Better management of LDAP schemas (#3)

29b23ec5 · Clément OUDOT · 919cb912 · 29b23ec5 · 29b23ec5 · 29b23ec5
Commit 29b23ec5 authored Sep 14, 2021 by Clément OUDOT
--- a/build/centos8/openldap-ltb/ansible/files/audit-fd-conf.ldif
+++ b/build/centos8/openldap-ltb/ansible/files/audit-fd-conf.ldif
+dn: cn=audit-fd-conf,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: audit-fd-conf
+##
+## audit-fd-conf.schema - Needed by Fusion Directory for managing audit plugin configuration backend
+##
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.61.1.1 NAME 'fdAuditActions'
+  DESC 'FusionDirectory - Actions to be stored by audit plugin'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.61.1.2 NAME 'fdAuditRDN'
+  DESC 'FusionDirectory - Audit RDN'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.61.1.3 NAME 'fdAuditRotationDelay'
+  DESC 'FusionDirectory - Actions to be stored by audit plugin'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE)
+olcObjectClasses: ( 1.3.6.1.4.1.38414.61.2.1 NAME 'fdAuditPluginConf'
+  DESC 'FusionDirectory audit plugin configuration'
+  SUP top AUXILIARY
+  MUST ( cn )
+  MAY ( fdAuditActions $ fdAuditRDN $ fdAuditRotationDelay ) )
--- a/build/centos8/openldap-ltb/ansible/files/audit-fd.ldif
+++ b/build/centos8/openldap-ltb/ansible/files/audit-fd.ldif
+dn: cn=audit-fd,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: audit-fd
+##
+## audit-fd.schema - Needed by Fusion Directory for audit
+##
+# Attributes
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.60.1.1 NAME 'fdAuditDateTime'
+  DESC 'FusionDirectory - audit date and time'
+  EQUALITY generalizedTimeMatch
+  ORDERING generalizedTimeOrderingMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+  SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.60.1.2 NAME 'fdAuditAction'
+  DESC 'FusionDirectory - audit action'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.60.1.3 NAME 'fdAuditAuthorDN'
+  DESC 'FusionDirectory - audit event author'
+  EQUALITY caseIgnoreMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+  SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.60.1.4 NAME 'fdAuditObject'
+  DESC 'FusionDirectory - audit event object'
+  EQUALITY caseIgnoreMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+  SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.60.1.5 NAME 'fdAuditObjectType'
+  DESC 'FusionDirectory - audit event object type'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.60.1.6 NAME 'fdAuditAttributes'
+  DESC 'FusionDirectory - audit event attributes'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.60.1.7 NAME 'fdAuditResult'
+  DESC 'FusionDirectory - audit action'
+  EQUALITY caseIgnoreMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+  SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.60.1.8 NAME 'fdAuditId'
+  DESC 'FusionDirectory - Random int to be used in the DN'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE)
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.60.1.9 NAME 'fdAuditAuthorIP'
+  DESC 'FusionDirectory - audit event author IP address'
+  EQUALITY caseIgnoreMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+  SINGLE-VALUE )
+# Object Class
+olcObjectClasses: (1.3.6.1.4.1.38414.60.2.1 NAME 'fdAuditEvent'
+  DESC 'FusionDirectory - audit event'
+  MUST ( fdAuditDateTime $ fdAuditAction $ fdAuditAuthorDN $ fdAuditObject $ fdAuditObjectType )
+  MAY  ( fdAuditAttributes $ fdAuditResult $ fdAuditId $ fdAuditAuthorIP ) )
--- a/build/centos8/openldap-ltb/ansible/files/core-fd-conf.ldif
+++ b/build/centos8/openldap-ltb/ansible/files/core-fd-conf.ldif
--- a/build/centos8/openldap-ltb/ansible/files/core-fd.ldif
+++ b/build/centos8/openldap-ltb/ansible/files/core-fd.ldif
+dn: cn=core-fd,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: core-fd
+##
