#
# pagent_oc.conf
#
# This file contains objectclass definitions to be defined in
# an LDAP server for Quality of Service (QOS) and Intrusion Detection
# Services (IDS) policies.
#
# The ibm-policy object class is an abstract class which is used as the
# root of all policy related structural classes. This class applies to
# version 3 policies.
objectclass ibm-policy
requires
objectClass
allows
cn,
ibm-policyKeywords,
description
# The ibm-policyGroup object class is a structural subclass of
# ibm-policy that acts as a container for either a set of related
# policy rules or a set of related policy groups (e.g., groups imbedded
# within a group). An ibm-policyGroup object can use either the
# ibm-policyRulesAuxContainedSet or ibm-policyGroupsAuxContainedSet
# pointer to realize this containment.
objectclass ibm-policyGroup
requires
objectClass,
ibm-policyGroupName
allows
ibm-policyGroupsAuxContainedSet,
ibm-policyRulesAuxContainedSet,
ibm-policyGroupKeywords,
cn,
ibm-policyKeywords,
description
# The ibm-policyRule object class is a structural subclass of
# ibm-policy that represents the "If Condition then Action" semantic
# associated with a policy. The set of conditions (e.g., source IP
# address ranges, source port numbers etc.) are either included directly
# into an ibm-policyRule object (i.e., a simple rule) or pointed to by
# the ibm-policyRuleConditionList or ibm-policyRuleConditionListDN
# attribute (i.e., a complex rule).
objectclass ibm-policyRule
requires
objectClass,
ibm-policyRuleName
allows
ibm-policyRuleEnabled,
ibm-policyRuleConditionListType,
ibm-policyRuleConditionList,
ibm-policyRuleConditionListDN,
ibm-policyRuleActionList,
ibm-policyRuleActionListDN,
ibm-policyRuleValidityPeriodList,
ibm-policyRuleKeywords,
ibm-policyRuleUsage,
ibm-policyRulePriority,
ibm-policyRuleMandatory,
ibm-policyRuleSequencedActions,
ibm-policyRoles,
cn,
ibm-policyKeywords,
description
# The ibm-policyRuleConditionAssociation object class is a structural
# subclass of ibm-policy that represents policy condition objects. The
# policy conditions themselves are represented by auxiliary subclasses
# of the auxiliary class ibm-policyConditionAuxClass. These auxiliary
# classes are attached directly to instances of the class
# ibm-policyRuleConditionAssociation for rule-specific conditions. For
# reusable conditions, the auxiliary classes are attached to instances
# of the class ibm-policyInstance or ibm-policyConditionInstance. This
# class applies to version 3 policies.
objectclass ibm-policyRuleConditionAssociation
requires
objectClass,
ibm-policyConditionName,
ibm-policyConditionGroupNumber,
ibm-policyConditionNegated
allows
ibm-policyConditionDN,
cn,
ibm-policyKeywords,
description
# The ibm-policyRuleActionAssociation object class is a structural
# subclass of ibm-policy that represents policy action objects. The
# policy actions themselves are represented by auxiliary subclasses of
# the auxiliary class ibm-policyActionAuxClass. These auxiliary classes
# are attached directly to instances of the class
# ibm-policyRuleActionAssociation for rule-specific actions. For
# reusable actions, the auxiliary classes are attached to instances of
# the class ibm-policyInstance or ibm-policyActionInstance. This class
# applies to version 3 policies.
objectclass ibm-policyRuleActionAssociation
requires
objectClass,
ibm-policyActionName,
ibm-policyActionOrder
allows
ibm-policyActionDN,
cn,
ibm-policyKeywords,
description
