mirror of
https://github.com/YunoHost/moulinette.git
synced 2024-09-03 20:06:31 +02:00
More cleaning up, test fixing
This commit is contained in:
parent
9b3bb1362c
commit
d0c569eead
23 changed files with 119 additions and 4300 deletions
|
@ -484,8 +484,11 @@ class ActionsMap(object):
|
||||||
mod = import_module(auth_module)
|
mod = import_module(auth_module)
|
||||||
except ImportError as e:
|
except ImportError as e:
|
||||||
import traceback
|
import traceback
|
||||||
|
|
||||||
traceback.print_exc()
|
traceback.print_exc()
|
||||||
raise MoulinetteError(f"unable to load authenticator {auth_module} : {e}", raw_msg=True)
|
raise MoulinetteError(
|
||||||
|
f"unable to load authenticator {auth_module} : {e}", raw_msg=True
|
||||||
|
)
|
||||||
else:
|
else:
|
||||||
return mod.Authenticator()
|
return mod.Authenticator()
|
||||||
|
|
||||||
|
@ -699,16 +702,20 @@ class ActionsMap(object):
|
||||||
|
|
||||||
if _global:
|
if _global:
|
||||||
if getattr(self, "main_namespace", None) is not None:
|
if getattr(self, "main_namespace", None) is not None:
|
||||||
raise MoulinetteError("It's not possible to have several namespaces with a _global section")
|
raise MoulinetteError(
|
||||||
|
"It is not possible to have several namespaces with a _global section"
|
||||||
|
)
|
||||||
else:
|
else:
|
||||||
self.main_namespace = namespace
|
self.main_namespace = namespace
|
||||||
self.default_authentication = _global["authentication"][interface_type]
|
self.default_authentication = _global["authentication"][
|
||||||
|
interface_type
|
||||||
|
]
|
||||||
|
|
||||||
if top_parser.has_global_parser():
|
if top_parser.has_global_parser():
|
||||||
top_parser.add_global_arguments(_global["arguments"])
|
top_parser.add_global_arguments(_global["arguments"])
|
||||||
|
|
||||||
if not hasattr(self, "main_namespace"):
|
if not hasattr(self, "main_namespace"):
|
||||||
raise MoulinetteError("Did not found the main namespace")
|
raise MoulinetteError("Did not found the main namespace", raw_msg=True)
|
||||||
|
|
||||||
for namespace, actionsmap in actionsmaps.items():
|
for namespace, actionsmap in actionsmaps.items():
|
||||||
# category_name is stuff like "user", "domain", "hooks"...
|
# category_name is stuff like "user", "domain", "hooks"...
|
||||||
|
@ -792,7 +799,9 @@ class ActionsMap(object):
|
||||||
|
|
||||||
action_parser.authentication = self.default_authentication
|
action_parser.authentication = self.default_authentication
|
||||||
if interface_type in authentication:
|
if interface_type in authentication:
|
||||||
action_parser.authentication = authentication[interface_type]
|
action_parser.authentication = authentication[
|
||||||
|
interface_type
|
||||||
|
]
|
||||||
|
|
||||||
logger.debug("building parser took %.3fs", time() - start)
|
logger.debug("building parser took %.3fs", time() - start)
|
||||||
return top_parser
|
return top_parser
|
||||||
|
|
|
@ -253,7 +253,9 @@ class _ActionsMapPlugin(object):
|
||||||
except KeyError:
|
except KeyError:
|
||||||
raise HTTPResponse("Missing password parameter", 400)
|
raise HTTPResponse("Missing password parameter", 400)
|
||||||
|
|
||||||
kwargs["profile"] = request.POST.get("profile", self.actionsmap.default_authentication)
|
kwargs["profile"] = request.POST.get(
|
||||||
|
"profile", self.actionsmap.default_authentication
|
||||||
|
)
|
||||||
return callback(**kwargs)
|
return callback(**kwargs)
|
||||||
|
|
||||||
return wrapper
|
return wrapper
|
||||||
|
@ -262,7 +264,9 @@ class _ActionsMapPlugin(object):
|
||||||
def _logout(callback):
|
def _logout(callback):
|
||||||
def wrapper():
|
def wrapper():
|
||||||
kwargs = {}
|
kwargs = {}
|
||||||
kwargs["profile"] = request.POST.get("profile", self.actionsmap.default_authentication)
|
kwargs["profile"] = request.POST.get(
|
||||||
|
"profile", self.actionsmap.default_authentication
|
||||||
|
)
|
||||||
return callback(**kwargs)
|
return callback(**kwargs)
|
||||||
|
|
||||||
return wrapper
|
return wrapper
|
||||||
|
|
|
@ -356,7 +356,7 @@ class ActionsMapParser(BaseActionsMapParser):
|
||||||
type_="subcategory",
|
type_="subcategory",
|
||||||
description=subcategory_help,
|
description=subcategory_help,
|
||||||
help=subcategory_help,
|
help=subcategory_help,
|
||||||
**kwargs
|
**kwargs,
|
||||||
)
|
)
|
||||||
return self.__class__(self, parser, {"title": "actions", "required": True})
|
return self.__class__(self, parser, {"title": "actions", "required": True})
|
||||||
|
|
||||||
|
@ -367,7 +367,7 @@ class ActionsMapParser(BaseActionsMapParser):
|
||||||
action_help=None,
|
action_help=None,
|
||||||
deprecated=False,
|
deprecated=False,
|
||||||
deprecated_alias=[],
|
deprecated_alias=[],
|
||||||
**kwargs
|
**kwargs,
|
||||||
):
|
):
|
||||||
"""Add a parser for an action
|
"""Add a parser for an action
|
||||||
|
|
||||||
|
|
|
@ -107,41 +107,6 @@ def read_toml(file_path):
|
||||||
return loaded_toml
|
return loaded_toml
|
||||||
|
|
||||||
|
|
||||||
def read_ldif(file_path, filtred_entries=[]):
|
|
||||||
"""
|
|
||||||
Safely read a LDIF file and create struct in the same style than
|
|
||||||
what return the auth objet with the seach method
|
|
||||||
The main difference with the auth object is that this function return a 2-tuples
|
|
||||||
with the "dn" and the LDAP entry.
|
|
||||||
|
|
||||||
Keyword argument:
|
|
||||||
file_path -- Path to the ldif file
|
|
||||||
filtred_entries -- The entries to don't include in the result
|
|
||||||
"""
|
|
||||||
from ldif import LDIFRecordList
|
|
||||||
|
|
||||||
class LDIFPar(LDIFRecordList):
|
|
||||||
def handle(self, dn, entry):
|
|
||||||
for e in filtred_entries:
|
|
||||||
if e in entry:
|
|
||||||
entry.pop(e)
|
|
||||||
self.all_records.append((dn, entry))
|
|
||||||
|
|
||||||
# Open file and read content
|
|
||||||
try:
|
|
||||||
with open(file_path, "r") as f:
|
|
||||||
parser = LDIFPar(f)
|
|
||||||
parser.parse()
|
|
||||||
except IOError as e:
|
|
||||||
raise MoulinetteError("cannot_open_file", file=file_path, error=str(e))
|
|
||||||
except Exception as e:
|
|
||||||
raise MoulinetteError(
|
|
||||||
"unknown_error_reading_file", file=file_path, error=str(e)
|
|
||||||
)
|
|
||||||
|
|
||||||
return parser.all_records
|
|
||||||
|
|
||||||
|
|
||||||
def write_to_file(file_path, data, file_mode="w"):
|
def write_to_file(file_path, data, file_mode="w"):
|
||||||
"""
|
"""
|
||||||
Write a single string or a list of string to a text file.
|
Write a single string or a list of string to a text file.
|
||||||
|
|
1
setup.py
1
setup.py
|
@ -23,7 +23,6 @@ install_deps = [
|
||||||
'pytz',
|
'pytz',
|
||||||
'pyyaml',
|
'pyyaml',
|
||||||
'toml',
|
'toml',
|
||||||
'python-ldap',
|
|
||||||
'gevent-websocket',
|
'gevent-websocket',
|
||||||
'bottle',
|
'bottle',
|
||||||
]
|
]
|
||||||
|
|
|
@ -5,17 +5,7 @@
|
||||||
_global:
|
_global:
|
||||||
authentication:
|
authentication:
|
||||||
api: dummy
|
api: dummy
|
||||||
cli: null
|
cli: dummy
|
||||||
configuration:
|
|
||||||
authenticate:
|
|
||||||
- all
|
|
||||||
authenticator:
|
|
||||||
default:
|
|
||||||
vendor: dummy
|
|
||||||
help: Dummy Password
|
|
||||||
yoloswag:
|
|
||||||
vendor: dummy
|
|
||||||
help: Dummy Yoloswag Password
|
|
||||||
arguments:
|
arguments:
|
||||||
-v:
|
-v:
|
||||||
full: --version
|
full: --version
|
||||||
|
|
|
@ -180,25 +180,6 @@ def test_toml(tmp_path):
|
||||||
return test_file
|
return test_file
|
||||||
|
|
||||||
|
|
||||||
@pytest.fixture
|
|
||||||
def test_ldif(tmp_path):
|
|
||||||
test_file = tmp_path / "test.txt"
|
|
||||||
from ldif import LDIFWriter
|
|
||||||
|
|
||||||
writer = LDIFWriter(open(str(test_file), "w"))
|
|
||||||
|
|
||||||
writer.unparse(
|
|
||||||
"mail=alice@example.com",
|
|
||||||
{
|
|
||||||
"cn": ["Alice Alison".encode("utf-8")],
|
|
||||||
"mail": ["alice@example.com".encode("utf-8")],
|
|
||||||
"objectclass": ["top".encode("utf-8"), "person".encode("utf-8")],
|
|
||||||
},
|
|
||||||
)
|
|
||||||
|
|
||||||
return test_file
|
|
||||||
|
|
||||||
|
|
||||||
@pytest.fixture
|
@pytest.fixture
|
||||||
def user():
|
def user():
|
||||||
return os.getlogin()
|
return os.getlogin()
|
||||||
|
|
|
@ -1,84 +0,0 @@
|
||||||
parents:
|
|
||||||
ou=users:
|
|
||||||
ou: users
|
|
||||||
objectClass:
|
|
||||||
- organizationalUnit
|
|
||||||
- top
|
|
||||||
|
|
||||||
ou=domains:
|
|
||||||
ou: domains
|
|
||||||
objectClass:
|
|
||||||
- organizationalUnit
|
|
||||||
- top
|
|
||||||
|
|
||||||
ou=apps:
|
|
||||||
ou: apps
|
|
||||||
objectClass:
|
|
||||||
- organizationalUnit
|
|
||||||
- top
|
|
||||||
|
|
||||||
ou=permission:
|
|
||||||
ou: permission
|
|
||||||
objectClass:
|
|
||||||
- organizationalUnit
|
|
||||||
- top
|
|
||||||
|
|
||||||
ou=groups:
|
|
||||||
ou: groups
|
|
||||||
objectClass:
|
|
||||||
- organizationalUnit
|
|
||||||
- top
|
|
||||||
|
|
||||||
ou=sudo:
|
|
||||||
ou: sudo
|
|
||||||
objectClass:
|
|
||||||
- organizationalUnit
|
|
||||||
- top
|
|
||||||
|
|
||||||
children:
|
|
||||||
cn=admin,ou=sudo:
|
|
||||||
cn: admin
|
|
||||||
sudoUser: admin
|
|
||||||
sudoHost: ALL
|
|
||||||
sudoCommand: ALL
|
|
||||||
sudoOption: "!authenticate"
|
|
||||||
objectClass:
|
|
||||||
- sudoRole
|
|
||||||
- top
|
|
||||||
cn=admins,ou=groups:
|
|
||||||
cn: admins
|
|
||||||
gidNumber: "4001"
|
|
||||||
memberUid: admin
|
|
||||||
objectClass:
|
|
||||||
- posixGroup
|
|
||||||
- top
|
|
||||||
cn=all_users,ou=groups:
|
|
||||||
cn: all_users
|
|
||||||
gidNumber: "4002"
|
|
||||||
objectClass:
|
|
||||||
- posixGroup
|
|
||||||
- groupOfNamesYnh
|
|
||||||
cn=visitors,ou=groups:
|
|
||||||
cn: visitors
|
|
||||||
gidNumber: "4003"
|
|
||||||
objectClass:
|
|
||||||
- posixGroup
|
|
||||||
- groupOfNamesYnh
|
|
||||||
|
|
||||||
depends_children:
|
|
||||||
cn=mail.main,ou=permission:
|
|
||||||
cn: mail.main
|
|
||||||
gidNumber: "5001"
|
|
||||||
objectClass:
|
|
||||||
- posixGroup
|
|
||||||
- permissionYnh
|
|
||||||
groupPermission:
|
|
||||||
- "cn=all_users,ou=groups,dc=yunohost,dc=org"
|
|
||||||
cn=xmpp.main,ou=permission:
|
|
||||||
cn: xmpp.main
|
|
||||||
gidNumber: "5002"
|
|
||||||
objectClass:
|
|
||||||
- posixGroup
|
|
||||||
- permissionYnh
|
|
||||||
groupPermission:
|
|
||||||
- "cn=all_users,ou=groups,dc=yunohost,dc=org"
