From 03c78b7fb81b34e438b14292316be6b6bf073d46 Mon Sep 17 00:00:00 2001 From: Dominik Chilla Date: Sun, 6 Feb 2022 21:54:29 +0100 Subject: [PATCH] ldap-acl-milter --- ldap-acl-milter/ldap-acl-milter.schema | 99 ++++++++++++++++++++++++++ 1 file changed, 99 insertions(+) create mode 100644 ldap-acl-milter/ldap-acl-milter.schema diff --git a/ldap-acl-milter/ldap-acl-milter.schema b/ldap-acl-milter/ldap-acl-milter.schema new file mode 100644 index 0000000..cf137cf --- /dev/null +++ b/ldap-acl-milter/ldap-acl-milter.schema @@ -0,0 +1,99 @@ +# ldap-acl-milter https://github.com/chillout2k/ldap-acl-milter +# +# https://www.iana.org/assignments/enterprise-numbers/enterprise-numbers +# DC IT-Consulting +# Dominik Chilla +# +# OID prefix: 1.3.6.1.4.1.53501 +# +# Attributes: 1.3.6.1.4.1.53501.1.1 + +attributetype ( 1.3.6.1.4.1.53501.1.1.1 + NAME 'policyID' + DESC 'Policy ID' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} + SINGLE-VALUE) + +attributetype ( 1.3.6.1.4.1.53501.1.1.3 + NAME 'allowedSenders' + DESC 'Allowed RFC5321.from' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{254}) + +attributetype ( 1.3.6.1.4.1.53501.1.1.4 + NAME 'allowedRcpts' + DESC 'Denied RFC5321.to' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{254}) + +attributetype ( 1.3.6.1.4.1.53501.1.1.5 + NAME 'deniedSenders' + DESC 'Allowed RFC5321.from' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{254}) + +attributetype ( 1.3.6.1.4.1.53501.1.1.6 + NAME 'deniedRcpts' + DESC 'Denied RFC5321.to' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{254}) + +attributetype ( 1.3.6.1.4.1.53501.1.1.7 + NAME 'allowedClientAddr' + DESC 'Allowed client IPv4/IPv6 address' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64}) + +attributetype ( 1.3.6.1.4.1.53501.1.1.8 + NAME 'deniedClientAddr' + DESC 'Denied client IPv4/IPv6 address' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64}) + +attributetype ( 1.3.6.1.4.1.53501.1.1.9 + NAME 'allowedSaslUser' + DESC 'Allowed SASL authentication user' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64}) + +attributetype ( 1.3.6.1.4.1.53501.1.1.10 + NAME 'extBLOB' + DESC 'placeholder for binary extensions' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4096}) + +attributetype ( 1.3.6.1.4.1.53501.1.1.11 + NAME 'allowedx509subject' + DESC 'Allowed x509 Common Name - subject' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64}) + +attributetype ( 1.3.6.1.4.1.53501.1.1.12 + NAME 'allowedx509issuer' + DESC 'Allowed x509 Common Name - issuer' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64}) + +# +# Objects: 1.3.6.1.4.1.53501.1.2 +# +objectclass ( 1.3.6.1.4.1.53501.1.2.1 + NAME 'lamPolicy' + DESC 'ldap-acl-milter policy' + SUP top STRUCTURAL + MUST policyID + MAY ( allowedRcpts $ deniedRcpts $ + allowedSenders $ deniedSenders $ + allowedClientAddr $ deniedClientAddr $ + allowedSaslUser $ extBLOB $ + allowedx509subject $ allowedx509issuer ) + ) +