+## core-fd.schema - Needed by FusionDirectory for its basic fonctionnalities
+##
+# Attributes
+olcAttributeTypes: ( 1.3.6.1.4.1.10098.1.1.12.30 NAME 'gosaGroupObjects'
+  DESC 'GOsa - List of all object types that are in a gosaGroupOfNames'
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
+olcAttributeTypes: ( 1.3.6.1.4.1.10098.1.1.12.34 NAME 'gosaAclTemplate'
+  DESC 'GOsa - ACL entries for ACL roles'
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+olcAttributeTypes: ( 1.3.6.1.4.1.10098.1.1.12.35 NAME 'gosaAclEntry'
+  DESC 'GOsa - ACL entries'
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+olcAttributeTypes: ( 1.3.6.1.4.1.10098.1.1.12.37 NAME 'gosaSnapshotTimestamp'
+  DESC 'GOsa - Unix timestamp of snapshot'
+  EQUALITY caseIgnoreMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+olcAttributeTypes: ( 1.3.6.1.4.1.10098.1.1.12.38 NAME 'gosaSnapshotDN'
+  DESC 'GOsa - Original DN of saved object in snapshot'
+  EQUALITY caseIgnoreMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+olcAttributeTypes: ( 1.3.6.1.4.1.10098.1.1.12.39 NAME 'gosaSnapshotData'
+  DESC 'GOsa - Original data of saved object in snapshot'
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 SINGLE-VALUE)
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.62.1.1 NAME 'fdUserDn'
+  DESC 'FusionDirectory - DN of a user'
+  EQUALITY caseIgnoreMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.62.1.2 NAME 'fdObjectDn'
+  DESC 'FusionDirectory - DN of an object'
+  EQUALITY caseIgnoreMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.62.1.3 NAME 'fdLockTimestamp'
+  DESC 'FusionDirectory - Lock token timestamp'
+  EQUALITY generalizedTimeMatch
+  ORDERING generalizedTimeOrderingMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.62.1.4 NAME 'fdSnapshotObjectType'
+  DESC 'FusionDirectory - object type of the snapshotted object'
+  EQUALITY caseIgnoreMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+# Subscriptions
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.62.11.1 NAME 'fdSubscriptionStartDate'
+  DESC 'FusionDirectory - Subscription Starting Date'
+  EQUALITY generalizedTimeMatch
+  ORDERING generalizedTimeOrderingMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.62.11.2 NAME 'fdSubscriptionEndDate'
+  DESC 'FusionDirectory - Subscription End Date'
+  EQUALITY generalizedTimeMatch
+  ORDERING generalizedTimeOrderingMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.62.11.3 NAME 'fdSubscriptionType'
+  DESC 'FusionDirectory - Subscription type'
+  EQUALITY caseIgnoreMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.62.11.4 NAME 'fdSubscriptionContractId'
+  DESC 'FusionDirectory - Subscription contract ID'
+  EQUALITY caseIgnoreMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.62.11.5 NAME 'fdSubscriptionName'
+  DESC 'FusionDirectory - Subscription client name'
+  SUP name )
+# Classes
+olcObjectClasses: ( 1.3.6.1.4.1.10098.1.2.1.19.4 NAME 'gosaDepartment' SUP top AUXILIARY
+  DESC 'GOsa - Class to mark Departments for GOsa'
+  MUST  ( ou $ description )
+  MAY   ( manager $ co $ labeledURI ) )
+olcObjectClasses: ( 1.3.6.1.4.1.10098.1.2.1.19.12 NAME 'gosaGroupOfNames'
+  DESC 'GOsa - Adds the gosaGroupObjects field to groupOfNames'
+  SUP top AUXILIARY
+  MUST ( cn $ gosaGroupObjects ) MAY ( member $ description ) )
+olcObjectClasses: ( 1.3.6.1.4.1.10098.1.2.1.19.17 NAME 'gosaRole'
+  DESC 'GOsa - ACL container to define ACL roles'
+  SUP top STRUCTURAL
+  MUST ( gosaAclTemplate $ cn )
+  MAY  ( description ) )
+olcObjectClasses: ( 1.3.6.1.4.1.10098.1.2.1.19.18 NAME 'gosaAcl'
+  DESC 'GOsa - ACL container to define single ACLs'
+  SUP top AUXILIARY
+  MUST ( gosaAclEntry  ))
+olcObjectClasses: ( 1.3.6.1.4.1.10098.1.2.1.19.19 NAME 'gosaSnapshotObject'
+  DESC 'GOsa - Container object for undo and snapshot data'
+  SUP top STRUCTURAL
+  MUST ( gosaSnapshotTimestamp $ gosaSnapshotDN $ gosaSnapshotData )
