Initial version

servers/slapd/schema/core.schema

+
+# Standard schema from RFC2251-RFC2256
+
+# Standard X.501(93) Operational Attribute Types from RFC2252
+
+attribute ( 2.5.18.1 NAME 'createTimestamp' EQUALITY generalizedTimeMatch
+      ORDERING generalizedTimeOrderingMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+      SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
+
+attribute ( 2.5.18.2 NAME 'modifyTimestamp' EQUALITY generalizedTimeMatch
+      ORDERING generalizedTimeOrderingMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+      SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
+
+attribute ( 2.5.18.3 NAME 'creatorsName' EQUALITY distinguishedNameMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+      SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
+
+attribute ( 2.5.18.4 NAME 'modifiersName' EQUALITY distinguishedNameMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+      SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
+
+attribute ( 2.5.18.10 NAME 'subschemaSubentry'
+      EQUALITY distinguishedNameMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION
+      SINGLE-VALUE USAGE directoryOperation )
+
+attribute ( 2.5.21.5 NAME 'attributeTypes'
+      EQUALITY objectIdentifierFirstComponentMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 USAGE directoryOperation )
+
+attribute ( 2.5.21.6 NAME 'objectClasses'
+      EQUALITY objectIdentifierFirstComponentMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.37 USAGE directoryOperation )
+
+attribute ( 2.5.21.4 NAME 'matchingRules'
+      EQUALITY objectIdentifierFirstComponentMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.30 USAGE directoryOperation )
+
+attribute ( 2.5.21.8 NAME 'matchingRuleUse'
+      EQUALITY objectIdentifierFirstComponentMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.31 USAGE directoryOperation )
+
+# LDAP Operational Attributes from RFC2252
+
+attribute ( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts'
+     SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperation )
+
+attribute ( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer'
+     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE dSAOperation )
+
+attribute ( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension'
+     SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
+
+attribute ( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl'
+     SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
+
+attribute ( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms'
+     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE dSAOperation )
+
+attribute ( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion'
+     SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE dSAOperation )
+
+# LDAP Subschema Atrribute from RFC2252
+
+attribute ( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes'
+      EQUALITY objectIdentifierFirstComponentMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.54 USAGE directoryOperation )
+
+# X.500 Subschema attributes from RFC2252
+
+attribute ( 2.5.21.1 NAME 'dITStructureRules' EQUALITY integerFirstComponentMatch
+   SYNTAX 1.3.6.1.4.1.1466.115.121.1.17 USAGE directoryOperation )
+
+attribute ( 2.5.21.7 NAME 'nameForms'
+      EQUALITY objectIdentifierFirstComponentMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.35 USAGE directoryOperation )
+
+attribute ( 2.5.21.2 NAME 'dITContentRules'
+      EQUALITY objectIdentifierFirstComponentMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.16 USAGE directoryOperation )
+
+# Object Classes from RFC2252
+
+objectclass ( 1.3.6.1.4.1.1466.101.120.111 NAME 'extensibleObject'
+      SUP top AUXILIARY )
+
+# ldapSyntaxes (operational) is admissible in next:
+
+objectclass ( 2.5.20.1 NAME 'subschema' AUXILIARY
+      MAY ( dITStructureRules $ nameForms $ ditContentRules $
+      objectClasses $ attributeTypes $ matchingRules $
+      matchingRuleUse ) )
+
+# Standard attribute types from RFC2256
+
+attribute ( 2.5.4.0 NAME 'objectClass' EQUALITY objectIdentifierMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+
+attribute ( 2.5.4.1 NAME 'aliasedObjectName' EQUALITY distinguishedNameMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
+
+# Defined, but no longer used
+
+attribute ( 2.5.4.2 NAME 'knowledgeInformation' EQUALITY caseIgnoreMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+
+attribute ( 2.5.4.3 NAME ( 'cn' 'commonName' ) SUP name )
+
+attribute ( 2.5.4.4 NAME ( 'sn' 'surname' ) SUP name )
+
+attribute ( 2.5.4.5 NAME 'serialNumber' EQUALITY caseIgnoreMatch
+      SUBSTR caseIgnoreSubstringsMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64} )
+
+# (2-letter code from ISO 3166)
+
+attribute ( 2.5.4.6 NAME ( 'c' 'countryName' ) SUP name SINGLE-VALUE )
+
+attribute ( 2.5.4.7 NAME ( 'l' 'localityName' ) SUP name )
+
+attribute ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' ) SUP name )
+
+attribute ( 2.5.4.9 NAME ( 'street' 'streetAddress' ) EQUALITY caseIgnoreMatch
+      SUBSTR caseIgnoreSubstringsMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attribute ( 2.5.4.10 NAME ( 'o' 'organizationName' ) SUP name )
+
+attribute ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' ) SUP name )
+
+attribute ( 2.5.4.12 NAME 'title' SUP name )
+
+attribute ( 2.5.4.13 NAME 'description' EQUALITY caseIgnoreMatch
+      SUBSTR caseIgnoreSubstringsMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
+
+# Obsoleted by enhancedSearchGuide
+
+attribute ( 2.5.4.14 NAME 'searchGuide'
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.25 )
+
+attribute ( 2.5.4.15 NAME 'businessCategory' EQUALITY caseIgnoreMatch
+     SUBSTR caseIgnoreSubstringsMatch
+     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attribute ( 2.5.4.16 NAME 'postalAddress' EQUALITY caseIgnoreListMatch
+     SUBSTR caseIgnoreListSubstringsMatch
+     SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+attribute ( 2.5.4.17 NAME 'postalCode' EQUALITY caseIgnoreMatch
+     SUBSTR caseIgnoreSubstringsMatch
+     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
+
+attribute ( 2.5.4.18 NAME 'postOfficeBox' EQUALITY caseIgnoreMatch
+     SUBSTR caseIgnoreSubstringsMatch
+     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40} )
+
+attribute ( 2.5.4.19 NAME 'physicalDeliveryOfficeName' EQUALITY caseIgnoreMatch
+     SUBSTR caseIgnoreSubstringsMatch
+     SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attribute ( 2.5.4.20 NAME 'telephoneNumber' EQUALITY telephoneNumberMatch
+     SUBSTR telephoneNumberSubstringsMatch
+     SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32} )
+
+attribute ( 2.5.4.21 NAME 'telexNumber'
+     SYNTAX 1.3.6.1.4.1.1466.115.121.1.52 )
+
+attribute ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
+     SYNTAX 1.3.6.1.4.1.1466.115.121.1.51 )
+
+attribute ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
+     SYNTAX 1.3.6.1.4.1.1466.115.121.1.22 )
+
+attribute ( 2.5.4.24 NAME 'x121Address' EQUALITY numericStringMatch
+     SUBSTR numericStringSubstringsMatch
+     SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15} )
+
+attribute ( 2.5.4.25 NAME 'internationaliSDNNumber' EQUALITY numericStringMatch
+     SUBSTR numericStringSubstringsMatch
+     SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16} )
+
+attribute ( 2.5.4.26 NAME 'registeredAddress' SUP postalAddress
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
+
+attribute ( 2.5.4.27 NAME 'destinationIndicator' EQUALITY caseIgnoreMatch
+      SUBSTR caseIgnoreSubstringsMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128} )
+
+attribute ( 2.5.4.28 NAME 'preferredDeliveryMethod'
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
+      SINGLE-VALUE )
+
+attribute ( 2.5.4.29 NAME 'presentationAddress'
+      EQUALITY presentationAddressMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
+      SINGLE-VALUE )
+
+attribute ( 2.5.4.30 NAME 'supportedApplicationContext'
+      EQUALITY objectIdentifierMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
+
+# SUP comes later
+
+attribute ( 2.5.4.31 NAME 'member' SUP distinguishedName )
+
+attribute ( 2.5.4.32 NAME 'owner' SUP distinguishedName )
+
+attribute ( 2.5.4.33 NAME 'roleOccupant' SUP distinguishedName )
+
+attribute ( 2.5.4.34 NAME 'seeAlso' SUP distinguishedName )
+
+attribute ( 2.5.4.35 NAME 'userPassword' EQUALITY octetStringMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
+
+# Must be stored and requested in the binary form, as
+# userCertificate;binary
+
+attribute ( 2.5.4.36 NAME 'userCertificate'
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+
+# As above
+
+attribute ( 2.5.4.37 NAME 'cACertificate'
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.8 )
+
+# As above
+
+attribute ( 2.5.4.38 NAME 'authorityRevocationList'
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+
+# As above
+
+attribute ( 2.5.4.39 NAME 'certificateRevocationList'
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+
+# As above
+
+attribute ( 2.5.4.40 NAME 'crossCertificatePair'
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.10 )
+
+# Out of order!!!
