diff --git a/data/00-cmp.ldif b/data/00-cmp.ldif deleted file mode 100644 index 15156bb..0000000 --- a/data/00-cmp.ldif +++ /dev/null @@ -1,83 +0,0 @@ -dn: o=University of Michigan, c=US -objectclass: top -objectclass: organization -objectclass: domainRelatedObject -objectclass: quipuObject -objectclass: quipuNonLeafObject -l: Ann Arbor, Michigan -st: Michigan -streetaddress: 535 West William St. -o: University of Michigan -o: UMICH -o: UM -o: U-M -o: U of M -description: The University of Michigan at Ann Arbor -postaladdress: University of Michigan $ 535 W. William St. $ Ann Arbor, MI 481 - 09 $ USpostalcode: 48109 -telephonenumber: +1 313 764-1817 -lastmodifiedtime: 930106182800Z -lastmodifiedby: cn=manager, o=university of michigan, c=US -associateddomain: umich.edu - -dn: ou=People, o=University of Michigan, c=US -objectclass: top -objectclass: organizationalUnit -objectclass: quipuObject -objectclass: quipuNonLeafObject -ou: People - -dn: ou=Groups, o=University of Michigan, c=US -objectclass: top -objectclass: organizationalUnit -objectclass: quipuObject -objectclass: quipuNonLeafObject -ou: Groups -lastmodifiedtime: 950120182331Z -lastmodifiedby: cn=manager, o=university of michigan, c=US - -dn: ou=Alumni Association, ou=People, o=University of Michigan, c=US -objectclass: top -objectclass: organizationalUnit -objectclass: quipuObject -objectclass: quipuNonLeafObject -ou: Alumni Association - -dn: ou=Information Technology Division, ou=People, o=University of Michigan, c - =US -objectclass: top -objectclass: organizationalUnit -objectclass: quipuObject -objectclass: quipuNonLeafObject -ou: Information Technology Divisio - -dn: cn=All Staff,ou=Groups,o=University of Michigan,c=US -member: cn=Manager, o=University of Michigan, c=US -member: cn=Barbara Jensen, ou=Information Technology Division, ou=People, o=Un - iversity of Michigan, c=US -member: cn=Jane Doe, ou=Alumni Association, ou=People, o=University of Michiga - n, c=US -member: cn=John Doe, ou=Information Technology Division, ou=People, o=Universi - ty of Michigan, c=US -member: cn=Mark Elliot, ou=Alumni Association, ou=People, o=University of Mich - igan, c=US -member: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=James A Jones 2, ou=Information Technology Division, ou=People, o=U - niversity of Michigan, c=US -member: cn=Jennifer Smith, ou=Alumni Association, ou=People, o=University of M - ichigan, c=US -member: cn=Dorothy Stevens, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=Ursula Hampster, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, o=Univ - ersity of Michigan, c=US -associateddomain: umich.edu -requeststo: cn=Manager, o=University of Michigan, c=US -errorsto: cn=Manager, o=University of Michigan, c=US -owner: cn=Manager, o=University of Michigan, c=US -cn: All Staff -joinable: FALSE -multi-linedescription: Everyone in the sample data -objectclass: rfc822mailgroup diff --git a/data/00-cmp2.ldif b/data/00-cmp2.ldif deleted file mode 100644 index e9e6b4f..0000000 --- a/data/00-cmp2.ldif +++ /dev/null @@ -1,49 +0,0 @@ -dn: o=University of Michigan, c=US -l: Ann Arbor, Michigan -st: Michigan -streetaddress: 535 West William St. -o: University of Michigan -o: UMICH -o: U-M -o: U of M -description: The University of Michigan at Ann Arbor -postaladdress: University of Michigan $ 535 W. William St. $ Ann Arbor, MI 481 - 09 $ USpostalcode: 48109 -telephonenumber: 911 -lastmodifiedtime: 930106182800Z -lastmodifiedby: cn=manager, o=university of michigan, c=US -associateddomain: umich.edu -counting: one -counting: two -counting: three -first: 1 -first: 2 -first: 3 -second: a -second: b -second: c - -dn: o=University of Michigan, c=US -changetype: modify -delete: objectclass -- -delete: o -o: UM -- -add: counting -counting: one -counting: two -counting: three -- -add: first -first: 1 -first: 2 -first: 3 -- -add: second -second: a -second: b -second: c -- -replace: telephonenumber -telephonenumber: 911 diff --git a/data/00-in.ldif b/data/00-in.ldif deleted file mode 100644 index c61ce9c..0000000 --- a/data/00-in.ldif +++ /dev/null @@ -1,84 +0,0 @@ -version: 1 -dn: o=University of Michigan, c=US -objectclass: top -objectclass: organization -objectclass: domainRelatedObject -objectclass: quipuObject -objectclass: quipuNonLeafObject -l: Ann Arbor, Michigan -st: Michigan -streetaddress: 535 West William St. -o: University of Michigan -o: UMICH -o: UM -o: U-M -o: U of M -description: The University of Michigan at Ann Arbor -postaladdress: University of Michigan $ 535 W. William St. $ Ann Arbor, MI 481 - 09 $ USpostalcode: 48109 -telephonenumber: +1 313 764-1817 -lastmodifiedtime: 930106182800Z -lastmodifiedby: cn=manager, o=university of michigan, c=US -associateddomain: umich.edu - -dn: ou=People, o=University of Michigan, c=US -objectclass: top -objectclass: organizationalUnit -objectclass: quipuObject -objectclass: quipuNonLeafObject -ou: People - -dn: ou=Groups, o=University of Michigan, c=US -objectclass: top -objectclass: organizationalUnit -objectclass: quipuObject -objectclass: quipuNonLeafObject -ou: Groups -lastmodifiedtime: 950120182331Z -lastmodifiedby: cn=manager, o=university of michigan, c=US - -dn: ou=Alumni Association, ou=People, o=University of Michigan, c=US -objectclass: top -objectclass: organizationalUnit -objectclass: quipuObject -objectclass: quipuNonLeafObject -ou: Alumni Association - -dn: ou=Information Technology Division, ou=People, o=University of Michigan, c - =US -objectclass: top -objectclass: organizationalUnit -objectclass: quipuObject -objectclass: quipuNonLeafObject -ou: Information Technology Divisio - -dn: cn=All Staff,ou=Groups,o=University of Michigan,c=US -member: cn=Manager, o=University of Michigan, c=US -member: cn=Barbara Jensen, ou=Information Technology Division, ou=People, o=Un - iversity of Michigan, c=US -member: cn=Jane Doe, ou=Alumni Association, ou=People, o=University of Michiga - n, c=US -member: cn=John Doe, ou=Information Technology Division, ou=People, o=Universi - ty of Michigan, c=US -member: cn=Mark Elliot, ou=Alumni Association, ou=People, o=University of Mich - igan, c=US -member: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=James A Jones 2, ou=Information Technology Division, ou=People, o=U - niversity of Michigan, c=US -member: cn=Jennifer Smith, ou=Alumni Association, ou=People, o=University of M - ichigan, c=US -member: cn=Dorothy Stevens, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=Ursula Hampster, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, o=Univ - ersity of Michigan, c=US -associateddomain: umich.edu -requeststo: cn=Manager, o=University of Michigan, c=US -errorsto: cn=Manager, o=University of Michigan, c=US -owner: cn=Manager, o=University of Michigan, c=US -cn: All Staff -joinable: FALSE -multi-linedescription: Everyone in the sample data -objectclass: rfc822mailgroup diff --git a/data/50-cmp.ldif b/data/50-cmp.ldif deleted file mode 100644 index d7c51f5..0000000 --- a/data/50-cmp.ldif +++ /dev/null @@ -1,313 +0,0 @@ -dn: o=University of Michigan, c=US -objectclass: top -objectclass: organization -objectclass: domainRelatedObject -l: Ann Arbor, Michigan -st: Michigan -o: University of Michigan -o: UMICH -o: UM -o: U-M -o: U of M -description: The University of Michigan at Ann Arbor -postaladdress: University of Michigan $ 535 W. William St. $ Ann Arbor, MI 481 - 09 $ US -telephonenumber: +1 313 764-1817 -associateddomain: umich.edu - -dn: cn=Manager, o=University of Michigan, c=US -objectclass: top -objectclass: person -cn: Manager -cn: Directory Manager -cn: Dir Man -sn: Manager -description: Manager of the directory -userpassword: secret - -dn: ou=Groups, o=University of Michigan, c=US -objectclass: top -objectclass: organizationalUnit -ou: Groups - -dn: cn=All Staff,ou=Groups,o=University of Michigan,c=US -member: cn=Manager, o=University of Michigan, c=US -member: cn=Barbara Jensen, ou=Information Technology Division, ou=People, o=Un - iversity of Michigan, c=US -member: cn=Jane Doe, ou=Alumni Association, ou=People, o=University of Michiga - n, c=US -member: cn=John Doe, ou=Information Technology Division, ou=People, o=Universi - ty of Michigan, c=US -member: cn=Mark Elliot, ou=Alumni Association, ou=People, o=University of Mich - igan, c=US -member: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=James A Jones 2, ou=Information Technology Division, ou=People, o=U - niversity of Michigan, c=US -member: cn=Jennifer Smith, ou=Alumni Association, ou=People, o=University of M - ichigan, c=US -member: cn=Dorothy Stevens, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=Ursula Hampster, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, o=Univ - ersity of Michigan, c=US -owner: cn=Manager, o=University of Michigan, c=US -cn: All Staff -description: Everyone in the sample data -objectclass: groupofnames - -dn: cn=Alumni Assoc Staff,ou=Groups,o=University of Michigan,c=US -member: cn=Manager, o=University of Michigan, c=US -member: cn=Dorothy Stevens, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=Jane Doe, ou=Alumni Association, ou=People, o=University of Michiga - n, c=US -member: cn=Jennifer Smith, ou=Alumni Association, ou=People, o=University of M - ichigan, c=US -member: cn=Mark Elliot, ou=Alumni Association, ou=People, o=University of Mich - igan, c=US -member: cn=Ursula Hampster, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -owner: cn=Manager, o=University of Michigan, c=US -description: All Alumni Assoc Staff -cn: Alumni Assoc Staff -objectclass: groupofnames - -dn: cn=ITD Staff,ou=Groups,o=University of Michigan,c=US -owner: cn=Manager, o=University of Michigan, c=US -description: All ITD Staff -cn: ITD Staff -objectclass: groupofnames -member: cn=Manager, o=University of Michigan, c=US -member: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, o=Univ - ersity of Michigan, c=US -member: cn=James A Jones 2, ou=Information Technology Division, ou=People, o=U - niversity of Michigan, c=US -member: cn=John Doe, ou=Information Technology Division, ou=People, o=Universi - ty of Michigan, c=US - -dn: ou=People, o=University of Michigan, c=US -objectclass: top -objectclass: organizationalUnit -ou: People - -dn: ou=Alumni Association, ou=People, o=University of Michigan, c=US -objectclass: top -objectclass: organizationalUnit -ou: Alumni Association - -dn: cn=Dorothy Stevens, ou=Alumni Association, ou=People, o=University of Mich - igan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Dorothy Stevens -cn: Dot Stevens -sn: Stevens -title: Secretary, UM Alumni Association -postaladdress: Alumni Association $ 111 Maple St $ Ann Arbor, MI 48109 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -drink: Lemonade -homepostaladdress: 377 White St. Apt. 3 $ Ann Arbor, MI 48104 -description: Very tall -facsimiletelephonenumber: +1 313 555 3223 -telephonenumber: +1 313 555 3664 -mail: dots@mail.alumni.umich.edu -homephone: +1 313 555 0454 - -dn: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of Mich - igan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: James A Jones 1 -cn: James Jones -cn: Jim Jones -sn: Jones -postaladdress: Alumni Association $ 111 Maple St $ Ann Arbor, MI 48109 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -userpassword: jaj -homepostaladdress: 3882 Beverly Rd. $ Ann Arbor, MI 48105 -homephone: +1 313 555 4772 -description: Outstanding -title: Mad Cow Researcher, UM Alumni Association -pager: +1 313 555 3923 -mail: jaj@mail.alumni.umich.edu -facsimiletelephonenumber: +1 313 555 4332 -telephonenumber: +1 313 555 0895 - -dn: cn=Jane Doe, ou=Alumni Association, ou=People, o=University of Michigan, c - =US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Jane Doe -cn: Jane Alverson -sn: Doe -title: Programmer Analyst, UM Alumni Association -postaladdress: Alumni Association $ 111 Maple St $ Ann Arbor, MI 48109 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -homepostaladdress: 123 Anystreet $ Ann Arbor, MI 48104 -drink: diet coke -description: Enthusiastic -mail: jdoe@woof.net -homephone: +1 313 555 5445 -pager: +1 313 555 1220 -facsimiletelephonenumber: +1 313 555 2311 -telephonenumber: +1 313 555 4774 - -dn: cn=Jennifer Smith, ou=Alumni Association, ou=People, o=University of Michi - gan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Jennifer Smith -cn: Jen Smith -sn: Smith -postaladdress: Alumni Association $ 111 Maple St $ Ann Arbor, MI 48109 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -drink: Sam Adams -homepostaladdress: 1000 Maple #44 $ Ann Arbor, MI 48103 -title: Telemarketer, UM Alumni Association -mail: jen@mail.alumni.umich.edu -homephone: +1 313 555 2333 -pager: +1 313 555 6442 -facsimiletelephonenumber: +1 313 555 2756 -telephonenumber: +1 313 555 8232 - -dn: cn=Mark Elliot, ou=Alumni Association, ou=People, o=University of Michigan - , c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Mark Elliot -cn: Mark A Elliot -sn: Elliot -postaladdress: Alumni Association $ 111 Maple St $ Ann Arbor, MI 48109 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -homepostaladdress: 199 Outer Drive $ Ypsilanti, MI 48198 -homephone: +1 313 555 0388 -drink: Gasoline -title: Director, UM Alumni Association -mail: melliot@mail.alumni.umich.edu -pager: +1 313 555 7671 -facsimiletelephonenumber: +1 313 555 7762 -telephonenumber: +1 313 555 4177 - -dn: cn=Ursula Hampster, ou=Alumni Association, ou=People, o=University of Mich - igan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Ursula Hampster -sn: Hampster -title: Secretary, UM Alumni Association -postaladdress: Alumni Association $ 111 Maple St $ Ann Arbor, MI 48109 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -homepostaladdress: 123 Anystreet $ Ann Arbor, MI 48104 -mail: uham@mail.alumni.umich.edu -homephone: +1 313 555 8421 -pager: +1 313 555 2844 -facsimiletelephonenumber: +1 313 555 9700 -telephonenumber: +1 313 555 5331 - -dn: ou=Information Technology Division, ou=People, o=University of Michigan, c - =US -objectclass: top -objectclass: organizationalUnit -ou: Information Technology Divisio - -dn: cn=Barbara Jensen, ou=Information Technology Division, ou=People, o=Univer - sity of Michigan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Barbara Jensen -cn: Babs Jensen -sn: Jensen -title: Mythical Manager, Research Systems -postaladdress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Ann - Arbor, MI 48103-4943 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -userpassword: bjensen -mail: bjensen@mailgw.umich.edu -homepostaladdress: 123 Wesley $ Ann Arbor, MI 48103 -description: Mythical manager of the rsdd unix project -drink: water -homephone: +1 313 555 2333 -pager: +1 313 555 3233 -facsimiletelephonenumber: +1 313 555 2274 -telephonenumber: +1 313 555 9022 - -dn: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, o=Universi - ty of Michigan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Bjorn Jensen -cn: Biiff Jensen -sn: Jensen -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -userpassword: bjorn -homepostaladdress: 19923 Seven Mile Rd. $ South Lyon, MI 49999 -drink: Iced Tea -description: Hiker, biker -title: Director, Embedded Systems -postaladdress: Info Tech Division $ 535 W. William St. $ Ann Arbor, MI 48103 -mail: bjorn@mailgw.umich.edu -homephone: +1 313 555 5444 -pager: +1 313 555 4474 -facsimiletelephonenumber: +1 313 555 2177 -telephonenumber: +1 313 555 0355 - -dn: cn=James A Jones 2, ou=Information Technology Division, ou=People, o=Unive - rsity of Michigan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: James A Jones 2 -cn: James Jones -cn: Jim Jones -sn: Doe -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -homepostaladdress: 933 Brooks $ Ann Arbor, MI 48104 -homephone: +1 313 555 8838 -title: Senior Manager, Information Technology Division -description: Not around very much -mail: jjones@mailgw.umich.edu -postaladdress: Info Tech Division $ 535 W William $ Ann Arbor, MI 48103 -pager: +1 313 555 2833 -facsimiletelephonenumber: +1 313 555 8688 -telephonenumber: +1 313 555 7334 - -dn: cn=John Doe, ou=Information Technology Division, ou=People, o=University o - f Michigan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: John Doe -cn: Jonathon Doe -sn: Doe -postaladdress: ITD $ 535 W. William $ Ann Arbor, MI 48109 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -homepostaladdress: 912 East Bllvd $ Ann Arbor, MI 48104 -title: System Administrator, Information Technology Division -description: overworked! -mail: johnd@mailgw.umich.edu -homephone: +1 313 555 3774 -pager: +1 313 555 6573 -facsimiletelephonenumber: +1 313 555 4544 -telephonenumber: +1 313 555 9394 diff --git a/data/50-in.ldif b/data/50-in.ldif deleted file mode 100644 index fdaab5d..0000000 --- a/data/50-in.ldif +++ /dev/null @@ -1,313 +0,0 @@ -dn: o=University of Michigan, c=US -objectclass: top -objectclass: organization -objectclass: domainRelatedObject -l: Ann Arbor, Michigan -st: Michigan -o: University of Michigan -o: UMICH -o: UM -o: U-M -o: U of M -description: The University of Michigan at Ann Arbor -postaladdress: University of Michigan $ 535 W. William St. $ Ann Arbor, MI 481 - 09 $ US -telephonenumber: +1 313 764-1817 -associateddomain: umich.edu - -dn: ou=People, o=University of Michigan, c=US -objectclass: top -objectclass: organizationalUnit -ou: People - -dn: ou=Groups, o=University of Michigan, c=US -objectclass: top -objectclass: organizationalUnit -ou: Groups - -dn: ou=Alumni Association, ou=People, o=University of Michigan, c=US -objectclass: top -objectclass: organizationalUnit -ou: Alumni Association - -dn: ou=Information Technology Division, ou=People, o=University of Michigan, c - =US -objectclass: top -objectclass: organizationalUnit -ou: Information Technology Divisio - -dn: cn=All Staff,ou=Groups,o=University of Michigan,c=US -member: cn=Manager, o=University of Michigan, c=US -member: cn=Barbara Jensen, ou=Information Technology Division, ou=People, o=Un - iversity of Michigan, c=US -member: cn=Jane Doe, ou=Alumni Association, ou=People, o=University of Michiga - n, c=US -member: cn=John Doe, ou=Information Technology Division, ou=People, o=Universi - ty of Michigan, c=US -member: cn=Mark Elliot, ou=Alumni Association, ou=People, o=University of Mich - igan, c=US -member: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=James A Jones 2, ou=Information Technology Division, ou=People, o=U - niversity of Michigan, c=US -member: cn=Jennifer Smith, ou=Alumni Association, ou=People, o=University of M - ichigan, c=US -member: cn=Dorothy Stevens, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=Ursula Hampster, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, o=Univ - ersity of Michigan, c=US -owner: cn=Manager, o=University of Michigan, c=US -cn: All Staff -description: Everyone in the sample data -objectclass: groupofnames - -dn: cn=Alumni Assoc Staff,ou=Groups,o=University of Michigan,c=US -member: cn=Manager, o=University of Michigan, c=US -member: cn=Dorothy Stevens, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=Jane Doe, ou=Alumni Association, ou=People, o=University of Michiga - n, c=US -member: cn=Jennifer Smith, ou=Alumni Association, ou=People, o=University of M - ichigan, c=US -member: cn=Mark Elliot, ou=Alumni Association, ou=People, o=University of Mich - igan, c=US -member: cn=Ursula Hampster, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -owner: cn=Manager, o=University of Michigan, c=US -description: All Alumni Assoc Staff -cn: Alumni Assoc Staff -objectclass: groupofnames - -dn: cn=Barbara Jensen, ou=Information Technology Division, ou=People, o=Univer - sity of Michigan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Barbara Jensen -cn: Babs Jensen -sn: Jensen -title: Mythical Manager, Research Systems -postaladdress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Ann - Arbor, MI 48103-4943 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -userpassword:: YmplbnNlbg== -mail: bjensen@mailgw.umich.edu -homepostaladdress: 123 Wesley $ Ann Arbor, MI 48103 -description: Mythical manager of the rsdd unix project -drink: water -homephone: +1 313 555 2333 -pager: +1 313 555 3233 -facsimiletelephonenumber: +1 313 555 2274 -telephonenumber: +1 313 555 9022 - -dn: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, o=Universi - ty of Michigan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Bjorn Jensen -cn: Biiff Jensen -sn: Jensen -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -userpassword:: Ympvcm4= -homepostaladdress: 19923 Seven Mile Rd. $ South Lyon, MI 49999 -drink: Iced Tea -description: Hiker, biker -title: Director, Embedded Systems -postaladdress: Info Tech Division $ 535 W. William St. $ Ann Arbor, MI 48103 -mail: bjorn@mailgw.umich.edu -homephone: +1 313 555 5444 -pager: +1 313 555 4474 -facsimiletelephonenumber: +1 313 555 2177 -telephonenumber: +1 313 555 0355 - -dn: cn=Dorothy Stevens, ou=Alumni Association, ou=People, o=University of Mich - igan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Dorothy Stevens -cn: Dot Stevens -sn: Stevens -title: Secretary, UM Alumni Association -postaladdress: Alumni Association $ 111 Maple St $ Ann Arbor, MI 48109 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -drink: Lemonade -homepostaladdress: 377 White St. Apt. 3 $ Ann Arbor, MI 48104 -description: Very tall -facsimiletelephonenumber: +1 313 555 3223 -telephonenumber: +1 313 555 3664 -mail: dots@mail.alumni.umich.edu -homephone: +1 313 555 0454 - -dn: cn=ITD Staff,ou=Groups,o=University of Michigan,c=US -owner: cn=Manager, o=University of Michigan, c=US -description: All ITD Staff -cn: ITD Staff -objectclass: groupofnames -member: cn=Manager, o=University of Michigan, c=US -member: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, o=Univ - ersity of Michigan, c=US -member: cn=James A Jones 2, ou=Information Technology Division, ou=People, o=U - niversity of Michigan, c=US -member: cn=John Doe, ou=Information Technology Division, ou=People, o=Universi - ty of Michigan, c=US - -dn: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of Mich - igan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: James A Jones 1 -cn: James Jones -cn: Jim Jones -sn: Jones -postaladdress: Alumni Association $ 111 Maple St $ Ann Arbor, MI 48109 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -userpassword:: amFq -homepostaladdress: 3882 Beverly Rd. $ Ann Arbor, MI 48105 -homephone: +1 313 555 4772 -description: Outstanding -title: Mad Cow Researcher, UM Alumni Association -pager: +1 313 555 3923 -mail: jaj@mail.alumni.umich.edu -facsimiletelephonenumber: +1 313 555 4332 -telephonenumber: +1 313 555 0895 - -dn: cn=James A Jones 2, ou=Information Technology Division, ou=People, o=Unive - rsity of Michigan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: James A Jones 2 -cn: James Jones -cn: Jim Jones -sn: Doe -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -homepostaladdress: 933 Brooks $ Ann Arbor, MI 48104 -homephone: +1 313 555 8838 -title: Senior Manager, Information Technology Division -description: Not around very much -mail: jjones@mailgw.umich.edu -postaladdress: Info Tech Division $ 535 W William $ Ann Arbor, MI 48103 -pager: +1 313 555 2833 -facsimiletelephonenumber: +1 313 555 8688 -telephonenumber: +1 313 555 7334 - -dn: cn=Jane Doe, ou=Alumni Association, ou=People, o=University of Michigan, c - =US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Jane Doe -cn: Jane Alverson -sn: Doe -title: Programmer Analyst, UM Alumni Association -postaladdress: Alumni Association $ 111 Maple St $ Ann Arbor, MI 48109 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -homepostaladdress: 123 Anystreet $ Ann Arbor, MI 48104 -drink: diet coke -description: Enthusiastic -mail: jdoe@woof.net -homephone: +1 313 555 5445 -pager: +1 313 555 1220 -facsimiletelephonenumber: +1 313 555 2311 -telephonenumber: +1 313 555 4774 - -dn: cn=Jennifer Smith, ou=Alumni Association, ou=People, o=University of Michi - gan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Jennifer Smith -cn: Jen Smith -sn: Smith -postaladdress: Alumni Association $ 111 Maple St $ Ann Arbor, MI 48109 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -drink: Sam Adams -homepostaladdress: 1000 Maple #44 $ Ann Arbor, MI 48103 -title: Telemarketer, UM Alumni Association -mail: jen@mail.alumni.umich.edu -homephone: +1 313 555 2333 -pager: +1 313 555 6442 -facsimiletelephonenumber: +1 313 555 2756 -telephonenumber: +1 313 555 8232 - -dn: cn=John Doe, ou=Information Technology Division, ou=People, o=University o - f Michigan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: John Doe -cn: Jonathon Doe -sn: Doe -postaladdress: ITD $ 535 W. William $ Ann Arbor, MI 48109 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -homepostaladdress: 912 East Bllvd $ Ann Arbor, MI 48104 -title: System Administrator, Information Technology Division -description: overworked! -mail: johnd@mailgw.umich.edu -homephone: +1 313 555 3774 -pager: +1 313 555 6573 -facsimiletelephonenumber: +1 313 555 4544 -telephonenumber: +1 313 555 9394 - -dn: cn=Manager, o=University of Michigan, c=US -objectclass: top -objectclass: person -cn: Manager -cn: Directory Manager -cn: Dir Man -sn: Manager -description: Manager of the directory -userpassword:: c2VjcmV0 - -dn: cn=Mark Elliot, ou=Alumni Association, ou=People, o=University of Michigan - , c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Mark Elliot -cn: Mark A Elliot -sn: Elliot -postaladdress: Alumni Association $ 111 Maple St $ Ann Arbor, MI 48109 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -homepostaladdress: 199 Outer Drive $ Ypsilanti, MI 48198 -homephone: +1 313 555 0388 -drink: Gasoline -title: Director, UM Alumni Association -mail: melliot@mail.alumni.umich.edu -pager: +1 313 555 7671 -facsimiletelephonenumber: +1 313 555 7762 -telephonenumber: +1 313 555 4177 - -dn: cn=Ursula Hampster, ou=Alumni Association, ou=People, o=University of Mich - igan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Ursula Hampster -sn: Hampster -title: Secretary, UM Alumni Association -postaladdress: Alumni Association $ 111 Maple St $ Ann Arbor, MI 48109 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -homepostaladdress: 123 Anystreet $ Ann Arbor, MI 48104 -mail: uham@mail.alumni.umich.edu -homephone: +1 313 555 8421 -pager: +1 313 555 2844 -facsimiletelephonenumber: +1 313 555 9700 -telephonenumber: +1 313 555 5331 diff --git a/data/51-in.ldif b/data/51-in.ldif deleted file mode 100644 index d7c51f5..0000000 --- a/data/51-in.ldif +++ /dev/null @@ -1,313 +0,0 @@ -dn: o=University of Michigan, c=US -objectclass: top -objectclass: organization -objectclass: domainRelatedObject -l: Ann Arbor, Michigan -st: Michigan -o: University of Michigan -o: UMICH -o: UM -o: U-M -o: U of M -description: The University of Michigan at Ann Arbor -postaladdress: University of Michigan $ 535 W. William St. $ Ann Arbor, MI 481 - 09 $ US -telephonenumber: +1 313 764-1817 -associateddomain: umich.edu - -dn: cn=Manager, o=University of Michigan, c=US -objectclass: top -objectclass: person -cn: Manager -cn: Directory Manager -cn: Dir Man -sn: Manager -description: Manager of the directory -userpassword: secret - -dn: ou=Groups, o=University of Michigan, c=US -objectclass: top -objectclass: organizationalUnit -ou: Groups - -dn: cn=All Staff,ou=Groups,o=University of Michigan,c=US -member: cn=Manager, o=University of Michigan, c=US -member: cn=Barbara Jensen, ou=Information Technology Division, ou=People, o=Un - iversity of Michigan, c=US -member: cn=Jane Doe, ou=Alumni Association, ou=People, o=University of Michiga - n, c=US -member: cn=John Doe, ou=Information Technology Division, ou=People, o=Universi - ty of Michigan, c=US -member: cn=Mark Elliot, ou=Alumni Association, ou=People, o=University of Mich - igan, c=US -member: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=James A Jones 2, ou=Information Technology Division, ou=People, o=U - niversity of Michigan, c=US -member: cn=Jennifer Smith, ou=Alumni Association, ou=People, o=University of M - ichigan, c=US -member: cn=Dorothy Stevens, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=Ursula Hampster, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, o=Univ - ersity of Michigan, c=US -owner: cn=Manager, o=University of Michigan, c=US -cn: All Staff -description: Everyone in the sample data -objectclass: groupofnames - -dn: cn=Alumni Assoc Staff,ou=Groups,o=University of Michigan,c=US -member: cn=Manager, o=University of Michigan, c=US -member: cn=Dorothy Stevens, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=Jane Doe, ou=Alumni Association, ou=People, o=University of Michiga - n, c=US -member: cn=Jennifer Smith, ou=Alumni Association, ou=People, o=University of M - ichigan, c=US -member: cn=Mark Elliot, ou=Alumni Association, ou=People, o=University of Mich - igan, c=US -member: cn=Ursula Hampster, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -owner: cn=Manager, o=University of Michigan, c=US -description: All Alumni Assoc Staff -cn: Alumni Assoc Staff -objectclass: groupofnames - -dn: cn=ITD Staff,ou=Groups,o=University of Michigan,c=US -owner: cn=Manager, o=University of Michigan, c=US -description: All ITD Staff -cn: ITD Staff -objectclass: groupofnames -member: cn=Manager, o=University of Michigan, c=US -member: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, o=Univ - ersity of Michigan, c=US -member: cn=James A Jones 2, ou=Information Technology Division, ou=People, o=U - niversity of Michigan, c=US -member: cn=John Doe, ou=Information Technology Division, ou=People, o=Universi - ty of Michigan, c=US - -dn: ou=People, o=University of Michigan, c=US -objectclass: top -objectclass: organizationalUnit -ou: People - -dn: ou=Alumni Association, ou=People, o=University of Michigan, c=US -objectclass: top -objectclass: organizationalUnit -ou: Alumni Association - -dn: cn=Dorothy Stevens, ou=Alumni Association, ou=People, o=University of Mich - igan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Dorothy Stevens -cn: Dot Stevens -sn: Stevens -title: Secretary, UM Alumni Association -postaladdress: Alumni Association $ 111 Maple St $ Ann Arbor, MI 48109 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -drink: Lemonade -homepostaladdress: 377 White St. Apt. 3 $ Ann Arbor, MI 48104 -description: Very tall -facsimiletelephonenumber: +1 313 555 3223 -telephonenumber: +1 313 555 3664 -mail: dots@mail.alumni.umich.edu -homephone: +1 313 555 0454 - -dn: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of Mich - igan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: James A Jones 1 -cn: James Jones -cn: Jim Jones -sn: Jones -postaladdress: Alumni Association $ 111 Maple St $ Ann Arbor, MI 48109 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -userpassword: jaj -homepostaladdress: 3882 Beverly Rd. $ Ann Arbor, MI 48105 -homephone: +1 313 555 4772 -description: Outstanding -title: Mad Cow Researcher, UM Alumni Association -pager: +1 313 555 3923 -mail: jaj@mail.alumni.umich.edu -facsimiletelephonenumber: +1 313 555 4332 -telephonenumber: +1 313 555 0895 - -dn: cn=Jane Doe, ou=Alumni Association, ou=People, o=University of Michigan, c - =US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Jane Doe -cn: Jane Alverson -sn: Doe -title: Programmer Analyst, UM Alumni Association -postaladdress: Alumni Association $ 111 Maple St $ Ann Arbor, MI 48109 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -homepostaladdress: 123 Anystreet $ Ann Arbor, MI 48104 -drink: diet coke -description: Enthusiastic -mail: jdoe@woof.net -homephone: +1 313 555 5445 -pager: +1 313 555 1220 -facsimiletelephonenumber: +1 313 555 2311 -telephonenumber: +1 313 555 4774 - -dn: cn=Jennifer Smith, ou=Alumni Association, ou=People, o=University of Michi - gan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Jennifer Smith -cn: Jen Smith -sn: Smith -postaladdress: Alumni Association $ 111 Maple St $ Ann Arbor, MI 48109 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -drink: Sam Adams -homepostaladdress: 1000 Maple #44 $ Ann Arbor, MI 48103 -title: Telemarketer, UM Alumni Association -mail: jen@mail.alumni.umich.edu -homephone: +1 313 555 2333 -pager: +1 313 555 6442 -facsimiletelephonenumber: +1 313 555 2756 -telephonenumber: +1 313 555 8232 - -dn: cn=Mark Elliot, ou=Alumni Association, ou=People, o=University of Michigan - , c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Mark Elliot -cn: Mark A Elliot -sn: Elliot -postaladdress: Alumni Association $ 111 Maple St $ Ann Arbor, MI 48109 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -homepostaladdress: 199 Outer Drive $ Ypsilanti, MI 48198 -homephone: +1 313 555 0388 -drink: Gasoline -title: Director, UM Alumni Association -mail: melliot@mail.alumni.umich.edu -pager: +1 313 555 7671 -facsimiletelephonenumber: +1 313 555 7762 -telephonenumber: +1 313 555 4177 - -dn: cn=Ursula Hampster, ou=Alumni Association, ou=People, o=University of Mich - igan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Ursula Hampster -sn: Hampster -title: Secretary, UM Alumni Association -postaladdress: Alumni Association $ 111 Maple St $ Ann Arbor, MI 48109 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -homepostaladdress: 123 Anystreet $ Ann Arbor, MI 48104 -mail: uham@mail.alumni.umich.edu -homephone: +1 313 555 8421 -pager: +1 313 555 2844 -facsimiletelephonenumber: +1 313 555 9700 -telephonenumber: +1 313 555 5331 - -dn: ou=Information Technology Division, ou=People, o=University of Michigan, c - =US -objectclass: top -objectclass: organizationalUnit -ou: Information Technology Divisio - -dn: cn=Barbara Jensen, ou=Information Technology Division, ou=People, o=Univer - sity of Michigan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Barbara Jensen -cn: Babs Jensen -sn: Jensen -title: Mythical Manager, Research Systems -postaladdress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Ann - Arbor, MI 48103-4943 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -userpassword: bjensen -mail: bjensen@mailgw.umich.edu -homepostaladdress: 123 Wesley $ Ann Arbor, MI 48103 -description: Mythical manager of the rsdd unix project -drink: water -homephone: +1 313 555 2333 -pager: +1 313 555 3233 -facsimiletelephonenumber: +1 313 555 2274 -telephonenumber: +1 313 555 9022 - -dn: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, o=Universi - ty of Michigan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Bjorn Jensen -cn: Biiff Jensen -sn: Jensen -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -userpassword: bjorn -homepostaladdress: 19923 Seven Mile Rd. $ South Lyon, MI 49999 -drink: Iced Tea -description: Hiker, biker -title: Director, Embedded Systems -postaladdress: Info Tech Division $ 535 W. William St. $ Ann Arbor, MI 48103 -mail: bjorn@mailgw.umich.edu -homephone: +1 313 555 5444 -pager: +1 313 555 4474 -facsimiletelephonenumber: +1 313 555 2177 -telephonenumber: +1 313 555 0355 - -dn: cn=James A Jones 2, ou=Information Technology Division, ou=People, o=Unive - rsity of Michigan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: James A Jones 2 -cn: James Jones -cn: Jim Jones -sn: Doe -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -homepostaladdress: 933 Brooks $ Ann Arbor, MI 48104 -homephone: +1 313 555 8838 -title: Senior Manager, Information Technology Division -description: Not around very much -mail: jjones@mailgw.umich.edu -postaladdress: Info Tech Division $ 535 W William $ Ann Arbor, MI 48103 -pager: +1 313 555 2833 -facsimiletelephonenumber: +1 313 555 8688 -telephonenumber: +1 313 555 7334 - -dn: cn=John Doe, ou=Information Technology Division, ou=People, o=University o - f Michigan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: John Doe -cn: Jonathon Doe -sn: Doe -postaladdress: ITD $ 535 W. William $ Ann Arbor, MI 48109 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -homepostaladdress: 912 East Bllvd $ Ann Arbor, MI 48104 -title: System Administrator, Information Technology Division -description: overworked! -mail: johnd@mailgw.umich.edu -homephone: +1 313 555 3774 -pager: +1 313 555 6573 -facsimiletelephonenumber: +1 313 555 4544 -telephonenumber: +1 313 555 9394 diff --git a/data/51a-cmp.ldif b/data/51a-cmp.ldif deleted file mode 100644 index f0e2840..0000000 --- a/data/51a-cmp.ldif +++ /dev/null @@ -1,44 +0,0 @@ -dn: cn=Barbara Jensen, ou=Information Technology Division, ou=People, o=Univer - sity of Michigan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Barbara Jensen -cn: Babs Jensen -sn: Jensen -title: Mythical Manager, Research Systems -postaladdress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Ann - Arbor, MI 48103-4943 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -userpassword: bjensen -mail: bjensen@mailgw.umich.edu -homepostaladdress: 123 Wesley $ Ann Arbor, MI 48103 -description: Mythical manager of the rsdd unix project -drink: water -homephone: +1 313 555 2333 -pager: +1 313 555 3233 -facsimiletelephonenumber: +1 313 555 2274 -telephonenumber: +1 313 555 9022 - -dn: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, o=Universi - ty of Michigan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Bjorn Jensen -cn: Biiff Jensen -sn: Jensen -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -userpassword: bjorn -homepostaladdress: 19923 Seven Mile Rd. $ South Lyon, MI 49999 -drink: Iced Tea -description: Hiker, biker -title: Director, Embedded Systems -postaladdress: Info Tech Division $ 535 W. William St. $ Ann Arbor, MI 48103 -mail: bjorn@mailgw.umich.edu -homephone: +1 313 555 5444 -pager: +1 313 555 4474 -facsimiletelephonenumber: +1 313 555 2177 -telephonenumber: +1 313 555 0355 diff --git a/data/51b-cmp.ldif b/data/51b-cmp.ldif deleted file mode 100644 index c527ff2..0000000 --- a/data/51b-cmp.ldif +++ /dev/null @@ -1,80 +0,0 @@ -dn: cn=All Staff,ou=Groups,o=University of Michigan,c=US -member: cn=Manager, o=University of Michigan, c=US -member: cn=Barbara Jensen, ou=Information Technology Division, ou=People, o=Un - iversity of Michigan, c=US -member: cn=Jane Doe, ou=Alumni Association, ou=People, o=University of Michiga - n, c=US -member: cn=John Doe, ou=Information Technology Division, ou=People, o=Universi - ty of Michigan, c=US -member: cn=Mark Elliot, ou=Alumni Association, ou=People, o=University of Mich - igan, c=US -member: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=James A Jones 2, ou=Information Technology Division, ou=People, o=U - niversity of Michigan, c=US -member: cn=Jennifer Smith, ou=Alumni Association, ou=People, o=University of M - ichigan, c=US -member: cn=Dorothy Stevens, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=Ursula Hampster, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, o=Univ - ersity of Michigan, c=US -owner: cn=Manager, o=University of Michigan, c=US -cn: All Staff -description: Everyone in the sample data -objectclass: groupofnames - -dn: cn=Alumni Assoc Staff,ou=Groups,o=University of Michigan,c=US -member: cn=Manager, o=University of Michigan, c=US -member: cn=Dorothy Stevens, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=Jane Doe, ou=Alumni Association, ou=People, o=University of Michiga - n, c=US -member: cn=Jennifer Smith, ou=Alumni Association, ou=People, o=University of M - ichigan, c=US -member: cn=Mark Elliot, ou=Alumni Association, ou=People, o=University of Mich - igan, c=US -member: cn=Ursula Hampster, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -owner: cn=Manager, o=University of Michigan, c=US -description: All Alumni Assoc Staff -cn: Alumni Assoc Staff -objectclass: groupofnames - -dn: cn=ITD Staff,ou=Groups,o=University of Michigan,c=US -owner: cn=Manager, o=University of Michigan, c=US -description: All ITD Staff -cn: ITD Staff -objectclass: groupofnames -member: cn=Manager, o=University of Michigan, c=US -member: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, o=Univ - ersity of Michigan, c=US -member: cn=James A Jones 2, ou=Information Technology Division, ou=People, o=U - niversity of Michigan, c=US -member: cn=John Doe, ou=Information Technology Division, ou=People, o=Universi - ty of Michigan, c=US - -dn: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of Mich - igan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: James A Jones 1 -cn: James Jones -cn: Jim Jones -sn: Jones -postaladdress: Alumni Association $ 111 Maple St $ Ann Arbor, MI 48109 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -userpassword: jaj -homepostaladdress: 3882 Beverly Rd. $ Ann Arbor, MI 48105 -homephone: +1 313 555 4772 -description: Outstanding -title: Mad Cow Researcher, UM Alumni Association -pager: +1 313 555 3923 -mail: jaj@mail.alumni.umich.edu -facsimiletelephonenumber: +1 313 555 4332 -telephonenumber: +1 313 555 0895 diff --git a/data/51c-cmp.ldif b/data/51c-cmp.ldif deleted file mode 100644 index 4220372..0000000 --- a/data/51c-cmp.ldif +++ /dev/null @@ -1,45 +0,0 @@ -dn: cn=All Staff,ou=Groups,o=University of Michigan,c=US -member: cn=Manager, o=University of Michigan, c=US -member: cn=Barbara Jensen, ou=Information Technology Division, ou=People, o=Un - iversity of Michigan, c=US -member: cn=Jane Doe, ou=Alumni Association, ou=People, o=University of Michiga - n, c=US -member: cn=John Doe, ou=Information Technology Division, ou=People, o=Universi - ty of Michigan, c=US -member: cn=Mark Elliot, ou=Alumni Association, ou=People, o=University of Mich - igan, c=US -member: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=James A Jones 2, ou=Information Technology Division, ou=People, o=U - niversity of Michigan, c=US -member: cn=Jennifer Smith, ou=Alumni Association, ou=People, o=University of M - ichigan, c=US -member: cn=Dorothy Stevens, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=Ursula Hampster, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, o=Univ - ersity of Michigan, c=US -owner: cn=Manager, o=University of Michigan, c=US -cn: All Staff -description: Everyone in the sample data -objectclass: groupofnames - -dn: cn=Alumni Assoc Staff,ou=Groups,o=University of Michigan,c=US -member: cn=Manager, o=University of Michigan, c=US -member: cn=Dorothy Stevens, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=Jane Doe, ou=Alumni Association, ou=People, o=University of Michiga - n, c=US -member: cn=Jennifer Smith, ou=Alumni Association, ou=People, o=University of M - ichigan, c=US -member: cn=Mark Elliot, ou=Alumni Association, ou=People, o=University of Mich - igan, c=US -member: cn=Ursula Hampster, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -owner: cn=Manager, o=University of Michigan, c=US -description: All Alumni Assoc Staff -cn: Alumni Assoc Staff -objectclass: groupofnames diff --git a/data/51d-cmp.ldif b/data/51d-cmp.ldif deleted file mode 100644 index 2d1c88f..0000000 --- a/data/51d-cmp.ldif +++ /dev/null @@ -1,96 +0,0 @@ -dn: o=University of Michigan, c=US -objectclass: top -objectclass: organization -objectclass: domainRelatedObject -l: Ann Arbor, Michigan -st: Michigan -o: University of Michigan -o: UMICH -o: UM -o: U-M -o: U of M -description: The University of Michigan at Ann Arbor -postaladdress: University of Michigan $ 535 W. William St. $ Ann Arbor, MI 481 - 09 $ US -telephonenumber: +1 313 764-1817 -associateddomain: umich.edu - -dn: ou=Groups, o=University of Michigan, c=US -objectclass: top -objectclass: organizationalUnit -ou: Groups - -dn: cn=All Staff,ou=Groups,o=University of Michigan,c=US -member: cn=Manager, o=University of Michigan, c=US -member: cn=Barbara Jensen, ou=Information Technology Division, ou=People, o=Un - iversity of Michigan, c=US -member: cn=Jane Doe, ou=Alumni Association, ou=People, o=University of Michiga - n, c=US -member: cn=John Doe, ou=Information Technology Division, ou=People, o=Universi - ty of Michigan, c=US -member: cn=Mark Elliot, ou=Alumni Association, ou=People, o=University of Mich - igan, c=US -member: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=James A Jones 2, ou=Information Technology Division, ou=People, o=U - niversity of Michigan, c=US -member: cn=Jennifer Smith, ou=Alumni Association, ou=People, o=University of M - ichigan, c=US -member: cn=Dorothy Stevens, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=Ursula Hampster, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, o=Univ - ersity of Michigan, c=US -owner: cn=Manager, o=University of Michigan, c=US -cn: All Staff -description: Everyone in the sample data -objectclass: groupofnames - -dn: cn=Alumni Assoc Staff,ou=Groups,o=University of Michigan,c=US -member: cn=Manager, o=University of Michigan, c=US -member: cn=Dorothy Stevens, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=Jane Doe, ou=Alumni Association, ou=People, o=University of Michiga - n, c=US -member: cn=Jennifer Smith, ou=Alumni Association, ou=People, o=University of M - ichigan, c=US -member: cn=Mark Elliot, ou=Alumni Association, ou=People, o=University of Mich - igan, c=US -member: cn=Ursula Hampster, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -owner: cn=Manager, o=University of Michigan, c=US -description: All Alumni Assoc Staff -cn: Alumni Assoc Staff -objectclass: groupofnames - -dn: cn=ITD Staff,ou=Groups,o=University of Michigan,c=US -owner: cn=Manager, o=University of Michigan, c=US -description: All ITD Staff -cn: ITD Staff -objectclass: groupofnames -member: cn=Manager, o=University of Michigan, c=US -member: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, o=Univ - ersity of Michigan, c=US -member: cn=James A Jones 2, ou=Information Technology Division, ou=People, o=U - niversity of Michigan, c=US -member: cn=John Doe, ou=Information Technology Division, ou=People, o=Universi - ty of Michigan, c=US - -dn: ou=People, o=University of Michigan, c=US -objectclass: top -objectclass: organizationalUnit -ou: People - -dn: ou=Alumni Association, ou=People, o=University of Michigan, c=US -objectclass: top -objectclass: organizationalUnit -ou: Alumni Association - -dn: ou=Information Technology Division, ou=People, o=University of Michigan, c - =US -objectclass: top -objectclass: organizationalUnit -ou: Information Technology Divisio diff --git a/data/52-cmp.ldif b/data/52-cmp.ldif deleted file mode 100644 index d332a07..0000000 --- a/data/52-cmp.ldif +++ /dev/null @@ -1,291 +0,0 @@ -dn: o=University of Michigan, c=US -objectclass: top -objectclass: organization -objectclass: domainRelatedObject -l: Ann Arbor, Michigan -st: Michigan -o: University of Michigan -o: UMICH -o: UM -o: U-M -o: U of M -description: The University of Michigan at Ann Arbor -postaladdress: University of Michigan $ 535 W. William St. $ Ann Arbor, MI 481 - 09 $ US -telephonenumber: +1 313 764-1817 -associateddomain: umich.edu - -dn: cn=Manager, o=University of Michigan, c=US -objectclass: top -objectclass: person -cn: Manager -cn: Directory Manager -cn: Dir Man -sn: Manager -description: Manager of the directory -userpassword: secret - -dn: ou=Groups, o=University of Michigan, c=US -objectclass: top -objectclass: organizationalUnit -ou: Groups - -dn: cn=All Staff,ou=Groups,o=University of Michigan,c=US -owner: cn=Manager, o=University of Michigan, c=US -cn: All Staff -description: Everyone in the sample data -objectclass: groupofnames - -dn: cn=Alumni Assoc Staff,ou=Groups,o=University of Michigan,c=US -member: cn=Manager, o=University of Michigan, c=US -member: cn=Dorothy Stevens, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=Jane Doe, ou=Alumni Association, ou=People, o=University of Michiga - n, c=US -member: cn=Jennifer Smith, ou=Alumni Association, ou=People, o=University of M - ichigan, c=US -member: cn=Mark Elliot, ou=Alumni Association, ou=People, o=University of Mich - igan, c=US -member: cn=Ursula Hampster, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -owner: cn=Manager, o=University of Michigan, c=US -description: All Alumni Assoc Staff -cn: Alumni Assoc Staff -objectclass: groupofnames - -dn: cn=ITD Staff,ou=Groups,o=University of Michigan,c=US -owner: cn=Manager, o=University of Michigan, c=US -description: All ITD Staff -cn: ITD Staff -objectclass: groupofnames -member: cn=Manager, o=University of Michigan, c=US -member: cn=John Doe, ou=Information Technology Division, ou=People, o=Universi - ty of Michigan, c=US -member: cn=Dorothy Stevens, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of - Michigan, c=US - -dn: ou=People, o=University of Michigan, c=US -objectclass: top -objectclass: organizationalUnit -ou: People - -dn: ou=Alumni Association, ou=People, o=University of Michigan, c=US -objectclass: top -objectclass: organizationalUnit -ou: Alumni Association - -dn: cn=Dorothy Stevens, ou=Alumni Association, ou=People, o=University of Mich - igan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Dorothy Stevens -cn: Dot Stevens -sn: Stevens -title: Secretary, UM Alumni Association -postaladdress: Alumni Association $ 111 Maple St $ Ann Arbor, MI 48109 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -drink: Lemonade -homepostaladdress: 377 White St. Apt. 3 $ Ann Arbor, MI 48104 -description: Very tall -facsimiletelephonenumber: +1 313 555 3223 -telephonenumber: +1 313 555 3664 -mail: dots@mail.alumni.umich.edu -homephone: +1 313 555 0454 - -dn: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of Mich - igan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: James A Jones 1 -cn: James Jones -cn: Jim Jones -sn: Jones -postaladdress: Alumni Association $ 111 Maple St $ Ann Arbor, MI 48109 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -userpassword: jaj -homepostaladdress: 3882 Beverly Rd. $ Ann Arbor, MI 48105 -homephone: +1 313 555 4772 -description: Outstanding -title: Mad Cow Researcher, UM Alumni Association -pager: +1 313 555 3923 -mail: jaj@mail.alumni.umich.edu -facsimiletelephonenumber: +1 313 555 4332 -telephonenumber: +1 313 555 0895 -drink: Orange Juice - -dn: cn=Jane Doe, ou=Alumni Association, ou=People, o=University of Michigan, c - =US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Jane Doe -cn: Jane Alverson -sn: Doe -title: Programmer Analyst, UM Alumni Association -postaladdress: Alumni Association $ 111 Maple St $ Ann Arbor, MI 48109 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -homepostaladdress: 123 Anystreet $ Ann Arbor, MI 48104 -drink: diet coke -description: Enthusiastic -mail: jdoe@woof.net -homephone: +1 313 555 5445 -pager: +1 313 555 1220 -facsimiletelephonenumber: +1 313 555 2311 -telephonenumber: +1 313 555 4774 - -dn: cn=Jennifer Smith, ou=Alumni Association, ou=People, o=University of Michi - gan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Jennifer Smith -cn: Jen Smith -sn: Smith -postaladdress: Alumni Association $ 111 Maple St $ Ann Arbor, MI 48109 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -drink: Sam Adams -homepostaladdress: 1000 Maple #44 $ Ann Arbor, MI 48103 -title: Telemarketer, UM Alumni Association -mail: jen@mail.alumni.umich.edu -homephone: +1 313 555 2333 -pager: +1 313 555 6442 -facsimiletelephonenumber: +1 313 555 2756 -telephonenumber: +1 313 555 8232 - -dn: cn=Mark Elliot, ou=Alumni Association, ou=People, o=University of Michigan - , c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Mark Elliot -cn: Mark A Elliot -sn: Elliot -postaladdress: Alumni Association $ 111 Maple St $ Ann Arbor, MI 48109 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -homepostaladdress: 199 Outer Drive $ Ypsilanti, MI 48198 -homephone: +1 313 555 0388 -drink: Gasoline -title: Director, UM Alumni Association -mail: melliot@mail.alumni.umich.edu -pager: +1 313 555 7671 -facsimiletelephonenumber: +1 313 555 7762 -telephonenumber: +1 313 555 4177 - -dn: cn=Ursula Hampster, ou=Alumni Association, ou=People, o=University of Mich - igan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Ursula Hampster -sn: Hampster -title: Secretary, UM Alumni Association -postaladdress: Alumni Association $ 111 Maple St $ Ann Arbor, MI 48109 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -homepostaladdress: 123 Anystreet $ Ann Arbor, MI 48104 -mail: uham@mail.alumni.umich.edu -homephone: +1 313 555 8421 -pager: +1 313 555 2844 -facsimiletelephonenumber: +1 313 555 9700 -telephonenumber: +1 313 555 5331 - -dn: ou=Information Technology Division, ou=People, o=University of Michigan, c - =US -objectclass: top -objectclass: organizationalUnit -ou: Information Technology Divisio - -dn: cn=Barbara Jensen, ou=Information Technology Division, ou=People, o=Univer - sity of Michigan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Barbara Jensen -cn: Babs Jensen -sn: Jensen -title: Mythical Manager, Research Systems -postaladdress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Ann - Arbor, MI 48103-4943 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -userpassword: bjensen -mail: bjensen@mailgw.umich.edu -homepostaladdress: 123 Wesley $ Ann Arbor, MI 48103 -description: Mythical manager of the rsdd unix project -drink: water -homephone: +1 313 555 2333 -pager: +1 313 555 3233 -facsimiletelephonenumber: +1 313 555 2274 -telephonenumber: +1 313 555 9022 - -dn: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, o=Universi - ty of Michigan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Bjorn Jensen -cn: Biiff Jensen -sn: Jensen -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -userpassword: bjorn -homepostaladdress: 19923 Seven Mile Rd. $ South