1use crate::constants::entries::{Attribute, EntryClass};
3use crate::constants::uuids::*;
4use crate::schema::{SchemaAttribute, SchemaClass};
5use crate::value::SyntaxType;
6
7lazy_static!(
8
9pub static ref SCHEMA_ATTR_DISPLAYNAME: SchemaAttribute = SchemaAttribute {
10 uuid: UUID_SCHEMA_ATTR_DISPLAYNAME,
11 name: Attribute::DisplayName,
12 description: "The publicly visible display name of this person".to_string(),
13 sync_allowed: true,
14 syntax: SyntaxType::Utf8String,
15 ..Default::default()
16};
17
18pub static ref SCHEMA_ATTR_DISPLAYNAME_DL7: SchemaAttribute = SchemaAttribute {
19 uuid: UUID_SCHEMA_ATTR_DISPLAYNAME,
20 name: Attribute::DisplayName,
21 description: "The publicly visible display name of this person".to_string(),
22 sync_allowed: true,
23 syntax: SyntaxType::Utf8String,
24 ..Default::default()
25};
26
27pub static ref SCHEMA_ATTR_MAIL: SchemaAttribute = SchemaAttribute {
28 uuid: UUID_SCHEMA_ATTR_MAIL,
29 name: Attribute::Mail,
30 description: "Mail addresses of the object".to_string(),
31 unique: true,
32 multivalue: true,
33 sync_allowed: true,
34 syntax: SyntaxType::EmailAddress,
35 ..Default::default()
36};
37
38pub static ref SCHEMA_ATTR_MAIL_DL7: SchemaAttribute = SchemaAttribute {
39 uuid: UUID_SCHEMA_ATTR_MAIL,
40 name: Attribute::Mail,
41 description: "Mail addresses of the object".to_string(),
42 unique: true,
43 multivalue: true,
44 sync_allowed: true,
45 syntax: SyntaxType::EmailAddress,
46 ..Default::default()
47};
48
49pub static ref SCHEMA_ATTR_EC_KEY_PRIVATE: SchemaAttribute = SchemaAttribute {
50 uuid: UUID_SCHEMA_ATTR_EC_KEY_PRIVATE,
51 name: Attribute::IdVerificationEcKey,
52 description: "Account verification private key".to_string(),
53 unique: false,
54 sync_allowed: false,
55 syntax: SyntaxType::EcKeyPrivate,
56 ..Default::default()
57};
58
59pub static ref SCHEMA_ATTR_SSH_PUBLICKEY: SchemaAttribute = SchemaAttribute {
60 uuid: UUID_SCHEMA_ATTR_SSH_PUBLICKEY,
61 name: Attribute::SshPublicKey,
62 description: "SSH public keys of the object".to_string(),
63
64 multivalue: true,
65 sync_allowed: true,
66 syntax: SyntaxType::SshKey,
67 ..Default::default()
68};
69
70pub static ref SCHEMA_ATTR_PRIMARY_CREDENTIAL: SchemaAttribute = SchemaAttribute {
71 uuid: UUID_SCHEMA_ATTR_PRIMARY_CREDENTIAL,
72 name: Attribute::PrimaryCredential,
73 description: "Primary credential material of the account for authentication interactively".to_string(),
74 sync_allowed: true,
75 syntax: SyntaxType::Credential,
76 ..Default::default()
77};
78
79pub static ref SCHEMA_ATTR_LEGALNAME: SchemaAttribute = SchemaAttribute {
80 uuid: UUID_SCHEMA_ATTR_LEGALNAME,
81 name: Attribute::LegalName,
82 description: "The private and sensitive legal name of this person".to_string(),
83 sync_allowed: true,
84 syntax: SyntaxType::Utf8String,
85 ..Default::default()
86};
87
88pub static ref SCHEMA_ATTR_LEGALNAME_DL7: SchemaAttribute = SchemaAttribute {
89 uuid: UUID_SCHEMA_ATTR_LEGALNAME,
90 name: Attribute::LegalName,
91 description: "The private and sensitive legal name of this person".to_string(),
92 sync_allowed: true,
93 syntax: SyntaxType::Utf8String,
94 ..Default::default()
95};
96
97pub static ref SCHEMA_ATTR_NAME_HISTORY: SchemaAttribute = SchemaAttribute {
98 uuid: UUID_SCHEMA_ATTR_NAME_HISTORY,
99 name: Attribute::NameHistory,
100 description: "The history of names that a person has had".to_string(),
101 multivalue: true,
102 sync_allowed: true,
103 syntax: SyntaxType::AuditLogString,
104 ..Default::default()
105};
106
107pub static ref SCHEMA_ATTR_RADIUS_SECRET: SchemaAttribute = SchemaAttribute {
108 uuid: UUID_SCHEMA_ATTR_RADIUS_SECRET,
109 name: Attribute::RadiusSecret,
110 description: "The accounts generated radius secret for device network authentication".to_string(),
111
112 sync_allowed: true,
113 syntax: SyntaxType::SecretUtf8String,
114 ..Default::default()
115};
116
117pub static ref SCHEMA_ATTR_DOMAIN_NAME: SchemaAttribute = SchemaAttribute {
118 uuid: UUID_SCHEMA_ATTR_DOMAIN_NAME,
119 name: Attribute::DomainName,
120 description: "The domain's DNS name for webauthn and SPN generation purposes".to_string(),
121 unique: true,
122 syntax: SyntaxType::Utf8StringIname,
123 ..Default::default()
124};
125
126pub static ref SCHEMA_ATTR_LDAP_ALLOW_UNIX_PW_BIND: SchemaAttribute = SchemaAttribute {
127 uuid: UUID_SCHEMA_ATTR_LDAP_ALLOW_UNIX_PW_BIND,
128 name: Attribute::LdapAllowUnixPwBind,
129 description: "Configuration to enable binds to LDAP objects using their UNIX password".to_string(),
130
131 unique: false,
132 syntax: SyntaxType::Boolean,
133 ..Default::default()
134};
135
136pub static ref SCHEMA_ATTR_DOMAIN_LDAP_BASEDN: SchemaAttribute = SchemaAttribute {
137 uuid: UUID_SCHEMA_ATTR_DOMAIN_LDAP_BASEDN,
138 name: Attribute::DomainLdapBasedn,
139 description: "The domain's optional ldap basedn. If unset defaults to domain components of domain name".to_string(),
140
141 unique: true,
142 syntax: SyntaxType::Utf8StringInsensitive,
143 ..Default::default()
144};
145
146pub static ref SCHEMA_ATTR_DOMAIN_DISPLAY_NAME: SchemaAttribute = SchemaAttribute {
147 uuid: UUID_SCHEMA_ATTR_DOMAIN_DISPLAY_NAME,
148 name: Attribute::DomainDisplayName,
149 description: "The user-facing display name of the Kanidm domain".to_string(),
150 syntax: SyntaxType::Utf8String,
151 ..Default::default()
152};
153
154pub static ref SCHEMA_ATTR_DOMAIN_UUID: SchemaAttribute = SchemaAttribute {
155 uuid: UUID_SCHEMA_ATTR_DOMAIN_UUID,
156 name: Attribute::DomainUuid,
157 description: "The domain's uuid, used in CSN and trust relationships".to_string(),
158 unique: true,
159 syntax: SyntaxType::Uuid,
160 ..Default::default()
161};
162
163pub static ref SCHEMA_ATTR_DOMAIN_SSID: SchemaAttribute = SchemaAttribute {
164 uuid: UUID_SCHEMA_ATTR_DOMAIN_SSID,
165 name: Attribute::DomainSsid,
166 description: "The domains site-wide SSID for device autoconfiguration of wireless".to_string(),
167 unique: true,
168 syntax: SyntaxType::Utf8String,
169 ..Default::default()
170};
171
172pub static ref SCHEMA_ATTR_DENIED_NAME: SchemaAttribute = SchemaAttribute {
173 uuid: UUID_SCHEMA_ATTR_DENIED_NAME,
174 name: Attribute::DeniedName,
175 description: "Iname values that are not allowed to be used in 'name'.".to_string(),
176
177 syntax: SyntaxType::Utf8StringIname,
