kanidm_proto/
constants.rs

1//! Because consistency is great!
2//!
3pub mod uri;
4
5use std::time::Duration;
6
7/// The default location for the `kanidm` CLI tool's token cache.
8pub const CLIENT_TOKEN_CACHE: &str = "~/.cache/kanidm_tokens";
9
10/// Content type string for jpeg
11pub const CONTENT_TYPE_JPG: &str = "image/jpeg";
12/// Content type string for png
13pub const CONTENT_TYPE_PNG: &str = "image/png";
14/// Content type string for gif
15pub const CONTENT_TYPE_GIF: &str = "image/gif";
16/// Content type string for svg
17pub const CONTENT_TYPE_SVG: &str = "image/svg+xml";
18/// Content type string for webp
19pub const CONTENT_TYPE_WEBP: &str = "image/webp";
20
21// For when the user uploads things to the various image endpoints, these are the valid content-types.
22pub const VALID_IMAGE_UPLOAD_CONTENT_TYPES: [&str; 5] = [
23    CONTENT_TYPE_JPG,
24    CONTENT_TYPE_PNG,
25    CONTENT_TYPE_GIF,
26    CONTENT_TYPE_SVG,
27    CONTENT_TYPE_WEBP,
28];
29
30pub const APPLICATION_JSON: &str = "application/json";
31
32/// The "system" path for Kanidm client config
33pub const DEFAULT_CLIENT_CONFIG_PATH: &str = env!("KANIDM_CLIENT_CONFIG_PATH");
34/// The user-owned path for Kanidm client config
35pub const DEFAULT_CLIENT_CONFIG_PATH_HOME: &str = "~/.config/kanidm";
36
37/// The default HTTPS bind address for the Kanidm server
38pub const DEFAULT_SERVER_ADDRESS: &str = "127.0.0.1:8443";
39pub const DEFAULT_SERVER_LOCALHOST: &str = "localhost:8443";
40/// The default LDAP bind address for the Kanidm client
41pub const DEFAULT_LDAP_LOCALHOST: &str = "localhost:636";
42/// The default amount of attributes that can be queried in LDAP
43pub const DEFAULT_LDAP_MAXIMUM_QUERYABLE_ATTRIBUTES: usize = 16;
44/// Default replication configuration
45pub const DEFAULT_REPLICATION_ADDRESS: &str = "127.0.0.1:8444";
46pub const DEFAULT_REPLICATION_ORIGIN: &str = "repl://localhost:8444";
47
48/// Default replication poll window in seconds.
49pub const DEFAULT_REPL_TASK_POLL_INTERVAL: u64 = 15;
50
51/// Default grace window for authentication tokens. This allows a token to be
52/// validated by another replica before the backing database session has been
53/// replicated to the partner. If replication stalls until this point then
54/// the token will be considered INVALID.