+
+attribute ( 2.5.4.41 NAME 'name' EQUALITY caseIgnoreMatch
+      SUBSTR caseIgnoreSubstringsMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+
+attribute ( 2.5.4.42 NAME 'givenName' SUP name )
+
+attribute ( 2.5.4.43 NAME 'initials' SUP name )
+
+attribute ( 2.5.4.45 NAME 'x500UniqueIdentifier' EQUALITY bitStringMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
+
+attribute ( 2.5.4.46 NAME 'dnQualifier' EQUALITY caseIgnoreMatch
+      ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
+
+attribute ( 2.5.4.47 NAME 'enhancedSearchGuide'
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.21 )
+
+attribute ( 2.5.4.48 NAME 'protocolInformation'
+      EQUALITY protocolInformationMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
+
+# Out of order!!!
+# We had a dn definition in slapd.at.conf and Netscape lists both
+# names for that OID
+
+attribute ( 2.5.4.49 NAME ( 'distinguishedName' 'dn' ) EQUALITY distinguishedNameMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
+
+attribute ( 2.5.4.50 NAME 'uniqueMember' EQUALITY uniqueMemberMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
+
+attribute ( 2.5.4.51 NAME 'houseIdentifier' EQUALITY caseIgnoreMatch
+      SUBSTR caseIgnoreSubstringsMatch
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
+
+# This attribute is to be stored and requested in the binary form, as
+# 'supportedAlgorithms;binary'.
+
+attribute ( 2.5.4.52 NAME 'supportedAlgorithms'
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.49 )
+
+# This attribute is to be stored and requested in the binary form, as
+# 'deltaRevocationList;binary'.
+
+attribute ( 2.5.4.53 NAME 'deltaRevocationList'
+      SYNTAX 1.3.6.1.4.1.1466.115.121.1.9 )
+
+attribute ( 2.5.4.54 NAME 'dmdName' SUP name )
+
+# Standard object classes from RFC2256
+
+objectclass ( 2.5.6.0 NAME 'top' ABSTRACT MUST objectClass )
+
+objectclass ( 2.5.6.1 NAME 'alias' SUP top STRUCTURAL MUST aliasedObjectName )
+
+objectclass ( 2.5.6.2 NAME 'country' SUP top STRUCTURAL MUST c
+     MAY ( searchGuide $ description ) )
+
+objectclass ( 2.5.6.3 NAME 'locality' SUP top STRUCTURAL
+     MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
+
+objectclass ( 2.5.6.4 NAME 'organization' SUP top STRUCTURAL MUST o
+     MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+     x121Address $ registeredAddress $ destinationIndicator $
+     preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+     telephoneNumber $ internationaliSDNNumber $
+     facsimileTelephoneNumber $
+     street $ postOfficeBox $ postalCode $ postalAddress $
+     physicalDeliveryOfficeName $ st $ l $ description ) )
+
+objectclass ( 2.5.6.5 NAME 'organizationalUnit' SUP top STRUCTURAL MUST ou
+     MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+     x121Address $ registeredAddress $ destinationIndicator $
+     preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+     telephoneNumber $ internationaliSDNNumber $
+     facsimileTelephoneNumber $
+     street $ postOfficeBox $ postalCode $ postalAddress $
+     physicalDeliveryOfficeName $ st $ l $ description ) )
+
+objectclass ( 2.5.6.6 NAME 'person' SUP top STRUCTURAL MUST ( sn $ cn )
+     MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
+
+objectclass ( 2.5.6.7 NAME 'organizationalPerson' SUP person STRUCTURAL
+     MAY ( title $ x121Address $ registeredAddress $
+     destinationIndicator $
+     preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+     telephoneNumber $ internationaliSDNNumber $
+     facsimileTelephoneNumber $
+     street $ postOfficeBox $ postalCode $ postalAddress $
+     physicalDeliveryOfficeName $ ou $ st $ l ) )
+
+# Notice that preferredDeliveryMethod is duplicate
+
+objectclass ( 2.5.6.8 NAME 'organizationalRole' SUP top STRUCTURAL MUST cn
+     MAY ( x121Address $ registeredAddress $ destinationIndicator $