|
|
|
@ -1,610 +0,0 @@
|
||||||
# OpenLDAP Core schema
|
|
||||||
# $OpenLDAP$
|
|
||||||
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
|
|
||||||
##
|
|
||||||
## Copyright 1998-2019 The OpenLDAP Foundation.
|
|
||||||
## All rights reserved.
|
|
||||||
##
|
|
||||||
## Redistribution and use in source and binary forms, with or without
|
|
||||||
## modification, are permitted only as authorized by the OpenLDAP
|
|
||||||
## Public License.
|
|
||||||
##
|
|
||||||
## A copy of this license is available in the file LICENSE in the
|
|
||||||
## top-level directory of the distribution or, alternatively, at
|
|
||||||
## <http://www.OpenLDAP.org/license.html>.
|
|
||||||
#
|
|
||||||
## Portions Copyright (C) The Internet Society (1997-2006).
|
|
||||||
## All Rights Reserved.
|
|
||||||
##
|
|
||||||
## This document and translations of it may be copied and furnished to
|
|
||||||
## others, and derivative works that comment on or otherwise explain it
|
|
||||||
## or assist in its implementation may be prepared, copied, published
|
|
||||||
## and distributed, in whole or in part, without restriction of any
|
|
||||||
## kind, provided that the above copyright notice and this paragraph are
|
|
||||||
## included on all such copies and derivative works. However, this
|
|
||||||
## document itself may not be modified in any way, such as by removing
|
|
||||||
## the copyright notice or references to the Internet Society or other
|
|
||||||
## Internet organizations, except as needed for the purpose of
|
|
||||||
## developing Internet standards in which case the procedures for
|
|
||||||
## copyrights defined in the Internet Standards process must be
|
|
||||||
## followed, or as required to translate it into languages other than
|
|
||||||
## English.
|
|
||||||
##
|
|
||||||
## The limited permissions granted above are perpetual and will not be
|
|
||||||
## revoked by the Internet Society or its successors or assigns.
|
|
||||||
##
|
|
||||||
## This document and the information contained herein is provided on an
|
|
||||||
## "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING
|
|
||||||
## TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING
|
|
||||||
## BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION
|
|
||||||
## HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF
|
|
||||||
## MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
|
|
||||||
|
|
||||||
#
|
|
||||||
#
|
|
||||||
# Includes LDAPv3 schema items from:
|
|
||||||
# RFC 2252/2256 (LDAPv3)
|
|
||||||
#
|
|
||||||
# Select standard track schema items:
|
|
||||||
# RFC 1274 (uid/dc)
|
|
||||||
# RFC 2079 (URI)
|
|
||||||
# RFC 2247 (dc/dcObject)
|
|
||||||
# RFC 2587 (PKI)
|
|
||||||
# RFC 2589 (Dynamic Directory Services)
|
|
||||||
# RFC 4524 (associatedDomain)
|
|
||||||
#
|
|
||||||
# Select informational schema items:
|
|
||||||
# RFC 2377 (uidObject)
|
|
||||||
|
|
||||||
#
|
|
||||||
# Standard attribute types from RFC 2256
|
|
||||||
#
|
|
||||||
|
|
||||||
# system schema
|
|
||||||
#attributetype ( 2.5.4.0 NAME 'objectClass'
|
|
||||||
# DESC 'RFC2256: object classes of the entity'
|
|
||||||
# EQUALITY objectIdentifierMatch
|
|
||||||
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
|
|
||||||
|
|
||||||
# system schema
|
|
||||||
#attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
|
|
||||||
# DESC 'RFC2256: name of aliased object'
|
|
||||||
# EQUALITY distinguishedNameMatch
|
|
||||||
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.2 NAME 'knowledgeInformation'
|
|
||||||
DESC 'RFC2256: knowledge information'
|
|
||||||
EQUALITY caseIgnoreMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
|
|
||||||
|
|
||||||
# system schema
|
|
||||||
#attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' )
|
|
||||||
# DESC 'RFC2256: common name(s) for which the entity is known by'
|
|
||||||
# SUP name )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' )
|
|
||||||
DESC 'RFC2256: last (family) name(s) for which the entity is known by'
|
|
||||||
SUP name )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.5 NAME 'serialNumber'
|
|
||||||
DESC 'RFC2256: serial number of the entity'
|
|
||||||
EQUALITY caseIgnoreMatch
|
|
||||||
SUBSTR caseIgnoreSubstringsMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
|
|
||||||
|
|
||||||
# RFC 4519 definition ('countryName' in X.500 and RFC2256)
|
|
||||||
attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
|
|
||||||
DESC 'RFC4519: two-letter ISO-3166 country code'
|
|
||||||
SUP name
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.11
|
|
||||||
SINGLE-VALUE )
|
|
||||||
|
|
||||||
#attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
|
|
||||||
# DESC 'RFC2256: ISO-3166 country 2-letter code'
|
|
||||||
# SUP name SINGLE-VALUE )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' )
|
|
||||||
DESC 'RFC2256: locality which this object resides in'
|
|
||||||
SUP name )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )
|
|
||||||
DESC 'RFC2256: state or province which this object resides in'
|
|
||||||
SUP name )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' )
|
|
||||||
DESC 'RFC2256: street address of this object'
|
|
||||||
EQUALITY caseIgnoreMatch
|
|
||||||
SUBSTR caseIgnoreSubstringsMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' )
|
|
||||||
DESC 'RFC2256: organization this object belongs to'
|
|
||||||
SUP name )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
|
|
||||||
DESC 'RFC2256: organizational unit this object belongs to'
|
|
||||||
SUP name )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.12 NAME 'title'
|
|
||||||
DESC 'RFC2256: title associated with the entity'
|
|
||||||
SUP name )
|
|
||||||
|
|
||||||
# system schema
|
|
||||||
#attributetype ( 2.5.4.13 NAME 'description'
|
|
||||||
# DESC 'RFC2256: descriptive information'
|
|
||||||
# EQUALITY caseIgnoreMatch
|
|
||||||
# SUBSTR caseIgnoreSubstringsMatch
|
|
||||||
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
|
|
||||||
|
|
||||||
# Deprecated by enhancedSearchGuide
|
|
||||||
attributetype ( 2.5.4.14 NAME 'searchGuide'
|
|
||||||
DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide'
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.15 NAME 'businessCategory'
|
|
||||||
DESC 'RFC2256: business category'
|
|
||||||
EQUALITY caseIgnoreMatch
|
|
||||||
SUBSTR caseIgnoreSubstringsMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.16 NAME 'postalAddress'
|
|
||||||
DESC 'RFC2256: postal address'
|
|
||||||
EQUALITY caseIgnoreListMatch
|
|
||||||
SUBSTR caseIgnoreListSubstringsMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.17 NAME 'postalCode'
|
|
||||||
DESC 'RFC2256: postal code'
|
|
||||||
EQUALITY caseIgnoreMatch
|
|
||||||
SUBSTR caseIgnoreSubstringsMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.18 NAME 'postOfficeBox'
|
|
||||||
DESC 'RFC2256: Post Office Box'
|
|
||||||
EQUALITY caseIgnoreMatch
|
|
||||||
SUBSTR caseIgnoreSubstringsMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
|
|
||||||
DESC 'RFC2256: Physical Delivery Office Name'
|
|
||||||
EQUALITY caseIgnoreMatch
|
|
||||||
SUBSTR caseIgnoreSubstringsMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.20 NAME 'telephoneNumber'
|
|
||||||
DESC 'RFC2256: Telephone Number'
|
|
||||||
EQUALITY telephoneNumberMatch
|
|
||||||
SUBSTR telephoneNumberSubstringsMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.21 NAME 'telexNumber'
|
|
||||||
DESC 'RFC2256: Telex Number'
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
|
|
||||||
DESC 'RFC2256: Teletex Terminal Identifier'
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
|
|
||||||
DESC 'RFC2256: Facsimile (Fax) Telephone Number'
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.24 NAME 'x121Address'
|
|
||||||
DESC 'RFC2256: X.121 Address'
|
|
||||||
EQUALITY numericStringMatch
|
|
||||||
SUBSTR numericStringSubstringsMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber'
|
|
||||||
DESC 'RFC2256: international ISDN number'
|
|
||||||
EQUALITY numericStringMatch
|
|
||||||
SUBSTR numericStringSubstringsMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.26 NAME 'registeredAddress'
|
|
||||||
DESC 'RFC2256: registered postal address'
|
|
||||||
SUP postalAddress
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.27 NAME 'destinationIndicator'
|
|
||||||
DESC 'RFC2256: destination indicator'
|
|
||||||
EQUALITY caseIgnoreMatch
|
|
||||||
SUBSTR caseIgnoreSubstringsMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod'
|
|
||||||
DESC 'RFC2256: preferred delivery method'
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
|
|
||||||
SINGLE-VALUE )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.29 NAME 'presentationAddress'
|
|
||||||
DESC 'RFC2256: presentation address'
|
|
||||||
EQUALITY presentationAddressMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
|
|
||||||
SINGLE-VALUE )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.30 NAME 'supportedApplicationContext'
|
|
||||||
DESC 'RFC2256: supported application context'
|
|
||||||
EQUALITY objectIdentifierMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.31 NAME 'member'
|
|
||||||
DESC 'RFC2256: member of a group'
|
|
||||||
SUP distinguishedName )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.32 NAME 'owner'
|
|
||||||
DESC 'RFC2256: owner (of the object)'
|
|
||||||
SUP distinguishedName )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.33 NAME 'roleOccupant'
|
|
||||||
DESC 'RFC2256: occupant of role'
|
|
||||||
SUP distinguishedName )
|
|
||||||
|
|
||||||
# system schema
|
|
||||||
#attributetype ( 2.5.4.34 NAME 'seeAlso'
|
|
||||||
# DESC 'RFC2256: DN of related object'
|
|
||||||
# SUP distinguishedName )
|
|
||||||
|
|
||||||
# system schema
|
|
||||||
#attributetype ( 2.5.4.35 NAME 'userPassword'
|
|
||||||
# DESC 'RFC2256/2307: password of user'
|
|
||||||
# EQUALITY octetStringMatch
|
|
||||||
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
|
|
||||||
|
|
||||||
# Must be transferred using ;binary
|
|
||||||
# with certificateExactMatch rule (per X.509)
|
|
||||||
attributetype ( 2.5.4.36 NAME 'userCertificate'
|
|
||||||
DESC 'RFC2256: X.509 user certificate, use ;binary'
|
|
||||||
EQUALITY certificateExactMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
|
|
||||||
|
|
||||||
# Must be transferred using ;binary
|
|
||||||
# with certificateExactMatch rule (per X.509)
|
|
||||||
attributetype ( 2.5.4.37 NAME 'cACertificate'
|
|
||||||
DESC 'RFC2256: X.509 CA certificate, use ;binary'
|
|
||||||
EQUALITY certificateExactMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
|
|
||||||
|
|
||||||
# Must be transferred using ;binary
|
|
||||||
attributetype ( 2.5.4.38 NAME 'authorityRevocationList'
|
|
||||||
DESC 'RFC2256: X.509 authority revocation list, use ;binary'
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
|
|
||||||
|
|
||||||
# Must be transferred using ;binary
|
|
||||||
attributetype ( 2.5.4.39 NAME 'certificateRevocationList'
|
|
||||||
DESC 'RFC2256: X.509 certificate revocation list, use ;binary'
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
|
|
||||||
|
|
||||||
# Must be stored and requested in the binary form
|
|
||||||
attributetype ( 2.5.4.40 NAME 'crossCertificatePair'
|
|
||||||
DESC 'RFC2256: X.509 cross certificate pair, use ;binary'
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
|
|
||||||
|
|
||||||
# system schema
|
|
||||||
#attributetype ( 2.5.4.41 NAME 'name'
|
|
||||||
# EQUALITY caseIgnoreMatch
|
|
||||||
# SUBSTR caseIgnoreSubstringsMatch
|
|
||||||
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' )
|
|
||||||
DESC 'RFC2256: first name(s) for which the entity is known by'
|
|
||||||
SUP name )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.43 NAME 'initials'
|
|
||||||
DESC 'RFC2256: initials of some or all of names, but not the surname(s).'