Lyon, MI 49999 -title: Director, Embedded Systems -postaladdress: Info Tech Division $ 535 W. William St. $ Ann Arbor, MI 48103 -mail: bjorn@mailgw.umich.edu -homephone: +1 313 555 5444 -pager: +1 313 555 4474 -facsimiletelephonenumber: +1 313 555 2177 -telephonenumber: +1 313 555 0355 -description: The replaced multiLineDescription $ Blah Woof. -drink: Iced Tea -drink: Mad Dog 20/20 - -dn: cn=Gern Jensen, ou=Information Technology Division, ou=People, o=Universit - y of Michigan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Gern Jensen -title: Chief Investigator, ITD -postaladdress: ITD $ 535 W. William St $ Ann Arbor, MI 48103 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -drink: Coffee -homepostaladdress: 844 Brown St. Apt. 4 $ Ann Arbor, MI 48104 -description: Very odd -facsimiletelephonenumber: +1 313 555 7557 -telephonenumber: +1 313 555 8343 -mail: gjensen@mailgw.umich.edu -homephone: +1 313 555 8844 - -dn: cn=John Doe, ou=Information Technology Division, ou=People, o=University o - f Michigan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: John Doe -cn: Jonathon Doe -sn: Doe -postaladdress: ITD $ 535 W. William $ Ann Arbor, MI 48109 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -homepostaladdress: 912 East Bllvd $ Ann Arbor, MI 48104 -title: System Administrator, Information Technology Division -description: overworked! -mail: johnd@mailgw.umich.edu -homephone: +1 313 555 3774 -pager: +1 313 555 6573 -facsimiletelephonenumber: +1 313 555 4544 -telephonenumber: +1 313 555 9394 diff --git a/data/52-in.ldif b/data/52-in.ldif deleted file mode 100644 index d7c51f5..0000000 --- a/data/52-in.ldif +++ /dev/null @@ -1,313 +0,0 @@ -dn: o=University of Michigan, c=US -objectclass: top -objectclass: organization -objectclass: domainRelatedObject -l: Ann Arbor, Michigan -st: Michigan -o: University of Michigan -o: UMICH -o: UM -o: U-M -o: U of M -description: The University of Michigan at Ann Arbor -postaladdress: University of Michigan $ 535 W. William St. $ Ann Arbor, MI 481 - 09 $ US -telephonenumber: +1 313 764-1817 -associateddomain: umich.edu - -dn: cn=Manager, o=University of Michigan, c=US -objectclass: top -objectclass: person -cn: Manager -cn: Directory Manager -cn: Dir Man -sn: Manager -description: Manager of the directory -userpassword: secret - -dn: ou=Groups, o=University of Michigan, c=US -objectclass: top -objectclass: organizationalUnit -ou: Groups - -dn: cn=All Staff,ou=Groups,o=University of Michigan,c=US -member: cn=Manager, o=University of Michigan, c=US -member: cn=Barbara Jensen, ou=Information Technology Division, ou=People, o=Un - iversity of Michigan, c=US -member: cn=Jane Doe, ou=Alumni Association, ou=People, o=University of Michiga - n, c=US -member: cn=John Doe, ou=Information Technology Division, ou=People, o=Universi - ty of Michigan, c=US -member: cn=Mark Elliot, ou=Alumni Association, ou=People, o=University of Mich - igan, c=US -member: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=James A Jones 2, ou=Information Technology Division, ou=People, o=U - niversity of Michigan, c=US -member: cn=Jennifer Smith, ou=Alumni Association, ou=People, o=University of M - ichigan, c=US -member: cn=Dorothy Stevens, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=Ursula Hampster, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, o=Univ - ersity of Michigan, c=US -owner: cn=Manager, o=University of Michigan, c=US -cn: All Staff -description: Everyone in the sample data -objectclass: groupofnames - -dn: cn=Alumni Assoc Staff,ou=Groups,o=University of Michigan,c=US -member: cn=Manager, o=University of Michigan, c=US -member: cn=Dorothy Stevens, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -member: cn=Jane Doe, ou=Alumni Association, ou=People, o=University of Michiga - n, c=US -member: cn=Jennifer Smith, ou=Alumni Association, ou=People, o=University of M - ichigan, c=US -member: cn=Mark Elliot, ou=Alumni Association, ou=People, o=University of Mich - igan, c=US -member: cn=Ursula Hampster, ou=Alumni Association, ou=People, o=University of - Michigan, c=US -owner: cn=Manager, o=University of Michigan, c=US -description: All Alumni Assoc Staff -cn: Alumni Assoc Staff -objectclass: groupofnames - -dn: cn=ITD Staff,ou=Groups,o=University of Michigan,c=US -owner: cn=Manager, o=University of Michigan, c=US -description: All ITD Staff -cn: ITD Staff -objectclass: groupofnames -member: cn=Manager, o=University of Michigan, c=US -member: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, o=Univ - ersity of Michigan, c=US -member: cn=James A Jones 2, ou=Information Technology Division, ou=People, o=U - niversity of Michigan, c=US -member: cn=John Doe, ou=Information Technology Division, ou=People, o=Universi - ty of Michigan, c=US - -dn: ou=People, o=University of Michigan, c=US -objectclass: top -objectclass: organizationalUnit -ou: People - -dn: ou=Alumni Association, ou=People, o=University of Michigan, c=US -objectclass: top -objectclass: organizationalUnit -ou: Alumni Association - -dn: cn=Dorothy Stevens, ou=Alumni Association, ou=People, o=University of Mich - igan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Dorothy Stevens -cn: Dot Stevens -sn: Stevens -title: Secretary, UM Alumni Association -postaladdress: Alumni Association $ 111 Maple St $ Ann Arbor, MI 48109 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -drink: Lemonade -homepostaladdress: 377 White St. Apt. 3 $ Ann Arbor, MI 48104 -description: Very tall -facsimiletelephonenumber: +1 313 555 3223 -telephonenumber: +1 313 555 3664 -mail: dots@mail.alumni.umich.edu -homephone: +1 313 555 0454 - -dn: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of Mich - igan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: James A Jones 1 -cn: James Jones -cn: Jim Jones -sn: Jones -postaladdress: Alumni Association $ 111 Maple St $ Ann Arbor, MI 48109 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -userpassword: jaj -homepostaladdress: 3882 Beverly Rd. $ Ann Arbor, MI 48105 -homephone: +1 313 555 4772 -description: Outstanding -title: Mad Cow Researcher, UM Alumni Association -pager: +1 313 555 3923 -mail: jaj@mail.alumni.umich.edu -facsimiletelephonenumber: +1 313 555 4332 -telephonenumber: +1 313 555 0895 - -dn: cn=Jane Doe, ou=Alumni Association, ou=People, o=University of Michigan, c - =US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Jane Doe -cn: Jane Alverson -sn: Doe -title: Programmer Analyst, UM Alumni Association -postaladdress: Alumni Association $ 111 Maple St $ Ann Arbor, MI 48109 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -homepostaladdress: 123 Anystreet $ Ann Arbor, MI 48104 -drink: diet coke -description: Enthusiastic -mail: jdoe@woof.net -homephone: +1 313 555 5445 -pager: +1 313 555 1220 -facsimiletelephonenumber: +1 313 555 2311 -telephonenumber: +1 313 555 4774 - -dn: cn=Jennifer Smith, ou=Alumni Association, ou=People, o=University of Michi - gan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Jennifer Smith -cn: Jen Smith -sn: Smith -postaladdress: Alumni Association $ 111 Maple St $ Ann Arbor, MI 48109 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -drink: Sam Adams -homepostaladdress: 1000 Maple #44 $ Ann Arbor, MI 48103 -title: Telemarketer, UM Alumni Association -mail: jen@mail.alumni.umich.edu -homephone: +1 313 555 2333 -pager: +1 313 555 6442 -facsimiletelephonenumber: +1 313 555 2756 -telephonenumber: +1 313 555 8232 - -dn: cn=Mark Elliot, ou=Alumni Association, ou=People, o=University of Michigan - , c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Mark Elliot -cn: Mark A Elliot -sn: Elliot -postaladdress: Alumni Association $ 111 Maple St $ Ann Arbor, MI 48109 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -homepostaladdress: 199 Outer Drive $ Ypsilanti, MI 48198 -homephone: +1 313 555 0388 -drink: Gasoline -title: Director, UM Alumni Association -mail: melliot@mail.alumni.umich.edu -pager: +1 313 555 7671 -facsimiletelephonenumber: +1 313 555 7762 -telephonenumber: +1 313 555 4177 - -dn: cn=Ursula Hampster, ou=Alumni Association, ou=People, o=University of Mich - igan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Ursula Hampster -sn: Hampster -title: Secretary, UM Alumni Association -postaladdress: Alumni Association $ 111 Maple St $ Ann Arbor, MI 48109 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -homepostaladdress: 123 Anystreet $ Ann Arbor, MI 48104 -mail: uham@mail.alumni.umich.edu -homephone: +1 313 555 8421 -pager: +1 313 555 2844 -facsimiletelephonenumber: +1 313 555 9700 -telephonenumber: +1 313 555 5331 - -dn: ou=Information Technology Division, ou=People, o=University of Michigan, c - =US -objectclass: top -objectclass: organizationalUnit -ou: Information Technology Divisio - -dn: cn=Barbara Jensen, ou=Information Technology Division, ou=People, o=Univer - sity of Michigan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Barbara Jensen -cn: Babs Jensen -sn: Jensen -title: Mythical Manager, Research Systems -postaladdress: ITD Prod Dev & Deployment $ 535 W. William St. Room 4212 $ Ann - Arbor, MI 48103-4943 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -userpassword: bjensen -mail: bjensen@mailgw.umich.edu -homepostaladdress: 123 Wesley $ Ann Arbor, MI 48103 -description: Mythical manager of the rsdd unix project -drink: water -homephone: +1 313 555 2333 -pager: +1 313 555 3233 -facsimiletelephonenumber: +1 313 555 2274 -telephonenumber: +1 313 555 9022 - -dn: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, o=Universi - ty of Michigan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Bjorn Jensen -cn: Biiff Jensen -sn: Jensen -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -userpassword: bjorn -homepostaladdress: 19923 Seven Mile Rd. $ South Lyon, MI 49999 -drink: Iced Tea -description: Hiker, biker -title: Director, Embedded Systems -postaladdress: Info Tech Division $ 535 W. William St. $ Ann Arbor, MI 48103 -mail: bjorn@mailgw.umich.edu -homephone: +1 313 555 5444 -pager: +1 313 555 4474 -facsimiletelephonenumber: +1 313 555 2177 -telephonenumber: +1 313 555 0355 - -dn: cn=James A Jones 2, ou=Information Technology Division, ou=People, o=Unive - rsity of Michigan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: James A Jones 2 -cn: James Jones -cn: Jim Jones -sn: Doe -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -homepostaladdress: 933 Brooks $ Ann Arbor, MI 48104 -homephone: +1 313 555 8838 -title: Senior Manager, Information Technology Division -description: Not around very much -mail: jjones@mailgw.umich.edu -postaladdress: Info Tech Division $ 535 W William $ Ann Arbor, MI 48103 -pager: +1 313 555 2833 -facsimiletelephonenumber: +1 313 555 8688 -telephonenumber: +1 313 555 7334 - -dn: cn=John Doe, ou=Information Technology Division, ou=People, o=University o - f Michigan, c=US -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: John Doe -cn: Jonathon Doe -sn: Doe -postaladdress: ITD $ 535 W. William $ Ann Arbor, MI 48109 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -homepostaladdress: 912 East Bllvd $ Ann Arbor, MI 48104 -title: System Administrator, Information Technology Division -description: overworked! -mail: johnd@mailgw.umich.edu -homephone: +1 313 555 3774 -pager: +1 313 555 6573 -facsimiletelephonenumber: +1 313 555 4544 -telephonenumber: +1 313 555 9394 diff --git a/data/52-mod.ldif b/data/52-mod.ldif deleted file mode 100644 index 9c31525..0000000 --- a/data/52-mod.ldif +++ /dev/null @@ -1,49 +0,0 @@ -dn: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of Michigan, c=US -changetype: modify -add: drink -drink: Orange Juice - -dn: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, o=University of Michigan, c=US -changetype: modify -replace: description -description: The replaced multiLineDescription $ Blah Woof. -- -replace: drink -drink: Iced Tea -drink: Mad Dog 20/20 - -dn: cn=ITD Staff,ou=Groups,o=University of Michigan,c=US -changetype: modify -delete: member -member: cn=James A Jones 2, ou=Information Technology Division, ou=People, o=University of Michigan, c=US -member: cn=Bjorn Jensen, ou=Information Technology Division, ou=People, o=University of Michigan, c=US -- -add: member -member: cn=Dorothy Stevens, ou=Alumni Association, ou=People, o=University of Michigan, c=US -member: cn=James A Jones 1, ou=Alumni Association, ou=People, o=University of Michigan, c=US - -dn: cn=All Staff,ou=Groups,o=University of Michigan,c=US -changetype: modify -delete: member - -dn: cn=Gern Jensen, ou=Information Technology Division, ou=People, o=University of Michigan, c=US -changetype: add -objectclass: top -objectclass: person -objectclass: organizationalPerson -objectclass: newPilotPerson -cn: Gern Jensen -title: Chief Investigator, ITD -postaladdress: ITD $ 535 W. William St $ Ann Arbor, MI 48103 -seealso: cn=All Staff, ou=Groups, o=University of Michigan, c=US -drink: Coffee -homepostaladdress: 844 Brown St. Apt. 4 $ Ann Arbor, MI 48104 -description: Very odd -facsimiletelephonenumber: +1 313 555 7557 -telephonenumber: +1 313 555 8343 -mail: gjensen@mailgw.umich.edu -homephone: +1 313 555 8844 - -dn: cn=James A Jones 2, ou=Information Technology Division, ou=People, o=University of Michigan, c=US -changetype: delete - diff --git a/data/cert.pem b/data/cert.pem deleted file mode 100644 index 409d991..0000000 --- a/data/cert.pem +++ /dev/null @@ -1,18 +0,0 @@ ------BEGIN CERTIFICATE----- -MIIC8zCCAlygAwIBAgIBADANBgkqhkiG9w0BAQQFADBgMQswCQYDVQQGEwJHQjET -MBEGA1UECBMKU29tZS1TdGF0ZTENMAsGA1UEChMEbm9uZTEQMA4GA1UEAxMHbXkg -bmFtZTEbMBkGCSqGSIb3DQEJARYMYm9iQGRldi5udWxsMB4XDTAxMDcwNTIwNDMy -N1oXDTAxMDgwNDIwNDMyN1owYDELMAkGA1UEBhMCR0IxEzARBgNVBAgTClNvbWUt -U3RhdGUxDTALBgNVBAoTBG5vbmUxEDAOBgNVBAMTB215IG5hbWUxGzAZBgkqhkiG -9w0BCQEWDGJvYkBkZXYubnVsbDCBnzANBgkqhkiG9w0BAQEFAAOBjQAwgYkCgYEA -4lMnyYjPNVrMI7KvokjfTZprkhjOhXkguBtaGPJKQPn3SYNNgcGtmK3TWc3qdBXK -mwyFYNbTf5i6FvKJ9Mu6niQtidqN+c0UW/hyh35IDahOk7/s55QlWWCUNCT9qIC4 -auP3jdUxv6ZJIwCkPm5/zVbA8Bs1QQNHV84d7uzlwJUCAwEAAaOBvDCBuTAdBgNV -HQ4EFgQUcu5fUas8NK3XP7KjHuO8gEedcDowgYkGA1UdIwSBgTB/gBRy7l9Rqzw0 -rdc/sqMe47yAR51wOqFkpGIwYDELMAkGA1UEBhMCR0IxEzARBgNVBAgTClNvbWUt -U3RhdGUxDTALBgNVBAoTBG5vbmUxEDAOBgNVBAMTB215IG5hbWUxGzAZBgkqhkiG -9w0BCQEWDGJvYkBkZXYubnVsbIIBADAMBgNVHRMEBTADAQH/MA0GCSqGSIb3DQEB -BAUAA4GBAJfDwJ8QTux9M0X5GM38bcj4JggZUIAo3Gzovz8kYWLVFLrjVIovG7XA -z2TaQ2UaRhGHUWNjBjLmSTG2gIPydg2d23AZBIo8TgHRqq1CjN+T4yG5yzGK95sz -9pcvM0OeC3JNJjIxsYqv7r6yeTOjbU9kMMWVrN8YUbcK73p70bCM ------END CERTIFICATE----- diff --git a/data/core.schema b/data/core.schema deleted file mode 100644 index 7cae0e2..0000000 --- a/data/core.schema +++ /dev/null @@ -1,603 +0,0 @@ -# $OpenLDAP: pkg/ldap/servers/slapd/schema/core.schema,v 1.7.2.12 2001/09/18 18:34:22 kurt Exp $ -# -# OpenLDAP Core schema -# -# Includes LDAPv3 schema items from: -# RFC2251-RFC2256 (LDAPv3) -# -# select standard track schema items: -# RFC2079 (URI) -# RFC1274 (uid/dc) -# RFC2247 (dc/dcObject) -# RFC2289 (Dynamic Directory Services) -# -# select informational schema items: -# RFC2377 (uidObject) -# -# select IETF ''work in progress'' LDAPext/LDUP items -# ldapSubentry -# ldapRootDSE -# named referrals -# alias draft - -# Standard X.501(93) Operational Attribute Types from RFC2252 - -attributetype ( 2.5.18.1 NAME 'createTimestamp' - EQUALITY generalizedTimeMatch - ORDERING generalizedTimeOrderingMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 - SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) - -attributetype ( 2.5.18.2 NAME 'modifyTimestamp' - EQUALITY generalizedTimeMatch - ORDERING generalizedTimeOrderingMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 - SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) - -attributetype ( 2.5.18.3 NAME 'creatorsName' - EQUALITY distinguishedNameMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 - SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) - -attributetype ( 2.5.18.4 NAME 'modifiersName' - EQUALITY distinguishedNameMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 - SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation ) - -attributetype ( 2.5.18.10 NAME 'subschemaSubentry' - EQUALITY distinguishedNameMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION - SINGLE-VALUE USAGE directoryOperation ) - -attributetype ( 2.5.21.1 NAME 'dITStructureRules' - EQUALITY integerFirstComponentMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.17 USAGE directoryOperation ) - -attributetype ( 2.5.21.2 NAME 'dITContentRules' - EQUALITY objectIdentifierFirstComponentMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.16 USAGE directoryOperation ) - -attributetype ( 2.5.21.4 NAME 'matchingRules' - EQUALITY objectIdentifierFirstComponentMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.30 USAGE directoryOperation ) - -attributetype ( 2.5.21.5 NAME 'attributeTypes' - EQUALITY objectIdentifierFirstComponentMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 USAGE directoryOperation ) - -attributetype ( 2.5.21.6 NAME 'objectClasses' - EQUALITY objectIdentifierFirstComponentMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.37 USAGE directoryOperation ) - -attributetype ( 2.5.21.7 NAME 'nameForms' - EQUALITY objectIdentifierFirstComponentMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.35 USAGE directoryOperation ) - -attributetype ( 2.5.21.8 NAME 'matchingRuleUse' - EQUALITY objectIdentifierFirstComponentMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.31 USAGE directoryOperation ) - -# From X.500(93) -attributetype ( 2.5.21.9 NAME 'structuralObjectClass' - DESC 'X.500(93) structural object class' - EQUALITY objectIdentifierMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 - NO-USER-MODIFICATION SINGLE-VALUE USAGE directoryOperation ) - -# LDAP Operational Attributes from RFC2252 -attributetype ( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperation ) - -attributetype ( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE dSAOperation ) - -attributetype ( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation ) - -attributetype ( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation ) - -attributetype ( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE dSAOperation ) - -attributetype ( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE dSAOperation ) - -attributetype ( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes' - EQUALITY objectIdentifierFirstComponentMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.54 USAGE directoryOperation ) - -# Object Classes from RFC2252 -objectclass ( 2.5.20.1 NAME 'subschema' AUXILIARY - DESC 'RFC2252: controlling subschema' - MAY ( dITStructureRules $ nameForms $ ditContentRules $ - objectClasses $ attributeTypes $ matchingRules $ - matchingRuleUse ) ) - -# Standard attribute types used for subtyping from RFC2256 - -attributetype ( 2.5.4.41 NAME 'name' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) - -attributetype ( 2.5.4.49 NAME 'distinguishedName' - EQUALITY distinguishedNameMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) - -# Standard attribute types from RFC2256 - -attributetype ( 2.5.4.0 NAME 'objectClass' - EQUALITY objectIdentifierMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) - -attributetype ( 2.5.4.1 NAME 'aliasedObjectName' - EQUALITY distinguishedNameMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) - -# obsolete -attributetype ( 2.5.4.2 NAME 'knowledgeInformation' - EQUALITY caseIgnoreMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) - -attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' ) SUP name ) - -attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' ) SUP name ) - -attributetype ( 2.5.4.5 NAME 'serialNumber' EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} ) - -# (2-letter code from ISO 3166) -attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' ) SUP name SINGLE-VALUE ) - -attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' ) SUP name ) - -attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) SUP name ) - -attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' ) - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) - -attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' ) SUP name ) - -attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) SUP name ) - -attributetype ( 2.5.4.12 NAME 'title' SUP name ) - -attributetype ( 2.5.4.13 NAME 'description' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} ) - -# Obsoleted by enhancedSearchGuide -attributetype ( 2.5.4.14 NAME 'searchGuide' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 ) - -attributetype ( 2.5.4.15 NAME 'businessCategory' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) - -attributetype ( 2.5.4.16 NAME 'postalAddress' - EQUALITY caseIgnoreListMatch - SUBSTR caseIgnoreListSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) - -attributetype ( 2.5.4.17 NAME 'postalCode' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) - -attributetype ( 2.5.4.18 NAME 'postOfficeBox' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} ) - -attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) - -attributetype ( 2.5.4.20 NAME 'telephoneNumber' - EQUALITY telephoneNumberMatch - SUBSTR telephoneNumberSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} ) - -attributetype ( 2.5.4.21 NAME 'telexNumber' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 ) - -attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 ) - -attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' ) - SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 ) - -attributetype ( 2.5.4.24 NAME 'x121Address' - EQUALITY numericStringMatch - SUBSTR numericStringSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} ) - -attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber' - EQUALITY numericStringMatch - SUBSTR numericStringSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} ) - -attributetype ( 2.5.4.26 NAME 'registeredAddress' SUP postalAddress - SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) - -attributetype ( 2.5.4.27 NAME 'destinationIndicator' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} ) - -attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.14 - SINGLE-VALUE ) - -attributetype ( 2.5.4.29 NAME 'presentationAddress' - EQUALITY presentationAddressMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.43 - SINGLE-VALUE ) - -attributetype ( 2.5.4.30 NAME 'supportedApplicationContext' - EQUALITY objectIdentifierMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 ) - -attributetype ( 2.5.4.31 NAME 'member' SUP distinguishedName ) - -attributetype ( 2.5.4.32 NAME 'owner' SUP distinguishedName ) - -attributetype ( 2.5.4.33 NAME 'roleOccupant' SUP distinguishedName ) - -attributetype ( 2.5.4.34 NAME 'seeAlso' SUP distinguishedName ) - -attributetype ( 2.5.4.35 NAME 'userPassword' - EQUALITY octetStringMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) - -# Must be transferred using ;binary -attributetype ( 2.5.4.36 NAME 'userCertificate' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) - -# Must be transferred using ;binary -attributetype ( 2.5.4.37 NAME 'cACertificate' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 ) - -# Must be transferred using ;binary -attributetype ( 2.5.4.38 NAME 'authorityRevocationList' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) - -# Must be transferred using ;binary -attributetype ( 2.5.4.39 NAME 'certificateRevocationList' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) - -# Must be stored and requested in the binary form -attributetype ( 2.5.4.40 NAME 'crossCertificatePair' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 ) - -# 2.5.4.41 is defined above as it's used for subtyping -#attributetype ( 2.5.4.41 NAME 'name' -# EQUALITY caseIgnoreMatch -# SUBSTR caseIgnoreSubstringsMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) - -attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' ) SUP name ) - -attributetype ( 2.5.4.43 NAME 'initials' SUP name - DESC 'The initials attribute type contains the initials of some - or all of an individuals names, but not the surname(s).' ) - -attributetype ( 2.5.4.44 NAME 'generationQualifier' - DESC 'e.g. Jr or II.' - SUP name ) - -attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier' - EQUALITY bitStringMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 ) - -attributetype ( 2.5.4.46 NAME 'dnQualifier' - EQUALITY caseIgnoreMatch - ORDERING caseIgnoreOrderingMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) - -attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 ) - -attributetype ( 2.5.4.48 NAME 'protocolInformation' - EQUALITY protocolInformationMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 ) - -# 2.5.4.49 is defined above as it's used for subtyping -#attributetype ( 2.5.4.49 NAME 'distinguishedName' -# EQUALITY distinguishedNameMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) - -attributetype ( 2.5.4.50 NAME 'uniqueMember' - EQUALITY uniqueMemberMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 ) - -attributetype ( 2.5.4.51 NAME 'houseIdentifier' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} ) - -# Must be transferred using ;binary -attributetype ( 2.5.4.52 NAME 'supportedAlgorithms' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 ) - -# Must be transferred using ;binary -attributetype ( 2.5.4.53 NAME 'deltaRevocationList' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 ) - -attributetype ( 2.5.4.54 NAME 'dmdName' SUP name ) - -# Standard object classes from RFC2256 - -objectclass ( 2.5.6.0 NAME 'top' ABSTRACT - MUST objectClass ) - -objectclass ( 2.5.6.1 NAME 'alias' SUP top STRUCTURAL - MUST aliasedObjectName ) - -objectclass ( 2.5.6.2 NAME 'country' SUP top STRUCTURAL - MUST c - MAY ( searchGuide $ description ) ) - -objectclass ( 2.5.6.3 NAME 'locality' SUP top STRUCTURAL - MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) ) - -objectclass ( 2.5.6.4 NAME 'organization' SUP top STRUCTURAL - MUST o - MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ - x121Address $ registeredAddress $ destinationIndicator $ - preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ - telephoneNumber $ internationaliSDNNumber $ - facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ - postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) - -objectclass ( 2.5.6.5 NAME 'organizationalUnit' SUP top STRUCTURAL - MUST ou - MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ - x121Address $ registeredAddress $ destinationIndicator $ - preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ - telephoneNumber $ internationaliSDNNumber $ - facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ - postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) ) - -objectclass ( 2.5.6.6 NAME 'person' SUP top STRUCTURAL - MUST ( sn $ cn ) - MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) ) - -objectclass ( 2.5.6.7 NAME 'organizationalPerson' SUP person STRUCTURAL - MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $ - preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ - telephoneNumber $ internationaliSDNNumber $ - facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ - postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) ) - -objectclass ( 2.5.6.8 NAME 'organizationalRole' SUP top STRUCTURAL - MUST cn - MAY ( x121Address $ registeredAddress $ destinationIndicator $ - preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ - telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ - seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ - postOfficeBox $ postalCode $ postalAddress $ - physicalDeliveryOfficeName $ ou $ st $ l $ description ) ) - -objectclass ( 2.5.6.9 NAME 'groupOfNames' SUP top STRUCTURAL - MUST ( member $ cn ) - MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) - -objectclass ( 2.5.6.10 NAME 'residentialPerson' SUP person STRUCTURAL - MUST l - MAY ( businessCategory $ x121Address $ registeredAddress $ - destinationIndicator $ preferredDeliveryMethod $ telexNumber $ - teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ - facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ - postOfficeBox $ postalCode $ postalAddress $ - physicalDeliveryOfficeName $ st $ l ) ) - -objectclass ( 2.5.6.11 NAME 'applicationProcess' SUP top STRUCTURAL - MUST cn - MAY ( seeAlso $ ou $ l $ description ) ) - -objectclass ( 2.5.6.12 NAME 'applicationEntity' SUP top STRUCTURAL - MUST ( presentationAddress $ cn ) - MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $ - description ) ) - -objectclass ( 2.5.6.13 NAME 'dSA' SUP applicationEntity STRUCTURAL - MAY knowledgeInformation ) - -objectclass ( 2.5.6.14 NAME 'device' SUP top STRUCTURAL - MUST cn - MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) ) - -objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser' SUP top AUXILIARY - MUST userCertificate ) - -objectclass ( 2.5.6.16 NAME 'certificationAuthority' SUP top AUXILIARY - MUST ( authorityRevocationList $ certificateRevocationList $ - cACertificate ) MAY crossCertificatePair ) - -objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames' SUP top STRUCTURAL - MUST ( uniqueMember $ cn ) - MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) ) - -objectclass ( 2.5.6.18 NAME 'userSecurityInformation' SUP top AUXILIARY - MAY ( supportedAlgorithms ) ) - -objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2' SUP - certificationAuthority - AUXILIARY MAY ( deltaRevocationList ) ) - -objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top STRUCTURAL - MUST ( cn ) - MAY ( certificateRevocationList $ authorityRevocationList $ - deltaRevocationList ) ) - -objectclass ( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL - MUST ( dmdName ) - MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ - x121Address $ registeredAddress $ destinationIndicator $ - preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ - telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ - street $ postOfficeBox $ postalCode $ postalAddress $ - physicalDeliveryOfficeName $ st $ l $ description ) ) - -objectclass ( 1.3.6.1.4.1.1466.101.120.111 NAME 'extensibleObject' - DESC 'RFC2252: extensible object' - SUP top AUXILIARY ) - -# -# Standard Track URI label schema from RFC2079 -# -attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' - DESC 'RFC2079: Uniform Resource Identifier with optional label' - EQUALITY caseExactMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) - -objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject' - DESC 'RFC2079: object that contains the URI attribute type' - MAY ( labeledURI ) - SUP top AUXILIARY ) - -# -# Standard Track Dynamic Directory Services from RFC2589 -# -objectclass ( 1.3.6.1.4.1.1466.101.119.2 NAME 'dynamicObject' - DESC 'RFC2589: Dynamic Object' - SUP top AUXILIARY ) - -attributetype ( 1.3.6.1.4.1.1466.101.119.3 NAME 'entryTtl' - DESC 'RFC2589: entry time-to-live' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE - NO-USER-MODIFICATION USAGE dSAOperation ) - -attributetype ( 1.3.6.1.4.1.1466.101.119.4 NAME 'dynamicSubtrees' - DESC 'RFC2589: dynamic subtrees' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION - USAGE dSAOperation ) - -# -# Derived from RFC1274, but with new "short names" -# -attributetype ( 0.9.2342.19200300.100.1.1 - NAME ( 'uid' 'userid' ) - DESC 'RFC1274: user identifier' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) - -attributetype ( 0.9.2342.19200300.100.1.3 - NAME ( 'mail' 'rfc822Mailbox' ) - DESC 'RFC1274: RFC822 Mailbox' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) - -objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' - DESC 'RFC1274: simple security object' - SUP top AUXILIARY - MUST userPassword ) - -# RFC1274 + RFC2247 -attributetype ( 0.9.2342.19200300.100.1.25 - NAME ( 'dc' 'domainComponent' ) - DESC 'RFC1274/2247: domain component' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) - -# RFC2247 -objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject' - DESC 'RFC2247: domain component object' - SUP top AUXILIARY MUST dc ) - - -# From RFC2377 -objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject' - DESC 'RFC2377: uid object' - SUP top AUXILIARY MUST uid ) - -# -# From draft-zeilenga-ldap-nameref-00.txt -# used to represent referrals in the directory -# -attributetype ( 2.16.840.1.113730.3.1.34 NAME 'ref' - DESC 'Named referral' - EQUALITY caseExactMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 - USAGE distributedOperation ) - -objectclass ( 2.16.840.1.113730.3.2.6 NAME 'referral' - DESC 'Named referral object' - SUP top STRUCTURAL MUST ref ) - -# -# LDAPsubEntry -# likely to change! -objectclass ( 2.16.840.1.113719.2.142.6.1.1 NAME 'LDAPsubEntry' - DESC 'LDAP Subentry' - SUP top STRUCTURAL MAY cn ) - -# -# OpenLDAProotDSE -# likely to change! -objectclass ( 1.3.6.1.4.1.4203.1.4.1 - NAME ( 'OpenLDAProotDSE' 'LDAProotDSE' ) - DESC 'OpenLDAP Root DSE object' - SUP top STRUCTURAL MAY cn ) - -# -# From Cosine Pilot -# -attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -# -# From U-Mich -# -attributetype ( 1.3.6.1.4.1.250.1.32 - NAME ( 'krbName' 'kerberosName' ) - DESC 'Kerberos Name' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - SINGLE-VALUE ) - -# -# draft-zeilenga-ldap-features-xx.txt (supportedFeatures) -# -attributetype ( 1.3.6.1.4.1.4203.1.3.5 - NAME 'supportedFeatures' - DESC 'features supported by the server' - EQUALITY objectIdentifierMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 - USAGE dSAOperation ) - -# -# OpenLDAP specific schema items -# -attributetype ( 1.3.6.1.4.1.4203.1.3.1 - NAME 'entry' - DESC 'OpenLDAP ACL entry pseudo-attribute' - SYNTAX 1.3.6.1.4.1.4203.1.1.1 - SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) - -attributetype ( 1.3.6.1.4.1.4203.1.3.2 - NAME 'children' - DESC 'OpenLDAP ACL children pseudo-attribute' - SYNTAX 1.3.6.1.4.1.4203.1.1.1 - SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation ) - -attributetype ( 1.3.6.1.4.1.4203.666.1.5 - NAME 'OpenLDAPaci' - DESC 'OpenLDAP access control information' - EQUALITY OpenLDAPaciMatch - SYNTAX 1.3.6.1.4.1.4203.666.2.1 - USAGE directoryOperation ) diff --git a/data/cosine.schema b/data/cosine.schema deleted file mode 100644 index 373bb0a..0000000 --- a/data/cosine.schema +++ /dev/null @@ -1,2516 +0,0 @@ -# $OpenLDAP: pkg/ldap/servers/slapd/schema/cosine.schema,v 1.6.2.4 2000/09/28 17:35:12 kurt Exp $ -# -# RFC1274: Cosine and Internet X.500 schema -# -# This file contains LDAPv3 schema derived from X.500 COSINE "pilot" -# schema. As this schema was defined for X.500(89), some -# oddities were introduced in the mapping to LDAPv3. The -# mappings were based upon: draft-ietf-asid-ldapv3-attributes-03.txt -# (a work in progress) -# -# Note: It seems that the pilot schema evolved beyond what was -# described in RFC1274. However, this document attempts to describes -# RFC1274 as published. -# -# Depends on core.schema - - -# Network Working Group P. Barker -# Request for Comments: 1274 S. Kille -# University College London -# November 1991 -# -# The COSINE and Internet X.500 Schema -# -# [trimmed] -# -# Abstract -# -# This document suggests an X.500 Directory Schema, or Naming -# Architecture, for use in the COSINE and Internet X.500 pilots. The -# schema is independent of any specific implementation. As well as -# indicating support for the standard object classes and attributes, a -# large number of generally useful object classes and attributes are -# also defined. An appendix to this document includes a machine -# processable version of the schema. -# -# [trimmed] - -# 7. Object Identifiers -# -# Some additional object identifiers are defined for this schema. -# These are also reproduced in Appendix C. -# -# data OBJECT IDENTIFIER ::= {ccitt 9} -# pss OBJECT IDENTIFIER ::= {data 2342} -# ucl OBJECT IDENTIFIER ::= {pss 19200300} -# pilot OBJECT IDENTIFIER ::= {ucl 100} -# -# pilotAttributeType OBJECT IDENTIFIER ::= {pilot 1} -# pilotAttributeSyntax OBJECT IDENTIFIER ::= {pilot 3} -# pilotObjectClass OBJECT IDENTIFIER ::= {pilot 4} -# pilotGroups OBJECT IDENTIFIER ::= {pilot 10} -# -# iA5StringSyntax OBJECT IDENTIFIER ::= {pilotAttributeSyntax 4} -# caseIgnoreIA5StringSyntax OBJECT IDENTIFIER ::= -# {pilotAttributeSyntax 5} -# -# 8. Object Classes -# [relocated after 9] - -# -# 9. Attribute Types -# -# 9.1. X.500 standard attribute types -# -# A number of generally useful attribute types are defined in X.520, -# and these are supported. Refer to that document for descriptions of -# the suggested usage of these attribute types. The ASN.1 for these -# attribute types is reproduced for completeness in Appendix C. -# -# 9.2. X.400 standard attribute types -# -# The standard X.400 attribute types are supported. See X.402 for full -# details. The ASN.1 for these attribute types is reproduced in -# Appendix C. -# -# 9.3. COSINE/Internet attribute types -# -# This section describes all the attribute types defined for use in the -# COSINE and Internet pilots. Descriptions are given as to the -# suggested usage of these attribute types. The ASN.1 for these -# attribute types is reproduced in Appendix C. -# -# 9.3.1. Userid -# -# The Userid attribute type specifies a computer system login name. -# -# userid ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-user-identifier)) -# ::= {pilotAttributeType 1} -# -#(in core.schema) -##attributetype ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) -## EQUALITY caseIgnoreMatch -## SUBSTR caseIgnoreSubstringsMatch -## SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) - -# 9.3.2. Text Encoded O/R Address -# -# The Text Encoded O/R Address attribute type specifies a text encoding -# of an X.400 O/R address, as specified in RFC 987. The use of this -# attribute is deprecated as the attribute is intended for interim use -# only. This attribute will be the first candidate for the attribute -# expiry mechanisms! -# -# textEncodedORAddress ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-text-encoded-or-address)) -# ::= {pilotAttributeType 2} -# -attributetype ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) - -# 9.3.3. RFC 822 Mailbox -# -# The RFC822 Mailbox attribute type specifies an electronic mailbox -# attribute following the syntax specified in RFC 822. Note that this -# attribute should not be used for greybook or other non-Internet order -# mailboxes. -# -# rfc822Mailbox ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreIA5StringSyntax -# (SIZE (1 .. ub-rfc822-mailbox)) -# ::= {pilotAttributeType 3} -# -#(in core.schema) -##attributetype ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' ) -## EQUALITY caseIgnoreIA5Match -## SUBSTR caseIgnoreIA5SubstringsMatch -## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) - -# 9.3.4. Information -# -# The Information attribute type specifies any general information -# pertinent to an object. It is recommended that specific usage of -# this attribute type is avoided, and that specific requirements are -# met by other (possibly additional) attribute types. -# -# info ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-information)) -# ::= {pilotAttributeType 4} -# -attributetype ( 0.9.2342.19200300.100.1.4 NAME 'info' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048} ) - - -# 9.3.5. Favourite Drink -# -# The Favourite Drink attribute type specifies the favourite drink of -# an object (or person). -# -# favouriteDrink ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-favourite-drink)) -# ::= {pilotAttributeType 5} -# -attributetype ( 0.9.2342.19200300.100.1.5 - NAME ( 'drink' 'favouriteDrink' ) - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) - -# 9.3.6. Room Number -# -# The Room Number attribute type specifies the room number of an -# object. Note that the commonName attribute should be used for naming -# room objects. -# -# roomNumber ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-room-number)) -# ::= {pilotAttributeType 6} -# -attributetype ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) - -# 9.3.7. Photo -# -# The Photo attribute type specifies a "photograph" for an object. -# This should be encoded in G3 fax as explained in recommendation T.4, -# with an ASN.1 wrapper to make it compatible with an X.400 BodyPart as -# defined in X.420. -# -# IMPORT G3FacsimileBodyPart FROM { mhs-motis ipms modules -# information-objects } -# -# photo ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# CHOICE { -# g3-facsimile [3] G3FacsimileBodyPart -# } -# (SIZE (1 .. ub-photo)) -# ::= {pilotAttributeType 7} -# -attributetype ( 0.9.2342.19200300.100.1.7 NAME 'photo' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000} ) - -# 9.3.8. User Class -# -# The User Class attribute type specifies a category of computer user. -# The semantics placed on this attribute are for local interpretation. -# Examples of current usage od this attribute in academia are -# undergraduate student, researcher, lecturer, etc. Note that the -# organizationalStatus attribute may now often be preferred as it makes -# no distinction between computer users and others. -# -# userClass ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-user-class)) -# ::= {pilotAttributeType 8} -# -attributetype ( 0.9.2342.19200300.100.1.8 NAME 'userClass' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) - -# 9.3.9. Host -# -# The Host attribute type specifies a host computer. -# -# host ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-host)) -# ::= {pilotAttributeType 9} -# -attributetype ( 0.9.2342.19200300.100.1.9 NAME 'host' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) - -# 9.3.10. Manager -# -# The Manager attribute type specifies the manager of an object -# represented by an entry. -# -# manager ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# distinguishedNameSyntax -# ::= {pilotAttributeType 10} -# -attributetype ( 0.9.2342.19200300.100.1.10 NAME 'manager' - EQUALITY distinguishedNameMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) - -# 9.3.11. Document Identifier -# -# The Document Identifier attribute type specifies a unique identifier -# for a document. -# -# documentIdentifier ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-document-identifier)) -# ::= {pilotAttributeType 11} -# -attributetype ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) - -# 9.3.12. Document Title -# -# The Document Title attribute type specifies the title of a document. -# -# documentTitle ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-document-title)) -# ::= {pilotAttributeType 12} -# -attributetype ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) - -# 9.3.13. Document Version -# -# The Document Version attribute type specifies the version number of a -# document. -# -# documentVersion ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-document-version)) -# ::= {pilotAttributeType 13} -# -attributetype ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) - -# 9.3.14. Document Author -# -# The Document Author attribute type specifies the distinguished name -# of the author of a document. -# -# documentAuthor ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# distinguishedNameSyntax -# ::= {pilotAttributeType 14} -# -attributetype ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor' - EQUALITY distinguishedNameMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) - -# 9.3.15. Document Location -# -# The Document Location attribute type specifies the location of the -# document original. -# -# documentLocation ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-document-location)) -# ::= {pilotAttributeType 15} -# -attributetype ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) - -# 9.3.16. Home Telephone Number -# -# The Home Telephone Number attribute type specifies a home telephone -# number associated with a person. Attribute values should follow the -# agreed format for international telephone numbers: i.e., "+44 71 123 -# 4567". -# -# homeTelephoneNumber ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# telephoneNumberSyntax -# ::= {pilotAttributeType 20} -# -attributetype ( 0.9.2342.19200300.100.1.20 - NAME ( 'homePhone' 'homeTelephoneNumber' ) - EQUALITY telephoneNumberMatch - SUBSTR telephoneNumberSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) - -# 9.3.17. Secretary -# -# The Secretary attribute type specifies the secretary of a person. -# The attribute value for Secretary is a distinguished name. -# -# secretary ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# distinguishedNameSyntax -# ::= {pilotAttributeType 21} -# -attributetype ( 0.9.2342.19200300.100.1.21 NAME 'secretary' - EQUALITY distinguishedNameMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) - -# 9.3.18. Other Mailbox -# -# The Other Mailbox attribute type specifies values for electronic -# mailbox types other than X.400 and rfc822. -# -# otherMailbox ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# SEQUENCE { -# mailboxType PrintableString, -- e.g. Telemail -# mailbox IA5String -- e.g. X378:Joe -# } -# ::= {pilotAttributeType 22} -# -attributetype ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.39 ) - -# 9.3.19. Last Modified Time -# -# The Last Modified Time attribute type specifies the last time, in UTC -# time, that an entry was modified. Ideally, this attribute should be -# maintained by the DSA. -# -# lastModifiedTime ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# uTCTimeSyntax -# ::= {pilotAttributeType 23} -# -## OBSOLETE -attributetype ( 0.9.2342.19200300.100.1.23 NAME 'lastModifiedTime' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.53 ) - -# 9.3.20. Last Modified By -# -# The Last Modified By attribute specifies the distinguished name of -# the last user to modify the associated entry. Ideally, this -# attribute should be maintained by the DSA. -# -# lastModifiedBy ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# distinguishedNameSyntax -# ::= {pilotAttributeType 24} -# - -## OBSOLETE -attributetype ( 0.9.2342.19200300.100.1.24 NAME 'lastModifiedBy' - EQUALITY distinguishedNameMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) - -# 9.3.21. Domain Component -# -# The Domain Component attribute type specifies a DNS/NRS domain. For -# example, "uk" or "ac". -# -# domainComponent ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreIA5StringSyntax -# SINGLE VALUE -# ::= {pilotAttributeType 25} -# -##(in core.schema) -##attributetype ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainComponent' ) -## EQUALITY caseIgnoreIA5Match -## SUBSTR caseIgnoreIA5SubstringsMatch -## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) - -# 9.3.22. DNS ARecord -# -# The A Record attribute type specifies a type A (Address) DNS resource -# record [6] [7]. -# -# aRecord ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# DNSRecordSyntax -# ::= {pilotAttributeType 26} -# -## incorrect syntax? -attributetype ( 0.9.2342.19200300.100.1.26 NAME 'aRecord' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -## missing from RFC1274 -## incorrect syntax? -attributetype ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -# 9.3.23. MX Record -# -# The MX Record attribute type specifies a type MX (Mail Exchange) DNS -# resource record [6] [7]. -# -# mXRecord ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# DNSRecordSyntax -# ::= {pilotAttributeType 28} -# -## incorrect syntax!! -attributetype ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -# 9.3.24. NS Record -# -# The NS Record attribute type specifies an NS (Name Server) DNS -# resource record [6] [7]. -# -# nSRecord ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# DNSRecordSyntax -# ::= {pilotAttributeType 29} -# -## incorrect syntax!! -attributetype ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -# 9.3.25. SOA Record -# -# The SOA Record attribute type specifies a type SOA (Start of -# Authority) DNS resorce record [6] [7]. -# -# sOARecord ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# DNSRecordSyntax -# ::= {pilotAttributeType 30} -# -## incorrect syntax!! -attributetype ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -# 9.3.26. CNAME Record -# -# The CNAME Record attribute type specifies a type CNAME (Canonical -# Name) DNS resource record [6] [7]. -# -# cNAMERecord ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# iA5StringSyntax -# ::= {pilotAttributeType 31} -# -## incorrect syntax!! -attributetype ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -# 9.3.27. Associated Domain -# -# The Associated Domain attribute type specifies a DNS or NRS domain -# which is associated with an object in the DIT. For example, the entry -# in the DIT with a distinguished name "C=GB, O=University College -# London" would have an associated domain of "UCL.AC.UK. Note that all -# domains should be represented in rfc822 order. See [3] for more -# details of usage of this attribute. -# -# associatedDomain ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreIA5StringSyntax -# ::= {pilotAttributeType 37} -# -#attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain' -# EQUALITY caseIgnoreIA5Match -# SUBSTR caseIgnoreIA5SubstringsMatch -# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) - -# 9.3.28. Associated Name -# -# The Associated Name attribute type specifies an entry in the -# organisational DIT associated with a DNS/NRS domain. See [3] for -# more details of usage of this attribute. -# -# associatedName ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# distinguishedNameSyntax -# ::= {pilotAttributeType 38} -# -attributetype ( 0.9.2342.19200300.100.1.38 NAME 'associatedName' - EQUALITY distinguishedNameMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) - -# 9.3.29. Home postal address -# -# The Home postal address attribute type specifies a home postal -# address for an object. This should be limited to up to 6 lines of 30 -# characters each. -# -# homePostalAddress ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# postalAddress -# MATCHES FOR EQUALITY -# ::= {pilotAttributeType 39} -# -attributetype ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress' - EQUALITY caseIgnoreListMatch - SUBSTR caseIgnoreListSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 ) - -# 9.3.30. Personal Title -# -# The Personal Title attribute type specifies a personal title for a -# person. Examples of personal titles are "Ms", "Dr", "Prof" and "Rev". -# -# personalTitle ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-personal-title)) -# ::= {pilotAttributeType 40} -# -attributetype ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) - -# 9.3.31. Mobile Telephone Number -# -# The Mobile Telephone Number attribute type specifies a mobile -# telephone number associated with a person. Attribute values should -# follow the agreed format for international telephone numbers: i.e., -# "+44 71 123 4567". -# -# mobileTelephoneNumber ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# telephoneNumberSyntax -# ::= {pilotAttributeType 41} -# -attributetype ( 0.9.2342.19200300.100.1.41 - NAME ( 'mobile' 'mobileTelephoneNumber' ) - EQUALITY telephoneNumberMatch - SUBSTR telephoneNumberSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) - -# 9.3.32. Pager Telephone Number -# -# The Pager Telephone Number attribute type specifies a pager telephone -# number for an object. Attribute values should follow the agreed -# format for international telephone numbers: i.e., "+44 71 123 4567". -# -# pagerTelephoneNumber ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# telephoneNumberSyntax -# ::= {pilotAttributeType 42} -# -attributetype ( 0.9.2342.19200300.100.1.42 - NAME ( 'pager' 'pagerTelephoneNumber' ) - EQUALITY telephoneNumberMatch - SUBSTR telephoneNumberSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 ) - -# 9.3.33. Friendly Country Name -# -# The Friendly Country Name attribute type specifies names of countries -# in human readable format. The standard attribute country name must -# be one of the two-letter codes defined in ISO 3166. -# -# friendlyCountryName ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# ::= {pilotAttributeType 43} -# -attributetype ( 0.9.2342.19200300.100.1.43 - NAME ( 'co' 'friendlyCountryName' ) - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) - -# 9.3.34. Unique Identifier -# -# The Unique Identifier attribute type specifies a "unique identifier" -# for an object represented in the Directory. The domain within which -# the identifier is unique, and the exact semantics of the identifier, -# are for local definition. For a person, this might be an -# institution-wide payroll number. For an organisational unit, it -# might be a department code. -# -# uniqueIdentifier ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-unique-identifier)) -# ::= {pilotAttributeType 44} -# -attributetype ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier' - EQUALITY caseIgnoreMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) - -# 9.3.35. Organisational Status -# -# The Organisational Status attribute type specifies a category by -# which a person is often referred to in an organisation. Examples of -# usage in academia might include undergraduate student, researcher, -# lecturer, etc. -# -# A Directory administrator should probably consider carefully the -# distinctions between this and the title and userClass