[Freeipa-users] Problem FreeIPA 4.1.3 for vCenter 5.5u2b SSO

Fri Mar 6 16:01:48 UTC 2015

this result from
#strings /usr/lib/openldap/slapd | grep "1.3.6.1.4"

On 3/6/15 10:40 PM, Rich Megginson wrote:
> On 03/06/2015 07:54 AM, Herwono W Wijaya wrote:
>> FreeIPA logs:
>> [06/Mar/2015:21:51:15 +0700] conn=30 op=0 BIND 
>> dn="uid=admin,cn=users,cn=compat,dc=server,dc=local" method=128 version=3
>> [06/Mar/2015:21:51:15 +0700] conn=30 op=0 RESULT err=0 tag=97 
>> nentries=0 etime=0 dn="uid=admin,cn=users,cn=accounts,dc=server,dc=local"
>> [06/Mar/2015:21:51:15 +0700] conn=30 op=1 SRCH 
>> base="cn=users,cn=compat,dc=server,dc=local" scope=2 
>> filter="(objectClass=inetOrgPerson)" attrs="uid description givenName 
>> sn mail useraccountcontrol pwdaccountlockedtime entryuuid"
>> [06/Mar/2015:21:51:15 +0700] conn=30 op=1 RESULT err=0 tag=101 
>> nentries=2 etime=0 notes=P
>> [06/Mar/2015:21:51:15 +0700] conn=30 op=2 UNBIND
>> [06/Mar/2015:21:51:15 +0700] conn=30 op=2 fd=99 closed - U1
>>
>> vCenter SSO error:
>> Error: Idm client exception: Control not found
>
> There's no error log debug level which will give us all of the 
> controls received by the server or all of the controls sent back by 
> the server.  The TRACE level will give us some information.
>
> But the problem appears to be that vCenter is expecting some control.  
> There is no way we can tell what control that might be by analyzing 
> the LDAP protocol, even with wireshark.  If the vCenter documentation 
> does not suffice, and VMWare support is not forthcoming, then we might 
> be able to reverse engineer the code. For example, search the code, if 
> scripts, or use something like the "strings" command on binaries, to 
> look for well known OID prefixes.
>
> For example, from dirsrv:
> # strings /usr/lib64/lib/dirsrv/libslapd.so.0.0.0|grep "1.3.6.1.4"
> 1.3.6.1.4.1.1466.115.121.1.34
> 1.3.6.1.4.1.1466.115.121.1.12
> 1.3.6.1.4.1.1466.115.121.1.15
> 1.3.6.1.4.1.42.2.27.8.5.1
> 1.3.6.1.4.1.42.2.27.9.5.2
> ...
>
> If we can narrow down the list of possible control OIDs that vCenter 
> knows about, we can perhaps figure out if 389 supports them.
>
>>
>> On 3/6/15 8:45 PM, Herwono W Wijaya wrote:
>>> sorry my mistake, okay I'll check slapd log files and try to figure 
>>> out what happened
>>>
>>> On 3/6/15 8:43 PM, Martin Kosek wrote:
>>>> This is the directory on FreeIPA server that the vCenter is 
>>>> authenticating useres against.
>>>>
>>>> On 03/06/2015 02:40 PM, Herwono W Wijaya wrote:
>>>>> there is no directory "/var/log/dirsrv/" in 5.5u2b version
>>>>>
>>>>> On 3/6/15 8:34 PM, Gianluca Cecchi wrote:
>>>>>> On Fri, Mar 6, 2015 at 2:12 PM, Martin Kosek <mkosek at redhat.com
>>>>>> <mailto:mkosek at redhat.com>> wrote:
>>>>>>
>>>>>>     Ah, I am not sure what control do they mean.
>>>>>>
>>>>>>     But in general, when, it is always interesting to check the 
>>>>>> LDAP access
>>>>>>     logs to see the last failed request and then try the same 
>>>>>> search with
>>>>>>     ldapsearch and fix things.
>>>>>>
>>>>>>     Martin
>>>>>>
>>>>>>
>>>>>> see my previous e-mail:
>>>>>>
>>>>>> /var/log/dirsrv/slapd-REALM-NAME/
>>>>>>
>>>>>> contains log and you will see which kind of queries vSphere is 
>>>>>> doing.
>>>>>>
>>>>>> Gianluca
>>>>>
>>>>> -- 
>>>>> Regards, Herwono W Wijaya https://linuxcoding.org | *VMware 
>>>>> vExpert 2014, 2015
>>>>> <https://communities.vmware.com/vexpert.jspa?src=vmw_so_vex_hwija_769&username=herwonowr>* 
>>>>>
>>>>>
>>>>
>>>
>>> -- 
>>> Regards, Herwono W Wijaya https://linuxcoding.org | *VMware vExpert 
>>> 2014, 2015 
>>> <https://communities.vmware.com/vexpert.jspa?src=vmw_so_vex_hwija_769&username=herwonowr>* 
>>>
>>>
>>>
>>
>> -- 
>> Regards, Herwono W Wijaya https://linuxcoding.org | *VMware vExpert 
>> 2014, 2015 
>> <https://communities.vmware.com/vexpert.jspa?src=vmw_so_vex_hwija_769&username=herwonowr>* 
>>
>>
>>
>
>
>

-- 
Regards,
Herwono W Wijaya
https://linuxcoding.org | *VMware vExpert 2014, 2015 
<https://communities.vmware.com/vexpert.jspa?src=vmw_so_vex_hwija_769&username=herwonowr>* 

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://listman.redhat.com/archives/freeipa-users/attachments/20150306/b3d65c44/attachment.htm>
-------------- next part --------------
1.3.6.1.4.1.4203.1.12.2
1.3.6.1.4.1.1466.115.121.1
extended=1.3.6.1.4.1.1466.20037
extended=1.3.6.1.4.1.4203.1.11.1
extended=1.3.6.1.4.1.4203.1.11.3
1.3.6.1.4.1.1466.20036
1.3.6.1.4.1.1466.115.121.1.27
1.3.6.1.4.1.1466.115.121.1.34
1.3.6.1.4.1.1466.115.121.1.12
group "%s" attr "%s": inappropriate syntax: %s; must be 1.3.6.1.4.1.1466.115.121.1.12 (DN), 1.3.6.1.4.1.1466.115.121.1.34 (NameUID) or a subtype of labeledURI.
