Ldap Schema
From UGCS
(Difference between revisions)
| Line 2: | Line 2: | ||
See http://www.openldap.org/doc/admin22/schema.html for help on editing schemas. | See http://www.openldap.org/doc/admin22/schema.html for help on editing schemas. | ||
| + | |||
| + | When editing files, use slaptest to see if your config files are correct. This saves you the headache of having the ldap server not start back up because you goofed the config file (which is pretty easy to do, it's kinda picky) | ||
=OU's= | =OU's= | ||
| Line 8: | Line 10: | ||
* Hosts: All hosts go in here | * Hosts: All hosts go in here | ||
* Maillists: A custom UGCS ou, it contains all the mailing lists (at least the ones that have ldap entries). The principal remctl/maillist has write access to it. | * Maillists: A custom UGCS ou, it contains all the mailing lists (at least the ones that have ldap entries). The principal remctl/maillist has write access to it. | ||
| − | + | * Loginrecords: Another custom UGCS ou, it contains login records (see objectclass "loginrecord" ) | |
| − | + | ||
| − | + | ||
=Object Classes= | =Object Classes= | ||
| Line 18: | Line 18: | ||
* OID 1.3.6.1.4.1.8186.12.2.1, MUST mail, cn | * OID 1.3.6.1.4.1.8186.12.2.1, MUST mail, cn | ||
Represents a UGCS mailing list. Currently it just exists so you can make it an amavisAccount and add spam filtering stuff to it. | Represents a UGCS mailing list. Currently it just exists so you can make it an amavisAccount and add spam filtering stuff to it. | ||
| + | |||
| + | ==loginrecord== | ||
| + | * OID 1.3.6.1.4.1.8186.12.2.2 MUST cn, uid, status, logintime, ipHostNumber, source MAY logouttime | ||
| + | ** The CN for this record should be a unique login session id (randomly generated) | ||
| + | ** source should not be publicly readable, the rest don't matter | ||
| + | |||
| + | * Attribute status: OID 1.3.6.1.4.1.8186.12.1.1, text, should be one of "loggedin", "loggedout" | ||
| + | * Attribute logintime, logouttime: OID 1.3.6.1.4.1.8186.12.1.(2,3) | ||
| + | * Attribute source: 1.3.6.1.4.1.8186.12.1.5, IP of the computer they logged in from, "gdm" for graphical login, or "tty#" for a terminal | ||
[[Category:Sysadmin_Documentation]] | [[Category:Sysadmin_Documentation]] | ||
Revision as of 20:16, 3 May 2008
Our IANA PEN is 1.3.6.1.4.1.8186.12. We were given this number by Caltech.
See http://www.openldap.org/doc/admin22/schema.html for help on editing schemas.
When editing files, use slaptest to see if your config files are correct. This saves you the headache of having the ldap server not start back up because you goofed the config file (which is pretty easy to do, it's kinda picky)
Contents |
OU's
- People: all users go under here
- Groups: groups go under here
- Hosts: All hosts go in here
- Maillists: A custom UGCS ou, it contains all the mailing lists (at least the ones that have ldap entries). The principal remctl/maillist has write access to it.
- Loginrecords: Another custom UGCS ou, it contains login records (see objectclass "loginrecord" )
Object Classes
Object Classes go under 1.3.6.1.4.1.8186.12.2
maillist
- OID 1.3.6.1.4.1.8186.12.2.1, MUST mail, cn
Represents a UGCS mailing list. Currently it just exists so you can make it an amavisAccount and add spam filtering stuff to it.
loginrecord
- OID 1.3.6.1.4.1.8186.12.2.2 MUST cn, uid, status, logintime, ipHostNumber, source MAY logouttime
- The CN for this record should be a unique login session id (randomly generated)
- source should not be publicly readable, the rest don't matter
- Attribute status: OID 1.3.6.1.4.1.8186.12.1.1, text, should be one of "loggedin", "loggedout"
- Attribute logintime, logouttime: OID 1.3.6.1.4.1.8186.12.1.(2,3)
- Attribute source: 1.3.6.1.4.1.8186.12.1.5, IP of the computer they logged in from, "gdm" for graphical login, or "tty#" for a terminal