55pub const AUTH_TOKEN_GRACE_WINDOW: Duration = Duration::from_secs(5 * 60);
56
57// IF YOU CHANGE THESE VALUES YOU BREAK EVERYTHING
58pub const ATTR_ACCOUNT_EXPIRE: &str = "account_expire";
59pub const ATTR_ACCOUNT_VALID_FROM: &str = "account_valid_from";
60pub const ATTR_ACCOUNT: &str = "account";
61pub const ATTR_ACP_CREATE_ATTR: &str = "acp_create_attr";
62pub const ATTR_ACP_CREATE_CLASS: &str = "acp_create_class";
63pub const ATTR_DELETE_AFTER: &str = "delete_after";
64pub const ATTR_ACP_ENABLE: &str = "acp_enable";
65pub const ATTR_ACP_MODIFY_CLASS: &str = "acp_modify_class";
66pub const ATTR_ACP_MODIFY_PRESENT_CLASS: &str = "acp_modify_present_class";
67pub const ATTR_ACP_MODIFY_REMOVE_CLASS: &str = "acp_modify_remove_class";
68pub const ATTR_ACP_MODIFY_PRESENTATTR: &str = "acp_modify_presentattr";
69pub const ATTR_ACP_MODIFY_REMOVEDATTR: &str = "acp_modify_removedattr";
70pub const ATTR_ACP_RECEIVER_GROUP: &str = "acp_receiver_group";
71pub const ATTR_ACP_RECEIVER: &str = "acp_receiver";
72pub const ATTR_ACP_SEARCH_ATTR: &str = "acp_search_attr";
73pub const ATTR_ACP_TARGET_SCOPE: &str = "acp_targetscope";
74pub const ATTR_API_TOKEN_SESSION: &str = "api_token_session";
75pub const ATTR_APPLICATION_PASSWORD: &str = "application_password";
76pub const ATTR_APPLICATION_URL: &str = "application_url";
77pub const ATTR_ATTESTED_PASSKEYS: &str = "attested_passkeys";
78pub const ATTR_ATTR: &str = "attr";
79pub const ATTR_ATTRIBUTENAME: &str = "attributename";
80pub const ATTR_ATTRIBUTETYPE: &str = "attributetype";
81pub const ATTR_AUTH_SESSION_EXPIRY: &str = "authsession_expiry";
82pub const ATTR_AUTH_PASSWORD_MINIMUM_LENGTH: &str = "auth_password_minimum_length";
83pub const ATTR_BADLIST_PASSWORD: &str = "badlist_password";
84pub const ATTR_CASCADE_DELETED: &str = "cascade_deleted";
85pub const ATTR_CERTIFICATE: &str = "certificate";
86pub const ATTR_CLAIM: &str = "claim";
87pub const ATTR_CLASS: &str = "class";
88pub const ATTR_CLASSNAME: &str = "classname";
89pub const ATTR_CN: &str = "cn";
90pub const ATTR_COOKIE_PRIVATE_KEY: &str = "cookie_private_key";
91pub const ATTR_CREATED_AT_CID: &str = "created_at_cid";
92pub const ATTR_CREDENTIAL_UPDATE_INTENT_TOKEN: &str = "credential_update_intent_token";
93pub const ATTR_CREDENTIAL_TYPE_MINIMUM: &str = "credential_type_minimum";
94pub const ATTR_DENIED_NAME: &str = "denied_name";
95pub const ATTR_DESCRIPTION: &str = "description";
96pub const ATTR_DIRECTMEMBEROF: &str = "directmemberof";
97pub const ATTR_DISPLAYNAME: &str = "displayname";
98pub const ATTR_DN: &str = "dn";
99pub const ATTR_DOMAIN_ALLOW_EASTER_EGGS: &str = "domain_allow_easter_eggs";
100pub const ATTR_DOMAIN_DEVELOPMENT_TAINT: &str = "domain_development_taint";
101pub const ATTR_DOMAIN_DISPLAY_NAME: &str = "domain_display_name";
102pub const ATTR_DOMAIN_LDAP_BASEDN: &str = "domain_ldap_basedn";