# The ibm-policyInstance object class is a structural subclass of
# ibm-policy that represents either policy condition or policy action
# objects. The policy conditions or actions themselves are represented
# by auxiliary subclasses of the auxiliary class
# ibm-policyConditionAuxClass or ibm-policyActionAuxClass. These
# auxiliary classes are attached directly to instances of the class
# ibm-policyRuleConditionAssociation or ibm-policyRuleActionAssociation
# for rule-specific conditions or actions. For reusable conditions or
# actions, the auxiliary classes are attached to instances of the class
# ibm-policyInstance, ibm-policyConditionInstance or
# ibm-policyActionInstance. This class applies to version 3 policies.
objectclass ibm-policyInstance
requires
objectClass
allows
ibm-policyInstanceName,
cn,
ibm-policyKeywords,
description
# The ibm-policyConditionInstance object class is a structural subclass
# of ibm-policyInstance that represents policy condition objects. The
# policy conditions themselves are represented by auxiliary subclasses
# of the auxiliary class ibm-policyConditionAuxClass. These auxiliary
# classes are attached directly to instances of the class
# ibm-policyRuleConditionAssociation for rule-specific conditions. For
# reusable conditions, the auxiliary classes are attached to instances
# of the class ibm-policyInstance or ibm-policyConditionInstance. This
# class applies to version 3 policies.
objectclass ibm-policyConditionInstance
requires
objectClass
allows
ibm-policyInstanceName,
ibm-policyConditionName,
cn,
ibm-policyKeywords,
description
# The ibm-policyActionInstance object class is a structural subclass
# of ibm-policyInstance that represents policy action objects. The
# policy actions themselves are represented by auxiliary subclasses
# of the auxiliary class ibm-policyActionAuxClass. These auxiliary
# classes are attached directly to instances of the class
# ibm-policyRuleActionAssociation for rule-specific actions. For
# reusable actions, the auxiliary classes are attached to instances of
# the class ibm-policyInstance or ibm-policyActionInstance. This class
# applies to version 3 policies.
objectclass ibm-policyActionInstance
requires
objectClass
allows
ibm-policyInstanceName,
ibm-policyActionName,
cn,
ibm-policyKeywords,
description
# The ibm-policyCondition object class is a structural subclass of
# ibm-policy that represents a condition to be evaluated in conjunction
# with a policy rule object (i.e., "If Condition then Action" semantic).
# The actual conditions are contained in subclasses of this class.
# This class applies to version 2 policies.
objectclass ibm-policyCondition
requires
objectClass,
ibm-policyConditionName
allows
cn,
ibm-policyKeywords,
description
# The ibm-policyTimePeriodCondition object class is a structural
# subclass of ibm-policyCondition that represents the time periods
# during which a policy rule is active, to be evaluated in conjunction
# with a policy rule. The ibm-policyTimePeriodCondition object can only
# be referenced within a policy rule object. This class applies to
# version 2 policies.
objectclass ibm-policyTimePeriodCondition
requires
objectClass,
ibm-policyConditionName
allows
ibm-ptpConditionTime,
ibm-ptpConditionMonthOfYearMask,
ibm-ptpConditionDayOfMonthMask,
ibm-ptpConditionDayOfWeekMask,
ibm-ptpConditionTimeOfDayMask,
ibm-ptpConditionTimeZone,
cn,
ibm-policyKeywords,
description
# The ibm-networkingPolicyCondition object class is a structural subclass
# of ibm-policyCondition that represents a set of networking related
# conditions to be evaluated in conjunction with a policy rule object.
# The networking conditions themselves are represented by the auxiliary
# subclasses ibm-routeConditionAuxClass, ibm-hostConditionAuxClass, and
# ibm-applicationConditionAuxClass, which are attached to this class.
# This class applies to version 2 policies.
objectclass ibm-networkingPolicyCondition
