[SR-Dev] git:janakj/ldap: - example SER LDAP schema

Jan Janak jan at iptel.org
Fri Feb 13 00:57:03 CET 2009


Module: sip-router
Branch: janakj/ldap
Commit: 5cede19dc92e67081f6d0ecbc7629c940f5f6915
URL:    http://git.sip-router.org/cgi-bin/gitweb.cgi/sip-router/?a=commit;h=5cede19dc92e67081f6d0ecbc7629c940f5f6915

Author: Jan Janak <jan at iptel.org>
Committer: Jan Janak <jan at iptel.org>
Date:   Tue May 13 14:35:59 2008 +0000

- example SER LDAP schema

---

 modules/db_ldap/ser.schema |  259 ++++++++++++++++++++++++++++++++++++++++++++
 1 files changed, 259 insertions(+), 0 deletions(-)

diff --git a/modules/db_ldap/ser.schema b/modules/db_ldap/ser.schema
new file mode 100644
index 0000000..2c25c6d
--- /dev/null
+++ b/modules/db_ldap/ser.schema
@@ -0,0 +1,259 @@
+#
+# $Id$
+#
+# This is the default LDAP schema of SER for OpenLDAP.
+# Written by Jan Janak <jan at iptel.org>.
+#
+
+#
+# The root OID of IANA private enterprise numbers
+#
+objectIdentifier ianaPrivate 1.3.6.1.4.1
+
+#
+# The root OID of many LDAPv3 attributes
+#
+objectIdentifier ldap3OID ianaPrivate:1466
+
+#
+# The root OID assigned by the IANA to iptel.org
+#
+objectIdentifier iptelorg ianaPrivate:24960
+
+#
+# SER related objects and attributes
+#
+objectIdentifier ser	          iptelorg:0
+objectIdentifier serLDAP          ser:1
+objectIdentifier serAttributeType serLDAP:0
+objectIdentifier serObjectClass   serLDAP:1
+
+#
+# Convenience macros for commonly used syntax OIDs
+#
+objectIdentifier ldapSyntax          ldap3OID:115.121.1
+objectIdentifier stringSyntax        ldapSyntax:15
+objectIdentifier octetStringSyntax   ldapSyntax:40
+objectIdentifier bitStringSyntax     ldapSyntax:6
+objectIdentifier intSyntax           ldapSyntax:27
+objectIdentifier numericStringSyntax ldapSyntax:36
+objectIdentifier binarySyntax        ldapSyntax:5
+objectIdentifier boolSyntax          ldapSyntax:7
+
+#
+# This is the parent attribute type for various UID attributes of SER, such
+# as serUID and serDID.
+#
+attributeType ( serAttributeType:0 
+	NAME 'serUUID'
+	DESC 'SER Universally Unique Identifier'
+	SYNTAX stringSyntax
+	SINGLE-VALUE 
+ )
+
+#
+# serUID attribute stores universally unique identifiers of SER users, the
+# identifier is an opaque string by default.
+#
+attributeType ( serAttributeType:1 NAME 'serUID'
+	DESC 'SER User Identifier'
+	SUP serUUID 
+ )
+
+#
+# serDID attributes contain universally unique identifiers of virtual SER
+# domains. They are used to group a bunch of domain names together in a
+# single virtual domain.
+#
+attributeType ( serAttributeType:2 NAME 'serDID'
+	DESC 'SER Domain Identifier'
+	SUP serUUID
+ )
+
+#
+# digesetUsername attribute contains the value of username field from
+# digest authentication credentials as specified in RFC2617. This attribute,
+# together with digestRealm, is used by SER during digest authentication to
+# lookup credentaials of a particular user.
+#
+attributeType ( serAttributeType:3 NAME 'digestUsername'
+	DESC 'SIP Digest Authentication username'
+	SYNTAX stringSyntax
+	EQUALITY caseIgnoreMatch
+	SINGLE-VALUE
+ )
+
+#
+# digestRealm attribute contains the value of realm field from digest
+# authentication credentials as specified in RFC2617. This attribute, 
+# together with digestUsername, is used by SER during digest authentication 
+# to lookup credentials of a particular user.
+#
+attributeType ( serAttributeType:4 NAME 'digestRealm'
+	DESC 'SIP Digest Authentication realm attribute'
+	SYNTAX stringSyntax
+	EQUALITY caseIgnoreMatch
+	SINGLE-VALUE
+ )
+
+#
+# digestPassword attribute contains the plain-text password for digest 
+# authentication (see RFC2617)
+#
+attributeType ( serAttributeType:5 NAME 'digestPassword'
+	DESC 'SIP Digest Authentication password'
+	SYNTAX octetStringSyntax
+	EQUALITY octetStringMatch
+	SINGLE-VALUE
+ )
+
+#
+# The attribute serFlags contains various SER and SERWeb related flags,
+# the flags are used to mark entries as deleted or disabled, they are
+# used to mark entries that are exclusively for SER or SERWeb, and so on.
+# The maximum length of the bit string fields is 32 bits, the most
+# significant bits of values longer than 32 will be ignored.
+#
+attributeType ( serAttributeType:6 NAME 'serFlags'
+	DESC 'SER flags'
+	SYNTAX bitStringSyntax
+	EQUALITY bitStringMatch
+	SINGLE-VALUE
+ )
+
+#
+# This attribute contains the HA1 string as defined in RFC2617. The 
+# string is an MD5 hash of digest username, realm, and password. 
