mail us  |  mail this page

contact us
training  | 
tech stuff  | 

Appendix E: OpenLDAP config.ldif

This is a browsable (mostly) and commented (well it will be when we finish it) version of the LDIF file used to load the schema for OLC cn=config (on-line/run-time configuration) feature of OpenLDAP 2.3+ as well as some other stuff. It is found in /etc/openldap/slapd.d/cn=config/cn=schema.ldif (or [bsd] /usr/local/etc/openldap/slapd.d/cn=config/cn=schema.ldif). Or you can obtain it using the cn=schema,cn=config DIT entry using ldapsearch or an LDAP browser. It provides a number of objectclasses as containers for the cn=config attributes which are generally the slapd.conf directive name preprended with olc thus the slapd.conf access directive becomes the attribute olcAccess. There are a number of significant objectClasses used in olc (cn=config) (OLC (cn=config) entry layout/organization):

  1. olcGlobal which contains all the attributes that can be used in the global entry
  2. olcSchemaConfig which contains all the attributes that can be used in the module entry
  3. olcBackendConfig which contains all the attributes that can be used in the backend entries
  4. olcDatabaseConfig which contains all the attributes that can be used in the database entries
  5. olcOverlayConfig which contains all the attributes that can be used in the overlay entries

More info on cn=config.

The file below is annotated and contains hyperlinks - the clean version released with OpenLDAP 2.4 is here (save as .ldif from your browser).

dn: cn=schema
objectClass: olcSchemaConfig
cn: schema
olcObjectIdentifier: OLcfg 1.3.6.1.4.1.4203.666.11.1
olcObjectIdentifier: OLcfgAt OLcfg:3
olcObjectIdentifier: OLcfgGlAt OLcfgAt:0
olcObjectIdentifier: OLcfgBkAt OLcfgAt:1
olcObjectIdentifier: OLcfgDbAt OLcfgAt:2
olcObjectIdentifier: OLcfgOvAt OLcfgAt:3
olcObjectIdentifier: OLcfgCtAt OLcfgAt:4
olcObjectIdentifier: OLcfgOc OLcfg:4
olcObjectIdentifier: OLcfgGlOc OLcfgOc:0
olcObjectIdentifier: OLcfgBkOc OLcfgOc:1
olcObjectIdentifier: OLcfgDbOc OLcfgOc:2
olcObjectIdentifier: OLcfgOvOc OLcfgOc:3
olcObjectIdentifier: OLcfgCtOc OLcfgOc:4
olcObjectIdentifier: OMsyn 1.3.6.1.4.1.1466.115.121.1
olcObjectIdentifier: OMsBoolean OMsyn:7
olcObjectIdentifier: OMsDN OMsyn:12
olcObjectIdentifier: OMsDirectoryString OMsyn:15
olcObjectIdentifier: OMsIA5String OMsyn:26
olcObjectIdentifier: OMsInteger OMsyn:27
olcObjectIdentifier: OMsOID OMsyn:38
olcObjectIdentifier: OMsOctetString OMsyn:40

olcAttributeTypes: ( 2.5.4.0 NAME 'objectClass' 
 DESC 'RFC4512: object classes of the entity' EQUALITY objectIdentifierMatch 
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )

olcAttributeTypes: ( 2.5.21.9 NAME 'structuralObjectClass' 
 DESC 'RFC4512: structural object class of entry' EQUALITY objectIdentifierMatch 
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SINGLE-VALUE NO-USER-MODIFICATION 
 USAGE directoryOperation )

olcAttributeTypes: ( 2.5.18.1 NAME 'createTimestamp' 
 DESC 'RFC4512: time which object was created' EQUALITY generalizedTimeMatch 
 ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 
 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )

olcAttributeTypes: ( 2.5.18.2 NAME 'modifyTimestamp' 
 DESC 'RFC4512: time which object was last modified' EQUALITY generalizedTimeMatch
 ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )

olcAttributeTypes: ( 2.5.18.3 NAME 'creatorsName' 
 DESC 'RFC4512: name of creator' EQUALITY distinguishedNameMatch 
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION 
 USAGE directoryOperation )

olcAttributeTypes: ( 2.5.18.4 NAME 'modifiersName' 
 DESC 'RFC4512: name of last modifier' EQUALITY distinguishedNameMatch 
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION
 USAGE directoryOperation )

olcAttributeTypes: ( 2.5.18.9 NAME 'hasSubordinates' 
 DESC 'X.501: entry has children' EQUALITY booleanMatch 
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE NO-USER-MODIFICATION
 USAGE directoryOperation )

olcAttributeTypes: ( 2.5.18.10 NAME 'subschemaSubentry' 
 DESC 'RFC4512: name of controlling subschema entry' EQUALITY distinguishedNameMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION
 USAGE directoryOperation )

olcAttributeTypes: ( 1.3.6.1.1.20 NAME 'entryDN' 
 DESC 'DN of the entry' EQUALITY distinguishedNameMatch 
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION
 USAGE directoryOperation )

olcAttributeTypes: ( 1.3.6.1.1.16.4 NAME 'entryUUID'
 DESC 'UUID of the entry' EQUALITY UUIDMatch ORDERING UUIDOrderingMatch
 SYNTAX 1.3.6.1.1.16.1 SINGLE-VALUE NO-USER-MODIFICATION 
 USAGE directoryOperation )

olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.7 
 NAME 'entryCSN' DESC 'change sequence number of the entry content'
 EQUALITY CSNMatch ORDERING CSNOrderingMatch 
 SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} SINGLE-VALUE NO-USER-MODIFICATION
 USAGE directoryOperation )

olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.13 NAME 'namingCSN' 
 DESC 'change sequence number of the entry naming (RDN)' 
 EQUALITY CSNMatch ORDERING CSNOrderingMatch
 SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} SINGLE-VALUE NO-USER-MODIFICATION
 USAGE directoryOperation )

olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.23 NAME 'syncreplCookie' 
 DESC 'syncrepl Cookie for shadow copy' EQUALITY octetStringMatch 
 ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )

olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.25 NAME 'contextCSN' 
 DESC 'the largest committed CSN of a context' EQUALITY CSNMatch 
 ORDERING CSNOrderingMatch SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64}
 NO-USER-MODIFICATION USAGE dSAOperation )

olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer' 
 DESC 'RFC4512: alternative servers' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
 USAGE dSAOperation )

olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts'
 DESC 'RFC4512: naming contexts' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
 USAGE dSAOperation )

olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl'
 DESC 'RFC4512: supported controls' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
 USAGE dSAOperation )
 
olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension'
 DESC 'RFC4512: supported extended operations'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
 
olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion'
 DESC 'RFC4512: supported LDAP versions' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
 USAGE dSAOperation )

olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms'
 DESC 'RFC4512: supported SASL mechanisms' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
 USAGE dSAOperation )

olcAttributeTypes: ( 1.3.6.1.4.1.4203.1.3.5 NAME 'supportedFeatures'
 DESC 'RFC4512: features supported by the server'
 EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
 USAGE dSAOperation )
 