attributes. -# -# organizationalStatus ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-organizational-status)) -# ::= {pilotAttributeType 45} -# -attributetype ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) - -# 9.3.36. Janet Mailbox -# -# The Janet Mailbox attribute type specifies an electronic mailbox -# attribute following the syntax specified in the Grey Book of the -# Coloured Book series. This attribute is intended for the convenience -# of U.K users unfamiliar with rfc822 and little-endian mail addresses. -# Entries using this attribute MUST also include an rfc822Mailbox -# attribute. -# -# janetMailbox ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreIA5StringSyntax -# (SIZE (1 .. ub-janet-mailbox)) -# ::= {pilotAttributeType 46} -# -attributetype ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox' - EQUALITY caseIgnoreIA5Match - SUBSTR caseIgnoreIA5SubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) - -# 9.3.37. Mail Preference Option -# -# An attribute to allow users to indicate a preference for inclusion of -# their names on mailing lists (electronic or physical). The absence -# of such an attribute should be interpreted as if the attribute was -# present with value "no-list-inclusion". This attribute should be -# interpreted by anyone using the directory to derive mailing lists, -# and its value respected. -# -# mailPreferenceOption ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX ENUMERATED { -# no-list-inclusion(0), -# any-list-inclusion(1), -- may be added to any lists -# professional-list-inclusion(2) -# -- may be added to lists -# -- which the list provider -# -- views as related to the -# -- users professional inter- -# -- ests, perhaps evaluated -# -- from the business of the -# -- organisation or keywords -# -- in the entry. -# } -# ::= {pilotAttributeType 47} -# -attributetype ( 0.9.2342.19200300.100.1.47 - NAME 'mailPreferenceOption' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) - -# 9.3.38. Building Name -# -# The Building Name attribute type specifies the name of the building -# where an organisation or organisational unit is based. -# -# buildingName ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-building-name)) -# ::= {pilotAttributeType 48} -# -attributetype ( 0.9.2342.19200300.100.1.48 NAME 'buildingName' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) - -# 9.3.39. DSA Quality -# -# The DSA Quality attribute type specifies the purported quality of a -# DSA. It allows a DSA manager to indicate the expected level of -# availability of the DSA. See [8] for details of the syntax. -# -# dSAQuality ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX DSAQualitySyntax -# SINGLE VALUE -# ::= {pilotAttributeType 49} -# -attributetype ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.19 SINGLE-VALUE ) - -# 9.3.40. Single Level Quality -# -# The Single Level Quality attribute type specifies the purported data -# quality at the level immediately below in the DIT. See [8] for -# details of the syntax. -# -# singleLevelQuality ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX DataQualitySyntax -# SINGLE VALUE -# ::= {pilotAttributeType 50} -# -attributetype ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE ) - -# 9.3.41. Subtree Minimum Quality -# -# The Subtree Minimum Quality attribute type specifies the purported -# minimum data quality for a DIT subtree. See [8] for more discussion -# and details of the syntax. -# -# subtreeMinimumQuality ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX DataQualitySyntax -# SINGLE VALUE -# -- Defaults to singleLevelQuality -# ::= {pilotAttributeType 51} -# -attributetype ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQuality' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE ) - -# 9.3.42. Subtree Maximum Quality -# -# The Subtree Maximum Quality attribute type specifies the purported -# maximum data quality for a DIT subtree. See [8] for more discussion -# and details of the syntax. -# -# subtreeMaximumQuality ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX DataQualitySyntax -# SINGLE VALUE -# -- Defaults to singleLevelQuality -# ::= {pilotAttributeType 52} -# -attributetype ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQuality' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.13 SINGLE-VALUE ) - -# 9.3.43. Personal Signature -# -# The Personal Signature attribute type allows for a representation of -# a person's signature. This should be encoded in G3 fax as explained -# in recommendation T.4, with an ASN.1 wrapper to make it compatible -# with an X.400 BodyPart as defined in X.420. -# -# IMPORT G3FacsimileBodyPart FROM { mhs-motis ipms modules -# information-objects } -# -# personalSignature ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# CHOICE { -# g3-facsimile [3] G3FacsimileBodyPart -# } -# (SIZE (1 .. ub-personal-signature)) -# ::= {pilotAttributeType 53} -# -attributetype ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.23 ) - -# 9.3.44. DIT Redirect -# -# The DIT Redirect attribute type is used to indicate that the object -# described by one entry now has a newer entry in the DIT. The entry -# containing the redirection attribute should be expired after a -# suitable grace period. This attribute may be used when an individual -# changes his/her place of work, and thus acquires a new organisational -# DN. -# -# dITRedirect ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# distinguishedNameSyntax -# ::= {pilotAttributeType 54} -# -attributetype ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect' - EQUALITY distinguishedNameMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) - -# 9.3.45. Audio -# -# The Audio attribute type allows the storing of sounds in the -# Directory. The attribute uses a u-law encoded sound file as used by -# the "play" utility on a Sun 4. This is an interim format. -# -# audio ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# Audio -# (SIZE (1 .. ub-audio)) -# ::= {pilotAttributeType 55} -# -attributetype ( 0.9.2342.19200300.100.1.55 NAME 'audio' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000} ) - -# 9.3.46. Publisher of Document -# -# -# The Publisher of Document attribute is the person and/or organization -# that published a document. -# -# documentPublisher ATTRIBUTE -# WITH ATTRIBUTE SYNTAX caseIgnoreStringSyntax -# ::= {pilotAttributeType 56} -# -attributetype ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) - -# 9.4. Generally useful syntaxes -# -# caseIgnoreIA5StringSyntax ATTRIBUTE-SYNTAX -# IA5String -# MATCHES FOR EQUALITY SUBSTRINGS -# -# iA5StringSyntax ATTRIBUTE-SYNTAX -# IA5String -# MATCHES FOR EQUALITY SUBSTRINGS -# -# -# -- Syntaxes to support the DNS attributes -# -# DNSRecordSyntax ATTRIBUTE-SYNTAX -# IA5String -# MATCHES FOR EQUALITY -# -# -# NRSInformationSyntax ATTRIBUTE-SYNTAX -# NRSInformation -# MATCHES FOR EQUALITY -# -# -# NRSInformation ::= SET { -# [0] Context, -# [1] Address-space-id, -# routes [2] SEQUENCE OF SEQUENCE { -# Route-cost, -# Addressing-info } -# } -# -# -# 9.5. Upper bounds on length of attribute values -# -# -# ub-document-identifier INTEGER ::= 256 -# -# ub-document-location INTEGER ::= 256 -# -# ub-document-title INTEGER ::= 256 -# -# ub-document-version INTEGER ::= 256 -# -# ub-favourite-drink INTEGER ::= 256 -# -# ub-host INTEGER ::= 256 -# -# ub-information INTEGER ::= 2048 -# -# ub-unique-identifier INTEGER ::= 256 -# -# ub-personal-title INTEGER ::= 256 -# -# ub-photo INTEGER ::= 250000 -# -# ub-rfc822-mailbox INTEGER ::= 256 -# -# ub-room-number INTEGER ::= 256 -# -# ub-text-or-address INTEGER ::= 256 -# -# ub-user-class INTEGER ::= 256 -# -# ub-user-identifier INTEGER ::= 256 -# -# ub-organizational-status INTEGER ::= 256 -# -# ub-janet-mailbox INTEGER ::= 256 -# -# ub-building-name INTEGER ::= 256 -# -# ub-personal-signature ::= 50000 -# -# ub-audio INTEGER ::= 250000 -# - -# [back to 8] -# 8. Object Classes -# -# 8.1. X.500 standard object classes -# -# A number of generally useful object classes are defined in X.521, and -# these are supported. Refer to that document for descriptions of the -# suggested usage of these object classes. The ASN.1 for these object -# classes is reproduced for completeness in Appendix C. -# -# 8.2. X.400 standard object classes -# -# A number of object classes defined in X.400 are supported. Refer to -# X.402 for descriptions of the usage of these object classes. The -# ASN.1 for these object classes is reproduced for completeness in -# Appendix C. -# -# 8.3. COSINE/Internet object classes -# -# This section attempts to fuse together the object classes designed -# for use in the COSINE and Internet pilot activities. Descriptions -# are given of the suggested usage of these object classes. The ASN.1 -# for these object classes is also reproduced in Appendix C. -# -# 8.3.1. Pilot Object -# -# The PilotObject object class is used as a sub-class to allow some -# common, useful attributes to be assigned to entries of all other -# object classes. -# -# pilotObject OBJECT-CLASS -# SUBCLASS OF top -# MAY CONTAIN { -# info, -# photo, -# manager, -# uniqueIdentifier, -# lastModifiedTime, -# lastModifiedBy, -# dITRedirect, -# audio} -# ::= {pilotObjectClass 3} -# -objectclass ( 0.9.2342.19200300.100.4.3 NAME 'pilotObject' - SUP top AUXILIARY - MAY ( info $ photo $ manager $ uniqueIdentifier $ - lastModifiedTime $ lastModifiedBy $ dITRedirect $ audio ) - ) - -# 8.3.2. Pilot Person -# -# The PilotPerson object class is used as a sub-class of person, to -# allow the use of a number of additional attributes to be assigned to -# entries of object class person. -# -# pilotPerson OBJECT-CLASS -# SUBCLASS OF person -# MAY CONTAIN { -# userid, -# textEncodedORAddress, -# rfc822Mailbox, -# favouriteDrink, -# roomNumber, -# userClass, -# homeTelephoneNumber, -# homePostalAddress, -# secretary, -# personalTitle, -# preferredDeliveryMethod, -# businessCategory, -# janetMailbox, -# otherMailbox, -# mobileTelephoneNumber, -# pagerTelephoneNumber, -# organizationalStatus, -# mailPreferenceOption, -# personalSignature} -# ::= {pilotObjectClass 4} -# -objectclass ( 0.9.2342.19200300.100.4.4 - NAME ( 'pilotPerson' 'newPilotPerson' ) - SUP person STRUCTURAL - MAY ( userid $ textEncodedORAddress $ rfc822Mailbox $ - favouriteDrink $ roomNumber $ userClass $ - homeTelephoneNumber $ homePostalAddress $ secretary $ - personalTitle $ preferredDeliveryMethod $ businessCategory $ - janetMailbox $ otherMailbox $ mobileTelephoneNumber $ - pagerTelephoneNumber $ organizationalStatus $ - mailPreferenceOption $ personalSignature ) - ) - -# 8.3.3. Account -# -# The Account object class is used to define entries representing -# computer accounts. The userid attribute should be used for naming -# entries of this object class. -# -# account OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# userid} -# MAY CONTAIN { -# description, -# seeAlso, -# localityName, -# organizationName, -# organizationalUnitName, -# host} -# ::= {pilotObjectClass 5} -# -objectclass ( 0.9.2342.19200300.100.4.5 NAME 'account' - SUP top STRUCTURAL - MUST userid - MAY ( description $ seeAlso $ localityName $ - organizationName $ organizationalUnitName $ host ) - ) - -# 8.3.4. Document -# -# The Document object class is used to define entries which represent -# documents. -# -# document OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# documentIdentifier} -# MAY CONTAIN { -# commonName, -# description, -# seeAlso, -# localityName, -# organizationName, -# organizationalUnitName, -# documentTitle, -# documentVersion, -# documentAuthor, -# documentLocation, -# documentPublisher} -# ::= {pilotObjectClass 6} -# -objectclass ( 0.9.2342.19200300.100.4.6 NAME 'document' - SUP top STRUCTURAL - MUST documentIdentifier - MAY ( commonName $ description $ seeAlso $ localityName $ - organizationName $ organizationalUnitName $ - documentTitle $ documentVersion $ documentAuthor $ - documentLocation $ documentPublisher ) - ) - -# 8.3.5. Room -# -# The Room object class is used to define entries representing rooms. -# The commonName attribute should be used for naming pentries of this -# object class. -# -# room OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# commonName} -# MAY CONTAIN { -# roomNumber, -# description, -# seeAlso, -# telephoneNumber} -# ::= {pilotObjectClass 7} -# -objectclass ( 0.9.2342.19200300.100.4.7 NAME 'room' - SUP top STRUCTURAL - MUST commonName - MAY ( roomNumber $ description $ seeAlso $ telephoneNumber ) - ) - -# 8.3.6. Document Series -# -# The Document Series object class is used to define an entry which -# represents a series of documents (e.g., The Request For Comments -# papers). -# -# documentSeries OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# commonName} -# MAY CONTAIN { -# description, -# seeAlso, -# telephoneNumber, -# localityName, -# organizationName, -# organizationalUnitName} -# ::= {pilotObjectClass 9} -# -objectclass ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' - SUP top STRUCTURAL - MUST commonName - MAY ( description $ seeAlso $ telephonenumber $ - localityName $ organizationName $ organizationalUnitName ) - ) - -# 8.3.7. Domain -# -# The Domain object class is used to define entries which represent DNS -# or NRS domains. The domainComponent attribute should be used for -# naming entries of this object class. The usage of this object class -# is described in more detail in [3]. -# -# domain OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# domainComponent} -# MAY CONTAIN { -# associatedName, -# organizationName, -# organizationalAttributeSet} -# ::= {pilotObjectClass 13} -# -## from RFC 2247, we presume that organizationalAttributeSet -## should be expanded as below. -objectclass ( 0.9.2342.19200300.100.4.13 NAME 'domain' - SUP top STRUCTURAL - MUST domainComponent - MAY ( userPassword $ searchGuide $ seeAlso $ - businessCategory $ x121Address $ registeredAddress $ - destinationIndicator $ preferredDeliveryMethod $ - telexNumber $ teletexTerminalIdentifier $ - telephoneNumber $ internationaliSDNNumber $ - facsimileTelephoneNumber $ street $ postOfficeBox $ - postalCode $ postalAddress $ - physicalDeliveryOfficeName $ - stateOrProvinceName $ localityName $ description ) - ) - -# 8.3.8. RFC822 Local Part -# -# The RFC822 Local Part object class is used to define entries which -# represent the local part of RFC822 mail addresses. This treats this -# part of an RFC822 address as a domain. The usage of this object -# class is described in more detail in [3]. -# -# rFC822localPart OBJECT-CLASS -# SUBCLASS OF domain -# MAY CONTAIN { -# commonName, -# surname, -# description, -# seeAlso, -# telephoneNumber, -# postalAttributeSet, -# telecommunicationAttributeSet} -# ::= {pilotObjectClass 14} -# -## not sure what to expand postalAttributeSet and -## telecommunitionAttributeSet to, so they are trimmed -objectclass ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' - SUP domain STRUCTURAL - MAY ( commonName $ surname $ description $ seeAlso $ telephonenumber ) - ) - -# 8.3.9. DNS Domain -# -# The DNS Domain (Domain NameServer) object class is used to define -# entries for DNS domains. The usage of this object class is described -# in more detail in [3]. -# -# dNSDomain OBJECT-CLASS -# SUBCLASS OF domain -# MAY CONTAIN { -# ARecord, -# MDRecord, -# MXRecord, -# NSRecord, -# SOARecord, -# CNAMERecord} -# ::= {pilotObjectClass 15} -# -objectclass ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' - SUP 'domain' STRUCTURAL - MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ - SOARecord $ CNAMERecord ) - ) - -# 8.3.10. Domain Related Object -# -# The Domain Related Object object class is used to define entries -# which represent DNS/NRS domains which are "equivalent" to an X.500 -# domain: e.g., an organisation or organisational unit. The usage of -# this object class is described in more detail in [3]. -# -# domainRelatedObject OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# associatedDomain} -# ::= {pilotObjectClass 17} -# -objectclass ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject' - SUP top AUXILIARY - MUST associatedDomain ) - -# 8.3.11. Friendly Country -# -# The Friendly Country object class is used to define country entries -# in the DIT. The object class is used to allow friendlier naming of -# countries than that allowed by the object class country. The naming -# attribute of object class country, countryName, has to be a 2 letter -# string defined in ISO 3166. -# -# friendlyCountry OBJECT-CLASS -# SUBCLASS OF country -# MUST CONTAIN { -# friendlyCountryName} -# ::= {pilotObjectClass 18} -# -objectclass ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' - SUP country STRUCTURAL - MUST friendlyCountryName ) - -# 8.3.12. Simple Security Object -# -# The Simple Security Object object class is used to allow an entry to -# have a userPassword attribute when an entry's principal object -# classes do not allow userPassword as an attribute type. -# -# simpleSecurityObject OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# userPassword } -# ::= {pilotObjectClass 19} -# -## (in core.schema) -## objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject' -## SUP top AUXILIARY -## MUST userPassword ) - -# 8.3.13. Pilot Organization -# -# The PilotOrganization object class is used as a sub-class of -# organization and organizationalUnit to allow a number of additional -# attributes to be assigned to entries of object classes organization -# and organizationalUnit. -# -# pilotOrganization OBJECT-CLASS -# SUBCLASS OF organization, organizationalUnit -# MAY CONTAIN { -# buildingName} -# ::= {pilotObjectClass 20} -# -objectclass ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization' - SUP ( organization $ organizationalUnit ) STRUCTURAL - MAY buildingName ) - -# 8.3.14. Pilot DSA -# -# The PilotDSA object class is used as a sub-class of the dsa object -# class to allow additional attributes to be assigned to entries for -# DSAs. -# -# pilotDSA OBJECT-CLASS -# SUBCLASS OF dsa -# MUST CONTAIN { -# dSAQuality} -# ::= {pilotObjectClass 21} -# -objectclass ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' - SUP dsa STRUCTURAL - MAY dSAQuality ) - -# 8.3.15. Quality Labelled Data -# -# The Quality Labelled Data object class is used to allow the -# assignment of the data quality attributes to subtrees in the DIT. -# -# See [8] for more details. -# -# qualityLabelledData OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# dSAQuality} -# MAY CONTAIN { -# subtreeMinimumQuality, -# subtreeMaximumQuality} -# ::= {pilotObjectClass 22} -objectclass ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData' - SUP top AUXILIARY - MUST dsaQuality - MAY ( subtreeMinimumQuality $ subtreeMaximumQuality ) - ) - - -# References -# -# [1] CCITT/ISO, "X.500, The Directory - overview of concepts, -# models and services, CCITT /ISO IS 9594. -# -# [2] Kille, S., "The THORN and RARE X.500 Naming Architecture, in -# University College London, Department of Computer Science -# Research Note 89/48, May 1989. -# -# [3] Kille, S., "X.500 and Domains", RFC 1279, University College -# London, November 1991. -# -# [4] Rose, M., "PSI/NYSERNet White Pages Pilot Project: Status -# Report", Technical Report 90-09-10-1, published by NYSERNet -# Inc, 1990. -# -# [5] Craigie, J., "UK Academic Community Directory Service Pilot -# Project, pp. 305-310 in Computer Networks and ISDN Systems -# 17 (1989), published by North Holland. -# -# [6] Mockapetris, P., "Domain Names - Concepts and Facilities", -# RFC 1034, USC/Information Sciences Institute, November 1987. -# -# [7] Mockapetris, P., "Domain Names - Implementation and -# Specification, RFC 1035, USC/Information Sciences Institute, -# November 1987. -# -# [8] Kille, S., "Handling QOS (Quality of service) in the -# Directory," publication in process, March 1991. -# -# -# APPENDIX C - Summary of all Object Classes and Attribute Types -# -# -- Some Important Object Identifiers -# -# data OBJECT IDENTIFIER ::= {ccitt 9} -# pss OBJECT IDENTIFIER ::= {data 2342} -# ucl OBJECT IDENTIFIER ::= {pss 19200300} -# pilot OBJECT IDENTIFIER ::= {ucl 100} -# -# pilotAttributeType OBJECT IDENTIFIER ::= {pilot 1} -# pilotAttributeSyntax OBJECT IDENTIFIER ::= {pilot 3} -# pilotObjectClass OBJECT IDENTIFIER ::= {pilot 4} -# pilotGroups OBJECT IDENTIFIER ::= {pilot 10} -# -# iA5StringSyntax OBJECT IDENTIFIER ::= {pilotAttributeSyntax 4} -# caseIgnoreIA5StringSyntax OBJECT IDENTIFIER ::= -# {pilotAttributeSyntax 5} -# -# -- Standard Object Classes -# -# top OBJECT-CLASS -# MUST CONTAIN { -# objectClass} -# ::= {objectClass 0} -# -# -# alias OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# aliasedObjectName} -# ::= {objectClass 1} -# -# -# country OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# countryName} -# MAY CONTAIN { -# description, -# searchGuide} -# ::= {objectClass 2} -# -# -# locality OBJECT-CLASS -# SUBCLASS OF top -# MAY CONTAIN { -# description, -# localityName, -# stateOrProvinceName, -# searchGuide, -# seeAlso, -# streetAddress} -# ::= {objectClass 3} -# -# -# organization OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# organizationName} -# MAY CONTAIN { -# organizationalAttributeSet} -# ::= {objectClass 4} -# -# -# organizationalUnit OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# organizationalUnitName} -# MAY CONTAIN { -# organizationalAttributeSet} -# ::= {objectClass 5} -# -# -# person OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# commonName, -# surname} -# MAY CONTAIN { -# description, -# seeAlso, -# telephoneNumber, -# userPassword} -# ::= {objectClass 6} -# -# -# organizationalPerson OBJECT-CLASS -# SUBCLASS OF person -# MAY CONTAIN { -# localeAttributeSet, -# organizationalUnitName, -# postalAttributeSet, -# telecommunicationAttributeSet, -# title} -# ::= {objectClass 7} -# -# -# organizationalRole OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# commonName} -# MAY CONTAIN { -# description, -# localeAttributeSet, -# organizationalUnitName, -# postalAttributeSet, -# preferredDeliveryMethod, -# roleOccupant, -# seeAlso, -# telecommunicationAttributeSet} -# ::= {objectClass 8} -# -# -# groupOfNames OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# commonName, -# member} -# MAY CONTAIN { -# description, -# organizationName, -# organizationalUnitName, -# owner, -# seeAlso, -# businessCategory} -# ::= {objectClass 9} -# -# -# residentialPerson OBJECT-CLASS -# SUBCLASS OF person -# MUST CONTAIN { -# localityName} -# MAY CONTAIN { -# localeAttributeSet, -# postalAttributeSet, -# preferredDeliveryMethod, -# telecommunicationAttributeSet, -# businessCategory} -# ::= {objectClass 10} -# -# -# applicationProcess OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# commonName} -# MAY CONTAIN { -# description, -# localityName, -# organizationalUnitName, -# seeAlso} -# ::= {objectClass 11} -# -# -# applicationEntity OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# commonName, -# presentationAddress} -# MAY CONTAIN { -# description, -# localityName, -# organizationName, -# organizationalUnitName, -# seeAlso, -# supportedApplicationContext} -# ::= {objectClass 12} -# -# -# dSA OBJECT-CLASS -# SUBCLASS OF applicationEntity -# MAY CONTAIN { -# knowledgeInformation} -# ::= {objectClass 13} -# -# -# device OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# commonName} -# MAY CONTAIN { -# description, -# localityName, -# organizationName, -# organizationalUnitName, -# owner, -# seeAlso, -# serialNumber} -# ::= {objectClass 14} -# -# -# strongAuthenticationUser OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# userCertificate} -# ::= {objectClass 15} -# -# -# certificationAuthority OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# cACertificate, -# certificateRevocationList, -# authorityRevocationList} -# MAY CONTAIN { -# crossCertificatePair} -# ::= {objectClass 16} -# -# -- Standard MHS Object Classes -# -# mhsDistributionList OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# commonName, -# mhsDLSubmitPermissions, -# mhsORAddresses} -# MAY CONTAIN { -# description, -# organizationName, -# organizationalUnitName, -# owner, -# seeAlso, -# mhsDeliverableContentTypes, -# mhsdeliverableEits, -# mhsDLMembers, -# mhsPreferredDeliveryMethods} -# ::= {mhsObjectClass 0} -# -# -# mhsMessageStore OBJECT-CLASS -# SUBCLASS OF applicationEntity -# MAY CONTAIN { -# description, -# owner, -# mhsSupportedOptionalAttributes, -# mhsSupportedAutomaticActions, -# mhsSupportedContentTypes} -# ::= {mhsObjectClass 1} -# -# -# mhsMessageTransferAgent OBJECT-CLASS -# SUBCLASS OF applicationEntity -# MAY CONTAIN { -# description, -# owner, -# mhsDeliverableContentLength} -# ::= {mhsObjectClass 2} -# -# -# mhsOrganizationalUser OBJECT-CLASS -# SUBCLASS OF organizationalPerson -# MUST CONTAIN { -# mhsORAddresses} -# MAY CONTAIN { -# mhsDeliverableContentLength, -# mhsDeliverableContentTypes, -# mhsDeliverableEits, -# mhsMessageStoreName, -# mhsPreferredDeliveryMethods } -# ::= {mhsObjectClass 3} -# -# -# mhsResidentialUser OBJECT-CLASS -# SUBCLASS OF residentialPerson -# MUST CONTAIN { -# mhsORAddresses} -# MAY CONTAIN { -# mhsDeliverableContentLength, -# mhsDeliverableContentTypes, -# mhsDeliverableEits, -# mhsMessageStoreName, -# mhsPreferredDeliveryMethods } -# ::= {mhsObjectClass 4} -# -# -# mhsUserAgent OBJECT-CLASS -# SUBCLASS OF applicationEntity -# MAY CONTAIN { -# mhsDeliverableContentLength, -# mhsDeliverableContentTypes, -# mhsDeliverableEits, -# mhsORAddresses, -# owner} -# ::= {mhsObjectClass 5} -# -# -# -# -# -- Pilot Object Classes -# -# pilotObject OBJECT-CLASS -# SUBCLASS OF top -# MAY CONTAIN { -# info, -# photo, -# manager, -# uniqueIdentifier, -# lastModifiedTime, -# lastModifiedBy, -# dITRedirect, -# audio} -# ::= {pilotObjectClass 3} -# pilotPerson OBJECT-CLASS -# SUBCLASS OF person -# MAY CONTAIN { -# userid, -# textEncodedORAddress, -# rfc822Mailbox, -# favouriteDrink, -# roomNumber, -# userClass, -# homeTelephoneNumber, -# homePostalAddress, -# secretary, -# personalTitle, -# preferredDeliveryMethod, -# businessCategory, -# janetMailbox, -# otherMailbox, -# mobileTelephoneNumber, -# pagerTelephoneNumber, -# organizationalStatus, -# mailPreferenceOption, -# personalSignature} -# ::= {pilotObjectClass 4} -# -# -# account OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# userid} -# MAY CONTAIN { -# description, -# seeAlso, -# localityName, -# organizationName, -# organizationalUnitName, -# host} -# ::= {pilotObjectClass 5} -# -# -# document OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# documentIdentifier} -# MAY CONTAIN { -# commonName, -# description, -# seeAlso, -# localityName, -# organizationName, -# organizationalUnitName, -# documentTitle, -# documentVersion, -# documentAuthor, -# documentLocation, -# documentPublisher} -# ::= {pilotObjectClass 6} -# -# -# room OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# commonName} -# MAY CONTAIN { -# roomNumber, -# description, -# seeAlso, -# telephoneNumber} -# ::= {pilotObjectClass 7} -# -# -# documentSeries OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# commonName} -# MAY CONTAIN { -# description, -# seeAlso, -# telephoneNumber, -# localityName, -# organizationName, -# organizationalUnitName} -# ::= {pilotObjectClass 9} -# -# -# domain OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# domainComponent} -# MAY CONTAIN { -# associatedName, -# organizationName, -# organizationalAttributeSet} -# ::= {pilotObjectClass 13} -# -# -# rFC822localPart OBJECT-CLASS -# SUBCLASS OF domain -# MAY CONTAIN { -# commonName, -# surname, -# description, -# seeAlso, -# telephoneNumber, -# postalAttributeSet, -# telecommunicationAttributeSet} -# ::= {pilotObjectClass 14} -# -# -# dNSDomain OBJECT-CLASS -# SUBCLASS OF domain -# MAY CONTAIN { -# ARecord, -# MDRecord, -# MXRecord, -# NSRecord, -# SOARecord, -# CNAMERecord} -# ::= {pilotObjectClass 15} -# -# -# domainRelatedObject OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# associatedDomain} -# ::= {pilotObjectClass 17} -# -# -# friendlyCountry OBJECT-CLASS -# SUBCLASS OF country -# MUST CONTAIN { -# friendlyCountryName} -# ::= {pilotObjectClass 18} -# -# -# simpleSecurityObject OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# userPassword } -# ::= {pilotObjectClass 19} -# -# -# pilotOrganization OBJECT-CLASS -# SUBCLASS OF organization, organizationalUnit -# MAY CONTAIN { -# buildingName} -# ::= {pilotObjectClass 20} -# -# -# pilotDSA OBJECT-CLASS -# SUBCLASS OF dsa -# MUST CONTAIN { -# dSAQuality} -# ::= {pilotObjectClass 21} -# -# -# qualityLabelledData OBJECT-CLASS -# SUBCLASS OF top -# MUST CONTAIN { -# dSAQuality} -# MAY CONTAIN { -# subtreeMinimumQuality, -# subtreeMaximumQuality} -# ::= {pilotObjectClass 22} -# -# -# -# -# -- Standard Attribute Types -# -# objectClass ObjectClass -# ::= {attributeType 0} -# -# -# aliasedObjectName AliasedObjectName -# ::= {attributeType 1} -# -# -# knowledgeInformation ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX caseIgnoreString -# ::= {attributeType 2} -# -# -# commonName ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax -# (SIZE (1..ub-common-name)) -# ::= {attributeType 3} -# -# -# surname ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax -# (SIZE (1..ub-surname)) -# ::= {attributeType 4} -# -# -# serialNumber ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX printableStringSyntax -# (SIZE (1..ub-serial-number)) -# ::= {attributeType 5} -# -# -# countryName ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX PrintableString -# (SIZE (1..ub-country-code)) -# SINGLE VALUE -# ::= {attributeType 6} -# -# -# localityName ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax -# (SIZE (1..ub-locality-name)) -# ::= {attributeType 7} -# -# -# stateOrProvinceName ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax -# (SIZE (1..ub-state-name)) -# ::= {attributeType 8} -# -# -# streetAddress ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax -# (SIZE (1..ub-street-address)) -# ::= {attributeType 9} -# -# -# organizationName ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax -# (SIZE (1..ub-organization-name)) -# ::= {attributeType 10} -# -# -# organizationalUnitName ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax -# (SIZE (1..ub-organizational-unit-name)) -# ::= {attributeType 11} -# -# -# title ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax -# (SIZE (1..ub-title)) -# ::= {attributeType 12} -# -# -# description ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax -# (SIZE (1..ub-description)) -# ::= {attributeType 13} -# -# -# searchGuide ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX Guide -# ::= {attributeType 14} -# -# -# businessCategory ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax -# (SIZE (1..ub-business-category)) -# ::= {attributeType 15} -# -# -# postalAddress ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX PostalAddress -# MATCHES FOR EQUALITY -# ::= {attributeType 16} -# -# -# postalCode ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax -# (SIZE (1..ub-postal-code)) -# ::= {attributeType 17} -# -# -# postOfficeBox ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax -# (SIZE (1..ub-post-office-box)) -# ::= {attributeType 18} -# -# -# physicalDeliveryOfficeName ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX caseIgnoreStringSyntax -# (SIZE (1..ub-physical-office-name)) -# ::= {attributeType 19} -# -# -# telephoneNumber ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX telephoneNumberSyntax -# (SIZE (1..ub-telephone-number)) -# ::= {attributeType 20} -# -# -# telexNumber ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX TelexNumber -# (SIZE (1..ub-telex)) -# ::= {attributeType 21} -# -# -# teletexTerminalIdentifier ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX TeletexTerminalIdentifier -# (SIZE (1..ub-teletex-terminal-id)) -# ::= {attributeType 22} -# -# -# facsimileTelephoneNumber ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX FacsimileTelephoneNumber -# ::= {attributeType 23} -# -# -# x121Address ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX NumericString -# (SIZE (1..ub-x121-address)) -# ::= {attributeType 24} -# -# -# internationaliSDNNumber ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX NumericString -# (SIZE (1..ub-isdn-address)) -# ::= {attributeType 25} -# -# -# registeredAddress ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX PostalAddress -# ::= {attributeType 26} -# -# -# destinationIndicator ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX PrintableString -# (SIZE (1..ub-destination-indicator)) -# MATCHES FOR EQUALITY SUBSTRINGS -# ::= {attributeType 27} -# -# -# preferredDeliveryMethod ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX deliveryMethod -# ::= {attributeType 28} -# -# -# presentationAddress ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX PresentationAddress -# MATCHES FOR EQUALITY -# ::= {attributeType 29} -# -# -# supportedApplicationContext ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX objectIdentifierSyntax -# ::= {attributeType 30} -# -# -# member ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax -# ::= {attributeType 31} -# -# -# owner ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax -# ::= {attributeType 32} -# -# -# roleOccupant ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax -# ::= {attributeType 33} -# -# -# seeAlso ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX distinguishedNameSyntax -# ::= {attributeType 34} -# -# -# userPassword ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX Userpassword -# ::= {attributeType 35} -# -# -# userCertificate ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX UserCertificate -# ::= {attributeType 36} -# -# -# cACertificate ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX cACertificate -# ::= {attributeType 37} -# -# -# authorityRevocationList ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX AuthorityRevocationList -# ::= {attributeType 38} -# -# -# certificateRevocationList ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX CertificateRevocationList -# ::= {attributeType 39} -# -# -# crossCertificatePair ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX CrossCertificatePair -# ::= {attributeType 40} -# -# -# -# -# -- Standard MHS Attribute Types -# -# mhsDeliverableContentLength ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX integer -# ::= {mhsAttributeType 0} -# -# -# mhsDeliverableContentTypes ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX oID -# ::= {mhsAttributeType 1} -# -# -# mhsDeliverableEits ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX oID -# ::= {mhsAttributeType 2} -# -# -# mhsDLMembers ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX oRName -# ::= {mhsAttributeType 3} -# -# -# mhsDLSubmitPermissions ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX dLSubmitPermission -# ::= {mhsAttributeType 4} -# -# -# mhsMessageStoreName ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX dN -# ::= {mhsAttributeType 5} -# -# -# mhsORAddresses ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX oRAddress -# ::= {mhsAttributeType 6} -# -# -# mhsPreferredDeliveryMethods ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX deliveryMethod -# ::= {mhsAttributeType 7} -# -# -# mhsSupportedAutomaticActions ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX oID -# ::= {mhsAttributeType 8} -# -# -# mhsSupportedContentTypes ATTRIBUTE -# -# WITH ATTRIBUTE-SYNTAX oID -# ::= {mhsAttributeType 9} -# -# -# mhsSupportedOptionalAttributes ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX oID -# ::= {mhsAttributeType 10} -# -# -# -# -# -- Pilot Attribute Types -# -# userid ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-user-identifier)) -# ::= {pilotAttributeType 1} -# -# -# textEncodedORAddress ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-text-encoded-or-address)) -# ::= {pilotAttributeType 2} -# -# -# rfc822Mailbox ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreIA5StringSyntax -# (SIZE (1 .. ub-rfc822-mailbox)) -# ::= {pilotAttributeType 3} -# -# -# info ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-information)) -# ::= {pilotAttributeType 4} -# -# -# favouriteDrink ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-favourite-drink)) -# ::= {pilotAttributeType 5} -# -# -# roomNumber ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-room-number)) -# ::= {pilotAttributeType 6} -# -# -# photo ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# CHOICE { -# g3-facsimile [3] G3FacsimileBodyPart -# } -# (SIZE (1 .. ub-photo)) -# ::= {pilotAttributeType 7} -# -# -# userClass ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-user-class)) -# ::= {pilotAttributeType 8} -# -# -# host ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-host)) -# ::= {pilotAttributeType 9} -# -# -# manager ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# distinguishedNameSyntax -# ::= {pilotAttributeType 10} -# -# -# documentIdentifier ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-document-identifier)) -# ::= {pilotAttributeType 11} -# -# -# documentTitle ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-document-title)) -# ::= {pilotAttributeType 12} -# -# -# documentVersion ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-document-version)) -# ::= {pilotAttributeType 13} -# -# -# documentAuthor ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# distinguishedNameSyntax -# ::= {pilotAttributeType 14} -# -# -# documentLocation ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-document-location)) -# ::= {pilotAttributeType 15} -# -# -# homeTelephoneNumber ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# telephoneNumberSyntax -# ::= {pilotAttributeType 20} -# -# -# secretary ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# distinguishedNameSyntax -# ::= {pilotAttributeType 21} -# -# -# otherMailbox ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# SEQUENCE { -# mailboxType PrintableString, -- e.g. Telemail -# mailbox IA5String -- e.g. X378:Joe -# } -# ::= {pilotAttributeType 22} -# -# -# lastModifiedTime ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# uTCTimeSyntax -# ::= {pilotAttributeType 23} -# -# -# lastModifiedBy ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# distinguishedNameSyntax -# ::= {pilotAttributeType 24} -# -# -# domainComponent ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreIA5StringSyntax -# SINGLE VALUE -# ::= {pilotAttributeType 25} -# -# -# aRecord ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# DNSRecordSyntax -# ::= {pilotAttributeType 26} -# -# -# mXRecord ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# DNSRecordSyntax -# ::= {pilotAttributeType 28} -# -# -# nSRecord ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# DNSRecordSyntax -# ::= {pilotAttributeType 29} -# -# sOARecord ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# DNSRecordSyntax -# ::= {pilotAttributeType 30} -# -# -# cNAMERecord ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# iA5StringSyntax -# ::= {pilotAttributeType 31} -# -# -# associatedDomain ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreIA5StringSyntax -# ::= {pilotAttributeType 37} -# -# -# associatedName ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# distinguishedNameSyntax -# ::= {pilotAttributeType 38} -# -# -# homePostalAddress ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# postalAddress -# MATCHES FOR EQUALITY -# ::= {pilotAttributeType 39} -# -# -# personalTitle ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-personal-title)) -# ::= {pilotAttributeType 40} -# -# -# mobileTelephoneNumber ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# telephoneNumberSyntax -# ::= {pilotAttributeType 41} -# -# -# pagerTelephoneNumber ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# telephoneNumberSyntax -# ::= {pilotAttributeType 42} -# -# -# friendlyCountryName ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# ::= {pilotAttributeType 43} -# -# -# uniqueIdentifier ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-unique-identifier)) -# ::= {pilotAttributeType 44} -# -# -# organizationalStatus ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-organizational-status)) -# ::= {pilotAttributeType 45} -# -# -# janetMailbox ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreIA5StringSyntax -# (SIZE (1 .. ub-janet-mailbox)) -# ::= {pilotAttributeType 46} -# -# -# mailPreferenceOption ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX ENUMERATED { -# no-list-inclusion(0), -# any-list-inclusion(1), -- may be added to any lists -# professional-list-inclusion(2) -# -- may be added to lists -# -- which the list provider -# -- views as related to the -# -- users professional inter- -# -- ests, perhaps evaluated -# -- from the business of the -# -- organisation or keywords -# -- in the entry. -# } -# ::= {pilotAttributeType 47} -# -# -# buildingName ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# caseIgnoreStringSyntax -# (SIZE (1 .. ub-building-name)) -# ::= {pilotAttributeType 48} -# -# -# dSAQuality ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX DSAQualitySyntax -# SINGLE VALUE -# ::= {pilotAttributeType 49} -# -# -# singleLevelQuality ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX DataQualitySyntax -# SINGLE VALUE -# -# -# subtreeMinimumQuality ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX DataQualitySyntax -# SINGLE VALUE -# -- Defaults to singleLevelQuality -# ::= {pilotAttributeType 51} -# -# -# subtreeMaximumQuality ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX DataQualitySyntax -# SINGLE VALUE -# -- Defaults to singleLevelQuality -# ::= {pilotAttributeType 52} -# -# -# personalSignature ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# CHOICE { -# g3-facsimile [3] G3FacsimileBodyPart -# } -# (SIZE (1 .. ub-personal-signature)) -# ::= {pilotAttributeType 53} -# -# -# dITRedirect ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# distinguishedNameSyntax -# ::= {pilotAttributeType 54} -# -# -# audio ATTRIBUTE -# WITH ATTRIBUTE-SYNTAX -# Audio -# (SIZE (1 .. ub-audio)) -# ::= {pilotAttributeType 55} -# -# documentPublisher ATTRIBUTE -# WITH ATTRIBUTE SYNTAX caseIgnoreStringSyntax -# ::= {pilotAttributeType 56} -# -# -# -# -- Generally useful syntaxes -# -# -# caseIgnoreIA5StringSyntax ATTRIBUTE-SYNTAX -# IA5String -# MATCHES FOR EQUALITY SUBSTRINGS -# -# -# iA5StringSyntax ATTRIBUTE-SYNTAX -# IA5String -# MATCHES FOR EQUALITY SUBSTRINGS -# -# -# -- Syntaxes to support the DNS attributes -# -# DNSRecordSyntax ATTRIBUTE-SYNTAX -# IA5String -# MATCHES FOR EQUALITY -# -# -# NRSInformationSyntax ATTRIBUTE-SYNTAX -# NRSInformation -# MATCHES FOR EQUALITY -# -# -# NRSInformation ::= SET { -# [0] Context, -# [1] Address-space-id, -# routes [2] SEQUENCE OF SEQUENCE { -# Route-cost, -# Addressing-info } -# } -# -# -# -- Upper bounds on length of attribute values -# -# -# ub-document-identifier INTEGER ::= 256 -# -# ub-document-location INTEGER ::= 256 -# -# ub-document-title INTEGER ::= 256 -# -# ub-document-version INTEGER ::= 256 -# -# ub-favourite-drink INTEGER ::= 256 -# -# ub-host INTEGER ::= 256 -# -# ub-information INTEGER ::= 2048 -# -# ub-unique-identifier INTEGER ::= 256 -# -# ub-personal-title INTEGER ::= 256 -# -# ub-photo INTEGER ::= 250000 -# -# ub-rfc822-mailbox INTEGER ::= 256 -# -# ub-room-number INTEGER ::= 256 -# -# ub-text-or-address INTEGER ::= 256 -# -# ub-user-class INTEGER ::= 256 -# -# ub-user-identifier INTEGER ::= 256 -# -# ub-organizational-status INTEGER ::= 256 -# -# ub-janet-mailbox INTEGER ::= 256 -# -# ub-building-name INTEGER ::= 256 -# -# ub-personal-signature ::= 50000 -# -# ub-audio INTEGER ::= 250000 -# -# [remainder of memo trimmed] - diff --git a/data/inetorgperson.schema b/data/inetorgperson.schema deleted file mode 100644 index 105d507..0000000 --- a/data/inetorgperson.schema +++ /dev/null @@ -1,144 +0,0 @@ -# $OpenLDAP: pkg/ldap/servers/slapd/schema/inetorgperson.schema,v 1.4.2.5 2000/11/04 21:35:00 kurt Exp $ -# -# InetOrgPerson (RFC2798) -# -# Depends upon -# Definition of an X.500 Attribute Type and an Object Class to Hold -# Uniform Resource Identifiers (URIs) [RFC2079] -# (core.schema) -# -# A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256] -# (core.schema) -# -# The COSINE and Internet X.500 Schema [RFC1274] (cosine.schema) - -# carLicense -# This multivalued field is used to record the values of the license or -# registration plate associated with an individual. -attributetype ( 2.16.840.1.113730.3.1.1 - NAME 'carLicense' - DESC 'RFC2798: vehicle license or registration plate' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) - -# departmentNumber -# Code for department to which a person belongs. This can also be -# strictly numeric (e.g., 1234) or alphanumeric (e.g., ABC/123). -attributetype ( 2.16.840.1.113730.3.1.2 - NAME 'departmentNumber' - DESC 'RFC2798: identifies a department within an organization' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) - -# displayName -# When displaying an entry, especially within a one-line summary list, it -# is useful to be able to identify a name to be used. Since other attri- -# bute types such as 'cn' are multivalued, an additional attribute type is -# needed. Display name is defined for this purpose. -attributetype ( 2.16.840.1.113730.3.1.241 - NAME 'displayName' - DESC 'RFC2798: preferred name of a person to be used - when displaying entries' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 - SINGLE-VALUE ) - -# employeeNumber -# Numeric or alphanumeric identifier assigned to a person, typically based -# on order of hire or association with an organization. Single valued. -attributetype ( 2.16.840.1.113730.3.1.3 - NAME 'employeeNumber' - DESC 'RFC2798: numerically identifies an employee within an organization' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 - SINGLE-VALUE ) - -# employeeType -# Used to identify the employer to employee relationship. Typical values -# used will be "Contractor", "Employee", "Intern", "Temp", "External", and -# "Unknown" but any value may be used. -attributetype ( 2.16.840.1.113730.3.1.4 - NAME 'employeeType' - DESC 'RFC2798: type of employment for a person' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) - -# jpegPhoto -# Used to store one or more images of a person using the JPEG File -# Interchange Format [JFIF]. -# Note that the jpegPhoto attribute type was defined for use in the -# Internet X.500 pilots but no referencable definition for it could be -# located. -attributetype ( 0.9.2342.19200300.100.1.60 - NAME 'jpegPhoto' - DESC 'a JPEG image' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 ) - -# preferredLanguage -# Used to indicate an individual's preferred written or spoken -# language. This is useful for international correspondence or human- -# computer interaction. Values for this attribute type MUST conform to -# the definition of the Accept-Language header field defined in -# [RFC2068] with one exception: the sequence "Accept-Language" ":" -# should be omitted. This is a single valued attribute type. -attributetype ( 2.16.840.1.113730.3.1.39 - NAME 'preferredLanguage' - DESC 'RFC2798: preferred written or spoken language for a person' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 - SINGLE-VALUE ) - -# userSMIMECertificate -# A PKCS#7 [RFC2315] SignedData, where the content that is signed is -# ignored by consumers of userSMIMECertificate values. It is -# recommended that values have a `contentType' of data with an absent -# `content' field. Values of this attribute contain a person's entire -# certificate chain and an smimeCapabilities field [RFC2633] that at a -# minimum describes their SMIME algorithm capabilities. Values for -# this attribute are to be stored and requested in binary form, as -# 'userSMIMECertificate;binary'. If available, this attribute is -# preferred over the userCertificate attribute for S/MIME applications. -## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary -attributetype ( 2.16.840.1.113730.3.1.40 - NAME 'userSMIMECertificate' - DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) - -# userPKCS12 -# PKCS #12 [PKCS12] provides a format for exchange of personal identity -# information. When such information is stored in a directory service, -# the userPKCS12 attribute should be used. This attribute is to be stored -# and requested in binary form, as 'userPKCS12;binary'. The attribute -# values are PFX PDUs stored as binary data. -## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary -attributetype ( 2.16.840.1.113730.3.1.216 - NAME 'userPKCS12' - DESC 'RFC2798: PKCS #12 PFX PDU for exchange of - personal identity information' - SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) - - -# inetOrgPerson -# The inetOrgPerson represents people who are associated with an -# organization in some way. It is a structural class and is derived -# from the organizationalPerson which is defined in X.521 [X521]. -objectclass ( 2.16.840.1.113730.3.2.2 - NAME 'inetOrgPerson' - DESC 'RFC2798: Internet Organizational Person' - SUP organizationalPerson - STRUCTURAL - MAY ( - audio $ businessCategory $ carLicense $ departmentNumber $ - displayName $ employeeNumber $ employeeType $ givenName $ - homePhone $ homePostalAddress $ initials $ jpegPhoto $ - labeledURI $ mail $ manager $ mobile $ o $ pager $ - photo $ roomNumber $ secretary $ uid $ userCertificate $ - x500uniqueIdentifier $ preferredLanguage $ - userSMIMECertificate $ userPKCS12 ) - ) diff --git a/data/key.pem b/data/key.pem deleted file mode 100644 index 1b52697..0000000 --- a/data/key.pem +++ /dev/null @@ -1,15 +0,0 @@ ------BEGIN RSA PRIVATE KEY----- -MIICXAIBAAKBgQDiUyfJiM81Wswjsq+iSN9NmmuSGM6FeSC4G1oY8kpA+fdJg02B -wa2YrdNZzep0FcqbDIVg1tN/mLoW8on0y7qeJC2J2o35zRRb+HKHfkgNqE6Tv+zn -lCVZYJQ0JP2ogLhq4/eN1TG/pkkjAKQ+bn/NVsDwGzVBA0dXzh3u7OXAlQIDAQAB -AoGBALn/5R731HLg4AwmeblBcmNwmR9ES9XdqkokEHOYC/ZCeDxuMHCHH4fus1eG -pzwn/I5YR/VCGCcw+R6KzV3lYMOy0xOcNv5R+FG/Bp5zU3tr6t5Qj4MDQDslwoxs -+uCmqoC0AQ44GS0p7mo3Eiz3rTESIEDBOwsB+8BhRv3WnKAxAkEA+N5rR6DYHJra -i7hzJBD69f8XsUuAdwT0zPUo7UymsjefKueC9pv0hiIlBXK4ytGvlC5NkWjLstQY -ylLxg5FYrwJBAOjPXVFXNTq4HUCUJJ4eIoldwI+etH/hOQd0civP5Otxm6Xj1BIX -mmbEDTjUTgUM9v9PhugLGj2dbFDtur8yQ/sCQF5RvYrqFL3Smp11jH3QyaxNv6b8 -HHX/NOAw0hANiufkWLikAWiBds0XR7ym3A5SJh8c5V0EwJ7H75VOliXtAhUCQBxp -YhwRJn/aBEfjTGy3hMN624srdR++HrWYMm7CWk+Zd8NRAIqMst0jw/FRh4v6PxJ9 -ZBthb3xhf9yIhqfavI0CQFrhm86VHgvGSbBqEUvMqoDfrtxYGcoe7l40XWuUK2vy -wIU3ezArGkW/MwAEH/vXcdy9TVG7nv4V6xSTANtPfok= ------END RSA PRIVATE KEY----- diff --git a/data/slapd2-conf.in b/data/slapd2-conf.in deleted file mode 100644 index a48d9b1..0000000 --- a/data/slapd2-conf.in +++ /dev/null @@ -1,27 +0,0 @@ -# -# master slapd config -- for testing -# -include ./data/core.schema -include ./data/cosine.schema -include ./data/inetorgperson.schema -schemacheck off -pidfile $TESTDB/slapd.pid -argsfile $TESTDB/slapd.args - -####################################################################### -# ldbm database definitions -####################################################################### - -database ldbm -suffix "$BASEDN" -directory $TESTDB -rootdn "$MANAGERDN" -rootpw $PASSWD - -TLSCertificateFile ./data/cert.pem -TLSCertificateKeyFile ./data/key.pem -#sasl-host localhost -#sasl-realm testing -#sasl-secprops passcred -#sasl-secprops noanonymous -sasl-secprops none diff --git a/lib/Net/LDAP/ASN.pm b/lib/Net/LDAP/ASN.pm deleted file mode 100644 index f8bc0de..0000000 --- a/lib/Net/LDAP/ASN.pm +++ /dev/null @@ -1,366 +0,0 @@ -# $Id: ASN.pm,v 1.5 2001/06/11 16:20:32 gbarr Exp $ - -package Net::LDAP::ASN; - -use Convert::ASN1; - -my $asn = Convert::ASN1->new; - -sub import { - my $pkg = shift; - my $caller = caller; - - foreach my $macro (@_) { - my $obj = $asn->find($macro) - or require Carp and Carp::croak("Unknown macro '$macro'"); - - *{"$caller\::$macro"} = \$obj; - } -} - -$asn->prepare(<error; - - -- We have split LDAPMessage into LDAPResponse and LDAPRequest - -- The purpose of this is two fold - -- 1) for encode we don't want the protocolOp - -- in the hierarchy as it is not really neede - -- 2) For decode we do want it, this allows Net::LDAP::Message::decode - -- to be much simpler. Decode will also be faster due to - -- less elements in the CHOICE - - LDAPRequest ::= SEQUENCE { - messageID MessageID, - --protocolOp - CHOICE { - bindRequest BindRequest, - unbindRequest UnbindRequest, - searchRequest SearchRequest, - modifyRequest ModifyRequest, - addRequest AddRequest, - delRequest DelRequest, - modDNRequest ModifyDNRequest, - compareRequest CompareRequest, - abandonRequest AbandonRequest, - extendedReq ExtendedRequest} - controls [0] Controls OPTIONAL } - - LDAPResponse ::= SEQUENCE { - messageID MessageID, - protocolOp CHOICE { - bindResponse BindResponse, - searchResEntry SearchResultEntry, - searchResDone SearchResultDone, - searchResRef SearchResultReference, - modifyResponse ModifyResponse, - addResponse AddResponse, - delResponse DelResponse, - modDNResponse ModifyDNResponse, - compareResponse CompareResponse, - extendedResp ExtendedResponse } - controls [0] Controls OPTIONAL } - - MessageID ::= INTEGER -- (0 .. maxInt) - - -- maxInt INTEGER ::= 2147483647 -- (2^^31 - 1) -- - - LDAPString ::= OCTET STRING -- UTF8String ?? - - LDAPOID ::= OCTET STRING - - LDAPDN ::= LDAPString - - RelativeLDAPDN ::= LDAPString - - AttributeType ::= LDAPString - - AttributeDescription ::= LDAPString - - AttributeDescriptionList ::= SEQUENCE OF - AttributeDescription - - AttributeValue ::= OCTET STRING - - AttributeValueAssertion ::= SEQUENCE { - attributeDesc AttributeDescription, - assertionValue AssertionValue } - - AssertionValue ::= OCTET STRING - - Attribute ::= SEQUENCE { - type AttributeDescription, - vals SET OF AttributeValue } - - MatchingRuleId ::= LDAPString - - LDAPResult ::= SEQUENCE { - resultCode ENUMERATED { - success (0), - operationsError (1), - protocolError (2), - timeLimitExceeded (3), - sizeLimitExceeded (4), - compareFalse (5), - compareTrue (6), - authMethodNotSupported (7), - strongAuthRequired (8), - -- 9 reserved -- - referral (10), -- new - adminLimitExceeded (11), -- new - unavailableCriticalExtension (12), -- new - confidentialityRequired (13), -- new - saslBindInProgress (14), -- new - noSuchAttribute (16), - undefinedAttributeType (17), - inappropriateMatching (18), - constraintViolation (19), - attributeOrValueExists (20), - invalidAttributeSyntax (21), - -- 22-31 unused -- - noSuchObject (32), - aliasProblem (33), - invalidDNSyntax (34), - -- 35 reserved for undefined isLeaf -- - aliasDereferencingProblem (36), - -- 37-47 unused -- - inappropriateAuthentication (48), - invalidCredentials (49), - insufficientAccessRights (50), - busy (51), - unavailable (52), - unwillingToPerform (53), - loopDetect (54), - -- 55-63 unused -- - namingViolation (64), - objectClassViolation (65), - notAllowedOnNonLeaf (66), - notAllowedOnRDN (67), - entryAlreadyExists (68), - objectClassModsProhibited (69), - -- 70 reserved for CLDAP -- - affectsMultipleDSAs (71), -- new - -- 72-79 unused -- - other (80)} - -- 81-90 reserved for APIs -- - matchedDN LDAPDN, - errorMessage LDAPString, - referral [3] Referral OPTIONAL } - - Referral ::= SEQUENCE OF LDAPURL - - LDAPURL ::= LDAPString -- limited to characters permitted in URLs - - Controls ::= SEQUENCE OF Control - - -- Names changed here for backwards compat with previous - -- Net::LDAP --GMB - Control ::= SEQUENCE { - type LDAPOID, -- controlType - critical BOOLEAN OPTIONAL, -- DEFAULT FALSE, -- criticality - value OCTET STRING OPTIONAL } -- controlValue - - BindRequest ::= [APPLICATION 0] SEQUENCE { - version INTEGER, -- (1 .. 