|
|
||||||
SUP name )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.44 NAME 'generationQualifier'
|
|
||||||
DESC 'RFC2256: name qualifier indicating a generation'
|
|
||||||
SUP name )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier'
|
|
||||||
DESC 'RFC2256: X.500 unique identifier'
|
|
||||||
EQUALITY bitStringMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.46 NAME 'dnQualifier'
|
|
||||||
DESC 'RFC2256: DN qualifier'
|
|
||||||
EQUALITY caseIgnoreMatch
|
|
||||||
ORDERING caseIgnoreOrderingMatch
|
|
||||||
SUBSTR caseIgnoreSubstringsMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide'
|
|
||||||
DESC 'RFC2256: enhanced search guide'
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.48 NAME 'protocolInformation'
|
|
||||||
DESC 'RFC2256: protocol information'
|
|
||||||
EQUALITY protocolInformationMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
|
|
||||||
|
|
||||||
# system schema
|
|
||||||
#attributetype ( 2.5.4.49 NAME 'distinguishedName'
|
|
||||||
# EQUALITY distinguishedNameMatch
|
|
||||||
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.50 NAME 'uniqueMember'
|
|
||||||
DESC 'RFC2256: unique member of a group'
|
|
||||||
EQUALITY uniqueMemberMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.51 NAME 'houseIdentifier'
|
|
||||||
DESC 'RFC2256: house identifier'
|
|
||||||
EQUALITY caseIgnoreMatch
|
|
||||||
SUBSTR caseIgnoreSubstringsMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
|
|
||||||
|
|
||||||
# Must be transferred using ;binary
|
|
||||||
attributetype ( 2.5.4.52 NAME 'supportedAlgorithms'
|
|
||||||
DESC 'RFC2256: supported algorithms'
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
|
|
||||||
|
|
||||||
# Must be transferred using ;binary
|
|
||||||
attributetype ( 2.5.4.53 NAME 'deltaRevocationList'
|
|
||||||
DESC 'RFC2256: delta revocation list; use ;binary'
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.54 NAME 'dmdName'
|
|
||||||
DESC 'RFC2256: name of DMD'
|
|
||||||
SUP name )
|
|
||||||
|
|
||||||
attributetype ( 2.5.4.65 NAME 'pseudonym'
|
|
||||||
DESC 'X.520(4th): pseudonym for the object'
|
|
||||||
SUP name )
|
|
||||||
|
|
||||||
# Standard object classes from RFC2256
|
|
||||||
|
|
||||||
# system schema
|
|
||||||
#objectclass ( 2.5.6.0 NAME 'top'
|
|
||||||
# DESC 'RFC2256: top of the superclass chain'
|
|
||||||
# ABSTRACT
|
|
||||||
# MUST objectClass )
|
|
||||||
|
|
||||||
# system schema
|
|
||||||
#objectclass ( 2.5.6.1 NAME 'alias'
|
|
||||||
# DESC 'RFC2256: an alias'
|
|
||||||
# SUP top STRUCTURAL
|
|
||||||
# MUST aliasedObjectName )
|
|
||||||
|
|
||||||
objectclass ( 2.5.6.2 NAME 'country'
|
|
||||||
DESC 'RFC2256: a country'
|
|
||||||
SUP top STRUCTURAL
|
|
||||||
MUST c
|
|
||||||
MAY ( searchGuide $ description ) )
|
|
||||||
|
|
||||||
objectclass ( 2.5.6.3 NAME 'locality'
|
|
||||||
DESC 'RFC2256: a locality'
|
|
||||||
SUP top STRUCTURAL
|
|
||||||
MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
|
|
||||||
|
|
||||||
objectclass ( 2.5.6.4 NAME 'organization'
|
|
||||||
DESC 'RFC2256: an organization'
|
|
||||||
SUP top STRUCTURAL
|
|
||||||
MUST o
|
|
||||||
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
|
|
||||||
x121Address $ registeredAddress $ destinationIndicator $
|
|
||||||
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
|
|
||||||
telephoneNumber $ internationaliSDNNumber $
|
|
||||||
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
|
|
||||||
postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
|
|
||||||
|
|
||||||
objectclass ( 2.5.6.5 NAME 'organizationalUnit'
|
|
||||||
DESC 'RFC2256: an organizational unit'
|
|
||||||
SUP top STRUCTURAL
|
|
||||||
MUST ou
|
|
||||||
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
|
|
||||||
x121Address $ registeredAddress $ destinationIndicator $
|
|
||||||
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
|
|
||||||
telephoneNumber $ internationaliSDNNumber $
|
|
||||||
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
|
|
||||||
postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
|
|
||||||
|
|
||||||
objectclass ( 2.5.6.6 NAME 'person'
|
|
||||||
DESC 'RFC2256: a person'
|
|
||||||
SUP top STRUCTURAL
|
|
||||||
MUST ( sn $ cn )
|
|
||||||
MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
|
|
||||||
|
|
||||||
objectclass ( 2.5.6.7 NAME 'organizationalPerson'
|
|
||||||
DESC 'RFC2256: an organizational person'
|
|
||||||
SUP person STRUCTURAL
|
|
||||||
MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
|
|
||||||
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
|
|
||||||
telephoneNumber $ internationaliSDNNumber $
|
|
||||||
facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $
|
|
||||||
postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
|
|
||||||
|
|
||||||
objectclass ( 2.5.6.8 NAME 'organizationalRole'
|
|
||||||
DESC 'RFC2256: an organizational role'
|
|
||||||
SUP top STRUCTURAL
|
|
||||||
MUST cn
|
|
||||||
MAY ( x121Address $ registeredAddress $ destinationIndicator $
|
|
||||||
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
|
|
||||||
telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
|
|
||||||
seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
|
|
||||||
postOfficeBox $ postalCode $ postalAddress $
|
|
||||||
physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
|
|
||||||
|
|
||||||
objectclass ( 2.5.6.9 NAME 'groupOfNames'
|
|
||||||
DESC 'RFC2256: a group of names (DNs)'
|
|
||||||
SUP top STRUCTURAL
|
|
||||||
MUST ( member $ cn )
|
|
||||||
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
|
|
||||||
|
|
||||||
objectclass ( 2.5.6.10 NAME 'residentialPerson'
|
|
||||||
DESC 'RFC2256: an residential person'
|
|
||||||
SUP person STRUCTURAL
|
|
||||||
MUST l
|
|
||||||
MAY ( businessCategory $ x121Address $ registeredAddress $
|
|
||||||
destinationIndicator $ preferredDeliveryMethod $ telexNumber $
|
|
||||||
teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $
|
|
||||||
facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
|
|
||||||
postOfficeBox $ postalCode $ postalAddress $
|
|
||||||
physicalDeliveryOfficeName $ st $ l ) )
|
|
||||||
|
|
||||||
objectclass ( 2.5.6.11 NAME 'applicationProcess'
|
|
||||||
DESC 'RFC2256: an application process'
|
|
||||||
SUP top STRUCTURAL
|
|
||||||
MUST cn
|
|
||||||
MAY ( seeAlso $ ou $ l $ description ) )
|
|
||||||
|
|
||||||
objectclass ( 2.5.6.12 NAME 'applicationEntity'
|
|
||||||
DESC 'RFC2256: an application entity'
|
|
||||||
SUP top STRUCTURAL
|
|
||||||
MUST ( presentationAddress $ cn )
|
|
||||||
MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
|
|
||||||
description ) )
|
|
||||||
|
|
||||||
objectclass ( 2.5.6.13 NAME 'dSA'
|
|
||||||
DESC 'RFC2256: a directory system agent (a server)'
|
|
||||||
SUP applicationEntity STRUCTURAL
|
|
||||||
MAY knowledgeInformation )
|
|
||||||
|
|
||||||
objectclass ( 2.5.6.14 NAME 'device'
|
|
||||||
DESC 'RFC2256: a device'
|
|
||||||
SUP top STRUCTURAL
|
|
||||||
MUST cn
|
|
||||||
MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
|
|
||||||
|
|
||||||
objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser'
|
|
||||||
DESC 'RFC2256: a strong authentication user'
|
|
||||||
SUP top AUXILIARY
|
|
||||||
MUST userCertificate )
|
|
||||||
|
|
||||||
objectclass ( 2.5.6.16 NAME 'certificationAuthority'
|
|
||||||
DESC 'RFC2256: a certificate authority'
|
|
||||||
SUP top AUXILIARY
|
|
||||||
MUST ( authorityRevocationList $ certificateRevocationList $
|
|
||||||
cACertificate ) MAY crossCertificatePair )
|
|
||||||
|
|
||||||
objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames'
|
|
||||||
DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
|
|
||||||
SUP top STRUCTURAL
|
|
||||||
MUST ( uniqueMember $ cn )
|
|
||||||
MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
|
|
||||||
|
|
||||||
objectclass ( 2.5.6.18 NAME 'userSecurityInformation'
|
|
||||||
DESC 'RFC2256: a user security information'
|
|
||||||
SUP top AUXILIARY
|
|
||||||
MAY ( supportedAlgorithms ) )
|
|
||||||
|
|
||||||
objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
|
|
||||||
SUP certificationAuthority
|
|
||||||
AUXILIARY MAY ( deltaRevocationList ) )
|
|
||||||
|
|
||||||
objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint'
|
|
||||||
SUP top STRUCTURAL
|
|
||||||
MUST ( cn )
|
|
||||||
MAY ( certificateRevocationList $ authorityRevocationList $
|
|
||||||
deltaRevocationList ) )
|
|
||||||
|
|
||||||
objectclass ( 2.5.6.20 NAME 'dmd'
|
|
||||||
SUP top STRUCTURAL
|
|
||||||
MUST ( dmdName )
|
|
||||||
MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
|
|
||||||
x121Address $ registeredAddress $ destinationIndicator $
|
|
||||||
preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
|
|
||||||
telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
|
|
||||||
street $ postOfficeBox $ postalCode $ postalAddress $
|
|
||||||
physicalDeliveryOfficeName $ st $ l $ description ) )
|
|
||||||
|
|
||||||
#
|
|
||||||
# Object Classes from RFC 2587
|
|
||||||
#
|
|
||||||
objectclass ( 2.5.6.21 NAME 'pkiUser'
|
|
||||||
DESC 'RFC2587: a PKI user'
|
|
||||||
SUP top AUXILIARY
|
|
||||||
MAY userCertificate )
|
|
||||||
|
|
||||||
objectclass ( 2.5.6.22 NAME 'pkiCA'
|
|
||||||
DESC 'RFC2587: PKI certificate authority'
|
|
||||||
SUP top AUXILIARY
|
|
||||||
MAY ( authorityRevocationList $ certificateRevocationList $
|
|
||||||
cACertificate $ crossCertificatePair ) )
|
|
||||||
|
|
||||||
objectclass ( 2.5.6.23 NAME 'deltaCRL'
|
|
||||||
DESC 'RFC2587: PKI user'
|
|
||||||
SUP top AUXILIARY
|
|
||||||
MAY deltaRevocationList )
|
|
||||||
|
|
||||||
#
|
|
||||||
# Standard Track URI label schema from RFC 2079
|
|
||||||
# system schema
|
|
||||||
#attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
|
|
||||||
# DESC 'RFC2079: Uniform Resource Identifier with optional label'
|
|
||||||
# EQUALITY caseExactMatch
|
|
||||||
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
|
||||||
|
|
||||||
objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
|
|
||||||
DESC 'RFC2079: object that contains the URI attribute type'
|
|
||||||
SUP top AUXILIARY
|
|
||||||
MAY ( labeledURI ) )
|
|
||||||
|
|
||||||
#
|
|
||||||
# Derived from RFC 1274, but with new "short names"
|
|
||||||
#
|
|
||||||
#attributetype ( 0.9.2342.19200300.100.1.1
|
|
||||||
# NAME ( 'uid' 'userid' )
|
|
||||||
# DESC 'RFC1274: user identifier'
|
|
||||||
# EQUALITY caseIgnoreMatch
|
|
||||||
# SUBSTR caseIgnoreSubstringsMatch
|
|
||||||
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
|
|
||||||
|
|
||||||
attributetype ( 0.9.2342.19200300.100.1.3
|
|
||||||
NAME ( 'mail' 'rfc822Mailbox' )
|
|
||||||
DESC 'RFC1274: RFC822 Mailbox'
|
|
||||||
EQUALITY caseIgnoreIA5Match
|
|
||||||
SUBSTR caseIgnoreIA5SubstringsMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
|
|
||||||
|
|
||||||
objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
|
|
||||||
DESC 'RFC1274: simple security object'
|
|
||||||
SUP top AUXILIARY
|
|
||||||
MUST userPassword )
|
|
||||||
|
|
||||||
# RFC 1274 + RFC 2247
|
|
||||||
attributetype ( 0.9.2342.19200300.100.1.25
|
|
||||||
NAME ( 'dc' 'domainComponent' )
|
|
||||||
DESC 'RFC1274/2247: domain component'
|
|
||||||
EQUALITY caseIgnoreIA5Match
|
|
||||||
SUBSTR caseIgnoreIA5SubstringsMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
|
||||||
|
|
||||||
# RFC 2247
|
|
||||||
objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
|
|
||||||
DESC 'RFC2247: domain component object'
|
|
||||||
SUP top AUXILIARY MUST dc )
|
|
||||||
|
|
||||||
# RFC 2377
|
|
||||||
objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject'
|
|
||||||
DESC 'RFC2377: uid object'
|
|
||||||
SUP top AUXILIARY MUST uid )