1.3.6.1.4.1.4203.666.5.15
1.3.6.1.4.1.4203.1.10.1
1.3.6.1.4.1.4203.666.5.2
1.3.6.1.4.1.4203.666.5.12
1.3.6.1.4.1.1466.101.119.1
1.3.6.1.4.1.4203.1.11.1
1.3.6.1.4.1.4203.1.11.3
1.3.6.1.4.1.4203.666.11.2.1
1.3.6.1.4.1.1466.115.121.1.8
1.3.6.1.4.1.1466.115.121.1.9
1.3.6.1.4.1.1466.115.121.1.44
1.3.6.1.4.1.1466.115.121.1.17
1.3.6.1.4.1.1466.115.121.1.38
1.3.6.1.4.1.1466.115.121.1.3
1.3.6.1.4.1.1466.115.121.1.16
1.3.6.1.4.1.1466.115.121.1.54
1.3.6.1.4.1.1466.115.121.1.30
1.3.6.1.4.1.1466.115.121.1.31
1.3.6.1.4.1.1466.115.121.1.35
1.3.6.1.4.1.1466.115.121.1.37
1.3.6.1.4.1.4203.666.4.4
1.3.6.1.4.1.4203.666.4.5
1.3.6.1.4.1.1466.115.121.1.15
1.3.6.1.4.1.1466.115.121.1.26
1.3.6.1.4.1.4203.666.11.10.2.1
( 1.3.6.1.4.1.1466.115.121.1.1 DESC 'ACI Item' X-BINARY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' )
( 1.3.6.1.4.1.1466.115.121.1.2 DESC 'Access Point' X-NOT-HUMAN-READABLE 'TRUE' )
( 1.3.6.1.4.1.1466.115.121.1.3 DESC 'Attribute Type Description' )
( 1.3.6.1.4.1.1466.115.121.1.4 DESC 'Audio' X-NOT-HUMAN-READABLE 'TRUE' )
( 1.3.6.1.4.1.1466.115.121.1.5 DESC 'Binary' X-NOT-HUMAN-READABLE 'TRUE' )
( 1.3.6.1.4.1.1466.115.121.1.6 DESC 'Bit String' )
( 1.3.6.1.4.1.1466.115.121.1.7 DESC 'Boolean' )
( 1.3.6.1.4.1.1466.115.121.1.8 DESC 'Certificate' X-BINARY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' )
( 1.3.6.1.4.1.1466.115.121.1.9 DESC 'Certificate List' X-BINARY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' )
( 1.3.6.1.4.1.1466.115.121.1.10 DESC 'Certificate Pair' X-BINARY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' )
( 1.3.6.1.4.1.4203.666.11.10.2.1 DESC 'X.509 AttributeCertificate' X-BINARY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' )
( 1.3.6.1.4.1.1466.115.121.1.12 DESC 'Distinguished Name' )
( 1.3.6.1.4.1.1466.115.121.1.13 DESC 'Data Quality' )
( 1.3.6.1.4.1.1466.115.121.1.14 DESC 'Delivery Method' )
( 1.3.6.1.4.1.1466.115.121.1.15 DESC 'Directory String' )
( 1.3.6.1.4.1.1466.115.121.1.16 DESC 'DIT Content Rule Description' )
( 1.3.6.1.4.1.1466.115.121.1.17 DESC 'DIT Structure Rule Description' )
( 1.3.6.1.4.1.1466.115.121.1.19 DESC 'DSA Quality' )
( 1.3.6.1.4.1.1466.115.121.1.20 DESC 'DSE Type' )
( 1.3.6.1.4.1.1466.115.121.1.21 DESC 'Enhanced Guide' )
( 1.3.6.1.4.1.1466.115.121.1.22 DESC 'Facsimile Telephone Number' )
( 1.3.6.1.4.1.1466.115.121.1.23 DESC 'Fax' X-NOT-HUMAN-READABLE 'TRUE' )
( 1.3.6.1.4.1.1466.115.121.1.24 DESC 'Generalized Time' )
( 1.3.6.1.4.1.1466.115.121.1.25 DESC 'Guide' )
( 1.3.6.1.4.1.1466.115.121.1.26 DESC 'IA5 String' )
( 1.3.6.1.4.1.1466.115.121.1.27 DESC 'Integer' )
( 1.3.6.1.4.1.1466.115.121.1.28 DESC 'JPEG' X-NOT-HUMAN-READABLE 'TRUE' )
( 1.3.6.1.4.1.1466.115.121.1.29 DESC 'Master And Shadow Access Points' )
( 1.3.6.1.4.1.1466.115.121.1.30 DESC 'Matching Rule Description' )
( 1.3.6.1.4.1.1466.115.121.1.31 DESC 'Matching Rule Use Description' )
( 1.3.6.1.4.1.1466.115.121.1.32 DESC 'Mail Preference' )
( 1.3.6.1.4.1.1466.115.121.1.33 DESC 'MHS OR Address' )
( 1.3.6.1.4.1.1466.115.121.1.34 DESC 'Name And Optional UID' )
( 1.3.6.1.4.1.1466.115.121.1.35 DESC 'Name Form Description' )
( 1.3.6.1.4.1.1466.115.121.1.36 DESC 'Numeric String' )
( 1.3.6.1.4.1.1466.115.121.1.37 DESC 'Object Class Description' )
( 1.3.6.1.4.1.1466.115.121.1.38 DESC 'OID' )
( 1.3.6.1.4.1.1466.115.121.1.39 DESC 'Other Mailbox' )
( 1.3.6.1.4.1.1466.115.121.1.40 DESC 'Octet String' )
( 1.3.6.1.4.1.1466.115.121.1.41 DESC 'Postal Address' )
( 1.3.6.1.4.1.1466.115.121.1.42 DESC 'Protocol Information' )
( 1.3.6.1.4.1.1466.115.121.1.43 DESC 'Presentation Address' )
( 1.3.6.1.4.1.1466.115.121.1.44 DESC 'Printable String' )
( 1.3.6.1.4.1.1466.115.121.1.11 DESC 'Country String' )
( 1.3.6.1.4.1.1466.115.121.1.45 DESC 'SubtreeSpecification' )
( 1.3.6.1.4.1.1466.115.121.1.49 DESC 'Supported Algorithm' X-BINARY-TRANSFER-REQUIRED 'TRUE' X-NOT-HUMAN-READABLE 'TRUE' )
( 1.3.6.1.4.1.1466.115.121.1.50 DESC 'Telephone Number' )
( 1.3.6.1.4.1.1466.115.121.1.51 DESC 'Teletex Terminal Identifier' )
( 1.3.6.1.4.1.1466.115.121.1.52 DESC 'Telex Number' )
( 1.3.6.1.4.1.1466.115.121.1.54 DESC 'LDAP Syntax Description' )
( 1.3.6.1.4.1.1466.115.121.1.55 DESC 'Modify Rights' )
( 1.3.6.1.4.1.1466.115.121.1.56 DESC 'LDAP Schema Definition' )
( 1.3.6.1.4.1.1466.115.121.1.57 DESC 'LDAP Schema Description' )
( 1.3.6.1.4.1.1466.115.121.1.58 DESC 'Substring Assertion' )
( 1.3.6.1.4.1.4203.666.11.10.2.2 DESC 'AttributeCertificate Exact Assertion' )
( 1.3.6.1.4.1.4203.666.11.10.2.3 DESC 'AttributeCertificate Assertion' )
( 1.3.6.1.4.1.4203.666.11.2.1 DESC 'CSN' )
( 1.3.6.1.4.1.4203.666.11.2.4 DESC 'CSN SID' )
( 1.3.6.1.4.1.4203.1.1.1 DESC 'OpenLDAP void' )
( 1.3.6.1.4.1.4203.666.2.7 DESC 'OpenLDAP authz' )
( 1.3.6.1.4.1.4203.666.4.4 NAME 'directoryStringApproxMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
