schema_prep.c 47.1 KB
Newer Older
Jong Hyuk Choi's avatar
Jong Hyuk Choi committed
1
/* schema_prep.c - load builtin schema */
2
/* $OpenLDAP$ */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
3
4
/* This work is part of OpenLDAP Software <http://www.openldap.org/>.
 *
Kurt Zeilenga's avatar
Kurt Zeilenga committed
5
 * Copyright 1998-2008 The OpenLDAP Foundation.
Kurt Zeilenga's avatar
Kurt Zeilenga committed
6
7
8
9
10
11
12
13
14
 * All rights reserved.
 *
 * Redistribution and use in source and binary forms, with or without
 * modification, are permitted only as authorized by the OpenLDAP
 * Public License.
 *
 * A copy of this license is available in the file LICENSE in the
 * top-level directory of the distribution or, alternatively, at
 * <http://www.OpenLDAP.org/license.html>.
15
16
17
18
19
20
21
22
23
24
25
26
 */

#include "portable.h"

#include <stdio.h>

#include <ac/ctype.h>
#include <ac/string.h>
#include <ac/socket.h>

#include "slap.h"

27
28
#define OCDEBUG 0

29
30
int schema_init_done = 0;

31
32
struct slap_internal_schema slap_schema;

33
34
static int
oidValidate(
35
36
37
	Syntax *syntax,
	struct berval *in )
{
38
	struct berval val = *in;
39

40
41
42
43
	if( val.bv_len == 0 ) {
		/* disallow empty strings */
		return LDAP_INVALID_SYNTAX;
	}
44

45
46
47
48
49
50
51
52
53
54
55
56
57
	if( DESC_LEADCHAR( val.bv_val[0] ) ) {
		val.bv_val++;
		val.bv_len--;
		if ( val.bv_len == 0 ) return LDAP_SUCCESS;

		while( DESC_CHAR( val.bv_val[0] ) ) {
			val.bv_val++;
			val.bv_len--;

			if ( val.bv_len == 0 ) return LDAP_SUCCESS;
		}

	} else {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
58
		int sep = 0;
59
60
61
62
		while( OID_LEADCHAR( val.bv_val[0] ) ) {
			val.bv_val++;
			val.bv_len--;

Kurt Zeilenga's avatar
Kurt Zeilenga committed
63
64
65
66
			if ( val.bv_val[-1] != '0' ) {
				while ( OID_LEADCHAR( val.bv_val[0] )) {
					val.bv_val++;
					val.bv_len--;
67
68
69
				}
			}

Kurt Zeilenga's avatar
Kurt Zeilenga committed
70
71
72
			if( val.bv_len == 0 ) {
				if( sep == 0 ) break;
				return LDAP_SUCCESS;
73
74
			}

Kurt Zeilenga's avatar
Kurt Zeilenga committed
75
76
77
			if( !OID_SEPARATOR( val.bv_val[0] )) break;

			sep++;
78
79
80
81
82
83
			val.bv_val++;
			val.bv_len--;
		}
	}

	return LDAP_INVALID_SYNTAX;
84
85
}

86

87
static int objectClassPretty(
88
89
90
	Syntax *syntax,
	struct berval *in,
	struct berval *out,
Howard Chu's avatar
Howard Chu committed
91
	void *ctx )
92
{
93
94
95
96
97
	ObjectClass *oc;

	if( oidValidate( NULL, in )) return LDAP_INVALID_SYNTAX;

	oc = oc_bvfind( in );
98
	if( oc == NULL ) return LDAP_INVALID_SYNTAX;
99

100
	ber_dupbv_x( out, &oc->soc_cname, ctx );
101
102
103
	return LDAP_SUCCESS;
}

104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
static int
attributeTypeMatch(
	int *matchp,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	struct berval *a = (struct berval *) assertedValue;
	AttributeType *at = at_bvfind( value );
	AttributeType *asserted = at_bvfind( a );

	if( asserted == NULL ) {
		if( OID_LEADCHAR( *a->bv_val ) ) {
			/* OID form, return FALSE */
			*matchp = 1;
			return LDAP_SUCCESS;
		}

		/* desc form, return undefined */
		return LDAP_INVALID_SYNTAX;
	}

	if ( at == NULL ) {
		/* unrecognized stored value */
		return LDAP_INVALID_SYNTAX;
	}

	*matchp = ( asserted != at );
	return LDAP_SUCCESS;
}

static int
matchingRuleMatch(
	int *matchp,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	struct berval *a = (struct berval *) assertedValue;
	MatchingRule *mrv = mr_bvfind( value );
	MatchingRule *asserted = mr_bvfind( a );

	if( asserted == NULL ) {
		if( OID_LEADCHAR( *a->bv_val ) ) {
			/* OID form, return FALSE */
			*matchp = 1;
			return LDAP_SUCCESS;
		}

		/* desc form, return undefined */
		return LDAP_INVALID_SYNTAX;
	}

	if ( mrv == NULL ) {
		/* unrecognized stored value */
		return LDAP_INVALID_SYNTAX;
	}

	*matchp = ( asserted != mrv );
	return LDAP_SUCCESS;
}

static int
objectClassMatch(
	int *matchp,
	slap_mask_t flags,
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
	struct berval *a = (struct berval *) assertedValue;
	ObjectClass *oc = oc_bvfind( value );
	ObjectClass *asserted = oc_bvfind( a );

	if( asserted == NULL ) {
		if( OID_LEADCHAR( *a->bv_val ) ) {
			/* OID form, return FALSE */
			*matchp = 1;
			return LDAP_SUCCESS;
		}

