# YunoHost schema for group and permission support

dn: cn=yunohost,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: yunohost
# ATTRIBUTES
# For Permission
olcAttributeTypes: ( 1.3.6.1.4.1.17953.9.1.1 NAME 'permission'
  DESC 'YunoHost permission on user and group side'
  SUP distinguishedName )
olcAttributeTypes: ( 1.3.6.1.4.1.17953.9.1.2 NAME 'groupPermission'
  DESC 'YunoHost permission for a group on permission side'
  SUP distinguishedName )
olcAttributeTypes: ( 1.3.6.1.4.1.17953.9.1.3 NAME 'inheritPermission'
  DESC 'YunoHost permission for user on permission side'
  SUP distinguishedName )
olcAttributeTypes: ( 1.3.6.1.4.1.17953.9.1.4 NAME 'URL'
  DESC 'YunoHost permission main URL'
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.17953.9.1.5 NAME 'additionalUrls'
  DESC 'YunoHost permission additionnal URL'
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
olcAttributeTypes: ( 1.3.6.1.4.1.17953.9.1.6 NAME 'authHeader'
  DESC 'YunoHost application, enable authentication header'
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.17953.9.1.7 NAME 'label'
  DESC 'YunoHost permission label, also used for the tile name in the SSO'
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.17953.9.1.8 NAME 'showTile'
  DESC 'YunoHost application, show/hide the tile in the SSO for this permission'
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
olcAttributeTypes: ( 1.3.6.1.4.1.17953.9.1.9 NAME 'isProtected'
  DESC 'YunoHost application permission protection'
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
# OBJECTCLASS
# For Applications
olcObjectClasses: ( 1.3.6.1.4.1.17953.9.2.1 NAME 'groupOfNamesYnh'
  DESC 'YunoHost user group'
  SUP top AUXILIARY
  MAY ( member $ businessCategory $ seeAlso $ owner $ ou $ o $ permission ) )
olcObjectClasses: ( 1.3.6.1.4.1.17953.9.2.2 NAME 'permissionYnh'
  DESC 'a YunoHost application'
  SUP top AUXILIARY
  MUST ( cn $ authHeader $ label $ showTile $ isProtected )
  MAY ( groupPermission $ inheritPermission $ URL $ additionalUrls ) )
# For User
olcObjectClasses: ( 1.3.6.1.4.1.17953.9.2.3 NAME 'userPermissionYnh'
  DESC 'a YunoHost application'
  SUP top AUXILIARY
  MAY ( permission ) )