From 868faf6fc4e58000ea9ba9479fd6da01f25d5678 Mon Sep 17 00:00:00 2001
From: Camden Moors <cmoors@mitre.org>
Date: Tue, 12 Jan 2021 14:55:14 -0500
Subject: [PATCH 01/34] Add backend for authenticating with LDAP

---
 README.md                                  |  6 +-
 apps/backend/.env-example                  | 14 ++++
 apps/backend/package.json                  |  1 +
 apps/backend/src/authn/authn.controller.ts |  7 ++
 apps/backend/src/authn/authn.module.ts     |  3 +-
 apps/backend/src/authn/authn.service.ts    | 43 ++++++++++++
 apps/backend/src/authn/ldap.strategy.ts    | 46 +++++++++++++
 yarn.lock                                  | 79 +++++++++++++++++++++-
 8 files changed, 192 insertions(+), 7 deletions(-)
 create mode 100644 apps/backend/src/authn/ldap.strategy.ts

diff --git a/README.md b/README.md
index 9e4bb52aeb..ce656d1648 100644
--- a/README.md
+++ b/README.md
@@ -170,7 +170,7 @@ To run Heimdall Server, Postgresql must be installed and a user account must exi
 
     # Start the Postgres terminal
     psql postgres
-
+    
     # Create the user
     CREATE USER <username> with encrypted password '<password>';
     ALTER USER <username> CREATEDB;
@@ -180,9 +180,7 @@ Then, the following one-time steps must be performed:
 
     cp apps/backend/.env-example apps/backend/.env
     # Edit /apps/backend/.env to reflect the appropriate configuration for your system
-    yarn backend sequelize-cli db:create
-    yarn backend sequelize-cli db:migrate
-    yarn backend sequelize-cli db:seed:all
+    
 
 Once the above steps are completed it is possible to start heimdall-server using the following command
 
diff --git a/apps/backend/.env-example b/apps/backend/.env-example
index 6f2824b1c5..02c584f8a1 100644
--- a/apps/backend/.env-example
+++ b/apps/backend/.env-example
@@ -10,3 +10,17 @@ JWT_EXPIRE_TIME=<JSON Web Token Length of time before signature expires (if noth
 NODE_ENV=<development, production, or test (no default, must be set)>
 HEIMDALL_HEADLESS_TESTS=<run integration tests in a headless browser (default=true)>
 ADMIN_PASSWORD=<Password for admin user (if nothing is provided, defaults to a randomly generated password)>
+
+# LDAP Configuration
+LDAP_HOST=<Your LDAP target server>
+LDAP_PORT=<Your LDAP target port (if nothing is provided, defaults to 389)>
+LDAP_BINDDN=<The Dn of the user used for lookups>
+LDAP_PASSWORD=<Your LDAP user's passwords used for lookups>
+# Here you set your LDAP searchbase, for more info see https://docs.oracle.com/cd/E19693-01/819-0997/auto45/index.html
+# If you're using Active Directory, you probably want "OU=Users, DC=<yourdomain>, DC=local"
+LDAP_SEARCHBASE="<Your LDAP search base>"
+# Here you set your LDAP search filter, for more info see https://confluence.atlassian.com/kb/how-to-write-ldap-search-filters-792496933.html
+# If you are using Active Directory Users, you probably want "(sAMAccountName={{username}}"
+LDAP_SEARCHFILTER="<Your LDAP search filter (if nothing is provided, defaults to (sAMAccountName={{username}}>"
+LDAP_NAMEFIELD="<The field that contains the user's full name (if nothing is provided, defaults to name)>"
+LDAP_MAILFIELD="<The field that contains the user's email (if nothing is provided, defaults to mail)>"
\ No newline at end of file
diff --git a/apps/backend/package.json b/apps/backend/package.json
index 0f9a292d51..b5a23c0cd7 100644
--- a/apps/backend/package.json
+++ b/apps/backend/package.json
@@ -67,6 +67,7 @@
     "js-levenshtein": "^1.1.6",
     "passport": "^0.4.1",
     "passport-jwt": "^4.0.0",
+    "passport-ldapauth": "^3.0.1",
     "passport-local": "^1.0.0",
     "pg": "^8.2.1",
     "reflect-metadata": "^0.1.13",
diff --git a/apps/backend/src/authn/authn.controller.ts b/apps/backend/src/authn/authn.controller.ts
index 5e866c9aa9..acd571a5e0 100644
--- a/apps/backend/src/authn/authn.controller.ts
+++ b/apps/backend/src/authn/authn.controller.ts
@@ -1,4 +1,5 @@
 import {Controller, Post, Req, UseGuards} from '@nestjs/common';
+import {AuthGuard} from '@nestjs/passport';
 import {Request} from 'express';
 import {LocalAuthGuard} from '../guards/local-auth.guard';
 import {User} from '../users/user.model';
@@ -13,4 +14,10 @@ export class AuthnController {
   async login(@Req() req: Request): Promise<any> {
     return this.authnService.login(req.user as User);
   }
+
+  @UseGuards(AuthGuard('ldap'))
+  @Post('login/ldap')
+  async loginToLDAP(@Req() req: Request): Promise<any> {
+    return this.authnService.login(req.user as User);
+  }
 }
diff --git a/apps/backend/src/authn/authn.module.ts b/apps/backend/src/authn/authn.module.ts
index b5f6b8dfad..6e3f361ae0 100644
--- a/apps/backend/src/authn/authn.module.ts
+++ b/apps/backend/src/authn/authn.module.ts
@@ -6,11 +6,12 @@ import {UsersModule} from '../users/users.module';
 import {AuthnController} from './authn.controller';
 import {AuthnService} from './authn.service';
 import {JwtStrategy} from './jwt.strategy';
+import {LDAPStrategy} from './ldap.strategy';
 import {LocalStrategy} from './local.strategy';
 
 @Module({
   imports: [UsersModule, PassportModule, TokenModule, ConfigModule],
-  providers: [AuthnService, LocalStrategy, JwtStrategy],
+  providers: [AuthnService, LocalStrategy, JwtStrategy, LDAPStrategy],
   controllers: [AuthnController]
 })
 export class AuthnModule {}
diff --git a/apps/backend/src/authn/authn.service.ts b/apps/backend/src/authn/authn.service.ts
index 2078decefa..ea9fbff03c 100644
--- a/apps/backend/src/authn/authn.service.ts
+++ b/apps/backend/src/authn/authn.service.ts
@@ -1,6 +1,9 @@
 import {Injectable, UnauthorizedException} from '@nestjs/common';
 import {JwtService} from '@nestjs/jwt';
 import {compare} from 'bcrypt';
+import * as crypto from 'crypto';
+import {ConfigService} from '../config/config.service';
+import {CreateUserDto} from '../users/dto/create-user.dto';
 import {User} from '../users/user.model';
 import {UsersService} from '../users/users.service';
 
@@ -8,6 +11,7 @@ import {UsersService} from '../users/users.service';
 export class AuthnService {
   constructor(
     private usersService: UsersService,
+    private configService: ConfigService,
     private jwtService: JwtService
   ) {}
 
@@ -26,6 +30,37 @@ export class AuthnService {
     }
   }
 
+  async validateOrCreateUser(
+    email: string,
+    firstName: string,
+    lastName: string
+  ): Promise<any> {
+    let user: User;
+    try {
+      user = await this.usersService.findByEmail(email);
+    } catch {
+      const randomPass = crypto.randomBytes(128).toString('hex');
+      const createUser: CreateUserDto = {
+        email: email,
+        password: randomPass,
+        passwordConfirmation: randomPass,
+        firstName: firstName,
+        lastName: lastName,
+        organization: '',
+        title: '',
+        role: ''
+      };
+      await this.usersService.create(createUser);
+      user = await this.usersService.findByEmail(email);
+    }
+
+    if (user) {
+      this.usersService.updateLoginMetadata(user);
+    }
+
+    return user;
+  }
+
   async login(user: {
     id: string;
     email: string;
@@ -51,4 +86,12 @@ export class AuthnService {
       };
     }
   }
+
+  splitName(fullName: string): {firstName: string; lastName: string} {
+    const nameArray = fullName.split(' ');
+    return {
+      firstName: nameArray.slice(0, -1).join(' '),
+      lastName: nameArray[nameArray.length - 1]
+    };
+  }
 }
diff --git a/apps/backend/src/authn/ldap.strategy.ts b/apps/backend/src/authn/ldap.strategy.ts
new file mode 100644
index 0000000000..a4692ba9a9
--- /dev/null
+++ b/apps/backend/src/authn/ldap.strategy.ts
@@ -0,0 +1,46 @@
+import {Injectable} from '@nestjs/common';
+import {PassportStrategy} from '@nestjs/passport';
+import {Request} from 'express';
+import Strategy from 'passport-ldapauth';
+import {ConfigService} from '../config/config.service';
+import {AuthnService} from './authn.service';
+
+@Injectable()
+export class LDAPStrategy extends PassportStrategy(Strategy, 'ldap') {
+  constructor(
+    private authnService: AuthnService,
+    private configService: ConfigService
+  ) {
+    super(
+      {
+        passReqToCallback: true,
+        server: {
+          url: `ldap://${configService.get('LDAP_HOST')}:${
+            configService.get('LDAP_PORT') || 389
+          }`,
+          bindDN: configService.get('LDAP_BINDDN'),
+          bindCredentials: configService.get('LDAP_PASSWORD'),
+          searchBase: configService.get('LDAP_SEARCHBASE') || 'disabled',
+          searchFilter:
+            configService.get('LDAP_SEARCHFILTER') ||
+            '(sAMAccountName={{username}})',
+          passReqToCallback: true
+        }
+      },
+      async (req: Request, user: any, done: any) => {
+        const {firstName, lastName} = this.authnService.splitName(
+          user[configService.get('LDAP_NAMEFIELD') || 'name']
+        );
+        const email: string =
+          user[configService.get('LDAP_MAILFIELD') || 'mail'];
+
+        req.user = this.authnService.validateOrCreateUser(
+          email,
+          firstName,
+          lastName
+        );
+        return done(null, req.user);
+      }
+    );
+  }
+}
diff --git a/yarn.lock b/yarn.lock
index c3b1c84f47..8338757b67 100644
--- a/yarn.lock
+++ b/yarn.lock
@@ -3471,6 +3471,13 @@
     "@types/koa-compose" "*"
     "@types/node" "*"
 
+"@types/ldapjs@^1.0.9":
+  version "1.0.9"
+  resolved "https://registry.yarnpkg.com/@types/ldapjs/-/ldapjs-1.0.9.tgz#1224192d14cc5ab5218fcea72ebb04489c52cb95"
+  integrity sha512-3PvY7Drp1zoLbcGlothCAkoc5o6Jp9KvUPwHadlHyKp3yPvyeIh7w2zQc9UXMzgDRkoeGXUEODtbEs5XCh9ZyA==
+  dependencies:
+    "@types/node" "*"
+
 "@types/lodash@*", "@types/lodash@^4.14.161":
   version "4.14.167"
   resolved "https://registry.yarnpkg.com/@types/lodash/-/lodash-4.14.167.tgz#ce7d78553e3c886d4ea643c37ec7edc20f16765e"
@@ -4556,6 +4563,11 @@ abbrev@1:
   resolved "https://registry.yarnpkg.com/abbrev/-/abbrev-1.1.1.tgz#f8f2c887ad10bf67f634f005b6987fed3179aac8"
   integrity sha512-nne9/IiQ/hzIhY6pdDnbBtz7DjPTKrY00P/zvPSm5pOFkl6xuGrGnXn/VtTNNfNtAfZ9/1RtehkszU9qcTii0Q==
 
+abstract-logging@^2.0.0:
+  version "2.0.1"
+  resolved "https://registry.yarnpkg.com/abstract-logging/-/abstract-logging-2.0.1.tgz#6b0c371df212db7129b57d2e7fcf282b8bf1c839"
+  integrity sha512-2BjRTZxTPvheOvGbBslFSYOUkr+SjPtOnrLP33f+VIWLzezQpZcqVg7ja3L4dBXmzzgwT+a029jRx5PCi3JuiA==
+
 accepts@^1.3.5, accepts@~1.3.4, accepts@~1.3.5, accepts@~1.3.7:
   version "1.3.7"
   resolved "https://registry.yarnpkg.com/accepts/-/accepts-1.3.7.tgz#531bc726517a3b2b41f850021c6cc15eaab507cd"
@@ -5383,7 +5395,7 @@ asn1.js@^5.2.0:
     minimalistic-assert "^1.0.0"
     safer-buffer "^2.1.0"
 
-asn1@~0.2.3:
+asn1@^0.2.4, asn1@~0.2.3:
   version "0.2.4"
   resolved "https://registry.yarnpkg.com/asn1/-/asn1-0.2.4.tgz#8d2475dfab553bb33e77b54e59e880bb8ce23136"
   integrity sha512-jxwzQpLQjSmWXgwaCZE9Nz+glAG01yF1QnWgbhGwHI5A6FRIEY6IVqtHhIepHqI7/kyEyQEagBC5mBEFlIYvdg==
@@ -5783,6 +5795,13 @@ backo2@^1.0.2:
   resolved "https://registry.yarnpkg.com/backo2/-/backo2-1.0.2.tgz#31ab1ac8b129363463e35b3ebb69f4dfcfba7947"
   integrity sha1-MasayLEpNjRj41s+u2n038+6eUc=
 
+backoff@^2.5.0:
+  version "2.5.0"
+  resolved "https://registry.yarnpkg.com/backoff/-/backoff-2.5.0.tgz#f616eda9d3e4b66b8ca7fca79f695722c5f8e26f"
+  integrity sha1-9hbtqdPktmuMp/ynn2lXIsX44m8=
+  dependencies:
+    precond "0.2"
+
 balanced-match@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/balanced-match/-/balanced-match-1.0.0.tgz#89b4d199ab2bee49de164ea02b89ce462d71b767"
@@ -5826,6 +5845,11 @@ bcrypt@^5.0.0:
     node-addon-api "^3.0.0"
     node-pre-gyp "0.15.0"
 
+bcryptjs@^2.4.0:
+  version "2.4.3"
+  resolved "https://registry.yarnpkg.com/bcryptjs/-/bcryptjs-2.4.3.tgz#9ab5627b93e60621ff7cdac5da9733027df1d0cb"
+  integrity sha1-mrVie5PmBiH/fNrF2pczAn3x0Ms=
+
 before-after-hook@^2.0.0:
   version "2.1.0"
   resolved "https://registry.yarnpkg.com/before-after-hook/-/before-after-hook-2.1.0.tgz#b6c03487f44e24200dd30ca5e6a1979c5d2fb635"
@@ -13398,6 +13422,37 @@ lazy-ass@^1.6.0:
   resolved "https://registry.yarnpkg.com/lazy-ass/-/lazy-ass-1.6.0.tgz#7999655e8646c17f089fdd187d150d3324d54513"
   integrity sha1-eZllXoZGwX8In90YfRUNMyTVRRM=
 
+ldap-filter@^0.3.3:
+  version "0.3.3"
+  resolved "https://registry.yarnpkg.com/ldap-filter/-/ldap-filter-0.3.3.tgz#2b14c68a2a9d4104dbdbc910a1ca85fd189e9797"
+  integrity sha1-KxTGiiqdQQTb28kQocqF/Riel5c=
+  dependencies:
+    assert-plus "^1.0.0"
+
+ldapauth-fork@^5.0.1:
+  version "5.0.1"
+  resolved "https://registry.yarnpkg.com/ldapauth-fork/-/ldapauth-fork-5.0.1.tgz#18779a9c30371c5bbea02e3b6aaadb60819ad29c"
+  integrity sha512-EdELQz8zgPruqV2y88PAuAiZCgTaMjex/kEA2PIcOlPYFt75C9QFt5HGZKVQo8Sf/3Mwnr1AtiThHKcq+pRtEg==
+  dependencies:
+    "@types/ldapjs" "^1.0.9"
+    bcryptjs "^2.4.0"
+    ldapjs "^2.2.1"
+    lru-cache "^6.0.0"
+
+ldapjs@^2.2.1:
+  version "2.2.3"
+  resolved "https://registry.yarnpkg.com/ldapjs/-/ldapjs-2.2.3.tgz#7ae42c601911c2809f126355a2595ee1d1e21edf"
+  integrity sha512-143MayI+cSo1PEngge0HMVj3Fb0TneX4Qp9yl9bKs45qND3G64B75GMSxtZCfNuVsvg833aOp1UWG8peFu1LrQ==
+  dependencies:
+    abstract-logging "^2.0.0"
+    asn1 "^0.2.4"
+    assert-plus "^1.0.0"
+    backoff "^2.5.0"
+    ldap-filter "^0.3.3"
+    once "^1.4.0"
+    vasync "^2.2.0"
+    verror "^1.8.1"
+
 left-pad@^1.3.0:
   version "1.3.0"
   resolved "https://registry.yarnpkg.com/left-pad/-/left-pad-1.3.0.tgz#5b8a3a7765dfe001261dde915589e782f8c94d1e"
@@ -15614,6 +15669,14 @@ passport-jwt@^4.0.0:
     jsonwebtoken "^8.2.0"
     passport-strategy "^1.0.0"
 
+passport-ldapauth@^3.0.1:
+  version "3.0.1"
+  resolved "https://registry.yarnpkg.com/passport-ldapauth/-/passport-ldapauth-3.0.1.tgz#1432e8469de18bd46b5b39a46a866b416c1ddded"
+  integrity sha512-TRRx3BHi8GC8MfCT9wmghjde/EGeKjll7zqHRRfGRxXbLcaDce2OftbQrFG7/AWaeFhR6zpZHtBQ/IkINdLVjQ==
+  dependencies:
+    ldapauth-fork "^5.0.1"
+    passport-strategy "^1.0.0"
+
 passport-local@^1.0.0:
   version "1.0.0"
   resolved "https://registry.yarnpkg.com/passport-local/-/passport-local-1.0.0.tgz#1fe63268c92e75606626437e3b906662c15ba6ee"
@@ -16316,6 +16379,11 @@ postgres-interval@^1.1.0:
   dependencies:
     xtend "^4.0.0"
 
+precond@0.2:
+  version "0.2.3"
+  resolved "https://registry.yarnpkg.com/precond/-/precond-0.2.3.tgz#aa9591bcaa24923f1e0f4849d240f47efc1075ac"
+  integrity sha1-qpWRvKokkj8eD0hJ0kD0fvwQdaw=
+
 prelude-ls@^1.2.1:
   version "1.2.1"
   resolved "https://registry.yarnpkg.com/prelude-ls/-/prelude-ls-1.2.1.tgz#debc6489d7a6e6b0e7611888cec880337d316396"
@@ -19794,12 +19862,19 @@ vary@^1, vary@~1.1.2:
   resolved "https://registry.yarnpkg.com/vary/-/vary-1.1.2.tgz#2299f02c6ded30d4a5961b0b9f74524a18f634fc"
   integrity sha1-IpnwLG3tMNSllhsLn3RSShj2NPw=
 
+vasync@^2.2.0:
+  version "2.2.0"
+  resolved "https://registry.yarnpkg.com/vasync/-/vasync-2.2.0.tgz#cfde751860a15822db3b132bc59b116a4adaf01b"
+  integrity sha1-z951GGChWCLbOxMrxZsRakra8Bs=
+  dependencies:
+    verror "1.10.0"
+
 vendors@^1.0.0:
   version "1.0.4"
   resolved "https://registry.yarnpkg.com/vendors/-/vendors-1.0.4.tgz#e2b800a53e7a29b93506c3cf41100d16c4c4ad8e"
   integrity sha512-/juG65kTL4Cy2su4P8HjtkTxk6VmJDiOPBufWniqQ6wknac6jNiXS9vU+hO3wgusiyqWlzTbVHi0dyJqRONg3w==
 
-verror@1.10.0:
+verror@1.10.0, verror@^1.8.1:
   version "1.10.0"
   resolved "https://registry.yarnpkg.com/verror/-/verror-1.10.0.tgz#3a105ca17053af55d6e270c1f8288682e18da400"
   integrity sha1-OhBcoXBTr1XW4nDB+CiGguGNpAA=

From 247cdef8cb01c645c7ae2551936e1db93ec1ee56 Mon Sep 17 00:00:00 2001
From: Camden Moors <cmoors@mitre.org>
Date: Thu, 21 Jan 2021 11:18:26 -0500
Subject: [PATCH 02/34] Add frontend for LDAP login

---
 apps/backend/.env-example                     |   1 +
 apps/backend/src/config/config.service.ts     |   5 +-
 .../src/config/dto/startup-settings.dto.ts    |   2 +
 apps/frontend/src/store/server.ts             |  12 ++
 apps/frontend/src/views/Login.vue             | 203 +++++++++++++-----
 .../config/startup-settings.interface.ts      |   1 +
 6 files changed, 174 insertions(+), 50 deletions(-)

diff --git a/apps/backend/.env-example b/apps/backend/.env-example
index 02c584f8a1..73b87c7949 100644
--- a/apps/backend/.env-example
+++ b/apps/backend/.env-example
@@ -12,6 +12,7 @@ HEIMDALL_HEADLESS_TESTS=<run integration tests in a headless browser (default=tr
 ADMIN_PASSWORD=<Password for admin user (if nothing is provided, defaults to a randomly generated password)>
 
 # LDAP Configuration
+LDAP_ENABLED=<If you want to enable LDAP login (true/false)>
 LDAP_HOST=<Your LDAP target server>
 LDAP_PORT=<Your LDAP target port (if nothing is provided, defaults to 389)>
 LDAP_BINDDN=<The Dn of the user used for lookups>
diff --git a/apps/backend/src/config/config.service.ts b/apps/backend/src/config/config.service.ts
index c9fb637dd6..2fdb30ed11 100644
--- a/apps/backend/src/config/config.service.ts
+++ b/apps/backend/src/config/config.service.ts
@@ -31,7 +31,10 @@ export class ConfigService {
   }
 
   frontendStartupSettings(): StartupSettingsDto {
-    return new StartupSettingsDto({banner: this.get('WARNING_BANNER') || ''});
+    return new StartupSettingsDto({
+      banner: this.get('WARNING_BANNER') || '',
+      ldap: this.get('LDAP_ENABLED')?.toLocaleLowerCase() == 'true' || false
+    });
   }
 
   private parseDatabaseUrl(): boolean {
diff --git a/apps/backend/src/config/dto/startup-settings.dto.ts b/apps/backend/src/config/dto/startup-settings.dto.ts
index 274c576dbb..07ed3572d6 100644
--- a/apps/backend/src/config/dto/startup-settings.dto.ts
+++ b/apps/backend/src/config/dto/startup-settings.dto.ts
@@ -2,8 +2,10 @@ import {IStartupSettings} from '@heimdall/interfaces';
 
 export class StartupSettingsDto implements IStartupSettings {
   readonly banner: string;
+  readonly ldap: boolean;
 
   constructor(settings: IStartupSettings) {
     this.banner = settings.banner;
+    this.ldap = settings.ldap;
   }
 }
diff --git a/apps/frontend/src/store/server.ts b/apps/frontend/src/store/server.ts
index 70f3c3d887..71b2b3c2af 100644
--- a/apps/frontend/src/store/server.ts
+++ b/apps/frontend/src/store/server.ts
@@ -19,6 +19,7 @@ export interface IServerState {
   loading: boolean;
   token: string;
   banner: string;
+  ldap: boolean;
   userInfo: IUser;
 }
 
@@ -30,6 +31,7 @@ export interface IServerState {
 })
 class Server extends VuexModule implements IServerState {
   banner = '';
+  ldap = false;
   serverUrl = '';
   serverMode = false;
   loading = true;
@@ -66,6 +68,7 @@ class Server extends VuexModule implements IServerState {
   @Mutation
   SET_STARTUP_SETTINGS(settings: IStartupSettings) {
     this.banner = settings.banner;
+    this.ldap = settings.ldap;
   }
 
   @Mutation
@@ -146,6 +149,15 @@ class Server extends VuexModule implements IServerState {
     });
   }
 
+  @Action({rawError: true})
+  public async LoginLDAP(userInfo: {username: string; password: string}) {
+    return axios.post('/authn/login/ldap', userInfo).then(({data}) => {
+      this.context.commit('SET_TOKEN', data.accessToken);
+      this.context.commit('SET_USERID', data.userID);
+      this.GetUserInfo();
+    });
+  }
+
   @Action({rawError: true})
   public async Register(userInfo: {
     email: string;
diff --git a/apps/frontend/src/views/Login.vue b/apps/frontend/src/views/Login.vue
index d6a6760850..f28cec57fb 100644
--- a/apps/frontend/src/views/Login.vue
+++ b/apps/frontend/src/views/Login.vue
@@ -4,61 +4,126 @@
       <v-container class="fill-height" fluid>
         <v-row align="center" justify="center">
           <v-col cols="12" sm="8" md="4">
-            <v-card class="elevation-12">
+            <v-card class="elevation-12 rounded-b-0">
               <v-toolbar color="primary" dark flat>
                 <v-toolbar-title id="login_form_title">
                   Login to Heimdall Server
                 </v-toolbar-title>
                 <v-spacer />
               </v-toolbar>
-              <v-card-text>
-                <v-form id="login_form" ref="form" name="login_form">
-                  <v-text-field
-                    id="email_field"
-                    v-model="email"
-                    :error-messages="emailErrors($v.email)"
-                    name="email"
-                    label="Email"
-                    prepend-icon="mdi-account"
-                    type="text"
-                    required
-                    @keyup.enter="$refs.password.focus"
-                    @blur="$v.email.$touch()"
-                  />
-                  <v-text-field
-                    id="password_field"
-                    ref="password"
-                    v-model="password"
-                    :error-messages="
-                      requiredFieldError($v.password, 'Password')
-                    "
-                    type="password"
-                    name="password"
-                    label="Password"
-                    prepend-icon="mdi-lock"
-                    @keyup.enter="login"
-                    @blur="$v.password.$touch()"
-                  />
-                  <v-btn
-                    id="login_button"
-                    depressed
-                    large
-                    color="primary"
-                    :disabled="$v.$invalid"
-                    @click="login"
-                  >
-                    Login
-                  </v-btn>
-                </v-form>
-              </v-card-text>
-              <v-card-actions>
-                <v-spacer />
-                <div class="my-2">
-                  <v-btn id="sign_up_button" depressed small @click="signup">
-                    Sign Up
-                  </v-btn>
-                </div>
-              </v-card-actions>
+              <v-tabs
+                active
+                :value="active_tab"
+                background-color="primary darken-1"
+                color="primary-visible"
+                show-arrows
+              >
+                <v-tab id="select-tab-standard-login" href="#login-standard"
+                  >Heimdall Login</v-tab
+                >
+                <v-tab id="select-tab-ldap-login" href="#login-ldap"
+                  >Organization Login</v-tab
+                >
+
+                <v-tab-item value="login-standard">
+                  <v-card class="elevation-12 rounded-t-0">
+                    <v-card-text>
+                      <v-form id="login_form" ref="form" name="login_form">
+                        <v-text-field
+                          id="email_field"
+                          v-model="email"
+                          :error-messages="emailErrors($v.email)"
+                          name="email"
+                          label="Email"
+                          prepend-icon="mdi-account"
+                          type="text"
+                          required
+                          @keyup.enter="$refs.password.focus"
+                          @blur="$v.email.$touch()"
+                        />
+                        <v-text-field
+                          id="password_field"
+                          ref="password"
+                          v-model="password"
+                          :error-messages="
+                            requiredFieldError($v.password, 'Password')
+                          "
+                          type="password"
+                          name="password"
+                          label="Password"
+                          prepend-icon="mdi-lock"
+                          @keyup.enter="login"
+                          @blur="$v.password.$touch()"
+                        />
+                        <v-btn
+                          id="login_button"
+                          depressed
+                          large
+                          color="primary"
+                          :disabled="$v.$invalid"
+                          @click="login"
+                        >
+                          Login
+                        </v-btn>
+                      </v-form>
+                    </v-card-text>
+                    <v-card-actions>
+                      <v-spacer />
+                      <div class="my-2">
+                        <v-btn
+                          id="sign_up_button"
+                          depressed
+                          small
+                          @click="signup"
+                        >
+                          Sign Up
+                        </v-btn>
+                      </div>
+                    </v-card-actions>
+                  </v-card>
+                </v-tab-item>
+                <v-tab-item value="login-ldap">
+                  <v-card-text>
+                    <v-form id="login_form" ref="form" name="login_form">
+                      <v-text-field
+                        id="username_field"
+                        v-model="username"
+                        :error-messages="requiredFieldError($v.username)"
+                        name="username"
+                        label="Username"
+                        prepend-icon="mdi-account"
+                        type="text"
+                        required
+                        @keyup.enter="$refs.password.focus"
+                        @blur="$v.email.$touch()"
+                      />
+                      <v-text-field
+                        id="password_field"
+                        ref="password"
+                        v-model="password"
+                        :error-messages="
+                          requiredFieldError($v.password, 'Password')
+                        "
+                        type="password"
+                        name="password"
+                        label="Password"
+                        prepend-icon="mdi-lock"
+                        @keyup.enter="ldapLogin()"
+                        @blur="$v.password.$touch()"
+                      />
+                      <v-btn
+                        id="login_button"
+                        depressed
+                        large
+                        color="primary"
+                        @click="ldapLogin()"
+                      >
+                        Login
+                      </v-btn>
+                    </v-form>
+                  </v-card-text>
+                </v-tab-item>
+              </v-tabs>
             </v-card>
           </v-col>
         </v-row>
@@ -71,14 +136,22 @@ import Vue from 'vue';
 import Component from 'vue-class-component';
 import UserValidatorMixin from '@/mixins/UserValidatorMixin';
 import {required, email} from 'vuelidate/lib/validators';
+import {LocalStorageVal} from '@/utilities/helper_util';
 import {ServerModule} from '@/store/server';
 import {SnackbarModule} from '@/store/snackbar';
 