+  MAY  ( fdSnapshotObjectType $ description ) )
+olcObjectClasses: ( 1.3.6.1.4.1.38414.62.2.1 NAME 'fdLockEntry' SUP top STRUCTURAL
+  DESC 'FusionDirectory - Class for FD locking'
+  MUST ( fdUserDn $ fdObjectDn $ cn $ fdLockTimestamp ))
+olcObjectClasses: ( 1.3.6.1.4.1.38414.62.2.2 NAME 'fdSubscriptionInformation' SUP top STRUCTURAL
+  DESC 'FusionDirectory - Information about current subscription'
+  MUST ( cn )
+  MAY ( uid $ fdSubscriptionStartDate $ fdSubscriptionEndDate $ fdSubscriptionType $ fdSubscriptionContractId $ fdSubscriptionName ))
--- a/build/centos8/openldap-ltb/ansible/files/dsa-fd-conf.ldif
+++ b/build/centos8/openldap-ltb/ansible/files/dsa-fd-conf.ldif
+dn: cn=dsa-fd-conf,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: dsa-fd-conf
+##
+## dsa-fd.schema - Needed by Fusion Directory for managing DSA
+##
+# Attributes
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.13.1.1 NAME 'fdDSARDN'
+  DESC 'FusionDirectory - DSA RDN'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
+# Object Class
+olcObjectClasses: ( 1.3.6.1.4.1.38414.13.2.1 NAME 'fdDsaPluginConf'
+  DESC 'FusionDirectory dsa plugin configuration'
+  SUP top AUXILIARY
+  MUST ( cn )
+  MAY ( fdDSARDN ) )
--- a/build/centos8/openldap-ltb/ansible/files/ldapns.ldif
+++ b/build/centos8/openldap-ltb/ansible/files/ldapns.ldif
+dn: cn=ldapns,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: ldapns
+# $Id: ldapns.schema,v 1.3 2003/05/29 12:57:29 lukeh Exp $
+# LDAP Name Service Additional Schema
+# http://www.iana.org/assignments/gssapi-service-names
+olcAttributeTypes: ( 1.3.6.1.4.1.5322.17.2.1 NAME 'authorizedService'
+  DESC 'IANA GSS-API authorized service name'
+  EQUALITY caseIgnoreMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcObjectClasses: ( 1.3.6.1.4.1.5322.17.1.1 NAME 'authorizedServiceObject'
+  DESC 'Auxiliary object class for adding authorizedService attribute'
+  SUP top
+  AUXILIARY
+  MAY authorizedService )
+olcObjectClasses: ( 1.3.6.1.4.1.5322.17.1.2 NAME 'hostObject'
+  DESC 'Auxiliary object class for adding host attribute'
+  SUP top
+  AUXILIARY
+  MAY host )
--- a/build/centos8/openldap-ltb/ansible/files/mail-fd-conf.ldif
+++ b/build/centos8/openldap-ltb/ansible/files/mail-fd-conf.ldif
+dn: cn=mail-fd-conf,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: mail-fd-conf
+##
+## mail-fd-conf.schema - Needed by FusionDirectory Mail Plugin for its ldap backend configuration
+##
+# Attributes
+# Mail settings
+#fdVacationTemplateDirectory  -> seems unused
+#fdPostfixRestrictionFilters  -> seems unused
+#fdPostfixProtocols           -> seems unused
+# Used in mailMethod
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.10.10.2 NAME 'fdMailAttribute'
+  DESC 'FusionDirectory - Mail attribute'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.10.10.3 NAME 'fdMailUserCreation'
+  DESC 'FusionDirectory - Mail user creation'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.10.10.4 NAME 'fdMailFolderCreation'
+  DESC 'FusionDirectory - Mail folder creation'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.10.10.5 NAME 'fdCyrusUseSlashes'
+  DESC 'FusionDirectory - Mail cyrus use slashes'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+# Used in mailMethodCyrus
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.10.10.6 NAME 'fdCyrusDeleteMailbox'
+  DESC 'FusionDirectory - Mail cyrus delete mail box'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.10.10.7 NAME 'fdCyrusAutocreateFolders'
+  DESC 'FusionDirectory - Mail cyrus autocreate folders'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.10.10.8 NAME 'fdImapTimeout'
+  DESC 'FusionDirectory - IMAP timeout'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.10.10.9 NAME 'fdMailSharedPrefix'