|
|
||||||
|
|
||||||
# RFC 4524
|
|
||||||
# The 'associatedDomain' attribute specifies DNS [RFC1034][RFC2181]
|
|
||||||
# host names [RFC1123] that are associated with an object. That is,
|
|
||||||
# values of this attribute should conform to the following ABNF:
|
|
||||||
#
|
|
||||||
# domain = root / label *( DOT label )
|
|
||||||
# root = SPACE
|
|
||||||
# label = LETDIG [ *61( LETDIG / HYPHEN ) LETDIG ]
|
|
||||||
# LETDIG = %x30-39 / %x41-5A / %x61-7A ; "0" - "9" / "A"-"Z" / "a"-"z"
|
|
||||||
# SPACE = %x20 ; space (" ")
|
|
||||||
# HYPHEN = %x2D ; hyphen ("-")
|
|
||||||
# DOT = %x2E ; period (".")
|
|
||||||
attributetype ( 0.9.2342.19200300.100.1.37
|
|
||||||
NAME 'associatedDomain'
|
|
||||||
DESC 'RFC1274: domain associated with object'
|
|
||||||
EQUALITY caseIgnoreIA5Match
|
|
||||||
SUBSTR caseIgnoreIA5SubstringsMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
||||||
|
|
||||||
# RFC 2459 -- deprecated in favor of 'mail' (in cosine.schema)
|
|
||||||
attributetype ( 1.2.840.113549.1.9.1
|
|
||||||
NAME ( 'email' 'emailAddress' 'pkcs9email' )
|
|
||||||
DESC 'RFC3280: legacy attribute for email addresses in DNs'
|
|
||||||
EQUALITY caseIgnoreIA5Match
|
|
||||||
SUBSTR caseIgnoreIA5SubstringsMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
|
|
||||||
|
|
File diff suppressed because it is too large
Load diff
|
@ -1,155 +0,0 @@
|
||||||
# inetorgperson.schema -- InetOrgPerson (RFC2798)
|
|
||||||
# $OpenLDAP$
|
|
||||||
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
|
|
||||||
##
|
|
||||||
## Copyright 1998-2019 The OpenLDAP Foundation.
|
|
||||||
## All rights reserved.
|
|
||||||
##
|
|
||||||
## Redistribution and use in source and binary forms, with or without
|
|
||||||
## modification, are permitted only as authorized by the OpenLDAP
|
|
||||||
## Public License.
|
|
||||||
##
|
|
||||||
## A copy of this license is available in the file LICENSE in the
|
|
||||||
## top-level directory of the distribution or, alternatively, at
|
|
||||||
## <http://www.OpenLDAP.org/license.html>.
|
|
||||||
#
|
|
||||||
# InetOrgPerson (RFC2798)
|
|
||||||
#
|
|
||||||
# Depends upon
|
|
||||||
# Definition of an X.500 Attribute Type and an Object Class to Hold
|
|
||||||
# Uniform Resource Identifiers (URIs) [RFC2079]
|
|
||||||
# (core.schema)
|
|
||||||
#
|
|
||||||
# A Summary of the X.500(96) User Schema for use with LDAPv3 [RFC2256]
|
|
||||||
# (core.schema)
|
|
||||||
#
|
|
||||||
# The COSINE and Internet X.500 Schema [RFC1274] (cosine.schema)
|
|
||||||
|
|
||||||
# carLicense
|
|
||||||
# This multivalued field is used to record the values of the license or
|
|
||||||
# registration plate associated with an individual.
|
|
||||||
attributetype ( 2.16.840.1.113730.3.1.1
|
|
||||||
NAME 'carLicense'
|
|
||||||
DESC 'RFC2798: vehicle license or registration plate'
|
|
||||||
EQUALITY caseIgnoreMatch
|
|
||||||
SUBSTR caseIgnoreSubstringsMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
|
||||||
|
|
||||||
# departmentNumber
|
|
||||||
# Code for department to which a person belongs. This can also be
|
|
||||||
# strictly numeric (e.g., 1234) or alphanumeric (e.g., ABC/123).
|
|
||||||
attributetype ( 2.16.840.1.113730.3.1.2
|
|
||||||
NAME 'departmentNumber'
|
|
||||||
DESC 'RFC2798: identifies a department within an organization'
|
|
||||||
EQUALITY caseIgnoreMatch
|
|
||||||
SUBSTR caseIgnoreSubstringsMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
|
||||||
|
|
||||||
# displayName
|
|
||||||
# When displaying an entry, especially within a one-line summary list, it
|
|
||||||
# is useful to be able to identify a name to be used. Since other attri-
|
|
||||||
# bute types such as 'cn' are multivalued, an additional attribute type is
|
|
||||||
# needed. Display name is defined for this purpose.
|
|
||||||
attributetype ( 2.16.840.1.113730.3.1.241
|
|
||||||
NAME 'displayName'
|
|
||||||
DESC 'RFC2798: preferred name to be used when displaying entries'
|
|
||||||
EQUALITY caseIgnoreMatch
|
|
||||||
SUBSTR caseIgnoreSubstringsMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
|
||||||
SINGLE-VALUE )
|
|
||||||
|
|
||||||
# employeeNumber
|
|
||||||
# Numeric or alphanumeric identifier assigned to a person, typically based
|
|
||||||
# on order of hire or association with an organization. Single valued.
|
|
||||||
attributetype ( 2.16.840.1.113730.3.1.3
|
|
||||||
NAME 'employeeNumber'
|
|
||||||
DESC 'RFC2798: numerically identifies an employee within an organization'
|
|
||||||
EQUALITY caseIgnoreMatch
|
|
||||||
SUBSTR caseIgnoreSubstringsMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
|
||||||
SINGLE-VALUE )
|
|
||||||
|
|
||||||
# employeeType
|
|
||||||
# Used to identify the employer to employee relationship. Typical values
|
|
||||||
# used will be "Contractor", "Employee", "Intern", "Temp", "External", and
|
|
||||||
# "Unknown" but any value may be used.
|
|
||||||
attributetype ( 2.16.840.1.113730.3.1.4
|
|
||||||
NAME 'employeeType'
|
|
||||||
DESC 'RFC2798: type of employment for a person'
|
|
||||||
EQUALITY caseIgnoreMatch
|
|
||||||
SUBSTR caseIgnoreSubstringsMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
|
|
||||||
|
|
||||||
# jpegPhoto
|
|
||||||
# Used to store one or more images of a person using the JPEG File
|
|
||||||
# Interchange Format [JFIF].
|
|
||||||
# Note that the jpegPhoto attribute type was defined for use in the
|
|
||||||
# Internet X.500 pilots but no referencable definition for it could be
|
|
||||||
# located.
|
|
||||||
attributetype ( 0.9.2342.19200300.100.1.60
|
|
||||||
NAME 'jpegPhoto'
|
|
||||||
DESC 'RFC2798: a JPEG image'
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.28 )
|
|
||||||
|
|
||||||
# preferredLanguage
|
|
||||||
# Used to indicate an individual's preferred written or spoken
|
|
||||||
# language. This is useful for international correspondence or human-
|
|
||||||
# computer interaction. Values for this attribute type MUST conform to
|
|
||||||
# the definition of the Accept-Language header field defined in
|
|
||||||
# [RFC2068] with one exception: the sequence "Accept-Language" ":"
|
|
||||||
# should be omitted. This is a single valued attribute type.
|
|
||||||
attributetype ( 2.16.840.1.113730.3.1.39
|
|
||||||
NAME 'preferredLanguage'
|
|
||||||
DESC 'RFC2798: preferred written or spoken language for a person'
|
|
||||||
EQUALITY caseIgnoreMatch
|
|
||||||
SUBSTR caseIgnoreSubstringsMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
|
|
||||||
SINGLE-VALUE )
|
|
||||||
|
|
||||||
# userSMIMECertificate
|
|
||||||
# A PKCS#7 [RFC2315] SignedData, where the content that is signed is
|
|
||||||
# ignored by consumers of userSMIMECertificate values. It is
|
|
||||||
# recommended that values have a `contentType' of data with an absent
|
|
||||||
# `content' field. Values of this attribute contain a person's entire
|
|
||||||
# certificate chain and an smimeCapabilities field [RFC2633] that at a
|
|
||||||
# minimum describes their SMIME algorithm capabilities. Values for
|
|
||||||
# this attribute are to be stored and requested in binary form, as
|
|
||||||
# 'userSMIMECertificate;binary'. If available, this attribute is
|
|
||||||
# preferred over the userCertificate attribute for S/MIME applications.
|
|
||||||
## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
|
|
||||||
attributetype ( 2.16.840.1.113730.3.1.40
|
|
||||||
NAME 'userSMIMECertificate'
|
|
||||||
DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME'
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
|
|
||||||
|
|
||||||
# userPKCS12
|
|
||||||
# PKCS #12 [PKCS12] provides a format for exchange of personal identity
|
|
||||||
# information. When such information is stored in a directory service,
|
|
||||||
# the userPKCS12 attribute should be used. This attribute is to be stored
|
|
||||||
# and requested in binary form, as 'userPKCS12;binary'. The attribute
|
|
||||||
# values are PFX PDUs stored as binary data.
|
|
||||||
## OpenLDAP note: ";binary" transfer should NOT be used as syntax is binary
|
|
||||||
attributetype ( 2.16.840.1.113730.3.1.216
|
|
||||||
NAME 'userPKCS12'
|
|
||||||
DESC 'RFC2798: personal identity information, a PKCS #12 PFX'
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
|
|
||||||
|
|
||||||
|
|
||||||
# inetOrgPerson
|
|
||||||
# The inetOrgPerson represents people who are associated with an
|
|
||||||
# organization in some way. It is a structural class and is derived
|
|
||||||
# from the organizationalPerson which is defined in X.521 [X521].
|
|
||||||
objectclass ( 2.16.840.1.113730.3.2.2
|
|
||||||
NAME 'inetOrgPerson'
|
|
||||||
DESC 'RFC2798: Internet Organizational Person'
|
|
||||||
SUP organizationalPerson
|
|
||||||
STRUCTURAL
|
|
||||||
MAY (
|
|
||||||
audio $ businessCategory $ carLicense $ departmentNumber $
|
|
||||||
displayName $ employeeNumber $ employeeType $ givenName $
|
|
||||||
homePhone $ homePostalAddress $ initials $ jpegPhoto $
|
|
||||||
labeledURI $ mail $ manager $ mobile $ o $ pager $
|
|
||||||
photo $ roomNumber $ secretary $ uid $ userCertificate $
|
|
||||||
x500uniqueIdentifier $ preferredLanguage $
|
|
||||||
userSMIMECertificate $ userPKCS12 )
|
|
||||||
)
|
|
|
@ -1,88 +0,0 @@
|
||||||
## LDAP Schema Yunohost EMAIL
|
|
||||||
## Version 0.1
|
|
||||||
## Adrien Beudin
|
|
||||||
|
|
||||||
# Attributes
|
|
||||||
attributetype ( 1.3.6.1.4.1.40328.1.20.2.1
|
|
||||||
NAME 'maildrop'
|
|
||||||
DESC 'Mail addresses where mails are forwarded -- ie forwards'
|
|
||||||
EQUALITY caseIgnoreMatch
|
|
||||||
SUBSTR caseIgnoreSubstringsMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512})
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.4.1.40328.1.20.2.2
|
|
||||||
NAME 'mailalias'
|
|
||||||
DESC 'Mail addresses accepted by this account -- ie aliases'
|
|
||||||
EQUALITY caseIgnoreMatch
|
|
||||||
SUBSTR caseIgnoreSubstringsMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512})
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.4.1.40328.1.20.2.3
|
|
||||||
NAME 'mailenable'
|
|
||||||
DESC 'Mail Account validity'
|
|
||||||
EQUALITY caseIgnoreMatch
|
|
||||||
SUBSTR caseIgnoreSubstringsMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{8})
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.4.1.40328.1.20.2.4
|
|
||||||
NAME 'mailbox'
|
|
||||||
DESC 'Mailbox path where mails are delivered'
|
|
||||||
EQUALITY caseIgnoreMatch
|
|
||||||
SUBSTR caseIgnoreSubstringsMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512})
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.4.1.40328.1.20.2.5
|
|
||||||
NAME 'virtualdomain'
|
|
||||||
DESC 'A mail domain name'
|
|
||||||
EQUALITY caseIgnoreMatch
|
|
||||||
SUBSTR caseIgnoreSubstringsMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512})
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.4.1.40328.1.20.2.6
|
|
||||||
NAME 'virtualdomaindescription'
|
|
||||||
DESC 'Virtual domain description'
|
|
||||||
EQUALITY caseIgnoreMatch
|
|
||||||
SUBSTR caseIgnoreSubstringsMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512})
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.4.1.40328.1.20.2.7
|
|
||||||
NAME 'mailuserquota'
|
|
||||||
DESC 'Mailbox quota for a user'
|
|
||||||
EQUALITY caseIgnoreMatch
|
|
||||||
SUBSTR caseIgnoreSubstringsMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{16} SINGLE-VALUE )
|
|
||||||
|
|
||||||
# Mail Account Objectclass
|
|
||||||
objectclass ( 1.3.6.1.4.1.40328.1.1.2.1
|
|
||||||
NAME 'mailAccount'
|
|
||||||
DESC 'Mail Account'
|
|
||||||
SUP top
|
|
||||||
AUXILIARY
|
|
||||||
MUST (
|
|
||||||
mail
|
|
||||||
)
|
|
||||||
MAY (
|
|
||||||
mailalias $ maildrop $ mailenable $ mailbox $ mailuserquota
|
|
||||||
)
|
|
||||||
)
|
|
||||||
|
|
||||||
# Mail Domain Objectclass
|
|
||||||
objectclass ( 1.3.6.1.4.1.40328.1.1.2.2
|
|
||||||
NAME 'mailDomain'
|
|
||||||
DESC 'Domain mail entry'
|
|
||||||
SUP top
|
|
||||||
STRUCTURAL
|
|
||||||
MUST (
|
|
||||||
virtualdomain
|
|
||||||
)
|
|
||||||
MAY (
|
|
||||||
virtualdomaindescription $ mailuserquota
|
|
||||||
)
|
|
||||||
)
|
|
||||||
|
|
||||||
# Mail Group Objectclass
|
|
||||||
objectclass ( 1.3.6.1.4.1.40328.1.1.2.3
|
|
||||||
NAME 'mailGroup' SUP top AUXILIARY
|
|
||||||
DESC 'Mail Group'
|
|
||||||
MUST ( mail )
|
|
||||||
)
