ng SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:74 NAME 'olcTLSRandFile' SYNTAX
OMsDirectoryStr
 ing SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:75 NAME 'olcTLSVerifyClient' SYNTAX
OMsDirector
 yString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:77 NAME 'olcTLSDHParamFile' SYNTAX
OMsDirectory
 String SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:87 NAME 'olcTLSProtocolMin' SYNTAX
OMsDirectory
 String SINGLE-VALUE )
olcAttributeTypes: ( OLcfgGlAt:80 NAME 'olcToolThreads' SYNTAX
OMsInteger SING
 LE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:0.12 NAME 'olcUpdateDN' SYNTAX OMsDN
SINGLE-VAL
 UE )
olcAttributeTypes: ( OLcfgDbAt:0.13 NAME 'olcUpdateRef' SUP labeledURI
EQUALIT
 Y caseIgnoreMatch )
olcAttributeTypes: ( OLcfgGlAt:88 NAME 'olcWriteTimeout' SYNTAX
OMsInteger SIN
 GLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:0.1 NAME 'olcDbDirectory' DESC 'Directory
for d
 atabase content' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString
SINGLE-VA
 LUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.1 NAME 'monitoredInfo'
DESC 'mo
 nitored info' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
SYNTA
 X 1.3.6.1.4.1.1466.115.121.1.15{32768} NO-USER-MODIFICATION USAGE
dSAOperatio
 n )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.2 NAME 'managedInfo' DESC
'moni
 tor managed info' SUP name )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.3 NAME 'monitorCounter'
DESC 'm
 onitor counter' EQUALITY integerMatch ORDERING integerOrderingMatch
SYNTAX 1.
 3.6.1.4.1.1466.115.121.1.27 NO-USER-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.4 NAME
'monitorOpCompleted' DES
 C 'monitor completed operations' SUP monitorCounter
NO-USER-MODIFICATION USAG
 E dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.5 NAME
'monitorOpInitiated' DES
 C 'monitor initiated operations' SUP monitorCounter
NO-USER-MODIFICATION USAG
 E dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.6 NAME
'monitorConnectionNumber
 ' DESC 'monitor connection number' SUP monitorCounter
NO-USER-MODIFICATION US
 AGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.7 NAME
'monitorConnectionAuthzD
 N' DESC 'monitor connection authorization DN' EQUALITY
distinguishedNameMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE
dSAOperation
  )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.8 NAME
'monitorConnectionLocalA
 ddress' DESC 'monitor connection local address' SUP monitoredInfo
NO-USER-MOD
 IFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.9 NAME
'monitorConnectionPeerAd
 dress' DESC 'monitor connection peer address' SUP monitoredInfo
NO-USER-MODIF
 ICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.10 NAME
'monitorTimestamp' DESC
  'monitor timestamp' EQUALITY generalizedTimeMatch ORDERING
generalizedTimeOr
 deringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE
NO-USER-MODIFIC
 ATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.11 NAME 'monitorOverlay'
DESC '
 name of overlays defined for a given database' SUP monitoredInfo
NO-USER-MODI
 FICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.12 NAME 'readOnly' DESC
'read/w
 rite status of a given database' EQUALITY booleanMatch SYNTAX
1.3.6.1.4.1.146
 6.115.121.1.7 SINGLE-VALUE USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.13 NAME
'restrictedOperation' D
 ESC 'name of restricted operation for a given database' SUP managedInfo )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.14 NAME
'monitorConnectionProto
 col' DESC 'monitor connection protocol' SUP monitoredInfo
NO-USER-MODIFICATIO
 N USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.15 NAME
'monitorConnectionOpsRe
 ceived' DESC 'monitor number of operations received by the connection'
SUP mo
 nitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.16 NAME
'monitorConnectionOpsEx
 ecuting' DESC 'monitor number of operations in execution within the
connectio
 n' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.17 NAME
'monitorConnectionOpsPe
 nding' DESC 'monitor number of pending operations within the
connection' SUP
 monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.18 NAME
'monitorConnectionOpsCo
 mpleted' DESC 'monitor number of operations completed within the
connection'
 SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.19 NAME
'monitorConnectionGet'
 DESC 'number of times connection_get() was called so far' SUP
monitorCounter
 NO-USER-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.20 NAME
'monitorConnectionRead'
  DESC 'number of times connection_read() was called so far' SUP
monitorCounte
 r NO-USER-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.21 NAME
'monitorConnectionWrite
 ' DESC 'number of times connection_write() was called so far' SUP
monitorCoun
 ter NO-USER-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.22 NAME
'monitorConnectionMask'
  DESC 'monitor connection mask' SUP monitoredInfo NO-USER-MODIFICATION
USAGE
 dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.23 NAME
'monitorConnectionListe
 ner' DESC 'monitor connection listener' SUP monitoredInfo
NO-USER-MODIFICATIO
 N USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.24 NAME
'monitorConnectionPeerD
 omain' DESC 'monitor connection peer domain' SUP monitoredInfo
NO-USER-MODIFI
 CATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.25 NAME
'monitorConnectionStart
 Time' DESC 'monitor connection start time' SUP monitorTimestamp
SINGLE-VALUE
 NO-USER-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.26 NAME
'monitorConnectionActiv
 ityTime' DESC 'monitor connection activity time' SUP monitorTimestamp
SINGLE-
 VALUE NO-USER-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.27 NAME 'monitorIsShadow'
DESC
 'TRUE if the database is shadow' EQUALITY booleanMatch SYNTAX
1.3.6.1.4.1.146
 6.115.121.1.7 SINGLE-VALUE USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.28 NAME
'monitorUpdateRef' DESC
  'update referral for shadow databases' SUP monitoredInfo SINGLE-VALUE
USAGE
 dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.29 NAME
'monitorRuntimeConfig'
 DESC 'TRUE if component allows runtime configuration' EQUALITY
booleanMatch S
 YNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE USAGE dSAOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.55.30 NAME
'monitorSuperiorDN' DES
 C 'monitor superior DN' EQUALITY distinguishedNameMatch SYNTAX
1.3.6.1.4.1.14
 66.115.121.1.12 NO-USER-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( OLcfgDbAt:1.11 NAME 'olcDbCacheFree' DESC 'Number
of extr
 a entries to free when max is reached' SYNTAX OMsInteger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:1.1 NAME 'olcDbCacheSize' DESC 'Entry
cache siz
 e in entries' SYNTAX OMsInteger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:1.2 NAME 'olcDbCheckpoint' DESC 'Database
check
 point interval in kbytes and minutes' SYNTAX OMsDirectoryString
SINGLE-VALUE
 )
olcAttributeTypes: ( OLcfgDbAt:1.16 NAME 'olcDbChecksum' DESC 'Enable
database
  checksum validation' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:1.13 NAME 'olcDbCryptFile' DESC 'Pathname
of fi
 le containing the DB encryption key' SYNTAX OMsDirectoryString
SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:1.14 NAME 'olcDbCryptKey' DESC 'DB
encryption k
 ey' SYNTAX OMsOctetString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:1.3 NAME 'olcDbConfig' DESC 'BerkeleyDB
DB_CONF
 IG configuration directives' SYNTAX OMsIA5String X-ORDERED 'VALUES' )
olcAttributeTypes: ( OLcfgDbAt:1.4 NAME 'olcDbNoSync' DESC 'Disable
synchronou
 s database writes' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:1.15 NAME 'olcDbPageSize' DESC 'Page size
of sp
 ecified DB, in Kbytes' EQUALITY caseExactMatch SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgDbAt:1.5 NAME 'olcDbDirtyRead' DESC 'Allow
reads of
 uncommitted data' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:1.12 NAME 'olcDbDNcacheSize' DESC 'DN
cache siz
 e' SYNTAX OMsInteger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:1.6 NAME 'olcDbIDLcacheSize' DESC 'IDL
cache si
 ze in IDLs' SYNTAX OMsInteger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:0.2 NAME 'olcDbIndex' DESC 'Attribute
index par
 ameters' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgDbAt:1.7 NAME 'olcDbLinearIndex' DESC 'Index
attribu
 tes one at a time' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:1.8 NAME 'olcDbLockDetect' DESC 'Deadlock
detec
 tion algorithm' SYNTAX OMsDirectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:0.3 NAME 'olcDbMode' DESC 'Unix
permissions of
 database files' SYNTAX OMsDirectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:1.9 NAME 'olcDbSearchStack' DESC 'Depth
of sear
 ch stack in IDLs' SYNTAX OMsInteger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:1.10 NAME 'olcDbShmKey' DESC 'Key for
shared me
 mory region' SYNTAX OMsInteger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:5.1 NAME 'olcRelay' DESC 'Relay DN'
SYNTAX OMsD
 N SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:4.1 NAME 'olcAccessLogDB' DESC 'Suffix of
datab
 ase for log content' SUP distinguishedName SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:4.2 NAME 'olcAccessLogOps' DESC
'Operation type
 s to log' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgOvAt:4.3 NAME 'olcAccessLogPurge' DESC 'Log
cleanup
 parameters' SYNTAX OMsDirectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:4.4 NAME 'olcAccessLogSuccess' DESC 'Log
succes
 sful ops only' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:4.5 NAME 'olcAccessLogOld' DESC 'Log old
values
  when modifying entries matching the filter' SYNTAX OMsDirectoryString
SINGLE
 -VALUE )
olcAttributeTypes: ( OLcfgOvAt:4.6 NAME 'olcAccessLogOldAttr' DESC 'Log
old va
 lues of these attributes even if unmodified' EQUALITY caseIgnoreMatch
SYNTAX
 OMsDirectoryString )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.1 NAME 'reqDN' DESC
'Target D
 N of request' EQUALITY distinguishedNameMatch SYNTAX OMsDN SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.2 NAME 'reqStart' DESC
'Start
  time of request' EQUALITY generalizedTimeMatch ORDERING
generalizedTimeOrder
 ingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.3 NAME 'reqEnd' DESC
'End tim
 e of request' EQUALITY generalizedTimeMatch ORDERING
generalizedTimeOrderingM
 atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.4 NAME 'reqType' DESC
'Type o
 f request' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString
SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.5 NAME 'reqSession'
DESC 'Ses
 sion ID of request' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString
SINGLE
 -VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.6 NAME 'reqAuthzID'
DESC 'Aut
 horization ID of requestor' EQUALITY distinguishedNameMatch SYNTAX
OMsDN SING
 LE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.7 NAME 'reqResult' DESC
'Resu
 lt code of request' EQUALITY integerMatch ORDERING integerOrderingMatch
SYNTA
 X OMsInteger SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.8 NAME 'reqMessage'
DESC 'Err
 or text of request' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch
  SYNTAX OMsDirectoryString SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.9 NAME 'reqReferral'
DESC 'Re
 ferrals returned for request' SUP labeledURI )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.10 NAME 'reqControls'
DESC 'R
 equest controls' EQUALITY objectIdentifierFirstComponentMatch SYNTAX
1.3.6.1.
 4.1.4203.666.11.5.3.1 X-ORDERED 'VALUES' )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.11 NAME
'reqRespControls' DES
 C 'Response controls of request' EQUALITY
objectIdentifierFirstComponentMatch
  SYNTAX 1.3.6.1.4.1.4203.666.11.5.3.1 X-ORDERED 'VALUES' )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.12 NAME 'reqId' DESC
'ID of R
 equest to Abandon' EQUALITY integerMatch ORDERING integerOrderingMatch
SYNTAX
  OMsInteger SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.13 NAME 'reqVersion'
DESC 'Pr
 otocol version of Bind request' EQUALITY integerMatch ORDERING
integerOrderin
 gMatch SYNTAX OMsInteger SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.14 NAME 'reqMethod'
DESC 'Bin
 d method of request' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString
SINGL
 E-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.15 NAME 'reqAssertion'
DESC '
 Compare Assertion of request' SYNTAX OMsDirectoryString SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.16 NAME 'reqMod' DESC
'Modifi
 cations of request' EQUALITY octetStringMatch SUBSTR
octetStringSubstringsMat
 ch SYNTAX OMsOctetString )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.17 NAME 'reqOld' DESC
'Old va
 lues of entry before request completed' EQUALITY octetStringMatch
SUBSTR octe
 tStringSubstringsMatch SYNTAX OMsOctetString )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.18 NAME 'reqNewRDN'
DESC 'New
  RDN of request' EQUALITY distinguishedNameMatch SYNTAX OMsDN
SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.19 NAME
'reqDeleteOldRDN' DES
 C 'Delete old RDN' EQUALITY booleanMatch SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.20 NAME
'reqNewSuperior' DESC
  'New superior DN of request' EQUALITY distinguishedNameMatch SYNTAX
OMsDN SI
 NGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.21 NAME 'reqScope' DESC
'Scop
 e of request' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString
SINGLE-VALUE
  )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.22 NAME
'reqDerefAliases' DES
 C 'Disposition of Aliases in request' EQUALITY caseIgnoreMatch SYNTAX
OMsDire
 ctoryString SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.23 NAME 'reqAttrsOnly'
DESC '
 Attributes and values of request' EQUALITY booleanMatch SYNTAX
OMsBoolean SIN
 GLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.24 NAME 'reqFilter'
DESC 'Fil
 ter of request' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch SYN
 TAX OMsDirectoryString SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.25 NAME 'reqAttr' DESC
'Attri
 butes of request' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.26 NAME 'reqSizeLimit'
DESC '
 Size limit of request' EQUALITY integerMatch ORDERING
integerOrderingMatch SY
 NTAX OMsInteger SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.27 NAME 'reqTimeLimit'
DESC '
 Time limit of request' EQUALITY integerMatch ORDERING
integerOrderingMatch SY
 NTAX OMsInteger SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.28 NAME 'reqEntries'
DESC 'Nu
 mber of entries returned' EQUALITY integerMatch ORDERING
integerOrderingMatch
  SYNTAX OMsInteger SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.29 NAME 'reqData' DESC
'Data
 of extended request' EQUALITY octetStringMatch SUBSTR
octetStringSubstringsMa
 tch SYNTAX OMsOctetString SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.30 NAME 'auditContext'
DESC '
 DN of auditContainer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE
NO-US
 ER-MODIFICATION USAGE dSAOperation )
olcAttributeTypes: ( OLcfgOvAt:15.1 NAME 'olcAuditlogFile' DESC
'Filename for
 auditlogging' SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgOvAt:19.1 NAME 'olcCollectInfo' DESC 'DN of
entry an
 d attribute to distribute' EQUALITY caseIgnoreMatch SYNTAX
OMsDirectoryString
  )
olcAttributeTypes: ( OLcfgOvAt:13.1 NAME 'olcConstraintAttribute' DESC
'constr
 aint for list of attributes' EQUALITY caseIgnoreMatch SYNTAX
OMsDirectoryStri
 ng )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.57 NAME
'entryExpireTimestamp' DES
 C 'RFC2589 OpenLDAP extension: expire time of a dynamic object,
computed as n
 ow + entryTtl' EQUALITY generalizedTimeMatch ORDERING
generalizedTimeOrdering
 Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE
NO-USER-MODIFICATION
 USAGE dSAOperation )
olcAttributeTypes: ( OLcfgOvAt:9.1 NAME 'olcDDSstate' DESC 'RFC2589
Dynamic di
 rectory services state' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:9.2 NAME 'olcDDSmaxTtl' DESC 'RFC2589
Dynamic d
 irectory services max TTL' SYNTAX OMsDirectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:9.3 NAME 'olcDDSminTtl' DESC 'RFC2589
Dynamic d
 irectory services min TTL' SYNTAX OMsDirectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:9.4 NAME 'olcDDSdefaultTtl' DESC 'RFC2589
Dynam
 ic directory services default TTL' SYNTAX OMsDirectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:9.5 NAME 'olcDDSinterval' DESC 'RFC2589
Dynamic
  directory services expiration task run interval' SYNTAX
OMsDirectoryString S
 INGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:9.6 NAME 'olcDDStolerance' DESC 'RFC2589
Dynami
 c directory services additional TTL in expiration scheduling' SYNTAX
OMsDirec
 toryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:9.7 NAME 'olcDDSmaxDynamicObjects' DESC
'RFC258
 9 Dynamic directory services max number of dynamic objects' SYNTAX
OMsInteger
  SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:17.1 NAME 'olcDGAttrPair' DESC 'Member
and Memb
 erURL attribute pair' SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgOvAt:8.1 NAME 'olcDlAttrSet' DESC 'Dynamic
list: <gr
 oup objectClass>, <URL attributeDescription>, <member
attributeDescription>'
 EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
olcAttributeTypes: ( 1.2.840.113556.1.2.102 NAME 'memberOf' DESC 'Group
that t
 he entry belongs to' EQUALITY distinguishedNameMatch SYNTAX
1.3.6.1.4.1.1466.
 115.121.1.12 USAGE dSAOperation X-ORIGIN 'iPlanet Delegated
Administrator' )
olcAttributeTypes: ( OLcfgOvAt:18.0 NAME 'olcMemberOfDN' DESC 'DN to be
used a
 s modifiersName' SYNTAX OMsDN SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:18.1 NAME 'olcMemberOfDangling' DESC
'Behavior
 with respect to dangling members, constrained to ignore, drop, error'
SYNTAX
 OMsDirectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:18.2 NAME 'olcMemberOfRefInt' DESC 'Take
care o
 f referential integrity' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:18.3 NAME 'olcMemberOfGroupOC' DESC
'Group obje
 ctClass' SYNTAX OMsDirectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:18.4 NAME 'olcMemberOfMemberAD' DESC
'member at
 tribute' SYNTAX OMsDirectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:18.5 NAME 'olcMemberOfMemberOfAD' DESC
'memberO
 f attribute' SYNTAX OMsDirectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:18.7 NAME 'olcMemberOfDanglingError' DESC
'Erro
 r code returned in case of dangling back reference' SYNTAX
OMsDirectoryString
  SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.16 NAME 'pwdChangedTime'
DESC 'Th
 e time the password was last changed' EQUALITY generalizedTimeMatch
ORDERING
 generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-VALU
 E NO-USER-MODIFICATION USAGE directoryOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.17 NAME
'pwdAccountLockedTime' DE
 SC 'The time an user account was locked' EQUALITY generalizedTimeMatch
ORDERI
 NG generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-V
 ALUE USAGE directoryOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.19 NAME 'pwdFailureTime'
DESC 'Th
 e timestamps of the last consecutive authentication failures' EQUALITY
genera
 lizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX
1.3.6.1.4.1.1466.
 115.121.1.24 NO-USER-MODIFICATION USAGE directoryOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.20 NAME 'pwdHistory' DESC
'The hi
 story of users passwords' EQUALITY octetStringMatch SYNTAX
1.3.6.1.4.1.1466.1
 15.121.1.40 NO-USER-MODIFICATION USAGE directoryOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.21 NAME 'pwdGraceUseTime'
DESC 'T
 he timestamps of the grace login once the password has expired'
EQUALITY gene
 ralizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
NO-USER-MODIFICATION US
 AGE directoryOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.22 NAME 'pwdReset' DESC
'The indi
 cation that the password has been reset' EQUALITY booleanMatch SYNTAX
1.3.6.1
 .4.1.1466.115.121.1.7 SINGLE-VALUE USAGE directoryOperation )
olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.23 NAME 'pwdPolicySubentry'
DESC
 'The pwdPolicy subentry in effect for this object' EQUALITY
distinguishedName
 Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE USAGE
directoryOperat
 ion )
olcAttributeTypes: ( OLcfgOvAt:12.1 NAME 'olcPPolicyDefault' DESC 'DN of
a pwd
 Policy object for uncustomized objects' SYNTAX OMsDN SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:12.2 NAME 'olcPPolicyHashCleartext' DESC
'Hash
 passwords on add or modify' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:12.4 NAME 'olcPPolicyForwardUpdates' DESC
'Allo
 w policy state updates to be forwarded via updateref' SYNTAX OMsBoolean
SINGL
 E-VALUE )
olcAttributeTypes: ( OLcfgOvAt:12.3 NAME 'olcPPolicyUseLockout' DESC
'Warn cli
 ents with AccountLocked' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( PCacheAttributes:1 NAME 'pcacheQueryID' DESC 'ID of
query
  the entry belongs to, formatted as a UUID' EQUALITY octetStringMatch
SYNTAX
 1.3.6.1.4.1.1466.115.121.1.40{64} NO-USER-MODIFICATION USAGE
directoryOperati
 on )
olcAttributeTypes: ( PCacheAttributes:2 NAME 'pcacheQueryURL' DESC 'URI
descri
 bing a cached query' EQUALITY caseExactMatch SYNTAX
1.3.6.1.4.1.1466.115.121.
 1.15 NO-USER-MODIFICATION USAGE directoryOperation )
olcAttributeTypes: ( OLcfgOvAt:2.1 NAME ( 'olcPcache' 'olcProxyCache' )
DESC '
 Proxy Cache basic parameters' SYNTAX OMsDirectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:2.2 NAME ( 'olcPcacheAttrset'
'olcProxyAttrset'
  ) DESC 'A set of attributes to cache' SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgOvAt:2.3 NAME ( 'olcPcacheTemplate'
'olcProxyCacheTe
 mplate' ) DESC 'Filter template, attrset, cache TTL, optional negative
TTL, o
 ptional sizelimit TTL, optional TTR' SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgOvAt:2.4 NAME 'olcPcachePosition' DESC
'Response cal
 lback position in overlay stack' SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgOvAt:2.5 NAME ( 'olcPcacheMaxQueries'
'olcProxyCache
 Queries' ) DESC 'Maximum number of queries to cache' SYNTAX OMsInteger )
olcAttributeTypes: ( OLcfgOvAt:2.6 NAME ( 'olcPcachePersist'
'olcProxySaveQuer
 ies' ) DESC 'Save cached queries for hot restart' SYNTAX OMsBoolean )
olcAttributeTypes: ( OLcfgOvAt:2.7 NAME ( 'olcPcacheValidate'
'olcProxyCheckCa
 cheability' ) DESC 'Check whether the results of a query are cacheable,
e.g.
 for schema issues' SYNTAX OMsBoolean )
olcAttributeTypes: ( OLcfgOvAt:2.8 NAME 'olcPcacheOffline' DESC 'Set
cache to
 offline mode and disable expiration' SYNTAX OMsBoolean )
olcAttributeTypes: ( OLcfgOvAt:2.9 NAME 'olcPcacheBind' DESC 'Parameters
for c
 aching Binds' SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgOvAt:11.1 NAME 'olcRefintAttribute' DESC
'Attributes
  for referential integrity' EQUALITY caseIgnoreMatch SYNTAX
OMsDirectoryStrin
 g )
olcAttributeTypes: ( OLcfgOvAt:11.2 NAME 'olcRefintNothing' DESC
'Replacement
 DN to supply when needed' SYNTAX OMsDN SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:11.3 NAME 'olcRefintModifiersName' DESC
'The DN
  to use as modifiersName' SYNTAX OMsDN SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.4.1.1 NAME 'errCode' DESC
'LDAP e
 rror code' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX
1.3.6.1
 .4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.4.1.2 NAME 'errOp' DESC
'Operatio
 ns the errObject applies to' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstr
 ingsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.4.1.3 NAME 'errText' DESC
'LDAP e
 rror textual description' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstring
 sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.4.1.4 NAME 'errSleepTime'
DESC 'T
 ime to wait before returning the error' EQUALITY integerMatch SYNTAX
1.3.6.1.
 4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.4.1.5 NAME 'errMatchedDN'
DESC 'V
 alue to be returned as matched DN' EQUALITY distinguishedNameMatch
SYNTAX 1.3
 .6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.4.1.6 NAME
'errUnsolicitedOID' DE
 SC 'OID to be returned within unsolicited response' EQUALITY
objectIdentifier
 Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.4.1.7 NAME
'errUnsolicitedData' D
 ESC 'Data to be returned within unsolicited response' SYNTAX
1.3.6.1.4.1.1466
 .115.121.1.40 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.4.1.8 NAME 'errDisconnect'
DESC '
 Disconnect without notice' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:20.1 NAME 'olcRetcodeParent' DESC ''
SYNTAX OMs
 DN SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:20.2 NAME 'olcRetcodeItem' DESC ''
EQUALITY cas
 eIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
olcAttributeTypes: ( OLcfgOvAt:20.3 NAME 'olcRetcodeInDir' DESC ''
SYNTAX OMsB
 oolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:20.4 NAME 'olcRetcodeSleep' DESC ''
SYNTAX OMsI
 nteger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:16.1 NAME 'olcRwmRewrite' DESC 'Rewrites
string
 s' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString X-ORDERED 'VALUES' )
olcAttributeTypes: ( OLcfgOvAt:16.2 NAME 'olcRwmTFSupport' DESC
'Absolute filt
 ers support' SYNTAX OMsDirectoryString SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:16.3 NAME 'olcRwmMap' DESC 'maps
attributes/obj
 ectClasses' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString
X-ORDERED 'VAL
 UES' )
olcAttributeTypes: ( OLcfgOvAt:16.4 NAME 'olcRwmNormalizeMapped' DESC
'Normali
 ze mapped attributes/objectClasses' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:16.5 NAME 'olcRwmDropUnrequested' DESC
'Drop un
 requested attributes' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:21.1 NAME 'olcSssVlvMax' DESC 'Maximum
number o
 f concurrent Sort requests' SYNTAX OMsInteger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:21.2 NAME 'olcSssVlvMaxKeys' DESC
'Maximum numb
 er of Keys in a Sort request' SYNTAX OMsInteger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:1.1 NAME 'olcSpCheckpoint' DESC
'ContextCSN che
 ckpoint interval in ops and minutes' SYNTAX OMsDirectoryString
SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:1.2 NAME 'olcSpSessionlog' DESC 'Session
log si
 ze in ops' SYNTAX OMsInteger SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:1.3 NAME 'olcSpNoPresent' DESC 'Omit
Present ph
 ase processing' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:1.4 NAME 'olcSpReloadHint' DESC 'Observe
Reload
  Hint in Request control' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:14.1 NAME 'olcTranslucentStrict' DESC
'Reveal a
 ttribute deletion constraint violations' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:14.2 NAME 'olcTranslucentNoGlue' DESC
'Disable
 automatic glue records for ADD and MODRDN' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:14.3 NAME 'olcTranslucentLocal' DESC
'Attribute
 s to use in local search filter' SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgOvAt:14.4 NAME 'olcTranslucentRemote' DESC
'Attribut
 es to use in remote search filter' SYNTAX OMsDirectoryString )
olcAttributeTypes: ( OLcfgOvAt:14.5 NAME 'olcTranslucentBindLocal' DESC
'Enabl
 e local bind' SYNTAX OMsBoolean SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:14.6 NAME 'olcTranslucentPwModLocal' DESC
'Enab
 le local RFC 3062 Password Modify extended operation' SYNTAX OMsBoolean
SINGL
 E-VALUE )
olcAttributeTypes: ( OLcfgOvAt:10.1 NAME 'olcUniqueBase' DESC 'Subtree
for uni
 queness searches' EQUALITY distinguishedNameMatch SYNTAX OMsDN
SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:10.2 NAME 'olcUniqueIgnore' DESC
'Attributes fo
 r which uniqueness shall not be enforced' EQUALITY caseIgnoreMatch
ORDERING c
 aseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
OMsDirectorySt
 ring )
olcAttributeTypes: ( OLcfgOvAt:10.3 NAME 'olcUniqueAttribute' DESC
'Attributes
  for which uniqueness shall be enforced' EQUALITY caseIgnoreMatch
ORDERING ca
 seIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
OMsDirectoryStr
 ing )
olcAttributeTypes: ( OLcfgOvAt:10.4 NAME 'olcUniqueStrict' DESC 'Enforce
uniqu
 eness of null values' EQUALITY booleanMatch SYNTAX OMsBoolean
SINGLE-VALUE )
olcAttributeTypes: ( OLcfgOvAt:10.5 NAME 'olcUniqueURI' DESC 'List of
keywords
  and LDAP URIs for a uniqueness domain' EQUALITY caseExactMatch
ORDERING case
 ExactOrderingMatch SUBSTR caseExactSubstringsMatch SYNTAX
OMsDirectoryString
 )
olcAttributeTypes: ( OLcfgOvAt:5.1 NAME 'olcValSortAttr' DESC 'Sorting
rule fo
 r attribute under given DN' EQUALITY caseIgnoreMatch SYNTAX
OMsDirectoryStrin
 g )
olcAttributeTypes: ( olmBDBAttributes:1 NAME 'olmBDBEntryCache' DESC
'Number o
 f items in Entry Cache' SUP monitorCounter NO-USER-MODIFICATION USAGE
dSAOper
 ation )
olcAttributeTypes: ( olmBDBAttributes:2 NAME 'olmBDBDNCache' DESC
'Number of i
 tems in DN Cache' SUP monitorCounter NO-USER-MODIFICATION USAGE
dSAOperation
 )
olcAttributeTypes: ( olmBDBAttributes:3 NAME 'olmBDBIDLCache' DESC
'Number of
 items in IDL Cache' SUP monitorCounter NO-USER-MODIFICATION USAGE
dSAOperatio
 n )
olcAttributeTypes: ( olmBDBAttributes:4 NAME 'olmDbDirectory' DESC 'Path
name
 of the directory where the database environment resides' SUP
monitoredInfo NO
 -USER-MODIFICATION USAGE dSAOperation )
olcObjectClasses: ( 2.5.6.0 NAME 'top' DESC 'top of the superclass
chain' ABST
 RACT MUST objectClass )
olcObjectClasses: ( 1.3.6.1.4.1.1466.101.120.111 NAME 'extensibleObject'
DESC
 'RFC4512: extensible object' SUP top AUXILIARY )
olcObjectClasses: ( 2.5.6.1 NAME 'alias' DESC 'RFC4512: an alias' SUP
top STRU
 CTURAL MUST aliasedObjectName )
olcObjectClasses: ( 2.16.840.1.113730.3.2.6 NAME 'referral' DESC
'namedref: na
 med subordinate referral' SUP top STRUCTURAL MUST ref )
olcObjectClasses: ( 1.3.6.1.4.1.4203.1.4.1 NAME ( 'OpenLDAProotDSE'
'LDAProotD
 SE' ) DESC 'OpenLDAP Root DSE object' SUP top STRUCTURAL MAY cn )
olcObjectClasses: ( 2.5.17.0 NAME 'subentry' DESC 'RFC3672: subentry'
SUP top
 STRUCTURAL MUST ( cn $ subtreeSpecification ) )
olcObjectClasses: ( 2.5.20.1 NAME 'subschema' DESC 'RFC4512: controlling
subsc
 hema (sub)entry' AUXILIARY MAY ( dITStructureRules $ nameForms $
dITContentRu
 les $ objectClasses $ attributeTypes $ matchingRules $ matchingRuleUse ) )
olcObjectClasses: ( 1.3.6.1.4.1.1466.101.119.2 NAME 'dynamicObject' DESC
'RFC2
 589: Dynamic Object' SUP top AUXILIARY )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.4 NAME 'glue' DESC 'Glue
Entry' SUP
  top STRUCTURAL )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.5 NAME 'syncConsumerSubentry'
DESC
 'Persistent Info for SyncRepl Consumer' AUXILIARY MAY syncreplCookie )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.6 NAME 'syncProviderSubentry'
DESC
 'Persistent Info for SyncRepl Producer' AUXILIARY MAY contextCSN )
olcObjectClasses: ( OLcfgGlOc:0 NAME 'olcConfig' DESC 'OpenLDAP
configuration
 object' SUP top ABSTRACT )
olcObjectClasses: ( OLcfgGlOc:1 NAME 'olcGlobal' DESC 'OpenLDAP Global
configu
 ration options' SUP olcConfig STRUCTURAL MAY ( cn $ olcConfigFile $
olcConfig
 Dir $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAuthIDRewrite
$ olcA
 uthzPolicy $ olcAuthzRegexp $ olcConcurrency $ olcConnMaxPending $
olcConnMax
 PendingAuth $ olcDisallows $ olcGentleHUP $ olcIdleTimeout $
olcIndexSubstrIf
 MaxLen $ olcIndexSubstrIfMinLen $ olcIndexSubstrAnyLen $
olcIndexSubstrAnySte
 p $ olcIndexIntLen $ olcLocalSSF $ olcLogFile $ olcLogLevel $
olcPasswordCryp
 tSaltFormat $ olcPasswordHash $ olcPidFile $ olcPluginLogFile $
olcReadOnly $
  olcReferral $ olcReplogFile $ olcRequires $ olcRestrict $
olcReverseLookup $
  olcRootDSE $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $
olcSaslSecProps
 $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSockbufMaxIncoming $
olcSockb
 ufMaxIncomingAuth $ olcTCPBuffer $ olcThreads $ olcTimeLimit $
olcTLSCACertif
 icateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $
olcTLSCertifica
 teKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSRandFile $
olcTLSVerif
 yClient $ olcTLSDHParamFile $ olcTLSCRLFile $ olcToolThreads $
olcWriteTimeou
 t $ olcObjectIdentifier $ olcAttributeTypes $ olcObjectClasses $
olcDitConten
 tRules $ olcLdapSyntaxes ) )
olcObjectClasses: ( OLcfgGlOc:2 NAME 'olcSchemaConfig' DESC 'OpenLDAP
schema o
 bject' SUP olcConfig STRUCTURAL MAY ( cn $ olcObjectIdentifier $
olcAttribute
 Types $ olcObjectClasses $ olcDitContentRules $ olcLdapSyntaxes ) )
olcObjectClasses: ( OLcfgGlOc:3 NAME 'olcBackendConfig' DESC 'OpenLDAP
Backend
 -specific options' SUP olcConfig STRUCTURAL MUST olcBackend )
olcObjectClasses: ( OLcfgGlOc:4 NAME 'olcDatabaseConfig' DESC 'OpenLDAP
Databa
 se-specific options' SUP olcConfig STRUCTURAL MUST olcDatabase MAY (
olcHidde
 n $ olcSuffix $ olcSubordinate $ olcAccess $ olcAddContentAcl $
olcLastMod $
 olcLimits $ olcMaxDerefDepth $ olcPlugin $ olcReadOnly $ olcReplica $
olcRepl
 icaArgsFile $ olcReplicaPidFile $ olcReplicationInterval $
olcReplogFile $ ol
 cRequires $ olcRestrict $ olcRootDN $ olcRootPW $ olcSchemaDN $
olcSecurity $
  olcSizeLimit $ olcSyncUseSubentry $ olcSyncrepl $ olcTimeLimit $
olcUpdateDN
  $ olcUpdateRef $ olcMirrorMode $ olcMonitoring ) )
olcObjectClasses: ( OLcfgGlOc:5 NAME 'olcOverlayConfig' DESC 'OpenLDAP
Overlay
 -specific options' SUP olcConfig STRUCTURAL MUST olcOverlay )
olcObjectClasses: ( OLcfgGlOc:6 NAME 'olcIncludeFile' DESC 'OpenLDAP
configura
 tion include file' SUP olcConfig STRUCTURAL MUST olcInclude MAY ( cn $
olcRoo
 tDSE ) )
olcObjectClasses: ( OLcfgGlOc:7 NAME 'olcFrontendConfig' DESC 'OpenLDAP
fronte
 nd configuration' AUXILIARY MAY ( olcDefaultSearchBase $
olcPasswordHash $ ol
 cSortVals ) )
olcObjectClasses: ( OLcfgGlOc:8 NAME 'olcModuleList' DESC 'OpenLDAP
dynamic mo
 dule info' SUP olcConfig STRUCTURAL MAY ( cn $ olcModulePath $
olcModuleLoad
 ) )
olcObjectClasses: ( OLcfgDbOc:2.1 NAME 'olcLdifConfig' DESC 'LDIF
backend conf
 iguration' SUP olcDatabaseConfig STRUCTURAL MUST olcDbDirectory )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.16.1 NAME 'monitor' DESC
'OpenLDAP
 system monitoring' SUP top STRUCTURAL MUST cn MAY ( description $
seeAlso $ l
 abeledURI $ monitoredInfo $ managedInfo $ monitorOverlay ) )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.16.2 NAME 'monitorServer'
DESC 'Ser
 ver monitoring root entry' SUP monitor STRUCTURAL )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.16.3 NAME 'monitorContainer'
DESC '
 monitor container class' SUP monitor STRUCTURAL )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.16.4 NAME
'monitorCounterObject' DE
 SC 'monitor counter class' SUP monitor STRUCTURAL )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.16.5 NAME 'monitorOperation'
DESC '
 monitor operation class' SUP monitor STRUCTURAL )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.16.6 NAME 'monitorConnection'
DESC
 'monitor connection class' SUP monitor STRUCTURAL )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.16.7 NAME 'managedObject'
DESC 'mon
 itor managed entity class' SUP monitor STRUCTURAL )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.16.8 NAME 'monitoredObject'
DESC 'm
 onitor monitored entity class' SUP monitor STRUCTURAL )
olcObjectClasses: ( OLcfgDbOc:4.1 NAME 'olcMonitorConfig' DESC 'Monitor
backen
 d configuration' SUP olcDatabaseConfig STRUCTURAL )
olcObjectClasses: ( OLcfgDbOc:1.1 NAME 'olcBdbConfig' DESC 'BDB backend
config
 uration' SUP olcDatabaseConfig STRUCTURAL MUST olcDbDirectory MAY (
olcDbCach
 eSize $ olcDbCheckpoint $ olcDbConfig $ olcDbCryptFile $ olcDbCryptKey
$ olcD
 bNoSync $ olcDbDirtyRead $ olcDbIDLcacheSize $ olcDbIndex $
olcDbLinearIndex
 $ olcDbLockDetect $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $
olcDbCacheFr
 ee $ olcDbDNcacheSize $ olcDbPageSize ) )
olcObjectClasses: ( OLcfgDbOc:1.2 NAME 'olcHdbConfig' DESC 'HDB backend
config
 uration' SUP olcDatabaseConfig STRUCTURAL MUST olcDbDirectory MAY (
olcDbCach
 eSize $ olcDbCheckpoint $ olcDbConfig $ olcDbCryptFile $ olcDbCryptKey
$ olcD
 bNoSync $ olcDbDirtyRead $ olcDbIDLcacheSize $ olcDbIndex $
olcDbLinearIndex
 $ olcDbLockDetect $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $
olcDbCacheFr
 ee $ olcDbDNcacheSize $ olcDbPageSize ) )
olcObjectClasses: ( OLcfgDbOc:5.1 NAME 'olcRelayConfig' DESC 'Relay
backend co
 nfiguration' SUP olcDatabaseConfig STRUCTURAL MAY olcRelay )
olcObjectClasses: ( OLcfgOvOc:4.1 NAME 'olcAccessLogConfig' DESC 'Access
log c
 onfiguration' SUP olcOverlayConfig STRUCTURAL MUST olcAccessLogDB MAY (
olcAc
 cessLogOps $ olcAccessLogPurge $ olcAccessLogSuccess $ olcAccessLogOld
$ olcA
 ccessLogOldAttr ) )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.0 NAME 'auditContainer'
DESC '
 AuditLog container' SUP top STRUCTURAL MAY ( cn $ reqStart $ reqEnd ) )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.1 NAME 'auditObject'
DESC 'Ope
 nLDAP request auditing' SUP top STRUCTURAL MUST ( reqStart $ reqType $
reqSes
 sion ) MAY ( reqDN $ reqAuthzID $ reqControls $ reqRespControls $
reqEnd $ re
 qResult $ reqMessage $ reqReferral ) )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.2 NAME 'auditReadObject'
DESC
 'OpenLDAP read request record' SUP auditObject STRUCTURAL )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.3 NAME
'auditWriteObject' DESC
  'OpenLDAP write request record' SUP auditObject STRUCTURAL )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.4 NAME 'auditAbandon'
DESC 'Ab
 andon operation' SUP auditObject STRUCTURAL MUST reqId )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.5 NAME 'auditAdd' DESC
'Add op
 eration' SUP auditWriteObject STRUCTURAL MUST reqMod )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.6 NAME 'auditBind' DESC
'Bind
 operation' SUP auditObject STRUCTURAL MUST ( reqVersion $ reqMethod ) )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.7 NAME 'auditCompare'
DESC 'Co
 mpare operation' SUP auditReadObject STRUCTURAL MUST reqAssertion )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.8 NAME 'auditDelete'
DESC 'Del
 ete operation' SUP auditWriteObject STRUCTURAL MAY reqOld )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.9 NAME 'auditModify'
DESC 'Mod
 ify operation' SUP auditWriteObject STRUCTURAL MUST reqMod MAY reqOld )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.10 NAME 'auditModRDN'
DESC 'Mo
 dRDN operation' SUP auditWriteObject STRUCTURAL MUST ( reqNewRDN $
reqDeleteO
 ldRDN ) MAY ( reqNewSuperior $ reqMod $ reqOld ) )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.11 NAME 'auditSearch'
DESC 'Se
 arch operation' SUP auditReadObject STRUCTURAL MUST ( reqScope $
reqDerefAlia
 ses $ reqAttrsonly ) MAY ( reqFilter $ reqAttr $ reqEntries $
reqSizeLimit $
 reqTimeLimit ) )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.12 NAME 'auditExtended'
DESC '
 Extended operation' SUP auditObject STRUCTURAL MAY reqData )
olcObjectClasses: ( OLcfgOvOc:15.1 NAME 'olcAuditlogConfig' DESC
'Auditlog con
 figuration' SUP olcOverlayConfig STRUCTURAL MAY olcAuditlogFile )
olcObjectClasses: ( OLcfgOvOc:19.1 NAME 'olcCollectConfig' DESC
'Collective At
 tribute configuration' SUP olcOverlayConfig STRUCTURAL MAY olcCollectInfo )
olcObjectClasses: ( OLcfgOvOc:13.1 NAME 'olcConstraintConfig' DESC
'Constraint
  overlay configuration' SUP olcOverlayConfig STRUCTURAL MAY
olcConstraintAttr
 ibute )
olcObjectClasses: ( OLcfgOvOc:9.1 NAME 'olcDDSConfig' DESC 'RFC2589
Dynamic di
 rectory services configuration' SUP olcOverlayConfig STRUCTURAL MAY (
olcDDSs
 tate $ olcDDSmaxTtl $ olcDDSminTtl $ olcDDSdefaultTtl $ olcDDSinterval
$ olcD
 DStolerance $ olcDDSmaxDynamicObjects ) )
olcObjectClasses: ( OLcfgOvOc:17.1 NAME 'olcDGConfig' DESC 'Dynamic
Group conf
 iguration' SUP olcOverlayConfig STRUCTURAL MAY olcDGAttrPair )
olcObjectClasses: ( OLcfgOvOc:8.1 NAME 'olcDynamicList' DESC 'Dynamic
list con
 figuration' SUP olcOverlayConfig STRUCTURAL MAY olcDLattrSet )
olcObjectClasses: ( OLcfgOvOc:18.1 NAME 'olcMemberOf' DESC 'Member-of
configur
 ation' SUP olcOverlayConfig STRUCTURAL MAY ( olcMemberOfDN $
olcMemberOfDangl
 ing $ olcMemberOfDanglingError $ olcMemberOfRefInt $ olcMemberOfGroupOC
$ olc
 MemberOfMemberAD $ olcMemberOfMemberOfAD ) )
olcObjectClasses: ( OLcfgOvOc:12.1 NAME 'olcPPolicyConfig' DESC
'Password Poli
 cy configuration' SUP olcOverlayConfig STRUCTURAL MAY (
olcPPolicyDefault $ o
 lcPPolicyHashCleartext $ olcPPolicyUseLockout $
olcPPolicyForwardUpdates ) )
olcObjectClasses: ( OLcfgOvOc:2.1 NAME 'olcPcacheConfig' DESC
'ProxyCache conf
 iguration' SUP olcOverlayConfig STRUCTURAL MUST ( olcPcache $
olcPcacheAttrse
 t $ olcPcacheTemplate ) MAY ( olcPcachePosition $ olcPcacheMaxQueries $
olcPc
 achePersist $ olcPcacheValidate $ olcPcacheOffline $ olcPcacheBind ) )
olcObjectClasses: ( OLcfgOvOc:2.2 NAME 'olcPcacheDatabase' DESC 'Cache
databas
 e configuration' AUXILIARY )
olcObjectClasses: ( OLcfgOvOc:11.1 NAME 'olcRefintConfig' DESC
'Referential in
 tegrity configuration' SUP olcOverlayConfig STRUCTURAL MAY (
olcRefintAttribu
 te $ olcRefintNothing $ olcRefintModifiersName ) )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.4.3.0 NAME 'errAbsObject'
SUP top
 ABSTRACT MUST errCode MAY ( cn $ description $ errOp $ errText $
errSleepTime
  $ errMatchedDN $ errUnsolicitedOID $ errUnsolicitedData $
errDisconnect ) )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.4.3.1 NAME 'errObject' SUP
errAbsO
 bject STRUCTURAL )
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.4.3.2 NAME 'errAuxObject'
SUP errA
 bsObject AUXILIARY )
olcObjectClasses: ( OLcfgOvOc:20.1 NAME 'olcRetcodeConfig' DESC 'Retcode
confi
 guration' SUP olcOverlayConfig STRUCTURAL MAY ( olcRetcodeParent $
olcRetcode
 Item $ olcRetcodeInDir $ olcRetcodeSleep ) )
olcObjectClasses: ( OLcfgOvOc:16.1 NAME 'olcRwmConfig' DESC
'Rewrite/remap con
 figuration' SUP olcOverlayConfig STRUCTURAL MAY ( olcRwmRewrite $
olcRwmTFSup
 port $ olcRwmMap $ olcRwmNormalizeMapped ) )
olcObjectClasses: ( OLcfgOvOc:21.1 NAME 'olcSssVlvConfig' DESC 'SSS VLV
config
 uration' SUP olcOverlayConfig STRUCTURAL MAY ( olcSssVlvMax $
olcSssVlvMaxKey
 s ) )
olcObjectClasses: ( OLcfgOvOc:1.1 NAME 'olcSyncProvConfig' DESC
'SyncRepl Prov
 ider configuration' SUP olcOverlayConfig STRUCTURAL MAY (
olcSpCheckpoint $ o
 lcSpSessionlog $ olcSpNoPresent $ olcSpReloadHint ) )
olcObjectClasses: ( OLcfgOvOc:14.1 NAME 'olcTranslucentConfig' DESC
'Transluce
 nt configuration' SUP olcOverlayConfig STRUCTURAL MAY (
olcTranslucentStrict
 $ olcTranslucentNoGlue $ olcTranslucentLocal $ olcTranslucentRemote $
olcTran
 slucentBindLocal $ olcTranslucentPwModLocal ) )
olcObjectClasses: ( OLcfgOvOc:14.2 NAME 'olcTranslucentDatabase' DESC
'Translu
 cent target database configuration' AUXILIARY )
olcObjectClasses: ( OLcfgOvOc:10.1 NAME 'olcUniqueConfig' DESC
'Attribute valu
 e uniqueness configuration' SUP olcOverlayConfig STRUCTURAL MAY (
olcUniqueBa
 se $ olcUniqueIgnore $ olcUniqueAttribute $ olcUniqueStrict $
olcUniqueURI )
 )
olcObjectClasses: ( OLcfgOvOc:5.1 NAME 'olcValSortConfig' DESC 'Value
Sorting
 configuration' SUP olcOverlayConfig STRUCTURAL MUST olcValSortAttr )
olcObjectClasses: ( olmBDBObjectClasses:1 NAME 'olmBDBDatabase' SUP top
AUXILI
 ARY MAY ( olmBDBEntryCache $ olmBDBDNCache $ olmBDBIDLCache $
olmDbDirectory
 ) )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.1 DESC 'ACI Item'
X-BINARY-TRANS
 FER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.2 DESC 'Access Point'
X-NOT-HUMA
 N-READABLE 'TRUE' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.3 DESC 'Attribute Type
Descripti
 on' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.4 DESC 'Audio'
X-NOT-HUMAN-READA
 BLE 'TRUE' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.5 DESC 'Binary'
X-NOT-HUMAN-READ
 ABLE 'TRUE' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.6 DESC 'Bit String' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.7 DESC 'Boolean' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'Certificate'
X-BINARY-TR
 ANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.9 DESC 'Certificate List'
X-BINA
 RY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.10 DESC 'Certificate Pair'
X-BIN
 ARY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.666.11.10.2.1 DESC 'X.509
AttributeCertifi
 cate' X-BINARY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.12 DESC 'Distinguished Name' )
olcLdapSyntaxes: ( 1.2.36.79672281.1.5.0 DESC 'RDN' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.13 DESC 'Data Quality' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.14 DESC 'Delivery Method' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.15 DESC 'Directory String' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.16 DESC 'DIT Content Rule
Descri
 ption' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.17 DESC 'DIT Structure
Rule Desc
 ription' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.19 DESC 'DSA Quality' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.20 DESC 'DSE Type' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.21 DESC 'Enhanced Guide' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.22 DESC 'Facsimile
Telephone Num
 ber' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.23 DESC 'Fax'
X-NOT-HUMAN-READAB
 LE 'TRUE' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.24 DESC 'Generalized Time' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.25 DESC 'Guide' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.26 DESC 'IA5 String' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.27 DESC 'Integer' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.28 DESC 'JPEG'
X-NOT-HUMAN-READA
 BLE 'TRUE' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.29 DESC 'Master And Shadow
Acces
 s Points' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.30 DESC 'Matching Rule
Descripti
 on' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.31 DESC 'Matching Rule Use
Descr
 iption' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.32 DESC 'Mail Preference' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.33 DESC 'MHS OR Address' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.34 DESC 'Name And Optional
UID'
 )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.35 DESC 'Name Form
Description'
 )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.36 DESC 'Numeric String' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.37 DESC 'Object Class
Descriptio
 n' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.38 DESC 'OID' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.39 DESC 'Other Mailbox' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.40 DESC 'Octet String' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.41 DESC 'Postal Address' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.42 DESC 'Protocol
Information' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.43 DESC 'Presentation
Address' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.44 DESC 'Printable String' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.11 DESC 'Country String' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.45 DESC
'SubtreeSpecification' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.49 DESC 'Supported
Algorithm' X-
 BINARY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.50 DESC 'Telephone Number' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.51 DESC 'Teletex Terminal
Identi
 fier' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.52 DESC 'Telex Number' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.54 DESC 'LDAP Syntax
Description
 ' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.55 DESC 'Modify Rights' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.56 DESC 'LDAP Schema
Definition'
  )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.57 DESC 'LDAP Schema
Description
 ' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.1466.115.121.1.58 DESC 'Substring
Assertion' )
olcLdapSyntaxes: ( 1.3.6.1.1.1.0.0 DESC 'RFC2307 NIS Netgroup Triple' )
olcLdapSyntaxes: ( 1.3.6.1.1.1.0.1 DESC 'RFC2307 Boot Parameter' )
olcLdapSyntaxes: ( 1.3.6.1.1.15.1 DESC 'Certificate Exact Assertion' )
olcLdapSyntaxes: ( 1.3.6.1.1.15.2 DESC 'Certificate Assertion' )
olcLdapSyntaxes: ( 1.3.6.1.1.15.3 DESC 'Certificate Pair Exact Assertion' )
olcLdapSyntaxes: ( 1.3.6.1.1.15.4 DESC 'Certificate Pair Assertion' )
olcLdapSyntaxes: ( 1.3.6.1.1.15.5 DESC 'Certificate List Exact Assertion' )
olcLdapSyntaxes: ( 1.3.6.1.1.15.6 DESC 'Certificate List Assertion' )
olcLdapSyntaxes: ( 1.3.6.1.1.15.7 DESC 'Algorithm Identifier' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.666.11.10.2.2 DESC
'AttributeCertificate E
 xact Assertion' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.666.11.10.2.3 DESC
'AttributeCertificate A
 ssertion' )
olcLdapSyntaxes: ( 1.3.6.1.1.16.1 DESC 'UUID' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.666.11.2.1 DESC 'CSN' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.666.11.2.4 DESC 'CSN SID' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.1.1.1 DESC 'OpenLDAP void' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.666.2.7 DESC 'OpenLDAP authz' )
olcLdapSyntaxes: ( 1.3.6.1.4.1.4203.666.11.5.3.1 DESC 'Control' )
structuralObjectClass: olcSchemaConfig
entryUUID: 65307d96-9721-102f-955d-4b8bb57ada73
creatorsName: cn=config
createTimestamp: 20101208141546Z
entryCSN: 20101208141546.777296Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20101208141546Z