( 1.3.6.1.4.1.4203.666.4.5 NAME 'IA5StringApproxMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
( 2.5.13.0 NAME 'objectIdentifierMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
( 2.5.13.1 NAME 'distinguishedNameMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
( 1.3.6.1.4.1.4203.666.4.9 NAME 'dnSubtreeMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
( 1.3.6.1.4.1.4203.666.4.8 NAME 'dnOneLevelMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
( 1.3.6.1.4.1.4203.666.4.10 NAME 'dnSubordinateMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
( 1.3.6.1.4.1.4203.666.4.11 NAME 'dnSuperiorMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
( 2.5.13.2 NAME 'caseIgnoreMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
( 2.5.13.3 NAME 'caseIgnoreOrderingMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
( 2.5.13.4 NAME 'caseIgnoreSubstringsMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
( 2.5.13.5 NAME 'caseExactMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
( 2.5.13.6 NAME 'caseExactOrderingMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
( 2.5.13.7 NAME 'caseExactSubstringsMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
( 2.5.13.8 NAME 'numericStringMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )
( 2.5.13.9 NAME 'numericStringOrderingMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 )
( 2.5.13.10 NAME 'numericStringSubstringsMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
( 2.5.13.11 NAME 'caseIgnoreListMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.41 )
( 2.5.13.12 NAME 'caseIgnoreListSubstringsMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
( 2.5.13.13 NAME 'booleanMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
( 2.5.13.14 NAME 'integerMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
( 2.5.13.15 NAME 'integerOrderingMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
( 2.5.13.16 NAME 'bitStringMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 )
( 2.5.13.17 NAME 'octetStringMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
( 2.5.13.18 NAME 'octetStringOrderingMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
( 2.5.13.19 NAME 'octetStringSubstringsMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
( 2.5.13.20 NAME 'telephoneNumberMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.50 )
( 2.5.13.21 NAME 'telephoneNumberSubstringsMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.58 )
( 2.5.13.22 NAME 'presentationAddressMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.43 )
( 2.5.13.23 NAME 'uniqueMemberMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.34 )
( 2.5.13.24 NAME 'protocolInformationMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.42 )
( 2.5.13.27 NAME 'generalizedTimeMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
( 2.5.13.28 NAME 'generalizedTimeOrderingMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
( 2.5.13.29 NAME 'integerFirstComponentMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
( 2.5.13.30 NAME 'objectIdentifierFirstComponentMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
( 2.5.13.45 NAME 'attributeCertificateExactMatch' SYNTAX 1.3.6.1.4.1.4203.666.11.10.2.2 )
( 2.5.13.46 NAME 'attributeCertificateMatch' SYNTAX 1.3.6.1.4.1.4203.666.11.10.2.3 )
( 1.3.6.1.4.1.1466.109.114.1 NAME 'caseExactIA5Match' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
( 1.3.6.1.4.1.1466.109.114.2 NAME 'caseIgnoreIA5Match' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
( 1.3.6.1.4.1.1466.109.114.3 NAME 'caseIgnoreIA5SubstringsMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
( 1.3.6.1.4.1.4203.1.2.1 NAME 'caseExactIA5SubstringsMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
( 1.2.840.113556.1.4.803 NAME 'integerBitAndMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
( 1.2.840.113556.1.4.804 NAME 'integerBitOrMatch' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
( 1.3.6.1.4.1.4203.666.11.2.2 NAME 'CSNMatch' SYNTAX 1.3.6.1.4.1.4203.666.11.2.1 )
( 1.3.6.1.4.1.4203.666.11.2.3 NAME 'CSNOrderingMatch' SYNTAX 1.3.6.1.4.1.4203.666.11.2.1 )
( 1.3.6.1.4.1.4203.666.11.2.5 NAME 'CSNSIDMatch' SYNTAX 1.3.6.1.4.1.4203.666.11.2.4 )
( 1.3.6.1.4.1.4203.666.4.12 NAME 'authzMatch' SYNTAX 1.3.6.1.4.1.4203.666.2.7 )
1.3.6.1.4.1.1466.115.121.1.40
( 2.5.4.0 NAME 'objectClass' DESC 'RFC4512: object classes of the entity' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
( 2.5.21.9 NAME 'structuralObjectClass' DESC 'RFC4512: structural object class of entry' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
( 2.5.18.1 NAME 'createTimestamp' DESC 'RFC4512: time which object was created' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