+  DESC 'FusionDirectory - Prefix for mail shared folders'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+# Object Class
+olcObjectClasses: ( 1.3.6.1.4.1.38414.10.2.1 NAME 'fdMailPluginConf'
+  DESC 'FusionDirectory mail plugin configuration'
+  SUP top AUXILIARY
+  MUST ( )
+  MAY ( fdMailAttribute $ fdMailUserCreation $ fdMailFolderCreation $
+  fdCyrusUseSlashes $ fdCyrusDeleteMailbox $ fdCyrusAutocreateFolders $ fdImapTimeout $
+  fdMailSharedPrefix ) )
--- a/build/centos8/openldap-ltb/ansible/files/mail-fd.ldif
+++ b/build/centos8/openldap-ltb/ansible/files/mail-fd.ldif
+dn: cn=mail-fd,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: mail-fd
+##
+## mail-fd.schema - Needed by FusionDirectory Mail Plugin for its configuration
+##
+# Attributes
+# Mail settings
+olcAttributeTypes: ( 1.3.6.1.4.1.10098.1.1.12.4 NAME 'gosaMailServer'
+  DESC 'Specify users main mail server'
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+olcAttributeTypes: ( 1.3.6.1.4.1.10098.1.1.12.5 NAME 'gosaMailQuota'
+  DESC 'GOsa quota definitions'
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+olcAttributeTypes: ( 1.3.6.1.4.1.10098.1.1.12.6 NAME 'gosaMailAlternateAddress'
+  DESC 'Additional mail addresses where the user is reachable'
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+olcAttributeTypes: ( 1.3.6.1.4.1.10098.1.1.12.7 NAME 'gosaMailForwardingAddress'
+  DESC 'Addresses where to forward mail to'
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+olcAttributeTypes: ( 1.3.6.1.4.1.10098.1.1.12.8 NAME 'gosaMailMaxSize'
+  DESC 'Block mails bigger than this value'
+  OBSOLETE
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+olcAttributeTypes: ( 1.3.6.1.4.1.10098.1.1.12.9 NAME 'gosaSpamSortLevel'
+  DESC 'Spamassassins hits'
+  OBSOLETE
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+olcAttributeTypes: ( 1.3.6.1.4.1.10098.1.1.12.10 NAME 'gosaSpamMailbox'
+  DESC 'Where to put spam'
+  OBSOLETE
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+olcAttributeTypes: ( 1.3.6.1.4.1.10098.1.1.12.11 NAME 'gosaVacationMessage'
+  DESC 'Text to display in case of vacation'
+  EQUALITY caseIgnoreMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15)
+olcAttributeTypes: ( 1.3.6.1.4.1.10098.1.1.12.12 NAME 'gosaMailDeliveryMode'
+  DESC 'What to do with mails'
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+olcAttributeTypes: ( 1.3.6.1.4.1.10098.1.1.12.25 NAME 'gosaSharedFolderTarget'
+  DESC 'Keeps the target of cyrus shared folders'
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+olcAttributeTypes: ( 1.3.6.1.4.1.10098.1.1.12.41 NAME 'gosaVacationStart'
+  DESC 'Timestamp for enabling current vacation message'
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+olcAttributeTypes: ( 1.3.6.1.4.1.10098.1.1.12.42 NAME 'gosaVacationStop'
+  DESC 'Timestamp for switching off current vacation message'
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.10.13.1 NAME 'fdGroupMailLocalOnly'
+  DESC 'FusionDirectory - Group mail only allowed to receive local mail'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE)
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.10.13.2 NAME 'fdGroupMailMembersAcl'
+  DESC 'FusionDirectory - Group mail members IMAP ACL'
+  EQUALITY caseIgnoreIA5Match
+  SUBSTR caseIgnoreIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
+olcObjectClasses: ( 1.3.6.1.4.1.38414.10.2.2 NAME 'fdImapServer'
+  DESC 'FusionDirectory basic imap service'
+  SUP top AUXILIARY
+  MUST ( cn ) )
+olcObjectClasses: ( 1.3.6.1.4.1.10098.1.2.1.19.5 NAME 'gosaMailAccount' SUP top AUXILIARY
+  DESC 'Basic user mail account'
+  MUST ( mail )
+  MAY  ( gosaMailServer $ gosaMailDeliveryMode $ gosaMailQuota $
+  gosaMailAlternateAddress $ gosaMailForwardingAddress $
+  gosaVacationMessage $ gosaVacationStart $ gosaVacationStop $ gosaSharedFolderTarget $
+  gosaMailMaxSize $ gosaSpamSortLevel $ gosaSpamMailbox ))
