1use crate::constants::entries::{Attribute, EntryClass};
3use crate::constants::uuids::*;
4use crate::schema::{SchemaAttribute, SchemaClass};
5use crate::value::SyntaxType;
6
7lazy_static!(
8
9pub static ref SCHEMA_ATTR_DISPLAYNAME_DL7: SchemaAttribute = SchemaAttribute {
10 uuid: UUID_SCHEMA_ATTR_DISPLAYNAME,
11 name: Attribute::DisplayName,
12 description: "The publicly visible display name of this person".to_string(),
13 indexed: true,
14 sync_allowed: true,
15 syntax: SyntaxType::Utf8String,
16 ..Default::default()
17};
18
19pub static ref SCHEMA_ATTR_MAIL_DL7: SchemaAttribute = SchemaAttribute {
20 uuid: UUID_SCHEMA_ATTR_MAIL,
21 name: Attribute::Mail,
22 description: "Mail addresses of the object".to_string(),
23 indexed: true,
24 unique: true,
25 multivalue: true,
26 sync_allowed: true,
27 syntax: SyntaxType::EmailAddress,
28 ..Default::default()
29};
30
31pub static ref SCHEMA_ATTR_EC_KEY_PRIVATE: SchemaAttribute = SchemaAttribute {
32 uuid: UUID_SCHEMA_ATTR_EC_KEY_PRIVATE,
33 name: Attribute::IdVerificationEcKey,
34 description: "Account verification private key".to_string(),
35 indexed: true,
36 unique: false,
37 sync_allowed: false,
38 syntax: SyntaxType::EcKeyPrivate,
39 ..Default::default()
40};
41
42pub static ref SCHEMA_ATTR_SSH_PUBLICKEY: SchemaAttribute = SchemaAttribute {
43 uuid: UUID_SCHEMA_ATTR_SSH_PUBLICKEY,
44 name: Attribute::SshPublicKey,
45 description: "SSH public keys of the object".to_string(),
46
47 multivalue: true,
48 sync_allowed: true,
49 syntax: SyntaxType::SshKey,
50 ..Default::default()
51};
52
53pub static ref SCHEMA_ATTR_PRIMARY_CREDENTIAL: SchemaAttribute = SchemaAttribute {
54 uuid: UUID_SCHEMA_ATTR_PRIMARY_CREDENTIAL,
55 name: Attribute::PrimaryCredential,
56 description: "Primary credential material of the account for authentication interactively".to_string(),
57 indexed: true,
58 sync_allowed: true,
59 syntax: SyntaxType::Credential,
60 ..Default::default()
61};
62
63pub static ref SCHEMA_ATTR_LEGALNAME_DL7: SchemaAttribute = SchemaAttribute {
64 uuid: UUID_SCHEMA_ATTR_LEGALNAME,
65 name: Attribute::LegalName,
66 description: "The private and sensitive legal name of this person".to_string(),
67 indexed: true,
68 sync_allowed: true,
69 syntax: SyntaxType::Utf8String,
70 ..Default::default()
71};
72
73pub static ref SCHEMA_ATTR_NAME_HISTORY: SchemaAttribute = SchemaAttribute {
74 uuid: UUID_SCHEMA_ATTR_NAME_HISTORY,
75 name: Attribute::NameHistory,
76 description: "The history of names that a person has had".to_string(),
77 indexed: true,
78 multivalue: true,
79 sync_allowed: true,
80 syntax: SyntaxType::AuditLogString,
81 ..Default::default()
82};
83
84pub static ref SCHEMA_ATTR_RADIUS_SECRET: SchemaAttribute = SchemaAttribute {
85 uuid: UUID_SCHEMA_ATTR_RADIUS_SECRET,
86 name: Attribute::RadiusSecret,
87 description: "The accounts generated radius secret for device network authentication".to_string(),
88 sync_allowed: true,
89 syntax: SyntaxType::SecretUtf8String,
90 ..Default::default()
91};
92
93pub static ref SCHEMA_ATTR_DOMAIN_NAME: SchemaAttribute = SchemaAttribute {
94 uuid: UUID_SCHEMA_ATTR_DOMAIN_NAME,
95 name: Attribute::DomainName,
96 description: "The domain's DNS name for webauthn and SPN generation purposes".to_string(),
97 indexed: true,
98 unique: true,
99 syntax: SyntaxType::Utf8StringIname,
100 ..Default::default()
101};
102
103pub static ref SCHEMA_ATTR_LDAP_ALLOW_UNIX_PW_BIND: SchemaAttribute = SchemaAttribute {
104 uuid: UUID_SCHEMA_ATTR_LDAP_ALLOW_UNIX_PW_BIND,
105 name: Attribute::LdapAllowUnixPwBind,
106 description: "Configuration to enable binds to LDAP objects using their UNIX password".to_string(),
107 unique: false,
108 syntax: SyntaxType::Boolean,
109 ..Default::default()
110};
111
112pub static ref SCHEMA_ATTR_DOMAIN_LDAP_BASEDN: SchemaAttribute = SchemaAttribute {
113 uuid: UUID_SCHEMA_ATTR_DOMAIN_LDAP_BASEDN,
114 name: Attribute::DomainLdapBasedn,
115 description: "The domain's optional ldap basedn. If unset defaults to domain components of domain name".to_string(),
116 unique: true,
117 syntax: SyntaxType::Utf8StringInsensitive,
118 ..Default::default()
119};
120
121pub static ref SCHEMA_ATTR_LDAP_MAXIMUM_QUERYABLE_ATTRIBUTES: SchemaAttribute = SchemaAttribute {
122 uuid: UUID_SCHEMA_ATTR_LDAP_MAXIMUM_QUERYABLE_ATTRIBUTES,
123 name: Attribute::LdapMaxQueryableAttrs,
124 description: "The maximum number of LDAP attributes that can be queried in one operation".to_string(),
125 multivalue: false,
126 sync_allowed: true,
127 syntax: SyntaxType::Uint32,
128 ..Default::default()
129};
130
131pub static ref SCHEMA_ATTR_DOMAIN_DISPLAY_NAME: SchemaAttribute = SchemaAttribute {
132 uuid: UUID_SCHEMA_ATTR_DOMAIN_DISPLAY_NAME,
133 name: Attribute::DomainDisplayName,
134 description: "The user-facing display name of the Kanidm domain".to_string(),
135 indexed: true,
136 syntax: SyntaxType::Utf8String,
137 ..Default::default()
138};
139
140pub static ref SCHEMA_ATTR_DOMAIN_UUID: SchemaAttribute = SchemaAttribute {
141 uuid: UUID_SCHEMA_ATTR_DOMAIN_UUID,
142 name: Attribute::DomainUuid,