|
|
|
@ -1,237 +0,0 @@
|
||||||
# $OpenLDAP$
|
|
||||||
## This work is part of OpenLDAP Software <http://www.openldap.org/>.
|
|
||||||
##
|
|
||||||
## Copyright 1998-2019 The OpenLDAP Foundation.
|
|
||||||
## All rights reserved.
|
|
||||||
##
|
|
||||||
## Redistribution and use in source and binary forms, with or without
|
|
||||||
## modification, are permitted only as authorized by the OpenLDAP
|
|
||||||
## Public License.
|
|
||||||
##
|
|
||||||
## A copy of this license is available in the file LICENSE in the
|
|
||||||
## top-level directory of the distribution or, alternatively, at
|
|
||||||
## <http://www.OpenLDAP.org/license.html>.
|
|
||||||
|
|
||||||
# Definitions from RFC2307 (Experimental)
|
|
||||||
# An Approach for Using LDAP as a Network Information Service
|
|
||||||
|
|
||||||
# Depends upon core.schema and cosine.schema
|
|
||||||
|
|
||||||
# Note: The definitions in RFC2307 are given in syntaxes closely related
|
|
||||||
# to those in RFC2252, however, some liberties are taken that are not
|
|
||||||
# supported by RFC2252. This file has been written following RFC2252
|
|
||||||
# strictly.
|
|
||||||
|
|
||||||
# OID Base is iso(1) org(3) dod(6) internet(1) directory(1) nisSchema(1).
|
|
||||||
# i.e. nisSchema in RFC2307 is 1.3.6.1.1.1
|
|
||||||
#
|
|
||||||
# Syntaxes are under 1.3.6.1.1.1.0 (two new syntaxes are defined)
|
|
||||||
# validaters for these syntaxes are incomplete, they only
|
|
||||||
# implement printable string validation (which is good as the
|
|
||||||
# common use of these syntaxes violates the specification).
|
|
||||||
# Attribute types are under 1.3.6.1.1.1.1
|
|
||||||
# Object classes are under 1.3.6.1.1.1.2
|
|
||||||
|
|
||||||
# Attribute Type Definitions
|
|
||||||
|
|
||||||
# builtin
|
|
||||||
#attributetype ( 1.3.6.1.1.1.1.0 NAME 'uidNumber'
|
|
||||||
# DESC 'An integer uniquely identifying a user in an administrative domain'
|
|
||||||
# EQUALITY integerMatch
|
|
||||||
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
|
||||||
|
|
||||||
# builtin
|
|
||||||
#attributetype ( 1.3.6.1.1.1.1.1 NAME 'gidNumber'
|
|
||||||
# DESC 'An integer uniquely identifying a group in an administrative domain'
|
|
||||||
# EQUALITY integerMatch
|
|
||||||
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.1.1.1.2 NAME 'gecos'
|
|
||||||
DESC 'The GECOS field; the common name'
|
|
||||||
EQUALITY caseIgnoreIA5Match
|
|
||||||
SUBSTR caseIgnoreIA5SubstringsMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory'
|
|
||||||
DESC 'The absolute path to the home directory'
|
|
||||||
EQUALITY caseExactIA5Match
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.1.1.1.4 NAME 'loginShell'
|
|
||||||
DESC 'The path to the login shell'
|
|
||||||
EQUALITY caseExactIA5Match
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange'
|
|
||||||
EQUALITY integerMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.1.1.1.6 NAME 'shadowMin'
|
|
||||||
EQUALITY integerMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.1.1.1.7 NAME 'shadowMax'
|
|
||||||
EQUALITY integerMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning'
|
|
||||||
EQUALITY integerMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive'
|
|
||||||
EQUALITY integerMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire'
|
|
||||||
EQUALITY integerMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag'
|
|
||||||
EQUALITY integerMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid'
|
|
||||||
EQUALITY caseExactIA5Match
|
|
||||||
SUBSTR caseExactIA5SubstringsMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup'
|
|
||||||
EQUALITY caseExactIA5Match
|
|
||||||
SUBSTR caseExactIA5SubstringsMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple'
|
|
||||||
DESC 'Netgroup triple'
|
|
||||||
SYNTAX 1.3.6.1.1.1.0.0 )
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort'
|
|
||||||
EQUALITY integerMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol'
|
|
||||||
SUP name )
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber'
|
|
||||||
EQUALITY integerMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber'
|
|
||||||
EQUALITY integerMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber'
|
|
||||||
DESC 'IP address'
|
|
||||||
EQUALITY caseIgnoreIA5Match
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber'
|
|
||||||
DESC 'IP network'
|
|
||||||
EQUALITY caseIgnoreIA5Match
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber'
|
|
||||||
DESC 'IP netmask'
|
|
||||||
EQUALITY caseIgnoreIA5Match
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} SINGLE-VALUE )
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.1.1.1.22 NAME 'macAddress'
|
|
||||||
DESC 'MAC address'
|
|
||||||
EQUALITY caseIgnoreIA5Match
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.1.1.1.23 NAME 'bootParameter'
|
|
||||||
DESC 'rpc.bootparamd parameter'
|
|
||||||
SYNTAX 1.3.6.1.1.1.0.1 )
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.1.1.1.24 NAME 'bootFile'
|
|
||||||
DESC 'Boot image name'
|
|
||||||
EQUALITY caseExactIA5Match
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.1.1.1.26 NAME 'nisMapName'
|
|
||||||
SUP name )
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry'
|
|
||||||
EQUALITY caseExactIA5Match
|
|
||||||
SUBSTR caseExactIA5SubstringsMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1024} SINGLE-VALUE )
|
|
||||||
|
|
||||||
# Object Class Definitions
|
|
||||||
|
|
||||||
objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount'
|
|
||||||
DESC 'Abstraction of an account with POSIX attributes'
|
|
||||||
SUP top AUXILIARY
|
|
||||||
MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
|
|
||||||
MAY ( userPassword $ loginShell $ gecos $ description ) )
|
|
||||||
|
|
||||||
objectclass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount'
|
|
||||||
DESC 'Additional attributes for shadow passwords'
|
|
||||||
SUP top AUXILIARY
|
|
||||||
MUST uid
|
|
||||||
MAY ( userPassword $ shadowLastChange $ shadowMin $
|
|
||||||
shadowMax $ shadowWarning $ shadowInactive $
|
|
||||||
shadowExpire $ shadowFlag $ description ) )
|
|
||||||
|
|
||||||
objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup'
|
|
||||||
DESC 'Abstraction of a group of accounts'
|
|
||||||
SUP top STRUCTURAL
|
|
||||||
MUST ( cn $ gidNumber )
|
|
||||||
MAY ( userPassword $ memberUid $ description ) )
|
|
||||||
|
|
||||||
objectclass ( 1.3.6.1.1.1.2.3 NAME 'ipService'
|
|
||||||
DESC 'Abstraction an Internet Protocol service'
|
|
||||||
SUP top STRUCTURAL
|
|
||||||
MUST ( cn $ ipServicePort $ ipServiceProtocol )
|
|
||||||
MAY ( description ) )
|
|
||||||
|
|
||||||
objectclass ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol'
|
|
||||||
DESC 'Abstraction of an IP protocol'
|
|
||||||
SUP top STRUCTURAL
|
|
||||||
MUST ( cn $ ipProtocolNumber $ description )
|
|
||||||
MAY description )
|
|
||||||
|
|
||||||
objectclass ( 1.3.6.1.1.1.2.5 NAME 'oncRpc'
|
|
||||||
DESC 'Abstraction of an ONC/RPC binding'
|
|
||||||
SUP top STRUCTURAL
|
|
||||||
MUST ( cn $ oncRpcNumber $ description )
|
|
||||||
MAY description )
|
|
||||||
|
|
||||||
objectclass ( 1.3.6.1.1.1.2.6 NAME 'ipHost'
|
|
||||||
DESC 'Abstraction of a host, an IP device'
|
|
||||||
SUP top AUXILIARY
|
|
||||||
MUST ( cn $ ipHostNumber )
|
|
||||||
MAY ( l $ description $ manager ) )
|
|
||||||
|
|
||||||
objectclass ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork'
|
|
||||||
DESC 'Abstraction of an IP network'
|
|
||||||
SUP top STRUCTURAL
|
|
||||||
MUST ( cn $ ipNetworkNumber )
|
|
||||||
MAY ( ipNetmaskNumber $ l $ description $ manager ) )
|
|
||||||
|
|
||||||
objectclass ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup'
|
|
||||||
DESC 'Abstraction of a netgroup'
|
|
||||||
SUP top STRUCTURAL
|
|
||||||
MUST cn
|
|
||||||
MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) )
|
|
||||||
|
|
||||||
objectclass ( 1.3.6.1.1.1.2.9 NAME 'nisMap'
|
|
||||||
DESC 'A generic abstraction of a NIS map'
|
|
||||||
SUP top STRUCTURAL
|
|
||||||
MUST nisMapName
|
|
||||||
MAY description )
|
|
||||||
|
|
||||||
objectclass ( 1.3.6.1.1.1.2.10 NAME 'nisObject'
|
|
||||||
DESC 'An entry in a NIS map'
|
|
||||||
SUP top STRUCTURAL
|
|
||||||
MUST ( cn $ nisMapEntry $ nisMapName )
|
|
||||||
MAY description )
|
|
||||||
|
|
||||||
objectclass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device'
|
|
||||||
DESC 'A device with a MAC address'
|
|
||||||
SUP top AUXILIARY
|
|
||||||
MAY macAddress )
|
|
||||||
|
|
||||||
objectclass ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice'
|
|
||||||
DESC 'A device with boot parameters'
|
|
||||||
SUP top AUXILIARY
|
|
||||||
MAY ( bootFile $ bootParameter ) )
|
|
|
@ -1,76 +0,0 @@
|
||||||
#
|
|
||||||
# OpenLDAP schema file for Sudo
|
|
||||||
# Save as /etc/openldap/schema/sudo.schema
|
|
||||||
#
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.4.1.15953.9.1.1
|
|
||||||
NAME 'sudoUser'
|
|
||||||
DESC 'User(s) who may run sudo'
|
|
||||||
EQUALITY caseExactIA5Match
|
|
||||||
SUBSTR caseExactIA5SubstringsMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.4.1.15953.9.1.2
|
|
||||||
NAME 'sudoHost'
|
|
||||||
DESC 'Host(s) who may run sudo'
|
|
||||||
EQUALITY caseExactIA5Match
|
|
||||||
SUBSTR caseExactIA5SubstringsMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.4.1.15953.9.1.3
|
|
||||||
NAME 'sudoCommand'
|
|
||||||
DESC 'Command(s) to be executed by sudo'
|
|
||||||
EQUALITY caseExactIA5Match
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.4.1.15953.9.1.4
|
|
||||||
NAME 'sudoRunAs'
|
|
||||||
DESC 'User(s) impersonated by sudo (deprecated)'
|
|
||||||
EQUALITY caseExactIA5Match
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.4.1.15953.9.1.5
|
|
||||||
NAME 'sudoOption'
|
|
||||||
DESC 'Options(s) followed by sudo'
|
|
||||||
EQUALITY caseExactIA5Match
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.4.1.15953.9.1.6
|
|
||||||
NAME 'sudoRunAsUser'
|
|
||||||
DESC 'User(s) impersonated by sudo'
|
|
||||||
EQUALITY caseExactIA5Match
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.4.1.15953.9.1.7
