1use crate::constants::entries::{Attribute, EntryClass};
3use crate::constants::uuids::*;
4use crate::schema::{SchemaAttribute, SchemaClass};
5use crate::value::SyntaxType;
6
7lazy_static!(
8
9pub static ref SCHEMA_ATTR_DISPLAYNAME_DL7: SchemaAttribute = SchemaAttribute {
10 uuid: UUID_SCHEMA_ATTR_DISPLAYNAME,
11 name: Attribute::DisplayName,
12 description: "The publicly visible display name of this person".to_string(),
13 indexed: true,
14 sync_allowed: true,
15 syntax: SyntaxType::Utf8String,
16 ..Default::default()
17};
18
19pub static ref SCHEMA_ATTR_MAIL_DL7: SchemaAttribute = SchemaAttribute {
20 uuid: UUID_SCHEMA_ATTR_MAIL,
21 name: Attribute::Mail,
22 description: "Mail addresses of the object".to_string(),
23 indexed: true,
24 unique: true,
25 multivalue: true,
26 sync_allowed: true,
27 syntax: SyntaxType::EmailAddress,
28 ..Default::default()
29};
30
31pub static ref SCHEMA_ATTR_EC_KEY_PRIVATE: SchemaAttribute = SchemaAttribute {
32 uuid: UUID_SCHEMA_ATTR_EC_KEY_PRIVATE,
33 name: Attribute::IdVerificationEcKey,
34 description: "Account verification private key".to_string(),
35 indexed: true,
36 unique: false,
37 sync_allowed: false,
38 syntax: SyntaxType::EcKeyPrivate,
39 ..Default::default()
40};
41
42pub static ref SCHEMA_ATTR_SSH_PUBLICKEY: SchemaAttribute = SchemaAttribute {
43 uuid: UUID_SCHEMA_ATTR_SSH_PUBLICKEY,
44 name: Attribute::SshPublicKey,
45 description: "SSH public keys of the object".to_string(),
46
47 multivalue: true,
48 sync_allowed: true,
49 syntax: SyntaxType::SshKey,
50 ..Default::default()
51};
52
53pub static ref SCHEMA_ATTR_PRIMARY_CREDENTIAL: SchemaAttribute = SchemaAttribute {
54 uuid: UUID_SCHEMA_ATTR_PRIMARY_CREDENTIAL,
55 name: Attribute::PrimaryCredential,
56 description: "Primary credential material of the account for authentication interactively".to_string(),
57 indexed: true,
58 sync_allowed: true,
59 syntax: SyntaxType::Credential,
60 ..Default::default()
61};
62
63pub static ref SCHEMA_ATTR_LEGALNAME_DL7: SchemaAttribute = SchemaAttribute {
64 uuid: UUID_SCHEMA_ATTR_LEGALNAME,
65 name: Attribute::LegalName,
66 description: "The private and sensitive legal name of this person".to_string(),
67 indexed: true,
68 sync_allowed: true,
69 syntax: SyntaxType::Utf8String,
70 ..Default::default()
71};
72
73pub static ref SCHEMA_ATTR_NAME_HISTORY: SchemaAttribute = SchemaAttribute {
74 uuid: UUID_SCHEMA_ATTR_NAME_HISTORY,
75 name: Attribute::NameHistory,
76 description: "The history of names that a person has had".to_string(),
77 indexed: true,
78 multivalue: true,
79 sync_allowed: true,
80 syntax: SyntaxType::AuditLogString,
81 ..Default::default()
82};
83
84pub static ref SCHEMA_ATTR_RADIUS_SECRET: SchemaAttribute = SchemaAttribute {
85 uuid: UUID_SCHEMA_ATTR_RADIUS_SECRET,
86 name: Attribute::RadiusSecret,
87 description: "The accounts generated radius secret for device network authentication".to_string(),
88 sync_allowed: true,
89 syntax: SyntaxType::SecretUtf8String,
90 ..Default::default()
91};
92
93pub static ref SCHEMA_ATTR_DOMAIN_NAME: SchemaAttribute = SchemaAttribute {
94 uuid: UUID_SCHEMA_ATTR_DOMAIN_NAME,
95 name: Attribute::DomainName,
96 description: "The domain's DNS name for webauthn and SPN generation purposes".to_string(),
97 indexed: true,
98 unique: true,
99 syntax: SyntaxType::Utf8StringIname,
100 ..Default::default()
101};
102
103pub static ref SCHEMA_ATTR_LDAP_ALLOW_UNIX_PW_BIND: SchemaAttribute = SchemaAttribute {
104 uuid: UUID_SCHEMA_ATTR_LDAP_ALLOW_UNIX_PW_BIND,
105 name: Attribute::LdapAllowUnixPwBind,
106 description: "Configuration to enable binds to LDAP objects using their UNIX password".to_string(),
107 unique: false,
108 syntax: SyntaxType::Boolean,
109 ..Default::default()
110};
111
112pub static ref SCHEMA_ATTR_DOMAIN_LDAP_BASEDN: SchemaAttribute = SchemaAttribute {
113 uuid: UUID_SCHEMA_ATTR_DOMAIN_LDAP_BASEDN,
114 name: Attribute::DomainLdapBasedn,
115 description: "The domain's optional ldap basedn. If unset defaults to domain components of domain name".to_string(),
116 unique: true,
117 syntax: SyntaxType::Utf8StringInsensitive,
118 ..Default::default()
119};
120
121pub static ref SCHEMA_ATTR_LDAP_MAXIMUM_QUERYABLE_ATTRIBUTES: SchemaAttribute = SchemaAttribute {
122 uuid: UUID_SCHEMA_ATTR_LDAP_MAXIMUM_QUERYABLE_ATTRIBUTES,
123 name: Attribute::LdapMaxQueryableAttrs,
124 description: "The maximum number of LDAP attributes that can be queried in one operation".to_string(),
125 multivalue: false,
126 sync_allowed: true,
127 syntax: SyntaxType::Uint32,
128 ..Default::default()
129};
130
131pub static ref SCHEMA_ATTR_IMAGE: SchemaAttribute = SchemaAttribute {
132 uuid: UUID_SCHEMA_ATTR_IMAGE,
133 name: Attribute::Image,
134 description: "An image for display to end users.".to_string(),
135 syntax: SyntaxType::Image,
136 ..Default::default()
137};
138
139pub static ref SCHEMA_ATTR_DOMAIN_DISPLAY_NAME: SchemaAttribute = SchemaAttribute {
140 uuid: UUID_SCHEMA_ATTR_DOMAIN_DISPLAY_NAME,
141 name: Attribute::DomainDisplayName,
142 description: "The user-facing display name of the Kanidm domain".to_string(),
143 indexed: true,
144 syntax: SyntaxType::Utf8String,
145 ..Default::default()