+const login_tab = new LocalStorageVal<string>('login_curr_tab');
+
 export interface LoginHash {
   email: string;
   password: string;
 }
 
+export interface LDAPLoginHash {
+  username: string;
+  password: string;
+}
+
 @Component({
   mixins: [UserValidatorMixin],
   validations: {
@@ -86,6 +159,9 @@ export interface LoginHash {
       required,
       email
     },
+    username: {
+      required
+    },
     password: {
       required
     }
@@ -93,9 +169,14 @@ export interface LoginHash {
 })
 export default class Login extends Vue {
   email: string = '';
+  username: string = '';
   password: string = '';
+  active_tab: string = login_tab.get_default('logintab-standard')
 
   mounted() {
+    if(!ServerModule.ldap){
+      document.querySelectorAll('[role="tablist"]')[0].remove()
+    }
     this.checkLoggedIn();
   }
 
@@ -123,5 +204,29 @@ export default class Login extends Vue {
         SnackbarModule.notify(error.response.data.message);
       });
   }
+
+  ldapLogin() {
+    let creds: LDAPLoginHash = {
+      username: this.username,
+      password: this.password
+    };
+    ServerModule.LoginLDAP(creds)
+      .then(() => {
+        this.$router.push('/');
+        SnackbarModule.notify('You have successfully signed in.');
+      })
+      .catch((error) => {
+        SnackbarModule.notify(error.response.data.message);
+      });
+  }
+
+  get ldapenabled() {
+    return ServerModule.ldap
+  }
 }
 </script>
+<style scoped>
+.hidden {
+  display: none;
+}
+</style>
diff --git a/libs/interfaces/config/startup-settings.interface.ts b/libs/interfaces/config/startup-settings.interface.ts
index b6ef797d6b..30ae54dd17 100644
--- a/libs/interfaces/config/startup-settings.interface.ts
+++ b/libs/interfaces/config/startup-settings.interface.ts
@@ -1,3 +1,4 @@
 export interface IStartupSettings {
   readonly banner: string;
+  readonly ldap: boolean;
 }

From f11288fd70de74fc5f490ba7ad9a444e84194a34 Mon Sep 17 00:00:00 2001
From: Camden Moors <cmoors@mitre.org>
Date: Thu, 21 Jan 2021 11:19:48 -0500
Subject: [PATCH 03/34] Undo changes to README

---
 README.md | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/README.md b/README.md
index ce656d1648..9e4bb52aeb 100644
--- a/README.md
+++ b/README.md
@@ -170,7 +170,7 @@ To run Heimdall Server, Postgresql must be installed and a user account must exi
 
     # Start the Postgres terminal
     psql postgres
-    
+
     # Create the user
     CREATE USER <username> with encrypted password '<password>';
     ALTER USER <username> CREATEDB;
@@ -180,7 +180,9 @@ Then, the following one-time steps must be performed:
 
     cp apps/backend/.env-example apps/backend/.env
     # Edit /apps/backend/.env to reflect the appropriate configuration for your system
-    
+    yarn backend sequelize-cli db:create
+    yarn backend sequelize-cli db:migrate
+    yarn backend sequelize-cli db:seed:all
 
 Once the above steps are completed it is possible to start heimdall-server using the following command
 

From 1626c99992e7c0e59dc5089d787b093991f94014 Mon Sep 17 00:00:00 2001
From: Camden Moors <cmoors@mitre.org>
Date: Thu, 21 Jan 2021 12:15:37 -0500
Subject: [PATCH 04/34] Remove username requirement (interferes with regular
 login validation, may not fit everyone)

---
 apps/frontend/src/views/Login.vue | 4 ----
 1 file changed, 4 deletions(-)

diff --git a/apps/frontend/src/views/Login.vue b/apps/frontend/src/views/Login.vue
index f28cec57fb..b8c518d8e9 100644
--- a/apps/frontend/src/views/Login.vue
+++ b/apps/frontend/src/views/Login.vue
@@ -88,7 +88,6 @@
                       <v-text-field
                         id="username_field"
                         v-model="username"
-                        :error-messages="requiredFieldError($v.username)"
                         name="username"
                         label="Username"
                         prepend-icon="mdi-account"
@@ -159,9 +158,6 @@ export interface LDAPLoginHash {
       required,
       email
     },
-    username: {
-      required
-    },
     password: {
       required
     }

From 60591cab76459e8b0c926f503ee40dc37f486e25 Mon Sep 17 00:00:00 2001
From: Camden Moors <cmoors@mitre.org>
Date: Thu, 21 Jan 2021 12:44:45 -0500
Subject: [PATCH 05/34] Fix sonarcloud recommendations

---
 apps/backend/src/authn/authn.service.ts   |  2 +-
 apps/backend/src/authn/ldap.strategy.ts   |  4 ++--
 apps/backend/src/config/config.service.ts |  2 +-
 apps/frontend/src/store/server.ts         | 19 +++++++++++--------
 apps/frontend/src/views/Login.vue         |  6 +++---
 5 files changed, 18 insertions(+), 15 deletions(-)

diff --git a/apps/backend/src/authn/authn.service.ts b/apps/backend/src/authn/authn.service.ts
index ea9fbff03c..180740c6c6 100644
--- a/apps/backend/src/authn/authn.service.ts
+++ b/apps/backend/src/authn/authn.service.ts
@@ -11,7 +11,7 @@ import {UsersService} from '../users/users.service';
 export class AuthnService {
   constructor(
     private usersService: UsersService,
-    private configService: ConfigService,
+    private readonly configService: ConfigService,
     private jwtService: JwtService
   ) {}
 
diff --git a/apps/backend/src/authn/ldap.strategy.ts b/apps/backend/src/authn/ldap.strategy.ts
index a4692ba9a9..428d429bda 100644
--- a/apps/backend/src/authn/ldap.strategy.ts
+++ b/apps/backend/src/authn/ldap.strategy.ts
@@ -8,8 +8,8 @@ import {AuthnService} from './authn.service';
 @Injectable()
 export class LDAPStrategy extends PassportStrategy(Strategy, 'ldap') {
   constructor(
-    private authnService: AuthnService,
-    private configService: ConfigService
+    private readonly authnService: AuthnService,
+    private readonly configService: ConfigService
   ) {
     super(
       {
diff --git a/apps/backend/src/config/config.service.ts b/apps/backend/src/config/config.service.ts
index 2fdb30ed11..8288408820 100644
--- a/apps/backend/src/config/config.service.ts
+++ b/apps/backend/src/config/config.service.ts
@@ -33,7 +33,7 @@ export class ConfigService {
   frontendStartupSettings(): StartupSettingsDto {
     return new StartupSettingsDto({
       banner: this.get('WARNING_BANNER') || '',
-      ldap: this.get('LDAP_ENABLED')?.toLocaleLowerCase() == 'true' || false
+      ldap: this.get('LDAP_ENABLED')?.toLocaleLowerCase() === 'true' || false
     });
   }
 
diff --git a/apps/frontend/src/store/server.ts b/apps/frontend/src/store/server.ts
index 71b2b3c2af..d15a540178 100644
--- a/apps/frontend/src/store/server.ts
+++ b/apps/frontend/src/store/server.ts
@@ -140,21 +140,24 @@ class Server extends VuexModule implements IServerState {
       });
   }
 
+  @Action
+  public async handleLogin(data: {userID: string; accessToken: string}) {
+    this.context.commit('SET_USERID', data.userID);
+    this.context.commit('SET_TOKEN', data.accessToken);
+    this.GetUserInfo();
+  }
+
   @Action({rawError: true})
   public async Login(userInfo: {email: string; password: string}) {
-    return axios.post('/authn/login', userInfo).then(({data}) => {
-      this.context.commit('SET_TOKEN', data.accessToken);
-      this.context.commit('SET_USERID', data.userID);
-      this.GetUserInfo();
+    return axios.post('/authn/login', userInfo).then((response) => {
+      this.handleLogin(response.data);
     });
   }
 
   @Action({rawError: true})
   public async LoginLDAP(userInfo: {username: string; password: string}) {
-    return axios.post('/authn/login/ldap', userInfo).then(({data}) => {
-      this.context.commit('SET_TOKEN', data.accessToken);
-      this.context.commit('SET_USERID', data.userID);
-      this.GetUserInfo();
+    return axios.post('/authn/login/ldap', userInfo).then((response) => {
+      this.handleLogin(response.data);
     });
   }
 
diff --git a/apps/frontend/src/views/Login.vue b/apps/frontend/src/views/Login.vue
index b8c518d8e9..0a0919883a 100644
--- a/apps/frontend/src/views/Login.vue
+++ b/apps/frontend/src/views/Login.vue
@@ -13,7 +13,7 @@
               </v-toolbar>
               <v-tabs
                 active
-                :value="active_tab"
+                :value="activeTab"
                 background-color="primary darken-1"
                 color="primary-visible"
                 show-arrows
@@ -139,7 +139,7 @@ import {LocalStorageVal} from '@/utilities/helper_util';
 import {ServerModule} from '@/store/server';
 import {SnackbarModule} from '@/store/snackbar';
 
-const login_tab = new LocalStorageVal<string>('login_curr_tab');
+const lastLoginTab = new LocalStorageVal<string>('login_curr_tab');
 
 export interface LoginHash {
   email: string;
@@ -167,7 +167,7 @@ export default class Login extends Vue {
   email: string = '';
   username: string = '';
   password: string = '';
-  active_tab: string = login_tab.get_default('logintab-standard')
+  activeTab: string = lastLoginTab.get_default('logintab-standard')
 
   mounted() {
     if(!ServerModule.ldap){

From cb9ff3188a40216951bdec33cbc1c8b716e6ac20 Mon Sep 17 00:00:00 2001
From: Camden Moors <cmoors@mitre.org>
Date: Thu, 21 Jan 2021 13:00:14 -0500
Subject: [PATCH 06/34] constify ldap login creds

---
 apps/frontend/src/views/Login.vue | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/frontend/src/views/Login.vue b/apps/frontend/src/views/Login.vue
index 0a0919883a..503515f549 100644
--- a/apps/frontend/src/views/Login.vue
+++ b/apps/frontend/src/views/Login.vue
@@ -202,7 +202,7 @@ export default class Login extends Vue {
   }
 
   ldapLogin() {
-    let creds: LDAPLoginHash = {
+    const creds: LDAPLoginHash = {
       username: this.username,
       password: this.password
     };

From d0794685c30cf1dc268f9fb31ca9efd51e0f05e6 Mon Sep 17 00:00:00 2001
From: Camden Moors <cmoors@mitre.org>
Date: Thu, 21 Jan 2021 13:54:24 -0500
Subject: [PATCH 07/34] Split Local Login and LDAPLogin into two components

---
 .../src/components/global/login/LDAPLogin.vue |  84 +++++++++
 .../components/global/login/LocalLogin.vue    |  98 ++++++++++
 apps/frontend/src/views/Login.vue             | 170 ++----------------
 3 files changed, 193 insertions(+), 159 deletions(-)
 create mode 100644 apps/frontend/src/components/global/login/LDAPLogin.vue
 create mode 100644 apps/frontend/src/components/global/login/LocalLogin.vue

diff --git a/apps/frontend/src/components/global/login/LDAPLogin.vue b/apps/frontend/src/components/global/login/LDAPLogin.vue
new file mode 100644
index 0000000000..b7ee1d176d
--- /dev/null
+++ b/apps/frontend/src/components/global/login/LDAPLogin.vue
@@ -0,0 +1,84 @@
+<template>
+  <v-card-text>
+    <v-form id="login_form" ref="form" name="login_form">
+      <v-text-field
+        id="username_field"
+        v-model="username"
+        :error-messages="requiredFieldError($v.username, 'Username')"
+        name="username"
+        label="Username"
+        prepend-icon="mdi-account"
+        type="text"
+        required
+        @keyup.enter="$refs.password.focus"
+        @blur="$v.username.$touch()"
+      />
+      <v-text-field
+        id="password_field"
+        ref="password"
+        v-model="password"
+        :error-messages="requiredFieldError($v.password, 'Password')"
+        type="password"
+        name="password"
+        label="Password"
+        prepend-icon="mdi-lock"
+        @keyup.enter="ldapLogin()"
+        @blur="$v.password.$touch()"
+      />
+      <v-btn
+        id="login_button"
+        depressed
+        large
+        color="primary"
+        @click="ldapLogin()"
+      >
+        Login
+      </v-btn>
+    </v-form>
+  </v-card-text>
+</template>
+
+<script lang="ts">
+import Vue from 'vue';
+import Component from 'vue-class-component';
+import {required} from 'vuelidate/lib/validators';
+import UserValidatorMixin from '@/mixins/UserValidatorMixin';
+import {ServerModule} from '@/store/server';
+import {SnackbarModule} from '@/store/snackbar';
+
+export interface LDAPLoginHash {
+  username: string;
+  password: string;
+}
+
+@Component({
+    mixins: [UserValidatorMixin],
+    validations: {
+        username: {
+            required
+        },
+        password: {
+            required
+        }
+    }
+})
+export default class LDAPLogin extends Vue {
+    username: string = '';
+    password: string = '';
+
+    ldapLogin() {
+        const creds: LDAPLoginHash = {
+        username: this.username,
+        password: this.password
+        };
+        ServerModule.LoginLDAP(creds)
+        .then(() => {
+            this.$router.push('/');
+            SnackbarModule.notify('You have successfully signed in.');
+        })
+        .catch((error) => {
+            SnackbarModule.notify(error.response.data.message);
+        });
+    }
+}
+</script>
diff --git a/apps/frontend/src/components/global/login/LocalLogin.vue b/apps/frontend/src/components/global/login/LocalLogin.vue
new file mode 100644
index 0000000000..d71387b48e
--- /dev/null
+++ b/apps/frontend/src/components/global/login/LocalLogin.vue
@@ -0,0 +1,98 @@
+<template>
+  <v-card class="elevation-12 rounded-t-0">
+    <v-card-text>
+      <v-form id="login_form" ref="form" name="login_form">
+        <v-text-field
+          id="email_field"
+          v-model="email"
+          :error-messages="emailErrors($v.email)"
+          name="email"
+          label="Email"
+          prepend-icon="mdi-account"
+          type="text"
+          required
+          @keyup.enter="$refs.password.focus"
+          @blur="$v.email.$touch()"
+        />
+        <v-text-field
+          id="password_field"
+          ref="password"
+          v-model="password"
+          :error-messages="requiredFieldError($v.password, 'Password')"
+          type="password"
+          name="password"
+          label="Password"
+          prepend-icon="mdi-lock"
+          @keyup.enter="login"
+          @blur="$v.password.$touch()"
+        />
+        <v-btn
+          id="login_button"
+          depressed
+          large
+          color="primary"
+          :disabled="$v.$invalid"
+          @click="login"
+        >
+          Login
+        </v-btn>
+      </v-form>
+    </v-card-text>
+    <v-card-actions>
+      <v-spacer />
+      <div class="my-2">
+        <v-btn id="sign_up_button" depressed small @click="signup">
+          Sign Up
+        </v-btn>
+      </div>
+    </v-card-actions>
+  </v-card>
+</template>
+<script lang="ts">
+import Vue from 'vue';
+import Component from 'vue-class-component';
+import {ServerModule} from '@/store/server';
+import {required, email} from 'vuelidate/lib/validators';
+import UserValidatorMixin from '@/mixins/UserValidatorMixin';
+import {SnackbarModule} from '@/store/snackbar';
+
+interface LoginHash {
+  email: string;
+  password: string;
+}
+@Component({
+    mixins: [UserValidatorMixin],
+    validations: {
+    email: {
+      required,
+      email
+    },
+    password: {
+      required
+    }
+  }
+})
+export default class LocalLogin extends Vue {
+    email: string = '';
+    password: string = '';
+
+  signup() {
+    this.$router.push('/signup');
+  }
+
+  login() {
+    let creds: LoginHash = {
+      email: this.email,
+      password: this.password
+    };
+    ServerModule.Login(creds)
+      .then(() => {
+        this.$router.push('/');
+        SnackbarModule.notify('You have successfully signed in.');
+      })
+      .catch((error) => {
+        SnackbarModule.notify(error.response.data.message);
+      });
+  }
+}
+</script>
diff --git a/apps/frontend/src/views/Login.vue b/apps/frontend/src/views/Login.vue
index 503515f549..aad81ae1a6 100644
--- a/apps/frontend/src/views/Login.vue
+++ b/apps/frontend/src/views/Login.vue
@@ -21,106 +21,18 @@
                 <v-tab id="select-tab-standard-login" href="#login-standard"
                   >Heimdall Login</v-tab
                 >
-                <v-tab id="select-tab-ldap-login" href="#login-ldap"
+                <v-tab
+                  v-if="ldapenabled"
+                  id="select-tab-ldap-login"
+                  href="#login-ldap"
                   >Organization Login</v-tab
                 >
 
                 <v-tab-item value="login-standard">
-                  <v-card class="elevation-12 rounded-t-0">
-                    <v-card-text>
-                      <v-form id="login_form" ref="form" name="login_form">
-                        <v-text-field
-                          id="email_field"
-                          v-model="email"
-                          :error-messages="emailErrors($v.email)"
-                          name="email"
-                          label="Email"
-                          prepend-icon="mdi-account"
-                          type="text"
-                          required
-                          @keyup.enter="$refs.password.focus"
-                          @blur="$v.email.$touch()"
-                        />
-                        <v-text-field
-                          id="password_field"
-                          ref="password"
-                          v-model="password"
-                          :error-messages="
-                            requiredFieldError($v.password, 'Password')
-                          "
-                          type="password"
-                          name="password"
-                          label="Password"
-                          prepend-icon="mdi-lock"
-                          @keyup.enter="login"
-                          @blur="$v.password.$touch()"
-                        />
-                        <v-btn
-                          id="login_button"
-                          depressed
-                          large
-                          color="primary"
-                          :disabled="$v.$invalid"
-                          @click="login"
-                        >
-                          Login
-                        </v-btn>
-                      </v-form>
-                    </v-card-text>
-                    <v-card-actions>
-                      <v-spacer />
-                      <div class="my-2">
-                        <v-btn
-                          id="sign_up_button"
-                          depressed
-                          small
-                          @click="signup"
-                        >
-                          Sign Up
-                        </v-btn>
-                      </div>
-                    </v-card-actions>
-                  </v-card>
+                  <LocalLogin />
                 </v-tab-item>
                 <v-tab-item value="login-ldap">
-                  <v-card-text>
-                    <v-form id="login_form" ref="form" name="login_form">
-                      <v-text-field
-                        id="username_field"
-                        v-model="username"
-                        name="username"
-                        label="Username"
-                        prepend-icon="mdi-account"
-                        type="text"
-                        required
-                        @keyup.enter="$refs.password.focus"
-                        @blur="$v.email.$touch()"
-                      />
-                      <v-text-field
-                        id="password_field"
-                        ref="password"
-                        v-model="password"
-                        :error-messages="
-                          requiredFieldError($v.password, 'Password')
-                        "
-                        type="password"
-                        name="password"
-                        label="Password"
-                        prepend-icon="mdi-lock"
-                        @keyup.enter="ldapLogin()"
-                        @blur="$v.password.$touch()"
-                      />
-                      <v-btn
-                        id="login_button"
-                        depressed
-                        large
-                        color="primary"
-                        @click="ldapLogin()"
-                      >
-                        Login
-                      </v-btn>
-                    </v-form>
-                  </v-card-text>
+                  <LDAPLogin />
                 </v-tab-item>
               </v-tabs>
             </v-card>
@@ -134,45 +46,24 @@
 import Vue from 'vue';
 import Component from 'vue-class-component';
 import UserValidatorMixin from '@/mixins/UserValidatorMixin';
-import {required, email} from 'vuelidate/lib/validators';
 import {LocalStorageVal} from '@/utilities/helper_util';
 import {ServerModule} from '@/store/server';
-import {SnackbarModule} from '@/store/snackbar';
+import LocalLogin from '@/components/global/login/LocalLogin.vue'
+import LDAPLogin from '@/components/global/login/LDAPLogin.vue'
 
 const lastLoginTab = new LocalStorageVal<string>('login_curr_tab');
 
-export interface LoginHash {
-  email: string;
-  password: string;
-}
-
-export interface LDAPLoginHash {
-  username: string;
-  password: string;
-}
-
 @Component({
-  mixins: [UserValidatorMixin],
-  validations: {
-    email: {
-      required,
-      email
-    },
-    password: {
-      required
-    }
+  components: {
+    LocalLogin,
+    LDAPLogin
   }
 })
 export default class Login extends Vue {
-  email: string = '';
   username: string = '';
-  password: string = '';
   activeTab: string = lastLoginTab.get_default('logintab-standard')
 
   mounted() {
-    if(!ServerModule.ldap){
-      document.querySelectorAll('[role="tablist"]')[0].remove()
-    }
     this.checkLoggedIn();
   }
 
@@ -182,47 +73,8 @@ export default class Login extends Vue {
     }
   }
 
-  signup() {
-    this.$router.push('/signup');
-  }
-
-  login() {
-    let creds: LoginHash = {
-      email: this.email,
-      password: this.password
-    };
-    ServerModule.Login(creds)
-      .then(() => {
-        this.$router.push('/');
-        SnackbarModule.notify('You have successfully signed in.');
-      })
-      .catch((error) => {
-        SnackbarModule.notify(error.response.data.message);
-      });
-  }
-
-  ldapLogin() {
-    const creds: LDAPLoginHash = {
-      username: this.username,
-      password: this.password
-    };
-    ServerModule.LoginLDAP(creds)
-      .then(() => {
-        this.$router.push('/');
-        SnackbarModule.notify('You have successfully signed in.');
-      })
-      .catch((error) => {
-        SnackbarModule.notify(error.response.data.message);
-      });
-  }
-
   get ldapenabled() {
     return ServerModule.ldap
   }
 }
 </script>
-<style scoped>
-.hidden {
-  display: none;
-}
-</style>

From 3d691450ad9c97236d702b3e83fd8e3e6448d957 Mon Sep 17 00:00:00 2001
From: Camden Moors <cmoors@mitre.org>
Date: Thu, 21 Jan 2021 14:02:04 -0500
Subject: [PATCH 08/34] Remove unused UserValidatorMixin

---
 apps/frontend/src/views/Login.vue | 1 -
 1 file changed, 1 deletion(-)

diff --git a/apps/frontend/src/views/Login.vue b/apps/frontend/src/views/Login.vue
index aad81ae1a6..194e8e3246 100644
--- a/apps/frontend/src/views/Login.vue
+++ b/apps/frontend/src/views/Login.vue
@@ -45,7 +45,6 @@
 <script lang="ts">
 import Vue from 'vue';
 import Component from 'vue-class-component';
-import UserValidatorMixin from '@/mixins/UserValidatorMixin';
 import {LocalStorageVal} from '@/utilities/helper_util';
 import {ServerModule} from '@/store/server';
 import LocalLogin from '@/components/global/login/LocalLogin.vue'

From 5e66a13ceafc0bde71df934aebf0fedb7a5fe834 Mon Sep 17 00:00:00 2001
From: Camden Moors <cmoors@mitre.org>
Date: Thu, 21 Jan 2021 14:04:42 -0500
Subject: [PATCH 09/34] Constify locallogin creds

---
 apps/frontend/src/components/global/login/LocalLogin.vue | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/frontend/src/components/global/login/LocalLogin.vue b/apps/frontend/src/components/global/login/LocalLogin.vue
index d71387b48e..4913e8e751 100644
--- a/apps/frontend/src/components/global/login/LocalLogin.vue
+++ b/apps/frontend/src/components/global/login/LocalLogin.vue
@@ -81,7 +81,7 @@ export default class LocalLogin extends Vue {
   }
 
   login() {
-    let creds: LoginHash = {
+    const creds: LoginHash = {
       email: this.email,
       password: this.password
     };

From d123a29ef84471fdbc2f9131d66d6a024bce1c62 Mon Sep 17 00:00:00 2001
From: Camden Moors <cmoors@mitre.org>
Date: Fri, 22 Jan 2021 10:13:17 -0500
Subject: [PATCH 10/34] Add openldap container to e2e job

---
 .github/workflows/e2e-ui-tests.yml | 17 +++++++++++++++++
 apps/backend/.env-example          |  4 ++--
 2 files changed, 19 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/e2e-ui-tests.yml b/.github/workflows/e2e-ui-tests.yml
index f99db48ee0..51ae25e3d1 100644
--- a/.github/workflows/e2e-ui-tests.yml
+++ b/.github/workflows/e2e-ui-tests.yml
@@ -19,6 +19,16 @@ jobs:
           POSTGRES_PASSWORD: postgres
         ports:
           - 5432:5432
+      openldap:
+        image: osixia/openldap
+        container_name: osixia/openldap
+        env:
+          - LDAP_DOMAIN=example.com
+          - ADMIN_PASSWORD=${{ secrets.LDAP_ADMIN_PASSWORD }}
+          - LDAP_READONLY_USER=true
+        ports:
+          - 389:389
+
 
     steps:
      - uses: actions/checkout@v2
@@ -62,6 +72,13 @@ jobs:
        uses: cypress-io/github-action@v2
        with:
          start: yarn start
+         env:
+          - LDAP_ENABLED=true 
+          - LDAP_HOST=openldap
+          - LDAP_BINDDN="cn=admin,dc=example,dc=com"
+          - LDAP_PASSWORd=${{ secrets.LDAP_ADMIN_PASSWORD }}
+          - LDAP_SEARCHFILTER=(cn={{username}})
+          - LDAP_NAMEFIELD=cn
          wait-on: http://127.0.0.1:3000
 
