1use crate::constants::entries::{Attribute, EntryClass};
3use crate::constants::uuids::*;
4use crate::schema::{SchemaAttribute, SchemaClass};
5use crate::value::SyntaxType;
6
7lazy_static!(
8
9pub static ref SCHEMA_ATTR_DISPLAYNAME: SchemaAttribute = SchemaAttribute {
10 uuid: UUID_SCHEMA_ATTR_DISPLAYNAME,
11 name: Attribute::DisplayName,
12 description: "The publicly visible display name of this person".to_string(),
13 sync_allowed: true,
14 syntax: SyntaxType::Utf8String,
15 ..Default::default()
16};
17
18pub static ref SCHEMA_ATTR_DISPLAYNAME_DL7: SchemaAttribute = SchemaAttribute {
19 uuid: UUID_SCHEMA_ATTR_DISPLAYNAME,
20 name: Attribute::DisplayName,
21 description: "The publicly visible display name of this person".to_string(),
22 sync_allowed: true,
23 syntax: SyntaxType::Utf8String,
24 ..Default::default()
25};
26
27pub static ref SCHEMA_ATTR_MAIL: SchemaAttribute = SchemaAttribute {
28 uuid: UUID_SCHEMA_ATTR_MAIL,
29 name: Attribute::Mail,
30 description: "Mail addresses of the object".to_string(),
31 unique: true,
32 multivalue: true,
33 sync_allowed: true,
34 syntax: SyntaxType::EmailAddress,
35 ..Default::default()
36};
37
38pub static ref SCHEMA_ATTR_MAIL_DL7: SchemaAttribute = SchemaAttribute {
39 uuid: UUID_SCHEMA_ATTR_MAIL,
40 name: Attribute::Mail,
41 description: "Mail addresses of the object".to_string(),
42 unique: true,
43 multivalue: true,
44 sync_allowed: true,
45 syntax: SyntaxType::EmailAddress,
46 ..Default::default()
47};
48
49pub static ref SCHEMA_ATTR_EC_KEY_PRIVATE: SchemaAttribute = SchemaAttribute {
50 uuid: UUID_SCHEMA_ATTR_EC_KEY_PRIVATE,
51 name: Attribute::IdVerificationEcKey,
52 description: "Account verification private key".to_string(),
53 unique: false,
54 sync_allowed: false,
55 syntax: SyntaxType::EcKeyPrivate,
56 ..Default::default()
57};
58
59pub static ref SCHEMA_ATTR_SSH_PUBLICKEY: SchemaAttribute = SchemaAttribute {
60 uuid: UUID_SCHEMA_ATTR_SSH_PUBLICKEY,
61 name: Attribute::SshPublicKey,
62 description: "SSH public keys of the object".to_string(),
63
64 multivalue: true,
65 sync_allowed: true,
66 syntax: SyntaxType::SshKey,
67 ..Default::default()
68};
69
70pub static ref SCHEMA_ATTR_PRIMARY_CREDENTIAL: SchemaAttribute = SchemaAttribute {
71 uuid: UUID_SCHEMA_ATTR_PRIMARY_CREDENTIAL,
72 name: Attribute::PrimaryCredential,
73 description: "Primary credential material of the account for authentication interactively".to_string(),
74 sync_allowed: true,
75 syntax: SyntaxType::Credential,
76 ..Default::default()
77};
78
79pub static ref SCHEMA_ATTR_LEGALNAME: SchemaAttribute = SchemaAttribute {
80 uuid: UUID_SCHEMA_ATTR_LEGALNAME,
81 name: Attribute::LegalName,
82 description: "The private and sensitive legal name of this person".to_string(),
83 sync_allowed: true,
84 syntax: SyntaxType::Utf8String,
85 ..Default::default()
86};
87
88pub static ref SCHEMA_ATTR_LEGALNAME_DL7: SchemaAttribute = SchemaAttribute {
89 uuid: UUID_SCHEMA_ATTR_LEGALNAME,
90 name: Attribute::LegalName,
91 description: "The private and sensitive legal name of this person".to_string(),
92 sync_allowed: true,
93 syntax: SyntaxType::Utf8String,
94 ..Default::default()
95};
96
97pub static ref SCHEMA_ATTR_IMAGE: SchemaAttribute = SchemaAttribute {
98 uuid: UUID_SCHEMA_ATTR_IMAGE,
99 name: Attribute::Image,
100 description: "An image for display to end users.".to_string(),
101 syntax: SyntaxType::Image,
102 ..Default::default()
103};
104
105pub static ref SCHEMA_ATTR_NAME_HISTORY: SchemaAttribute = SchemaAttribute {
106 uuid: UUID_SCHEMA_ATTR_NAME_HISTORY,
107 name: Attribute::NameHistory,
108 description: "The history of names that a person has had".to_string(),
109 multivalue: true,
110 sync_allowed: true,
111 syntax: SyntaxType::AuditLogString,
112 ..Default::default()
113};
114
115pub static ref SCHEMA_ATTR_RADIUS_SECRET: SchemaAttribute = SchemaAttribute {
116 uuid: UUID_SCHEMA_ATTR_RADIUS_SECRET,
117 name: Attribute::RadiusSecret,
118 description: "The accounts generated radius secret for device network authentication".to_string(),
119
120 sync_allowed: true,
121 syntax: SyntaxType::SecretUtf8String,
122 ..Default::default()
123};
124
125pub static ref SCHEMA_ATTR_DOMAIN_NAME: SchemaAttribute = SchemaAttribute {
126 uuid: UUID_SCHEMA_ATTR_DOMAIN_NAME,
127 name: Attribute::DomainName,
128 description: "The domain's DNS name for webauthn and SPN generation purposes".to_string(),
129 unique: true,
130 syntax: SyntaxType::Utf8StringIname,
131 ..Default::default()
132};
133
134pub static ref SCHEMA_ATTR_LDAP_ALLOW_UNIX_PW_BIND: SchemaAttribute = SchemaAttribute {
135 uuid: UUID_SCHEMA_ATTR_LDAP_ALLOW_UNIX_PW_BIND,
136 name: Attribute::LdapAllowUnixPwBind,
137 description: "Configuration to enable binds to LDAP objects using their UNIX password".to_string(),
138
139 unique: false,
140 syntax: SyntaxType::Boolean,
141 ..Default::default()
142};
143
144pub static ref SCHEMA_ATTR_DOMAIN_LDAP_BASEDN: SchemaAttribute = SchemaAttribute {
145 uuid: UUID_SCHEMA_ATTR_DOMAIN_LDAP_BASEDN,
146 name: Attribute::DomainLdapBasedn,
147 description: "The domain's optional ldap basedn. If unset defaults to domain components of domain name".to_string(),
148
149 unique: true,
150 syntax: SyntaxType::Utf8StringInsensitive,
151 ..Default::default()
152};
153
154pub static ref SCHEMA_ATTR_DOMAIN_DISPLAY_NAME: SchemaAttribute = SchemaAttribute {
155 uuid: UUID_SCHEMA_ATTR_DOMAIN_DISPLAY_NAME,
156 name: Attribute::DomainDisplayName,
157 description: "The user-facing display name of the Kanidm domain".to_string(),
158 syntax: SyntaxType::Utf8String,
159 ..Default::default()
160};
161
162pub static ref SCHEMA_ATTR_DOMAIN_UUID: SchemaAttribute = SchemaAttribute {
163 uuid: UUID_SCHEMA_ATTR_DOMAIN_UUID,
164 name: Attribute::DomainUuid,
165 description: "The domain's uuid, used in CSN and trust relationships".to_string(),
166 unique: true,
167 syntax: SyntaxType::Uuid,
168 ..Default::default()
169};
170
171pub static ref SCHEMA_ATTR_DOMAIN_SSID: SchemaAttribute = SchemaAttribute {
172 uuid: UUID_SCHEMA_ATTR_DOMAIN_SSID,
173 name: Attribute::DomainSsid,
174 description: "The domains site-wide SSID for device autoconfiguration of wireless".to_string(),
175 unique: true,
176 syntax: SyntaxType::Utf8String,
177 ..Default::default()
178};
179
180pub static ref SCHEMA_ATTR_DENIED_NAME: SchemaAttribute = SchemaAttribute {