103pub const ATTR_DOMAIN_NAME: &str = "domain_name";
104pub const ATTR_DOMAIN_SSID: &str = "domain_ssid";
105pub const ATTR_DOMAIN_TOKEN_KEY: &str = "domain_token_key";
106pub const ATTR_DOMAIN_UUID: &str = "domain_uuid";
107pub const ATTR_DOMAIN: &str = "domain";
108pub const ATTR_DYNGROUP_FILTER: &str = "dyngroup_filter";
109pub const ATTR_DYNGROUP: &str = "dyngroup";
110pub const ATTR_DYNMEMBER: &str = "dynmember";
111pub const ATTR_LDAP_EMAIL_ADDRESS: &str = "emailaddress";
112pub const ATTR_LDAP_MAX_QUERYABLE_ATTRS: &str = "ldap_max_queryable_attrs";
113pub const ATTR_EMAIL_ALTERNATIVE: &str = "emailalternative";
114pub const ATTR_EMAIL_PRIMARY: &str = "emailprimary";
115pub const ATTR_EMAIL: &str = "email";
116pub const ATTR_ENTRYDN: &str = "entrydn";
117pub const ATTR_ENTRY_MANAGED_BY: &str = "entry_managed_by";
118pub const ATTR_ENTRYUUID: &str = "entryuuid";
119pub const ATTR_LDAP_KEYS: &str = "keys";
120pub const ATTR_LIMIT_SEARCH_MAX_RESULTS: &str = "limit_search_max_results";
121pub const ATTR_LIMIT_SEARCH_MAX_FILTER_TEST: &str = "limit_search_max_filter_test";
122pub const ATTR_EXCLUDES: &str = "excludes";
123pub const ATTR_ES256_PRIVATE_KEY_DER: &str = "es256_private_key_der";
124pub const ATTR_FERNET_PRIVATE_KEY_STR: &str = "fernet_private_key_str";
125pub const ATTR_GECOS: &str = "gecos";
126pub const ATTR_GIDNUMBER: &str = "gidnumber";
127pub const ATTR_GRANT_UI_HINT: &str = "grant_ui_hint";
128pub const ATTR_GROUP: &str = "group";
129pub const ATTR_ID_VERIFICATION_ECKEY: &str = "id_verification_eckey";
130pub const ATTR_IMAGE: &str = "image";
131pub const ATTR_INDEX: &str = "index";
132pub const ATTR_INDEXED: &str = "indexed";
133pub const ATTR_IPANTHASH: &str = "ipanthash";
134pub const ATTR_IPASSHPUBKEY: &str = "ipasshpubkey";
135pub const ATTR_JWS_ES256_PRIVATE_KEY: &str = "jws_es256_private_key";
136pub const ATTR_KEY_ACTION_ROTATE: &str = "key_action_rotate";
137pub const ATTR_KEY_ACTION_REVOKE: &str = "key_action_revoke";
138pub const ATTR_KEY_ACTION_IMPORT_JWS_ES256: &str = "key_action_import_jws_es256";
139pub const ATTR_KEY_ACTION_IMPORT_JWS_RS256: &str = "key_action_import_jws_rs256";
140pub const ATTR_KEY_INTERNAL_DATA: &str = "key_internal_data";
141pub const ATTR_KEY_PROVIDER: &str = "key_provider";
142pub const ATTR_LAST_MODIFIED_CID: &str = "last_modified_cid";
143pub const ATTR_LDAP_ALLOW_UNIX_PW_BIND: &str = "ldap_allow_unix_pw_bind";
144pub const ATTR_LEGALNAME: &str = "legalname";
145pub const ATTR_LINKEDGROUP: &str = "linked_group";
146pub const ATTR_LOGINSHELL: &str = "loginshell";
147pub const ATTR_MAIL: &str = "mail";
148pub const ATTR_MAIL_DESTINATION: &str = "mail_destination";
149pub const ATTR_MAY: &str = "may";
150pub const ATTR_MEMBER: &str = "member";
151pub const ATTR_MEMBEROF: &str = "memberof";
152pub const ATTR_MESSAGE_TEMPLATE: &str = "message_template";
