Directory Structure
DIT
dc=ca-zephyr,dc=org - the base distinguished name
cn=applications - this branch of the directory contains group objects that are used to in the definition of OpenLDAP ACLs
cn=auth - this branch contains krb5principalname mapping objects
cn=people - this branch contains information about people. Each person entry is defined by uid=value and has an objectclass of czPerson. Person entries may have sub-entries with a dn of cn=value,uid=value that is of objectclass czPersonalNote.
cn=groups - contains group information such as posixGroups
CZ Attributes
The unique attributes used by ca-zephyr.org applications can be viewed using the command:
ldapsearch -o ldif-wrap=no -LLL -Q -b cn={8}ca-zephyr,cn=schema,cn=config | pp-schema
Note: the pp-schema
is a simple Perl script used to format the output
into a more readable format.
dn: cn={8}ca-zephyr,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: {8}ca-zephyr
olcAttributeTypes: {0}( 1.3.6.1.4.1.39513.1.1
NAME 'czComments'
DESC 'Comments'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32767} )
olcAttributeTypes: {1}( 1.3.6.1.4.1.39513.1.2
NAME 'czDisabledFlag'
DESC 'Flag that disables an entry'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{16} SINGLE-VALUE )
olcAttributeTypes: {2}( 1.3.6.1.4.1.39513.1.3
NAME 'czMailAlias'
DESC 'Accept mail to this mailDelivery address'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} )
olcAttributeTypes: {3}( 1.3.6.1.4.1.39513.1.4
NAME 'czMailDelivery'
DESC 'The delivery mailbox for email'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} )
olcAttributeTypes: {4}( 1.3.6.1.4.1.39513.1.5
NAME 'czMailDistributionID'
DESC 'ID for mail distribution lists'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
olcAttributeTypes: {5}( 1.3.6.1.4.1.39513.1.6
NAME 'czPrivilegeGroup'
DESC 'Privilege Group'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512} )
olcAttributeTypes: {6}( 1.3.6.1.4.1.39513.1.7
NAME 'czWorkPhone'
DESC 'Work telephone'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {7}( 1.3.6.1.4.1.39513.1.8
NAME 'czCommentsVisibility'
DESC 'Visibility of a Comment'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: {8}( 1.3.6.1.4.1.39513.1.9
NAME 'czCredential'
DESC 'Secret Credential'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {9}( 1.3.6.1.4.1.39513.1.10
NAME 'descriptionVisibility'
DESC 'Visibility of a description'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: {10}( 1.3.6.1.4.1.39513.1.11
NAME 'labeledUriVisibility'
DESC 'Visibility of a labeledURI'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: {11}( 1.3.6.1.4.1.39513.1.12
NAME 'uidVisibility'
DESC 'Visibility of a UID'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: {12}( 1.3.6.1.4.1.39513.1.13
NAME 'czHostAdmin'
DESC 'Filter to select root users with local accounts'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512} )
olcAttributeTypes: {13}( 1.3.6.1.4.1.39513.1.14
NAME 'czHostUser'
DESC 'Filter to select users access to a host'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512} )
olcAttributeTypes: {14}( 1.3.6.1.4.1.39513.1.15
NAME 'czHostSUDO'
DESC 'Filter to select users in SUDO groups'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512} )
olcAttributeTypes: {15}( 1.3.6.1.4.1.39513.1.16
NAME 'czOwner'
DESC 'System owner'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512} )
olcAttributeTypes: {16}( 1.3.6.1.4.1.39513.1.17
NAME 'czRole'
DESC 'Dropbox Role Identifier'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512} )
olcAttributeTypes: {17}( 1.3.6.1.4.1.42921.1.18
NAME 'czCname'
DESC 'The cname for the host'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512} )
olcAttributeTypes: {18}( 1.3.6.1.4.1.42921.1.19
NAME 'czNetStatus'
DESC 'The status of a network object'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512} SINGLE-VALUE )
olcAttributeTypes: {19}( 1.3.6.1.4.1.42921.1.20
NAME 'czReadUID'
DESC 'UID with read access to entry'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512} )
olcAttributeTypes: {20}( 1.3.6.1.4.1.42921.1.21
NAME 'czWriteUID'
DESC 'UID with write access to entry'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512} )
olcAttributeTypes: {21}( 1.3.6.1.4.1.39513.1.22
NAME 'czHistory'
DESC 'History of changes to an entry'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32767} )
olcObjectClasses: {0}( 1.3.6.1.4.1.39513.2.1
NAME 'czPerson'
SUP top AUXILIARY
MUST ( uid )
MAY ( czComments
$ czDisabledFlag
$ czHistory
$ czMailAlias
$ czMailDelivery
$ czMailDistributionID
$ czPrivilegeGroup
$ czWorkPhone ) )
olcObjectClasses: {1}( 1.3.6.1.4.1.39513.2.2
NAME 'czPersonNote'
SUP top
STRUCTURAL
MUST ( cn )
MAY ( czcomments
$ czCommentsVisibility
$ czCredential
$ description
$ descriptionVisibility
$ czCredential
$ czHistory
$ labeledURI
$ labeledUriVisibility
$ uid
$ uidVisibility
$ czReadUID
$ czWriteUID) )
olcObjectClasses: {2}( 1.3.6.1.4.1.39513.2.3
NAME 'czSecurityObject'
SUP top
STRUCTURAL
MUST ( cn )
MAY ( uid
$ czCredential
$ czHistory
$ description
$ krb5PrincipalName ) )
olcObjectClasses: {3}( 1.3.6.1.4.1.39513.2.4
NAME 'czHost'
DESC 'Host Entry'
SUP top AUXILIARY
MUST ( cn )
MAY ( czComments
$ czHistory
$ czHostAdmin
$ czHostUser
$ czHostSUDO
$ czOwner
$ czRole
$ czCname
$ czNetStatus
$ krb5PrincipalName ) )
olcObjectClasses: {4}( 1.3.6.1.4.1.39513.2.5
NAME 'czService'
DESC 'Registered Application'
SUP top
STRUCTURAL
MUST ( cn )
MAY ( czHistory
$ description
$ memberUid
$ krb5PrincipalName ) )