( 2.5.18.2 NAME 'modifyTimestamp' DESC 'RFC4512: time which object was last modified' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
( 2.5.18.3 NAME 'creatorsName' DESC 'RFC4512: name of creator' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
( 2.5.18.4 NAME 'modifiersName' DESC 'RFC4512: name of last modifier' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
( 2.5.18.9 NAME 'hasSubordinates' DESC 'X.501: entry has children' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
( 2.5.18.10 NAME 'subschemaSubentry' DESC 'RFC4512: name of controlling subschema entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
( 1.3.6.1.1.20 NAME 'entryDN' DESC 'DN of the entry' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
( 1.3.6.1.4.1.4203.666.1.7 NAME 'entryCSN' DESC 'change sequence number of the entry content' EQUALITY CSNMatch ORDERING CSNOrderingMatch SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
( 1.3.6.1.4.1.4203.666.1.13 NAME 'namingCSN' DESC 'change sequence number of the entry naming (RDN)' EQUALITY CSNMatch ORDERING CSNOrderingMatch SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
( 1.3.6.1.4.1.4203.666.1.23 NAME 'syncreplCookie' DESC 'syncrepl Cookie for shadow copy' EQUALITY octetStringMatch ORDERING octetStringOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.25 NAME 'contextCSN' DESC 'the largest committed CSN of a context' EQUALITY CSNMatch ORDERING CSNOrderingMatch SYNTAX 1.3.6.1.4.1.4203.666.11.2.1{64} NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer' DESC 'RFC4512: alternative servers' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 USAGE dSAOperation )
( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts' DESC 'RFC4512: naming contexts' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 USAGE dSAOperation )
( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl' DESC 'RFC4512: supported controls' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension' DESC 'RFC4512: supported extended operations' SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion' DESC 'RFC4512: supported LDAP versions' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 USAGE dSAOperation )
( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms' DESC 'RFC4512: supported SASL mechanisms'SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE dSAOperation )
( 1.3.6.1.4.1.4203.1.3.5 NAME 'supportedFeatures' DESC 'RFC4512: features supported by the server' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.10 NAME 'monitorContext' DESC 'monitor context' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 EQUALITY distinguishedNameMatch SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.1.12.2.1 NAME 'configContext' DESC 'config context' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 EQUALITY distinguishedNameMatch SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.1.4 NAME 'vendorName' DESC 'RFC3045: name of implementation vendor' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.1.5 NAME 'vendorVersion' DESC 'RFC3045: version of implementation' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
( 2.5.18.5 NAME 'administrativeRole' DESC 'RFC3672: administrative role' EQUALITY objectIdentifierMatch USAGE directoryOperation SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
( 2.5.18.6 NAME 'subtreeSpecification' DESC 'RFC3672: subtree specification' SINGLE-VALUE USAGE directoryOperation SYNTAX 1.3.6.1.4.1.1466.115.121.1.45 )
( 2.5.21.1 NAME 'dITStructureRules' DESC 'RFC4512: DIT structure rules' EQUALITY integerFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.17 USAGE directoryOperation ) 
( 2.5.21.2 NAME 'dITContentRules' DESC 'RFC4512: DIT content rules' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.16 USAGE directoryOperation )
( 2.5.21.4 NAME 'matchingRules' DESC 'RFC4512: matching rules' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.30 USAGE directoryOperation )
( 2.5.21.5 NAME 'attributeTypes' DESC 'RFC4512: attribute types' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 USAGE directoryOperation )
( 2.5.21.6 NAME 'objectClasses' DESC 'RFC4512: object classes' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.37 USAGE directoryOperation )
( 2.5.21.7 NAME 'nameForms' DESC 'RFC4512: name forms ' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.35 USAGE directoryOperation )
( 2.5.21.8 NAME 'matchingRuleUse' DESC 'RFC4512: matching rule uses' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.31 USAGE directoryOperation )
( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes' DESC 'RFC4512: LDAP syntaxes' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.54 USAGE directoryOperation )
( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' ) DESC 'RFC4512: name of aliased object' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