146};
147
148pub static ref SCHEMA_ATTR_DOMAIN_UUID: SchemaAttribute = SchemaAttribute {
149 uuid: UUID_SCHEMA_ATTR_DOMAIN_UUID,
150 name: Attribute::DomainUuid,
151 description: "The domain's uuid, used in CSN and trust relationships".to_string(),
152 indexed: true,
153 unique: true,
154 syntax: SyntaxType::Uuid,
155 ..Default::default()
156};
157
158pub static ref SCHEMA_ATTR_DOMAIN_SSID: SchemaAttribute = SchemaAttribute {
159 uuid: UUID_SCHEMA_ATTR_DOMAIN_SSID,
160 name: Attribute::DomainSsid,
161 description: "The domains site-wide SSID for device autoconfiguration of wireless".to_string(),
162 indexed: true,
163 unique: true,
164 syntax: SyntaxType::Utf8String,
165 ..Default::default()
166};
167
168pub static ref SCHEMA_ATTR_DENIED_NAME_DL10: SchemaAttribute = SchemaAttribute {
169 uuid: UUID_SCHEMA_ATTR_DENIED_NAME,
170 name: Attribute::DeniedName,
171 description: "Iname values that are not allowed to be used in 'name'.".to_string(),
172 syntax: SyntaxType::Utf8StringIname,
173 multivalue: true,
174 ..Default::default()
175};
176
177pub static ref SCHEMA_ATTR_DOMAIN_TOKEN_KEY: SchemaAttribute = SchemaAttribute {
178 uuid: UUID_SCHEMA_ATTR_DOMAIN_TOKEN_KEY,
179 name: Attribute::DomainTokenKey,
180 description: "The domain token encryption private key (NOT USED)".to_string(),
181 syntax: SyntaxType::SecretUtf8String,
182 ..Default::default()
183};
184
185pub static ref SCHEMA_ATTR_FERNET_PRIVATE_KEY_STR: SchemaAttribute = SchemaAttribute {
186 uuid: UUID_SCHEMA_ATTR_FERNET_PRIVATE_KEY_STR,
187 name: Attribute::FernetPrivateKeyStr,
188 description: "The token encryption private key".to_string(),
189
190 syntax: SyntaxType::SecretUtf8String,
191 ..Default::default()
192};
193
194pub static ref SCHEMA_ATTR_GIDNUMBER: SchemaAttribute = SchemaAttribute {
195 uuid: UUID_SCHEMA_ATTR_GIDNUMBER,
196 name: Attribute::GidNumber,
197 description: "The groupid (uid) number of a group or account.to_string(). This is the same value as the UID number on posix accounts for security reasons".to_string(),
198 indexed: true,
199 unique: true,
200 sync_allowed: true,
201 syntax: SyntaxType::Uint32,
202 ..Default::default()
203};
204
205pub static ref SCHEMA_ATTR_BADLIST_PASSWORD: SchemaAttribute = SchemaAttribute {
206 uuid: UUID_SCHEMA_ATTR_BADLIST_PASSWORD,
207 name: Attribute::BadlistPassword,
208 description: "A password that is badlisted meaning that it can not be set as a valid password by any user account".to_string(),
209 multivalue: true,
210 syntax: SyntaxType::Utf8StringInsensitive,
211 ..Default::default()
212};
213
214pub static ref SCHEMA_ATTR_AUTH_SESSION_EXPIRY: SchemaAttribute = SchemaAttribute {
215 uuid: UUID_SCHEMA_ATTR_AUTH_SESSION_EXPIRY,
216 name: Attribute::AuthSessionExpiry,
217 description: "An expiration time for an authentication session".to_string(),
218 syntax: SyntaxType::Uint32,
219 ..Default::default()
220};
221
222pub static ref SCHEMA_ATTR_AUTH_PRIVILEGE_EXPIRY: SchemaAttribute = SchemaAttribute {
223 uuid: UUID_SCHEMA_ATTR_AUTH_PRIVILEGE_EXPIRY,
224 name: Attribute::PrivilegeExpiry,
225 description: "An expiration time for a privileged authentication session".to_string(),
226 syntax: SyntaxType::Uint32,
227 ..Default::default()
228};
229
230pub static ref SCHEMA_ATTR_AUTH_PASSWORD_MINIMUM_LENGTH: SchemaAttribute = SchemaAttribute {
231 uuid: UUID_SCHEMA_ATTR_AUTH_PASSWORD_MINIMUM_LENGTH,
232 name: Attribute::AuthPasswordMinimumLength,
233 description: "Minimum length of passwords".to_string(),
234 syntax: SyntaxType::Uint32,
235 ..Default::default()
236};
237
238pub static ref SCHEMA_ATTR_LOGINSHELL: SchemaAttribute = SchemaAttribute {
239 uuid: UUID_SCHEMA_ATTR_LOGINSHELL,
240 name: Attribute::LoginShell,
241 description: "A POSIX user's UNIX login shell".to_string(),
242 sync_allowed: true,
243 syntax: SyntaxType::Utf8StringInsensitive,
244 ..Default::default()
245};
246
247pub static ref SCHEMA_ATTR_UNIX_PASSWORD: SchemaAttribute = SchemaAttribute {
248 uuid: UUID_SCHEMA_ATTR_UNIX_PASSWORD,
249 name: Attribute::UnixPassword,
250 description: "A POSIX user's UNIX login password".to_string(),
251 indexed: true,
252 syntax: SyntaxType::Credential,
253 ..Default::default()
254};
255
256pub static ref SCHEMA_ATTR_NSUNIQUEID: SchemaAttribute = SchemaAttribute {
257 uuid: UUID_SCHEMA_ATTR_NSUNIQUEID,
258 name: Attribute::NsUniqueId,
259 description: "A unique id compatibility for 389-ds/dsee".to_string(),
260 indexed: true,
261 unique: true,
262 sync_allowed: true,
263 syntax: SyntaxType::NsUniqueId,
264 ..Default::default()
265};
266
267pub static ref SCHEMA_ATTR_ACCOUNT_EXPIRE: SchemaAttribute = SchemaAttribute {
268 uuid: UUID_SCHEMA_ATTR_ACCOUNT_EXPIRE,
269 name: Attribute::AccountExpire,
270 description: "The datetime after which this account no longer may authenticate".to_string(),
271 sync_allowed: true,
272 syntax: SyntaxType::DateTime,
273 ..Default::default()
274};
275
276pub static ref SCHEMA_ATTR_ACCOUNT_VALID_FROM: SchemaAttribute = SchemaAttribute {
277 uuid: UUID_SCHEMA_ATTR_ACCOUNT_VALID_FROM,
278 name: Attribute::AccountValidFrom,
279 description: "The datetime after which this account may commence authenticating".to_string(),