153pub const ATTR_MULTIVALUE: &str = "multivalue";
154pub const ATTR_MUST: &str = "must";
155pub const ATTR_NAME_HISTORY: &str = "name_history";
156pub const ATTR_NAME: &str = "name";
157pub const ATTR_NO_INDEX: &str = "no-index";
158pub const ATTR_NSACCOUNTLOCK: &str = "nsaccountlock";
159pub const ATTR_NSUNIQUEID: &str = "nsuniqueid";
160
161pub const ATTR_OAUTH2_ALLOW_INSECURE_CLIENT_DISABLE_PKCE: &str =
162    "oauth2_allow_insecure_client_disable_pkce";
163pub const ATTR_OAUTH2_ALLOW_LOCALHOST_REDIRECT: &str = "oauth2_allow_localhost_redirect";
164pub const ATTR_OAUTH2_AUTHORISATION_ENDPOINT: &str = "oauth2_authorisation_endpoint";
165pub const ATTR_OAUTH2_CLIENT_ID: &str = "oauth2_client_id";
166pub const ATTR_OAUTH2_CLIENT_SECRET: &str = "oauth2_client_secret";
167pub const ATTR_OAUTH2_CONSENT_SCOPE_MAP: &str = "oauth2_consent_scope_map";
168pub const ATTR_OAUTH2_DEVICE_FLOW_ENABLE: &str = "oauth2_device_flow_enable";
169pub const ATTR_OAUTH2_JWT_LEGACY_CRYPTO_ENABLE: &str = "oauth2_jwt_legacy_crypto_enable";
170pub const ATTR_OAUTH2_PREFER_SHORT_USERNAME: &str = "oauth2_prefer_short_username";
171pub const ATTR_OAUTH2_REQUEST_SCOPES: &str = "oauth2_request_scopes";
172pub const ATTR_OAUTH2_RS_BASIC_SECRET: &str = "oauth2_rs_basic_secret";
173pub const ATTR_OAUTH2_RS_CLAIM_MAP: &str = "oauth2_rs_claim_map";
174pub const ATTR_OAUTH2_RS_IMPLICIT_SCOPES: &str = "oauth2_rs_implicit_scopes";
175pub const ATTR_OAUTH2_RS_NAME: &str = "oauth2_rs_name";
176pub const ATTR_OAUTH2_RS_ORIGIN_LANDING: &str = "oauth2_rs_origin_landing";
177pub const ATTR_OAUTH2_RS_ORIGIN: &str = "oauth2_rs_origin";
178pub const ATTR_OAUTH2_RS_SCOPE_MAP: &str = "oauth2_rs_scope_map";
179pub const ATTR_OAUTH2_RS_SUP_SCOPE_MAP: &str = "oauth2_rs_sup_scope_map";
180pub const ATTR_OAUTH2_RS_TOKEN_KEY: &str = "oauth2_rs_token_key";
181pub const ATTR_OAUTH2_SESSION: &str = "oauth2_session";
182pub const ATTR_OAUTH2_STRICT_REDIRECT_URI: &str = "oauth2_strict_redirect_uri";
183pub const ATTR_OAUTH2_TOKEN_ENDPOINT: &str = "oauth2_token_endpoint";
184pub const ATTR_OAUTH2_ACCOUNT_CREDENTIAL_UUID: &str = "oauth2_account_credential_uuid";
185pub const ATTR_OAUTH2_ACCOUNT_PROVIDER: &str = "oauth2_account_provider";
186pub const ATTR_OAUTH2_ACCOUNT_UNIQUE_USER_ID: &str = "oauth2_account_unique_user_id";
187pub const ATTR_OBJECTCLASS: &str = "objectclass";
188pub const ATTR_OTHER_NO_INDEX: &str = "other-no-index";
189pub const ATTR_PASSKEYS: &str = "passkeys";
190pub const ATTR_PASSWORD_IMPORT: &str = "password_import";
191pub const ATTR_PATCH_LEVEL: &str = "patch_level";
192pub const ATTR_PHANTOM: &str = "phantom";
193pub const ATTR_PRIMARY_CREDENTIAL: &str = "primary_credential";
194pub const ATTR_TOTP_IMPORT: &str = "totp_import";
195pub const ATTR_PRIVATE_COOKIE_KEY: &str = "private_cookie_key";
196pub const ATTR_PRIVILEGE_EXPIRY: &str = "privilege_expiry";
