## Description

# Schema for Checkpoint Authentication Management Client 1.1 and OpenLDAP 2.x
# Converted from SCHEMA.LDIFF by
#  Dr. Peter Bieringer <pbieringer@aerasec.de> 2001-06-06

## Usage:
#
# 1)
#   Copy this file to /etc/openldap/
#
# 2)
#   Edit /etc/openldap/slapd.conf
#
#   Add line after the "include" lines like
#	# Checkpoint Firewall-1
#	include         /etc/openldap/firewall-1.conf
#
#   Disable schemacheck to allow the LDAP client adding of new attributes
#    without adding new object classes, otherwise you have to add
#    objectClass "fw1person" to each already existing member
#
#	# disable schemacheck
#	schemacheck off

attributetype ( 1.3.114.7.4.2.0.1 NAME 'fw1auth-method' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.114.7.4.2.0.2 NAME 'fw1auth-server' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.114.7.4.2.0.3 NAME 'fw1pwdlastmod' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.114.7.4.2.0.4 NAME 'fw1skey-number' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.114.7.4.2.0.5 NAME 'fw1skey-seed' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.114.7.4.2.0.6 NAME 'fw1skey-passwd' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.114.7.4.2.0.7 NAME 'fw1skey-mdm' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.114.7.4.2.0.8 NAME 'fw1expiration-date' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.114.7.4.2.0.9 NAME 'fw1hour-range-from' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.114.7.4.2.0.10 NAME 'fw1hour-range-to' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.114.7.4.2.0.11 NAME 'fw1day' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.114.7.4.2.0.12 NAME 'fw1allowed-src' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.114.7.4.2.0.13 NAME 'fw1allowed-dst' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.114.7.4.2.0.14 NAME 'fw1allowed-vlan' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.114.7.4.2.0.15 NAME 'fw1SR-keym' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.114.7.4.2.0.16 NAME 'fw1SR-datam' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.114.7.4.2.0.17 NAME 'fw1SR-mdm' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.114.7.4.2.0.18 NAME 'fw1enc-fwz-expiration' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.114.7.4.2.0.19 NAME 'fw1sr-auth-track' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.114.7.4.2.0.20 NAME 'fw1grouptemplate' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.114.7.4.2.0.21 NAME 'fw1ISAKMP-EncMethod' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.114.7.4.2.0.22 NAME 'fw1ISAKMP-AuthMethods' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.114.7.4.2.0.23 NAME 'fw1ISAKMP-HashMethods' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.114.7.4.2.0.24 NAME 'fw1ISAKMP-Transform' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.114.7.4.2.0.25 NAME 'fw1ISAKMP-DataIntegrityMethod' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.114.7.4.2.0.26 NAME 'fw1ISAKMP-SharedSecret' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.114.7.4.2.0.27 NAME 'fw1ISAKMP-DataEncMethod' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype ( 1.3.114.7.4.2.0.28 NAME 'fw1enc-methods' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )

objectclass ( 1.3.114.7.3.2.0.1 NAME 'fw1template' SUP top MUST ( objectclass $ cn ) MAY ( member  $ description  $ fw1auth-method $ fw1auth-server $ fw1pwdlastmod $ fw1skey-number $ fw1skey-seed $ fw1skey-passwd $ fw1skey-mdm $ fw1expiration-date $ fw1hour-range-from $ fw1hour-range-to  $ fw1day $ fw1allowed-src $ fw1allowed-dst $ fw1allowed-vlan $ fw1SR-keym $ fw1SR-datam $ fw1SR-mdm $ fw1enc-fwz-expiration $ fw1sr-auth-track $ fw1grouptemplate $ fw1ISAKMP-EncMethod $ fw1ISAKMP-AuthMethods $ fw1ISAKMP-HashMethods $ fw1ISAKMP-Transform $ fw1ISAKMP-DataIntegrityMethod $ fw1ISAKMP-SharedSecret $ fw1ISAKMP-DataEncMethod $ fw1enc-methods ) )

objectclass ( 1.3.114.7.3.2.0.2	NAME 'fw1person' SUP top MUST ( cn ) MAY ( description $ fw1auth-method $ fw1auth-server $ fw1pwdlastmod $ fw1skey-number $ fw1skey-seed $ fw1skey-passwd $ fw1skey-mdm $ fw1expiration-date $ fw1hour-range-from $ fw1hour-range-to  $ fw1day $ fw1allowed-src $ fw1allowed-dst $ fw1allowed-vlan $ fw1SR-keym $ fw1SR-datam $ fw1SR-mdm $ fw1enc-fwz-expiration $ fw1sr-auth-track $ fw1grouptemplate $ fw1ISAKMP-EncMethod $ fw1ISAKMP-AuthMethods $ fw1ISAKMP-HashMethods $ fw1ISAKMP-Transform $ fw1ISAKMP-DataIntegrityMethod $ fw1ISAKMP-SharedSecret$ fw1ISAKMP-DataEncMethod $ fw1enc-methods ) )