178 ..Default::default()
179};
180
181pub static ref SCHEMA_ATTR_DENIED_NAME_DL10: SchemaAttribute = SchemaAttribute {
182 uuid: UUID_SCHEMA_ATTR_DENIED_NAME,
183 name: Attribute::DeniedName,
184 description: "Iname values that are not allowed to be used in 'name'.".to_string(),
185
186 syntax: SyntaxType::Utf8StringIname,
187 multivalue: true,
188 ..Default::default()
189};
190
191pub static ref SCHEMA_ATTR_DOMAIN_TOKEN_KEY: SchemaAttribute = SchemaAttribute {
192 uuid: UUID_SCHEMA_ATTR_DOMAIN_TOKEN_KEY,
193 name: Attribute::DomainTokenKey,
194 description: "The domain token encryption private key (NOT USED)".to_string(),
195
196 syntax: SyntaxType::SecretUtf8String,
197 ..Default::default()
198};
199
200pub static ref SCHEMA_ATTR_FERNET_PRIVATE_KEY_STR: SchemaAttribute = SchemaAttribute {
201 uuid: UUID_SCHEMA_ATTR_FERNET_PRIVATE_KEY_STR,
202 name: Attribute::FernetPrivateKeyStr,
203 description: "The token encryption private key".to_string(),
204
205 syntax: SyntaxType::SecretUtf8String,
206 ..Default::default()
207};
208
209pub static ref SCHEMA_ATTR_GIDNUMBER: SchemaAttribute = SchemaAttribute {
210 uuid: UUID_SCHEMA_ATTR_GIDNUMBER,
211 name: Attribute::GidNumber,
212 description: "The groupid (uid) number of a group or account.to_string(). This is the same value as the UID number on posix accounts for security reasons".to_string(),
213 unique: true,
214 sync_allowed: true,
215 syntax: SyntaxType::Uint32,
216 ..Default::default()
217};
218
219pub static ref SCHEMA_ATTR_BADLIST_PASSWORD: SchemaAttribute = SchemaAttribute {
220 uuid: UUID_SCHEMA_ATTR_BADLIST_PASSWORD,
221 name: Attribute::BadlistPassword,
222 description: "A password that is badlisted meaning that it can not be set as a valid password by any user account".to_string(),
223
224 multivalue: true,
225 syntax: SyntaxType::Utf8StringInsensitive,
226 ..Default::default()
227};
228
229pub static ref SCHEMA_ATTR_AUTH_SESSION_EXPIRY: SchemaAttribute = SchemaAttribute {
230 uuid: UUID_SCHEMA_ATTR_AUTH_SESSION_EXPIRY,
231 name: Attribute::AuthSessionExpiry,
232 description: "An expiration time for an authentication session".to_string(),
233
234 syntax: SyntaxType::Uint32,
235 ..Default::default()
236};
237
238pub static ref SCHEMA_ATTR_AUTH_PRIVILEGE_EXPIRY: SchemaAttribute = SchemaAttribute {
239 uuid: UUID_SCHEMA_ATTR_AUTH_PRIVILEGE_EXPIRY,
240 name: Attribute::PrivilegeExpiry,
241 description: "An expiration time for a privileged authentication session".to_string(),
242
243 syntax: SyntaxType::Uint32,
244 ..Default::default()
245};
246
247pub static ref SCHEMA_ATTR_AUTH_PASSWORD_MINIMUM_LENGTH: SchemaAttribute = SchemaAttribute {
248 uuid: UUID_SCHEMA_ATTR_AUTH_PASSWORD_MINIMUM_LENGTH,
249 name: Attribute::AuthPasswordMinimumLength,
250 description: "Minimum length of passwords".to_string(),
251
252 syntax: SyntaxType::Uint32,
253 ..Default::default()
254};
255
256pub static ref SCHEMA_ATTR_LOGINSHELL: SchemaAttribute = SchemaAttribute {
257 uuid: UUID_SCHEMA_ATTR_LOGINSHELL,
258 name: Attribute::LoginShell,
259 description: "A POSIX user's UNIX login shell".to_string(),
260
261 sync_allowed: true,
262 syntax: SyntaxType::Utf8StringInsensitive,
263 ..Default::default()
264};
265
266pub static ref SCHEMA_ATTR_UNIX_PASSWORD: SchemaAttribute = SchemaAttribute {
267 uuid: UUID_SCHEMA_ATTR_UNIX_PASSWORD,
268 name: Attribute::UnixPassword,
269 description: "A POSIX user's UNIX login password".to_string(),
270 syntax: SyntaxType::Credential,
271 ..Default::default()
272};
273
274pub static ref SCHEMA_ATTR_NSUNIQUEID: SchemaAttribute = SchemaAttribute {
275 uuid: UUID_SCHEMA_ATTR_NSUNIQUEID,
276 name: Attribute::NsUniqueId,
277 description: "A unique id compatibility for 389-ds/dsee".to_string(),
278 unique: true,
279 sync_allowed: true,
280 syntax: SyntaxType::NsUniqueId,
281 ..Default::default()
282};
283
284pub static ref SCHEMA_ATTR_ACCOUNT_EXPIRE: SchemaAttribute = SchemaAttribute {
285 uuid: UUID_SCHEMA_ATTR_ACCOUNT_EXPIRE,
286 name: Attribute::AccountExpire,
287 description: "The datetime after which this account no longer may authenticate".to_string(),
288
289 sync_allowed: true,
290 syntax: SyntaxType::DateTime,
291 ..Default::default()
292};
293
294pub static ref SCHEMA_ATTR_ACCOUNT_VALID_FROM: SchemaAttribute = SchemaAttribute {
295 uuid: UUID_SCHEMA_ATTR_ACCOUNT_VALID_FROM,
296 name: Attribute::AccountValidFrom,
297 description: "The datetime after which this account may commence authenticating".to_string(),
298
299 sync_allowed: true,
300 syntax: SyntaxType::DateTime,
301 ..Default::default()
302};
303
304pub static ref SCHEMA_ATTR_WEBAUTHN_ATTESTATION_CA_LIST: SchemaAttribute = SchemaAttribute {
305 uuid: UUID_SCHEMA_ATTR_WEBAUTHN_ATTESTATION_CA_LIST,
306 name: Attribute::WebauthnAttestationCaList,
307 description: "A set of CA's that limit devices that can be used with webauthn".to_string(),
308
309 syntax: SyntaxType::WebauthnAttestationCaList,
310 multivalue: true,
311 ..Default::default()
312};
313
314pub static ref SCHEMA_ATTR_OAUTH2_RS_NAME: SchemaAttribute = SchemaAttribute {
315 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_NAME,
316 name: Attribute::OAuth2RsName,
317 description: "The unique name of an external Oauth2 resource".to_string(),
318 unique: true,
319 syntax: SyntaxType::Utf8StringIname,
320 ..Default::default()
321};
322
323pub static ref SCHEMA_ATTR_OAUTH2_RS_ORIGIN: SchemaAttribute = SchemaAttribute {
324 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_ORIGIN,
325 name: Attribute::OAuth2RsOrigin,
326 description: "The origin domain of an oauth2 resource server".to_string(),
327
328 syntax: SyntaxType::Url,
329 ..Default::default()
330};
331
332pub static ref SCHEMA_ATTR_OAUTH2_RS_ORIGIN_DL7: SchemaAttribute = SchemaAttribute {
333 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_ORIGIN,
334 name: Attribute::OAuth2RsOrigin,
335 description: "The origin domain of an OAuth2 client".to_string(),
336
337 syntax: SyntaxType::Url,
338 multivalue: true,
339 ..Default::default()
340};
341
342pub static ref SCHEMA_ATTR_OAUTH2_RS_ORIGIN_LANDING: SchemaAttribute = SchemaAttribute {
343 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_ORIGIN_LANDING,
344 name: Attribute::OAuth2RsOriginLanding,
345 description: "The landing page of an RS, that will automatically trigger the auth process".to_string(),
