Re: Debian LDAP Schema

Wed, 25 Apr 2001 06:27:17 -0500 

On Wednesday 25 April 2001 12:45, Stephane Bortzmeyer wrote:
>  a message of 35 lines which said:
> > Wichert, some time ago you were talking about the possibility of getting
> > an ISO number assigned to Debian so we can create our own official LDAP
> > schema. Has there been any progress on this issue?  If not then what has
> > to be done?
>
> Getting a number is just a matter of two mail exchanges with IANA. It
> is quite simple and takes a few days. I can do it, if you wish.

I've just received a message from Wichert informing me that this is already 
under way.

> PS: where can I find the current Debian schema?

AFAIK there isn't one (yet).

How about the following as a start:


# These object classes and attributes are rooted at OID
# DEBIAN for the Debian project

attributetype ( DEBIAN.xx NAME 'ipAllowedClients'
        DESC 'IP address or IP address range (either CIDR or 
1.2.3.4-1.2.3.100 range allowed to connect'
        EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} )
attributetype ( DEBIAN.xx NAME 'ipDeniedClients'
        DESC 'IP address or IP address range (either CIDR or 
1.2.3.4-1.2.3.100 range not allowed to connect'
        EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} )
attributetype ( DEBIAN.xx
        NAME ( 'allowedService' )
        DESC 'Service that this object allows access to, suggested values 
include "FTP", "SSH", "HTTP", or other names from /etc/services, or "ALL"'
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
attributetype ( DEBIAN.xx
        NAME ( 'deniedService' )
        DESC 'Service that this object denies access to, suggested values 
include "FTP", "SSH", "HTTP", or other names from /etc/services, or "ALL"'
        EQUALITY caseIgnoreMatch
        SUBSTR caseIgnoreSubstringsMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )


objectclass ( DEBIAN.xx
        NAME 'networkSecurity'
        DESC 'A security object to specify the access that a user has to 
network services, or the access that a server program provides to the world.'
        SUP top
        MAY ( ipAllowedClients $ ipDeniedClients $ allowedService $ 
deniedService )


Is this the right list for such things?  Is there a more appropriate list?

-- 
http://www.coker.com.au/bonnie++/     Bonnie++ hard drive benchmark
http://www.coker.com.au/postal/       Postal SMTP/POP benchmark
http://www.coker.com.au/projects.html Projects I am working on
http://www.coker.com.au/~russell/     My home page

Reply via email to