( 2.16.840.1.113730.3.1.34 NAME 'ref' DESC 'RFC3296: subordinate referral URL' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 USAGE distributedOperation )
( 1.3.6.1.4.1.4203.1.3.1 NAME 'entry' DESC 'OpenLDAP ACL entry pseudo-attribute' SYNTAX 1.3.6.1.4.1.4203.1.1.1 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.1.3.2 NAME 'children' DESC 'OpenLDAP ACL children pseudo-attribute' SYNTAX 1.3.6.1.4.1.4203.1.1.1 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.8 NAME ( 'authzTo' 'saslAuthzTo' ) DESC 'proxy authorization targets' EQUALITY authzMatch SYNTAX 1.3.6.1.4.1.4203.666.2.7 X-ORDERED 'VALUES' USAGE distributedOperation )
( 1.3.6.1.4.1.4203.666.1.9 NAME ( 'authzFrom' 'saslAuthzFrom' ) DESC 'proxy authorization sources' EQUALITY authzMatch SYNTAX 1.3.6.1.4.1.4203.666.2.7 X-ORDERED 'VALUES' USAGE distributedOperation )
( 1.3.6.1.4.1.1466.101.119.3 NAME 'entryTtl' DESC 'RFC2589: entry time-to-live' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.1466.101.119.4 NAME 'dynamicSubtrees' DESC 'RFC2589: dynamic subtrees' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE dSAOperation )
( 2.5.4.49 NAME 'distinguishedName' DESC 'RFC4519: common supertype of DN attributes' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
( 2.5.4.41 NAME 'name' DESC 'RFC4519: common supertype of name attributes' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} )
( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' ) DESC 'RFC4519: user identifier' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
( 1.3.6.1.1.1.1.0 NAME 'uidNumber' DESC 'RFC2307: An integer uniquely identifying a user in an administrative domain' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
( 1.3.6.1.1.1.1.1 NAME 'gidNumber' DESC 'RFC2307: An integer uniquely identifying a group in an administrative domain' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
( 2.5.4.35 NAME 'userPassword' DESC 'RFC4519/2307: password of user' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} )
( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI' DESC 'RFC2079: Uniform Resource Identifier with optional label' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
( 2.5.4.13 NAME 'description' DESC 'RFC4519: descriptive information' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} )
( 1.3.6.1.4.1.1466.101.120.111 NAME 'extensibleObject' DESC 'RFC4512: extensible object' SUP top AUXILIARY )
( 1.3.6.1.4.1.4203.1.4.1 NAME ( 'OpenLDAProotDSE' 'LDAProotDSE' ) DESC 'OpenLDAP Root DSE object' SUP top STRUCTURAL MAY cn )
( 1.3.6.1.4.1.1466.101.119.2 NAME 'dynamicObject' DESC 'RFC2589: Dynamic Object' SUP top AUXILIARY )
( 1.3.6.1.4.1.4203.666.3.4 NAME 'glue' DESC 'Glue Entry' SUP top STRUCTURAL )
( 1.3.6.1.4.1.4203.666.3.5 NAME 'syncConsumerSubentry' DESC 'Persistent Info for SyncRepl Consumer' AUXILIARY MAY syncreplCookie )
( 1.3.6.1.4.1.4203.666.3.6 NAME 'syncProviderSubentry' DESC 'Persistent Info for SyncRepl Producer' AUXILIARY MAY contextCSN )
1.3.6.1.4.1.1466.20037
1.3.6.1.4.1.4203.1.5.1
1.3.6.1.4.1.4203.1.5.2
1.3.6.1.4.1.4203.1.5.3
1.3.6.1.4.1.4203.1.5.4
1.3.6.1.4.1.4203.1.5.5
1.3.6.1.4.1.4203.1.9.1.1
1.3.6.1.4.1.4203.1.9.1.2
1.3.6.1.4.1.4203.1.9.1.3
1.3.6.1.4.1.4203.1.9.1.4
( 1.3.6.1.4.1.4203.666.1.5 NAME 'OpenLDAPaci' DESC 'OpenLDAP access control information (experimental)' EQUALITY OpenLDAPaciMatch SYNTAX 1.3.6.1.4.1.4203.666.2.1 USAGE directoryOperation )
( 1.3.6.1.4.1.4203.666.4.2 NAME 'OpenLDAPaciMatch' SYNTAX 1.3.6.1.4.1.4203.666.2.1 )
( 1.3.6.1.4.1.4203.666.2.1 DESC 'OpenLDAP Experimental ACI' )
1.3.6.1.4.1.4203.666.2.1
1.3.6.1.4.1.4203.666.1.55
1.3.6.1.4.1.4203.666.3.16
( 1.3.6.1.4.1.4203.666.1.55.1 NAME 'monitoredInfo' DESC 'monitored info' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768} NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.2 NAME 'managedInfo' DESC 'monitor managed info' SUP name )
( 1.3.6.1.4.1.4203.666.1.55.3 NAME 'monitorCounter' DESC 'monitor counter' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.4 NAME 'monitorOpCompleted' DESC 'monitor completed operations' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.5 NAME 'monitorOpInitiated' DESC 'monitor initiated operations' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.6 NAME 'monitorConnectionNumber' DESC 'monitor connection number' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.7 NAME 'monitorConnectionAuthzDN' DESC 'monitor connection authorization DN' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.8 NAME 'monitorConnectionLocalAddress' DESC 'monitor connection local address' SUP monitoredInfo NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.9 NAME 'monitorConnectionPeerAddress' DESC 'monitor connection peer address' SUP monitoredInfo NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.10 NAME 'monitorTimestamp' DESC 'monitor timestamp' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.11 NAME 'monitorOverlay' DESC 'name of overlays defined for a given database' SUP monitoredInfo NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.12 NAME 'readOnly' DESC 'read/write status of a given database' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.13 NAME 'restrictedOperation' DESC 'name of restricted operation for a given database' SUP managedInfo )