      - name: Upload test screenshots
diff --git a/apps/backend/.env-example b/apps/backend/.env-example
index 73b87c7949..0b1e02ce3d 100644
--- a/apps/backend/.env-example
+++ b/apps/backend/.env-example
@@ -21,7 +21,7 @@ LDAP_PASSWORD=<Your LDAP user's passwords used for lookups>
 # If you're using Active Directory, you probably want "OU=Users, DC=<yourdomain>, DC=local"
 LDAP_SEARCHBASE="<Your LDAP search base>"
 # Here you set your LDAP search filter, for more info see https://confluence.atlassian.com/kb/how-to-write-ldap-search-filters-792496933.html
-# If you are using Active Directory Users, you probably want "(sAMAccountName={{username}}"
-LDAP_SEARCHFILTER="<Your LDAP search filter (if nothing is provided, defaults to (sAMAccountName={{username}}>"
+# If you are using Active Directory Users, you probably want "sAMAccountName={{username}}"
+LDAP_SEARCHFILTER="<Your LDAP search filter (if nothing is provided, defaults to (sAMAccountName={{username}})>"
 LDAP_NAMEFIELD="<The field that contains the user's full name (if nothing is provided, defaults to name)>"
 LDAP_MAILFIELD="<The field that contains the user's email (if nothing is provided, defaults to mail)>"
\ No newline at end of file

From 5075125e0c125cf2c2f93a24350b9e36eb52ede2 Mon Sep 17 00:00:00 2001
From: Camden Moors <cmoors@mitre.org>
Date: Fri, 22 Jan 2021 10:30:53 -0500
Subject: [PATCH 11/34] Change container name and lint integration tests

---
 .github/workflows/e2e-ui-tests.yml | 103 ++++++++++++++---------------
 1 file changed, 51 insertions(+), 52 deletions(-)

diff --git a/.github/workflows/e2e-ui-tests.yml b/.github/workflows/e2e-ui-tests.yml
index 51ae25e3d1..d8af92c452 100644
--- a/.github/workflows/e2e-ui-tests.yml
+++ b/.github/workflows/e2e-ui-tests.yml
@@ -2,9 +2,9 @@ name: Run E2E Backend + Frontend Tests
 
 on:
   push:
-    branches: [ master ]
+    branches: [master]
   pull_request:
-    branches: [ master ]
+    branches: [master]
 
 jobs:
   build:
@@ -21,7 +21,7 @@ jobs:
           - 5432:5432
       openldap:
         image: osixia/openldap
-        container_name: osixia/openldap
+        container_name: openldap
         env:
           - LDAP_DOMAIN=example.com
           - ADMIN_PASSWORD=${{ secrets.LDAP_ADMIN_PASSWORD }}
@@ -29,61 +29,60 @@ jobs:
         ports:
           - 389:389
 
-
     steps:
-     - uses: actions/checkout@v2
+      - uses: actions/checkout@v2
 
-     - name: Cache node modules
-       uses: actions/cache@v2
-       env:
-         cache-name: cache-node-modules
-       with:
-         # npm cache files are stored in `~/.npm` on Linux/macOS
-         path: ~/.npm
-         key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
-         restore-keys: |
-           ${{ runner.os }}-build-${{ env.cache-name }}-
-           ${{ runner.os }}-build-
-           ${{ runner.os }}-
+      - name: Cache node modules
+        uses: actions/cache@v2
+        env:
+          cache-name: cache-node-modules
+        with:
+          # npm cache files are stored in `~/.npm` on Linux/macOS
+          path: ~/.npm
+          key: ${{ runner.os }}-build-${{ env.cache-name }}-${{ hashFiles('**/package-lock.json') }}
+          restore-keys: |
+            ${{ runner.os }}-build-${{ env.cache-name }}-
+            ${{ runner.os }}-build-
+            ${{ runner.os }}-
 
-     - name: Setup Node.js
-       uses: actions/setup-node@v1
-       with:
-        node-version: '14.x'
+      - name: Setup Node.js
+        uses: actions/setup-node@v1
+        with:
+          node-version: "14.x"
 
-     - name: Install project dependencies
-       run: yarn install --frozen-lockfile
+      - name: Install project dependencies
+        run: yarn install --frozen-lockfile
 
-     - name: Copy .env-ci to .env
-       run: cp apps/backend/test/.env-ci apps/backend/.env
+      - name: Copy .env-ci to .env
+        run: cp apps/backend/test/.env-ci apps/backend/.env
 
-     - name: Create/migrate db
-       run: |
-        yarn backend sequelize-cli db:create
-        yarn backend sequelize-cli db:migrate
-        yarn backend sequelize-cli db:seed:all
+      - name: Create/migrate db
+        run: |
+          yarn backend sequelize-cli db:create
+          yarn backend sequelize-cli db:migrate
+          yarn backend sequelize-cli db:seed:all
 
-     - name: Build Heimdall
-       run: yarn build
-       env:
-        NODE_ENV: production
+      - name: Build Heimdall
+        run: yarn build
+        env:
+          NODE_ENV: production
 
-     - name: Cypress run
-       uses: cypress-io/github-action@v2
-       with:
-         start: yarn start
-         env:
-          - LDAP_ENABLED=true 
-          - LDAP_HOST=openldap
-          - LDAP_BINDDN="cn=admin,dc=example,dc=com"
-          - LDAP_PASSWORd=${{ secrets.LDAP_ADMIN_PASSWORD }}
-          - LDAP_SEARCHFILTER=(cn={{username}})
-          - LDAP_NAMEFIELD=cn
-         wait-on: http://127.0.0.1:3000
+      - name: Cypress run
+        uses: cypress-io/github-action@v2
+        with:
+          start: yarn start
+          env:
+            - LDAP_ENABLED=true
+            - LDAP_HOST=openldap
+            - LDAP_BINDDN="cn=admin,dc=example,dc=com"
+            - LDAP_PASSWORd=${{ secrets.LDAP_ADMIN_PASSWORD }}
+            - LDAP_SEARCHFILTER=(cn={{username}})
+            - LDAP_NAMEFIELD=cn
+          wait-on: http://127.0.0.1:3000
 
-     - name: Upload test screenshots
-       if: failure()
-       uses: actions/upload-artifact@master
-       with:
-         name: cypress-screenshots
-         path: test/screenshots
+      - name: Upload test screenshots
+        if: failure()
+        uses: actions/upload-artifact@master
+        with:
+          name: cypress-screenshots
+          path: test/screenshots

From 86166ec1e995b5666c685c932573e578bd0cb834 Mon Sep 17 00:00:00 2001
From: Camden Moors <cmoors@mitre.org>
Date: Fri, 22 Jan 2021 10:33:35 -0500
Subject: [PATCH 12/34] Remove container_name

---
 .github/workflows/e2e-ui-tests.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/e2e-ui-tests.yml b/.github/workflows/e2e-ui-tests.yml
index d8af92c452..2a934b19d3 100644
--- a/.github/workflows/e2e-ui-tests.yml
+++ b/.github/workflows/e2e-ui-tests.yml
@@ -21,7 +21,6 @@ jobs:
           - 5432:5432
       openldap:
         image: osixia/openldap
-        container_name: openldap
         env:
           - LDAP_DOMAIN=example.com
           - ADMIN_PASSWORD=${{ secrets.LDAP_ADMIN_PASSWORD }}

From 57014155ee37fde0a07aaf1bc523634c3348d55c Mon Sep 17 00:00:00 2001
From: Camden Moors <cmoors@mitre.org>
Date: Fri, 22 Jan 2021 10:39:38 -0500
Subject: [PATCH 13/34] Reformat env variables

---
 .github/workflows/e2e-ui-tests.yml | 19 +++++++++----------
 1 file changed, 9 insertions(+), 10 deletions(-)

diff --git a/.github/workflows/e2e-ui-tests.yml b/.github/workflows/e2e-ui-tests.yml
index 2a934b19d3..729b833e25 100644
--- a/.github/workflows/e2e-ui-tests.yml
+++ b/.github/workflows/e2e-ui-tests.yml
@@ -12,6 +12,12 @@ jobs:
     env:
       CYPRESS_TESTING: true
       NODE_ENV: test
+      LDAP_ENABLED: true
+      LDAP_HOST: openldap
+      LDAP_BINDDN: cn=admin,dc=example,dc=com
+      LDAP_PASSWORd: ${{ secrets.LDAP_ADMIN_PASSWORD }}
+      LDAP_SEARCHFILTER: (cn={{username}})
+      LDAP_NAMEFIELD: cn
     services:
       postgres:
         image: postgres:latest
@@ -22,9 +28,9 @@ jobs:
       openldap:
         image: osixia/openldap
         env:
-          - LDAP_DOMAIN=example.com
-          - ADMIN_PASSWORD=${{ secrets.LDAP_ADMIN_PASSWORD }}
-          - LDAP_READONLY_USER=true
+          LDAP_DOMAIN: example.com
+          ADMIN_PASSWORD: ${{ secrets.LDAP_ADMIN_PASSWORD }}
+          LDAP_READONLY_USER: true
         ports:
           - 389:389
 
@@ -70,13 +76,6 @@ jobs:
         uses: cypress-io/github-action@v2
         with:
           start: yarn start
-          env:
-            - LDAP_ENABLED=true
-            - LDAP_HOST=openldap
-            - LDAP_BINDDN="cn=admin,dc=example,dc=com"
-            - LDAP_PASSWORd=${{ secrets.LDAP_ADMIN_PASSWORD }}
-            - LDAP_SEARCHFILTER=(cn={{username}})
-            - LDAP_NAMEFIELD=cn
           wait-on: http://127.0.0.1:3000
 
       - name: Upload test screenshots

From e45c5acab021a862d97a22e76cfaf93cf9dcdf22 Mon Sep 17 00:00:00 2001
From: Camden Moors <cmoors@mitre.org>
Date: Fri, 22 Jan 2021 12:00:51 -0500
Subject: [PATCH 14/34] Seed user data

---
 .github/ldap/ldif/bootstrap.ldif     |   13 +
 .github/ldap/schema/bootstrap.schema | 1723 ++++++++++++++++++++++++++
 .github/workflows/e2e-ui-tests.yml   |    7 +-
 3 files changed, 1742 insertions(+), 1 deletion(-)
 create mode 100644 .github/ldap/ldif/bootstrap.ldif
 create mode 100644 .github/ldap/schema/bootstrap.schema

