API tools faq
paste
Advertisement
Guest User

Untitled

a guest
Apr 7th, 2016
666
0
Never
Add comment
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
LDIF 12.57 KB | None | 0 0
raw download clone embed print report
  1. # This schema contains OIDs from Uninett and FreeIPA.
  2. #
  3. # Unninet: http://drift.uninett.no/nett/ip-nett/dnsattributes.schema
  4. #          Base OID for DNS records is 1.3.6.1.4.1.2428.20.1,
  5. #          see http://drift.uninett.no/nett/ip-nett/oids.html
  6. #
  7. # FreeIPA: http://freeipa.org/
  8. #          Base OID for DNS records is 2.16.840.1.113730.3.8.5
  9. #          Base OID for DNS objectClasses is 2.16.840.1.113730.3.8.6
  10. #
  11. # If you want to add some record types that are defined by IANA,
  12. # please define it similar to what is done for the existing ones. The
  13. # name should be {TYPE}Record, and OID should be
  14. # 1.3.6.1.4.1.2428.20.1.value. For instance the RR type LOC has value
  15. # 29, so attribute name should be LocRecord (casing shouldn't matter),
  16. # and the OID is 1.3.6.1.4.1.2428.20.1.29. If you follow this, you
  17. # know that it will be compatible with what others use, and one is
  18. # guaranteed that the OIDs are unique.
  19. # The IANA DNS record type values are available from
  20. # <URL: http://www.iana.org/assignments/dns-parameters >.
  21. #
  22. # If you define new attributes, please report them to drift@uninett.no
  23. # to get them added of this schema.
  24. #
  25. # The basic record types like A, CNAME etc are defined in the cosine
  26. # schema and not by UNINETT or FreeIPA.  This means that your LDAP server
  27. # should use the old COSINE schema (RFC 1274) plus this one to get
  28. # all the DNS attributes defined.
  29. #
  30. # Alternativelly you can use included excerpt from COSINE schema to get all
  31. # the missing attributes.
  32. #
  33. #
  34. # 389 DS requires following DN
  35. #dn: cn=schema
  36. #
  37. # OpenLDAP 2.4 requires following DN + objectClass + different attribute names
  38. # s/^attributeTypes:/olcAttributeTypes:/
  39. # s/^objectClasses:/olcObjectClasses:/
  40. dn: cn=dns,cn=schema,cn=config
  41. objectClass: olcSchemaConfig
  42. #
  43. #
  44. # COSINE schema
  45. # comment out if your server has COSINE schema installed
  46. #attributeTypes: ( 0.9.2342.19200300.100.1.26
  47. # NAME 'aRecord'
  48. # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  49. # EQUALITY caseIgnoreIA5Match )
  50. ##
  51. #attributeTypes: ( 0.9.2342.19200300.100.1.27
  52. # NAME 'mDRecord'
  53. # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  54. # EQUALITY caseIgnoreIA5Match )
  55. ##
  56. #attributeTypes: ( 0.9.2342.19200300.100.1.28
  57. # NAME 'mXRecord'
  58. # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  59. # EQUALITY caseIgnoreIA5Match )
  60. ##
  61. #attributeTypes: ( 0.9.2342.19200300.100.1.29
  62. # NAME 'nSRecord'
  63. # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  64. # EQUALITY caseIgnoreIA5Match )
  65. # CNAME record was originally defined as multi-value
  66. # but we redefined it as single-value to conform with RFC 2136, section 1.1.5.