346
347 syntax: SyntaxType::Url,
348 ..Default::default()
349};
350
351pub static ref SCHEMA_ATTR_OAUTH2_ALLOW_LOCALHOST_REDIRECT_DL4: SchemaAttribute = SchemaAttribute {
353 uuid: UUID_SCHEMA_ATTR_OAUTH2_ALLOW_LOCALHOST_REDIRECT,
354 name: Attribute::OAuth2AllowLocalhostRedirect,
355 description: "Allow public clients associated to this RS to redirect to localhost".to_string(),
356
357 syntax: SyntaxType::Boolean,
358 ..Default::default()
359};
360
361pub static ref SCHEMA_ATTR_OAUTH2_RS_CLAIM_MAP_DL4: SchemaAttribute = SchemaAttribute {
362 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_CLAIM_MAP,
363 name: Attribute::OAuth2RsClaimMap,
364 description: "A set of custom claims mapped to group memberships of accounts".to_string(),
365 multivalue: true,
366 syntax: SyntaxType::OauthClaimMap,
368 ..Default::default()
369};
370
371pub static ref SCHEMA_ATTR_OAUTH2_RS_SCOPE_MAP: SchemaAttribute = SchemaAttribute {
372 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_SCOPE_MAP,
373 name: Attribute::OAuth2RsScopeMap,
374 description: "A reference to a group mapped to scopes for the associated oauth2 resource server".to_string(),
375 multivalue: true,
376 syntax: SyntaxType::OauthScopeMap,
377 ..Default::default()
378};
379
380pub static ref SCHEMA_ATTR_OAUTH2_RS_SUP_SCOPE_MAP: SchemaAttribute = SchemaAttribute {
381 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_SUP_SCOPE_MAP,
382 name: Attribute::OAuth2RsSupScopeMap,
383 description: "A reference to a group mapped to scopes for the associated oauth2 resource server".to_string(),
384 multivalue: true,
385 syntax: SyntaxType::OauthScopeMap,
386 ..Default::default()
387};
388
389pub static ref SCHEMA_ATTR_OAUTH2_RS_BASIC_SECRET: SchemaAttribute = SchemaAttribute {
390 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_BASIC_SECRET,
391 name: Attribute::OAuth2RsBasicSecret,
392 description: "When using oauth2 basic authentication, the secret string of the resource server".to_string(),
393
394 syntax: SyntaxType::SecretUtf8String,
395 ..Default::default()
396};
397
398pub static ref SCHEMA_ATTR_OAUTH2_RS_TOKEN_KEY: SchemaAttribute = SchemaAttribute {
399 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_TOKEN_KEY,
400 name: Attribute::OAuth2RsTokenKey,
401 description: "An oauth2 resource servers unique token signing key".to_string(),
402
403 syntax: SyntaxType::SecretUtf8String,
404 ..Default::default()
405};
406
407pub static ref SCHEMA_ATTR_OAUTH2_RS_IMPLICIT_SCOPES: SchemaAttribute = SchemaAttribute {
408 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_IMPLICIT_SCOPES,
409 name: Attribute::OAuth2RsImplicitScopes,
410 description: "An oauth2 resource servers scopes that are implicitly granted to all users".to_string(),
411
412 multivalue: true,
413 syntax: SyntaxType::OauthScope,
414 ..Default::default()
415};
416
417pub static ref SCHEMA_ATTR_OAUTH2_CONSENT_SCOPE_MAP: SchemaAttribute = SchemaAttribute {
418 uuid: UUID_SCHEMA_ATTR_OAUTH2_CONSENT_SCOPE_MAP,
419 name: Attribute::OAuth2ConsentScopeMap,
420 description: "A set of scopes mapped from a relying server to a user, where the user has previously consented to the following. If changed or deleted, consent will be re-sought".to_string(),
421 multivalue: true,
422 syntax: SyntaxType::OauthScopeMap,
423 ..Default::default()
424};
425
426pub static ref SCHEMA_ATTR_OAUTH2_STRICT_REDIRECT_URI_DL7: SchemaAttribute = SchemaAttribute {
427 uuid: UUID_SCHEMA_ATTR_OAUTH2_STRICT_REDIRECT_URI,
428 name: Attribute::OAuth2StrictRedirectUri,
429 description: "Represents if strict redirect uri enforcement is enabled.".to_string(),
430
431 syntax: SyntaxType::Boolean,
432 ..Default::default()
433};
434
435
436pub static ref SCHEMA_ATTR_OAUTH2_DEVICE_FLOW_ENABLE_DL9: SchemaAttribute = SchemaAttribute {
437 uuid: UUID_SCHEMA_ATTR_OAUTH2_DEVICE_FLOW_ENABLE,
438 name: Attribute::OAuth2DeviceFlowEnable,
439 description: "Represents if OAuth2 Device Flow is permitted on this client.".to_string(),
440
441 syntax: SyntaxType::Boolean,
442 ..Default::default()
443};
444
445pub static ref SCHEMA_ATTR_ES256_PRIVATE_KEY_DER: SchemaAttribute = SchemaAttribute {
446 uuid: UUID_SCHEMA_ATTR_ES256_PRIVATE_KEY_DER,
447 name: Attribute::Es256PrivateKeyDer,
448 description: "An es256 private key".to_string(),
449
450 syntax: SyntaxType::PrivateBinary,
451 ..Default::default()
452};
453
454pub static ref SCHEMA_ATTR_RS256_PRIVATE_KEY_DER: SchemaAttribute = SchemaAttribute {
455 uuid: UUID_SCHEMA_ATTR_RS256_PRIVATE_KEY_DER,
456 name: Attribute::Rs256PrivateKeyDer,
457 description: "An rs256 private key".to_string(),
458
459 syntax: SyntaxType::PrivateBinary,
460 ..Default::default()
461};
462
463pub static ref SCHEMA_ATTR_JWS_ES256_PRIVATE_KEY: SchemaAttribute = SchemaAttribute {
464 uuid: UUID_SCHEMA_ATTR_JWS_ES256_PRIVATE_KEY,
465 name: Attribute::JwsEs256PrivateKey,
466 description: "An es256 private key for jws".to_string(),
467 unique: true,
468 syntax: SyntaxType::JwsKeyEs256,
469 ..Default::default()
470};
471
472pub static ref SCHEMA_ATTR_PRIVATE_COOKIE_KEY: SchemaAttribute = SchemaAttribute {
474 uuid: UUID_SCHEMA_ATTR_PRIVATE_COOKIE_KEY,
475 name: Attribute::PrivateCookieKey,
476 description: "An private cookie hmac key".to_string(),
477
478 syntax: SyntaxType::PrivateBinary,
479 ..Default::default()
480};
481
482pub static ref SCHEMA_ATTR_OAUTH2_ALLOW_INSECURE_CLIENT_DISABLE_PKCE: SchemaAttribute = SchemaAttribute {
483 uuid: UUID_SCHEMA_ATTR_OAUTH2_ALLOW_INSECURE_CLIENT_DISABLE_PKCE,
484 name: Attribute::OAuth2AllowInsecureClientDisablePkce,
485 description: "Allows disabling of PKCE for insecure OAuth2 clients".to_string(),
486
487 syntax: SyntaxType::Boolean,
488 ..Default::default()
489};
490
491pub static ref SCHEMA_ATTR_OAUTH2_JWT_LEGACY_CRYPTO_ENABLE: SchemaAttribute = SchemaAttribute {
492 uuid: UUID_SCHEMA_ATTR_OAUTH2_JWT_LEGACY_CRYPTO_ENABLE,
493 name: Attribute::OAuth2JwtLegacyCryptoEnable,
494 description: "Allows enabling legacy JWT cryptograhpy for clients".to_string(),
495
496 syntax: SyntaxType::Boolean,
497 ..Default::default()
498};
499
500pub static ref SCHEMA_ATTR_CREDENTIAL_UPDATE_INTENT_TOKEN: SchemaAttribute = SchemaAttribute {
501 uuid: UUID_SCHEMA_ATTR_CREDENTIAL_UPDATE_INTENT_TOKEN,