181 uuid: UUID_SCHEMA_ATTR_DENIED_NAME,
182 name: Attribute::DeniedName,
183 description: "Iname values that are not allowed to be used in 'name'.".to_string(),
184
185 syntax: SyntaxType::Utf8StringIname,
186 ..Default::default()
187};
188
189pub static ref SCHEMA_ATTR_DENIED_NAME_DL10: SchemaAttribute = SchemaAttribute {
190 uuid: UUID_SCHEMA_ATTR_DENIED_NAME,
191 name: Attribute::DeniedName,
192 description: "Iname values that are not allowed to be used in 'name'.".to_string(),
193
194 syntax: SyntaxType::Utf8StringIname,
195 multivalue: true,
196 ..Default::default()
197};
198
199pub static ref SCHEMA_ATTR_DOMAIN_TOKEN_KEY: SchemaAttribute = SchemaAttribute {
200 uuid: UUID_SCHEMA_ATTR_DOMAIN_TOKEN_KEY,
201 name: Attribute::DomainTokenKey,
202 description: "The domain token encryption private key (NOT USED)".to_string(),
203
204 syntax: SyntaxType::SecretUtf8String,
205 ..Default::default()
206};
207
208pub static ref SCHEMA_ATTR_FERNET_PRIVATE_KEY_STR: SchemaAttribute = SchemaAttribute {
209 uuid: UUID_SCHEMA_ATTR_FERNET_PRIVATE_KEY_STR,
210 name: Attribute::FernetPrivateKeyStr,
211 description: "The token encryption private key".to_string(),
212
213 syntax: SyntaxType::SecretUtf8String,
214 ..Default::default()
215};
216
217pub static ref SCHEMA_ATTR_GIDNUMBER: SchemaAttribute = SchemaAttribute {
218 uuid: UUID_SCHEMA_ATTR_GIDNUMBER,
219 name: Attribute::GidNumber,
220 description: "The groupid (uid) number of a group or account.to_string(). This is the same value as the UID number on posix accounts for security reasons".to_string(),
221 unique: true,
222 sync_allowed: true,
223 syntax: SyntaxType::Uint32,
224 ..Default::default()
225};
226
227pub static ref SCHEMA_ATTR_BADLIST_PASSWORD: SchemaAttribute = SchemaAttribute {
228 uuid: UUID_SCHEMA_ATTR_BADLIST_PASSWORD,
229 name: Attribute::BadlistPassword,
230 description: "A password that is badlisted meaning that it can not be set as a valid password by any user account".to_string(),
231
232 multivalue: true,
233 syntax: SyntaxType::Utf8StringInsensitive,
234 ..Default::default()
235};
236
237pub static ref SCHEMA_ATTR_AUTH_SESSION_EXPIRY: SchemaAttribute = SchemaAttribute {
238 uuid: UUID_SCHEMA_ATTR_AUTH_SESSION_EXPIRY,
239 name: Attribute::AuthSessionExpiry,
240 description: "An expiration time for an authentication session".to_string(),
241
242 syntax: SyntaxType::Uint32,
243 ..Default::default()
244};
245
246pub static ref SCHEMA_ATTR_AUTH_PRIVILEGE_EXPIRY: SchemaAttribute = SchemaAttribute {
247 uuid: UUID_SCHEMA_ATTR_AUTH_PRIVILEGE_EXPIRY,
248 name: Attribute::PrivilegeExpiry,
249 description: "An expiration time for a privileged authentication session".to_string(),
250
251 syntax: SyntaxType::Uint32,
252 ..Default::default()
253};
254
255pub static ref SCHEMA_ATTR_AUTH_PASSWORD_MINIMUM_LENGTH: SchemaAttribute = SchemaAttribute {
256 uuid: UUID_SCHEMA_ATTR_AUTH_PASSWORD_MINIMUM_LENGTH,
257 name: Attribute::AuthPasswordMinimumLength,
258 description: "Minimum length of passwords".to_string(),
259
260 syntax: SyntaxType::Uint32,
261 ..Default::default()
262};
263
264pub static ref SCHEMA_ATTR_LOGINSHELL: SchemaAttribute = SchemaAttribute {
265 uuid: UUID_SCHEMA_ATTR_LOGINSHELL,
266 name: Attribute::LoginShell,
267 description: "A POSIX user's UNIX login shell".to_string(),
268
269 sync_allowed: true,
270 syntax: SyntaxType::Utf8StringInsensitive,
271 ..Default::default()
272};
273
274pub static ref SCHEMA_ATTR_UNIX_PASSWORD: SchemaAttribute = SchemaAttribute {
275 uuid: UUID_SCHEMA_ATTR_UNIX_PASSWORD,
276 name: Attribute::UnixPassword,
277 description: "A POSIX user's UNIX login password".to_string(),
278 syntax: SyntaxType::Credential,
279 ..Default::default()
280};
281
282pub static ref SCHEMA_ATTR_NSUNIQUEID: SchemaAttribute = SchemaAttribute {
283 uuid: UUID_SCHEMA_ATTR_NSUNIQUEID,
284 name: Attribute::NsUniqueId,
285 description: "A unique id compatibility for 389-ds/dsee".to_string(),
286 unique: true,
287 sync_allowed: true,
288 syntax: SyntaxType::NsUniqueId,
289 ..Default::default()
290};
291
292pub static ref SCHEMA_ATTR_ACCOUNT_EXPIRE: SchemaAttribute = SchemaAttribute {
293 uuid: UUID_SCHEMA_ATTR_ACCOUNT_EXPIRE,
294 name: Attribute::AccountExpire,
295 description: "The datetime after which this account no longer may authenticate".to_string(),
296
297 sync_allowed: true,
298 syntax: SyntaxType::DateTime,
299 ..Default::default()
300};
301
302pub static ref SCHEMA_ATTR_ACCOUNT_VALID_FROM: SchemaAttribute = SchemaAttribute {
303 uuid: UUID_SCHEMA_ATTR_ACCOUNT_VALID_FROM,
304 name: Attribute::AccountValidFrom,
305 description: "The datetime after which this account may commence authenticating".to_string(),
306
307 sync_allowed: true,
308 syntax: SyntaxType::DateTime,
309 ..Default::default()
310};
311
312pub static ref SCHEMA_ATTR_WEBAUTHN_ATTESTATION_CA_LIST: SchemaAttribute = SchemaAttribute {
313 uuid: UUID_SCHEMA_ATTR_WEBAUTHN_ATTESTATION_CA_LIST,
314 name: Attribute::WebauthnAttestationCaList,
315 description: "A set of CA's that limit devices that can be used with webauthn".to_string(),
316
317 syntax: SyntaxType::WebauthnAttestationCaList,
318 multivalue: true,
319 ..Default::default()
320};
321
322pub static ref SCHEMA_ATTR_OAUTH2_RS_NAME: SchemaAttribute = SchemaAttribute {
323 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_NAME,
324 name: Attribute::OAuth2RsName,
325 description: "The unique name of an external Oauth2 resource".to_string(),
326 unique: true,
327 syntax: SyntaxType::Utf8StringIname,
328 ..Default::default()
329};
330
331pub static ref SCHEMA_ATTR_OAUTH2_RS_ORIGIN: SchemaAttribute = SchemaAttribute {
332 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_ORIGIN,
333 name: Attribute::OAuth2RsOrigin,
334 description: "The origin domain of an oauth2 resource server".to_string(),
335
336 syntax: SyntaxType::Url,
337 ..Default::default()
338};
339
340pub static ref SCHEMA_ATTR_OAUTH2_RS_ORIGIN_DL7: SchemaAttribute = SchemaAttribute {
341 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_ORIGIN,
342 name: Attribute::OAuth2RsOrigin,
343 description: "The origin domain of an OAuth2 client".to_string(),
344
345 syntax: SyntaxType::Url,
346 multivalue: true,
347 ..Default::default()
348};
349
350pub static ref SCHEMA_ATTR_OAUTH2_RS_ORIGIN_LANDING: SchemaAttribute = SchemaAttribute {