197pub const ATTR_RADIUS_SECRET: &str = "radius_secret";
198pub const ATTR_RECYCLED: &str = "recycled";
199pub const ATTR_RECYCLEDDIRECTMEMBEROF: &str = "recycled_directmemberof";
200pub const ATTR_REFERS: &str = "refers";
201pub const ATTR_REPLICATED: &str = "replicated";
202pub const ATTR_RS256_PRIVATE_KEY_DER: &str = "rs256_private_key_der";
203pub const ATTR_SCIM_SCHEMAS: &str = "schemas";
204pub const ATTR_SEND_AFTER: &str = "send_after";
205pub const ATTR_SENT_AT: &str = "sent_at";
206pub const ATTR_SCOPE: &str = "scope";
207pub const ATTR_SELF: &str = "self";
208pub const ATTR_SOURCE_UUID: &str = "source_uuid";
209pub const ATTR_SPN: &str = "spn";
210pub const ATTR_SUDOHOST: &str = "sudohost";
211pub const ATTR_SUPPLEMENTS: &str = "supplements";
212pub const ATTR_LDAP_SSHPUBLICKEY: &str = "sshpublickey";
213pub const ATTR_SSH_PUBLICKEY: &str = "ssh_publickey";
214pub const ATTR_SYNC_ALLOWED: &str = "sync_allowed";
215pub const ATTR_SYNC_CLASS: &str = "sync_class";
216pub const ATTR_SYNC_COOKIE: &str = "sync_cookie";
217pub const ATTR_SYNC_CREDENTIAL_PORTAL: &str = "sync_credential_portal";
218pub const ATTR_SYNC_EXTERNAL_ID: &str = "sync_external_id";
219pub const ATTR_SYNC_EXTERNAL_UUID: &str = "sync_external_uuid";
220pub const ATTR_SYNC_PARENT_UUID: &str = "sync_parent_uuid";
221pub const ATTR_SYNC_TOKEN_SESSION: &str = "sync_token_session";
222pub const ATTR_SYNC_YIELD_AUTHORITY: &str = "sync_yield_authority";
223pub const ATTR_SYNTAX: &str = "syntax";
224pub const ATTR_SYSTEMEXCLUDES: &str = "systemexcludes";
225pub const ATTR_SYSTEMMAY: &str = "systemmay";
226pub const ATTR_SYSTEMMUST: &str = "systemmust";
227pub const ATTR_SYSTEMSUPPLEMENTS: &str = "systemsupplements";
228pub const ATTR_TERM: &str = "term";
229pub const ATTR_UID: &str = "uid";
230pub const ATTR_UIDNUMBER: &str = "uidnumber";
231pub const ATTR_UNIQUE: &str = "unique";
232pub const ATTR_UNIX_PASSWORD: &str = "unix_password";
233pub const ATTR_UNIX_PASSWORD_IMPORT: &str = "unix_password_import";
234pub const ATTR_USER_AUTH_TOKEN_SESSION: &str = "user_auth_token_session";
235pub const ATTR_USERID: &str = "userid";
236pub const ATTR_USERPASSWORD: &str = "userpassword";
237pub const ATTR_UUID: &str = "uuid";
238pub const ATTR_VERSION: &str = "version";
239pub const ATTR_WEBAUTHN_ATTESTATION_CA_LIST: &str = "webauthn_attestation_ca_list";
240pub const ATTR_ALLOW_PRIMARY_CRED_FALLBACK: &str = "allow_primary_cred_fallback";
241
242pub const SUB_ATTR_PRIMARY: &str = "primary";
243pub const SUB_ATTR_TYPE: &str = "type";
244pub const SUB_ATTR_VALUE: &str = "value";
245
246pub const OAUTH2_SCOPE_EMAIL: &str = ATTR_EMAIL;
247pub const OAUTH2_SCOPE_GROUPS: &str = "groups";
248pub const OAUTH2_SCOPE_GROUPS_UUID: &str = "groups_uuid";
249pub const OAUTH2_SCOPE_GROUPS_NAME: &str = "groups_name";
250pub const OAUTH2_SCOPE_GROUPS_SPN: &str = "groups_spn";
