ACM OID Definitions

The JHU ACM has been allocated an OID prefix of 1.3.6.1.4.1.25929 for our use. We have defined the following arcs underneath that prefix:

LDAP

In general, LDAP has some shorthands to refer to its names:

objectIdentifier acmROOT        1.3.6.1.4.1.25929
objectIdentifier acmLDAP        acmROOT:42
objectIdentifier acmAttrs       acmLDAP:1
objectIdentifier acmObCls       acmLDAP:2
objectIdentifier acmSyns        acmLDAP:3

LDAP for Plan 9

Definitions are as follows, in OpenLDAP configuration language:

attributetype ( acmAttrs:1 NAME 'jhuacmplan9secret'
        DESC 'Plan 9 Secret cleartext'
        EQUALITY caseExactMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )

objectclass ( acmObCls:1 NAME 'jhuacmp9mixin'
        DESC 'Plan 9 mixin object class'
        AUXILIARY
        MAY jhuacmplan9secret )

It is anticipated that ACLs should be given to this attribute along the lines of:

access to attrs=jhuacmplan9secret
    by dn="cn=proxyagent,dc=acm,dc=jhu,dc=edu" read
    by anonymous auth
    by self write
    by * none

LDAP for Door Control

attributetype ( acmAttrs:2 NAME 'jhuacmDoorCard'
        DESC 'Door swipe entry card hash'
        EQUALITY caseExactMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

attributetype ( acmAttrs:4 NAME 'jhuacmDoorCardComment'
        DESC 'Comments about an an entry\27s jhuacmDoorCards (perhaps to say which one is which card)'
        EQUALITY caseExactMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )

objectclass ( acmObCls:2 NAME 'jhuacmDoorMixin'
        DESC 'Door card database entry'
        AUXILIARY
        MAY ( jhuacmDoorCard $ jhuacmDoorCardComment ) )

attributetype ( acmAttrs:5 NAME 'jhuacmFelicaIdm'
        DESC 'Janus - card contactless Felica IDm'
        EQUALITY caseExactMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
        SINGLE-VALUE )

objectclass ( acmObCls:6 NAME 'jhuacmFelicaMixin'
        DESC 'Janus - card contactless Felica IDm (mixin)'
        AUXILIARY
        MAY ( jhuacmFelicaIdm ) )

LDAP for OpenStack Integration

attributetype ( acmAttrs:3 NAME 'jhuacmOpenStackEnabled'
        DESC 'Indicates whether an account is enabled for OpenStack'
        EQUALITY booleanMatch
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )

objectclass ( acmObCls:3 NAME 'jhuacmOpenStackUser'
        DESC 'Generic holder for user accounts in OpenStack, so as not to mix with posix user accounts'
        AUXILIARY
        MUST ( cn $ uid $ jhuacmOpenStackEnabled )
        MAY description
        )

LDAP Group Fixup

objectclass ( acmObCls:4 NAME 'jhuacmGroupOfNames'
              DESC 'Tweak RFC2256'
              SUP top
              STRUCTURAL MUST ( cn )
              MAY ( member $ businessCategory $ seeAlso $ owner $ ou $ o $ description )
            )

Kerberos Instance

We sometimes want to refer to kerberos instances as objects in the database, most often for access control. There does not seem to be a standard way to do this, so we define our own object class. The mapping to Kerberos is ${uid}/${cn}; the realm is determined by dc components of the object’s name, as is typical.

objectclass ( acmObCls:5 NAME 'jhuacmKerberosInstance'
        DESC 'A kerberos instance: uid/cn'
        SUP top
        STRUCTURAL MUST ( cn $ uid ) )

SNMP

If the ACM ever has a need to define its own SNMP MIB entries, they go under 1.3.6.1.4.1.25929.666. (You can probably guess the sysadmins’ general opinion of SNMP from this.) Any resulting MIBs will be available somewhere in AFS.

Experimental and temporary OIDs

Under 1.3.6.1.4.1.25929.1337, all bets are off. Things can be temporarily defined here for experiments or things under development that might change suddenly and in incompatible ways over time. Don’t even think of relying on anything in there.

When we commit to the way something in here will be for the future, it will be moved to the appropriate arc.