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.10 NAME 'monitorContext'
 DESC 'monitor context' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE 
 NO-USER-MODIFICATION USAGE dSAOperation )

olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.1.1 NAME 'configContext'
 DESC 'config context' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE 
 NO-USER-MODIFICATION USAGE dSAOperation )
 
olcAttributeTypes: ( 1.3.6.1.1.4 NAME 'vendorName' 
 DESC 'RFC3045: name of implementation vendor' EQUALITY caseExactMatch 
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION
 USAGE dSAOperation )

olcAttributeTypes: ( 1.3.6.1.1.5 NAME 'vendorVersion' 
 DESC 'RFC3045: version of implementation' EQUALITY caseExactMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION
 USAGE dSAOperation )

olcAttributeTypes: ( 2.5.18.5 NAME 'administrativeRole' 
 DESC 'RFC3672: administrative role' EQUALITY objectIdentifierMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE directoryOperation )
 
olcAttributeTypes: ( 2.5.18.6 NAME 'subtreeSpecification'
 DESC 'RFC3672: subtree specification' SYNTAX 1.3.6.1.4.1.1466.115.121.1.45
 SINGLE-VALUE USAGE directoryOperation )
 
olcAttributeTypes: ( 2.5.21.1 NAME 'dITStructureRules'
 DESC 'RFC4512: DIT structure rules' EQUALITY integerFirstComponentMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.17 USAGE directoryOperation )

olcAttributeTypes: ( 2.5.21.2 NAME 'dITContentRules' 
 DESC 'RFC4512: DIT content rules' EQUALITY objectIdentifierFirstComponentMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.16 USAGE directoryOperation )
 
olcAttributeTypes: ( 2.5.21.4 NAME 'matchingRules' 
 DESC 'RFC4512: matching rules' EQUALITY objectIdentifierFirstComponentMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.30 USAGE directoryOperation )
 
olcAttributeTypes: ( 2.5.21.5 NAME 'attributeTypes' 
 DESC 'RFC4512: attribute types' EQUALITY objectIdentifierFirstComponentMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 USAGE directoryOperation )

olcAttributeTypes: ( 2.5.21.6 NAME 'objectClasses' 
 DESC 'RFC4512: object classes' EQUALITY objectIdentifierFirstComponentMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.37 USAGE directoryOperation )
 
olcAttributeTypes: ( 2.5.21.7 NAME 'nameForms' 
 DESC 'RFC4512: name forms ' EQUALITY objectIdentifierFirstComponentMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.35 USAGE directoryOperation )
 
olcAttributeTypes: ( 2.5.21.8 NAME 'matchingRuleUse' 
 DESC 'RFC4512: matching rule uses' EQUALITY objectIdentifierFirstComponentMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.31 USAGE directoryOperation )
 
olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes'
 DESC 'RFC4512: LDAP syntaxes' EQUALITY objectIdentifierFirstComponentMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.54 USAGE directoryOperation )
 
olcAttributeTypes: ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
 DESC 'RFC4512: name of aliased object' EQUALITY distinguishedNameMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
 
olcAttributeTypes: ( 2.16.840.1.113730.3.1.34 NAME 'ref' 
 DESC 'RFC3296: subordinate referral URL' EQUALITY caseExactMatch 
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE distributedOperation )
 
olcAttributeTypes: ( 1.3.6.1.4.1.4203.1.3.1 NAME 'entry'
 DESC 'OpenLDAP ACL entry pseudo-attribute' SYNTAX 1.3.6.1.4.1.4203.1.1.1
 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
 
olcAttributeTypes: ( 1.3.6.1.4.1.4203.1.3.2 NAME 'children' 
 DESC 'OpenLDAP ACL children pseudo-attribute' SYNTAX 1.3.6.1.4.1.4203.1.1.1
 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )

olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.8 NAME ( 'authzTo' 'saslAuthzTo' )
 DESC 'proxy authorization targets' EQUALITY authzMatch 
 SYNTAX 1.3.6.1.4.1.4203.666.2.7 USAGE distributedOperation X-ORDERED 'VALUES' )
 
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.9 
 NAME ( 'authzFrom' 'saslAuthzFrom' ) 
 DESC 'proxy authorization sources' EQUALITY authzMatch
 SYNTAX 1.3.6.1.4.1.4203.666.2.7 USAGE distributedOperation X-ORDERED 'VALUES' )

olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.119.3 NAME 'entryTtl' 
 DESC 'RFC2589: entry time-to-live' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )

olcAttributeTypes: ( 1.3.6.1.4.1.1466.101.119.4 NAME 'dynamicSubtrees'
 DESC 'RFC2589: dynamic subtrees' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
 NO-USER-MODIFICATION USAGE dSAOperation )
 
olcAttributeTypes: ( 2.5.4.49 NAME 'distinguishedName' 
 DESC 'RFC4519: common supertype of DN attributes' 
 EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
 
olcAttributeTypes: ( 2.5.4.41 NAME 'name' 
 DESC 'RFC4519: common supertype of name attributes' EQUALITY caseIgnoreMatch 
 SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )

olcAttributeTypes: ( 2.5.4.3 NAME ( 'cn' 'commonName' ) 
 DESC 'RFC4519: common name(s) for which the entity is known by' SUP name )

olcAttributeTypes: ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' )
 DESC 'RFC4519: user identifier' EQUALITY caseIgnoreMatch 
 SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )

olcAttributeTypes: ( 1.3.6.1.1.1.1.0 NAME 'uidNumber'
 DESC 'RFC2307: An integer uniquely identifying a user in an administrative domain'
 EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 
olcAttributeTypes: ( 1.3.6.1.1.1.1.1 NAME 'gidNumber' 
 DESC 'RFC2307: An integer uniquely identifying a group in an administrative domain' 
 EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )

olcAttributeTypes: ( 2.5.4.35 NAME 'userPassword'
 DESC 'RFC4519/2307: password of user' EQUALITY octetStringMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
 
olcAttributeTypes: ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
 DESC 'RFC2079: Uniform Resource Identifier with optional label'
 EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
 
olcAttributeTypes: ( 2.5.4.13 NAME 'description'
 DESC 'RFC4519: descriptive information' EQUALITY caseIgnoreMatch
 SUBSTR caseIgnoreSubstringsMatch 
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
 
olcAttributeTypes: ( 2.5.4.34 NAME 'seeAlso' 
 DESC 'RFC4519: DN of related object' SUP distinguishedName )
 
#############################################################################
#                                                                           #
# Start of config directives olc + slapd.conf directive name                #
#                                                                           #
#############################################################################
olcAttributeTypes: ( OLcfgGlAt:78 NAME 'olcConfigFile' 
 DESC 'File for slapd configuration directives' EQUALITY caseIgnoreMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:79 NAME 'olcConfigDir'
 DESC 'Directory for slapd configuration backend' EQUALITY caseIgnoreMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )

olcAttributeTypes: ( OLcfgGlAt:1 NAME 'olcAccess' 
 DESC 'Access Control List' EQUALITY caseIgnoreMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' )

olcAttributeTypes: ( OLcfgGlAt:2 NAME 'olcAllows'
 DESC 'Allowed set of deprecated features' EQUALITY caseIgnoreMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
 
olcAttributeTypes: ( OLcfgGlAt:3 NAME 'olcArgsFile'
 DESC 'File for slapd command line options' EQUALITY caseIgnoreMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:5 NAME 'olcAttributeOptions'
 EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
 
olcAttributeTypes: ( OLcfgGlAt:4 NAME 'olcAttributeTypes' 
 DESC 'OpenLDAP attributeTypes' EQUALITY caseIgnoreMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' )
 
olcAttributeTypes: ( OLcfgGlAt:6 NAME 'olcAuthIDRewrite'
 EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' )

olcAttributeTypes: ( OLcfgGlAt:7 NAME 'olcAuthzPolicy'
 EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )

olcAttributeTypes: ( OLcfgGlAt:8 NAME 'olcAuthzRegexp'
 EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' )