requires
objectClass,
ibm-policyConditionName
allows
cn,
ibm-policyKeywords,
description
# The ibm-policyAction object class is a structural subclass of
# ibm-policy that represents an action to be performed as a result of
# evaluation of a policy rule (e.g., the "If Condition then Action"
# representation). The actions themselves are contained in the
# ibm-serviceCategories subclass. This class applies to version 2
# policies.
objectclass ibm-policyAction
requires
objectClass,
ibm-policyActionName
allows
cn,
ibm-policyKeywords,
description
# The ibm-serviceCategories object class is a structural subclass of
# ibm-policyAction that contains a set of Quality of Service (QoS)
# attributes to apply to a flow of IP packets, identified by a policy
# rule condition, as they traverse the network. This class applies to
# version 2 policies.
objectclass ibm-serviceCategories
requires
objectClass,
ibm-policyActionName
allows
ibm-PolicyScope,
ibm-Permission,
ibm-MaxRate,
ibm-MinRate,
ibm-MaxDelay,
ibm-OutgoingTOS,
ibm-MaxConnections,
ibm-Interface,
ibm-DiffServInProfileRate,
ibm-DiffServInProfilePeakRate,
ibm-DiffServInProfileTokenBucket,
ibm-DiffServInProfileMaxPacketSize,
ibm-DiffServOutProfileTransmittedTOSByte,
ibm-DiffServExcessTrafficTreatment,
ibm-FlowServiceType,
ibm-MaxRatePerFlow,
ibm-MaxTokenBucketPerFlow,
ibm-MaxFlows,
cn,
ibm-policyKeywords,
description
# The ibm-policyElementAuxClass object class is an auxiliary subclass of
# ibm-policy that is used to "tag" an instance of a class defined outside
# the realm of policy as being nevertheless relevant to a policy
# specification. Every instance to which this class is attached becomes
# an instance of the ibm-policy class. This class applies to version 3
# policies.
objectclass ibm-policyElementAuxClass
requires
objectClass
allows
cn,
ibm-policyKeywords,
description
# The ibm-policyConditionAuxClass object class is an auxiliary class that
# represents a condition to be evaluated in conjunction with a policy
# rule object (i.e., "If Condition then Action" semantic). It is
# attached directly to an instance of ibm-policyRuleConditionAssociation
# or ibm-policyRule for rule-specific conditions, or to an instance of
# ibm-policyInstance or ibm-policyConditionInstance for reusable
# conditions. The actual conditions are represented by auxiliary
# subclasses of this class. This class applies to version 3 policies.
objectclass ibm-policyConditionAuxClass
requires
objectClass
# The ibm-policyTimePeriodConditionAuxClass object class is an
# auxiliary subclass of ibm-policyConditionAuxClass that represents the
# time periods during which a policy rule is active, to be evaluated in
# conjunction with a policy rule. This class applies to version 3
# policies.
objectclass ibm-policyTimePeriodConditionAuxClass
requires
objectClass
allows
ibm-ptpConditionTime,
ibm-ptpConditionMonthOfYearMask,
ibm-ptpConditionDayOfMonthMask,
ibm-ptpConditionDayOfWeekMask,
ibm-ptpConditionTimeOfDayMask,
ibm-ptpConditionTimeZone,
ibm-ptpConditionLocalOrUtcTime
# The ibm-networkingPolicyConditionAuxClass object class is an auxiliary
# subclass of ibm-policyConditionAuxClass that represents a set of
# networking related conditions to be evaluated in conjunction with a
# policy rule object. The networking conditions themselves are
# represented by the auxiliary subclasses ibm-routeConditionAuxClass,
# ibm-hostConditionAuxClass, and ibm-applicationConditionAuxClass.
# This class applies to version 3 policies.
objectclass ibm-networkingPolicyConditionAuxClass
requires
objectClass
# The ibm-routeConditionAuxClass object class is an auxiliary subclass
# of ibm-networkingPolicyConditionAuxClass that represents the routing
# of an entity (e.g., a packet) to be evaluated in conjunction with a
# policy rule.
objectclass ibm-routeConditionAuxClass