251
252pub const OAUTH2_SCOPE_SSH_PUBLICKEYS: &str = "ssh_publickeys";
253pub const OAUTH2_SCOPE_OPENID: &str = "openid";
254pub const OAUTH2_SCOPE_READ: &str = "read";
255pub const OAUTH2_SCOPE_SUPPLEMENT: &str = "supplement";
256
257pub const LDAP_ATTR_CN: &str = "cn";
258pub const LDAP_ATTR_DN: &str = "dn";
259pub const LDAP_ATTR_DISPLAY_NAME: &str = "displayname";
260pub const LDAP_ATTR_EMAIL_ALTERNATIVE: &str = "emailalternative";
261pub const LDAP_ATTR_EMAIL_PRIMARY: &str = "emailprimary";
262pub const LDAP_ATTR_ENTRYDN: &str = "entrydn";
263pub const LDAP_ATTR_ENTRYUUID: &str = "entryuuid";
264pub const LDAP_ATTR_GROUPS: &str = "groups";
265pub const LDAP_ATTR_KEYS: &str = "keys";
266pub const LDAP_ATTR_MAIL_ALTERNATIVE: &str = "mail;alternative";
267pub const LDAP_ATTR_MAIL_PRIMARY: &str = "mail;primary";
268pub const LDAP_ATTR_MAIL: &str = "mail";
269pub const LDAP_ATTR_MEMBER: &str = "member";
270pub const LDAP_ATTR_NAME: &str = "name";
271pub const LDAP_ATTR_OBJECTCLASS: &str = "objectclass";
272pub const LDAP_ATTR_OU: &str = "ou";
273pub const LDAP_ATTR_UID: &str = "uid";
274pub const LDAP_CLASS_GROUPOFNAMES: &str = "groupofnames";
275
276// Rust can't deal with this being compiled out, don't try and #[cfg()] them
277pub const TEST_ATTR_NON_EXIST: &str = "non-exist";
278pub const TEST_ATTR_TEST_ATTR: &str = "testattr";
279pub const TEST_ATTR_TEST_ATTR_A: &str = "testattr_a";
280pub const TEST_ATTR_TEST_ATTR_B: &str = "testattr_b";
281pub const TEST_ATTR_TEST_ATTR_C: &str = "testattr_c";
282pub const TEST_ATTR_TEST_ATTR_D: &str = "testattr_d";
283pub const TEST_ATTR_EXTRA: &str = "extra";
284pub const TEST_ATTR_NUMBER: &str = "testattrnumber";
285pub const TEST_ATTR_NOTALLOWED: &str = "notallowed";
286pub const TEST_ENTRYCLASS_TEST_CLASS: &str = "testclass";
287
288/// HTTP Header containing an auth session ID for when you're going through an auth flow
289pub const KSESSIONID: &str = "X-KANIDM-AUTH-SESSION-ID";
290/// HTTP Header containing the backend operation ID
291pub const KOPID: &str = "X-KANIDM-OPID";
292/// HTTP Header containing the Kanidm server version
293pub const KVERSION: &str = "X-KANIDM-VERSION";
294
295/// X-Forwarded-For header
296pub const X_FORWARDED_FOR: &str = "x-forwarded-for";
297
298// OAuth
299pub const OAUTH2_DEVICE_CODE_SESSION: &str = "oauth2_device_code_session";
300pub const OAUTH2_RESOURCE_SERVER: &str = "oauth2_resource_server";
301pub const OAUTH2_RESOURCE_SERVER_BASIC: &str = "oauth2_resource_server_basic";
302pub const OAUTH2_RESOURCE_SERVER_PUBLIC: &str = "oauth2_resource_server_public";
303
304// Access Control
305pub const ACCESS_CONTROL_CREATE: &str = "access_control_create";
306pub const ACCESS_CONTROL_DELETE: &str = "access_control_delete";
307pub const ACCESS_CONTROL_MODIFY: &str = "access_control_modify";
308pub const ACCESS_CONTROL_PROFILE: &str = "access_control_profile";