280 sync_allowed: true,
281 syntax: SyntaxType::DateTime,
282 ..Default::default()
283};
284
285pub static ref SCHEMA_ATTR_WEBAUTHN_ATTESTATION_CA_LIST: SchemaAttribute = SchemaAttribute {
286 uuid: UUID_SCHEMA_ATTR_WEBAUTHN_ATTESTATION_CA_LIST,
287 name: Attribute::WebauthnAttestationCaList,
288 description: "A set of CA's that limit devices that can be used with webauthn".to_string(),
289 syntax: SyntaxType::WebauthnAttestationCaList,
290 multivalue: true,
291 ..Default::default()
292};
293
294pub static ref SCHEMA_ATTR_OAUTH2_RS_NAME: SchemaAttribute = SchemaAttribute {
295 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_NAME,
296 name: Attribute::OAuth2RsName,
297 description: "The unique name of an external Oauth2 resource".to_string(),
298 indexed: true,
299 unique: true,
300 syntax: SyntaxType::Utf8StringIname,
301 ..Default::default()
302};
303
304pub static ref SCHEMA_ATTR_OAUTH2_RS_ORIGIN_DL7: SchemaAttribute = SchemaAttribute {
305 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_ORIGIN,
306 name: Attribute::OAuth2RsOrigin,
307 description: "The origin domain of an OAuth2 client".to_string(),
308 syntax: SyntaxType::Url,
309 multivalue: true,
310 ..Default::default()
311};
312
313pub static ref SCHEMA_ATTR_OAUTH2_RS_ORIGIN_LANDING: SchemaAttribute = SchemaAttribute {
314 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_ORIGIN_LANDING,
315 name: Attribute::OAuth2RsOriginLanding,
316 description: "The landing page of an RS, that will automatically trigger the auth process".to_string(),
317 syntax: SyntaxType::Url,
318 ..Default::default()
319};
320
321pub static ref SCHEMA_ATTR_OAUTH2_ALLOW_LOCALHOST_REDIRECT_DL4: SchemaAttribute = SchemaAttribute {
323 uuid: UUID_SCHEMA_ATTR_OAUTH2_ALLOW_LOCALHOST_REDIRECT,
324 name: Attribute::OAuth2AllowLocalhostRedirect,
325 description: "Allow public clients associated to this RS to redirect to localhost".to_string(),
326 syntax: SyntaxType::Boolean,
327 ..Default::default()
328};
329
330pub static ref SCHEMA_ATTR_OAUTH2_RS_CLAIM_MAP_DL4: SchemaAttribute = SchemaAttribute {
331 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_CLAIM_MAP,
332 name: Attribute::OAuth2RsClaimMap,
333 description: "A set of custom claims mapped to group memberships of accounts".to_string(),
334 indexed: true,
335 multivalue: true,
336 syntax: SyntaxType::OauthClaimMap,
338 ..Default::default()
339};
340
341pub static ref SCHEMA_ATTR_OAUTH2_RS_SCOPE_MAP: SchemaAttribute = SchemaAttribute {
342 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_SCOPE_MAP,
343 name: Attribute::OAuth2RsScopeMap,
344 description: "A reference to a group mapped to scopes for the associated oauth2 resource server".to_string(),
345 indexed: true,
346 multivalue: true,
347 syntax: SyntaxType::OauthScopeMap,
348 ..Default::default()
349};
350
351pub static ref SCHEMA_ATTR_OAUTH2_RS_SUP_SCOPE_MAP: SchemaAttribute = SchemaAttribute {
352 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_SUP_SCOPE_MAP,
353 name: Attribute::OAuth2RsSupScopeMap,
354 description: "A reference to a group mapped to scopes for the associated oauth2 resource server".to_string(),
355 indexed: true,
356 multivalue: true,
357 syntax: SyntaxType::OauthScopeMap,
358 ..Default::default()
359};
360
361pub static ref SCHEMA_ATTR_OAUTH2_RS_BASIC_SECRET: SchemaAttribute = SchemaAttribute {
362 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_BASIC_SECRET,
363 name: Attribute::OAuth2RsBasicSecret,
364 description: "When using oauth2 basic authentication, the secret string of the resource server".to_string(),
365 syntax: SyntaxType::SecretUtf8String,
366 ..Default::default()
367};
368
369pub static ref SCHEMA_ATTR_OAUTH2_RS_TOKEN_KEY: SchemaAttribute = SchemaAttribute {
370 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_TOKEN_KEY,
371 name: Attribute::OAuth2RsTokenKey,
372 description: "An oauth2 resource servers unique token signing key".to_string(),
373 syntax: SyntaxType::SecretUtf8String,
374 ..Default::default()
375};
376
377pub static ref SCHEMA_ATTR_OAUTH2_RS_IMPLICIT_SCOPES: SchemaAttribute = SchemaAttribute {
378 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_IMPLICIT_SCOPES,
379 name: Attribute::OAuth2RsImplicitScopes,
380 description: "An oauth2 resource servers scopes that are implicitly granted to all users".to_string(),
381 multivalue: true,
382 syntax: SyntaxType::OauthScope,
383 ..Default::default()
384};
385
386pub static ref SCHEMA_ATTR_OAUTH2_CONSENT_SCOPE_MAP: SchemaAttribute = SchemaAttribute {
387 uuid: UUID_SCHEMA_ATTR_OAUTH2_CONSENT_SCOPE_MAP,
388 name: Attribute::OAuth2ConsentScopeMap,
389 description: "A set of scopes mapped from a relying server to a user, where the user has previously consented to the following. If changed or deleted, consent will be re-sought".to_string(),
390 indexed: true,
391 multivalue: true,
392 syntax: SyntaxType::OauthScopeMap,
393 ..Default::default()
394};
395
396pub static ref SCHEMA_ATTR_OAUTH2_STRICT_REDIRECT_URI_DL7: SchemaAttribute = SchemaAttribute {
397 uuid: UUID_SCHEMA_ATTR_OAUTH2_STRICT_REDIRECT_URI,
398 name: Attribute::OAuth2StrictRedirectUri,