		/* desc form, return undefined */
		return LDAP_INVALID_SYNTAX;
	}

	if ( oc == NULL ) {
		/* unrecognized stored value */
		return LDAP_INVALID_SYNTAX;
	}

	*matchp = ( asserted != oc );
	return LDAP_SUCCESS;
}

203
static int
204
objectSubClassMatch(
205
	int *matchp,
Kurt Zeilenga's avatar
Kurt Zeilenga committed
206
	slap_mask_t flags,
207
208
209
210
211
	Syntax *syntax,
	MatchingRule *mr,
	struct berval *value,
	void *assertedValue )
{
212
	struct berval *a = (struct berval *) assertedValue;
Howard Chu's avatar
Howard Chu committed
213
214
	ObjectClass *oc = oc_bvfind( value );
	ObjectClass *asserted = oc_bvfind( a );
215

216
	if( asserted == NULL ) {
217
		if( OID_LEADCHAR( *a->bv_val ) ) {
218
219
220
221
222
223
			/* OID form, return FALSE */
			*matchp = 1;
			return LDAP_SUCCESS;
		}

		/* desc form, return undefined */
224
		return LDAP_INVALID_SYNTAX;
225
226
227
	}

	if ( oc == NULL ) {
Kurt Zeilenga's avatar
Kurt Zeilenga committed
228
		/* unrecognized stored value */
229
		return LDAP_INVALID_SYNTAX;
230
231
	}

232
	if( SLAP_MR_IS_VALUE_OF_ATTRIBUTE_SYNTAX( flags ) ) {
233
234
235
236
237
238
239
240
		*matchp = ( asserted != oc );
	} else {
		*matchp = !is_object_subclass( asserted, oc );
	}

	return LDAP_SUCCESS;
}

241
242
243
static int objectSubClassIndexer( 
	slap_mask_t use,
	slap_mask_t mask,
244
245
	Syntax *syntax,
	MatchingRule *mr,
246
247
	struct berval *prefix,
	BerVarray values,
Howard Chu's avatar
Howard Chu committed
248
249
	BerVarray *keysp,
	void *ctx )
250
{
251
252
	int rc, noc, i;
	BerVarray ocvalues;
253
	ObjectClass **socs;
254
255
	
	for( noc=0; values[noc].bv_val != NULL; noc++ ) {
256
257
258
259
		/* just count em */;
	}

	/* over allocate */
260
	socs = slap_sl_malloc( (noc+16) * sizeof( ObjectClass * ), ctx );
261

262
	/* initialize */
263
	for( i=0; i<noc; i++ ) {
264
		socs[i] = oc_bvfind( &values[i] );
265
266
267
268
269
	}

	/* expand values */
	for( i=0; i<noc; i++ ) {
		int j;
270
		ObjectClass *oc = socs[i];
271
272
273
274
275
276
277
278
		if( oc == NULL || oc->soc_sups == NULL ) continue;
		
		for( j=0; oc->soc_sups[j] != NULL; j++ ) {
			int found = 0;
			ObjectClass *sup = oc->soc_sups[j];
			int k;

			for( k=0; k<noc; k++ ) {
279
				if( sup == socs[k] ) {
280
281
282
283
					found++;
					break;
				}
			}
284

285
			if( !found ) {
286
287
				socs = slap_sl_realloc( socs,
					sizeof( ObjectClass * ) * (noc+2), ctx );
288

289
				assert( k == noc );
290
				socs[noc++] = sup;
291
292
293
294
			}
		}
	}

295
296
297
298
299
300
301
302
303
304
	ocvalues = slap_sl_malloc( sizeof( struct berval ) * (noc+1), ctx );
	/* copy values */
	for( i=0; i<noc; i++ ) {
		if ( socs[i] )
			ocvalues[i] = socs[i]->soc_cname;
		else
			ocvalues[i] = values[i];
	}
	BER_BVZERO( &ocvalues[i] );

305
	rc = octetStringIndexer( use, mask, syntax, mr,
Howard Chu's avatar
Howard Chu committed
306
		prefix, ocvalues, keysp, ctx );
307

308
	slap_sl_free( ocvalues, ctx );
309
	slap_sl_free( socs, ctx );
310
	return rc;
311
}
312

313
#define objectSubClassFilter octetStringFilter
314

Kurt Zeilenga's avatar
Kurt Zeilenga committed
315
static ObjectClassSchemaCheckFN rootDseObjectClass;
316
317
static ObjectClassSchemaCheckFN aliasObjectClass;
static ObjectClassSchemaCheckFN referralObjectClass;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
318
static ObjectClassSchemaCheckFN subentryObjectClass;
319
#ifdef LDAP_DYNAMIC_OBJECTS
320
static ObjectClassSchemaCheckFN dynamicObjectClass;
321
#endif
Kurt Zeilenga's avatar
Kurt Zeilenga committed
322