143 description: "The domain's uuid, used in CSN and trust relationships".to_string(),
144 indexed: true,
145 unique: true,
146 syntax: SyntaxType::Uuid,
147 ..Default::default()
148};
149
150pub static ref SCHEMA_ATTR_DOMAIN_SSID: SchemaAttribute = SchemaAttribute {
151 uuid: UUID_SCHEMA_ATTR_DOMAIN_SSID,
152 name: Attribute::DomainSsid,
153 description: "The domains site-wide SSID for device autoconfiguration of wireless".to_string(),
154 indexed: true,
155 unique: true,
156 syntax: SyntaxType::Utf8String,
157 ..Default::default()
158};
159
160pub static ref SCHEMA_ATTR_DENIED_NAME_DL10: SchemaAttribute = SchemaAttribute {
161 uuid: UUID_SCHEMA_ATTR_DENIED_NAME,
162 name: Attribute::DeniedName,
163 description: "Iname values that are not allowed to be used in 'name'.".to_string(),
164 syntax: SyntaxType::Utf8StringIname,
165 multivalue: true,
166 ..Default::default()
167};
168
169pub static ref SCHEMA_ATTR_DOMAIN_TOKEN_KEY: SchemaAttribute = SchemaAttribute {
170 uuid: UUID_SCHEMA_ATTR_DOMAIN_TOKEN_KEY,
171 name: Attribute::DomainTokenKey,
172 description: "The domain token encryption private key (NOT USED)".to_string(),
173 syntax: SyntaxType::SecretUtf8String,
174 ..Default::default()
175};
176
177pub static ref SCHEMA_ATTR_FERNET_PRIVATE_KEY_STR: SchemaAttribute = SchemaAttribute {
178 uuid: UUID_SCHEMA_ATTR_FERNET_PRIVATE_KEY_STR,
179 name: Attribute::FernetPrivateKeyStr,
180 description: "The token encryption private key".to_string(),
181
182 syntax: SyntaxType::SecretUtf8String,
183 ..Default::default()
184};
185
186pub static ref SCHEMA_ATTR_GIDNUMBER: SchemaAttribute = SchemaAttribute {
187 uuid: UUID_SCHEMA_ATTR_GIDNUMBER,
188 name: Attribute::GidNumber,
189 description: "The groupid (uid) number of a group or account.to_string(). This is the same value as the UID number on posix accounts for security reasons".to_string(),
190 indexed: true,
191 unique: true,
192 sync_allowed: true,
193 syntax: SyntaxType::Uint32,
194 ..Default::default()
195};
196
197pub static ref SCHEMA_ATTR_BADLIST_PASSWORD: SchemaAttribute = SchemaAttribute {
198 uuid: UUID_SCHEMA_ATTR_BADLIST_PASSWORD,
199 name: Attribute::BadlistPassword,
200 description: "A password that is badlisted meaning that it can not be set as a valid password by any user account".to_string(),
201 multivalue: true,
202 syntax: SyntaxType::Utf8StringInsensitive,
203 ..Default::default()
204};
205
206pub static ref SCHEMA_ATTR_AUTH_SESSION_EXPIRY: SchemaAttribute = SchemaAttribute {
207 uuid: UUID_SCHEMA_ATTR_AUTH_SESSION_EXPIRY,
208 name: Attribute::AuthSessionExpiry,
209 description: "An expiration time for an authentication session".to_string(),
210 syntax: SyntaxType::Uint32,
211 ..Default::default()
212};
213
214pub static ref SCHEMA_ATTR_AUTH_PRIVILEGE_EXPIRY: SchemaAttribute = SchemaAttribute {
215 uuid: UUID_SCHEMA_ATTR_AUTH_PRIVILEGE_EXPIRY,
216 name: Attribute::PrivilegeExpiry,
217 description: "An expiration time for a privileged authentication session".to_string(),
218 syntax: SyntaxType::Uint32,
219 ..Default::default()
220};
221
222pub static ref SCHEMA_ATTR_AUTH_PASSWORD_MINIMUM_LENGTH: SchemaAttribute = SchemaAttribute {
223 uuid: UUID_SCHEMA_ATTR_AUTH_PASSWORD_MINIMUM_LENGTH,
224 name: Attribute::AuthPasswordMinimumLength,
225 description: "Minimum length of passwords".to_string(),
226 syntax: SyntaxType::Uint32,
227 ..Default::default()
228};
229
230pub static ref SCHEMA_ATTR_LOGINSHELL: SchemaAttribute = SchemaAttribute {
231 uuid: UUID_SCHEMA_ATTR_LOGINSHELL,
232 name: Attribute::LoginShell,
233 description: "A POSIX user's UNIX login shell".to_string(),
234 sync_allowed: true,
235 syntax: SyntaxType::Utf8StringInsensitive,
236 ..Default::default()
237};
238
239pub static ref SCHEMA_ATTR_UNIX_PASSWORD: SchemaAttribute = SchemaAttribute {
240 uuid: UUID_SCHEMA_ATTR_UNIX_PASSWORD,
241 name: Attribute::UnixPassword,
242 description: "A POSIX user's UNIX login password".to_string(),
243 indexed: true,
244 syntax: SyntaxType::Credential,
245 ..Default::default()
246};
247
248pub static ref SCHEMA_ATTR_NSUNIQUEID: SchemaAttribute = SchemaAttribute {
249 uuid: UUID_SCHEMA_ATTR_NSUNIQUEID,
250 name: Attribute::NsUniqueId,
251 description: "A unique id compatibility for 389-ds/dsee".to_string(),
252 indexed: true,
253 unique: true,
254 sync_allowed: true,
255 syntax: SyntaxType::NsUniqueId,
256 ..Default::default()
257};
258
259pub static ref SCHEMA_ATTR_ACCOUNT_EXPIRE: SchemaAttribute = SchemaAttribute {
260 uuid: UUID_SCHEMA_ATTR_ACCOUNT_EXPIRE,
261 name: Attribute::AccountExpire,
262 description: "The datetime after which this account no longer may authenticate".to_string(),
263 sync_allowed: true,
264 syntax: SyntaxType::DateTime,
265 ..Default::default()
266};
267
268pub static ref SCHEMA_ATTR_ACCOUNT_VALID_FROM: SchemaAttribute = SchemaAttribute {
269 uuid: UUID_SCHEMA_ATTR_ACCOUNT_VALID_FROM,
270 name: Attribute::AccountValidFrom,
271 description: "The datetime after which this account may commence authenticating".to_string(),
272 sync_allowed: true,
273 syntax: SyntaxType::DateTime,
274 ..Default::default()
275};
276