( 1.3.6.1.4.1.4203.666.1.55.14 NAME 'monitorConnectionProtocol' DESC 'monitor connection protocol' SUP monitoredInfo NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.15 NAME 'monitorConnectionOpsReceived' DESC 'monitor number of operations received by the connection' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.16 NAME 'monitorConnectionOpsExecuting' DESC 'monitor number of operations in execution within the connection' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.17 NAME 'monitorConnectionOpsPending' DESC 'monitor number of pending operations within the connection' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.18 NAME 'monitorConnectionOpsCompleted' DESC 'monitor number of operations completed within the connection' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.19 NAME 'monitorConnectionGet' DESC 'number of times connection_get() was called so far' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.20 NAME 'monitorConnectionRead' DESC 'number of times connection_read() was called so far' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.21 NAME 'monitorConnectionWrite' DESC 'number of times connection_write() was called so far' SUP monitorCounter NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.22 NAME 'monitorConnectionMask' DESC 'monitor connection mask' SUP monitoredInfo NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.23 NAME 'monitorConnectionListener' DESC 'monitor connection listener' SUP monitoredInfo NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.24 NAME 'monitorConnectionPeerDomain' DESC 'monitor connection peer domain' SUP monitoredInfo NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.25 NAME 'monitorConnectionStartTime' DESC 'monitor connection start time' SUP monitorTimestamp SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.26 NAME 'monitorConnectionActivityTime' DESC 'monitor connection activity time' SUP monitorTimestamp SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.27 NAME 'monitorIsShadow' DESC 'TRUE if the database is shadow' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.28 NAME 'monitorUpdateRef' DESC 'update referral for shadow databases' SUP monitoredInfo SINGLE-VALUE USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.29 NAME 'monitorRuntimeConfig' DESC 'TRUE if component allows runtime configuration' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.1.55.30 NAME 'monitorSuperiorDN' DESC 'monitor superior DN' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.3.16.1 NAME 'monitor' DESC 'OpenLDAP system monitoring' SUP top STRUCTURAL MUST cn MAY ( description $ seeAlso $ labeledURI $ monitoredInfo $ managedInfo $ monitorOverlay ) )
( 1.3.6.1.4.1.4203.666.3.16.2 NAME 'monitorServer' DESC 'Server monitoring root entry' SUP monitor STRUCTURAL )
( 1.3.6.1.4.1.4203.666.3.16.3 NAME 'monitorContainer' DESC 'monitor container class' SUP monitor STRUCTURAL )
( 1.3.6.1.4.1.4203.666.3.16.4 NAME 'monitorCounterObject' DESC 'monitor counter class' SUP monitor STRUCTURAL )
( 1.3.6.1.4.1.4203.666.3.16.5 NAME 'monitorOperation' DESC 'monitor operation class' SUP monitor STRUCTURAL )
( 1.3.6.1.4.1.4203.666.3.16.6 NAME 'monitorConnection' DESC 'monitor connection class' SUP monitor STRUCTURAL )
( 1.3.6.1.4.1.4203.666.3.16.7 NAME 'managedObject' DESC 'monitor managed entity class' SUP monitor STRUCTURAL )
( 1.3.6.1.4.1.4203.666.3.16.8 NAME 'monitoredObject' DESC 'monitor monitored entity class' SUP monitor STRUCTURAL )
1.3.6.1.4.1.4203.666.11.3
1.3.6.1.4.1.4203.666.11.6.3
1.3.6.1.4.1.4203.666.11.6.1
1.3.6.1.4.1.4203.666.11.5.3.1
( 1.3.6.1.4.1.4203.666.11.5.3.1 DESC 'Control' )
( 1.3.6.1.4.1.4203.666.11.5.1.1 NAME 'reqDN' DESC 'Target DN of request' EQUALITY distinguishedNameMatch SYNTAX OMsDN SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.2 NAME 'reqStart' DESC 'Start time of request' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.3 NAME 'reqEnd' DESC 'End time of request' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.4 NAME 'reqType' DESC 'Type of request' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.5 NAME 'reqSession' DESC 'Session ID of request' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.6 NAME 'reqAuthzID' DESC 'Authorization ID of requestor' EQUALITY distinguishedNameMatch SYNTAX OMsDN SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.7 NAME 'reqResult' DESC 'Result code of request' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX OMsInteger SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.8 NAME 'reqMessage' DESC 'Error text of request' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX OMsDirectoryString SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.9 NAME 'reqReferral' DESC 'Referrals returned for request' SUP labeledURI )