requires
objectClass
allows
ibm-interface
# The ibm-ToSConditionAuxClass object class is an auxiliary subclass
# of ibm-routeConditionAuxClass that contains Type of Service (ToS) or
# Differentiated Services (DS) field parameters to be evaluated as part
# of a policy rule.
objectclass ibm-ToSConditionAuxClass
requires
objectClass
allows
ibm-IncomingTOS
# The ibm-hostConditionAuxClass object class is an auxiliary subclass
# of ibm-networkingPolicyConditionAuxClass that represents the
# communicating end hosts (e.g., IP addresses) to be evaluated in
# conjunction with a policy rule.
objectclass ibm-hostConditionAuxClass
requires
objectClass
allows
ibm-sourceIPAddressRange,
ibm-destinationIPAddressRange,
ibm-serverDomainName
# The ibm-applicationConditionAuxClass object class is an auxiliary
# subclass of ibm-networkingPolicyConditionAuxClass that represents the
# nature of the application (e.g., port 21, FTPD) and the transport
# entity (e.g., TCP) to be evaluated in conjunction with a policy rule.
objectclass ibm-applicationConditionAuxClass
requires
objectClass
allows
ibm-sourcePortRange,
ibm-destinationPortRange,
ibm-protocolNumberRange,
ibm-applicationName,
ibm-applicationData,
ibm-applicationPriority
# The ibm-userconditionAuxClass object class is an auxiliary
# subclass of ibm-networkingPolicyConditionAuxClass that represents the
# characteristics of the user that requests the service.
objectclass ibm-userConditionAuxClass
requires
objectClass
allows
ibm-userNameId,
ibm-userQoSGroup
# The ibm-idsConditionAuxClass object class is an auxiliary subclass of
# ibm-policyConditionAuxClass. It represents conditions that must be
# true for Intrusion Detection Services (IDS) policy rules. This class
# applies to version 3 policies.
objectclass ibm-idsConditionAuxClass
requires
objectClass,
ibm-idsConditionType
allows
description
# The ibm-idsAttackConditionAuxClass object class is an auxiliary
# subclass of ibm-idsConditionAuxClass representing the known types of
# intrusions to be evaluated in conjunction with an IDS policy rule.
# This class applies to version 3 policies.
objectclass ibm-idsAttackConditionAuxClass
requires
objectClass
allows
ibm-idsAttackType,
description
# The ibm-idsIPAttackConditionAuxClass object class is an auxiliary
# subclass of ibm-idsAttackConditionAuxClass representing allowed IP
# values for IDS IP attacks. This class applies to version 3 policies.
objectclass ibm-idsIPAttackConditionAuxClass
requires
objectClass
allows
ibm-idsIPOptionRange,
description
# The ibm-idsTrafficRegulationConditionAuxClass object class is an
# auxiliary subclass of ibm-idsConditionAuxClass representing traffic
# regulation conditions. This auxiliary class has no significant
# attributes but its inclusion in the policy condition object signifies
# that traffic regulation parameters may be provided in the
# ibm-idsTrafficRegulationActionAuxClass. This class applies to version
# 3 policies.
objectclass ibm-idsTrafficRegulationConditionAuxClass
requires
objectClass
allows
description
# The ibm-idsScanConditionAuxClass object class is an auxiliary subclass
# of ibm-idsConditionAuxClass representing global conditions for setting
# scanning attack detection parameters. This auxiliary class has no
# significant attributes but its inclusion in the policy condition
# object signifies that the global scan parameters may be provided in
# the ibm-idsScanActionAuxClass. This class applies to version 3
# policies.
objectclass ibm-idsScanConditionAuxClass
requires
objectClass
allows
description
