Add schema for IBM Directory Server in LDIF format.

GitHub issue #384

MANIFEST

@@ -32,6 +32,7 @@ docs/cvtsudoers.mdoc.in
 docs/fixman.sh
 docs/fixmdoc.sed
 docs/schema.ActiveDirectory
+docs/schema.IBM_LDAP
 docs/schema.OpenLDAP
 docs/schema.iPlanet
 docs/schema.olcSudo

README.LDAP.md

@@ -96,8 +96,17 @@ copy the schema.iPlanet file to the schema directory with the name 99sudo.ldif.
 On Solaris, schemas are stored in /var/Sun/mps/slapd-\`hostname\`/config/schema/.
 For Fedora Directory Server, they are stored in /etc/dirsrv/schema/.
 
-After copying the schema file to the appropriate directory, restart
-the LDAP server.
+For IBM Directory Server, IBM Tivoli Directory Server, IBM Security
+Directory Server, and IBM Security Verify Directory, the schema is
+supplied in LDIF format.  It can be installed using the ldapmodify
+utility:
+
+    # ldapmodify -c -f schema.IBM_LDAP -h ldapserver:port -w passwod \
+      -D cn=Manager,dc=example,dc=com
+
+For schema files other than schema.olcSudo and schema.IBM_LDAP, you
+will need to restart the LDAP server after copying the schema file
+into place.
 
 Finally, using an LDAP browser/editor, enable indexing by editing the
 client profile to provide a Service Search Descriptor (SSD) for sudoers,

docs/schema.IBM_LDAP

@@ -0,0 +1,91 @@
+#
+# sudoers schema for IBM Directory Server, also known as Tivoli Directory
+# Server, IBM Security Directory Server, and IBM Security Verify Directory.
+#
+# To import: ldapmodify -c -D binddn -h host:port -w password -f schema.IBM_LDAP
+# Substitute the correct values for binddn, host:port and password.
+#
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributetypes: ( 1.3.6.1.4.1.15953.9.1.1 NAME 'sudoUser' DESC 'User(s) who may  run sudo' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+-
+add: ibmattributetypes
+ibmattributetypes: ( 1.3.6.1.4.1.15953.9.1.1 DBNAME( 'sudoUser' 'sudoUser' ) ACCESS-CLASS normal LENGTH 512 )
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributeTypes: ( 1.3.6.1.4.1.15953.9.1.2 NAME 'sudoHost' DESC 'Host(s) who may run sudo' EQUALITY caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+-
+add: ibmattributetypes
+ibmattributetypes: ( 1.3.6.1.4.1.15953.9.1.2 DBNAME( 'sudoHost' 'sudoHost' ) ACCESS-CLASS normal LENGTH 512 )
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributeTypes: ( 1.3.6.1.4.1.15953.9.1.3 NAME 'sudoCommand' DESC 'Command(s) to be executed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+-
+add: ibmattributetypes
+ibmattributetypes: ( 1.3.6.1.4.1.15953.9.1.3 DBNAME( 'sudoCommand' 'sudoCommand' ) ACCESS-CLASS normal LENGTH 2048 )
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributeTypes: ( 1.3.6.1.4.1.15953.9.1.4 NAME 'sudoRunAs' DESC 'User(s) impersonated by sudo (deprecated)' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+-
+add: ibmattributetypes
+ibmattributetypes: ( 1.3.6.1.4.1.15953.9.1.4 DBNAME( 'sudoRunAs' 'sudoRunAs' ) ACCESS-CLASS normal LENGTH 512 )
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributeTypes: ( 1.3.6.1.4.1.15953.9.1.5 NAME 'sudoOption' DESC 'Options(s) followed by sudo' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+-
+add: ibmattributetypes
+ibmattributetypes: ( 1.3.6.1.4.1.15953.9.1.5 DBNAME( 'sudoOption' 'sudoOption' ) ACCESS-CLASS normal LENGTH 512 )
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributeTypes: ( 1.3.6.1.4.1.15953.9.1.6 NAME 'sudoRunAsUser' DESC 'User(s) impersonated by sudo' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+-
+add: ibmattributetypes
+ibmattributetypes: ( 1.3.6.1.4.1.15953.9.1.6 DBNAME( 'sudoRunAsUser' 'sudoRunAsUser' ) ACCESS-CLASS normal LENGTH 512 )
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributeTypes: ( 1.3.6.1.4.1.15953.9.1.7 NAME 'sudoRunAsGroup' DESC 'Group(s) impersonated by sudo' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+-
+add: ibmattributetypes
+ibmattributetypes: ( 1.3.6.1.4.1.15953.9.1.7 DBNAME( 'sudoRunAsGroup' 'sudoRunAsGroup' ) ACCESS-CLASS normal LENGTH 512 )
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributeTypes: ( 1.3.6.1.4.1.15953.9.1.8 NAME 'sudoNotBefore' DESC 'Start of time interval for which the entry is valid' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
+-
+add: ibmattributetypes
+ibmattributetypes: ( 1.3.6.1.4.1.15953.9.1.8 DBNAME( 'sudoNotBefore' 'sudoNotBefore' ) ACCESS-CLASS normal LENGTH 512 )
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributeTypes: ( 1.3.6.1.4.1.15953.9.1.9 NAME 'sudoNotAfter' DESC 'End of time interval for which the entry is valid' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 )
+-
+add: ibmattributetypes
+ibmattributetypes: ( 1.3.6.1.4.1.15953.9.1.9 DBNAME( 'sudoNotAfter' 'sudoNotAfter' ) ACCESS-CLASS normal LENGTH 512 )
+
+dn: cn=schema
+changetype: modify
+add: attributetypes
+attributeTypes: ( 1.3.6.1.4.1.15953.9.1.10 NAME 'sudoOrder' DESC 'an integer to order the sudoRole entries' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+-
+add: ibmattributetypes
+ibmattributetypes: ( 1.3.6.1.4.1.15953.9.1.10 DBNAME( 'sudoOrder' 'sudoOrder' ) ACCESS-CLASS normal )
+
+dn: cn=schema
+changetype: modify
+add: objectClasses
+objectClasses: ( 1.3.6.1.4.1.15953.9.2.1 NAME 'sudoRole' SUP top STRUCTURAL DESC 'Sudoer Entries' MUST ( cn ) MAY ( sudoUser $ sudoHost $ sudoCommand $ sudoRunAs $ sudoRunAsUser $ sudoRunAsGroup $ sudoOption $ sudoOrder $ sudoNotBefore $ sudoNotAfter $ description ) )