+     preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+     telephoneNumber $ internationaliSDNNumber $
+     facsimileTelephoneNumber $
+     seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $
+     postOfficeBox $ postalCode $ postalAddress $
+     physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
+
+objectclass ( 2.5.6.9 NAME 'groupOfNames' SUP top STRUCTURAL MUST ( member $ cn )
+     MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+
+# Notice that preferredDeliveryMethod is duplicate
+# It seems they could not agree on wheter telephoneNumber is MAY
+# in person.  Probably it wasn't originally at was added as an
+# afterthought
+
+objectclass ( 2.5.6.10 NAME 'residentialPerson' SUP person STRUCTURAL MUST l
+     MAY ( businessCategory $ x121Address $ registeredAddress $
+     destinationIndicator $ preferredDeliveryMethod $ telexNumber $
+     teletexTerminalIdentifier $ telephoneNumber $
+     internationaliSDNNumber $
+     facsimileTelephoneNumber $ preferredDeliveryMethod $ street $
+     postOfficeBox $ postalCode $ postalAddress $
+     physicalDeliveryOfficeName $ st $ l ) )
+
+objectclass ( 2.5.6.11 NAME 'applicationProcess' SUP top STRUCTURAL MUST cn
+     MAY ( seeAlso $ ou $ l $ description ) )
+
+objectclass ( 2.5.6.12 NAME 'applicationEntity' SUP top STRUCTURAL
+     MUST ( presentationAddress $ cn )
+     MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $
+     description ) )
+
+# This one was wrong in our schema, it only allowed the aditional
+# knowledgeInformation attribute, while it is derived from
+# applicationEntity and should allow all its attributes as well.
+
+objectclass ( 2.5.6.13 NAME 'dSA' SUP applicationEntity STRUCTURAL
+     MAY knowledgeInformation )
+
+objectclass ( 2.5.6.14 NAME 'device' SUP top STRUCTURAL MUST cn
+     MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
+
+objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser' SUP top AUXILIARY
+     MUST userCertificate )
+
+objectclass ( 2.5.6.16 NAME 'certificationAuthority' SUP top AUXILIARY
+     MUST ( authorityRevocationList $ certificateRevocationList $
+     cACertificate ) MAY crossCertificatePair )
+
+# New
+
+objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames' SUP top STRUCTURAL
+     MUST ( uniqueMember $ cn )
+     MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+
+# New
+
+objectclass ( 2.5.6.18 NAME 'userSecurityInformation' SUP top AUXILIARY
+     MAY ( supportedAlgorithms ) )
+
+# New
+
+objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2' SUP
+     certificationAuthority
+     AUXILIARY MAY ( deltaRevocationList ) )
+
+# New
+
+objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint' SUP top STRUCTURAL
+     MUST ( cn ) MAY ( certificateRevocationList $
+     authorityRevocationList $
+     deltaRevocationList ) )
+
+# New
+
+objectclass ( 2.5.6.20 NAME 'dmd' SUP top STRUCTURAL MUST ( dmdName )
+     MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+     x121Address $ registeredAddress $ destinationIndicator $
+     preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+     telephoneNumber $ internationaliSDNNumber $
+     facsimileTelephoneNumber $
+     street $ postOfficeBox $ postalCode $ postalAddress $
+     physicalDeliveryOfficeName $ st $ l $ description ) )
+

servers/slapd/schema/misc.schema

+
+# Assorted definitions from several sources
+
+# This file uses definitions from slapd.std.schema and
+# slapd.pilot.schema
+
+# This comes from RFC2247
+
+objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject' SUP top AUXILIARY MUST dc )
+
+# This comes from RFC2377
+
+objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject' SUP top AUXILIARY MUST uid )
+
+# Origin of this has not been identified.  We had it and Netscape has it
+# too.