399 description: "Represents if strict redirect uri enforcement is enabled.".to_string(),
400 syntax: SyntaxType::Boolean,
401 ..Default::default()
402};
403
404
405pub static ref SCHEMA_ATTR_OAUTH2_DEVICE_FLOW_ENABLE_DL9: SchemaAttribute = SchemaAttribute {
406 uuid: UUID_SCHEMA_ATTR_OAUTH2_DEVICE_FLOW_ENABLE,
407 name: Attribute::OAuth2DeviceFlowEnable,
408 description: "Represents if OAuth2 Device Flow is permittedĀ on this client.".to_string(),
409 syntax: SyntaxType::Boolean,
410 ..Default::default()
411};
412
413pub static ref SCHEMA_ATTR_ES256_PRIVATE_KEY_DER: SchemaAttribute = SchemaAttribute {
414 uuid: UUID_SCHEMA_ATTR_ES256_PRIVATE_KEY_DER,
415 name: Attribute::Es256PrivateKeyDer,
416 description: "An es256 private key".to_string(),
417 syntax: SyntaxType::PrivateBinary,
418 ..Default::default()
419};
420
421pub static ref SCHEMA_ATTR_RS256_PRIVATE_KEY_DER: SchemaAttribute = SchemaAttribute {
422 uuid: UUID_SCHEMA_ATTR_RS256_PRIVATE_KEY_DER,
423 name: Attribute::Rs256PrivateKeyDer,
424 description: "An rs256 private key".to_string(),
425 syntax: SyntaxType::PrivateBinary,
426 ..Default::default()
427};
428
429pub static ref SCHEMA_ATTR_JWS_ES256_PRIVATE_KEY: SchemaAttribute = SchemaAttribute {
430 uuid: UUID_SCHEMA_ATTR_JWS_ES256_PRIVATE_KEY,
431 name: Attribute::JwsEs256PrivateKey,
432 description: "An es256 private key for jws".to_string(),
433 indexed: true,
434 unique: true,
435 syntax: SyntaxType::JwsKeyEs256,
436 ..Default::default()
437};
438
439pub static ref SCHEMA_ATTR_PRIVATE_COOKIE_KEY: SchemaAttribute = SchemaAttribute {
441 uuid: UUID_SCHEMA_ATTR_PRIVATE_COOKIE_KEY,
442 name: Attribute::PrivateCookieKey,
443 description: "An private cookie hmac key".to_string(),
444 syntax: SyntaxType::PrivateBinary,
445 ..Default::default()
446};
447
448pub static ref SCHEMA_ATTR_OAUTH2_ALLOW_INSECURE_CLIENT_DISABLE_PKCE: SchemaAttribute = SchemaAttribute {
449 uuid: UUID_SCHEMA_ATTR_OAUTH2_ALLOW_INSECURE_CLIENT_DISABLE_PKCE,
450 name: Attribute::OAuth2AllowInsecureClientDisablePkce,
451 description: "Allows disabling of PKCE for insecure OAuth2 clients".to_string(),
452 syntax: SyntaxType::Boolean,
453 ..Default::default()
454};
455
456pub static ref SCHEMA_ATTR_OAUTH2_JWT_LEGACY_CRYPTO_ENABLE: SchemaAttribute = SchemaAttribute {
457 uuid: UUID_SCHEMA_ATTR_OAUTH2_JWT_LEGACY_CRYPTO_ENABLE,
458 name: Attribute::OAuth2JwtLegacyCryptoEnable,
459 description: "Allows enabling legacy JWT cryptograhpy for clients".to_string(),
460 syntax: SyntaxType::Boolean,
461 ..Default::default()
462};
463
464pub static ref SCHEMA_ATTR_CREDENTIAL_UPDATE_INTENT_TOKEN: SchemaAttribute = SchemaAttribute {
465 uuid: UUID_SCHEMA_ATTR_CREDENTIAL_UPDATE_INTENT_TOKEN,
466 name: Attribute::CredentialUpdateIntentToken,
467 description: "The status of a credential update intent token".to_string(),
468 indexed: true,
469 multivalue: true,
470 syntax: SyntaxType::IntentToken,
471 ..Default::default()
472};
473
474pub static ref SCHEMA_ATTR_PASSKEYS: SchemaAttribute = SchemaAttribute {
475 uuid: UUID_SCHEMA_ATTR_PASSKEYS,
476 name: Attribute::PassKeys,
477 description: "A set of registered passkeys".to_string(),
478 indexed: true,
479 multivalue: true,
480 sync_allowed: true,
481 syntax: SyntaxType::Passkey,
482 ..Default::default()
483};
484
485pub static ref SCHEMA_ATTR_ATTESTED_PASSKEYS: SchemaAttribute = SchemaAttribute {
486 uuid: UUID_SCHEMA_ATTR_ATTESTED_PASSKEYS,
487 name: Attribute::AttestedPasskeys,
488 description: "A set of registered device keys".to_string(),
489 indexed: true,
490 multivalue: true,
491 sync_allowed: true,
492 syntax: SyntaxType::AttestedPasskey,
493 ..Default::default()
494};
495
496pub static ref SCHEMA_ATTR_DYNGROUP_FILTER: SchemaAttribute = SchemaAttribute {
497 uuid: UUID_SCHEMA_ATTR_DYNGROUP_FILTER,
498 name: Attribute::DynGroupFilter,
499 description: "A filter describing the set of entries to add to a dynamic group".to_string(),
500 syntax: SyntaxType::JsonFilter,
501 ..Default::default()
502};
503
504pub static ref SCHEMA_ATTR_OAUTH2_PREFER_SHORT_USERNAME: SchemaAttribute = SchemaAttribute {
505 uuid: UUID_SCHEMA_ATTR_OAUTH2_PREFER_SHORT_USERNAME,
506 name: Attribute::OAuth2PreferShortUsername,
507 description: "Use 'name' instead of 'spn' in the preferred_username claim".to_string(),
508 syntax: SyntaxType::Boolean,
509 ..Default::default()
510};
511
512pub static ref SCHEMA_ATTR_API_TOKEN_SESSION: SchemaAttribute = SchemaAttribute {
513 uuid: UUID_SCHEMA_ATTR_API_TOKEN_SESSION,
514 name: Attribute::ApiTokenSession,
515 description: "A session entry related to an issued API token".to_string(),
516 indexed: true,
517 unique: true,
518 multivalue: true,
519 syntax: SyntaxType::ApiToken,
520 ..Default::default()
521};
522
523pub static ref SCHEMA_ATTR_USER_AUTH_TOKEN_SESSION: SchemaAttribute = SchemaAttribute {
524 uuid: UUID_SCHEMA_ATTR_USER_AUTH_TOKEN_SESSION,
525 name: Attribute::UserAuthTokenSession,
526 description: "A session entry related to an issued user auth token".to_string(),
527 indexed: true,
528 unique: true,
529 multivalue: true,
530 syntax: SyntaxType::Session,
531 ..Default::default()
532};
533
534pub static ref SCHEMA_ATTR_OAUTH2_SESSION: SchemaAttribute = SchemaAttribute {