dn: cn={0}core,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {0}core
olcAttributeTypes: {0}( 2.5.4.2 NAME 'knowledgeInformation' DESC
'RFC2256: kno
 wledge information' EQUALITY caseIgnoreMatch SYNTAX
1.3.6.1.4.1.1466.115.121.
 1.15{32768} )
olcAttributeTypes: {1}( 2.5.4.4 NAME ( 'sn' 'surname' ) DESC 'RFC2256:
last (f
 amily) name(s) for which the entity is known by' SUP name )
olcAttributeTypes: {2}( 2.5.4.5 NAME 'serialNumber' DESC 'RFC2256:
serial numb
 er of the entity' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch S
 YNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
olcAttributeTypes: {3}( 2.5.4.6 NAME ( 'c' 'countryName' ) DESC
'RFC4519: two-
 letter ISO-3166 country code' SUP name SYNTAX
1.3.6.1.4.1.1466.115.121.1.11 S
 INGLE-VALUE )
olcAttributeTypes: {4}( 2.5.4.7 NAME ( 'l' 'localityName' ) DESC
'RFC2256: loc
 ality which this object resides in' SUP name )
olcAttributeTypes: {5}( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) DESC
'RFC2
 256: state or province which this object resides in' SUP name )
olcAttributeTypes: {6}( 2.5.4.9 NAME ( 'street' 'streetAddress' ) DESC
'RFC225
 6: street address of this object' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreS
 ubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
olcAttributeTypes: {7}( 2.5.4.10 NAME ( 'o' 'organizationName' ) DESC
'RFC2256
 : organization this object belongs to' SUP name )
olcAttributeTypes: {8}( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
DESC '
 RFC2256: organizational unit this object belongs to' SUP name )
olcAttributeTypes: {9}( 2.5.4.12 NAME 'title' DESC 'RFC2256: title
associated
 with the entity' SUP name )
olcAttributeTypes: {10}( 2.5.4.14 NAME 'searchGuide' DESC 'RFC2256:
search gui
 de, deprecated by enhancedSearchGuide' SYNTAX
1.3.6.1.4.1.1466.115.121.1.25 )
olcAttributeTypes: {11}( 2.5.4.15 NAME 'businessCategory' DESC 'RFC2256:
busin
 ess category' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
SYNTA
 X 1.3.6.1.4.1.1466.115.121.1.15{128} )
olcAttributeTypes: {12}( 2.5.4.16 NAME 'postalAddress' DESC 'RFC2256:
postal a
 ddress' EQUALITY caseIgnoreListMatch SUBSTR
caseIgnoreListSubstringsMatch SYN
 TAX 1.3.6.1.4.1.1466.115.121.1.41 )
olcAttributeTypes: {13}( 2.5.4.17 NAME 'postalCode' DESC 'RFC2256:
postal code
 ' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.
 1.1466.115.121.1.15{40} )
olcAttributeTypes: {14}( 2.5.4.18 NAME 'postOfficeBox' DESC 'RFC2256:
Post Off
 ice Box' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3
 .6.1.4.1.1466.115.121.1.15{40} )
olcAttributeTypes: {15}( 2.5.4.19 NAME 'physicalDeliveryOfficeName' DESC
'RFC2
 256: Physical Delivery Office Name' EQUALITY caseIgnoreMatch SUBSTR
caseIgnor
 eSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
olcAttributeTypes: {16}( 2.5.4.20 NAME 'telephoneNumber' DESC 'RFC2256:
Teleph
 one Number' EQUALITY telephoneNumberMatch SUBSTR
telephoneNumberSubstringsMat
 ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
olcAttributeTypes: {17}( 2.5.4.21 NAME 'telexNumber' DESC 'RFC2256:
Telex Numb
 er' SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
olcAttributeTypes: {18}( 2.5.4.22 NAME 'teletexTerminalIdentifier' DESC
'RFC22
 56: Teletex Terminal Identifier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
olcAttributeTypes: {19}( 2.5.4.23 NAME ( 'facsimileTelephoneNumber'
'fax' ) DE
 SC 'RFC2256: Facsimile (Fax) Telephone Number' SYNTAX
1.3.6.1.4.1.1466.115.12
 1.1.22 )
olcAttributeTypes: {20}( 2.5.4.24 NAME 'x121Address' DESC 'RFC2256:
X.121 Addr
 ess' EQUALITY numericStringMatch SUBSTR numericStringSubstringsMatch
SYNTAX 1
 .3.6.1.4.1.1466.115.121.1.36{15} )
olcAttributeTypes: {21}( 2.5.4.25 NAME 'internationaliSDNNumber' DESC
'RFC2256
 : international ISDN number' EQUALITY numericStringMatch SUBSTR
numericString
 SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
olcAttributeTypes: {22}( 2.5.4.26 NAME 'registeredAddress' DESC
'RFC2256: regi
 stered postal address' SUP postalAddress SYNTAX
1.3.6.1.4.1.1466.115.121.1.41
  )
olcAttributeTypes: {23}( 2.5.4.27 NAME 'destinationIndicator' DESC
'RFC2256: d
 estination indicator' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMat
 ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
olcAttributeTypes: {24}( 2.5.4.28 NAME 'preferredDeliveryMethod' DESC
'RFC2256
 : preferred delivery method' SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
SINGLE-VALU
 E )
olcAttributeTypes: {25}( 2.5.4.29 NAME 'presentationAddress' DESC
'RFC2256: pr
 esentation address' EQUALITY presentationAddressMatch SYNTAX
1.3.6.1.4.1.1466
 .115.121.1.43 SINGLE-VALUE )
olcAttributeTypes: {26}( 2.5.4.30 NAME 'supportedApplicationContext'
DESC 'RFC
 2256: supported application context' EQUALITY objectIdentifierMatch
SYNTAX 1.
 3.6.1.4.1.1466.115.121.1.38 )
olcAttributeTypes: {27}( 2.5.4.31 NAME 'member' DESC 'RFC2256: member of
a gro
 up' SUP distinguishedName )
olcAttributeTypes: {28}( 2.5.4.32 NAME 'owner' DESC 'RFC2256: owner (of
the ob
 ject)' SUP distinguishedName )
olcAttributeTypes: {29}( 2.5.4.33 NAME 'roleOccupant' DESC 'RFC2256:
occupant
 of role' SUP distinguishedName )
olcAttributeTypes: {30}( 2.5.4.36 NAME 'userCertificate' DESC 'RFC2256:
X.509
 user certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX
1.3.6.1.
 4.1.1466.115.121.1.8 )
olcAttributeTypes: {31}( 2.5.4.37 NAME 'cACertificate' DESC 'RFC2256:
X.509 CA
  certificate, use ;binary' EQUALITY certificateExactMatch SYNTAX
1.3.6.1.4.1.
 1466.115.121.1.8 )
olcAttributeTypes: {32}( 2.5.4.38 NAME 'authorityRevocationList' DESC
'RFC2256
 : X.509 authority revocation list, use ;binary' SYNTAX
1.3.6.1.4.1.1466.115.1
 21.1.9 )
olcAttributeTypes: {33}( 2.5.4.39 NAME 'certificateRevocationList' DESC
'RFC22
 56: X.509 certificate revocation list, use ;binary' SYNTAX
1.3.6.1.4.1.1466.1
 15.121.1.9 )
olcAttributeTypes: {34}( 2.5.4.40 NAME 'crossCertificatePair' DESC
'RFC2256: X
 .509 cross certificate pair, use ;binary' SYNTAX
1.3.6.1.4.1.1466.115.121.1.1
 0 )
olcAttributeTypes: {35}( 2.5.4.42 NAME ( 'givenName' 'gn' ) DESC
'RFC2256: fir
 st name(s) for which the entity is known by' SUP name )
olcAttributeTypes: {36}( 2.5.4.43 NAME 'initials' DESC 'RFC2256:
initials of s
 ome or all of names, but not the surname(s).' SUP name )
olcAttributeTypes: {37}( 2.5.4.44 NAME 'generationQualifier' DESC
'RFC2256: na
 me qualifier indicating a generation' SUP name )
olcAttributeTypes: {38}( 2.5.4.45 NAME 'x500UniqueIdentifier' DESC
'RFC2256: X
 .500 unique identifier' EQUALITY bitStringMatch SYNTAX
1.3.6.1.4.1.1466.115.1
 21.1.6 )
olcAttributeTypes: {39}( 2.5.4.46 NAME 'dnQualifier' DESC 'RFC2256: DN
qualifi
 er' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR
caseIgno
 reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
olcAttributeTypes: {40}( 2.5.4.47 NAME 'enhancedSearchGuide' DESC
'RFC2256: en
 hanced search guide' SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
olcAttributeTypes: {41}( 2.5.4.48 NAME 'protocolInformation' DESC
'RFC2256: pr
 otocol information' EQUALITY protocolInformationMatch SYNTAX
1.3.6.1.4.1.1466
 .115.121.1.42 )
olcAttributeTypes: {42}( 2.5.4.50 NAME 'uniqueMember' DESC 'RFC2256:
unique me
 mber of a group' EQUALITY uniqueMemberMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1
 .34 )
olcAttributeTypes: {43}( 2.5.4.51 NAME 'houseIdentifier' DESC 'RFC2256:
house
 identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX
 1.3.6.1.4.1.1466.115.121.1.15{32768} )
olcAttributeTypes: {44}( 2.5.4.52 NAME 'supportedAlgorithms' DESC
'RFC2256: su
 pported algorithms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
olcAttributeTypes: {45}( 2.5.4.53 NAME 'deltaRevocationList' DESC
'RFC2256: de
 lta revocation list; use ;binary' SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
olcAttributeTypes: {46}( 2.5.4.54 NAME 'dmdName' DESC 'RFC2256: name of
DMD' S
 UP name )
olcAttributeTypes: {47}( 2.5.4.65 NAME 'pseudonym' DESC 'X.520(4th):
pseudonym
  for the object' SUP name )
olcAttributeTypes: {48}( 0.9.2342.19200300.100.1.3 NAME ( 'mail'
'rfc822Mailbo
 x' ) DESC 'RFC1274: RFC822 Mailbox' EQUALITY caseIgnoreIA5Match SUBSTR
caseIg
 noreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
olcAttributeTypes: {49}( 0.9.2342.19200300.100.1.25 NAME ( 'dc'
'domainCompone
 nt' ) DESC 'RFC1274/2247: domain component' EQUALITY caseIgnoreIA5Match
SUBST
 R caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VA
 LUE )
olcAttributeTypes: {50}( 0.9.2342.19200300.100.1.37 NAME
'associatedDomain' DE
 SC 'RFC1274: domain associated with object' EQUALITY caseIgnoreIA5Match
SUBST
 R caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {51}( 1.2.840.113549.1.9.1 NAME ( 'email'
'emailAddress' 'p
 kcs9email' ) DESC 'RFC3280: legacy attribute for email addresses in
DNs' EQUA
 LITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX
1.3.6.1.4.
 1.1466.115.121.1.26{128} )
olcObjectClasses: {0}( 2.5.6.2 NAME 'country' DESC 'RFC2256: a country'
SUP to
 p STRUCTURAL MUST c MAY ( searchGuide $ description ) )
olcObjectClasses: {1}( 2.5.6.3 NAME 'locality' DESC 'RFC2256: a
locality' SUP
 top STRUCTURAL MAY ( street $ seeAlso $ searchGuide $ st $ l $
description )
 )
olcObjectClasses: {2}( 2.5.6.4 NAME 'organization' DESC 'RFC2256: an
organizat
 ion' SUP top STRUCTURAL MUST o MAY ( userPassword $ searchGuide $
seeAlso $ b
 usinessCategory $ x121Address $ registeredAddress $
destinationIndicator $ pr
 eferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
telephoneNu
 mber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $
postOffi
 ceBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $
l $ de
 scription ) )
olcObjectClasses: {3}( 2.5.6.5 NAME 'organizationalUnit' DESC 'RFC2256:
an org
 anizational unit' SUP top STRUCTURAL MUST ou MAY ( userPassword $
searchGuide
  $ seeAlso $ businessCategory $ x121Address $ registeredAddress $
destination
 Indicator $ preferredDeliveryMethod $ telexNumber $
teletexTerminalIdentifier
  $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber
$ str
 eet $ postOfficeBox $ postalCode $ postalAddress $
physicalDeliveryOfficeName
  $ st $ l $ description ) )
olcObjectClasses: {4}( 2.5.6.6 NAME 'person' DESC 'RFC2256: a person'
SUP top
 STRUCTURAL MUST ( sn $ cn ) MAY ( userPassword $ telephoneNumber $
seeAlso $
 description ) )
olcObjectClasses: {5}( 2.5.6.7 NAME 'organizationalPerson' DESC
'RFC2256: an o
 rganizational person' SUP person STRUCTURAL MAY ( title $ x121Address $
regis
 teredAddress $ destinationIndicator $ preferredDeliveryMethod $
telexNumber $
  teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber
$ facs
 imileTelephoneNumber $ street $ postOfficeBox $ postalCode $
postalAddress $
 physicalDeliveryOfficeName $ ou $ st $ l ) )
olcObjectClasses: {6}( 2.5.6.8 NAME 'organizationalRole' DESC 'RFC2256:
an org
 anizational role' SUP top STRUCTURAL MUST cn MAY ( x121Address $
registeredAd
 dress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $
telete
 xTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
facsimileTe
 lephoneNumber $ seeAlso $ roleOccupant $ preferredDeliveryMethod $
street $ p
 ostOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName
$ ou $
  st $ l $ description ) )
olcObjectClasses: {7}( 2.5.6.9 NAME 'groupOfNames' DESC 'RFC2256: a
group of n
 ames (DNs)' SUP top STRUCTURAL MUST ( member $ cn ) MAY (
businessCategory $
 seeAlso $ owner $ ou $ o $ description ) )
olcObjectClasses: {8}( 2.5.6.10 NAME 'residentialPerson' DESC 'RFC2256:
an res
 idential person' SUP person STRUCTURAL MUST l MAY ( businessCategory $
x121Ad
 dress $ registeredAddress $ destinationIndicator $
preferredDeliveryMethod $
 telexNumber $ teletexTerminalIdentifier $ telephoneNumber $
internationaliSDN
 Number $ facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
postOf
 ficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st
$ l )
 )
olcObjectClasses: {9}( 2.5.6.11 NAME 'applicationProcess' DESC 'RFC2256:
an ap
 plication process' SUP top STRUCTURAL MUST cn MAY ( seeAlso $ ou $ l $
descri
 ption ) )
olcObjectClasses: {10}( 2.5.6.12 NAME 'applicationEntity' DESC 'RFC2256:
an ap
 plication entity' SUP top STRUCTURAL MUST ( presentationAddress $ cn )
MAY (
 supportedApplicationContext $ seeAlso $ ou $ o $ l $ description ) )
olcObjectClasses: {11}( 2.5.6.13 NAME 'dSA' DESC 'RFC2256: a directory
system
 agent (a server)' SUP applicationEntity STRUCTURAL MAY
knowledgeInformation )
olcObjectClasses: {12}( 2.5.6.14 NAME 'device' DESC 'RFC2256: a device'
SUP to
 p STRUCTURAL MUST cn MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l
$ desc
 ription ) )
olcObjectClasses: {13}( 2.5.6.15 NAME 'strongAuthenticationUser' DESC
'RFC2256
 : a strong authentication user' SUP top AUXILIARY MUST userCertificate )
olcObjectClasses: {14}( 2.5.6.16 NAME 'certificationAuthority' DESC
'RFC2256:
 a certificate authority' SUP top AUXILIARY MUST (
authorityRevocationList $ c
 ertificateRevocationList $ cACertificate ) MAY crossCertificatePair )
olcObjectClasses: {15}( 2.5.6.17 NAME 'groupOfUniqueNames' DESC
'RFC2256: a gr
 oup of unique names (DN and Unique Identifier)' SUP top STRUCTURAL MUST
( uni
 queMember $ cn ) MAY ( businessCategory $ seeAlso $ owner $ ou $ o $
descript
 ion ) )
olcObjectClasses: {16}( 2.5.6.18 NAME 'userSecurityInformation' DESC
'RFC2256:
  a user security information' SUP top AUXILIARY MAY supportedAlgorithms )
olcObjectClasses: {17}( 2.5.6.16.2 NAME 'certificationAuthority-V2' SUP
certif
 icationAuthority AUXILIARY MAY deltaRevocationList )
olcObjectClasses: {18}( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top
STRUCTURA
 L MUST cn MAY ( certificateRevocationList $ authorityRevocationList $
deltaRe
 vocationList ) )
olcObjectClasses: {19}( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST
dmdName MA
 Y ( userPassword $ searchGuide $ seeAlso $ businessCategory $
x121Address $ r
 egisteredAddress $ destinationIndicator $ preferredDeliveryMethod $
telexNumb
 er $ teletexTerminalIdentifier $ telephoneNumber $
internationaliSDNNumber $
 facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
postalAddres
 s $ physicalDeliveryOfficeName $ st $ l $ description ) )
olcObjectClasses: {20}( 2.5.6.21 NAME 'pkiUser' DESC 'RFC2587: a PKI
user' SUP
  top AUXILIARY MAY userCertificate )
olcObjectClasses: {21}( 2.5.6.22 NAME 'pkiCA' DESC 'RFC2587: PKI
certificate a
 uthority' SUP top AUXILIARY MAY ( authorityRevocationList $
certificateRevoca
 tionList $ cACertificate $ crossCertificatePair ) )
olcObjectClasses: {22}( 2.5.6.23 NAME 'deltaCRL' DESC 'RFC2587: PKI
user' SUP
 top AUXILIARY MAY deltaRevocationList )
olcObjectClasses: {23}( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
DESC 'RFC
 2079: object that contains the URI attribute type' SUP top AUXILIARY
MAY labe
 ledURI )
olcObjectClasses: {24}( 0.9.2342.19200300.100.4.19 NAME
'simpleSecurityObject'
  DESC 'RFC1274: simple security object' SUP top AUXILIARY MUST
userPassword )
olcObjectClasses: {25}( 1.3.6.1.4.1.1466.344 NAME 'dcObject' DESC
'RFC2247: do
 main component object' SUP top AUXILIARY MUST dc )
olcObjectClasses: {26}( 1.3.6.1.1.3.1 NAME 'uidObject' DESC 'RFC2377:
uid obje
 ct' SUP top AUXILIARY MUST uid )
structuralObjectClass: olcSchemaConfig
entryUUID: 6530a712-9721-102f-955e-4b8bb57ada73
creatorsName: cn=config
createTimestamp: 20101208141546Z
entryCSN: 20101208141546.777296Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20101208141546Z