diff --git a/.github/ldap/ldif/bootstrap.ldif b/.github/ldap/ldif/bootstrap.ldif
new file mode 100644
index 0000000000..bc3269e7bc
--- /dev/null
+++ b/.github/ldap/ldif/bootstrap.ldif
@@ -0,0 +1,13 @@
+version: 1
+
+
+dn: uid=heimdall,dc=example,dc=com
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+cn: Heimdall User
+sn: heimdall
+mail: heimdall@example.com
+uid: heimdall
+userPassword: 859wvXEG4TGgYyWZ
\ No newline at end of file
diff --git a/.github/ldap/schema/bootstrap.schema b/.github/ldap/schema/bootstrap.schema
new file mode 100644
index 0000000000..228b113f26
--- /dev/null
+++ b/.github/ldap/schema/bootstrap.schema
@@ -0,0 +1,1723 @@
+attributetype ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' )
+	DESC 'RFC4519: user identifier'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.10 NAME 'manager'
+	DESC 'RFC1274: DN of manager'
+	EQUALITY distinguishedNameMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier'
+	DESC 'RFC1274: unique identifier of document'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle'
+	DESC 'RFC1274: title of document'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion'
+	DESC 'RFC1274: version of document'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor'
+	DESC 'RFC1274: DN of author of document'
+	EQUALITY distinguishedNameMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation'
+	DESC 'RFC1274: location of document original'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTelephoneNumber' )
+	DESC 'RFC1274: home telephone number'
+	EQUALITY telephoneNumberMatch
+	SUBSTR telephoneNumberSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.50
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.21 NAME 'secretary'
+	DESC 'RFC1274: DN of secretary'
+	EQUALITY distinguishedNameMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.39
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainComponent' )
+	DESC 'RFC1274/2247: domain component'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.26 NAME 'aRecord'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' )
+	DESC 'RFC1274: RFC822 Mailbox'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain'
+	DESC 'RFC1274: domain associated with object'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.38 NAME 'associatedName'
+	DESC 'RFC1274: DN of entry associated with domain'
+	EQUALITY distinguishedNameMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress'
+	DESC 'RFC1274: home postal address'
+	EQUALITY caseIgnoreListMatch
+	SUBSTR caseIgnoreListSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.41
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.4 NAME 'info'
+	DESC 'RFC1274: general information'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048}
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle'
+	DESC 'RFC1274: personal title'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTelephoneNumber' )
+	DESC 'RFC1274: mobile telephone number'
+	EQUALITY telephoneNumberMatch
+	SUBSTR telephoneNumberSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.50
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelephoneNumber' )
+	DESC 'RFC1274: pager telephone number'
+	EQUALITY telephoneNumberMatch
+	SUBSTR telephoneNumberSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.50
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlyCountryName' )
+	DESC 'RFC1274: friendly country name'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier'
+	DESC 'RFC1274: unique identifer'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus'
+	DESC 'RFC1274: organizational status'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox'
+	DESC 'RFC1274: Janet mailbox'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.47 NAME 'mailPreferenceOption'
+	DESC 'RFC1274: mail preference option'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.48 NAME 'buildingName'
+	DESC 'RFC1274: name of building'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality'
+	DESC 'RFC1274: DSA Quality'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.19
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDrink' )
+	DESC 'RFC1274: favorite drink'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality'
+	DESC 'RFC1274: Single Level Quality'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.13
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQuality'
+	DESC 'RFC1274: Subtree Mininum Quality'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.13
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQuality'
+	DESC 'RFC1274: Subtree Maximun Quality'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.13
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature'
+	DESC 'RFC1274: Personal Signature (G3 fax)'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.23
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect'
+	DESC 'RFC1274: DIT Redirect'
+	EQUALITY distinguishedNameMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.55 NAME 'audio'
+	DESC 'RFC1274: audio (u-law)'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000}
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher'
+	DESC 'RFC1274: publisher of document'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber'
+	DESC 'RFC1274: room number'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto'
+	DESC 'RFC2798: a JPEG image'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.28
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.7 NAME 'photo'
+	DESC 'RFC1274: photo (G3 fax)'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000}
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.8 NAME 'userClass'
+	DESC 'RFC1274: category of user'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
+	USAGE userApplications )
+attributetype ( 0.9.2342.19200300.100.1.9 NAME 'host'
+	DESC 'RFC1274: host computer'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
+	USAGE userApplications )
+attributetype ( 1.2.840.113549.1.9.1 NAME ( 'email' 'emailAddress' 'pkcs9email' )
+	DESC 'RFC3280: legacy attribute for email addresses in DNs'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128}
+	USAGE userApplications )
+attributetype ( 1.3.6.1.1.1.1.0 NAME 'uidNumber'
+	DESC 'RFC2307: An integer uniquely identifying a user in an administrative domain'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.1.1.1.1 NAME 'gidNumber'
+	DESC 'RFC2307: An integer uniquely identifying a group in an administrative domain'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid'
+	EQUALITY caseExactIA5Match
+	SUBSTR caseExactIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+	USAGE userApplications )
+attributetype ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup'
+	EQUALITY caseExactIA5Match
+	SUBSTR caseExactIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+	USAGE userApplications )
+attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple'
+	DESC 'Netgroup triple'
+	SYNTAX 1.3.6.1.1.1.0.0
+	USAGE userApplications )
+attributetype ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber'
+	DESC 'IP address'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128}
+	USAGE userApplications )
+attributetype ( 1.3.6.1.1.1.1.2 NAME 'gecos'
+	DESC 'The GECOS field; the common name'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber'
+	DESC 'IP network'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128}
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber'
+	DESC 'IP netmask'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128}
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.1.1.1.22 NAME 'macAddress'
+	DESC 'MAC address'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128}
+	USAGE userApplications )
+attributetype ( 1.3.6.1.1.1.1.23 NAME 'bootParameter'
+	DESC 'rpc.bootparamd parameter'
+	SYNTAX 1.3.6.1.1.1.0.1
+	USAGE userApplications )
+attributetype ( 1.3.6.1.1.1.1.24 NAME 'bootFile'
+	DESC 'Boot image name'
+	EQUALITY caseExactIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+	USAGE userApplications )
+attributetype ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry'
+	EQUALITY caseExactIA5Match
+	SUBSTR caseExactIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1024}
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory'
+	DESC 'The absolute path to the home directory'
+	EQUALITY caseExactIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.1.1.1.4 NAME 'loginShell'
+	DESC 'The path to the login shell'
+	EQUALITY caseExactIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.1.1.1.6 NAME 'shadowMin'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.1.1.1.7 NAME 'shadowMax'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.1.16.4 NAME 'entryUUID'
+	DESC 'UUID of the entry'
+	EQUALITY UUIDMatch
+	ORDERING UUIDOrderingMatch
+	SYNTAX 1.3.6.1.1.16.1
+	SINGLE-VALUE
+	NO-USER-MODIFICATION
+	USAGE directoryOperation )
+attributetype ( 1.3.6.1.1.20 NAME 'entryDN'
+	DESC 'DN of the entry'
+	EQUALITY distinguishedNameMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+	SINGLE-VALUE
+	NO-USER-MODIFICATION
+	USAGE directoryOperation )
+attributetype ( 1.3.6.1.1.4 NAME 'vendorName'
+	DESC 'RFC3045: name of implementation vendor'
+	EQUALITY caseExactMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	NO-USER-MODIFICATION
+	USAGE dSAOperation )
+attributetype ( 1.3.6.1.1.5 NAME 'vendorVersion'
+	DESC 'RFC3045: version of implementation'
+	EQUALITY caseExactMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	NO-USER-MODIFICATION
+	USAGE dSAOperation )
+attributetype ( 1.3.6.1.4.1.1466.101.119.3 NAME 'entryTtl'
+	DESC 'RFC2589: entry time-to-live'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SINGLE-VALUE
+	NO-USER-MODIFICATION
+	USAGE dSAOperation )
+attributetype ( 1.3.6.1.4.1.1466.101.119.4 NAME 'dynamicSubtrees'
+	DESC 'RFC2589: dynamic subtrees'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+	NO-USER-MODIFICATION
+	USAGE dSAOperation )
+attributetype ( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl'
+	DESC 'RFC4512: supported controls'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+	USAGE dSAOperation )
+attributetype ( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms'
+	DESC 'RFC4512: supported SASL mechanisms'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE dSAOperation )
+attributetype ( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion'
+	DESC 'RFC4512: supported LDAP versions'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	USAGE dSAOperation )
+attributetype ( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes'
+	DESC 'RFC4512: LDAP syntaxes'
+	EQUALITY objectIdentifierFirstComponentMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.54
+	USAGE directoryOperation )
+attributetype ( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts'
+	DESC 'RFC4512: naming contexts'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+	USAGE dSAOperation )
+attributetype ( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer'
+	DESC 'RFC4512: alternative servers'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+	USAGE dSAOperation )
+attributetype ( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension'
+	DESC 'RFC4512: supported extended operations'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+	USAGE dSAOperation )
+attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
+	DESC 'RFC2079: Uniform Resource Identifier with optional label'
+	EQUALITY caseExactMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.1 NAME 'olcAccess'
+	DESC 'Access Control List'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.10 NAME 'olcConcurrency'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.11 NAME 'olcConnMaxPending'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.12 NAME 'olcConnMaxPendingAuth'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.14 NAME 'olcDefaultSearchBase'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.15 NAME 'olcDisallows'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.16 NAME 'olcDitContentRules'
+	DESC 'OpenLDAP DIT content rules'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.17 NAME 'olcGentleHUP'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.18 NAME 'olcIdleTimeout'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.19 NAME 'olcInclude'
+	SUP labeledURI
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.2 NAME 'olcAllows'
+	DESC 'Allowed set of deprecated features'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.20 NAME 'olcIndexSubstrIfMinLen'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.21 NAME 'olcIndexSubstrIfMaxLen'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.22 NAME 'olcIndexSubstrAnyLen'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.23 NAME 'olcIndexSubstrAnyStep'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.26 NAME 'olcLocalSSF'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.27 NAME 'olcLogFile'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.28 NAME 'olcLogLevel'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.3 NAME 'olcArgsFile'
+	DESC 'File for slapd command line options'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.30 NAME 'olcModuleLoad'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.31 NAME 'olcModulePath'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.32 NAME 'olcObjectClasses'
+	DESC 'OpenLDAP object classes'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.33 NAME 'olcObjectIdentifier'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.35 NAME 'olcPasswordCryptSaltFormat'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.36 NAME 'olcPasswordHash'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.37 NAME 'olcPidFile'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.38 NAME 'olcPlugin'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.39 NAME 'olcPluginLogFile'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.4 NAME 'olcAttributeTypes'
+	DESC 'OpenLDAP attributeTypes'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.40 NAME 'olcReadOnly'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.41 NAME 'olcReferral'
+	SUP labeledURI
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.43 NAME 'olcReplicaArgsFile'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.44 NAME 'olcReplicaPidFile'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.45 NAME 'olcReplicationInterval'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.46 NAME 'olcReplogFile'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.47 NAME 'olcRequires'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.48 NAME 'olcRestrict'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.49 NAME 'olcReverseLookup'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.5 NAME 'olcAttributeOptions'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.51 NAME 'olcRootDSE'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.53 NAME 'olcSaslHost'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.54 NAME 'olcSaslRealm'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.56 NAME 'olcSaslSecProps'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.58 NAME 'olcSchemaDN'
+	EQUALITY distinguishedNameMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.59 NAME 'olcSecurity'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.6 NAME 'olcAuthIDRewrite'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.60 NAME 'olcSizeLimit'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.61 NAME 'olcSockbufMaxIncoming'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.62 NAME 'olcSockbufMaxIncomingAuth'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.66 NAME 'olcThreads'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.67 NAME 'olcTimeLimit'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.68 NAME 'olcTLSCACertificateFile'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.69 NAME 'olcTLSCACertificatePath'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.7 NAME 'olcAuthzPolicy'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.70 NAME 'olcTLSCertificateFile'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.71 NAME 'olcTLSCertificateKeyFile'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.72 NAME 'olcTLSCipherSuite'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.73 NAME 'olcTLSCRLCheck'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.74 NAME 'olcTLSRandFile'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.75 NAME 'olcTLSVerifyClient'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.77 NAME 'olcTLSDHParamFile'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.78 NAME 'olcConfigFile'
+	DESC 'File for slapd configuration directives'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.79 NAME 'olcConfigDir'
+	DESC 'Directory for slapd configuration backend'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.8 NAME 'olcAuthzRegexp'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.80 NAME 'olcToolThreads'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.81 NAME 'olcServerID'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.82 NAME 'olcTLSCRLFile'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.83 NAME 'olcSortVals'
+	DESC 'Attributes whose values will always be sorted'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.84 NAME 'olcIndexIntLen'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.85 NAME 'olcLdapSyntaxes'
+	DESC 'OpenLDAP ldapSyntax'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.86 NAME 'olcAddContentAcl'
+	DESC 'Check ACLs against content of Add ops'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.87 NAME 'olcTLSProtocolMin'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.88 NAME 'olcWriteTimeout'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.89 NAME 'olcSaslAuxprops'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.9 NAME 'olcBackend'
+	DESC 'A type of backend'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.90 NAME 'olcTCPBuffer'
+	DESC 'Custom TCP buffer size'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.1 NAME 'olcDbDirectory'
+	DESC 'Directory for database content'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.10 NAME 'olcSuffix'
+	EQUALITY distinguishedNameMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.11 NAME 'olcSyncrepl'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.12 NAME 'olcUpdateDN'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.13 NAME 'olcUpdateRef'
+	SUP labeledURI
+	EQUALITY caseIgnoreMatch
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.15 NAME 'olcSubordinate'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.16 NAME 'olcMirrorMode'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.17 NAME 'olcHidden'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.18 NAME 'olcMonitoring'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.19 NAME 'olcSyncUseSubentry'
+	DESC 'Store sync context in a subentry'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.2 NAME 'olcDbIndex'
+	DESC 'Attribute index parameters'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.3 NAME 'olcDbMode'
+	DESC 'Unix permissions of database files'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.4 NAME 'olcLastMod'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.5 NAME 'olcLimits'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.6 NAME 'olcMaxDerefDepth'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.7 NAME 'olcReplica'
+	SUP labeledURI
+	EQUALITY caseIgnoreMatch
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.8 NAME 'olcRootDN'
+	EQUALITY distinguishedNameMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.9 NAME 'olcRootPW'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.1 NAME 'olcDbCacheSize'
+	DESC 'Entry cache size in entries'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.10 NAME 'olcDbShmKey'
+	DESC 'Key for shared memory region'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.11 NAME 'olcDbCacheFree'
+	DESC 'Number of extra entries to free when max is reached'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.12 NAME 'olcDbDNcacheSize'
+	DESC 'DN cache size'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.13 NAME 'olcDbCryptFile'
+	DESC 'Pathname of file containing the DB encryption key'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.14 NAME 'olcDbCryptKey'
+	DESC 'DB encryption key'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.15 NAME 'olcDbPageSize'
+	DESC 'Page size of specified DB, in Kbytes'
+	EQUALITY caseExactMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.16 NAME 'olcDbChecksum'
+	DESC 'Enable database checksum validation'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.2 NAME 'olcDbCheckpoint'
+	DESC 'Database checkpoint interval in kbytes and minutes'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.3 NAME 'olcDbConfig'
+	DESC 'BerkeleyDB DB_CONFIG configuration directives'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.4 NAME 'olcDbNoSync'
+	DESC 'Disable synchronous database writes'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.5 NAME 'olcDbDirtyRead'
+	DESC 'Allow reads of uncommitted data'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.6 NAME 'olcDbIDLcacheSize'
+	DESC 'IDL cache size in IDLs'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.7 NAME 'olcDbLinearIndex'
+	DESC 'Index attributes one at a time'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.8 NAME 'olcDbLockDetect'
+	DESC 'Deadlock detection algorithm'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.9 NAME 'olcDbSearchStack'
+	DESC 'Depth of search stack in IDLs'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.3.5 NAME 'supportedFeatures'
+	DESC 'RFC4512: features supported by the server'
+	EQUALITY objectIdentifierMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+	USAGE dSAOperation )
+attributetype ( 2.16.840.1.113730.3.1.1 NAME 'carLicense'
+	DESC 'RFC2798: vehicle license or registration plate'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+attributetype ( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber'
+	DESC 'RFC2798: identifies a department within an organization'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+attributetype ( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12'
+	DESC 'RFC2798: personal identity information, a PKCS #12 PFX'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.5
+	USAGE userApplications )
+attributetype ( 2.16.840.1.113730.3.1.241 NAME 'displayName'
+	DESC 'RFC2798: preferred name to be used when displaying entries'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber'
+	DESC 'RFC2798: numerically identifies an employee within an organization'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 2.16.840.1.113730.3.1.34 NAME 'ref'
+	DESC 'RFC3296: subordinate referral URL'
+	EQUALITY caseExactMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE distributedOperation )
+attributetype ( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage'
+	DESC 'RFC2798: preferred written or spoken language for a person'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 2.16.840.1.113730.3.1.4 NAME 'employeeType'
+	DESC 'RFC2798: type of employment for a person'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	USAGE userApplications )
+attributetype ( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate'
+	DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.5
+	USAGE userApplications )
+attributetype ( 2.5.18.1 NAME 'createTimestamp'
+	DESC 'RFC4512: time which object was created'
+	EQUALITY generalizedTimeMatch
+	ORDERING generalizedTimeOrderingMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+	SINGLE-VALUE
+	NO-USER-MODIFICATION
+	USAGE directoryOperation )
+attributetype ( 2.5.18.10 NAME 'subschemaSubentry'
+	DESC 'RFC4512: name of controlling subschema entry'
+	EQUALITY distinguishedNameMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+	SINGLE-VALUE
+	NO-USER-MODIFICATION
+	USAGE directoryOperation )
+attributetype ( 2.5.18.2 NAME 'modifyTimestamp'
+	DESC 'RFC4512: time which object was last modified'
+	EQUALITY generalizedTimeMatch
+	ORDERING generalizedTimeOrderingMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
+	SINGLE-VALUE
+	NO-USER-MODIFICATION
+	USAGE directoryOperation )
+attributetype ( 2.5.18.3 NAME 'creatorsName'
+	DESC 'RFC4512: name of creator'
+	EQUALITY distinguishedNameMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+	SINGLE-VALUE
+	NO-USER-MODIFICATION
+	USAGE directoryOperation )
+attributetype ( 2.5.18.4 NAME 'modifiersName'
+	DESC 'RFC4512: name of last modifier'
+	EQUALITY distinguishedNameMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+	SINGLE-VALUE
+	NO-USER-MODIFICATION
+	USAGE directoryOperation )
+attributetype ( 2.5.18.9 NAME 'hasSubordinates'
+	DESC 'X.501: entry has children'
+	EQUALITY booleanMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
+	SINGLE-VALUE
+	NO-USER-MODIFICATION
+	USAGE directoryOperation )
+attributetype ( 2.5.21.4 NAME 'matchingRules'
+	DESC 'RFC4512: matching rules'
+	EQUALITY objectIdentifierFirstComponentMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.30
+	USAGE directoryOperation )
+attributetype ( 2.5.21.5 NAME 'attributeTypes'
+	DESC 'RFC4512: attribute types'
+	EQUALITY objectIdentifierFirstComponentMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.3
+	USAGE directoryOperation )
+attributetype ( 2.5.21.6 NAME 'objectClasses'
+	DESC 'RFC4512: object classes'
+	EQUALITY objectIdentifierFirstComponentMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.37
+	USAGE directoryOperation )
+attributetype ( 2.5.21.8 NAME 'matchingRuleUse'
+	DESC 'RFC4512: matching rule uses'
+	EQUALITY objectIdentifierFirstComponentMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.31
+	USAGE directoryOperation )
+attributetype ( 2.5.21.9 NAME 'structuralObjectClass'
+	DESC 'RFC4512: structural object class of entry'
+	EQUALITY objectIdentifierMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+	SINGLE-VALUE
+	NO-USER-MODIFICATION
+	USAGE directoryOperation )
+attributetype ( 2.5.4.0 NAME 'objectClass'
+	DESC 'RFC4512: object classes of the entity'
+	EQUALITY objectIdentifierMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+	USAGE userApplications )
+attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
+	DESC 'RFC4512: name of aliased object'
+	EQUALITY distinguishedNameMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 2.5.4.13 NAME 'description'
+	DESC 'RFC4519: descriptive information'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024}
+	USAGE userApplications )
+attributetype ( 2.5.4.14 NAME 'searchGuide'
+	DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.25
+	USAGE userApplications )
+attributetype ( 2.5.4.15 NAME 'businessCategory'
+	DESC 'RFC2256: business category'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128}
+	USAGE userApplications )
+attributetype ( 2.5.4.16 NAME 'postalAddress'
+	DESC 'RFC2256: postal address'
+	EQUALITY caseIgnoreListMatch
+	SUBSTR caseIgnoreListSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.41
+	USAGE userApplications )
+attributetype ( 2.5.4.17 NAME 'postalCode'
+	DESC 'RFC2256: postal code'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40}
+	USAGE userApplications )
+attributetype ( 2.5.4.18 NAME 'postOfficeBox'
+	DESC 'RFC2256: Post Office Box'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40}
+	USAGE userApplications )
+attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
+	DESC 'RFC2256: Physical Delivery Office Name'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128}
+	USAGE userApplications )
+attributetype ( 2.5.4.2 NAME 'knowledgeInformation'
+	DESC 'RFC2256: knowledge information'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768}
+	USAGE userApplications )
+attributetype ( 2.5.4.20 NAME 'telephoneNumber'
+	DESC 'RFC2256: Telephone Number'
+	EQUALITY telephoneNumberMatch
+	SUBSTR telephoneNumberSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32}
+	USAGE userApplications )
+attributetype ( 2.5.4.21 NAME 'telexNumber'
+	DESC 'RFC2256: Telex Number'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.52
+	USAGE userApplications )
+attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
+	DESC 'RFC2256: Teletex Terminal Identifier'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.51
+	USAGE userApplications )
+attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
+	DESC 'RFC2256: Facsimile (Fax) Telephone Number'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.22
+	USAGE userApplications )
+attributetype ( 2.5.4.24 NAME 'x121Address'
+	DESC 'RFC2256: X.121 Address'
+	EQUALITY numericStringMatch
+	SUBSTR numericStringSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15}
+	USAGE userApplications )
+attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber'
+	DESC 'RFC2256: international ISDN number'
+	EQUALITY numericStringMatch
+	SUBSTR numericStringSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16}
+	USAGE userApplications )
+attributetype ( 2.5.4.26 NAME 'registeredAddress'
+	DESC 'RFC2256: registered postal address'
+	SUP postalAddress
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.41
+	USAGE userApplications )
+attributetype ( 2.5.4.27 NAME 'destinationIndicator'
+	DESC 'RFC2256: destination indicator'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128}
+	USAGE userApplications )
+attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod'
+	DESC 'RFC2256: preferred delivery method'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 2.5.4.29 NAME 'presentationAddress'
+	DESC 'RFC2256: presentation address'
+	EQUALITY presentationAddressMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 2.5.4.30 NAME 'supportedApplicationContext'
+	DESC 'RFC2256: supported application context'
+	EQUALITY objectIdentifierMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
+	USAGE userApplications )
+attributetype ( 2.5.4.35 NAME 'userPassword'
+	DESC 'RFC4519/2307: password of user'
+	EQUALITY octetStringMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128}
+	USAGE userApplications )
+attributetype ( 2.5.4.36 NAME 'userCertificate'
+	DESC 'RFC2256: X.509 user certificate, use ;binary'
+	EQUALITY certificateExactMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.8
+	USAGE userApplications )
+attributetype ( 2.5.4.37 NAME 'cACertificate'
+	DESC 'RFC2256: X.509 CA certificate, use ;binary'
+	EQUALITY certificateExactMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.8
+	USAGE userApplications )
+attributetype ( 2.5.4.38 NAME 'authorityRevocationList'
+	DESC 'RFC2256: X.509 authority revocation list, use ;binary'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.9
+	USAGE userApplications )
+attributetype ( 2.5.4.39 NAME 'certificateRevocationList'
+	DESC 'RFC2256: X.509 certificate revocation list, use ;binary'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.9
+	USAGE userApplications )
+attributetype ( 2.5.4.40 NAME 'crossCertificatePair'
+	DESC 'RFC2256: X.509 cross certificate pair, use ;binary'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.10
+	USAGE userApplications )
+attributetype ( 2.5.4.41 NAME 'name'
+	DESC 'RFC4519: common supertype of name attributes'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768}
+	USAGE userApplications )
+attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' )
+	DESC 'RFC2256: first name(s) for which the entity is known by'
+	SUP name
+	USAGE userApplications )
+attributetype ( 2.5.4.43 NAME 'initials'
+	DESC 'RFC2256: initials of some or all of names, but not the surname(s).'
+	SUP name
+	USAGE userApplications )
+attributetype ( 2.5.4.44 NAME 'generationQualifier'
+	DESC 'RFC2256: name qualifier indicating a generation'
+	SUP name
+	USAGE userApplications )
+attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier'
+	DESC 'RFC2256: X.500 unique identifier'
+	EQUALITY bitStringMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.6
+	USAGE userApplications )
+attributetype ( 2.5.4.46 NAME 'dnQualifier'
+	DESC 'RFC2256: DN qualifier'
+	EQUALITY caseIgnoreMatch
+	ORDERING caseIgnoreOrderingMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
+	USAGE userApplications )
+attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide'
+	DESC 'RFC2256: enhanced search guide'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.21
+	USAGE userApplications )
+attributetype ( 2.5.4.48 NAME 'protocolInformation'
+	DESC 'RFC2256: protocol information'
+	EQUALITY protocolInformationMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.42
+	USAGE userApplications )
+attributetype ( 2.5.4.49 NAME 'distinguishedName'
+	DESC 'RFC4519: common supertype of DN attributes'
+	EQUALITY distinguishedNameMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
+	USAGE userApplications )
+attributetype ( 2.5.4.5 NAME 'serialNumber'
+	DESC 'RFC2256: serial number of the entity'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64}
+	USAGE userApplications )
+attributetype ( 2.5.4.50 NAME 'uniqueMember'
+	DESC 'RFC2256: unique member of a group'
+	EQUALITY uniqueMemberMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.34
+	USAGE userApplications )
+attributetype ( 2.5.4.51 NAME 'houseIdentifier'
+	DESC 'RFC2256: house identifier'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768}
+	USAGE userApplications )
+attributetype ( 2.5.4.52 NAME 'supportedAlgorithms'
+	DESC 'RFC2256: supported algorithms'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.49
+	USAGE userApplications )
+attributetype ( 2.5.4.53 NAME 'deltaRevocationList'
+	DESC 'RFC2256: delta revocation list; use ;binary'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.9
+	USAGE userApplications )
+attributetype ( 2.5.4.54 NAME 'dmdName'
+	DESC 'RFC2256: name of DMD'
+	SUP name
+	USAGE userApplications )
+attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
+	DESC 'RFC2256: ISO-3166 country 2-letter code'
+	SUP name
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 2.5.4.65 NAME 'pseudonym'
+	DESC 'X.520(4th): pseudonym for the object'
+	SUP name
+	USAGE userApplications )
+attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' )
+	DESC 'RFC2256: locality which this object resides in'
+	SUP name
+	USAGE userApplications )
+attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )
+	DESC 'RFC2256: state or province which this object resides in'
+	SUP name
+	USAGE userApplications )
+attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' )
+	DESC 'RFC2256: street address of this object'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128}
+	USAGE userApplications )
+attributetype ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol'
+	SUP name
+	USAGE userApplications )
+attributetype ( 1.3.6.1.1.1.1.26 NAME 'nisMapName'
+	SUP name
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.13 NAME 'olcDatabase'
+	DESC 'The backend type for a database instance'
+	SUP olcBackend
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.34 NAME 'olcOverlay'
+	SUP olcDatabase
+	SINGLE-VALUE
+	USAGE userApplications )
+attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' )
+	DESC 'RFC2256: organization this object belongs to'
+	SUP name
+	USAGE userApplications )
+attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
+	DESC 'RFC2256: organizational unit this object belongs to'
+	SUP name
+	USAGE userApplications )
+attributetype ( 2.5.4.12 NAME 'title'
+	DESC 'RFC2256: title associated with the entity'
+	SUP name
+	USAGE userApplications )
+attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' )
+	DESC 'RFC4519: common name(s) for which the entity is known by'
+	SUP name
+	USAGE userApplications )
+attributetype ( 2.5.4.31 NAME 'member'
+	DESC 'RFC2256: member of a group'
+	SUP distinguishedName
+	USAGE userApplications )
+attributetype ( 2.5.4.32 NAME 'owner'
+	DESC 'RFC2256: owner (of the object)'
+	SUP distinguishedName
+	USAGE userApplications )
+attributetype ( 2.5.4.33 NAME 'roleOccupant'
+	DESC 'RFC2256: occupant of role'
+	SUP distinguishedName
+	USAGE userApplications )
+attributetype ( 2.5.4.34 NAME 'seeAlso'
+	DESC 'RFC4519: DN of related object'
+	SUP distinguishedName
+	USAGE userApplications )
+attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' )
+	DESC 'RFC2256: last (family) name(s) for which the entity is known by'
+	SUP name
+	USAGE userApplications )
+objectclass ( 1.3.6.1.4.1.4203.1.12.2.4.0.7 NAME 'olcFrontendConfig'
+	DESC 'OpenLDAP frontend configuration'
+	AUXILIARY
+	MAY ( olcDefaultSearchBase $ olcPasswordHash $ olcSortVals ) )
+objectclass ( 2.5.20.1 NAME 'subschema'
+	DESC 'RFC4512: controlling subschema (sub)entry'
+	AUXILIARY
+	MAY ( dITStructureRules $ nameForms $ dITContentRules $ objectClasses $ attributeTypes $ matchingRules $ matchingRuleUse ) )
+objectclass ( 2.5.6.0 NAME 'top'
+	DESC 'top of the superclass chain'
+	ABSTRACT
+	MUST objectClass )
+objectclass ( 2.5.6.1 NAME 'alias'
+	DESC 'RFC4512: an alias'
+	SUP top
+	STRUCTURAL
+	MUST aliasedObjectName )
+objectclass ( 2.5.6.11 NAME 'applicationProcess'
+	DESC 'RFC2256: an application process'
+	SUP top
+	STRUCTURAL
+	MUST cn
+	MAY ( seeAlso $ ou $ l $ description ) )
+objectclass ( 2.5.6.12 NAME 'applicationEntity'
+	DESC 'RFC2256: an application entity'
+	SUP top
+	STRUCTURAL
+	MUST ( presentationAddress $ cn )
+	MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $ description ) )
+objectclass ( 2.5.6.13 NAME 'dSA'
+	DESC 'RFC2256: a directory system agent (a server)'
+	SUP applicationEntity
+	STRUCTURAL
+	MAY knowledgeInformation )
+objectclass ( 2.5.6.14 NAME 'device'
+	DESC 'RFC2256: a device'
+	SUP top
+	STRUCTURAL
+	MUST cn
+	MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
+objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser'
+	DESC 'RFC2256: a strong authentication user'
+	SUP top
+	AUXILIARY
+	MUST userCertificate )
+objectclass ( 2.5.6.16 NAME 'certificationAuthority'
+	DESC 'RFC2256: a certificate authority'
+	SUP top
+	AUXILIARY
+	MUST ( authorityRevocationList $ certificateRevocationList $ cACertificate )
+	MAY crossCertificatePair )
+objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
+	SUP certificationAuthority
+	AUXILIARY
+	MAY deltaRevocationList )
+objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames'
+	DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
+	SUP top
+	STRUCTURAL
+	MUST ( uniqueMember $ cn )
+	MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+objectclass ( 2.5.6.18 NAME 'userSecurityInformation'
+	DESC 'RFC2256: a user security information'
+	SUP top
+	AUXILIARY
+	MAY supportedAlgorithms )
+objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint'
+	SUP top
+	STRUCTURAL
+	MUST cn
+	MAY ( certificateRevocationList $ authorityRevocationList $ deltaRevocationList ) )
+objectclass ( 2.5.6.2 NAME 'country'
+	DESC 'RFC2256: a country'
+	SUP top
+	STRUCTURAL
+	MUST c
+	MAY ( searchGuide $ description ) )
+objectclass ( 2.5.6.20 NAME 'dmd'
+	SUP top
+	STRUCTURAL
+	MUST dmdName
+	MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+objectclass ( 2.5.6.21 NAME 'pkiUser'
+	DESC 'RFC2587: a PKI user'
+	SUP top
+	AUXILIARY
+	MAY userCertificate )
+objectclass ( 2.5.6.22 NAME 'pkiCA'
+	DESC 'RFC2587: PKI certificate authority'
+	SUP top
+	AUXILIARY
+	MAY ( authorityRevocationList $ certificateRevocationList $ cACertificate $ crossCertificatePair ) )
+objectclass ( 2.5.6.23 NAME 'deltaCRL'
+	DESC 'RFC2587: PKI user'
+	SUP top
+	AUXILIARY
+	MAY deltaRevocationList )
+objectclass ( 2.5.6.3 NAME 'locality'
+	DESC 'RFC2256: a locality'
+	SUP top
+	STRUCTURAL
+	MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
+objectclass ( 2.5.6.4 NAME 'organization'
+	DESC 'RFC2256: an organization'
+	SUP top
+	STRUCTURAL
+	MUST o
+	MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+objectclass ( 2.5.6.5 NAME 'organizationalUnit'
+	DESC 'RFC2256: an organizational unit'
+	SUP top
+	STRUCTURAL
+	MUST ou
+	MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
+objectclass ( 2.5.6.6 NAME 'person'
+	DESC 'RFC2256: a person'
+	SUP top
+	STRUCTURAL
+	MUST ( sn $ cn )
+	MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
+objectclass ( 2.5.6.7 NAME 'organizationalPerson'
+	DESC 'RFC2256: an organizational person'
+	SUP person
+	STRUCTURAL
+	MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
+objectclass ( 2.5.6.8 NAME 'organizationalRole'
+	DESC 'RFC2256: an organizational role'
+	SUP top
+	STRUCTURAL
+	MUST cn
+	MAY ( x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
+objectclass ( 2.5.6.9 NAME 'groupOfNames'
+	DESC 'RFC2256: a group of names (DNs)'
+	SUP top
+	STRUCTURAL
+	MUST ( member $ cn )
+	MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
+objectclass ( 0.9.2342.19200300.100.4.13 NAME 'domain'
+	SUP top
+	STRUCTURAL
+	MUST domainComponent
+	MAY ( associatedName $ organizationName $ description $ businessCategory $ seeAlso $ searchGuide $ userPassword $ localityName $ stateOrProvinceName $ streetAddress $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOfficeBox $ streetAddress $ facsimileTelephoneNumber $ internationalISDNNumber $ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ preferredDeliveryMethod $ destinationIndicator $ registeredAddress $ x121Address ) )
+objectclass ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart'
+	SUP domain
+	STRUCTURAL
+	MAY ( commonName $ surname $ description $ seeAlso $ telephoneNumber $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOfficeBox $ streetAddress $ facsimileTelephoneNumber $ internationalISDNNumber $ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ preferredDeliveryMethod $ destinationIndicator $ registeredAddress $ x121Address ) )
+objectclass ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain'
+	SUP domain
+	STRUCTURAL
+	MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAMERecord ) )
+objectclass ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject'
+	DESC 'RFC1274: an object related to an domain'
+	SUP top
+	AUXILIARY
+	MUST associatedDomain )
+objectclass ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry'
+	SUP country
+	STRUCTURAL
+	MUST friendlyCountryName )
+objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
+	DESC 'RFC1274: simple security object'
+	SUP top
+	AUXILIARY
+	MUST userPassword )
+objectclass ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization'
+	SUP ( organization $ organizationalUnit )
+	STRUCTURAL
+	MAY buildingName )
+objectclass ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA'
+	SUP dsa
+	STRUCTURAL
+	MAY dSAQuality )
+objectclass ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData'
+	SUP top
+	AUXILIARY
+	MUST dsaQuality
+	MAY ( subtreeMinimumQuality $ subtreeMaximumQuality ) )
+objectclass ( 0.9.2342.19200300.100.4.4 NAME ( 'pilotPerson' 'newPilotPerson' )
+	SUP person
+	STRUCTURAL
+	MAY ( userid $ textEncodedORAddress $ rfc822Mailbox $ favouriteDrink $ roomNumber $ userClass $ homeTelephoneNumber $ homePostalAddress $ secretary $ personalTitle $ preferredDeliveryMethod $ businessCategory $ janetMailbox $ otherMailbox $ mobileTelephoneNumber $ pagerTelephoneNumber $ organizationalStatus $ mailPreferenceOption $ personalSignature ) )
+objectclass ( 0.9.2342.19200300.100.4.5 NAME 'account'
+	SUP top
+	STRUCTURAL
+	MUST userid
+	MAY ( description $ seeAlso $ localityName $ organizationName $ organizationalUnitName $ host ) )
+objectclass ( 0.9.2342.19200300.100.4.6 NAME 'document'
+	SUP top
+	STRUCTURAL
+	MUST documentIdentifier
+	MAY ( commonName $ description $ seeAlso $ localityName $ organizationName $ organizationalUnitName $ documentTitle $ documentVersion $ documentAuthor $ documentLocation $ documentPublisher ) )
+objectclass ( 0.9.2342.19200300.100.4.7 NAME 'room'
+	SUP top
+	STRUCTURAL
+	MUST commonName
+	MAY ( roomNumber $ description $ seeAlso $ telephoneNumber ) )
+objectclass ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries'
+	SUP top
+	STRUCTURAL
+	MUST commonName
+	MAY ( description $ seeAlso $ telephonenumber $ localityName $ organizationName $ organizationalUnitName ) )
+objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount'
+	DESC 'Abstraction of an account with POSIX attributes'
+	SUP top
+	AUXILIARY
+	MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
+	MAY ( userPassword $ loginShell $ gecos $ description ) )
+objectclass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount'
+	DESC 'Additional attributes for shadow passwords'
+	SUP top
+	AUXILIARY
+	MUST uid
+	MAY ( userPassword $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ description ) )
+objectclass ( 1.3.6.1.1.1.2.10 NAME 'nisObject'
+	DESC 'An entry in a NIS map'
+	SUP top
+	STRUCTURAL
+	MUST ( cn $ nisMapEntry $ nisMapName )
+	MAY description )
+objectclass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device'
+	DESC 'A device with a MAC address'
+	SUP top
+	AUXILIARY
+	MAY macAddress )
+objectclass ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice'
+	DESC 'A device with boot parameters'
+	SUP top
+	AUXILIARY
+	MAY ( bootFile $ bootParameter ) )
+objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup'
+	DESC 'Abstraction of a group of accounts'
+	SUP top
+	STRUCTURAL
+	MUST ( cn $ gidNumber )
+	MAY ( userPassword $ memberUid $ description ) )
+objectclass ( 1.3.6.1.1.1.2.3 NAME 'ipService'
+	DESC 'Abstraction an Internet Protocol service'
+	SUP top
+	STRUCTURAL
+	MUST ( cn $ ipServicePort $ ipServiceProtocol )
+	MAY description )
+objectclass ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol'
+	DESC 'Abstraction of an IP protocol'
+	SUP top
+	STRUCTURAL
+	MUST ( cn $ ipProtocolNumber $ description )
+	MAY description )
+objectclass ( 1.3.6.1.1.1.2.5 NAME 'oncRpc'
+	DESC 'Abstraction of an ONC/RPC binding'
+	SUP top
+	STRUCTURAL
+	MUST ( cn $ oncRpcNumber $ description )
+	MAY description )
+objectclass ( 1.3.6.1.1.1.2.6 NAME 'ipHost'
+	DESC 'Abstraction of a host, an IP device'
+	SUP top
+	AUXILIARY
+	MUST ( cn $ ipHostNumber )
+	MAY ( l $ description $ manager ) )
+objectclass ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork'
+	DESC 'Abstraction of an IP network'
+	SUP top
+	STRUCTURAL
+	MUST ( cn $ ipNetworkNumber )
+	MAY ( ipNetmaskNumber $ l $ description $ manager ) )
+objectclass ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup'
+	DESC 'Abstraction of a netgroup'
+	SUP top
+	STRUCTURAL
+	MUST cn
+	MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) )
+objectclass ( 1.3.6.1.1.1.2.9 NAME 'nisMap'
+	DESC 'A generic abstraction of a NIS map'
+	SUP top
+	STRUCTURAL
+	MUST nisMapName
+	MAY description )
+objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject'
+	DESC 'RFC2377: uid object'
+	SUP top
+	AUXILIARY
+	MUST uid )
+objectclass ( 1.3.6.1.4.1.1466.101.119.2 NAME 'dynamicObject'
+	DESC 'RFC2589: Dynamic Object'
+	SUP top
+	AUXILIARY )
+objectclass ( 1.3.6.1.4.1.1466.101.120.111 NAME 'extensibleObject'
+	DESC 'RFC4512: extensible object'
+	SUP top
+	AUXILIARY )
+objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
+	DESC 'RFC2247: domain component object'
+	SUP top
+	AUXILIARY
+	MUST dc )
+objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
+	DESC 'RFC2079: object that contains the URI attribute type'
+	SUP top
+	AUXILIARY
+	MAY labeledURI )
+objectclass ( 1.3.6.1.4.1.4203.1.12.2.4.0.0 NAME 'olcConfig'
+	DESC 'OpenLDAP configuration object'
+	SUP top
+	ABSTRACT )
+objectclass ( 1.3.6.1.4.1.4203.1.12.2.4.0.1 NAME 'olcGlobal'
+	DESC 'OpenLDAP Global configuration options'
+	SUP olcConfig
+	STRUCTURAL
+	MAY ( cn $ olcConfigFile $ olcConfigDir $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcDisallows $ olcGentleHUP $ olcIdleTimeout $ olcIndexSubstrIfMaxLen $ olcIndexSubstrIfMinLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcLogFile $ olcLogLevel $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPluginLogFile $ olcReadOnly $ olcReferral $ olcReplogFile $ olcRequires $ olcRestrict $ olcReverseLookup $ olcRootDSE $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcTCPBuffer $ olcThreads $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcTLSCRLFile $ olcToolThreads $ olcWriteTimeout $ olcObjectIdentifier $ olcAttributeTypes $ olcObjectClasses $ olcDitContentRules $ olcLdapSyntaxes ) )
+objectclass ( 1.3.6.1.4.1.4203.1.12.2.4.0.2 NAME 'olcSchemaConfig'
+	DESC 'OpenLDAP schema object'
+	SUP olcConfig
+	STRUCTURAL
+	MAY ( cn $ olcObjectIdentifier $ olcAttributeTypes $ olcObjectClasses $ olcDitContentRules $ olcLdapSyntaxes ) )
+objectclass ( 1.3.6.1.4.1.4203.1.12.2.4.0.3 NAME 'olcBackendConfig'
+	DESC 'OpenLDAP Backend-specific options'
+	SUP olcConfig
+	STRUCTURAL
+	MUST olcBackend )
+objectclass ( 1.3.6.1.4.1.4203.1.12.2.4.0.4 NAME 'olcDatabaseConfig'
+	DESC 'OpenLDAP Database-specific options'
+	SUP olcConfig
+	STRUCTURAL
+	MUST olcDatabase
+	MAY ( olcHidden $ olcSuffix $ olcSubordinate $ olcAccess $ olcAddContentAcl $ olcLastMod $ olcLimits $ olcMaxDerefDepth $ olcPlugin $ olcReadOnly $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplicationInterval $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDN $ olcRootPW $ olcSchemaDN $ olcSecurity $ olcSizeLimit $ olcSyncUseSubentry $ olcSyncrepl $ olcTimeLimit $ olcUpdateDN $ olcUpdateRef $ olcMirrorMode $ olcMonitoring ) )
+objectclass ( 1.3.6.1.4.1.4203.1.12.2.4.0.5 NAME 'olcOverlayConfig'
+	DESC 'OpenLDAP Overlay-specific options'
+	SUP olcConfig
+	STRUCTURAL
+	MUST olcOverlay )
+objectclass ( 1.3.6.1.4.1.4203.1.12.2.4.0.6 NAME 'olcIncludeFile'
+	DESC 'OpenLDAP configuration include file'
+	SUP olcConfig
+	STRUCTURAL
+	MUST olcInclude
+	MAY ( cn $ olcRootDSE ) )
+objectclass ( 1.3.6.1.4.1.4203.1.12.2.4.0.8 NAME 'olcModuleList'
+	DESC 'OpenLDAP dynamic module info'
+	SUP olcConfig
+	STRUCTURAL
+	MAY ( cn $ olcModulePath $ olcModuleLoad ) )
+objectclass ( 1.3.6.1.4.1.4203.1.12.2.4.2.1.2 NAME 'olcHdbConfig'
+	DESC 'HDB backend configuration'
+	SUP olcDatabaseConfig
+	STRUCTURAL
+	MUST olcDbDirectory
+	MAY ( olcDbCacheSize $ olcDbCheckpoint $ olcDbConfig $ olcDbCryptFile $ olcDbCryptKey $ olcDbNoSync $ olcDbDirtyRead $ olcDbIDLcacheSize $ olcDbIndex $ olcDbLinearIndex $ olcDbLockDetect $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $ olcDbCacheFree $ olcDbDNcacheSize $ olcDbPageSize ) )
+objectclass ( 1.3.6.1.4.1.4203.1.12.2.4.2.2.1 NAME 'olcLdifConfig'
+	DESC 'LDIF backend configuration'
+	SUP olcDatabaseConfig
+	STRUCTURAL
+	MUST olcDbDirectory )
+objectclass ( 1.3.6.1.4.1.4203.1.4.1 NAME ( 'OpenLDAProotDSE' 'LDAProotDSE' )
+	DESC 'OpenLDAP Root DSE object'
+	SUP top
+	STRUCTURAL
+	MAY cn )
+objectclass ( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson'
+	DESC 'RFC2798: Internet Organizational Person'
+	SUP organizationalPerson
+	STRUCTURAL
+	MAY ( audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ employeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ initials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ preferredLanguage $ userSMIMECertificate $ userPKCS12 ) )
+objectclass ( 2.16.840.1.113730.3.2.6 NAME 'referral'
+	DESC 'namedref: named subordinate referral'
+	SUP top
+	STRUCTURAL
+	MUST ref )
+objectclass ( 2.5.17.0 NAME 'subentry'
+	DESC 'RFC3672: subentry'
+	SUP top
+	STRUCTURAL
+	MUST ( cn $ subtreeSpecification ) )
+objectclass ( 2.5.6.10 NAME 'residentialPerson'
+	DESC 'RFC2256: an residential person'
+	SUP person
+	STRUCTURAL
+	MUST l
+	MAY ( businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l ) )
diff --git a/.github/workflows/e2e-ui-tests.yml b/.github/workflows/e2e-ui-tests.yml
index 729b833e25..7a41082784 100644
--- a/.github/workflows/e2e-ui-tests.yml
+++ b/.github/workflows/e2e-ui-tests.yml
@@ -15,7 +15,8 @@ jobs:
       LDAP_ENABLED: true
       LDAP_HOST: openldap
       LDAP_BINDDN: cn=admin,dc=example,dc=com
-      LDAP_PASSWORd: ${{ secrets.LDAP_ADMIN_PASSWORD }}
+      LDAP_PASSWORD: ${{ secrets.LDAP_ADMIN_PASSWORD }}
+      LDAP_SEARCHBASE: dc=example,dc=com
       LDAP_SEARCHFILTER: (cn={{username}})
       LDAP_NAMEFIELD: cn
     services:
@@ -27,9 +28,13 @@ jobs:
           - 5432:5432
       openldap:
         image: osixia/openldap
+        volumes:
+          - ./.github/ldap/ldif/bootstrap.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom.ldif
+          - ./.github/ldap/schema/bootstrap.schema:/container/service/slapd/assets/config/bootstrap/schema/custom.schema
         env:
           LDAP_DOMAIN: example.com
           ADMIN_PASSWORD: ${{ secrets.LDAP_ADMIN_PASSWORD }}
+          LDAP_SEED_INTERNAL_LDIF_PATH: 
           LDAP_READONLY_USER: true
         ports:
           - 389:389