309pub const ACCESS_CONTROL_RECEIVER_ENTRY_MANAGER: &str = "access_control_receiver_entry_manager";
310pub const ACCESS_CONTROL_RECEIVER_GROUP: &str = "access_control_receiver_group";
311pub const ACCESS_CONTROL_SEARCH: &str = "access_control_search";
312pub const ACCESS_CONTROL_TARGET_SCOPE: &str = "access_control_target_scope";
313
314/// Entryclass
315pub const ENTRYCLASS_BUILTIN: &str = "builtin";
316pub const ENTRYCLASS_ACCOUNT: &str = "account";
317pub const ENTRYCLASS_ACCOUNT_POLICY: &str = "account_policy";
318pub const ENTRYCLASS_APPLICATION: &str = "application";
319pub const ENTRYCLASS_ATTRIBUTE_TYPE: &str = "attributetype";
320pub const ENTRYCLASS_CASCADE_DELETED: &str = "cascade_deleted";
321pub const ENTRYCLASS_CLASS: &str = "class";
322pub const ENTRYCLASS_CLASS_TYPE: &str = "classtype";
323pub const ENTRYCLASS_CLIENT_CERTIFICATE: &str = "client_certificate";
324pub const ENTRYCLASS_CONFLICT: &str = "conflict";
325pub const ENTRYCLASS_DOMAIN_INFO: &str = "domain_info";
326pub const ENTRYCLASS_DYN_GROUP: &str = "dyngroup";
327pub const ENTRYCLASS_EXTENSIBLE_OBJECT: &str = "extensibleobject";
328pub const ENTRYCLASS_GROUP: &str = "group";
329pub const ENTRYCLASS_MEMBER_OF: &str = "memberof";
330pub const ENTRYCLASS_OAUTH2_ACCOUNT: &str = "oauth2_account";
331pub const ENTRYCLASS_OAUTH2_CLIENT: &str = "oauth2_client";
332pub const ENTRYCLASS_OBJECT: &str = "object";
333pub const ENTRYCLASS_ORG_PERSON: &str = "orgperson";
334pub const ENTRYCLASS_OUTBOUND_MESSAGE: &str = "outbound_message";
335pub const ENTRYCLASS_PERSON: &str = "person";
336pub const ENTRYCLASS_POSIX_ACCOUNT: &str = "posixaccount";
337pub const ENTRYCLASS_POSIX_GROUP: &str = "posixgroup";
338pub const ENTRYCLASS_RECYCLED: &str = "recycled";
339pub const ENTRYCLASS_SERVICE: &str = "service";
340pub const ENTRYCLASS_SERVICE_ACCOUNT: &str = "service_account";
341pub const ENTRYCLASS_SYNC_ACCOUNT: &str = "sync_account";
342pub const ENTRYCLASS_SYNC_OBJECT: &str = "sync_object";
343pub const ENTRYCLASS_SYSTEM: &str = "system";
344pub const ENTRYCLASS_SYSTEM_CONFIG: &str = "system_config";
345pub const ENTRYCLASS_SYSTEM_INFO: &str = "system_info";
346pub const ENTRYCLASS_TOMBSTONE: &str = "tombstone";
347pub const ENTRYCLASS_USER: &str = "user";
348pub const ENTRYCLASS_KEY_PROVIDER: &str = "key_provider";
349pub const ENTRYCLASS_KEY_PROVIDER_INTERNAL: &str = "key_provider_internal";
350pub const ENTRYCLASS_KEY_OBJECT: &str = "key_object";
351pub const ENTRYCLASS_KEY_OBJECT_HKDF_S256: &str = "key_object_hkdf_s256";
352pub const ENTRYCLASS_KEY_OBJECT_JWT_ES256: &str = "key_object_jwt_es256";
353pub const ENTRYCLASS_KEY_OBJECT_JWT_RS256: &str = "key_object_jwt_rs256";
354pub const ENTRYCLASS_KEY_OBJECT_JWE_A128GCM: &str = "key_object_jwe_a128gcm";
355pub const ENTRYCLASS_KEY_OBJECT_INTERNAL: &str = "key_object_internal";