277pub static ref SCHEMA_ATTR_WEBAUTHN_ATTESTATION_CA_LIST: SchemaAttribute = SchemaAttribute {
278 uuid: UUID_SCHEMA_ATTR_WEBAUTHN_ATTESTATION_CA_LIST,
279 name: Attribute::WebauthnAttestationCaList,
280 description: "A set of CA's that limit devices that can be used with webauthn".to_string(),
281 syntax: SyntaxType::WebauthnAttestationCaList,
282 multivalue: true,
283 ..Default::default()
284};
285
286pub static ref SCHEMA_ATTR_OAUTH2_RS_NAME: SchemaAttribute = SchemaAttribute {
287 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_NAME,
288 name: Attribute::OAuth2RsName,
289 description: "The unique name of an external Oauth2 resource".to_string(),
290 indexed: true,
291 unique: true,
292 syntax: SyntaxType::Utf8StringIname,
293 ..Default::default()
294};
295
296pub static ref SCHEMA_ATTR_OAUTH2_RS_ORIGIN_DL7: SchemaAttribute = SchemaAttribute {
297 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_ORIGIN,
298 name: Attribute::OAuth2RsOrigin,
299 description: "The origin domain of an OAuth2 client".to_string(),
300 syntax: SyntaxType::Url,
301 multivalue: true,
302 ..Default::default()
303};
304
305pub static ref SCHEMA_ATTR_OAUTH2_RS_ORIGIN_LANDING: SchemaAttribute = SchemaAttribute {
306 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_ORIGIN_LANDING,
307 name: Attribute::OAuth2RsOriginLanding,
308 description: "The landing page of an RS, that will automatically trigger the auth process".to_string(),
309 syntax: SyntaxType::Url,
310 ..Default::default()
311};
312
313pub static ref SCHEMA_ATTR_OAUTH2_ALLOW_LOCALHOST_REDIRECT_DL4: SchemaAttribute = SchemaAttribute {
315 uuid: UUID_SCHEMA_ATTR_OAUTH2_ALLOW_LOCALHOST_REDIRECT,
316 name: Attribute::OAuth2AllowLocalhostRedirect,
317 description: "Allow public clients associated to this RS to redirect to localhost".to_string(),
318 syntax: SyntaxType::Boolean,
319 ..Default::default()
320};
321
322pub static ref SCHEMA_ATTR_OAUTH2_RS_CLAIM_MAP_DL4: SchemaAttribute = SchemaAttribute {
323 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_CLAIM_MAP,
324 name: Attribute::OAuth2RsClaimMap,
325 description: "A set of custom claims mapped to group memberships of accounts".to_string(),
326 indexed: true,
327 multivalue: true,
328 syntax: SyntaxType::OauthClaimMap,
330 ..Default::default()
331};
332
333pub static ref SCHEMA_ATTR_OAUTH2_RS_SCOPE_MAP: SchemaAttribute = SchemaAttribute {
334 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_SCOPE_MAP,
335 name: Attribute::OAuth2RsScopeMap,
336 description: "A reference to a group mapped to scopes for the associated oauth2 resource server".to_string(),
337 indexed: true,
338 multivalue: true,
339 syntax: SyntaxType::OauthScopeMap,
340 ..Default::default()
341};
342
343pub static ref SCHEMA_ATTR_OAUTH2_RS_SUP_SCOPE_MAP: SchemaAttribute = SchemaAttribute {
344 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_SUP_SCOPE_MAP,
345 name: Attribute::OAuth2RsSupScopeMap,
346 description: "A reference to a group mapped to scopes for the associated oauth2 resource server".to_string(),
347 indexed: true,
348 multivalue: true,
349 syntax: SyntaxType::OauthScopeMap,
350 ..Default::default()
351};
352
353pub static ref SCHEMA_ATTR_OAUTH2_RS_BASIC_SECRET: SchemaAttribute = SchemaAttribute {
354 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_BASIC_SECRET,
355 name: Attribute::OAuth2RsBasicSecret,
356 description: "When using oauth2 basic authentication, the secret string of the resource server".to_string(),
357 syntax: SyntaxType::SecretUtf8String,
358 ..Default::default()
359};
360
361pub static ref SCHEMA_ATTR_OAUTH2_RS_TOKEN_KEY: SchemaAttribute = SchemaAttribute {
362 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_TOKEN_KEY,
363 name: Attribute::OAuth2RsTokenKey,
364 description: "An oauth2 resource servers unique token signing key".to_string(),
365 syntax: SyntaxType::SecretUtf8String,
366 ..Default::default()
367};
368
369pub static ref SCHEMA_ATTR_OAUTH2_RS_IMPLICIT_SCOPES: SchemaAttribute = SchemaAttribute {
370 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_IMPLICIT_SCOPES,
371 name: Attribute::OAuth2RsImplicitScopes,
372 description: "An oauth2 resource servers scopes that are implicitly granted to all users".to_string(),
373 multivalue: true,
374 syntax: SyntaxType::OauthScope,
375 ..Default::default()
376};
377
378pub static ref SCHEMA_ATTR_OAUTH2_CONSENT_SCOPE_MAP: SchemaAttribute = SchemaAttribute {
379 uuid: UUID_SCHEMA_ATTR_OAUTH2_CONSENT_SCOPE_MAP,
380 name: Attribute::OAuth2ConsentScopeMap,
381 description: "A set of scopes mapped from a relying server to a user, where the user has previously consented to the following. If changed or deleted, consent will be re-sought".to_string(),
382 indexed: true,
383 multivalue: true,
384 syntax: SyntaxType::OauthScopeMap,
385 ..Default::default()
386};
387
388pub static ref SCHEMA_ATTR_OAUTH2_STRICT_REDIRECT_URI_DL7: SchemaAttribute = SchemaAttribute {
389 uuid: UUID_SCHEMA_ATTR_OAUTH2_STRICT_REDIRECT_URI,
390 name: Attribute::OAuth2StrictRedirectUri,
391 description: "Represents if strict redirect uri enforcement is enabled.".to_string(),