From 243c664cb63feb4b96deb0ed378f6e40d9d2962d Mon Sep 17 00:00:00 2001
From: Camden Moors <cmoors@mitre.org>
Date: Fri, 22 Jan 2021 12:09:33 -0500
Subject: [PATCH 15/34] Try getting current directory using pwd

---
 .github/workflows/e2e-ui-tests.yml | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/e2e-ui-tests.yml b/.github/workflows/e2e-ui-tests.yml
index 7a41082784..63ab77c614 100644
--- a/.github/workflows/e2e-ui-tests.yml
+++ b/.github/workflows/e2e-ui-tests.yml
@@ -28,9 +28,10 @@ jobs:
           - 5432:5432
       openldap:
         image: osixia/openldap
+        command: --copy-service
         volumes:
-          - ./.github/ldap/ldif/bootstrap.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom.ldif
-          - ./.github/ldap/schema/bootstrap.schema:/container/service/slapd/assets/config/bootstrap/schema/custom.schema
+          - $(pwd)/.github/ldap/ldif/bootstrap.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom.ldif
+          - $(pwd)/.github/ldap/schema/bootstrap.schema:/container/service/slapd/assets/config/bootstrap/schema/custom.schema
         env:
           LDAP_DOMAIN: example.com
           ADMIN_PASSWORD: ${{ secrets.LDAP_ADMIN_PASSWORD }}

From 7a8c77ff624c096d013d36494967060a7e9162d3 Mon Sep 17 00:00:00 2001
From: Camden Moors <cmoors@mitre.org>
Date: Fri, 22 Jan 2021 12:10:52 -0500
Subject: [PATCH 16/34] Remove command:

---
 .github/workflows/e2e-ui-tests.yml | 1 -
 1 file changed, 1 deletion(-)

diff --git a/.github/workflows/e2e-ui-tests.yml b/.github/workflows/e2e-ui-tests.yml
index 63ab77c614..0dbd90b157 100644
--- a/.github/workflows/e2e-ui-tests.yml
+++ b/.github/workflows/e2e-ui-tests.yml
@@ -28,7 +28,6 @@ jobs:
           - 5432:5432
       openldap:
         image: osixia/openldap
-        command: --copy-service
         volumes:
           - $(pwd)/.github/ldap/ldif/bootstrap.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom.ldif
           - $(pwd)/.github/ldap/schema/bootstrap.schema:/container/service/slapd/assets/config/bootstrap/schema/custom.schema

From 2cb3ad9dcb0115f3c55338654dadc0efbd73787b Mon Sep 17 00:00:00 2001
From: Camden Moors <cmoors@mitre.org>
Date: Fri, 22 Jan 2021 12:53:19 -0500
Subject: [PATCH 17/34] Try using ${{ github.workspace }}

---
 .github/workflows/e2e-ui-tests.yml | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/e2e-ui-tests.yml b/.github/workflows/e2e-ui-tests.yml
index 0dbd90b157..2dd1b32f5a 100644
--- a/.github/workflows/e2e-ui-tests.yml
+++ b/.github/workflows/e2e-ui-tests.yml
@@ -29,8 +29,8 @@ jobs:
       openldap:
         image: osixia/openldap
         volumes:
-          - $(pwd)/.github/ldap/ldif/bootstrap.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom.ldif
-          - $(pwd)/.github/ldap/schema/bootstrap.schema:/container/service/slapd/assets/config/bootstrap/schema/custom.schema
+          - ${{ github.workspace }}/.github/ldap/ldif/bootstrap.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom.ldif
+          - ${{ github.workspace }}/.github/ldap/schema/bootstrap.schema:/container/service/slapd/assets/config/bootstrap/schema/custom.schema
         env:
           LDAP_DOMAIN: example.com
           ADMIN_PASSWORD: ${{ secrets.LDAP_ADMIN_PASSWORD }}

From 4e1c21baf7ab39362461f8552047321e194b9dce Mon Sep 17 00:00:00 2001
From: Camden Moors <cmoors@mitre.org>
Date: Fri, 22 Jan 2021 13:02:55 -0500
Subject: [PATCH 18/34] Switch to using test-openldap

---
 .github/ldap/ldif/bootstrap.ldif     |   13 -
 .github/ldap/schema/bootstrap.schema | 1723 --------------------------
 .github/workflows/e2e-ui-tests.yml   |   25 +-
 3 files changed, 9 insertions(+), 1752 deletions(-)
 delete mode 100644 .github/ldap/ldif/bootstrap.ldif
 delete mode 100644 .github/ldap/schema/bootstrap.schema