535 uuid: UUID_SCHEMA_ATTR_OAUTH2_SESSION,
536 name: Attribute::OAuth2Session,
537 description: "A session entry to an active oauth2 session, bound to a parent user auth token".to_string(),
538 indexed: true,
539 multivalue: true,
540 syntax: SyntaxType::Oauth2Session,
541 ..Default::default()
542};
543
544pub static ref SCHEMA_ATTR_SYNC_TOKEN_SESSION: SchemaAttribute = SchemaAttribute {
545 uuid: UUID_SCHEMA_ATTR_SYNC_TOKEN_SESSION,
546 name: Attribute::SyncTokenSession,
547 description: "A session entry related to an issued sync token".to_string(),
548 indexed: true,
549 unique: true,
550 syntax: SyntaxType::ApiToken,
551 ..Default::default()
552};
553
554pub static ref SCHEMA_ATTR_SYNC_COOKIE: SchemaAttribute = SchemaAttribute {
555 uuid: UUID_SCHEMA_ATTR_SYNC_COOKIE,
556 name: Attribute::SyncCookie,
557 description: "A private sync cookie for a remote IDM source".to_string(),
558 syntax: SyntaxType::PrivateBinary,
559 ..Default::default()
560};
561
562pub static ref SCHEMA_ATTR_GRANT_UI_HINT: SchemaAttribute = SchemaAttribute {
563 uuid: UUID_SCHEMA_ATTR_GRANT_UI_HINT,
564 name: Attribute::GrantUiHint,
565 description: "A UI hint that is granted via membership to a group".to_string(),
566 indexed: true,
567 multivalue: true,
568 syntax: SyntaxType::UiHint,
569 ..Default::default()
570};
571
572pub static ref SCHEMA_ATTR_SYNC_CREDENTIAL_PORTAL: SchemaAttribute = SchemaAttribute {
573 uuid: UUID_SCHEMA_ATTR_SYNC_CREDENTIAL_PORTAL,
574 name: Attribute::SyncCredentialPortal,
575 description: "The url of an external credential portal for synced accounts to visit to update their credentials".to_string(),
576 syntax: SyntaxType::Url,
577 ..Default::default()
578};
579
580pub static ref SCHEMA_ATTR_SYNC_YIELD_AUTHORITY: SchemaAttribute = SchemaAttribute {
581 uuid: UUID_SCHEMA_ATTR_SYNC_YIELD_AUTHORITY,
582 name: Attribute::SyncYieldAuthority,
583 description: "A set of attributes that have their authority yielded to Kanidm in a sync agreement".to_string(),
584 multivalue: true,
585 syntax: SyntaxType::Utf8StringInsensitive,
586 ..Default::default()
587};
588
589pub static ref SCHEMA_ATTR_CREDENTIAL_TYPE_MINIMUM: SchemaAttribute = SchemaAttribute {
590 uuid: UUID_SCHEMA_ATTR_CREDENTIAL_TYPE_MINIMUM,
591 name: Attribute::CredentialTypeMinimum,
592 description: "The minimum level of credential type that can satisfy this policy".to_string(),
593 multivalue: false,
594 syntax: SyntaxType::CredentialType,
595 ..Default::default()
596};
597
598pub static ref SCHEMA_ATTR_LIMIT_SEARCH_MAX_RESULTS_DL6: SchemaAttribute = SchemaAttribute {
599 uuid: UUID_SCHEMA_ATTR_LIMIT_SEARCH_MAX_RESULTS,
600 name: Attribute::LimitSearchMaxResults,
601 description: "The maximum number of query results that may be returned in a single operation".to_string(),
602 multivalue: false,
603 syntax: SyntaxType::Uint32,
604 ..Default::default()
605};
606
607pub static ref SCHEMA_ATTR_LIMIT_SEARCH_MAX_FILTER_TEST_DL6: SchemaAttribute = SchemaAttribute {
608 uuid: UUID_SCHEMA_ATTR_LIMIT_SEARCH_MAX_FILTER_TEST,
609 name: Attribute::LimitSearchMaxFilterTest,
610 description: "The maximum number of entries that may be examined in a partially indexed query".to_string(),
611 multivalue: false,
612 syntax: SyntaxType::Uint32,
613 ..Default::default()
614};
615
616pub static ref SCHEMA_ATTR_KEY_INTERNAL_DATA_DL6: SchemaAttribute = SchemaAttribute {
617 uuid: UUID_SCHEMA_ATTR_KEY_INTERNAL_DATA,
618 name: Attribute::KeyInternalData,
619 description: "".to_string(),
620 multivalue: true,
621 syntax: SyntaxType::KeyInternal,
622 ..Default::default()
623};
624
625pub static ref SCHEMA_ATTR_KEY_PROVIDER_DL6: SchemaAttribute = SchemaAttribute {
626 uuid: UUID_SCHEMA_ATTR_KEY_PROVIDER,
627 name: Attribute::KeyProvider,
628 description: "".to_string(),
629 multivalue: false,
630 indexed: true,
631 syntax: SyntaxType::ReferenceUuid,
632 ..Default::default()
633};
634
635pub static ref SCHEMA_ATTR_KEY_ACTION_ROTATE_DL6: SchemaAttribute = SchemaAttribute {
636 uuid: UUID_SCHEMA_ATTR_KEY_ACTION_ROTATE,
637 name: Attribute::KeyActionRotate,
638 description: "".to_string(),
639 multivalue: false,
640 phantom: true,
642 syntax: SyntaxType::DateTime,
643 ..Default::default()
644};
645
646pub static ref SCHEMA_ATTR_KEY_ACTION_REVOKE_DL6: SchemaAttribute = SchemaAttribute {
647 uuid: UUID_SCHEMA_ATTR_KEY_ACTION_REVOKE,
648 name: Attribute::KeyActionRevoke,
649 description: "".to_string(),
650 multivalue: true,
651 phantom: true,
653 syntax: SyntaxType::HexString,
654 ..Default::default()
655};
656
657pub static ref SCHEMA_ATTR_KEY_ACTION_IMPORT_JWS_ES256_DL6: SchemaAttribute = SchemaAttribute {
658 uuid: UUID_SCHEMA_ATTR_KEY_ACTION_IMPORT_JWS_ES256,
659 name: Attribute::KeyActionImportJwsEs256,
660 description: "".to_string(),
661 multivalue: true,
662 phantom: true,
664 syntax: SyntaxType::PrivateBinary,
665 ..Default::default()
666};
667
668pub static ref SCHEMA_ATTR_KEY_ACTION_IMPORT_JWS_RS256_DL6: SchemaAttribute = SchemaAttribute {
669 uuid: UUID_SCHEMA_ATTR_KEY_ACTION_IMPORT_JWS_RS256,
670 name: Attribute::KeyActionImportJwsRs256,
671 description: "".to_string(),
672 multivalue: true,
673 phantom: true,