Kurt Zeilenga's avatar
Kurt Zeilenga committed
323
static struct slap_schema_oc_map {
324
	char *ssom_name;
325
326
	char *ssom_defn;
	ObjectClassSchemaCheckFN *ssom_check;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
327
	slap_mask_t ssom_flags;
328
329
	size_t ssom_offset;
} oc_map[] = {
330
331
332
	{ "top", "( 2.5.6.0 NAME 'top' "
			"DESC 'top of the superclass chain' "
			"ABSTRACT MUST objectClass )",
Kurt Zeilenga's avatar
Kurt Zeilenga committed
333
		0, 0, offsetof(struct slap_internal_schema, si_oc_top) },
334
335
	{ "extensibleObject", "( 1.3.6.1.4.1.1466.101.120.111 "
			"NAME 'extensibleObject' "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
336
			"DESC 'RFC4512: extensible object' "
337
			"SUP top AUXILIARY )",
338
339
		0, SLAP_OC_OPERATIONAL,
		offsetof(struct slap_internal_schema, si_oc_extensibleObject) },
340
	{ "alias", "( 2.5.6.1 NAME 'alias' "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
341
			"DESC 'RFC4512: an alias' "
342
343
			"SUP top STRUCTURAL "
			"MUST aliasedObjectName )",
344
		aliasObjectClass, SLAP_OC_ALIAS|SLAP_OC_OPERATIONAL,
345
		offsetof(struct slap_internal_schema, si_oc_alias) },
346
347
348
	{ "referral", "( 2.16.840.1.113730.3.2.6 NAME 'referral' "
			"DESC 'namedref: named subordinate referral' "
			"SUP top STRUCTURAL MUST ref )",
349
		referralObjectClass, SLAP_OC_REFERRAL|SLAP_OC_OPERATIONAL,
350
		offsetof(struct slap_internal_schema, si_oc_referral) },
351
352
353
	{ "LDAProotDSE", "( 1.3.6.1.4.1.4203.1.4.1 "
			"NAME ( 'OpenLDAProotDSE' 'LDAProotDSE' ) "
			"DESC 'OpenLDAP Root DSE object' "
354
			"SUP top STRUCTURAL MAY cn )",
355
		rootDseObjectClass, SLAP_OC_OPERATIONAL,
Kurt Zeilenga's avatar
Kurt Zeilenga committed
356
		offsetof(struct slap_internal_schema, si_oc_rootdse) },
Kurt Zeilenga's avatar
Kurt Zeilenga committed
357
	{ "subentry", "( 2.5.17.0 NAME 'subentry' "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
358
			"DESC 'RFC3672: subentry' "
359
360
			"SUP top STRUCTURAL "
			"MUST ( cn $ subtreeSpecification ) )",
361
		subentryObjectClass, SLAP_OC_SUBENTRY|SLAP_OC_OPERATIONAL,
362
		offsetof(struct slap_internal_schema, si_oc_subentry) },
363
	{ "subschema", "( 2.5.20.1 NAME 'subschema' "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
364
		"DESC 'RFC4512: controlling subschema (sub)entry' "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
365
		"AUXILIARY "
366
		"MAY ( dITStructureRules $ nameForms $ dITContentRules $ "
367
			"objectClasses $ attributeTypes $ matchingRules $ "
368
			"matchingRuleUse ) )",
369
		subentryObjectClass, SLAP_OC_OPERATIONAL,
Kurt Zeilenga's avatar
Kurt Zeilenga committed
370
		offsetof(struct slap_internal_schema, si_oc_subschema) },
371
#ifdef LDAP_COLLECTIVE_ATTRIBUTES
Kurt Zeilenga's avatar
Kurt Zeilenga committed
372
	{ "collectiveAttributeSubentry", "( 2.5.17.2 "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
373
374
			"NAME 'collectiveAttributeSubentry' "
			"DESC 'RFC3671: collective attribute subentry' "
375
			"AUXILIARY )",
376
377
		subentryObjectClass,
		SLAP_OC_COLLECTIVEATTRIBUTESUBENTRY|SLAP_OC_OPERATIONAL|SLAP_OC_HIDE,
378
379
380
381
		offsetof( struct slap_internal_schema,
			si_oc_collectiveAttributeSubentry) },
#endif
#ifdef LDAP_DYNAMIC_OBJECTS
382
383
384
385
	{ "dynamicObject", "( 1.3.6.1.4.1.1466.101.119.2 "
			"NAME 'dynamicObject' "
			"DESC 'RFC2589: Dynamic Object' "
			"SUP top AUXILIARY )",
386
		dynamicObjectClass, SLAP_OC_DYNAMICOBJECT,
387
		offsetof(struct slap_internal_schema, si_oc_dynamicObject) },
388
#endif
Kurt Zeilenga's avatar
Kurt Zeilenga committed
389
390
391
392
	{ "glue", "( 1.3.6.1.4.1.4203.666.3.4 "
			"NAME 'glue' "
			"DESC 'Glue Entry' "
			"SUP top STRUCTURAL )",
393
		0, SLAP_OC_GLUE|SLAP_OC_OPERATIONAL|SLAP_OC_HIDE,
Kurt Zeilenga's avatar
Kurt Zeilenga committed
394
395
396
397
398
399
		offsetof(struct slap_internal_schema, si_oc_glue) },
	{ "syncConsumerSubentry", "( 1.3.6.1.4.1.4203.666.3.5 "
			"NAME 'syncConsumerSubentry' "
			"DESC 'Persistent Info for SyncRepl Consumer' "
			"AUXILIARY "
			"MAY syncreplCookie )",
400
		0, SLAP_OC_SYNCCONSUMERSUBENTRY|SLAP_OC_OPERATIONAL|SLAP_OC_HIDE,
Kurt Zeilenga's avatar
Kurt Zeilenga committed
401
402
403
404
405
		offsetof(struct slap_internal_schema, si_oc_syncConsumerSubentry) },
	{ "syncProviderSubentry", "( 1.3.6.1.4.1.4203.666.3.6 "
			"NAME 'syncProviderSubentry' "
			"DESC 'Persistent Info for SyncRepl Producer' "
			"AUXILIARY "
406
			"MAY contextCSN )",
407
		0, SLAP_OC_SYNCPROVIDERSUBENTRY|SLAP_OC_OPERATIONAL|SLAP_OC_HIDE,
Kurt Zeilenga's avatar
Kurt Zeilenga committed
408
		offsetof(struct slap_internal_schema, si_oc_syncProviderSubentry) },
Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
409