diff --git a/.github/ldap/ldif/bootstrap.ldif b/.github/ldap/ldif/bootstrap.ldif
deleted file mode 100644
index bc3269e7bc..0000000000
--- a/.github/ldap/ldif/bootstrap.ldif
+++ /dev/null
@@ -1,13 +0,0 @@
-version: 1
-
-
-dn: uid=heimdall,dc=example,dc=com
-objectClass: inetOrgPerson
-objectClass: organizationalPerson
-objectClass: person
-objectClass: top
-cn: Heimdall User
-sn: heimdall
-mail: heimdall@example.com
-uid: heimdall
-userPassword: 859wvXEG4TGgYyWZ
\ No newline at end of file
diff --git a/.github/ldap/schema/bootstrap.schema b/.github/ldap/schema/bootstrap.schema
deleted file mode 100644
index 228b113f26..0000000000
--- a/.github/ldap/schema/bootstrap.schema
+++ /dev/null
@@ -1,1723 +0,0 @@
-attributetype ( 0.9.2342.19200300.100.1.1 NAME ( 'uid' 'userid' )
-	DESC 'RFC4519: user identifier'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.10 NAME 'manager'
-	DESC 'RFC1274: DN of manager'
-	EQUALITY distinguishedNameMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.11 NAME 'documentIdentifier'
-	DESC 'RFC1274: unique identifier of document'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.12 NAME 'documentTitle'
-	DESC 'RFC1274: title of document'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.13 NAME 'documentVersion'
-	DESC 'RFC1274: version of document'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.14 NAME 'documentAuthor'
-	DESC 'RFC1274: DN of author of document'
-	EQUALITY distinguishedNameMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.15 NAME 'documentLocation'
-	DESC 'RFC1274: location of document original'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.20 NAME ( 'homePhone' 'homeTelephoneNumber' )
-	DESC 'RFC1274: home telephone number'
-	EQUALITY telephoneNumberMatch
-	SUBSTR telephoneNumberSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.50
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.21 NAME 'secretary'
-	DESC 'RFC1274: DN of secretary'
-	EQUALITY distinguishedNameMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.22 NAME 'otherMailbox'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.39
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.25 NAME ( 'dc' 'domainComponent' )
-	DESC 'RFC1274/2247: domain component'
-	EQUALITY caseIgnoreIA5Match
-	SUBSTR caseIgnoreIA5SubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.26 NAME 'aRecord'
-	EQUALITY caseIgnoreIA5Match
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.27 NAME 'mDRecord'
-	EQUALITY caseIgnoreIA5Match
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.28 NAME 'mXRecord'
-	EQUALITY caseIgnoreIA5Match
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.29 NAME 'nSRecord'
-	EQUALITY caseIgnoreIA5Match
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.3 NAME ( 'mail' 'rfc822Mailbox' )
-	DESC 'RFC1274: RFC822 Mailbox'
-	EQUALITY caseIgnoreIA5Match
-	SUBSTR caseIgnoreIA5SubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.30 NAME 'sOARecord'
-	EQUALITY caseIgnoreIA5Match
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.31 NAME 'cNAMERecord'
-	EQUALITY caseIgnoreIA5Match
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.37 NAME 'associatedDomain'
-	DESC 'RFC1274: domain associated with object'
-	EQUALITY caseIgnoreIA5Match
-	SUBSTR caseIgnoreIA5SubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.38 NAME 'associatedName'
-	DESC 'RFC1274: DN of entry associated with domain'
-	EQUALITY distinguishedNameMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.39 NAME 'homePostalAddress'
-	DESC 'RFC1274: home postal address'
-	EQUALITY caseIgnoreListMatch
-	SUBSTR caseIgnoreListSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.41
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.4 NAME 'info'
-	DESC 'RFC1274: general information'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{2048}
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.40 NAME 'personalTitle'
-	DESC 'RFC1274: personal title'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.41 NAME ( 'mobile' 'mobileTelephoneNumber' )
-	DESC 'RFC1274: mobile telephone number'
-	EQUALITY telephoneNumberMatch
-	SUBSTR telephoneNumberSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.50
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.42 NAME ( 'pager' 'pagerTelephoneNumber' )
-	DESC 'RFC1274: pager telephone number'
-	EQUALITY telephoneNumberMatch
-	SUBSTR telephoneNumberSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.50
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.43 NAME ( 'co' 'friendlyCountryName' )
-	DESC 'RFC1274: friendly country name'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.44 NAME 'uniqueIdentifier'
-	DESC 'RFC1274: unique identifer'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.45 NAME 'organizationalStatus'
-	DESC 'RFC1274: organizational status'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.46 NAME 'janetMailbox'
-	DESC 'RFC1274: Janet mailbox'
-	EQUALITY caseIgnoreIA5Match
-	SUBSTR caseIgnoreIA5SubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256}
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.47 NAME 'mailPreferenceOption'
-	DESC 'RFC1274: mail preference option'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.48 NAME 'buildingName'
-	DESC 'RFC1274: name of building'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.49 NAME 'dSAQuality'
-	DESC 'RFC1274: DSA Quality'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.19
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.5 NAME ( 'drink' 'favouriteDrink' )
-	DESC 'RFC1274: favorite drink'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.50 NAME 'singleLevelQuality'
-	DESC 'RFC1274: Single Level Quality'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.13
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.51 NAME 'subtreeMinimumQuality'
-	DESC 'RFC1274: Subtree Mininum Quality'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.13
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.52 NAME 'subtreeMaximumQuality'
-	DESC 'RFC1274: Subtree Maximun Quality'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.13
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.53 NAME 'personalSignature'
-	DESC 'RFC1274: Personal Signature (G3 fax)'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.23
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.54 NAME 'dITRedirect'
-	DESC 'RFC1274: DIT Redirect'
-	EQUALITY distinguishedNameMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.55 NAME 'audio'
-	DESC 'RFC1274: audio (u-law)'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.4{25000}
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.56 NAME 'documentPublisher'
-	DESC 'RFC1274: publisher of document'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.6 NAME 'roomNumber'
-	DESC 'RFC1274: room number'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.60 NAME 'jpegPhoto'
-	DESC 'RFC2798: a JPEG image'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.28
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.7 NAME 'photo'
-	DESC 'RFC1274: photo (G3 fax)'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.23{25000}
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.8 NAME 'userClass'
-	DESC 'RFC1274: category of user'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
-	USAGE userApplications )
-attributetype ( 0.9.2342.19200300.100.1.9 NAME 'host'
-	DESC 'RFC1274: host computer'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256}
-	USAGE userApplications )
-attributetype ( 1.2.840.113549.1.9.1 NAME ( 'email' 'emailAddress' 'pkcs9email' )
-	DESC 'RFC3280: legacy attribute for email addresses in DNs'
-	EQUALITY caseIgnoreIA5Match
-	SUBSTR caseIgnoreIA5SubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128}
-	USAGE userApplications )
-attributetype ( 1.3.6.1.1.1.1.0 NAME 'uidNumber'
-	DESC 'RFC2307: An integer uniquely identifying a user in an administrative domain'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.1.1.1.1 NAME 'gidNumber'
-	DESC 'RFC2307: An integer uniquely identifying a group in an administrative domain'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid'
-	EQUALITY caseExactIA5Match
-	SUBSTR caseExactIA5SubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-	USAGE userApplications )
-attributetype ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup'
-	EQUALITY caseExactIA5Match
-	SUBSTR caseExactIA5SubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-	USAGE userApplications )
-attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple'
-	DESC 'Netgroup triple'
-	SYNTAX 1.3.6.1.1.1.0.0
-	USAGE userApplications )
-attributetype ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber'
-	DESC 'IP address'
-	EQUALITY caseIgnoreIA5Match
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128}
-	USAGE userApplications )
-attributetype ( 1.3.6.1.1.1.1.2 NAME 'gecos'
-	DESC 'The GECOS field; the common name'
-	EQUALITY caseIgnoreIA5Match
-	SUBSTR caseIgnoreIA5SubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber'
-	DESC 'IP network'
-	EQUALITY caseIgnoreIA5Match
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128}
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber'
-	DESC 'IP netmask'
-	EQUALITY caseIgnoreIA5Match
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128}
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.1.1.1.22 NAME 'macAddress'
-	DESC 'MAC address'
-	EQUALITY caseIgnoreIA5Match
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128}
-	USAGE userApplications )
-attributetype ( 1.3.6.1.1.1.1.23 NAME 'bootParameter'
-	DESC 'rpc.bootparamd parameter'
-	SYNTAX 1.3.6.1.1.1.0.1
-	USAGE userApplications )
-attributetype ( 1.3.6.1.1.1.1.24 NAME 'bootFile'
-	DESC 'Boot image name'
-	EQUALITY caseExactIA5Match
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-	USAGE userApplications )
-attributetype ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry'
-	EQUALITY caseExactIA5Match
-	SUBSTR caseExactIA5SubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1024}
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory'
-	DESC 'The absolute path to the home directory'
-	EQUALITY caseExactIA5Match
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.1.1.1.4 NAME 'loginShell'
-	DESC 'The path to the login shell'
-	EQUALITY caseExactIA5Match
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.1.1.1.6 NAME 'shadowMin'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.1.1.1.7 NAME 'shadowMax'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.1.16.4 NAME 'entryUUID'
-	DESC 'UUID of the entry'
-	EQUALITY UUIDMatch
-	ORDERING UUIDOrderingMatch
-	SYNTAX 1.3.6.1.1.16.1
-	SINGLE-VALUE
-	NO-USER-MODIFICATION
-	USAGE directoryOperation )
-attributetype ( 1.3.6.1.1.20 NAME 'entryDN'
-	DESC 'DN of the entry'
-	EQUALITY distinguishedNameMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-	SINGLE-VALUE
-	NO-USER-MODIFICATION
-	USAGE directoryOperation )
-attributetype ( 1.3.6.1.1.4 NAME 'vendorName'
-	DESC 'RFC3045: name of implementation vendor'
-	EQUALITY caseExactMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	NO-USER-MODIFICATION
-	USAGE dSAOperation )
-attributetype ( 1.3.6.1.1.5 NAME 'vendorVersion'
-	DESC 'RFC3045: version of implementation'
-	EQUALITY caseExactMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	NO-USER-MODIFICATION
-	USAGE dSAOperation )
-attributetype ( 1.3.6.1.4.1.1466.101.119.3 NAME 'entryTtl'
-	DESC 'RFC2589: entry time-to-live'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	SINGLE-VALUE
-	NO-USER-MODIFICATION
-	USAGE dSAOperation )
-attributetype ( 1.3.6.1.4.1.1466.101.119.4 NAME 'dynamicSubtrees'
-	DESC 'RFC2589: dynamic subtrees'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-	NO-USER-MODIFICATION
-	USAGE dSAOperation )
-attributetype ( 1.3.6.1.4.1.1466.101.120.13 NAME 'supportedControl'
-	DESC 'RFC4512: supported controls'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
-	USAGE dSAOperation )
-attributetype ( 1.3.6.1.4.1.1466.101.120.14 NAME 'supportedSASLMechanisms'
-	DESC 'RFC4512: supported SASL mechanisms'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE dSAOperation )
-attributetype ( 1.3.6.1.4.1.1466.101.120.15 NAME 'supportedLDAPVersion'
-	DESC 'RFC4512: supported LDAP versions'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	USAGE dSAOperation )
-attributetype ( 1.3.6.1.4.1.1466.101.120.16 NAME 'ldapSyntaxes'
-	DESC 'RFC4512: LDAP syntaxes'
-	EQUALITY objectIdentifierFirstComponentMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.54
-	USAGE directoryOperation )
-attributetype ( 1.3.6.1.4.1.1466.101.120.5 NAME 'namingContexts'
-	DESC 'RFC4512: naming contexts'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-	USAGE dSAOperation )
-attributetype ( 1.3.6.1.4.1.1466.101.120.6 NAME 'altServer'
-	DESC 'RFC4512: alternative servers'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-	USAGE dSAOperation )
-attributetype ( 1.3.6.1.4.1.1466.101.120.7 NAME 'supportedExtension'
-	DESC 'RFC4512: supported extended operations'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
-	USAGE dSAOperation )
-attributetype ( 1.3.6.1.4.1.250.1.57 NAME 'labeledURI'
-	DESC 'RFC2079: Uniform Resource Identifier with optional label'
-	EQUALITY caseExactMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.1 NAME 'olcAccess'
-	DESC 'Access Control List'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.10 NAME 'olcConcurrency'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.11 NAME 'olcConnMaxPending'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.12 NAME 'olcConnMaxPendingAuth'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.14 NAME 'olcDefaultSearchBase'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.15 NAME 'olcDisallows'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.16 NAME 'olcDitContentRules'
-	DESC 'OpenLDAP DIT content rules'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.17 NAME 'olcGentleHUP'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.18 NAME 'olcIdleTimeout'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.19 NAME 'olcInclude'
-	SUP labeledURI
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.2 NAME 'olcAllows'
-	DESC 'Allowed set of deprecated features'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.20 NAME 'olcIndexSubstrIfMinLen'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.21 NAME 'olcIndexSubstrIfMaxLen'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.22 NAME 'olcIndexSubstrAnyLen'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.23 NAME 'olcIndexSubstrAnyStep'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.26 NAME 'olcLocalSSF'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.27 NAME 'olcLogFile'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.28 NAME 'olcLogLevel'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.3 NAME 'olcArgsFile'
-	DESC 'File for slapd command line options'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.30 NAME 'olcModuleLoad'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.31 NAME 'olcModulePath'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.32 NAME 'olcObjectClasses'
-	DESC 'OpenLDAP object classes'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.33 NAME 'olcObjectIdentifier'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.35 NAME 'olcPasswordCryptSaltFormat'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.36 NAME 'olcPasswordHash'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.37 NAME 'olcPidFile'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.38 NAME 'olcPlugin'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.39 NAME 'olcPluginLogFile'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.4 NAME 'olcAttributeTypes'
-	DESC 'OpenLDAP attributeTypes'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.40 NAME 'olcReadOnly'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.41 NAME 'olcReferral'
-	SUP labeledURI
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.43 NAME 'olcReplicaArgsFile'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.44 NAME 'olcReplicaPidFile'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.45 NAME 'olcReplicationInterval'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.46 NAME 'olcReplogFile'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.47 NAME 'olcRequires'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.48 NAME 'olcRestrict'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.49 NAME 'olcReverseLookup'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.5 NAME 'olcAttributeOptions'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.51 NAME 'olcRootDSE'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.53 NAME 'olcSaslHost'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.54 NAME 'olcSaslRealm'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.56 NAME 'olcSaslSecProps'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.58 NAME 'olcSchemaDN'
-	EQUALITY distinguishedNameMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.59 NAME 'olcSecurity'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.6 NAME 'olcAuthIDRewrite'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.60 NAME 'olcSizeLimit'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.61 NAME 'olcSockbufMaxIncoming'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.62 NAME 'olcSockbufMaxIncomingAuth'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.66 NAME 'olcThreads'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.67 NAME 'olcTimeLimit'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.68 NAME 'olcTLSCACertificateFile'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.69 NAME 'olcTLSCACertificatePath'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.7 NAME 'olcAuthzPolicy'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.70 NAME 'olcTLSCertificateFile'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.71 NAME 'olcTLSCertificateKeyFile'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.72 NAME 'olcTLSCipherSuite'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.73 NAME 'olcTLSCRLCheck'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.74 NAME 'olcTLSRandFile'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.75 NAME 'olcTLSVerifyClient'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.77 NAME 'olcTLSDHParamFile'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.78 NAME 'olcConfigFile'
-	DESC 'File for slapd configuration directives'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.79 NAME 'olcConfigDir'
-	DESC 'Directory for slapd configuration backend'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.8 NAME 'olcAuthzRegexp'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.80 NAME 'olcToolThreads'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.81 NAME 'olcServerID'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.82 NAME 'olcTLSCRLFile'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.83 NAME 'olcSortVals'
-	DESC 'Attributes whose values will always be sorted'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.84 NAME 'olcIndexIntLen'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.85 NAME 'olcLdapSyntaxes'
-	DESC 'OpenLDAP ldapSyntax'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.86 NAME 'olcAddContentAcl'
-	DESC 'Check ACLs against content of Add ops'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.87 NAME 'olcTLSProtocolMin'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.88 NAME 'olcWriteTimeout'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.89 NAME 'olcSaslAuxprops'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.9 NAME 'olcBackend'
-	DESC 'A type of backend'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.90 NAME 'olcTCPBuffer'
-	DESC 'Custom TCP buffer size'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.1 NAME 'olcDbDirectory'
-	DESC 'Directory for database content'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.10 NAME 'olcSuffix'
-	EQUALITY distinguishedNameMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.11 NAME 'olcSyncrepl'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.12 NAME 'olcUpdateDN'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.13 NAME 'olcUpdateRef'
-	SUP labeledURI
-	EQUALITY caseIgnoreMatch
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.15 NAME 'olcSubordinate'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.16 NAME 'olcMirrorMode'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.17 NAME 'olcHidden'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.18 NAME 'olcMonitoring'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.19 NAME 'olcSyncUseSubentry'
-	DESC 'Store sync context in a subentry'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.2 NAME 'olcDbIndex'
-	DESC 'Attribute index parameters'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.3 NAME 'olcDbMode'
-	DESC 'Unix permissions of database files'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.4 NAME 'olcLastMod'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.5 NAME 'olcLimits'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.6 NAME 'olcMaxDerefDepth'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.7 NAME 'olcReplica'
-	SUP labeledURI
-	EQUALITY caseIgnoreMatch
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.8 NAME 'olcRootDN'
-	EQUALITY distinguishedNameMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.0.9 NAME 'olcRootPW'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.1 NAME 'olcDbCacheSize'
-	DESC 'Entry cache size in entries'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.10 NAME 'olcDbShmKey'
-	DESC 'Key for shared memory region'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.11 NAME 'olcDbCacheFree'
-	DESC 'Number of extra entries to free when max is reached'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.12 NAME 'olcDbDNcacheSize'
-	DESC 'DN cache size'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.13 NAME 'olcDbCryptFile'
-	DESC 'Pathname of file containing the DB encryption key'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.14 NAME 'olcDbCryptKey'
-	DESC 'DB encryption key'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.15 NAME 'olcDbPageSize'
-	DESC 'Page size of specified DB, in Kbytes'
-	EQUALITY caseExactMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.16 NAME 'olcDbChecksum'
-	DESC 'Enable database checksum validation'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.2 NAME 'olcDbCheckpoint'
-	DESC 'Database checkpoint interval in kbytes and minutes'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.3 NAME 'olcDbConfig'
-	DESC 'BerkeleyDB DB_CONFIG configuration directives'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.4 NAME 'olcDbNoSync'
-	DESC 'Disable synchronous database writes'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.5 NAME 'olcDbDirtyRead'
-	DESC 'Allow reads of uncommitted data'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.6 NAME 'olcDbIDLcacheSize'
-	DESC 'IDL cache size in IDLs'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.7 NAME 'olcDbLinearIndex'
-	DESC 'Index attributes one at a time'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.8 NAME 'olcDbLockDetect'
-	DESC 'Deadlock detection algorithm'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.2.1.9 NAME 'olcDbSearchStack'
-	DESC 'Depth of search stack in IDLs'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.3.5 NAME 'supportedFeatures'
-	DESC 'RFC4512: features supported by the server'
-	EQUALITY objectIdentifierMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
-	USAGE dSAOperation )
-attributetype ( 2.16.840.1.113730.3.1.1 NAME 'carLicense'
-	DESC 'RFC2798: vehicle license or registration plate'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 2.16.840.1.113730.3.1.2 NAME 'departmentNumber'
-	DESC 'RFC2798: identifies a department within an organization'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 2.16.840.1.113730.3.1.216 NAME 'userPKCS12'
-	DESC 'RFC2798: personal identity information, a PKCS #12 PFX'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.5
-	USAGE userApplications )
-attributetype ( 2.16.840.1.113730.3.1.241 NAME 'displayName'
-	DESC 'RFC2798: preferred name to be used when displaying entries'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 2.16.840.1.113730.3.1.3 NAME 'employeeNumber'
-	DESC 'RFC2798: numerically identifies an employee within an organization'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 2.16.840.1.113730.3.1.34 NAME 'ref'
-	DESC 'RFC3296: subordinate referral URL'
-	EQUALITY caseExactMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE distributedOperation )
-attributetype ( 2.16.840.1.113730.3.1.39 NAME 'preferredLanguage'
-	DESC 'RFC2798: preferred written or spoken language for a person'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 2.16.840.1.113730.3.1.4 NAME 'employeeType'
-	DESC 'RFC2798: type of employment for a person'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	USAGE userApplications )
-attributetype ( 2.16.840.1.113730.3.1.40 NAME 'userSMIMECertificate'
-	DESC 'RFC2798: PKCS#7 SignedData used to support S/MIME'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.5
-	USAGE userApplications )
-attributetype ( 2.5.18.1 NAME 'createTimestamp'
-	DESC 'RFC4512: time which object was created'
-	EQUALITY generalizedTimeMatch
-	ORDERING generalizedTimeOrderingMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-	SINGLE-VALUE
-	NO-USER-MODIFICATION
-	USAGE directoryOperation )
-attributetype ( 2.5.18.10 NAME 'subschemaSubentry'
-	DESC 'RFC4512: name of controlling subschema entry'
-	EQUALITY distinguishedNameMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-	SINGLE-VALUE
-	NO-USER-MODIFICATION
-	USAGE directoryOperation )
-attributetype ( 2.5.18.2 NAME 'modifyTimestamp'
-	DESC 'RFC4512: time which object was last modified'
-	EQUALITY generalizedTimeMatch
-	ORDERING generalizedTimeOrderingMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24
-	SINGLE-VALUE
-	NO-USER-MODIFICATION
-	USAGE directoryOperation )
-attributetype ( 2.5.18.3 NAME 'creatorsName'
-	DESC 'RFC4512: name of creator'
-	EQUALITY distinguishedNameMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-	SINGLE-VALUE
-	NO-USER-MODIFICATION
-	USAGE directoryOperation )
-attributetype ( 2.5.18.4 NAME 'modifiersName'
-	DESC 'RFC4512: name of last modifier'
-	EQUALITY distinguishedNameMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-	SINGLE-VALUE
-	NO-USER-MODIFICATION
-	USAGE directoryOperation )
-attributetype ( 2.5.18.9 NAME 'hasSubordinates'
-	DESC 'X.501: entry has children'
-	EQUALITY booleanMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-	SINGLE-VALUE
-	NO-USER-MODIFICATION
-	USAGE directoryOperation )
-attributetype ( 2.5.21.4 NAME 'matchingRules'
-	DESC 'RFC4512: matching rules'
-	EQUALITY objectIdentifierFirstComponentMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.30
-	USAGE directoryOperation )
-attributetype ( 2.5.21.5 NAME 'attributeTypes'
-	DESC 'RFC4512: attribute types'
-	EQUALITY objectIdentifierFirstComponentMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.3
-	USAGE directoryOperation )
-attributetype ( 2.5.21.6 NAME 'objectClasses'
-	DESC 'RFC4512: object classes'
-	EQUALITY objectIdentifierFirstComponentMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.37
-	USAGE directoryOperation )
-attributetype ( 2.5.21.8 NAME 'matchingRuleUse'
-	DESC 'RFC4512: matching rule uses'
-	EQUALITY objectIdentifierFirstComponentMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.31
-	USAGE directoryOperation )
-attributetype ( 2.5.21.9 NAME 'structuralObjectClass'
-	DESC 'RFC4512: structural object class of entry'
-	EQUALITY objectIdentifierMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
-	SINGLE-VALUE
-	NO-USER-MODIFICATION
-	USAGE directoryOperation )
-attributetype ( 2.5.4.0 NAME 'objectClass'
-	DESC 'RFC4512: object classes of the entity'
-	EQUALITY objectIdentifierMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
-	USAGE userApplications )
-attributetype ( 2.5.4.1 NAME ( 'aliasedObjectName' 'aliasedEntryName' )
-	DESC 'RFC4512: name of aliased object'
-	EQUALITY distinguishedNameMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 2.5.4.13 NAME 'description'
-	DESC 'RFC4519: descriptive information'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024}
-	USAGE userApplications )
-attributetype ( 2.5.4.14 NAME 'searchGuide'
-	DESC 'RFC2256: search guide, deprecated by enhancedSearchGuide'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.25
-	USAGE userApplications )
-attributetype ( 2.5.4.15 NAME 'businessCategory'
-	DESC 'RFC2256: business category'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128}
-	USAGE userApplications )
-attributetype ( 2.5.4.16 NAME 'postalAddress'
-	DESC 'RFC2256: postal address'
-	EQUALITY caseIgnoreListMatch
-	SUBSTR caseIgnoreListSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.41
-	USAGE userApplications )
-attributetype ( 2.5.4.17 NAME 'postalCode'
-	DESC 'RFC2256: postal code'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40}
-	USAGE userApplications )
-attributetype ( 2.5.4.18 NAME 'postOfficeBox'
-	DESC 'RFC2256: Post Office Box'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{40}
-	USAGE userApplications )
-attributetype ( 2.5.4.19 NAME 'physicalDeliveryOfficeName'
-	DESC 'RFC2256: Physical Delivery Office Name'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128}
-	USAGE userApplications )
-attributetype ( 2.5.4.2 NAME 'knowledgeInformation'
-	DESC 'RFC2256: knowledge information'
-	EQUALITY caseIgnoreMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768}
-	USAGE userApplications )
-attributetype ( 2.5.4.20 NAME 'telephoneNumber'
-	DESC 'RFC2256: Telephone Number'
-	EQUALITY telephoneNumberMatch
-	SUBSTR telephoneNumberSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.50{32}
-	USAGE userApplications )
-attributetype ( 2.5.4.21 NAME 'telexNumber'
-	DESC 'RFC2256: Telex Number'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.52
-	USAGE userApplications )
-attributetype ( 2.5.4.22 NAME 'teletexTerminalIdentifier'
-	DESC 'RFC2256: Teletex Terminal Identifier'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.51
-	USAGE userApplications )
-attributetype ( 2.5.4.23 NAME ( 'facsimileTelephoneNumber' 'fax' )
-	DESC 'RFC2256: Facsimile (Fax) Telephone Number'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.22
-	USAGE userApplications )
-attributetype ( 2.5.4.24 NAME 'x121Address'
-	DESC 'RFC2256: X.121 Address'
-	EQUALITY numericStringMatch
-	SUBSTR numericStringSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{15}
-	USAGE userApplications )
-attributetype ( 2.5.4.25 NAME 'internationaliSDNNumber'
-	DESC 'RFC2256: international ISDN number'
-	EQUALITY numericStringMatch
-	SUBSTR numericStringSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.36{16}
-	USAGE userApplications )
-attributetype ( 2.5.4.26 NAME 'registeredAddress'
-	DESC 'RFC2256: registered postal address'
-	SUP postalAddress
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.41
-	USAGE userApplications )
-attributetype ( 2.5.4.27 NAME 'destinationIndicator'
-	DESC 'RFC2256: destination indicator'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{128}
-	USAGE userApplications )
-attributetype ( 2.5.4.28 NAME 'preferredDeliveryMethod'
-	DESC 'RFC2256: preferred delivery method'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.14
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 2.5.4.29 NAME 'presentationAddress'
-	DESC 'RFC2256: presentation address'
-	EQUALITY presentationAddressMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.43
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 2.5.4.30 NAME 'supportedApplicationContext'
-	DESC 'RFC2256: supported application context'
-	EQUALITY objectIdentifierMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.38
-	USAGE userApplications )
-attributetype ( 2.5.4.35 NAME 'userPassword'
-	DESC 'RFC4519/2307: password of user'
-	EQUALITY octetStringMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128}
-	USAGE userApplications )
-attributetype ( 2.5.4.36 NAME 'userCertificate'
-	DESC 'RFC2256: X.509 user certificate, use ;binary'
-	EQUALITY certificateExactMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.8
-	USAGE userApplications )
-attributetype ( 2.5.4.37 NAME 'cACertificate'
-	DESC 'RFC2256: X.509 CA certificate, use ;binary'
-	EQUALITY certificateExactMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.8
-	USAGE userApplications )
-attributetype ( 2.5.4.38 NAME 'authorityRevocationList'
-	DESC 'RFC2256: X.509 authority revocation list, use ;binary'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.9
-	USAGE userApplications )
-attributetype ( 2.5.4.39 NAME 'certificateRevocationList'
-	DESC 'RFC2256: X.509 certificate revocation list, use ;binary'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.9
-	USAGE userApplications )
-attributetype ( 2.5.4.40 NAME 'crossCertificatePair'
-	DESC 'RFC2256: X.509 cross certificate pair, use ;binary'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.10
-	USAGE userApplications )
-attributetype ( 2.5.4.41 NAME 'name'
-	DESC 'RFC4519: common supertype of name attributes'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768}
-	USAGE userApplications )
-attributetype ( 2.5.4.42 NAME ( 'givenName' 'gn' )
-	DESC 'RFC2256: first name(s) for which the entity is known by'
-	SUP name
-	USAGE userApplications )
-attributetype ( 2.5.4.43 NAME 'initials'
-	DESC 'RFC2256: initials of some or all of names, but not the surname(s).'
-	SUP name
-	USAGE userApplications )
-attributetype ( 2.5.4.44 NAME 'generationQualifier'
-	DESC 'RFC2256: name qualifier indicating a generation'
-	SUP name
-	USAGE userApplications )
-attributetype ( 2.5.4.45 NAME 'x500UniqueIdentifier'
-	DESC 'RFC2256: X.500 unique identifier'
-	EQUALITY bitStringMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.6
-	USAGE userApplications )
-attributetype ( 2.5.4.46 NAME 'dnQualifier'
-	DESC 'RFC2256: DN qualifier'
-	EQUALITY caseIgnoreMatch
-	ORDERING caseIgnoreOrderingMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.44
-	USAGE userApplications )
-attributetype ( 2.5.4.47 NAME 'enhancedSearchGuide'
-	DESC 'RFC2256: enhanced search guide'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.21
-	USAGE userApplications )
-attributetype ( 2.5.4.48 NAME 'protocolInformation'
-	DESC 'RFC2256: protocol information'
-	EQUALITY protocolInformationMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.42
-	USAGE userApplications )
-attributetype ( 2.5.4.49 NAME 'distinguishedName'
-	DESC 'RFC4519: common supertype of DN attributes'
-	EQUALITY distinguishedNameMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-	USAGE userApplications )
-attributetype ( 2.5.4.5 NAME 'serialNumber'
-	DESC 'RFC2256: serial number of the entity'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.44{64}
-	USAGE userApplications )
-attributetype ( 2.5.4.50 NAME 'uniqueMember'
-	DESC 'RFC2256: unique member of a group'
-	EQUALITY uniqueMemberMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.34
-	USAGE userApplications )
-attributetype ( 2.5.4.51 NAME 'houseIdentifier'
-	DESC 'RFC2256: house identifier'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{32768}
-	USAGE userApplications )
-attributetype ( 2.5.4.52 NAME 'supportedAlgorithms'
-	DESC 'RFC2256: supported algorithms'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.49
-	USAGE userApplications )
-attributetype ( 2.5.4.53 NAME 'deltaRevocationList'
-	DESC 'RFC2256: delta revocation list; use ;binary'
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.9
-	USAGE userApplications )
-attributetype ( 2.5.4.54 NAME 'dmdName'
-	DESC 'RFC2256: name of DMD'
-	SUP name
-	USAGE userApplications )
-attributetype ( 2.5.4.6 NAME ( 'c' 'countryName' )
-	DESC 'RFC2256: ISO-3166 country 2-letter code'
-	SUP name
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 2.5.4.65 NAME 'pseudonym'
-	DESC 'X.520(4th): pseudonym for the object'
-	SUP name
-	USAGE userApplications )
-attributetype ( 2.5.4.7 NAME ( 'l' 'localityName' )
-	DESC 'RFC2256: locality which this object resides in'
-	SUP name
-	USAGE userApplications )
-attributetype ( 2.5.4.8 NAME ( 'st' 'stateOrProvinceName' )
-	DESC 'RFC2256: state or province which this object resides in'
-	SUP name
-	USAGE userApplications )
-attributetype ( 2.5.4.9 NAME ( 'street' 'streetAddress' )
-	DESC 'RFC2256: street address of this object'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128}
-	USAGE userApplications )
-attributetype ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol'
-	SUP name
-	USAGE userApplications )
-attributetype ( 1.3.6.1.1.1.1.26 NAME 'nisMapName'
-	SUP name
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.13 NAME 'olcDatabase'
-	DESC 'The backend type for a database instance'
-	SUP olcBackend
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 1.3.6.1.4.1.4203.1.12.2.3.0.34 NAME 'olcOverlay'
-	SUP olcDatabase
-	SINGLE-VALUE
-	USAGE userApplications )
-attributetype ( 2.5.4.10 NAME ( 'o' 'organizationName' )
-	DESC 'RFC2256: organization this object belongs to'
-	SUP name
-	USAGE userApplications )
-attributetype ( 2.5.4.11 NAME ( 'ou' 'organizationalUnitName' )
-	DESC 'RFC2256: organizational unit this object belongs to'
-	SUP name
-	USAGE userApplications )
-attributetype ( 2.5.4.12 NAME 'title'
-	DESC 'RFC2256: title associated with the entity'
-	SUP name
-	USAGE userApplications )
-attributetype ( 2.5.4.3 NAME ( 'cn' 'commonName' )
-	DESC 'RFC4519: common name(s) for which the entity is known by'
-	SUP name
-	USAGE userApplications )
-attributetype ( 2.5.4.31 NAME 'member'
-	DESC 'RFC2256: member of a group'
-	SUP distinguishedName
-	USAGE userApplications )
-attributetype ( 2.5.4.32 NAME 'owner'
-	DESC 'RFC2256: owner (of the object)'
-	SUP distinguishedName
-	USAGE userApplications )
-attributetype ( 2.5.4.33 NAME 'roleOccupant'
-	DESC 'RFC2256: occupant of role'
-	SUP distinguishedName
-	USAGE userApplications )
-attributetype ( 2.5.4.34 NAME 'seeAlso'
-	DESC 'RFC4519: DN of related object'
-	SUP distinguishedName
-	USAGE userApplications )
-attributetype ( 2.5.4.4 NAME ( 'sn' 'surname' )
-	DESC 'RFC2256: last (family) name(s) for which the entity is known by'
-	SUP name
-	USAGE userApplications )
-objectclass ( 1.3.6.1.4.1.4203.1.12.2.4.0.7 NAME 'olcFrontendConfig'
-	DESC 'OpenLDAP frontend configuration'
-	AUXILIARY
-	MAY ( olcDefaultSearchBase $ olcPasswordHash $ olcSortVals ) )
-objectclass ( 2.5.20.1 NAME 'subschema'
-	DESC 'RFC4512: controlling subschema (sub)entry'
-	AUXILIARY
-	MAY ( dITStructureRules $ nameForms $ dITContentRules $ objectClasses $ attributeTypes $ matchingRules $ matchingRuleUse ) )
-objectclass ( 2.5.6.0 NAME 'top'
-	DESC 'top of the superclass chain'
-	ABSTRACT
-	MUST objectClass )
-objectclass ( 2.5.6.1 NAME 'alias'
-	DESC 'RFC4512: an alias'
-	SUP top
-	STRUCTURAL
-	MUST aliasedObjectName )
-objectclass ( 2.5.6.11 NAME 'applicationProcess'
-	DESC 'RFC2256: an application process'
-	SUP top
-	STRUCTURAL
-	MUST cn
-	MAY ( seeAlso $ ou $ l $ description ) )
-objectclass ( 2.5.6.12 NAME 'applicationEntity'
-	DESC 'RFC2256: an application entity'
-	SUP top
-	STRUCTURAL
-	MUST ( presentationAddress $ cn )
-	MAY ( supportedApplicationContext $ seeAlso $ ou $ o $ l $ description ) )
-objectclass ( 2.5.6.13 NAME 'dSA'
-	DESC 'RFC2256: a directory system agent (a server)'
-	SUP applicationEntity
-	STRUCTURAL
-	MAY knowledgeInformation )
-objectclass ( 2.5.6.14 NAME 'device'
-	DESC 'RFC2256: a device'
-	SUP top
-	STRUCTURAL
-	MUST cn
-	MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )
-objectclass ( 2.5.6.15 NAME 'strongAuthenticationUser'
-	DESC 'RFC2256: a strong authentication user'
-	SUP top
-	AUXILIARY
-	MUST userCertificate )
-objectclass ( 2.5.6.16 NAME 'certificationAuthority'
-	DESC 'RFC2256: a certificate authority'
-	SUP top
-	AUXILIARY
-	MUST ( authorityRevocationList $ certificateRevocationList $ cACertificate )
-	MAY crossCertificatePair )
-objectclass ( 2.5.6.16.2 NAME 'certificationAuthority-V2'
-	SUP certificationAuthority
-	AUXILIARY
-	MAY deltaRevocationList )
-objectclass ( 2.5.6.17 NAME 'groupOfUniqueNames'
-	DESC 'RFC2256: a group of unique names (DN and Unique Identifier)'
-	SUP top
-	STRUCTURAL
-	MUST ( uniqueMember $ cn )
-	MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
-objectclass ( 2.5.6.18 NAME 'userSecurityInformation'
-	DESC 'RFC2256: a user security information'
-	SUP top
-	AUXILIARY
-	MAY supportedAlgorithms )
-objectclass ( 2.5.6.19 NAME 'cRLDistributionPoint'
-	SUP top
-	STRUCTURAL
-	MUST cn
-	MAY ( certificateRevocationList $ authorityRevocationList $ deltaRevocationList ) )
-objectclass ( 2.5.6.2 NAME 'country'
-	DESC 'RFC2256: a country'
-	SUP top
-	STRUCTURAL
-	MUST c
-	MAY ( searchGuide $ description ) )
-objectclass ( 2.5.6.20 NAME 'dmd'
-	SUP top
-	STRUCTURAL
-	MUST dmdName
-	MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
-objectclass ( 2.5.6.21 NAME 'pkiUser'
-	DESC 'RFC2587: a PKI user'
-	SUP top
-	AUXILIARY
-	MAY userCertificate )
-objectclass ( 2.5.6.22 NAME 'pkiCA'
-	DESC 'RFC2587: PKI certificate authority'
-	SUP top
-	AUXILIARY
-	MAY ( authorityRevocationList $ certificateRevocationList $ cACertificate $ crossCertificatePair ) )
-objectclass ( 2.5.6.23 NAME 'deltaCRL'
-	DESC 'RFC2587: PKI user'
-	SUP top
-	AUXILIARY
-	MAY deltaRevocationList )
-objectclass ( 2.5.6.3 NAME 'locality'
-	DESC 'RFC2256: a locality'
-	SUP top
-	STRUCTURAL
-	MAY ( street $ seeAlso $ searchGuide $ st $ l $ description ) )
-objectclass ( 2.5.6.4 NAME 'organization'
-	DESC 'RFC2256: an organization'
-	SUP top
-	STRUCTURAL
-	MUST o
-	MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
-objectclass ( 2.5.6.5 NAME 'organizationalUnit'
-	DESC 'RFC2256: an organizational unit'
-	SUP top
-	STRUCTURAL
-	MUST ou
-	MAY ( userPassword $ searchGuide $ seeAlso $ businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l $ description ) )
-objectclass ( 2.5.6.6 NAME 'person'
-	DESC 'RFC2256: a person'
-	SUP top
-	STRUCTURAL
-	MUST ( sn $ cn )
-	MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )
-objectclass ( 2.5.6.7 NAME 'organizationalPerson'
-	DESC 'RFC2256: an organizational person'
-	SUP person
-	STRUCTURAL
-	MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )
-objectclass ( 2.5.6.8 NAME 'organizationalRole'
-	DESC 'RFC2256: an organizational role'
-	SUP top
-	STRUCTURAL
-	MUST cn
-	MAY ( x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ seeAlso $ roleOccupant $ preferredDeliveryMethod $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l $ description ) )
-objectclass ( 2.5.6.9 NAME 'groupOfNames'
-	DESC 'RFC2256: a group of names (DNs)'
-	SUP top
-	STRUCTURAL
-	MUST ( member $ cn )
-	MAY ( businessCategory $ seeAlso $ owner $ ou $ o $ description ) )
-objectclass ( 0.9.2342.19200300.100.4.13 NAME 'domain'
-	SUP top
-	STRUCTURAL
-	MUST domainComponent
-	MAY ( associatedName $ organizationName $ description $ businessCategory $ seeAlso $ searchGuide $ userPassword $ localityName $ stateOrProvinceName $ streetAddress $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOfficeBox $ streetAddress $ facsimileTelephoneNumber $ internationalISDNNumber $ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ preferredDeliveryMethod $ destinationIndicator $ registeredAddress $ x121Address ) )
-objectclass ( 0.9.2342.19200300.100.4.14 NAME 'RFC822localPart'
-	SUP domain
-	STRUCTURAL
-	MAY ( commonName $ surname $ description $ seeAlso $ telephoneNumber $ physicalDeliveryOfficeName $ postalAddress $ postalCode $ postOfficeBox $ streetAddress $ facsimileTelephoneNumber $ internationalISDNNumber $ telephoneNumber $ teletexTerminalIdentifier $ telexNumber $ preferredDeliveryMethod $ destinationIndicator $ registeredAddress $ x121Address ) )
-objectclass ( 0.9.2342.19200300.100.4.15 NAME 'dNSDomain'
-	SUP domain
-	STRUCTURAL
-	MAY ( ARecord $ MDRecord $ MXRecord $ NSRecord $ SOARecord $ CNAMERecord ) )
-objectclass ( 0.9.2342.19200300.100.4.17 NAME 'domainRelatedObject'
-	DESC 'RFC1274: an object related to an domain'
-	SUP top
-	AUXILIARY
-	MUST associatedDomain )
-objectclass ( 0.9.2342.19200300.100.4.18 NAME 'friendlyCountry'
-	SUP country
-	STRUCTURAL
-	MUST friendlyCountryName )
-objectclass ( 0.9.2342.19200300.100.4.19 NAME 'simpleSecurityObject'
-	DESC 'RFC1274: simple security object'
-	SUP top
-	AUXILIARY
-	MUST userPassword )
-objectclass ( 0.9.2342.19200300.100.4.20 NAME 'pilotOrganization'
-	SUP ( organization $ organizationalUnit )
-	STRUCTURAL
-	MAY buildingName )
-objectclass ( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA'
-	SUP dsa
-	STRUCTURAL
-	MAY dSAQuality )
-objectclass ( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData'
-	SUP top
-	AUXILIARY
-	MUST dsaQuality
-	MAY ( subtreeMinimumQuality $ subtreeMaximumQuality ) )
-objectclass ( 0.9.2342.19200300.100.4.4 NAME ( 'pilotPerson' 'newPilotPerson' )
-	SUP person
-	STRUCTURAL
-	MAY ( userid $ textEncodedORAddress $ rfc822Mailbox $ favouriteDrink $ roomNumber $ userClass $ homeTelephoneNumber $ homePostalAddress $ secretary $ personalTitle $ preferredDeliveryMethod $ businessCategory $ janetMailbox $ otherMailbox $ mobileTelephoneNumber $ pagerTelephoneNumber $ organizationalStatus $ mailPreferenceOption $ personalSignature ) )
-objectclass ( 0.9.2342.19200300.100.4.5 NAME 'account'
-	SUP top
-	STRUCTURAL
-	MUST userid
-	MAY ( description $ seeAlso $ localityName $ organizationName $ organizationalUnitName $ host ) )
-objectclass ( 0.9.2342.19200300.100.4.6 NAME 'document'
-	SUP top
-	STRUCTURAL
-	MUST documentIdentifier
-	MAY ( commonName $ description $ seeAlso $ localityName $ organizationName $ organizationalUnitName $ documentTitle $ documentVersion $ documentAuthor $ documentLocation $ documentPublisher ) )
-objectclass ( 0.9.2342.19200300.100.4.7 NAME 'room'
-	SUP top
-	STRUCTURAL
-	MUST commonName
-	MAY ( roomNumber $ description $ seeAlso $ telephoneNumber ) )
-objectclass ( 0.9.2342.19200300.100.4.9 NAME 'documentSeries'
-	SUP top
-	STRUCTURAL
-	MUST commonName
-	MAY ( description $ seeAlso $ telephonenumber $ localityName $ organizationName $ organizationalUnitName ) )
-objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount'
-	DESC 'Abstraction of an account with POSIX attributes'
-	SUP top
-	AUXILIARY
-	MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
-	MAY ( userPassword $ loginShell $ gecos $ description ) )
-objectclass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount'
-	DESC 'Additional attributes for shadow passwords'
-	SUP top
-	AUXILIARY
-	MUST uid
-	MAY ( userPassword $ shadowLastChange $ shadowMin $ shadowMax $ shadowWarning $ shadowInactive $ shadowExpire $ shadowFlag $ description ) )
-objectclass ( 1.3.6.1.1.1.2.10 NAME 'nisObject'
-	DESC 'An entry in a NIS map'
-	SUP top
-	STRUCTURAL
-	MUST ( cn $ nisMapEntry $ nisMapName )
-	MAY description )
-objectclass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device'
-	DESC 'A device with a MAC address'
-	SUP top
-	AUXILIARY
-	MAY macAddress )
-objectclass ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice'
-	DESC 'A device with boot parameters'
-	SUP top
-	AUXILIARY
-	MAY ( bootFile $ bootParameter ) )
-objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup'
-	DESC 'Abstraction of a group of accounts'
-	SUP top
-	STRUCTURAL
-	MUST ( cn $ gidNumber )
-	MAY ( userPassword $ memberUid $ description ) )
-objectclass ( 1.3.6.1.1.1.2.3 NAME 'ipService'
-	DESC 'Abstraction an Internet Protocol service'
-	SUP top
-	STRUCTURAL
-	MUST ( cn $ ipServicePort $ ipServiceProtocol )
-	MAY description )
-objectclass ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol'
-	DESC 'Abstraction of an IP protocol'
-	SUP top
-	STRUCTURAL
-	MUST ( cn $ ipProtocolNumber $ description )
-	MAY description )
-objectclass ( 1.3.6.1.1.1.2.5 NAME 'oncRpc'
-	DESC 'Abstraction of an ONC/RPC binding'
-	SUP top
-	STRUCTURAL
-	MUST ( cn $ oncRpcNumber $ description )
-	MAY description )
-objectclass ( 1.3.6.1.1.1.2.6 NAME 'ipHost'
-	DESC 'Abstraction of a host, an IP device'
-	SUP top
-	AUXILIARY
-	MUST ( cn $ ipHostNumber )
-	MAY ( l $ description $ manager ) )
-objectclass ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork'
-	DESC 'Abstraction of an IP network'
-	SUP top
-	STRUCTURAL
-	MUST ( cn $ ipNetworkNumber )
-	MAY ( ipNetmaskNumber $ l $ description $ manager ) )
-objectclass ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup'
-	DESC 'Abstraction of a netgroup'
-	SUP top
-	STRUCTURAL
-	MUST cn
-	MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) )
-objectclass ( 1.3.6.1.1.1.2.9 NAME 'nisMap'
-	DESC 'A generic abstraction of a NIS map'
-	SUP top
-	STRUCTURAL
-	MUST nisMapName
-	MAY description )
-objectclass ( 1.3.6.1.1.3.1 NAME 'uidObject'
-	DESC 'RFC2377: uid object'
-	SUP top
-	AUXILIARY
-	MUST uid )
-objectclass ( 1.3.6.1.4.1.1466.101.119.2 NAME 'dynamicObject'
-	DESC 'RFC2589: Dynamic Object'
-	SUP top
-	AUXILIARY )
-objectclass ( 1.3.6.1.4.1.1466.101.120.111 NAME 'extensibleObject'
-	DESC 'RFC4512: extensible object'
-	SUP top
-	AUXILIARY )
-objectclass ( 1.3.6.1.4.1.1466.344 NAME 'dcObject'
-	DESC 'RFC2247: domain component object'
-	SUP top
-	AUXILIARY
-	MUST dc )
-objectclass ( 1.3.6.1.4.1.250.3.15 NAME 'labeledURIObject'
-	DESC 'RFC2079: object that contains the URI attribute type'
-	SUP top
-	AUXILIARY
-	MAY labeledURI )
-objectclass ( 1.3.6.1.4.1.4203.1.12.2.4.0.0 NAME 'olcConfig'
-	DESC 'OpenLDAP configuration object'
-	SUP top
-	ABSTRACT )
-objectclass ( 1.3.6.1.4.1.4203.1.12.2.4.0.1 NAME 'olcGlobal'
-	DESC 'OpenLDAP Global configuration options'
-	SUP olcConfig
-	STRUCTURAL
-	MAY ( cn $ olcConfigFile $ olcConfigDir $ olcAllows $ olcArgsFile $ olcAttributeOptions $ olcAuthIDRewrite $ olcAuthzPolicy $ olcAuthzRegexp $ olcConcurrency $ olcConnMaxPending $ olcConnMaxPendingAuth $ olcDisallows $ olcGentleHUP $ olcIdleTimeout $ olcIndexSubstrIfMaxLen $ olcIndexSubstrIfMinLen $ olcIndexSubstrAnyLen $ olcIndexSubstrAnyStep $ olcIndexIntLen $ olcLocalSSF $ olcLogFile $ olcLogLevel $ olcPasswordCryptSaltFormat $ olcPasswordHash $ olcPidFile $ olcPluginLogFile $ olcReadOnly $ olcReferral $ olcReplogFile $ olcRequires $ olcRestrict $ olcReverseLookup $ olcRootDSE $ olcSaslAuxprops $ olcSaslHost $ olcSaslRealm $ olcSaslSecProps $ olcSecurity $ olcServerID $ olcSizeLimit $ olcSockbufMaxIncoming $ olcSockbufMaxIncomingAuth $ olcTCPBuffer $ olcThreads $ olcTimeLimit $ olcTLSCACertificateFile $ olcTLSCACertificatePath $ olcTLSCertificateFile $ olcTLSCertificateKeyFile $ olcTLSCipherSuite $ olcTLSCRLCheck $ olcTLSRandFile $ olcTLSVerifyClient $ olcTLSDHParamFile $ olcTLSCRLFile $ olcToolThreads $ olcWriteTimeout $ olcObjectIdentifier $ olcAttributeTypes $ olcObjectClasses $ olcDitContentRules $ olcLdapSyntaxes ) )
-objectclass ( 1.3.6.1.4.1.4203.1.12.2.4.0.2 NAME 'olcSchemaConfig'
-	DESC 'OpenLDAP schema object'
-	SUP olcConfig
-	STRUCTURAL
-	MAY ( cn $ olcObjectIdentifier $ olcAttributeTypes $ olcObjectClasses $ olcDitContentRules $ olcLdapSyntaxes ) )
-objectclass ( 1.3.6.1.4.1.4203.1.12.2.4.0.3 NAME 'olcBackendConfig'
-	DESC 'OpenLDAP Backend-specific options'
-	SUP olcConfig
-	STRUCTURAL
-	MUST olcBackend )
-objectclass ( 1.3.6.1.4.1.4203.1.12.2.4.0.4 NAME 'olcDatabaseConfig'
-	DESC 'OpenLDAP Database-specific options'
-	SUP olcConfig
-	STRUCTURAL
-	MUST olcDatabase
-	MAY ( olcHidden $ olcSuffix $ olcSubordinate $ olcAccess $ olcAddContentAcl $ olcLastMod $ olcLimits $ olcMaxDerefDepth $ olcPlugin $ olcReadOnly $ olcReplica $ olcReplicaArgsFile $ olcReplicaPidFile $ olcReplicationInterval $ olcReplogFile $ olcRequires $ olcRestrict $ olcRootDN $ olcRootPW $ olcSchemaDN $ olcSecurity $ olcSizeLimit $ olcSyncUseSubentry $ olcSyncrepl $ olcTimeLimit $ olcUpdateDN $ olcUpdateRef $ olcMirrorMode $ olcMonitoring ) )
-objectclass ( 1.3.6.1.4.1.4203.1.12.2.4.0.5 NAME 'olcOverlayConfig'
-	DESC 'OpenLDAP Overlay-specific options'
-	SUP olcConfig
-	STRUCTURAL
-	MUST olcOverlay )
-objectclass ( 1.3.6.1.4.1.4203.1.12.2.4.0.6 NAME 'olcIncludeFile'
-	DESC 'OpenLDAP configuration include file'
-	SUP olcConfig
-	STRUCTURAL
-	MUST olcInclude
-	MAY ( cn $ olcRootDSE ) )
-objectclass ( 1.3.6.1.4.1.4203.1.12.2.4.0.8 NAME 'olcModuleList'
-	DESC 'OpenLDAP dynamic module info'
-	SUP olcConfig
-	STRUCTURAL
-	MAY ( cn $ olcModulePath $ olcModuleLoad ) )
-objectclass ( 1.3.6.1.4.1.4203.1.12.2.4.2.1.2 NAME 'olcHdbConfig'
-	DESC 'HDB backend configuration'
-	SUP olcDatabaseConfig
-	STRUCTURAL
-	MUST olcDbDirectory
-	MAY ( olcDbCacheSize $ olcDbCheckpoint $ olcDbConfig $ olcDbCryptFile $ olcDbCryptKey $ olcDbNoSync $ olcDbDirtyRead $ olcDbIDLcacheSize $ olcDbIndex $ olcDbLinearIndex $ olcDbLockDetect $ olcDbMode $ olcDbSearchStack $ olcDbShmKey $ olcDbCacheFree $ olcDbDNcacheSize $ olcDbPageSize ) )
-objectclass ( 1.3.6.1.4.1.4203.1.12.2.4.2.2.1 NAME 'olcLdifConfig'
-	DESC 'LDIF backend configuration'
-	SUP olcDatabaseConfig
-	STRUCTURAL
-	MUST olcDbDirectory )
-objectclass ( 1.3.6.1.4.1.4203.1.4.1 NAME ( 'OpenLDAProotDSE' 'LDAProotDSE' )
-	DESC 'OpenLDAP Root DSE object'
-	SUP top
-	STRUCTURAL
-	MAY cn )
-objectclass ( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson'
-	DESC 'RFC2798: Internet Organizational Person'
-	SUP organizationalPerson
-	STRUCTURAL
-	MAY ( audio $ businessCategory $ carLicense $ departmentNumber $ displayName $ employeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ initials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo $ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ preferredLanguage $ userSMIMECertificate $ userPKCS12 ) )
-objectclass ( 2.16.840.1.113730.3.2.6 NAME 'referral'
-	DESC 'namedref: named subordinate referral'
-	SUP top
-	STRUCTURAL
-	MUST ref )
-objectclass ( 2.5.17.0 NAME 'subentry'
-	DESC 'RFC3672: subentry'
-	SUP top
-	STRUCTURAL
-	MUST ( cn $ subtreeSpecification ) )
-objectclass ( 2.5.6.10 NAME 'residentialPerson'
-	DESC 'RFC2256: an residential person'
-	SUP person
-	STRUCTURAL
-	MUST l
-	MAY ( businessCategory $ x121Address $ registeredAddress $ destinationIndicator $ preferredDeliveryMethod $ telexNumber $ teletexTerminalIdentifier $ telephoneNumber $ internationaliSDNNumber $ facsimileTelephoneNumber $ preferredDeliveryMethod $ street $ postOfficeBox $ postalCode $ postalAddress $ physicalDeliveryOfficeName $ st $ l ) )
diff --git a/.github/workflows/e2e-ui-tests.yml b/.github/workflows/e2e-ui-tests.yml
index 2dd1b32f5a..0e4f2e693b 100644
--- a/.github/workflows/e2e-ui-tests.yml
+++ b/.github/workflows/e2e-ui-tests.yml
@@ -13,11 +13,12 @@ jobs:
       CYPRESS_TESTING: true
       NODE_ENV: test
       LDAP_ENABLED: true
-      LDAP_HOST: openldap
-      LDAP_BINDDN: cn=admin,dc=example,dc=com
-      LDAP_PASSWORD: ${{ secrets.LDAP_ADMIN_PASSWORD }}
-      LDAP_SEARCHBASE: dc=example,dc=com
-      LDAP_SEARCHFILTER: (cn={{username}})
+      LDAP_HOST: ldap
+      LDAP_PORT: 10389
+      LDAP_BINDDN: cn=admin,dc=planetexpress,dc=com
+      LDAP_PASSWORD: GoodNewsEveryone
+      LDAP_SEARCHBASE: ou=people,dc=planetexpress,dc=com
+      LDAP_SEARCHFILTER: (uid={{username}})
       LDAP_NAMEFIELD: cn
     services:
       postgres:
@@ -26,18 +27,10 @@ jobs:
           POSTGRES_PASSWORD: postgres
         ports:
           - 5432:5432
-      openldap:
-        image: osixia/openldap
-        volumes:
-          - ${{ github.workspace }}/.github/ldap/ldif/bootstrap.ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom.ldif
-          - ${{ github.workspace }}/.github/ldap/schema/bootstrap.schema:/container/service/slapd/assets/config/bootstrap/schema/custom.schema
-        env:
-          LDAP_DOMAIN: example.com
-          ADMIN_PASSWORD: ${{ secrets.LDAP_ADMIN_PASSWORD }}
-          LDAP_SEED_INTERNAL_LDIF_PATH: 
-          LDAP_READONLY_USER: true
+      ldap:
+        image: rroemhild/test-openldap
         ports:
-          - 389:389
+          - 10389:10389
 