|
|
||||||
NAME 'sudoRunAsGroup'
|
|
||||||
DESC 'Group(s) impersonated by sudo'
|
|
||||||
EQUALITY caseExactIA5Match
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.4.1.15953.9.1.8
|
|
||||||
NAME 'sudoNotBefore'
|
|
||||||
DESC 'Start of time interval for which the entry is valid'
|
|
||||||
EQUALITY generalizedTimeMatch
|
|
||||||
ORDERING generalizedTimeOrderingMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
|
|
||||||
|
|
||||||
attributetype ( 1.3.6.1.4.1.15953.9.1.9
|
|
||||||
NAME 'sudoNotAfter'
|
|
||||||
DESC 'End of time interval for which the entry is valid'
|
|
||||||
EQUALITY generalizedTimeMatch
|
|
||||||
ORDERING generalizedTimeOrderingMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
|
|
||||||
|
|
||||||
attributeTypes ( 1.3.6.1.4.1.15953.9.1.10
|
|
||||||
NAME 'sudoOrder'
|
|
||||||
DESC 'an integer to order the sudoRole entries'
|
|
||||||
EQUALITY integerMatch
|
|
||||||
ORDERING integerOrderingMatch
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
|
|
||||||
|
|
||||||
objectclass ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL
|
|
||||||
DESC 'Sudoer Entries'
|
|
||||||
MUST ( cn )
|
|
||||||
MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ sudoRunAsGroup $ sudoOption $ sudoOrder $ sudoNotBefore $ sudoNotAfter $
|
|
||||||
description )
|
|
||||||
)
|
|
|
@ -1,33 +0,0 @@
|
||||||
#dn: cn=yunohost,cn=schema,cn=config
|
|
||||||
#objectClass: olcSchemaConfig
|
|
||||||
#cn: yunohost
|
|
||||||
# ATTRIBUTES
|
|
||||||
# For Permission
|
|
||||||
attributetype ( 1.3.6.1.4.1.17953.9.1.1 NAME 'permission'
|
|
||||||
DESC 'Yunohost permission on user and group side'
|
|
||||||
SUP distinguishedName )
|
|
||||||
attributetype ( 1.3.6.1.4.1.17953.9.1.2 NAME 'groupPermission'
|
|
||||||
DESC 'Yunohost permission for a group on permission side'
|
|
||||||
SUP distinguishedName )
|
|
||||||
attributetype ( 1.3.6.1.4.1.17953.9.1.3 NAME 'inheritPermission'
|
|
||||||
DESC 'Yunohost permission for user on permission side'
|
|
||||||
SUP distinguishedName )
|
|
||||||
attributetype ( 1.3.6.1.4.1.17953.9.1.4 NAME 'URL'
|
|
||||||
DESC 'Yunohost application URL'
|
|
||||||
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
|
|
||||||
# OBJECTCLASS
|
|
||||||
# For Applications
|
|
||||||
objectclass ( 1.3.6.1.4.1.17953.9.2.1 NAME 'groupOfNamesYnh'
|
|
||||||
DESC 'Yunohost user group'
|
|
||||||
SUP top AUXILIARY
|
|
||||||
MAY ( member $ businessCategory $ seeAlso $ owner $ ou $ o $ permission ) )
|
|
||||||
objectclass ( 1.3.6.1.4.1.17953.9.2.2 NAME 'permissionYnh'
|
|
||||||
DESC 'a Yunohost application'
|
|
||||||
SUP top AUXILIARY
|
|
||||||
MUST cn
|
|
||||||
MAY ( groupPermission $ inheritPermission $ URL ) )
|
|
||||||
# For User
|
|
||||||
objectclass ( 1.3.6.1.4.1.17953.9.2.3 NAME 'userPermissionYnh'
|
|
||||||
DESC 'a Yunohost application'
|
|
||||||
SUP top AUXILIARY
|
|
||||||
MAY ( permission ) )
|
|
|
@ -1,94 +0,0 @@
|
||||||
serverID %(serverid)s
|
|
||||||
moduleload back_%(database)s
|
|
||||||
moduleload memberof
|
|
||||||
%(include_directives)s
|
|
||||||
loglevel %(loglevel)s
|
|
||||||
#allow bind_v2
|
|
||||||
database %(database)s
|
|
||||||
directory "%(directory)s"
|
|
||||||
suffix "%(suffix)s"
|
|
||||||
rootdn "%(rootdn)s"
|
|
||||||
rootpw "%(rootpw)s"
|
|
||||||
TLSCACertificateFile "%(cafile)s"
|
|
||||||
TLSCertificateFile "%(servercert)s"
|
|
||||||
TLSCertificateKeyFile "%(serverkey)s"
|
|
||||||
authz-regexp
|
|
||||||
"gidnumber=%(root_gid)s\\+uidnumber=%(root_uid)s,cn=peercred,cn=external,cn=auth"
|
|
||||||
"%(rootdn)s"
|
|
||||||
|
|
||||||
index objectClass eq
|
|
||||||
index uid,sudoUser eq,sub
|
|
||||||
index entryCSN,entryUUID eq
|
|
||||||
index cn,mail eq
|
|
||||||
index gidNumber,uidNumber eq
|
|
||||||
index member,memberUid,uniqueMember eq
|
|
||||||
index virtualdomain eq
|
|
||||||
|
|
||||||
# The userPassword by default can be changed
|
|
||||||
# by the entry owning it if they are authenticated.
|
|
||||||
# Others should not be able to see it, except the
|
|
||||||
# admin entry below
|
|
||||||
# These access lines apply to database #1 only
|
|
||||||
access to attrs=userPassword,shadowLastChange
|
|
||||||
by dn="cn=admin,dc=yunohost,dc=org" write
|
|
||||||
by dn.exact="gidNumber=%(root_gid)s+uidnumber=%(root_uid)s,cn=peercred,cn=external,cn=auth" write
|
|
||||||
by anonymous auth
|
|
||||||
by self write
|
|
||||||
by * none
|
|
||||||
|
|
||||||
# Personnal information can be changed by the entry
|
|
||||||
# owning it if they are authenticated.
|
|
||||||
# Others should be able to see it.
|
|
||||||
access to attrs=cn,gecos,givenName,mail,maildrop,displayName,sn
|
|
||||||
by dn="cn=admin,dc=yunohost,dc=org" write
|
|
||||||
by dn.exact="gidNumber=%(root_gid)s+uidnumber=%(root_uid)s,cn=peercred,cn=external,cn=auth" write
|
|
||||||
by self write
|
|
||||||
by * read
|
|
||||||
|
|
||||||
# Ensure read access to the base for things like
|
|
||||||
# supportedSASLMechanisms. Without this you may
|
|
||||||
# have problems with SASL not knowing what
|
|
||||||
# mechanisms are available and the like.
|
|
||||||
# Note that this is covered by the 'access to *'
|
|
||||||
# ACL below too but if you change that as people
|
|
||||||
# are wont to do you'll still need this if you
|
|
||||||
# want SASL (and possible ldap_files things) to work
|
|
||||||
# happily.
|
|
||||||
access to dn.base="" by * read
|
|
||||||
|
|
||||||
# The admin dn has full write access, everyone else
|
|
||||||
# can read everything.
|
|
||||||
access to *
|
|
||||||
by dn="cn=admin,dc=yunohost,dc=org" write
|
|
||||||
by dn.exact="gidNumber=%(root_gid)s+uidnumber=%(root_uid)s,cn=peercred,cn=external,cn=auth" write
|
|
||||||
by group/groupOfNames/Member="cn=admin,ou=groups,dc=yunohost,dc=org" write
|
|
||||||
by * read
|
|
||||||
|
|
||||||
# Configure Memberof Overlay (used for Yunohost permission)
|
|
||||||
|
|
||||||
# Link user <-> group
|
|
||||||
#dn: olcOverlay={0}memberof,olcDatabase={1}mdb,cn=config
|
|
||||||
overlay memberof
|
|
||||||
memberof-group-oc groupOfNamesYnh
|
|
||||||
memberof-member-ad member
|
|
||||||
memberof-memberof-ad memberOf
|
|
||||||
memberof-dangling error
|
|
||||||
memberof-refint TRUE
|
|
||||||
|
|
||||||
# Link permission <-> groupes
|
|
||||||
#dn: olcOverlay={1}memberof,olcDatabase={1}mdb,cn=config
|
|
||||||
overlay memberof
|
|
||||||
memberof-group-oc permissionYnh
|
|
||||||
memberof-member-ad groupPermission
|
|
||||||
memberof-memberof-ad permission
|
|
||||||
memberof-dangling error
|
|
||||||
memberof-refint TRUE
|
|
||||||
|
|
||||||
# Link permission <-> user
|
|
||||||
#dn: olcOverlay={2}memberof,olcDatabase={1}mdb,cn=config
|
|
||||||
overlay memberof
|
|
||||||
memberof-group-oc permissionYnh
|
|
||||||
memberof-member-ad inheritPermission
|
|
||||||
memberof-memberof-ad permission
|
|
||||||
memberof-dangling error
|
|
||||||
memberof-refint TRUE
|
|
|
@ -1,205 +0,0 @@
|
||||||
dn: dc=yunohost,dc=org
|
|
||||||
dc: yunohost
|
|
||||||
o: yunohost.org
|
|
||||||
objectclass: top
|
|
||||||
objectclass: dcObject
|
|
||||||
objectclass: organization
|
|
||||||
|
|
||||||
dn: cn=admin,dc=yunohost,dc=org
|
|
||||||
objectClass: simpleSecurityObject
|
|
||||||
objectClass: organizationalRole
|
|
||||||
cn: admin
|
|
||||||
userPassword: yunohost
|
|
||||||
|
|
||||||
#dn: ou=people,dc=yunohost,dc=org
|
|
||||||
#objectClass: organizationalUnit
|
|
||||||
#ou: people
|
|
||||||
#
|
|
||||||
#dn: ou=moregroups,dc=yunohost,dc=org
|
|
||||||
#objectClass: organizationalUnit
|
|
||||||
#ou: moregroups
|
|
||||||
#
|
|
||||||
#dn: ou=mirror_groups,dc=yunohost,dc=org
|
|
||||||
#objectClass: organizationalUnit
|
|
||||||
#ou: mirror_groups
|
|
||||||
#
|
|
||||||
#
|
|
||||||
#dn: uid=alice,ou=people,dc=yunohost,dc=org
|
|
||||||
#objectClass: person
|
|
||||||
#objectClass: organizationalPerson
|
|
||||||
#objectClass: inetOrgPerson
|
|
||||||
#objectClass: posixAccount
|
|
||||||
#cn: alice
|
|
||||||
#uid: alice
|
|
||||||
#userPassword: password
|
|
||||||
#uidNumber: 1000
|
|
||||||
#gidNumber: 1000
|
|
||||||
#givenName: Alice
|
|
||||||
#sn: Adams
|
|
||||||
#homeDirectory: /home/alice
|
|
||||||
#
|
|
||||||
#dn: uid=bob,ou=people,dc=yunohost,dc=org
|
|
||||||
#objectClass: person
|
|
||||||
#objectClass: organizationalPerson
|
|
||||||
#objectClass: inetOrgPerson
|
|
||||||
#objectClass: posixAccount
|
|
||||||
#cn: bob
|
|
||||||
#uid: bob
|
|
||||||
#userPassword: password
|
|
||||||
#uidNumber: 1001
|
|
||||||
#gidNumber: 50
|
|
||||||
#givenName: Robert
|
|
||||||
#sn: Barker
|
|
||||||
#homeDirectory: /home/bob
|
|
||||||
#
|
|
||||||
#dn: uid=dreßler,ou=people,dc=yunohost,dc=org
|
|
||||||
#objectClass: person
|
|
||||||
#objectClass: organizationalPerson
|
|
||||||
#objectClass: inetOrgPerson
|
|
||||||
#objectClass: posixAccount
|
|
||||||
#cn: dreßler
|
|
||||||
#uid: dreßler
|
|
||||||
#userPassword: password
|
|
||||||
#uidNumber: 1002
|
|
||||||
#gidNumber: 50
|
|
||||||
#givenName: Wolfgang
|
|
||||||
#sn: Dreßler
|
|
||||||
#homeDirectory: /home/dressler
|
|
||||||
#
|
|
||||||
#dn: uid=nobody,ou=people,dc=yunohost,dc=org
|
|
||||||
#objectClass: person
|
|
||||||
#objectClass: organizationalPerson
|
|
||||||
#objectClass: inetOrgPerson
|
|
||||||
#objectClass: posixAccount
|
|
||||||
#cn: nobody
|
|
||||||
#uid: nobody
|
|
||||||
#userPassword: password
|
|
||||||
#uidNumber: 1003
|
|
||||||
#gidNumber: 50
|
|
||||||
#sn: nobody
|
|
||||||
#homeDirectory: /home/nobody
|
|
||||||
#
|
|
||||||
#dn: uid=nonposix,ou=people,dc=yunohost,dc=org
|
|
||||||
#objectClass: person
|
|
||||||
#objectClass: organizationalPerson
|
|
||||||
#objectClass: inetOrgPerson
|
|
||||||
#cn: nonposix
|
|
||||||
#uid: nonposix
|
|
||||||
#userPassword: password
|
|
||||||
#sn: nonposix
|
|
||||||
#
|
|
||||||
#
|
|
||||||
## posixGroup objects
|
|
||||||
#dn: cn=active_px,ou=moregroups,dc=yunohost,dc=org
|
|
||||||
#objectClass: posixGroup
|
|
||||||
#cn: active_px
|
|
||||||
#gidNumber: 1000
|
|
||||||
#memberUid: nonposix
|
|
||||||
#
|
|
||||||
#dn: cn=staff_px,ou=moregroups,dc=yunohost,dc=org