olcAttributeTypes: ( OLcfgGlAt:9 NAME 'olcBackend'
 DESC 'A type of backend' EQUALITY caseIgnoreMatch 
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE X-ORDERED 'SIBLINGS' )

olcAttributeTypes: ( OLcfgGlAt:10 NAME 'olcConcurrency'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:11 NAME 'olcConnMaxPending'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )

olcAttributeTypes: ( OLcfgGlAt:12 NAME 'olcConnMaxPendingAuth'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )

olcAttributeTypes: ( OLcfgGlAt:13 NAME 'olcDatabase'
 DESC 'The backend type for a database instance' SUP olcBackend 
 SINGLE-VALUE X-ORDERED 'SIBLINGS' )

olcAttributeTypes: ( OLcfgGlAt:14 NAME 'olcDefaultSearchBase'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )

olcAttributeTypes: ( OLcfgGlAt:15 NAME 'olcDisallows'
 EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

olcAttributeTypes: ( OLcfgGlAt:16 NAME 'olcDitContentRules'
 DESC 'OpenLDAP DIT content rules' EQUALITY caseIgnoreMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' )

olcAttributeTypes: ( OLcfgGlAt:17 NAME 'olcGentleHUP'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgDbAt:0.17 NAME 'olcHidden'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )

olcAttributeTypes: ( OLcfgGlAt:18 NAME 'olcIdleTimeout'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:19 NAME 'olcInclude' SUP labeledURI )

olcAttributeTypes: ( OLcfgGlAt:20 NAME 'olcIndexSubstrIfMinLen'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:21 NAME 'olcIndexSubstrIfMaxLen'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:22 NAME 'olcIndexSubstrAnyLen'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:23 NAME 'olcIndexSubstrAnyStep' 
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:84 NAME 'olcIndexIntLen'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgDbAt:0.4 NAME 'olcLastMod'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgDbAt:0.5 NAME 'olcLimits' 
 EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' )

olcAttributeTypes: ( OLcfgGlAt:26 NAME 'olcLocalSSF' 
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:27 NAME 'olcLogFile'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:28 NAME 'olcLogLevel'
 EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

olcAttributeTypes: ( OLcfgDbAt:0.6 NAME 'olcMaxDerefDepth' 
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )

olcAttributeTypes: ( OLcfgDbAt:0.16 NAME 'olcMirrorMode' 
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:30 NAME 'olcModuleLoad' 
 EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' )

olcAttributeTypes: ( OLcfgGlAt:31 NAME 'olcModulePath'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgDbAt:0.18 NAME 'olcMonitoring'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:32 NAME 'olcObjectClasses'
 DESC 'OpenLDAP object classes' EQUALITY caseIgnoreMatch 
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' )
 
olcAttributeTypes: ( OLcfgGlAt:33 NAME 'olcObjectIdentifier'
 EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' )
 
olcAttributeTypes: ( OLcfgGlAt:34 NAME 'olcOverlay' SUP olcDatabase
 SINGLE-VALUE X-ORDERED 'SIBLINGS' )
 
olcAttributeTypes: ( OLcfgGlAt:35 NAME 'olcPasswordCryptSaltFormat'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:36 NAME 'olcPasswordHash'
 EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

olcAttributeTypes: ( OLcfgGlAt:37 NAME 'olcPidFile'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:38 NAME 'olcPlugin' 
 EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
 
olcAttributeTypes: ( OLcfgGlAt:39 NAME 'olcPluginLogFile'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:40 NAME 'olcReadOnly'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:41 NAME 'olcReferral' SUP labeledURI
 SINGLE-VALUE )

olcAttributeTypes: ( OLcfgDbAt:0.7 NAME 'olcReplica' SUP labeledURI
 EQUALITY caseIgnoreMatch X-ORDERED 'VALUES' )
 
olcAttributeTypes: ( OLcfgGlAt:43 NAME 'olcReplicaArgsFile'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:44 NAME 'olcReplicaPidFile'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:45 NAME 'olcReplicationInterval'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:46 NAME 'olcReplogFile'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:47 NAME 'olcRequires' EQUALITY caseIgnoreMatch 
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
 
olcAttributeTypes: ( OLcfgGlAt:48 NAME 'olcRestrict' EQUALITY caseIgnoreMatch 
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
 
olcAttributeTypes: ( OLcfgGlAt:49 NAME 'olcReverseLookup' 
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgDbAt:0.8 NAME 'olcRootDN'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:51 NAME 'olcRootDSE' EQUALITY caseIgnoreMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
 
olcAttributeTypes: ( OLcfgDbAt:0.9 NAME 'olcRootPW'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:53 NAME 'olcSaslHost'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:54 NAME 'olcSaslRealm'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:56 NAME 'olcSaslSecProps'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:58 NAME 'olcSchemaDN'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:59 NAME 'olcSecurity'
 EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
 
olcAttributeTypes: ( OLcfgGlAt:81 NAME 'olcServerID'
 EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
 
olcAttributeTypes: ( OLcfgGlAt:60 NAME 'olcSizeLimit'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:61 NAME 'olcSockbufMaxIncoming'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:62 NAME 'olcSockbufMaxIncomingAuth'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:83 NAME 'olcSortVals'
 DESC 'Attributes whose values will always be sorted' EQUALITY caseIgnoreMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
 
olcAttributeTypes: ( OLcfgDbAt:0.15 NAME 'olcSubordinate'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgDbAt:0.10 NAME 'olcSuffix' 
 EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
 
olcAttributeTypes: ( OLcfgDbAt:0.11 NAME 'olcSyncrepl'
 EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' )

olcAttributeTypes: ( OLcfgGlAt:66 NAME 'olcThreads'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:67 NAME 'olcTimeLimit'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
 
olcAttributeTypes: ( OLcfgGlAt:68 NAME 'olcTLSCACertificateFile'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
  
olcAttributeTypes: ( OLcfgGlAt:69 NAME 'olcTLSCACertificatePath'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:70 NAME 'olcTLSCertificateFile'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:71 NAME 'olcTLSCertificateKeyFile'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:72 NAME 'olcTLSCipherSuite'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:73 NAME 'olcTLSCRLCheck'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:82 NAME 'olcTLSCRLFile' 
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:74 NAME 'olcTLSRandFile'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:75 NAME 'olcTLSVerifyClient'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:77 NAME 'olcTLSDHParamFile'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgGlAt:80 NAME 'olcToolThreads'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgDbAt:0.12 NAME 'olcUpdateDN'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgDbAt:0.13 NAME 'olcUpdateRef' SUP labeledURI
 EQUALITY caseIgnoreMatch )
 
olcAttributeTypes: ( OLcfgDbAt:0.1 NAME 'olcDbDirectory' 
 DESC 'Directory for database content' EQUALITY caseIgnoreMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

olcAttributeTypes: ( OLcfgDbAt:5.1 NAME 'olcRelay'
 DESC 'Relay DN' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgOvAt:4.1 NAME 'olcAccessLogDB'
 DESC 'Suffix of database for log content' SUP distinguishedName SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgOvAt:4.2 NAME 'olcAccessLogOps' 
 DESC 'Operation types to log' EQUALITY caseIgnoreMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

olcAttributeTypes: ( OLcfgOvAt:4.3 NAME 'olcAccessLogPurge' 
 DESC 'Log cleanup parameters' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )

olcAttributeTypes: ( OLcfgOvAt:4.4 NAME 'olcAccessLogSuccess'
 DESC 'Log successful ops only' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )

olcAttributeTypes: ( OLcfgOvAt:4.5 NAME 'olcAccessLogOld'
 DESC 'Log old values when modifying entries matching the filter'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgOvAt:4.6 NAME 'olcAccessLogOldAttr'
 DESC 'Log old values of these attributes even if unmodified'
 EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
 
