# # File: oidrdbmsupg10i.ldif (A.K.A. oidSchemaUpgradeFrom90110RDBMS.sbs) # # Description: # Upgrade script of RDBMS LDAP functionality to 10i. It is # assumed that the 8.1.7, 9i, and 9iR2 schemas are already # installed. # # Modified: # 05/16/03 nlewis 2958194: add orclgroup oc to enterprise role for DAS # 01/14/03 shwong allow optional privs and labels bug 2746291 # 12/06/02 shwong make orclDBLSPolicyOptions optional in orclDBLSPolicy # 11/18/02 shwong make more OLS attributes searchable # 10/11/02 shwong make certain OLS attributes searchable # 08/30/02 shwong remove orclDBLSDefWrite # 08/13/02 nlewis update dbsec container with new oc and attribute # 07/24/02 shwong add Oracle Label Security object classes and attributes # 06/27/02 nlewis creation, bug 2280116: add orclprivilegegroup to ent role # # # Notes: This LDIF file will only work with Oracle Internet Directory # version 2.0.5 and above. # This file should be loaded by 'ldapmodify' with the following # options "-c -a -v" # # Copyright (c) 2002, 2003, Oracle Corporation. All rights reserved. # # # RDBMS attributes (prefix = orclDB) # dn: cn=subschemasubentry changetype: modify add: attributetypes attributetypes: ( 2.16.840.1.113894.2.1.14 NAME 'orclDBOIDAuthentication' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) # # RDBMS/Oracle Label Security attributes (prefix = orclDBLS) # reserved OID number space 2.16.840.1.113894.2.1.200.* # dn: cn=subschemasubentry changetype: modify add: attributetypes attributetypes: ( 2.16.840.1.113894.2.1.200.1 NAME 'orclDBLSAuditEnable' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) dn: cn=subschemasubentry changetype: modify add: attributetypes attributetypes: ( 2.16.840.1.113894.2.1.200.2 NAME 'orclDBLSAuditOptionSuccess' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) dn: cn=subschemasubentry changetype: modify add: attributetypes attributetypes: ( 2.16.840.1.113894.2.1.200.3 NAME 'orclDBLSAuditOptionType' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) dn: cn=subschemasubentry changetype: modify add: attributetypes attributetypes: ( 2.16.840.1.113894.2.1.200.4 NAME 'orclDBLSColumnName' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) dn: cn=subschemasubentry changetype: modify add: attributetypes attributetypes: ( 2.16.840.1.113894.2.1.200.5 NAME 'orclDBLSDefRead' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) dn: cn=subschemasubentry changetype: modify add: attributetypes attributetypes: ( 2.16.840.1.113894.2.1.200.6 NAME 'orclDBLSDefRow' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) dn: cn=subschemasubentry changetype: modify add: attributetypes attributetypes: ( 2.16.840.1.113894.2.1.200.7 NAME 'orclDBLSFullName' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) dn: cn=subschemasubentry changetype: modify add: attributetypes attributetypes: ( 2.16.840.1.113894.2.1.200.8 NAME 'orclDBLSGroupParent' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) dn: cn=subschemasubentry changetype: modify add: attributetypes attributetypes: ( 2.16.840.1.113894.2.1.200.9 NAME 'orclDBLSMaxRead' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) dn: cn=subschemasubentry changetype: modify add: attributetypes attributetypes: ( 2.16.840.1.113894.2.1.200.10 NAME 'orclDBLSMaxWrite' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) dn: cn=subschemasubentry changetype: modify add: attributetypes attributetypes: ( 2.16.840.1.113894.2.1.200.11 NAME 'orclDBLSMinWrite' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) dn: cn=subschemasubentry changetype: modify add: attributetypes attributetypes: ( 2.16.840.1.113894.2.1.200.12 NAME 'orclDBLSNumericTag' EQUALITY integerMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) dn: cn=subschemasubentry changetype: modify add: attributetypes attributetypes: ( 2.16.840.1.113894.2.1.200.13 NAME 'orclDBLSPackageName' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) dn: cn=subschemasubentry changetype: modify add: attributetypes attributetypes: ( 2.16.840.1.113894.2.1.200.14 NAME 'orclDBLSPolicyOptions' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) dn: cn=subschemasubentry changetype: modify add: attributetypes attributetypes: ( 2.16.840.1.113894.2.1.200.15 NAME 'orclDBLSPrivs' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) # # # RDBMS Objectclasses # # Add orclprivilegegroup objectclass to enterprise role for AQ support. # (Bug 2280116) # Add orclgroup objectclass to enterprise role for DAS display (2958194) # dn: cn=subschemasubentry changetype: modify add: objectclasses objectclasses: ( 2.16.840.1.113894.2.2.11 NAME 'orclDBEnterpriseRole_10i' SUP ( orclprivilegegroup $ orclgroup ) AUXILIARY ) dn: cn=subschemasubentry changetype: modify add: objectclasses objectclasses: ( 2.16.840.1.113894.2.2.12 NAME 'orclDBSecConfig10i' SUP top AUXILIARY MUST ( orclDBOIDAuthentication ) ) # # RDBMS/Oracle Label Security Objectclasses # OID reserved number space: 2.16.840.1.113894.2.2.200.* # dn: cn=subschemasubentry changetype: modify add: objectclasses objectclasses: ( 2.16.840.1.113894.2.2.200.1 NAME 'orclDBLSAuditOption' DESC 'Oracle Label Security Policy Audit Option' SUP 'top' STRUCTURAL MUST ( cn $ orclDBLSAuditEnable $ orclDBLSAuditOptionType $ orclDBLSAuditOptionSuccess ) ) dn: cn=subschemasubentry changetype: modify add: objectclasses objectclasses: ( 2.16.840.1.113894.2.2.200.2 NAME 'orclDBLSLabelComponent' DESC 'Oracle Label Security Policy Label Component' SUP 'top' STRUCTURAL MUST ( cn $ orclDBLSFullName $ orclDBLSNumericTag ) AUXILIARY MAY ( orclDBLSGroupParent ) ) dn: cn=subschemasubentry changetype: modify add: objectclasses objectclasses: ( 2.16.840.1.113894.2.2.200.3 NAME 'orclDBLSPolicy' DESC 'Oracle Label Security Policy' SUP 'groupOfUniqueNames' STRUCTURAL MUST ( cn $ orclDBLSColumnName $ orclDBLSPackageName ) AUXILIARY MAY ( orclDBLSPolicyOptions ) ) dn: cn=subschemasubentry changetype: modify add: objectclasses objectclasses: ( 2.16.840.1.113894.2.2.200.4 NAME 'orclDBLSProfile' DESC 'Oracle Label Security Authorization Profile' SUP 'groupOfUniqueNames' STRUCTURAL MUST ( cn ) AUXILIARY MAY ( orclDBLSMaxRead $ orclDBLSMaxWrite $ orclDBLSMinWrite $ orclDBLSDefRead $ orclDBLSDefRow $ orclDBLSPrivs ) ) # Make certain OLS attributes searchable dn: cn=catalogs changetype: modify add: orclindexedattribute orclindexedattribute: orclDBLSFullName dn: cn=catalogs changetype: modify add: orclindexedattribute orclindexedattribute: orclDBLSNumericTag dn: cn=catalogs changetype: modify add: orclindexedattribute orclindexedattribute: orclDBLSColumnName dn: cn=catalogs changetype: modify add: orclindexedattribute orclindexedattribute: orclDBLSGroupParent # # Update version entries in directory # # dn: cn=RDBMS,cn=OracleSchemaVersion changetype: modify replace: orclProductVersion orclProductVersion: 90400