351 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_ORIGIN_LANDING,
352 name: Attribute::OAuth2RsOriginLanding,
353 description: "The landing page of an RS, that will automatically trigger the auth process".to_string(),
354
355 syntax: SyntaxType::Url,
356 ..Default::default()
357};
358
359pub static ref SCHEMA_ATTR_OAUTH2_ALLOW_LOCALHOST_REDIRECT_DL4: SchemaAttribute = SchemaAttribute {
361 uuid: UUID_SCHEMA_ATTR_OAUTH2_ALLOW_LOCALHOST_REDIRECT,
362 name: Attribute::OAuth2AllowLocalhostRedirect,
363 description: "Allow public clients associated to this RS to redirect to localhost".to_string(),
364
365 syntax: SyntaxType::Boolean,
366 ..Default::default()
367};
368
369pub static ref SCHEMA_ATTR_OAUTH2_RS_CLAIM_MAP_DL4: SchemaAttribute = SchemaAttribute {
370 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_CLAIM_MAP,
371 name: Attribute::OAuth2RsClaimMap,
372 description: "A set of custom claims mapped to group memberships of accounts".to_string(),
373 multivalue: true,
374 syntax: SyntaxType::OauthClaimMap,
376 ..Default::default()
377};
378
379pub static ref SCHEMA_ATTR_OAUTH2_RS_SCOPE_MAP: SchemaAttribute = SchemaAttribute {
380 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_SCOPE_MAP,
381 name: Attribute::OAuth2RsScopeMap,
382 description: "A reference to a group mapped to scopes for the associated oauth2 resource server".to_string(),
383 multivalue: true,
384 syntax: SyntaxType::OauthScopeMap,
385 ..Default::default()
386};
387
388pub static ref SCHEMA_ATTR_OAUTH2_RS_SUP_SCOPE_MAP: SchemaAttribute = SchemaAttribute {
389 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_SUP_SCOPE_MAP,
390 name: Attribute::OAuth2RsSupScopeMap,
391 description: "A reference to a group mapped to scopes for the associated oauth2 resource server".to_string(),
392 multivalue: true,
393 syntax: SyntaxType::OauthScopeMap,
394 ..Default::default()
395};
396
397pub static ref SCHEMA_ATTR_OAUTH2_RS_BASIC_SECRET: SchemaAttribute = SchemaAttribute {
398 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_BASIC_SECRET,
399 name: Attribute::OAuth2RsBasicSecret,
400 description: "When using oauth2 basic authentication, the secret string of the resource server".to_string(),
401
402 syntax: SyntaxType::SecretUtf8String,
403 ..Default::default()
404};
405
406pub static ref SCHEMA_ATTR_OAUTH2_RS_TOKEN_KEY: SchemaAttribute = SchemaAttribute {
407 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_TOKEN_KEY,
408 name: Attribute::OAuth2RsTokenKey,
409 description: "An oauth2 resource servers unique token signing key".to_string(),
410
411 syntax: SyntaxType::SecretUtf8String,
412 ..Default::default()
413};
414
415pub static ref SCHEMA_ATTR_OAUTH2_RS_IMPLICIT_SCOPES: SchemaAttribute = SchemaAttribute {
416 uuid: UUID_SCHEMA_ATTR_OAUTH2_RS_IMPLICIT_SCOPES,
417 name: Attribute::OAuth2RsImplicitScopes,
418 description: "An oauth2 resource servers scopes that are implicitly granted to all users".to_string(),
419
420 multivalue: true,
421 syntax: SyntaxType::OauthScope,
422 ..Default::default()
423};
424
425pub static ref SCHEMA_ATTR_OAUTH2_CONSENT_SCOPE_MAP: SchemaAttribute = SchemaAttribute {
426 uuid: UUID_SCHEMA_ATTR_OAUTH2_CONSENT_SCOPE_MAP,
427 name: Attribute::OAuth2ConsentScopeMap,
428 description: "A set of scopes mapped from a relying server to a user, where the user has previously consented to the following. If changed or deleted, consent will be re-sought".to_string(),
429 multivalue: true,
430 syntax: SyntaxType::OauthScopeMap,
431 ..Default::default()
432};
433
434pub static ref SCHEMA_ATTR_OAUTH2_STRICT_REDIRECT_URI_DL7: SchemaAttribute = SchemaAttribute {
435 uuid: UUID_SCHEMA_ATTR_OAUTH2_STRICT_REDIRECT_URI,
436 name: Attribute::OAuth2StrictRedirectUri,
437 description: "Represents if strict redirect uri enforcement is enabled.".to_string(),
438
439 syntax: SyntaxType::Boolean,
440 ..Default::default()
441};
442
443
444pub static ref SCHEMA_ATTR_OAUTH2_DEVICE_FLOW_ENABLE_DL9: SchemaAttribute = SchemaAttribute {
445 uuid: UUID_SCHEMA_ATTR_OAUTH2_DEVICE_FLOW_ENABLE,
446 name: Attribute::OAuth2DeviceFlowEnable,
447 description: "Represents if OAuth2 Device Flow is permittedĀ on this client.".to_string(),
448
449 syntax: SyntaxType::Boolean,
450 ..Default::default()
451};
452
453pub static ref SCHEMA_ATTR_ES256_PRIVATE_KEY_DER: SchemaAttribute = SchemaAttribute {
454 uuid: UUID_SCHEMA_ATTR_ES256_PRIVATE_KEY_DER,
455 name: Attribute::Es256PrivateKeyDer,
456 description: "An es256 private key".to_string(),
457
458 syntax: SyntaxType::PrivateBinary,
459 ..Default::default()
460};
461
462pub static ref SCHEMA_ATTR_RS256_PRIVATE_KEY_DER: SchemaAttribute = SchemaAttribute {
463 uuid: UUID_SCHEMA_ATTR_RS256_PRIVATE_KEY_DER,
464 name: Attribute::Rs256PrivateKeyDer,
465 description: "An rs256 private key".to_string(),
466
467 syntax: SyntaxType::PrivateBinary,
468 ..Default::default()
469};
470
471pub static ref SCHEMA_ATTR_JWS_ES256_PRIVATE_KEY: SchemaAttribute = SchemaAttribute {
472 uuid: UUID_SCHEMA_ATTR_JWS_ES256_PRIVATE_KEY,
473 name: Attribute::JwsEs256PrivateKey,
474 description: "An es256 private key for jws".to_string(),
475 unique: true,
476 syntax: SyntaxType::JwsKeyEs256,
477 ..Default::default()
478};
479
480pub static ref SCHEMA_ATTR_PRIVATE_COOKIE_KEY: SchemaAttribute = SchemaAttribute {
482 uuid: UUID_SCHEMA_ATTR_PRIVATE_COOKIE_KEY,
483 name: Attribute::PrivateCookieKey,
484 description: "An private cookie hmac key".to_string(),
485
486 syntax: SyntaxType::PrivateBinary,
487 ..Default::default()
488};
489
490pub static ref SCHEMA_ATTR_OAUTH2_ALLOW_INSECURE_CLIENT_DISABLE_PKCE: SchemaAttribute = SchemaAttribute {
491 uuid: UUID_SCHEMA_ATTR_OAUTH2_ALLOW_INSECURE_CLIENT_DISABLE_PKCE,
492 name: Attribute::OAuth2AllowInsecureClientDisablePkce,
493 description: "Allows disabling of PKCE for insecure OAuth2 clients".to_string(),
494
495 syntax: SyntaxType::Boolean,
496 ..Default::default()
497};
498
499pub static ref SCHEMA_ATTR_OAUTH2_JWT_LEGACY_CRYPTO_ENABLE: SchemaAttribute = SchemaAttribute {
500 uuid: UUID_SCHEMA_ATTR_OAUTH2_JWT_LEGACY_CRYPTO_ENABLE,
501 name: Attribute::OAuth2JwtLegacyCryptoEnable,
502 description: "Allows enabling legacy JWT cryptograhpy for clients".to_string(),
503
504 syntax: SyntaxType::Boolean,
505 ..Default::default()
506};
507