dn: cn={1}cosine,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {1}cosine
olcAttributeTypes: {0}( 0.9.2342.19200300.100.1.2 NAME
'textEncodedORAddress'
 EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.
 1466.115.121.1.15{256} )
olcAttributeTypes: {1}( 0.9.2342.19200300.100.1.4 NAME 'info' DESC
'RFC1274: g
 eneral information' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} )
olcAttributeTypes: {2}( 0.9.2342.19200300.100.1.5 NAME ( 'drink'
'favouriteDri
 nk' ) DESC 'RFC1274: favorite drink' EQUALITY caseIgnoreMatch SUBSTR
caseIgno
 reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {3}( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' DESC
'RFC1
 274: room number' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMatch S
 YNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {4}( 0.9.2342.19200300.100.1.7 NAME 'photo' DESC
'RFC1274:
 photo (G3 fax)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} )
olcAttributeTypes: {5}( 0.9.2342.19200300.100.1.8 NAME 'userClass' DESC
'RFC12
 74: category of user' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstringsMat
 ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {6}( 0.9.2342.19200300.100.1.9 NAME 'host' DESC
'RFC1274: h
 ost computer' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
SYNTA
 X 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {7}( 0.9.2342.19200300.100.1.10 NAME 'manager' DESC
'RFC127
 4: DN of manager' EQUALITY distinguishedNameMatch SYNTAX
1.3.6.1.4.1.1466.115
 .121.1.12 )
olcAttributeTypes: {8}( 0.9.2342.19200300.100.1.11 NAME
'documentIdentifier' D
 ESC 'RFC1274: unique identifier of document' EQUALITY caseIgnoreMatch
SUBSTR
 caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {9}( 0.9.2342.19200300.100.1.12 NAME 'documentTitle'
DESC '
 RFC1274: title of document' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstri
 ngsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {10}( 0.9.2342.19200300.100.1.13 NAME
'documentVersion' DES
 C 'RFC1274: version of document' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSu
 bstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {11}( 0.9.2342.19200300.100.1.14 NAME
'documentAuthor' DESC
  'RFC1274: DN of author of document' EQUALITY distinguishedNameMatch
SYNTAX 1
 .3.6.1.4.1.1466.115.121.1.12 )
olcAttributeTypes: {12}( 0.9.2342.19200300.100.1.15 NAME
'documentLocation' DE
 SC 'RFC1274: location of document original' EQUALITY caseIgnoreMatch
SUBSTR c
 aseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {13}( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone'
'homeTe
 lephoneNumber' ) DESC 'RFC1274: home telephone number' EQUALITY
telephoneNumb
 erMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121
 .1.50 )
olcAttributeTypes: {14}( 0.9.2342.19200300.100.1.21 NAME 'secretary'
DESC 'RFC
 1274: DN of secretary' EQUALITY distinguishedNameMatch SYNTAX
1.3.6.1.4.1.146
 6.115.121.1.12 )
olcAttributeTypes: {15}( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox'
SYNTAX
  1.3.6.1.4.1.1466.115.121.1.39 )
olcAttributeTypes: {16}( 0.9.2342.19200300.100.1.26 NAME 'aRecord'
EQUALITY ca
 seIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {17}( 0.9.2342.19200300.100.1.27 NAME 'mDRecord'
EQUALITY c
 aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {18}( 0.9.2342.19200300.100.1.28 NAME 'mXRecord'
EQUALITY c
 aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {19}( 0.9.2342.19200300.100.1.29 NAME 'nSRecord'
EQUALITY c
 aseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {20}( 0.9.2342.19200300.100.1.30 NAME 'sOARecord'
EQUALITY
 caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {21}( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord'
EQUALIT
 Y caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {22}( 0.9.2342.19200300.100.1.38 NAME
'associatedName' DESC
  'RFC1274: DN of entry associated with domain' EQUALITY
distinguishedNameMatc
 h SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
olcAttributeTypes: {23}( 0.9.2342.19200300.100.1.39 NAME
'homePostalAddress' D
 ESC 'RFC1274: home postal address' EQUALITY caseIgnoreListMatch SUBSTR
caseIg
 noreListSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
olcAttributeTypes: {24}( 0.9.2342.19200300.100.1.40 NAME 'personalTitle'
DESC
 'RFC1274: personal title' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstring
 sMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {25}( 0.9.2342.19200300.100.1.41 NAME ( 'mobile'
'mobileTel
 ephoneNumber' ) DESC 'RFC1274: mobile telephone number' EQUALITY
telephoneNum
 berMatch SUBSTR telephoneNumberSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.12
 1.1.50 )
olcAttributeTypes: {26}( 0.9.2342.19200300.100.1.42 NAME ( 'pager'
'pagerTelep
 honeNumber' ) DESC 'RFC1274: pager telephone number' EQUALITY
telephoneNumber
 Match SUBSTR telephoneNumberSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1
 .50 )
olcAttributeTypes: {27}( 0.9.2342.19200300.100.1.43 NAME ( 'co'
'friendlyCount
 ryName' ) DESC 'RFC1274: friendly country name' EQUALITY
caseIgnoreMatch SUBS
 TR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {28}( 0.9.2342.19200300.100.1.44 NAME
'uniqueIdentifier' DE
 SC 'RFC1274: unique identifer' EQUALITY caseIgnoreMatch SYNTAX
1.3.6.1.4.1.14
 66.115.121.1.15{256} )
olcAttributeTypes: {29}( 0.9.2342.19200300.100.1.45 NAME
'organizationalStatus
 ' DESC 'RFC1274: organizational status' EQUALITY caseIgnoreMatch SUBSTR
caseI
 gnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {30}( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox'
DESC '
 RFC1274: Janet mailbox' EQUALITY caseIgnoreIA5Match SUBSTR
caseIgnoreIA5Subst
 ringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
olcAttributeTypes: {31}( 0.9.2342.19200300.100.1.47 NAME
'mailPreferenceOption
 ' DESC 'RFC1274: mail preference option' SYNTAX
1.3.6.1.4.1.1466.115.121.1.27
  )
olcAttributeTypes: {32}( 0.9.2342.19200300.100.1.48 NAME 'buildingName'
DESC '
 RFC1274: name of building' EQUALITY caseIgnoreMatch SUBSTR
caseIgnoreSubstrin
 gsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {33}( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality'
DESC 'RF
 C1274: DSA Quality' SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE )
olcAttributeTypes: {34}( 0.9.2342.19200300.100.1.50 NAME
'singleLevelQuality'
 DESC 'RFC1274: Single Level Quality' SYNTAX
1.3.6.1.4.1.1466.115.121.1.13 SIN
 GLE-VALUE )
olcAttributeTypes: {35}( 0.9.2342.19200300.100.1.51 NAME
'subtreeMinimumQualit
 y' DESC 'RFC1274: Subtree Mininum Quality' SYNTAX
1.3.6.1.4.1.1466.115.121.1.
 13 SINGLE-VALUE )
olcAttributeTypes: {36}( 0.9.2342.19200300.100.1.52 NAME
'subtreeMaximumQualit
 y' DESC 'RFC1274: Subtree Maximun Quality' SYNTAX
1.3.6.1.4.1.1466.115.121.1.
 13 SINGLE-VALUE )
olcAttributeTypes: {37}( 0.9.2342.19200300.100.1.53 NAME
'personalSignature' D
 ESC 'RFC1274: Personal Signature (G3 fax)' SYNTAX
1.3.6.1.4.1.1466.115.121.1.
 23 )
olcAttributeTypes: {38}( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect'
DESC 'R
 FC1274: DIT Redirect' EQUALITY distinguishedNameMatch SYNTAX
1.3.6.1.4.1.1466
 .115.121.1.12 )
olcAttributeTypes: {39}( 0.9.2342.19200300.100.1.55 NAME 'audio' DESC
'RFC1274
 : audio (u-law)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} )
olcAttributeTypes: {40}( 0.9.2342.19200300.100.1.56 NAME
'documentPublisher' D
 ESC 'RFC1274: publisher of document' EQUALITY caseIgnoreMatch SUBSTR
caseIgno
 reSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcObjectClasses: {0}( 0.9.2342.19200300.100.4.4 NAME ( 'pilotPerson'
'newPilo
 tPerson' ) SUP person STRUCTURAL MAY ( userid $ textEncodedORAddress $
rfc822
 Mailbox $ favouriteDrink $ roomNumber $ userClass $ homeTelephoneNumber
$ hom
 ePostalAddress $ secretary $ personalTitle $ preferredDeliveryMethod $
busine
 ssCategory $ janetMailbox $ otherMailbox $ mobileTelephoneNumber $
pagerTelep
 honeNumber $ organizationalStatus $ mailPreferenceOption $
personalSignature
 ) )
olcObjectClasses: {1}( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top
STRUCT
 URAL MUST userid MAY ( description $ seeAlso $ localityName $
organizationNam
 e $ organizationalUnitName $ host ) )
olcObjectClasses: {2}( 0.9.2342.19200300.100.4.6 NAME 'document' SUP top
STRUC
 TURAL MUST documentIdentifier MAY ( commonName $ description $ seeAlso
$ loca
 lityName $ organizationName $ organizationalUnitName $ documentTitle $
docume
 ntVersion $ documentAuthor $ documentLocation $ documentPublisher ) )
olcObjectClasses: {3}( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top
STRUCTURA
 L MUST commonName MAY ( roomNumber $ description $ seeAlso $
telephoneNumber
 ) )
olcObjectClasses: {4}( 0.9.2342.19200300.100.4.9 NAME 'documentSeries'
SUP top
  STRUCTURAL MUST commonName MAY ( description $ seeAlso $
telephonenumber $ l
 ocalityName $ organizationName $ organizationalUnitName ) )
olcObjectClasses: {5}( 0.9.2342.19200300.100.4.13 NAME 'domain' SUP top
STRUCT
 URAL MUST domainComponent MAY ( associatedName $ organizationName $
descripti
 on $ businessCategory $ seeAlso $ searchGuide $ userPassword $
localityName $
  stateOrProvinceName $ streetAddress $ physicalDeliveryOfficeName $
postalAdd
 ress $ postalCode $ postOfficeBox $ streetAddress $
facsimileTelephoneNumber
 $ internationalISDNNumber $ telephoneNumber $ teletexTerminalIdentifier
$ tel
 exNumber $ preferredDeliveryMethod $ destinationIndicator $
registeredAddress
  $ x121Address ) )
olcObjectClasses: {6}( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart'
SUP d
 omain STRUCTURAL MAY ( commonName $ surname $ description $ seeAlso $
telepho
 neNumber $ physicalDeliveryOfficeName $ postalAddress $ postalCode $
postOffi
 ceBox $ streetAddress $ facsimileTelephoneNumber $
internationalISDNNumber $
 telephoneNumber $ teletexTerminalIdentifier $ telexNumber $
preferredDelivery
 Method $ destinationIndicator $ registeredAddress $ x121Address ) )
olcObjectClasses: {7}( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' SUP
domain
 STRUCTURAL MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $
CNAME
 Record ) )
olcObjectClasses: {8}( 0.9.2342.19200300.100.4.17 NAME
'domainRelatedObject' D
 ESC 'RFC1274: an object related to an domain' SUP top AUXILIARY MUST
associat
 edDomain )
olcObjectClasses: {9}( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry'
SUP c
 ountry STRUCTURAL MUST friendlyCountryName )
olcObjectClasses: {10}( 0.9.2342.19200300.100.4.20 NAME
'pilotOrganization' SU
 P ( organization $ organizationalUnit ) STRUCTURAL MAY buildingName )
olcObjectClasses: {11}( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' SUP
dsa STR
 UCTURAL MAY dSAQuality )
olcObjectClasses: {12}( 0.9.2342.19200300.100.4.22 NAME
'qualityLabelledData'
 SUP top AUXILIARY MUST dsaQuality MAY ( subtreeMinimumQuality $
subtreeMaximu
 mQuality ) )
structuralObjectClass: olcSchemaConfig
entryUUID: 6530b824-9721-102f-955f-4b8bb57ada73
creatorsName: cn=config
createTimestamp: 20101208141546Z
entryCSN: 20101208141546.777296Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20101208141546Z