392 syntax: SyntaxType::Boolean,
393 ..Default::default()
394};
395
396
397pub static ref SCHEMA_ATTR_OAUTH2_DEVICE_FLOW_ENABLE_DL9: SchemaAttribute = SchemaAttribute {
398 uuid: UUID_SCHEMA_ATTR_OAUTH2_DEVICE_FLOW_ENABLE,
399 name: Attribute::OAuth2DeviceFlowEnable,
400 description: "Represents if OAuth2 Device Flow is permitted on this client.".to_string(),
401 syntax: SyntaxType::Boolean,
402 ..Default::default()
403};
404
405pub static ref SCHEMA_ATTR_ES256_PRIVATE_KEY_DER: SchemaAttribute = SchemaAttribute {
406 uuid: UUID_SCHEMA_ATTR_ES256_PRIVATE_KEY_DER,
407 name: Attribute::Es256PrivateKeyDer,
408 description: "An es256 private key".to_string(),
409 syntax: SyntaxType::PrivateBinary,
410 ..Default::default()
411};
412
413pub static ref SCHEMA_ATTR_RS256_PRIVATE_KEY_DER: SchemaAttribute = SchemaAttribute {
414 uuid: UUID_SCHEMA_ATTR_RS256_PRIVATE_KEY_DER,
415 name: Attribute::Rs256PrivateKeyDer,
416 description: "An rs256 private key".to_string(),
417 syntax: SyntaxType::PrivateBinary,
418 ..Default::default()
419};
420
421pub static ref SCHEMA_ATTR_JWS_ES256_PRIVATE_KEY: SchemaAttribute = SchemaAttribute {
422 uuid: UUID_SCHEMA_ATTR_JWS_ES256_PRIVATE_KEY,
423 name: Attribute::JwsEs256PrivateKey,
424 description: "An es256 private key for jws".to_string(),
425 indexed: true,
426 unique: true,
427 syntax: SyntaxType::JwsKeyEs256,
428 ..Default::default()
429};
430
431pub static ref SCHEMA_ATTR_PRIVATE_COOKIE_KEY: SchemaAttribute = SchemaAttribute {
433 uuid: UUID_SCHEMA_ATTR_PRIVATE_COOKIE_KEY,
434 name: Attribute::PrivateCookieKey,
435 description: "An private cookie hmac key".to_string(),
436 syntax: SyntaxType::PrivateBinary,
437 ..Default::default()
438};
439
440pub static ref SCHEMA_ATTR_OAUTH2_ALLOW_INSECURE_CLIENT_DISABLE_PKCE: SchemaAttribute = SchemaAttribute {
441 uuid: UUID_SCHEMA_ATTR_OAUTH2_ALLOW_INSECURE_CLIENT_DISABLE_PKCE,
442 name: Attribute::OAuth2AllowInsecureClientDisablePkce,
443 description: "Allows disabling of PKCE for insecure OAuth2 clients".to_string(),
444 syntax: SyntaxType::Boolean,
445 ..Default::default()
446};
447
448pub static ref SCHEMA_ATTR_OAUTH2_JWT_LEGACY_CRYPTO_ENABLE: SchemaAttribute = SchemaAttribute {
449 uuid: UUID_SCHEMA_ATTR_OAUTH2_JWT_LEGACY_CRYPTO_ENABLE,
450 name: Attribute::OAuth2JwtLegacyCryptoEnable,
451 description: "Allows enabling legacy JWT cryptograhpy for clients".to_string(),
452 syntax: SyntaxType::Boolean,
453 ..Default::default()
454};
455
456pub static ref SCHEMA_ATTR_CREDENTIAL_UPDATE_INTENT_TOKEN: SchemaAttribute = SchemaAttribute {
457 uuid: UUID_SCHEMA_ATTR_CREDENTIAL_UPDATE_INTENT_TOKEN,
458 name: Attribute::CredentialUpdateIntentToken,
459 description: "The status of a credential update intent token".to_string(),
460 indexed: true,
461 multivalue: true,
462 syntax: SyntaxType::IntentToken,
463 ..Default::default()
464};
465
466pub static ref SCHEMA_ATTR_PASSKEYS: SchemaAttribute = SchemaAttribute {
467 uuid: UUID_SCHEMA_ATTR_PASSKEYS,
468 name: Attribute::PassKeys,
469 description: "A set of registered passkeys".to_string(),
470 indexed: true,
471 multivalue: true,
472 sync_allowed: true,
473 syntax: SyntaxType::Passkey,
474 ..Default::default()
475};
476
477pub static ref SCHEMA_ATTR_ATTESTED_PASSKEYS: SchemaAttribute = SchemaAttribute {
478 uuid: UUID_SCHEMA_ATTR_ATTESTED_PASSKEYS,
479 name: Attribute::AttestedPasskeys,
480 description: "A set of registered device keys".to_string(),
481 indexed: true,
482 multivalue: true,
483 sync_allowed: true,
484 syntax: SyntaxType::AttestedPasskey,
485 ..Default::default()
486};
487
488pub static ref SCHEMA_ATTR_DYNGROUP_FILTER: SchemaAttribute = SchemaAttribute {
489 uuid: UUID_SCHEMA_ATTR_DYNGROUP_FILTER,
490 name: Attribute::DynGroupFilter,
491 description: "A filter describing the set of entries to add to a dynamic group".to_string(),
492 syntax: SyntaxType::JsonFilter,
493 ..Default::default()
494};
495
496pub static ref SCHEMA_ATTR_OAUTH2_PREFER_SHORT_USERNAME: SchemaAttribute = SchemaAttribute {
497 uuid: UUID_SCHEMA_ATTR_OAUTH2_PREFER_SHORT_USERNAME,
498 name: Attribute::OAuth2PreferShortUsername,
499 description: "Use 'name' instead of 'spn' in the preferred_username claim".to_string(),
500 syntax: SyntaxType::Boolean,
501 ..Default::default()
502};
503
504pub static ref SCHEMA_ATTR_API_TOKEN_SESSION: SchemaAttribute = SchemaAttribute {
505 uuid: UUID_SCHEMA_ATTR_API_TOKEN_SESSION,
506 name: Attribute::ApiTokenSession,
507 description: "A session entry related to an issued API token".to_string(),
508 indexed: true,
509 unique: true,
510 multivalue: true,
511 syntax: SyntaxType::ApiToken,
512 ..Default::default()
513};
514
515pub static ref SCHEMA_ATTR_USER_AUTH_TOKEN_SESSION: SchemaAttribute = SchemaAttribute {
516 uuid: UUID_SCHEMA_ATTR_USER_AUTH_TOKEN_SESSION,
517 name: Attribute::UserAuthTokenSession,
518 description: "A session entry related to an issued user auth token".to_string(),
519 indexed: true,
520 unique: true,
521 multivalue: true,
522 syntax: SyntaxType::Session,
523 ..Default::default()
524};
525
526pub static ref SCHEMA_ATTR_OAUTH2_SESSION: SchemaAttribute = SchemaAttribute {