+
+attribute ( 1.3.6.1.4.1.250.1.60 NAME ( 'timeToLive' 'ttl' )
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+objectclass ( 1.3.6.1.4.1.250.3.18 NAME 'cacheObject' SUP top MAY ttl )

servers/slapd/schema/pilot.schema

+
+# These come from RFC1274 and are in ASN.1 syntax.  They have been
+# translated with some imagination.  Only attributes and classes we
+# already had are here.  In general, the matching rules in the
+# attribute types are incomplete or incorrect and have to be checked.
+
+# Note: It seems that the pilot schema evolved beyond what was
+# described in RFC1274.  It also seems that Umich followed the changes
+# but we don't know where are documented.  More worrisome is that it
+# seems that Netscape does not know either.  Searches on Altavista
+# have not shed any light, so we will have to ask for help.
+
+# This file uses definitions from slapd.std.schema
+
+# ccitt.data.pss.ucl.pilot ( 0.9.2342.19200300.100 )
+#	1 pilotAttributeType
+#	3 pilotAttributeSyntax
+#	4 pilotObjectClass
+#	10 pilotGroups
+
+# Believe it or not, this is case-insensitive
+
+attribute ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' )
+	EQUALITY caseIgnoreMatch
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress'
+	EQUALITY caseIgnoreMatch
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' )
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( 0.9.2342.19200300.100.1.4 NAME 'info' EQUALITY caseIgnoreMatch
+	 SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDrink' )
+	EQUALITY caseIgnoreMatch
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber'
+	EQUALITY caseIgnoreMatch
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( 0.9.2342.19200300.100.1.7 NAME 'photo'
+	 SYNTAX '1.3.6.1.4.1.1466.115.121.1.5' )
+
+attribute ( 0.9.2342.19200300.100.1.8 NAME 'userClass'
+	EQUALITY caseIgnoreMatch
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( 0.9.2342.19200300.100.1.9 NAME 'host'
+	EQUALITY caseIgnoreMatch
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( 0.9.2342.19200300.100.1.10 NAME 'manager'
+	EQUALITY distinguishedNameMatch
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )
+
+attribute ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier'
+	EQUALITY caseIgnoreMatch
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle'
+	EQUALITY caseIgnoreMatch
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attributes ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion'
+	EQUALITY caseIgnoreMatch
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attributes ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor'
+	EQUALITY distinguishedNameMatch
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )
+
+attributes ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation'
+	EQUALITY caseIgnoreMatch
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( 0.9.2342.19200300.100.1.20 NAME ( 'homeTelephoneNumber' 'homePhone' )
+	EQUALITY telephoneNumberMatch
+	SUBSTR telephoneNumberSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+attribute ( 0.9.2342.19200300.100.1.21 NAME 'secretary'
+	EQUALITY distinguishedNameMatch
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )
+
+# Netscape defines this with syntax 1.15 TBC
+
+attribute ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox'
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.39' )
+
+# Netscape defines this with syntax 1.15 TBC
+
+attribute ( 0.9.2342.19200300.100.1.23 NAME 'lastModifiedTime'
+	EQUALITY ??
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.53 )
+
+attribute ( 0.9.2342.19200300.100.1.24 NAME 'lastModifiedBy'
+	EQUALITY distinguishedNameMatch
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )
+
+# This is the definition as defined in RFC2247
+
+attribute ( 0.9.2342.19200300.100.1.25 NAME 'dc'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+# This is aRecord in RFC1274.  However, objectclass dNSDomain as we
+# and Netscape use it is very different.
+
+attribute ( 0.9.2342.19200300.100.1.26 NAME 'dNSRecord'
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+# 0.9.2342.19200300.100.1.27 was probably intended to be mDRecord in
+# RFC1274, but they got it wrong and did not define it, thought it
+# is referenced by dNSDomain in it.
+
+# 0.9.2342.19200300.100.1.28 was mXRecord in RFC1274
+# 0.9.2342.19200300.100.1.29 was nSRecord in RFC1274
+# 0.9.2342.19200300.100.1.30 was sOARecord in RFC1274
+# 0.9.2342.19200300.100.1.31 was cNAMERecord in RFC1274
+
+attribute ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( 0.9.2342.19200300.100.1.38 NAME 'associatedName' DESC
+	EQUALITY distinguishedNameMatch
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )
+
+# Netscape gives syntax 1.15 to this.  TBC
+
+attribute ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress'
+	EQUALITY ??