127), - name LDAPDN, - authentication AuthenticationChoice } - - AuthenticationChoice ::= CHOICE { - simple [0] OCTET STRING, - -- 1 and 2 reserved - sasl [3] SaslCredentials } - - SaslCredentials ::= SEQUENCE { - mechanism LDAPString, - credentials OCTET STRING OPTIONAL } - - BindResponse ::= [APPLICATION 1] SEQUENCE { - COMPONENTS OF LDAPResult, - serverSaslCreds [7] OCTET STRING OPTIONAL } - - UnbindRequest ::= [APPLICATION 2] NULL - - SearchRequest ::= [APPLICATION 3] SEQUENCE { - baseObject LDAPDN, - scope ENUMERATED { - baseObject (0), - singleLevel (1), - wholeSubtree (2) } - derefAliases ENUMERATED { - neverDerefAliases (0), - derefInSearching (1), - derefFindingBaseObj (2), - derefAlways (3) } - sizeLimit INTEGER , -- (0 .. maxInt), - timeLimit INTEGER , -- (0 .. maxInt), - typesOnly BOOLEAN, - filter Filter, - attributes AttributeDescriptionList } - - Filter ::= CHOICE { - and [0] SET OF Filter, - or [1] SET OF Filter, - not [2] Filter, - equalityMatch [3] AttributeValueAssertion, - substrings [4] SubstringFilter, - greaterOrEqual [5] AttributeValueAssertion, - lessOrEqual [6] AttributeValueAssertion, - present [7] AttributeDescription, - approxMatch [8] AttributeValueAssertion, - extensibleMatch [9] MatchingRuleAssertion } - - SubstringFilter ::= SEQUENCE { - type AttributeDescription, - -- at least one must be present - substrings SEQUENCE OF CHOICE { - initial [0] LDAPString, - any [1] LDAPString, - final [2] LDAPString } } - - MatchingRuleAssertion ::= SEQUENCE { - matchingRule [1] MatchingRuleId OPTIONAL, - type [2] AttributeDescription OPTIONAL, - matchValue [3] AssertionValue, - dnAttributes [4] BOOLEAN OPTIONAL } -- DEFAULT FALSE } - - SearchResultEntry ::= [APPLICATION 4] SEQUENCE { - objectName LDAPDN, - attributes PartialAttributeList } - - PartialAttributeList ::= SEQUENCE OF SEQUENCE { - type AttributeDescription, - vals SET OF AttributeValue } - - SearchResultReference ::= [APPLICATION 19] SEQUENCE OF LDAPURL - - SearchResultDone ::= [APPLICATION 5] LDAPResult - - ModifyRequest ::= [APPLICATION 6] SEQUENCE { - object LDAPDN, - modification SEQUENCE OF SEQUENCE { - operation ENUMERATED { - add (0), - delete (1), - replace (2) } - modification AttributeTypeAndValues } } - - AttributeTypeAndValues ::= SEQUENCE { - type AttributeDescription, - vals SET OF AttributeValue } - - ModifyResponse ::= [APPLICATION 7] LDAPResult - - AddRequest ::= [APPLICATION 8] SEQUENCE { - objectName LDAPDN, - attributes AttributeList } - - AttributeList ::= SEQUENCE OF SEQUENCE { - type AttributeDescription, - vals SET OF AttributeValue } - - AddResponse ::= [APPLICATION 9] LDAPResult - - DelRequest ::= [APPLICATION 10] LDAPDN - - DelResponse ::= [APPLICATION 11] LDAPResult - - ModifyDNRequest ::= [APPLICATION 12] SEQUENCE { - entry LDAPDN, - newrdn RelativeLDAPDN, - deleteoldrdn BOOLEAN, - newSuperior [0] LDAPDN OPTIONAL } - - ModifyDNResponse ::= [APPLICATION 13] LDAPResult - - CompareRequest ::= [APPLICATION 14] SEQUENCE { - entry LDAPDN, - ava AttributeValueAssertion } - - CompareResponse ::= [APPLICATION 15] LDAPResult - - AbandonRequest ::= [APPLICATION 16] MessageID - - ExtendedRequest ::= [APPLICATION 23] SEQUENCE { - requestName [0] LDAPOID, - requestValue [1] OCTET STRING OPTIONAL } - - ExtendedResponse ::= [APPLICATION 24] SEQUENCE { - COMPONENTS OF LDAPResult, - responseName [10] LDAPOID OPTIONAL, - response [11] OCTET STRING OPTIONAL } - - - VirtualListViewRequest ::= SEQUENCE { - beforeCount INTEGER , --(0 .. maxInt), - afterCount INTEGER , --(0 .. maxInt), - CHOICE { - byoffset [0] SEQUENCE { - offset INTEGER , --(0 .. maxInt), - contentCount INTEGER } --(0 .. maxInt) } - byValue [1] AssertionValue } - -- byValue [1] greaterThanOrEqual assertionValue } - contextID OCTET STRING OPTIONAL } - - VirtualListViewResponse ::= SEQUENCE { - targetPosition INTEGER , --(0 .. maxInt), - contentCount INTEGER , --(0 .. maxInt), - virtualListViewResult ENUMERATED { - success (0), - operatonsError (1), - unwillingToPerform (53), - insufficientAccessRights (50), - busy (51), - timeLimitExceeded (3), - adminLimitExceeded (11), - sortControlMissing (60), - indexRangeError (61), - other (80) } } - - - LDAPEntry ::= COMPONENTS OF AddRequest - - -- Current parser does not allow a named entity following the ::= - -- so we use a COMPONENTS OF hack - SortRequestDummy ::= SEQUENCE { - order SEQUENCE OF SEQUENCE { - type OCTET STRING, - orderingRule [0] OCTET STRING OPTIONAL, - reverseOrder [1] BOOLEAN OPTIONAL } } - - SortRequest ::= COMPONENTS OF SortRequestDummy - - SortResult ::= SEQUENCE { - sortResult ENUMERATED { - success (0), -- results are sorted - operationsError (1), -- server internal failure - timeLimitExceeded (3), -- timelimit reached before - -- sorting was completed - strongAuthRequired (8), -- refused to return sorted - -- results via insecure - -- protocol - adminLimitExceeded (11), -- too many matching entries - -- for the server to sort - noSuchAttribute (16), -- unrecognized attribute - -- type in sort key - inappropriateMatching (18), -- unrecognized or inappro- - -- priate matching rule in - -- sort key - insufficientAccessRights (50), -- refused to return sorted - -- results to this client - busy (51), -- too busy to process - unwillingToPerform (53), -- unable to sort - other (80) } - attributeType [0] AttributeDescription OPTIONAL } - - realSearchControlValue ::= SEQUENCE { - size INTEGER, -- (0..maxInt), - -- requested page size from client - -- result set size estimate from server - cookie OCTET STRING } - - proxyAuthValue ::= SEQUENCE { - proxyDN LDAPDN - } - -LDAP_ASN - -1; - diff --git a/lib/Net/LDAP/Bind.pm b/lib/Net/LDAP/Bind.pm deleted file mode 100644 index ce4ba32..0000000 --- a/lib/Net/LDAP/Bind.pm +++ /dev/null @@ -1,59 +0,0 @@ -# Copyright (c) 1998-2000 Graham Barr . All rights reserved. -# This program is free software; you can redistribute it and/or -# modify it under the same terms as Perl itself. - -package Net::LDAP::Bind; - -use strict; -use Net::LDAP qw(LDAP_SASL_BIND_IN_PROGRESS LDAP_DECODING_ERROR LDAP_SUCCESS); -use Net::LDAP::Message; -use vars qw(@ISA); - -@ISA = qw(Net::LDAP::Message); - -sub _sasl_info { - my $self = shift; - @{$self}{qw(dn saslctrl sasl)} = @_; -} - -sub decode { - my $self = shift; - my $result = shift; - my $bind = $result->{protocolOp}{bindResponse} - or $self->set_error(LDAP_DECODING_ERROR,"LDAP decode error") - and return; - - my $sasl = $self->{sasl}; - my $ldap = $self->parent; - - $ldap->{net_ldap_socket} = $sasl->securesocket($ldap->{net_ldap_socket}) - if $sasl and $bind->{resultCode} == LDAP_SUCCESS; - - return $self->SUPER::decode($result) - unless $bind->{resultCode} == LDAP_SASL_BIND_IN_PROGRESS; - - # tell our LDAP client to forget us as this message has now completed - # all communications with the server - $ldap->_forgetmesg($self); - - $self->{mesgid} = Net::LDAP::Message->NewMesgID(); # Get a new message ID - - my $resp = $sasl->client_step($bind->{serverSaslCreds}); - - $self->encode( - bindRequest => { - version => $ldap->version, - name => $self->{dn}, - authentication => { - sasl => { - mechanism => $sasl->mechanism, - credentials => $resp - } - }, - control => $self->{saslcontrol} - }); - - $ldap->_sendmesg($self); -} - -1; diff --git a/lib/Net/LDAP/Constant.pm b/lib/Net/LDAP/Constant.pm deleted file mode 100644 index f692453..0000000 --- a/lib/Net/LDAP/Constant.pm +++ /dev/null @@ -1,108 +0,0 @@ -# Copyright (c) 1998-2000 Graham Barr . All rights reserved. -# This program is free software; you can redistribute it and/or -# modify it under the same terms as Perl itself. - -package Net::LDAP::Constant; - -use Exporter (); - -@ISA = qw(Exporter); -@EXPORT_OK = ( grep /^LDAP_/, keys %{'Net::LDAP::Constant::'} ); -%EXPORT_TAGS = ( 'all' => \@EXPORT_OK ); - -## -## The constants -## - -sub LDAP_SUCCESS () { 0x00 } -sub LDAP_OPERATIONS_ERROR () { 0x01 } -sub LDAP_PROTOCOL_ERROR () { 0x02 } -sub LDAP_TIMELIMIT_EXCEEDED () { 0x03 } -sub LDAP_SIZELIMIT_EXCEEDED () { 0x04 } -sub LDAP_COMPARE_FALSE () { 0x05 } -sub LDAP_COMPARE_TRUE () { 0x06 } -sub LDAP_STRONG_AUTH_NOT_SUPPORTED () { 0x07 } -sub LDAP_AUTH_METHOD_NOT_SUPPORTED () { 0x07 } -sub LDAP_STRONG_AUTH_REQUIRED () { 0x08 } -sub LDAP_PARTIAL_RESULTS () { 0x09 } -sub LDAP_REFERRAL () { 0x0a } # V3 -sub LDAP_ADMIN_LIMIT_EXCEEDED () { 0x0b } # V3 -sub LDAP_UNAVAILABLE_CRITICAL_EXT () { 0x0c } # V3 -sub LDAP_CONFIDENTIALITY_REQUIRED () { 0x0d } # V3 -sub LDAP_SASL_BIND_IN_PROGRESS () { 0x0e } # V3 - -sub LDAP_NO_SUCH_ATTRIBUTE () { 0x10 } -sub LDAP_UNDEFINED_TYPE () { 0x11 } -sub LDAP_INAPPROPRIATE_MATCHING () { 0x12 } -sub LDAP_CONSTRAINT_VIOLATION () { 0x13 } -sub LDAP_TYPE_OR_VALUE_EXISTS () { 0x14 } -sub LDAP_INVALID_SYNTAX () { 0x15 } - -sub LDAP_NO_SUCH_OBJECT () { 0x20 } -sub LDAP_ALIAS_PROBLEM () { 0x21 } -sub LDAP_INVALID_DN_SYNTAX () { 0x22 } -sub LDAP_IS_LEAF () { 0x23 } -sub LDAP_ALIAS_DEREF_PROBLEM () { 0x24 } - -sub LDAP_INAPPROPRIATE_AUTH () { 0x30 } -sub LDAP_INVALID_CREDENTIALS () { 0x31 } -sub LDAP_INSUFFICIENT_ACCESS () { 0x32 } -sub LDAP_BUSY () { 0x33 } -sub LDAP_UNAVAILABLE () { 0x34 } -sub LDAP_UNWILLING_TO_PERFORM () { 0x35 } -sub LDAP_LOOP_DETECT () { 0x36 } - -sub LDAP_SORT_CONTROL_MISSING () { 0x3C } -sub LDAP_INDEX_RANGE_ERROR () { 0x3D } - -sub LDAP_NAMING_VIOLATION () { 0x40 } -sub LDAP_OBJECT_CLASS_VIOLATION () { 0x41 } -sub LDAP_NOT_ALLOWED_ON_NONLEAF () { 0x42 } -sub LDAP_NOT_ALLOWED_ON_RDN () { 0x43 } -sub LDAP_ALREADY_EXISTS () { 0x44 } -sub LDAP_NO_OBJECT_CLASS_MODS () { 0x45 } -sub LDAP_RESULTS_TOO_LARGE () { 0x46 } -sub LDAP_AFFECTS_MULTIPLE_DSAS () { 0x47 } # V3 - -sub LDAP_OTHER () { 0x50 } -sub LDAP_SERVER_DOWN () { 0x51 } -sub LDAP_LOCAL_ERROR () { 0x52 } -sub LDAP_ENCODING_ERROR () { 0x53 } -sub LDAP_DECODING_ERROR () { 0x54 } -sub LDAP_TIMEOUT () { 0x55 } -sub LDAP_AUTH_UNKNOWN () { 0x56 } -sub LDAP_FILTER_ERROR () { 0x57 } -sub LDAP_USER_CANCELED () { 0x58 } -sub LDAP_PARAM_ERROR () { 0x59 } -sub LDAP_NO_MEMORY () { 0x5a } -sub LDAP_CONNECT_ERROR () { 0x5b } -sub LDAP_NOT_SUPPORTED () { 0x5c } # V3 -sub LDAP_CONTROL_NOT_FOUND () { 0x5d } # V3 -sub LDAP_NO_RESULTS_RETURNED () { 0x5e } # V3 -sub LDAP_MORE_RESULTS_TO_RETURN () { 0x5f } # V3 -sub LDAP_CLIENT_LOOP () { 0x60 } # V3 -sub LDAP_REFERRAL_LIMIT_EXCEEDED () { 0x61 } # V3 - -# LDAP Controls - -sub LDAP_CONTROL_SORTREQUEST () { "1.2.840.113556.1.4.473" } -sub LDAP_CONTROL_SORTRESULT () { "1.2.840.113556.1.4.474" } - -sub LDAP_CONTROL_VLVREQUEST () { "2.16.840.1.113730.3.4.9" } -sub LDAP_CONTROL_VLVRESPONSE () { "2.16.840.1.113730.3.4.10" } -sub LDAP_CONTROL_PROXYAUTHENTICATION () { "2.16.840.1.113730.3.4.12" } - -sub LDAP_CONTROL_PAGED () { "1.2.840.113556.1.4.319" } - -sub LDAP_CONTROL_MATCHEDVALS () { "1.2.826.0.1.3344810.2.2" } - -sub LDAP_CONTROL_MANAGEDSAIT () { "2.16.840.1.113730.3.4.2" } -sub LDAP_CONTROL_PERSISTENTSEARCH () { "2.16.840.1.113730.3.4.3" } -sub LDAP_CONTROL_ENTRYCHANGE () { "2.16.840.1.113730.3.4.7" } -# Password information sent back to client -sub LDAP_CONTROL_PWEXPIRED () { "2.16.840.1.113730.3.4.4" } -sub LDAP_CONTROL_PWEXPIRING () { "2.16.840.1.113730.3.4.5" } -# Client controls we know about -sub LDAP_CONTROL_REFERRALS () { "1.2.840.113556.1.4.616" } - -1; diff --git a/lib/Net/LDAP/Constant.pod b/lib/Net/LDAP/Constant.pod deleted file mode 100644 index df52ee0..0000000 --- a/lib/Net/LDAP/Constant.pod +++ /dev/null @@ -1,347 +0,0 @@ -=head1 NAME - -Net::LDAP::Constant - Constants for use with Net::LDAP - -=head1 SYNOPSIS - - use Net::LDAP qw(LDAP_SUCCESS LDAP_PROTOCOL_ERROR); - - # import all constants - use Net::LDAP qw(:all); - -=head1 DESCRIPTION - -B exports constant subroutines for the following LDAP -error codes. - -=over 4 - -=item LDAP_SUCCESS - -Operation completed without error - -=item LDAP_OPERATIONS_ERROR - -Server encountered an internal error - -=item LDAP_PROTOCOL_ERROR - -Unrecognized version number or incorrect PDU structure - -=item LDAP_TIMELIMIT_EXCEEDED - -The time limit on a search operation has been exceeded - -=item LDAP_SIZELIMIT_EXCEEDED - -The maximum number of search results to return has been exceeded. - -=item LDAP_COMPARE_FALSE - -This code is returned when a compare request completes and the attribute value -given is not in the entry specified - -=item LDAP_COMPARE_TRUE - -This code is returned when a compare request completes and the attribute value -given is in the entry specified - -=item LDAP_AUTH_METHOD_NOT_SUPPORTED - -Unrecognized SASL mechanism name - -=item LDAP_STRONG_AUTH_REQUIRED - -The server requires authentication be performed with a SASL mechanism - -=item LDAP_PARTIAL_RESULTS - -Returned to version 2 clients when a referral is returned. The response -will contain a list of URL's for other servers. - -=item LDAP_REFERRAL - -The server is referring the client to another server. The response will -contain a list of URL's - -=item LDAP_ADMIN_LIMIT_EXCEEDED - -The server has exceed the maximum number of entries to search while gathering -a list of search result candidates - -=item LDAP_UNAVAILABLE_CRITICAL_EXT - -A control or matching rule specified in the request is not supported by -the server - -=item LDAP_CONFIDENTIALITY_REQUIRED - -This result code is returned when confidentiality is required to perform -a given operation - -=item LDAP_SASL_BIND_IN_PROGRESS - -The server requires the client to send a new bind request, with the same SASL -mechanism, to continue the authentication process - -=item LDAP_NO_SUCH_ATTRIBUTE - -The request referenced an attribute that does not exist - -=item LDAP_UNDEFINED_TYPE - -The request contains an undefined attribute type - -=item LDAP_INAPPROPRIATE_MATCHING - -An extensible matching rule in the given filter does not apply to the specified -attribute - -=item LDAP_CONSTRAINT_VIOLATION - -The request contains a value which does not meet with certain constraints. -This result can be returned as a consequence of - -=over 8 - -=item * - -The request was to add or modify a user password, and the password fails to -meet the criteria the server is configured to check. This could be that the -password is too short, or a recognizable word (e.g. it matches one of the -attributes in the users entry) or it matches a previous password used by -the same user. - -=item * - -The request is a bind request to a user account that has been locked - -=back - -=item LDAP_TYPE_OR_VALUE_EXISTS - -The request attempted to add an attribute type or value that already exists - -=item LDAP_INVALID_SYNTAX - -Some part of the request contained an invalid syntax. It could be a search -with an invalid filter or a request to modify the schema and the given -schema has a bad syntax. - -=item LDAP_NO_SUCH_OBJECT - -The server cannot find an object specified in the request - -=item LDAP_ALIAS_PROBLEM - -Server encountered a problem while attempting to dereference an alias - -=item LDAP_INVALID_DN_SYNTAX - -The request contained an invalid DN - -=item LDAP_IS_LEAF - -The specified entry is a leaf entry - -=item LDAP_ALIAS_DEREF_PROBLEM - -Server encountered a problem while attempting to dereference an alias - -=item LDAP_INAPPROPRIATE_AUTH - -The server requires the client which had attempted to bind anonymously or -without supplying credentials to provide some form of credentials - -=item LDAP_INVALID_CREDENTIALS - -The wrong password was supplied or the SASL credentials could not be processed - -=item LDAP_INSUFFICIENT_ACCESS - -The client does not have sufficient access to perform the requested -operation - -=item LDAP_BUSY - -The server is too busy to perform requested operation - -=item LDAP_UNAVAILABLE - -The server in unavailable to perform the request, or the server is -shutting down - -=item LDAP_UNWILLING_TO_PERFORM - -The server is unwilling to perform the requested operation - -=item LDAP_LOOP_DETECT - -The server was unable to perform the request due to an internal loop detected - -=item LDAP_SORT_CONTROL_MISSING - -The search contained a "virtual list view" control, but not a server-side -sorting control, which is required when a "virtual list view" is given. - -=item LDAP_INDEX_RANGE_ERROR - -The search contained a control for a "virtual list view" and the results -exceeded the range specified by the requested offsets. - - -=item LDAP_NAMING_VIOLATION - -The request violates the structure of the DIT - -=item LDAP_OBJECT_CLASS_VIOLATION - -The request specifies a change to an existing entry or the addition of a new -entry that does not comply with the servers schema - -=item LDAP_NOT_ALLOWED_ON_NONLEAF - -The requested operation is not allowed on an entry that has child entries - -=item LDAP_NOT_ALLOWED_ON_RDN - -The requested operation ill affect the RDN of the entry - -=item LDAP_ALREADY_EXISTS - -The client attempted to add an entry that already exists. This can occur as -a result of - -=over 8 - -=item * - -An add request was submitted with a DN that already exists - -=item * - -A modify DN requested was submitted, where the requested new DN already exists - -=item * - -The request is adding an attribute to the schema and an attribute with the -given OID or name already exists - -=back - - -=item LDAP_NO_OBJECT_CLASS_MODS - -Request attempt to modify the object class of an entry that should not be -modified - -=item LDAP_RESULTS_TOO_LARGE - -The results of the request are to large - -=item LDAP_AFFECTS_MULTIPLE_DSAS - -The requested operation needs to be performed on multiple servers where -the requested operation is not permitted - -=item LDAP_OTHER - -An unknown error has occurred - -=item LDAP_SERVER_DOWN - -C cannot establish a connection or the connection has been lost - -=item LDAP_LOCAL_ERROR - -An error occurred in C - -=item LDAP_ENCODING_ERROR - -C encountered an error while encoding the request packet that would -have been sent to the server - -=item LDAP_DECODING_ERROR - -C encountered an error while decoding a response packet from -the server. - -=item LDAP_TIMEOUT - -C timeout while waiting for a response from the server - -=item LDAP_AUTH_UNKNOWN - -The method of authentication requested in a bind request is unknown to -the server - -=item LDAP_FILTER_ERROR - -An error occurred while encoding the given search filter. - -=item LDAP_USER_CANCELED - -The user canceled the operation - -=item LDAP_PARAM_ERROR - -An invalid parameter was specified - -=item LDAP_NO_MEMORY - -Out of memory error - -=item LDAP_CONNECT_ERROR - -A connection to the server could not be established - -=item LDAP_NOT_SUPPORTED - -An attempt has been made to use a feature not supported by Net::LDAP - -=item LDAP_CONTROL_NOT_FOUND - -The controls required to perform the requested operation were not -found. - -=item LDAP_NO_RESULTS_RETURNED - -No results were returned from the server. - -=item LDAP_MORE_RESULTS_TO_RETURN - -There are more results in the chain of results. - -=item LDAP_CLIENT_LOOP - -A loop has been detected. For example when following referals. - -=item LDAP_REFERRAL_LIMIT_EXCEEDED - -The referral hop limit has been exceeded. - -=back - -=head1 SEE ALSO - -L, -L - -=head1 AUTHOR - -Graham Barr - -Please report any bugs, or post any suggestions, to the perl-ldap mailing list - - -=head1 COPYRIGHT - -Copyright (c) 1998-2000 Graham Barr. All rights reserved. This program is -free software; you can redistribute it and/or modify it under the same -terms as Perl itself. - -=for html
- -I<$Id: Constant.pod,v 1.3 2001/08/24 19:31:14 gbarr Exp $> - -=cut diff --git a/lib/Net/LDAP/Control.pm b/lib/Net/LDAP/Control.pm deleted file mode 100644 index 484df4b..0000000 --- a/lib/Net/LDAP/Control.pm +++ /dev/null @@ -1,290 +0,0 @@ -# $Id: Control.pm,v 1.6 2001/08/24 19:31:14 gbarr Exp $ -# Copyright (c) 1999-2000 Graham Barr . All rights reserved. -# This program is free software; you can redistribute it and/or -# modify it under the same terms as Perl itself. - -package Net::LDAP::Control; - -use Net::LDAP::Constant qw(/^LDAP_CONTROL/); -use vars qw($VERSION); -use strict; - -$VERSION = "0.04"; - -my %Pkg2Type = ( - - 'Net::LDAP::Control::Sort' => LDAP_CONTROL_SORTREQUEST, - 'Net::LDAP::Control::SortResult' => LDAP_CONTROL_SORTRESULT, - - 'Net::LDAP::Control::VLV' => LDAP_CONTROL_VLVREQUEST, - 'Net::LDAP::Control::VLVResponse' => LDAP_CONTROL_VLVRESPONSE, - - 'Net::LDAP::Control::Paged' => LDAP_CONTROL_PAGED, - - 'Net::LDAP::Control::ProxyAuth' => LDAP_CONTROL_PROXYAUTHENTICATION, - - - #LDAP_CONTROL_MANAGEDSAIT - #LDAP_CONTROL_PERSISTENTSEARCH - #LDAP_CONTROL_ENTRYCHANGE - # - #LDAP_CONTROL_PWEXPIRED - #LDAP_CONTROL_PWEXPIRING - # - #LDAP_CONTROL_REFERRALS -); - -my %Type2Pkg = reverse %Pkg2Type; - -sub register { - my($class,$oid) = @_; - - require Carp and Carp::croak("$oid is already registered to $Type2Pkg{$oid}") - if exists $Type2Pkg{$oid} and $Type2Pkg{$oid} ne $class; - - require Carp and Carp::croak("$class is already registered to $Pkg2Type{$class}") - if exists $Pkg2Type{$class} and $Pkg2Type{$class} ne $oid; - - $Type2Pkg{$oid} = $class; - $Pkg2Type{$class} = $oid; -} - -sub new { - my $self = shift; - my $pkg = ref($self) || $self; - my $oid = (@_ & 1) ? shift : undef; - my %args = @_; - - $args{'type'} ||= $oid || $Pkg2Type{$pkg} || ''; - - unless ($args{type} =~ /^\d+(?:\.\d+)+$/) { - $args{error} = 'Invalid OID'; - return bless \%args; - } - - if ($pkg eq __PACKAGE__ and exists $Type2Pkg{$args{type}}) { - $pkg = $Type2Pkg{$args{type}}; - eval "require $pkg" or die $@; - } - - delete $args{error}; - - bless(\%args, $pkg)->init; -} - - -sub from_asn { - my $self = shift; - my $asn = shift; - my $class = ref($self) || $self; - - if ($class eq __PACKAGE__ and exists $Type2Pkg{$asn->{type}}) { - $class = $Type2Pkg{$asn->{type}}; - eval "require $class" or die $@; - } - - delete $asn->{error}; - - bless($asn, $class)->init; -} - -sub to_asn { - my $self = shift; - $self->value; # Ensure value is there - delete $self->{critical} unless $self->{critical}; - $self; -} - -sub critical { - my $self = shift; - $self->{critical} = shift if @_; - $self->{critical} || 0; -} - -sub value { - my $self = shift; - $self->{value} = shift if @_; - $self->{value} || undef -} - -sub type { shift->{type} } -sub valid { ! exists shift->{error} } -sub error { shift->{error} } -sub init { shift } - -1; - -__END__ - - -=head1 NAME - -Net::LDAP::Control - LDAPv3 control object base class - -=head1 SYNOPSIS - - use Net::LDAP::Control; - use Net::LDAP::Constant qw( LDAP_CONTROL_MATCHEDVALS ); - - $ctrl = Net::LDAP::Control->new( - type => "1.2.3.4", - value => "help", - critical => 0 - ); - - $mesg = $ldap->search( @args, control => [ $ctrl ]); - - $ctrl = Net::LDAP::Control->new( type => LDAP_CONTROL_MATCHEDVALS ); - -=head1 DESCRIPTION - -C is a base-class for LDAPv3 control objects. - -=cut - -## -## Need more blurb in here about controls -## - -=head1 CONSTRUCTORS - -=over 4 - -=item new ARGS - -ARGS is a list of name/value pairs, valid arguments are. - -=over 4 - -=item critical - -A booloean value, if TRUE and the control is unrecognized by the server or -is inappropriate for the requested operation then the server will return -an error and the operation will not be performed. - -If FALSE and the control is unrecognized by the server or -is inappropriate for the requested operation then the server will ignore -the control and perform the requested operation as if the control was -not given. - -If absent, FALSE is assume. - -=item type - -A dotted-decimal representation of an OBJECT IDENTIFIER which -uniquely identifies the control. This prevents conflicts between -control names. - -This may be ommitted if the contructor is being called on a sub-class of -Net::LDAP::Control which has registered to be associated with an OID. -If the contructor is being called on the Net::LDAP::Control -package, then this argument must be given. If the given OID has been -registered by a package, then the returned object will be of the type -registered to handle that OID. - -=item value - -Optional information associated with the control. It's format is specific -to the particular control. - -=back - -=item from_asn ASN - -ASN is a HASH reference, normally extracted from a PDU. It will contain -a C element and optionally C and C elements. On -return ASN will be blessed into a package. If C is a registered -OID, then ASN will be blessed into the registered package, if not then ASN -will be blessed into Net::LDAP::Control. - -This constructor is used internally by Net::LDAP and assumes that HASH -passed contains a valid control. It should be used with B. - -=back - -=head1 METHODS - -In addition to the methods listed below, each of the named parameters -to C is also avaliable as a method. C will return the OID of -the control object. C and C are set/get methods and will -return the current value for each attribute if called without arguments, -but may also be called with arguments to set new values. - -=over 4 - -=item error - -If there has been an error returns a description of the error, otherwise it will -return C - -=item init - -C will be called as the last step in both contructors. What it does will depend -on the sub-class. It must always return the object. - -=item register OID - -C is provided for sub-class implementors. It should be called as a class method -on a sub-class of Net::LDAP::Control with the OID that the class will handle. Net::LDAP::Control -will remember this class and OID pair and use it in the following -situations. - -=over 4 - -=item * - -C is called as a class method on the Net::LDAP::Control package and OID is passed -as the type. The returned object will be blessed into the package that registered -the OID. - -=item * - -C is called as a class method on a registered package and the C is not -specified. The C will be set to the OID registered by that package. - -=item * - -C is called to construct an object from ASN. The returned object will be -blessed into the package which was registered to handle the OID in the ASN. - -=back - -=item to_asn - -Returns a structure suitable for passing to Convert::ASN1 for -encoding. This method will be called by L when the -control is used. - -The base class implementation of this method will call the C method -without arguments to allow a sub-class to encode it's value. Sub-classes -should not need to override this method. - -=item valid - -Returns true if the object is valid and can be encoded. The default implementation -for this method is to return TRUE if there is no error, but sub-classes may override that. - -=back - -=head1 SEE ALSO - -L - -=head1 AUTHOR - -Graham Barr - -Please report any bugs, or post any suggestions, to the perl-ldap mailing list - - -=head1 COPYRIGHT - -Copyright (c) 1999-2000 Graham Barr. All rights reserved. This program is -free software; you can redistribute it and/or modify it under the same -terms as Perl itself. - -=for html
- -I<$Id: Control.pm,v 1.6 2001/08/24 19:31:14 gbarr Exp $> - -=cut diff --git a/lib/Net/LDAP/Control/Paged.pm b/lib/Net/LDAP/Control/Paged.pm deleted file mode 100644 index b9788ca..0000000 --- a/lib/Net/LDAP/Control/Paged.pm +++ /dev/null @@ -1,165 +0,0 @@ -# $Id: Paged.pm,v 1.4 2001/08/24 19:31:14 gbarr Exp $ -# Copyright (c) 2000 Graham Barr . All rights reserved. -# This program is free software; you can redistribute it and/or -# modify it under the same terms as Perl itself. - -package Net::LDAP::Control::Paged; - -use vars qw(@ISA $VERSION); -use Net::LDAP::Control; - -@ISA = qw(Net::LDAP::Control); -$VERSION = "0.01"; - -use Net::LDAP::ASN qw(realSearchControlValue); -use strict; - -sub init { - my($self) = @_; - - delete $self->{asn}; - - unless (exists $self->{value}) { - $self->{asn} = { - size => $self->{size} || 0, - cookie => defined($self->{cookie}) ? $self->{cookie} : '' - }; - } - - $self; -} - -sub cookie { - my $self = shift; - $self->{asn} ||= $realSearchControlValue->decode($self->{value}); - if (@_) { - delete $self->{value}; - return $self->{asn}{cookie} = defined($_[0]) ? $_[0] : ''; - } - $self->{asn}{cookie}; -} - -sub size { - my $self = shift; - $self->{asn} ||= $realSearchControlValue->decode($self->{value}); - if (@_) { - delete $self->{value}; - return $self->{asn}{size} = shift || 0; - } - $self->{asn}{size}; -} - -sub value { - my $self = shift; - - exists $self->{value} - ? $self->{value} - : $self->{value} = $realSearchControlValue->encode($self->{asn}); -} - -1; - -__END__ - -=head1 NAME - -Net::LDAP::Control::Paged - LDAPv3 Paged results control object - -=head1 SYNOPSIS - - use Net::LDAP; - use Net::LDAP::Control::Paged; - use Net::LDAP::Constant qw( LDAP_CONTROL_PAGED ); - - $ldap = Net::LDAP->new( "ldap.mydomain.eg" ); - - $page = Net::LDAP::Control::Paged->new( size => 100 ); - - @args = ( base => "cn=subnets,cn=sites,cn=configuration,$BASE_DN", - scope => "subtree", - filter => "(objectClass=subnet)", - callback => \&process_entry, # Call this sub for each entry - control => [ $page ], - ); - - my $cookie; - while(1) { - # Perform search - my $mesg = $ldap->search( @args ); - - # Only continue on LDAP_SUCCESS - $mesg->code and last; - - # Get cookie from paged control - my($resp) = $mesg->control( LDAP_CONTROL_PAGED ) or last; - $cookie = $resp->cookie or last; - - # Set cookie in paged control - $page->cookie($cookie); - } - - if ($cookie) { - # We had an abnormal exit, so let the server know we do not want any more - $page->cookie($cookie); - $page->size(0); - $ldap->search( @args ); - } - -=head1 DESCRIPTION - -C provides an interface for the creation and manipulatrion -of objects that represent the C as described by RFC-2696. - -=head1 CONSTRUCTOR ARGUMENTS - -In addition to the constructor arguments described in -L the following are provided. - -=over 4 - -=item cookie - -The value to use as the cookie. This is not normally set when an object is -created, but is set from the cookie value returned bu the server. This associates -a search with a previous search, so the server knows to return the page -of entries following the entries it returned the previous time. - -=item size - -The page size that is required. This is the maximum number of entries that the -server will return to the search request. - -=back - -=head1 METHODS - -As with L each constructor argument -described above is also avaliable as a method on the object which will -return the current value for the attribute if called without an argument, -and set a new value for the attribute if called with an argument. - -=head1 SEE ALSO - -L, -L, -http://info.internet.isi.edu/in-notes/rfc/files/rfc2696.txt - -=head1 AUTHOR - -Graham Barr - -Please report any bugs, or post any suggestions, to the perl-ldap mailing list - - -=head1 COPYRIGHT - -Copyright (c) 2000 Graham Barr. All rights reserved. This program is -free software; you can redistribute it and/or modify it under the same -terms as Perl itself. - -=for html
- -I<$Id: Paged.pm,v 1.4 2001/08/24 19:31:14 gbarr Exp $> - -=cut - diff --git a/lib/Net/LDAP/Control/ProxyAuth.pm b/lib/Net/LDAP/Control/ProxyAuth.pm deleted file mode 100644 index 7b0a454..0000000 --- a/lib/Net/LDAP/Control/ProxyAuth.pm +++ /dev/null @@ -1,134 +0,0 @@ -# $Id: ProxyAuth.pm,v 1.2 2001/08/24 19:31:14 gbarr Exp $ -# Copyright (c) 2001 Graham Barr . All rights reserved. -# This program is free software; you can redistribute it and/or -# modify it under the same terms as Perl itself. - -package Net::LDAP::Control::ProxyAuth; - -use vars qw(@ISA $VERSION); -use Net::LDAP::Control; - -@ISA = qw(Net::LDAP::Control); -$VERSION = do { my @r=(q$Revision: 1.2 $=~/\d+/g); sprintf "%d."."%02d"x$#r,@r}; - -use Net::LDAP::ASN qw(proxyAuthValue); -use strict; - -sub init { - my($self) = @_; - - delete $self->{asn}; - - unless (exists $self->{value}) { - $self->{asn} = { - proxyDN => $self->{proxyDN} || '', - }; - } - - $self->{critical}=1; - - $self; -} - -sub proxyDN { - my $self = shift; - $self->{asn} ||= $proxyAuthValue->decode($self->{value}); - if (@_) { - delete $self->{value}; - return $self->{asn}{proxyDN} = shift || 0; - } - $self->{asn}{proxyDN}; -} - -sub value { - my $self = shift; - - exists $self->{value} - ? $self->{value} - : $self->{value} = $proxyAuthValue->encode($self->{asn}); -} - -1; - -__END__ - -=head1 NAME - -Net::LDAP::Control::ProxyAuth - LDAPv3 Proxy Authentication control object - -=head1 SYNOPSIS - - use Net::LDAP; - use Net::LDAP::Control::ProxyAuth; - - $ldap = Net::LDAP->new( "ldap.mydomain.eg" ); - - $auth = Net::LDAP::Control::ProxyAuth->new( proxyDN => 'cn=me,ou=people,o=myorg.com' ); - - @args = ( base => "cn=subnets,cn=sites,cn=configuration,$BASE_DN", - scope => "subtree", - filter => "(objectClass=subnet)", - callback => \&process_entry, # Call this sub for each entry - control => [ $auth ], - ); - - while(1) { - # Perform search - my $mesg = $ldap->search( @args ); - - # Only continue on LDAP_SUCCESS - $mesg->code and last; - - } - - -=head1 DESCRIPTION - -C provides an interface for the creation and manipulation -of objects that represent the C as described by draft-weltman-ldapv3-proxy-05.txt. - -=head1 CONSTRUCTOR ARGUMENTS - -In addition to the constructor arguments described in -L the following are provided. - -=over 4 - -=item proxyDN - -The proxyDN that is required. This is the identity we are requesting operations to use - -=back - -=head1 METHODS - -As with L each constructor argument -described above is also available as a method on the object which will -return the current value for the attribute if called without an argument, -and set a new value for the attribute if called with an argument. - -=head1 SEE ALSO - -L, -L, -http://info.internet.isi.edu/in-notes/rfc/files/rfc2696.txt - -=head1 AUTHOR - -Olivier Dubois, Swift sa/nv based on Net::LDAP::Control::Page from Graham Barr - -Please report any bugs, or post any suggestions, to the perl-ldap mailing list - - -=head1 COPYRIGHT - -Copyright (c) 2001 Graham Barr. All rights reserved. This program is -free software; you can redistribute it and/or modify it under the same -terms as Perl itself. - -=for html
- -I<$Id: ProxyAuth.pm,v 1.2 2001/08/24 19:31:14 gbarr Exp $> - -=cut - diff --git a/lib/Net/LDAP/Control/Sort.pm b/lib/Net/LDAP/Control/Sort.pm deleted file mode 100644 index b9b32b7..0000000 --- a/lib/Net/LDAP/Control/Sort.pm +++ /dev/null @@ -1,205 +0,0 @@ -# $Id: Sort.pm,v 1.6 2001/08/24 19:31:14 gbarr Exp $ -# Copyright (c) 1999-2000 Graham Barr . All rights reserved. -# This program is free software; you can redistribute it and/or -# modify it under the same terms as Perl itself. - -package Net::LDAP::Control::Sort; - -use vars qw(@ISA $VERSION); -use Net::LDAP::Control; - -@ISA = qw(Net::LDAP::Control); -$VERSION = "0.01"; - -use Net::LDAP::ASN qw(SortRequest); -use strict; - -sub init { - my($self) = @_; - - if (exists $self->{value}) { - $self->value($self->{value}); - } - elsif (exists $self->{order}) { - $self->order(ref($self->{order}) ? @{$self->{order}} : $self->{order}); - } - - $self; -} - -sub value { - my $self = shift; - - if (@_) { - my $value = shift; - - delete $self->{value}; - delete $self->{order}; - delete $self->{error}; - - my $asn = $SortRequest->decode($value); - - unless ($asn) { - $self->{error} = $@; - return undef; - } - - $self->{order} = [ map { - ($_->{reverseOrder} ? "-" : "") - . $_->{type} - . (defined($_->{orderingRule}) ? ":$_->{orderingRule}" : "") - } @{$asn->{order}}]; - - return $self->{value} = $value; - } - - unless (defined $self->{value}) { - $self->{value} = $SortRequest->encode( - order => [ - map { - /^(-)?([^:]+)(?::(.+))?/; - { - type => $2, - (defined $1 ? (reverseOrder => 1) : ()), - (defined $3 ? (orderingRule => $3) : ()) - } - } @{$self->{order} || []} - ] - ) or $self->{error} = $@; - } - - $self->{value}; -} - -sub valid { exists shift->{order} } - -sub order { - my $self = shift; - - if (@_) { - # @_ can either be a list, or a single item. - # if a single item it can be a string, which needs - # to be split on spaces, or a reference to a list - # - # Each element has three parts - # leading - (optional) - # an attribute name - # :match-rule (optional) - - my @order = (@_ == 1) ? split(/\s+/, $_[0]) : @_; - - delete $self->{'value'}; - delete $self->{order}; - delete $self->{error}; - - foreach (@order) { - next if /^-?[^:]+(?::.+)?$/; - - $self->{error} = "Bad order argument '$_'"; - return; - } - - $self->{order} = \@order; - } - - return @{$self->{order}}; -} - -1; - -__END__ - - -=head1 NAME - -Net::LDAP::Control::Sort - Server Side Sort (SSS) control object - -=head1 SYNOPSIS - - use Net::LDAP::Control::Sort; - use Net::LDAP::Constant qw(LDAP_CONTROL_SORTRESULT); - - $sort = Net::LDAP::Control::Sort->new( - order => "cn -phone" - ); - - $mesg = $ldap->search( @args, control => [ $sort ]); - - ($resp) = $mesg->control( LDAP_CONTROL_SORTRESULT ); - - print "Results are sorted\n" if $resp and !$resp->result; - -=head1 DESCRIPTION - -C is a sub-class of -L. It provides a class -for manipulating the LDAP Server Side Sort (SSS) request control -C<1.2.840.113556.1.4.473> as defined in RFC-2891 - -If the server supports sorting, then the response from a search -operation will include a sort result control. This control is handled -by L. - -=head1 CONSTRUCTOR ARGUMENTS - -=over 4 - -=item order - -A string which defines how entries may be sorted. It consists of -multiple directives, spearated by whitespace. Each directive describes how -to sort entries using a single attribute. If two entries have identical -attributes, then the next directive in the list is used. - -Each directive specifies a sorting order as follows - - -attributeType:orderingRule - -The leading C<-> is optional, and if present indicates that the sorting order should -be reversed. C is the attribute name to sort by. C is optional and -indicates the rule to use for the sort and should be valid for the given C. - -Any one attributeType should only appear once in the sorting list. - -B - - "cn" sort by cn using the default ordering rule for the cn attribute - "-cn" sort by cn using the reverse of the default ordering rule - "age cn" sort by age first, then by cn using the default ordering rules - "cn:1.2.3.4" sort by cn using the ordering rule defined as 1.2.3.4 - -=back - - -=head1 METHODS - -As with L each constructor argument -described above is also avaliable as a method on the object which will -return the current value for the attribute if called without an argument, -and set a new value for the attribute if called with an argument. - -=head1 SEE ALSO - -L, -L, -L, -http://info.internet.isi.edu/in-notes/rfc/files/rfc2891.txt - -=head1 AUTHOR - -Graham Barr - -Please report any bugs, or post any suggestions, to the perl-ldap mailing list - - -=head1 COPYRIGHT - -Copyright (c) 1999-2000 Graham Barr. All rights reserved. This program is -free software; you can redistribute it and/or modify it under the same -terms as Perl itself. - -=for html
- -I<$Id: Sort.pm,v 1.6 2001/08/24 19:31:14 gbarr Exp $> - -=cut diff --git a/lib/Net/LDAP/Control/SortResult.pm b/lib/Net/LDAP/Control/SortResult.pm deleted file mode 100644 index 2ae49fc..0000000 --- a/lib/Net/LDAP/Control/SortResult.pm +++ /dev/null @@ -1,178 +0,0 @@ -# $Id: SortResult.pm,v 1.5 2001/08/24 19:31:14 gbarr Exp $ -# Copyright (c) 1999-2000 Graham Barr . All rights reserved. -# This program is free software; you can redistribute it and/or -# modify it under the same terms as Perl itself. - -package Net::LDAP::Control::SortResult; - -use Net::LDAP::ASN qw(SortResult); -use Net::LDAP::Control; - -@ISA = qw(Net::LDAP::Control); - -sub init { - my($self) = @_; - - if (exists $self->{value}) { - $self->{asn} = $SortResult->decode(delete $self->{value}); - } - else { - $self->{asn} = { sortResult => delete $self->{result} }; - $self->{asn}{attributeType} = delete $self->{attr} if exists $self->{attr}; - } - - $self; -} - -sub value { - my $self = shift; - - $self->{value} = $SortResult->encode($self->{asn}); -} - -sub result { - my $self = shift; - - @_ ? ($self->{asn}{sortResult}=shift) - : $self->{asn}{sortResult}; -} - -sub attr { - my $self = shift; - - @_ ? ($self->{asn}{attributeType}=shift) - : $self->{asn}{attributeType}; -} - -1; - - -__END__ - - -=head1 NAME - -Net::LDAP::Control::SortResult - Server Side Sort (SSS) result control object - -=head1 SYNOPSIS - - use Net::LDAP::Control::Sort; - use Net::LDAP::Constant qw(LDAP_CONTROL_SORTRESULT); - use Net::LDAP::Util qw(ldap_error_name); - - $sort = Net::LDAP::Control::Sort->new( - order => "cn -age" - ); - - $mesg = $ldap->search( @args, control => [ $sort ]); - - ($resp) = $mesg->control( LDAP_CONTROL_SORTRESULT ); - - if ($resp) { - if ($resp->result) { - my $attr = $resp->attr; - print "Problem sorting, ",ldap_error_name($resp->result); - print " ($attr)" if $attr; - print "\n"; - } - else { - print "Results are sorted\n"; - } - } - else { - print "Server does not support sorting\n"; - } - -=head1 DESCRIPTION - -C is a sub-class of -L. It provides a class for -manipulating the LDAP sort request control C<1.2.840.113556.1.4.474> -as defined in RFC-2891 - -A sort result control will be returned by the server in response to -a search with a Server Side Sort control. If a sort result control is -not returned then the user may assume that the server does not support -sorting and the results are not sorted. - -=head1 CONSTRUCTOR ARGUMENTS - -=over 4 - -=item attr - -If C indicates that there was a problem with sorting and that problem was -due to one of the attributes specified in the sort control. C is set to -the name of the attribute causing the problem. - -=item result - -This is the result code that describes if the sort operation was sucessful. If will -be one of the result codes describes below. - -=back - - -=head1 METHODS - -As with L each constructor argument -described above is also avaliable as a method on the object which will -return the current value for the attribute if called without an argument, -and set a new value for the attribute if called with an argument. - -=head1 RESULT CODES - -Possible results from a sort request are listed below. See L for -a definition of each. - -=over 4 - -=item LDAP_SUCCESS - -=item LDAP_OPERATIONS_ERROR - -=item LDAP_TIMELIMIT_EXCEEDED - -=item LDAP_STRONG_AUTH_REQUIRED - -=item LDAP_ADMIN_LIMIT_EXCEEDED - -=item LDAP_NO_SUCH_ATTRIBUTE - -=item LDAP_INAPPROPRIATE_MATCHING - -=item LDAP_INSUFFICIENT_ACCESS - -=item LDAP_BUSY - -=item LDAP_UNWILLING_TO_PERFORM - -=item LDAP_OTHER - -=back - -=head1 SEE ALSO - -L, -L, -L, -http://info.internet.isi.edu/in-notes/rfc/files/rfc2891.txt - -=head1 AUTHOR - -Graham Barr - -Please report any bugs, or post any suggestions, to the perl-ldap mailing list - - -=head1 COPYRIGHT - -Copyright (c) 1999-2000 Graham Barr. All rights reserved. This program is -free software; you can redistribute it and/or modify it under the same -terms as Perl itself. - -=for html
- -I<$Id: SortResult.pm,v 1.5 2001/08/24 19:31:14 gbarr Exp $> - -=cut diff --git a/lib/Net/LDAP/Control/VLV.pm b/lib/Net/LDAP/Control/VLV.pm deleted file mode 100644 index e5327cc..0000000 --- a/lib/Net/LDAP/Control/VLV.pm +++ /dev/null @@ -1,403 +0,0 @@ -# $Id: VLV.pm,v 1.5 2001/08/24 19:31:14 gbarr Exp $ -# Copyright (c) 2000 Graham Barr . All rights reserved. -# This program is free software; you can redistribute it and/or -# modify it under the same terms as Perl itself. - -package Net::LDAP::Control::VLV; - -use vars qw(@ISA $VERSION); -use Net::LDAP::Control; - -@ISA = qw(Net::LDAP::Control); -$VERSION = "0.02"; - -use Net::LDAP::ASN qw(VirtualListViewRequest); -use strict; - -sub init { - my($self) = @_; - - # VLVREQUEST should always have a critical of true - $self->{'critical'} = 1 unless exists $self->{'critical'}; - - if (exists $self->{value}) { - $self->value($self->{value}); - } - else { - my $asn = $self->{asn} = {}; - - $asn->{beforeCount} = $self->{before} || 0; - $asn->{afterCount} = $self->{after} || 0; - if (exists $self->{assert}) { - $asn->{byValue} = $self->{assert}; - } - else { - $asn->{byoffset} = { - offset => $self->{offset} || 0, - contentCount => $self->{content} || 0 - }; - } - } - - $self; -} - -sub before { - my $self = shift; - if (@_) { - delete $self->{value}; - return $self->{asn}{beforeCount} = shift; - } - $self->{asn}{beforeCount}; -} - -sub after { - my $self = shift; - if (@_) { - delete $self->{value}; - return $self->{asn}{afterCount} = shift; - } - $self->{asn}{afterCount}; -} - -sub content { - my $self = shift; - if (@_) { - delete $self->{value}; - if (exists $self->{asn}{byValue}) { - delete $self->{asn}{byValue}; - $self->{asn}{byoffset} = { offset => 0 }; - } - return $self->{asn}{byoffset}{contentCount} = shift; - } - exists $self->{asn}{byoffset} - ? $self->{asn}{byoffset}{contentCount} - : undef; -} - -sub assert { - my $self = shift; - if (@_) { - delete $self->{value}; - delete $self->{asn}{byoffset}; - return $self->{asn}{byValue} = shift; - } - exists $self->{asn}{byValue} - ? $self->{asn}{byValue} - : undef; -} - -sub context { - my $self = shift; - if (@_) { - delete $self->{value}; - return $self->{asn}{contextID} = shift; - } - $self->{asn}{contextID}; -} - -# Update self with values from a response - -sub response { - my $self = shift; - my $resp = shift; - - my $asn = $self->{asn}; - - $asn->{contextID} = $resp->context; - $asn->{byoffset} = { - offset => $resp->target, - contentCount => $resp->content - }; - delete $asn->{byValue}; - - 1; -} - -sub offset { - my $self = shift; - if (@_) { - delete $self->{value}; - if (exists $self->{asn}{byValue}) { - delete $self->{asn}{byValue}; - $self->{asn}{byoffset} = { contentCount => 0 }; - } - return $self->{asn}{byoffset}{offset} = shift; - } - exists $self->{asn}{byoffset} - ? $self->{asn}{byoffset}{offset} - : undef; -} - -sub value { - my $self = shift; - - if (@_) { - unless ($self->{asn} = $VirtualListViewRequest->decode($_[0])) { - delete $self->{value}; - return undef; - } - $self->{value} = shift; - } - - exists $self->{value} - ? $self->{value} - : $self->{value} = $VirtualListViewRequest->encode($self->{asn}); -} - -sub scroll { - my $self = shift; - my $n = shift; - my $asn = $self->{asn}; - my $byoffset = $asn->{byoffset} - or return undef; - my $offset = $byoffset->{offset} + $n; - my $content; - - if ($offset < 1) { - $asn->{afterCount} += $asn->{beforeCount}; - $asn->{beforeCount} = 0; - $offset = $byoffset->{offset} = 1; - } - elsif ($byoffset->{contentCount} and $asn->{afterCount}+$offset >$byoffset->{contentCount}) { - if ($offset > $byoffset->{contentCount}) { - $offset = $byoffset->{offset} = $byoffset->{contentCount}; - $asn->{beforeCount} += $asn->{afterCount}; - $asn->{afterCount} = 0; - } - else { - my $tmp = $byoffset->{contentCount} - $offset; - $asn->{beforeCount} += $tmp; - $asn->{afterCount} -= $tmp; - $byoffset->{offset} = $offset; - } - } - else { - $byoffset->{offset} = $offset; - } - - $offset; -} - -sub scroll_page { - my $self = shift; - my $n = shift; - my $asn = $self->{asn}; - my $page_size = $asn->{beforeCount} + $asn->{afterCount} + 1; - - $self->scroll( $page_size * $n); -} - -sub start { - my $self = shift; - my $asn = $self->{asn}; - $asn->{afterCount} += $asn->{beforeCount}; - $asn->{beforeCount} = 0; - $self->offset(1); -} - -sub end { - my $self = shift; - my $asn = $self->{asn}; - my $content = $self->content || 0; - - $asn->{beforeCount} += $asn->{afterCount}; - $asn->{afterCount} = 0; - $self->offset($content); -} - -1; - -__END__ - -=head1 NAME - -Net::LDAP::Control::VLV - LDAPv3 Virtual List View control object - -=head1 SYNOPSIS - - use Net::LDAP; - use Net::LDAP::Control::VLV; - use Net::LDAP::Constant qw( LDAP_CONTROL_VLVRESPONSE ); - - $ldap = Net::LDAP->new( "ldap.mydomain.eg" ); - - # Get the first 20 entries - $vlv = Net::LDAP::Control::VLV->new( - before => 0, # No entries from before target entry - after => 19, # 19 entries after target entry - content => 0, # List size unknown - offset => 1, # Target entry is the first - ); - $sort = Net::LDAP::Control::Sort->new( sort => 'cn' ); - - @args = ( base => "o=Ace Industry, c=us", - scope => "subtree", - filter => "(objectClass=inetOrgPerson)", - callback => \&process_entry, # Call this sub for each entry - control => [ $vlv, $sort ], - ); - - $mesg = $ldap->search( @args ); - - # Get VLV response control - ($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die; - $vlv->response( $resp ); - - # Set the control to get the last 20 entries - $vlv->end; - - $mesg = $ldap->search( @args ); - - # Get VLV response control - ($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die; - $vlv->response( $resp ); - - # Now get the previous page - $vlv->scroll_page( -1 ); - - $mesg = $ldap->search( @args ); - - # Get VLV response control - ($resp) = $mesg->control( LDAP_CONTROL_VLVRESPONSE ) or die; - $vlv->response( $resp ); - - # Now page with first entry starting with "B" in the middle - $vlv->before(9); # Change page to show 9 before - $vlv->after(10); # Change page to show 10 after - $vlv->assert("B"); # assert "B" - - $mesg = $ldap->search( @args ); - -=head1 DESCRIPTION - -C provides an interface for the creation and -manipulation of objects that represent the Virtual List View as described -by draft-ietf-ldapext-ldapv3-vlv-03.txt. - -When using a Virtual List View control in a search, it must be accompanied by a sort -control. See L - -=cut - -## -## Need some blurb here to describe the VLV control. Maybe extract some simple -## describtion from the draft RFC -## - -=head1 CONSTRUCTOR ARGUMENTS - -In addition to the constructor arguments described in -L the following are provided. - -=over 4 - -=item after - -Set the number of entries the server should return from the list after -the target entry. - -=item assert - -Set the assertion value user to locate the target entry. This value should -be a legal value to compare with the first attribute in the sort control -that is passed with the VLV control. The target entry is the first entry -in the list which is greater than or equal the assert value. - -=item before - -Set the number of entries the server should return from the list before -the target entry. - -=item content - -Set the number of entries in the list. On the first search this value -should be set to zero. On subsequent searches it should be set to the -length of the list, as returned by the server in the VLVResponse control. - -=item context - -Set the context identifier. On the first search this value should be -set to zero. On subsequent searches it should be set to the context -value returned by the server in the VLVResponse control. - -=item offset - -Set the offset of the target entry. - -=back - -=head2 METHODS - -As with L each constructor argument -described above is also avaliable as a method on the object which will -return the current value for the attribute if called without an argument, -and set a new value for the attribute if called with an argument. - -The C and C attributes are mutually exclusive. Setting -one or the other will cause previous values set by the other to -be forgotten. The C attribute is also associated with the -C attribute, so setting C will cause any C -value to be forgotten. - -=over 4 - -=item end - -Set the target entry to the end of the list. This method will change the C -and C attributes so that the target entry is the last in the page. - -=item response VLV_RESPONSE - -Set the attributes in the control as per VLV_RESPONSE. VLV_RESPONSE should be a control -of type L returned -from the server. C will populate the C, C and C -attibutes of the control with the values from VLV_RESPONSE. Because this sets the -C attribute, any previous setting of the C attribute will be forgotten. - -=item scroll NUM - -Move the target entry by NUM entries. A positive NUM will move the target entry towards -the end of the list and a negative NUM will move the target entry towards the -start of the list. Returns the index of the new target entry, or C if the current target -is identified by an assertion. - -C may change the C and C attributes if the scroll value would -cause the page to go off either end of the list. But the page size will be maintained. - -=item scroll_page NUM - -Scroll by NUM pages. This method simple calculates the current page size and calls -C with C - -=item start - -Set the target entry to the start of the list. This method will change the C and C -attributes to the the target entry is the first entry in the page. - -=back - -=head1 SEE ALSO - -L, -L, -L, -L - -=head1 AUTHOR - -Graham Barr - -Please report any bugs, or post any suggestions, to the perl-ldap mailing list - - -=head1 COPYRIGHT - -Copyright (c) 2000 Graham Barr. All rights reserved. This program is -free software; you can redistribute it and/or modify it under the same -terms as Perl itself. - -=for html