dn: cn={2}inetorgperson,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {2}inetorgperson
olcAttributeTypes: {0}( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC
'RFC279
 8: vehicle license or registration plate' EQUALITY caseIgnoreMatch
SUBSTR cas
 eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {1}( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber'
DESC '
 RFC2798: identifies a department within an organization' EQUALITY
caseIgnoreM
 atch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {2}( 2.16.840.1.113730.3.1.241 NAME 'displayName'
DESC 'RFC
 2798: preferred name to be used when displaying entries' EQUALITY
caseIgnoreM
 atch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 SI
 NGLE-VALUE )
olcAttributeTypes: {3}( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber'
DESC 'RF
 C2798: numerically identifies an employee within an organization'
EQUALITY ca
 seIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.12
 1.1.15 SINGLE-VALUE )
olcAttributeTypes: {4}( 2.16.840.1.113730.3.1.4 NAME 'employeeType' DESC
'RFC2
 798: type of employment for a person' EQUALITY caseIgnoreMatch SUBSTR
caseIgn
 oreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {5}( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto' DESC
'RFC2
 798: a JPEG image' SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
olcAttributeTypes: {6}( 2.16.840.1.113730.3.1.39 NAME
'preferredLanguage' DESC
  'RFC2798: preferred written or spoken language for a person' EQUALITY
caseIg
 noreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.
 15 SINGLE-VALUE )
olcAttributeTypes: {7}( 2.16.840.1.113730.3.1.40 NAME
'userSMIMECertificate' D
 ESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' SYNTAX
1.3.6.1.4.1.14
 66.115.121.1.5 )
olcAttributeTypes: {8}( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12' DESC
'RFC2
 798: personal identity information, a PKCS #12 PFX' SYNTAX
1.3.6.1.4.1.1466.1
 15.121.1.5 )
olcObjectClasses: {0}( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC
'RFC2
 798: Internet Organizational Person' SUP organizationalPerson
STRUCTURAL MAY
 ( audio $ businessCategory $ carLicense $ departmentNumber $
displayName $ em
 ployeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress
$ ini
 tials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $
photo
 $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier
$ pre
 ferredLanguage $ userSMIMECertificate $ userPKCS12 ) )
structuralObjectClass: olcSchemaConfig
entryUUID: 6530c03a-9721-102f-9560-4b8bb57ada73
creatorsName: cn=config
createTimestamp: 20101208141546Z
entryCSN: 20101208141546.777296Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20101208141546Z