527 uuid: UUID_SCHEMA_ATTR_OAUTH2_SESSION,
528 name: Attribute::OAuth2Session,
529 description: "A session entry to an active oauth2 session, bound to a parent user auth token".to_string(),
530 indexed: true,
531 multivalue: true,
532 syntax: SyntaxType::Oauth2Session,
533 ..Default::default()
534};
535
536pub static ref SCHEMA_ATTR_SYNC_TOKEN_SESSION: SchemaAttribute = SchemaAttribute {
537 uuid: UUID_SCHEMA_ATTR_SYNC_TOKEN_SESSION,
538 name: Attribute::SyncTokenSession,
539 description: "A session entry related to an issued sync token".to_string(),
540 indexed: true,
541 unique: true,
542 syntax: SyntaxType::ApiToken,
543 ..Default::default()
544};
545
546pub static ref SCHEMA_ATTR_SYNC_COOKIE: SchemaAttribute = SchemaAttribute {
547 uuid: UUID_SCHEMA_ATTR_SYNC_COOKIE,
548 name: Attribute::SyncCookie,
549 description: "A private sync cookie for a remote IDM source".to_string(),
550 syntax: SyntaxType::PrivateBinary,
551 ..Default::default()
552};
553
554pub static ref SCHEMA_ATTR_GRANT_UI_HINT: SchemaAttribute = SchemaAttribute {
555 uuid: UUID_SCHEMA_ATTR_GRANT_UI_HINT,
556 name: Attribute::GrantUiHint,
557 description: "A UI hint that is granted via membership to a group".to_string(),
558 indexed: true,
559 multivalue: true,
560 syntax: SyntaxType::UiHint,
561 ..Default::default()
562};
563
564pub static ref SCHEMA_ATTR_SYNC_CREDENTIAL_PORTAL: SchemaAttribute = SchemaAttribute {
565 uuid: UUID_SCHEMA_ATTR_SYNC_CREDENTIAL_PORTAL,
566 name: Attribute::SyncCredentialPortal,
567 description: "The url of an external credential portal for synced accounts to visit to update their credentials".to_string(),
568 syntax: SyntaxType::Url,
569 ..Default::default()
570};
571
572pub static ref SCHEMA_ATTR_SYNC_YIELD_AUTHORITY: SchemaAttribute = SchemaAttribute {
573 uuid: UUID_SCHEMA_ATTR_SYNC_YIELD_AUTHORITY,
574 name: Attribute::SyncYieldAuthority,
575 description: "A set of attributes that have their authority yielded to Kanidm in a sync agreement".to_string(),
576 multivalue: true,
577 syntax: SyntaxType::Utf8StringInsensitive,
578 ..Default::default()
579};
580
581pub static ref SCHEMA_ATTR_CREDENTIAL_TYPE_MINIMUM: SchemaAttribute = SchemaAttribute {
582 uuid: UUID_SCHEMA_ATTR_CREDENTIAL_TYPE_MINIMUM,
583 name: Attribute::CredentialTypeMinimum,
584 description: "The minimum level of credential type that can satisfy this policy".to_string(),
585 multivalue: false,
586 syntax: SyntaxType::CredentialType,
587 ..Default::default()
588};
589
590pub static ref SCHEMA_ATTR_LIMIT_SEARCH_MAX_RESULTS_DL6: SchemaAttribute = SchemaAttribute {
591 uuid: UUID_SCHEMA_ATTR_LIMIT_SEARCH_MAX_RESULTS,
592 name: Attribute::LimitSearchMaxResults,
593 description: "The maximum number of query results that may be returned in a single operation".to_string(),
594 multivalue: false,
595 syntax: SyntaxType::Uint32,
596 ..Default::default()
597};
598
599pub static ref SCHEMA_ATTR_LIMIT_SEARCH_MAX_FILTER_TEST_DL6: SchemaAttribute = SchemaAttribute {
600 uuid: UUID_SCHEMA_ATTR_LIMIT_SEARCH_MAX_FILTER_TEST,
601 name: Attribute::LimitSearchMaxFilterTest,
602 description: "The maximum number of entries that may be examined in a partially indexed query".to_string(),
603 multivalue: false,
604 syntax: SyntaxType::Uint32,
605 ..Default::default()
606};
607
608pub static ref SCHEMA_ATTR_KEY_INTERNAL_DATA_DL6: SchemaAttribute = SchemaAttribute {
609 uuid: UUID_SCHEMA_ATTR_KEY_INTERNAL_DATA,
610 name: Attribute::KeyInternalData,
611 description: "".to_string(),
612 multivalue: true,
613 syntax: SyntaxType::KeyInternal,
614 ..Default::default()
615};
616
617pub static ref SCHEMA_ATTR_KEY_PROVIDER_DL6: SchemaAttribute = SchemaAttribute {
618 uuid: UUID_SCHEMA_ATTR_KEY_PROVIDER,
619 name: Attribute::KeyProvider,
620 description: "".to_string(),
621 multivalue: false,
622 indexed: true,
623 syntax: SyntaxType::ReferenceUuid,
624 ..Default::default()
625};
626
627pub static ref SCHEMA_ATTR_KEY_ACTION_ROTATE_DL6: SchemaAttribute = SchemaAttribute {
628 uuid: UUID_SCHEMA_ATTR_KEY_ACTION_ROTATE,
629 name: Attribute::KeyActionRotate,
630 description: "".to_string(),
631 multivalue: false,
632 phantom: true,
634 syntax: SyntaxType::DateTime,
635 ..Default::default()
636};
637
638pub static ref SCHEMA_ATTR_KEY_ACTION_REVOKE_DL6: SchemaAttribute = SchemaAttribute {
639 uuid: UUID_SCHEMA_ATTR_KEY_ACTION_REVOKE,
640 name: Attribute::KeyActionRevoke,
641 description: "".to_string(),
642 multivalue: true,
643 phantom: true,
645 syntax: SyntaxType::HexString,
646 ..Default::default()
647};
648
649pub static ref SCHEMA_ATTR_KEY_ACTION_IMPORT_JWS_ES256_DL6: SchemaAttribute = SchemaAttribute {
650 uuid: UUID_SCHEMA_ATTR_KEY_ACTION_IMPORT_JWS_ES256,
651 name: Attribute::KeyActionImportJwsEs256,
652 description: "".to_string(),
653 multivalue: true,
654 phantom: true,
656 syntax: SyntaxType::PrivateBinary,
657 ..Default::default()
658};
659
660pub static ref SCHEMA_ATTR_KEY_ACTION_IMPORT_JWS_RS256_DL6: SchemaAttribute = SchemaAttribute {
661 uuid: UUID_SCHEMA_ATTR_KEY_ACTION_IMPORT_JWS_RS256,
662 name: Attribute::KeyActionImportJwsRs256,