##############################################################################
#                                                                            #
# end of olc/slapd.conf directives                                               #
#                                                                            #
##############################################################################

##############################################################################
#                                                                            #
# req attributes                                                             #
#                                                                            #
##############################################################################
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.1 NAME 'reqDN'
 DESC 'Target DN of request' EQUALITY distinguishedNameMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
 
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.2 NAME 'reqStart'
 DESC 'Start time of request' EQUALITY generalizedTimeMatch 
 ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )

olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.3 NAME 'reqEnd'
 DESC 'End time of request' EQUALITY generalizedTimeMatch 
 ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )

olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.4 NAME 'reqType'
 DESC 'Type of request' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
 SINGLE-VALUE )

olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.5 NAME 'reqSession'
 DESC 'Session ID of request' EQUALITY caseIgnoreMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.6 NAME 'reqAuthzID'
 DESC 'Authorization ID of requestor' EQUALITY distinguishedNameMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
 
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.7 NAME 'reqResult'
 DESC 'Result code of request' EQUALITY integerMatch ORDERING integerOrderingMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.8 NAME 'reqMessage'
 DESC 'Error text of request' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch
  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
	
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.9 NAME 'reqReferral'
 DESC 'Referrals returned for request' SUP labeledURI )
 
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.10 NAME 'reqControls'
 DESC 'Request controls' EQUALITY objectIdentifierFirstComponentMatch
 SYNTAX 1.3.6.1.4.1.4203.666.11.5.3.1 X-ORDERED 'VALUES' )
 
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.11 NAME 'reqRespControls'
 DESC 'Response controls of request' EQUALITY objectIdentifierFirstComponentMatch
  SYNTAX 1.3.6.1.4.1.4203.666.11.5.3.1 X-ORDERED 'VALUES' )
	
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.12 NAME 'reqId' 
 DESC 'ID of Request to Abandon' EQUALITY integerMatch ORDERING integerOrderingMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.13 NAME 'reqVersion'
 DESC 'Protocol version of Bind request' EQUALITY integerMatch
 ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )

olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.14 NAME 'reqMethod'
 DESC 'Bind method of request' EQUALITY caseIgnoreMatch 
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.15 NAME 'reqAssertion'
 DESC 'Compare Assertion of request' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 
 SINGLE-VALUE )
 
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.16 NAME 'reqMod'
 DESC 'Modifications of request' EQUALITY octetStringMatch
 SUBSTR octetStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
 
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.17 NAME 'reqOld'
 DESC 'Old values of entry before request completed' EQUALITY octetStringMatch
 SUBSTR octetStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
 
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.18 NAME 'reqNewRDN'
 DESC 'New RDN of request' EQUALITY distinguishedNameMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
 
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.19 NAME 'reqDeleteOldRDN'
 DESC 'Delete old RDN' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 
 SINGLE-VALUE )
 
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.20 NAME 'reqNewSuperior'
 DESC 'New superior DN of request' EQUALITY distinguishedNameMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
 
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.21 NAME 'reqScope'
 DESC 'Scope of request' EQUALITY caseIgnoreMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.22 NAME 'reqDerefAliases'
 DESC 'Disposition of Aliases in request' EQUALITY caseIgnoreMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.23 NAME 'reqAttrsOnly'
 DESC 'Attributes and values of request' EQUALITY booleanMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
 
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.24 NAME 'reqFilter'
 DESC 'Filter of request' EQUALITY caseIgnoreMatch 
 SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
 SINGLE-VALUE )
 
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.25 NAME 'reqAttr'
 DESC 'Attributes of request' EQUALITY caseIgnoreMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
 
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.26 NAME 'reqSizeLimit'
 DESC 'Size limit of request' EQUALITY integerMatch ORDERING integerOrderingMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.27 NAME 'reqTimeLimit'
 DESC 'Time limit of request' EQUALITY integerMatch ORDERING integerOrderingMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.28 NAME 'reqEntries'
 DESC 'Number of entries returned' EQUALITY integerMatch 
 ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )

olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.29 NAME 'reqData'
 DESC 'Data of extended request' EQUALITY octetStringMatch 
 SUBSTR octetStringSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
 SINGLE-VALUE )
 
##############################################################################
#                                                                            #
# audit attributes                                                           #
#                                                                            #
##############################################################################
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.5.1.30 NAME 'auditContext'
 DESC 'DN of auditContainer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
 
olcAttributeTypes: ( OLcfgOvAt:15.1 NAME 'olcAuditlogFile'
 DESC 'Filename for auditlogging' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
 
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.1.57 NAME 'entryExpireTimestamp'
 DESC 'RFC2589 OpenLDAP extension: expire time of a dynamic object, computed as n
 ow + entryTtl' EQUALITY generalizedTimeMatch 
 ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
 
olcAttributeTypes: ( OLcfgOvAt:9.1 NAME 'olcDDSstate'
 DESC 'RFC2589 Dynamic directory services state'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgOvAt:9.2 NAME 'olcDDSmaxTtl'
 DESC 'RFC2589 Dynamic directory services max TTL'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgOvAt:9.3 NAME 'olcDDSminTtl'
 DESC 'RFC2589 Dynamic directory services min TTL' 
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgOvAt:9.4 NAME 'olcDDSdefaultTtl'
 DESC 'RFC2589 Dynamic directory services default TTL' 
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgOvAt:9.5 NAME 'olcDDSinterval'
 DESC 'RFC2589 Dynamic directory services expiration task run interval'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgOvAt:9.6 NAME 'olcDDStolerance'
 DESC 'RFC2589 Dynamic directory services additional TTL in expiration scheduling'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgOvAt:9.7 NAME 'olcDDSmaxDynamicObjects'
 DESC 'RFC2589 Dynamic directory services max number of dynamic objects'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgOvAt:17.1 NAME 'olcDGAttrPair'
 DESC 'Member and MemberURL attribute pair' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
 
olcAttributeTypes: ( OLcfgOvAt:8.1 NAME 'olcDLattrSet'
 DESC 'Dynamic list: <group objectClass>, <URL attributeDescription>, 
 <member attributeDescription>' 
 EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
 X-ORDERED 'VALUES' )
 
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.9.1.1 NAME 'queryId'
 DESC 'ID of query the entry belongs to, formatted as a UUID' 
 EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64}
 NO-USER-MODIFICATION USAGE directoryOperation )
 