dn: cn={3}ppolicy,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {3}ppolicy
olcAttributeTypes: {0}( 1.3.6.1.4.1.42.2.27.8.1.1 NAME 'pwdAttribute'
EQUALITY
  objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
olcAttributeTypes: {1}( 1.3.6.1.4.1.42.2.27.8.1.2 NAME 'pwdMinAge'
EQUALITY in
 tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {2}( 1.3.6.1.4.1.42.2.27.8.1.3 NAME 'pwdMaxAge'
EQUALITY in
 tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {3}( 1.3.6.1.4.1.42.2.27.8.1.4 NAME 'pwdInHistory'
EQUALITY
  integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {4}( 1.3.6.1.4.1.42.2.27.8.1.5 NAME 'pwdCheckQuality'
EQUAL
 ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {5}( 1.3.6.1.4.1.42.2.27.8.1.6 NAME 'pwdMinLength'
EQUALITY
  integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {6}( 1.3.6.1.4.1.42.2.27.8.1.7 NAME
'pwdExpireWarning' EQUA
 LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {7}( 1.3.6.1.4.1.42.2.27.8.1.8 NAME
'pwdGraceAuthNLimit' EQ
 UALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {8}( 1.3.6.1.4.1.42.2.27.8.1.9 NAME 'pwdLockout'
EQUALITY b
 ooleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
olcAttributeTypes: {9}( 1.3.6.1.4.1.42.2.27.8.1.10 NAME
'pwdLockoutDuration' E
 QUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {10}( 1.3.6.1.4.1.42.2.27.8.1.11 NAME 'pwdMaxFailure'
EQUAL
 ITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {11}( 1.3.6.1.4.1.42.2.27.8.1.12 NAME
'pwdFailureCountInter
 val' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
 )
olcAttributeTypes: {12}( 1.3.6.1.4.1.42.2.27.8.1.13 NAME 'pwdMustChange'
EQUAL
 ITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
olcAttributeTypes: {13}( 1.3.6.1.4.1.42.2.27.8.1.14 NAME
'pwdAllowUserChange'
 EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
olcAttributeTypes: {14}( 1.3.6.1.4.1.42.2.27.8.1.15 NAME 'pwdSafeModify'
EQUAL
 ITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
olcAttributeTypes: {15}( 1.3.6.1.4.1.4754.1.99.1 NAME 'pwdCheckModule'
DESC 'L
 oadable module that instantiates "check_password() function' EQUALITY
caseExa
 ctIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcObjectClasses: {0}( 1.3.6.1.4.1.4754.2.99.1 NAME 'pwdPolicyChecker'
SUP top
  AUXILIARY MAY pwdCheckModule )
olcObjectClasses: {1}( 1.3.6.1.4.1.42.2.27.8.2.1 NAME 'pwdPolicy' SUP
top AUXI
 LIARY MUST pwdAttribute MAY ( pwdMinAge $ pwdMaxAge $ pwdInHistory $
pwdCheck
 Quality $ pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $
pwdLockout $
  pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $
pwdMustChange
  $ pwdAllowUserChange $ pwdSafeModify ) )
structuralObjectClass: olcSchemaConfig
entryUUID: 6530c5bc-9721-102f-9561-4b8bb57ada73
creatorsName: cn=config
createTimestamp: 20101208141546Z
entryCSN: 20101208141546.777296Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20101208141546Z

dn: cn={4}sso,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {4}sso
olcObjectIdentifier: {0}SSOOID 1.3.6.1.4.1.10943.10.2
olcAttributeTypes: {0}( SSOOID:1:1 NAME 'ssoName' DESC 'An application
name' E
 QUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1
 466.115.121.1.15 )
olcAttributeTypes: {1}( SSOOID:1:2 NAME 'ssoRoles' DESC 'One or more
roles' EQ
 UALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.14
 66.115.121.1.15 )
olcAttributeTypes: {2}( SSOOID:1:3 NAME 'ssoLogonHours' DESC 'Allowed
logon ho
 urs' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1
 .4.1.1466.115.121.1.15 )
olcAttributeTypes: {3}( SSOOID:1:4 NAME 'ssoStartDate' DESC 'Start date'
EQUAL
 ITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.
 115.121.1.15 )
olcAttributeTypes: {4}( SSOOID:1:5 NAME 'ssoEndDate' DESC 'End date'
EQUALITY
 caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.
 121.1.15 )
olcObjectClasses: {0}( SSOOID:2:1 NAME 'ssoUser' DESC 'SSO extended
informatio
 ns for a user' SUP top AUXILIARY MAY ( ssoName $ ssoRoles $
ssoLogonHours $ s
 soStartDate $ ssoEndDate ) )
structuralObjectClass: olcSchemaConfig
entryUUID: 6530c9d6-9721-102f-9562-4b8bb57ada73
creatorsName: cn=config
createTimestamp: 20101208141546Z
entryCSN: 20101208141546.777296Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20101208141546Z