Kurt Zeilenga's avatar
Kurt Zeilenga committed
410
	{ NULL, NULL, NULL, 0, 0 }
411
412
};

413
static AttributeTypeSchemaCheckFN rootDseAttribute;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
414
static AttributeTypeSchemaCheckFN aliasAttribute;
415
static AttributeTypeSchemaCheckFN referralAttribute;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
416
static AttributeTypeSchemaCheckFN subentryAttribute;
417
static AttributeTypeSchemaCheckFN administrativeRoleAttribute;
418
#ifdef LDAP_DYNAMIC_OBJECTS
Kurt Zeilenga's avatar
Kurt Zeilenga committed
419
static AttributeTypeSchemaCheckFN dynamicAttribute;
420
#endif
421

Kurt Zeilenga's avatar
Kurt Zeilenga committed
422
static struct slap_schema_ad_map {
423
	char *ssam_name;
424
425
	char *ssam_defn;
	AttributeTypeSchemaCheckFN *ssam_check;
Kurt Zeilenga's avatar
Kurt Zeilenga committed
426
	slap_mask_t ssam_flags;
427
428
429
430
431
432
433
	slap_syntax_validate_func *ssam_syn_validate;
	slap_syntax_transform_func *ssam_syn_pretty;
	slap_mr_convert_func *ssam_mr_convert;
	slap_mr_normalize_func *ssam_mr_normalize;
	slap_mr_match_func *ssam_mr_match;
	slap_mr_indexer_func *ssam_mr_indexer;
	slap_mr_filter_func *ssam_mr_filter;
434
435
	size_t ssam_offset;
} ad_map[] = {
436
	{ "objectClass", "( 2.5.4.0 NAME 'objectClass' "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
437
			"DESC 'RFC4512: object classes of the entity' "
438
439
			"EQUALITY objectIdentifierMatch "
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )",
440
		NULL, SLAP_AT_FINAL,
441
		oidValidate, objectClassPretty,
442
		NULL, NULL, objectSubClassMatch,
443
			objectSubClassIndexer, objectSubClassFilter,
444
		offsetof(struct slap_internal_schema, si_ad_objectClass) },
445
446