- -I<$Id: VLV.pm,v 1.5 2001/08/24 19:31:14 gbarr Exp $> - diff --git a/lib/Net/LDAP/Control/VLVResponse.pm b/lib/Net/LDAP/Control/VLVResponse.pm deleted file mode 100644 index 52ba05a..0000000 --- a/lib/Net/LDAP/Control/VLVResponse.pm +++ /dev/null @@ -1,198 +0,0 @@ -# Copyright (c) 2000 Graham Barr . All rights reserved. -# This program is free software; you can redistribute it and/or -# modify it under the same terms as Perl itself. - -package Net::LDAP::Control::VLVResponse; - -use vars qw(@ISA $VERSION); -use Net::LDAP::Control; - -@ISA = qw(Net::LDAP::Control); -$VERSION = "0.01"; - -use Net::LDAP::ASN qw(VirtualListViewResponse); -use strict; - -sub init { - my($self) = @_; - - if (exists $self->{value}) { - $self->value($self->{value}); - } - else { - my $asn = $self->{asn} = {}; - - $asn->{targetPosition} = $self->{target} || 0; - $asn->{contentCount} = $self->{content} || 0; - $asn->{virtualListViewResult} = $self->{result} || 0; - $asn->{context} = $self->{context} || undef; - } - - $self; -} - - -sub target { - my $self = shift; - if (@_) { - delete $self->{value}; - return $self->{asn}{targetPosition} = shift; - } - $self->{asn}{targetPosition}; -} - -sub content { - my $self = shift; - if (@_) { - delete $self->{value}; - return $self->{asn}{contentCount} = shift; - } - $self->{asn}{contentCount}; -} - -sub result { - my $self = shift; - if (@_) { - delete $self->{value}; - return $self->{asn}{virtualListViewResult} = shift; - } - $self->{asn}{virtualListViewResult}; -} - -sub context { - my $self = shift; - if (@_) { - delete $self->{value}; - return $self->{asn}{context} = shift; - } - $self->{asn}{context}; -} - -sub value { - my $self = shift; - - if (@_) { - unless ($self->{asn} = $VirtualListViewResponse->decode($_[0])) { - delete $self->{value}; - return undef; - } - $self->{value} = shift; - } - - exists $self->{value} - ? $self->{value} - : $self->{value} = $VirtualListViewResponse->encode($self->{asn}); -} - -1; - -__END__ - -=head1 NAME - -Net::LDAP::Control::VLVResponse -- LDAPv3 Virtual List View server response - -=head1 SYNOPSIS - -See L - -=head1 DESCRIPTION - -C is a sub-class of L. -It provides a class for manipulating the LDAP Virtual List View Response control -C<> - -If the server supports Virtual List Views, then the response from a search operation will -include a VLVResponse control. - -=head1 CONSTRUCTOR ARGUMENTS - -In addition to the constructor arguments described in -L the following are provided. - -=over 4 - -=item content - -An estimate of the number of entries in the complete list. This value should -be used in any subsequent Virtual List View control using the same list. - -=item context - -An arbitary value which is used to associate subsequent requests with the -request which this control is a response for. This value should be copied -by the client into the Virtual List View control for any subsequent -search that uses the same list. - -=item result - -A result code indicating the result of the Virtual List View request. This -may be any of the codes listed below. - -=item target - -The list offset of the target entry. - -=back - -=head1 METHODS - -As with L each constructor argument -described above is also avaliable as a method on the object which will -return the current value for the attribute if called without an argument, -and set a new value for the attribute if called with an argument. - -=head1 RESULT CODES - -Possible results from a sort request are listed below. See L for -a definition of each. - -=over 4 - -=item LDAP_SUCCESS - -=item LDAP_OPERATIONS_ERROR - -=item LDAP_TIMELIMIT_EXCEEDED - -=item LDAP_ADMIN_LIMIT_EXCEEDED - -=item LDAP_INSUFFICIENT_ACCESS - -=item LDAP_BUSY - -=item LDAP_UNWILLING_TO_PERFORM - -=item LDAP_OTHER - -=item LDAP_SORT_CONTROL_MISSING - -=item LDAP_INDEX_RANGE_ERROR - -=back - -=head1 SEE ALSO - -L, -L, -http://info.internet.isi.edu/in-notes/rfc/files/rfc2696.txt - -=head1 AUTHOR - -Graham Barr - -Please report any bugs, or post any suggestions, to the perl-ldap mailing list - - -=head1 COPYRIGHT - -Copyright (c) 2000 Graham Barr. All rights reserved. This program is -free software; you can redistribute it and/or modify it under the same -terms as Perl itself. - -=for html
- -I<$Id: VLVResponse.pm,v 1.4 2001/08/24 19:31:14 gbarr Exp $> - -=cut - diff --git a/lib/Net/LDAP/DSML.pm b/lib/Net/LDAP/DSML.pm deleted file mode 100755 index ec9923e..0000000 --- a/lib/Net/LDAP/DSML.pm +++ /dev/null @@ -1,868 +0,0 @@ -package Net::LDAP::DSML; - -# -# $Id: DSML.pm,v 1.14 2002/05/29 02:47:37 charden Exp $ -# - -use strict; -use vars qw(@ISA); -use Carp; -use XML::SAX::Base; -use Net::LDAP::Entry; - -@ISA = qw(XML::SAX::Base); - - -# OO purists will hate this :) -my %schema_typemap = qw( - attribute-type at - objectclass-type oc -); -# syn -# mr -# mru -# dts -# dtc -# nfm - -sub new { - my $pkg = shift; - my %opt = @_; - - my $sax; - - if ($sax = $opt{output}) { - unless (ref($sax) and eval { $sax->isa('XML::SAX::Base') }) { - require XML::SAX::Writer; - $sax = XML::SAX::Writer->new( Output => $sax ); - } - - $sax = Net::LDAP::DSML::pp->new( handler => $sax ) - if $opt{pretty_print}; - } - else { - $sax = Net::LDAP::DSML::output->new; - } - - bless { @_, handler => $sax }, $pkg; -} - -sub start_document { - my ($self, $data) = @_; - $self->{reader} = {}; -} - -my %start_jumptable = qw( - entry entry - attr entry_attr - objectclass entry_attr - value entry_value - oc-value entry_value - directory-schema schema - attribute-type schema_element - objectclass-type schema_element - name schema_name - object-identifier schema_value - syntax schema_syntax - description schema_value - equality schema_value - substring schema_value - ordering schema_value - attribute schema_attr -); - -sub start_element { - my ($self, $data) = @_; - - (my $tag = lc $data->{Name}) =~ s/^dsml://; - - my $label = $start_jumptable{$tag} or return; - my $state = $self->{reader}; - goto $label; - -entry: - { - $state->{entry} = { objectName => $data->{Attributes}{'{}dn'}{Value} }; - return; - } - -entry_attr: - { - my $name = $tag eq 'objectclass' ? $tag : lc $data->{Attributes}{'{}name'}{Value}; - $state->{attr} = $state->{attrs}{$name} - ||= do { - my $aref = []; - push @{$state->{entry}{attributes}}, { - type => $data->{Attributes}{'{}name'}{Value}, - vals => $aref - }; - $aref; - }; - return; - } - -entry_value: - { - push @{$state->{attr}}, ''; - $state->{value} = \${$state->{attr}}[-1]; - $state->{encoding} = $data->{Attributes}{'{}encoding'}{Value} || ''; - return; - } - -schema: - { - $state->{schema} = {}; - return; - } - -schema_element: - { - my $Attrs = $data->{Attributes}; - my $id = $Attrs->{'{}id'}{Value}; - my $elem = $state->{elem} = { type => $schema_typemap{$tag} }; - $state->{id}{$id} = $elem if $id; - - my $value; - - if (defined($value = $Attrs->{"{}type"}{Value})) { - $elem->{lc $value} = 1; - } - - foreach my $attr (qw( - single-value - obsolete - user-modification - )) { - my $value = $Attrs->{"{}$attr"}{Value}; - $elem->{$attr} = 1 if defined $value and $value =~ /^true$/i; - } - - $elem->{superior} = $value - if defined($value = $Attrs->{"{}superior"}{Value}); - - return; - } - -schema_name: - { - my $elem = $state->{elem}; - push @{$elem->{name}}, ''; - $state->{value} = \${$elem->{name}}[-1]; - return; - } - -schema_syntax: - { - my $elem = $state->{elem}; - my $bound = $data->{Attributes}{'{}bound'}{Value}; - $elem->{max_length} = $bound if defined $bound; - - $elem->{$tag} = '' unless exists $elem->{$tag}; - $state->{value} = \$elem->{$tag}; - return; - } - -schema_value: - { - my $elem = $state->{elem}; - $elem->{$tag} = '' unless exists $elem->{$tag}; - $state->{value} = \$elem->{$tag}; - return; - } - -schema_attr: - { - my $Attrs = $data->{Attributes}; - my $required = $data->{Attributes}{'{}required'}{Value} || 'false'; - my $ref = $data->{Attributes}{'{}ref'}{Value} or return; - my $type = $required =~ /^false$/i ? 'may' : 'must'; - push @{$state->{elem}{$type}}, $ref; - return; - } -} - -my %end_jumptable = qw( - entry entry - attr entry_attr - objectclass entry_attr - value value - oc-value value - syntax value - description value - equality value - substring value - ordering value - name value - object-identifier value - attribute-type schema_element - objectclass-type schema_element - directory-schema schema -); - -sub end_element { - my ($self, $data) = @_; - (my $tag = lc $data->{Name}) =~ s/^dsml://; - - my $label = $end_jumptable{$tag} or return; - my $state = $self->{reader}; - goto $label; - -entry: - { - my $entry = Net::LDAP::Entry->new; - $entry->{asn} = delete $state->{entry}; - if (my $handler = $self->{entry}) { - $handler->($entry); - } - else { - push @{$state->{entries}}, $entry; - } - return; - } - -entry_attr: - { - delete $state->{attr}; - return; - } - -value: - { - delete $state->{value}; - delete $state->{encoding}; - return; - } - -schema_element: - { - my $elem = delete $state->{elem}; - my $oid = $elem->{oid}; - my $name; - - if (my $aliases = $elem->{name}) { - $name = $elem->{name} = shift @$aliases; - $elem->{aliases} = $aliases if @$aliases; - } - elsif ($oid) { - $name = $oid; - } - else { - croak "Schema element without a name or object-identifier"; - } - - $elem->{oid} ||= $name; - $state->{schema}{oid}{$oid} = $state->{schema}{$elem->{type}}{lc $name} = $elem; - - return; - } - -schema: - { - my $id = $state->{id}; - my $schema = $state->{schema}; - foreach my $elem (values %{$schema->{oc}}) { - if (my $sup = $elem->{superior}) { - $sup =~ /#(.*)|(.*)/; - if (my $ref = $id->{$+}) { - $elem->{superior} = $ref->{name}; - } - else { - $elem->{superior} = $+; - } - } - foreach my $mm (qw(must may)) { - if (my $mmref = $elem->{$mm}) { - my @mm = map { - /#(.*)|(.*)/; - my $ref = $id->{$+}; - $ref ? $ref->{name} : $+; - } @$mmref; - $elem->{$mm} = \@mm; - } - } - } - require Net::LDAP::Schema; - bless $schema, 'Net::LDAP::Schema'; # Naughty :-) - if (my $handler = $self->{schema}) { - $handler->($schema); - } - return; - } - -} - -sub characters { - my ($self, $data) = @_; - my $state = $self->{reader}; - if (my $sref = $state->{value}) { - $$sref = ($state->{encoding}||'') eq 'base64' - ? do { require MIME::Base64; MIME::Base64::decode_base64($data->{Data}) } - : $data->{Data}; - } -} - -sub _dsml_context { - my ($self, $new) = @_; - my $context = $self->{writer}{context}; - my $handler = $self->{handler}; - - unless ($context) { - $context = $self->{writer}{context} = []; - $handler->start_document; - - $handler->xml_decl({ - Standalone => '', - Version => '1.0', - Encoding => 'utf-8' - }); - } - - while (@$context and ($context->[-1] ne 'dsml' or $new eq '')) { - my $old = pop @$context; - $handler->end_element({ - Name => "dsml:$old", - LocalName => $old, - NamespaceURI => 'http://www.dsml.org/DSML', - Prefix => 'dsml' - }); - - $handler->end_prefix_mapping({ - NamespaceURI => 'http://www.dsml.org/DSML', - Prefix => 'dsml' - }) if $old eq 'dsml'; - } - - if (!$new) { - $handler->end_document; - delete $self->{writer}{context}; - } - elsif (!@$context or $context->[-1] ne $new) { - $self->_dsml_context('dsml') unless $new eq 'dsml' or @$context; - push @$context, $new; - my %data = ( - Name => "dsml:$new", - LocalName => $new, - NamespaceURI => 'http://www.dsml.org/DSML', - Prefix => 'dsml', - ); - - if ($new eq 'dsml') { - $handler->start_prefix_mapping({ - NamespaceURI => 'http://www.dsml.org/DSML', - Prefix => 'dsml' - }); - $data{Attributes} = { - '{http://www.w3.org/2000/xmlns/}dsml' => { - Name => 'xmlns:dsml', - LocalName => 'dsml', - NamespaceURI => 'http://www.w3.org/2000/xmlns/', - Value => 'http://www.dsml.org/DSML', - Prefix => 'xmlns' - } - }; - } - $handler->start_element(\%data); - } -} - -sub start_dsml { - my $self = shift; - - $self->_dsml_context('') if $self->{writer}{context}; - $self->_dsml_context('dsml'); -} - -sub end_dsml { - my $self = shift; - $self->_dsml_context('') if $self->{writer} and $self->{writer}{context}; -} - -sub write_entry { - my $self = shift; - my $handler = $self->{handler}; - - $self->_dsml_context('directory-entries'); - - my %attr; - my %data = ( - NamespaceURI => 'http://www.dsml.org/DSML', - Prefix => 'dsml', - Attributes => \%attr, - ); - foreach my $entry (@_) { - my $asn = $entry->asn; - @data{qw(Name LocalName)} = qw(dsml:entry entry); - %attr = ( '{}dn' => { Value => $asn->{objectName}, Name => "dn"} ); - $handler->start_element(\%data); - - foreach my $attr ( @{$asn->{attributes}} ) { - my $name = $attr->{type}; - my $is_oc = lc($name) eq "objectclass"; - - if ($is_oc) { - @data{qw(Name LocalName)} = qw(dsml:objectclass objectclass); - %attr = (); - $handler->start_element(\%data); - @data{qw(Name LocalName)} = qw(dsml:oc-value oc-value); - } - else { - @data{qw(Name LocalName)} = qw(dsml:attr attr); - %attr = ( "{}name" => { Value => $name, Name => "name" } ); - $handler->start_element(\%data); - @data{qw(Name LocalName)} = qw(dsml:value value); - } - - foreach my $val (@{$attr->{vals}}) { - %attr = (); - $handler->start_element(\%data); - $handler->characters({ Data => $val } ); - %attr = (); - $handler->end_element(\%data); - } - - @data{qw(Name LocalName)} = $is_oc - ? qw(dsml:objectclass objectclass) - : qw(dsml:attr attr); - %attr = (); - $handler->end_element(\%data); - } - - @data{qw(Name LocalName)} = qw(dsml:entry entry); - %attr = (); - $handler->end_element(\%data); - } -} - -sub write_schema { - my ($self, $schema) = @_; - my $handler = $self->{handler}; - - $self->_dsml_context('dsml'); - my %attr; - my %data = ( - NamespaceURI => 'http://www.dsml.org/DSML', - Prefix => 'dsml', - Attributes => \%attr, - ); - @data{qw(Name LocalName)} = qw(dsml:directory-schema directory-schema); - $handler->start_element(\%data); - my %id; - - foreach my $attr ($schema->all_attributes) { - $id{$attr->{name}} = 1; - %attr = ( '{}id' => { Value => "#$attr->{name}", Name => 'id'}); - - if (my $sup = $attr->{superior}) { - my $sup_a = $schema->attribute($sup); - $attr{"{}superior"} = { - Value => "#" . ($sup_a ? $sup_a->{name} : $sup), - Name => 'superior' - }; - } - foreach my $flag (qw(obsolete single-value)) { - $attr{"{}$flag"} = { - Value => 'true', Name => $flag - } if $attr->{$flag}; - } - $attr{"{}user-modification"} = { - Value => 'false', - Name => 'user-modification', - } unless $attr->{'user-modification'}; - - @data{qw(Name LocalName)} = qw(dsml:attribute-type attribute-type); - $handler->start_element(\%data); - %attr = (); - unless (($attr->{name} || '') eq ($attr->{oid} || '')) { - @data{qw(Name LocalName)} = qw(dsml:name name); - $handler->start_element(\%data); - $handler->characters({Data => $attr->{name}}); - $handler->end_element(\%data); - } - if (my $aliases = $attr->{aliases}) { - @data{qw(Name LocalName)} = qw(dsml:name name); - foreach my $name (@$aliases) { - $handler->start_element(\%data); - $handler->characters({Data => $name}); - $handler->end_element(\%data); - } - } - if (my $oid = $attr->{oid}) { - @data{qw(Name LocalName)} = ("dsml:object-identifier","object-identifier"); - $handler->start_element(\%data); - $handler->characters({Data => $oid}); - $handler->end_element(\%data); - } - foreach my $elem (qw( - description - equality - ordering - substring - )) { - defined(my $text = $attr->{$elem}) or next; - @data{qw(Name LocalName)} = ("dsml:$elem",$elem); - $handler->start_element(\%data); - $handler->characters({Data => $text}); - $handler->end_element(\%data); - } - if (my $syn = $attr->{syntax}) { - if (defined(my $bound = $attr->{max_length})) { - $attr{'{}bound'} = { - Value => $bound, - Name => 'bound', - }; - } - @data{qw(Name LocalName)} = qw(dsml:syntax syntax); - $handler->start_element(\%data); - $handler->characters({Data => $syn}); - $handler->end_element(\%data); - } - } - - foreach my $oc ($schema->all_objectclasses) { - my $id = $oc->{name}; - $id = $oc->{'object-identifier'} if $id{$id}; - - %attr = ( '{}id' => { Value => "#$id", Name => 'id'}); - - if (my $sup = $oc->{superior}) { - my $sup_a = $schema->objectclass($sup); - $attr{"{}superior"} = { - Value => "#" . ($sup_a ? $sup_a->{name} : $sup), - Name => 'superior' - }; - } - if (my $type = (grep { $oc->{$_} } qw(structural abstract auxilary))[0]) { - $attr{"{}type"} = { - Value => $type, - Name => 'type', - }; - } - if ($oc->{obsolete}) { - $attr{"{}type"} = { - Value => 'true', - Name => 'obsolete', - }; - } - - @data{qw(Name LocalName)} = qw(dsml:objectclass-type objectclass-type); - $handler->start_element(\%data); - %attr = (); - - unless (($oc->{name} || '') eq ($oc->{'object-identifier'} || '')) { - @data{qw(Name LocalName)} = qw(dsml:name name); - $handler->start_element(\%data); - $handler->characters({Data => $oc->{name}}); - $handler->end_element(\%data); - } - if (my $aliases = $oc->{aliases}) { - @data{qw(Name LocalName)} = qw(dsml:name name); - foreach my $name (@$aliases) { - $handler->start_element(\%data); - $handler->characters({Data => $name}); - $handler->end_element(\%data); - } - } - foreach my $elem (qw( - description - object-identifier - )) { - defined(my $text = $oc->{$elem}) or next; - @data{qw(Name LocalName)} = ("dsml:$elem",$elem); - $handler->start_element(\%data); - $handler->characters({Data => $text}); - $handler->end_element(\%data); - } - @data{qw(Name LocalName)} = qw(dsml:attribute attribute); - foreach my $mm (qw(must may)) { - %attr = ( - '{}required' => { - Value => ($mm eq 'must' ? 'true' : 'false'), - Name => 'required' - }, - '{}ref' => { - Name => 'ref' - }, - ); - my $mmref = $oc->{$mm} or next; - foreach my $attr (@$mmref) { - my $a_ref = $schema->attribute($attr); - $attr{'{}ref'}{Value} = $a_ref ? $a_ref->{name} : $attr; - $handler->start_element(\%data); - $handler->end_element(\%data); - } - } - - @data{qw(Name LocalName)} = qw(dsml:objectclass-type objectclass-type); - $handler->end_element(\%data); - } - - %attr = (); - @data{qw(Name LocalName)} = qw(dsml:directory-schema directory-schema); - $handler->end_element(\%data); -} - - -package Net::LDAP::DSML::pp; - -sub new { - my $pkg = shift; - bless { @_ }, $pkg; -} - -sub start_element { - my ($self, $data) = @_; - my $handler = $self->{handler}; - $handler->start_element($data); - unless ($data->{Name} =~ /^(?:dsml:)?(?: - value - |oc-value - |name - |syntax - |equality - |substring - |object-identifier - |description - |ordering - |attribute - )$/ix - ) { - $handler->ignorable_whitespace({Data => "\n"}); - } -} - -sub end_element { - my $self = shift; - my $handler = $self->{handler}; - $handler->end_element(@_); - $handler->ignorable_whitespace({Data => "\n"}); -} - -sub xml_decl { - my $self = shift; - my $handler = $self->{handler}; - $handler->xml_decl(@_); - $handler->ignorable_whitespace({Data => "\n"}); -} - -use vars qw($AUTOLOAD); - -sub DESTROY {} - -sub AUTOLOAD { - (my $meth = $AUTOLOAD) =~ s/^.*:://; - *{$meth} = sub { shift->{handler}->$meth(@_) }; - goto &$meth; -} - -package Net::LDAP::DSML::output; - -sub new { bless {} } - -use vars qw($AUTOLOAD); - -sub DESTROY {} - -sub AUTOLOAD { - (my $meth = $AUTOLOAD) =~ s/^.*:://; - require XML::SAX::Writer; - my $self = shift; - $self->{handler} = XML::SAX::Writer->new; - bless $self, 'Net::LDAP::DSML::pp'; - $self->$meth(@_); -} - -1; - -__END__ - -=head1 NAME - -NET::LDAP::DSML -- A DSML Writer for Net::LDAP - -=head1 SYNOPSIS - - For a directory entry; - - use Net::LDAP; - use Net::LDAP::DSML; - use IO::File; - - - my $server = "localhost"; - my $file = "testdsml.xml"; - my $ldap = Net::LDAP->new($server); - - $ldap->bind(); - - - # - # For file i/o - # - my $file = "testdsml.xml"; - - my $io = IO::File->new($file,"w") or die ("failed to open $file as filehandle.$!\n"); - - my $dsml = Net::LDAP::DSML->new(output => $io, pretty_print => 1 ) - or die ("DSML object creation problem using an output file.\n"); - # OR - # - # For file i/o - # - - open (IO,">$file") or die("failed to open $file.$!"); - - my $dsml = Net::LDAP::DSML->new(output => *IO, pretty_print => 1) - or die ("DSML object creation problem using an output file.\n"); - - # OR - # - # For array usage. - # Pass a reference to an array. - # - - my @data = (); - $dsml = Net::LDAP::DSML->new(output => \@data, pretty_print => 1) - or die ("DSML object cration problem using an output array.\n"); - - - my $mesg = $ldap->search( - base => 'o=airius.com', - scope => 'sub', - filter => 'ou=accounting', - callback => sub { - my ($mesg,$entry) =@_; - $dsml->write_entry($entry) - if (ref $entry eq 'Net::LDAP::Entry'); - } - ); - - die ("search failed with ",$mesg->code(),"\n") if $mesg->code(); - - For directory schema; - - A file or array can be used for output, in the following example - only an array will be used. - - my $schema = $ldap->schema(); - my @data = (); - my $dsml = Net::LDAP::DSML->new(output => \@data, pretty_print => 1 ) - or die ("DSML object creation problem using an output array.\n"); - - $dsml->write_schema($schema); - - print "Finished printing DSML\n"; - -=head1 DESCRIPTION - -Directory Service Markup Language (DSML) is the XML standard for -representing directory service information in XML. - -At the moment this module only writes DSML entry and schema entities. -Reading DSML entities is a future project. - -Eventually this module will be a full level 2 consumer and producer -enabling you to give you full DSML conformance. Currently this -module has the ability to be a level 2 producer. The user must -understand the his/her directory server will determine the -consumer and producer level they can achieve. - -To determine conformance, it is useful to divide DSML documents into -four types: - - 1.Documents containing no directory schema nor any references to - an external schema. - 2.Documents containing no directory schema but containing at - least one reference to an external schema. - 3.Documents containing only a directory schema. - 4.Documents containing both a directory schema and entries. - -A producer of DSML must be able to produce documents of type 1. -A producer of DSML may, in addition, be able to produce documents of -types 2 thru 4. - -A producer that can produce documents of type 1 is said to be a level -1 producer. A producer than can produce documents of all four types is -said to be a level 2 producer. - -=head1 CALLBACKS - -The module uses callbacks to improve performance (at least the appearance -of improving performance ;) and to reduce the amount of memory required to -parse large DSML files. Every time a single entry or schema is processed -we pass the Net::LDAP object (either an Entry or Schema object) to the -callback routine. - -=head1 CONSTRUCTOR - -new () -Creates a new Net::LDAP::DSML object. There are 3 options -to this method. - -B - - my $dsml = Net::LDAP::DSML->new(); - Prints xml data to standard out. - - my $dsml = Net::LDAP::DSML->new(output => \@array); - my $dsml = Net::LDAP::DSML->new(output => *FILE); - Prints xml data to a file or array. - - my $dsml = Net::LDAP::DSML->new(output => \@array, pretty_print => 1); - my $dsml = Net::LDAP::DSML->new(output => *FILE, pretty_print => 1); - Prints xml data to a file or array in pretty print style. - - -OUTPUT is a referrence to either a file handle that has already -been opened or to an array. - -PRETTY_PRINT is an option to print a new line at the end of -each element sequence. It makes the reading of the XML output -easier for a human. - - -=head1 METHODS - -=over 4 - -=item write_entry( ENTRY ) - -Entry is a Net::LDAP::Entry object. The write method will parse -the LDAP data in the Entry object and put it into DSML XML -format. - -B - - my $entry = $mesg->entry(); - $dsml->write_entry($entry); - -=item write_schema( SCHEMA ) - -Schema is a Net::LDAP::Schema object. The write_schema method will -parse the LDAP data in the Schema object and put it into DSML XML -format. - -B - - my $schema = $ldap->schema(); - $dsml->write_schema($schema); - -=back 4 - -=head1 AUTHOR - -Graham Barr gbarr@pobox.com - -=head1 SEE ALSO - -L, -L - -=head1 COPYRIGHT - -Copyright (c) 2002 Graham Barr. All rights reserved. This program is -free software; you can redistribute it and/or modify it under the same -terms as Perl itself. - -=cut - - diff --git a/lib/Net/LDAP/Entry.pm b/lib/Net/LDAP/Entry.pm deleted file mode 100644 index 5def964..0000000 --- a/lib/Net/LDAP/Entry.pm +++ /dev/null @@ -1,293 +0,0 @@ -# Copyright (c) 1997-2000 Graham Barr . All rights reserved. -# This program is free software; you can redistribute it and/or -# modify it under the same terms as Perl itself. - -package Net::LDAP::Entry; - -use strict; -use Net::LDAP::ASN qw(LDAPEntry); -use Net::LDAP::Constant qw(LDAP_LOCAL_ERROR); -use vars qw($VERSION); - -$VERSION = "0.17"; - -sub new { - my $self = shift; - my $type = ref($self) || $self; - - my $entry = bless { 'changetype' => 'add', changes => [] }, $type; - - $entry; -} - -# Build attrs cache, created when needed - -sub _build_attrs { - +{ map { (lc($_->{type}),$_->{vals}) } @{$_[0]->{asn}{attributes}} }; -} - -# If we are passed an ASN structure we really do nothing - -sub decode { - my $self = shift; - my $result = ref($_[0]) ? shift : $LDAPEntry->decode(shift) - or return; - - %{$self} = ( asn => $result, changetype => 'modify', changes => []); - - $self; -} - - - -sub encode { - $LDAPEntry->encode( shift->{asn} ); -} - - -sub dn { - my $self = shift; - @_ ? ($self->{asn}{objectName} = shift) : $self->{asn}{objectName}; -} - -sub get_attribute { - require Carp; - Carp::carp("->get_attribute deprecated, use ->get_value") if $^W; - shift->get_value(@_, asref => !wantarray); -} - -sub get { - require Carp; - Carp::carp("->get deprecated, use ->get_value") if $^W; - shift->get_value(@_, asref => !wantarray); -} - - -sub exists { - my $self = shift; - my $type = lc(shift); - my $attrs = $self->{attrs} ||= _build_attrs($self); - - exists $attrs->{$type}; -} - -sub get_value { - my $self = shift; - my $type = lc(shift); - my %opt = @_; - - if ($opt{alloptions}) { - my %ret = map { - $_->{type} =~ /^\Q$type\E((?:;.*)?)$/i ? (lc($1), $_->{vals}) : () - } @{$self->{asn}{attributes}}; - return %ret ? \%ret : undef; - } - - my $attrs = $self->{attrs} ||= _build_attrs($self); - my $attr = $attrs->{$type} or return; - - return $opt{asref} - ? $attr - : wantarray - ? @{$attr} - : $attr->[0]; -} - - -sub changetype { - my $self = shift; - return $self->{'changetype'} unless @_; - $self->{'changes'} = []; - $self->{'changetype'} = shift; -} - - - -sub add { - my $self = shift; - my $cmd = $self->{'changetype'} eq 'modify' ? [] : undef; - my $attrs = $self->{attrs} ||= _build_attrs($self); - - while (my($type,$val) = splice(@_,0,2)) { - $type = lc $type; - - push @{$self->{asn}{attributes}}, { type => $type, vals => ($attrs->{$type}=[])} - unless exists $attrs->{$type}; - - push @{$attrs->{$type}}, ref($val) ? @$val : $val; - - push @$cmd, $type, [ ref($val) ? @$val : $val ] - if $cmd; - - } - - push(@{$self->{'changes'}}, 'add', $cmd) if $cmd; -} - - -sub replace { - my $self = shift; - my $cmd = $self->{'changetype'} eq 'modify' ? [] : undef; - my $attrs = $self->{attrs} ||= _build_attrs($self); - - while(my($type, $val) = splice(@_,0,2)) { - $type = lc $type; - - if (defined($val) and (!ref($val) or @$val)) { - - push @{$self->{asn}{attributes}}, { type => $type, vals => ($attrs->{$type}=[])} - unless exists $attrs->{$type}; - - @{$attrs->{$type}} = ref($val) ? @$val : ($val); - - push @$cmd, $type, [ ref($val) ? @$val : $val ] - if $cmd; - - } - else { - delete $attrs->{$type}; - - @{$self->{asn}{attributes}} - = grep { $type ne lc($_->{type}) } @{$self->{asn}{attributes}}; - - push @$cmd, $type, [] - if $cmd; - - } - } - - push(@{$self->{'changes'}}, 'replace', $cmd) if $cmd; -} - - -sub delete { - my $self = shift; - - unless (@_) { - $self->changetype('delete'); - return; - } - - my $cmd = $self->{'changetype'} eq 'modify' ? [] : undef; - my $attrs = $self->{attrs} ||= _build_attrs($self); - - while(my($type,$val) = splice(@_,0,2)) { - $type = lc $type; - - if (defined($val) and (!ref($val) or @$val)) { - my %values; - @values{@$val} = (); - - unless( @{$attrs->{$type}} - = grep { !exists $values{$_} } @{$attrs->{$type}}) - { - delete $attrs->{$type}; - @{$self->{asn}{attributes}} - = grep { $type ne lc($_->{type}) } @{$self->{asn}{attributes}}; - } - - push @$cmd, $type, [ ref($val) ? @$val : $val ] - if $cmd; - } - else { - delete $attrs->{$type}; - - @{$self->{asn}{attributes}} - = grep { $type ne lc($_->{type}) } @{$self->{asn}{attributes}}; - - push @$cmd, $type, [] if $cmd; - } - } - - push(@{$self->{'changes'}}, 'delete', $cmd) if $cmd; -} - - -sub update { - my $self = shift; - my $ldap = shift; - my $mesg; - my $cb = sub { $self->changetype('modify') unless $_[0]->code }; - - if ($self->{'changetype'} eq 'add') { - $mesg = $ldap->add($self, 'callback' => $cb); - } - elsif ($self->{'changetype'} eq 'delete') { - $mesg = $ldap->delete($self, 'callback' => $cb); - } - elsif ($self->{'changetype'} =~ /modr?dn/) { - my @args = (newrdn => $self->get_value('newrdn'), - deleteoldrdn => $self->get_value('deleteoldrdn')); - my $newsuperior = $self->get_value('newsuperior'); - push(@args, newsuperior => $newsuperior) if $newsuperior; - $mesg = $ldap->moddn($self, @args, 'callback' => $cb); - } - elsif (@{$self->{'changes'}}) { - $mesg = $ldap->modify($self, 'changes' => $self->{'changes'}, 'callback' => $cb); - } - else { - require Net::LDAP::Message; - $mesg = Net::LDAP::Message->new( {} ); - $mesg->set_error(LDAP_LOCAL_ERROR,"No attributes to update"); - } - - return $mesg; -} - - -# Just for debugging - -sub dump { - my $self = shift; - - my $asn = $self->{asn}; - print "-" x 72,"\n"; - print "dn:",$asn->{objectName},"\n\n"; - - my($attr,$val); - my $l = 0; - - for (keys %{ $self->{attrs} ||= _build_attrs($self) }) { - $l = length if length > $l; - } - - my $spc = "\n " . " " x $l; - - foreach $attr (@{$asn->{attributes}}) { - $val = $attr->{vals}; - printf "%${l}s: ", $attr->{type}; - my($i,$v); - $i = 0; - foreach $v (@$val) { - print $spc if $i++; - print $v; - } - print "\n"; - } -} - -sub attributes { - my $self = shift; - my %opt = @_; - - if ($opt{nooptions}) { - my %done; - return map { - $_->{type} =~ /^([^;]+)/; - $done{lc $1}++ ? () : ($1); - } @{$self->{asn}{attributes}}; - } - else { - return map { $_->{type} } @{$self->{asn}{attributes}}; - } -} - -sub asn { - shift->{asn} -} - -sub changes { - @{shift->{'changes'}} -} - -1; diff --git a/lib/Net/LDAP/Entry.pod b/lib/Net/LDAP/Entry.pod deleted file mode 100644 index f286bee..0000000 --- a/lib/Net/LDAP/Entry.pod +++ /dev/null @@ -1,300 +0,0 @@ -=head1 NAME - -Net::LDAP::Entry - An LDAP entry object - -=head1 SYNOPSIS - - use Net::LDAP; - - $ldap = Net::LDAP->new($host); - $mesg = $ldap->search(@search_args); - - my $max = $mesg->count; - for($i = 0 ; $i < $max ; $i++) { - my $entry = $mesg->entry($i); - foreach my $attr ($entry->attributes) { - print join("\n ",$attr, $entry->get_value($attr)),"\n"; - } - } - - # or - - use Net::LDAP::Entry; - - $entry = Net::LDAP::Entry->new; - - $entry->add( - attr1 => 'value1', - attr2 => [qw(value1 value2)] - ); - - $entry->delete( 'unwanted' ); - - $entry->replace( - attr1 => 'newvalue' - attr2 => [qw(new values)] - ); - - $entry->update( $ldap ); # update directory server - -=head1 DESCRIPTION - -The B object represents a single entry in the directory. -It is a container for attribute-value pairs. - -A B object can be used in two situations. The first and -probably most common use is in the result of a search to the directory -server. - -The other is where a new object is created locally and then a single -command is sent to the directory server to add, modify or replace an -entry. Entries for this purpose can also be created by reading an -LDIF file with the L module. - -=head1 CONSTRUCTOR - -=over 4 - -=item new - -Create a new entry object with the changetype set to C<'add'> - -=back - -=head1 METHODS - -=over 4 - - - -=item add ( ATTR => VALUE [, ATTR2 => VALUE2 ... ] ) - -Add one or more new attributes to the entry. Each value -must be a scalar variable or a reference to an array. The -values given will be added to the values which already exist -for the given attributes. - - $entry->add( 'sn' => 'Barr'); - - $entry->add( 'street' => [ '1 some road','nowhere']); - -B: these changes are local to the client and will not -appear on the directory server until the C method -is called. - - - -=item attributes ( [ OPTIONS ] ) - -Return a list of attributes that this entry has. - -OPTIONS is a list of name/value pairs, valid options are :- - -=over 4 - -=item nooptions - -If TRUE, return a list of the attribute names excluding any options. For example for the entry - - name: Graham Barr - name;en-us: Bob - jpeg;binary: **binary data** - -then - - @values = $entry->attributes() - print "default: @values\n"; - - @values = $entry->attributes( nooptions => 1); - print "nooptions: @values\n"; - -will output - - default: name name;en-us jpeg;binary - nooptions: name jpeg - -=back - - - -=item changetype ( [ TYPE ] ) - -If called without arguments it returns the type of operation that would -be performed when the update method is called. If called with an argument -it will set the changetype to TYPE. - -Possible values for TYPE are - -=over 4 - -=item add - -The update method will call the add method on the client object, which -will result in the entry being added to the directory server. - -=item delete - -The update method will call the delete method on the client object, which -will result in the entry being removed from the directory server. - -=item modify - -The update method will call the modify method on the client object, which -will result in any changes that have been made locally being made to the -entry on the directory server. - -=item moddn/modrdn - -The update method will call the moddn method on the client object, which -will result in any DN changes that have been made locally being made -to the entry on the directory server. These DN changes are specified by -setting the entry attributes newrdn, deleteoldrdn, and (optionally) newsuperior. - -=back - - - -=item delete ( ATTR [ => VALUE [, ATTR2 => VALUE2... ]] ) - -Delete the values of given attributes from the entry. Values are -references to arrays; passing a reference to an empty array is the -same as passing undef, and will result in the entire attribute being -deleted. If no attributes are passed then the next call to update will -cause the entry to be deleted from the server. For example: - - $entry->delete( 'mail' => [ 'foo.bar@example.com' ] ); - $entry->delete( 'description' => [ ], 'streetAddress' => [ ] ); - -B: these changes are local to the client and will not -appear on the directory server until the C method -is called. - - - -=item dn ( [ DN ] ) - -Set or get the DN for the entry. With no arguments C will return -the current DN. If an argument is given then it will change the DN -for the entry and return the previous value. - -B: these changes are local to the client and will not -appear on the directory server until the C method -is called. - - - -=item exists ( ATTR ) - -Returns TRUE if the entry has an attribute called ATTR. - - - -=item get_value ( ATTR [, OPTIONS ] ) - -Get the values for the attribute ATTR. In a list context returns all -values for the given attribute, or the empty list if the attribute does -not exist. In a scalar context returns the first value for the attribute -or undef if the attribute does not exist. - -The return value may be changed by OPTIONS, which is a list of name => value -pairs, valid options are :- - -=over 4 - -=item alloptions - -If TRUE then the result will be a hash reference. The keys of the hash -will be the options and the hash value will be the values for those attributes. -For example if an entry had - - name: Graham Barr - name;en-us: Bob - -Then a get for attribute "name" with alloptions set to a true value - - $ref = $entry->get_value( 'name', alloptions => 1); - -will return a hash reference that would be like - - { - '' => [ 'Graham Barr' ], - ';en-us' => [ 'Bob' ] - } - -=item asref - -If TRUE then the result will be a reference to an array containing all the -values for the attribute, or undef if the attribute does not exist. - - $scalar = $entry->get_value('name'); - -$scalar will be the first value for the C attribute, or C if the -entry does not contain a C attribute. - - $ref = $entry->get_value('name', asref => 1); - -$ref will be a reference to an array, which will have all the values for -the C attribute. If the entry does not have an attribute called C -then $ref will be C - -=back - -B: In the interest of performance the array references returned by C -are references to structures held inside the entry object. These values and -thier contents should B be modified directly. - - - -=item replace ( ATTR => VALUE [, ATTR2 => VALUE2 ... ] ) - -Similar to add, except that the values given will replace -any values that already exist for the given attributes. - -B: these changes are local to the client and will not -appear on the directory server until the C method -is called. - - - -=item update ( CLIENT ) - -Update the directory server with any changes that have been made locally -to the attributes of this entry. This means any calls that have been -made to add, replace or delete since the last call to changetype or -update was made. - -This method can also be used to modify the DN of the entry on the server, -by specifying moddn or modrdn as the changetype, and setting the entry -attributes newrdn, deleteoldrdn, and (optionally) newsuperior. - -CLIENT is a C object where the update will be sent to. - -The result will be an object of type -L as returned by the add, modify -or delete method called on CLIENT. - -=back - -=head1 SEE ALSO - -L, -L - -=head1 AUTHOR - -Graham Barr . - -Please report any bugs, or post any suggestions, to the perl-ldap mailing list -. - -=head1 COPYRIGHT - -Copyright (c) 1997-2000 Graham Barr. All rights reserved. This program is -free software; you can redistribute it and/or modify it under the same -terms as Perl itself. - -=for html
- -I<$Id: Entry.pod,v 1.9 2002/06/18 12:39:12 gbarr Exp $> - -=cut diff --git a/lib/Net/LDAP/Examples.pod b/lib/Net/LDAP/Examples.pod deleted file mode 100644 index 08f0bbc..0000000 --- a/lib/Net/LDAP/Examples.pod +++ /dev/null @@ -1,556 +0,0 @@ -=head1 NAME - -Net::LDAP::Examples - PERL LDAP by Example - -=head1 DESCRIPTION - -The following examples are of course PERL code, found to work -with the Net::LDAP modules. - -The intent of this document is to give the reader a I -jump start to getting an LDAP application working. - -Below you will find snippets of code that should work as-is with only -a small amount of work to correct any variable assignments and LDAP -specifics, e.g. Distinguished Name Syntax, related to the user's -own implementation. - -The Itandard Iperating I

roceedure that is followed here is: - -=over 8 - -=item 1 Package - use Net::LDAP - -=item 2 Initialization - new - -=item 3 Binding - bind - -=item 4 Operation - add modify moddn search - -=item 4.1 Processing - displaying data from a search - -=item 5 Error - displaying error information - -=item 6 Unbinding - unbind - -=back - -Look to each of these for a snippet of code to meet your needs. - - -B - -=over 4 - -=item I and I methods - -=item I subroutines - -=back - -=head1 CODE - -=head2 PACKAGE - Definitions - - use Net::LDAP qw(:all); # use for all code - - use Net::LDAP::Util qw(ldap_error_name - ldap_error_text) ; # use for Error handling - - -=head2 INITIALIZING - - $ldap = Net::LDAP->new("yourLDAPhost.yourCompany.com") or die "$@"; - -=head2 BINDING - - $mesg = $ldap->bind( version => 3 ); # use for searches - - $mesg = $ldap->bind("$userToAuthenticate", - password => "$passwd", - version => 3 ); # use for changes/edits - - # see your LDAP administrator for information concerning the - # user authentication setup at your site. - - -=head2 OPERATION - Generating a SEARCH - - sub LDAPsearch - { - my ($ldap,$searchString,$attrs,$base) = @_ ; - - # if they don't pass a base... set it for them - - if (!$base ) { $base = "o=mycompany, c=mycountry"; } - - # if they don't pass an array of attributes... - # set up something for them - - if (!$attrs ) { $attrs = ['cn','mail' ]; } - - my $result = $ldap->search ( - base => "$base", - scope => "sub", - filter => "$searchString", - attrs => $attrs - ); - - } - - my @Attrs = (); # request all available attributes - # to be returned. - - my $result = LDAPsearch($ldap,"sn=*",\@Attrs); - - -=head2 PROCESSING - Displaying SEARCH Results - - #------------ - # - # Accessing the data as if in a structure - # i.e. Using the "as_struct" method - # - - my $href = $result->as_struct; - - # get an array of the DN names - - my @arrayOfDNs = keys %$href ; # use DN hashes - - # process each DN using it as a key - - foreach (@arrayOfDNs) { - print $_,"\n"; - my $valref = $$href{$_}; - - # get an array of the attribute names - # passed for this one DN. - my @arrayOfAttrs = sort keys %$valref; #use Attr hashes - - my $attrName; - foreach $attrName (@arrayOfAttrs) { - - # skip any binary data: yuck! - next if ( $attrName =~ /;binary$/ ); - - # get the attribute value (pointer) using the - # attribute name as the hash - my $attrVal = @$valref{$attrName} ; - print "\t $attrName: @$attrVal \n"; - } - print "#-------------------------------\n"; - # End of that DN - } - # - # end of as_struct method - # - #-------- - - - #------------ - # - # handle each of the results independently - # ... i.e. using the walk through method - # - my @entries = $result->entries; - - my $entr ; - foreach $entr ( @entries ) - { - print "DN: ",$entr->dn,"\n"; - #my @attrs = sort $entr->attributes; - - my $attr; - foreach $attr ( sort $entr->attributes ){ - #skip binary we can't handle - next if ( $attr =~ /;binary$/ ); - print " $attr : ",$entr->get_value($attr),"\n"; - } - - - #print "@attrs\n"; - print "#-------------------------------\n"; - } - - # - # end of walk through method - #------------ - - - -=head2 OPERATION - Modifying entries - - # - # Modify - # - # for each of the modifies below you'll need to supply - # a full DN (Distinguished Name) for the $dn variable. - # example: - # cn=Jo User,ou=person,o=mycompany,c=mycountry - # - # I would recommend doing a search (listed above) - # then use the dn returned to populate the $dn variable. - - - # - # Do we only have one result returned from the search? - - if ( $result->count != 1 ) { exit ; } # Nope.. exit - - my $dn = $entries[0]->dn; # yes.. get the DN - - - ####################################### - # - # MODIFY using a HASH - # - - my %ReplaceHash = ( keyword => "x", proxy => "x" ); - - my $result = LDAPmodifyUsingHash($ldap,$dn, \%ReplaceHash ); - - sub LDAPmodifyUsingHash - { - my ($ldap,$dn,$whatToChange ) = @_ ; - my $result = $ldap->modify($dn, - replace => { %$whatToChange } - ); - return ($result ); - } - - - ####################################### - # - # MODIFY using a ARRAY List - # - - my @ReplaceArrayList = [ 'keyword', "xxxxxxxxxx" , - 'proxy' , "yyyyyyyyyy" ]; - - my $result = LDAPmodifyUsingArrayList($ldap,$dn, \@ReplaceArrayList ); - - sub LDAPmodifyUsingArrayList - { - my ($ldap,$dn,$whatToChange ) = @_ ; - my $result = $ldap->modify($dn, - changes => [ - replace => @$whatToChange - ] - ); - return ($result ); - } - - - ####################################### - # - # MODIFY using a ARRAY - # - - my @ReplaceArray = ( 'keyword', "xxxxxxxxxx" , - 'proxy' , "yyyyyyyyyy" ); - - my $result = LDAPmodifyUsingArray($ldap,$dn, \@ReplaceArray ); - - sub LDAPmodifyUsingArray - { - my ($ldap,$dn,$whatToChange ) = @_ ; - my $result = $ldap->modify($dn, - changes => [ - replace => [ @$whatToChange ] - ] - ); - return ($result ); - } - - - ####################################### - # - # MODIFY an existing record using 'Changes' - # (or combination of add/delete/replace) - # - - - my @whatToChange ; - my @ReplaceArray ; - my @DeleteArray ; - my @AddArray ; - - push @AddArray, 'cn',"me myself"; - push @ReplaceArray, 'sn','!@#$%^&*()__+Hello THere'; - push @ReplaceArray, 'cn',"me myself I"; - push @DeleteArray, 'cn',"me myself"; - - - - - if ( $#ReplaceArray > 0 ) { - push @whatToChange, 'replace' ; - push @whatToChange, \@ReplaceArray ; - } - if ( $#DeleteArray > 0 ) { - push @whatToChange, 'delete' ; - push @whatToChange, \@DeleteArray ; - } - if ( $#AddArray > 0 ) { - push @whatToChange, 'add' ; - push @whatToChange, \@AddArray ; - } - - $result = LDAPmodify($ldap,$dn, \@whatToChange ); - - - sub LDAPmodify - { - my ($ldap,$dn,$whatToChange) = @_ ; - - my $result = $ldap->modify($dn, - changes => [ - @$whatToChange - ] - ); - return ($result ); - } - - - -=head2 OPERATION - Changing the RDN - - my $newRDN = "cn=Joseph User"; - - my $result = LDAPrdnChange($ldap,$dn,$newRDN,"archive"); - - - sub LDAPrdnChange - { - my ($ldap,$dn,$whatToChange,$action) = @_ ; - - my $branch ; - - # - # if the archive action is selected, move this - # entry to another place in the directory. - # - if ( $action =~ /archive/i ) { - $branch = "ou=newbranch,o=mycompany,c=mycountry"; - } - - # - # use the 'deleteoldrdn' to keep from getting - # multivalues in the NAMING attribute. - # in most cases that would be the 'CN' attribute - # - my $result = $ldap->moddn($dn, - newrdn => $whatToChange, - deleteoldrdn => '1', - newsuperior => $branch - ); - - return ($result ); - - } - - -=head2 OPERATION - Adding a new Record - - - my $DNbranch = "ou=bailiwick, o=mycompany, c=mycountry"; - - # - # check with your Directory Schema or Administrator - # for the correct objectClass... I'm sure it'll be different - # - my $CreateArray = [ - objectClass => ["top","person","organizationalPerson"], - cn => "Jane User", - uid => "0000001", - sn => "User", - mail => "JaneUser@mycompany.com" - ]; - - # - # create the new DN to look like this - # " cn=Jo User + uid=0000001 , ou=bailiwick, o=mycompany, c=mycountry " - # - # NOTE: this DN MUST be changed to meet your implementation - # - - my $NewDN = "@$CreateArray[2]=". - "@$CreateArray[3]+". - "@$CreateArray[4]=". - "@$CreateArray[5],". - $DNbranch; - - LDAPentryCreate($ldap,$NewDN,$CreateArray); - - # - # CreateArray is a reference to an anonymous array - # you have to dereference it in the subroutine it's - # passed to. - # - - sub LDAPentryCreate - { - - my ($ldap,$dn,$whatToCreate) = @_ ; - my $result = $ldap->add( $dn, attrs => [ @$whatToCreate ] ); - return ($result ); - - } - - -=head2 ERROR - Retrieving and Displaying ERROR information - - use Net::LDAP::Util qw( ldap_error_name - ldap_error_text) ; - - if ( $result->code ) { - # - # if we've got an error... record it - # - LDAPerror("Searching",$result); - } - - - - sub LDAPerror - { - my ($from,$mesg) = @_; - print "Return code: ",$mesg->code ; - print "\tMessage: ", ldap_error_name($mesg->code); - print " :", ldap_error_text($mesg->code); - print "MessageID: ",$mesg->mesg_id; - print "\tDN: ",$mesg->dn; - - #--- - # Programmer note: - # - # "$mesg->error" DOESN'T work!!! - # - #print "\tMessage: ", $mesg->error; - #----- - - } - - -=head2 UNBIND - - $ldap->unbind; - -=head1 LDAP SCHEMA RETRIEVAL - -The following code snippet shows how to retrieve schema information. - -The first procedure is to initialize a new LDAP object using the -same procedures as listed at the beginning of this document. - -The second procedure is to bind to your directory server. Some -servers may require authentication to retrieve the schema from the -directory server. This procedure is listed at the beginning of -this document too. - -After a successful bind you are ready to retrieve the schema -information. You do this by initializing a schema object. - - $schema = $ldap->schema(); - -In this case Net::LDAP will attempt to determine the dn under which -the schema can be found. First it will look for the attribute -C in the root DSE. If that cannot be found then -it will default to the assumption of C - -Alternatively you can specify the dn where the schema is to be found -with - - $schema = $ldap->schema(dn => $dn); - -Once we have a dn to search for, Net::LDAP will fetch the schema entry with - - $mesg = $self->search( - base => $dn, - scope => 'base', - filter => '(objectClass=*)', - ); - -Once the schema object has been initialized, schema methods -are used to retrieve the data. There are a number of ways this -can be done. Information on the schema methods can be found -in the Net::LDAP::Schema pod documentation. - -The following is a code snippet showing how to get and display -information about returned attributes. - - # - # Get the attributes - # - - @attributes = $schema->attributes(); - # - # Display the attributes - # - - foreach ( @attributes) - { - print "attributeType\n"; - - # - # Get and display the oid number of the objectclass. - # - $oid = $schema->name2oid( "$_" ); - - # - # Get the various items associated with - # this attribute. - # - @attribute_items = $schema->items( "$oid" ); - # - # Read returned item names and display their associated data. - # - foreach $value ( @attribute_items ) - { - # We know we are dealing with an attribute, ignore type. - next if ( $value eq 'type'); # Type holds oc or at - # - # Read the data for this item of this oid. - # - @item = $schema->item( $oid, $value ); - # - # Some item names have no data, the name itself is data. - # This type of item has 1 as data. - # - if ( defined(@item) && $item[0] == 1 ) - { - print "\t$value\n"; - next; - } - if ( defined(@item) && $#item >= 0 ) - { - print "\t$value: @item\n"; - } - - } - } - -The process is the basically the same for getting objectClass -information. Where schema->attributes() is used, substitute -schema->objectclasses(). From that point on the process is -the same for both objectClasses and attributes. - -=head1 BUGS - -None known, but there may be some - -=head1 AUTHOR (of this document) - -Russell Biggs - -=head1 COPYRIGHT - -All rights to this document are hereby relinquished to Graham Barr. - -=for html