663 description: "".to_string(),
664 multivalue: true,
665 phantom: true,
667 syntax: SyntaxType::PrivateBinary,
668 ..Default::default()
669};
670
671pub static ref SCHEMA_ATTR_PATCH_LEVEL_DL7: SchemaAttribute = SchemaAttribute {
672 uuid: UUID_SCHEMA_ATTR_PATCH_LEVEL,
673 name: Attribute::PatchLevel,
674 description: "".to_string(),
675 syntax: SyntaxType::Uint32,
676 ..Default::default()
677};
678
679pub static ref SCHEMA_ATTR_DOMAIN_DEVELOPMENT_TAINT_DL7: SchemaAttribute = SchemaAttribute {
680 uuid: UUID_SCHEMA_ATTR_DOMAIN_DEVELOPMENT_TAINT,
681 name: Attribute::DomainDevelopmentTaint,
682 description: "A flag to show that the domain has been run on a development build, and will need additional work to upgrade/migrate.".to_string(),
683 syntax: SyntaxType::Boolean,
684 ..Default::default()
685};
686
687pub static ref SCHEMA_ATTR_DOMAIN_ALLOW_EASTER_EGGS_DL9: SchemaAttribute = SchemaAttribute {
688 uuid: UUID_SCHEMA_ATTR_DOMAIN_ALLOW_EASTER_EGGS,
689 name: Attribute::DomainAllowEasterEggs,
690 description: "A flag to enable easter eggs in the server that may not always be wanted by all users/deployments.".to_string(),
691 syntax: SyntaxType::Boolean,
692 ..Default::default()
693};
694
695pub static ref SCHEMA_ATTR_REFERS_DL7: SchemaAttribute = SchemaAttribute {
696 uuid: UUID_SCHEMA_ATTR_REFERS,
697 name: Attribute::Refers,
698 description: "A reference to linked object".to_string(),
699 indexed: true,
700 multivalue: false,
701 syntax: SyntaxType::ReferenceUuid,
702 ..Default::default()
703};
704
705pub static ref SCHEMA_ATTR_LINKED_GROUP_DL8: SchemaAttribute = SchemaAttribute {
706 uuid: UUID_SCHEMA_ATTR_LINKED_GROUP,
707 name: Attribute::LinkedGroup,
708 description: "A reference linking a group to an entry".to_string(),
709 multivalue: false,
710 indexed: true,
711 syntax: SyntaxType::ReferenceUuid,
712 ..Default::default()
713};
714
715pub static ref SCHEMA_ATTR_ALLOW_PRIMARY_CRED_FALLBACK_DL8: SchemaAttribute = SchemaAttribute {
716 uuid: UUID_SCHEMA_ATTR_ALLOW_PRIMARY_CRED_FALLBACK,
717 name: Attribute::AllowPrimaryCredFallback,
718 description: "Allow fallback to primary password if no POSIX password exists".to_string(),
719 multivalue: false,
720 syntax: SyntaxType::Boolean,
721 ..Default::default()
722};
723
724pub static ref SCHEMA_ATTR_CERTIFICATE_DL7: SchemaAttribute = SchemaAttribute {
725 uuid: UUID_SCHEMA_ATTR_CERTIFICATE,
726 name: Attribute::Certificate,
727 description: "An x509 Certificate".to_string(),
728 multivalue: false,
729 syntax: SyntaxType::Certificate,
730 ..Default::default()
731};
732
733pub static ref SCHEMA_ATTR_APPLICATION_PASSWORD_DL8: SchemaAttribute = SchemaAttribute {
734 uuid: UUID_SCHEMA_ATTR_APPLICATION_PASSWORD,
735 name: Attribute::ApplicationPassword,
736 description: "A set of application passwords".to_string(),
737 multivalue: true,
738 indexed: true,
739 syntax: SyntaxType::ApplicationPassword,
740 ..Default::default()
741};
742
743pub static ref SCHEMA_CLASS_PERSON_DL8: SchemaClass = SchemaClass {
745 uuid: UUID_SCHEMA_CLASS_PERSON,
746 name: EntryClass::Person.into(),
747 description: "Object representation of a person".to_string(),
748
749 sync_allowed: true,
750 systemmay: vec![
751 Attribute::PrimaryCredential,
752 Attribute::PassKeys,
753 Attribute::AttestedPasskeys,
754 Attribute::CredentialUpdateIntentToken,
755 Attribute::SshPublicKey,
756 Attribute::RadiusSecret,
757 Attribute::OAuth2ConsentScopeMap,
758 Attribute::UserAuthTokenSession,
759 Attribute::OAuth2Session,
760 Attribute::Mail,
761 Attribute::LegalName,
762 Attribute::ApplicationPassword,
763 ],
764 systemmust: vec![
765 Attribute::IdVerificationEcKey
766 ],
767 systemexcludes: vec![EntryClass::ServiceAccount.into(), EntryClass::Application.into()],
768 ..Default::default()
769};
770
771pub static ref SCHEMA_CLASS_ORGPERSON: SchemaClass = SchemaClass {
772 uuid: UUID_SCHEMA_CLASS_ORGPERSON,
773 name: EntryClass::OrgPerson.into(),
774 description: "Object representation of an org person".to_string(),
775
776 systemmay: vec![
777 Attribute::LegalName
778 ],
779 systemmust: vec![
780 Attribute::Mail,
781 Attribute::DisplayName,
782 Attribute::Name
783 ],
784 ..Default::default()
785};
786
787pub static ref SCHEMA_CLASS_GROUP_DL6: SchemaClass = SchemaClass {
788 uuid: UUID_SCHEMA_CLASS_GROUP,
789 name: EntryClass::Group.into(),
790 description: "Object representation of a group".to_string(),
791
792 sync_allowed: true,
793 systemmay: vec![
794 Attribute::Member,
795 Attribute::GrantUiHint,
796 Attribute::Description,
797 Attribute::Mail,
798 ],
799 systemmust: vec![
800 Attribute::Name,
801 Attribute::Spn],
802 ..Default::default()
803};
804
805pub static ref SCHEMA_CLASS_DYNGROUP: SchemaClass = SchemaClass {
806 uuid: UUID_SCHEMA_CLASS_DYNGROUP,
807 name: EntryClass::DynGroup.into(),
808 description: "Object representation of a dynamic group".to_string(),
809
810 systemmust: vec![Attribute::DynGroupFilter],
811 systemmay: vec![Attribute::DynMember],
812 systemsupplements: vec![Attribute::Group.into()],
813 ..Default::default()
814};
815