	/* user entry operational attributes */
447
	{ "structuralObjectClass", "( 2.5.21.9 NAME 'structuralObjectClass' "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
448
			"DESC 'RFC4512: structural object class of entry' "
449
450
			"EQUALITY objectIdentifierMatch "
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
451
			"SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
Kurt Zeilenga's avatar
Kurt Zeilenga committed
452
		NULL, SLAP_AT_MANAGEABLE,
453
		oidValidate, objectClassPretty,
454
		NULL, NULL, objectSubClassMatch,
455
			objectSubClassIndexer, objectSubClassFilter,
456
		offsetof(struct slap_internal_schema, si_ad_structuralObjectClass) },
457
	{ "createTimestamp", "( 2.5.18.1 NAME 'createTimestamp' "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
458
			"DESC 'RFC4512: time which object was created' "
459
460
461
462
			"EQUALITY generalizedTimeMatch "
			"ORDERING generalizedTimeOrderingMatch "
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
			"SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
Kurt Zeilenga's avatar
Kurt Zeilenga committed
463
		NULL, SLAP_AT_MANAGEABLE,
464
		NULL, NULL,
465
		NULL, NULL, NULL, NULL, NULL,
466
		offsetof(struct slap_internal_schema, si_ad_createTimestamp) },
467
	{ "modifyTimestamp", "( 2.5.18.2 NAME 'modifyTimestamp' "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
468
			"DESC 'RFC4512: time which object was last modified' "
469
470
471
472
			"EQUALITY generalizedTimeMatch "
			"ORDERING generalizedTimeOrderingMatch "
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
			"SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
Kurt Zeilenga's avatar
Kurt Zeilenga committed
473
		NULL, SLAP_AT_MANAGEABLE,
474
		NULL, NULL,
475
		NULL, NULL, NULL, NULL, NULL,
476
		offsetof(struct slap_internal_schema, si_ad_modifyTimestamp) },
477
	{ "creatorsName", "( 2.5.18.3 NAME 'creatorsName' "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
478
			"DESC 'RFC4512: name of creator' "
479
480
481
			"EQUALITY distinguishedNameMatch "
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 "
			"SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
Kurt Zeilenga's avatar
Kurt Zeilenga committed
482
		NULL, SLAP_AT_MANAGEABLE,
483
		NULL, NULL,
484
		NULL, NULL, NULL, NULL, NULL,
485
486
		offsetof(struct slap_internal_schema, si_ad_creatorsName) },
	{ "modifiersName", "( 2.5.18.4 NAME 'modifiersName' "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
487
			"DESC 'RFC4512: name of last modifier' "
488
489
490
			"EQUALITY distinguishedNameMatch "
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 "
			"SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
Kurt Zeilenga's avatar
Kurt Zeilenga committed
491
		NULL, SLAP_AT_MANAGEABLE,
492
		NULL, NULL,
493
		NULL, NULL, NULL, NULL, NULL,
494
495
496
497
498
499
		offsetof(struct slap_internal_schema, si_ad_modifiersName) },
	{ "hasSubordinates", "( 2.5.18.9 NAME 'hasSubordinates' "
			"DESC 'X.501: entry has children' "
			"EQUALITY booleanMatch "
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 "
			"SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
500
		NULL, SLAP_AT_DYNAMIC,
501
		NULL, NULL,
502
		NULL, NULL, NULL, NULL, NULL,
503
		offsetof(struct slap_internal_schema, si_ad_hasSubordinates) },
504
	{ "subschemaSubentry", "( 2.5.18.10 NAME 'subschemaSubentry' "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
505
			"DESC 'RFC4512: name of controlling subschema entry' "
506
			"EQUALITY distinguishedNameMatch "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
507
508
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE "
			"NO-USER-MODIFICATION USAGE directoryOperation )",
509
		NULL, SLAP_AT_DYNAMIC,
510
		NULL, NULL,
511
		NULL, NULL, NULL, NULL, NULL,
512
		offsetof(struct slap_internal_schema, si_ad_subschemaSubentry) },
513
#ifdef LDAP_COLLECTIVE_ATTRIBUTES
514
515
	{ "collectiveAttributeSubentries", "( 2.5.18.12 "
			"NAME 'collectiveAttributeSubentries' "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
516
			"DESC 'RFC3671: collective attribute subentries' "
517
518
			"EQUALITY distinguishedNameMatch "
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
519
			"NO-USER-MODIFICATION USAGE directoryOperation )",
520
		NULL, SLAP_AT_HIDE,
521
		NULL, NULL,
522
		NULL, NULL, NULL, NULL, NULL,
523
		offsetof(struct slap_internal_schema, si_ad_collectiveSubentries) },
524
	{ "collectiveExclusions", "( 2.5.18.7 NAME 'collectiveExclusions' "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
525
			"DESC 'RFC3671: collective attribute exclusions' "
526
527
528
			"EQUALITY objectIdentifierMatch "
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 "
			"USAGE directoryOperation )",
529
		NULL, SLAP_AT_HIDE,
530
		NULL, NULL,
531
		NULL, NULL, NULL, NULL, NULL,
532
		offsetof(struct slap_internal_schema, si_ad_collectiveExclusions) },
533
#endif
534

535
	{ "entryDN", "( 1.3.6.1.1.20 NAME 'entryDN' "   
536
537
538
539
			"DESC 'DN of the entry' "
			"EQUALITY distinguishedNameMatch "
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 "
			"SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
540
		NULL, SLAP_AT_DYNAMIC,
541
542
543
		NULL, NULL,
		NULL, NULL, NULL, NULL, NULL,
		offsetof(struct slap_internal_schema, si_ad_entryDN) },
544
	{ "entryUUID", "( 1.3.6.1.1.16.4 NAME 'entryUUID' "   
Kurt Zeilenga's avatar
Kurt Zeilenga committed
545
			"DESC 'UUID of the entry' "
546
547
			"EQUALITY UUIDMatch "
			"ORDERING UUIDOrderingMatch "
548
			"SYNTAX 1.3.6.1.1.16.1 "
549
			"SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
550
		NULL, SLAP_AT_MANAGEABLE,
551
		NULL, NULL,
552
		NULL, NULL, NULL, NULL, NULL,
553
554
		offsetof(struct slap_internal_schema, si_ad_entryUUID) },
	{ "entryCSN", "( 1.3.6.1.4.1.4203.666.1.7 NAME 'entryCSN' "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
555
			"DESC 'change sequence number of the entry content' "
556
557
558
			"EQUALITY CSNMatch "
			"ORDERING CSNOrderingMatch "
			"SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
559
560
			"SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
		NULL, SLAP_AT_HIDE,
561
		NULL, NULL,
Kurt Zeilenga's avatar
Kurt Zeilenga committed
562
563
564
		NULL, NULL, NULL, NULL, NULL,
		offsetof(struct slap_internal_schema, si_ad_entryCSN) },
	{ "namingCSN", "( 1.3.6.1.4.1.4203.666.1.13 NAME 'namingCSN' "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
565
			"DESC 'change sequence number of the entry naming (RDN)' "
566
567
568
			"EQUALITY CSNMatch "
			"ORDERING CSNOrderingMatch "
			"SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} "
569
			"SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
570
		NULL, SLAP_AT_HIDE,
571
		NULL, NULL,
572
		NULL, NULL, NULL, NULL, NULL,
Kurt Zeilenga's avatar
Kurt Zeilenga committed
573
		offsetof(struct slap_internal_schema, si_ad_namingCSN) },
574