# The ibm-idsScanEventConditionAuxClass object class is an auxiliary
# subclass of ibm-idsConditionAuxClass specifying the scan event
# conditions to be detected. This auxiliary class has no significant
# attributes but its inclusion in the policy condition object signifies
# that the scan event parameters may be provided in the
# ibm-idsScanSensitivityActionAuxClass and/or
# ibm-idsScanExclusionActionAuxClass. Multiple scan events to be
# detected can be specified for a TCP/IP stack. This class applies to
# version 3 policies.
objectclass ibm-idsScanEventConditionAuxClass
requires
objectClass
allows
description
# The ibm-idsTransportConditionAuxClass object class is an auxiliary
# subclass of ibm-idsConditionAuxClass representing local and remote port
# ranges and protocol ranges to be applied to IDS conditions. This class
# applies to version 3 policies.
objectclass ibm-idsTransportConditionAuxClass
requires
objectClass
allows
ibm-idsLocalPortRange,
ibm-idsRemotePortRange,
ibm-idsProtocolRange,
description
# The ibm-idsHostConditionAuxClass object class is an auxiliary subclass
# of ibm-idsConditionAuxClass representing local and remote IP hosts
# to be applied to IDS conditions. This class applies to version 3
# policies.
objectclass ibm-idsHostConditionAuxClass
requires
objectClass
allows
ibm-idsLocalHostIPAddress,
ibm-idsRemoteHostIPAddress,
description
# The ibm-policyActionAuxClass object class is an auxiliary class that
# represents an action to be performed as a result of evaluation of a
# policy rule (e.g., the "If Condition then Action" semantic). It is
# attached directly to an instance of ibm-policyRuleActionAssociation
# for rule-specific actions, or to an instance of ibm-policyInstance or
# ibm-policyActionInstance for reusable actions. The actions
# themselves are represented by auxiliary subclasses such as
# ibm-serviceCategoriesAuxClass. This class applies to version 3
# policies.
objectclass ibm-policyActionAuxClass
requires
objectClass
# The ibm-serviceCategoriesAuxClass object class is an auxiliary subclass
# of ibm-policyActionAuxClass that contains a set of Quality of Service
# (QoS) attributes to apply to a flow of IP packets, identified by a
# policy rule condition, as they traverse the network. This class
# applies to version 3 policies.
objectclass ibm-serviceCategoriesAuxClass
requires
objectClass
allows
ibm-PolicyScope,
ibm-Permission,
ibm-MaxRate,
ibm-MinRate,
ibm-MaxDelay,
ibm-OutgoingTOS,
ibm-MaxConnections,
ibm-Interface,
ibm-DiffServInProfileRate,
ibm-DiffServInProfilePeakRate,
ibm-DiffServInProfileTokenBucket,
ibm-DiffServInProfileMaxPacketSize,
ibm-DiffServOutProfileTransmittedTOSByte,
ibm-DiffServExcessTrafficTreatment,
ibm-FlowServiceType,
ibm-MaxRatePerFlow,
ibm-MaxTokenBucketPerFlow,
ibm-MaxFlows,
ibm-SignalClient
# The ibm-inboundConnectionAuxClass object class is an auxiliary subclass
# of ibm-policyActionAuxClass that contains a set of Quality of Service
# (QoS) attributes to apply to an inbound flow of IP packets, identified
# by a policy rule condition, as they traverse the network. This class
# applies to version 3 policies.
objectclass ibm-inboundConnectionAuxClass
requires
objectClass
allows
ibm-inboundScope,
ibm-averageConnectionRate,
ibm-peakConnectionRate,
ibm-connectionBurstSize,
ibm-averageApplicationRequestRate,
ibm-applicationRequestPeakRate,
ibm-applicationRequestBurstSize,
ibm-prioritizedQueue
# The ibm-idsActionAuxClass object class is an auxiliary subclass of
# ibm-policyActionAuxClass. It represents actions to be performed
# for a corresponding Intrusion Detection Services (IDS) rule. This
# class applies to version 3 policies.
objectclass ibm-idsActionAuxClass
requires
objectClass,
ibm-idsActionType