502 name: Attribute::CredentialUpdateIntentToken,
503 description: "The status of a credential update intent token".to_string(),
504 multivalue: true,
505 syntax: SyntaxType::IntentToken,
506 ..Default::default()
507};
508
509pub static ref SCHEMA_ATTR_PASSKEYS: SchemaAttribute = SchemaAttribute {
510 uuid: UUID_SCHEMA_ATTR_PASSKEYS,
511 name: Attribute::PassKeys,
512 description: "A set of registered passkeys".to_string(),
513 multivalue: true,
514 sync_allowed: true,
515 syntax: SyntaxType::Passkey,
516 ..Default::default()
517};
518
519pub static ref SCHEMA_ATTR_ATTESTED_PASSKEYS: SchemaAttribute = SchemaAttribute {
520 uuid: UUID_SCHEMA_ATTR_ATTESTED_PASSKEYS,
521 name: Attribute::AttestedPasskeys,
522 description: "A set of registered device keys".to_string(),
523 multivalue: true,
524 sync_allowed: true,
525 syntax: SyntaxType::AttestedPasskey,
526 ..Default::default()
527};
528
529pub static ref SCHEMA_ATTR_DYNGROUP_FILTER: SchemaAttribute = SchemaAttribute {
530 uuid: UUID_SCHEMA_ATTR_DYNGROUP_FILTER,
531 name: Attribute::DynGroupFilter,
532 description: "A filter describing the set of entries to add to a dynamic group".to_string(),
533
534 syntax: SyntaxType::JsonFilter,
535 ..Default::default()
536};
537
538pub static ref SCHEMA_ATTR_OAUTH2_PREFER_SHORT_USERNAME: SchemaAttribute = SchemaAttribute {
539 uuid: UUID_SCHEMA_ATTR_OAUTH2_PREFER_SHORT_USERNAME,
540 name: Attribute::OAuth2PreferShortUsername,
541 description: "Use 'name' instead of 'spn' in the preferred_username claim".to_string(),
542
543 syntax: SyntaxType::Boolean,
544 ..Default::default()
545};
546
547pub static ref SCHEMA_ATTR_API_TOKEN_SESSION: SchemaAttribute = SchemaAttribute {
548 uuid: UUID_SCHEMA_ATTR_API_TOKEN_SESSION,
549 name: Attribute::ApiTokenSession,
550 description: "A session entry related to an issued API token".to_string(),
551 unique: true,
552 multivalue: true,
553 syntax: SyntaxType::ApiToken,
554 ..Default::default()
555};
556
557pub static ref SCHEMA_ATTR_USER_AUTH_TOKEN_SESSION: SchemaAttribute = SchemaAttribute {
558 uuid: UUID_SCHEMA_ATTR_USER_AUTH_TOKEN_SESSION,
559 name: Attribute::UserAuthTokenSession,
560 description: "A session entry related to an issued user auth token".to_string(),
561 unique: true,
562 multivalue: true,
563 syntax: SyntaxType::Session,
564 ..Default::default()
565};
566
567pub static ref SCHEMA_ATTR_OAUTH2_SESSION: SchemaAttribute = SchemaAttribute {
568 uuid: UUID_SCHEMA_ATTR_OAUTH2_SESSION,
569 name: Attribute::OAuth2Session,
570 description: "A session entry to an active oauth2 session, bound to a parent user auth token".to_string(),
571 multivalue: true,
572 syntax: SyntaxType::Oauth2Session,
573 ..Default::default()
574};
575
576pub static ref SCHEMA_ATTR_SYNC_TOKEN_SESSION: SchemaAttribute = SchemaAttribute {
577 uuid: UUID_SCHEMA_ATTR_SYNC_TOKEN_SESSION,
578 name: Attribute::SyncTokenSession,
579 description: "A session entry related to an issued sync token".to_string(),
580 unique: true,
581 syntax: SyntaxType::ApiToken,
582 ..Default::default()
583};
584
585pub static ref SCHEMA_ATTR_SYNC_COOKIE: SchemaAttribute = SchemaAttribute {
586 uuid: UUID_SCHEMA_ATTR_SYNC_COOKIE,
587 name: Attribute::SyncCookie,
588 description: "A private sync cookie for a remote IDM source".to_string(),
589
590 syntax: SyntaxType::PrivateBinary,
591 ..Default::default()
592};
593
594pub static ref SCHEMA_ATTR_GRANT_UI_HINT: SchemaAttribute = SchemaAttribute {
595 uuid: UUID_SCHEMA_ATTR_GRANT_UI_HINT,
596 name: Attribute::GrantUiHint,
597 description: "A UI hint that is granted via membership to a group".to_string(),
598 multivalue: true,
599 syntax: SyntaxType::UiHint,
600 ..Default::default()
601};
602
603pub static ref SCHEMA_ATTR_SYNC_CREDENTIAL_PORTAL: SchemaAttribute = SchemaAttribute {
604 uuid: UUID_SCHEMA_ATTR_SYNC_CREDENTIAL_PORTAL,
605 name: Attribute::SyncCredentialPortal,
606 description: "The url of an external credential portal for synced accounts to visit to update their credentials".to_string(),
607
608 syntax: SyntaxType::Url,
609 ..Default::default()
610};
611
612pub static ref SCHEMA_ATTR_SYNC_YIELD_AUTHORITY: SchemaAttribute = SchemaAttribute {
613 uuid: UUID_SCHEMA_ATTR_SYNC_YIELD_AUTHORITY,
614 name: Attribute::SyncYieldAuthority,
615 description: "A set of attributes that have their authority yielded to Kanidm in a sync agreement".to_string(),
616
617 multivalue: true,
618 syntax: SyntaxType::Utf8StringInsensitive,
619 ..Default::default()
620};
621
622pub static ref SCHEMA_ATTR_CREDENTIAL_TYPE_MINIMUM: SchemaAttribute = SchemaAttribute {
623 uuid: UUID_SCHEMA_ATTR_CREDENTIAL_TYPE_MINIMUM,
624 name: Attribute::CredentialTypeMinimum,
625 description: "The minimum level of credential type that can satisfy this policy".to_string(),
626
627 multivalue: false,
628 syntax: SyntaxType::CredentialType,
629 ..Default::default()
630};
631
632pub static ref SCHEMA_ATTR_LIMIT_SEARCH_MAX_RESULTS_DL6: SchemaAttribute = SchemaAttribute {
633 uuid: UUID_SCHEMA_ATTR_LIMIT_SEARCH_MAX_RESULTS,
634 name: Attribute::LimitSearchMaxResults,
635 description: "The maximum number of query results that may be returned in a single operation".to_string(),
636
637 multivalue: false,
638 syntax: SyntaxType::Uint32,
639 ..Default::default()
640};
641
642pub static ref SCHEMA_ATTR_LIMIT_SEARCH_MAX_FILTER_TEST_DL6: SchemaAttribute = SchemaAttribute {
643 uuid: UUID_SCHEMA_ATTR_LIMIT_SEARCH_MAX_FILTER_TEST,
644 name: Attribute::LimitSearchMaxFilterTest,
645 description: "The maximum number of entries that may be examined in a partially indexed query".to_string(),
646
647 multivalue: false,
648 syntax: SyntaxType::Uint32,
649 ..Default::default()
650};
651
652pub static ref SCHEMA_ATTR_KEY_INTERNAL_DATA_DL6: SchemaAttribute = SchemaAttribute {
653 uuid: UUID_SCHEMA_ATTR_KEY_INTERNAL_DATA,
654 name: Attribute::KeyInternalData,
655 description: "".to_string(),
656 multivalue: true,
657 syntax: SyntaxType::KeyInternal,
658 ..Default::default()
659};
660
661pub static ref SCHEMA_ATTR_KEY_PROVIDER_DL6: SchemaAttribute = SchemaAttribute {
662 uuid: UUID_SCHEMA_ATTR_KEY_PROVIDER,
663 name: Attribute::KeyProvider,
664 description: "".to_string(),
665 multivalue: false,
666 syntax: SyntaxType::ReferenceUuid,
667 ..Default::default()
668};
669