+olcObjectClasses: ( 1.3.6.1.4.1.38414.10.2.5 NAME 'fdGroupMail' SUP top AUXILIARY
+  DESC 'Basic user group mailing list'
+  MUST ( mail )
+  MAY  ( gosaMailServer $ gosaMailAlternateAddress $ gosaMailForwardingAddress $
+  fdGroupMailLocalOnly $ fdGroupMailMembersAcl $
+  gosaMailMaxSize ))
--- a/build/centos8/openldap-ltb/ansible/files/openssh-lpk.ldif
+++ b/build/centos8/openldap-ltb/ansible/files/openssh-lpk.ldif
+dn: cn=openssh-lpk,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: openssh-lpk
+#
+# LDAP Public Key Patch schema for use with openssh-ldappubkey
+# Author: Eric AUGE <eau@phear.org>
+# 
+# Based on the proposal of : Mark Ruijter
+#
+# octetString SYNTAX
+olcAttributeTypes: ( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' 
+  DESC 'MANDATORY: OpenSSH Public key' 
+  EQUALITY octetStringMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+# printableString SYNTAX yes|no
+olcObjectClasses: ( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY
+  DESC 'MANDATORY: OpenSSH LPK objectclass'
+  MAY ( sshPublicKey $ uid ) 
+  )
--- a/build/centos8/openldap-ltb/ansible/files/personal-fd-conf.ldif
+++ b/build/centos8/openldap-ltb/ansible/files/personal-fd-conf.ldif
+dn: cn=personal-fd-conf,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: personal-fd-conf
+##
+## personal-fd.schema - Needed by Fusion Directory for personal plugin configuration
+##
+# Attributes
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.50.1.1 NAME 'fdPrivateEmailPasswordRecovery'
+  DESC 'FusionDirectory - Allow use of private email address for password recovery'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+# Object Class
+olcObjectClasses: ( 1.3.6.1.4.1.38414.50.2.1 NAME 'fdPersonalPluginConf'
+  DESC 'FusionDirectory personal plugin configuration'
+  SUP top AUXILIARY
+  MUST ( cn )
+  MAY ( fdPrivateEmailPasswordRecovery ) )
--- a/build/centos8/openldap-ltb/ansible/files/personal-fd.ldif
+++ b/build/centos8/openldap-ltb/ansible/files/personal-fd.ldif
+dn: cn=personal-fd,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: personal-fd
+##
+## personal-fd.schema - Needed by Fusion Directory for personal information
+##
+# Attributes
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.48.1.1 NAME 'fdSocialAccount'
+  DESC 'FusionDirectory - social accounts - syntax is site:id or protocole:id'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.48.1.2 NAME 'fdNickName'
+  DESC 'FusionDirectory - nickname'
+  SUP name )
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.48.1.3 NAME 'fdPrivateMail'
+  DESC 'FusionDirectory - private email used for identification'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.48.1.4 NAME 'fdContractStartDate'
+  DESC 'FusionDirectory - Contract Starting Date'
+  EQUALITY generalizedTimeMatch
+  ORDERING generalizedTimeOrderingMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.48.1.5 NAME 'fdContractEndDate'
+  DESC 'FusionDirectory - Contract End Date'
+  EQUALITY generalizedTimeMatch
+  ORDERING generalizedTimeOrderingMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.48.1.6 NAME 'fdBadge'
+  DESC 'FusionDirectory - Badge'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.48.1.7 NAME 'fdPhotoVisible'
+  DESC 'FusionDirectory - Tell if user Photo should be visible on external tools'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+# GOsa stuff
+olcAttributeTypes: ( 1.3.6.1.4.1.15305.2.1 NAME ( 'gender' 'sex' )
+  DESC    'Gender: M for male, F for female'
+  EQUALITY caseIgnoreIA5Match
+  SYNTAX  1.3.6.1.4.1.1466.115.121.1.26{1}
+  SINGLE-VALUE )
+olcAttributeTypes: ( 1.3.6.1.4.1.15305.2.2 NAME ( 'dateOfBirth' 'dob' )
+  DESC    'Date of birth in ISO 8601 format'
+  EQUALITY caseIgnoreMatch
+  SYNTAX  1.3.6.1.4.1.1466.115.121.1.15{10}
+  SINGLE-VALUE )
+# Objectclasses