- -I<$Id: Examples.pod,v 1.4 2000/09/12 09:17:09 gbarr Exp $> - -=cut - diff --git a/lib/Net/LDAP/Extension/SetPassword.pm b/lib/Net/LDAP/Extension/SetPassword.pm deleted file mode 100644 index db468b3..0000000 --- a/lib/Net/LDAP/Extension/SetPassword.pm +++ /dev/null @@ -1,41 +0,0 @@ - -package Net::LDAP::Extension::SetPassword; - -require Net::LDAP::Extension; - -@ISA = qw(Net::LDAP::Extension); - -use Convert::ASN1; -my $passwdModReq = Convert::ASN1->new; -$passwdModReq->prepare(q); - -my $passwdModRes = Convert::ASN1->new; -$passwdModRes->prepare(q); - -sub Net::LDAP::set_password { - my $ldap = shift; - my %opt = @_; - - my $res = $ldap->extension( - name => '1.3.6.1.4.1.4203.1.11.1', - value => $passwdModReq->encode(\%opt) - ); - - bless $res; # Naughty :-) -} - -sub gen_password { - my $self = shift; - - my $out = $passwdModRes->decode($self->response); - - $out->{genPasswd}; -} - -1; diff --git a/lib/Net/LDAP/Extra.pm b/lib/Net/LDAP/Extra.pm deleted file mode 100644 index 2f77e9a..0000000 --- a/lib/Net/LDAP/Extra.pm +++ /dev/null @@ -1,62 +0,0 @@ -# Copyright (c) 2000 Graham Barr . All rights reserved. -# This program is free software; you can redistribute it and/or -# modify it under the same terms as Perl itself. - -package Net::LDAP::Extra; - -use strict; -use vars qw($VERSION); - -require Net::LDAP; -require Carp; - -$VERSION = "0.01"; - -sub import { - shift; - local $SIG{__DIE__} = \&Carp::croak; - foreach (@_) { - my $file = "Net/LDAP/Extra/$_.pm"; - next if exists $INC{$file}; - require $file; - "Net::LDAP::Extra::$_"->import; - } -} - -1; - -__END__ - - -=head1 NAME - -Net::LDAP::Extra -- Load extra Net::LDAP methods - -=head1 SYNOPSIS - - use Net::LDAP::Extra qw(my_extn); - - $ldap = Net::LDAP->new( ... ); - - $ldap->my_extn( ... ); - -=head1 DESCRIPTION - -C allows extra methods to be added to Net::LDAP. -Normally such methods would be added by sub-classing Net::LDAP, but this -proves to get messy as different people write different additions and -others want to use multiple of these sub-classes. Users end up having -to create sub-classes of their own which inherit from all the extension -sub-classes just so they can get all the features. - -C allows methods to be added directly to -all Net::LDAP objects. This can be done by creating a class -C which exports functions. A -C will then make these functions avaliable -as a methods on all C objects. - -Care should be taken when choosing names for the functions to export -to ensure that they do not clash with others. - -=cut - diff --git a/lib/Net/LDAP/FAQ.pod b/lib/Net/LDAP/FAQ.pod deleted file mode 100644 index 7964c3d..0000000 --- a/lib/Net/LDAP/FAQ.pod +++ /dev/null @@ -1,1227 +0,0 @@ -=head1 NAME - -Net::LDAP::FAQ - Frequently Asked Questions about Net::LDAP - -=head1 SYNOPSIS - - perldoc Net::LDAP::FAQ - -=head1 DESCRIPTION - -This document serves to answer the most frequently asked questions on both the -perl-ldap Mailing List and those sent to Graham Barr. - -The latest version of this FAQ can be found at - http://perl-ldap.sourceforge.net/FAQ.html - -=head1 GENERAL - -=head2 What is perl-ldap ? - -perl-ldap is the distribution name. The perl-ldap distribution contains -the Net::LDAP modules. - -=head2 Why another perl LDAP implementation ? - -perl-ldap's goal is to be as portable as possible. It does this by -being implemented completely in perl. So basically anywhere that perl -runs perl-ldap will run. This is not true for other implementations -which require a C compiler. - -=head2 Where can I get it ? - -Perl-ldap is available from CPAN. You will find it in the -authors/id/GBARR directory. Alternatively you can download -the latest version from - http://www.cpan.org/search?dist=perl-ldap - -B The perl-ldap module is stored on CPAN as a *.gz file. -Netscape on Windows systems sometimes has a problem storing the module -with the correct name, it will replace the *.tar.gz with *_tar.tar. -To correct the problem, with the pointer on the link, do a right click -and then select B to save the file with the correct file -name. - -=head2 Is there a web page for perl-ldap ? - -Yes there is at http://perl-ldap.sourceforge.net/ - -=head2 Is there a mailing list ? - -Yes there is at perl-ldap-dev@lists.sourceforge.net - -You can subscribe to this list at - http://lists.sourceforge.net/mailman/listinfo/perl-ldap-dev - -=head2 Is the mailing list archived ? - -Archives of messages since we switched to using sourceforge can be -found at - - http://www.geocrawler.com/lists/3/SourceForge/3482/0/ - -Please be aware that the geocrawler system munges -code that is in the email messages. In particular, -apostrophes (') are turned into back ticks (`) and -newlines escapes (\n) are removed (and probably other -escapes as well). - -There is also an archive of the perl-ldap mailing list at -http://www.xray.mpe.mpg.de/mailing-lists/perl-ldap/ -which also has messages from before the move to sourceforge. -The xray archive does not munge email messages. - -=head2 Is there any online documentation ? - -Yes. perl-ldap has online documentation at - http://perl-ldap.sourceforge.net/ -which will have the latest documentation available. - -=head2 Is there a public CVS repository ? - -Yes, it is located at sourceforge.net - -=head2 Can I get perl-ldap from the public CVS repository? - -Yes, any one can pull perl-ldap from the public CVS repository -on sourceforge.net. - -There are several ways this can be done. - -Web; - -You can download it from SourceForge by following the release link: - -The 2 lines in the following example should be put together as -one continuous line. Example; - - http://download.sourceforge.net/perl-ldap/perl-ldap-0.20.tar.gz - -B The perl-ldap module is stored on CPAN as a *.gz file. -Netscape on Windows systems sometimes has a problem storing the module -with the correct name, it will replace the *.tar.gz with *_tar.tar. -To correct the problem, with the pointer on the link, do a right click -and then select B to save the file with the correct file -name. - -CVS; - -You can download latest version of perl-ldap from SourceForge by -executing a anonymous CVS "get" command. When the password is -requested press the enter key. - -The 2 lines in the following example should be put together as -one continuous line. Example; - - cvs -d:pserver:anonymous@cvs.perl-ldap.sourceforge.net:/cvsroot/perl-ldap - -Web page; - -Most of the time there is a URL link on the perl-ldap -home page on sourceforge that points to the latest released -version of perl-ldap. Due to the fact that humans must -update the web page to point to a new release it sometimes does -not get updated as quickly as it should. - -B The perl-ldap module is stored on CPAN as a *.gz file. -Netscape on Windows systems sometimes has a problem storing the module -with the correct name, it will replace the *.tar.gz with *_tar.tar. -To correct the problem, with the pointer on the link, do a right click -and then select B to save the file with the correct file -name. - -=head2 What is CVS. - -"CVS" is an acronym for the "Concurrent Versions System". -CVS is a "Source Control" or "Revision Control" tool -designed to keep track of source changes made by groups of -developers working on the same files, allowing them to -stay in sync with each other as each individual chooses. - -=head1 LDAP AND DIRECTORY TERMINOLOGY. - -In order to help the user understand the perl-ldap module better -some key LDAP terminology is defined here. - -=head2 What is a directory. - -A directory is a special purpose database that usually contains -typed information such as text strings, binary data, or X.509 -certificates. - -=head2 What is LDAP. - -LDAP stands for Lightweight Directory Access Protocol. -The word I is the key word in the definition given in -the preceding sentence, LDAP is I hardware or software. -It is a protocol that defines how a client and server will -communicate with one another. - -The Lightweight Directory Access Protocol is defined in a -series of Requests For Comments, better known as RFC(s). -The RFCs can be found on the Internet. A very good -source for all of the LDAP RFCs can be found in the -OpenLDAP, http://www.OpenLDAP.org/ , software bundle that can -be downloaded free of charge from the Internet. Some of the -more important RFC numbers are RFC 1777 for LDAPv2 and RFC 2251 -for LDAPv3. - -=head2 What is a LDAP Directory. - -In the strictest terms of the definition there is no such -thing as a LDAP directory. To be practical about this -situation every day directory professionals refer to their -directory as " a LDAP directory" because it is easy to -say and it does convey the type of protocol used to -communicate with their directory. Using this definition -a LDAP directory is a directory whose server software -conforms to the Lightweight Directory Access Protocol when -communicating with a client. - -=head2 What is an Entry. - -The traditional directory definition of a directory object -is called an Entry. Entries are composed of attributes -that contain the information to be recorded about an object. - -Another non-traditional definition of a directory object -is called a record. Some directory professionals prefer -to use this definition because of the confusion that sometimes -results when using the term Entry. - -=head2 What is a Distinguished Name. - -Every entry in a directory, whether it is X.500 or LDAP, has -a Distinguished Name, or DN. It is a unique Entry identifier -through out the complete directory. No two Entries can have the -same DN within the same directory. - -Example of a DN: - - cn=Road Runner, ou=bird, dc=carton, dc=com - ou=bird, dc=carton, dc=com - dc=carton, dc=com - dc=com - -=head2 What is a Relative Distinguished Name. - -Every Entry in a directory, whether it is X.500 or LDAP, has -a Distinguished Name which is made up of a sequence of Relative -Distinguished Names, or RDNs. The sequences of RDNs are separated -by commas (,) or semi-colons (;). There can be more than one -identical RDN in a directory, but they must be in different -bases, or branches, of the directory. - -Example of a DN: - - cn=Road Runner,ou=bird,dc=carton,dc=com - - RDNs of the proceeding DN: - RDN => cn=Road Runner - RDN => ou=bird - RDN => dc=carton - RDN => dc=com - -The RDNs are delimited by a comma. - -=head2 What is a Naming RDN. - -Example of a DN: - - cn=Road Runner,ou=bird,dc=carton,dc=com - - Naming RDN of the proceeding DN: - - cn=Road Runner - -Most of the time when directory professionals refer -to the RDN of an entry, this is the RDN that they -are referring to. - -=head2 What is a search base. - -A search base is a Distinguished Name that is the -starting point of search queries. - -Example of a DN: - - cn=Road Runner,ou=bird,dc=carton,dc=com - -Possible search base(s) for the proceeding DN: - - Base => cn=Road Runner,ou=bird,dc=carton,dc=com - Base => ou=bird,dc=carton,dc=com - Base => dc=carton,dc=com - Base => dc=com - -Setting the search base to the lowest possible branch of -the directory will speed up searches considerably. - -=head2 What is an attribute. - -The entry(s) in a directory are composed of attributes that contain -information about the object. Each attribute has a type -and can contain one or more values. The attribute type is -associated with a syntax that defines what kind of information -can be stored in the attributes values and controls how -directory operations on the attribute behave. What attributes -are required and allowed in a entry is controlled by content -rules that are defined on a per-server basis or by a special -attribute in each entry called an objectClass. - -=head2 What is the difference between a LDAP server and a relational database - -The most basic difference is that a directory server is a -specialized database designed to provide fast searches. While a relational -database is optimized for transactions (where a series of operations is -counted as 1, thus if one of the steps fails, the RDBMS can roll-back to -the state it was in before you started). - -Directories also typically are hierarchical in nature (RDBMS is typically -flat, but you can implement a hierarchy using tables and queries), -network-able, distributed and replicated. - -LDAP provides an open-standard to a directory service. - -Typically we use LDAP for email directories (all popular email clients -provide an LDAP client now) and authorization services (authentication and -access control). - -You could use a RDBMS for these types of queries but there's not a -set standard, in particular over TCP/IP to connect to databases over the -network. There's language specific protocols (like Perl's DBI and Java's -JDBC) that hide this problem behind an API abstraction, but that's not a -replacement for a standard access protocol. - -LDAP is starting to be used on roles traditionally played by RDBMS in -terms of general data management because it's easier to setup a LDAP -server (once you understand the basic nomenclature) and you don't need -a DBA to write your queries and more importantly all LDAP servers speak -the same essential protocol, thus you don't have to fuss with a -database driver trying to connect it to the Internet. Once you have an -LDAP server up and running, it's automatically available over the 'net. -It's possible to connect to a LDAP server from a variety of mechanisms, -including just about every possible programming language. - -More information on this topic can be found on the following URLs; - - http://www.openldap.org/faq/data/cache/378.html - - http://www.messagingdirect.com/publications/IC-6055.html - -=head2 What is the difference between a ldap reference and a ldap referral? - -A referral is returned when the B operation must be resent to -another server. - -A continuation reference is returned when B of the operation must be -resent to another server. - -See RFC 2251 section 4.5.3 for more details. - -=head1 PERL-LDAP INSTALLATION - -=head2 How do I install perl-ldap ? - -To install the modules that are in the perl-ldap distribution follow the -same steps that you would for most other distributions found on CPAN, that -is - - # replace 0.13 with the version you have - - gunzip perl-ldap-0.13.tar.gz - tar xvf perl-ldap-0.13.tar - cd perl-ldap-0.13 - - perl Makefile.PL - make - make test - make install - -=head2 But I do not have make, how can I install perl-ldap ? - -Well as luck would have it the modules in perl-ldap do not do anything -complex, so a simple copy is enough to install. First run - - perl -V - -This will output information about the version of perl you have -installed. Near the bottom you will find something like - - @INC: - /usr/local/perl/perl5.005/lib/5.00502/sun4-solaris - /usr/local/perl/perl5.005/lib/5.00502 - /usr/local/perl/perl5.005/lib/site_perl/5.005/sun4-solaris - /usr/local/perl/perl5.005/lib/site_perl/5.005 - . - -This is a list of directories that perl searches when it is looking for -a module. The directory you need is the site_perl directory, but without -the system architecture name, in this case it is -C. The files required -can then be installed with - - # replace 0.13 with the version you have - - gunzip perl-ldap-0.13.tar.gz - tar xvf perl-ldap-0.13.tar - cd perl-ldap-0.13/lib - - cp * /usr/local/perl/perl5.005/lib/site_perl/5.005 - - -=head2 What other modules will I need ? - -perl-ldap does use other modules. Some are required, but some are -optional (ie required to use certain features) - -=over 4 - -=item Convert::ASN1 - -This module is required for perl-ldap to work. - -You can obtain the latest release from - http://search.cpan.org/search?module=Convert::ASN1 - -=item Digest::MD5 - -This module is optional. It also requires a C compiler when installing. -You only need to install Digest::MD5 if you want to use the SASL -authentication method. - -You can obtain the latest release from - http://search.cpan.org/search?module=Digest::MD5 - -=item URI::ldap - -This module is optional. You only need to install URI::ldap if you are -going to need to parse ldap referrals. L does not do this -automatically yet, so this module is not used by perl-ldap. - -You can obtain the latest release from - http://search.cpan.org/search?module=URI::ldap - -=item OpenSSL and IO::Socket::SSL for Net::LDAPS - -If you want to use Net::LDAP::LDAPS you will need this module -and the OpenSSL software package. - -You can obtain the latest release of IO::Socket::SSL from - http://search.cpan.org/search?module=IO::Socket::SSL - -You can obtain the latest release of OpenSSL from - http://www.openssl.org/ - -If you are using a Linux system, many of the distributions -have RPM packages that you can install. Use your favorite -web search engine to find the package that you need. - -=item XML::Parser - -If you want to use Net::LDAP::DSML you will need this module. - -You can obtain the latest release from - http://search.cpan.org/search?module=XML::Parser - -=back - -=head1 USING NET::LDAP - -=head2 How do I connect to my server ? - -The connection to the server is created when you create a new Net::LDAP -object, e.g. - - $ldap = Net::LDAP->new($server); - -=head2 Net::LDAP->new sometimes returns undef, why ? - -The constructor will return undef if there was a problem connecting -to the specified server. Any error message will be available in $@ - -=head2 How can I tell when the server returns an error, bind() always returns -true ? - -Most methods in Net::LDAP return a L -object, or a sub-class of that. This object will hold the results -from the server, including the result code. - -So, for example, to determine the result of the bind operation. - - $mesg = $ldap->bind( $dn, password => $passwd ); - - if ( $mesg->code ) { - # Handle error codes here - } - -=head2 How can I set the ldap version of a connection to my ldap server? - -This is done by adding the version option when binding to the ldap -server. - -For example; - - $mesg = $ldap->bind( $dn, password => $passwd, version => 3 ); - -Valid version numbers are 2 and 3. - -=head2 I did a search on my directory using the 'search' method. Where did -the results go ? - -Your search results are stored in a 'search object' container. -Consider the following: - - use Net::LDAP; - - $ldap = Net::LDAP->new('ldap.acme.com') or die "$@"; - $mesg = $ldap->search( - base => "o=acme.com", - filter => "uid=jsmith", - ); - -$mesg is a search object container. It is a reference blessed into the -L package. By calling methods on -this object you can obtain information about the result and also the -individual entries. - -The first thing to check is if the search was successful. This is done with -with the method $mesg->code. This method will return the status code -that the server returned. A success will yield a zero value, but there are -other values, some of which could also be considered a success. -See L - - use Net::LDAP::Util qw(ldap_error_text); - - die ldap_error_text($mesg->code) - if $mesg->code; - -There are two ways in which you can access the entries. You can access -then with an index or you can treat the container like a stack and -shift each entry in turn. For example - - # as an array - - # How many entries were returned from the search - my $max = $mesg->count; - - for( my $index = 0 ; $index < $max ; $index++) { - my $entry = $mesg->entry($index); - # ... - } - - # or as a stack - - while( my $entry = $mesg->shift_entry) { - # ... - } - -In each case $entry is an entry object container. It is a reference blessed -into the L package. By calling methods on this object -you can obtain information about the entry. - -For example, to obtain the DN for the entry - - $dn = $entry->dn; - -To obtain the attributes that a given entry has - - @attrs = $entry->attributes; - -And to get the list of values for a given attribute - - @values = $entry->get( 'sn' ); - -And to get the first of the values for a given attribute - - $values = $entry->get( 'cn' ); - -One thing to remember is that attribute names are case -insensitive, so 'sn', 'Sn', 'sN' and 'SN' are all the same. - -So, if you want to print all the values for the attribute C<'ou'> then this -is as simple as - - foreach ($entry->get_value( 'ou' )) { - print $_,"\n"; - } - -Now if you just want to print all the values for all the attributes you -can do - - foreach my $attr ($entry->attributes) { - foreach my $value ($entry->get_value($attr)) { - print $attr, ": ", $value, "\n"; - } - } - -=head2 How do I limit the scope of a directory search. - -You limit the scope of a directory search by setting the -scope parameter of search request. -Consider the following: - - use Net::LDAP; - - $ldap = Net::LDAP->new('ldap.acme.com') or die "$@"; - $mesg = $ldap->search( - base => "o=acme.com", - scope => 'sub', - filter => "uid=jsmith", - ); - -Values for the scope parameter are as follows. - - base Search only the base object. - - one Search the entries immediately below the base - object. - - sub Search the whole tree below the base object. - This is the default. - -=head1 GETTING SEARCH RESULTS - -There are two ways of retrieving the results of a requested -LDAP search; inline and by using a callback subroutine. - -=head2 USING THE INLINE APPROACH - -Using the inline approach involves requesting the data and -then waiting for all of the data to be returned before the -user starts processing the data. - -Example: - - use Net::LDAP; - - $ldap = Net::LDAP->new('ldap.acme.com') or die "$@"; - $mesg = $ldap->search( - base => "o=acme.com", - scope => 'sub', - filter => "sn=smith", - ); - # - # At this point the user can get the returned data as an array - # or as a stack. - # In this example we will use an array - - # How many entries were returned from the search - my $max = $mesg->count; - - for( my $index = 0 ; $index < $max ; $index++) - { - my $entry = $mesg->entry($index); - my $dn = $entry->dn; # Obtain DN of this entry - - @attrs = $entry->attributes; # Obtain attributes for this entry. - foreach my $var (@attrs) - { - #get a list of values for a given attribute - $attr = $entry->get_value( $var, asref => 1 ); - if ( defined($attr) ) - { - foreach my $value ( @$attr ) - { - print "$var: $value\n"; # Print each value for the attribute. - } - } - } - } - -As you can see the example is straight forward, but there is one -drawback to this approach. You must wait until all entries for the -request search to be returned before you can process the data. If -there several thousand entries that match the search filter this -could take quite a long time period. - -=head2 USING THE CALLBACK SUBROUTINE APPROACH - -Using the callback approach involves requesting the data be sent -to a callback subroutine as each entry arrives at the client. - -A callback is just a subroutine that is passed two parameters when -it is called, the mesg and entry objects. - -Example: - - use Net::LDAP; - - $ldap = Net::LDAP->new('ldap.acme.com') or die "$@"; - $mesg = $ldap->search( - base => "o=acme.com", - scope => 'sub', - filter => "sn=smith", - callback => \&callback, - ); - # - # At this point the user needs to check the status of the - # ldap search. - # - - if ( $mesg->code ) - { - $errstr = $mesg->code; - print "Error code: $errstr\n"; - $errstr = ldap_error_text($errstr); - print "$errstr\n"; - } - - - sub callback - { - my ( $mesg, $entry) = @_; - - # - # First you must check to see if something was returned. - # Last execution of callback subroutine will have no - # defined entry and mesg object - # - if ( !defined($entry) ) - { - print "No records found matching filter $match.\n" - if ($mesg->count == 0) ; # if mesg is not defined nothing will print. - return; - } - - my $dn = $entry->dn; # Obtain DN of this entry - - @attrs = $entry->attributes; # Obtain attributes for this entry. - foreach my $var (@attrs) - { - #get a list of values for a given attribute - $attr = $entry->get_value( $var, asref => 1 ); - if ( defined($attr) ) - { - foreach my $value ( @$attr ) - { - print "$var: $value\n"; # Print each value for the attribute. - } - } - } - # - # For large search requests the following 2 lines of code - # may be very important, they will reduce the amount of memory - # used by the search results. - # - # If the user is not worried about memory useage then the 2 lines - # of code can be omitted. - # - $mesg->pop_entry; - - } # End of callback subroutine - -As you can see the example is straight forward and it does not waste -time waiting for all of the entries to be returned. However if the -pop_entry method is not used the callback approach can allocate a -lot of memory to the search request. - -=head1 USING NET::LDAPS - -=head2 Using a potentially encrypted (SSL) network connection, how do I connect to my server? - -This class is a subclass of Net::LDAP so all the normal -Net::LDAP methods can be used with a Net::LDAPS object; -see the documentation for Net::LDAP to find out how to -query a directory server using the LDAP protocol. - -The connection to the server is created when you create a new Net::LDAPS -object, e.g. - - $ldaps = Net::LDAPS->new($server, - port => '10000', - verify => 'require', - capath => '/usr/local/cacerts/', - ); - -There are additional options to the LDAPS new method and -several additional methods are included in the LDAPS object class. - -For further information and code examples read the LDAPS -module documentation; perldoc Net::LDAPS - -=head1 USING LDAP GROUPS. - -=head2 What are LDAP groups. - -LDAP groups are a collection of distinguished names (DN) that are -listed in an attribute called member. One I to -remember is that a group can be a collection of groups. This -does I imply that the subgroups will be flattened into one -big group. - -Two scripts for working with groups are available in the contrib -directory. They are isMember.pl and printMembers.pl. - -=head2 How do you format a filter to search for entries whose 'member' -attribute has a particular value? - -Asking for (member=*) is OK - the directory uses the equality matching -rule which is defined for the member attribute. - -Asking for (member=c*) is not OK - there is no defined substring -matching rule for the member attribute. That's because the member -values are *not* strings, but distinguished names. There is no -substring matching rule for DNs, see RFC 2256 section 5.50. - -What you have to do is get the results of (member=*) and then select -the required results from the returned values. You need to do this -using knowledge of the string representation of DNs defined in RFC -2253, which is important because the same DN can have different string -representations. So you need to perform some canonicalization if you -want to be correct. - - -=head1 USING DSML. - -=head2 How can I access DSML features from PERL-LDAP. - -Directory Service Markup Language (DSML) is the XML -standard for representing directory service information in -XML. - -Support for DSML is include in PERL-LDAP starting with version -.20. - -At the moment this module only reads and writes DSML entry -entities. It cannot process any schema entities because -schema entities are processed differently than elements. - -Eventually this module will be a full level 2 consumer and -producer enabling you to give you full DSML conformance. - -The specification for DSML is at http://www.dsml.org - -For further information and code examples read the DSML -module documentation; perldoc Net::LDAP::DSML - -=head1 USING CONTROLS AND VIRTUAL LISTS. - -=head2 How do I access the Control features. - -Support for LDAP version 3 Control objects is included in -perl-ldap starting with version .20. - -For further information and code examples read the Control -module documentation; perldoc Net::LDAP::Control - -=head2 How do I access the Virtual List features. - -Support for Virtual Lists is included in perl-ldap starting -with version .20. - -For further information and code examples read the Control -module documentation; perldoc Net::LDAP::Control - -=head1 GENERAL QUESTIONS. - -=head2 Are there any other code examples. - -Yes, there is an Examples pod file. To view the pod -do the following command; perldoc Net::LDAP::Examples - -There is user contributed software in the contrib directory -that is supplied with the PERL-LDAP distribution. This is an -excellent source of information on how to use the PERL-LDAP module. - -=head2 Can I contribute perl scripts that use perl-ldap -to the contrib section? - -Any one can submit a perl script that uses perl-ldap for inclusion -in the contrib section. Graham Barr will determine if the script -will be included and will do the initial check in of the script -to the CVS system on sourceforge. Graham will make you the -owner/developer of the script. - -There are a couple of requirements for consideration. - -You must supply a one line description of your script to be included -in the contrib readme file. - -Inside the script will be the pod documentation for the script. -No auxiliary documentation will be allowed. For examples of how -to do this see the tklkup or schema scripts currently in the contrib -section. - -If Graham decides to include your script in the contrib section, you -must register with sourceforge before your scripts will be put into -the contrib CVS system. - -=head2 Is possible to get a complete entry, dn and attributes -without specifying the attributes name? - -Yes, just specify you want a list of no attributes back. The RFC says -that this tells the server to return all readable attributes back -(there may be access controls to prevent some from being returned.) - -So in the search method, just set (for LDAPv2): - - attrs => [ ] - -If you are using LDAPv3, you can specify an attribute called "*" -instead, which lets you ask for additional (eg operational) attributes -in the same search. - - attrs => [ "*" ] - -=head2 How do I put a jpeg photo into a entry in the directory. - -Follow the following code example, replacing the (...) with -whatever is relevant to your setup. - - use Net::LDAP; - use Net::LDAP::Util qw(ldap_error_text); - use CGI; - - local $/ = undef; - my $jpeg = <$filename>; - - my $ldap = new Net::LDAP(...); - my $res = $ldap->bind(...); - $res = $ldap->modify(..., - add => [ 'jpegPhoto' => [ $jpeg ] ]); - $res = $ldap->unbind(); - - -=head2 How do I add a jpeg photo into a entry in the directory via html-forms. - -Follow the following code example, replacing the (...) with -whatever is relevant to your setup. - - use Net::LDAP; - use Net::LDAP::Util qw(ldap_error_text); - use CGI; - - my $q = new CGI; - - print $q->header; - print $q->start_html(-title => 'Change JPEG photo'); - - if ($q->param('Update')) { - my $filename = $q->param('jpeg'); - local $/ = undef; - my $jpeg = <$filename>; - - my $ldap = new Net::LDAP(...); - my $res = $ldap->bind(...); - $res = $ldap->modify(..., - add => [ 'jpegPhoto' => [ $jpeg ] ]); - $res = $ldap->unbind(); - } else { - print $q->start_multipart_form(); - print $q->filefield(-name => 'jpeg', -size => 50); - print $q->submit('Update'); - print $q->end_form(); - } - - print $q->end_html(); - -=head2 What happens when you delete an attribute that does not exist. - -It is an error to delete an attribute that doesn't exist. When you -get the error back the server ignores the entire modify operation -you sent it, so you need to make sure the error doesn't happen. - -Another approach, if you are using LDAPv3 (note Net::LDAP does not use -LDAPv3 by default) is to use a 'replace' with your attribute name and no -values. In LDAPv3, this is defined to always work even if that attribute -doesn't exist in the entry. - -ie: - - my $mesg = $ldap->modify( $entry, replace => { %qv_del_arry } ); - -But make sure you are using LDAPv3, because that is defined to *not* work -in LDAPv2. (A nice incompatibility between LDAPv2 and LDAPv3.) - -=head2 How can I delete a referral from an LDAP tree. - -Since this is a proprietary feature, you will have to check your -server's documentation. You might find that you need to use a control. If -there is a control called something like managedsait, that's the one you -should probably use. For proper operation you will need the oid number -for managedsait; 2.16.840.1.113730.3.4.2 and do not specify a value for -type. - -The code required will look similar to the following code snippet. - - $mesg = $ldap->delete("ref=\"ldap://acme/c=us,o=bricks\",o=clay", - control => {type => "2.16.840.1.113730.3.4.2"} ); - -=head2 How do I add an ACI/ACL entry to a directory server with -Perl-LDAP. - -The following code snippet works with a Netscape directory server and -should work with any other LDAP directory server. You will need the -specify the correct DN (-DN-) and correct attribute(s) (-nom attr-). - - my $aci = '(target="ldap:///-DN-")(targetattr="-nom attr-")(version 3.0; - acl "-nom acl-"; deny(all) userdn = "ldap:///self";)' ; - - $ldap->modify($dn_modif, add => {'aci' => $aci }); - -=head2 How do I avoid file type and data type miss-matching when loading -data from a Win32 system. - -When loading a binary attribute with data read from a file on a Win32 -system, it has been noted that you should set "binmode" on the file -before reading the file contents into the data array. - -Another possible solution to this problem is to convert the -binary data into a base64 encoded string and then store the encoded string -in the file. Then when reading the file, decode the base64 encoded -string back to binary and then use perl ldap to store the data -in the directory. - -=head2 How do I create a Microsoft Exchange user. - -This is a solution provide by a perl-ldap user. - -This code works with ActiveState Perl running on WinNT 4. Please note that -this requires the Win32::Perms module, and needs valid NT account info to -replace the placeholders. - - use Net::LDAP qw(:all); - use Net::LDAP::Util; - use Win32::Perms; - - #Constants taken from ADSI Type Library - $ADS_RIGHT_EXCH_ADD_CHILD = 1; - $ADS_RIGHT_EXCH_DELETE = 0x10000; - $ADS_RIGHT_EXCH_DS_REPLICATION = 64; - $ADS_RIGHT_EXCH_DS_SEARCH = 256; - $ADS_RIGHT_EXCH_MAIL_ADMIN_AS = 32; - $ADS_RIGHT_EXCH_MAIL_RECEIVE_AS = 16; - $ADS_RIGHT_EXCH_MAIL_SEND_AS = 8; - $ADS_RIGHT_EXCH_MODIFY_ADMIN_ATT = 4; - $ADS_RIGHT_EXCH_MODIFY_SEC_ATT = 128; - $ADS_RIGHT_EXCH_MODIFY_USER_ATT = 2; - - $EXCH_USER_RIGHTS = $ADS_RIGHT_EXCH_MAIL_RECEIVE_AS | - $ADS_RIGHT_EXCH_MAIL_SEND_AS | - $ADS_RIGHT_EXCH_MODIFY_USER_ATT; - - $exch = new Net::LDAP('server', debug =>0) || die $@; - - $exch->bind( 'cn=admin_user,cn=nt_domain,cn=admin', version =>3, - password=>'password'); - - $myObj = Win32::Perms->new(); - $Result = $myObj->Owner('nt_domain\user_name'); - $myObj->Group('nt_domain\Everyone'); - $myObj->Allow('nt_domain\user_name', - $EXCH_USER_RIGHTS,OBJECT_INHERIT_ACE); - $BinarySD = $myObj->GetSD(SD_RELATIVE); - $TextSD = uc(unpack( "H*", $BinarySD )); - Win32::Perms::ResolveSid('nt_domain\user_name', $sid); - $mysid = uc(unpack("H*",$sid)); - - $result = $exch->add ( dn => - 'cn=user_name,cn=container,ou=site,o=organisation', - attr => [ 'objectClass' => ['organizationalPerson'], - 'cn' => 'directory_name', - 'uid' => 'mail_nickname', - 'mail' => 'smtp_address', - 'assoc-nt-account' => [ $mysid ], - 'nt-security-descriptor' => [ $TextSD ], - 'mailPreferenceOption' => 0 - ] - ); - - - print ldap_error_name($result->code); - -=head2 How can I simiulate server failover. - -Perl-LDAP does not do server failover, however there are several -programming options for getting around this situation. - -Here is one possible solution. - - unless ( $ldaps = - Net::LDAPS->new($ldapserverone, - port=>636,timeout=>5) ) - { - $ldaps = Net::LDAPS->new($ldapservertwo, - port=>636,timeout=>20) || - return - "Can't connect to $ldapserverone or $ldapservertwo via LDAPS: $@"; - } - -=head1 Using X.509 certificates. - -=head2 How do I store X.509 certificates in the directory? - -The first problem here is that there are many different formats to hold -certificates in, for example PEM, DER, PKCS#7 and PKCS#12. The directory -*only* uses the DER format (more correctly, it only uses the BER format) -which is a binary format. - -Your first job is to ensure that your certificates are therefore in DER/BER -format. You could use OpenSSL to convert from PEM like this: - - openssl x509 -inform PEM -in cert.pem -outform DER -out cert.der - -Consult the OpenSSL documentation to find out how to perform other -conversions. - -To add a certificate to the directory, just slurp in the DER/BER -certificate into a scalar variable, and add it to the entry's -userCertificate attribute. How you do that will depend on which version of -LDAP you are using. - -To slurp in the certificate try something like this: - - my $cert; - { - local $/ = undef; # Slurp mode - open CERT, "cert.der" or die; - $cert = ; - close CERT; - } - # The certificate is now in $cert - -For LDAPv2, because most directory vendors ignore the string representation -of certificates defined in RFC 1778, you should add this value to the -directory like this: - - $res = $ldap->modify("cn=My User, o=My Company,c=XY", - add => [ - 'userCertificate' => [ $cert ] - ]); - die "Modify failed (" . ldap_error_name($res->code) . ")\n" - if $res->code; - -For LDAPv3, you must do this instead: - - $res = $ldap->modify("cn=My User, o=My Company, c=XY", - add => [ - 'userCertificate;binary' => [ $cert ] - ]); - die "Modify failed (" . ldap_error_name($res->code) . ")\n" - if $res->code; - -Of course, the entry you are trying to add the certificate to must use -object classes that permit the userCertificate attribute, otherwise the -modify will fail with an object class violation error. The inetOrgPerson -structural object class permits userCertificates, as does the -strongAuthenticationUser auxiliary object class. Others might also. - -=head1 ADDITIONAL DIRECTORY AND LDAP RESOURCES. - -=head2 URL(s). - -Directory Services Mark Language (DSML) -http://www.dsml.org/ - -eMailman LDAP information -http://www.emailman.com/ldap/ - -Rafael Corvalan's LDAP shell -http://sf.net/projects/ldapsh - -LDAPS, also known as LDAPGURU. -I -http://www.ldaps.com - -Jeff Hodges's Kings Mountain LDAP -http://www.kingsmountain.com/ldapRoadmap.shtml - -Mark Wahl's LDAP World at Innosoft. -http://www.innosoft.com/ldapworld/ - -Open Source LDAP Directory Server. -http://www.openldap.org/ - -CriticalPath -http://www.cp.net/ - -Innosoft -http://www.innosoft.com - -MessagingDirect -http://www.messagingdirect.com/ - -Netscape Directory Developers Area -http://developer.netscape.com/directory/ - -Nexor's X.500 and Internet Directories -http://www.nexor.com/info/directory.htm/ - -Novell's LDAPzone -http://ldapzone.com/ - -Octet String -http://www.octetstring.com/ - -SUN JAVA JNDI (Java Naming and Directory Interface) -http://www.java.sun.com/jndi/ - -Sun One, formerly IPlanet. -http://wwws.sun.com/software/ - -Eine deutsche LDAP Website -A german LDAP Website -http://verzeichnisdienst.de/ldap/Perl/index.html - -The 2 following URLs deal mainly with Microsoft's -Active Directory. - -Directory Works -http://directoryworks.com/ - -ActiveX LDAP Client -http://www.polonia-online.com/ldap/ - -=head2 BOOK(s) - -Developing LDAP and ADSI Clients for Microsoft(R) Exchange. -By Sven B. Schreiber. ISBN: 0201657775 - -Implementing LDAP. -By Mark Wilcox. ISBN: 1861002211 - -LDAP : Programming Directory-Enabled Applications With -Lightweight Directory Access Protocol. -By Tim Howes, Mark Smith. ISBN: 1578700000 - -LDAP Programming; Directory Management and Integration in Perl. -By Clayton Donley. ISBN: 1884777910 - -LDAP Programming with Java. -By Rob Weltman, Tony Dahbura. ISBN: 0201657589 - -Managing Enterprise Active Directory Services. -By Robbie Allen, Richard Puckett. ISBN: 0672321254 - -Solaris and LDAP Naming Services. -By Tom Bialaski, Michael Haines. ISBN: 0-13-030678-9 - -Understanding and Deploying Ldap Directory Services. -By Tim Howes, Mark Smith, Gordon Good, Timothy A. Howe -ISBN: 1578700701 - -=head1 AUTHOR(s) - -Any good FAQ is made up of many authors, everyone that contributes -information to the perl-ldap mail list is a potential author. - -An attempt to maintain this FAQ is being done by Clif Harden - . - -The original author of this FAQ was Graham Barr - -Please report any bugs, or post any suggestions, to the -perl-ldap mailing list - . - -=head1 COPYRIGHT - -Copyright (c) 1999-2000 Graham Barr. All rights reserved. This document is -distributed, and may be redistributed, under the same terms as Perl itself. - -=for html
- -=cut - diff --git a/lib/Net/LDAP/Filter.pm b/lib/Net/LDAP/Filter.pm deleted file mode 100644 index 45186bb..0000000 --- a/lib/Net/LDAP/Filter.pm +++ /dev/null @@ -1,272 +0,0 @@ -# Copyright (c) 1997-2000 Graham Barr . All rights reserved. -# This program is free software; you can redistribute it and/or -# modify it under the same terms as Perl itself. - -package Net::LDAP::Filter; - -use strict; -use vars qw($VERSION); - -$VERSION = "0.13"; - -# filter = "(" filtercomp ")" -# filtercomp = and / or / not / item -# and = "&" filterlist -# or = "|" filterlist -# not = "!" filter -# filterlist = 1*filter -# item = simple / present / substring / extensible -# simple = attr filtertype value -# filtertype = equal / approx / greater / less -# equal = "=" -# approx = "~=" -# greater = ">=" -# less = "<=" -# extensible = attr [":dn"] [":" matchingrule] ":=" value -# / [":dn"] ":" matchingrule ":=" value -# present = attr "=*" -# substring = attr "=" [initial] any [final] -# initial = value -# any = "*" *(value "*") -# final = value -# attr = AttributeDescription from Section 4.1.5 of [1] -# matchingrule = MatchingRuleId from Section 4.1.9 of [1] -# value = AttributeValue from Section 4.1.6 of [1] -# -# Special Character encodings -# --------------------------- -# * \2a, \* -# ( \28, \( -# ) \29, \) -# \ \5c, \\ -# NUL \00 - -my $ErrStr; - -sub new { - my $self = shift; - my $class = ref($self) || $self; - - my $me = bless {}, $class; - - if (@_) { - $me->parse(shift) or - return undef; - } - $me; -} - -my $Attr = '[-;.:\d\w]*[-;\d\w]'; - -my %Op = qw( - & and - | or - ! not - = equalityMatch - ~= approxMatch - >= greaterOrEqual - <= lessOrEqual - := extensibleMatch -); - -my %Rop = reverse %Op; - -# Unescape -# \xx where xx is a 2-digit hex number -# \y where y is one of ( ) \ * - -sub errstr { $ErrStr } - -sub _unescape { - $_[0] =~ s/ - \\([\da-fA-F]{2}|.) - / - length($1) == 1 - ? $1 - : chr(hex($1)) - /soxeg; - $_[0]; -} - -sub _escape { (my $t = $_[0]) =~ s/([\\\(\)\*\0-\37])/sprintf("\\%02x",ord($1))/sge; $t } - -sub _encode { - my($attr,$op,$val) = @_; - - # An extensible match - - if ($op eq ':=') { - - # attr must be in the form type:dn:1.2.3.4 - unless ($attr =~ /^([-;\d\w]*)(:dn)?(:(\w+|[.\d]+))?$/) { - $ErrStr = "Bad attribute $attr"; - return undef; - } - my($type,$dn,$rule) = ($1,$2,$4); - - return ( { - extensibleMatch => { - matchingRule => $rule, - type => length($type) ? $type : undef, - matchValue => _unescape($val), - dnAttributes => $dn ? 1 : undef - } - }); - } - - # If the op is = and contains one or more * not - # preceeded by \ then do partial matches - - if ($op eq '=' && $val =~ /^(\\.|[^\\*]*)*\*/o ) { - - my $n = []; - my $type = 'initial'; - - while ($val =~ s/^((\\.|[^\\*]*)*)\*//) { - push(@$n, { $type, _unescape("$1") }) # $1 is readonly, copy it - if length($1) or $type eq 'any'; - - $type = 'any'; - } - - push(@$n, { 'final', _unescape($val) }) - if length $val; - - return ({ - substrings => { - type => $attr, - substrings => $n - } - }); - } - - # Well we must have an operator and no un-escaped *'s on the RHS - - return { - $Op{$op} => { - attributeDesc => $attr, assertionValue => _unescape($val) - } - }; -} - -sub parse { - my $self = shift; - my $filter = shift; - - my @stack = (); # stack - my $cur = []; - my $op; - - undef $ErrStr; - - # Algorithm depends on /^\(/; - $filter =~ s/^\s*//; - - $filter = "(" . $filter . ")" - unless $filter =~ /^\(/; - - while (length($filter)) { - - # Process the start of (& (...)(...)) - - if ($filter =~ s/^\(\s*([&!|])\s*//) { - push @stack, [$op,$cur]; - $op = $1; - $cur = []; - next; - } - - # Process the end of (& (...)(...)) - - elsif ($filter =~ s/^\)\s*//o) { - unless (@stack) { - $ErrStr = "Bad filter, unmatched )"; - return undef; - } - my($myop,$mydata) = ($op,$cur); - ($op,$cur) = @{ pop @stack }; - # Need to do more checking here - push @$cur, { $Op{$myop} => $myop eq '!' ? $mydata->[0] : $mydata }; - next if @stack; - } - - # present is a special case (attr=*) - - elsif ($filter =~ s/^\(\s*($Attr)=\*\)\s*//o) { - push(@$cur, { present => $1 } ); - next if @stack; - } - - # process (attr op string) - - elsif ($filter =~ s/^\(\s* - ($Attr)\s* - ([:~<>]?=) - ((?:\\.|[^\\()]+)*) - \)\s* - //xo) { - push(@$cur, _encode($1,$2,$3)); - next if @stack; - } - - # If we get here then there is an error in the filter string - # so exit loop with data in $filter - last; - } - - if (length $filter) { - # If we have anything left in the filter, then there is a problem - $ErrStr = "Bad filter, error before " . substr($filter,0,20); - return undef; - } - if (@stack) { - $ErrStr = "Bad filter, unmatched ("; - return undef; - } - - %$self = %{$cur->[0]}; - - $self; -} - -sub print { - my $self = shift; - no strict 'refs'; # select may return a GLOB name - my $fh = @_ ? shift : select; - - print $fh $self->as_string,"\n"; -} - -sub as_string { _string(%{$_[0]}) } - -sub _string { # prints things of the form ( () ... ) - my $i; - my $str = ""; - - for ($_[0]) { - /^and/ and return "(&" . join("", map { _string(%$_) } @{$_[1]}) . ")"; - /^or/ and return "(|" . join("", map { _string(%$_) } @{$_[1]}) . ")"; - /^not/ and return "(!" . _string(%{$_[1]}) . ")"; - /^present/ and return "($_[1]=*)"; - /^(equalityMatch|greaterOrEqual|lessOrEqual|approxMatch)/ - and return "(" . $_[1]->{attributeDesc} . $Rop{$1} . _escape($_[1]->{assertionValue}) .")"; - /^substrings/ and do { - my $str = join("*", "",map { _escape($_) } map { values %$_ } @{$_[1]->{substrings}}); - $str =~ s/^.// if exists $_[1]->{substrings}[0]{initial}; - $str .= '*' unless exists $_[1]->{substrings}[-1]{final}; - return "($_[1]->{type}=$str)"; - }; - /^extensibleMatch/ and do { - my $str = "("; - $str .= $_[1]->{type} if defined $_[1]->{type}; - $str .= ":dn" if $_[1]->{dnAttributes}; - $str .= ":$_[1]->{matchingRule}" if defined $_[1]->{matchingRule}; - $str .= ":=" . _escape($_[1]->{matchValue}) . ")"; - return $str; - }; - } - - die "Internal error $_[0]"; -} - -1; diff --git a/lib/Net/LDAP/Filter.pod b/lib/Net/LDAP/Filter.pod deleted file mode 100644 index b4b90e5..0000000 --- a/lib/Net/LDAP/Filter.pod +++ /dev/null @@ -1,112 +0,0 @@ -=head1 NAME - -Net::LDAP::Filter - representation of LDAP filters - -=head1 SYNOPSIS - - use Net::LDAP::Filter; - - $filter = Net::LDAP::Filter->new( $filter_str ); - -=head1 DESCRIPTION - -=head1 CONSTRUCTOR - -=over 4 - -=item new ( FILTER ) - -Create a new object and parse FILTER. - -=back - -=head1 METHODS - -=over 4 - -=item parse ( FILTER ) - -Parse FILTER. The next call to ber will return this filter encoded. - -=item asn - -Return the data structure suitable for passing directly to L -to encode a filter object. - -=item as_string - -Return the filter in text form. - -=item print ( [ FH ] ) - -Print the text representation of the filter to FH, or the currently -selected output handle if FH is not given. - -=back - -=head1 FILTER SYNTAX - -Below is the syntax for a filter given in -RFC-2254 http://info.internet.isi.edu/in-notes/rfc/files/rfc2254.txt - - filter = "(" filtercomp ")" - filtercomp = and / or / not / item - and = "&" filterlist - or = "|" filterlist - not = "!" filter - filterlist = 1*filter - item = simple / present / substring / extensible - simple = attr filtertype value - filtertype = equal / approx / greater / less - equal = "=" - approx = "~=" - greater = ">=" - less = "<=" - extensible = attr [":dn"] [":" matchingrule] ":=" value - / [":dn"] ":" matchingrule ":=" value - present = attr "=*" - substring = attr "=" [initial] any [final] - initial = value - any = "*" *(value "*") - final = value - attr = AttributeDescription from Section 4.1.5 of RFC-2251 - matchingrule = MatchingRuleId from Section 4.1.9 of RFC-2251 - value = AttributeValue from Section 4.1.6 of RFC-2251 - - - Special Character encodings - --------------------------- - * \2a, \* - ( \28, \( - ) \29, \) - \ \5c, \\ - NUL \00 - -=head1 SEE ALSO - -L, -L - -=head1 ACKNOWLEDGEMENTS - -This document is based on a document originally written by Russell Fulton -. - -=head1 AUTHOR - -Graham Barr - -Please report any bugs, or post any suggestions, to the perl-ldap mailing list -. - -=head1 COPYRIGHT - -Copyright (c) 1997-2000 Graham Barr. All rights reserved. This program is -free software; you can redistribute it and/or modify it under the same -terms as Perl itself. - -=for html