670pub static ref SCHEMA_ATTR_KEY_ACTION_ROTATE_DL6: SchemaAttribute = SchemaAttribute {
671 uuid: UUID_SCHEMA_ATTR_KEY_ACTION_ROTATE,
672 name: Attribute::KeyActionRotate,
673 description: "".to_string(),
674 multivalue: false,
675 phantom: true,
677 syntax: SyntaxType::DateTime,
678 ..Default::default()
679};
680
681pub static ref SCHEMA_ATTR_KEY_ACTION_REVOKE_DL6: SchemaAttribute = SchemaAttribute {
682 uuid: UUID_SCHEMA_ATTR_KEY_ACTION_REVOKE,
683 name: Attribute::KeyActionRevoke,
684 description: "".to_string(),
685 multivalue: true,
686 phantom: true,
688 syntax: SyntaxType::HexString,
689 ..Default::default()
690};
691
692pub static ref SCHEMA_ATTR_KEY_ACTION_IMPORT_JWS_ES256_DL6: SchemaAttribute = SchemaAttribute {
693 uuid: UUID_SCHEMA_ATTR_KEY_ACTION_IMPORT_JWS_ES256,
694 name: Attribute::KeyActionImportJwsEs256,
695 description: "".to_string(),
696 multivalue: true,
697 phantom: true,
699 syntax: SyntaxType::PrivateBinary,
700 ..Default::default()
701};
702
703pub static ref SCHEMA_ATTR_PATCH_LEVEL_DL7: SchemaAttribute = SchemaAttribute {
704 uuid: UUID_SCHEMA_ATTR_PATCH_LEVEL,
705 name: Attribute::PatchLevel,
706 description: "".to_string(),
707 syntax: SyntaxType::Uint32,
708 ..Default::default()
709};
710
711pub static ref SCHEMA_ATTR_DOMAIN_DEVELOPMENT_TAINT_DL7: SchemaAttribute = SchemaAttribute {
712 uuid: UUID_SCHEMA_ATTR_DOMAIN_DEVELOPMENT_TAINT,
713 name: Attribute::DomainDevelopmentTaint,
714 description: "A flag to show that the domain has been run on a development build, and will need additional work to upgrade/migrate.".to_string(),
715 syntax: SyntaxType::Boolean,
716 ..Default::default()
717};
718
719pub static ref SCHEMA_ATTR_DOMAIN_ALLOW_EASTER_EGGS_DL9: SchemaAttribute = SchemaAttribute {
720 uuid: UUID_SCHEMA_ATTR_DOMAIN_ALLOW_EASTER_EGGS,
721 name: Attribute::DomainAllowEasterEggs,
722 description: "A flag to enable easter eggs in the server that may not always be wanted by all users/deployments.".to_string(),
723 syntax: SyntaxType::Boolean,
724 ..Default::default()
725};
726
727pub static ref SCHEMA_ATTR_REFERS_DL7: SchemaAttribute = SchemaAttribute {
728 uuid: UUID_SCHEMA_ATTR_REFERS,
729 name: Attribute::Refers,
730 description: "A reference to linked object".to_string(),
731 multivalue: false,
732 syntax: SyntaxType::ReferenceUuid,
733 ..Default::default()
734};
735
736pub static ref SCHEMA_ATTR_LINKED_GROUP_DL8: SchemaAttribute = SchemaAttribute {
737 uuid: UUID_SCHEMA_ATTR_LINKED_GROUP,
738 name: Attribute::LinkedGroup,
739 description: "A reference linking a group to an entry".to_string(),
740
741 multivalue: false,
742 syntax: SyntaxType::ReferenceUuid,
743 ..Default::default()
744};
745
746pub static ref SCHEMA_ATTR_ALLOW_PRIMARY_CRED_FALLBACK_DL8: SchemaAttribute = SchemaAttribute {
747 uuid: UUID_SCHEMA_ATTR_ALLOW_PRIMARY_CRED_FALLBACK,
748 name: Attribute::AllowPrimaryCredFallback,
749 description: "Allow fallback to primary password if no POSIX password exists".to_string(),
750
751 multivalue: false,
752 syntax: SyntaxType::Boolean,
753 ..Default::default()
754};
755
756pub static ref SCHEMA_ATTR_CERTIFICATE_DL7: SchemaAttribute = SchemaAttribute {
757 uuid: UUID_SCHEMA_ATTR_CERTIFICATE,
758 name: Attribute::Certificate,
759 description: "An x509 Certificate".to_string(),
760 multivalue: false,
761 syntax: SyntaxType::Certificate,
762 ..Default::default()
763};
764
765pub static ref SCHEMA_ATTR_APPLICATION_PASSWORD_DL8: SchemaAttribute = SchemaAttribute {
766 uuid: UUID_SCHEMA_ATTR_APPLICATION_PASSWORD,
767 name: Attribute::ApplicationPassword,
768 description: "A set of application passwords".to_string(),
769
770 multivalue: true,
771 syntax: SyntaxType::ApplicationPassword,
772 ..Default::default()
773};
774
775pub static ref SCHEMA_CLASS_PERSON: SchemaClass = SchemaClass {
778 uuid: UUID_SCHEMA_CLASS_PERSON,
779 name: EntryClass::Person.into(),
780 description: "Object representation of a person".to_string(),
781
782 sync_allowed: true,
783 systemmay: vec![
784 Attribute::Mail,
785 Attribute::LegalName,
786 ],
787 systemmust: vec![
788 Attribute::DisplayName,
789 Attribute::Name,
790 Attribute::IdVerificationEcKey],
791 ..Default::default()
792};
793
794pub static ref SCHEMA_CLASS_PERSON_DL5: SchemaClass = SchemaClass {
795 uuid: UUID_SCHEMA_CLASS_PERSON,
796 name: EntryClass::Person.into(),
797 description: "Object representation of a person".to_string(),
798
799 sync_allowed: true,
800 systemmay: vec![
801 Attribute::PrimaryCredential,
802 Attribute::PassKeys,
803 Attribute::AttestedPasskeys,
804 Attribute::CredentialUpdateIntentToken,
805 Attribute::SshPublicKey,
806 Attribute::RadiusSecret,
807 Attribute::OAuth2ConsentScopeMap,
808 Attribute::UserAuthTokenSession,
809 Attribute::OAuth2Session,
810 Attribute::Mail,
811 Attribute::LegalName,
812 ],
813 systemmust: vec![
814 Attribute::IdVerificationEcKey
815 ],
816 systemexcludes: vec![EntryClass::ServiceAccount.into(), EntryClass::Application.into()],
817 ..Default::default()
818};
819
820pub static ref SCHEMA_CLASS_PERSON_DL8: SchemaClass = SchemaClass {
821 uuid: UUID_SCHEMA_CLASS_PERSON,
822 name: EntryClass::Person.into(),
823 description: "Object representation of a person".to_string(),
824
825 sync_allowed: true,
826 systemmay: vec![
827 Attribute::PrimaryCredential,
828 Attribute::PassKeys,
829 Attribute::AttestedPasskeys,
830 Attribute::CredentialUpdateIntentToken,
831 Attribute::SshPublicKey,
832 Attribute::RadiusSecret,
833 Attribute::OAuth2ConsentScopeMap,
834 Attribute::UserAuthTokenSession,
835 Attribute::OAuth2Session,
836 Attribute::Mail,
837 Attribute::LegalName,
838 Attribute::ApplicationPassword,
839 ],
840 systemmust: vec![
841 Attribute::IdVerificationEcKey
842 ],
843 systemexcludes: vec![EntryClass::ServiceAccount.into(), EntryClass::Application.into()],
844 ..Default::default()
845};
846
847pub static ref SCHEMA_CLASS_ORGPERSON: SchemaClass = SchemaClass {
848 uuid: UUID_SCHEMA_CLASS_ORGPERSON,
849 name: EntryClass::OrgPerson.into(),
850 description: "Object representation of an org person".to_string(),
851
852 systemmay: vec![
853 Attribute::LegalName
854 ],
855 systemmust: vec![
856 Attribute::Mail,
857 Attribute::DisplayName,
858 Attribute::Name
859 ],
860 ..Default::default()
861};
862
863pub static ref SCHEMA_CLASS_GROUP_DL6: SchemaClass = SchemaClass {