|
|
||||||
#objectClass: posixGroup
|
|
||||||
#cn: staff_px
|
|
||||||
#gidNumber: 1001
|
|
||||||
#memberUid: alice
|
|
||||||
#memberUid: nonposix
|
|
||||||
#
|
|
||||||
#dn: cn=superuser_px,ou=moregroups,dc=yunohost,dc=org
|
|
||||||
#objectClass: posixGroup
|
|
||||||
#cn: superuser_px
|
|
||||||
#gidNumber: 1002
|
|
||||||
#memberUid: alice
|
|
||||||
#memberUid: nonposix
|
|
||||||
#
|
|
||||||
#
|
|
||||||
## groupOfNames groups
|
|
||||||
#dn: cn=empty_gon,ou=moregroups,dc=yunohost,dc=org
|
|
||||||
#cn: empty_gon
|
|
||||||
#objectClass: groupOfNames
|
|
||||||
#member:
|
|
||||||
#
|
|
||||||
#dn: cn=active_gon,ou=moregroups,dc=yunohost,dc=org
|
|
||||||
#cn: active_gon
|
|
||||||
#objectClass: groupOfNames
|
|
||||||
#member: uid=alice,ou=people,dc=yunohost,dc=org
|
|
||||||
#
|
|
||||||
#dn: cn=staff_gon,ou=moregroups,dc=yunohost,dc=org
|
|
||||||
#cn: staff_gon
|
|
||||||
#objectClass: groupOfNames
|
|
||||||
#member: uid=alice,ou=people,dc=yunohost,dc=org
|
|
||||||
#
|
|
||||||
#dn: cn=superuser_gon,ou=moregroups,dc=yunohost,dc=org
|
|
||||||
#cn: superuser_gon
|
|
||||||
#objectClass: groupOfNames
|
|
||||||
#member: uid=alice,ou=people,dc=yunohost,dc=org
|
|
||||||
#
|
|
||||||
#dn: cn=other_gon,ou=moregroups,dc=yunohost,dc=org
|
|
||||||
#cn: other_gon
|
|
||||||
#objectClass: groupOfNames
|
|
||||||
#member: uid=bob,ou=people,dc=yunohost,dc=org
|
|
||||||
#
|
|
||||||
#
|
|
||||||
## groupOfNames objects for LDAPGroupQuery testing
|
|
||||||
#dn: ou=query_groups,dc=yunohost,dc=org
|
|
||||||
#objectClass: organizationalUnit
|
|
||||||
#ou: query_groups
|
|
||||||
#
|
|
||||||
#dn: cn=alice_gon,ou=query_groups,dc=yunohost,dc=org
|
|
||||||
#cn: alice_gon
|
|
||||||
#objectClass: groupOfNames
|
|
||||||
#member: uid=alice,ou=people,dc=yunohost,dc=org
|
|
||||||
#
|
|
||||||
#dn: cn=mutual_gon,ou=query_groups,dc=yunohost,dc=org
|
|
||||||
#cn: mutual_gon
|
|
||||||
#objectClass: groupOfNames
|
|
||||||
#member: uid=alice,ou=people,dc=yunohost,dc=org
|
|
||||||
#member: uid=bob,ou=people,dc=yunohost,dc=org
|
|
||||||
#
|
|
||||||
#dn: cn=bob_gon,ou=query_groups,dc=yunohost,dc=org
|
|
||||||
#cn: bob_gon
|
|
||||||
#objectClass: groupOfNames
|
|
||||||
#member: uid=bob,ou=people,dc=yunohost,dc=org
|
|
||||||
#
|
|
||||||
#dn: cn=dreßler_gon,ou=query_groups,dc=yunohost,dc=org
|
|
||||||
#cn: dreßler_gon
|
|
||||||
#objectClass: groupOfNames
|
|
||||||
#member: uid=dreßler,ou=people,dc=yunohost,dc=org
|
|
||||||
#
|
|
||||||
#
|
|
||||||
## groupOfNames objects for selective group mirroring.
|
|
||||||
#dn: cn=mirror1,ou=mirror_groups,dc=yunohost,dc=org
|
|
||||||
#cn: mirror1
|
|
||||||
#objectClass: groupOfNames
|
|
||||||
#member: uid=alice,ou=people,dc=yunohost,dc=org
|
|
||||||
#
|
|
||||||
#dn: cn=mirror2,ou=mirror_groups,dc=yunohost,dc=org
|
|
||||||
#cn: mirror2
|
|
||||||
#objectClass: groupOfNames
|
|
||||||
#member:
|
|
||||||
#
|
|
||||||
#dn: cn=mirror3,ou=mirror_groups,dc=yunohost,dc=org
|
|
||||||
#cn: mirror3
|
|
||||||
#objectClass: groupOfNames
|
|
||||||
#member: uid=alice,ou=people,dc=yunohost,dc=org
|
|
||||||
#
|
|
||||||
#dn: cn=mirror4,ou=mirror_groups,dc=yunohost,dc=org
|
|
||||||
#cn: mirror4
|
|
||||||
#objectClass: groupOfNames
|
|
||||||
#member:
|
|
||||||
#
|
|
||||||
#
|
|
||||||
## Nested groups with a circular reference
|
|
||||||
#dn: cn=parent_gon,ou=moregroups,dc=yunohost,dc=org
|
|
||||||
#cn: parent_gon
|
|
||||||
#objectClass: groupOfNames
|
|
||||||
#member: cn=nested_gon,ou=moregroups,dc=yunohost,dc=org
|
|
||||||
#
|
|
||||||
#dn: CN=nested_gon,ou=moregroups,dc=yunohost,dc=org
|
|
||||||
#cn: nested_gon
|
|
||||||
#objectClass: groupOfNames
|
|
||||||
#member: uid=alice,ou=people,dc=yunohost,dc=org
|
|
||||||
#member: cn=circular_gon,ou=moregroups,dc=yunohost,dc=org
|
|
||||||
#
|
|
||||||
#dn: cn=circular_gon,ou=moregroups,dc=yunohost,dc=org
|
|
||||||
#cn: circular_gon
|
|
||||||
#objectClass: groupOfNames
|
|
||||||
#member: cn=parent_gon,ou=moregroups,dc=yunohost,dc=org
|
|
26
test/src/authenticators/dummy.py
Normal file
26
test/src/authenticators/dummy.py
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
|
import logging
|
||||||
|
from moulinette.core import MoulinetteError
|
||||||
|
from moulinette.authentication import BaseAuthenticator
|
||||||
|
|
||||||
|
logger = logging.getLogger("moulinette.authenticator.dummy")
|
||||||
|
|
||||||
|
# Dummy authenticator implementation
|
||||||
|
|
||||||
|
|
||||||
|
class Authenticator(BaseAuthenticator):
|
||||||
|
|
||||||
|
"""Dummy authenticator used for tests"""
|
||||||
|
|
||||||
|
name = "dummy"
|
||||||
|
|
||||||
|
def __init__(self, *args, **kwargs):
|
||||||
|
pass
|
||||||
|
|
||||||
|
def authenticate(self, password=None):
|
||||||
|
|
||||||
|
if not password == self.name:
|
||||||
|
raise MoulinetteError("invalid_password")
|
||||||
|
|
||||||
|
return
|
25
test/src/authenticators/yoloswag.py
Normal file
25
test/src/authenticators/yoloswag.py
Normal file
|
@ -0,0 +1,25 @@
|
||||||
|
# -*- coding: utf-8 -*-
|
||||||
|
|
||||||
|
import logging
|
||||||
|
from moulinette.core import MoulinetteError
|
||||||
|
from moulinette.authentication import BaseAuthenticator
|
||||||
|
|
||||||
|
logger = logging.getLogger("moulinette.authenticator.yoloswag")
|
||||||
|
|
||||||
|
# Dummy authenticator implementation
|
||||||
|
|
||||||
|
class Authenticator(BaseAuthenticator):
|
||||||
|
|
||||||
|
"""Dummy authenticator used for tests"""
|
||||||
|
|
||||||
|
name = "yoloswag"
|
||||||
|
|
||||||
|
def __init__(self, *args, **kwargs):
|
||||||
|
pass
|
||||||
|
|
||||||
|
def authenticate(self, password=None):
|
||||||
|
|
||||||
|
if not password == self.name:
|
||||||
|
raise MoulinetteError("invalid_password")
|
||||||
|
|
||||||
|
return
|
|
@ -11,7 +11,6 @@ from moulinette.actionsmap import (
|
||||||
)
|
)
|
||||||
|
|
||||||
from moulinette.interfaces import GLOBAL_SECTION
|
from moulinette.interfaces import GLOBAL_SECTION
|
||||||
from moulinette.interfaces import BaseActionsMapParser
|
|
||||||
from moulinette.core import MoulinetteError
|
from moulinette.core import MoulinetteError
|
||||||
from moulinette import m18n
|
from moulinette import m18n
|
||||||
|
|
||||||
|
@ -157,14 +156,30 @@ def test_required_paremeter_missing_value(iface, caplog):
|
||||||
|
|
||||||
|
|
||||||
def test_actions_map_unknown_authenticator(monkeypatch, tmp_path):
|
def test_actions_map_unknown_authenticator(monkeypatch, tmp_path):
|
||||||
monkeypatch.setenv("MOULINETTE_DATA_DIR", str(tmp_path))
|
# from moulinette.interfaces.cli import ActionsMapParser
|
||||||
actionsmap_dir = tmp_path / "actionsmap"
|
# import argparse
|
||||||
actionsmap_dir.mkdir()
|
#
|
||||||
|
# parser = argparse.ArgumentParser(add_help=False)
|
||||||
|
# parser.add_argument(
|
||||||
|
# "--debug",
|
||||||
|
# action="store_true",
|
||||||
|
# default=False,
|
||||||
|
# help="Log and print debug messages",
|
||||||
|
# )
|
||||||
|
#
|
||||||
|
#monkeypatch.setenv("MOULINETTE_DATA_DIR", str(tmp_path))
|
||||||
|
#actionsmap_dir = tmp_path / "actionsmap"
|
||||||
|
#actionsmap_dir.mkdir()
|
||||||
|
|
||||||
amap = ActionsMap(BaseActionsMapParser())
|
from moulinette.interfaces.api import ActionsMapParser
|
||||||
with pytest.raises(ValueError) as exception:
|
amap = ActionsMap(ActionsMapParser())
|
||||||
amap.get_authenticator_for_profile("unknown")
|
|
||||||
assert "Unknown authenticator" in str(exception)
|
#from moulinette.interfaces import BaseActionsMapParser
|
||||||
|
#amap = ActionsMap(BaseActionsMapParser())
|
||||||
|
|
||||||
|
with pytest.raises(MoulinetteError) as exception:
|
||||||
|
amap.get_authenticator("unknown")
|
||||||
|
assert "No module named" in str(exception)
|
||||||
|
|
||||||
|
|
||||||
def test_extra_argument_parser_add_argument(iface):
|
def test_extra_argument_parser_add_argument(iface):
|
||||||
|
@ -230,9 +245,8 @@ def test_actions_map_api():
|
||||||
|
|
||||||
amap = ActionsMap(ActionsMapParser())
|
amap = ActionsMap(ActionsMapParser())
|
||||||
|
|
||||||
assert amap.parser.global_conf["authenticate"] == "all"
|
assert amap.main_namespace == "moulitest"
|
||||||
assert "default" in amap.parser.global_conf["authenticator"]
|
assert amap.default_authentication == "dummy"
|
||||||
assert "yoloswag" in amap.parser.global_conf["authenticator"]
|
|
||||||
assert ("GET", "/test-auth/default") in amap.parser.routes
|
assert ("GET", "/test-auth/default") in amap.parser.routes
|
||||||
assert ("POST", "/test-auth/subcat/post") in amap.parser.routes
|
assert ("POST", "/test-auth/subcat/post") in amap.parser.routes
|
||||||
|
|
||||||
|
@ -240,9 +254,8 @@ def test_actions_map_api():
|
||||||
|
|
||||||
amap = ActionsMap(ActionsMapParser())
|
amap = ActionsMap(ActionsMapParser())
|
||||||
|
|
||||||
assert amap.parser.global_conf["authenticate"] == "all"
|
assert amap.main_namespace == "moulitest"
|
||||||
assert "default" in amap.parser.global_conf["authenticator"]
|
assert amap.default_authentication == "dummy"
|
||||||
assert "yoloswag" in amap.parser.global_conf["authenticator"]
|
|
||||||
assert ("GET", "/test-auth/default") in amap.parser.routes
|
assert ("GET", "/test-auth/default") in amap.parser.routes
|
||||||
assert ("POST", "/test-auth/subcat/post") in amap.parser.routes
|
assert ("POST", "/test-auth/subcat/post") in amap.parser.routes
|
||||||
|
|
||||||
|
@ -289,9 +302,8 @@ def test_actions_map_cli():
|
||||||
)
|
)
|
||||||
amap = ActionsMap(ActionsMapParser(top_parser=parser))
|
amap = ActionsMap(ActionsMapParser(top_parser=parser))
|
||||||
|
|
||||||
assert amap.parser.global_conf["authenticate"] == "all"
|
assert amap.main_namespace == "moulitest"
|
||||||
assert "default" in amap.parser.global_conf["authenticator"]
|
assert amap.default_authentication == "dummy"
|
||||||
assert "yoloswag" in amap.parser.global_conf["authenticator"]
|
|
||||||
assert "testauth" in amap.parser._subparsers.choices
|
assert "testauth" in amap.parser._subparsers.choices
|
||||||
assert "none" in amap.parser._subparsers.choices["testauth"]._actions[1].choices
|
assert "none" in amap.parser._subparsers.choices["testauth"]._actions[1].choices