##############################################################################
#                                                                            #
# ppolicly attributes                                                        #
#                                                                            #
##############################################################################

olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.16 NAME 'pwdChangedTime'
 DESC 'The time the password was last changed' EQUALITY generalizedTimeMatch ORDERING 
 generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALU
 E NO-USER-MODIFICATION USAGE directoryOperation )
 
olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.17 NAME 'pwdAccountLockedTime' DE
 SC 'The time an user account was locked' EQUALITY generalizedTimeMatch ORDERI
 NG generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-V
 ALUE USAGE directoryOperation )
 
olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.19 NAME 'pwdFailureTime' DESC 'Th
 e timestamps of the last consecutive authentication failures' EQUALITY genera
 lizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.
 115.121.1.24 NO-USER-MODIFICATION USAGE directoryOperation )
 
olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.20 NAME 'pwdHistory' DESC 'The hi
 story of users passwords' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.1
 15.121.1.40 NO-USER-MODIFICATION USAGE directoryOperation )
 
olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.21 NAME 'pwdGraceUseTime' DESC 'T
 he timestamps of the grace login once the password has expired' EQUALITY gene
 ralizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 NO-USER-MODIFICATION US
 AGE directoryOperation )
 
olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.22 NAME 'pwdReset' DESC 'The indi
 cation that the password has been reset' EQUALITY booleanMatch SYNTAX 1.3.6.1
 .4.1.1466.115.121.1.7 SINGLE-VALUE USAGE directoryOperation )
 
olcAttributeTypes: ( 1.3.6.1.4.1.42.2.27.8.1.23 NAME 'pwdPolicySubentry' 
 DESC 'The pwdPolicy subentry in effect for this object' 
 EQUALITY distinguishedNameMatch 
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE 
 USAGE directoryOperation )
 
olcAttributeTypes: ( OLcfgOvAt:12.1 NAME 'olcPPolicyDefault' 
 DESC 'DN of a pwdPolicy object for uncustomized objects' SYNTAX OMsDN SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgOvAt:12.2 NAME 'olcPPolicyHashCleartext'
 DESC 'Hash passwords on add or modify' SYNTAX OMsBoolean SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgOvAt:12.4 NAME 'olcPPolicyForwardUpdates' 
 DESC 'Allow policy state updates to be forwarded via updateref' SYNTAX OMsBoolean 
 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgOvAt:12.3 NAME 'olcPPolicyUseLockout' DESC 'Warn clients with AccountLocked' SYNTAX OMsBoolean SINGLE-VALUE )

##############################################################################
#                                                                            #
# pcache attributes                                                          #
#                                                                            #
##############################################################################

olcAttributeTypes: ( PCacheAttributes:1 NAME 'pcacheQueryID' DESC 'ID of query
  the entry belongs to, formatted as a UUID' EQUALITY octetStringMatch SYNTAX 
 1.3.6.1.4.1.1466.115.121.1.40{64} NO-USER-MODIFICATION USAGE directoryOperati
 on )
 
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.9.1.2 NAME 'cachedQueryURL'
 DESC 'URI describing a cached query' EQUALITY caseExactMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 NO-USER-MODIFICATION USAGE directoryOperation )
 
olcAttributeTypes: ( OLcfgOvAt:2.1 NAME 'olcProxyCache'
 DESC 'ProxyCache basicparameters' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )

olcAttributeTypes: ( OLcfgOvAt:2.2 NAME 'olcProxyAttrset'
 DESC 'A set of attributes to cache' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
 
olcAttributeTypes: ( OLcfgOvAt:2.3 NAME 'olcProxyTemplate'
 DESC 'Filter template, attrset, cache TTL, optional negative TTL, optional sizelimit TTL'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
 
olcAttributeTypes: ( OLcfgOvAt:2.4 NAME 'olcProxyResponseCB'
 DESC 'Response callback position in overlay stack' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

olcAttributeTypes: ( OLcfgOvAt:2.5 NAME 'olcProxyCacheQueries'
 DESC 'Maximum number of queries to cache' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )

olcAttributeTypes: ( OLcfgOvAt:2.6 NAME 'olcProxySaveQueries'
 DESC 'Save cached queries for hot restart' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

olcAttributeTypes: ( OLcfgOvAt:11.1 NAME 'olcRefintAttribute'
 DESC 'Attributes for referential integrity' EQUALITY caseIgnoreMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
 
olcAttributeTypes: ( OLcfgOvAt:11.2 NAME 'olcRefintNothing'
 DESC 'Replacement DN to supply when needed' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
 SINGLE-VALUE )
 
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.4.1.1 NAME 'errCode'
 DESC 'LDAP error code' EQUALITY integerMatch ORDERING integerOrderingMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.4.1.2 NAME 'errOp'
 DESC 'Operations the errObject applies to' EQUALITY caseIgnoreMatch
 SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
 
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.4.1.3 NAME 'errText'
 DESC 'LDAP error textual description' EQUALITY caseIgnoreMatch
 SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.4.1.4 NAME 'errSleepTime'
 DESC 'Time to wait before returning the error' EQUALITY integerMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.4.1.5 NAME 'errMatchedDN'
 DESC 'Value to be returned as matched DN' EQUALITY distinguishedNameMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
 
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.4.1.6 NAME 'errUnsolicitedOID'
 DESC 'OID to be returned within unsolicited response' 
 EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SINGLE-VALUE )

olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.4.1.7 NAME 'errUnsolicitedData'
 DESC 'Data to be returned within unsolicited response'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
 
olcAttributeTypes: ( 1.3.6.1.4.1.4203.666.11.4.1.8 NAME 'errDisconnect'
 DESC 'Disconnect without notice' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgOvAt:16.1 NAME 'olcRwmRewrite'
 DESC 'Rewrites strings' EQUALITY caseIgnoreMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 X-ORDERED 'VALUES' )
 
olcAttributeTypes: ( OLcfgOvAt:16.2 NAME 'olcRwmTFSupport'
 DESC 'Absolute filters support' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgOvAt:16.3 NAME 'olcRwmMap'
 DESC 'maps attributes/objectClasses' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
 X-ORDERED 'VALUES' )
 
olcAttributeTypes: ( OLcfgOvAt:16.4 NAME 'olcRwmNormalizeMapped'
 DESC 'Normalize mapped attributes/objectClasses' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
 SINGLE-VALUE )

##############################################################################
#                                                                            #
# syncprov  attributes                                                       #
#                                                                            #
##############################################################################

olcAttributeTypes: ( OLcfgOvAt:1.1 NAME 'olcSpCheckpoint'
 DESC 'ContextCSN checkpoint interval in ops and minutes'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgOvAt:1.2 NAME 'olcSpSessionlog'
 DESC 'Session log size in ops' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgOvAt:1.3 NAME 'olcSpNoPresent'
 DESC 'Omit Present phase processing' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgOvAt:1.4 NAME 'olcSpReloadHint'
 DESC 'Observe Reload Hint in Request control' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
 SINGLE-VALUE )
 
##############################################################################
#                                                                            #
# translucent attributes                                                     #
#                                                                            #
##############################################################################

olcAttributeTypes: ( OLcfgOvAt:14.1 NAME 'olcTranslucentStrict'
 DESC 'Reveal a ttribute deletion constraint violations'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 
 SINGLE-VALUE )

olcAttributeTypes: ( OLcfgOvAt:14.2 NAME 'olcTranslucentNoGlue'
 DESC 'Disable automatic glue records for ADD and MODRDN' 
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgOvAt:10.1 NAME 'olcUniqueBase'
 DESC 'Subtree for uniqueness searches' EQUALITY distinguishedNameMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgOvAt:10.2 NAME 'olcUniqueIgnore'
 DESC 'Attributes for which uniqueness shall not be enforced'
 EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch
 SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

olcAttributeTypes: ( OLcfgOvAt:10.3 NAME 'olcUniqueAttribute'
 DESC 'Attributes for which uniqueness shall be enforced'
 EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch
 SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
 
olcAttributeTypes: ( OLcfgOvAt:10.4 NAME 'olcUniqueStrict'
 DESC 'Enforce uniqueness of null values' EQUALITY booleanMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgOvAt:10.5 NAME 'olcUniqueURI'
 DESC 'List of keywords and LDAP URIs for a uniqueness domain'
 EQUALITY caseExactMatch ORDERING caseExactOrderingMatch
 SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
 
olcAttributeTypes: ( OLcfgOvAt:5.1 NAME 'olcValSortAttr'
 DESC 'Sorting rule for attribute under given DN' EQUALITY caseIgnoreMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