508pub static ref SCHEMA_ATTR_CREDENTIAL_UPDATE_INTENT_TOKEN: SchemaAttribute = SchemaAttribute {
509 uuid: UUID_SCHEMA_ATTR_CREDENTIAL_UPDATE_INTENT_TOKEN,
510 name: Attribute::CredentialUpdateIntentToken,
511 description: "The status of a credential update intent token".to_string(),
512 multivalue: true,
513 syntax: SyntaxType::IntentToken,
514 ..Default::default()
515};
516
517pub static ref SCHEMA_ATTR_PASSKEYS: SchemaAttribute = SchemaAttribute {
518 uuid: UUID_SCHEMA_ATTR_PASSKEYS,
519 name: Attribute::PassKeys,
520 description: "A set of registered passkeys".to_string(),
521 multivalue: true,
522 sync_allowed: true,
523 syntax: SyntaxType::Passkey,
524 ..Default::default()
525};
526
527pub static ref SCHEMA_ATTR_ATTESTED_PASSKEYS: SchemaAttribute = SchemaAttribute {
528 uuid: UUID_SCHEMA_ATTR_ATTESTED_PASSKEYS,
529 name: Attribute::AttestedPasskeys,
530 description: "A set of registered device keys".to_string(),
531 multivalue: true,
532 sync_allowed: true,
533 syntax: SyntaxType::AttestedPasskey,
534 ..Default::default()
535};
536
537pub static ref SCHEMA_ATTR_DYNGROUP_FILTER: SchemaAttribute = SchemaAttribute {
538 uuid: UUID_SCHEMA_ATTR_DYNGROUP_FILTER,
539 name: Attribute::DynGroupFilter,
540 description: "A filter describing the set of entries to add to a dynamic group".to_string(),
541
542 syntax: SyntaxType::JsonFilter,
543 ..Default::default()
544};
545
546pub static ref SCHEMA_ATTR_OAUTH2_PREFER_SHORT_USERNAME: SchemaAttribute = SchemaAttribute {
547 uuid: UUID_SCHEMA_ATTR_OAUTH2_PREFER_SHORT_USERNAME,
548 name: Attribute::OAuth2PreferShortUsername,
549 description: "Use 'name' instead of 'spn' in the preferred_username claim".to_string(),
550
551 syntax: SyntaxType::Boolean,
552 ..Default::default()
553};
554
555pub static ref SCHEMA_ATTR_API_TOKEN_SESSION: SchemaAttribute = SchemaAttribute {
556 uuid: UUID_SCHEMA_ATTR_API_TOKEN_SESSION,
557 name: Attribute::ApiTokenSession,
558 description: "A session entry related to an issued API token".to_string(),
559 unique: true,
560 multivalue: true,
561 syntax: SyntaxType::ApiToken,
562 ..Default::default()
563};
564
565pub static ref SCHEMA_ATTR_USER_AUTH_TOKEN_SESSION: SchemaAttribute = SchemaAttribute {
566 uuid: UUID_SCHEMA_ATTR_USER_AUTH_TOKEN_SESSION,
567 name: Attribute::UserAuthTokenSession,
568 description: "A session entry related to an issued user auth token".to_string(),
569 unique: true,
570 multivalue: true,
571 syntax: SyntaxType::Session,
572 ..Default::default()
573};
574
575pub static ref SCHEMA_ATTR_OAUTH2_SESSION: SchemaAttribute = SchemaAttribute {
576 uuid: UUID_SCHEMA_ATTR_OAUTH2_SESSION,
577 name: Attribute::OAuth2Session,
578 description: "A session entry to an active oauth2 session, bound to a parent user auth token".to_string(),
579 multivalue: true,
580 syntax: SyntaxType::Oauth2Session,
581 ..Default::default()
582};
583
584pub static ref SCHEMA_ATTR_SYNC_TOKEN_SESSION: SchemaAttribute = SchemaAttribute {
585 uuid: UUID_SCHEMA_ATTR_SYNC_TOKEN_SESSION,
586 name: Attribute::SyncTokenSession,
587 description: "A session entry related to an issued sync token".to_string(),
588 unique: true,
589 syntax: SyntaxType::ApiToken,
590 ..Default::default()
591};
592
593pub static ref SCHEMA_ATTR_SYNC_COOKIE: SchemaAttribute = SchemaAttribute {
594 uuid: UUID_SCHEMA_ATTR_SYNC_COOKIE,
595 name: Attribute::SyncCookie,
596 description: "A private sync cookie for a remote IDM source".to_string(),
597
598 syntax: SyntaxType::PrivateBinary,
599 ..Default::default()
600};
601
602pub static ref SCHEMA_ATTR_GRANT_UI_HINT: SchemaAttribute = SchemaAttribute {
603 uuid: UUID_SCHEMA_ATTR_GRANT_UI_HINT,
604 name: Attribute::GrantUiHint,
605 description: "A UI hint that is granted via membership to a group".to_string(),
606 multivalue: true,
607 syntax: SyntaxType::UiHint,
608 ..Default::default()
609};
610
611pub static ref SCHEMA_ATTR_SYNC_CREDENTIAL_PORTAL: SchemaAttribute = SchemaAttribute {
612 uuid: UUID_SCHEMA_ATTR_SYNC_CREDENTIAL_PORTAL,
613 name: Attribute::SyncCredentialPortal,
614 description: "The url of an external credential portal for synced accounts to visit to update their credentials".to_string(),
615
616 syntax: SyntaxType::Url,
617 ..Default::default()
618};
619
620pub static ref SCHEMA_ATTR_SYNC_YIELD_AUTHORITY: SchemaAttribute = SchemaAttribute {
621 uuid: UUID_SCHEMA_ATTR_SYNC_YIELD_AUTHORITY,
622 name: Attribute::SyncYieldAuthority,
623 description: "A set of attributes that have their authority yielded to Kanidm in a sync agreement".to_string(),
624
625 multivalue: true,
626 syntax: SyntaxType::Utf8StringInsensitive,
627 ..Default::default()
628};
629
630pub static ref SCHEMA_ATTR_CREDENTIAL_TYPE_MINIMUM: SchemaAttribute = SchemaAttribute {
631 uuid: UUID_SCHEMA_ATTR_CREDENTIAL_TYPE_MINIMUM,
632 name: Attribute::CredentialTypeMinimum,
633 description: "The minimum level of credential type that can satisfy this policy".to_string(),
634
635 multivalue: false,
636 syntax: SyntaxType::CredentialType,
637 ..Default::default()
638};
639
640pub static ref SCHEMA_ATTR_LIMIT_SEARCH_MAX_RESULTS_DL6: SchemaAttribute = SchemaAttribute {
641 uuid: UUID_SCHEMA_ATTR_LIMIT_SEARCH_MAX_RESULTS,
642 name: Attribute::LimitSearchMaxResults,
643 description: "The maximum number of query results that may be returned in a single operation".to_string(),
644
645 multivalue: false,
646 syntax: SyntaxType::Uint32,
647 ..Default::default()
648};
649
650pub static ref SCHEMA_ATTR_LIMIT_SEARCH_MAX_FILTER_TEST_DL6: SchemaAttribute = SchemaAttribute {
651 uuid: UUID_SCHEMA_ATTR_LIMIT_SEARCH_MAX_FILTER_TEST,
652 name: Attribute::LimitSearchMaxFilterTest,
653 description: "The maximum number of entries that may be examined in a partially indexed query".to_string(),
654
655 multivalue: false,
656 syntax: SyntaxType::Uint32,
657 ..Default::default()
658};
659
660pub static ref SCHEMA_ATTR_KEY_INTERNAL_DATA_DL6: SchemaAttribute = SchemaAttribute {
661 uuid: UUID_SCHEMA_ATTR_KEY_INTERNAL_DATA,
662 name: Attribute::KeyInternalData,
663 description: "".to_string(),
664 multivalue: true,
665 syntax: SyntaxType::KeyInternal,
666 ..Default::default()
667};
668
669pub static ref SCHEMA_ATTR_KEY_PROVIDER_DL6: SchemaAttribute = SchemaAttribute {
670 uuid: UUID_SCHEMA_ATTR_KEY_PROVIDER,
671 name: Attribute::KeyProvider,
672 description: "".to_string(),
