# $Id: kolab2.schema,v 1.22 2007/02/02 15:16:45 thomas Exp $
# (c) 2003, 2004 Tassilo Erlewein <tassilo.erlewein@erfrakon.de>
# (c) 2003-2006 Martin Konold <martin.konold@erfrakon.de>
# (c) 2003 Achim Frank <achim.frank@erfrakon.de>
#
# Redistribution and use in source and binary forms, with or without
# modification, are permitted provided that the following conditions are met:
#
# Redistributions of source code must retain the above copyright notice, this
# list of conditions and the following disclaimer.
#
# Redistributions in binary form must reproduce the above copyright notice,
# this list of conditions and the following disclaimer in the documentation
# and/or other materials provided with the distribution.
#
# The name of the author may not be used to endorse or promote products derived
# from this software without specific prior written permission.
#
#
# THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
# WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
# MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
# EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
# SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
# PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
# OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
# WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
# OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
# ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
# This schema highly depends on the core.schema, cosine.schema and the inetorgperson.schema
# as provided by 3rd parties like OpenLDAP.
#
# slapd.conf then looks like
# include /kolab/etc/openldap/schema/core.schema
# include /kolab/etc/openldap/schema/cosine.schema
# include /kolab/etc/openldap/schema/inetorgperson.schema
# include /kolab/etc/openldap/schema/rfc2739.schema
# include /kolab/etc/openldap/schema/kolab2.schema
#
####################
# kolab attributes #
####################
# helper attribute to make the kolab root easily findable in
# a big ldap directory
attributetype ( 1.3.6.1.4.1.19414.2.1.1
NAME ( 'k' 'kolab' )
DESC 'Kolab attribute'
SUP name )
# kolabDeleteflag used to be a boolean but describes with Kolab 2
# the fqdn of the server which is requested to delete this objects
# in its local store
attributetype ( 1.3.6.1.4.1.19414.2.1.2
NAME 'kolabDeleteflag'
DESC 'Per host deletion status'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
# alias used to provide alternative rfc822 email addresses for kolab users
attributetype ( 1.3.6.1.4.1.19414.2.1.3
NAME 'alias'
DESC 'RFC1274: RFC822 Mailbox'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
# kolabEncryptedPassword is an asymmetrically (RSA) encrypted copy of the
# cleartext password. This is required in order to pass the password from
# the maintainance/administration application to the kolabHomeServer running the
# resource handler application in a secure manner.
# Actually this attribute is deprecated as of Kolab 2.1. Instead we grant the
# calendar user dn: cn=calendar,cn=internal,dc=yourcompany,dc=com access to
# the respective calendar folder using IMAP ACLs.
attributetype ( 1.3.6.1.4.1.19419.2.1.4
NAME 'kolabEncryptedPassword'
DESC 'base64 encoded public key encrypted Password'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# hostname including the domain name like kolab-master.yourcompany.com
attributetype ( 1.3.6.1.4.1.19414.2.1.5
NAME ( 'fqhostname' 'fqdnhostname' )
DESC 'Fully qualified Hostname including full domain component'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
# fqdn of all hosts in a multi-location or cluster setup
attributetype ( 1.3.6.1.4.1.19414.2.1.6
NAME 'kolabHost'
DESC 'Multivalued -- list of hostnames in a Kolab setup'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
# fqdn of the server containg the actual user mailbox
attributetype ( 1.3.6.1.4.1.19419.1.1.1.1
NAME 'kolabHomeServer'
DESC 'server which keeps the users mailbox'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