  67. #olcAttributeTypes: ( 0.9.2342.19200300.100.1.31
  68. # NAME 'cNAMERecord'
  69. # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  70. # EQUALITY caseIgnoreIA5Match
  71. # SINGLE-VALUE )
  72. #
  73. olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.0.0
  74.  NAME 'dNSTTL'
  75.  DESC 'An integer denoting time to live'
  76.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
  77.  EQUALITY integerMatch )
  78. #
  79. #
  80. # UNINETT and FreeIPA attributes
  81. # dnsClass attribute is in fact unsupported by bind-dyndb-ldap
  82. olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.0.1
  83.  NAME 'dNSClass'
  84.  DESC 'The class of a resource record'
  85.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  86.  EQUALITY caseIgnoreIA5Match )
  87. #
  88. olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.12
  89.  NAME 'pTRRecord'
  90.  DESC 'domain name pointer, RFC 1035'
  91.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  92.  EQUALITY caseIgnoreIA5Match
  93.  SUBSTR caseIgnoreIA5SubstringsMatch )
  94. #
  95. olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.13
  96.  NAME 'hInfoRecord'
  97.  DESC 'host information, RFC 1035'
  98.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  99.  EQUALITY caseIgnoreIA5Match
  100.  SUBSTR caseIgnoreIA5SubstringsMatch )
  101. #
  102. olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.14
  103.  NAME 'mInfoRecord'
  104.  DESC 'mailbox or mail list information, RFC 1035'
  105.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  106.  EQUALITY caseIgnoreIA5Match
  107.  SUBSTR caseIgnoreIA5SubstringsMatch )
  108. #
  109. olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.16
  110.  NAME 'tXTRecord'
  111.  DESC 'text string, RFC 1035'
  112.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  113.  EQUALITY caseIgnoreIA5Match
  114.  SUBSTR caseIgnoreIA5SubstringsMatch )
  115. #
  116. olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.18
  117.  NAME 'aFSDBRecord'
  118.  DESC 'for AFS Data Base location, RFC 1183'
  119.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  120.  EQUALITY caseIgnoreIA5Match
  121.  SUBSTR caseIgnoreIA5SubstringsMatch )
  122. #
  123. olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.28
  124.  NAME 'aAAARecord'
  125.  DESC 'IPv6 address, RFC 1886'
  126.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  127.  EQUALITY caseIgnoreIA5Match
  128.  SUBSTR caseIgnoreIA5SubstringsMatch )
  129. #
  130. olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.29
  131.  NAME 'LocRecord'
  132.  DESC 'Location, RFC 1876'
  133.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  134.  EQUALITY caseIgnoreIA5Match
  135.  SUBSTR caseIgnoreIA5SubstringsMatch )
  136. #
  137. olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.30
  138.  NAME 'nXTRecord'
  139.  DESC 'non-existant, RFC 2535'
  140.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  141.  EQUALITY caseIgnoreIA5Match
  142.  SUBSTR caseIgnoreIA5SubstringsMatch )
  143. #
  144. olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.33
  145.  NAME 'sRVRecord'
  146.  DESC 'service location, RFC 2782'
  147.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  148.  EQUALITY caseIgnoreIA5Match
  149.  SUBSTR caseIgnoreIA5SubstringsMatch )
  150. #
  151. olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.35
  152.  NAME 'nAPTRRecord'
  153.  DESC 'Naming Authority Pointer, RFC 2915'
  154.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  155.  EQUALITY caseIgnoreIA5Match
  156.  SUBSTR caseIgnoreIA5SubstringsMatch )
  157. #
  158. olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.36
  159.  NAME 'kXRecord'
  160.  DESC 'Key Exchange Delegation, RFC 2230'
  161.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  162.  EQUALITY caseIgnoreIA5Match
  163.  SUBSTR caseIgnoreIA5SubstringsMatch )
  164. #
  165. olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.37
  166.  NAME 'certRecord'
  167.  DESC 'certificate, RFC 2538'
  168.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  169.  EQUALITY caseIgnoreIA5Match
  170.  SUBSTR caseIgnoreIA5SubstringsMatch )
  171. #
  172. olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.38
  173.  NAME 'a6Record'
  174.  DESC 'A6 Record Type, RFC 2874'
  175.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  176.  EQUALITY caseIgnoreIA5Match