673 multivalue: false,
674 syntax: SyntaxType::ReferenceUuid,
675 ..Default::default()
676};
677
678pub static ref SCHEMA_ATTR_KEY_ACTION_ROTATE_DL6: SchemaAttribute = SchemaAttribute {
679 uuid: UUID_SCHEMA_ATTR_KEY_ACTION_ROTATE,
680 name: Attribute::KeyActionRotate,
681 description: "".to_string(),
682 multivalue: false,
683 phantom: true,
685 syntax: SyntaxType::DateTime,
686 ..Default::default()
687};
688
689pub static ref SCHEMA_ATTR_KEY_ACTION_REVOKE_DL6: SchemaAttribute = SchemaAttribute {
690 uuid: UUID_SCHEMA_ATTR_KEY_ACTION_REVOKE,
691 name: Attribute::KeyActionRevoke,
692 description: "".to_string(),
693 multivalue: true,
694 phantom: true,
696 syntax: SyntaxType::HexString,
697 ..Default::default()
698};
699
700pub static ref SCHEMA_ATTR_KEY_ACTION_IMPORT_JWS_ES256_DL6: SchemaAttribute = SchemaAttribute {
701 uuid: UUID_SCHEMA_ATTR_KEY_ACTION_IMPORT_JWS_ES256,
702 name: Attribute::KeyActionImportJwsEs256,
703 description: "".to_string(),
704 multivalue: true,
705 phantom: true,
707 syntax: SyntaxType::PrivateBinary,
708 ..Default::default()
709};
710
711pub static ref SCHEMA_ATTR_PATCH_LEVEL_DL7: SchemaAttribute = SchemaAttribute {
712 uuid: UUID_SCHEMA_ATTR_PATCH_LEVEL,
713 name: Attribute::PatchLevel,
714 description: "".to_string(),
715 syntax: SyntaxType::Uint32,
716 ..Default::default()
717};
718
719pub static ref SCHEMA_ATTR_DOMAIN_DEVELOPMENT_TAINT_DL7: SchemaAttribute = SchemaAttribute {
720 uuid: UUID_SCHEMA_ATTR_DOMAIN_DEVELOPMENT_TAINT,
721 name: Attribute::DomainDevelopmentTaint,
722 description: "A flag to show that the domain has been run on a development build, and will need additional work to upgrade/migrate.".to_string(),
723 syntax: SyntaxType::Boolean,
724 ..Default::default()
725};
726
727pub static ref SCHEMA_ATTR_DOMAIN_ALLOW_EASTER_EGGS_DL9: SchemaAttribute = SchemaAttribute {
728 uuid: UUID_SCHEMA_ATTR_DOMAIN_ALLOW_EASTER_EGGS,
729 name: Attribute::DomainAllowEasterEggs,
730 description: "A flag to enable easter eggs in the server that may not always be wanted by all users/deployments.".to_string(),
731 syntax: SyntaxType::Boolean,
732 ..Default::default()
733};
734
735pub static ref SCHEMA_ATTR_REFERS_DL7: SchemaAttribute = SchemaAttribute {
736 uuid: UUID_SCHEMA_ATTR_REFERS,
737 name: Attribute::Refers,
738 description: "A reference to linked object".to_string(),
739 multivalue: false,
740 syntax: SyntaxType::ReferenceUuid,
741 ..Default::default()
742};
743
744pub static ref SCHEMA_ATTR_LINKED_GROUP_DL8: SchemaAttribute = SchemaAttribute {
745 uuid: UUID_SCHEMA_ATTR_LINKED_GROUP,
746 name: Attribute::LinkedGroup,
747 description: "A reference linking a group to an entry".to_string(),
748
749 multivalue: false,
750 syntax: SyntaxType::ReferenceUuid,
751 ..Default::default()
752};
753
754pub static ref SCHEMA_ATTR_ALLOW_PRIMARY_CRED_FALLBACK_DL8: SchemaAttribute = SchemaAttribute {
755 uuid: UUID_SCHEMA_ATTR_ALLOW_PRIMARY_CRED_FALLBACK,
756 name: Attribute::AllowPrimaryCredFallback,
757 description: "Allow fallback to primary password if no POSIX password exists".to_string(),
758
759 multivalue: false,
760 syntax: SyntaxType::Boolean,
761 ..Default::default()
762};
763
764pub static ref SCHEMA_ATTR_CERTIFICATE_DL7: SchemaAttribute = SchemaAttribute {
765 uuid: UUID_SCHEMA_ATTR_CERTIFICATE,
766 name: Attribute::Certificate,
767 description: "An x509 Certificate".to_string(),
768 multivalue: false,
769 syntax: SyntaxType::Certificate,
770 ..Default::default()
771};
772
773pub static ref SCHEMA_ATTR_APPLICATION_PASSWORD_DL8: SchemaAttribute = SchemaAttribute {
774 uuid: UUID_SCHEMA_ATTR_APPLICATION_PASSWORD,
775 name: Attribute::ApplicationPassword,
776 description: "A set of application passwords".to_string(),
777
778 multivalue: true,
779 syntax: SyntaxType::ApplicationPassword,
780 ..Default::default()
781};
782
783pub static ref SCHEMA_CLASS_PERSON: SchemaClass = SchemaClass {
786 uuid: UUID_SCHEMA_CLASS_PERSON,
787 name: EntryClass::Person.into(),
788 description: "Object representation of a person".to_string(),
789
790 sync_allowed: true,
791 systemmay: vec![
792 Attribute::Mail,
793 Attribute::LegalName,
794 ],
795 systemmust: vec![
796 Attribute::DisplayName,
797 Attribute::Name,
798 Attribute::IdVerificationEcKey],
799 ..Default::default()
800};
801
802pub static ref SCHEMA_CLASS_PERSON_DL5: SchemaClass = SchemaClass {
803 uuid: UUID_SCHEMA_CLASS_PERSON,
804 name: EntryClass::Person.into(),
805 description: "Object representation of a person".to_string(),
806
807 sync_allowed: true,
808 systemmay: vec![
809 Attribute::PrimaryCredential,
810 Attribute::PassKeys,
811 Attribute::AttestedPasskeys,
812 Attribute::CredentialUpdateIntentToken,
813 Attribute::SshPublicKey,
814 Attribute::RadiusSecret,
815 Attribute::OAuth2ConsentScopeMap,
816 Attribute::UserAuthTokenSession,
817 Attribute::OAuth2Session,
818 Attribute::Mail,
819 Attribute::LegalName,
820 ],
821 systemmust: vec![
822 Attribute::IdVerificationEcKey
823 ],
824 systemexcludes: vec![EntryClass::ServiceAccount.into(), EntryClass::Application.into()],
825 ..Default::default()
826};
827
828pub static ref SCHEMA_CLASS_PERSON_DL8: SchemaClass = SchemaClass {
829 uuid: UUID_SCHEMA_CLASS_PERSON,
830 name: EntryClass::Person.into(),
831 description: "Object representation of a person".to_string(),
832
833 sync_allowed: true,
834 systemmay: vec![
835 Attribute::PrimaryCredential,
836 Attribute::PassKeys,
837 Attribute::AttestedPasskeys,
838 Attribute::CredentialUpdateIntentToken,
839 Attribute::SshPublicKey,
840 Attribute::RadiusSecret,
841 Attribute::OAuth2ConsentScopeMap,
842 Attribute::UserAuthTokenSession,
843 Attribute::OAuth2Session,
844 Attribute::Mail,
845 Attribute::LegalName,
846 Attribute::ApplicationPassword,
847 ],
848 systemmust: vec![
849 Attribute::IdVerificationEcKey
850 ],
851 systemexcludes: vec![EntryClass::ServiceAccount.into(), EntryClass::Application.into()],
852 ..Default::default()
853};
854
855pub static ref SCHEMA_CLASS_ORGPERSON: SchemaClass = SchemaClass {
856 uuid: UUID_SCHEMA_CLASS_ORGPERSON,
857 name: EntryClass::OrgPerson.into(),
858 description: "Object representation of an org person".to_string(),
859
860 systemmay: vec![
861 Attribute::LegalName
862 ],
863 systemmust: vec![
864 Attribute::Mail,
865 Attribute::DisplayName,
866 Attribute::Name
867 ],