dn: cn={5}samba,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {5}samba
olcAttributeTypes: {0}( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword'
DESC 'L
 anManager Password' EQUALITY caseIgnoreIA5Match SYNTAX
1.3.6.1.4.1.1466.115.1
 21.1.26{32} SINGLE-VALUE )
olcAttributeTypes: {1}( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword'
DESC 'M
 D4 hash of the unicode password' EQUALITY caseIgnoreIA5Match SYNTAX
1.3.6.1.4
 .1.1466.115.121.1.26{32} SINGLE-VALUE )
olcAttributeTypes: {2}( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags'
DESC 'Ac
 count Flags' EQUALITY caseIgnoreIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26
 {16} SINGLE-VALUE )
olcAttributeTypes: {3}( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet'
DESC 'T
 imestamp of the last password update' EQUALITY integerMatch SYNTAX
1.3.6.1.4.
 1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {4}( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange'
DESC
 'Timestamp of when the user is allowed to update the password' EQUALITY
integ
 erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {5}( 1.3.6.1.4.1.7165.2.1.29 NAME
'sambaPwdMustChange' DESC
  'Timestamp of when the password will expire' EQUALITY integerMatch
SYNTAX 1.
 3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {6}( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime'
DESC 'Ti
 mestamp of last logon' EQUALITY integerMatch SYNTAX
1.3.6.1.4.1.1466.115.121.
 1.27 SINGLE-VALUE )
olcAttributeTypes: {7}( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime'
DESC 'T
 imestamp of last logoff' EQUALITY integerMatch SYNTAX
1.3.6.1.4.1.1466.115.12
 1.1.27 SINGLE-VALUE )
olcAttributeTypes: {8}( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime'
DESC '
 Timestamp of when the user will be logged off automatically' EQUALITY
integer
 Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {9}( 1.3.6.1.4.1.7165.2.1.48 NAME
'sambaBadPasswordCount' D
 ESC 'Bad password attempt count' EQUALITY integerMatch SYNTAX
1.3.6.1.4.1.146
 6.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {10}( 1.3.6.1.4.1.7165.2.1.49 NAME
'sambaBadPasswordTime' D
 ESC 'Time of the last bad password attempt' EQUALITY integerMatch
SYNTAX 1.3.
 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {11}( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours'
DESC '
 Logon Hours' EQUALITY caseIgnoreIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26
 {42} SINGLE-VALUE )
olcAttributeTypes: {12}( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive'
DESC 'D
 river letter of home directory mapping' EQUALITY caseIgnoreIA5Match
SYNTAX 1.
 3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
olcAttributeTypes: {13}( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript'
DESC
 'Logon script path' EQUALITY caseIgnoreMatch SYNTAX
1.3.6.1.4.1.1466.115.121.
 1.15{255} SINGLE-VALUE )
olcAttributeTypes: {14}( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath'
DESC
 'Roaming profile path' EQUALITY caseIgnoreMatch SYNTAX
1.3.6.1.4.1.1466.115.1
 21.1.15{255} SINGLE-VALUE )
olcAttributeTypes: {15}( 1.3.6.1.4.1.7165.2.1.36 NAME
'sambaUserWorkstations'
 DESC 'List of user workstations the user is allowed to logon to'
EQUALITY cas
 eIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
olcAttributeTypes: {16}( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath'
DESC 'Ho
 me directory UNC path' EQUALITY caseIgnoreMatch SYNTAX
1.3.6.1.4.1.1466.115.1
 21.1.15{128} )
olcAttributeTypes: {17}( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName'
DESC '
 Windows NT domain to which the user belongs' EQUALITY caseIgnoreMatch
SYNTAX
 1.3.6.1.4.1.1466.115.121.1.15{128} )
olcAttributeTypes: {18}( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial'
DESC '
 Base64 encoded user parameter string' EQUALITY caseExactMatch SYNTAX
1.3.6.1.
 4.1.1466.115.121.1.15{1050} )
olcAttributeTypes: {19}( 1.3.6.1.4.1.7165.2.1.54 NAME
'sambaPasswordHistory' D
 ESC 'Concatenated MD5 hashes of the salted NT passwords used on this
account'
  EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} )
olcAttributeTypes: {20}( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC
'Securit
 y ID' EQUALITY caseIgnoreIA5Match SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1
 .3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
olcAttributeTypes: {21}( 1.3.6.1.4.1.7165.2.1.23 NAME
'sambaPrimaryGroupSID' D
 ESC 'Primary Group Security ID' EQUALITY caseIgnoreIA5Match SYNTAX
1.3.6.1.4.
 1.1466.115.121.1.26{64} SINGLE-VALUE )
olcAttributeTypes: {22}( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList'
DESC 'Sec
 urity ID List' EQUALITY caseIgnoreIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.
 26{64} )
olcAttributeTypes: {23}( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType'
DESC 'N
 T Group Type' EQUALITY integerMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.27 SING
 LE-VALUE )
olcAttributeTypes: {24}( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid'
DESC
 'Next NT rid to give our for users' EQUALITY integerMatch SYNTAX
1.3.6.1.4.1.
 1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {25}( 1.3.6.1.4.1.7165.2.1.22 NAME
'sambaNextGroupRid' DESC
  'Next NT rid to give out for groups' EQUALITY integerMatch SYNTAX
1.3.6.1.4.
 1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {26}( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid'
DESC 'Nex
 t NT rid to give out for anything' EQUALITY integerMatch SYNTAX
1.3.6.1.4.1.1
 466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {27}( 1.3.6.1.4.1.7165.2.1.40 NAME
'sambaAlgorithmicRidBase
 ' DESC 'Base at which the samba RID generation algorithm should
operate' EQUA
 LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {28}( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName'
DESC 'S
 hare Name' EQUALITY caseIgnoreMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.15 SING
 LE-VALUE )
olcAttributeTypes: {29}( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName'
DESC '
 Option Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
SYNTAX
  1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {30}( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption'
DESC '
 A boolean option' EQUALITY booleanMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.7 S
 INGLE-VALUE )
olcAttributeTypes: {31}( 1.3.6.1.4.1.7165.2.1.44 NAME
'sambaIntegerOption' DES
 C 'An integer option' EQUALITY integerMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1
 .27 SINGLE-VALUE )
olcAttributeTypes: {32}( 1.3.6.1.4.1.7165.2.1.45 NAME
'sambaStringOption' DESC
  'A string option' EQUALITY caseExactIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121
 .1.26 SINGLE-VALUE )
olcAttributeTypes: {33}( 1.3.6.1.4.1.7165.2.1.46 NAME
'sambaStringListOption'
 DESC 'A string list option' EQUALITY caseIgnoreMatch SYNTAX
1.3.6.1.4.1.1466.
 115.121.1.15 )
olcAttributeTypes: {34}( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags'
DESC '
 Trust Password Flags' EQUALITY caseIgnoreIA5Match SYNTAX
1.3.6.1.4.1.1466.115
 .121.1.26 )
olcAttributeTypes: {35}( 1.3.6.1.4.1.7165.2.1.58 NAME
'sambaMinPwdLength' DESC
  'Minimal password length (default: 5)' EQUALITY integerMatch SYNTAX
1.3.6.1.
 4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {36}( 1.3.6.1.4.1.7165.2.1.59 NAME
'sambaPwdHistoryLength'
 DESC 'Length of Password History Entries (default: 0 => off)' EQUALITY
intege
 rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {37}( 1.3.6.1.4.1.7165.2.1.60 NAME
'sambaLogonToChgPwd' DES
 C 'Force Users to logon for password change (default: 0 => off, 2 =>
on)' EQU
 ALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {38}( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge'
DESC 'M
 aximum password age, in seconds (default: -1 => never expire
passwords)' EQUA
 LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {39}( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge'
DESC 'M
 inimum password age, in seconds (default: 0 => allow immediate password
chang
 e)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
olcAttributeTypes: {40}( 1.3.6.1.4.1.7165.2.1.63 NAME
'sambaLockoutDuration' D
 ESC 'Lockout duration in minutes (default: 30, -1 => forever)' EQUALITY
integ
 erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {41}( 1.3.6.1.4.1.7165.2.1.64 NAME
'sambaLockoutObservation
 Window' DESC 'Reset time after lockout in minutes (default: 30)'
EQUALITY int
 egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {42}( 1.3.6.1.4.1.7165.2.1.65 NAME
'sambaLockoutThreshold'
 DESC 'Lockout users after bad logon attempts (default: 0 => off)'
EQUALITY in
 tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {43}( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff'
DESC
 'Disconnect Users outside logon hours (default: -1 => off, 0 => on)'
EQUALITY
  integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {44}( 1.3.6.1.4.1.7165.2.1.67 NAME
'sambaRefuseMachinePwdCh
 ange' DESC 'Allow Machine Password changes (default: 0 => off)'
EQUALITY inte
 gerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {45}( 1.3.6.1.4.1.7165.2.1.68 NAME
'sambaClearTextPassword'
  DESC 'Clear text password (used for trusted domain passwords)'
EQUALITY octe
 tStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
olcAttributeTypes: {46}( 1.3.6.1.4.1.7165.2.1.69 NAME
'sambaPreviousClearTextP
 assword' DESC 'Previous clear text password (used for trusted domain
password
 s)' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
olcObjectClasses: {0}( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount'
DESC 'Sam
 ba 3.0 Auxilary SAM Account' SUP top AUXILIARY MUST ( uid $ sambaSID )
MAY (
 cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $
sambaLogonTime $ s
 ambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $
sambaPwdMustChange $
 sambaAcctFlags $ displayName $ sambaHomePath $ sambaHomeDrive $
sambaLogonScr
 ipt $ sambaProfilePath $ description $ sambaUserWorkstations $
sambaPrimaryGr
 oupSID $ sambaDomainName $ sambaMungedDial $ sambaBadPasswordCount $
sambaBad
 PasswordTime $ sambaPasswordHistory $ sambaLogonHours ) )
olcObjectClasses: {1}( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping'
DESC 'S
 amba Group Mapping' SUP top AUXILIARY MUST ( gidNumber $ sambaSID $
sambaGrou
 pType ) MAY ( displayName $ description $ sambaSIDList ) )
olcObjectClasses: {2}( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword'
DESC
 'Samba Trust Password' SUP top STRUCTURAL MUST ( sambaDomainName $
sambaNTPas
 sword $ sambaTrustFlags ) MAY ( sambaSID $ sambaPwdLastSet ) )
olcObjectClasses: {3}( 1.3.6.1.4.1.7165.2.2.15 NAME
'sambaTrustedDomainPasswor
 d' DESC 'Samba Trusted Domain Password' SUP top STRUCTURAL MUST (
sambaDomain
 Name $ sambaSID $ sambaClearTextPassword $ sambaPwdLastSet ) MAY
sambaPreviou
 sClearTextPassword )
olcObjectClasses: {4}( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' DESC
'Samba D
 omain Information' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaSID
) MAY
  ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $
sambaAlgorithmicRidB
 ase $ sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd $
sambaM
 axPwdAge $ sambaMinPwdAge $ sambaLockoutDuration $
sambaLockoutObservationWin
 dow $ sambaLockoutThreshold $ sambaForceLogoff $
sambaRefuseMachinePwdChange
 ) )
olcObjectClasses: {5}( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool'
DESC 'Poo
 l for allocating UNIX uids/gids' SUP top AUXILIARY MUST ( uidNumber $
gidNumb
 er ) )
olcObjectClasses: {6}( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry'
DESC 'Map
 ping from a SID to an ID' SUP top AUXILIARY MUST sambaSID MAY (
uidNumber $ g
 idNumber ) )
olcObjectClasses: {7}( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' DESC
'Struc
 tural Class for a SID' SUP top STRUCTURAL MUST sambaSID )
olcObjectClasses: {8}( 1.3.6.1.4.1.7165.2.2.10 NAME 'sambaConfig' DESC
'Samba
 Configuration Section' SUP top AUXILIARY MAY description )
olcObjectClasses: {9}( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' DESC
'Samba S
 hare Section' SUP top STRUCTURAL MUST sambaShareName MAY description )
olcObjectClasses: {10}( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption'
DESC
 'Samba Configuration Option' SUP top STRUCTURAL MUST sambaOptionName
MAY ( sa
 mbaBoolOption $ sambaIntegerOption $ sambaStringOption $
sambaStringListoptio
 n $ description ) )
structuralObjectClass: olcSchemaConfig
entryUUID: 6530d6ba-9721-102f-9563-4b8bb57ada73
creatorsName: cn=config
createTimestamp: 20101208141546Z
entryCSN: 20101208141546.777296Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20101208141546Z

dn: cn={6}nis,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {6}nis
olcAttributeTypes: {0}( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS
field; th
 e common name' EQUALITY caseIgnoreIA5Match SUBSTR
caseIgnoreIA5SubstringsMatc
 h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {1}( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' DESC 'The
absolut
 e path to the home directory' EQUALITY caseExactIA5Match SYNTAX
1.3.6.1.4.1.1
 466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {2}( 1.3.6.1.1.1.1.4 NAME 'loginShell' DESC 'The path
to th
 e login shell' EQUALITY caseExactIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.2
 6 SINGLE-VALUE )
olcAttributeTypes: {3}( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' EQUALITY
integ
 erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {4}( 1.3.6.1.1.1.1.6 NAME 'shadowMin' EQUALITY
integerMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {5}( 1.3.6.1.1.1.1.7 NAME 'shadowMax' EQUALITY
integerMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {6}( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' EQUALITY
integerM
 atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {7}( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' EQUALITY
integer
 Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {8}( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' EQUALITY
integerM
 atch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {9}( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' EQUALITY
integerMat
 ch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {10}( 1.3.6.1.1.1.1.12 NAME 'memberUid' EQUALITY
caseExactI
 A5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.1.
 26 )
olcAttributeTypes: {11}( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup'
EQUALITY ca
 seExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX
1.3.6.1.4.1.1466.11
 5.121.1.26 )
olcAttributeTypes: {12}( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' DESC
'Netgr
 oup triple' SYNTAX 1.3.6.1.1.1.0.0 )
olcAttributeTypes: {13}( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' EQUALITY
intege
 rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {14}( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' SUP
name )
olcAttributeTypes: {15}( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber'
EQUALITY int
 egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {16}( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' EQUALITY
integer
 Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {17}( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' DESC 'IP
address
 ' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
olcAttributeTypes: {18}( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' DESC
'IP netw
 ork' EQUALITY caseIgnoreIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26{128} SI
 NGLE-VALUE )
olcAttributeTypes: {19}( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' DESC
'IP netm
 ask' EQUALITY caseIgnoreIA5Match SYNTAX
1.3.6.1.4.1.1466.115.121.1.26{128} SI
 NGLE-VALUE )
olcAttributeTypes: {20}( 1.3.6.1.1.1.1.22 NAME 'macAddress' DESC 'MAC
address'
  EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
olcAttributeTypes: {21}( 1.3.6.1.1.1.1.23 NAME 'bootParameter' DESC
'rpc.bootp
 aramd parameter' SYNTAX 1.3.6.1.1.1.0.1 )
olcAttributeTypes: {22}( 1.3.6.1.1.1.1.24 NAME 'bootFile' DESC 'Boot
image nam
 e' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {23}( 1.3.6.1.1.1.1.26 NAME 'nisMapName' SUP name )
olcAttributeTypes: {24}( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' EQUALITY
caseExac
 tIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX
1.3.6.1.4.1.1466.115.121.
 1.26{1024} SINGLE-VALUE )
olcObjectClasses: {0}( 1.3.6.1.1.1.2.0 NAME 'posixAccount' DESC
'Abstraction o
 f an account with POSIX attributes' SUP top AUXILIARY MUST ( cn $ uid $
uidNu
 mber $ gidNumber $ homeDirectory ) MAY ( userPassword $ loginShell $
gecos $
 description ) )
olcObjectClasses: {1}( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' DESC
'Additional a
 ttributes for shadow passwords' SUP top AUXILIARY MUST uid MAY (
userPassword
  $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $
shadowInactive
 $ shadowExpire $ shadowFlag $ description ) )
olcObjectClasses: {2}( 1.3.6.1.1.1.2.2 NAME 'posixGroup' DESC
'Abstraction of
 a group of accounts' SUP top STRUCTURAL MUST ( cn $ gidNumber ) MAY (
userPas
 sword $ memberUid $ description ) )
olcObjectClasses: {3}( 1.3.6.1.1.1.2.3 NAME 'ipService' DESC
'Abstraction an I
 nternet Protocol service' SUP top STRUCTURAL MUST ( cn $ ipServicePort
$ ipSe
 rviceProtocol ) MAY description )
olcObjectClasses: {4}( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' DESC
'Abstraction of
 an IP protocol' SUP top STRUCTURAL MUST ( cn $ ipProtocolNumber $
description
  ) MAY description )
olcObjectClasses: {5}( 1.3.6.1.1.1.2.5 NAME 'oncRpc' DESC 'Abstraction
of an O
 NC/RPC binding' SUP top STRUCTURAL MUST ( cn $ oncRpcNumber $
description ) M
 AY description )
olcObjectClasses: {6}( 1.3.6.1.1.1.2.6 NAME 'ipHost' DESC 'Abstraction
of a ho
 st, an IP device' SUP top AUXILIARY MUST ( cn $ ipHostNumber ) MAY ( l
$ desc
 ription $ manager ) )
olcObjectClasses: {7}( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' DESC
'Abstraction of a
 n IP network' SUP top STRUCTURAL MUST ( cn $ ipNetworkNumber ) MAY (
ipNetmas
 kNumber $ l $ description $ manager ) )
olcObjectClasses: {8}( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' DESC
'Abstraction of
  a netgroup' SUP top STRUCTURAL MUST cn MAY ( nisNetgroupTriple $
memberNisNe
 tgroup $ description ) )
olcObjectClasses: {9}( 1.3.6.1.1.1.2.9 NAME 'nisMap' DESC 'A generic
abstracti
 on of a NIS map' SUP top STRUCTURAL MUST nisMapName MAY description )
olcObjectClasses: {10}( 1.3.6.1.1.1.2.10 NAME 'nisObject' DESC 'An entry
in a
 NIS map' SUP top STRUCTURAL MUST ( cn $ nisMapEntry $ nisMapName ) MAY
descri
 ption )
olcObjectClasses: {11}( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' DESC 'A
device w
 ith a MAC address' SUP top AUXILIARY MAY macAddress )
olcObjectClasses: {12}( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' DESC 'A
device
 with boot parameters' SUP top AUXILIARY MAY ( bootFile $ bootParameter ) )
structuralObjectClass: olcSchemaConfig
entryUUID: 21e5fef6-b10d-1030-8a33-11dbca5edf22
creatorsName: cn=config
createTimestamp: 20111202084111Z
entryCSN: 20111202084111.852375Z#000000#001#000000
modifiersName: cn=config
modifyTimestamp: 20111202084111Z