# flag for allowing unrestriced length of mails
attributetype ( 1.3.6.1.4.1.19419.1.1.1.2
NAME 'unrestrictedMailSize'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
# Specifies the email delegates.
# An email delegate can send email on behalf of the account
# which means using the "from" of the account.
# Delegates are specified by the syntax of rfc822 email addresses.
attributetype ( 1.3.6.1.4.1.19419.1.1.1.3
NAME 'kolabDelegate'
DESC 'Kolab user allowed to act as delegates - RFC822 Mailbox/Alias'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
# For user, group and resource Kolab accounts
# Describes how to respond to invitations
# We keep the attribute as a string, but actually it can only have one
# of the following values:
#
# ACT_ALWAYS_ACCEPT
# ACT_ALWAYS_REJECT
# ACT_REJECT_IF_CONFLICTS
# ACT_MANUAL_IF_CONFLICTS
# ACT_MANUAL
# In addition one of these values may be prefixed with a primary email
# address followed by a colon like
# user@domain.tld: ACT_ALWAYS_ACCEPT
attributetype ( 1.3.6.1.4.1.19419.1.1.1.4
NAME ( 'kolabInvitationPolicy' 'kolabResourceAction' )
DESC 'defines how to respond to invitations'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
# time span from now to the future used for the free busy data
# measured in days
attributetype ( 1.3.6.1.4.1.19419.1.1.1.5
NAME 'kolabFreeBusyFuture'
DESC 'time in days for fb data towards the future'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
# time span from now to the past used for the free busy data
# measured in days
attributetype ( 1.3.6.1.4.1.19419.1.1.1.6
NAME 'kolabFreeBusyPast'
DESC 'time in days for fb data towards the past'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
# fqdn of the server as the default SMTP MTA
# not used in Kolab 2 currently as in Kolab 2 the
# default MTA is equivalent to the kolabHomeServer
attributetype ( 1.3.6.1.4.1.19419.1.1.1.7
NAME 'kolabHomeMTA'
DESC 'fqdn of default MTA'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
SINGLE-VALUE )
# Begin date of Kolab vacation period. Sender will
# be notified every kolabVacationResendIntervall days
# that recipient is absent until kolabVacationEnd.
# Values in this syntax are encoded as printable strings,
# represented as specified in X.208.
# Note that the time zone must be specified.
# For Kolab we limit ourself to GMT
# YYYYMMDDHHMMZ e.g. 200512311458Z.
# see also: rfc 2252.
# Currently this attribute is not used in Kolab.
attributetype ( 1.3.6.1.4.1.19419.1.1.1.8
NAME 'kolabVacationBeginDateTime'
DESC 'Begin date of vacation'
EQUALITY generalizedTimeMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-VALUE )
# End date of Kolab vacation period. Sender will
# be notified every kolabVacationResendIntervall days
# that recipient is absent starting from kolabVacationBeginDateTime.
# Values in this syntax are encoded as printable strings,
# represented as specified in X.208.
# Note that the time zone must be specified.
# For Kolab we limit ourself to GMT
# YYYYMMDDHHMMZ e.g. 200601012258Z.
# see also: rfc 2252.
# Currently this attribute is not used in Kolab.
attributetype ( 1.3.6.1.4.1.19419.1.1.1.9
NAME 'kolabVacationEndDateTime'
DESC 'End date of vacation'
EQUALITY generalizedTimeMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
SINGLE-VALUE )
# Intervall in days after which senders get
# another vacation message.
# Currently this attribute is not used in Kolab.
attributetype ( 1.3.6.1.4.1.19419.1.1.1.10
NAME 'kolabVacationResendInterval'
DESC 'Vacation notice interval in days'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
# Email recipient addresses which are handled by the
# vacation script. There can be multiple kolabVacationAddress
# entries for each kolabInetOrgPerson.
# Default is the primary email address and all
# email aliases of the kolabInetOrgPerson.
# Currently this attribute is not used in Kolab.
attributetype ( 1.3.6.1.4.1.19419.1.1.1.11
NAME 'kolabVacationAddress'
DESC 'Email address for vacation to response upon'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
# Enable sending vacation notices in reaction
# unsolicited commercial email.
# Default is no.
# Currently this attribute is not used in Kolab.
attributetype ( 1.3.6.1.4.1.19419.1.1.1.12
NAME 'kolabVacationReplyToUCE'
DESC 'Enable vacation notices to UCE'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
# Email recipient domains which are handled by the
# vacation script. There can be multiple kolabVacationReactDomain
# entries for each kolabInetOrgPerson
# Default is to handle all domains.
# Currently this attribute is not used in Kolab.
attributetype ( 1.3.6.1.4.1.19419.1.1.1.13
NAME 'kolabVacationReactDomain'
DESC 'Multivalued -- Email domain for vacation to response upon'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
# Forward all incoming emails except UCE if kolabForwardUCE
# is not set to this email address.
# There can be multiple kolabForwardAddress entries for
# each kolabInetOrgPerson.
# Currently this attribute is not used in Kolab.
attributetype ( 1.3.6.1.4.1.19419.1.1.1.14
NAME 'kolabForwardAddress'
DESC 'Forward email to this address'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
# Keep local copy when forwarding emails to list of
# kolabForwardAddress.
# Default is no.
# Currently this attribute is not used in Kolab.
attributetype ( 1.3.6.1.4.1.19419.1.1.1.15
NAME 'kolabForwardKeepCopy'
DESC 'Keep copy when forwarding'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
# Enable forwarding of UCE.
# Default is yes.
# Currently this attribute is not used in Kolab.
attributetype ( 1.3.6.1.4.1.19419.1.1.1.16
NAME 'kolabForwardUCE'
DESC 'Enable forwarding of mails known as UCE'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
# comment when creating or deleting a kolab object
# a comment might be appropriate. This is most useful
# for tracability when users get moved to the graveyard
# instead of being really deleted. Every entry must be prefixed
# with an ISO 8601 date string e.g 200604301458Z. All times must
# be in zulu timezone.
attributetype ( 1.3.6.1.4.1.19419.1.1.1.17
NAME 'kolabComment'