868 ..Default::default()
869};
870
871pub static ref SCHEMA_CLASS_GROUP_DL6: SchemaClass = SchemaClass {
872 uuid: UUID_SCHEMA_CLASS_GROUP,
873 name: EntryClass::Group.into(),
874 description: "Object representation of a group".to_string(),
875
876 sync_allowed: true,
877 systemmay: vec![
878 Attribute::Member,
879 Attribute::GrantUiHint,
880 Attribute::Description,
881 Attribute::Mail,
882 ],
883 systemmust: vec![
884 Attribute::Name,
885 Attribute::Spn],
886 ..Default::default()
887};
888
889pub static ref SCHEMA_CLASS_DYNGROUP: SchemaClass = SchemaClass {
890 uuid: UUID_SCHEMA_CLASS_DYNGROUP,
891 name: EntryClass::DynGroup.into(),
892 description: "Object representation of a dynamic group".to_string(),
893
894 systemmust: vec![Attribute::DynGroupFilter],
895 systemmay: vec![Attribute::DynMember],
896 systemsupplements: vec![Attribute::Group.into()],
897 ..Default::default()
898};
899
900pub static ref SCHEMA_CLASS_ACCOUNT_POLICY_DL6: SchemaClass = SchemaClass {
901 uuid: UUID_SCHEMA_CLASS_ACCOUNT_POLICY,
902 name: EntryClass::AccountPolicy.into(),
903 description: "Policies applied to accounts that are members of a group".to_string(),
904
905 systemmay: vec![
906 Attribute::AuthSessionExpiry,
907 Attribute::PrivilegeExpiry,
908 Attribute::AuthPasswordMinimumLength,
909 Attribute::CredentialTypeMinimum,
910 Attribute::WebauthnAttestationCaList,
911 Attribute::LimitSearchMaxResults,
912 Attribute::LimitSearchMaxFilterTest,
913 ],
914 systemsupplements: vec![Attribute::Group.into()],
915 ..Default::default()
916};
917
918pub static ref SCHEMA_CLASS_ACCOUNT_POLICY_DL8: SchemaClass = SchemaClass {
919 uuid: UUID_SCHEMA_CLASS_ACCOUNT_POLICY,
920 name: EntryClass::AccountPolicy.into(),
921 description: "Policies applied to accounts that are members of a group".to_string(),
922
923 systemmay: vec![
924 Attribute::AuthSessionExpiry,
925 Attribute::PrivilegeExpiry,
926 Attribute::AuthPasswordMinimumLength,
927 Attribute::CredentialTypeMinimum,
928 Attribute::WebauthnAttestationCaList,
929 Attribute::LimitSearchMaxResults,
930 Attribute::LimitSearchMaxFilterTest,
931 Attribute::AllowPrimaryCredFallback,
932 ],
933 systemsupplements: vec![Attribute::Group.into()],
934 ..Default::default()
935};
936
937pub static ref SCHEMA_CLASS_ACCOUNT: SchemaClass = SchemaClass {
938 uuid: UUID_SCHEMA_CLASS_ACCOUNT,
939 name: EntryClass::Account.into(),
940 description: "Object representation of an account".to_string(),
941
942 sync_allowed: true,
943 systemmay: vec![
944 Attribute::PrimaryCredential,
945 Attribute::PassKeys,
946 Attribute::AttestedPasskeys,
947 Attribute::CredentialUpdateIntentToken,
948 Attribute::SshPublicKey,
949 Attribute::RadiusSecret,
950 Attribute::AccountExpire,
951 Attribute::AccountValidFrom,
952 Attribute::Mail,
953 Attribute::OAuth2ConsentScopeMap,
954 Attribute::UserAuthTokenSession,
955 Attribute::OAuth2Session,
956 Attribute::Description,
957 Attribute::NameHistory,
958 ],
959 systemmust: vec![
960 Attribute::DisplayName,
961 Attribute::Name,
962 Attribute::Spn
963 ],
964 systemsupplements: vec![
965 EntryClass::Person.into(),
966 EntryClass::ServiceAccount.into(),
967 ],
968 ..Default::default()
969};
970
971pub static ref SCHEMA_CLASS_ACCOUNT_DL5: SchemaClass = SchemaClass {
972 uuid: UUID_SCHEMA_CLASS_ACCOUNT,
973 name: EntryClass::Account.into(),
974 description: "Object representation of an account".to_string(),
975
976 sync_allowed: true,
977 systemmay: vec![
978 Attribute::AccountExpire,
979 Attribute::AccountValidFrom,
980 Attribute::NameHistory,
981 ],
982 systemmust: vec![
983 Attribute::DisplayName,
984 Attribute::Name,
985 Attribute::Spn
986 ],
987 systemsupplements: vec![
988 EntryClass::Person.into(),
989 EntryClass::ServiceAccount.into(),
990 EntryClass::OAuth2ResourceServer.into(),
991 ],
992 ..Default::default()
993};
994
995pub static ref SCHEMA_CLASS_SERVICE_ACCOUNT_DL6: SchemaClass = SchemaClass {
996 uuid: UUID_SCHEMA_CLASS_SERVICE_ACCOUNT,
997 name: EntryClass::ServiceAccount.into(),
998 description: "Object representation of service account".to_string(),
999
1000 sync_allowed: true,
1001 systemmay: vec![
1002 Attribute::SshPublicKey,
1003 Attribute::UserAuthTokenSession,
1004 Attribute::OAuth2Session,
1005 Attribute::OAuth2ConsentScopeMap,
1006 Attribute::Description,
1007
1008 Attribute::Mail,
1009 Attribute::PrimaryCredential,
1010 Attribute::ApiTokenSession,
1011
1012 Attribute::JwsEs256PrivateKey,
1013 ],
1014 systemexcludes: vec![EntryClass::Person.into()],
1015 ..Default::default()
1016};
1017
1018pub static ref SCHEMA_CLASS_SERVICE_ACCOUNT_DL7: SchemaClass = SchemaClass {
1019 uuid: UUID_SCHEMA_CLASS_SERVICE_ACCOUNT,
1020 name: EntryClass::ServiceAccount.into(),
1021 description: "Object representation of service account".to_string(),
1022
1023 sync_allowed: true,
1024 systemmay: vec![
1025 Attribute::SshPublicKey,
1026 Attribute::UserAuthTokenSession,
1027 Attribute::OAuth2Session,
1028 Attribute::OAuth2ConsentScopeMap,
1029 Attribute::Description,
1030
1031 Attribute::Mail,
1032 Attribute::PrimaryCredential,
1033 Attribute::ApiTokenSession,
1034 ],
1035 systemexcludes: vec![EntryClass::Person.into()],
1036 ..Default::default()
1037};
1038
1039pub static ref SCHEMA_CLASS_SYNC_ACCOUNT_DL6: SchemaClass = SchemaClass {
1040 uuid: UUID_SCHEMA_CLASS_SYNC_ACCOUNT,
1041 name: EntryClass::SyncAccount.into(),
1042 description: "Object representation of sync account".to_string(),
1043
1044 systemmust: vec![Attribute::Name],
1045 systemmay: vec![
1046 Attribute::SyncTokenSession,
1047 Attribute::SyncCookie,
1048 Attribute::SyncCredentialPortal,
1049 Attribute::SyncYieldAuthority,
1050 Attribute::JwsEs256PrivateKey,
1051 ],
1052 systemexcludes: vec![EntryClass::Account.into()],
1053 ..Default::default()
1054};
1055
1056pub static ref SCHEMA_CLASS_SYNC_ACCOUNT_DL7: SchemaClass = SchemaClass {
1057 uuid: UUID_SCHEMA_CLASS_SYNC_ACCOUNT,
1058 name: EntryClass::SyncAccount.into(),
1059 description: "Object representation of sync account".to_string(),
1060
1061 systemmust: vec![Attribute::Name],
1062 systemmay: vec![
1063 Attribute::SyncTokenSession,
1064 Attribute::SyncCookie,
1065 Attribute::SyncCredentialPortal,
1066 Attribute::SyncYieldAuthority,
1067 ],
1068 systemexcludes: vec![EntryClass::Account.into()],
1069 ..Default::default()
1070};
1071