575
#ifdef LDAP_SUPERIOR_UUID
576
	{ "superiorUUID", "( 1.3.6.1.4.1.4203.666.1.11 NAME 'superiorUUID' "   
Kurt Zeilenga's avatar
Kurt Zeilenga committed
577
			"DESC 'UUID of the superior entry' "
578
579
580
			"EQUALITY UUIDMatch "
			"ORDERING UUIDOrderingMatch "
			"SYNTAX 1.3.6.1.1.16.1 "
581
582
			"SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )",
		NULL, SLAP_AT_HIDE,
583
		NULL, NULL,
584
585
		NULL, NULL, NULL, NULL, NULL,
		offsetof(struct slap_internal_schema, si_ad_superiorUUID) },
586
#endif
587

Kurt Zeilenga's avatar
cleanup    
Kurt Zeilenga committed
588
	{ "syncreplCookie", "( 1.3.6.1.4.1.4203.666.1.23 "
589
590
591
592
			"NAME 'syncreplCookie' "
			"DESC 'syncrepl Cookie for shadow copy' "
			"EQUALITY octetStringMatch "
			"ORDERING octetStringOrderingMatch "
Jong Hyuk Choi's avatar
Jong Hyuk Choi committed
593
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
594
			"SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )",
595
		NULL, SLAP_AT_HIDE,
596
		NULL, NULL,
597
598
		NULL, NULL, NULL, NULL, NULL,
		offsetof(struct slap_internal_schema, si_ad_syncreplCookie) },
599

600
601
602
	{ "contextCSN", "( 1.3.6.1.4.1.4203.666.1.25 "
			"NAME 'contextCSN' "
			"DESC 'the largest committed CSN of a context' "
603
604
605
			"EQUALITY CSNMatch "
			"ORDERING CSNOrderingMatch "
			"SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} "
606
			"NO-USER-MODIFICATION USAGE dSAOperation )",
607
608
609
610
		NULL, SLAP_AT_HIDE,
		NULL, NULL,
		NULL, NULL, NULL, NULL, NULL,
		offsetof(struct slap_internal_schema, si_ad_contextCSN) },
611

612
#ifdef LDAP_SYNC_TIMESTAMP
Kurt Zeilenga's avatar
Kurt Zeilenga committed
613
614
615
616
617
618
619
620
621
622
623
624
	{ "syncTimestamp", "( 1.3.6.1.4.1.4203.666.1.26 NAME 'syncTimestamp' "
			"DESC 'Time which object was replicated' "
			"EQUALITY generalizedTimeMatch "
			"ORDERING generalizedTimeOrderingMatch "
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 "
			"SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )",
		NULL, 0,
		NULL, NULL,
		NULL, NULL, NULL, NULL, NULL,
		offsetof(struct slap_internal_schema, si_ad_syncTimestamp) },
#endif

625
	/* root DSE attributes */
626
	{ "altServer", "( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer' "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
627
			"DESC 'RFC4512: alternative servers' "
628
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE dSAOperation )",
629
		rootDseAttribute, 0,
630
		NULL, NULL,
631
		NULL, NULL, NULL, NULL, NULL,
632
		offsetof(struct slap_internal_schema, si_ad_altServer) },
633
634
	{ "namingContexts", "( 1.3.6.1.4.1.1466.101.120.5 "
			"NAME 'namingContexts' "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
635
			"DESC 'RFC4512: naming contexts' "
636
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperation )",
637
		rootDseAttribute, 0,
638
		NULL, NULL,
639
		NULL, NULL, NULL, NULL, NULL,
640
		offsetof(struct slap_internal_schema, si_ad_namingContexts) },
641
642
	{ "supportedControl", "( 1.3.6.1.4.1.1466.101.120.13 "
			"NAME 'supportedControl' "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
643
			"DESC 'RFC4512: supported controls' "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
644
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )",
645
		rootDseAttribute, 0,
646
		NULL, NULL,
647
		NULL, NULL, NULL, NULL, NULL,
648
		offsetof(struct slap_internal_schema, si_ad_supportedControl) },
649
650
	{ "supportedExtension", "( 1.3.6.1.4.1.1466.101.120.7 "
