Directory Structure

DIT

dc=ca-zephyr,dc=org - the base distinguished name
cn=applications - this branch of the directory contains group objects that are used to in the definition of OpenLDAP ACLs
cn=auth - this branch contains krb5principalname mapping objects
cn=people - this branch contains information about people. Each person entry is defined by uid=value and has an objectclass of czPerson. Person entries may have sub-entries with a dn of cn=value,uid=value that is of objectclass czPersonalNote.
cn=groups - contains group information such as posixGroups

CZ Attributes

The unique attributes used by ca-zephyr.org applications can be viewed using the command:

    ldapsearch -o ldif-wrap=no -LLL -Q -b cn={8}ca-zephyr,cn=schema,cn=config | pp-schema

Note: the pp-schema is a simple Perl script used to format the output into a more readable format.

dn: cn={8}ca-zephyr,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {8}ca-zephyr
olcAttributeTypes: {0}( 1.3.6.1.4.1.39513.1.1 
  NAME 'czComments' 
  DESC 'Comments' 
  EQUALITY caseIgnoreMatch 
  SUBSTR caseIgnoreSubstringsMatch 
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32767} )
olcAttributeTypes: {1}( 1.3.6.1.4.1.39513.1.2 
  NAME 'czDisabledFlag' 
  DESC 'Flag that disables an entry' 
  EQUALITY caseIgnoreMatch 
  SUBSTR caseIgnoreSubstringsMatch 
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{16} SINGLE-VALUE )
olcAttributeTypes: {2}( 1.3.6.1.4.1.39513.1.3 
  NAME 'czMailAlias' 
  DESC 'Accept mail to this mailDelivery address' 
  EQUALITY caseIgnoreIA5Match 
  SUBSTR caseIgnoreIA5SubstringsMatch 
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} )
olcAttributeTypes: {3}( 1.3.6.1.4.1.39513.1.4 
  NAME 'czMailDelivery' 
  DESC 'The delivery mailbox for email' 
  EQUALITY caseIgnoreIA5Match 
  SUBSTR caseIgnoreIA5SubstringsMatch 
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} )
olcAttributeTypes: {4}( 1.3.6.1.4.1.39513.1.5 
  NAME 'czMailDistributionID' 
  DESC 'ID for mail distribution lists' 
  EQUALITY caseIgnoreMatch 
  SUBSTR caseIgnoreSubstringsMatch 
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
olcAttributeTypes: {5}( 1.3.6.1.4.1.39513.1.6 
  NAME 'czPrivilegeGroup' 
  DESC 'Privilege Group' 
  EQUALITY caseIgnoreMatch 
  SUBSTR caseIgnoreSubstringsMatch 
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512} )
olcAttributeTypes: {6}( 1.3.6.1.4.1.39513.1.7 
  NAME 'czWorkPhone' 
  DESC 'Work telephone' 
  EQUALITY caseIgnoreMatch 
  SUBSTR caseIgnoreSubstringsMatch 
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {7}( 1.3.6.1.4.1.39513.1.8 
  NAME 'czCommentsVisibility' 
  DESC 'Visibility of a Comment' 
  EQUALITY caseIgnoreMatch 
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: {8}( 1.3.6.1.4.1.39513.1.9 
  NAME 'czCredential' 
  DESC 'Secret Credential' 
  EQUALITY caseIgnoreMatch 
  SUBSTR caseIgnoreSubstringsMatch 
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {9}( 1.3.6.1.4.1.39513.1.10 
  NAME 'descriptionVisibility' 
  DESC 'Visibility of a description' 
  EQUALITY caseIgnoreMatch 
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: {10}( 1.3.6.1.4.1.39513.1.11 
  NAME 'labeledUriVisibility' 
  DESC 'Visibility of a labeledURI' 
  EQUALITY caseIgnoreMatch 
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: {11}( 1.3.6.1.4.1.39513.1.12 
  NAME 'uidVisibility' 
  DESC 'Visibility of a UID' 
  EQUALITY caseIgnoreMatch 
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: {12}( 1.3.6.1.4.1.39513.1.13 
  NAME 'czHostAdmin' 
  DESC 'Filter to select root users with local accounts' 
  EQUALITY caseIgnoreMatch 