1072pub static ref SCHEMA_CLASS_DOMAIN_INFO_DL6: SchemaClass = SchemaClass {
1073 uuid: UUID_SCHEMA_CLASS_DOMAIN_INFO,
1074 name: EntryClass::DomainInfo.into(),
1075 description: "Local domain information and configuration".to_string(),
1076
1077 systemmay: vec![
1078 Attribute::DomainSsid,
1079 Attribute::DomainLdapBasedn,
1080 Attribute::LdapAllowUnixPwBind,
1081 Attribute::PrivateCookieKey,
1082 Attribute::FernetPrivateKeyStr,
1083 Attribute::Es256PrivateKeyDer,
1084 Attribute::PatchLevel,
1085 Attribute::DomainDevelopmentTaint,
1086 ],
1087 systemmust: vec![
1088 Attribute::Name,
1089 Attribute::DomainUuid,
1090 Attribute::DomainName,
1091 Attribute::DomainDisplayName,
1092 Attribute::Version,
1093 ],
1094 ..Default::default()
1095};
1096
1097pub static ref SCHEMA_CLASS_DOMAIN_INFO_DL7: SchemaClass = SchemaClass {
1098 uuid: UUID_SCHEMA_CLASS_DOMAIN_INFO,
1099 name: EntryClass::DomainInfo.into(),
1100 description: "Local domain information and configuration".to_string(),
1101
1102 systemmay: vec![
1103 Attribute::DomainSsid,
1104 Attribute::DomainLdapBasedn,
1105 Attribute::LdapAllowUnixPwBind,
1106 Attribute::PatchLevel,
1107 Attribute::DomainDevelopmentTaint,
1108 ],
1109 systemmust: vec![
1110 Attribute::Name,
1111 Attribute::DomainUuid,
1112 Attribute::DomainName,
1113 Attribute::DomainDisplayName,
1114 Attribute::Version,
1115 ],
1116 ..Default::default()
1117};
1118
1119pub static ref SCHEMA_CLASS_DOMAIN_INFO_DL8: SchemaClass = SchemaClass {
1120 uuid: UUID_SCHEMA_CLASS_DOMAIN_INFO,
1121 name: EntryClass::DomainInfo.into(),
1122 description: "Local domain information and configuration".to_string(),
1123
1124 systemmay: vec![
1125 Attribute::DomainSsid,
1126 Attribute::DomainLdapBasedn,
1127 Attribute::LdapAllowUnixPwBind,
1128 Attribute::Image,
1129 Attribute::PatchLevel,
1130 Attribute::DomainDevelopmentTaint,
1131 ],
1132 systemmust: vec![
1133 Attribute::Name,
1134 Attribute::DomainUuid,
1135 Attribute::DomainName,
1136 Attribute::DomainDisplayName,
1137 Attribute::Version,
1138 ],
1139 ..Default::default()
1140};
1141
1142pub static ref SCHEMA_CLASS_DOMAIN_INFO_DL9: SchemaClass = SchemaClass {
1143 uuid: UUID_SCHEMA_CLASS_DOMAIN_INFO,
1144 name: EntryClass::DomainInfo.into(),
1145 description: "Local domain information and configuration".to_string(),
1146
1147 systemmay: vec![
1148 Attribute::DomainSsid,
1149 Attribute::DomainLdapBasedn,
1150 Attribute::LdapAllowUnixPwBind,
1151 Attribute::Image,
1152 Attribute::PatchLevel,
1153 Attribute::DomainDevelopmentTaint,
1154 Attribute::DomainAllowEasterEggs,
1155 ],
1156 systemmust: vec![
1157 Attribute::Name,
1158 Attribute::DomainUuid,
1159 Attribute::DomainName,
1160 Attribute::DomainDisplayName,
1161 Attribute::Version,
1162 ],
1163 ..Default::default()
1164};
1165
1166pub static ref SCHEMA_CLASS_DOMAIN_INFO_DL10: SchemaClass = SchemaClass {
1167 uuid: UUID_SCHEMA_CLASS_DOMAIN_INFO,
1168 name: EntryClass::DomainInfo.into(),
1169 description: "Local domain information and configuration".to_string(),
1170
1171 systemmay: vec![
1172 Attribute::DomainSsid,
1173 Attribute::DomainLdapBasedn,
1174 Attribute::LdapAllowUnixPwBind,
1175 Attribute::Image,
1176 Attribute::PatchLevel,
1177 Attribute::DomainDevelopmentTaint,
1178 Attribute::DomainAllowEasterEggs,
1179 Attribute::DomainDisplayName,
1180 ],
1181 systemmust: vec![
1182 Attribute::Name,
1183 Attribute::DomainUuid,
1184 Attribute::DomainName,
1185 Attribute::Version,
1186 ],
1187 ..Default::default()
1188};
1189
1190pub static ref SCHEMA_CLASS_POSIXGROUP: SchemaClass = SchemaClass {
1191 uuid: UUID_SCHEMA_CLASS_POSIXGROUP,
1192 name: EntryClass::PosixGroup.into(),
1193 description: "Object representation of a posix group, requires group".to_string(),
1194
1195 sync_allowed: true,
1196 systemmust: vec![Attribute::GidNumber],
1197 systemsupplements: vec![Attribute::Group.into()],
1198 ..Default::default()
1199};
1200
1201pub static ref SCHEMA_CLASS_POSIXACCOUNT: SchemaClass = SchemaClass {
1202 uuid: UUID_SCHEMA_CLASS_POSIXACCOUNT,
1203 name: EntryClass::PosixAccount.into(),
1204 description: "Object representation of a posix account, requires account".to_string(),
1205
1206 sync_allowed: true,
1207 systemmay: vec![Attribute::LoginShell, Attribute::UnixPassword],
1208 systemmust: vec![Attribute::GidNumber],
1209 systemsupplements: vec![Attribute::Account.into()],
1210 ..Default::default()
1211};
1212
1213pub static ref SCHEMA_CLASS_SYSTEM_CONFIG: SchemaClass = SchemaClass {
1214 uuid: UUID_SCHEMA_CLASS_SYSTEM_CONFIG,
1215 name: EntryClass::SystemConfig.into(),
1216 description: "The class representing a system (topologies) configuration options".to_string(),
1217
1218 systemmay: vec![
1219 Attribute::Description,
1220 Attribute::BadlistPassword,
1221 Attribute::AuthSessionExpiry,
1222 Attribute::PrivilegeExpiry,
1223 Attribute::DeniedName
1224 ],
1225 ..Default::default()
1226};
1227
1228pub static ref SCHEMA_CLASS_OAUTH2_RS_DL4: SchemaClass = SchemaClass {
1229 uuid: UUID_SCHEMA_CLASS_OAUTH2_RS,
1230 name: EntryClass::OAuth2ResourceServer.into(),
1231 description: "The class representing a configured Oauth2 Resource Server".to_string(),
1232
1233 systemmay: vec![
1234 Attribute::Description,
1235 Attribute::OAuth2RsScopeMap,
1236 Attribute::OAuth2RsSupScopeMap,
1237 Attribute::Rs256PrivateKeyDer,
1238 Attribute::OAuth2JwtLegacyCryptoEnable,
1239 Attribute::OAuth2PreferShortUsername,
1240 Attribute::OAuth2RsOriginLanding,
1241 Attribute::Image,
1242 Attribute::OAuth2RsClaimMap,
1243 ],
1244 systemmust: vec![
1245 Attribute::OAuth2RsName,
1246 Attribute::DisplayName,
1247 Attribute::OAuth2RsOrigin,
1248 Attribute::OAuth2RsTokenKey,
1249 Attribute::Es256PrivateKeyDer,
1250 ],
1251 ..Default::default()
1252};
1253
1254pub static ref SCHEMA_CLASS_OAUTH2_RS_DL5: SchemaClass = SchemaClass {
1255 uuid: UUID_SCHEMA_CLASS_OAUTH2_RS,
1256 name: EntryClass::OAuth2ResourceServer.into(),
1257 description: "The class representing a configured Oauth2 Resource Server".to_string(),
1258
1259 systemmay: vec![
1260 Attribute::Description,
1261 Attribute::OAuth2RsScopeMap,
1262 Attribute::OAuth2RsSupScopeMap,
1263 Attribute::Rs256PrivateKeyDer,
1264 Attribute::OAuth2JwtLegacyCryptoEnable,
1265 Attribute::OAuth2PreferShortUsername,
1266 Attribute::OAuth2RsOriginLanding,
1267 Attribute::Image,
1268 Attribute::OAuth2RsClaimMap,