675 syntax: SyntaxType::PrivateBinary,
676 ..Default::default()
677};
678
679pub static ref SCHEMA_ATTR_PATCH_LEVEL_DL7: SchemaAttribute = SchemaAttribute {
680 uuid: UUID_SCHEMA_ATTR_PATCH_LEVEL,
681 name: Attribute::PatchLevel,
682 description: "".to_string(),
683 syntax: SyntaxType::Uint32,
684 ..Default::default()
685};
686
687pub static ref SCHEMA_ATTR_DOMAIN_DEVELOPMENT_TAINT_DL7: SchemaAttribute = SchemaAttribute {
688 uuid: UUID_SCHEMA_ATTR_DOMAIN_DEVELOPMENT_TAINT,
689 name: Attribute::DomainDevelopmentTaint,
690 description: "A flag to show that the domain has been run on a development build, and will need additional work to upgrade/migrate.".to_string(),
691 syntax: SyntaxType::Boolean,
692 ..Default::default()
693};
694
695pub static ref SCHEMA_ATTR_DOMAIN_ALLOW_EASTER_EGGS_DL9: SchemaAttribute = SchemaAttribute {
696 uuid: UUID_SCHEMA_ATTR_DOMAIN_ALLOW_EASTER_EGGS,
697 name: Attribute::DomainAllowEasterEggs,
698 description: "A flag to enable easter eggs in the server that may not always be wanted by all users/deployments.".to_string(),
699 syntax: SyntaxType::Boolean,
700 ..Default::default()
701};
702
703pub static ref SCHEMA_ATTR_REFERS_DL7: SchemaAttribute = SchemaAttribute {
704 uuid: UUID_SCHEMA_ATTR_REFERS,
705 name: Attribute::Refers,
706 description: "A reference to linked object".to_string(),
707 indexed: true,
708 multivalue: false,
709 syntax: SyntaxType::ReferenceUuid,
710 ..Default::default()
711};
712
713pub static ref SCHEMA_ATTR_LINKED_GROUP_DL8: SchemaAttribute = SchemaAttribute {
714 uuid: UUID_SCHEMA_ATTR_LINKED_GROUP,
715 name: Attribute::LinkedGroup,
716 description: "A reference linking a group to an entry".to_string(),
717 multivalue: false,
718 indexed: true,
719 syntax: SyntaxType::ReferenceUuid,
720 ..Default::default()
721};
722
723pub static ref SCHEMA_ATTR_ALLOW_PRIMARY_CRED_FALLBACK_DL8: SchemaAttribute = SchemaAttribute {
724 uuid: UUID_SCHEMA_ATTR_ALLOW_PRIMARY_CRED_FALLBACK,
725 name: Attribute::AllowPrimaryCredFallback,
726 description: "Allow fallback to primary password if no POSIX password exists".to_string(),
727 multivalue: false,
728 syntax: SyntaxType::Boolean,
729 ..Default::default()
730};
731
732pub static ref SCHEMA_ATTR_CERTIFICATE_DL7: SchemaAttribute = SchemaAttribute {
733 uuid: UUID_SCHEMA_ATTR_CERTIFICATE,
734 name: Attribute::Certificate,
735 description: "An x509 Certificate".to_string(),
736 multivalue: false,
737 syntax: SyntaxType::Certificate,
738 ..Default::default()
739};
740
741pub static ref SCHEMA_ATTR_APPLICATION_PASSWORD_DL8: SchemaAttribute = SchemaAttribute {
742 uuid: UUID_SCHEMA_ATTR_APPLICATION_PASSWORD,
743 name: Attribute::ApplicationPassword,
744 description: "A set of application passwords".to_string(),
745 multivalue: true,
746 indexed: true,
747 syntax: SyntaxType::ApplicationPassword,
748 ..Default::default()
749};
750
751pub static ref SCHEMA_ATTR_APPLICATION_URL: SchemaAttribute = SchemaAttribute {
752 uuid: UUID_SCHEMA_ATTR_APPLICATION_URL,
753 name: Attribute::ApplicationUrl,
754 description: "The URL of an external application".to_string(),
755 syntax: SyntaxType::Url,
756 ..Default::default()
757};
758
759pub static ref SCHEMA_CLASS_PERSON_DL8: SchemaClass = SchemaClass {
761 uuid: UUID_SCHEMA_CLASS_PERSON,
762 name: EntryClass::Person.into(),
763 description: "Object representation of a person".to_string(),
764
765 sync_allowed: true,
766 systemmay: vec![
767 Attribute::PrimaryCredential,
768 Attribute::PassKeys,
769 Attribute::AttestedPasskeys,
770 Attribute::CredentialUpdateIntentToken,
771 Attribute::SshPublicKey,
772 Attribute::RadiusSecret,
773 Attribute::OAuth2ConsentScopeMap,
774 Attribute::UserAuthTokenSession,
775 Attribute::OAuth2Session,
776 Attribute::Mail,
777 Attribute::LegalName,
778 Attribute::ApplicationPassword,
779 ],
780 systemmust: vec![
781 Attribute::IdVerificationEcKey
782 ],
783 systemexcludes: vec![EntryClass::ServiceAccount.into(), EntryClass::Application.into()],
784 ..Default::default()
785};
786
787pub static ref SCHEMA_CLASS_ORGPERSON: SchemaClass = SchemaClass {
788 uuid: UUID_SCHEMA_CLASS_ORGPERSON,
789 name: EntryClass::OrgPerson.into(),
790 description: "Object representation of an org person".to_string(),
791
792 systemmay: vec![
793 Attribute::LegalName
794 ],
795 systemmust: vec![
796 Attribute::Mail,
797 Attribute::DisplayName,
798 Attribute::Name
799 ],
800 ..Default::default()
801};
802
803pub static ref SCHEMA_CLASS_GROUP_DL6: SchemaClass = SchemaClass {
804 uuid: UUID_SCHEMA_CLASS_GROUP,
805 name: EntryClass::Group.into(),
806 description: "Object representation of a group".to_string(),
807
808 sync_allowed: true,
809 systemmay: vec![
810 Attribute::Member,
811 Attribute::GrantUiHint,
812 Attribute::Description,
813 Attribute::Mail,
814 ],
815 systemmust: vec![
816 Attribute::Name,
817 Attribute::Spn],
818 ..Default::default()
819};
820
821pub static ref SCHEMA_CLASS_DYNGROUP: SchemaClass = SchemaClass {
822 uuid: UUID_SCHEMA_CLASS_DYNGROUP,
823 name: EntryClass::DynGroup.into(),
824 description: "Object representation of a dynamic group".to_string(),
825
826 systemmust: vec![Attribute::DynGroupFilter],