  SUBSTR caseIgnoreSubstringsMatch 
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512} )
olcAttributeTypes: {13}( 1.3.6.1.4.1.39513.1.14 
  NAME 'czHostUser' 
  DESC 'Filter to select users access to a host' 
  EQUALITY caseIgnoreMatch 
  SUBSTR caseIgnoreSubstringsMatch 
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512} )
olcAttributeTypes: {14}( 1.3.6.1.4.1.39513.1.15 
  NAME 'czHostSUDO' 
  DESC 'Filter to select users in SUDO groups' 
  EQUALITY caseIgnoreMatch 
  SUBSTR caseIgnoreSubstringsMatch 
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512} )
olcAttributeTypes: {15}( 1.3.6.1.4.1.39513.1.16 
  NAME 'czOwner' 
  DESC 'System owner' 
  EQUALITY caseIgnoreMatch 
  SUBSTR caseIgnoreSubstringsMatch 
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512} )
olcAttributeTypes: {16}( 1.3.6.1.4.1.39513.1.17 
  NAME 'czRole' 
  DESC 'Dropbox Role Identifier' 
  EQUALITY caseIgnoreMatch 
  SUBSTR caseIgnoreSubstringsMatch 
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512} )
olcAttributeTypes: {17}( 1.3.6.1.4.1.42921.1.18 
  NAME 'czCname' 
  DESC 'The cname for the host' 
  EQUALITY caseIgnoreMatch 
  SUBSTR caseIgnoreSubstringsMatch 
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512} )
olcAttributeTypes: {18}( 1.3.6.1.4.1.42921.1.19 
  NAME 'czNetStatus' 
  DESC 'The status of a network object' 
  EQUALITY caseIgnoreMatch 
  SUBSTR caseIgnoreSubstringsMatch 
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512} SINGLE-VALUE )
olcAttributeTypes: {19}( 1.3.6.1.4.1.42921.1.20 
  NAME 'czReadUID' 
  DESC 'UID with read access to entry' 
  EQUALITY caseIgnoreMatch 
  SUBSTR caseIgnoreSubstringsMatch 
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512} )
olcAttributeTypes: {20}( 1.3.6.1.4.1.42921.1.21 
  NAME 'czWriteUID' 
  DESC 'UID with write access to entry' 
  EQUALITY caseIgnoreMatch 
  SUBSTR caseIgnoreSubstringsMatch 
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512} )
olcAttributeTypes: {21}( 1.3.6.1.4.1.39513.1.22 
  NAME 'czHistory' 
  DESC 'History of changes to an entry' 
  EQUALITY caseIgnoreMatch 
  SUBSTR caseIgnoreSubstringsMatch 
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32767} )
olcObjectClasses: {0}( 1.3.6.1.4.1.39513.2.1 
  NAME 'czPerson' 
  SUP top AUXILIARY 
  MUST ( uid ) 
  MAY ( czComments 
    $ czDisabledFlag 
    $ czHistory 
    $ czMailAlias 
    $ czMailDelivery 
    $ czMailDistributionID 
    $ czPrivilegeGroup 
    $ czWorkPhone ) )
olcObjectClasses: {1}( 1.3.6.1.4.1.39513.2.2 
  NAME 'czPersonNote' 
  SUP top 
  STRUCTURAL 
  MUST ( cn ) 
  MAY ( czcomments 
    $ czCommentsVisibility 
    $ czCredential 
    $ description 
    $ descriptionVisibility 
    $ czCredential 
    $ czHistory 
    $ labeledURI 
    $ labeledUriVisibility 
    $ uid 
    $ uidVisibility 
    $ czReadUID 
    $ czWriteUID) )
olcObjectClasses: {2}( 1.3.6.1.4.1.39513.2.3 
  NAME 'czSecurityObject' 
  SUP top  
  STRUCTURAL 
  MUST ( cn ) 
  MAY ( uid 
    $ czCredential 
    $ czHistory 
    $ description 
    $ krb5PrincipalName ) )
olcObjectClasses: {3}( 1.3.6.1.4.1.39513.2.4 
  NAME 'czHost' 
  DESC 'Host Entry' 
  SUP top AUXILIARY 
  MUST ( cn ) 
  MAY ( czComments 
    $ czHistory 
    $ czHostAdmin 
    $ czHostUser 
    $ czHostSUDO 
    $ czOwner 
    $ czRole 
    $ czCname 
    $ czNetStatus 
    $ krb5PrincipalName ) )
olcObjectClasses: {4}( 1.3.6.1.4.1.39513.2.5 
  NAME 'czService' 
  DESC 'Registered Application' 
  SUP top 
  STRUCTURAL 
  MUST ( cn ) 
  MAY ( czHistory 
    $ description 
    $ memberUid 
    $ krb5PrincipalName ) )