  177.  SUBSTR caseIgnoreIA5SubstringsMatch )
  178. #
  179. olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.39
  180.  NAME 'dNameRecord'
  181.  DESC 'Non-Terminal DNS Name Redirection, RFC 6672'
  182.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  183.  EQUALITY caseIgnoreIA5Match
  184.  SUBSTR caseIgnoreIA5SubstringsMatch
  185.  SINGLE-VALUE )
  186. #
  187. olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.43
  188.  NAME 'dSRecord'
  189.  DESC 'Delegation Signer, RFC 3658'
  190.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  191.  EQUALITY caseIgnoreIA5Match
  192.  SUBSTR caseIgnoreIA5SubstringsMatch )
  193. #
  194. olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.44
  195.  NAME 'sSHFPRecord'
  196.  DESC 'SSH Key Fingerprint, draft-ietf-secsh-dns-05.txt'
  197.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  198.  EQUALITY caseIgnoreIA5Match
  199.  SUBSTR caseIgnoreIA5SubstringsMatch )
  200. #
  201. olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.51
  202.  NAME 'nSEC3PARAMRecord'
  203.  DESC 'RFC 5155'
  204.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  205.  EQUALITY caseIgnoreIA5Match
  206.  SUBSTR caseIgnoreIA5SubstringsMatch
  207.  SINGLE-VALUE )
  208. #
  209. olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.52 NAME 'TLSARecord'
  210.  DESC 'DNS-Based Authentication of Named Entities - Transport Layer Security Protocol, RFC 6698'
  211.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  212.  EQUALITY caseIgnoreIA5Match
  213.  SUBSTR caseIgnoreIA5SubstringsMatch )
  214. #
  215. olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.1.32769
  216.  NAME 'DLVRecord'
  217.  DESC 'RFC 4431: DNSSEC Lookaside Validation'
  218.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  219.  EQUALITY caseIgnoreIA5Match
  220.  SUBSTR caseIgnoreIA5SubstringsMatch )
  221. #
  222. # See https://fedorahosted.org/bind-dyndb-ldap/wiki/Design/UnknownRecord
  223. olcAttributeTypes: ( 1.3.6.1.4.1.2428.20.4
  224.  NAME 'UnknownRecord'
  225.  DESC 'unknown DNS record, RFC 3597'
  226.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  227.  EQUALITY caseIgnoreIA5Match
  228.  SUBSTR caseIgnoreIA5SubstringsMatch )
  229. #
  230. olcAttributeTypes: ( 2.16.840.1.113730.3.8.5.0
  231.  NAME 'idnsName'
  232.  DESC 'DNS FQDN'
  233.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  234.  EQUALITY caseIgnoreIA5Match
  235.  SUBSTR caseIgnoreIA5SubstringsMatch
  236.  SINGLE-VALUE )
  237. #
  238. olcAttributeTypes: ( 2.16.840.1.113730.3.8.5.1
  239.  NAME 'idnsAllowDynUpdate'
  240.  DESC 'permit dynamic updates on this zone'
  241.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
  242.  EQUALITY booleanMatch
  243.  SINGLE-VALUE )
  244. #
  245. olcAttributeTypes: ( 2.16.840.1.113730.3.8.5.2
  246.  NAME 'idnsZoneActive'
  247.  DESC 'define if the zone is considered in use'
  248.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
  249.  EQUALITY booleanMatch
  250.  SINGLE-VALUE )
  251. #
  252. olcAttributeTypes: ( 2.16.840.1.113730.3.8.5.3
  253.  NAME 'idnsSOAmName'
  254.  DESC 'SOA Name'
  255.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  256.  EQUALITY caseIgnoreIA5Match
  257.  SUBSTR caseIgnoreIA5SubstringsMatch
  258.  SINGLE-VALUE )
  259. #
  260. olcAttributeTypes: ( 2.16.840.1.113730.3.8.5.4
  261.  NAME 'idnsSOArName'
  262.  DESC 'SOA root Name'
  263.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  264.  EQUALITY caseIgnoreIA5Match
  265.  SUBSTR caseIgnoreIA5SubstringsMatch
  266.  SINGLE-VALUE )
  267. #
  268. olcAttributeTypes: ( 2.16.840.1.113730.3.8.5.5
  269.  NAME 'idnsSOAserial'
  270.  DESC 'SOA serial number'
  271.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
  272.  EQUALITY numericStringMatch
  273.  SINGLE-VALUE )
  274. #
  275. olcAttributeTypes: ( 2.16.840.1.113730.3.8.5.6
  276.  NAME 'idnsSOArefresh'
  277.  DESC 'SOA refresh value'
  278.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
  279.  EQUALITY numericStringMatch
  280.  SINGLE-VALUE )
  281. #
  282. olcAttributeTypes: ( 2.16.840.1.113730.3.8.5.7
  283.  NAME 'idnsSOAretry'
  284.  DESC 'SOA retry value'
  285.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
  286.  EQUALITY numericStringMatch
  287.  SINGLE-VALUE )
  288. #