##############################################################################
#                                                                            #
# bdb attributes                                                             #
#                                                                            #
##############################################################################

olcAttributeTypes: ( OLcfgDbAt:1.11 NAME 'olcDbCacheFree'
 DESC 'Number of extra entries to free when max is reached'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgDbAt:1.1 NAME 'olcDbCacheSize'
 DESC 'Entry cache size in entries' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )

olcAttributeTypes: ( OLcfgDbAt:1.2 NAME 'olcDbCheckpoint'
 DESC 'Database checkpoint interval in kbytes and minutes'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgDbAt:1.3 NAME 'olcDbConfig'
 DESC 'BerkeleyDB DB_CONFIG configuration directives'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 X-ORDERED 'VALUES' )
 
olcAttributeTypes: ( OLcfgDbAt:1.4 NAME 'olcDbNoSync'
 DESC 'Disable synchronous database writes' 
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgDbAt:1.5 NAME 'olcDbDirtyRead'
 DESC 'Allow reads of uncommitted data' 
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgDbAt:1.12 NAME 'olcDbDNcacheSize'
 DESC 'DN cache size' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgDbAt:1.6 NAME 'olcDbIDLcacheSize'
 DESC 'IDL cache size in IDLs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgDbAt:0.2 NAME 'olcDbIndex'
 DESC 'Attribute index parameters' EQUALITY caseIgnoreMatch
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

olcAttributeTypes: ( OLcfgDbAt:12.1 NAME 'olcDbMaxReaders' DESC 'Maximum numbe
 r of threads that may access the DB concurrently' SYNTAX OMsInteger SINGLE-VA
 LUE )
 
olcAttributeTypes: ( OLcfgDbAt:12.2 NAME 'olcDbMaxSize' DESC 'Maximum size of 
 DB in bytes' SYNTAX OMsInteger SINGLE-VALUE )
 
olcAttributeTypes: ( OLcfgDbAt:1.7 NAME 'olcDbLinearIndex'
 DESC 'Index attributes one at a time'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )

olcAttributeTypes: ( OLcfgDbAt:1.8 NAME 'olcDbLockDetect'
 DESC 'Deadlock detection algorithm'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )

olcAttributeTypes: ( OLcfgDbAt:0.3 NAME 'olcDbMode'
 DESC 'Unix permissions of database files'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )

olcAttributeTypes: ( OLcfgDbAt:1.9 NAME 'olcDbSearchStack'
 DESC 'Depth of search stack in IDLs'
 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: ( OLcfgDbAt:1.10 NAME 'olcDbShmKey'
 DESC 'Key for shared memory region' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )

##############################################################################
#                                                                            #
# objectClasses                                                              #
#                                                                            #
##############################################################################
olcObjectClasses: ( 2.5.6.0 NAME 'top' DESC 'top of the superclass chain' 
 ABSTRACT MUST objectClass )

olcObjectClasses: ( 1.3.6.1.4.1.1466.101.120.111 NAME 'extensibleObject' 
 DESC 'RFC4512: extensible object' SUP top AUXILIARY )

olcObjectClasses: ( 2.5.6.1 NAME 'alias' 
 DESC 'RFC4512: an alias' SUP top STRUCTURAL MUST aliasedObjectName )

olcObjectClasses: ( 2.16.840.1.113730.3.2.6 NAME 'referral' 
 DESC 'namedref: named subordinate referral' SUP top STRUCTURAL MUST ref )

olcObjectClasses: ( 1.3.6.1.4.1.4203.1.4.1 
 NAME ( 'OpenLDAProotDSE' 'LDAProotDSE' ) 
 DESC 'OpenLDAP Root DSE object' SUP top STRUCTURAL MAY cn )

olcObjectClasses: ( 2.5.17.0 NAME 'subentry' 
 DESC 'RFC3672: subentry' SUP top STRUCTURAL MUST ( cn $ subtreeSpecification ) )

olcObjectClasses: ( 2.5.20.1 NAME 'subschema' 
 DESC 'RFC4512: controlling subschema (sub)entry' AUXILIARY 
 MAY ( dITStructureRules $ nameForms $ dITContentRules $ objectClasses 
 $ attributeTypes $ matchingRules $ matchingRuleUse ) )

olcObjectClasses: ( 1.3.6.1.4.1.1466.101.119.2 NAME 'dynamicObject' 
 DESC 'RFC2589: Dynamic Object' SUP top AUXILIARY )

olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.4 NAME 'glue' 
 DESC 'Glue Entry' SUP top STRUCTURAL )

olcObjectClasses: ( OLcfgGlOc:0 NAME 'olcConfig' 
 DESC 'OpenLDAP configuration object' SUP top ABSTRACT )

##############################################################################
#                                                                            #
# olcGlobal objectClass - lists the available global directives supported    #
#                                                                            #
# defines all attributes that can be used in the global section              #
# equivalent to the old directives in the slapd.conf global section          #
# NOTE: no mandatory attributes                                              #
#                                                                            #
##############################################################################

olcObjectClasses: ( OLcfgGlOc:1 NAME 'olcGlobal' DESC 'OpenLDAP Global configu
 ration options' SUP olcConfig STRUCTURAL 
 MAY ( cn $ olcConfigFile $ olcConfigDir $ olcAllows $ olcArgsFile $ olcAttributeOptions
 $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcConcurrency 
 $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcDisallows $ olcGentleHUP 
 $ olcIdleTimeout $ olcIndexSubstrIfMaxLen $ olcIndexSubstrIfMinLen 
 $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF 
 $ olcLogFile $ olcLogLevel $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile 
 $ olcPluginLogFile $ olcReadOnly $ olcReferral $ olcReplogFile $ olcRequires 
 $ olcRestrict $ olcReverseLookup $ olcRootDSE $ olcSaslHost $ olcSaslRealm 
 $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit 
 $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcThreads 
 $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath 
 $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite 
 $ olcTLSCRLCheck $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile 
 $ olcTLSCRLFile $ olcToolThreads $ olcObjectIdentifier $ olcAttributeTypes 
 $ olcObjectClasses $ olcDitContentRules ) )

olcObjectClasses: ( OLcfgGlOc:2 NAME 'olcSchemaConfig' 
 DESC 'OpenLDAP schema object' SUP olcConfig STRUCTURAL 
 MAY ( cn $ olcObjectIdentifier $ olcAttributeTypes $ olcObjectClasses $ olcDitContentRules ) )

olcObjectClasses: ( OLcfgGlOc:3 NAME 'olcBackendConfig' 
 DESC 'OpenLDAP Backend-specific options' SUP olcConfig STRUCTURAL 
 MUST olcBackend )