864 uuid: UUID_SCHEMA_CLASS_GROUP,
865 name: EntryClass::Group.into(),
866 description: "Object representation of a group".to_string(),
867
868 sync_allowed: true,
869 systemmay: vec![
870 Attribute::Member,
871 Attribute::GrantUiHint,
872 Attribute::Description,
873 Attribute::Mail,
874 ],
875 systemmust: vec![
876 Attribute::Name,
877 Attribute::Spn],
878 ..Default::default()
879};
880
881pub static ref SCHEMA_CLASS_DYNGROUP: SchemaClass = SchemaClass {
882 uuid: UUID_SCHEMA_CLASS_DYNGROUP,
883 name: EntryClass::DynGroup.into(),
884 description: "Object representation of a dynamic group".to_string(),
885
886 systemmust: vec![Attribute::DynGroupFilter],
887 systemmay: vec![Attribute::DynMember],
888 systemsupplements: vec![Attribute::Group.into()],
889 ..Default::default()
890};
891
892pub static ref SCHEMA_CLASS_ACCOUNT_POLICY_DL6: SchemaClass = SchemaClass {
893 uuid: UUID_SCHEMA_CLASS_ACCOUNT_POLICY,
894 name: EntryClass::AccountPolicy.into(),
895 description: "Policies applied to accounts that are members of a group".to_string(),
896
897 systemmay: vec![
898 Attribute::AuthSessionExpiry,
899 Attribute::PrivilegeExpiry,
900 Attribute::AuthPasswordMinimumLength,
901 Attribute::CredentialTypeMinimum,
902 Attribute::WebauthnAttestationCaList,
903 Attribute::LimitSearchMaxResults,
904 Attribute::LimitSearchMaxFilterTest,
905 ],
906 systemsupplements: vec![Attribute::Group.into()],
907 ..Default::default()
908};
909
910pub static ref SCHEMA_CLASS_ACCOUNT_POLICY_DL8: SchemaClass = SchemaClass {
911 uuid: UUID_SCHEMA_CLASS_ACCOUNT_POLICY,
912 name: EntryClass::AccountPolicy.into(),
913 description: "Policies applied to accounts that are members of a group".to_string(),
914
915 systemmay: vec![
916 Attribute::AuthSessionExpiry,
917 Attribute::PrivilegeExpiry,
918 Attribute::AuthPasswordMinimumLength,
919 Attribute::CredentialTypeMinimum,
920 Attribute::WebauthnAttestationCaList,
921 Attribute::LimitSearchMaxResults,
922 Attribute::LimitSearchMaxFilterTest,
923 Attribute::AllowPrimaryCredFallback,
924 ],
925 systemsupplements: vec![Attribute::Group.into()],
926 ..Default::default()
927};
928
929pub static ref SCHEMA_CLASS_ACCOUNT: SchemaClass = SchemaClass {
930 uuid: UUID_SCHEMA_CLASS_ACCOUNT,
931 name: EntryClass::Account.into(),
932 description: "Object representation of an account".to_string(),
933
934 sync_allowed: true,
935 systemmay: vec![
936 Attribute::PrimaryCredential,
937 Attribute::PassKeys,
938 Attribute::AttestedPasskeys,
939 Attribute::CredentialUpdateIntentToken,
940 Attribute::SshPublicKey,
941 Attribute::RadiusSecret,
942 Attribute::AccountExpire,
943 Attribute::AccountValidFrom,
944 Attribute::Mail,
945 Attribute::OAuth2ConsentScopeMap,
946 Attribute::UserAuthTokenSession,
947 Attribute::OAuth2Session,
948 Attribute::Description,
949 Attribute::NameHistory,
950 ],
951 systemmust: vec![
952 Attribute::DisplayName,
953 Attribute::Name,
954 Attribute::Spn
955 ],
956 systemsupplements: vec![
957 EntryClass::Person.into(),
958 EntryClass::ServiceAccount.into(),
959 ],
960 ..Default::default()
961};
962
963pub static ref SCHEMA_CLASS_ACCOUNT_DL5: SchemaClass = SchemaClass {
964 uuid: UUID_SCHEMA_CLASS_ACCOUNT,
965 name: EntryClass::Account.into(),
966 description: "Object representation of an account".to_string(),
967
968 sync_allowed: true,
969 systemmay: vec![
970 Attribute::AccountExpire,
971 Attribute::AccountValidFrom,
972 Attribute::NameHistory,
973 ],
974 systemmust: vec![
975 Attribute::DisplayName,
976 Attribute::Name,
977 Attribute::Spn
978 ],
979 systemsupplements: vec![
980 EntryClass::Person.into(),
981 EntryClass::ServiceAccount.into(),
982 EntryClass::OAuth2ResourceServer.into(),
983 ],
984 ..Default::default()
985};
986
987pub static ref SCHEMA_CLASS_SERVICE_ACCOUNT_DL6: SchemaClass = SchemaClass {
988 uuid: UUID_SCHEMA_CLASS_SERVICE_ACCOUNT,
989 name: EntryClass::ServiceAccount.into(),
990 description: "Object representation of service account".to_string(),
991
992 sync_allowed: true,
993 systemmay: vec![
994 Attribute::SshPublicKey,
995 Attribute::UserAuthTokenSession,
996 Attribute::OAuth2Session,
997 Attribute::OAuth2ConsentScopeMap,
998 Attribute::Description,
999
1000 Attribute::Mail,
1001 Attribute::PrimaryCredential,
1002 Attribute::ApiTokenSession,
1003
1004 Attribute::JwsEs256PrivateKey,
1005 ],
1006 systemexcludes: vec![EntryClass::Person.into()],
1007 ..Default::default()
1008};
1009
1010pub static ref SCHEMA_CLASS_SERVICE_ACCOUNT_DL7: SchemaClass = SchemaClass {
1011 uuid: UUID_SCHEMA_CLASS_SERVICE_ACCOUNT,
1012 name: EntryClass::ServiceAccount.into(),
1013 description: "Object representation of service account".to_string(),
1014
1015 sync_allowed: true,
1016 systemmay: vec![
1017 Attribute::SshPublicKey,
1018 Attribute::UserAuthTokenSession,
1019 Attribute::OAuth2Session,
1020 Attribute::OAuth2ConsentScopeMap,
1021 Attribute::Description,
1022
1023 Attribute::Mail,
1024 Attribute::PrimaryCredential,
1025 Attribute::ApiTokenSession,
1026 ],
1027 systemexcludes: vec![EntryClass::Person.into()],
1028 ..Default::default()
1029};
1030
1031pub static ref SCHEMA_CLASS_SYNC_ACCOUNT_DL6: SchemaClass = SchemaClass {
1032 uuid: UUID_SCHEMA_CLASS_SYNC_ACCOUNT,
1033 name: EntryClass::SyncAccount.into(),
1034 description: "Object representation of sync account".to_string(),
1035
1036 systemmust: vec![Attribute::Name],
1037 systemmay: vec![
1038 Attribute::SyncTokenSession,
1039 Attribute::SyncCookie,
1040 Attribute::SyncCredentialPortal,
1041 Attribute::SyncYieldAuthority,
1042 Attribute::JwsEs256PrivateKey,
1043 ],
1044 systemexcludes: vec![EntryClass::Account.into()],
1045 ..Default::default()
1046};
1047
1048pub static ref SCHEMA_CLASS_SYNC_ACCOUNT_DL7: SchemaClass = SchemaClass {
1049 uuid: UUID_SCHEMA_CLASS_SYNC_ACCOUNT,
1050 name: EntryClass::SyncAccount.into(),
1051 description: "Object representation of sync account".to_string(),
1052
1053 systemmust: vec![Attribute::Name],
1054 systemmay: vec![
1055 Attribute::SyncTokenSession,
1056 Attribute::SyncCookie,
1057 Attribute::SyncCredentialPortal,
1058 Attribute::SyncYieldAuthority,
1059 ],
1060 systemexcludes: vec![EntryClass::Account.into()],
1061 ..Default::default()
1062};
1063
1064pub static ref SCHEMA_CLASS_DOMAIN_INFO_DL6: SchemaClass = SchemaClass {