DESC 'multi-value comment'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
# kolabFolderType describes the kind of Kolab folder
# as defined in the kolab format specification.
# We will annotate all folders with an entry
# /vendor/kolab/folder-type containing the attribute
# value.shared set to: <type>[.<subtype>].
# The <type> can be: mail, event, journal, task, note,
# or contact. The <subtype> for a mail folder can be
# inbox, drafts, sentitems, or junkemail (this one holds
# spam mails). For the other <type>s, it can only be
# default, or not set. For other types of folders
# supported by the clients, these should be prefixed with
# "k-" for KMail, "h-" for Horde and "o-" for Outlook, and
# look like for example "kolab.o-voicemail". Other third-party
# clients shall use the "x-" prefix.
# We then use the ANNOTATEMORE IMAP extension to
# associate the folder type with a folder.
attributetype ( 1.3.6.1.4.1.19414.2.1.7
NAME 'kolabFolderType'
DESC 'type of a kolab folder'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
SINGLE-VALUE )
######################
# postfix attributes #
######################
attributetype ( 1.3.6.1.4.1.19414.2.1.501
NAME 'postfix-mydomain'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
attributetype ( 1.3.6.1.4.1.19414.2.1.502
NAME 'postfix-relaydomains'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
attributetype ( 1.3.6.1.4.1.19414.2.1.503
NAME 'postfix-mydestination'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
attributetype ( 1.3.6.1.4.1.19414.2.1.504
NAME 'postfix-mynetworks'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
attributetype ( 1.3.6.1.4.1.19414.2.1.505
NAME 'postfix-relayhost'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
attributetype ( 1.3.6.1.4.1.19414.2.1.506
NAME 'postfix-transport'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
attributetype ( 1.3.6.1.4.1.19414.2.1.507
NAME 'postfix-enable-virus-scan'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.19414.2.1.508
NAME 'postfix-allow-unauthenticated'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.19414.2.1.509
NAME 'postfix-virtual'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
attributetype ( 1.3.6.1.4.1.19414.2.1.510
NAME 'postfix-relayport'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
##########################
# cyrus imapd attributes #
##########################
attributetype ( 1.3.6.1.4.1.19414.2.1.601
NAME 'cyrus-autocreatequota'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.19414.2.1.602
NAME 'cyrus-admins'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
# enable plain imap without ssl
attributetype ( 1.3.6.1.4.1.19414.2.1.603
NAME 'cyrus-imap'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE )
# enable legacy pop3
attributetype ( 1.3.6.1.4.1.19414.2.1.604
NAME 'cyrus-pop3'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
# user specific quota on the cyrus imap server
attributetype ( 1.3.6.1.4.1.19414.2.1.605
NAME 'cyrus-userquota'
DESC 'Mailbox hard quota limit in MB'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
# cyrus imapd access control list
# acls work with users and groups
attributetype ( 1.3.6.1.4.1.19414.2.1.651
NAME 'acl'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
# enable secure imap
attributetype ( 1.3.6.1.4.1.19414.2.1.606
NAME 'cyrus-imaps'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
# enable secure pop3
attributetype ( 1.3.6.1.4.1.19414.2.1.607
NAME 'cyrus-pop3s'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
# enable sieve support (required for forward and vacation services)
attributetype ( 1.3.6.1.4.1.19414.2.1.608
NAME 'cyrus-sieve'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
# installation wide percentage which determines when to send a
# warning to the user
attributetype ( 1.3.6.1.4.1.19414.2.1.609
NAME 'cyrus-quotawarn'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
#############################
# apache and php attributes #
#############################
# enable plain http (no ssl)
attributetype ( 1.3.6.1.4.1.19414.2.1.701
NAME 'apache-http'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
# Allow freebusy download without authenticating first
attributetype ( 1.3.6.1.4.1.19414.2.1.702
NAME 'apache-allow-unauthenticated-fb'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
##########################
# kolabfilter attributes #
##########################
# enable trustable From:
attributetype ( 1.3.6.1.4.1.19414.2.1.750
NAME 'kolabfilter-verify-from-header'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