dn: cn={7}dyngroup,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {7}dyngroup
olcObjectIdentifier: {0}NetscapeRoot 2.16.840.1.113730
olcObjectIdentifier: {1}NetscapeLDAP NetscapeRoot:3
olcObjectIdentifier: {2}NetscapeLDAPattributeType NetscapeLDAP:1
olcObjectIdentifier: {3}NetscapeLDAPobjectClass NetscapeLDAP:2
olcObjectIdentifier: {4}OpenLDAPExp11 1.3.6.1.4.1.4203.666.11
olcObjectIdentifier: {5}DynGroupBase OpenLDAPExp11:8
olcObjectIdentifier: {6}DynGroupAttr DynGroupBase:1
olcObjectIdentifier: {7}DynGroupOC DynGroupBase:2
olcAttributeTypes: {0}( NetscapeLDAPattributeType:198 NAME 'memberURL'
DESC 'I
 dentifies an URL associated with each member of a group. Any type of
labeled
 URL can be used.' SUP labeledURI )
olcAttributeTypes: {1}( DynGroupAttr:1 NAME 'dgIdentity' DESC 'Identity
to use
  when processing the memberURL' SUP distinguishedName SINGLE-VALUE )
olcAttributeTypes: {2}( DynGroupAttr:2 NAME 'dgAuthz' DESC 'Optional
authoriza
 tion rules that determine who is allowed to assume the dgIdentity'
EQUALITY a
 uthzMatch SYNTAX 1.3.6.1.4.1.4203.666.2.7 X-ORDERED 'VALUES' )
olcObjectClasses: {0}( NetscapeLDAPobjectClass:33 NAME 'groupOfURLs' SUP
top S
 TRUCTURAL MUST cn MAY ( memberURL $ businessCategory $ description $ o
$ ou $
  owner $ seeAlso ) )
olcObjectClasses: {1}( DynGroupOC:1 NAME 'dgIdentityAux' SUP top
AUXILIARY MAY
  ( dgIdentity $ dgAuthz ) )
structuralObjectClass: olcSchemaConfig
entryUUID: fe9ba1e6-ed18-1031-8f79-fdfd31b132a1
creatorsName: cn=config
createTimestamp: 20130107132214Z
entryCSN: 20130107132214.043246Z#000000#001#000000
modifiersName: cn=config
modifyTimestamp: 20130107132214Z

dn: olcDatabase={-1}frontend,cn=config
objectClass: olcDatabaseConfig
objectClass: olcFrontendConfig
olcDatabase: {-1}frontend
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 0
olcReadOnly: FALSE
olcSchemaDN: cn=Subschema
olcSyncUseSubentry: FALSE
olcMonitoring: FALSE
olcSortVals: uniqueMember
structuralObjectClass: olcDatabaseConfig
entryUUID: 6530dd36-9721-102f-9564-4b8bb57ada73
creatorsName: cn=config
createTimestamp: 20101208141546Z
entryCSN: 20101208141546.777296Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20101208141546Z

dn: olcDatabase={0}config,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {0}config
olcAccess: {0}to *  by * none
olcAddContentAcl: TRUE
olcLastMod: TRUE
olcMaxDerefDepth: 15
olcReadOnly: FALSE
olcRootDN: cn=config
olcRootPW:: c2VjcmV0
olcSyncUseSubentry: FALSE
olcMonitoring: FALSE
structuralObjectClass: olcDatabaseConfig
entryUUID: 6530e0e2-9721-102f-9565-4b8bb57ada73
creatorsName: cn=config
createTimestamp: 20101208141546Z
entryCSN: 20110128100718.624757Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20110128100718Z

dn: olcDatabase={1}monitor,cn=config
objectClass: olcDatabaseConfig
olcDatabase: {1}monitor
structuralObjectClass: olcDatabaseConfig
entryUUID: 6530ed6c-9721-102f-9568-4b8bb57ada73
creatorsName: cn=config
createTimestamp: 20101208141546Z
entryCSN: 20101208141546.777296Z#000000#000#000000
modifiersName: cn=config
modifyTimestamp: 20101208141546Z

dn: olcDatabase={2}mdb,cn=config
objectClass: top
objectClass: olcConfig
objectClass: olcMdbConfig
objectClass: olcDatabaseConfig
olcDatabase: {2}mdb
olcDbDirectory: /home/clement/Programmes/openldap/var/openldap-data-slave
olcHidden: FALSE
olcSuffix: dc=example,dc=com
olcAccess: {0}to * by * read
olcRootDN: cn=admin,dc=example,dc=com
olcRootPW:: c2VjcmV0
olcSyncrepl: {0}rid="001" provider="ldap://localhost"
type="refreshAndPersist"
  retry="5 5 300 +" bindmethod="simple"
binddn="uid=syncrepl,ou=applications,d
 c=example,dc=com" credentials="secret" searchbase="dc=example,dc=com"
olcDbIndex: entryCSN eq
olcDbIndex: entryUUID eq
olcDbIndex: objectClass eq
structuralObjectClass: olcMdbConfig
entryUUID: 3a5a3a6c-fa88-1032-97c4-41a0d18a7fa8
creatorsName: cn=config
createTimestamp: 20131216102611Z
entryCSN: 20131216152242.723529Z#000000#001#000000
modifiersName: cn=config
modifyTimestamp: 20131216152242Z

dn: olcOverlay={0}ppolicy,olcDatabase={2}mdb,cn=config
objectClass: top
objectClass: olcConfig
objectClass: olcOverlayConfig
objectClass: olcPPolicyConfig
olcOverlay: {0}ppolicy
olcPPolicyHashCleartext: TRUE
olcPPolicyUseLockout: TRUE
structuralObjectClass: olcPPolicyConfig
entryUUID: 00b639ac-faa4-1032-8310-931b03a585a9
creatorsName: cn=config
createTimestamp: 20131216134500Z
entryCSN: 20131216152202.409760Z#000000#001#000000
modifiersName: cn=config
modifyTimestamp: 20131216152202Z




And my password policy configuration entry :


dn: ou=default,ou=ppolicy,dc=example,dc=com
objectClass: organizationalUnit
objectClass: pwdPolicy
objectClass: top
ou: default
pwdAttribute: userPassword
pwdAllowUserChange: TRUE
pwdCheckQuality: 2
pwdExpireWarning: 86400
pwdFailureCountInterval: 0
pwdGraceAuthNLimit: 2
pwdInHistory: 4
pwdLockout: TRUE
pwdLockoutDuration: 86400
pwdMaxAge: 0
pwdMaxFailure: 4
pwdMinLength: 4
pwdMustChange: TRUE
pwdSafeModify: FALSE






And then the results of my test, comparing my entry on the master and on
the slave :



Initial state :

MASTER

dn: uid=coudot,ou=users,dc=example,dc=com
objectClass: extensibleObject
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: sambaSamAccount
objectClass: shadowAccount
objectClass: top
cn:: Q2zDqW1lbnQgT1VET1Q=
sambaSID: 0
sn: OUDOT
uid: coudot
givenName:: Q2zDqW1lbnQ=
mail: coudot@linagora.com
sambaLMPassword: 722AC01404A7515693031A439546F79D
sambaNTPassword: F71506856850C6660F143DA4F4E951BD
sambaPwdLastSet: 1338710046
shadowLastChange: 15494
userPassword:: e1NTSEF9WlNkOWF3YWpvbFpha0dSNUhWNEl1b1NzejVocUxwUGY=
createTimestamp: 20090526124109Z
creatorsName: cn=admin,dc=example,dc=com
entryCSN: 20131218124948.966740Z#000000#001#000000
entryDN: uid=coudot,ou=users,dc=example,dc=com
entryUUID: 3b806b5c-de3e-102d-9f1e-17f4deb9d5f8
hasSubordinates: FALSE
memberOf: cn=group1,ou=groups,dc=example,dc=com
memberOf: cn=group2,ou=groups,dc=example,dc=com
modifiersName: cn=admin,dc=example,dc=com
modifyTimestamp: 20131218124948Z
pwdChangedTime: 20131210111030Z
pwdHistory:: MjAxMzA2MDExMzI1MzlaIzEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjQwIzQ
 2I3tTU0hBfVNYVU92SUtsMGxaRFg4ejVRWkk1aVNyV2pidnVZSXNoakh3R1BRPT0=
pwdHistory:: MjAxMzA5MDMwNzI3MzNaIzEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjQwIzM
 4I3tTU0hBfWNjZXhPbTNhS21SRmpKWi9HNldxbWRQQnlEZlJtWWZ5
pwdHistory:: MjAxMzA5MDMwNzI3NTRaIzEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjQwIzQ
 2I3tTU0hBfXV5eW9mV29kbWJOYksyYXhOcHc5TTJCSjN6Wkxvam5TZnFYMXh3PT0=
pwdHistory:: MjAxMzEyMTAxMTEwMzBaIzEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjQwIzM
 4I3tTU0hBfXI3Qy9KWG9CUThYZFBmTlVzbHdmUkkwZEtsekZLellD
pwdPolicySubentry: ou=default,ou=ppolicy,dc=example,dc=com
structuralObjectClass: inetOrgPerson
subschemaSubentry: cn=Subschema



SLAVE

dn: uid=coudot,ou=users,dc=example,dc=com
objectClass: extensibleObject
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: sambaSamAccount
objectClass: shadowAccount
objectClass: top
cn:: Q2zDqW1lbnQgT1VET1Q=
sambaSID: 0
sn: OUDOT
uid: coudot
givenName:: Q2zDqW1lbnQ=
mail: coudot@linagora.com
sambaLMPassword: 722AC01404A7515693031A439546F79D
sambaNTPassword: F71506856850C6660F143DA4F4E951BD
sambaPwdLastSet: 1338710046
shadowLastChange: 15494
userPassword:: e1NTSEF9WlNkOWF3YWpvbFpha0dSNUhWNEl1b1NzejVocUxwUGY=
createTimestamp: 20090526124109Z
creatorsName: cn=admin,dc=example,dc=com
entryCSN: 20131218125024.885025Z#000000#001#000000
entryDN: uid=coudot,ou=users,dc=example,dc=com
entryUUID: 3b806b5c-de3e-102d-9f1e-17f4deb9d5f8
hasSubordinates: FALSE
memberOf: cn=group1,ou=groups,dc=example,dc=com
memberOf: cn=group2,ou=groups,dc=example,dc=com
modifiersName: cn=admin,dc=example,dc=com
modifyTimestamp: 20131218125024Z
pwdChangedTime: 20131210111030Z
pwdHistory:: MjAxMzA2MDExMzI1MzlaIzEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjQwIzQ
 2I3tTU0hBfVNYVU92SUtsMGxaRFg4ejVRWkk1aVNyV2pidnVZSXNoakh3R1BRPT0=
pwdHistory:: MjAxMzA5MDMwNzI3MzNaIzEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjQwIzM
 4I3tTU0hBfWNjZXhPbTNhS21SRmpKWi9HNldxbWRQQnlEZlJtWWZ5
pwdHistory:: MjAxMzA5MDMwNzI3NTRaIzEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjQwIzQ
 2I3tTU0hBfXV5eW9mV29kbWJOYksyYXhOcHc5TTJCSjN6Wkxvam5TZnFYMXh3PT0=
pwdHistory:: MjAxMzEyMTAxMTEwMzBaIzEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjQwIzM
 4I3tTU0hBfXI3Qy9KWG9CUThYZFBmTlVzbHdmUkkwZEtsekZLellD
pwdPolicySubentry: ou=default,ou=ppolicy,dc=example,dc=com
structuralObjectClass: inetOrgPerson
subschemaSubentry: cn=Subschema




After LOCK ON SLAVE with wrong authentications:


MASTER

dn: uid=coudot,ou=users,dc=example,dc=com
objectClass: extensibleObject
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: sambaSamAccount
objectClass: shadowAccount
objectClass: top
cn:: Q2zDqW1lbnQgT1VET1Q=
sambaSID: 0
sn: OUDOT
uid: coudot
givenName:: Q2zDqW1lbnQ=
mail: coudot@linagora.com
sambaLMPassword: 722AC01404A7515693031A439546F79D
sambaNTPassword: F71506856850C6660F143DA4F4E951BD
sambaPwdLastSet: 1338710046
shadowLastChange: 15494
userPassword:: e1NTSEF9WlNkOWF3YWpvbFpha0dSNUhWNEl1b1NzejVocUxwUGY=
createTimestamp: 20090526124109Z
creatorsName: cn=admin,dc=example,dc=com
entryCSN: 20131218125024.885025Z#000000#001#000000
entryDN: uid=coudot,ou=users,dc=example,dc=com
entryUUID: 3b806b5c-de3e-102d-9f1e-17f4deb9d5f8
hasSubordinates: FALSE
memberOf: cn=group1,ou=groups,dc=example,dc=com
memberOf: cn=group2,ou=groups,dc=example,dc=com
modifiersName: cn=admin,dc=example,dc=com
modifyTimestamp: 20131218125024Z
pwdChangedTime: 20131210111030Z
pwdHistory:: MjAxMzA2MDExMzI1MzlaIzEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjQwIzQ
 2I3tTU0hBfVNYVU92SUtsMGxaRFg4ejVRWkk1aVNyV2pidnVZSXNoakh3R1BRPT0=
pwdHistory:: MjAxMzA5MDMwNzI3MzNaIzEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjQwIzM
 4I3tTU0hBfWNjZXhPbTNhS21SRmpKWi9HNldxbWRQQnlEZlJtWWZ5
pwdHistory:: MjAxMzA5MDMwNzI3NTRaIzEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjQwIzQ
 2I3tTU0hBfXV5eW9mV29kbWJOYksyYXhOcHc5TTJCSjN6Wkxvam5TZnFYMXh3PT0=
pwdHistory:: MjAxMzEyMTAxMTEwMzBaIzEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjQwIzM
 4I3tTU0hBfXI3Qy9KWG9CUThYZFBmTlVzbHdmUkkwZEtsekZLellD
pwdPolicySubentry: ou=default,ou=ppolicy,dc=example,dc=com
structuralObjectClass: inetOrgPerson
subschemaSubentry: cn=Subschema

SLAVE


dn: uid=coudot,ou=users,dc=example,dc=com
objectClass: extensibleObject
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: sambaSamAccount
objectClass: shadowAccount
objectClass: top
cn:: Q2zDqW1lbnQgT1VET1Q=
sambaSID: 0
sn: OUDOT
uid: coudot
givenName:: Q2zDqW1lbnQ=
mail: coudot@linagora.com
sambaLMPassword: 722AC01404A7515693031A439546F79D
sambaNTPassword: F71506856850C6660F143DA4F4E951BD
sambaPwdLastSet: 1338710046
shadowLastChange: 15494
userPassword:: e1NTSEF9WlNkOWF3YWpvbFpha0dSNUhWNEl1b1NzejVocUxwUGY=
createTimestamp: 20090526124109Z
creatorsName: cn=admin,dc=example,dc=com
entryCSN: 20131218125024.885025Z#000000#001#000000
entryDN: uid=coudot,ou=users,dc=example,dc=com
entryUUID: 3b806b5c-de3e-102d-9f1e-17f4deb9d5f8
hasSubordinates: FALSE
memberOf: cn=group1,ou=groups,dc=example,dc=com
memberOf: cn=group2,ou=groups,dc=example,dc=com
modifiersName: cn=admin,dc=example,dc=com
modifyTimestamp: 20131218125024Z
pwdAccountLockedTime: 20131218125321Z
pwdChangedTime: 20131210111030Z
pwdFailureTime: 20131218125318Z
pwdFailureTime: 20131218125319Z
pwdFailureTime: 20131218125320Z
pwdFailureTime: 20131218125321Z
pwdHistory:: MjAxMzA2MDExMzI1MzlaIzEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjQwIzQ
 2I3tTU0hBfVNYVU92SUtsMGxaRFg4ejVRWkk1aVNyV2pidnVZSXNoakh3R1BRPT0=
pwdHistory:: MjAxMzA5MDMwNzI3MzNaIzEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjQwIzM
 4I3tTU0hBfWNjZXhPbTNhS21SRmpKWi9HNldxbWRQQnlEZlJtWWZ5
pwdHistory:: MjAxMzA5MDMwNzI3NTRaIzEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjQwIzQ
 2I3tTU0hBfXV5eW9mV29kbWJOYksyYXhOcHc5TTJCSjN6Wkxvam5TZnFYMXh3PT0=
pwdHistory:: MjAxMzEyMTAxMTEwMzBaIzEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjQwIzM
 4I3tTU0hBfXI3Qy9KWG9CUThYZFBmTlVzbHdmUkkwZEtsekZLellD
pwdPolicySubentry: ou=default,ou=ppolicy,dc=example,dc=com
structuralObjectClass: inetOrgPerson
subschemaSubentry: cn=Subschema