			"NAME 'supportedExtension' "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
651
			"DESC 'RFC4512: supported extended operations' "
652
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )",
653
		rootDseAttribute, 0,
654
		NULL, NULL,
655
		NULL, NULL, NULL, NULL, NULL,
656
		offsetof(struct slap_internal_schema, si_ad_supportedExtension) },
657
658
	{ "supportedLDAPVersion", "( 1.3.6.1.4.1.1466.101.120.15 "
			"NAME 'supportedLDAPVersion' "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
659
			"DESC 'RFC4512: supported LDAP versions' "
660
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE dSAOperation )",
661
		rootDseAttribute, 0,
662
		NULL, NULL,
663
		NULL, NULL, NULL, NULL, NULL,
664
		offsetof(struct slap_internal_schema, si_ad_supportedLDAPVersion) },
665
666
	{ "supportedSASLMechanisms", "( 1.3.6.1.4.1.1466.101.120.14 "
			"NAME 'supportedSASLMechanisms' "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
667
			"DESC 'RFC4512: supported SASL mechanisms'"
668
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE dSAOperation )",
669
		rootDseAttribute, 0,
670
		NULL, NULL,
671
		NULL, NULL, NULL, NULL, NULL,
672
		offsetof(struct slap_internal_schema, si_ad_supportedSASLMechanisms) },
673
674
	{ "supportedFeatures", "( 1.3.6.1.4.1.4203.1.3.5 "
			"NAME 'supportedFeatures' "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
675
			"DESC 'RFC4512: features supported by the server' "
676
677
678
			"EQUALITY objectIdentifierMatch "
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 "
			"USAGE dSAOperation )",
679
		rootDseAttribute, 0,
680
		NULL, NULL,
681
		NULL, NULL, NULL, NULL, NULL,
682
		offsetof(struct slap_internal_schema, si_ad_supportedFeatures) },
683
684
685
	{ "monitorContext", "( 1.3.6.1.4.1.4203.666.1.10 "
			"NAME 'monitorContext' "
			"DESC 'monitor context' "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
686
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 "
687
688
			"SINGLE-VALUE NO-USER-MODIFICATION "
			"USAGE dSAOperation )",
689
		rootDseAttribute, SLAP_AT_HIDE,
690
		NULL, NULL,
691
		NULL, NULL, NULL, NULL, NULL,
692
		offsetof(struct slap_internal_schema, si_ad_monitorContext) },
Quanah Gibson-Mount's avatar
Quanah Gibson-Mount committed
693
	{ "configContext", "( 1.3.6.1.4.1.4203.1.12.2.1 "
694
695
696
697
698
699
700
701
702
			"NAME 'configContext' "
			"DESC 'config context' "
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 "
			"SINGLE-VALUE NO-USER-MODIFICATION "
			"USAGE dSAOperation )",
		rootDseAttribute, SLAP_AT_HIDE,
		NULL, NULL,
		NULL, NULL, NULL, NULL, NULL,
		offsetof(struct slap_internal_schema, si_ad_configContext) },
703
704
	{ "vendorName", "( 1.3.6.1.1.4 NAME 'vendorName' "
			"DESC 'RFC3045: name of implementation vendor' "
705
			"EQUALITY caseExactMatch "
706
707
708
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 "
			"SINGLE-VALUE NO-USER-MODIFICATION "
			"USAGE dSAOperation )",
709
		rootDseAttribute, 0,
710
		NULL, NULL,
711
		NULL, NULL, NULL, NULL, NULL,
712
713
714
		offsetof(struct slap_internal_schema, si_ad_vendorName) },
	{ "vendorVersion", "( 1.3.6.1.1.5 NAME 'vendorVersion' "
			"DESC 'RFC3045: version of implementation' "
715
			"EQUALITY caseExactMatch "
716
717
718
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 "
			"SINGLE-VALUE NO-USER-MODIFICATION "
			"USAGE dSAOperation )",
719
		rootDseAttribute, 0,
720
		NULL, NULL,
721
		NULL, NULL, NULL, NULL, NULL,
722
723
724
725
		offsetof(struct slap_internal_schema, si_ad_vendorVersion) },