+# See RFC2617 for more details. SER is using either HA1 or plain-text
+# password (depending on configuration) when verifying digest credentials.
+#
+attributeType ( serAttributeType:7 NAME 'digestHA1'
+    DESC 'Digest Authentication HA1 String'
+    SYNTAX octetStringSyntax
+    EQUALITY octetStringMatch
+    SINGLE-VALUE
+ )
+
+#
+# This attribute contains the HA1 string as defined in RFC2617. This is
+# similar to digestHA1 attribute, except that the MD5 hash in digestHA1b
+# also includes a domain part in username, so the username is of form
+# user at domain. This is sometimes needed when authenticating user agents
+# that put user at domain into the digest username field.
+#
+attributeType ( serAttributeType:8 NAME 'digestHA1b'
+    DESC 'Digest Authentication HA1 String (includes domain in username)'
+    SYNTAX octetStringSyntax
+    EQUALITY octetStringMatch
+    SINGLE-VALUE
+ )
+
+#
+# This attribute stores a domain name within a virtual domain handled
+# by a SER server. SER users this value to determine whether the SIP
+# requests are to/from one of its virtual domains.
+#
+attributeType ( serAttributeType:9 NAME 'serDomain'
+    DESC 'Domain Name'
+    SYNTAX stringSyntax
+    EQUALITY caseIgnoreMatch
+    SINGLE-VALUE
+ )
+
+#
+# SER attributes is a generic mechanism for storing configuration data.
+# This attribute contains the name of an SER attribute.
+#
+attributeType ( serAttributeType:10 NAME 'serAttrName'
+    DESC 'SER Attribute Name'
+	SYNTAX stringSyntax
+    EQUALITY caseExactMatch
+    SINGLE-VALUE
+ )
+
+#
+# SER attributes is a generic mechanism for storing configuration data.
+# This attribute contains SER attribute type. There are two types of
+# SER attributes: integer and string.
+#
+attributeType ( serAttributeType:11 NAME 'serAttrType'
+    DESC 'SER Attribute Type'
+    SYNTAX intSyntax
+	SINGLE-VALUE
+ )
+
+#
+# SER attributes is a generic mechanism for storing configuration data.
+# This attribute contains the value (as string) of a SER attribute.
+#
+attributeType ( serAttributeType:12 NAME 'serAttrValue'
+    DESC 'SER Attribute Value'
+    SYNTAX stringSyntax
+    EQUALITY caseExactMatch
+    SINGLE-VALUE
+ )
+
+#
+# digestAuthCredentials objects are used by SER to perform digest
+# authentication as defined in RFC3261 and RFC2617. Every object must
+# contain a username, a realm, and a UID of the user who owns the
+# credentials. In addition to that the object can contains either
+# password in plain-text format, or the HA1 string, or both. Which of
+# them will be used by SER depends on the configuration.
+#
+# This is an analogy to 'credentials' table found in SER relational
+# database schema.
+#
+objectClass ( serObjectClass:0 NAME 'digestAuthCredentials'
+	DESC 'Credentials for SIP Digest Authentication'
+	MUST ( digestUsername $ digestRealm $ serUID $ serFlags )
+	MAY ( serDID $ digestPassword $ digestHA1 $ digestHA1b )	
+ )
+
+#
+# serDomain objects are used to store the information about virtual
+# domains supported by a SER server. The purpose of the object is
+# to map domain names (which appear in SIP messages) to universally
+# unique domain identifiers and vice versa. 
+#
+# This is an analogy to 'domain' table found in SER relational database
+# schema.
+#
+objectClass ( serObjectClass:1 NAME 'serDomain'
+    DESC 'SER Virtual Domains'
+    MUST ( serDID $ serDomain $ serFlags )
+ )
+
+#
+# This is an abstract class that can be used as a base for other classes
+# storing SER uri/user/domain/global attributes. An object storing SER 
+# attributes must contain serAttrName, serAttrType, serAttrValue, and 
+# serFlags attributes.
+#
+objectClass ( serObjectClass:2 NAME 'serAttrAbstract'
+    ABSTRACT
+    MUST ( serAttrName $ serAttrType $ serAttrValue $ serFlags )
+ )
+
+#
+# An auxiliary class that can be used to extend other objects in an LDAP
+# directory with the possibility to store SER attributes.
+#
+objectClass ( serObjectClass:3 NAME 'serAttr'
+    AUXILIARY
+    SUP serAttrAbstract
+ )
+
+#
+# This class is used to store domain level attributes. Domain level
+# attributes are attributes used to store configuration information related
+# to a virtual domain (i.e. common configuration for all users/URIs within
+# that virtual domain), such as digest authentication realm or default 
+# language.
+#
+objectClass ( serObjectClass:4 NAME 'serDomainAttr'
+    DESC 'SER Domain Attributes'
+    SUP serAttrAbstract
+    MUST ( serDID )
+ )
+




More information about the sr-dev mailing list