##############################################################################
#                                                                            #
# olcDatabaseConfig objectClass - generic database definition                #
#                                                                            #
# always has a type specific database objectclass as a child                 #
#                                                                            #
##############################################################################
olcObjectClasses: ( OLcfgGlOc:4 NAME 'olcDatabaseConfig' 
 DESC 'OpenLDAP Database-specific options' SUP olcConfig STRUCTURAL 
 MUST olcDatabase 
 MAY ( olcHidden $ olcSuffix $ olcSubordinate $ olcAccess $ olcLastMod $ olcLimits 
 $ olcMaxDerefDepth $ olcPlugin $ olcReadOnly $ olcReplica $ olcReplicaArgsFile 
 $ olcReplicaPidFile $ olcReplicationInterval $ olcReplogFile $ olcRequires 
 $ olcRestrict $ olcRootDN $ olcRootPW $ olcSchemaDN $ olcSecurity $ olcSizeLimit 
 $ olcSyncrepl $ olcTimeLimit $ olcUpdateDN $ olcUpdateRef $ olcMirrorMode 
 $ olcMonitoring ) )
 
olcObjectClasses: ( OLcfgGlOc:6 NAME 'olcIncludeFile' 
 DESC 'OpenLDAP configuration include file' SUP olcConfig STRUCTURAL 
 MUST olcInclude MAY ( cn $ olcRootDSE ) )

olcObjectClasses: ( OLcfgGlOc:7 NAME 'olcFrontendConfig' 
 DESC 'OpenLDAP frontend configuration' AUXILIARY MAY 
 ( olcDefaultSearchBase $ olcPasswordHash $ olcSortVals ) )

olcObjectClasses: ( OLcfgGlOc:8 NAME 'olcModuleList' 
 DESC 'OpenLDAP dynamic module info' SUP olcConfig STRUCTURAL 
 MAY ( cn $ olcModulePath $ olcModuleLoad ) )

olcObjectClasses: ( OLcfgDbOc:2.1 NAME 'olcLdifConfig' 
 DESC 'LDIF backend configuration' SUP olcDatabaseConfig STRUCTURAL MUST olcDbDirectory )

olcObjectClasses: ( OLcfgDbOc:12.1 NAME 'olcMdbConfig' 
 DESC 'MDB backend configuration' SUP olcDatabaseConfig STRUCTURAL MUST olcDbDirectory 
 MAY ( olcDbCheckpoint $ olcDbNoSync $ olcDbIndex $ olcDbMaxReaders $ olcDbMaxsize $ 
 olcDbMode $ olcDbSearchStack ) )

olcObjectClasses: ( OLcfgDbOc:5.1 NAME 'olcRelayConfig' 
 DESC 'Relay backend configuration' SUP olcDatabaseConfig STRUCTURAL MAY olcRelay )
##############################################################################
#                                                                            #
# olcOverlayConfig objectClass - generic objectclass                         #
#                                                                            #
# always has an overlay specific objectclass as a child                      #
#                                                                            #
##############################################################################
olcObjectClasses: ( OLcfgGlOc:5 NAME 'olcOverlayConfig' 
 DESC 'OpenLDAP Overlay-specific options' SUP olcConfig STRUCTURAL 
 MUST olcOverlay )

##############################################################################
#                                                                            #
# AccessLog objectClass                                                      #
#                                                                            #
##############################################################################
olcObjectClasses: ( OLcfgOvOc:4.1 NAME 'olcAccessLogConfig' 
 DESC 'Access log configuration' SUP olcOverlayConfig STRUCTURAL 
 MUST olcAccessLogDB 
 MAY ( olcAccessLogOps $ olcAccessLogPurge $ olcAccessLogSuccess $ olcAccessLogOld 
 $ olcAccessLogOldAttr ) )

##############################################################################
#                                                                            #
# Audit objectClasses                                                        #
#                                                                            #
##############################################################################
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.0 NAME 'auditContainer' 
 DESC 'AuditLog container' SUP top STRUCTURAL MAY ( cn $ reqStart $ reqEnd ) )
 
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.1 NAME 'auditObject' 
 DESC 'OpenLDAP request auditing' SUP top STRUCTURAL 
 MUST ( reqStart $ reqType $ reqSession ) 
 MAY ( reqID $ reqAuthzID $ reqControls $ reqRespControls $ reqEnd 
 $ reqResult $ reqMessage $ reqReferral ) )
 
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.2 
 NAME 'auditReadObject' 
 DESC 'OpenLDAP read request record' SUP auditObject STRUCTURAL )

olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.3 NAME 'auditWriteObject' 
 DESC 'OpenLDAP write request record' SUP auditObject STRUCTURAL )

olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.4 NAME 'auditAbandon' 
 DESC 'Abandon operation' SUP auditObject STRUCTURAL MUST reqId )

olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.5 NAME 'auditAdd' 
 DESC 'Add operation' SUP auditWriteObject STRUCTURAL MUST reqMod )

olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.6 NAME 'auditBind' 
 DESC 'Bind operation' SUP auditObject STRUCTURAL MUST ( reqVersion $ reqMethod ) )

olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.7 NAME 'auditCompare' 
 DESC 'Compare operation' SUP auditReadObject STRUCTURAL MUST reqAssertion )

olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.8 NAME 'auditDelete' 
 DESC 'Delete operation' SUP auditWriteObject STRUCTURAL MAY reqOld )

olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.9 NAME 'auditModify' 
 DESC 'Modify operation' SUP auditWriteObject STRUCTURAL MUST reqMod MAY reqOld )

olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.10 NAME 'auditModRDN' 
 DESC 'ModRDN operation' SUP auditWriteObject STRUCTURAL 
 MUST ( reqNewRDN $ reqDeleteOldRDN )
 MAY ( reqNewSuperior $ reqMod $ reqOld ) )

olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.11 NAME 'auditSearch' 
 DESC 'Search operation' SUP auditreadObject STRUCTURAL 
 MUST ( reqScope $ reqDerefAliases $ reqAttrsonly ) 
 MAY ( reqFilter $ reqAttr $ reqEntries $ reqSizeLimit $ reqTimeLimit ) )

olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.5.2.12 NAME 'auditExtended' 
 DESC 'Extended operation' SUP auditObject STRUCTURAL MAY reqData )

olcObjectClasses: ( OLcfgOvOc:15.1 NAME 'olcAuditlogConfig' 
 DESC 'Auditlog configuration' SUP olcOverlayConfig STRUCTURAL MAY olcAuditlogFile )

olcObjectClasses: ( OLcfgOvOc:9.1 NAME 'olcDDSConfig' 
 DESC 'RFC2589 Dynamic directory services configuration' SUP olcOverlayConfig
 STRUCTURAL MAY ( olcDDSstate $ olcDDSmaxTtl $ olcDDSminTtl $ olcDDSdefaultTtl 
 $ olcDDSinterval $ olcDDStolerance $ olcDDSmaxDynamicObjects ) )

olcObjectClasses: ( OLcfgOvOc:17.1 NAME 'olcDGConfig' 
 DESC 'Dynamic Group configuration' SUP olcOverlayConfig STRUCTURAL MAY olcDGAttrPair )

olcObjectClasses: ( OLcfgOvOc:8.1 NAME 'olcDynamicList' 
 DESC 'Dynamic list configuration' SUP olcOverlayConfig STRUCTURAL MAY olcDLattrSet )

olcObjectClasses: ( OLcfgOvOc:18.1 NAME 'olcMemberOf' DESC 'Member-of configuration' SUP olcOverlayConfig STRUCTURAL MAY ( olcMemberOfDN $ olcMemberOfDangl
 ing $ olcMemberOfDanglingError $ olcMemberOfRefInt $ olcMemberOfGroupOC $ olc
 MemberOfMemberAD $ olcMemberOfMemberOfAD ) )

##############################################################################
#                                                                            #
# olcPPolicyConfig objectClass                                               #
#                                                                            #
##############################################################################
olcObjectClasses: ( OLcfgOvOc:12.1 NAME 'olcPPolicyConfig'
 DESC 'Password Policy configuration' SUP olcOverlayConfig STRUCTURAL 
 MAY ( olcPPolicyDefault $ olcPPolicyHashCleartext $ olcPPolicyUseLockout 
 $ olcPPolicyForwardUpdates ) )
 