1065 uuid: UUID_SCHEMA_CLASS_DOMAIN_INFO,
1066 name: EntryClass::DomainInfo.into(),
1067 description: "Local domain information and configuration".to_string(),
1068
1069 systemmay: vec![
1070 Attribute::DomainSsid,
1071 Attribute::DomainLdapBasedn,
1072 Attribute::LdapAllowUnixPwBind,
1073 Attribute::PrivateCookieKey,
1074 Attribute::FernetPrivateKeyStr,
1075 Attribute::Es256PrivateKeyDer,
1076 Attribute::PatchLevel,
1077 Attribute::DomainDevelopmentTaint,
1078 ],
1079 systemmust: vec![
1080 Attribute::Name,
1081 Attribute::DomainUuid,
1082 Attribute::DomainName,
1083 Attribute::DomainDisplayName,
1084 Attribute::Version,
1085 ],
1086 ..Default::default()
1087};
1088
1089pub static ref SCHEMA_CLASS_DOMAIN_INFO_DL7: SchemaClass = SchemaClass {
1090 uuid: UUID_SCHEMA_CLASS_DOMAIN_INFO,
1091 name: EntryClass::DomainInfo.into(),
1092 description: "Local domain information and configuration".to_string(),
1093
1094 systemmay: vec![
1095 Attribute::DomainSsid,
1096 Attribute::DomainLdapBasedn,
1097 Attribute::LdapAllowUnixPwBind,
1098 Attribute::PatchLevel,
1099 Attribute::DomainDevelopmentTaint,
1100 ],
1101 systemmust: vec![
1102 Attribute::Name,
1103 Attribute::DomainUuid,
1104 Attribute::DomainName,
1105 Attribute::DomainDisplayName,
1106 Attribute::Version,
1107 ],
1108 ..Default::default()
1109};
1110
1111pub static ref SCHEMA_CLASS_DOMAIN_INFO_DL8: SchemaClass = SchemaClass {
1112 uuid: UUID_SCHEMA_CLASS_DOMAIN_INFO,
1113 name: EntryClass::DomainInfo.into(),
1114 description: "Local domain information and configuration".to_string(),
1115
1116 systemmay: vec![
1117 Attribute::DomainSsid,
1118 Attribute::DomainLdapBasedn,
1119 Attribute::LdapAllowUnixPwBind,
1120 Attribute::Image,
1121 Attribute::PatchLevel,
1122 Attribute::DomainDevelopmentTaint,
1123 ],
1124 systemmust: vec![
1125 Attribute::Name,
1126 Attribute::DomainUuid,
1127 Attribute::DomainName,
1128 Attribute::DomainDisplayName,
1129 Attribute::Version,
1130 ],
1131 ..Default::default()
1132};
1133
1134pub static ref SCHEMA_CLASS_DOMAIN_INFO_DL9: SchemaClass = SchemaClass {
1135 uuid: UUID_SCHEMA_CLASS_DOMAIN_INFO,
1136 name: EntryClass::DomainInfo.into(),
1137 description: "Local domain information and configuration".to_string(),
1138
1139 systemmay: vec![
1140 Attribute::DomainSsid,
1141 Attribute::DomainLdapBasedn,
1142 Attribute::LdapAllowUnixPwBind,
1143 Attribute::Image,
1144 Attribute::PatchLevel,
1145 Attribute::DomainDevelopmentTaint,
1146 Attribute::DomainAllowEasterEggs,
1147 ],
1148 systemmust: vec![
1149 Attribute::Name,
1150 Attribute::DomainUuid,
1151 Attribute::DomainName,
1152 Attribute::DomainDisplayName,
1153 Attribute::Version,
1154 ],
1155 ..Default::default()
1156};
1157
1158pub static ref SCHEMA_CLASS_DOMAIN_INFO_DL10: SchemaClass = SchemaClass {
1159 uuid: UUID_SCHEMA_CLASS_DOMAIN_INFO,
1160 name: EntryClass::DomainInfo.into(),
1161 description: "Local domain information and configuration".to_string(),
1162
1163 systemmay: vec![
1164 Attribute::DomainSsid,
1165 Attribute::DomainLdapBasedn,
1166 Attribute::LdapAllowUnixPwBind,
1167 Attribute::Image,
1168 Attribute::PatchLevel,
1169 Attribute::DomainDevelopmentTaint,
1170 Attribute::DomainAllowEasterEggs,
1171 Attribute::DomainDisplayName,
1172 ],
1173 systemmust: vec![
1174 Attribute::Name,
1175 Attribute::DomainUuid,
1176 Attribute::DomainName,
1177 Attribute::Version,
1178 ],
1179 ..Default::default()
1180};
1181
1182pub static ref SCHEMA_CLASS_POSIXGROUP: SchemaClass = SchemaClass {
1183 uuid: UUID_SCHEMA_CLASS_POSIXGROUP,
1184 name: EntryClass::PosixGroup.into(),
1185 description: "Object representation of a posix group, requires group".to_string(),
1186
1187 sync_allowed: true,
1188 systemmust: vec![Attribute::GidNumber],
1189 systemsupplements: vec![Attribute::Group.into()],
1190 ..Default::default()
1191};
1192
1193pub static ref SCHEMA_CLASS_POSIXACCOUNT: SchemaClass = SchemaClass {
1194 uuid: UUID_SCHEMA_CLASS_POSIXACCOUNT,
1195 name: EntryClass::PosixAccount.into(),
1196 description: "Object representation of a posix account, requires account".to_string(),
1197
1198 sync_allowed: true,
1199 systemmay: vec![Attribute::LoginShell, Attribute::UnixPassword],
1200 systemmust: vec![Attribute::GidNumber],
1201 systemsupplements: vec![Attribute::Account.into()],
1202 ..Default::default()
1203};
1204
1205pub static ref SCHEMA_CLASS_SYSTEM_CONFIG: SchemaClass = SchemaClass {
1206 uuid: UUID_SCHEMA_CLASS_SYSTEM_CONFIG,
1207 name: EntryClass::SystemConfig.into(),
1208 description: "The class representing a system (topologies) configuration options".to_string(),
1209
1210 systemmay: vec![
1211 Attribute::Description,
1212 Attribute::BadlistPassword,
1213 Attribute::AuthSessionExpiry,
1214 Attribute::PrivilegeExpiry,
1215 Attribute::DeniedName
1216 ],
1217 ..Default::default()
1218};
1219
1220pub static ref SCHEMA_CLASS_OAUTH2_RS_DL4: SchemaClass = SchemaClass {
1221 uuid: UUID_SCHEMA_CLASS_OAUTH2_RS,
1222 name: EntryClass::OAuth2ResourceServer.into(),
1223 description: "The class representing a configured Oauth2 Resource Server".to_string(),
1224
1225 systemmay: vec![
1226 Attribute::Description,
1227 Attribute::OAuth2RsScopeMap,
1228 Attribute::OAuth2RsSupScopeMap,
1229 Attribute::Rs256PrivateKeyDer,
1230 Attribute::OAuth2JwtLegacyCryptoEnable,
1231 Attribute::OAuth2PreferShortUsername,
1232 Attribute::OAuth2RsOriginLanding,
1233 Attribute::Image,
1234 Attribute::OAuth2RsClaimMap,
1235 ],
1236 systemmust: vec![
1237 Attribute::OAuth2RsName,
1238 Attribute::DisplayName,
1239 Attribute::OAuth2RsOrigin,
1240 Attribute::OAuth2RsTokenKey,
1241 Attribute::Es256PrivateKeyDer,
1242 ],
1243 ..Default::default()
1244};
1245
1246pub static ref SCHEMA_CLASS_OAUTH2_RS_DL5: SchemaClass = SchemaClass {
1247 uuid: UUID_SCHEMA_CLASS_OAUTH2_RS,
1248 name: EntryClass::OAuth2ResourceServer.into(),
1249 description: "The class representing a configured Oauth2 Resource Server".to_string(),
1250
1251 systemmay: vec![
1252 Attribute::Description,
1253 Attribute::OAuth2RsScopeMap,
1254 Attribute::OAuth2RsSupScopeMap,
1255 Attribute::Rs256PrivateKeyDer,
1256 Attribute::OAuth2JwtLegacyCryptoEnable,
1257 Attribute::OAuth2PreferShortUsername,
1258 Attribute::OAuth2RsOriginLanding,
1259 Attribute::Image,
1260 Attribute::OAuth2RsClaimMap,
1261 Attribute::OAuth2Session,