|
||||||
assert "subcat" in amap.parser._subparsers.choices["testauth"]._actions[1].choices
|
assert "subcat" in amap.parser._subparsers.choices["testauth"]._actions[1].choices
|
||||||
|
@ -308,9 +320,8 @@ def test_actions_map_cli():
|
||||||
|
|
||||||
amap = ActionsMap(ActionsMapParser(top_parser=parser))
|
amap = ActionsMap(ActionsMapParser(top_parser=parser))
|
||||||
|
|
||||||
assert amap.parser.global_conf["authenticate"] == "all"
|
assert amap.main_namespace == "moulitest"
|
||||||
assert "default" in amap.parser.global_conf["authenticator"]
|
assert amap.default_authentication == "dummy"
|
||||||
assert "yoloswag" in amap.parser.global_conf["authenticator"]
|
|
||||||
assert "testauth" in amap.parser._subparsers.choices
|
assert "testauth" in amap.parser._subparsers.choices
|
||||||
assert "none" in amap.parser._subparsers.choices["testauth"]._actions[1].choices
|
assert "none" in amap.parser._subparsers.choices["testauth"]._actions[1].choices
|
||||||
assert "subcat" in amap.parser._subparsers.choices["testauth"]._actions[1].choices
|
assert "subcat" in amap.parser._subparsers.choices["testauth"]._actions[1].choices
|
||||||
|
|
|
@ -6,7 +6,10 @@ from moulinette import m18n
|
||||||
|
|
||||||
|
|
||||||
class TestAuthAPI:
|
class TestAuthAPI:
|
||||||
def login(self, webapi, csrf=False, profile=None, status=200, password="default"):
|
def login(self, webapi, csrf=False, profile=None, status=200, password=None):
|
||||||
|
if password is None:
|
||||||
|
password = "dummy"
|
||||||
|
|
||||||
data = {"password": password}
|
data = {"password": password}
|
||||||
if profile:
|
if profile:
|
||||||
data["profile"] = profile
|
data["profile"] = profile
|
||||||
|
@ -67,7 +70,7 @@ class TestAuthAPI:
|
||||||
assert "session.id" in moulinette_webapi.cookies
|
assert "session.id" in moulinette_webapi.cookies
|
||||||
assert "session.tokens" in moulinette_webapi.cookies
|
assert "session.tokens" in moulinette_webapi.cookies
|
||||||
|
|
||||||
cache_session_default = os.environ["MOULINETTE_CACHE_DIR"] + "/session/default/"
|
cache_session_default = os.environ["MOULINETTE_CACHE_DIR"] + "/session/dummy/"
|
||||||
assert moulinette_webapi.cookies["session.id"] + ".asc" in os.listdir(
|
assert moulinette_webapi.cookies["session.id"] + ".asc" in os.listdir(
|
||||||
cache_session_default
|
cache_session_default
|
||||||
)
|
)
|
||||||
|
@ -118,7 +121,7 @@ class TestAuthAPI:
|
||||||
|
|
||||||
moulinette_webapi.get("/logout", status=200)
|
moulinette_webapi.get("/logout", status=200)
|
||||||
|
|
||||||
cache_session_default = os.environ["MOULINETTE_CACHE_DIR"] + "/session/default/"
|
cache_session_default = os.environ["MOULINETTE_CACHE_DIR"] + "/session/dummy/"
|
||||||
assert not moulinette_webapi.cookies["session.id"] + ".asc" in os.listdir(
|
assert not moulinette_webapi.cookies["session.id"] + ".asc" in os.listdir(
|
||||||
cache_session_default
|
cache_session_default
|
||||||
)
|
)
|
||||||
|
@ -202,7 +205,7 @@ class TestAuthAPI:
|
||||||
|
|
||||||
class TestAuthCLI:
|
class TestAuthCLI:
|
||||||
def test_login(self, moulinette_cli, capsys, mocker):
|
def test_login(self, moulinette_cli, capsys, mocker):
|
||||||
mocker.patch("getpass.getpass", return_value="default")
|
mocker.patch("getpass.getpass", return_value="dummy")
|
||||||
moulinette_cli.run(["testauth", "default"], output_as="plain")
|
moulinette_cli.run(["testauth", "default"], output_as="plain")
|
||||||
message = capsys.readouterr()
|
message = capsys.readouterr()
|
||||||
|
|
||||||
|
@ -223,7 +226,7 @@ class TestAuthCLI:
|
||||||
moulinette_cli.run(["testauth", "default"], output_as="plain")
|
moulinette_cli.run(["testauth", "default"], output_as="plain")
|
||||||
|
|
||||||
def test_login_wrong_profile(self, moulinette_cli, mocker):
|
def test_login_wrong_profile(self, moulinette_cli, mocker):
|
||||||
mocker.patch("getpass.getpass", return_value="default")
|
mocker.patch("getpass.getpass", return_value="dummy")
|
||||||
with pytest.raises(MoulinetteError) as exception:
|
with pytest.raises(MoulinetteError) as exception:
|
||||||
moulinette_cli.run(["testauth", "other-profile"], output_as="none")
|
moulinette_cli.run(["testauth", "other-profile"], output_as="none")
|
||||||
|
|
||||||
|
@ -251,7 +254,7 @@ class TestAuthCLI:
|
||||||
assert "some_data_from_only_api" in message.out
|
assert "some_data_from_only_api" in message.out
|
||||||
|
|
||||||
def test_request_only_cli(self, capsys, moulinette_cli, mocker):
|
def test_request_only_cli(self, capsys, moulinette_cli, mocker):
|
||||||
mocker.patch("getpass.getpass", return_value="default")
|
mocker.patch("getpass.getpass", return_value="dummy")
|
||||||
moulinette_cli.run(["testauth", "only-cli"], output_as="plain")
|
moulinette_cli.run(["testauth", "only-cli"], output_as="plain")
|
||||||
|
|
||||||
message = capsys.readouterr()
|
message = capsys.readouterr()
|
||||||
|
@ -271,7 +274,7 @@ class TestAuthCLI:
|
||||||
assert expected_msg in str(exception)
|
assert expected_msg in str(exception)
|
||||||
|
|
||||||
def test_request_with_callback(self, moulinette_cli, capsys, mocker):
|
def test_request_with_callback(self, moulinette_cli, capsys, mocker):
|
||||||
mocker.patch("getpass.getpass", return_value="default")
|
mocker.patch("getpass.getpass", return_value="dummy")
|
||||||
moulinette_cli.run(["--version"], output_as="plain")
|
moulinette_cli.run(["--version"], output_as="plain")
|
||||||
message = capsys.readouterr()
|
message = capsys.readouterr()
|
||||||
|
|
||||||
|
@ -289,14 +292,14 @@ class TestAuthCLI:
|
||||||
assert "cannot get value from callback method" in message.err
|
assert "cannot get value from callback method" in message.err
|
||||||
|
|
||||||
def test_request_with_arg(self, moulinette_cli, capsys, mocker):
|
def test_request_with_arg(self, moulinette_cli, capsys, mocker):
|
||||||
mocker.patch("getpass.getpass", return_value="default")
|
mocker.patch("getpass.getpass", return_value="dummy")
|
||||||
moulinette_cli.run(["testauth", "with_arg", "yoloswag"], output_as="plain")
|
moulinette_cli.run(["testauth", "with_arg", "yoloswag"], output_as="plain")
|
||||||
message = capsys.readouterr()
|
message = capsys.readouterr()
|
||||||
|
|
||||||
assert "yoloswag" in message.out
|
assert "yoloswag" in message.out
|
||||||
|
|
||||||
def test_request_arg_with_extra(self, moulinette_cli, capsys, mocker):
|
def test_request_arg_with_extra(self, moulinette_cli, capsys, mocker):
|
||||||
mocker.patch("getpass.getpass", return_value="default")
|
mocker.patch("getpass.getpass", return_value="dummy")
|
||||||
moulinette_cli.run(
|
moulinette_cli.run(
|
||||||
["testauth", "with_extra_str_only", "YoLoSwAg"], output_as="plain"
|
["testauth", "with_extra_str_only", "YoLoSwAg"], output_as="plain"
|
||||||
)
|
)
|
||||||
|
@ -315,7 +318,7 @@ class TestAuthCLI:
|
||||||
assert "doesn't match pattern" in message.err
|
assert "doesn't match pattern" in message.err
|
||||||
|
|
||||||
def test_request_arg_with_type(self, moulinette_cli, capsys, mocker):
|
def test_request_arg_with_type(self, moulinette_cli, capsys, mocker):
|
||||||
mocker.patch("getpass.getpass", return_value="default")
|
mocker.patch("getpass.getpass", return_value="dummy")
|
||||||
moulinette_cli.run(["testauth", "with_type_int", "12345"], output_as="plain")
|
moulinette_cli.run(["testauth", "with_type_int", "12345"], output_as="plain")
|
||||||
message = capsys.readouterr()
|
message = capsys.readouterr()
|
||||||
|
|
||||||
|
|
|
@ -12,7 +12,6 @@ from moulinette.utils.filesystem import (
|
||||||
read_json,
|
read_json,
|
||||||
read_yaml,
|
read_yaml,
|
||||||
read_toml,
|
read_toml,
|
||||||
read_ldif,
|
|
||||||
rm,
|
rm,
|
||||||
write_to_file,
|
write_to_file,
|
||||||
write_to_json,
|
write_to_json,
|
||||||
|
@ -117,46 +116,6 @@ def test_read_toml_cannot_read(test_toml, mocker):
|
||||||
assert expected_msg in str(exception)
|
assert expected_msg in str(exception)
|
||||||
|
|
||||||
|
|
||||||
def test_read_ldif(test_ldif):
|
|
||||||
dn, entry = read_ldif(str(test_ldif))[0]
|
|
||||||
|
|
||||||
assert dn == "mail=alice@example.com"
|
|
||||||
assert entry["mail"] == ["alice@example.com".encode("utf-8")]
|
|
||||||
assert entry["objectclass"] == ["top".encode("utf-8"), "person".encode("utf-8")]
|
|
||||||
assert entry["cn"] == ["Alice Alison".encode("utf-8")]
|
|
||||||
|
|
||||||
dn, entry = read_ldif(str(test_ldif), ["objectclass"])[0]
|
|
||||||
|
|
||||||
assert dn == "mail=alice@example.com"
|
|
||||||
assert entry["mail"] == ["alice@example.com".encode("utf-8")]
|
|
||||||
assert "objectclass" not in entry
|
|
||||||
assert entry["cn"] == ["Alice Alison".encode("utf-8")]
|
|
||||||
|
|
||||||
|
|
||||||
def test_read_ldif_cannot_ioerror(test_ldif, mocker):
|
|
||||||
error = "foobar"
|
|
||||||
|
|
||||||
mocker.patch("builtins.open", side_effect=IOError(error))
|
|
||||||
with pytest.raises(MoulinetteError) as exception:
|
|
||||||
read_ldif(str(test_ldif))
|
|
||||||
|
|
||||||
translation = m18n.g("cannot_open_file", file=str(test_ldif), error=error)
|
|
||||||
expected_msg = translation.format(file=str(test_ldif), error=error)
|
|
||||||
assert expected_msg in str(exception)
|
|
||||||
|
|
||||||
|
|
||||||
def test_read_ldif_cannot_exception(test_ldif, mocker):
|
|
||||||
error = "foobar"
|
|
||||||
|
|
||||||
mocker.patch("builtins.open", side_effect=Exception(error))
|
|
||||||
with pytest.raises(MoulinetteError) as exception:
|
|
||||||
read_ldif(str(test_ldif))
|
|
||||||
|
|
||||||
translation = m18n.g("unknown_error_reading_file", file=str(test_ldif), error=error)
|
|
||||||
expected_msg = translation.format(file=str(test_ldif), error=error)
|
|
||||||
assert expected_msg in str(exception)
|
|
||||||
|
|
||||||
|
|
||||||
def test_write_to_existing_file(test_file):
|
def test_write_to_existing_file(test_file):
|
||||||
write_to_file(str(test_file), "yolo\nswag")
|
write_to_file(str(test_file), "yolo\nswag")
|
||||||
assert read_file(str(test_file)) == "yolo\nswag"
|
assert read_file(str(test_file)) == "yolo\nswag"
|
||||||
|
|
Loading…
Reference in a new issue