827 systemmay: vec![Attribute::DynMember],
828 systemsupplements: vec![Attribute::Group.into()],
829 ..Default::default()
830};
831
832pub static ref SCHEMA_CLASS_ACCOUNT_POLICY_DL8: SchemaClass = SchemaClass {
833 uuid: UUID_SCHEMA_CLASS_ACCOUNT_POLICY,
834 name: EntryClass::AccountPolicy.into(),
835 description: "Policies applied to accounts that are members of a group".to_string(),
836
837 systemmay: vec![
838 Attribute::AuthSessionExpiry,
839 Attribute::PrivilegeExpiry,
840 Attribute::AuthPasswordMinimumLength,
841 Attribute::CredentialTypeMinimum,
842 Attribute::WebauthnAttestationCaList,
843 Attribute::LimitSearchMaxResults,
844 Attribute::LimitSearchMaxFilterTest,
845 Attribute::AllowPrimaryCredFallback,
846 ],
847 systemsupplements: vec![Attribute::Group.into()],
848 ..Default::default()
849};
850
851pub static ref SCHEMA_CLASS_ACCOUNT_DL5: SchemaClass = SchemaClass {
852 uuid: UUID_SCHEMA_CLASS_ACCOUNT,
853 name: EntryClass::Account.into(),
854 description: "Object representation of an account".to_string(),
855
856 sync_allowed: true,
857 systemmay: vec![
858 Attribute::AccountExpire,
859 Attribute::AccountValidFrom,
860 Attribute::NameHistory,
861 ],
862 systemmust: vec![
863 Attribute::DisplayName,
864 Attribute::Name,
865 Attribute::Spn
866 ],
867 systemsupplements: vec![
868 EntryClass::Person.into(),
869 EntryClass::ServiceAccount.into(),
870 EntryClass::OAuth2ResourceServer.into(),
871 ],
872 ..Default::default()
873};
874
875pub static ref SCHEMA_CLASS_SERVICE_ACCOUNT_DL7: SchemaClass = SchemaClass {
876 uuid: UUID_SCHEMA_CLASS_SERVICE_ACCOUNT,
877 name: EntryClass::ServiceAccount.into(),
878 description: "Object representation of service account".to_string(),
879
880 sync_allowed: true,
881 systemmay: vec![
882 Attribute::SshPublicKey,
883 Attribute::UserAuthTokenSession,
884 Attribute::OAuth2Session,
885 Attribute::OAuth2ConsentScopeMap,
886 Attribute::Description,
887
888 Attribute::Mail,
889 Attribute::PrimaryCredential,
890 Attribute::ApiTokenSession,
891 ],
892 systemexcludes: vec![EntryClass::Person.into()],
893 ..Default::default()
894};
895
896pub static ref SCHEMA_CLASS_SYNC_ACCOUNT_DL7: SchemaClass = SchemaClass {
897 uuid: UUID_SCHEMA_CLASS_SYNC_ACCOUNT,
898 name: EntryClass::SyncAccount.into(),
899 description: "Object representation of sync account".to_string(),
900
901 systemmust: vec![Attribute::Name],
902 systemmay: vec![
903 Attribute::SyncTokenSession,
904 Attribute::SyncCookie,
905 Attribute::SyncCredentialPortal,
906 Attribute::SyncYieldAuthority,
907 ],
908 systemexcludes: vec![EntryClass::Account.into()],
909 ..Default::default()
910};
911
912pub static ref SCHEMA_CLASS_DOMAIN_INFO_DL10: SchemaClass = SchemaClass {
913 uuid: UUID_SCHEMA_CLASS_DOMAIN_INFO,
914 name: EntryClass::DomainInfo.into(),
915 description: "Local domain information and configuration".to_string(),
916
917 systemmay: vec![
918 Attribute::DomainSsid,
919 Attribute::DomainLdapBasedn,
920 Attribute::LdapMaxQueryableAttrs,
921 Attribute::LdapAllowUnixPwBind,
922 Attribute::Image,
923 Attribute::PatchLevel,
924 Attribute::DomainDevelopmentTaint,
925 Attribute::DomainAllowEasterEggs,
926 Attribute::DomainDisplayName,
927 ],
928 systemmust: vec![
929 Attribute::Name,
930 Attribute::DomainUuid,
931 Attribute::DomainName,
932 Attribute::Version,
933 ],
934 ..Default::default()
935};
936
937pub static ref SCHEMA_CLASS_POSIXGROUP: SchemaClass = SchemaClass {
938 uuid: UUID_SCHEMA_CLASS_POSIXGROUP,
939 name: EntryClass::PosixGroup.into(),
940 description: "Object representation of a posix group, requires group".to_string(),
941
942 sync_allowed: true,
943 systemmust: vec![Attribute::GidNumber],
944 systemsupplements: vec![Attribute::Group.into()],
945 ..Default::default()
946};
947
948pub static ref SCHEMA_CLASS_POSIXACCOUNT: SchemaClass = SchemaClass {
949 uuid: UUID_SCHEMA_CLASS_POSIXACCOUNT,
950 name: EntryClass::PosixAccount.into(),
951 description: "Object representation of a posix account, requires account".to_string(),
952
953 sync_allowed: true,
954 systemmay: vec![Attribute::LoginShell, Attribute::UnixPassword],
955 systemmust: vec![Attribute::GidNumber],
956 systemsupplements: vec![Attribute::Account.into()],
957 ..Default::default()
958};
959
960pub static ref SCHEMA_CLASS_SYSTEM_CONFIG: SchemaClass = SchemaClass {
961 uuid: UUID_SCHEMA_CLASS_SYSTEM_CONFIG,
962 name: EntryClass::SystemConfig.into(),
963 description: "The class representing a system (topologies) configuration options".to_string(),
964
965 systemmay: vec![
966 Attribute::Description,
967 Attribute::BadlistPassword,
968 Attribute::AuthSessionExpiry,
969 Attribute::PrivilegeExpiry,
970 Attribute::DeniedName
971 ],
972 ..Default::default()
973};
974
975pub static ref SCHEMA_CLASS_OAUTH2_RS_DL9: SchemaClass = SchemaClass {
976 uuid: UUID_SCHEMA_CLASS_OAUTH2_RS,
977 name: EntryClass::OAuth2ResourceServer.into(),
978 description: "The class epresenting a configured OAuth2 Client".to_string(),
979
980 systemmay: vec![
981 Attribute::Description,
982 Attribute::OAuth2RsScopeMap,
983 Attribute::OAuth2RsSupScopeMap,
984 Attribute::OAuth2JwtLegacyCryptoEnable,
985 Attribute::OAuth2PreferShortUsername,