After Modify sn a first time on master :



MASTER

dn: uid=coudot,ou=users,dc=example,dc=com
objectClass: extensibleObject
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: sambaSamAccount
objectClass: shadowAccount
objectClass: top
cn:: Q2zDqW1lbnQgT1VET1Q=
sambaSID: 0
sn: OUDOT MODIFY 1
uid: coudot
givenName:: Q2zDqW1lbnQ=
mail: coudot@linagora.com
sambaLMPassword: 722AC01404A7515693031A439546F79D
sambaNTPassword: F71506856850C6660F143DA4F4E951BD
sambaPwdLastSet: 1338710046
shadowLastChange: 15494
userPassword:: e1NTSEF9WlNkOWF3YWpvbFpha0dSNUhWNEl1b1NzejVocUxwUGY=
createTimestamp: 20090526124109Z
creatorsName: cn=admin,dc=example,dc=com
entryCSN: 20131218125024.885025Z#000000#001#000000
entryDN: uid=coudot,ou=users,dc=example,dc=com
entryUUID: 3b806b5c-de3e-102d-9f1e-17f4deb9d5f8
hasSubordinates: FALSE
memberOf: cn=group1,ou=groups,dc=example,dc=com
memberOf: cn=group2,ou=groups,dc=example,dc=com
modifiersName: cn=admin,dc=example,dc=com
modifyTimestamp: 20131218125024Z
pwdChangedTime: 20131210111030Z
pwdHistory:: MjAxMzA2MDExMzI1MzlaIzEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjQwIzQ
 2I3tTU0hBfVNYVU92SUtsMGxaRFg4ejVRWkk1aVNyV2pidnVZSXNoakh3R1BRPT0=
pwdHistory:: MjAxMzA5MDMwNzI3MzNaIzEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjQwIzM
 4I3tTU0hBfWNjZXhPbTNhS21SRmpKWi9HNldxbWRQQnlEZlJtWWZ5
pwdHistory:: MjAxMzA5MDMwNzI3NTRaIzEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjQwIzQ
 2I3tTU0hBfXV5eW9mV29kbWJOYksyYXhOcHc5TTJCSjN6Wkxvam5TZnFYMXh3PT0=
pwdHistory:: MjAxMzEyMTAxMTEwMzBaIzEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjQwIzM
 4I3tTU0hBfXI3Qy9KWG9CUThYZFBmTlVzbHdmUkkwZEtsekZLellD
pwdPolicySubentry: ou=default,ou=ppolicy,dc=example,dc=com
structuralObjectClass: inetOrgPerson
subschemaSubentry: cn=Subschema



SLAVE

dn: uid=coudot,ou=users,dc=example,dc=com
objectClass: extensibleObject
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: sambaSamAccount
objectClass: shadowAccount
objectClass: top
cn:: Q2zDqW1lbnQgT1VET1Q=
sambaSID: 0
sn: OUDOT MODIFY 1
uid: coudot
givenName:: Q2zDqW1lbnQ=
mail: coudot@linagora.com
sambaLMPassword: 722AC01404A7515693031A439546F79D
sambaNTPassword: F71506856850C6660F143DA4F4E951BD
sambaPwdLastSet: 1338710046
shadowLastChange: 15494
userPassword:: e1NTSEF9WlNkOWF3YWpvbFpha0dSNUhWNEl1b1NzejVocUxwUGY=
createTimestamp: 20090526124109Z
creatorsName: cn=admin,dc=example,dc=com
entryCSN: 20131218125504.723903Z#000000#001#000000
entryDN: uid=coudot,ou=users,dc=example,dc=com
entryUUID: 3b806b5c-de3e-102d-9f1e-17f4deb9d5f8
hasSubordinates: FALSE
memberOf: cn=group1,ou=groups,dc=example,dc=com
memberOf: cn=group2,ou=groups,dc=example,dc=com
modifiersName: cn=admin,dc=example,dc=com
modifyTimestamp: 20131218125504Z
pwdAccountLockedTime: 20131218125321Z
pwdChangedTime: 20131210111030Z
pwdFailureTime: 20131218125318Z
pwdFailureTime: 20131218125319Z
pwdFailureTime: 20131218125320Z
pwdFailureTime: 20131218125321Z
pwdHistory:: MjAxMzA2MDExMzI1MzlaIzEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjQwIzQ
 2I3tTU0hBfVNYVU92SUtsMGxaRFg4ejVRWkk1aVNyV2pidnVZSXNoakh3R1BRPT0=
pwdHistory:: MjAxMzA5MDMwNzI3MzNaIzEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjQwIzM
 4I3tTU0hBfWNjZXhPbTNhS21SRmpKWi9HNldxbWRQQnlEZlJtWWZ5
pwdHistory:: MjAxMzA5MDMwNzI3NTRaIzEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjQwIzQ
 2I3tTU0hBfXV5eW9mV29kbWJOYksyYXhOcHc5TTJCSjN6Wkxvam5TZnFYMXh3PT0=
pwdHistory:: MjAxMzEyMTAxMTEwMzBaIzEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjQwIzM
 4I3tTU0hBfXI3Qy9KWG9CUThYZFBmTlVzbHdmUkkwZEtsekZLellD
pwdPolicySubentry: ou=default,ou=ppolicy,dc=example,dc=com
structuralObjectClass: inetOrgPerson
subschemaSubentry: cn=Subschema


After Modify sn a second time on master :


MASTER

dn: uid=coudot,ou=users,dc=example,dc=com
objectClass: extensibleObject
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: sambaSamAccount
objectClass: shadowAccount
objectClass: top
cn:: Q2zDqW1lbnQgT1VET1Q=
sambaSID: 0
sn: OUDOT MODIFY 2
uid: coudot
givenName:: Q2zDqW1lbnQ=
mail: coudot@linagora.com
sambaLMPassword: 722AC01404A7515693031A439546F79D
sambaNTPassword: F71506856850C6660F143DA4F4E951BD
sambaPwdLastSet: 1338710046
shadowLastChange: 15494
userPassword:: e1NTSEF9WlNkOWF3YWpvbFpha0dSNUhWNEl1b1NzejVocUxwUGY=
createTimestamp: 20090526124109Z
creatorsName: cn=admin,dc=example,dc=com
entryCSN: 20131218125705.495353Z#000000#001#000000
entryDN: uid=coudot,ou=users,dc=example,dc=com
entryUUID: 3b806b5c-de3e-102d-9f1e-17f4deb9d5f8
hasSubordinates: FALSE
memberOf: cn=group1,ou=groups,dc=example,dc=com
memberOf: cn=group2,ou=groups,dc=example,dc=com
modifiersName: cn=admin,dc=example,dc=com
modifyTimestamp: 20131218125705Z
pwdChangedTime: 20131210111030Z
pwdHistory:: MjAxMzA2MDExMzI1MzlaIzEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjQwIzQ
 2I3tTU0hBfVNYVU92SUtsMGxaRFg4ejVRWkk1aVNyV2pidnVZSXNoakh3R1BRPT0=
pwdHistory:: MjAxMzA5MDMwNzI3MzNaIzEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjQwIzM
 4I3tTU0hBfWNjZXhPbTNhS21SRmpKWi9HNldxbWRQQnlEZlJtWWZ5
pwdHistory:: MjAxMzA5MDMwNzI3NTRaIzEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjQwIzQ
 2I3tTU0hBfXV5eW9mV29kbWJOYksyYXhOcHc5TTJCSjN6Wkxvam5TZnFYMXh3PT0=
pwdHistory:: MjAxMzEyMTAxMTEwMzBaIzEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjQwIzM
 4I3tTU0hBfXI3Qy9KWG9CUThYZFBmTlVzbHdmUkkwZEtsekZLellD
pwdPolicySubentry: ou=default,ou=ppolicy,dc=example,dc=com
structuralObjectClass: inetOrgPerson
subschemaSubentry: cn=Subschema



SLAVE

dn: uid=coudot,ou=users,dc=example,dc=com
objectClass: extensibleObject
objectClass: inetOrgPerson
objectClass: organizationalPerson
objectClass: person
objectClass: sambaSamAccount
objectClass: shadowAccount
objectClass: top
cn:: Q2zDqW1lbnQgT1VET1Q=
sambaSID: 0
sn: OUDOT MODIFY 2
uid: coudot
givenName:: Q2zDqW1lbnQ=
mail: coudot@linagora.com
sambaLMPassword: 722AC01404A7515693031A439546F79D
sambaNTPassword: F71506856850C6660F143DA4F4E951BD
sambaPwdLastSet: 1338710046
shadowLastChange: 15494
userPassword:: e1NTSEF9WlNkOWF3YWpvbFpha0dSNUhWNEl1b1NzejVocUxwUGY=
createTimestamp: 20090526124109Z
creatorsName: cn=admin,dc=example,dc=com
entryCSN: 20131218125705.495353Z#000000#001#000000
entryDN: uid=coudot,ou=users,dc=example,dc=com
entryUUID: 3b806b5c-de3e-102d-9f1e-17f4deb9d5f8
hasSubordinates: FALSE
memberOf: cn=group1,ou=groups,dc=example,dc=com
memberOf: cn=group2,ou=groups,dc=example,dc=com
modifiersName: cn=admin,dc=example,dc=com
modifyTimestamp: 20131218125705Z
pwdChangedTime: 20131210111030Z
pwdHistory:: MjAxMzA2MDExMzI1MzlaIzEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjQwIzQ
 2I3tTU0hBfVNYVU92SUtsMGxaRFg4ejVRWkk1aVNyV2pidnVZSXNoakh3R1BRPT0=
pwdHistory:: MjAxMzA5MDMwNzI3MzNaIzEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjQwIzM
 4I3tTU0hBfWNjZXhPbTNhS21SRmpKWi9HNldxbWRQQnlEZlJtWWZ5
pwdHistory:: MjAxMzA5MDMwNzI3NTRaIzEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjQwIzQ
 2I3tTU0hBfXV5eW9mV29kbWJOYksyYXhOcHc5TTJCSjN6Wkxvam5TZnFYMXh3PT0=
pwdHistory:: MjAxMzEyMTAxMTEwMzBaIzEuMy42LjEuNC4xLjE0NjYuMTE1LjEyMS4xLjQwIzM
 4I3tTU0hBfXI3Qy9KWG9CUThYZFBmTlVzbHdmUkkwZEtsekZLellD
pwdPolicySubentry: ou=default,ou=ppolicy,dc=example,dc=com
structuralObjectClass: inetOrgPerson
subschemaSubentry: cn=Subschema




Clément.



















>
> Greetings
> Christian
>


-- 
Clément OUDOT
Responsable LinID - http://linid.org

LINAGORA Rhône-Alpes
65 boulevard Vivier Merle
69003 Lyon
Mobile: +33 6 43 68 74 60
Tel: +33 4 84 25 23 21


------------------

Le présent courriel contient des informations confidentielles appartenant à Linagora, exclusivement destinées au(x) destinataire(s) identifié(s) ci-dessus. Si vous n'en faites pas partie, toute reproduction, distribution ou divulgation de tout ou partie des informations de cette transmission, ou toute action effectuée sur la base de celles-ci vous sont formellement interdites.
Si vous avez reçu cette transmission par erreur, nous vous remercions de nous en avertir et de la détruire de votre système d'information.

The present transmission contains privileged and confidential information belonging to Linagora, exclusively intended for the recipient(s) thereabove identified. If you are not one of these aforementioned recipients, any reproduction, distribution, disclosure of said information in whole or in part, as well as any action undertaken on the basis of said information are strictly prohibited. If you received the present transmission by mistake, please inform us and destroy it from your messenging and information systems.

Comment 5 Clément OUDOT 2013-12-18 14:34:05 UTC
2013/12/18 <ck@cksoft.de>

>   This message is in MIME format.  The first part should be readable text,
>   while the remaining parts are likely unreadable without MIME-aware tools.
>
> --4178219828-444410844-1387368134=:27797
> Content-Type: TEXT/PLAIN; charset=UTF-8; format=flowed
> Content-Transfer-Encoding: 8BIT
>
> Hi,
>
> On Wed, 18 Dec 2013, Clément OUDOT wrote:
> <snipp/>
> > Well, I checked that the pwdLockoutDuration was correctly set (The value
> > in my case is 1200, so 20 minutes, much more than my tests). Other
> > proof, the values of pwdFailureTime are not erased, but replaced by
> > those of the master.
> >
> >
> >> It is of course also quite possible that you have hit a special corner
> >> case that nobody else has yet found.
> >
> >
> > I think so. I have to say that I use standard syncrepl, not
> delta-syncrepl.
> >
> >
> >>
> >> The best thing you could do would be to setup a small self contained
> >> test case to illustrate the problem.
> >>
> >
> > I will try to, but seems really easy to reproduce : configure master and
> > slave with ppolicy, lock an account in slave, update same account on
> > master (change description) a first time and a second time.
>
> are you sure the account lock actually arrives on the master ?
>
> Are you using olcPPolicyForwardUpdates to actually get the account
> locked on the master and not only on the slaves ?
>
> If you do not have all the lock attributes on the master and you modify
> the entry it will get replaced on the slaves.
>
> Can you post your master and slave configs somewhere ?
>
>

I sent it by mail but I think it is too big and queued. So here is all
configuration and test result:

http://pastebin.com/earKiHnH

Clément.
Comment 6 Christian Kratzer 2013-12-19 08:53:08 UTC
Hi,

On Wed, 18 Dec 2013, Clément OUDOT wrote:
<snipp/>
> I sent it by mail but I think it is too big and queued. So here is all
> configuration and test result:
>
> http://pastebin.com/earKiHnH

I have not worked trhough all your examples and configs yet as I am
travelling at the moment but things seem quite clear to me.

The password lock from you slaves never arrives on your master as you
have not configured referrals or any other kind of replication of state
from your slave to your master.

That means the data on the masters and the slaves is inconsistent.

As syncrepl as you use it always replaces the entire entry any changes
from the master will complelete overrite anything on the slaves.

There is no merging of data in syncrepl.

This is working as designed and is not a bug by my understanding.

You have at least following two options from what I see:

1.  configure referrals and chaining so password locks etc... on the slave
     get forwarded to the masters and replicated back to the slave.

     This means that you need to configure lcPPolicyForwardUpdates: TRUE
     and chaining on your slave.

2.  configure multimaster replication so password locks get replicated
     to your master.

You should close this ITS and we can discuss anything further on the
regular mailing lists.

Greetings
Christian

-- 
Christian Kratzer                      CK Software GmbH
Email:   ck@cksoft.de                  Wildberger Weg 24/2
Phone:   +49 7032 893 997 - 0          D-71126 Gaeufelden
Fax:     +49 7032 893 997 - 9          HRB 245288, Amtsgericht Stuttgart
Web:     http://www.cksoft.de/         Geschaeftsfuehrer: Christian Kratzer
Comment 7 Clément OUDOT 2013-12-19 14:02:33 UTC
2013/12/19 Christian Kratzer <ck@cksoft.de>

> Hi,
>
> On Wed, 18 Dec 2013, Clément OUDOT wrote:
> <snipp/>
>
>> I sent it by mail but I think it is too big and queued. So here is all
>>
>> configuration and test result:
>>
>> http://pastebin.com/earKiHnH
>>
>
> I have not worked trhough all your examples and configs yet as I am
> travelling at the moment but things seem quite clear to me.
>


>
> The password lock from you slaves never arrives on your master as you
> have not configured referrals or any other kind of replication of state
> from your slave to your master.
>
> That means the data on the masters and the slaves is inconsistent.
>
> As syncrepl as you use it always replaces the entire entry any changes
> from the master will complelete overrite anything on the slaves.
>
> There is no merging of data in syncrepl.
>



If you take time to read all I sent, you will see that a first modification
on the master DO NOT modifiy ppolicy attributes on the slave, the second
modification do. Whatever you think, there is a bug here.



If you read with caution the ppolicy draft, you will see that
pwdAccountLockedTime and some other attributes SHOULD NOT be replicated on
read-only replicas.



>
> This is working as designed and is not a bug by my understanding.
>
>

We disagree a lot on this point.




> You have at least following two options from what I see:
>
> 1.  configure referrals and chaining so password locks etc... on the slave
>     get forwarded to the masters and replicated back to the slave.
>
>     This means that you need to configure lcPPolicyForwardUpdates: TRUE
>     and chaining on your slave.
>


I tested it with success (almost, see ITS#7767 and ITS#7768)


>
> 2.  configure multimaster replication so password locks get replicated
>     to your master.
>
>

I did not test if the bug occurs in multimaster, but I think not.



> You should close this ITS and we can discuss anything further on the
> regular mailing lists.
>
>



As said above, I am pretty sure there is a bug. Maybe an OpenLDAP developer
should give its opinion on this ITS.


Clément.
Comment 8 Quanah Gibson-Mount 2020-03-20 17:52:40 UTC
Ondrej, can you look at this one?
Comment 9 Quanah Gibson-Mount 2021-01-14 18:25:08 UTC
Ondrej to investigate.
Comment 10 Ondřej Kuzník 2021-01-21 15:49:40 UTC
syncrepl_diff_entry() doesn't work if either entry has extra attributes at the end, which are ignored when we stop once the "while ( old && new )" check fails. Those do not make it into the diff.

In the above case, some operational attributes are modified (at least entryCSN will) so they're moved to the end so the ppolicy parameters are picked up the second time.
Comment 11 Quanah Gibson-Mount 2021-01-28 22:08:41 UTC
Commits: 
  • 84db7cb2 
by Ondřej Kuzník at 2021-01-28T20:59:17+00:00 
ITS#7766 Include all relevant attributes in diff
Comment 12 Quanah Gibson-Mount 2021-02-01 17:20:35 UTC
Commits: 
  • 4da575d4 
by Ondřej Kuzník at 2021-02-01T16:51:56+00:00 
ITS#7766 Fix previous commit