# should Sender header be allowed instead of From
# when present?
attributetype ( 1.3.6.1.4.1.19414.2.1.751
NAME 'kolabfilter-allow-sender-header'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
# Should reject messages with From headers that dont match
# the envelope? Default is to rewrite the header
attributetype ( 1.3.6.1.4.1.19414.2.1.752
NAME 'kolabfilter-reject-forged-from-header'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
######################
# proftpd attributes #
######################
attributetype ( 1.3.6.1.4.1.19414.2.1.901
NAME 'proftpd-defaultquota'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype ( 1.3.6.1.4.1.19414.2.1.902
NAME 'proftpd-ftp'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
attributetype ( 1.3.6.1.4.1.19414.2.1.903
NAME 'proftpd-userPassword'
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
########################
# kolab object classes #
########################
# main kolab server configuration
# storing global values and user specific default values
# like kolabFreeBusyFuture and kolabFreeBusyPast
objectclass ( 1.3.6.1.4.1.19414.2.2.1
NAME 'kolab'
DESC 'Kolab server configuration'
SUP top STRUCTURAL
MUST k
MAY ( kolabHost $
postfix-mydomain $
postfix-relaydomains $
postfix-mydestination $
postfix-mynetworks $
postfix-relayhost $
postfix-relayport $
postfix-transport $
postfix-virtual $
postfix-enable-virus-scan $
postfix-allow-unauthenticated $
cyrus-quotawarn $
cyrus-autocreatequota $
cyrus-admins $
cyrus-imap $
cyrus-pop3 $
cyrus-imaps $
cyrus-pop3s $
cyrus-sieve $
apache-http $
apache-allow-unauthenticated-fb $
kolabfilter-verify-from-header $
kolabfilter-allow-sender-header $
kolabfilter-reject-forged-from-header $
proftpd-ftp $
proftpd-defaultquota $
kolabFreeBusyFuture $
kolabFreeBusyPast $
uid $
userPassword ) )
# public folders are typically visible to everyone subscribed to
# the server without the need for an extra login. Subfolders are
# defined using the hiarchy seperator '/' e.g. "sf/sub1". Please note
# that the term public folder is prefered to shared folder because
# normal user mailboxes can also share folders using acls.
objectclass ( 1.3.6.1.4.1.19414.2.2.9
NAME 'kolabSharedFolder'
DESC 'Kolab public shared folder'
SUP top STRUCTURAL
MUST cn
MAY ( acl $
alias $
cyrus-userquota $
kolabHomeServer $
kolabFolderType $
kolabDeleteflag ) )
# kolabNamedObject is used as a plain node for the LDAP tree.
# In contrast to unix filesystem directories LDAP nodes can
# and often do also have contents/attributes. We use the
# kolabNamedObject in order to put some structure in the
# LDAP directory tree.
objectclass ( 1.3.6.1.4.1.5322.13.1.1
NAME 'kolabNamedObject'
SUP top STRUCTURAL
MAY (cn $ ou) )
# kolab account
# we use an auxiliary in order to ease integration
# with existing inetOrgPerson objects
# Please note that userPassword is a may
# attribute in the schema but is mandatory for
# Kolab
objectclass ( 1.3.6.1.4.1.19414.3.2.2
NAME 'kolabInetOrgPerson'
DESC 'Kolab Internet Organizational Person'
SUP top AUXILIARY
MAY ( c $
alias $
kolabHomeServer $
kolabHomeMTA $
unrestrictedMailSize $
kolabDelegate $
kolabEncryptedPassword $
cyrus-userquota $
kolabInvitationPolicy $
kolabFreeBusyFuture $
calFBURL $
kolabVacationBeginDateTime $
kolabVacationEndDateTime $
kolabVacationResendInterval $
kolabVacationAddress $
kolabVacationReplyToUCE $
kolabVacationReactDomain $
kolabForwardAddress $
kolabForwardKeepCopy $
kolabForwardUCE $
kolabDeleteflag $
kolabComment ) )
# kolab organization with country support
objectclass ( 1.3.6.1.4.1.19414.3.2.3
NAME 'kolabOrganization'
DESC 'RFC2256: a Kolab organization'
SUP organization STRUCTURAL
MAY ( c $
mail $
kolabDeleteflag $
alias ) )
# kolab organizational unit with country support
objectclass ( 1.3.6.1.4.1.19414.3.2.4
NAME 'kolabOrganizationalUnit'
DESC 'a Kolab organizational unit'
SUP organizationalUnit STRUCTURAL
MAY ( c $
mail $
kolabDeleteflag $
alias ) )
# kolab groupOfNames with extra kolabDeleteflag and the required
# attribute mail.
# The mail attribute for kolab objects of the type kolabGroupOfNames
# is not arbitrary but MUST be a single attribute of the form
# of an valid SMTP address with the CN as the local part.
# E.g cn@kolabdomain (e.g. employees@mydomain.com). The
# mail attribute MUST be globally unique.
objectclass ( 1.3.6.1.4.1.19414.3.2.5
NAME 'kolabGroupOfNames'
DESC 'Kolab group of names (DNs) derived from RFC2256'
SUP groupOfNames STRUCTURAL
MAY ( mail $
kolabDeleteflag ) )
