# ldap-acl-milter https://github.com/chillout2k/ldap-acl-milter
#
# https://www.iana.org/assignments/enterprise-numbers/enterprise-numbers
# DC IT-Consulting
# Dominik Chilla
#
# OID prefix: 1.3.6.1.4.1.53501
#
# Attributes: 1.3.6.1.4.1.53501.1.1

attributetype ( 1.3.6.1.4.1.53501.1.1.1
	NAME 'policyID'
	DESC 'Policy ID'
	EQUALITY caseExactIA5Match
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128}
	SINGLE-VALUE)

attributetype ( 1.3.6.1.4.1.53501.1.1.3
	NAME 'allowedSenders'
	DESC 'Allowed RFC5321.from'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{254})

attributetype ( 1.3.6.1.4.1.53501.1.1.4
	NAME 'allowedRcpts'
	DESC 'Denied RFC5321.to'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{254})

attributetype ( 1.3.6.1.4.1.53501.1.1.5
	NAME 'deniedSenders'
	DESC 'Allowed RFC5321.from'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{254})

attributetype ( 1.3.6.1.4.1.53501.1.1.6
	NAME 'deniedRcpts'
	DESC 'Denied RFC5321.to'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{254})

attributetype ( 1.3.6.1.4.1.53501.1.1.7
	NAME 'allowedClientAddr'
	DESC 'Allowed client IPv4/IPv6 address'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64})

attributetype ( 1.3.6.1.4.1.53501.1.1.8
	NAME 'deniedClientAddr'
	DESC 'Denied client IPv4/IPv6 address'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64})

attributetype ( 1.3.6.1.4.1.53501.1.1.9
	NAME 'allowedSaslUser'
	DESC 'Allowed SASL authentication user'
	EQUALITY caseExactIA5Match
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64})

attributetype ( 1.3.6.1.4.1.53501.1.1.10
	NAME 'extBLOB'
	DESC 'placeholder for binary extensions'
	EQUALITY caseIgnoreIA5Match
	SUBSTR caseIgnoreIA5SubstringsMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4096})

attributetype ( 1.3.6.1.4.1.53501.1.1.11
	NAME 'allowedx509subject'
	DESC 'Allowed x509 Common Name - subject'
	EQUALITY caseExactIA5Match
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64})

attributetype ( 1.3.6.1.4.1.53501.1.1.12
	NAME 'allowedx509issuer'
	DESC 'Allowed x509 Common Name - issuer'
	EQUALITY caseExactIA5Match
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64})

#
# Objects: 1.3.6.1.4.1.53501.1.2
#
objectclass ( 1.3.6.1.4.1.53501.1.2.1
	NAME 'lamPolicy'
	DESC 'ldap-acl-milter policy'
	SUP top	STRUCTURAL
	MUST policyID
  MAY	 ( allowedRcpts $ deniedRcpts $
	  allowedSenders $ deniedSenders $
		allowedClientAddr $ deniedClientAddr $
		allowedSaslUser $ extBLOB $
		allowedx509subject $ allowedx509issuer )
	)