     steps:
       - uses: actions/checkout@v2

From 555278483a7eb88673b3f356f50b5cb4169d99d5 Mon Sep 17 00:00:00 2001
From: Camden Moors <cmoors@mitre.org>
Date: Mon, 25 Jan 2021 10:00:16 -0500
Subject: [PATCH 19/34] Add cypress tests for ldap login

---
 apps/backend/test/constants/users-test.constant.ts  | 10 ++++++++++
 .../src/components/global/login/LDAPLogin.vue       |  3 +++
 test/integration/login.spec.ts                      | 13 +++++++++++++
 test/support/pages/LoginPage.ts                     | 10 ++++++++++
 test/support/verifiers/LoginPageVerifier.ts         |  5 +++++
 5 files changed, 41 insertions(+)

diff --git a/apps/backend/test/constants/users-test.constant.ts b/apps/backend/test/constants/users-test.constant.ts
index af28de996a..390039a228 100644
--- a/apps/backend/test/constants/users-test.constant.ts
+++ b/apps/backend/test/constants/users-test.constant.ts
@@ -15,6 +15,11 @@ export const LOGIN_AUTHENTICATION = {
   password: 'LETmeiN123$$$tP'
 };
 
+export const LDAP_AUTHENTICATION = {
+  username: 'fry',
+  password: 'fry'
+};
+
 export const ADMIN_LOGIN_AUTHENTICATION = {
   email: 'admin@yahoo.com',
   password: 'LETmeiN123$$$tP'
@@ -25,6 +30,11 @@ export const BAD_LOGIN_AUTHENTICATION = {
   password: 'Invalid_password'
 };
 
+export const BAD_LDAP_AUTHENTICATION = {
+  username: 'fry',
+  password: 'zoiderg'
+};
+
 // @ts-ignore
 export const TEST_USER: User = {
   email: 'abc@yahoo.com',
diff --git a/apps/frontend/src/components/global/login/LDAPLogin.vue b/apps/frontend/src/components/global/login/LDAPLogin.vue
index b7ee1d176d..9302ed3591 100644
--- a/apps/frontend/src/components/global/login/LDAPLogin.vue
+++ b/apps/frontend/src/components/global/login/LDAPLogin.vue
@@ -10,6 +10,7 @@
         prepend-icon="mdi-account"
         type="text"
         required
+        data-cy="ldapusername"
         @keyup.enter="$refs.password.focus"
         @blur="$v.username.$touch()"
       />
@@ -21,6 +22,7 @@
         type="password"
         name="password"
         label="Password"
+        data-cy="ldappassword"
         prepend-icon="mdi-lock"
         @keyup.enter="ldapLogin()"
         @blur="$v.password.$touch()"
@@ -29,6 +31,7 @@
         id="login_button"
         depressed
         large
+        data-cy="ldapLoginButton"
         color="primary"
         @click="ldapLogin()"
       >
diff --git a/test/integration/login.spec.ts b/test/integration/login.spec.ts
index 3b234b5f00..9b035c733b 100644
--- a/test/integration/login.spec.ts
+++ b/test/integration/login.spec.ts
@@ -1,8 +1,10 @@
 /// <reference types="cypress" />
 
 import {
+  BAD_LDAP_AUTHENTICATION,
   BAD_LOGIN_AUTHENTICATION,
   CREATE_USER_DTO_TEST_OBJ,
+  LDAP_AUTHENTICATION,
   LOGIN_AUTHENTICATION
 } from '../../apps/backend/test/constants/users-test.constant';
 import LoginPage from '../support/pages/LoginPage';
@@ -30,9 +32,20 @@ context('Login', () => {
       loginPage.login(LOGIN_AUTHENTICATION);
       toastVerifier.toastTextContains('You have successfully signed in.');
     });
+    it('authenticates an ldap user with valid credentials', () => {
+      loginPage.switchToLDAPAuth();
+      loginPageVerifier.ldapLoginFormPresent();
+      loginPage.ldapLogin(LDAP_AUTHENTICATION);
+      toastVerifier.toastTextContains('You have successfully signed in.');
+    });
     it('fails to authenticate a user with invalid credentials', () => {
       loginPage.login(BAD_LOGIN_AUTHENTICATION);
       toastVerifier.toastTextContains('Incorrect Username or Password');
     });
+    it('fails to authenticate an ldap user with invalid credentials', () => {
+      loginPage.switchToLDAPAuth();
+      loginPage.ldapLogin(BAD_LDAP_AUTHENTICATION);
+      toastVerifier.toastTextContains('Unauthorized');
+    });
   });
 });
diff --git a/test/support/pages/LoginPage.ts b/test/support/pages/LoginPage.ts
index 96b4f6b4cb..6ea8f6f30a 100644
--- a/test/support/pages/LoginPage.ts
+++ b/test/support/pages/LoginPage.ts
@@ -4,4 +4,14 @@ export default class LoginPage {
     cy.get('input[name=password]').clear().type(user.password);
     cy.get('#login_button').click();
   }
+
+  ldapLogin(user: {username: string; password: string}): void {
+    cy.get('[data-cy=ldapusername]').clear().type(user.username);
+    cy.get('[data-cy=ldappassword]').clear().type(user.password);
+    cy.get('[data-cy=ldapLoginButton]').click();
+  }
+
+  switchToLDAPAuth(): void {
+    cy.get('#select-tab-ldap-login').click();
+  }
 }
diff --git a/test/support/verifiers/LoginPageVerifier.ts b/test/support/verifiers/LoginPageVerifier.ts
index 657b9c240c..27b67643cd 100644
--- a/test/support/verifiers/LoginPageVerifier.ts
+++ b/test/support/verifiers/LoginPageVerifier.ts
@@ -5,4 +5,9 @@ export default class LoginPageVerifier {
     cy.get('label[for=email_field]').should('contain', 'Email');
     cy.get('label[for=password_field]').should('contain', 'Password');
   }
+  ldapLoginFormPresent(): void {
+    cy.get('form[name="login_form"]').should('exist');
+    cy.get('label[for=username_field]').should('contain', 'Username');
+    cy.get('label[for=password_field]').should('contain', 'Password');
+  }
 }

From ee7652b24d3c7818e8f9735e72fa840596d15aab Mon Sep 17 00:00:00 2001
From: Camden Moors <cmoors@mitre.org>
Date: Mon, 25 Jan 2021 10:34:36 -0500
Subject: [PATCH 20/34] Create heimdallci network (trying to fix dns problems)

---
 .github/workflows/e2e-ui-tests.yml | 9 +++++++++
 1 file changed, 9 insertions(+)

diff --git a/.github/workflows/e2e-ui-tests.yml b/.github/workflows/e2e-ui-tests.yml
index 0e4f2e693b..2f507b2929 100644
--- a/.github/workflows/e2e-ui-tests.yml
+++ b/.github/workflows/e2e-ui-tests.yml
@@ -20,6 +20,8 @@ jobs:
       LDAP_SEARCHBASE: ou=people,dc=planetexpress,dc=com
       LDAP_SEARCHFILTER: (uid={{username}})
       LDAP_NAMEFIELD: cn
+    networks:
+          - heimdallci
     services:
       postgres:
         image: postgres:latest
@@ -27,10 +29,14 @@ jobs:
           POSTGRES_PASSWORD: postgres
         ports:
           - 5432:5432
+        networks:
+          - heimdallci
       ldap:
         image: rroemhild/test-openldap
         ports:
           - 10389:10389
+        networks:
+          - heimdallci
 
     steps:
       - uses: actions/checkout@v2
@@ -82,3 +88,6 @@ jobs:
         with:
           name: cypress-screenshots
           path: test/screenshots
+
+networks:
+  heimdallci:

From 4468de6a30717cf44e7917f551661c4810f566d9 Mon Sep 17 00:00:00 2001
From: Camden Moors <cmoors@mitre.org>
Date: Mon, 25 Jan 2021 10:38:48 -0500
Subject: [PATCH 21/34] Re-run without custom network

---
 .github/workflows/e2e-ui-tests.yml | 6 ------
 1 file changed, 6 deletions(-)

diff --git a/.github/workflows/e2e-ui-tests.yml b/.github/workflows/e2e-ui-tests.yml
index 2f507b2929..063378f15c 100644
--- a/.github/workflows/e2e-ui-tests.yml
+++ b/.github/workflows/e2e-ui-tests.yml
@@ -20,8 +20,6 @@ jobs:
       LDAP_SEARCHBASE: ou=people,dc=planetexpress,dc=com
       LDAP_SEARCHFILTER: (uid={{username}})
       LDAP_NAMEFIELD: cn
-    networks:
-          - heimdallci
     services:
       postgres:
         image: postgres:latest
@@ -29,14 +27,10 @@ jobs:
           POSTGRES_PASSWORD: postgres
         ports:
           - 5432:5432
-        networks:
-          - heimdallci
       ldap:
         image: rroemhild/test-openldap
         ports:
           - 10389:10389
-        networks:
-          - heimdallci
 
     steps:
       - uses: actions/checkout@v2

From f9b92df9a7e799aa8b5851e550d9c760bb1d2fa7 Mon Sep 17 00:00:00 2001
From: Camden Moors <cmoors@mitre.org>
Date: Mon, 25 Jan 2021 10:40:13 -0500
Subject: [PATCH 22/34] Remove heimdallci network

---
 .github/workflows/e2e-ui-tests.yml | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/.github/workflows/e2e-ui-tests.yml b/.github/workflows/e2e-ui-tests.yml
index 063378f15c..0e4f2e693b 100644
--- a/.github/workflows/e2e-ui-tests.yml
+++ b/.github/workflows/e2e-ui-tests.yml
@@ -82,6 +82,3 @@ jobs:
         with:
           name: cypress-screenshots
           path: test/screenshots
-
-networks:
-  heimdallci:

From e4bb15873a5c295da7c90b7caafbd9d04ba4ea1a Mon Sep 17 00:00:00 2001
From: Camden Moors <cmoors@mitre.org>
Date: Mon, 25 Jan 2021 10:48:51 -0500
Subject: [PATCH 23/34] Print all environment variables (debug)

---
 apps/backend/config/app_config.ts | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/apps/backend/config/app_config.ts b/apps/backend/config/app_config.ts
index 75e4888b6a..aaf45a65ab 100644
--- a/apps/backend/config/app_config.ts
+++ b/apps/backend/config/app_config.ts
@@ -9,6 +9,7 @@ export default class AppConfig {
     console.log('Attempting to read configuration file `.env`!');
     try {
       this.envConfig = dotenv.parse(fs.readFileSync('.env'));
+      console.log(process.env.NODE_ENV);
       console.log('Read config!');
     } catch (error) {
       if (error.code === 'ENOENT') {
@@ -64,8 +65,8 @@ export default class AppConfig {
       dialectOptions: {
         ssl: Boolean(this.get('DATABASE_SSL'))
           ? {
-            rejectUnauthorized: false
-          }
+              rejectUnauthorized: false
+            }
           : false
       },
       ssl: Boolean(this.get('DATABASE_SSL')) || false

From c3bda4f42355fcf419e8d836991b1d1d349e30b7 Mon Sep 17 00:00:00 2001
From: Camden Moors <cmoors@mitre.org>
Date: Mon, 25 Jan 2021 10:53:57 -0500
Subject: [PATCH 24/34] Move LDAP configuration to .env-ci, remove debug

---
 .github/workflows/e2e-ui-tests.yml | 8 --------
 apps/backend/config/app_config.ts  | 1 -
 apps/backend/test/.env-ci          | 8 ++++++++
 3 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/.github/workflows/e2e-ui-tests.yml b/.github/workflows/e2e-ui-tests.yml
index 0e4f2e693b..92491fca43 100644
--- a/.github/workflows/e2e-ui-tests.yml
+++ b/.github/workflows/e2e-ui-tests.yml
@@ -12,14 +12,6 @@ jobs:
     env:
       CYPRESS_TESTING: true
       NODE_ENV: test
-      LDAP_ENABLED: true
-      LDAP_HOST: ldap
-      LDAP_PORT: 10389
-      LDAP_BINDDN: cn=admin,dc=planetexpress,dc=com
-      LDAP_PASSWORD: GoodNewsEveryone
-      LDAP_SEARCHBASE: ou=people,dc=planetexpress,dc=com
-      LDAP_SEARCHFILTER: (uid={{username}})
-      LDAP_NAMEFIELD: cn
     services:
       postgres:
         image: postgres:latest
diff --git a/apps/backend/config/app_config.ts b/apps/backend/config/app_config.ts
index aaf45a65ab..ce0506c4d7 100644
--- a/apps/backend/config/app_config.ts
+++ b/apps/backend/config/app_config.ts
@@ -9,7 +9,6 @@ export default class AppConfig {
     console.log('Attempting to read configuration file `.env`!');
     try {
       this.envConfig = dotenv.parse(fs.readFileSync('.env'));
-      console.log(process.env.NODE_ENV);
       console.log('Read config!');
     } catch (error) {
       if (error.code === 'ENOENT') {
diff --git a/apps/backend/test/.env-ci b/apps/backend/test/.env-ci
index e53e5e703e..5a2414bb49 100644
--- a/apps/backend/test/.env-ci
+++ b/apps/backend/test/.env-ci
@@ -5,3 +5,11 @@ DATABASE_PASSWORD=postgres
 DATABASE_NAME=heimdallts_jest_testing_service_db
 JWT_SECRET=abc123
 NODE_ENV=test
+LDAP_ENABLED=true
+LDAP_HOST=ldap
+LDAP_PORT=10389
+LDAP_BINDDN=cn=admin,dc=planetexpress,dc=com
+LDAP_PASSWORD=GoodNewsEveryone
+LDAP_SEARCHBASE=ou=people,dc=planetexpress,dc=com
+LDAP_SEARCHFILTER=(uid={{username}})
+LDAP_NAMEFIELD=cn

From b6a039e8e3e031caf4ffc9b78b9764183c997f8b Mon Sep 17 00:00:00 2001
From: Camden Moors <cmoors@mitre.org>
Date: Mon, 25 Jan 2021 11:10:38 -0500
Subject: [PATCH 25/34] Set LDAP_HOST to localhost, newline EOF

---
 apps/backend/.env-example | 2 +-
 apps/backend/test/.env-ci | 3 ++-
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/apps/backend/.env-example b/apps/backend/.env-example
index 0b1e02ce3d..c7f3a0d8fc 100644
--- a/apps/backend/.env-example
+++ b/apps/backend/.env-example
@@ -24,4 +24,4 @@ LDAP_SEARCHBASE="<Your LDAP search base>"
 # If you are using Active Directory Users, you probably want "sAMAccountName={{username}}"
 LDAP_SEARCHFILTER="<Your LDAP search filter (if nothing is provided, defaults to (sAMAccountName={{username}})>"
 LDAP_NAMEFIELD="<The field that contains the user's full name (if nothing is provided, defaults to name)>"
-LDAP_MAILFIELD="<The field that contains the user's email (if nothing is provided, defaults to mail)>"
\ No newline at end of file
+LDAP_MAILFIELD="<The field that contains the user's email (if nothing is provided, defaults to mail)>"
diff --git a/apps/backend/test/.env-ci b/apps/backend/test/.env-ci
index 5a2414bb49..dacaea07ee 100644
--- a/apps/backend/test/.env-ci
+++ b/apps/backend/test/.env-ci
@@ -5,8 +5,9 @@ DATABASE_PASSWORD=postgres
 DATABASE_NAME=heimdallts_jest_testing_service_db
 JWT_SECRET=abc123
 NODE_ENV=test
+
 LDAP_ENABLED=true
-LDAP_HOST=ldap
+LDAP_HOST=localhost
 LDAP_PORT=10389
 LDAP_BINDDN=cn=admin,dc=planetexpress,dc=com
 LDAP_PASSWORD=GoodNewsEveryone

From 49bb74fcd1f1973419e80a671350c1f698d53fc9 Mon Sep 17 00:00:00 2001
From: Camden Moors <cmoors@mitre.org>
Date: Tue, 26 Jan 2021 11:26:23 -0500
Subject: [PATCH 26/34] Type loginToLDAP

---
 apps/backend/src/authn/authn.controller.ts | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

diff --git a/apps/backend/src/authn/authn.controller.ts b/apps/backend/src/authn/authn.controller.ts
index acd571a5e0..bfa882568f 100644
--- a/apps/backend/src/authn/authn.controller.ts
+++ b/apps/backend/src/authn/authn.controller.ts
@@ -11,13 +11,17 @@ export class AuthnController {
 
   @UseGuards(LocalAuthGuard)
   @Post('login')
-  async login(@Req() req: Request): Promise<any> {
+  async login(
+    @Req() req: Request
+  ): Promise<{userID: string; accessToken: string}> {
     return this.authnService.login(req.user as User);
   }
 
   @UseGuards(AuthGuard('ldap'))
   @Post('login/ldap')
-  async loginToLDAP(@Req() req: Request): Promise<any> {
+  async loginToLDAP(
+    @Req() req: Request
+  ): Promise<{userID: string; accessToken: string}> {
     return this.authnService.login(req.user as User);
   }
 }

From f9bb87adb62714f10d2c89014dedd0c5e1bd427a Mon Sep 17 00:00:00 2001
From: Camden Moors <cmoors@mitre.org>
Date: Thu, 28 Jan 2021 11:00:34 -0500
Subject: [PATCH 27/34] Allow Oauth/LDAP users to edit their profile without
 password