816pub static ref SCHEMA_CLASS_ACCOUNT_POLICY_DL8: SchemaClass = SchemaClass {
817 uuid: UUID_SCHEMA_CLASS_ACCOUNT_POLICY,
818 name: EntryClass::AccountPolicy.into(),
819 description: "Policies applied to accounts that are members of a group".to_string(),
820
821 systemmay: vec![
822 Attribute::AuthSessionExpiry,
823 Attribute::PrivilegeExpiry,
824 Attribute::AuthPasswordMinimumLength,
825 Attribute::CredentialTypeMinimum,
826 Attribute::WebauthnAttestationCaList,
827 Attribute::LimitSearchMaxResults,
828 Attribute::LimitSearchMaxFilterTest,
829 Attribute::AllowPrimaryCredFallback,
830 ],
831 systemsupplements: vec![Attribute::Group.into()],
832 ..Default::default()
833};
834
835pub static ref SCHEMA_CLASS_ACCOUNT_DL5: SchemaClass = SchemaClass {
836 uuid: UUID_SCHEMA_CLASS_ACCOUNT,
837 name: EntryClass::Account.into(),
838 description: "Object representation of an account".to_string(),
839
840 sync_allowed: true,
841 systemmay: vec![
842 Attribute::AccountExpire,
843 Attribute::AccountValidFrom,
844 Attribute::NameHistory,
845 ],
846 systemmust: vec![
847 Attribute::DisplayName,
848 Attribute::Name,
849 Attribute::Spn
850 ],
851 systemsupplements: vec![
852 EntryClass::Person.into(),
853 EntryClass::ServiceAccount.into(),
854 EntryClass::OAuth2ResourceServer.into(),
855 ],
856 ..Default::default()
857};
858
859pub static ref SCHEMA_CLASS_SERVICE_ACCOUNT_DL7: SchemaClass = SchemaClass {
860 uuid: UUID_SCHEMA_CLASS_SERVICE_ACCOUNT,
861 name: EntryClass::ServiceAccount.into(),
862 description: "Object representation of service account".to_string(),
863
864 sync_allowed: true,
865 systemmay: vec![
866 Attribute::SshPublicKey,
867 Attribute::UserAuthTokenSession,
868 Attribute::OAuth2Session,
869 Attribute::OAuth2ConsentScopeMap,
870 Attribute::Description,
871
872 Attribute::Mail,
873 Attribute::PrimaryCredential,
874 Attribute::ApiTokenSession,
875 ],
876 systemexcludes: vec![EntryClass::Person.into()],
877 ..Default::default()
878};
879
880pub static ref SCHEMA_CLASS_SYNC_ACCOUNT_DL7: SchemaClass = SchemaClass {
881 uuid: UUID_SCHEMA_CLASS_SYNC_ACCOUNT,
882 name: EntryClass::SyncAccount.into(),
883 description: "Object representation of sync account".to_string(),
884
885 systemmust: vec![Attribute::Name],
886 systemmay: vec![
887 Attribute::SyncTokenSession,
888 Attribute::SyncCookie,
889 Attribute::SyncCredentialPortal,
890 Attribute::SyncYieldAuthority,
891 ],
892 systemexcludes: vec![EntryClass::Account.into()],
893 ..Default::default()
894};
895
896pub static ref SCHEMA_CLASS_DOMAIN_INFO_DL10: SchemaClass = SchemaClass {
897 uuid: UUID_SCHEMA_CLASS_DOMAIN_INFO,
898 name: EntryClass::DomainInfo.into(),
899 description: "Local domain information and configuration".to_string(),
900
901 systemmay: vec![
902 Attribute::DomainSsid,
903 Attribute::DomainLdapBasedn,
904 Attribute::LdapMaxQueryableAttrs,
905 Attribute::LdapAllowUnixPwBind,
906 Attribute::Image,
907 Attribute::PatchLevel,
908 Attribute::DomainDevelopmentTaint,
909 Attribute::DomainAllowEasterEggs,
910 Attribute::DomainDisplayName,
911 ],
912 systemmust: vec![
913 Attribute::Name,
914 Attribute::DomainUuid,
915 Attribute::DomainName,
916 Attribute::Version,
917 ],
918 ..Default::default()
919};
920
921pub static ref SCHEMA_CLASS_POSIXGROUP: SchemaClass = SchemaClass {
922 uuid: UUID_SCHEMA_CLASS_POSIXGROUP,
923 name: EntryClass::PosixGroup.into(),
924 description: "Object representation of a posix group, requires group".to_string(),
925
926 sync_allowed: true,
927 systemmust: vec![Attribute::GidNumber],
928 systemsupplements: vec![Attribute::Group.into()],
929 ..Default::default()
930};
931
932pub static ref SCHEMA_CLASS_POSIXACCOUNT: SchemaClass = SchemaClass {
933 uuid: UUID_SCHEMA_CLASS_POSIXACCOUNT,
934 name: EntryClass::PosixAccount.into(),
935 description: "Object representation of a posix account, requires account".to_string(),
936
937 sync_allowed: true,
938 systemmay: vec![Attribute::LoginShell, Attribute::UnixPassword],
939 systemmust: vec![Attribute::GidNumber],
940 systemsupplements: vec![Attribute::Account.into()],
941 ..Default::default()
942};
943
944pub static ref SCHEMA_CLASS_SYSTEM_CONFIG: SchemaClass = SchemaClass {
945 uuid: UUID_SCHEMA_CLASS_SYSTEM_CONFIG,
946 name: EntryClass::SystemConfig.into(),
947 description: "The class representing a system (topologies) configuration options".to_string(),
948
949 systemmay: vec![
950 Attribute::Description,
951 Attribute::BadlistPassword,
952 Attribute::AuthSessionExpiry,
953 Attribute::PrivilegeExpiry,
954 Attribute::DeniedName
955 ],
956 ..Default::default()
957};
958
959pub static ref SCHEMA_CLASS_OAUTH2_RS_DL9: SchemaClass = SchemaClass {
960 uuid: UUID_SCHEMA_CLASS_OAUTH2_RS,
961 name: EntryClass::OAuth2ResourceServer.into(),
962 description: "The class epresenting a configured OAuth2 Client".to_string(),
963
964 systemmay: vec![
965 Attribute::Description,
966 Attribute::OAuth2RsScopeMap,
967 Attribute::OAuth2RsSupScopeMap,
968 Attribute::OAuth2JwtLegacyCryptoEnable,
969 Attribute::OAuth2PreferShortUsername,
970 Attribute::Image,
971 Attribute::OAuth2RsClaimMap,