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.41' )
+
+attribute ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle'
+	EQUALITY caseIgnoreMatch
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( 0.9.2342.19200300.100.1.41 NAME ( 'mobileTelephoneNumber' 'mobile' )
+	EQUALITY telephoneNumberMatch
+	SUBSTR telephoneNumberSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+attribute ( 0.9.2342.19200300.100.1.42 NAME ( 'pagerTelephoneNumber' 'pager' )
+	EQUALITY telephoneNumberMatch
+	SUBSTR telephoneNumberSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
+
+attribute ( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlyCountryName' )
+	EQUALITY caseIgnoreMatch
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier'
+	EQUALITY caseIgnoreMatch
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus'
+	EQUALITY caseIgnoreMatch
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+# Netscape gives syntax 1.27 (integer).  However, 1.32 is only listed
+# in RFC2252 without explanation.  The SINGLE-VALUE thing comes from
+# Netscape and is not backed by RFC1274.
+
+attribute ( 0.9.2342.19200300.100.1.47 NAME 'mailPreferenceOption'
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.32' SINGLE-VALUE )
+
+# 0.9.2342.19200300.100.1.48 was buildingName in RFC1274
+# 0.9.2342.19200300.100.1.49 was dSAQuality in RFC1274
+# 0.9.2342.19200300.100.1.50 was singleLevelQuality in RFC1274
+# 0.9.2342.19200300.100.1.51 was subtreeMinimumQuality in RFC1274
+# 0.9.2342.19200300.100.1.52 was subtreeMaximumQuality in RFC1274
+
+# Netscape assigns binary syntax to this.  RFC1274 is more detailed
+# about this but RFC2252 does not seem to list a specific syntax.
+# We had this as 'bin'
+
+attribute ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature'
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.5' )
+
+attribute ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect'
+	 EQUALITY distinguishedNameMatch
+	 SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )
+
+# Netscape gives syntax 1.5 to this.  We had it as 'bin'.
+
+attribute ( 0.9.2342.19200300.100.1.55 NAME 'audio'
+	 SYNTAX '1.3.6.1.4.1.1466.115.121.1.4' )
+
+attribute ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher'
+	EQUALITY caseIgnoreMatch
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+# This one is ripped from Netscape and is a pilot object.  It is not
+# in RFC1274, but we had it as 'bin'.
+
+attribute ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto'
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.5' )
+
+# These attributes are pilot-related attributes that we had and Netscape
+# has too, however, the OID is unknown for them and Netscape uses a
+# string in place of the missing OID.  We will do the same until we
+# can make head or tails of this.
+
+attribute ( abstract-oid NAME 'abstract'
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( authorcn-oid NAME ( 'documentAuthorCommonName' 'authorCn' )
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( authorsn-oid NAME ( 'documentAuthorSurname' 'authorSn' )
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( documentStore-oid NAME 'documentStore'
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( keyWords-oid NAME 'keyWords'
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attribute ( obsoletedByDocument-oid NAME 'obsoletedByDocument'
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )
+
+attributes ( obsoletesDocument-oid NAME 'obsoletesDocument'
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )
+
+attributes ( subject-oid NAME 'subject'
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attributes ( updatedByDocument-oid NAME 'updatedByDocument'
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )
+
+attributes ( updatesDocument-oid NAME 'updatesDocument'
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' )
+
+# In classes, STRUCTURAL or AUXILIARY is chosen depending on the
+# textual description that accompanies the class in RFC1274
+
+# This is pilotObject from the RFC.  However, we had both photo
+# and jpegPhoto attributes.  Nestcape does too.
+
+objectclass ( 0.9.2342.19200300.100.4.3 NAME 'pilotObject' SUP top
+	AUXILIARY MAY ( info $ photo $ manager $ uniqueIdentifier $
+	lastModifiedTime $ lastModifiedBy $ dITRedirect $ audio $
+	jpegPhoto ) )
+
+# This is probably wrong.  RFC1274 defines a pilotPerson.  We did not
+# have it and we did have a newPilotPerson instead.  However, the
+# definition is the same.  Maybe it changed and was not reflected
+# in the RFC.