( 1.3.6.1.4.1.4203.666.11.5.1.10 NAME 'reqControls' DESC 'Request controls' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.4203.666.11.5.3.1 X-ORDERED 'VALUES' )
( 1.3.6.1.4.1.4203.666.11.5.1.11 NAME 'reqRespControls' DESC 'Response controls of request' EQUALITY objectIdentifierFirstComponentMatch SYNTAX 1.3.6.1.4.1.4203.666.11.5.3.1 X-ORDERED 'VALUES' )
( 1.3.6.1.4.1.4203.666.11.5.1.12 NAME 'reqId' DESC 'ID of Request to Abandon' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX OMsInteger SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.13 NAME 'reqVersion' DESC 'Protocol version of Bind request' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX OMsInteger SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.14 NAME 'reqMethod' DESC 'Bind method of request' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.15 NAME 'reqAssertion' DESC 'Compare Assertion of request' SYNTAX OMsDirectoryString SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.16 NAME 'reqMod' DESC 'Modifications of request' EQUALITY octetStringMatch SUBSTR octetStringSubstringsMatch SYNTAX OMsOctetString )
( 1.3.6.1.4.1.4203.666.11.5.1.17 NAME 'reqOld' DESC 'Old values of entry before request completed' EQUALITY octetStringMatch SUBSTR octetStringSubstringsMatch SYNTAX OMsOctetString )
( 1.3.6.1.4.1.4203.666.11.5.1.18 NAME 'reqNewRDN' DESC 'New RDN of request' EQUALITY distinguishedNameMatch SYNTAX OMsDN SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.19 NAME 'reqDeleteOldRDN' DESC 'Delete old RDN' EQUALITY booleanMatch SYNTAX OMsBoolean SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.20 NAME 'reqNewSuperior' DESC 'New superior DN of request' EQUALITY distinguishedNameMatch SYNTAX OMsDN SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.21 NAME 'reqScope' DESC 'Scope of request' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.22 NAME 'reqDerefAliases' DESC 'Disposition of Aliases in request' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.23 NAME 'reqAttrsOnly' DESC 'Attributes and values of request' EQUALITY booleanMatch SYNTAX OMsBoolean SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.24 NAME 'reqFilter' DESC 'Filter of request' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX OMsDirectoryString SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.25 NAME 'reqAttr' DESC 'Attributes of request' EQUALITY caseIgnoreMatch SYNTAX OMsDirectoryString )
( 1.3.6.1.4.1.4203.666.11.5.1.26 NAME 'reqSizeLimit' DESC 'Size limit of request' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX OMsInteger SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.27 NAME 'reqTimeLimit' DESC 'Time limit of request' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX OMsInteger SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.28 NAME 'reqEntries' DESC 'Number of entries returned' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX OMsInteger SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.29 NAME 'reqData' DESC 'Data of extended request' EQUALITY octetStringMatch SUBSTR octetStringSubstringsMatch SYNTAX OMsOctetString SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.5.1.30 NAME 'auditContext' DESC 'DN of auditContainer' SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
( 1.3.6.1.4.1.4203.666.11.5.2.0 NAME 'auditContainer' DESC 'AuditLog container' SUP top STRUCTURAL MAY ( cn $ reqStart $ reqEnd ) )
( 1.3.6.1.4.1.4203.666.11.5.2.1 NAME 'auditObject' DESC 'OpenLDAP request auditing' SUP top STRUCTURAL MUST ( reqStart $ reqType $ reqSession ) MAY ( reqDN $ reqAuthzID $ reqControls $ reqRespControls $ reqEnd $ reqResult $ reqMessage $ reqReferral ) )
( 1.3.6.1.4.1.4203.666.11.5.2.2 NAME 'auditReadObject' DESC 'OpenLDAP read request record' SUP auditObject STRUCTURAL )
( 1.3.6.1.4.1.4203.666.11.5.2.3 NAME 'auditWriteObject' DESC 'OpenLDAP write request record' SUP auditObject STRUCTURAL )
( 1.3.6.1.4.1.4203.666.11.5.2.4 NAME 'auditAbandon' DESC 'Abandon operation' SUP auditObject STRUCTURAL MUST reqId )
( 1.3.6.1.4.1.4203.666.11.5.2.5 NAME 'auditAdd' DESC 'Add operation' SUP auditWriteObject STRUCTURAL MUST reqMod )
( 1.3.6.1.4.1.4203.666.11.5.2.6 NAME 'auditBind' DESC 'Bind operation' SUP auditObject STRUCTURAL MUST ( reqVersion $ reqMethod ) )