+olcObjectClasses: (1.3.6.1.4.1.38414.48.2.1 NAME 'fdPersonalInfo' SUP top AUXILIARY
+  DESC 'FusionDirectory - User personal tab'
+  MUST ( )
+  MAY ( fdSocialAccount $ fdNickName $ fdPrivateMail $ fdBadge $
+  personalTitle $ dateOfBirth $ gender $ fdContractStartDate $ fdContractEndDate $ fdPhotoVisible $ co ))
--- a/build/centos8/openldap-ltb/ansible/files/ppolicy-fd-conf.ldif
+++ b/build/centos8/openldap-ltb/ansible/files/ppolicy-fd-conf.ldif
+dn: cn=ppolicy-fd-conf,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: ppolicy-fd-conf
+##
+## ppolicy-fd.schema - Needed by Fusion Directory for managing ppolicies
+##
+# Attributes
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.45.1.1 NAME 'fdPpolicyRDN'
+  DESC 'FusionDirectory - ppolicy RDN'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.45.1.2 NAME 'fdPpolicyDefaultCn'
+  OBSOLETE
+  DESC 'FusionDirectory - cn of the default ppolicy'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactIA5SubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE)
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.45.1.3 NAME 'fdPpolicyDefaultDn'
+  DESC 'FusionDirectory - dn of the default ppolicy'
+  EQUALITY distinguishedNameMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+  SINGLE-VALUE)
+# Object Class
+olcObjectClasses: ( 1.3.6.1.4.1.38414.45.2.1 NAME 'fdPpolicyPluginConf'
+  DESC 'FusionDirectory ppolicy plugin configuration'
+  SUP top AUXILIARY
+  MUST ( cn )
+  MAY ( fdPpolicyRDN $ fdPpolicyDefaultCn $ fdPpolicyDefaultDn ) )
--- a/build/centos8/openldap-ltb/ansible/files/template-fd.ldif
+++ b/build/centos8/openldap-ltb/ansible/files/template-fd.ldif
+dn: cn=template-fd,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: template-fd
+##
+## template-fd.schema - Needed by Fusion Directory for managing templates
+##
+# Attributes
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.38.1.1 NAME 'fdTemplateField'
+  DESC 'FusionDirectory - template field'
+  EQUALITY octetStringMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40)
+# Objectclasses
+olcObjectClasses: (1.3.6.1.4.1.38414.38.2.1 NAME 'fdTemplate'
+  DESC 'FusionDirectory - template object'
+  MUST ( cn )
+  MAY ( fdTemplateField ) )
--- a/build/centos8/openldap-ltb/ansible/files/webservice-fd-conf.ldif
+++ b/build/centos8/openldap-ltb/ansible/files/webservice-fd-conf.ldif
+dn: cn=webservice-fd-conf,cn=schema,cn=config
+objectClass: olcSchemaConfig
+cn: webservice-fd-conf
+##
+## webservice-fd-conf.schema - Needed by Fusion Directory for webservice configuration
+##
+# Attributes
+olcAttributeTypes: ( 1.3.6.1.4.1.38414.44.1.1 NAME 'fdWebserviceForceSSL'
+  DESC 'FusionDirectory - Force SSL for JSON-RPC calls'
+  EQUALITY booleanMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+  SINGLE-VALUE )
+# Object Class
+olcObjectClasses: ( 1.3.6.1.4.1.38414.44.2.1 NAME 'fdWebservicePluginConf'
+  DESC 'FusionDirectory webservice plugin configuration'
+  SUP top AUXILIARY
+  MUST ( cn $ fdWebserviceForceSSL ) )
--- a/build/centos8/openldap-ltb/ansible/install.yaml
+++ b/build/centos8/openldap-ltb/ansible/install.yaml
@@ -69,3 +69,25 @@
        path: /var/run/slapd
        state: directory
        mode: 750
+  - name: Install FD schemas
+    copy:
+      src: "{{ item }}"
+      dest: /usr/local/openldap/etc/openldap/schema/
+      owner: root
+      group: root
+      mode: 644
+    with_items:
+      - core-fd.ldif
+      - core-fd-conf.ldif
+      - ldapns.ldif
+      - template-fd.ldif
+      - ppolicy-fd-conf.ldif
+      - openssh-lpk.ldif
+      - dsa-fd-conf.ldif
+      - mail-fd.ldif
+      - mail-fd-conf.ldif
+      - personal-fd.ldif
+      - personal-fd-conf.ldif
+      - webservice-fd-conf.ldif
+      - audit-fd.ldif
+      - audit-fd-conf.ldif
--- a/build/centos8/openldap-ltb/ansible/templates/config.ldif.j2
+++ b/build/centos8/openldap-ltb/ansible/templates/config.ldif.j2