+
+objectclass ( 0.9.2342.19200300.100.4.4 NAME 'newPilotPerson' SUP person
+	STRUCTURAL MAY ( uid $ textEncodedORAddress $ mail $ drink $
+	roomNumber $ userClass $ homePhone $ homePostalAddress $
+	secretary $ personalTitle $ preferredDeliveryMethod $
+	businessCategory $ janetMailbox $ otherMailbox $ mobile $
+	pager $ organizationalStatus $ mailPreferenceOption $
+	personalSignature ) )
+
+# The text is unclear about whether it is STRUCTURAL or AUXILIARY
+# I think it was meant to be STRUCTURAL, it is the least restrictive
+# of the options and RFC2377 explains uidObject as an auxiliary.
+
+objectclass ( 0.9.2342.19200300.100.4.5 NAME 'account' SUP top
+	STRUCTURAL MUST uid MAY ( description $ seeAlso $ l $ o $ ou $
+	host ) )
+
+# Netscape says this is derived from pilotObject, but RFC1274 says top.
+# Which is it?  Our attribute list matches that of Netscape, so we will
+# go with Netscape for the time being.
+
+# Besides, this objectclass is a mess.  I can only presume that
+# originally documentAuthor, but later someone noticed that not all
+# authors had DN's, so authorCN and authorSN were added.  Other
+# attributes were added as well.  However, either no one remembered to
+# assign OIDs to these attribute types or their assignments have been
+# lost.  See their definitions above for the Netscape kludge that we
+# have adopted.  FIX NEEDED.
+
+objectclass ( 0.9.2342.19200300.100.4.6 NAME 'document' SUP pilotObject
+	MUST documentIdentifier MAY ( cn $ description $ seeAlso $ l $
+	o $ ou $ documentTitle $ documentVersion $ documentAuthor $
+	documentLocation $ documentPublisher $
+	abstract $ authorCN $ authorSN $ documentStore $ keywords $
+	obsoletedByDocument $ obsoletesDocument $ subject $
+	updatedByDocument $ updatesDocument ) )
+
+objectclass ( 0.9.2342.19200300.100.4.7 NAME 'room' SUP top STRUCTURAL
+	MUST cn MAY ( roomNumber $ description $ seeAlso $ telephoneNumber ) )
+
+objectclass ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries' SUP top
+	STRUCTURAL MUST cn MAY ( description $ seeAlso $ telephonenumber $
+	l $ o $ ou ) )
+
+# This definition is much longer than that in RFC1274 and is taken from RFC2247
+
+objectclass ( 0.9.2342.19200300.100.4.13 NAME 'domain' SUP top STRUCTURAL
+     MUST dc
+     MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $
+     x121Address $ registeredAddress $ destinationIndicator $
+     preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $
+     telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $
+     street $ postOfficeBox $ postalCode $ postalAddress $
+     physicalDeliveryOfficeName $ st $ l $ description $ o $
+     associatedName ) )
+
+# This class has in RFC1274 two attributes postalAttributeSet and
+# telecomunicationAttributeSet that we did not have.  We let them out
+# for now.  Netscape does not have them either.
+
+objectclass ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart' SUP domain
+	MAY ( cn $ sn $ description $ seeAlso $ telephonenumber ) )
+
+# Another wonderful inconsistency.  This objectclass has little
+# relationship to the way it was defined in RFC1274, that was derived
+# from domain, adding ARecord, MDRecord, MXRecord, NSRecord, SOARecord
+# and CNAMERecord attribute types of syntax DNSRecordSyntax.  On the
+# other hand, we had dNSRecord and Netscape has it too.  The OID for
+# dNSRecord is the one used in RFC1274 for ARecord.  Netscape also has
+# a manager attribute type here that we did not.  It seems a mistake
+# and we do not include it.
+
+objectclass ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain' SUP 'domain'
+	MAY dnsrecord )
+
+objectclass ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject'
+	SUP 'top'  MUST associatedDomain )
+
+# Well, first notice we (and Netscape) were using co as short for
+# friendlyCountryName
+
+objectclass ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry' SUP country
+	MUST co )
+
+objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
+	SUP top MUST userPassword )
+
+# Nice test case of class with two superiors.  Netscape does not give
+# OID for this objectclass and gives top as its superior.  We use the
+# OID given in RFC1274
+
+objectclass ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization'
+	SUP ( organization $ organizationalUnit ) MAY buildingName )
+
+
+
+