2013.10.24

[uclinux-h8/uClinux-dist.git] / user / pam_ldap / ns-pwd-policy.schema

#ident $Id: ns-pwd-policy.schema,v 1.2 2004/03/01 23:47:57 lukeh Exp $
#
# Netscape password policy schema
# draft-vchu-ldap-pwd-policy-00.txt
#

attributetype ( 2.16.840.1.113730.3.1.97
        NAME 'passwordMaxAge'
        DESC 'the number of seconds after which user passwords will expire'
        EQUALITY integerMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
        
attributetype ( 2.16.840.1.113730.3.1.98
        NAME 'passwordExp'
        DESC 'a flag which indicates whether passwords will expire after a
              given number of seconds'
        EQUALITY booleanMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
        
attributetype ( 2.16.840.1.113730.3.1.99
        NAME 'passwordMinLength'
        DESC 'the minimum number of characters that must be used in a password'
        EQUALITY integerMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
        
attributetype ( 2.16.840.1.113730.3.1.100
        NAME 'passwordKeepHistory'
        DESC 'a flag which indicates whether passwords can be reused'
        EQUALITY booleanMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
        
attributetype ( 2.16.840.1.113730.3.1.101
        NAME 'passwordInHistory'
        DESC 'the number of passwords the directory server stores in history'
        EQUALITY integerMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
        
attributetype ( 2.16.840.1.113730.3.1.102
        NAME 'passwordChange'
        DESC 'a flag which indicates whether users can change their passwords'
        EQUALITY booleanMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
        
attributetype ( 2.16.840.1.113730.3.1.103
        NAME 'passwordCheckSyntax'
        DESC 'a flag which indicates whether the password syntax will be checked
                  before the password is saved'
        EQUALITY booleanMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
        
attributetype ( 2.16.840.1.113730.3.1.104
        NAME 'passwordWarning'
        DESC 'the number of seconds before a users password is due to expire that
              the user will be sent a warning message'
        EQUALITY integerMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
        
attributetype ( 2.16.840.1.113730.3.1.105
        NAME 'passwordLockout'
        DESC 'a flag which indicates whether users will be locked out of the
              directory after a given number of consecutive failed bind attempts'
        EQUALITY booleanMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

attributetype ( 2.16.840.1.113730.3.1.106
        NAME 'passwordMaxFailure'
        DESC 'the number of consecutive failed bind attempts after which a user
              will be locked out of the directory'
        EQUALITY integerMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
        
attributetype ( 2.16.840.1.113730.3.1.108
        NAME 'passwordUnlock'
        DESC 'a flag which indicates whether a user will be locked out of the
              directory for a given number of seconds or until the administrator
              resets the password after an account lockout'
        EQUALITY booleanMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
        
attributetype ( 2.16.840.1.113730.3.1.109
        NAME 'passwordLockoutDuration'
        DESC 'the number of seconds that users will be locked out of the directory
              after an account lockout'
        EQUALITY integerMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
        
attributetype ( 2.16.840.1.113730.3.1.220
        NAME 'passwordMustChange'
        DESC 'a flag which indicates whether users must change their passwords when
              they first bind to the directory server'
        EQUALITY booleanMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
        
attributetype ( 2.16.840.1.113730.3.1.221
        NAME 'passwordStorageScheme'
        DESC 'the type of hash algorithm used to store directory server passwords'
        EQUALITY caseIgnoreMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
        
attributetype ( 2.16.840.1.113730.3.1.222
        NAME 'passwordMinAge'
        DESC 'the number of seconds that must elapse before a user can change their
              password again'
        EQUALITY integerMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
        
attributetype ( 2.16.840.1.113730.3.1.223
        NAME 'passwordResetFailureCount'
        DESC 'the number of seconds after which the password failure counter will
              be reset'
        EQUALITY integerMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )

objectclass ( 2.16.840.1.113730.3.2.13
        NAME 'passwordPolicy'
        AUXILIARY
        SUP top
        DESC 'Password Policy object class to hold password policy information'
        MAY ( passwordMaxAge $ passwordExp $ passwordMinLength $
              passwordKeepHistory $ passwordInHistory $ passwordChange $
              passwordCheckSyntax $ passwordWarning $ passwordLockout $
              passwordMaxFailure $ passwordUnlock $ passwordLockoutDuration $
              passwordMustChange $ passwordStorageScheme $ passwordMinAge $
              passwordResetFailureCount )
        )

attributetype ( 2.16.840.1.113730.3.1.91
        NAME 'passwordExpirationTime'
        DESC 'the time the entrys password expires'
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
        EQUALITY generalizedTimeMatch
        ORDERING generalizedTimeOrderingMatch
        SINGLE-VALUE USAGE dSAOperation )

attributetype ( 2.16.840.1.113730.3.1.92
        NAME 'passwordExpWarned'
        DESC 'a flag which indicates whether a password expiration warning is sent
              to the client'
        EQUALITY booleanMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
        SINGLE-VALUE USAGE dSAOperation )

attributetype  ( 2.16.840.1.113730.3.1.93
        NAME 'passwordRetryCount'
        DESC 'the count of consecutive failed password attempts'
        EQUALITY integerMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
        SINGLE-VALUE USAGE dSAOperation )

attributetype ( 2.16.840.1.113730.3.1.94
        NAME 'retryCountResetTime'
        DESC 'the time to reset the passwordRetryCount'
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
        EQUALITY generalizedTimeMatch
        ORDERING generalizedTimeOrderingMatch
        SINGLE-VALUE USAGE dSAOperation )

attributetype ( 2.16.840.1.113730.3.1.95
        NAME 'accountUnlockTime'
        DESC 'the time that the user can bind again after an account lockout'
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
        EQUALITY generalizedTimeMatch
        ORDERING generalizedTimeOrderingMatch
        SINGLE-VALUE USAGE dSAOperation )

attributetype ( 2.16.840.1.113730.3.1.96
        NAME 'passwordHistory'
        DESC 'the history of users passwords'
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
        EQUALITY octetStringMatch USAGE dSAOperation )

attributetype ( 2.16.840.1.113730.3.1.214
        NAME 'passwordAllowChangeTime'
        DESC 'the time that the user is allowed change the password'
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
        EQUALITY generalizedTimeMatch
        ORDERING generalizedTimeOrderingMatch
        SINGLE-VALUE USAGE dSAOperation )

objectclass ( 2.16.840.1.113730.3.2.12
        NAME 'passwordObject'
        AUXILIARY
        SUP top
        DESC 'Password object class to hold password policy information for each
              entry'
        MAY ( passwordExpirationTime $ passwordExpWarned $ passwordRetryCount $
              retryCountResetTime $ accountUnlockTime $ passwordHistory $
              passwordAllowChangeTime )
        )