- -I<$Id: Filter.pod,v 1.3 2001/08/24 19:31:14 gbarr Exp $> - -=cut diff --git a/lib/Net/LDAP/LDIF.pm b/lib/Net/LDAP/LDIF.pm deleted file mode 100644 index 76d2ce6..0000000 --- a/lib/Net/LDAP/LDIF.pm +++ /dev/null @@ -1,531 +0,0 @@ -# Copyright (c) 1997-2000 Graham Barr . All rights reserved. -# This program is free software; you can redistribute it and/or -# modify it under the same terms as Perl itself. - -package Net::LDAP::LDIF; - -use strict; -use SelectSaver; -require Net::LDAP::Entry; -use vars qw($VERSION); - -$VERSION = "0.12"; - -my %mode = qw(w > r < a >>); - -sub new { - my $pkg = shift; - my $file = shift || "-"; - my $mode = shift || "r"; - my %opt = @_; - my $fh; - my $opened_fh = 0; - - if (ref($file)) { - $fh = $file; - } - else { - if ($file eq "-") { - if ($mode eq "w") { - ($file,$fh) = ("STDOUT",\*STDOUT); - } - else { - ($file,$fh) = ("STDIN",\*STDIN); - } - } - else { - require Symbol; - $fh = Symbol::gensym(); - my $open = ($mode{$mode} || "<") . $file; - open($fh,$open) or return; - $opened_fh = 1; - } - } - - # Default the encoding of DNs to 'none' unless the user specifies - $opt{'encode'} = 'none' unless exists $opt{'encode'}; - - # Default the error handling to die - $opt{'onerror'} = 'die' unless exists $opt{'onerror'}; - - $opt{'lowercase'} ||= 0; - - my $self = { - change => 0, - changetype => "modify", - modify => 'add', - wrap => 78, - %opt, - fh => $fh, - file => "$file", - opened_fh => $opened_fh, - eof => 0, - write_count => ($mode eq 'a' and tell($fh) > 0) ? 1 : 0, - }; - - bless $self, $pkg; -} - -sub _read_lines { - my $self = shift; - my @ldif; - - { - local $/ = ""; - my $fh = $self->{'fh'}; - my $ln = $self->{_next_lines} || scalar <$fh>; - unless ($ln) { - $self->{_next_lines} = ''; - $self->{_current_lines} = ''; - $self->eof(1); - return; - } - $ln =~ s/\n //sg; - $ln =~ s/^#.*\n//mg; - chomp($ln); - $self->{_current_lines} = $ln; - chomp(@ldif = split(/^/, $ln)); - $self->{_next_lines} = scalar <$fh> || ''; - $self->eof(1) unless $self->{_next_lines}; - } - - @ldif; -} - - -# _read_one() is deprecated and will be removed -# in a future version -*_read_one = \&_read_entry; - -sub _read_entry { - my $self = shift; - my @ldif; - $self->_clear_error(); - - @ldif = $self->_read_lines; - return unless @ldif; - shift @ldif if @ldif && $ldif[0] !~ /\D/; - - if (@ldif and $ldif[0] =~ /^version:\s+(\d+)/) { - $self->{version} = $1; - shift @ldif; - return $self->_read_entry - unless @ldif; - } - - if (@ldif <= 1) { - $self->_error("LDIF entry is not valid", @ldif); - return; - } - elsif (not ( $ldif[0] =~ s/^dn:(:?) *//) ) { - $self->_error("First line of LDIF entry does not begin with 'dn:'", @ldif); - return; - } - - my $dn = shift @ldif; - - if (length($1)) { - eval { require MIME::Base64 }; - if ($@) { - $self->_error($@, @ldif); - return; - } - $dn = MIME::Base64::decode($dn); - } - - my $entry = Net::LDAP::Entry->new; - $entry->dn($dn); - - if ($ldif[0] =~ /^changetype:\s*/) { - my $changetype = $ldif[0] =~ s/^changetype:\s*// - ? shift(@ldif) : $self->{'changetype'}; - $entry->changetype($changetype); - - return $entry if ($changetype eq "delete"); - - unless (@ldif) { - $self->_error("LDAP entry is not valid",@ldif); - return; - } - - while(@ldif) { - my $modify = $self->{'modify'}; - my $modattr; - my $lastattr; - if($changetype eq "modify") { - unless ( (my $tmp = shift @ldif) =~ s/^(add|delete|replace):\s*([-;\w]+)// ) { - $self->_error("LDAP entry is not valid",@ldif); - return; - } - $lastattr = $modattr = $2; - $modify = $1; - } - my @values; - while(@ldif) { - my $line = shift @ldif; - my $attr; - - if ($line eq "-") { - $entry->$modify($lastattr, \@values) - if defined $lastattr; - undef $lastattr; - @values = (); - last; - } - - $line =~ s/^([-;\w]+):\s*// and $attr = $1; - if ($line =~ s/^:\s*//) { - eval { require MIME::Base64 }; - if ($@) { - $self->_error($@, @ldif); - return; - } - $line = MIME::Base64::decode($line); - } - - if( defined($modattr) && $attr ne $modattr ) { - $self->_error("LDAP entry is not valid", @ldif); - return; - } - - if(!defined($lastattr) || $lastattr ne $attr) { - $entry->$modify($lastattr, \@values) - if defined $lastattr; - $lastattr = $attr; - @values = ($line); - next; - } - push @values, $line; - } - $entry->$modify($lastattr, \@values) - if defined $lastattr; - } - } - - else { - my @attr; - my $last = ""; - my $vals = []; - my $line; - my $attr; - foreach $line (@ldif) { - $line =~ s/^([-;\w]+):\s*// && ($attr = $1) or next; - - if ($line =~ s/^:\s*//) { - eval { require MIME::Base64 }; - if ($@) { - $self->_error($@, @ldif); - return; - } - $line = MIME::Base64::decode($line); - } - - if ($attr eq $last) { - push @$vals, $line; - next; - } - else { - $vals = [$line]; - push(@attr,$last=$attr,$vals); - } - } - $entry->add(@attr); - } - $self->{_current_entry} = $entry; - - $entry; -} - -sub read_entry { - my $self = shift; - - unless ($self->{'fh'}) { - $self->_error("LDIF file handle not valid"); - return; - } - $self->_read_entry(); -} - -# read() is deprecated and will be removed -# in a future version -sub read { - my $self = shift; - - return $self->read_entry() unless wantarray; - - my($entry, @entries); - push(@entries,$entry) while $entry = $self->read_entry; - - @entries; -} - -sub eof { - my $self = shift; - my $eof = shift; - - if ($eof) { - $self->{_eof} = $eof; - } - - $self->{_eof}; -} - -sub _wrap { - if($_[1] > 40) { - my $pos = $_[1]; - while($pos < length($_[0])) { - substr($_[0],$pos,0) = "\n "; - $pos += $_[1]+1; - } - } - $_[0]; -} - -sub _write_attr { - my($attr,$val,$wrap,$lower) = @_; - my $v; - foreach $v (@$val) { - my $ln = $lower ? lc $attr : $attr; - if ($v =~ /(^[ :]|[\x00-\x1f\x7f-\xff])/) { - require MIME::Base64; - $ln .= ":: " . MIME::Base64::encode($v,""); - } - else { - $ln .= ": " . $v; - } - print _wrap($ln,$wrap),"\n"; - } -} - -sub _write_attrs { - my($entry,$wrap,$lower) = @_; - my $attr; - foreach $attr ($entry->attributes) { - my $val = $entry->get_value($attr, asref => 1); - _write_attr($attr,$val,$wrap,$lower); - } -} - -sub _write_dn { - my($dn,$encode,$wrap) = @_; - if ($dn =~ /^[ :<]|[\x00-\x1f\x7f-\xff]/) { - if ($encode =~ /canonical/i) { - require Net::LDAP::Util; - $dn = Net::LDAP::Util::canonical_dn($dn); - # Canonicalizer won't fix leading spaces, colons or less-thans, which - # are special in LDIF, so we fix those up here. - $dn =~ s/^([ :<])/\\$1/; - } elsif ($encode =~ /base64/i) { - require MIME::Base64; - $dn = "dn:: " . MIME::Base64::encode($dn,""); - } else { - $dn = "dn: $dn"; - } - } else { - $dn = "dn: $dn"; - } - print _wrap($dn,$wrap), "\n"; -} - -# write() is deprecated and will be removed -# in a future version -sub write { - my $self = shift; - - $self->{change} = 0; - $self->write_entry(@_); -} - -sub write_entry { - my $self = shift; - my $entry; - my $change = $self->{change}; - my $wrap = int($self->{'wrap'}); - my $lower = $self->{'lowercase'}; - local($\,$,); # output field and record separators - - unless ($self->{'fh'}) { - $self->_error("LDIF file handle not valid"); - return; - } - my $saver = SelectSaver->new($self->{'fh'}); - - my $fh = $self->{'fh'}; - foreach $entry (@_) { - unless (ref $entry) { - $self->_error("Entry '$entry' is not a valid Net::LDAP::Entry object."); - next; - } - - if ($change) { - my @changes = $entry->changes; - my $type = $entry->changetype; - - # Skip entry if there is nothing to write - next if $type eq 'modify' and !@changes; - - if ($self->{write_count}++) { - print "\n"; - } - else { - print "version: $self->{version}\n" if defined $self->{version}; - } - _write_dn($entry->dn,$self->{'encode'},$wrap); - - print "changetype: $type\n"; - - if ($type eq 'delete') { - next; - } - elsif ($type eq 'add') { - _write_attrs($entry,$wrap,$lower); - next; - } - elsif ($type eq 'modrdn') { - print _write_attr('newrdn',$entry->get_value('newrdn', asref => 1),$wrap,$lower); - print 'deleteoldrdn: ', scalar $entry->get_value('deleteoldrdn'),"\n"; - my $ns = $entry->get_value('newsuperior', asref => 1); - print _write_attr('newsuperior',$ns,$wrap,$lower) if defined $ns; - next; - } - - my $dash=0; - foreach my $chg (@changes) { - unless (ref($chg)) { - $type = $chg; - next; - } - my $i = 0; - while ($i < @$chg) { - print "-\n" if $dash++; - my $attr = $chg->[$i++]; - my $val = $chg->[$i++]; - print $type,": ",$attr,"\n"; - _write_attr($attr,$val,$wrap,$lower); - } - } - } - - else { - if ($self->{write_count}++) { - print "\n"; - } - else { - print "version: $self->{version}\n" if defined $self->{version}; - } - _write_dn($entry->dn,$self->{'encode'},$wrap); - _write_attrs($entry,$wrap,$lower); - } - } - - 1; -} - -# read_cmd() is deprecated in favor of read_entry() -# and will be removed in a future version -sub read_cmd { - my $self = shift; - - return $self->read_entry() unless wantarray; - - my($entry, @entries); - push(@entries,$entry) while $entry = $self->read_entry; - - @entries; -} - -# _read_one_cmd() is deprecated in favor of _read_one() -# and will be removed in a future version -*_read_one_cmd = \&_read_entry; - -# write_cmd() is deprecated in favor of write_entry() -# and will be removed in a future version -sub write_cmd { - my $self = shift; - - $self->{change} = 1; - $self->write_entry(@_); -} - -sub done { - my $self = shift; - if ($self->{fh}) { - if ($self->{opened_fh}) { - close $self->{fh}; - undef $self->{opened_fh}; - } - delete $self->{fh}; - } - 1; -} - -my %onerror = ( - 'die' => sub { - my $self = shift; - require Carp; - $self->done; - Carp::croak($self->error(@_)); - }, - 'warn' => sub { - my $self = shift; - require Carp; - Carp::carp($self->error(@_)); - }, - 'undef' => sub { - my $self = shift; - require Carp; - Carp::carp($self->error(@_)) if $^W; - }, -); - -sub _error { - my ($self,$errmsg,@errlines) = @_; - $self->{_err_msg} = $errmsg; - $self->{_err_lines} = join "\n",@errlines; - - scalar &{ $onerror{ $self->{onerror} } }($self,$self->{_err_msg}) if $self->{onerror}; -} - -sub _clear_error { - my $self = shift; - - undef $self->{_err_msg}; - undef $self->{_err_lines}; -} - -sub error { - my $self = shift; - $self->{_err_msg}; -} - -sub error_lines { - my $self = shift; - $self->{_err_lines}; -} - -sub current_entry { - my $self = shift; - $self->{_current_entry}; -} - -sub current_lines { - my $self = shift; - $self->{_current_lines}; -} - -sub version { - my $self = shift; - $self->{version}; -} - -sub next_lines { - my $self = shift; - $self->{_next_lines}; -} - -sub DESTROY { - my $self = shift; - $self->done(); -} - -1; diff --git a/lib/Net/LDAP/LDIF.pod b/lib/Net/LDAP/LDIF.pod deleted file mode 100644 index 17f7746..0000000 --- a/lib/Net/LDAP/LDIF.pod +++ /dev/null @@ -1,141 +0,0 @@ -=head1 NAME - -Net::LDAP::LDIF - LDIF reading and writing - -=head1 SYNOPSIS - - use Net::LDAP::LDIF; - - $ldif = Net::LDAP::LDIF->new( "file.ldif", "r", onerror => 'undef' ); - while( not $ldif->eof() ) { - $entry = $ldif->read_entry(); - if ( $ldif->error() ) { - print "Error msg: ",$ldif->error(),"\n"; - print "Error lines:\n",$ldif->error_lines(),"\n"; - } - else { - # do stuff - } - } - $ldif->done(); - -=head1 DESCRIPTION - -B provides a means to convert between -L objects and LDAP entries represented -in LDIF format files. Reading and writing are supported and may manipulate -single entries or lists of entries. - -As when reading an entire file into memory with perl normally, take into -account the possibility of memory use when loading an LDIF file in one go. - -=head1 CONSTRUCTOR - -=over 4 - -=item new ( [ FILE [, MODE [,OPTIONS ]]] ) - -FILE may be the name of a file or an already open filehandle. If a filename -is passed in then it will be opened with the mode specified. - -MODE defaults to "r" for read. You may specify "w" to for write+truncate or -"a" for write+append. - -OPTIONS is a list of key-value pairs. Valid options are: - -=over 4 - -=item encode - -Some values in LDIF cannot be written verbatim and have to be encoded -in some way. This option lets you specify how. Valid encoding options -are 'none' (the default), 'canonical' (see -L), or 'base64'. - -=back - -=item onerror - -If set then Net::LDAP::LDIF will check all responses for errors on all methods. -If an error is detected then the specified action will be taken. Valid values -and their actions are. - -=over 4 - -=item die - -Net::LDAP::LDIF will croak with an appropriate message. - -=item warn - -Net::LDAP::LDIF will warn with an appropriate message. - -=item undef - -Net::LDAP::LDIF will warn with an appropriate message if C<-w> is in effect. -The method that was called will return C - -=back - -=back - -=head1 METHODS - -=over 4 - -=item read_entry - -Read one entry from the file and return it as a Net::LDAP::Entry object. - -=item eof - -Returns true when the end of the file is reached. - -=item write_entry ( ENTRIES ) - - - -=item done - -This method signals that the LDIF object is no longer needed. If a file was -opened automatically when the object was created it will be closed. This -method is called automatically via DESTROY when the object goes out of scope. - -=item error - -Returns error message if error was found. - -=item error_lines - -Returns lines that resulted in error. - -=item current_entry - -Returns the current Net::LDAP::Entry object. - -=item current_lines - -Returns the lines that generated the current Net::LDAP::Entry object. - -=item next_lines - -Returns the lines that will generate the next Net::LDAP::Entry object. - -=back - -=head1 AUTHOR - -Graham Barr . - -Please report any bugs, or post any suggestions, to the perl-ldap mailing list -. - -=head1 COPYRIGHT - -Copyright (c) 1997-2000 Graham Barr. All rights reserved. This program is -free software; you can redistribute it and/or modify it under the same -terms as Perl itself. - -=for html
- -=cut diff --git a/lib/Net/LDAP/Message.pm b/lib/Net/LDAP/Message.pm deleted file mode 100644 index 4ebc7a6..0000000 --- a/lib/Net/LDAP/Message.pm +++ /dev/null @@ -1,227 +0,0 @@ -# $Id: Message.pm,v 1.4 2000/09/12 09:17:09 gbarr Exp $ -# Copyright (c) 1997-2000 Graham Barr . All rights reserved. -# This program is free software; you can redistribute it and/or -# modify it under the same terms as Perl itself. - -package Net::LDAP::Message; - -use Net::LDAP::Constant qw(LDAP_SUCCESS LDAP_COMPARE_TRUE LDAP_COMPARE_FALSE); -use Net::LDAP::ASN qw(LDAPRequest); -use strict; -use vars qw($VERSION); - -$VERSION = "1.05"; - -my $MsgID = 0; - -# We do this here so when we add threading we can lock it -sub NewMesgID { - $MsgID = 1 if ++$MsgID > 65535; - $MsgID; -} - -sub new { - my $self = shift; - my $type = ref($self) || $self; - my $parent = shift; - my $arg = shift; - - $self = bless { - parent => $parent, - mesgid => NewMesgID(), - callback => $arg->{callback} || undef, - }, $type; - - $self; -} - -sub code { - my $self = shift; - - $self->sync unless exists $self->{resultCode}; - - exists $self->{resultCode} - ? $self->{resultCode} - : undef -} - -sub done { - my $self = shift; - - exists $self->{resultCode}; -} - -sub dn { - my $self = shift; - - $self->sync unless exists $self->{resultCode}; - - exists $self->{matchedDN} - ? $self->{matchedDN} - : undef -} - -sub referrals { - my $self = shift; - - $self->sync unless exists $self->{resultCode}; - - exists $self->{referral} - ? @{$self->{referral}} - : (); -} - -sub server_error { - my $self = shift; - - $self->sync unless exists $self->{resultCode}; - - exists $self->{errorMessage} - ? $self->{errorMessage} - : undef -} - -sub error { - my $self = shift; - $self->server_error - or require Net::LDAP::Util - and Net::LDAP::Util::ldap_error_desc( $self->code ); -} - -sub set_error { - my $self = shift; - ($self->{resultCode},$self->{errorMessage}) = ($_[0]+0, "$_[1]"); - $self; -} - -sub sync { - my $self = shift; - my $ldap = $self->{parent}; - my $err; - - until(exists $self->{resultCode}) { - $err = $ldap->sync($self->mesg_id) or next; - $self->set_error($err,"Protocol Error") - unless exists $self->{resultCode}; - return $err; - } - - LDAP_SUCCESS; -} - - -sub decode { # $self, $pdu, $control - my $self = shift; - my $result = shift; - my $data = (values %{$result->{protocolOp}})[0]; - - @{$self}{keys %$data} = values %$data; - - # Should the controls be associated with the whole request, or in - # the case of a search the entry in this packet ? -- GMB - $self->{controls} = $result->{controls} - if exists $result->{controls}; - - # free up memory as we have a result so we will not need to re-send it - delete $self->{pdu}; - - # tell our LDAP client to forget us as this message has now completed - # all communications with the server - $self->parent->_forgetmesg($self); - - $self->{callback}->($self) - if (defined $self->{callback}); - - $self; -} - - -sub abandon { - my $self = shift; - - return if exists $self->{resultCode}; # already complete - - my $ldap = $self->{parent}; - - $ldap->abandon($self->{mesgid}); -} - -sub saslref { - my $self = shift; - - $self->sync unless exists $self->{resultCode}; - - exists $self->{sasl} - ? $self->{sasl} - : undef -} - - -sub encode { - my $self = shift; - - $self->{pdu} = $LDAPRequest->encode(@_, messageID => $self->{mesgid}) - or return; - 1; -} - -sub control { - my $self = shift; - - if (exists $self->{controls}) { - require Net::LDAP::Control; - my $hash = $self->{ctrl_hash} = {}; - foreach my $asn (@{delete $self->{controls}}) { - my $ctrl = Net::LDAP::Control->from_asn($asn); - push @{$hash->{$ctrl->type} ||= []}, $ctrl; - } - } - - return unless exists $self->{ctrl_hash}; - - @_ ? exists $self->{ctrl_hash}{$_[0]} - ? @{$self->{ctrl_hash}{$_[0]}} - : () - : map { @$_ } values %{$self->{ctrl_hash}}; -} - -sub pdu { shift->{pdu} } -sub callback { shift->{callback} } -sub parent { shift->{parent} } -sub mesg_id { shift->{mesgid} } -sub is_error { shift->code } - -## -## -## - - -@Net::LDAP::Add::ISA = qw(Net::LDAP::Message); -@Net::LDAP::Delete::ISA = qw(Net::LDAP::Message); -@Net::LDAP::Modify::ISA = qw(Net::LDAP::Message); -@Net::LDAP::ModDN::ISA = qw(Net::LDAP::Message); -@Net::LDAP::Compare::ISA = qw(Net::LDAP::Message); -@Net::LDAP::Unbind::ISA = qw(Net::LDAP::Message::Dummy); -@Net::LDAP::Abandon::ISA = qw(Net::LDAP::Message::Dummy); - -sub Net::LDAP::Compare::is_error { - my $mesg = shift; - my $code = $mesg->code; - $code != LDAP_COMPARE_FALSE and $code != LDAP_COMPARE_TRUE -} - -{ - package Net::LDAP::Message::Dummy; - use vars qw(@ISA); - @ISA = qw(Net::LDAP::Message); - - sub sync { shift } - sub decode { shift } - sub abandon { shift } - sub code { 0 } - sub error { "" } - sub dn { "" } - sub done { 1 } -} - -1; diff --git a/lib/Net/LDAP/Message.pod b/lib/Net/LDAP/Message.pod deleted file mode 100644 index 3afdbe9..0000000 --- a/lib/Net/LDAP/Message.pod +++ /dev/null @@ -1,111 +0,0 @@ -=head1 NAME - -Net::LDAP::Message - Message response from LDAP server - -=head1 SYNOPSIS - - use Net::LDAP; - -=head1 DESCRIPTION - -B is a base class for the objects returned by the -L methods -L, -L, -L, -L, -L, -L, -L, -L and -L. - -The sub-class L returned by L also -defines many methods. - -If the L object is in async mode then all these methods, except -C, will cause a wait until the request is completed. - -=head1 METHODS - -=over 4 - -=item code - -The code value in the result message from the server. Normally for -a success zero will be returned. Constants for the result codes -can be imported from the L or L module. - -=item control [ OID ] - -Return a list of controls returned from the server. If OID is given -then only controls with type equal to OID will be returned. - -=item dn - -The DN in the result message from the server. - -=item done - -Returns I if the request has been completed. - -=item error - -The error message in the result message from the server. If the server did -not include an error message, then the result of -L with the -error code from the result message. - -=item is_error - -Returns I if the result code is considered to be an error for the operation. - -=item mesg_id - -The message id of the request message sent to the server. - -=item referrals - -Returns a list of referrals from the result message. - -=item server_error - -The error message returned by the server, or undef if the server did not provide -a message. - -=item sync - -Wait for the server to complete the request. - -=back - -=head1 SEE ALSO - -L, -L, -L, -L - -=head1 ACKNOWLEDGEMENTS - -This document is based on a document originally written by Russell Fulton -. - -=head1 AUTHOR - -Graham Barr - -Please report any bugs, or post any suggestions, to the perl-ldap mailing list -. - -=head1 COPYRIGHT - -Copyright (c) 1997-2000 Graham Barr. All rights reserved. This program is -free software; you can redistribute it and/or modify it under the same -terms as Perl itself. - -=for html
- -I<$Id: Message.pod,v 1.5 2001/08/24 19:31:14 gbarr Exp $> - -=cut diff --git a/lib/Net/LDAP/RFC.pod b/lib/Net/LDAP/RFC.pod deleted file mode 100644 index a2400d5..0000000 --- a/lib/Net/LDAP/RFC.pod +++ /dev/null @@ -1,1295 +0,0 @@ - -=head1 NAME - -Net::LDAP::RFC - List of related RFC's - -=head1 SYNOPSIS - - none - -=head1 DESCRIPTION - -The LDAP protocol is defined in the following RFC's - -=head1 Core LDAP Specification - -=head2 RFC-2251 Lightweight Directory Access Protocol (v3) - -http://www.ietf.org/rfc/rfc2251.txt - -The protocol described in this document is designed to provide -access to directories supporting the X.500 models, while not -incurring the resource requirements of the X.500 Directory -Access Protocol (DAP). This protocol is specifically targeted -at management applications and browser applications that -provide read/write interactive access to directories. When used -with a directory supporting the X.500 protocols, it is intended -to be a complement to the X.500 DAP. - - - -=head2 RFC-2252 LDAPv3 Attribute Syntax Definitions - -http://www.ietf.org/rfc/rfc2252.txt - -The LDAP requires that the contents of AttributeValue fields in -protocol elements be octet strings. This document defines a set -of syntaxes for LDAPv3, and the rules by which attribute values -of these syntaxes are represented as octet strings for -transmission in the LDAP protocol. The syntaxes defined in this -document are referenced by this and other documents that define -attribute types. This document also defines the set of -attribute types which LDAP servers should support. - - - -=head2 RFC-2253 UTF-8 String Representation of Distinguished Names - -http://www.ietf.org/rfc/rfc2253.txt - -The X.500 Directory uses distinguished names as the primary -keys to entries in the directory. Distinguished Names are -encoded in ASN.1 in the X.500 Directory protocols. In the LDAP, -a string representation of distinguished names is transferred. -This specification defines the string format for representing -names, which is designed to give a clean representation of -commonly used distinguished names, while being able to -represent any distinguished name. - - - -=head2 RFC-2254 The String Representation of LDAP Search Filters - -http://www.ietf.org/rfc/rfc2254.txt - -The LDAP defines a network representation of a search filter -transmitted to an LDAP server. Some applications may find it -useful to have a common way of representing these search -filters in a human-readable form. This document defines a -human-readable string format for representing LDAP search -filters. This document replaces RFC 1960, extending the string -LDAP filter definition to include support for LDAPv3 extended -match filters. - - - -=head2 RFC-2255 The LDAP URL Format - -http://www.ietf.org/rfc/rfc2255.txt - -This document describes a format for an LDAP Uniform Resource -Locator, and describes an LDAP search operation performed to -retrieve information from an LDAP directory. It updates the -LDAP URL format for LDAPv3. This document also defines a second -URL scheme prefix for LDAP running over the TLS protocol. - - - -=head2 RFC-2256 A Summary of the X.500(96) User Schema for use with LDAPv3 - -http://www.ietf.org/rfc/rfc2256.txt - -This document provides an overview of the attribute types and -object classes defined by the ISO and ITU-T committees in the -X.500 documents, in particular those intended for use by -directory clients. This is the most widely used schema for -LDAP/X.500 directories, and many other schema definitions for -white pages objects use it as a basis. This document does not -cover attributes used for the administration of X.500 directory -servers, nor does it include attributes defined by other -ISO/ITU-T documents. - - - - -=head1 Other LDAP Related RFCs - -=head2 RFC-1823 The LDAP Application Program Interface - -http://www.ietf.org/rfc/rfc1823.txt - -This document defines a C language application program -interface to LDAP, which is designed to be powerful, yet simple -to use. It defines compatible synchronous and asynchronous -interfaces to LDAP to suit a wide variety of applications. This -document gives a brief overview of the LDAP model, then an -overview of how the API is used by an application program to -obtain LDAP information. The API calls are described in detail, -followed by an appendix that provides some example code -demonstrating the use of the API. - - - -=head2 RFC-2079 Definition of an X.500 Attribute Type and an Object Class to -Hold Uniform Resource Identifiers - -http://www.ietf.org/rfc/rfc2079.txt - -URLs are being widely used to specify the location of Internet -resources. There is an urgent need to be able to include URLs -in directories that conform to the LDAP and X.500 information -models, and a desire to include other types of URIs as they are -defined. A number of independent groups are already -experimenting with the inclusion of URLs in LDAP and X.500 -directories. This document builds on the experimentation to -date and defines a new attribute type and an auxiliary object -class to allow URIs, including URLs, to be stored in directory -entries in a standard way. - - - -=head2 RFC-2164 Use of an X.500/LDAP directory to support MIXER address mapping - -http://www.ietf.org/rfc/rfc2164.txt - -MIXER (RFC 2156) defines an algorithm for use of a set of -global mapping between X.400 and RFC 822 addresses. This -specification defines how to represent and maintain these -mappings (MIXER Conformant Global Address Mappings of MCGAMs) -in an X.500 or LDAP directory. Mechanisms for representing OR -Address and Domain hierarchies within the DIT. These techniques -are used to define two independent subtrees in the DIT, which -contain the mapping information. - - - -=head2 RFC-2218 A Common Schema for the Internet White Pages Service - -http://www.ietf.org/rfc/rfc2218.txt - -This IETF Integrated Directory Services(IDS) Working Group -proposes a standard specification for a simple Internet White -Pages service by defining a common schema for use by the -various White Pages servers. This schema is independent of -specific implementations of the White Pages service. This -document specifies the minimum set of core attributes of a -White Pages entry for an individual and describes how new -objects with those attributes can be defined and published. It -does not describe how to represent other objects in the White -Pages service. Further, it does not address the search sort -expectations within a particular service. - - - -=head2 RFC-2222 Simple Authentication and Security Layer (SASL) - -http://www.ietf.org/rfc/rfc2222.txt - -This document describes a method for adding authentication -support to connection-based protocols. To use this -specification, a protocol includes a command for identifying -and authenticating a user to a server and for optionally -negotiating protection of subsequent protocol interactions. If -its use is negotiated, a security layer is inserted between the -protocol and the connection. This document describes how a -protocol specifies such a command, defines several mechanisms -for use by the command, and defines the protocol used for -carrying a negotiated security layer over the connection. - - - -=head2 RFC-2247 Using Domains in LDAP/X.500 Distinguished Names - -http://www.ietf.org/rfc/rfc2247.txt - -LDAP uses X.500-compatible distinguished names for providing -unique identification of entries. This document defines an -algorithm by which a name registered with the Internet Domain -Name Service can be represented as an LDAP distinguished name. - - - -=head2 RFC-2307 An Approach for Using LDAP as a Network Information Service - -http://www.ietf.org/rfc/rfc2307.txt - -This document describes an experimental mechanism for mapping -entities related to TCP/IP and the UNIX system into X.500 -entries so that they may be resolved with the LDAP. A set of -attribute types and object classes are proposed, along with -specific guidelines for interpreting them. The intention is to -assist the deployment of LDAP as an organizational nameservice. -No proposed solutions are intended as standards for the -Internet. Rather, it is hoped that a general consensus will -emerge as to the appropriate solution to such problems, leading -eventually to the adoption of standards. The proposed mechanism -has already been implemented with some success. - - - -=head2 RFC-2559 Internet X.509 Public Key Infrastructure Operational Protocols -- LDAPv2 - -http://www.ietf.org/rfc/rfc2559.txt - -The protocol described in this document is designed to satisfy -some of the operational requirements within the Internet X.509 -PKI. Specifically, this document addresses requirements to -provide access to PKI repositories for the purposes of -retrieving PKI information and managing that same information. -The mechanism described in this document is based on the -LDAPv2, defined in RFC 1777, defining a profile of that -protocol for use within the PKIX and updates encodings for -certificates and revocation lists from RFC 1778. Additional -mechanisms addressing PKIX operational requirements are -specified in separate documents. - - - -=head2 RFC-2587 Internet X.509 Public Key Infrastructure LDAPv2 Schema - -http://www.ietf.org/rfc/rfc2587.txt - -The schema defined in this document is a minimal schema to -support PKIX in an LDAPv2 environment, as defined in RFC 2559. -Only PKIX-specific components are specified here. LDAP servers, -acting as PKIX repositories should support the auxiliary object -classes defined in this specification and integrate this schema -specification with the generic and other application-specific -schemas as appropriate, depending on the services to be -supplied by that server. - - - -=head2 RFC-2589 Extensions for Dynamic Directory Services - -http://www.ietf.org/rfc/rfc2589.txt - -LDAP supports lightweight access to static directory services, -allowing relatively fast search and update access. Static -directory services store information about people that persists -in its accuracy and value over a long period of time. Dynamic -directory services are different in that they store information -about people that only persists in its accuracy and value while -people are online. Though the protocol operations and -attributes used by dynamic directory services are similar to -the ones used for static directory services, clients that are -bound to a dynamic directory service need to periodically -refresh their presence at the server to keep directory entries -from getting stale in the presence of client application -crashes. A flow control mechanism from the server is also -described that allows a server to inform clients how often they -should refresh their presence. - - - -=head2 RFC-2596 Use of Language Codes in LDAP - -http://www.ietf.org/rfc/rfc2596.txt - -LDAP provides a means for clients to interrogate and modify -information stored in a distributed directory system. The -information in the directory is maintained as attributes of -entries. Most of these attributes have syntaxes which are -human-readable strings, and it is desirable to be able to -indicate the natural language associated with attribute values. -This document describes how language codes are carried in LDAP -and are to be interpreted by LDAP servers. All implementations -MUST be prepared to accept language codes in the LDAP -protocols. Servers may or may not be capable of storing -attributes with language codes in the directory. - - - -=head2 RFC-2649 Signed Directory Operations Using S/MIME - -http://www.ietf.org/rfc/rfc2649.txt - -This document defines an LDAPv3 based mechanism for signing -directory operations in order to create a secure journal of -changes that have been made to each directory entry. Both -client and server based signatures are supported. An object -class for subsequent retrieval are 'journal entries' is also -defined. This document specifies LDAPv3 controls that enable -this functionality. It also defines an LDAPv3 schema that -allows for subsequent browsing of the journal information. - - - -=head2 RFC-2657 LDAPv2 Client vs. the Index Mesh - -http://www.ietf.org/rfc/rfc2657.txt - -LDAPv2 clients as implemented according to RFC 1777 have no -notion of referral. The integration between such a client and -an Index Mesh, as defined by the Common Indexing Protocol, -heavily depends on referrals and therefore needs to be handled -in a special way. This document defines one possible way of -doing this. - - - -=head2 RFC-2696 LDAP Control Extension for Simple Paged Results Manipulation - -http://www.ietf.org/rfc/rfc2696.txt - -This document describes an LDAPv3 control extension for simple -paging of search results. This control extension allows a -client to control the rate at which an LDAP server returns the -results of an LDAP search operation. This control may be useful -when the LDAP client has limited resources and may not be able -to process the entire result set from a given LDAP query, or -when the LDAP client is connected over a low-bandwidth -connection. Other operations on the result set are not defined -in this extension. This extension is not designed to provide -more sophisticated result set management. - - - -=head2 RFC-2713 Schema for Representing Java Objects in an LDAP Directory - -http://www.ietf.org/rfc/rfc2713.txt - -This document defines the schema for representing Java objects -in an LDAP directory. It defines schema elements to represent a -Java serialized object, a Java marshalled object, a Java remote -object, and a JNDI reference. - - - -=head2 RFC-2714 Schema for Representing CORBA Objects in an LDAP Directory - -http://www.ietf.org/rfc/rfc2714.txt - -CORBA is the Common Object Request Broker Architecture defined -by the Object Management Group. This document defines the -schema for representing CORBA object references in an LDAP -directory. - - - -=head2 RFC-2739 Calendar Attributes for vCard and LDAP - -http://www.ietf.org/rfc/rfc2739.txt - -When scheduling a calendar entity, such as an event, it is a -prerequisite that an organizer has the calendar address of each -attendee that will be invited to the event. Additionally, -access to an attendee's current "busy time" provides an a -priori indication of whether the attendee will be free to -participate in the event. In order to meet these challenges, a -calendar user agent (CUA) needs a mechanism to locate -individual user's calendar and free/busy time. This memo -defines three mechanisms for obtaining a URI to a user's -calendar and free/busy time. These include: - - - -=head2 RFC-2798 Definition of the inetOrgPerson Object Class - -http://www.ietf.org/rfc/rfc2798.txt - -While the X.500 standards define many useful attribute types -[X520] and object classes [X521], they do not define a person -object class that meets the requirements found in today's -Internet and Intranet directory service deployments. We define -a new object class called inetOrgPerson for use in LDAP and -X.500 directory services that extends the X.521 standard -organizationalPerson class to meet these needs. - - - -=head2 RFC-2820 Access Control Requirements for LDAP - -http://www.ietf.org/rfc/rfc2820.txt - -This document describes the fundamental requirements of an -access control list (ACL) model for the LDAP directory service. -It is intended to be a gathering place for access control -requirements needed to provide authorized access to and -interoperability between directories. - - - -=head2 RFC-2829 Authentication Methods for LDAP - -http://www.ietf.org/rfc/rfc2829.txt - -This document specifies particular combinations of SASL -mechanisms and extensions which are required and recommended in -LDAP implementations. - - - -=head2 RFC-2831 Using Digest Authentication as a SASL Mechanism - -http://www.ietf.org/rfc/rfc2831.txt - -This specification defines how HTTP Digest Authentication can -be used as a SASL [RFC 2222] mechanism for any protocol that -has a SASL profile. It is intended both as an improvement over -CRAM-MD5 [RFC 2195] and as a convenient way to support a single -authentication mechanism for web, mail, LDAP, and other -protocols. - - - -=head2 RFC-2891 LDAP Control Extension for Server Side Sorting of Search -Results - -http://www.ietf.org/rfc/rfc2891.txt - -This document describes two LDAPv3 control extensions for -server side sorting of search results. These controls allows a -client to specify the attribute types and matching rules a -server should use when returning the results to an LDAP search -request. The controls may be useful when the LDAP client has -limited functionality or for some other reason cannot sort the -results but still needs them sorted. Other permissible controls -on search operations are not defined in this extension. - - - -=head2 RFC-2849 The LDAP Data Interchange Format (LDIF) - Technical -Specification - -http://www.ietf.org/rfc/rfc2849.txt - -This document describes a file format suitable for describing -directory information or modifications made to directory -information. The file format, known as LDIF, for LDAP Data -Interchange Format, is typically used to import and export -directory information between LDAP-based directory servers, or -to describe a set of changes which are to be applied to a -directory. - - - -=head1 Current Internet Drafts - - -=head2 draft-armijo-ldap-control-error -- Result Message for LDAP Controls - -LDAPv3 allows for the extension of the protocol through the use -of controls. These controls allow existing operations to be -enhanced to provide additional functionality for directory -operations. Complex controls are being established that are -bringing up error conditions not anticipated in the LDAPv3 -specifications. The purpose of this draft is to create new -result codes specific to LDAP controls and to define guidelines -for the use of these result codes. - - - -=head2 draft-armijo-ldap-treedelete -- Tree Delete Control - -This document defines an LDAPv3 control that deletes an entire -subtree of a container entry. This control extends the scope of -the LDAPv3 delete operation as defined in RFC 2251. This -control is beneficial in extending the functionality of the -LDAP protocol and may be useful in administration in an LDAP -environment. - - - -=head2 draft-behera-ldap-password-policy -- Password Policy for LDAP Directories - -Password policy is a set of rules that controls how passwords -are used in LDAP directories. In order to improve the security -of LDAP directories and make it difficult for password cracking -programs to break into directories, it is desirable to enforce -a set of rules on password usage. These rules are made to -ensure that users change their passwords periodically, -passwords meet construction requirements, the re-use of old -password is restricted, and users are locked out after a -certain number of failed attempts. - - - -=head2 draft-daigle-tisdag -- Technical Infrastructure for Swedish Directory Access Gateways -(TISDAG) - -The strength of the TISDAG project's DAG proposal is that it -defines the necessary technical infrastructure to provide a -single-access-point service for information on Swedish Internet -users. The resulting service will provide uniform access for -all information -- the same level of access to information -(7x24 service), and the same information made available, -irrespective of the service provider responsible for -maintaining that information, their directory service -protocols, or the end-user's client access protocol. - - - -=head2 draft-good-ldap-changelog -- Definition of an Object Class to Hold LDAP Change Records - -In order to support more flexible replication methods, it is -desirable to specify some manner in which an LDAP client may -retrieve a set of changes which have been applied to an LDAP -server's database. The client, which may be another LDAP -server, may then choose to update its own replicated copy of -the data. This document specifies an object class which may be -used to represent changes applied to an LDAP server. It also -specifies a method for discovering the location of the -container object which holds these change records, so that -clients and servers have a common rendezvous point for this -information. - - - -=head2 draft-greenblatt-ldapext-sos -- Simple Operations on Subtrees (for LDAP) - -This draft defines several new LDAP extensions, which are -operations that can manipulate an entire portion of Directory -Information Tree (DIT) at once. This draft does not presume any -specific DIT structure or schema modifications. - - - -=head2 draft-greenblatt-ldapextstyle -- LDAP Extension Style Guide - -LDAPv3 provides a base set of services. Additionally, LDAP -provides several mechanisms by which the base set of services -may be enhanced to provide additional services. This document -describes the different ways that LDAP may be enhanced, and how -developers can decide which enhancement mechanism is best -suited for their environment. It also discusses the positives -and negatives for each LDAP enhancement mechanism - - - -=head2 draft-haripriya-ldapext-entryselect -- EntrySelection Control for LDAP Modify and Delete Operations on -Multiple Entries - -This document defines an LDAPv3 control that can select -multiple entries in a subtree of a container entry for -modification or deletion. This control extends the scope of the -LDAPv3 modify and delete operations as defined in [RFC 2251]. -This control is useful for modifying or deleting multiple -entries on the basis of a single selection criterion. This may -be useful for maintenance of an LDAP directory having a large -number of objects. - - - -=head2 draft-hodges-ldapv3-as -- Lightweight Directory Access Protocol (v3): Applicability -Statement - -The specification for LDAPv3 nominally comprises eight separte -RFCs which were issued in two distinct subsets at separate -times (RFCs 2251..2256 first, then RFCs 2229 and 2830 following -later), but this has never been formally stated. Additionally, -RFCs 2251 .. 2256 each are embellished with an "IESG Note" -warning implementors and deployers of potential -interoperability problems due to the lack of a specification of -mandatory-to-implement authentication mechanism(s). This -document corrects both situations by explicitly specifying the -set of RFCs comprising LDAPv3 and rescinding the "IESG Note" -due to the specification of mandatory-to-implement -authentication mechanisms in RFC 2829. - - - -=head2 draft-ietf-ids-ds-bcp -- Best Current Practice for the Internet White Pages Service - -This document makes the following recommendations for -organizations on the Internet: - - - -=head2 draft-ietf-ldapext-acl-model -- Access Control Model for LDAP - -This document describes the access control list (ACL) model for -an LDAP directory service. It includes a description of the -model, the LDAP controls, and the extended operations to the -LDAP protocol. A separate document defines the corresponding -APIs. - - - -=head2 draft-ietf-ldapext-cldap -- Connection-less Lightweight Directory Access Protocol - -This memo describes modifications to LDAPv3 to allow transport -of a subset of the LDAP protocol over connection-less -transport. The case of UDP/IP is covered in detail in this memo -but other transport layers are possible. - - - -=head2 draft-ietf-ldapext-ldap-c-api -- The C LDAP Application Program Interface - -This document defines a C language application program -interface to LDAP, and replaces the previous definition of this -API, defined in RFC 1823, updating it to include support for -features found in LDAPv3, as well as other changes to support -information hiding and thread safety. - - - -=head2 draft-ietf-ldapext-ldap-java-api -- The Java LDAP Application Program Interface - -This document defines a java language application program -interface to the LDAP, in the form of a class library. It -complements but does not replace the C language API. This -version adds support for SASL authentication. - - - -=head2 draft-ietf-ldapext-ldap-java-api-asynch-ext -- The Java LDAP Application Program Interface Asynchronous -Extension - -This document defines asynchronous extensions to the java -language application program interface to LDAP defined in -draft-ietf-ldapext-ldap-java-api (v7) - - - -=head2 draft-ietf-ldapext-ldap-taxonomy -- A Taxonomy of Methods for LDAP Clients Finding Servers - -There are several different methods for a LDAP client to find a -LDAP server. This draft discusses these methods and provides -pointers for interested parties to learn more about -implementing a particular method. - - - -=head2 draft-ietf-ldapext-ldapv3-dupent -- LDAP Control for a Duplicate Entry Representation of Search -Results - -This document describes a Duplicate Entry Representation -control extension for the LDAP Search operation. By using the -control with an LDAP search, a client requests that the server -return separate entries for each value held in the specified -attributes. For instance, if a specified attribute of an entry -holds multiple values, the search operation will return -multiple instances of that entry, each instance holding a -separate single value in that attribute. - - - -=head2 draft-ietf-ldapext-ldapv3-vlv -- LDAP Extensions for Scrolling View Browsing of Search Results - -This document describes a Virtual List View control extension -for the LDAP Search operation. This control is designed to -allow the ''virtual list box'' feature, common in existing -commercial e-mail address book applications, to be supported -efficiently by LDAP servers. LDAP servers' inability to support -this client feature is a significant impediment to LDAP -replacing proprietary protocols in commercial e-mail systems. - - - -=head2 draft-ietf-ldapext-locate -- Discovering LDAP Services with DNS - -An LDAP request must be directed to an appropriate server for -processing. This document specifies a method for discovering -such servers using information in the Domain Name System. - - - -=head2 draft-ietf-ldapext-matchedval -- Returning Matched Values with LDAPv3 - -This document describes a control for the LDAPv3 that is used -to return a subset of attribute values from an entry, -specifically, only those values that contributed to the search -filter evaluating to TRUE. Without support for this control, a -client must retrieve all of an attribute's values and search -for specific values locally. - - - -=head2 draft-ietf-ldapext-psearch -- Persistent Search: A Simple LDAP Change Notification Mechanism - -This document defines two controls that extend the LDAPv3 -search operation to provide a simple mechanism by which an LDAP -client can receive notification of changes that occur in an -LDAP server. The mechanism is designed to be very flexible yet -easy for clients and servers to implement. - - - -=head2 draft-ietf-ldapext-refer -- Referrals in LDAP Directories - -This document defines two reference attributes and associated -"referral" object class for representing generic knowledge -information in LDAP directories. The attribute uses URIs to -represent knowledge, enabling LDAP and non-LDAP services alike -to be referenced. The object class can be used to construct -entries in an LDAP directory containing references to other -directories or services. This document also defines procedures -directory servers should follow when supporting these schema -elements and when responding to requests for which the -directory server does not contain the requested object but may -contain some knowledge of the location of the requested object. - - - -=head2 draft-ietf-ldapext-x509-sasl -- X.509 Authentication SASL Mechanism - -This document defines a SASL [RFC 2222] authentication -mechanism based on X.509 strong authentication, providing two -way authentication. This mechanism is only for authentication, -and has no effect on the protocol encodings and is not designed -to provide integrity or confidentiality services. - - - -=head2 draft-ietf-ldup-framing -- Extended Operations for Framing LDAP Operations - -Certain types of LDAP applications can benefit from the ability -to specify the beginning and end of a related group of -operations. For example, the LDUP multimaster update protocol -requires that two servers agree to begin a session to transfer -pending replication updates. This document provides a framework -for constructing protocols that feature a framed set of related -operations. It defines a pair of LDAPv3 extended operations -that provide begin-end framing, and a pair of extended -operations used to respond the begin-end framing operations. -The nature of the actual LDAP operations carried inside these -framing operations is not specified in this document. - - - -=head2 draft-ietf-ldup-infomod -- LDUP Replication Information Model - -draft-merrells-ldup-model (v1) describes the architectural -approach to replication of LDAP directory contents. This -document describes the information model and schema elements -which support LDAP Replication Services - - - -=head2 draft-ietf-ldup-model -- LDAP Replication Architecture - -This architectural document outlines a suite of schema and -protocol extensions to LDAPv3 that enables the robust, -reliable, server-to-server exchange of directory content and -changes. - - - -=head2 draft-ietf-ldup-protocol -- The LDUP Replication Update Protocol - -The protocol described in this document is designed to allow -one LDAP server to replicate its directory content to another -LDAP server. The protocol is designed to be used in a -replication configuration where multiple updatable servers are -present. Provisions are made in the protocol to carry -information that allows the server receiving updates to apply a -total ordering to all updates in the replicated system. This -total ordering allows all replicas to correctly resolve -conflicts that arise when LDAP clients submit changes to -different servers that later replicate to one another. - - - -=head2 draft-ietf-ldup-replica-req -- LDAP V3 Replication Requirements - -This document discusses the fundamental requirements for -replication of data accessible via the LDAPv3 protocol. It is -intended to be a gathering place for general replication -requirements needed to provide interoperability between -informational directories. - - - -=head2 draft-ietf-ldup-subentry -- LDAP Subentry Schema - -This document describes an object class called ldapSubEntry -which MAY be used to indicate operations and management related -entries in the directory, called LDAP Subentries. This version -of this document is updated with an assigned OID for the -ldapSubEntry object class. - - - -=head2 draft-ietf-ldup-urp -- LDUP Update Reconciliation Procedures - -This document describes the procedures used by directory -servers to reconcile updates performed by autonomously -operating directory servers in a distributed, replicated -directory service. - - - -=head2 draft-ietf-pkix-ldap-schema -- Internet X.509 Public Key Infrastructure Additional LDAP Schema -for PKIs and PMIs - -This document describes LDAP schema features in addition to RFC -2587 that are needed to support a Privilege Management -Infrastructure and a Public Key Infrastructure. RFC2587 -describes some of the subschema applicable to LDAPv2 servers, -specifically the public key certificate related attribute types -and object classes that MUST or MAY be supported. This document -does not revoke any of the contents of RFC2587, but supplements -them. RFC2587 is equally applicable to LDAPv3 servers as to -LDAPv2 servers and MUST be supported by LDAPv3 servers. Neither -RFC2587 nor the user schema for LDAPv3 (RFC2256) nor the -attribute syntax definitions for LDAPv3 (RFC2252) describe in -detail the matching rules that should be supported by LDAP -servers, nor do they describe how attribute value assertions -for each matching rule should be encoded in filter items. -Finally none of these documents mention attributeCertificates -or any schema to support privilege management, since these -concepts superseded the publishing of the RFCs. - - - -=head2 draft-just-ldapv3-rescodes -- LDAPv3 Result Codes: Definitions and Appropriate Use - -The purpose of this document is to describe, in some detail, -the meaning and use of the result codes used with the LDAPv3 -protocol. Of particular importance are the error codes, which -represent the majority of the result codes. This document -provides definitions for each result code, and outlines the -expected behaviour of the various operations with respect to -how result codes and in particular, error conditions should be -handled and which specific error code should be returned. It is -hoped that this document will facilitate interoperability -between clients and servers and the development of intelligent -LDAP clients capable of acting upon the results received from -the server. - - - -=head2 draft-mmeredith-rootdse-vendor-info -- Storing Vendor Information in the LDAP root DSE - -This document specifies two LDAP attributes, vendorName and -vendorVersion that MAY be included in the root DSE to advertise -vendor-specific information. These two attributes supplement -the attributes defined in section 3.4 of RFC 2251. The -information held in these attributes MAY be used for display -and informational purposes and MUST NOT be used for feature -advertisement or discovery. - - - -=head2 draft-moats-dmtf-application-ldap -- LDAP Schema for the DMTF Application CIM v2.1 Model - -This draft presents a LDAPv3 schema for the DMTF CIM -Application model. Associations are mapped using a combination -of auxiliary classes and DIT structure rules. Where auxiliary -classes are used, name form and DIT content rules are -specified. (This document is not a product of the DMTF, and -represents the view of the authors.) - - - -=head2 draft-moats-dmtf-core-ldap -- LDAP Schema for the DMTF Core CIM v2.2 Model - -This draft presents a LDAPv3 schema for the DMTF CIM Core -model. Associations are mapped using a combination of auxiliary -classes and DIT structure rules. All attribute, object class, -and name form OIDs are place holders, and syntax OIDs in -definitions have been replaced by names for clarity. Further, -structure rule identifiers are place holders and should be -replaced as dictated by local implementations. (This document -is a product of the DMTF LDAP WG.) - - - -=head2 draft-moats-dmtf-device-ldap -- LDAP Schema for the DMTF Device CIM v2.2 Model - -This draft presents a LDAPv3 schema for the DMTF CIM Device -model. It builds on the core model presented in -draft-moats-dmtf-core-ldap (v1). Associations are mapped using -a combination of auxiliary classes and DIT structure rules. -Where auxiliary classes are used, name form and DIT content -rules are specified. (This document is not a product of the -DMTF, and represents the view of the authors.) - - - -=head2 draft-moats-dmtf-network-ldap -- LDAP Schema for the DMTF Network CIM v2.2 Model - -This draft presents a LDAPv3 schema for the DMTF CIM Network -model. Associations are mapped using a combination of auxiliary -classes and DIT structure rules. Where auxiliary classes are -used, name form and DIT content rules are specified. (This -document is not a product of the DMTF, and represents the view -of the authors.) - - - -=head2 draft-moats-dmtf-physical-ldap -- LDAP Schema for the DMTF Physical CIM v2.2 Model - -This draft presents a LDAPv3 schema for the DMTF CIM Physical -model. Associations are mapped using a combination of auxiliary -classes and DIT structure rules. Where auxiliary classes are -used, name form and DIT content rules are specified. (This -document is not a product of the DMTF, and represents the view -of the authors.) - - - -=head2 draft-moats-dmtf-system-ldap -- LDAP Schema for the DMTF System CIM v2.2 Model - -This draft presents a LDAPv3 schema for the DMTF CIM System -model. It builds on the core model presented in -draft-moats-dmtf-core-ldap (v1). Associations are mapped using -a combination of auxiliary classes and DIT structure rules. -Where auxiliary classes are used, name form and DIT content -rules are specified. (This document is not a product of the -DMTF, and represents the view of the authors.) - - - -=head2 draft-moats-ldap-dereference-match -- Extensible Match Rule to Dereference Pointers - -This document defines a LDAPv3 extensible matching rule that -allows a server to dereference pointers stored in an object's -attribute and apply a LDAPv3 search filter to the resulting -objects. This rule allows schema definitions to capture richer -association models without requiring extra protocol exchanges -or special client code. - - - -=head2 draft-natarajan-ldapext-cachedresults -- The LDAP Caching model - -Seeking entries from a directory is a process involving network -resources. It is assumed that a directory is accessed for -reading and searching data more than for modification purposes. -Under such assumptions, for performance reasons, a mechanism -for caching as a proxy which caches all entries is desirable. -This document describes a mechanism for caching directory -entries. This document also defines one operational attribute -and two controls required to be implemented for the caching -model. - - - -=head2 draft-natkovich-ldap-lcup -- LDAP Client Update Protocol - -This document defines the LDAP Client Update Protocol (LCUP). -The protocol is intended to allow an LDAP client to synchronize -with the content of a directory information tree (DIT) stored -by an LDAP server and to be notified about the changes to that -content. - - - -=head2 draft-rharrison-lburp -- LDAP Bulk Update/Replication Protocol - -The LDAP Bulk Update/Replication Protocol (LBURP) described in -this document allows an LDAP client (a genuine client or an -LDAP server acting as a client) to perform a bulk update to a -replica on an LDAP server. The protocol groups a set of update -operations using the LDAP framed protocol requests defined in -[FRAMING] to notify the client that the update operations in -the framed set are related. The update operations within the -framed set are LDAPv3 extended operations each encapsulating a -sequence number and one or more LDAPv3 update operations. The -sequence number allows the server to process the update -operations in the proper order even when they are sent -asynchronously by the client, and the update operations can be -grouped within the extended request to maximize the efficiency -of client-server communication. - - - -=head2 draft-rharrison-ldap-extpartresp -- Extended Partial Response Protocol Enhancement to LDAPv3 - -This document describes the ExtendedPartialResponse, an element -of LDAP v3 protocol which allows multiple responses to LDAPv3 -extended