LDAP structure
vmlintu edited this page Jan 11, 2011
·
10 revisions
Puavo expects the LDAP directory structure to be the following:
| Organizational unit | Content |
| ou=People | Real end-users |
| ou=Groups | Groups |
| ou=Roles | User roles |
| ou=Hosts | Computers |
| ou=System Accounts | Accounts for applications / services |
| ou=System Groups | Groups for applications / services |
| ou=Kerberos Realms | Kerberos principals |
| ou=Idmap | Samba idmap |
| ou=Password Policies | Kerberos password policies |
Puavo uses the following schemas that installed by setup_puavo_ldap.rb (the files are located under schema/ or /etc/ldap/schema):
| Schema | Description |
| autofs | AutoFS5 |
| cosine | RFC1274: Cosine and Internet X.500 schema |
| dnsdomain2 | Schema for PowerDNS LDAP backend |
| eduorg | Internet2 eduOrg describes educational organisations |
| eduperson | Internet2 eduPerson describes individuals within educational organisations |
| inetorgperson | RFC2798 of the inetOrgPerson LDAP Object Class |
| kerberos | MIT kerberos principals |
| nis | RFC2307 An Approach for Using LDAP as a Network Information Service |
| ppolicy | Password Policy for LDAP Directories |
| printer | CUPS printer information |
| puavo | Puavo specific information |
| puppet | Puppet configuration |
| samba | Samba configuration |
| Object class | Attribute | Used by Puavo | Required attribute in schema | Description | Constraints | Used by |
| organization | o | X | X | |||
| organization | userPassword | |||||
| organization | searchGuide | |||||
| organization | seeAlso | |||||
| organization | businessCategory | |||||
| organization | x121Address | |||||
| organization | registeredAddress | |||||
| organization | destinationIndicator | |||||
| organization | preferredDeliveryMethod | |||||
| organization | telexNumber | |||||
| organization | teletexTerminalIdentifier | |||||
| organization | telephoneNumber | |||||
| organization | internationaliSDNNumber | |||||
| organization | facsimileTelephoneNumber | |||||
| organization | street | |||||
| organization | postOfficeBox | |||||
| organization | postalCode | |||||
| organization | postalAddress | |||||
| organization | physicalDeliveryOfficeName | |||||
| organization | st | |||||
| organization | l | |||||
| organization | description | |||||
| eduOrg | cn | |||||
| eduOrg | eduOrgHomePageURI | |||||
| eduOrg | eduOrgIdentityAuthNPolicyURI | |||||
| eduOrg | eduOrgLegalName | |||||
| eduOrg | eduOrgSuperiorURI | |||||
| eduOrg | eduOrgWhitePagesURI | |||||
| puavoEduOrg | owner | |||||
| puavoEduOrg | puavoKerberosRealm | |||||
| puavoEduOrg | puavoDomain | Domain used for the organisation, also used as hostname for the administration interface | ||||
| puavoEduOrg | puavoKadminPort | |||||
| puavoEduOrg | puavoPuppetHost | |||||
| puavoEduOrg | sambaDomainName | |||||
| puavoEduOrg | preferredLanguage |
| Object class | Attribute | Used by Puavo | Required attribute in schema | Description | Constraints | Used by |
| posixAccount | cn | X | X | RFC2256: common name(s) for which the entity is known by (Full name of the user in Puavo)) | nss/ldapd/sssd | |
| posixAccount | uid | X | X | Unique in the database | ||
| posixAccount | uidNumber | X | X | unique, > 1000 | nss | |
| posixAccount | gidNumber | X | X | unique, > 1000 | nss | |
| posixAccount | homeDirectory | X | X | |||
| posixAccount | userPassword | X | {SASL}userid@REALM | |||
| posixAccount | loginShell | X | ||||
| posixAccount | gecos | GECOS field, contains the real name of the user | Not used in Puavo because lack of UTF-8 support | |||
| posixAccount | description | RFC2256: descriptive information | ||||
| inetOrgPerson | audio | |||||
| inetOrgPerson | businessCategory | |||||
| inetOrgPerson | carLicense | |||||
| inetOrgPerson | departmentNumber | |||||
| inetOrgPerson | displayName | X | Real name of the user to be shown in lists | UTF-8 | nss/ldapd, sssd | |
| inetOrgPerson | employeeNumber | |||||
| inetOrgPerson | employeeType | |||||
| inetOrgPerson | givenName | X | First name of the user | UTF-8 | ||
| inetOrgPerson | homePhone | X | User’s home phone number | |||
| inetOrgPerson | homePostalAddress | |||||
| inetOrgPerson | initials | |||||
| inetOrgPerson | jpegPhoto | X | ||||
| inetOrgPerson | labeledURI | |||||
| inetOrgPerson | X | User’s email address(es) | ||||
| inetOrgPerson | manager | |||||
| inetOrgPerson | mobile | X | User’s mobile phone number | |||
| inetOrgPerson | o | RFC2256: organization this object belongs to | ||||
| inetOrgPerson | pager | |||||
| inetOrgPerson | x500uniqueIdentifier | |||||
| inetOrgPerson | preferredLanguage | X | ||||
| inetOrgPerson | userSMIMECertificate | |||||
| inetOrgPerson | userPKCS12 | |||||