972 Attribute::OAuth2Session,
973 Attribute::OAuth2RsOrigin,
974 Attribute::OAuth2StrictRedirectUri,
975 Attribute::OAuth2DeviceFlowEnable,
976 Attribute::Rs256PrivateKeyDer,
978 Attribute::OAuth2RsTokenKey,
979 Attribute::Es256PrivateKeyDer,
980 ],
981 systemmust: vec![
982 Attribute::OAuth2RsOriginLanding,
983 ],
984 ..Default::default()
985};
986
987pub static ref SCHEMA_CLASS_OAUTH2_RS_BASIC_DL5: SchemaClass = SchemaClass {
988 uuid: UUID_SCHEMA_CLASS_OAUTH2_RS_BASIC,
989 name: EntryClass::OAuth2ResourceServerBasic.into(),
990 description: "The class representing a configured OAuth2 client authenticated with HTTP basic authentication".to_string(),
991
992 systemmay: vec![
993 Attribute::OAuth2AllowInsecureClientDisablePkce,
994 ],
995 systemmust: vec![ Attribute::OAuth2RsBasicSecret],
996 systemexcludes: vec![ EntryClass::OAuth2ResourceServerPublic.into()],
997 ..Default::default()
998};
999
1000pub static ref SCHEMA_CLASS_OAUTH2_RS_PUBLIC_DL4: SchemaClass = SchemaClass {
1002 uuid: UUID_SCHEMA_CLASS_OAUTH2_RS_PUBLIC,
1003 name: EntryClass::OAuth2ResourceServerPublic.into(),
1004 description: "The class representing a configured Public OAuth2 Client with PKCE verification".to_string(),
1005
1006 systemmay: vec![Attribute::OAuth2AllowLocalhostRedirect],
1007 systemexcludes: vec![EntryClass::OAuth2ResourceServerBasic.into()],
1008 ..Default::default()
1009};
1010
1011pub static ref SCHEMA_CLASS_KEY_PROVIDER_DL6: SchemaClass = SchemaClass {
1015 uuid: UUID_SCHEMA_CLASS_KEY_PROVIDER,
1016 name: EntryClass::KeyProvider.into(),
1017 description: "A provider for cryptographic key storage and operations".to_string(),
1018 systemmay: vec![
1019 Attribute::Description,
1020 ],
1021 systemmust: vec![
1022 Attribute::Name,
1023 ],
1024 systemsupplements: vec![
1025 EntryClass::KeyProviderInternal.into(),
1026 ],
1027 ..Default::default()
1028};
1029
1030pub static ref SCHEMA_CLASS_KEY_PROVIDER_INTERNAL_DL6: SchemaClass = SchemaClass {
1031 uuid: UUID_SCHEMA_CLASS_KEY_PROVIDER_INTERNAL,
1032 name: EntryClass::KeyProviderInternal.into(),
1033 description: "The Kanidm internal cryptographic key provider".to_string(),
1034 ..Default::default()
1035};
1036
1037pub static ref SCHEMA_CLASS_KEY_OBJECT_DL6: SchemaClass = SchemaClass {
1041 uuid: UUID_SCHEMA_CLASS_KEY_OBJECT,
1042 name: EntryClass::KeyObject.into(),
1043 description: "A cryptographic key object that can be used by a provider".to_string(),
1044 systemmust: vec![
1045 Attribute::KeyProvider,
1046 ],
1047 ..Default::default()
1048};
1049
1050pub static ref SCHEMA_CLASS_KEY_OBJECT_JWT_ES256_DL6: SchemaClass = SchemaClass {
1051 uuid: UUID_SCHEMA_CLASS_KEY_OBJECT_JWT_ES256,
1052 name: EntryClass::KeyObjectJwtEs256.into(),
1053 description: "A marker class indicating that this keyobject must provide jwt es256 capability.".to_string(),
1054 systemsupplements: vec![
1055 EntryClass::KeyObject.into(),
1056 ],
1057 ..Default::default()
1058};
1059
1060pub static ref SCHEMA_CLASS_KEY_OBJECT_JWT_RS256: SchemaClass = SchemaClass {
1061 uuid: UUID_SCHEMA_CLASS_KEY_OBJECT_JWT_RS256,
1062 name: EntryClass::KeyObjectJwtRs256.into(),
1063 description: "A marker class indicating that this keyobject must provide jwt rs256 capability.".to_string(),
1064 systemsupplements: vec![
1065 EntryClass::KeyObject.into(),
1066 ],
1067 ..Default::default()
1068};
1069
1070pub static ref SCHEMA_CLASS_KEY_OBJECT_JWE_A128GCM_DL6: SchemaClass = SchemaClass {
1071 uuid: UUID_SCHEMA_CLASS_KEY_OBJECT_JWE_A128GCM,
1072 name: EntryClass::KeyObjectJweA128GCM.into(),
1073 description: "A marker class indicating that this keyobject must provide jwe aes-256-gcm capability.".to_string(),
1074 systemsupplements: vec![
1075 EntryClass::KeyObject.into(),
1076 ],
1077 ..Default::default()
1078};
1079
1080pub static ref SCHEMA_CLASS_KEY_OBJECT_INTERNAL_DL6: SchemaClass = SchemaClass {
1081 uuid: UUID_SCHEMA_CLASS_KEY_OBJECT_INTERNAL,
1082 name: EntryClass::KeyObjectInternal.into(),
1083 description: "A cryptographic key object that can be used by the internal provider".to_string(),
1084 systemmay: vec![
1085 Attribute::KeyInternalData,
1086 ],
1087 systemsupplements: vec![
1088 EntryClass::KeyObject.into(),
1089 ],
1090 ..Default::default()
1091};
1092
1093pub static ref SCHEMA_CLASS_CLIENT_CERTIFICATE_DL7: SchemaClass = SchemaClass {
1096 uuid: UUID_SCHEMA_CLASS_CLIENT_CERTIFICATE,
1097 name: EntryClass::ClientCertificate.into(),
1098 description: "A client authentication certificate".to_string(),
1099 systemmay: vec![],
1100 systemmust: vec![
1101 Attribute::Certificate,
1102 Attribute::Refers,
1103 ],
1104 ..Default::default()
1105};
1106
1107pub static ref SCHEMA_CLASS_APPLICATION_DL8: SchemaClass = SchemaClass {
1108 uuid: UUID_SCHEMA_CLASS_APPLICATION,
1109 name: EntryClass::Application.into(),
1110
1111 description: "The class representing an application".to_string(),
1112 systemmust: vec![Attribute::Name, Attribute::LinkedGroup],
1113 systemmay: vec![Attribute::Description],
1114 systemsupplements: vec![EntryClass::ServiceAccount.into()],
1115 ..Default::default()
1116};
1117
1118);