##############################################################################
#                                                                            #
# olcPcache objectClasses                                                    #
#                                                                            #
##############################################################################
olcObjectClasses: ( OLcfgOvOc:2.1 NAME 'olcPcacheConfig' 
 DESC 'ProxyCache configuration' SUP olcOverlayConfig STRUCTURAL 
 MUST ( olcProxyCache $ olcProxyAttrset $ olcProxyTemplate ) 
 MAY ( olcProxyResponseCB $ olcProxyCacheQueries $ olcProxySaveQueries ) )

olcObjectClasses: ( OLcfgOvOc:2.2 NAME 'olcPcacheDatabase' 
 DESC 'Cache database configuration' AUXILIARY )

olcObjectClasses: ( OLcfgOvOc:11.1 NAME 'olcRefintConfig' 
 DESC 'Referential integrity configuration' SUP olcOverlayConfig STRUCTURAL 
 MAY ( olcRefintAttribute $ olcRefintNothing ) )

olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.4.3.0 NAME 'errAbsObject' 
 SUP top ABSTRACT MUST errCode 
 MAY ( cn $ description $ errOp $ errText $ errSleepTime $ errMatchedDN 
 $ errUnsolicitedOID $ errUnsolicitedData $ errDisconnect ) )

olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.4.3.1 NAME 'errObject' 
 SUP errAbsObject STRUCTURAL )

olcObjectClasses: ( 1.3.6.1.4.1.4203.666.11.4.3.2 NAME 'errAuxObject' 
 SUP errAbsObject AUXILIARY )

olcObjectClasses: ( OLcfgOvOc:16.1 NAME 'olcRwmConfig' 
 DESC 'Rewrite/remap configuration' SUP olcOverlayConfig STRUCTURAL 
 MAY ( olcRwmRewrite $ olcRwmTFSupport $ olcRwmMap $ olcRwmNormalizeMapped ) )

##############################################################################
#                                                                            #
# olcSyncProvConfig objectClasses                                            #
#                                                                            #
##############################################################################
olcObjectClasses: ( OLcfgOvOc:1.1 NAME 'olcSyncProvConfig' 
 DESC 'SyncRepl Provider configuration' SUP olcOverlayConfig STRUCTURAL 
 MAY ( olcSpCheckpoint $ olcSpSessionlog $ olcSpNoPresent  $ olcSpReloadHint) )

olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.5 NAME 'syncConsumerSubentry' 
 DESC 'Persistent Info for SyncRepl Consumer' AUXILIARY MAY syncreplCookie )

olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.6 NAME 'syncProviderSubentry' 
 DESC 'Persistent Info for SyncRepl Producer' AUXILIARY MAY contextCSN )

olcObjectClasses: ( OLcfgOvOc:14.1 NAME 'olcTranslucentConfig' 
 DESC 'Translucent configuration' SUP olcOverlayConfig STRUCTURAL 
 MAY ( olcTranslucentStrict $ olcTranslucentNoGlue ) )

olcObjectClasses: ( OLcfgOvOc:14.2 NAME 'olcTranslucentDatabase' 
 DESC 'Translucent target database configuration' AUXILIARY )

olcObjectClasses: ( OLcfgOvOc:10.1 NAME 'olcUniqueConfig' 
 DESC 'Attribute value uniqueness configuration' SUP olcOverlayConfig STRUCTURAL
 MAY ( olcUniqueBase $ olcUniqueIgnore $ olcUniqueAttribute $ olcUniqueStrict 
 $ olcUniqueURI ) )

olcObjectClasses: ( OLcfgOvOc:5.1 NAME 'olcValSortConfig' 
 DESC 'Value Sorting configuration' SUP olcOverlayConfig STRUCTURAL 
 MUST olcValSortAttr )

olcObjectClasses: ( OLcfgDbOc:1.1 NAME 'olcBdbConfig' 
 DESC 'BDB backend configuration' SUP olcDatabaseConfig STRUCTURAL 
 MUST olcDbDirectory 
 MAY ( olcDbCacheSize $ olcDbCheckpoint $ olcDbConfig 
 $ olcDbNoSync $ olcDbDirtyRead $ olcDbIDLcacheSize $ olcDbIndex 
 $ olcDbLinearIndex $ olcDbLockDetect $ olcDbMode $ olcDbSearchStack 
 $ olcDbShmKey $ olcDbCacheFree $ olcDbDNcacheSize ) )

olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.16.1 NAME 'monitor' DESC 'OpenLDAP 
 system monitoring' SUP top STRUCTURAL MUST cn MAY ( description $ seeAlso $ l
 abeledURI $ monitoredInfo $ managedInfo $ monitorOverlay ) )
 
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.16.2 NAME 'monitorServer' DESC 'Ser
 ver monitoring root entry' SUP monitor STRUCTURAL )
 
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.16.3 NAME 'monitorContainer' DESC '
 monitor container class' SUP monitor STRUCTURAL )
 
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.16.4 NAME 'monitorCounterObject' DE
 SC 'monitor counter class' SUP monitor STRUCTURAL )
 
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.16.5 NAME 'monitorOperation' DESC '
 monitor operation class' SUP monitor STRUCTURAL )
 
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.16.6 NAME 'monitorConnection' DESC 
 'monitor connection class' SUP monitor STRUCTURAL )
 
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.16.7 NAME 'managedObject' DESC 'mon
 itor managed entity class' SUP monitor STRUCTURAL )
 
olcObjectClasses: ( 1.3.6.1.4.1.4203.666.3.16.8 NAME 'monitoredObject' DESC 'm
 onitor monitored entity class' SUP monitor STRUCTURAL )
 
olcObjectClasses: ( OLcfgDbOc:4.1 NAME 'olcMonitorConfig' DESC 'Monitor backen
 d configuration' SUP olcDatabaseConfig STRUCTURAL )
 
olcObjectClasses: ( olmBDBObjectClasses:1 NAME 'olmBDBDatabase' SUP top AUXILI
 ARY MAY ( olmBDBEntryCache $ olmBDBDNCache $ olmBDBIDLCache $ olmDbDirectory 
 ) )



Problems, comments, suggestions, corrections (including broken links) or something to add? Please take the time from a busy life to 'mail us' (at top of screen), the webmaster (below) or info-support at zytrax. You will have a warm inner glow for the rest of the day.

Contents

tech info
guides home
intro
contents
1 objectives
big picture
2 concepts
3 ldap objects
quickstart
4 install ldap
5 samples
6 configuration
7 replica & refer
reference
8 ldif
9 protocol
10 ldap api
operations
11 howtos
12 trouble
13 performance
14 ldap tools
security
15 security
appendices
notes & info
ldap resources
rfc's & x.500
glossary
ldap objects
change log

Creative Commons License
This work is licensed under a Creative Commons License.

If you are happy it's OK - but your browser is giving a less than optimal experience on our site. You could, at no charge, upgrade to a W3C STANDARDS COMPLIANT browser such as Firefox

Search

web zytrax.com

Share

Icons made by Icomoon from www.flaticon.com is licensed by CC 3.0 BY
share page via facebook tweet this page

Page

email us Send to a friend feature print this page Display full width page Decrease font size Increase font size

Resources

Systems

FreeBSD
NetBSD
OpenBSD
DragonFlyBSD
Linux.org
Debian Linux

Software

LibreOffice
OpenOffice
Mozilla
GitHub
GNU-Free SW Foundation
get-dns

Organizations

Open Source Initiative
Creative Commons

Misc.

Ibiblio - Library
Open Book Project
Open Directory
Wikipedia

Site

CSS Technology SPF Record Conformant Domain
Copyright © 1994 - 2024 ZyTrax, Inc.
All rights reserved. Legal and Privacy
site by zytrax
hosted by javapipe.com
web-master at zytrax
Page modified: January 20 2022.