	/* subentry attributes */
	{ "administrativeRole", "( 2.5.18.5 NAME 'administrativeRole' "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
726
			"DESC 'RFC3672: administrative role' "
727
728
729
			"EQUALITY objectIdentifierMatch "
			"USAGE directoryOperation "
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )",
730
		administrativeRoleAttribute, SLAP_AT_HIDE,
731
		NULL, NULL,
732
		NULL, NULL, NULL, NULL, NULL,
733
734
		offsetof(struct slap_internal_schema, si_ad_administrativeRole) },
	{ "subtreeSpecification", "( 2.5.18.6 NAME 'subtreeSpecification' "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
735
			"DESC 'RFC3672: subtree specification' "
736
737
738
			"SINGLE-VALUE "
			"USAGE directoryOperation "
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.45 )",
739
		subentryAttribute, SLAP_AT_HIDE,
740
		NULL, NULL,
741
		NULL, NULL, NULL, NULL, NULL,
742
		offsetof(struct slap_internal_schema, si_ad_subtreeSpecification) },
743

744
	/* subschema subentry attributes */
745
	{ "dITStructureRules", "( 2.5.21.1 NAME 'dITStructureRules' "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
746
			"DESC 'RFC4512: DIT structure rules' "
747
748
749
			"EQUALITY integerFirstComponentMatch "
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.17 "
			"USAGE directoryOperation ) ",
750
		subentryAttribute, SLAP_AT_HIDE,
751
		NULL, NULL,
752
		NULL, NULL, NULL, NULL, NULL,
753
		offsetof(struct slap_internal_schema, si_ad_ditStructureRules) },
754
	{ "dITContentRules", "( 2.5.21.2 NAME 'dITContentRules' "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
755
			"DESC 'RFC4512: DIT content rules' "
756
757
			"EQUALITY objectIdentifierFirstComponentMatch "
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.16 USAGE directoryOperation )",
758
		subentryAttribute, SLAP_AT_HIDE,
759
760
		oidValidate, NULL,
		NULL, NULL, objectClassMatch, NULL, NULL,
761
		offsetof(struct slap_internal_schema, si_ad_ditContentRules) },
762
	{ "matchingRules", "( 2.5.21.4 NAME 'matchingRules' "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
763
			"DESC 'RFC4512: matching rules' "
764
765
			"EQUALITY objectIdentifierFirstComponentMatch "
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.30 USAGE directoryOperation )",
766
		subentryAttribute, 0,
767
768
		oidValidate, NULL,
		NULL, NULL, matchingRuleMatch, NULL, NULL,
769
		offsetof(struct slap_internal_schema, si_ad_matchingRules) },
770
	{ "attributeTypes", "( 2.5.21.5 NAME 'attributeTypes' "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
771
			"DESC 'RFC4512: attribute types' "
772
773
			"EQUALITY objectIdentifierFirstComponentMatch "
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 USAGE directoryOperation )",
774
		subentryAttribute, 0,
775
776
		oidValidate, NULL,
		NULL, NULL, attributeTypeMatch, NULL, NULL,
777
778
		offsetof(struct slap_internal_schema, si_ad_attributeTypes) },
	{ "objectClasses", "( 2.5.21.6 NAME 'objectClasses' "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
779
			"DESC 'RFC4512: object classes' "
780
781
			"EQUALITY objectIdentifierFirstComponentMatch "
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.37 USAGE directoryOperation )",
782
		subentryAttribute, 0,
783
784
		oidValidate, NULL,
		NULL, NULL, objectClassMatch, NULL, NULL,
785
		offsetof(struct slap_internal_schema, si_ad_objectClasses) },
786
	{ "nameForms", "( 2.5.21.7 NAME 'nameForms' "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
787
			"DESC 'RFC4512: name forms ' "
788
789
			"EQUALITY objectIdentifierFirstComponentMatch "
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.35 USAGE directoryOperation )",
790
		subentryAttribute, SLAP_AT_HIDE,
791
		NULL, NULL,
792
		NULL, NULL, NULL, NULL, NULL,
793
		offsetof(struct slap_internal_schema, si_ad_nameForms) },
794
	{ "matchingRuleUse", "( 2.5.21.8 NAME 'matchingRuleUse' "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
795
			"DESC 'RFC4512: matching rule uses' "
796
797
			"EQUALITY objectIdentifierFirstComponentMatch "
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.31 USAGE directoryOperation )",
798
		subentryAttribute, 0,
799
800
		oidValidate, NULL,
		NULL, NULL, matchingRuleMatch, NULL, NULL,
801
		offsetof(struct slap_internal_schema, si_ad_matchingRuleUse) },
802

803
	{ "ldapSyntaxes", "( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes' "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
804
			"DESC 'RFC4512: LDAP syntaxes' "
805
806
			"EQUALITY objectIdentifierFirstComponentMatch "
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.54 USAGE directoryOperation )",
807
		subentryAttribute, 0,
808
		NULL, NULL,
809
		NULL, NULL, NULL, NULL, NULL,
810
811
		offsetof(struct slap_internal_schema, si_ad_ldapSyntaxes) },

812
	/* knowledge information */
813
814
	{ "aliasedObjectName", "( 2.5.4.1 "
			"NAME ( 'aliasedObjectName' 'aliasedEntryName' ) "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
815
			"DESC 'RFC4512: name of aliased object' "
816
817
			"EQUALITY distinguishedNameMatch "
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )",
818
		aliasAttribute, SLAP_AT_FINAL,
819
		NULL, NULL,
820
		NULL, NULL, NULL, NULL, NULL,
821
		offsetof(struct slap_internal_schema, si_ad_aliasedObjectName) },
822
	{ "ref", "( 2.16.840.1.113730.3.1.34 NAME 'ref' "
Kurt Zeilenga's avatar
Kurt Zeilenga committed
823
			"DESC 'RFC3296: subordinate referral URL' "
824
825
826
			"EQUALITY caseExactMatch "
			"SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 "
			"USAGE distributedOperation )",
827
		referralAttribute, 0,
828
		NULL, NULL,
829
		NULL, NULL, NULL, NULL, NULL,
830
831
		offsetof(struct slap_internal_schema, si_ad_ref) },

Kurt Zeilenga's avatar
Kurt Zeilenga committed
832
	/* access control internals */
833
834
835
836
837
	{ "entry", "( 1.3.6.1.4.1.4203.1.3.1 "
			"NAME 'entry' "
			"DESC 'OpenLDAP ACL entry pseudo-attribute' "
			"SYNTAX 1.3.6.1.4.1.4203.1.1.1 "
			"SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )",
838
		NULL, SLAP_AT_HIDE,
839
		NULL, NULL,
840
		NULL, NULL, NULL, NULL, NULL,
841
		offsetof(struct slap_internal_schema, si_ad_entry) },
842
843
844
845
846
	{ "children", "( 1.3.6.1.4.1.4203.1.3.2 "
			"NAME 'children' "
			"DESC 'OpenLDAP ACL children pseudo-attribute' "
			"SYNTAX 1.3.6.1.4.1.4203.1.1.1 "
			"SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )",
847
		NULL, SLAP_AT_HIDE,
848
		NULL, NULL,
849
		NULL, NULL, NULL, NULL, NULL,
850
		offsetof(struct slap_internal_schema, si_ad_children) },
Kurt Zeilenga's avatar
Kurt Zeilenga committed
851
852

	/* access control externals */
Kurt Zeilenga's avatar
Kurt Zeilenga committed
853
854
855
	{ "authzTo", "( 1.3.6.1.4.1.4203.666.1.8 "
			"NAME ( 'authzTo' 'saslAuthzTo' ) "
			"DESC 'proxy authorization targets' "
856
857
858
			"EQUALITY authzMatch "
			"SYNTAX 1.3.6.1.4.1.4203.666.2.7 "
			"X-ORDERED 'VALUES' "
859
			"USAGE distributedOperation )",
860
		NULL, SLAP_AT_HIDE,
861
		NULL, NULL,
862
		NULL, NULL, NULL, NULL, NULL,
863
		offsetof(struct slap_internal_schema, si_ad_saslAuthzTo)