| person | sn | X | X | RFC2256: last (family) name(s) for which the entity is known by | ||
| person | cn | X | X | |||
| person | userPassword | X | ||||
| person | telephoneNumber | X | ||||
| person | seeAlso | |||||
| person | description | RFC2256: descriptive information | ||||
| sambaSamAccount | uid | X | X | |||
| sambaSamAccount | sambaSID | X | X | |||
| sambaSamAccount | cn | X | ||||
| sambaSamAccount | sambaLMPassword | X | ||||
| sambaSamAccount | sambaNTPassword | X | ||||
| sambaSamAccount | sambaPwdLastSet | X | ||||
| sambaSamAccount | sambaLogonTime | |||||
| sambaSamAccount | sambaLogoffTime | |||||
| sambaSamAccount | sambaKickoffTime | |||||
| sambaSamAccount | sambaPwdCanChange | X | ||||
| sambaSamAccount | sambaPwdMustChange | X | ||||
| sambaSamAccount | sambaAcctFlags | X | ||||
| sambaSamAccount | displayName | X | ||||
| sambaSamAccount | sambaHomePath | |||||
| sambaSamAccount | sambaHomeDrive | |||||
| sambaSamAccount | sambaLogonScript | |||||
| sambaSamAccount | sambaProfilePath | |||||
| sambaSamAccount | description | |||||
| sambaSamAccount | sambaUserWorkstations | |||||
| sambaSamAccount | sambaPrimaryGroupSID | X | ||||
| sambaSamAccount | sambaDomainName | |||||
| sambaSamAccount | sambaMungedDial | |||||
| sambaSamAccount | sambaBadPasswordCount | |||||
| sambaSamAccount | sambaBadPasswordTime | |||||
| sambaSamAccount | sambaPasswordHistory | |||||
| sambaSamAccount | sambaLogonHours | |||||
| puavoEduPerson | puavoEduPersonEntryYear | X | ||||
| puavoEduPerson | puavoEduPersonEmailEnabled | X | ||||
| puavoEduPerson | puavoEduPersonAffiliation | X | ||||
| puavoEduPerson | puavoSchool | X | X | |||
| puavoEduPerson | puavoUserRole | X | ||||
| puavoEduPerson | puavoEduPersonLastFirstName | X | ||||
| eduPerson | eduPersonAffiliation | X | faculty, student, staff, alum, member, affiliate, employee, library-walk-in, guardian | |||
| eduPerson | eduPersonNickname | |||||
| eduPerson | eduPersonOrgDN | |||||
| eduPerson | eduPersonOrgUnitDN | |||||
| eduPerson | eduPersonPrimaryAffiliation | |||||
| eduPerson | eduPersonPrincipalName | X | User’s kerberos principal | uid@REALM | ||
| eduPerson | eduPersonEntitlement | |||||
| eduPerson | eduPersonPrimaryOrgUnitDN | |||||
| eduPerson | eduPersonScopedAffiliation | |||||
| eduPerson | eduPersonTargetedID | |||||
| eduPerson | eduPersonAssurance |
| Object class | Attribute | Used by Puavo | Required attribute in schema | Description | Constraints | Used by |
| posixGroup | cn | X | X | |||
| posixGroup | gidNumber | X | X | |||
| posixGroup | userPassword | |||||
| posixGroup | memberUid | X | ||||
| posixGroup | description | X | ||||
| sambaGroupMapping | gidNumber | X | X | |||
| sambaGroupMapping | sambaSID | X | X | |||
| sambaGroupMapping | sambaGroupType | X | X | |||
| sambaGroupMapping | displayName | X | ||||
| sambaGroupMapping | description | X | ||||
| sambaGroupMapping | sambaSIDList | X | ||||
| puavoEduGroup | puavoId | X | X | |||
| puavoEduGroup | puavoSchool | X | X | |||
| puavoEduGroup | displayName | X | ||||
| puavoEduGroup | puavoEduGroupType | X | ||||
| puavoEduGroup | member | X |
| Object class | Attribute | Used by Puavo | Required attribute in schema | Description | Constraints | Used by |
| posixGroup | cn | X | X | |||
| posixGroup | gidNumber | X | X | |||
| posixGroup | userPassword | |||||
| posixGroup | memberUid | X | ||||
| posixGroup | description | X | ||||
| sambaGroupMapping | gidNumber | X | X | |||
| sambaGroupMapping | sambaSID | X | X | |||
| sambaGroupMapping | sambaGroupType | X | X | |||
| sambaGroupMapping | displayName | X | ||||
| sambaGroupMapping | description | X | ||||
| sambaGroupMapping | sambaSIDList | X | ||||
| puavoSchool | puavoSchoolName | X | X | |||
| puavoSchool | puavoSchoolHomePageURL | X | ||||
| puavoSchool | puavoSchoolAdmin | X | ||||
| puavoSchool | preferredLanguage | X |
| Object class | Attribute | Used by Puavo | Required attribute in schema | Description | Constraints | Used by |
| puavoUserRole | puavoId | X | X | |||
| puavoUserRole | puavoSchool | X | X | |||
| puavoUserRole | cn | X | X | |||
| puavoUserRole | displayName | X | X | |||
| puavoUserRole | member | X | DNs of users that have been assigned to the profile | |||
| puavoUserRole | memberUid | X | X | uids of users that have been assigned to the profile | ||
| puavoUserRole | puavoMemberGroup | X | DNs of groups that have been assigned to the profile |
| Object class | Attribute | Used by Puavo | Required attribute in schema | Description | Constraints | Used by |
| puavoIdPool | cn | X | X | |||
| puavoIdPool | puavoNextUidNumber | X | X | |||
| puavoIdPool | puavoNextGidNumber | X | X | |||
| puavoIdPool | puavoNextId | X | X |