---
 ...18-add_account_creation_method_to_users.js | 24 +++++++++++++++++++
 apps/backend/src/authn/authn.service.ts       | 10 ++++----
 apps/backend/src/authn/ldap.strategy.ts       |  3 ++-
 apps/backend/src/casl/casl-ability.factory.ts |  3 +++
 apps/backend/src/users/dto/create-user.dto.ts |  5 ++++
 apps/backend/src/users/dto/user.dto.ts        |  2 ++
 apps/backend/src/users/user.model.ts          |  4 ++++
 apps/backend/src/users/users.service.ts       |  1 +
 .../src/components/global/UserModal.vue       | 15 ++++++++----
 apps/frontend/src/store/server.ts             |  2 ++
 apps/frontend/src/views/Login.vue             |  1 -
 apps/frontend/src/views/Signup.vue            |  4 +++-
 libs/interfaces/user/user.interface.ts        |  1 +
 13 files changed, 64 insertions(+), 11 deletions(-)
 create mode 100644 apps/backend/migrations/20210128142318-add_account_creation_method_to_users.js

diff --git a/apps/backend/migrations/20210128142318-add_account_creation_method_to_users.js b/apps/backend/migrations/20210128142318-add_account_creation_method_to_users.js
new file mode 100644
index 0000000000..a2b3be9d87
--- /dev/null
+++ b/apps/backend/migrations/20210128142318-add_account_creation_method_to_users.js
@@ -0,0 +1,24 @@
+'use strict';
+
+const sequelize = require("sequelize");
+
+module.exports = {
+  up: async (queryInterface, Sequelize) => {
+    return queryInterface.sequelize.transaction((t) => {
+      return Promise.all([
+        queryInterface.addColumn('Users', 'creationMethod', {
+          type: sequelize.STRING,
+          defaultValue: 'local'
+        })
+      ])
+    })
+  },
+
+  down: async (queryInterface, Sequelize) => {
+    return queryInterface.sequelize.transaction((t) => {
+      return Promise.all([
+        queryInterface.removeColumn('Users', 'creationMethod', { transaction: t })
+      ])
+    })
+  }
+};
diff --git a/apps/backend/src/authn/authn.service.ts b/apps/backend/src/authn/authn.service.ts
index 180740c6c6..05ab81b329 100644
--- a/apps/backend/src/authn/authn.service.ts
+++ b/apps/backend/src/authn/authn.service.ts
@@ -15,7 +15,7 @@ export class AuthnService {
     private jwtService: JwtService
   ) {}
 
-  async validateUser(email: string, password: string): Promise<any> {
+  async validateUser(email: string, password: string): Promise<User | null> {
     let user: User;
     try {
       user = await this.usersService.findByEmail(email);
@@ -33,8 +33,9 @@ export class AuthnService {
   async validateOrCreateUser(
     email: string,
     firstName: string,
-    lastName: string
-  ): Promise<any> {
+    lastName: string,
+    creationMethod: string
+  ): Promise<User> {
     let user: User;
     try {
       user = await this.usersService.findByEmail(email);
@@ -48,7 +49,8 @@ export class AuthnService {
         lastName: lastName,
         organization: '',
         title: '',
-        role: ''
+        role: 'user',
+        creationMethod: creationMethod
       };
       await this.usersService.create(createUser);
       user = await this.usersService.findByEmail(email);
diff --git a/apps/backend/src/authn/ldap.strategy.ts b/apps/backend/src/authn/ldap.strategy.ts
index 428d429bda..b0aba70f02 100644
--- a/apps/backend/src/authn/ldap.strategy.ts
+++ b/apps/backend/src/authn/ldap.strategy.ts
@@ -37,7 +37,8 @@ export class LDAPStrategy extends PassportStrategy(Strategy, 'ldap') {
         req.user = this.authnService.validateOrCreateUser(
           email,
           firstName,
-          lastName
+          lastName,
+          'ldap'
         );
         return done(null, req.user);
       }
diff --git a/apps/backend/src/casl/casl-ability.factory.ts b/apps/backend/src/casl/casl-ability.factory.ts
index bfc03598dd..46863f485f 100644
--- a/apps/backend/src/casl/casl-ability.factory.ts
+++ b/apps/backend/src/casl/casl-ability.factory.ts
@@ -33,6 +33,9 @@ export class CaslAbilityFactory {
       // Force admins to supply their password when editing their own user.
       cannot(Action.Manage, User, {id: user.id});
     }
+    if (user.creationMethod === 'ldap' || user.creationMethod === 'oauth') {
+      can(Action.UpdateNoPassword, User, {id: user.id});
+    }
     can([Action.Read, Action.Update, Action.Delete], User, {id: user.id});
 
     return build();
diff --git a/apps/backend/src/users/dto/create-user.dto.ts b/apps/backend/src/users/dto/create-user.dto.ts
index f5b6ce9795..b8a9d7b783 100644
--- a/apps/backend/src/users/dto/create-user.dto.ts
+++ b/apps/backend/src/users/dto/create-user.dto.ts
@@ -34,4 +34,9 @@ export class CreateUserDto implements ICreateUser {
   @IsString()
   @IsIn(['user'])
   readonly role!: string;
+
+  @IsNotEmpty()
+  @IsString()
+  @IsIn(['local', 'ldap', 'oauth'])
+  readonly creationMethod!: string;
 }
diff --git a/apps/backend/src/users/dto/user.dto.ts b/apps/backend/src/users/dto/user.dto.ts
index f05041eafd..5f4a8b4725 100644
--- a/apps/backend/src/users/dto/user.dto.ts
+++ b/apps/backend/src/users/dto/user.dto.ts
@@ -11,6 +11,7 @@ export class UserDto implements IUser {
   readonly organization: string | undefined;
   readonly loginCount: number;
   readonly lastLogin: Date | undefined;
+  readonly creationMethod: string;
   readonly createdAt: Date;
   readonly updatedAt: Date;
 
@@ -24,6 +25,7 @@ export class UserDto implements IUser {
     this.organization = user.organization;
     this.loginCount = user.loginCount;
     this.lastLogin = user.lastLogin;
+    this.creationMethod = user.creationMethod;
     this.createdAt = user.createdAt;
     this.updatedAt = user.updatedAt;
   }
diff --git a/apps/backend/src/users/user.model.ts b/apps/backend/src/users/user.model.ts
index 93d20020b8..ec9da21d42 100644
--- a/apps/backend/src/users/user.model.ts
+++ b/apps/backend/src/users/user.model.ts
@@ -69,6 +69,10 @@ export class User extends Model {
   @Column(DataType.STRING)
   role!: string;
 
+  @AllowNull(false)
+  @Column(DataType.STRING)
+  creationMethod!: string;
+
   @CreatedAt
   @AllowNull(false)
   @Column(DataType.DATE)
diff --git a/apps/backend/src/users/users.service.ts b/apps/backend/src/users/users.service.ts
index 146ff8947c..6fd2750a06 100644
--- a/apps/backend/src/users/users.service.ts
+++ b/apps/backend/src/users/users.service.ts
@@ -47,6 +47,7 @@ export class UsersService {
     user.title = createUserDto.title || undefined;
     user.organization = createUserDto.organization || undefined;
     user.role = createUserDto.role;
+    user.creationMethod = createUserDto.creationMethod;
     try {
       user.encryptedPassword = await hash(createUserDto.password, 14);
     } catch {
diff --git a/apps/frontend/src/components/global/UserModal.vue b/apps/frontend/src/components/global/UserModal.vue
index 78561a5578..9f5f086f0e 100644
--- a/apps/frontend/src/components/global/UserModal.vue
+++ b/apps/frontend/src/components/global/UserModal.vue
@@ -64,7 +64,7 @@
             </v-col>
           </v-row>
 
-          <div v-if="!admin">
+          <div v-if="!admin && userInfo.creationMethod === 'local'">
             <v-divider />
             <v-text-field
               id="password_field"
@@ -78,7 +78,10 @@
               @blur="$v.currentPassword.$touch()"
             />
           </div>
-          <v-btn id="toggleChangePassword" @click="changePasswordDialog"
+          <v-btn
+            v-if="userInfo.creationMethod === 'local'"
+            id="toggleChangePassword"
+            @click="changePasswordDialog"
             >Change Password</v-btn
           >
           <div v-show="changePassword">
@@ -142,7 +145,7 @@ import {ServerModule} from '@/store/server';
 import {SnackbarModule} from '@/store/snackbar';
 import {IUser, IUpdateUser} from '@heimdall/interfaces';
 import UserValidatorMixin from '@/mixins/UserValidatorMixin';
-import {required, email, requiredIf, requiredUnless} from 'vuelidate/lib/validators';
+import {required, email, requiredIf} from 'vuelidate/lib/validators';
 import {Prop} from 'vue-property-decorator';
 
 @Component({
@@ -155,7 +158,10 @@ import {Prop} from 'vue-property-decorator';
       }
     },
     currentPassword: {
-      required: requiredUnless('admin')
+      required: requiredIf(function(userInfo){
+        console.log(userInfo)
+        	return (userInfo.role == 'admin')
+        })
     },
     newPassword: {
       required: requiredIf('changePassword')
@@ -182,6 +188,7 @@ export default class UserModal extends Vue {
 
   async updateUserInfo(): Promise<void> {
     this.$v.$touch()
+    console.log(this.$v)
     if (this.userInfo != null && !this.$v.$invalid) {
       var updateUserInfo: IUpdateUser = {
         ...this.userInfo,
diff --git a/apps/frontend/src/store/server.ts b/apps/frontend/src/store/server.ts
index d15a540178..e74b82bac1 100644
--- a/apps/frontend/src/store/server.ts
+++ b/apps/frontend/src/store/server.ts
@@ -48,6 +48,7 @@ class Server extends VuexModule implements IServerState {
     organization: '',
     loginCount: -1,
     lastLogin: undefined,
+    creationMethod: '',
     createdAt: new Date(),
     updatedAt: new Date()
   };
@@ -166,6 +167,7 @@ class Server extends VuexModule implements IServerState {
     email: string;
     password: string;
     passwordConfirmation: string;
+    creationMethod: string;
   }) {
     return axios.post('/users', userInfo);
   }
diff --git a/apps/frontend/src/views/Login.vue b/apps/frontend/src/views/Login.vue
index 194e8e3246..0f2aed1f02 100644
--- a/apps/frontend/src/views/Login.vue
+++ b/apps/frontend/src/views/Login.vue
@@ -59,7 +59,6 @@ const lastLoginTab = new LocalStorageVal<string>('login_curr_tab');
   }
 })
 export default class Login extends Vue {
-  username: string = '';
   activeTab: string = lastLoginTab.get_default('logintab-standard')
 
   mounted() {
diff --git a/apps/frontend/src/views/Signup.vue b/apps/frontend/src/views/Signup.vue
index 84fb9deec7..a349ea3b7d 100644
--- a/apps/frontend/src/views/Signup.vue
+++ b/apps/frontend/src/views/Signup.vue
@@ -113,6 +113,7 @@ export interface SignupHash {
   password: string;
   passwordConfirmation: string;
   role: string;
+  creationMethod: string;
 }
 
 @Component({
@@ -148,7 +149,8 @@ export default class Signup extends Vue {
         email: this.email,
         password: this.password,
         passwordConfirmation: this.passwordConfirmation,
-        role: 'user'
+        role: 'user',
+        creationMethod: 'local'
       };
 
       ServerModule.Register(creds)
diff --git a/libs/interfaces/user/user.interface.ts b/libs/interfaces/user/user.interface.ts
index 85faeaab73..0dda577630 100644
--- a/libs/interfaces/user/user.interface.ts
+++ b/libs/interfaces/user/user.interface.ts
@@ -8,6 +8,7 @@ export interface IUser {
   readonly organization: string | undefined;
   readonly loginCount: number;
   readonly lastLogin: Date | undefined;
+  readonly creationMethod: string;
   readonly createdAt: Date;
   readonly updatedAt: Date;
 }

From 8e76c1320b9180a1bd09401aea42037e7cb67382 Mon Sep 17 00:00:00 2001
From: Camden Moors <cmoors@mitre.org>
Date: Thu, 28 Jan 2021 11:13:22 -0500
Subject: [PATCH 28/34] Add creationMethod to test constants

---
 apps/backend/test/constants/users-test.constant.ts | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/apps/backend/test/constants/users-test.constant.ts b/apps/backend/test/constants/users-test.constant.ts
index 390039a228..82834ea94f 100644
--- a/apps/backend/test/constants/users-test.constant.ts
+++ b/apps/backend/test/constants/users-test.constant.ts
@@ -211,7 +211,8 @@ export const CREATE_USER_DTO_TEST_OBJ: CreateUserDto = {
   lastName: 'Dummy',
   title: 'fake title',
   organization: 'Fake Org',
-  role: 'user'
+  role: 'user',
+  creationMethod: 'local'
 };
 
 export const CREATE_ADMIN_DTO: CreateUserDto = {
@@ -222,7 +223,8 @@ export const CREATE_ADMIN_DTO: CreateUserDto = {
   lastName: 'Dummy',
   title: 'Admin',
   organization: 'Fake Org',
-  role: 'admin'
+  role: 'admin',
+  creationMethod: 'local'
 };
 
 export const CREATE_SECOND_ADMIN_DTO: CreateUserDto = {
@@ -238,7 +240,8 @@ export const CREATE_USER_DTO_TEST_OBJ_2: CreateUserDto = {
   lastName: 'Dummy',
   title: 'fake title',
   organization: 'Fake Org',
-  role: 'user'
+  role: 'user',
+  creationMethod: 'local'
 };
 
 export const CREATE_USER_DTO_TEST_OBJ_WITH_UNMATCHING_PASSWORDS: CreateUserDto = {
@@ -249,7 +252,8 @@ export const CREATE_USER_DTO_TEST_OBJ_WITH_UNMATCHING_PASSWORDS: CreateUserDto =
   lastName: 'Dummy',
   title: 'fake title',
   organization: 'Fake Org',
-  role: 'user'
+  role: 'user',
+  creationMethod: 'local'
 };
 
 // @ts-ignore

From 5a6b16878a548e3867f363f13e138d522ec4929d Mon Sep 17 00:00:00 2001
From: Camden Moors <cmoors@mitre.org>
Date: Thu, 28 Jan 2021 11:24:19 -0500
Subject: [PATCH 29/34] Add creationMethod to api doc, add creationMethod to
 all CREATE_USER constants

---
 README.md                                     |  2 +-
 .../test/constants/users-test.constant.ts     | 27 ++++++++++++-------
 2 files changed, 19 insertions(+), 10 deletions(-)

diff --git a/README.md b/README.md
index f9a8855f32..e0e363028a 100644
--- a/README.md
+++ b/README.md
@@ -157,7 +157,7 @@ Proper API documentation does not exist yet. In the meantime here are quick inst
 
 ```sh
 # Create a user (only needs to be done once)
-curl -X POST -H "Content-Type: application/json" -d '{"email": "user@example.com", "password": "password", "passwordConfirmation": "password", "role": "user" }' http://localhost:3000/users
+curl -X POST -H "Content-Type: application/json" -d '{"email": "user@example.com", "password": "password", "passwordConfirmation": "password", "role": "user", "creationMethod": "local" }' http://localhost:3000/users
 # Log in
 curl -X POST -H "Content-Type: application/json" -d '{"email": "user@example.com", "password": "password" }' http://localhost:3000/authn/login
 # The previous command returns a Bearer Token that needs to get placed in the following command
diff --git a/apps/backend/test/constants/users-test.constant.ts b/apps/backend/test/constants/users-test.constant.ts
index 82834ea94f..aab9c26a96 100644
--- a/apps/backend/test/constants/users-test.constant.ts
+++ b/apps/backend/test/constants/users-test.constant.ts
@@ -264,7 +264,8 @@ export const CREATE_USER_DTO_TEST_OBJ_WITH_MISSING_FIRST_NAME: CreateUserDto = {
   lastName: 'Dummy',
   title: 'fake title',
   organization: 'Fake Org',
-  role: 'user'
+  role: 'user',
+  creationMethod: 'local'
 };
 
 // @ts-ignore
@@ -275,7 +276,8 @@ export const CREATE_USER_DTO_TEST_OBJ_WITH_MISSING_LAST_NAME: CreateUserDto = {
   firstName: 'Test',
   title: 'fake title',
   organization: 'Fake Org',
-  role: 'user'
+  role: 'user',
+  creationMethod: 'local'
 };
 
 // @ts-ignore
@@ -286,7 +288,8 @@ export const CREATE_USER_DTO_TEST_OBJ_WITH_MISSING_ORGANIZATION: CreateUserDto =
   firstName: 'Test',
   lastName: 'Dummy',
   title: 'fake title',
-  role: 'user'
+  role: 'user',
+  creationMethod: 'local'
 };
 
 // @ts-ignore
@@ -297,7 +300,8 @@ export const CREATE_USER_DTO_TEST_OBJ_WITH_MISSING_TITLE: CreateUserDto = {
   firstName: 'Test',
   lastName: 'Dummy',
   organization: 'Fake Org',
-  role: 'user'
+  role: 'user',
+  creationMethod: 'local'
 };
 
 // @ts-ignore
@@ -308,7 +312,8 @@ export const CREATE_USER_DTO_TEST_OBJ_WITH_MISSING_EMAIL_FIELD: CreateUserDto =
   lastName: 'Dummy',
   title: 'fake title',
   organization: 'Fake Org',
-  role: 'user'
+  role: 'user',
+  creationMethod: 'local'
 };
 
 // @ts-ignore
@@ -320,7 +325,8 @@ export const CREATE_USER_DTO_TEST_OBJ_WITH_INVALID_EMAIL_FIELD: CreateUserDto =
   lastName: 'Dummy',
   title: 'fake title',
   organization: 'Fake Org',
-  role: 'user'
+  role: 'user',
+  creationMethod: 'local'
 };
 
 // @ts-ignore
@@ -331,7 +337,8 @@ export const CREATE_USER_DTO_TEST_OBJ_WITH_MISSING_PASSWORD_FIELD: CreateUserDto
   lastName: 'Dummy',
   title: 'fake title',
   organization: 'Fake Org',
-  role: 'user'
+  role: 'user',
+  creationMethod: 'local'
 };
 
 // @ts-ignore
@@ -342,7 +349,8 @@ export const CREATE_USER_DTO_TEST_OBJ_WITH_MISSING_PASSWORD_CONFIRMATION_FIELD:
   lastName: 'Dummy',
   title: 'fake title',
   organization: 'Fake Org',
-  role: 'user'
+  role: 'user',
+  creationMethod: 'local'
 };
 
 // @ts-ignore
@@ -365,7 +373,8 @@ export const CREATE_USER_DTO_TEST_OBJ_WITH_INVALID_PASSWORD: CreateUserDto = {
   lastName: 'Dummy',
   title: 'fake title',
   organization: 'Fake Org',
-  role: 'user'
+  role: 'user',
+  creationMethod: 'local'
 };
 
 export const UPDATE_USER_DTO_TEST_OBJ: UpdateUserDto = {

From 01737c930d6ead0dcb240861a48ecab6b035c9d7 Mon Sep 17 00:00:00 2001
From: Camden Moors <cmoors@mitre.org>
Date: Thu, 28 Jan 2021 11:48:44 -0500
Subject: [PATCH 30/34] Remove debug

---
 apps/frontend/src/components/global/UserModal.vue | 1 -
 1 file changed, 1 deletion(-)

diff --git a/apps/frontend/src/components/global/UserModal.vue b/apps/frontend/src/components/global/UserModal.vue
index 9f5f086f0e..8fc296be11 100644
--- a/apps/frontend/src/components/global/UserModal.vue
+++ b/apps/frontend/src/components/global/UserModal.vue
@@ -159,7 +159,6 @@ import {Prop} from 'vue-property-decorator';
     },
     currentPassword: {
       required: requiredIf(function(userInfo){
-        console.log(userInfo)
         	return (userInfo.role == 'admin')
         })
     },

From e4b8b6c1226bdb04c2050e4cf94f36aa4ab3efde Mon Sep 17 00:00:00 2001
From: Camden Moors <cmoors@mitre.org>
Date: Thu, 28 Jan 2021 11:49:47 -0500
Subject: [PATCH 31/34] Remove all debug

---
 apps/frontend/src/components/global/UserModal.vue | 1 -
 1 file changed, 1 deletion(-)

diff --git a/apps/frontend/src/components/global/UserModal.vue b/apps/frontend/src/components/global/UserModal.vue
index 8fc296be11..e04a13f6a3 100644
--- a/apps/frontend/src/components/global/UserModal.vue
+++ b/apps/frontend/src/components/global/UserModal.vue
@@ -187,7 +187,6 @@ export default class UserModal extends Vue {
 
   async updateUserInfo(): Promise<void> {
     this.$v.$touch()
-    console.log(this.$v)
     if (this.userInfo != null && !this.$v.$invalid) {
       var updateUserInfo: IUpdateUser = {
         ...this.userInfo,

From 3dfe2113aa3e58318cfaad56a9d88a88d6ab7f63 Mon Sep 17 00:00:00 2001
From: Camden Moors <cmoors@mitre.org>
Date: Thu, 28 Jan 2021 14:05:15 -0500
Subject: [PATCH 32/34] Disabled changing user info for LDAP users, update user
 info on login

---
 apps/backend/src/authn/authn.service.ts       |  7 +++++
 apps/backend/src/casl/casl-ability.factory.ts |  3 --
 .../src/components/global/UserModal.vue       | 28 ++++++++++++++++---
 3 files changed, 31 insertions(+), 7 deletions(-)

diff --git a/apps/backend/src/authn/authn.service.ts b/apps/backend/src/authn/authn.service.ts
index 05ab81b329..79292029bb 100644
--- a/apps/backend/src/authn/authn.service.ts
+++ b/apps/backend/src/authn/authn.service.ts
@@ -57,6 +57,13 @@ export class AuthnService {
     }
 
     if (user) {
+      // If the users info has changed since they last logged in it will be reflected here.
+      // Because we find the user by their email, we can't detect a change in email.
+      if (user.firstName != firstName || user.lastName !== lastName) {
+        user.firstName = firstName;
+        user.lastName = lastName;
+        user.save();
+      }
       this.usersService.updateLoginMetadata(user);
     }
 
diff --git a/apps/backend/src/casl/casl-ability.factory.ts b/apps/backend/src/casl/casl-ability.factory.ts
index 46863f485f..bfc03598dd 100644
--- a/apps/backend/src/casl/casl-ability.factory.ts
+++ b/apps/backend/src/casl/casl-ability.factory.ts
@@ -33,9 +33,6 @@ export class CaslAbilityFactory {
       // Force admins to supply their password when editing their own user.
       cannot(Action.Manage, User, {id: user.id});
     }
-    if (user.creationMethod === 'ldap' || user.creationMethod === 'oauth') {
-      can(Action.UpdateNoPassword, User, {id: user.id});
-    }
     can([Action.Read, Action.Update, Action.Delete], User, {id: user.id});
 
     return build();
diff --git a/apps/frontend/src/components/global/UserModal.vue b/apps/frontend/src/components/global/UserModal.vue
index e04a13f6a3..192c2b45a0 100644
--- a/apps/frontend/src/components/global/UserModal.vue
+++ b/apps/frontend/src/components/global/UserModal.vue
@@ -5,8 +5,10 @@
     <template #activator="{on, attrs}">
       <slot name="clickable" :on="on" :attrs="attrs" />
     </template>
-
-    <v-card>
+    <v-banner v-if="update_unavailable" icon="mdi-alert" color="warning">
+      Some of the settings are managed by your idenity provider.
+    </v-banner>
+    <v-card class="rounded-t-0">
       <v-card-title
         data-cy="userModalTitle"
         class="headline grey"
@@ -24,6 +26,7 @@
               <v-text-field
                 id="firstName"
                 v-model="userInfo.firstName"
+                :disabled="update_unavailable"
                 label="First Name"
               />
             </v-col>
@@ -31,6 +34,7 @@
               <v-text-field
                 id="lastName"
                 v-model="userInfo.lastName"
+                :disabled="update_unavailable"
                 label="Last Name"
               />
             </v-col>
@@ -40,6 +44,7 @@
               <v-text-field
                 id="email_field"
                 v-model="userInfo.email"
+                :disabled="update_unavailable"
                 :error-messages="emailErrors($v.userInfo.email)"
                 label="Email"
                 type="text"
@@ -53,12 +58,18 @@
           </v-row>
           <v-row>
             <v-col>
-              <v-text-field id="title" v-model="userInfo.title" label="Title" />
+              <v-text-field
+                id="title"
+                v-model="userInfo.title"
+                :disabled="update_unavailable"
+                label="Title"
+              />
             </v-col>
             <v-col>
               <v-text-field
                 id="organization"
                 v-model="userInfo.organization"
+                :disabled="update_unavailable"
                 label="Organization"
               />
             </v-col>
@@ -70,6 +81,7 @@
               id="password_field"
               ref="password"
               v-model="currentPassword"
+              :disabled="update_unavailable"
               :error-messages="
                 requiredFieldError($v.currentPassword, 'Current Password')
               "
@@ -81,6 +93,7 @@
           <v-btn
             v-if="userInfo.creationMethod === 'local'"
             id="toggleChangePassword"
+            :disabled="update_unavailable"
             @click="changePasswordDialog"
             >Change Password</v-btn
           >
@@ -89,6 +102,7 @@
               id="new_password_field"
               ref="newPassword"
               v-model="newPassword"
+              :disabled="update_unavailable"
               :error-messages="
                 requiredFieldError($v.newPassword, 'New Password')
               "
@@ -101,6 +115,7 @@
               id="repeat_password_field"
               ref="repeatPassword"
               v-model="passwordConfirmation"
+              :disabled="update_unavailable"
               :error-messages="
                 requiredFieldError($v.passwordConfirmation, 'Repeat Password')
               "
@@ -129,6 +144,7 @@
             id="closeAndSaveChanges"
             color="primary"
             text
+            :disabled="update_unavailable"
             @click="updateUserInfo"
             >Save Changes</v-btn
           >
@@ -159,7 +175,7 @@ import {Prop} from 'vue-property-decorator';
     },
     currentPassword: {
       required: requiredIf(function(userInfo){
-        	return (userInfo.role == 'admin')
+        	return (userInfo.user.role == 'admin')
         })
     },
     newPassword: {
@@ -234,6 +250,10 @@ export default class UserModal extends Vue {
     this.changePassword = !this.changePassword
   }
 
+  get update_unavailable() {
+    return this.userInfo.creationMethod == 'ldap';
+  }
+
   get title(): string {
     if(this.admin) {
       return `Update account information for ${this.user.email}`

From f2e7fa958d695183cc93679b8ea467b2269e7c93 Mon Sep 17 00:00:00 2001
From: Camden Moors <cmoors@mitre.org>
Date: Thu, 28 Jan 2021 14:46:37 -0500
Subject: [PATCH 33/34] != !=(?) !==

---
 apps/backend/src/authn/authn.service.ts | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/backend/src/authn/authn.service.ts b/apps/backend/src/authn/authn.service.ts
index 79292029bb..3a24884c90 100644
--- a/apps/backend/src/authn/authn.service.ts
+++ b/apps/backend/src/authn/authn.service.ts
@@ -59,7 +59,7 @@ export class AuthnService {
     if (user) {
       // If the users info has changed since they last logged in it will be reflected here.
       // Because we find the user by their email, we can't detect a change in email.
-      if (user.firstName != firstName || user.lastName !== lastName) {
+      if (user.firstName !== firstName || user.lastName !== lastName) {
         user.firstName = firstName;
         user.lastName = lastName;
         user.save();

From fe6d2b85100a138b06293925958756571de15638 Mon Sep 17 00:00:00 2001
From: Camden Moors <66680985+camdenmoors@users.noreply.github.com>
Date: Mon, 1 Feb 2021 12:59:08 -0500
Subject: [PATCH 34/34] Fix identity

---
 apps/frontend/src/components/global/UserModal.vue | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/apps/frontend/src/components/global/UserModal.vue b/apps/frontend/src/components/global/UserModal.vue
index 192c2b45a0..d715aaa232 100644
--- a/apps/frontend/src/components/global/UserModal.vue
+++ b/apps/frontend/src/components/global/UserModal.vue
@@ -6,7 +6,7 @@
       <slot name="clickable" :on="on" :attrs="attrs" />
     </template>
     <v-banner v-if="update_unavailable" icon="mdi-alert" color="warning">
-      Some of the settings are managed by your idenity provider.
+      Some of the settings are managed by your identity provider.
     </v-banner>
     <v-card class="rounded-t-0">
       <v-card-title