986 Attribute::Image,
987 Attribute::OAuth2RsClaimMap,
988 Attribute::OAuth2Session,
989 Attribute::OAuth2RsOrigin,
990 Attribute::OAuth2StrictRedirectUri,
991 Attribute::OAuth2DeviceFlowEnable,
992 Attribute::Rs256PrivateKeyDer,
994 Attribute::OAuth2RsTokenKey,
995 Attribute::Es256PrivateKeyDer,
996 ],
997 systemmust: vec![
998 Attribute::OAuth2RsOriginLanding,
999 ],
1000 ..Default::default()
1001};
1002
1003pub static ref SCHEMA_CLASS_OAUTH2_RS_BASIC_DL5: SchemaClass = SchemaClass {
1004 uuid: UUID_SCHEMA_CLASS_OAUTH2_RS_BASIC,
1005 name: EntryClass::OAuth2ResourceServerBasic.into(),
1006 description: "The class representing a configured OAuth2 client authenticated with HTTP basic authentication".to_string(),
1007
1008 systemmay: vec![
1009 Attribute::OAuth2AllowInsecureClientDisablePkce,
1010 ],
1011 systemmust: vec![ Attribute::OAuth2RsBasicSecret],
1012 systemexcludes: vec![ EntryClass::OAuth2ResourceServerPublic.into()],
1013 ..Default::default()
1014};
1015
1016pub static ref SCHEMA_CLASS_OAUTH2_RS_PUBLIC_DL4: SchemaClass = SchemaClass {
1018 uuid: UUID_SCHEMA_CLASS_OAUTH2_RS_PUBLIC,
1019 name: EntryClass::OAuth2ResourceServerPublic.into(),
1020 description: "The class representing a configured Public OAuth2 Client with PKCE verification".to_string(),
1021
1022 systemmay: vec![Attribute::OAuth2AllowLocalhostRedirect],
1023 systemexcludes: vec![EntryClass::OAuth2ResourceServerBasic.into()],
1024 ..Default::default()
1025};
1026
1027pub static ref SCHEMA_CLASS_KEY_PROVIDER_DL6: SchemaClass = SchemaClass {
1031 uuid: UUID_SCHEMA_CLASS_KEY_PROVIDER,
1032 name: EntryClass::KeyProvider.into(),
1033 description: "A provider for cryptographic key storage and operations".to_string(),
1034 systemmay: vec![
1035 Attribute::Description,
1036 ],
1037 systemmust: vec![
1038 Attribute::Name,
1039 ],
1040 systemsupplements: vec![
1041 EntryClass::KeyProviderInternal.into(),
1042 ],
1043 ..Default::default()
1044};
1045
1046pub static ref SCHEMA_CLASS_KEY_PROVIDER_INTERNAL_DL6: SchemaClass = SchemaClass {
1047 uuid: UUID_SCHEMA_CLASS_KEY_PROVIDER_INTERNAL,
1048 name: EntryClass::KeyProviderInternal.into(),
1049 description: "The Kanidm internal cryptographic key provider".to_string(),
1050 ..Default::default()
1051};
1052
1053pub static ref SCHEMA_CLASS_KEY_OBJECT_DL6: SchemaClass = SchemaClass {
1057 uuid: UUID_SCHEMA_CLASS_KEY_OBJECT,
1058 name: EntryClass::KeyObject.into(),
1059 description: "A cryptographic key object that can be used by a provider".to_string(),
1060 systemmust: vec![
1061 Attribute::KeyProvider,
1062 ],
1063 ..Default::default()
1064};
1065
1066pub static ref SCHEMA_CLASS_KEY_OBJECT_JWT_ES256_DL6: SchemaClass = SchemaClass {
1067 uuid: UUID_SCHEMA_CLASS_KEY_OBJECT_JWT_ES256,
1068 name: EntryClass::KeyObjectJwtEs256.into(),
1069 description: "A marker class indicating that this keyobject must provide jwt es256 capability.".to_string(),
1070 systemsupplements: vec![
1071 EntryClass::KeyObject.into(),
1072 ],
1073 ..Default::default()
1074};
1075
1076pub static ref SCHEMA_CLASS_KEY_OBJECT_JWT_RS256: SchemaClass = SchemaClass {
1077 uuid: UUID_SCHEMA_CLASS_KEY_OBJECT_JWT_RS256,
1078 name: EntryClass::KeyObjectJwtRs256.into(),
1079 description: "A marker class indicating that this keyobject must provide jwt rs256 capability.".to_string(),
1080 systemsupplements: vec![
1081 EntryClass::KeyObject.into(),
1082 ],
1083 ..Default::default()
1084};
1085
1086pub static ref SCHEMA_CLASS_KEY_OBJECT_JWE_A128GCM_DL6: SchemaClass = SchemaClass {
1087 uuid: UUID_SCHEMA_CLASS_KEY_OBJECT_JWE_A128GCM,
1088 name: EntryClass::KeyObjectJweA128GCM.into(),
1089 description: "A marker class indicating that this keyobject must provide jwe aes-256-gcm capability.".to_string(),
1090 systemsupplements: vec![
1091 EntryClass::KeyObject.into(),
1092 ],
1093 ..Default::default()
1094};
1095
1096pub static ref SCHEMA_CLASS_KEY_OBJECT_INTERNAL_DL6: SchemaClass = SchemaClass {
1097 uuid: UUID_SCHEMA_CLASS_KEY_OBJECT_INTERNAL,
1098 name: EntryClass::KeyObjectInternal.into(),
1099 description: "A cryptographic key object that can be used by the internal provider".to_string(),
1100 systemmay: vec![
1101 Attribute::KeyInternalData,
1102 ],
1103 systemsupplements: vec![
1104 EntryClass::KeyObject.into(),
1105 ],
1106 ..Default::default()
1107};
1108
1109pub static ref SCHEMA_CLASS_CLIENT_CERTIFICATE_DL7: SchemaClass = SchemaClass {
1112 uuid: UUID_SCHEMA_CLASS_CLIENT_CERTIFICATE,
1113 name: EntryClass::ClientCertificate.into(),
1114 description: "A client authentication certificate".to_string(),
1115 systemmay: vec![],
1116 systemmust: vec![
1117 Attribute::Certificate,
1118 Attribute::Refers,
1119 ],
1120 ..Default::default()
1121};
1122
1123pub static ref SCHEMA_CLASS_APPLICATION: SchemaClass = SchemaClass {
1124 uuid: UUID_SCHEMA_CLASS_APPLICATION,
1125 name: EntryClass::Application.into(),
1126
1127 description: "The class representing an application".to_string(),
1128 systemmust: vec![Attribute::LinkedGroup],
1129 systemmay: vec![
1130 Attribute::ApplicationUrl,
1131 ],
1132 systemsupplements: vec![EntryClass::ServiceAccount.into()],
1138 ..Default::default()
1139};
1140
1141);