1262 ],
1263 systemmust: vec![
1264 Attribute::OAuth2RsOrigin,
1265 Attribute::OAuth2RsTokenKey,
1266 Attribute::Es256PrivateKeyDer,
1267 ],
1268 ..Default::default()
1269};
1270
1271pub static ref SCHEMA_CLASS_OAUTH2_RS_DL7: SchemaClass = SchemaClass {
1272 uuid: UUID_SCHEMA_CLASS_OAUTH2_RS,
1273 name: EntryClass::OAuth2ResourceServer.into(),
1274 description: "The class representing a configured OAuth2 Client".to_string(),
1275
1276 systemmay: vec![
1277 Attribute::Description,
1278 Attribute::OAuth2RsScopeMap,
1279 Attribute::OAuth2RsSupScopeMap,
1280 Attribute::Rs256PrivateKeyDer,
1281 Attribute::OAuth2JwtLegacyCryptoEnable,
1282 Attribute::OAuth2PreferShortUsername,
1283 Attribute::Image,
1284 Attribute::OAuth2RsClaimMap,
1285 Attribute::OAuth2Session,
1286 Attribute::OAuth2RsOrigin,
1287 Attribute::OAuth2StrictRedirectUri,
1288 ],
1289 systemmust: vec![
1290 Attribute::OAuth2RsOriginLanding,
1291 Attribute::OAuth2RsTokenKey,
1292 Attribute::Es256PrivateKeyDer,
1293 ],
1294 ..Default::default()
1295};
1296
1297pub static ref SCHEMA_CLASS_OAUTH2_RS_DL9: SchemaClass = SchemaClass {
1298 uuid: UUID_SCHEMA_CLASS_OAUTH2_RS,
1299 name: EntryClass::OAuth2ResourceServer.into(),
1300 description: "The class representing a configured OAuth2 Client".to_string(),
1301
1302 systemmay: vec![
1303 Attribute::Description,
1304 Attribute::OAuth2RsScopeMap,
1305 Attribute::OAuth2RsSupScopeMap,
1306 Attribute::Rs256PrivateKeyDer,
1307 Attribute::OAuth2JwtLegacyCryptoEnable,
1308 Attribute::OAuth2PreferShortUsername,
1309 Attribute::Image,
1310 Attribute::OAuth2RsClaimMap,
1311 Attribute::OAuth2Session,
1312 Attribute::OAuth2RsOrigin,
1313 Attribute::OAuth2StrictRedirectUri,
1314 Attribute::OAuth2DeviceFlowEnable,
1315 ],
1316 systemmust: vec![
1317 Attribute::OAuth2RsOriginLanding,
1318 Attribute::OAuth2RsTokenKey,
1319 Attribute::Es256PrivateKeyDer,
1320 ],
1321 ..Default::default()
1322};
1323
1324pub static ref SCHEMA_CLASS_OAUTH2_RS_BASIC_DL5: SchemaClass = SchemaClass {
1325 uuid: UUID_SCHEMA_CLASS_OAUTH2_RS_BASIC,
1326 name: EntryClass::OAuth2ResourceServerBasic.into(),
1327 description: "The class representing a configured OAuth2 client authenticated with HTTP basic authentication".to_string(),
1328
1329 systemmay: vec![
1330 Attribute::OAuth2AllowInsecureClientDisablePkce,
1331 ],
1332 systemmust: vec![ Attribute::OAuth2RsBasicSecret],
1333 systemexcludes: vec![ EntryClass::OAuth2ResourceServerPublic.into()],
1334 ..Default::default()
1335};
1336
1337pub static ref SCHEMA_CLASS_OAUTH2_RS_PUBLIC_DL4: SchemaClass = SchemaClass {
1339 uuid: UUID_SCHEMA_CLASS_OAUTH2_RS_PUBLIC,
1340 name: EntryClass::OAuth2ResourceServerPublic.into(),
1341 description: "The class representing a configured Public OAuth2 Client with PKCE verification".to_string(),
1342
1343 systemmay: vec![Attribute::OAuth2AllowLocalhostRedirect],
1344 systemexcludes: vec![EntryClass::OAuth2ResourceServerBasic.into()],
1345 ..Default::default()
1346};
1347
1348pub static ref SCHEMA_CLASS_KEY_PROVIDER_DL6: SchemaClass = SchemaClass {
1352 uuid: UUID_SCHEMA_CLASS_KEY_PROVIDER,
1353 name: EntryClass::KeyProvider.into(),
1354 description: "A provider for cryptographic key storage and operations".to_string(),
1355 systemmay: vec![
1356 Attribute::Description,
1357 ],
1358 systemmust: vec![
1359 Attribute::Name,
1360 ],
1361 systemsupplements: vec![
1362 EntryClass::KeyProviderInternal.into(),
1363 ],
1364 ..Default::default()
1365};
1366
1367pub static ref SCHEMA_CLASS_KEY_PROVIDER_INTERNAL_DL6: SchemaClass = SchemaClass {
1368 uuid: UUID_SCHEMA_CLASS_KEY_PROVIDER_INTERNAL,
1369 name: EntryClass::KeyProviderInternal.into(),
1370 description: "The Kanidm internal cryptographic key provider".to_string(),
1371 ..Default::default()
1372};
1373
1374pub static ref SCHEMA_CLASS_KEY_OBJECT_DL6: SchemaClass = SchemaClass {
1378 uuid: UUID_SCHEMA_CLASS_KEY_OBJECT,
1379 name: EntryClass::KeyObject.into(),
1380 description: "A cryptographic key object that can be used by a provider".to_string(),
1381 systemmust: vec![
1382 Attribute::KeyProvider,
1383 ],
1384 ..Default::default()
1385};
1386
1387pub static ref SCHEMA_CLASS_KEY_OBJECT_JWT_ES256_DL6: SchemaClass = SchemaClass {
1388 uuid: UUID_SCHEMA_CLASS_KEY_OBJECT_JWT_ES256,
1389 name: EntryClass::KeyObjectJwtEs256.into(),
1390 description: "A marker class indicating that this keyobject must provide jwt es256 capability.".to_string(),
1391 systemsupplements: vec![
1392 EntryClass::KeyObject.into(),
1393 ],
1394 ..Default::default()
1395};
1396
1397pub static ref SCHEMA_CLASS_KEY_OBJECT_JWE_A128GCM_DL6: SchemaClass = SchemaClass {
1398 uuid: UUID_SCHEMA_CLASS_KEY_OBJECT_JWE_A128GCM,
1399 name: EntryClass::KeyObjectJweA128GCM.into(),
1400 description: "A marker class indicating that this keyobject must provide jwe aes-256-gcm capability.".to_string(),
1401 systemsupplements: vec![
1402 EntryClass::KeyObject.into(),
1403 ],
1404 ..Default::default()
1405};
1406
1407pub static ref SCHEMA_CLASS_KEY_OBJECT_INTERNAL_DL6: SchemaClass = SchemaClass {
1408 uuid: UUID_SCHEMA_CLASS_KEY_OBJECT_INTERNAL,
1409 name: EntryClass::KeyObjectInternal.into(),
1410 description: "A cryptographic key object that can be used by the internal provider".to_string(),
1411 systemmay: vec![
1412 Attribute::KeyInternalData,
1413 ],
1414 systemsupplements: vec![
1415 EntryClass::KeyObject.into(),
1416 ],
1417 ..Default::default()
1418};
1419
1420pub static ref SCHEMA_CLASS_CLIENT_CERTIFICATE_DL7: SchemaClass = SchemaClass {
1423 uuid: UUID_SCHEMA_CLASS_CLIENT_CERTIFICATE,
1424 name: EntryClass::ClientCertificate.into(),
1425 description: "A client authentication certificate".to_string(),
1426 systemmay: vec![],
1427 systemmust: vec![
1428 Attribute::Certificate,
1429 Attribute::Refers,
1430 ],
1431 ..Default::default()
1432};
1433
1434pub static ref SCHEMA_CLASS_APPLICATION_DL8: SchemaClass = SchemaClass {
1435 uuid: UUID_SCHEMA_CLASS_APPLICATION,
1436 name: EntryClass::Application.into(),
1437
1438 description: "The class representing an application".to_string(),
1439 systemmust: vec![Attribute::Name, Attribute::LinkedGroup],
1440 systemmay: vec![Attribute::Description],
1441 systemsupplements: vec![EntryClass::ServiceAccount.into()],
1442 ..Default::default()
1443};
1444
1445);