requests. Extended partial responses are backward -compatible with the existing LDAPv3 Extended Operation defined -in LDAPv3.. - - - -=head2 draft-salzr-ldap-repsig -- LDAP Controls for Reply Signatures - -In many environments the final step of certificate issuance is -publishing the certificate to a repository. Unfortunately, -there is no way for a Certification Authority (CA) to have a -secure application-level acknowledgement that the proper -repository did, in fact, receive the certificate. This issue is -of greater concern when considering the publication of -Certificate Revocation Lists (CRLs) -- if an adversary manages -to interpose itself between the CA and its intended repository, -then clients could end up relying on outdated revocation lists. - - - -=head2 draft-smith-ldap-c-api-ext-lderrno -- C LDAP API LDERRNO Extension - -This document defines an extension to the C LDAP API to support -reporting of specific errors for functions in the API that do -not provide a way to access detailed information about -failures. Three new functions are defined: ldap_get_lderrno(), -ldap_set_lderrno(), and ldap_dup_string(). - - - -=head2 draft-smith-ldap-c-api-ext-vlv -- LDAP C API Virtual List View Extension (VLV) - -This document defines a virtual list view extension for the -LDAP C API to support the LDAP protocol extensions for -scrolling view browsing of search results. More specifically, -this document defines functions to create virtual list view -request controls and to parse virtual list view response -controls. - - - -=head2 draft-smith-ldapv3-filter-update -- The String Representation of LDAP Search Filters - -LDAP defines a network representation of a search filter -transmitted to an LDAP server. Some applications may find it -useful to have a common way of representing these search -filters in a human-readable form. This document defines a -human-readable string format for representing the full range of -possible LDAPv3 search filters, including extended match -filters. - - - -=head2 draft-smith-ldapv3-url-update -- The LDAP URL Format - -LDAP is defined in RFCs 2251-3. This document describes a -format for an LDAP Uniform - - - -=head2 draft-wahl-ldap-adminaddr -- Administrator Address Attribute - -Organizations running multiple directory servers need an -ability for administrators to determine who is responsible for -a particular server. This is conceptually similar to the -'sysContact' object of SNMP. The administratorsAddress -attribute allows a server administrator to provide the contact -information of the responsible party for an LDAP server. This -can be used by management clients which are, for example, -checking the state of a replication or referral topology, to -provide a way for the user of the management client to send -email to manager of a particular server. - - - -=head2 draft-wahl-ldap-digest-example -- An Example of DIGEST-MD5 Authentication within an LDAP server - -HTTP Digest Authentication as a SASL mechanism is required to -be supported in LDAP servers for password-based authentication -(see Authentication Methods for LDAP). This specification -describes one approach to implement DIGEST-MD5 authentication -in an LDAP server. It does not specify a standard of any kind. - - - -=head2 draft-weltman-java-sasl -- The Java SASL Application Program Interface - -This document defines a client-side and a server-side Java -language interface for using the Simple Authentication and -Security Layer (SASL) mechanisms for adding authentication -support to connection-based protocols. The interface promotes -sharing of SASL mechanism drivers and security layers between -applications using different protocols. It complements but does -not replace [SASL], which defines and exemplifies use of the -SASL protocol in a language-independent way. - - - -=head2 draft-weltman-ldap-java-controls -- Java LDAP Controls - -This document defines support for the Preferred Language -Control, the Server Sorting Control, and the Virtual List -Control in the Java LDAP API. Controls are an LDAPv3 extension, -to allow passing arbitrary control information along with a -standard request to a server, and to receive arbitrary -information back with a standard result. - - - -=head2 draft-weltman-ldapv3-auth-response -- LDAP Authentication Response Control - -This document defines support for the Authentication Response -Control. Controls are an LDAPv3 extension, to allow passing -arbitrary control information along with a standard request to -a server, and to receive arbitrary information back with a -standard result. The Authentication Response Control may be -returned by an LDAP server in a bind response to a client -authenticating with LDAPv3. The control contains the identity -assumed by the client. This is useful when there is a mapping -step or other indirection during the bind, so that the client -can be told what LDAP identity was granted. Client -authentication with certificates is the primary situation where -this applies. Also, some SASL authentication mechanisms may not -involve the client explicitly providing a DN. - - - -=head2 draft-weltman-ldapv3-proxy -- LDAP Proxied Authorization Control - -This document defines support for the Proxied Authorization -Control. Controls are an LDAPv3 extension, to allow passing -arbitrary control information along with a standard request to -a server, and to receive arbitrary information back with a -standard result. The Proxied Authorization Control allows a -connection with sufficient privileges to assume the identity of -another entry for the duration of an LDAP request. - - - -=head2 draft-zeilenga-ldap-authpasswd -- LDAP Authentication Password Attribute - -This document describes schema for storing authentication -passwords in an LDAP directory. The document provides schema -definitions for authPassword and related schema definitions. -The authPassword is intended to used instead of clear text -password storage mechanisms such as userPassword [RFC2256] to -support simple bind operations. The attribute may be used to -store SASL authentication passwords in entries of a directory. - - - -=head2 draft-zeilenga-ldap-c-api-concurrency -- LDAP C API Concurrency Extensions - -This document defines extensions to the LDAP C API to support -use in concurrent execution environments. The document -describes and defines requirements for multiple concurrency -levels: thread safe, session thread safe, and operation thread -safe. - - - -=head2 draft-zeilenga-ldap-c-api-errno -- LDAP C API Error Reporting Extension - -This document defines a mandatory extension to the LDAP C API -to provide error reporting for all API calls. The mechanism is -non-intrusive and can, optionally, support concurrent execution -environments. - - - -=head2 draft-zeilenga-ldap-grouping -- LDAPv3: Grouping of Related Operations - -This document provides a general mechanisms for grouping -related LDAP operations, which may be used to support -replication, proxies, and higher level operations such as -transactions. This document describes a set of LDAP extended -operations and other protocol and schema elements to support -grouping of related operations. - - - -=head2 draft-zeilenga-ldap-namedref -- Named References in LDAP Directories - -This document defines schema and protocol elements for -representing and manipulating generic knowledge information in -LDAP directories. An attribute type "ref" is used to store URIs -which may refer to LDAP and non-LDAP services. An object class -"referral" is used to construct entries in an LDAP directory -which references to other directories or services. A control, -ManageDsaIT, is defined to allow clients to manipulate referral -objects as normal entries. The document describes procedures -directory servers should follow when supporting these elements. - - - -=head2 draft-zeilenga-ldap-passwd-exop -- LDAP Password Modify Extended Operation - -The integration of LDAP and external authentication services -has introducted non-DN authentication identities and allowed -for non-directory storage of passwords. As such, mechanisms -which update the directory, such as Modify operation, cannot be -used to change a user's password. This document describes an -LDAP extended operation to allow modification of user passwords -which is not dependent upon the form of the authentication -identity nor the password storage mechanism used. - - - -=head2 draft-zeilenga-ldap-txn -- LDAPv3 Transactions - -LDAP update operations have atomic properties upon individual -entries. However, it is often desirable to update two or more -entries as one atomic action, a transaction. Transactions are -necessary to support a number of applications including -resource provisioning and information replication. This -document defines an LDAP extension to support transactions. - - - -=head2 draft-zeilenga-ldapv3bis-opattrs -- LDAPv3: All Operational Attributes - -X.500 provides a mechanism for clients to request all -operational attributes be returned with entries provided in -response to a search operation. LDAP [RFC2251] does not provide -a similar mechanism to clients to request the return of -operational attributes. The lack of such a mechanisms hinders -discovery of operational attributes present in an entry. - - - -=head2 draft-zeilenga-ldapv3bis-rfc2251 -- LDAPv3bis Suggestions: Lightweight Directory Access Protocol -(v3) - -This Internet Draft suggests a number of updates to -"Lightweight Directory Access Protocol (v3)" [RFC2251]. This -document is not intended to be published as an RFC but used to -identify LDAPv3bis work items. - - - -=head2 draft-zeilenga-ldapv3bis-rfc2252 -- LDAPv3bis Suggestions: Attribute Syntax Definitions - -This Internet Draft suggests a number of updates to " -Lightweight Directory Access Protocol (v3): Attribute Syntax -Definitions" [RFC2252]. This document is not intended to be -published as an RFC but used to identify LDAPv3bis work items. - - - -=head2 draft-zeilenga-ldapv3bis-rfc2253 -- LDAPv3bis Suggestions: UTF-8 String Representation of -Distinguished Names - -This Internet Draft suggests a number of updates to -"Lightweight Directory Access Protocol (v3): UTF-8 String -Representation of Distinguished Names" [RFC2253]. This document -is not intended to be published as an RFC but used to identify -LDAPv3bis work items. - - - -=head2 draft-zeilenga-ldapv3bis-rfc2254 -- LDAPv3bis Suggestions: The String Representation of LDAP Search -Filters - -This Internet Draft suggests a number of updates to "The String -Representation of LDAP Search Filters" [RFC 2254]. This -document is not intended to be published as an RFC but used to -identify LDAPv3bis work items. - - - -=head2 draft-zeilenga-ldapv3bis-rfc2255 -- LDAPv3bis Suggestions: The LDAP URL Format - -This Internet Draft suggests a number of updates to "The LDAP -URL Format" [RFC 2255]. This document is not intended to be -published as an RFC but used to identify LDAPv3bis work items. - - - -=head2 draft-zeilenga-ldapv3bis-rfc2256 -- LDAPv3bis Suggestions: Summary of the X.500(96) User Schema for -use with LDAPv3 - -This Internet Draft suggests a number of updates to "A Summary -of the X.500(96) User Schema for use with LDAPv3" [RFC 2256]. -This document is not intended to be published as an RFC but -used to identify LDAPv3bis work items. - - - -=head2 draft-zeilenga-ldapv3bis-rfc2829 -- LDAPv3bis Suggestions: Authentication Methods for LDAP - -This Internet Draft suggests a number of updates to -"Authentication Methods for LDAP" [RFC2829]. This document is -not intended to be published as an RFC but used to identify -LDAPv3bis work items. - - - -=head2 draft-zeilenga-ldapv3bis-rfc2830 -- LDAPv3bis Suggestions: Extension for Transport Layer Security - -This Internet Draft suggests a number of updates to the -"Lightweight Directory Access Protocol: Extension for Transport -Layer Security" [RFC 2830]. This document is not intended to be -published as an RFC but used to identify LDAPv3bis work items. - - -=for html
- -I<$Id: RFC.pod,v 1.5 2001/10/24 14:08:54 chrisridd Exp $> - -=cut - diff --git a/lib/Net/LDAP/Reference.pod b/lib/Net/LDAP/Reference.pod deleted file mode 100644 index c3cfe86..0000000 --- a/lib/Net/LDAP/Reference.pod +++ /dev/null @@ -1,63 +0,0 @@ -=head1 NAME - -Net::LDAP::Reference - search reference - -=head1 SYNOPSIS - - use Net::LDAP; - - $ldap->search( @search_args, callback => \&process); - - sub process { - my $mesg = shift; - my $obj = shift; - if (!$obj) { - # Search complete - } - elsif ($obj->isa('Net::LDAP::Reference')) { - my $ref; - - foreach $ref ($obj->references) { - # process ref - } - } - else { - # Process Net::LDAP::Entry - } - } - -=head1 DESCRIPTION - -=head1 METHODS - -=over 4 - -=item references - -Returns a list of references from the server. - -=back - -=head1 SEE ALSO - -L, -L - -=head1 AUTHOR - -Graham Barr . - -Please report any bugs, or post any suggestions, to the perl-ldap mailing list -. - -=head1 COPYRIGHT - -Copyright (c) 1997-2000 Graham Barr. All rights reserved. This program is -free software; you can redistribute it and/or modify it under the same -terms as Perl itself. - -=for html
- -I<$Id: Reference.pod,v 1.3 2001/08/24 19:31:14 gbarr Exp $> - -=cut diff --git a/lib/Net/LDAP/Schema.pm b/lib/Net/LDAP/Schema.pm deleted file mode 100644 index a5cc788..0000000 --- a/lib/Net/LDAP/Schema.pm +++ /dev/null @@ -1,429 +0,0 @@ -# Copyright (c) 1998-2002 Graham Barr . All rights reserved. -# This program is free software; you can redistribute it and/or -# modify it under the same terms as Perl itself. - -package Net::LDAP::Schema; - -use strict; -use vars qw($VERSION); - -$VERSION = "0.9901"; - -# -# Get schema from the server (or read from LDIF) and parse it into -# data structure -# -sub new { - my $self = shift; - my $type = ref($self) || $self; - my $schema = bless {}, $type; - - return $schema unless @_; - return $schema->parse( shift ) ? $schema : undef; -} - -sub _error { - my $self = shift; - $self->{error} = shift; - return; -} - - -sub parse { - my $schema = shift; - my $arg = shift; - - unless ($arg) { - $schema->{error} = "Bad argument"; - return undef; - } - - %$schema = (); - - my $entry; - if( ref $arg ) { - if (UNIVERSAL::isa($arg, 'Net::LDAP::Entry')) { - $entry = $arg; - } - elsif (UNIVERSAL::isa($arg, 'Net::LDAP::Search')) { - unless ($entry = $arg->entry) { - $schema->{error} = 'Bad Argument'; - return undef; - } - } - else { - $schema->{error} = 'Bad Argument'; - return undef; - } - } - elsif( -f $arg ) { - require Net::LDAP::LDIF; - my $ldif = Net::LDAP::LDIF->new( $arg, "r" ); - $entry = $ldif->read(); - unless( $entry ) { - $schema->{error} = "Cannot parse LDIF from file [$arg]"; - return undef; - } - } - else { - $schema->{error} = "Can't load schema from [$arg]: $!"; - return undef; - } - - eval { - local $SIG{__DIE__} = sub {}; - _parse_schema( $schema, $entry ); - }; - - if ($@) { - $schema->{error} = $@; - return undef; - } - - return $schema; -} - -# -# Dump as LDIF -# -# XXX - We should really dump from the internal structure. That way we can -# have methods to modify the schema and write a new one -- GMB -sub dump { - my $self = shift; - my $fh = @_ ? shift : \*STDOUT; - my $entry = $self->{'entry'} or return; - require Net::LDAP::LDIF; - Net::LDAP::LDIF->new($fh,"w", wrap => 0)->write($entry); - 1; -} - -# -# Given another Net::LDAP::Schema, merge the contents together. -# XXX - todo -# -sub merge { - my $self = shift; - my $new = shift; - - # Go through structure of 'new', copying code to $self. Take some - # parameters describing what to do in the event of a clash. -} - - -sub all_attributes { values %{shift->{at}} } -sub all_objectclasses { values %{shift->{oc}} } -sub all_syntaxes { values %{shift->{syn}} } -sub all_matchingrules { values %{shift->{mr}} } -sub all_matchingruleuses { values %{shift->{mru}} } -sub all_ditstructurerules { values %{shift->{dts}} } -sub all_ditcontentrules { values %{shift->{dtc}} } -sub all_nameforms { values %{shift->{nfm}} } - -sub superclass { - my $self = shift; - my $oc = shift; - - my $elem = $self->objectclass( $oc ) - or return scalar _error($self, "Not an objectClass"); - - return @{$elem->{sup} || []}; -} - -sub must { _must_or_may(@_,'must') } -sub may { _must_or_may(@_,'may') } - -# -# Return must or may attributes for this OC. -# -sub _must_or_may { - my $self = shift; - my $must_or_may = pop; - my @oc = @_ or return; - - # - # If called with an entry, get the OC names and continue - # - if ( UNIVERSAL::isa( $oc[0], "Net::LDAP::Entry" ) ) { - my $entry = $oc[0]; - @oc = $entry->get_value( "objectclass" ) - or return; - } - - my %res; - my %done; - - while (@oc) { - my $oc = shift @oc; - - $done{lc $oc}++ and next; - - my $elem = $self->objectclass( $oc ) or next; - my $res = $elem->{$must_or_may} or next; - @res{ @$res } = (); # Add in, getting uniqueness - my $sup = $elem->{sup} or next; - push @oc, @$sup; - } - - my %unique = map { ($_,$_) } $self->attribute(keys %res); - values %unique; -} - -# -# Given name or oid, return element or undef if not of appropriate type -# - -sub _get { - my $self = shift; - my $type = pop(@_); - my $hash = $self->{$type}; - my $oid = $self->{oid}; - - my @elem = grep $_, map { - my $elem = $hash->{lc $_}; - - ($elem or ($elem = $oid->{$_} and $elem->{type} eq $type)) - ? $elem - : undef; - } @_; - - wantarray ? @elem : $elem[0]; -} - -sub attribute { _get(@_,'at') } -sub objectclass { _get(@_,'oc') } -sub syntax { _get(@_,'syn') } -sub matchingrule { _get(@_,'mr') } -sub matchingruleuse { _get(@_,'mru') } -sub ditstructurerule { _get(@_,'dts') } -sub ditcontentrule { _get(@_,'dtc') } -sub nameform { _get(@_,'nfm') } - - -# -# XXX - TODO - move long comments to POD and write up interface -# -# Data structure is: -# -# $schema (hash ref) -# -# The {oid} piece here is a little redundant since we control the other -# top-level members. We promote the first listed name to be 'canonical' and -# also make up a name for syntaxes (from the description). Thus we always -# have a unique name. This avoids a lot of checking in the access routines. -# -# ->{oid}->{$oid}->{ -# name => $canonical_name, (created for syn) -# aliases => list of non. canon names -# type => at/oc/syn -# desc => description -# must => list of can. names of mand. atts [if OC] -# may => list of can. names of opt. atts [if OC] -# syntax => can. name of syntax [if AT] -# ... etc per oid details -# -# These next items are optimisations, to avoid always searching the OID -# lists. Could be removed in theory. Each is a hash ref mapping -# lowercase names to the hash stored in the oid struucture -# -# ->{at} -# ->{oc} -# ->{syn} -# ->{mr} -# ->{mru} -# ->{dts} -# ->{dtc} -# ->{nfm} -# - -# -# These items have no following arguments -# -my %flags = map { ($_,1) } qw( - single-value - obsolete - collective - no-user-modification - abstract - structural - auxiliary - ); - -# -# These items can have lists arguments -# (name can too, but we treat it special) -# -my %listops = map { ($_,1) } qw(must may sup); - -# -# Map schema attribute names to internal names -# -my %type2attr = qw( - at attributetypes - oc objectclasses - syn ldapsyntaxes - mr matchingrules - mru matchingruleuse - dts ditstructurerules - dtc ditcontentrules - nfm nameforms -); - -# -# Return ref to hash containing schema data - undef on failure -# - -sub _parse_schema { - my $schema = shift; - my $entry = shift; - - return undef unless defined($entry); - - keys %type2attr; # reset iterator - while(my($type,$attr) = each %type2attr) { - my $vals = $entry->get_value($attr, asref => 1); - - my %names; - $schema->{$type} = \%names; # Save reference to hash of names => element - - next unless $vals; # Just leave empty ref if nothing - - foreach my $val (@$vals) { - # - # The following statement takes care of defined attributes - # that have no data associated with them. - # - next if $val eq ''; - - # - # We assume that each value can be turned into an OID, a canonical - # name and a 'schema_entry' which is a hash ref containing the items - # present in the value. - # - my %schema_entry = ( type => $type, aliases => [] ); - - my @tokens; - pos($val) = 0; - - push @tokens, $+ - while $val =~ /\G\s*(?: - ([()]) - | - ([^"'\s()]+) - | - "([^"]*)" - | - '((?:[^']+|'[^\s)])*)' - )\s*/xcg; - die "Cannot parse [$val] [",substr($val,pos($val)),"]" unless @tokens and pos($val) == length($val); - - # remove () from start/end - shift @tokens if $tokens[0] eq '('; - pop @tokens if $tokens[-1] eq ')'; - - # The first token is the OID - my $oid = $schema_entry{oid} = shift @tokens; - - while(@tokens) { - my $tag = lc shift @tokens; - - if (exists $flags{$tag}) { - $schema_entry{$tag} = 1; - } - elsif (@tokens) { - if (($schema_entry{$tag} = shift @tokens) eq '(') { - my @arr; - $schema_entry{$tag} = \@arr; - while(1) { - my $tmp = shift @tokens; - last if $tmp eq ')'; - push @arr,$tmp unless $tmp eq '$'; - - # Drop of end of list ? - die "Cannot parse [$val] {$tag}" unless @tokens; - } - } - - # Ensure items that can be lists are stored as array refs - $schema_entry{$tag} = [ $schema_entry{$tag} ] - if exists $listops{$tag} and !ref $schema_entry{$tag}; - } - else { - die "Cannot parse [$val] {$tag}"; - } - } - - # - # Extract the maximum length of a syntax - # - $schema_entry{max_length} = $1 - if exists $schema_entry{syntax} and $schema_entry{syntax} =~ s/{(\d+)}//; - - # - # Force a name if we don't have one - # - $schema_entry{name} = $schema_entry{oid} - unless exists $schema_entry{name}; - - # - # If we have multiple names, make the name be the first and demote the rest to aliases - # - if (ref $schema_entry{name}) { - my $aliases; - $schema_entry{name} = shift @{$aliases = $schema_entry{name}}; - $schema_entry{aliases} = $aliases if @$aliases; - } - - # - # Store the elements by OID - # - $schema->{oid}->{$oid} = \%schema_entry; - - # - # We also index elements by name within each type - # - foreach my $name ( @{$schema_entry{aliases}}, $schema_entry{name} ) { - my $lc_name = lc $name; - $names{lc $name} = \%schema_entry; - } - } - } - - $schema->{entry} = $entry; - return $schema; -} - - - - -# -# Get the syntax of an attribute -# -sub attribute_syntax { - my $self = shift; - my $attr = shift; - my $syntax; - - while ($attr) { - my $elem = $self->attribute( $attr ) or return undef; - - $syntax = $elem->{syntax} and return $self->syntax($syntax); - - $attr = ${$elem->{sup} || []}[0]; - } - - return undef -} - - -sub error { - $_[0]->{error}; -} - -# -# Return base entry -# -sub entry { - $_[0]->{entry}; -} - -1; diff --git a/lib/Net/LDAP/Schema.pod b/lib/Net/LDAP/Schema.pod deleted file mode 100644 index fba050e..0000000 --- a/lib/Net/LDAP/Schema.pod +++ /dev/null @@ -1,162 +0,0 @@ -=head1 NAME - -Net::LDAP::Schema - Load and manipulate an LDAP v3 Schema - -=head1 SYNOPSIS - - use Net::LDAP; - use Net::LDAP::Schema; - - # - # Read schema from server - # - $ldap = Net::LDAP->new( $server ); - $ldap->bind(); - $schema = $ldap->schema(); - - # - # Load from LDIF - # - $schema = Net::LDAP::Schema->new; - $schema->parse( "schema.ldif" ) or die $schema->error; - -=head1 DESCRIPTION - -B provides a means to load an LDAP schema and query it -for information regarding supported objectclasses, attributes and syntaxes. - -=head1 METHODS - -Where a method is stated as taking the 'name or oid' of a schema item (which -may be an object class, attribute or syntax) then a case-insensitive name -or raw oid (object identifier, in dotted numeric string form, e.g. 2.5.4.0) -may be supplied. - -=over 4 - -=item all_attributes - -=item all_ditcontentrules - -=item all_ditstructurerules - -=item all_matchingrules - -=item all_matchingruleuses - -=item all_nameforms - -=item all_objectclasses - -=item all_syntaxes - -Returns a list of the names all the requested type in the schema - - @attrs = $schema->all_attributes(); - -=item attribute NAME_OR_OID - -=item ditcontentrule NAME_OR_OID - -=item ditstructurerule NAME_OR_OID - -=item matchingrule NAME_OR_OID - -=item matchingruleuse NAME_OR_OID - -=item nameform NAME_OR_OID - -=item objectclass NAME_OR_OID - -=item syntax NAME_OR_OID - -Returns a reference to a hash, or undef if the attribute does not exist. - - $attr_href = $schema->attribute( "attrname" ); - -=item dump - -=item dump FILENAME - -Given an argument which is the name of a file, and the file or -directory has write permission, will dump the raw schema -information to a file. If no argument is given the raw schema -information is dumped to standard out. - - $result = $schema->dump( "./schema.dump" ); - - or - - $result = $schema->dump(); - -If no schema data is returned from directory server, the method -will return undefined. Otherwise a value of 1 is always returned. - -=item error - -Returns the last error encountered. - -Given the name or oid of a schema item (matchingruleuse, ditstructurerule, -ditcontentrule or nameform respectively) returns the assoicated OID -or undef if the name or oid is not of the appropriate type. - -=item may - -Given an argument which is the name or oid of a known object class, returns -the names of the attributes which are optional in the class. - - @may = $schema->may( $oc ); - -=item must - -Given an argument which is the name or oid of a known object class, returns -the names of the attributes which are mandatory in the class - - @must = $schema->must( $oc ); - -=item parse MESG - -=item parse ENTRY - -=item parse FILENAME - -Takes a single argument which can be any of, A message objected returned from -an LDAP search, a Net::LDAP::Entry object or the name of a file containing -an LDIF form of the schema. - -If the argument is a message result from a search, Net::LDAP::Schema will parse -the schema from the first entry returned. - -Returns true on success and C on error. - -=item superclass - -Given an argument which is the name or oid of a known objectclass, returns -the list of names of the immediate superclasses. - -=back - -=head1 SEE ALSO - -L, -L - -=head1 AUTHORS - -Graham Barr -John Berthels - -Please report any bugs, or post any suggestions, to the perl-ldap mailing list -. - -=head1 COPYRIGHT - -Copyright (c) 1998-2000 Graham Barr. All rights reserved. This program is -free software; you can redistribute it and/or modify it under the same -terms as Perl itself. - -=for html
- -I<$Id: Schema.pod,v 1.11 2002/04/23 10:57:29 gbarr Exp $> - -=cut diff --git a/lib/Net/LDAP/Search.pm b/lib/Net/LDAP/Search.pm deleted file mode 100644 index ca50c4e..0000000 --- a/lib/Net/LDAP/Search.pm +++ /dev/null @@ -1,174 +0,0 @@ -# Copyright (c) 1997-2000 Graham Barr . All rights reserved. -# This program is free software; you can redistribute it and/or -# modify it under the same terms as Perl itself. - -package Net::LDAP::Search; - -use strict; -use vars qw(@ISA $VERSION); -use Net::LDAP::Message; -use Net::LDAP::Entry; -use Net::LDAP::Filter; -use Net::LDAP::Constant qw(LDAP_SUCCESS LDAP_DECODING_ERROR); - -@ISA = qw(Net::LDAP::Message); -$VERSION = "0.08"; - - -sub first_entry { # compat - my $self = shift; - $self->entry(0); -} - - -sub next_entry { # compat - my $self = shift; - $self->entry( defined $self->{'CurrentEntry'} - ? $self->{'CurrentEntry'} + 1 - : 0); -} - - -sub decode { - my $self = shift; - my $result = shift; - - return $self->SUPER::decode($result) - if exists $result->{protocolOp}{searchResDone}; - - my $data; - - if ($data = delete $result->{protocolOp}{searchResEntry}) { - - my $entry = Net::LDAP::Entry->new; - - $entry->decode($data) - or $self->set_error(LDAP_DECODING_ERROR,"LDAP decode error") - and return; - - push(@{$self->{entries} ||= []}, $entry); - - $self->{callback}->($self,$entry) - if (defined $self->{callback}); - - return $self; - } - elsif ($data = delete $result->{protocolOp}{searchResRef}) { - - push(@{$self->{'reference'} ||= []}, @$data); - - $self->{callback}->($self, bless $data, 'Net::LDAP::Reference') - if (defined $self->{callback}); - - return $self; - } - - $self->set_error(LDAP_DECODING_ERROR, "LDAP decode error"); - return; -} - -sub entry { - my $self = shift; - my $index = shift || 0; # avoid undef warning and default to first entry - - my $entries = $self->{entries} ||= []; - my $ldap = $self->parent; - - # There could be multiple response to a search request - # but only the last will set {resultCode} - until (exists $self->{resultCode} || (@{$entries} > $index)) { - return - unless $ldap->_recvresp($self->mesg_id) == LDAP_SUCCESS; - } - - return - unless (@{$entries} > $index); - - $self->{current_entry} = $index; # compat - - return $entries->[$index]; -} - -sub all_entries { goto &entries } # compat - -sub count { - my $self = shift; - scalar entries($self); -} - -sub shift_entry { - my $self = shift; - - entry($self, 0) ? shift @{$self->{entries}} : undef; -} - -sub pop_entry { - my $self = shift; - - entry($self, 0) ? pop @{$self->{entries}} : undef; -} - -sub sorted { - my $self = shift; - - $self->sync unless exists $self->{resultCode}; - - return unless exists $self->{entries} && ref($self->{entries}); - - return @{$self->{entries}} unless @{$self->{entries}} > 1; - - require Net::LDAP::Util; - - map { $_->[0] } - sort { - my $v; - my $i = 2; - foreach my $attr (@_) { - $v = ($a->[$i] ||= join("\000", @{$a->[0]->get_value($attr, asref => 1) || []})) - cmp - ($b->[$i] ||= join("\000", @{$b->[0]->get_value($attr, asref => 1) || []})) - and last; - $i++; - } - - $v ||= ($a->[1] ||= Net::LDAP::Util::canonical_dn( $a->[0]->dn, reverse => 1, separator => "\0")) - cmp - ($b->[1] ||= Net::LDAP::Util::canonical_dn( $b->[0]->dn, reverse => 1, separator => "\0")); - } - map { [ $_ ] } @{$self->{entries}}; -} - -sub references { - my $self = shift; - - $self->sync unless exists $self->{resultCode}; - - return unless exists $self->{'reference'} && ref($self->{'reference'}); - - @{$self->{'reference'} || []} -} - -sub as_struct { - my $self = shift; - my %result = map { ( $_->dn, ($_->{'attrs'} || $_->_build_attrs) ) } entries($self); - return \%result; -} - -sub entries { - my $self = shift; - - $self->sync unless exists $self->{resultCode}; - - @{$self->{entries} || []} -} - -package Net::LDAP::Reference; - -sub references { - my $self = shift; - - @{$self} -} - - -1; diff --git a/lib/Net/LDAP/Search.pod b/lib/Net/LDAP/Search.pod deleted file mode 100644 index 1c89352..0000000 --- a/lib/Net/LDAP/Search.pod +++ /dev/null @@ -1,117 +0,0 @@ -=head1 NAME - -Net::LDAP::Search - Object returned by Net::LDAP search method - -=head1 SYNOPSIS - - use Net::LDAP; - - $mesg = $ldap->search( @search_args ); - - @entries = $mesg->entries; - -=head1 DESCRIPTION - -A B object is returned from the -L method of a L -object. It is a container object which holds the results of the search. - -=head1 METHODS - -B inherits from L, and so supports -all methods defined in L. - -=over 4 - -=item as_struct - -Returns a reference to a HASH, where the keys are the DN's of the results -and the values are HASH references. These second level HASH's hold the -attributes such that the keys are the attribute names, in lowercase, and -the values are references to and ARRAY holding the values. - -This method will block until the whole search request has finished. - -=item count - -Returns the number of entries returned by the server. - -This method will block until the whole search request has finished. - -=item entry ( INDEX ) - -Return the N'th entry, which will be a L object. If -INDEX is greater than the total number of entries returned then -undef will be returned. - -This method will block until the search request has returned enough -entries. - -=item entries - -Return an array of L objects hat were returned from the -server. - -This method will block until the whole search request has finished. - -=item pop_entry - -Pop an entry from the internal list of L objects for this -search. If there are not more entries then undef is returned. - -This call will block, if the list is empty, until the server returns -another entry. - -=item references - -Return a list of references that the server returned. This will be a list -of L objects. - -=item sorted ( [ ATTR_LIST ] ) - -Return a list of L objects, -sorted by the attributes given in ATTR_LIST. The attributes are -compared in the order specified, each only being compared if all -the prior attributes compare equal. If all the specified attributes -compare equal then the DN is used to determine order. - -=item shift_entry - -Shift an entry from the internal list of L objects for this -search. If there are not more entries then undef is returned. - -This call will block, if the list is empty, until the server returns -another entry. - -=back - -=head1 SEE ALSO - -L, -L, -L, -L - -=head1 ACKNOWLEDGEMENTS - -This document is based on a document originally written by Russell Fulton -. - -=head1 AUTHOR - -Graham Barr - -Please report any bugs, or post any suggestions, to the perl-ldap mailing list -. - -=head1 COPYRIGHT - -Copyright (c) 1997-2000 Graham Barr. All rights reserved. This program is -free software; you can redistribute it and/or modify it under the same -terms as Perl itself. - -=for html
- -I<$Id: Search.pod,v 1.4 2001/08/24 19:31:14 gbarr Exp $> - -=cut diff --git a/lib/Net/LDAP/Security.pod b/lib/Net/LDAP/Security.pod deleted file mode 100644 index bc09a68..0000000 --- a/lib/Net/LDAP/Security.pod +++ /dev/null @@ -1,197 +0,0 @@ -=head1 NAME - -Net::LDAP::Security - Security issues with LDAP connections - -=head1 SYNOPSIS - - none - -=head1 DESCRIPTION - -This document discusses various security issues relating to using LDAP -and connecting to LDAP servers, notably how to manage these potential -vulnerabilities: - -=over 4 - -=item * - -do you know that you are connected to the right server - -=item * - -can someone sniff your passwords/userids from the directory connection - -=item * - -can someone sniff other confidential information from the directory -connection - -=back - -B provides ways to address these vulnerabilities: through the -use of LDAPS, or LDAPv3 and TLS, and/or the use of SASL. Each of these -will be explained below. - -=head2 How does an LDAP connection work - -A normal LDAPv2 or LDAPv3 connection works by the client connecting -directly to port 389 (by default), and then issuing various LDAP -requests like search, add, etc. - -There is no way to guarantee that an LDAP client is connected to the -right LDAP server. Hackers could have poisoned your DNS, so -'ldap.example.com' could be made to point to 'ldap.hacker.com'. Or -they could have installed their own server on the correct machine. - -It is in the nature of the LDAP protocol that all information goes -between the client and the server in 'plain text'. This is a term used -by cryptographers to describe unencrypted and recoverable data, so -even though LDAP can transfer binary values like JPEG photographs, -audio clips and X.509 certificates, everything is still considered -'plain text'. - -If these vulnerabilities are an issue to, then you should consider the -other possibilities described below, namely LDAPS, LDAPv3 and TLS, and -SASL. - -=head2 How does an LDAPS connection work - -LDAPS is an unofficial protocol. It is to LDAP what HTTPS is to HTTP, -namely the exact same protocol (but in this case LDAPv2 or LDAPv3) -running over a I SSL ("Secure Socket Layer") connection to -port 636 (by default). - -Not all servers will be configured to listen for LDAPS connections, -but if they do, it will commonly be on a different port from the normal -plain text LDAP port. - -Using LDAPS can I solve the vulnerabilities described -above, but you should be aware that simply "using" SSL is not a magic -bullet that automatically makes your system "secure". - -First of all, LDAPS can solve the problem of verifying that you are -connected to the correct server. When the client and server connect, -they perform a special SSL 'handshake', part of which involves the -server and client exchanging cryptographic keys, which are described -using X.509 certificates. If the client wishes to confirm that it is -connected to the correct server, all it needs to do is verify the -server's certificate which is sent in the handshake. This is done in -two ways: - -=over 4 - -=item 1 - -check that the certificate is signed (trusted) by someone that you -trust, and that the certificate hasn't been revoked. For instance, the -server's certificate may have been signed by Verisign -(www.verisign.com), and you decide that you want to trust Verisign to -sign legitimate certificates. - -=item 2 - -check that the least-significant cn RDN in the server's -certificate's DN is the fully-qualified hostname of the hostname that -you connected to when creating the LDAPS object. For example if the -server is , then -the RDN to check is cn=ldap.example.com. - -=back - -You can do this by using the cafile and capath options when creating a -B object, I by setting the verify option to 'require'. - -To prevent hackers 'sniffing' passwords and other information on your -connection, you also have to make sure the encryption algorithm used -by the SSL connection is good enough. This is also something that gets -decided by the SSL handshake - if the client and server cannot agree -on an acceptable algorithm the connection is not made. - -B will by default use all the algorithms built into your copy -of OpenSSL, except for ones considered to use "low" strength -encryption, and those using export strength encryption. You can -override this when you create the B object using the -'ciphers' option. - -Once you've made the secure connection, you should also check that the -encryption algorithm that is actually being used is one that you find -acceptable. Broken servers have been observed in the field which 'fail -over' and give you an unencrypted connection, so you ought to check -for that. - -=head2 How does LDAP and TLS work - -SSL is a good solution to many network security problems, but it is -not a standard. The IETF corrected some defects in the SSL mechanism -and published a standard called RFC 2246 which describes TLS -("Transport Layer Security"), which is simply a cleaned up and -standardized version of SSL. - -You can only use TLS with an LDAPv3 server. That is because the -standard (RFC 2830) for LDAP and TLS requires that the I LDAP -connection (ie., on port 389) can be switched on demand from plain text -into a TLS connection. The switching mechanism uses a special extended -LDAP operation, and since these are not legal in LDAPv2, you can only -switch to TLS on an LDAPv3 connection. - -So the way you use TLS with LDAPv3 is that you create your normal -LDAPv3 connection using C, and then you perform the -switch using C. The C method takes -pretty much the same arguments as C, so check above for -details. - -=head2 How does SASL work - -SASL is an authentication framework that can be used by a number of -different Internet services, including LDAPv3. Because it is only a -framework, it doesn't provide any way to authenticate by itself; to -actually authenticate to a service you need to use a specific SASL -I. A number of mechanisms are defined, such as CRAM-MD5. - -The use of a mechanism like CRAM-MD5 provides a solution to the -password sniffing vulnerability, because these mechanisms typically do -not require the user to send across a secret (eg., a password) in the -clear across the network. Instead, authentication is carried out in a -clever way which avoids this, and so prevents passwords from being -sniffed. - -B supports SASL using the B class. Currently the -only B subclasses (ie., SASL mechanism) available are -CRAM-MD5 and EXTERNAL. - -Some SASL mechanisms provide a general solution to the sniffing of all -data on the network vulnerability, as they can negotiate confidential -(ie., encrypted) network connections. Note that this is over and above -any SSL or TLS encryption! Unfortunately, perl's B code -cannot negotiate this. - -=head1 SEE ALSO - -L, -L, -L - -=head1 ACKNOWLEDGEMENTS - -Jim Dutton provided lots of useful feedback -on the early drafts. - -=head1 AUTHOR - -Chris Ridd - -Please report any bugs, or post any suggestions, to the perl-ldap mailing list - - -=head1 COPYRIGHT - -Copyright (c) 2001 Chris Ridd. All rights reserved. This program is -free software; you can redistribute it and/or modify it under the same -terms as Perl itself. - -=for html
- -I<$Id: Security.pod,v 1.1 2001/10/24 13:49:23 chrisridd Exp $> - -=cut \ No newline at end of file diff --git a/lib/Net/LDAP/Util.pm b/lib/Net/LDAP/Util.pm deleted file mode 100644 index 9afa9dc..0000000 --- a/lib/Net/LDAP/Util.pm +++ /dev/null @@ -1,539 +0,0 @@ -# Copyright (c) 1999-2002 Graham Barr and -# Norbert Klasen All Rights Reserved. -# This program is free software; you can redistribute it and/or modify -# it under the same terms as Perl itself. - -package Net::LDAP::Util; - -=head1 NAME - -Net::LDAP::Util - Utility functions - -=head1 SYNOPSIS - - use Net::LDAP::Util qw(ldap_error_text - ldap_error_name - ldap_error_desc - ); - - $mesg = $ldap->search( .... ); - - die "Error ",ldap_error_name($mesg->code) if $mesg->code; - -=head1 DESCRIPTION - -B is a collection of utility functions for use with -the L modules. - -=head1 FUNCTIONS - -=over 4 - -=cut - -use vars qw($VERSION); -require Exporter; -@ISA = qw(Exporter); -@EXPORT_OK = qw( - ldap_error_name - ldap_error_text - ldap_error_desc - canonical_dn - ldap_explode_dn -); -$VERSION = "0.09"; - -=item ldap_error_name ( NUM ) - -Returns the name corresponding with the error number passed in. If the -error is not known the a string in the form C<"LDAP error code %d(0x%02X)"> -is returned. - -=cut - -my @err2name; - -sub ldap_error_name { - my $code = 0+ shift; - require Net::LDAP::Constant; - - unless (@err2name) { - local *FH; - - if (open(FH,$INC{'Net/LDAP/Constant.pm'})) { - while() { - ($err2name[hex($2)] = $1) if /^sub\s+(LDAP_\S+)\s+\(\)\s+\{\s+0x([0-9a-fA-f]{2})\s+\}/; - } - close(FH); - } - } - $err2name[$code] || sprintf("LDAP error code %d(0x%02X)",$code,$code); -} - -=item ldap_error_text ( NUM ) - -Returns the text from the POD description for the given error. If the -error code given is unknown then C is returned. - -=cut - -sub ldap_error_text { - my $name = ldap_error_name(shift); - my $text; - if($name =~ /^LDAP_/) { - my $pod = $INC{'Net/LDAP/Constant.pm'}; - substr($pod,-3) = ".pod"; - local *F; - open(F,$pod) or return; - local $/ = ""; - local $_; - my $len = length($name); - my $indent = 0; - while() { - if(substr($_,0,11) eq "=item LDAP_") { - last if defined $text; - $text = "" if /^=item $name\b/; - } - elsif(defined $text && /^=(\S+)/) { - $indent = 1 if $1 eq "over"; - $indent = 0 if $1 eq "back"; - $text .= " * " if $1 eq "item"; - } - elsif(defined $text) { - if($indent) { - s/\n(?=.)/\n /sog; - } - $text .= $_; - } - } - close(F); - $text =~ s/\n+\Z/\n/ if defined $text; - } - $text; -} - -=item ldap_error_desc ( NUM ) - -Returns a short text description of the error. - -=cut - -my @err2desc = ( - "Success", # 0x00 LDAP_SUCCESS - "Operations error", # 0x01 LDAP_OPERATIONS_ERROR - "Protocol error", # 0x02 LDAP_PROTOCOL_ERROR - "Timelimit exceeded", # 0x03 LDAP_TIMELIMIT_EXCEEDED - "Sizelimit exceeded", # 0x04 LDAP_SIZELIMIT_EXCEEDED - "Compare false", # 0x05 LDAP_COMPARE_FALSE - "Compare true", # 0x06 LDAP_COMPARE_TRUE - "Strong authentication not supported", # 0x07 LDAP_STRONG_AUTH_NOT_SUPPORTED - "Strong authentication required", # 0x08 LDAP_STRONG_AUTH_REQUIRED - "Partial results and referral received", # 0x09 LDAP_PARTIAL_RESULTS - "Referral received", # 0x0a LDAP_REFERRAL - "Admin limit exceeded", # 0x0b LDAP_ADMIN_LIMIT_EXCEEDED - "Critical extension not available", # 0x0c LDAP_UNAVAILABLE_CRITICAL_EXT - "Confidentiality required", # 0x0d LDAP_CONFIDENTIALITY_REQUIRED - "SASL bind in progress", # 0x0e LDAP_SASL_BIND_IN_PROGRESS - undef, - "No such attribute", # 0x10 LDAP_NO_SUCH_ATTRIBUTE - "Undefined attribute type", # 0x11 LDAP_UNDEFINED_TYPE - "Inappropriate matching", # 0x12 LDAP_INAPPROPRIATE_MATCHING - "Constraint violation", # 0x13 LDAP_CONSTRAINT_VIOLATION - "Type or value exists", # 0x14 LDAP_TYPE_OR_VALUE_EXISTS - "Invalid syntax", # 0x15 LDAP_INVALID_SYNTAX - undef, - undef, - undef, - undef, - undef, - undef, - undef, - undef, - undef, - undef, - "No such object", # 0x20 LDAP_NO_SUCH_OBJECT - "Alias problem", # 0x21 LDAP_ALIAS_PROBLEM - "Invalid DN syntax", # 0x22 LDAP_INVALID_DN_SYNTAX - "Object is a leaf", # 0x23 LDAP_IS_LEAF - "Alias dereferencing problem", # 0x24 LDAP_ALIAS_DEREF_PROBLEM - undef, - undef, - undef, - undef, - undef, - undef, - undef, - undef, - undef, - undef, - undef, - "Inappropriate authentication", # 0x30 LDAP_INAPPROPRIATE_AUTH - "Invalid credentials", # 0x31 LDAP_INVALID_CREDENTIALS - "Insufficient access", # 0x32 LDAP_INSUFFICIENT_ACCESS - "DSA is busy", # 0x33 LDAP_BUSY - "DSA is unavailable", # 0x34 LDAP_UNAVAILABLE - "DSA is unwilling to perform", # 0x35 LDAP_UNWILLING_TO_PERFORM - "Loop detected", # 0x36 LDAP_LOOP_DETECT - undef, - undef, - undef, - undef, - undef, - "Sort control missing", # 0x3C LDAP_SORT_CONTROL_MISSING - "Index range error", # 0x3D LDAP_INDEX_RANGE_ERROR - undef, - undef, - "Naming violation", # 0x40 LDAP_NAMING_VIOLATION - "Object class violation", # 0x41 LDAP_OBJECT_CLASS_VIOLATION - "Operation not allowed on nonleaf", # 0x42 LDAP_NOT_ALLOWED_ON_NONLEAF - "Operation not allowed on RDN", # 0x43 LDAP_NOT_ALLOWED_ON_RDN - "Already exists", # 0x44 LDAP_ALREADY_EXISTS - "Cannot modify object class", # 0x45 LDAP_NO_OBJECT_CLASS_MODS - "Results too large", # 0x46 LDAP_RESULTS_TOO_LARGE - "Affects multiple servers", # 0x47 LDAP_AFFECTS_MULTIPLE_DSAS - undef, - undef, - undef, - undef, - undef, - undef, - undef, - undef, - "Unknown error", # 0x50 LDAP_OTHER - "Can't contact LDAP server", # 0x51 LDAP_SERVER_DOWN - "Local error", # 0x52 LDAP_LOCAL_ERROR - "Encoding error", # 0x53 LDAP_ENCODING_ERROR - "Decoding error", # 0x54 LDAP_DECODING_ERROR - "Timed out", # 0x55 LDAP_TIMEOUT - "Unknown authentication method", # 0x56 LDAP_AUTH_UNKNOWN - "Bad search filter", # 0x57 LDAP_FILTER_ERROR - "Canceled", # 0x58 LDAP_USER_CANCELED - "Bad parameter to an ldap routine", # 0x59 LDAP_PARAM_ERROR - "Out of memory", # 0x5a LDAP_NO_MEMORY - "Can't connect to the LDAP server", # 0x5b LDAP_CONNECT_ERROR - "Not supported by this version of the LDAP protocol", # 0x5c LDAP_NOT_SUPPORTED - "Requested LDAP control not found", # 0x5d LDAP_CONTROL_NOT_FOUND - "No results returned", # 0x5e LDAP_NO_RESULTS_RETURNED - "More results to return", # 0x5f LDAP_MORE_RESULTS_TO_RETURN - "Client detected loop", # 0x60 LDAP_CLIENT_LOOP - "Referral hop limit exceeded", # 0x61 LDAP_REFERRAL_LIMIT_EXCEEDED -); - -sub ldap_error_desc { - my $code = shift; - $err2desc[$code] || sprintf("LDAP error code %d(0x%02X)",$code,$code); -} - - - - - -=item canonical_dn ( DN [ , OPTIONS ] ) - -Returns the given B in a canonical form. Returns undef if B is -not a valid Distinguished Name. (Note: The empty string "" is a valid DN.) -B can either be a string or reference to an array of hashes as returned by -ldap_explode_dn, which is useful when constructing a DN. - -It performs the following operations on the given B: - -=over 4 - -=item * - -Removes the leading 'OID.' characters if the type is an OID instead -of a name. - -=item * - -Escapes all RFC 2253 special characters (",", "+", """, "\", "<", ">", -";", "#", "=", " "), slashes ("/"), and any other character where the -ASCII code is <32 as \hexpair. - -=item * - -Converts all leading and trailing spaces in values to be \20. - -=item * - -If an RDN contains multiple parts, the parts are re-ordered so that -the attribute type names are in alphabetical order. - -=back - -B is a list of name/value pairs, valid options are: - -=over 4 - -=item casefold - -Controls case folding of attribute type names. Attribute values are not -affected by this option. The default is to uppercase. Valid values are: - -=over 4 - -=item lower - -Lowercase attribute type names. - -=item upper - -Uppercase attribute type names. This is the default. - -=item none - -Do not change attribute type names. - -=back - -=item mbcescape - -If TRUE, characters that are encoded as a multi-octet UTF-8 sequence -will be escaped as \(hexpair){2,*}. - -=item reverse - -If TRUE, the RDN sequence is reversed. - -=item separator - -Separator to use between RDNs. Defaults to comma (','). - -=back - -=cut - -sub canonical_dn($%) { - my ($dn, %opt) = @_; - - return $dn unless defined $dn and $dn ne ''; - - # create array of hash representation - my $rdns = ref($dn) eq 'ARRAY' - ? $dn - : ldap_explode_dn( $dn ) - or return undef; #error condition - - # assign specified or default separator value - my $separator = $opt{separator} || ','; - - # flatten all RDNs into strings - my @flatrdns = - map { - my $rdn = $_; - my @types = sort keys %$rdn; - join('+', - map { - my $val = $rdn->{$_}; - - if ( ref($val) ) { - $val = '#' . unpack("H*", $$val); - } else { - #escape insecure characters and optionally MBCs - if ( $opt{mbcescape} ) { - $val =~ s/([\x00-\x1f\/\\",=+<>#;\x7f-\xff])/ - sprintf("\\%02x",ord($1))/xeg; - } else { - $val =~ s/([\x00-\x1f\/\\",=+<>#;])/ - sprintf("\\%02x",ord($1))/xeg; - } - #escape leading and trailing whitespace - $val =~ s/(^\s+|\s+$)/ - "\\20" x length $1/xeg; - } - - # case fold attribute type and create return value - if ( !$opt{casefold} || $opt{casefold} eq 'upper' ) { - (uc $_)."=$val"; - } elsif ( $opt{casefold} eq 'lower' ) { - (lc $_)."=$val"; - } else { - "$_=$val"; - } - } @types); - } @$rdns; - - # join RDNs into string, optionally reversing order - $opt{reverse} - ? join($separator, reverse @flatrdns) - : join($separator, @flatrdns); -} - - -=item ldap_explode_dn ( DN [ , OPTIONS ] ) - -Explodes the given B into an array of hashes and returns a reference to this -array. Returns undef if B is not a valid Distinguished Name. - -A Distinguished Name is a sequence of Relative Distingushed Names (RDNs), which -themselves are sets of Attributes. For each RDN a hash is constructed with the -attribute type names as keys and the attribute values as corresponding values. -These hashes are then strored in an array in the order in which they appear -in the DN. - -For example, the DN 'OU=Sales+CN=J. Smith,DC=example,DC=net' is exploded to: -[ - { - 'OU' => 'Sales', - 'CN' => 'J. Smith' - }, - { - 'DC' => 'example' - }, - { - 'DC' => 'net' - } -] - -(RFC2253 string) DNs might also contain values, which are the bytes of the -BER encoding of the X.500 AttributeValue rather than some LDAP string syntax. -These values are hex-encoded and prefixed with a #. To distingush such BER -values, ldap_explode_dn uses references to the actual values, -e.g. '1.3.6.1.4.1.1466.0=#04024869,DC=example,DC=com' is exploded to: -[ - { - '1.3.6.1.4.1.1466.0' => \"\004\002Hi" - }, - { - 'DC' => 'example' - }, - { - 'DC' => 'com' - } -]; - -It also performs the following operations on the given DN: - -=over 4 - -=item * - -Unescape "\" followed by ",", "+", """, "\", "<", ">", ";", "#", "=", -" ", or a hexpair and and strings beginning with "#". - -=item * - -Removes the leading OID. characters if the type is an OID instead -of a name. - -=back - -B is a list of name/value pairs, valid options are: - -=over 4 - -=item casefold - -Controls case folding of attribute types names. Attribute values are not -affected by this option. The default is to uppercase. Valid values are: - -=over 4 - -=item lower - -Lowercase attribute types names. - -=item upper - -Uppercase attribute type names. This is the default. - -=item none - -Do not change attribute type names. - -=item reverse - -If TRUE, the RDN sequence is reversed. - -=back - -=cut - -sub ldap_explode_dn($%) { - my ($dn, %opt) = @_; - return undef unless defined $dn; - return [] if $dn eq ''; - - my (@dn, %rdn); - while ( - $dn =~ /\G(?: - \s* - ([a-zA-Z][-a-zA-Z0-9]*|(?:[Oo][Ii][Dd]\.)?\d+(?:\.\d+)*) - \s* - = - \s* - ( - (?:[^\\",=+<>\#;]*[^\\",=+<>\#;\s]|\s*\\(?:[\\ ",=+<>#;]|[0-9a-fA-F]{2}))* - | - \#(?:[0-9a-fA-F]{2})+ - | - "(?:[^\\"]+|\\(?:[\\",=+<>#;]|[0-9a-fA-F]{2}))*" - ) - \s* - (?:([;,+])\s*(?=\S)|$) - )\s*/gcx) - { - my($type,$val,$sep) = ($1,$2,$3); - - $type =~ s/^oid\.(\d+(\.\d+)*)$/$1/i; #remove leading "oid." - - if ( !$opt{casefold} || $opt{casefold} eq 'upper' ) { - $type = uc $type; - } elsif ( $opt{casefold} eq 'lower' ) { - $type = lc($type); - } - - if ( $val =~ s/^#// ) { - # decode hex-encoded BER value - my $tmp = pack('H*', $val); - $val = \$tmp; - } else { - # remove quotes - $val =~ s/^"(.*)"$/$1/; - # unescape characters - $val =~ s/\\([\\ ",=+<>#;]|[0-9a-fA-F]{2}) - /length($1)==1 ? $1 : chr(hex($1)) - /xeg; - } - - $rdn{$type} = $val; - - unless (defined $sep and $sep eq '+') { - if ( $opt{reverse} ) { - unshift @dn, { %rdn }; - } else { - push @dn, { %rdn }; - } - %rdn = (); - } - } - - length($dn) == (pos($dn)||0) - ? \@dn - : undef; -} - - -=back - -=head1 AUTHOR - -Graham Barr - -=head1 COPYRIGHT - -Copyright (c) 1999-2002 Graham Barr. All rights reserved. This program is -free software; you can redistribute it and/or modify it under the same -terms as Perl itself. - -ldap_explode_dn and canonical_dn also - -(c) 2002 Norbert Klasen, norbert.klasen@daasi.de, All Rights Reserved. - -=for html
- -I<$Id: Util.pm,v 1.15 2002/06/03 15:26:46 gbarr Exp $> - -=cut - -1;