1269 Attribute::OAuth2Session,
1270 ],
1271 systemmust: vec![
1272 Attribute::OAuth2RsOrigin,
1273 Attribute::OAuth2RsTokenKey,
1274 Attribute::Es256PrivateKeyDer,
1275 ],
1276 ..Default::default()
1277};
1278
1279pub static ref SCHEMA_CLASS_OAUTH2_RS_DL7: SchemaClass = SchemaClass {
1280 uuid: UUID_SCHEMA_CLASS_OAUTH2_RS,
1281 name: EntryClass::OAuth2ResourceServer.into(),
1282 description: "The class representing a configured OAuth2 Client".to_string(),
1283
1284 systemmay: vec![
1285 Attribute::Description,
1286 Attribute::OAuth2RsScopeMap,
1287 Attribute::OAuth2RsSupScopeMap,
1288 Attribute::Rs256PrivateKeyDer,
1289 Attribute::OAuth2JwtLegacyCryptoEnable,
1290 Attribute::OAuth2PreferShortUsername,
1291 Attribute::Image,
1292 Attribute::OAuth2RsClaimMap,
1293 Attribute::OAuth2Session,
1294 Attribute::OAuth2RsOrigin,
1295 Attribute::OAuth2StrictRedirectUri,
1296 ],
1297 systemmust: vec![
1298 Attribute::OAuth2RsOriginLanding,
1299 Attribute::OAuth2RsTokenKey,
1300 Attribute::Es256PrivateKeyDer,
1301 ],
1302 ..Default::default()
1303};
1304
1305pub static ref SCHEMA_CLASS_OAUTH2_RS_DL9: SchemaClass = SchemaClass {
1306 uuid: UUID_SCHEMA_CLASS_OAUTH2_RS,
1307 name: EntryClass::OAuth2ResourceServer.into(),
1308 description: "The class representing a configured OAuth2 Client".to_string(),
1309
1310 systemmay: vec![
1311 Attribute::Description,
1312 Attribute::OAuth2RsScopeMap,
1313 Attribute::OAuth2RsSupScopeMap,
1314 Attribute::Rs256PrivateKeyDer,
1315 Attribute::OAuth2JwtLegacyCryptoEnable,
1316 Attribute::OAuth2PreferShortUsername,
1317 Attribute::Image,
1318 Attribute::OAuth2RsClaimMap,
1319 Attribute::OAuth2Session,
1320 Attribute::OAuth2RsOrigin,
1321 Attribute::OAuth2StrictRedirectUri,
1322 Attribute::OAuth2DeviceFlowEnable,
1323 ],
1324 systemmust: vec![
1325 Attribute::OAuth2RsOriginLanding,
1326 Attribute::OAuth2RsTokenKey,
1327 Attribute::Es256PrivateKeyDer,
1328 ],
1329 ..Default::default()
1330};
1331
1332pub static ref SCHEMA_CLASS_OAUTH2_RS_BASIC_DL5: SchemaClass = SchemaClass {
1333 uuid: UUID_SCHEMA_CLASS_OAUTH2_RS_BASIC,
1334 name: EntryClass::OAuth2ResourceServerBasic.into(),
1335 description: "The class representing a configured OAuth2 client authenticated with HTTP basic authentication".to_string(),
1336
1337 systemmay: vec![
1338 Attribute::OAuth2AllowInsecureClientDisablePkce,
1339 ],
1340 systemmust: vec![ Attribute::OAuth2RsBasicSecret],
1341 systemexcludes: vec![ EntryClass::OAuth2ResourceServerPublic.into()],
1342 ..Default::default()
1343};
1344
1345pub static ref SCHEMA_CLASS_OAUTH2_RS_PUBLIC_DL4: SchemaClass = SchemaClass {
1347 uuid: UUID_SCHEMA_CLASS_OAUTH2_RS_PUBLIC,
1348 name: EntryClass::OAuth2ResourceServerPublic.into(),
1349 description: "The class representing a configured Public OAuth2 Client with PKCE verification".to_string(),
1350
1351 systemmay: vec![Attribute::OAuth2AllowLocalhostRedirect],
1352 systemexcludes: vec![EntryClass::OAuth2ResourceServerBasic.into()],
1353 ..Default::default()
1354};
1355
1356pub static ref SCHEMA_CLASS_KEY_PROVIDER_DL6: SchemaClass = SchemaClass {
1360 uuid: UUID_SCHEMA_CLASS_KEY_PROVIDER,
1361 name: EntryClass::KeyProvider.into(),
1362 description: "A provider for cryptographic key storage and operations".to_string(),
1363 systemmay: vec![
1364 Attribute::Description,
1365 ],
1366 systemmust: vec![
1367 Attribute::Name,
1368 ],
1369 systemsupplements: vec![
1370 EntryClass::KeyProviderInternal.into(),
1371 ],
1372 ..Default::default()
1373};
1374
1375pub static ref SCHEMA_CLASS_KEY_PROVIDER_INTERNAL_DL6: SchemaClass = SchemaClass {
1376 uuid: UUID_SCHEMA_CLASS_KEY_PROVIDER_INTERNAL,
1377 name: EntryClass::KeyProviderInternal.into(),
1378 description: "The Kanidm internal cryptographic key provider".to_string(),
1379 ..Default::default()
1380};
1381
1382pub static ref SCHEMA_CLASS_KEY_OBJECT_DL6: SchemaClass = SchemaClass {
1386 uuid: UUID_SCHEMA_CLASS_KEY_OBJECT,
1387 name: EntryClass::KeyObject.into(),
1388 description: "A cryptographic key object that can be used by a provider".to_string(),
1389 systemmust: vec![
1390 Attribute::KeyProvider,
1391 ],
1392 ..Default::default()
1393};
1394
1395pub static ref SCHEMA_CLASS_KEY_OBJECT_JWT_ES256_DL6: SchemaClass = SchemaClass {
1396 uuid: UUID_SCHEMA_CLASS_KEY_OBJECT_JWT_ES256,
1397 name: EntryClass::KeyObjectJwtEs256.into(),
1398 description: "A marker class indicating that this keyobject must provide jwt es256 capability.".to_string(),
1399 systemsupplements: vec![
1400 EntryClass::KeyObject.into(),
1401 ],
1402 ..Default::default()
1403};
1404
1405pub static ref SCHEMA_CLASS_KEY_OBJECT_JWE_A128GCM_DL6: SchemaClass = SchemaClass {
1406 uuid: UUID_SCHEMA_CLASS_KEY_OBJECT_JWE_A128GCM,
1407 name: EntryClass::KeyObjectJweA128GCM.into(),
1408 description: "A marker class indicating that this keyobject must provide jwe aes-256-gcm capability.".to_string(),
1409 systemsupplements: vec![
1410 EntryClass::KeyObject.into(),
1411 ],
1412 ..Default::default()
1413};
1414
1415pub static ref SCHEMA_CLASS_KEY_OBJECT_INTERNAL_DL6: SchemaClass = SchemaClass {
1416 uuid: UUID_SCHEMA_CLASS_KEY_OBJECT_INTERNAL,
1417 name: EntryClass::KeyObjectInternal.into(),
1418 description: "A cryptographic key object that can be used by the internal provider".to_string(),
1419 systemmay: vec![
1420 Attribute::KeyInternalData,
1421 ],
1422 systemsupplements: vec![
1423 EntryClass::KeyObject.into(),
1424 ],
1425 ..Default::default()
1426};
1427
1428pub static ref SCHEMA_CLASS_CLIENT_CERTIFICATE_DL7: SchemaClass = SchemaClass {
1431 uuid: UUID_SCHEMA_CLASS_CLIENT_CERTIFICATE,
1432 name: EntryClass::ClientCertificate.into(),
1433 description: "A client authentication certificate".to_string(),
1434 systemmay: vec![],
1435 systemmust: vec![
1436 Attribute::Certificate,
1437 Attribute::Refers,
1438 ],
1439 ..Default::default()
1440};
1441
1442pub static ref SCHEMA_CLASS_APPLICATION_DL8: SchemaClass = SchemaClass {
1443 uuid: UUID_SCHEMA_CLASS_APPLICATION,
1444 name: EntryClass::Application.into(),
1445
1446 description: "The class representing an application".to_string(),
1447 systemmust: vec![Attribute::Name, Attribute::LinkedGroup],
1448 systemmay: vec![Attribute::Description],
1449 systemsupplements: vec![EntryClass::ServiceAccount.into()],
1450 ..Default::default()
1451};
1452
1453);