( 1.3.6.1.4.1.4203.666.11.5.2.7 NAME 'auditCompare' DESC 'Compare operation' SUP auditReadObject STRUCTURAL MUST reqAssertion )
( 1.3.6.1.4.1.4203.666.11.5.2.8 NAME 'auditDelete' DESC 'Delete operation' SUP auditWriteObject STRUCTURAL MAY reqOld )
( 1.3.6.1.4.1.4203.666.11.5.2.9 NAME 'auditModify' DESC 'Modify operation' SUP auditWriteObject STRUCTURAL MAY reqOld MUST reqMod )
( 1.3.6.1.4.1.4203.666.11.5.2.10 NAME 'auditModRDN' DESC 'ModRDN operation' SUP auditWriteObject STRUCTURAL MUST ( reqNewRDN $ reqDeleteOldRDN ) MAY ( reqNewSuperior $ reqMod $ reqOld ) )
( 1.3.6.1.4.1.4203.666.11.5.2.11 NAME 'auditSearch' DESC 'Search operation' SUP auditReadObject STRUCTURAL MUST ( reqScope $ reqDerefAliases $ reqAttrsonly ) MAY ( reqFilter $ reqAttr $ reqEntries $ reqSizeLimit $ reqTimeLimit ) )
( 1.3.6.1.4.1.4203.666.11.5.2.12 NAME 'auditExtended' DESC 'Extended operation' SUP auditObject STRUCTURAL MAY reqData )
( 1.3.6.1.4.1.4203.666.1.57 NAME ( 'entryExpireTimestamp' ) DESC 'RFC2589 OpenLDAP extension: expire time of a dynamic object, computed as now + entryTtl' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE dSAOperation )
1.3.6.1.4.1.4203.666.5.16
( 1.2.840.113556.1.2.102 NAME 'memberOf' DESC 'Group that the entry belongs to' SYNTAX '1.3.6.1.4.1.1466.115.121.1.12' EQUALITY distinguishedNameMatch USAGE dSAOperation X-ORIGIN 'iPlanet Delegated Administrator' )
( 1.3.6.1.4.1.42.2.27.8.1.16 NAME ( 'pwdChangedTime' ) DESC 'The time the password was last changed' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE NO-USER-MODIFICATION USAGE directoryOperation )
( 1.3.6.1.4.1.42.2.27.8.1.17 NAME ( 'pwdAccountLockedTime' ) DESC 'The time an user account was locked' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE USAGE directoryOperation )
( 1.3.6.1.4.1.42.2.27.8.1.19 NAME ( 'pwdFailureTime' ) DESC 'The timestamps of the last consecutive authentication failures' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 NO-USER-MODIFICATION USAGE directoryOperation )
( 1.3.6.1.4.1.42.2.27.8.1.20 NAME ( 'pwdHistory' ) DESC 'The history of users passwords' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 NO-USER-MODIFICATION USAGE directoryOperation )
( 1.3.6.1.4.1.42.2.27.8.1.21 NAME ( 'pwdGraceUseTime' ) DESC 'The timestamps of the grace login once the password has expired' EQUALITY generalizedTimeMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 NO-USER-MODIFICATION USAGE directoryOperation )
( 1.3.6.1.4.1.42.2.27.8.1.22 NAME ( 'pwdReset' ) DESC 'The indication that the password has been reset' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE USAGE directoryOperation )
( 1.3.6.1.4.1.42.2.27.8.1.23 NAME ( 'pwdPolicySubentry' ) DESC 'The pwdPolicy subentry in effect for this object' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE USAGE directoryOperation )
1.3.6.1.4.1.42.2.27.8.5.1
1.3.6.1.4.1.42.2.27.8.5.1
1.3.6.1.4.1.4203.666.11.9.1
( PCacheAttributes:1 NAME 'pcacheQueryID' DESC 'ID of query the entry belongs to, formatted as a UUID' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{64} NO-USER-MODIFICATION USAGE directoryOperation )
( PCacheAttributes:2 NAME 'pcacheQueryURL' DESC 'URI describing a cached query' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 NO-USER-MODIFICATION USAGE directoryOperation )
( 1.3.6.1.4.1.4203.666.11.4.3.0 NAME ( 'errAbsObject' ) SUP top ABSTRACT MUST ( errCode ) MAY ( cn $ description $ errOp $ errText $ errSleepTime $ errMatchedDN $ errUnsolicitedOID $ errUnsolicitedData $ errDisconnect ) )
( 1.3.6.1.4.1.4203.666.11.4.3.1 NAME ( 'errObject' ) SUP errAbsObject STRUCTURAL )
( 1.3.6.1.4.1.4203.666.11.4.3.2 NAME ( 'errAuxObject' ) SUP errAbsObject AUXILIARY )
( 1.3.6.1.4.1.4203.666.11.4.1.1 NAME ( 'errCode' ) DESC 'LDAP error code' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.4.1.2 NAME ( 'errOp' ) DESC 'Operations the errObject applies to' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
( 1.3.6.1.4.1.4203.666.11.4.1.3 NAME ( 'errText' ) DESC 'LDAP error textual description' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.4.1.4 NAME ( 'errSleepTime' ) DESC 'Time to wait before returning the error' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.4.1.5 NAME ( 'errMatchedDN' ) DESC 'Value to be returned as matched DN' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.4.1.6 NAME ( 'errUnsolicitedOID' ) DESC 'OID to be returned within unsolicited response' EQUALITY objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.4.1.7 NAME ( 'errUnsolicitedData' ) DESC 'Data to be returned within unsolicited response' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
( 1.3.6.1.4.1.4203.666.11.4.1.8 NAME ( 'errDisconnect' ) DESC 'Disconnect without notice' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
1.3.6.1.4.1.4203.666.5.14
1.3.6.1.4.1.1466.115.121.1.36