  289. olcAttributeTypes: ( 2.16.840.1.113730.3.8.5.8
  290.  NAME 'idnsSOAexpire'
  291.  DESC 'SOA expire value'
  292.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
  293.  EQUALITY numericStringMatch
  294.  SINGLE-VALUE )
  295. #
  296. olcAttributeTypes: ( 2.16.840.1.113730.3.8.5.9
  297.  NAME 'idnsSOAminimum'
  298.  DESC 'SOA minimum value'
  299.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.36
  300.  EQUALITY numericStringMatch
  301.  SINGLE-VALUE )
  302. #
  303. olcAttributeTypes: ( 2.16.840.1.113730.3.8.5.10
  304.  NAME 'idnsUpdatePolicy'
  305.  DESC 'DNS dynamic updates policy'
  306.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  307.  EQUALITY caseIgnoreIA5Match
  308.  SUBSTR caseIgnoreIA5SubstringsMatch
  309.  SINGLE-VALUE )
  310. #
  311. olcAttributeTypes: ( 2.16.840.1.113730.3.8.5.11
  312.  NAME 'idnsAllowQuery'
  313.  DESC 'BIND9 allow-query ACL element'
  314.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  315.  EQUALITY caseIgnoreIA5Match
  316.  SINGLE-VALUE )
  317. #
  318. olcAttributeTypes: ( 2.16.840.1.113730.3.8.5.12
  319.  NAME 'idnsAllowTransfer'
  320.  DESC 'BIND9 allow-transfer ACL element'
  321.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  322.  EQUALITY caseIgnoreIA5Match
  323.  SINGLE-VALUE )
  324. #
  325. olcAttributeTypes: ( 2.16.840.1.113730.3.8.5.13
  326.  NAME 'idnsAllowSyncPTR'
  327.  DESC 'permit synchronization of PTR records'
  328.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
  329.  EQUALITY booleanMatch
  330.  SINGLE-VALUE )
  331. #
  332. olcAttributeTypes: ( 2.16.840.1.113730.3.8.5.14
  333.  NAME 'idnsForwardPolicy'
  334.  DESC 'forward policy: only or first'
  335.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  336.  EQUALITY caseIgnoreIA5Match
  337.  SUBSTR caseIgnoreIA5SubstringsMatch
  338.  SINGLE-VALUE )
  339. #
  340. olcAttributeTypes: ( 2.16.840.1.113730.3.8.5.15
  341.  NAME 'idnsForwarders'
  342.  DESC 'list of forwarders'
  343.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
  344.  EQUALITY caseIgnoreIA5Match
  345.  SUBSTR caseIgnoreIA5SubstringsMatch )
  346. #
  347. olcAttributeTypes: ( 2.16.840.1.113730.3.8.5.18
  348.  NAME 'idnsSecInlineSigning'
  349.  DESC 'DNSSEC in-line signing'
  350.  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
  351.  EQUALITY booleanMatch
  352.  SINGLE-VALUE )
  353. #
  354. olcObjectClasses: ( 2.16.840.1.113730.3.8.6.0
  355.  NAME 'idnsRecord'
  356.  DESC 'dns Record, usually a host'
  357.  SUP top
  358.  STRUCTURAL
  359.  MUST idnsName
  360.  MAY ( cn $ idnsAllowDynUpdate $ DNSTTL $ DNSClass $ ARecord $
  361.        AAAARecord $ A6Record $ NSRecord $ CNAMERecord $ PTRRecord $
  362.        SRVRecord $ TXTRecord $ MXRecord $ MDRecord $ HINFORecord $
  363.        MINFORecord $ AFSDBRecord $ LOCRecord $
  364.        NXTRecord $ NAPTRRecord $ KXRecord $ CERTRecord $ DNAMERecord $
  365.        DSRecord $ SSHFPRecord $ DLVRecord $ TLSARecord $ UnknownRecord
  366.      ) )
  367. #
  368. olcObjectClasses: ( 2.16.840.1.113730.3.8.6.1
  369.  NAME 'idnsZone'
  370.  DESC 'Zone class'
  371.  SUP idnsRecord
  372.  STRUCTURAL
  373.  MUST ( idnsName $ idnsZoneActive $ idnsSOAmName $ idnsSOArName $
  374.         idnsSOAserial $ idnsSOArefresh $ idnsSOAretry $ idnsSOAexpire $
  375.         idnsSOAminimum
  376.       )
  377.  MAY ( idnsUpdatePolicy $ idnsAllowQuery $ idnsAllowTransfer $
  378.        idnsAllowSyncPTR $ idnsForwardPolicy $ idnsForwarders $
  379.        idnsSecInlineSigning $ nSEC3PARAMRecord
  380.      ) )
  381. #
  382. olcObjectClasses: ( 2.16.840.1.113730.3.8.6.2
  383.  NAME 'idnsConfigObject'
  384.  DESC 'DNS global config options'
  385.  STRUCTURAL
  386.  MAY ( idnsForwardPolicy $ idnsForwarders $ idnsAllowSyncPTR ) )
  387. #
  388. olcObjectClasses: ( 2.16.840.1.113730.3.8.6.3
  389.  NAME 'idnsForwardZone'
  390.  DESC 'Forward Zone class'
  391.  SUP top
  392.  STRUCTURAL
  393.  MUST ( idnsName $ idnsZoneActive )
  394.  MAY ( idnsForwarders $ idnsForwardPolicy ) )
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement
Public Pastes
Advertisement
We use cookies for various purposes including analytics. By continuing to use Pastebin, you agree to our use of cookies as described in the Cookies Policy.  OK, I Understand
Not a member of Pastebin yet?
Sign Up, it unlocks many cool features!