allows
description
# The ibm-idsNotificationAuxClass object class is an auxiliary subclass
# of ibm-idsActionAuxClass indicating IDS notification actions. This
# class applies to version 3 policies.
objectclass ibm-idsNotificationAuxClass
requires
objectClass
allows
ibm-idsNotification,
ibm-idsStatInterval,
ibm-idsLoggingLevel,
ibm-idsTypeActions,
ibm-idsTraceData,
ibm-idsTraceRecordSize,
description
# The ibm-idsAttackActionsAuxClass object class is an auxiliary subclass
# of ibm-idsActionAuxClass indicating IDS attack type actions. This
# class applies to version 3 policies.
objectclass ibm-idsAttackActionsAuxClass
requires
objectClass
allows
ibm-idsMaxEventMessage,
description
# The ibm-idsFloodAttackActionsAuxClass object class is an auxiliary
# subclass of ibm-idsAttackActionsAuxClass indicating IDS flood attack
# type actions. This class applies to version 3 policies.
objectclass ibm-idsFloodAttackActionsAuxClass
requires
objectClass
allows
ibm-idsIfcFloodPercentage,
ibm-idsIfcFloodMinDiscard,
description
# The ibm-idsTrafficRegulationActionAuxClass object class is an
# auxiliary subclass of ibm-idsActionAuxClass representing actions for
# handling Traffic Regulation. It has no significant attributes but
# is used to anchor additional traffic regulation subclasses. This
# class applies to version 3 policies.
objectclass ibm-idsTrafficRegulationActionAuxClass
requires
objectClass
allows
description
# The ibm-idsTRtcpActionAuxClass object class is an auxiliary subclass
# of ibm-idsTrafficRegulationActionAuxClass representing actions for
# handling traffic regulation for TCP on a per port basis. This class
# applies to version 3 policies.
objectclass ibm-idsTRtcpActionAuxClass
requires
objectClass
allows
ibm-idsTRtcpTotalConnections,
ibm-idsTRtcpPercentage,
ibm-idsTRtcpLimitScope,
description
# The idsTRudpActionAuxClass object class is an auxiliary subclass of
# ibm-idsTrafficRegulationActionAuxClass representing actions for
# handling traffic regulation for UDP. This class applies to version 3
# policies.
objectclass ibm-idsTRudpActionAuxClass
requires
objectClass
allows
ibm-idsTRudpQueueSize,
description
# The ibm-idsScanActionAuxClass object class is an auxiliary subclass
# of ibm-idsActionAuxClass representing the global setting of scan
# attack detection parameters. Note that only one set of these
# parameters is allowed per TCP/IP stack. This class applies to version
# 3 policies.
objectclass ibm-idsScanActionAuxClass
requires
objectClass
allows
ibm-idsFSInterval,
ibm-idsFSThreshold,
ibm-idsSSInterval,
ibm-idsSSThreshold,
description
# The ibm-idsScanSensitivityActionAuxClass object class is an
# auxiliary subclass of ibm-idsActionAuxClass representing the
# sensitivity of the scan events which are detected. This class
# applies to version 3 policies.
objectclass ibm-idsScanSensitivityActionAuxClass
requires
objectClass
allows
ibm-idsSensitivity,
description
# The ibm-idsScanExclusionActionAuxClass object class is an
# auxiliary subclass of ibm-idsActionAuxClass representing exclusions
# in conjunction with scanning attacks. It is valid to be attached to
# an IDS action when the corresponding condition is for detecting scan
# events. This class applies to version 3 policies.
objectclass ibm-idsScanExclusionActionAuxClass
requires
objectClass
allows
ibm-idsScanExclusion,
description
# The ibm-policyRepository object class is a structural class which is
# used as the root of reusable policy information, such as policy
# conditions and policy actions. This class applies to version 3
# policies.
objectclass ibm-policyRepository
requires
objectClass,
ibm-policyRepositoryName
allows
cn,
description
# The ibm-policySubtreesPtrAuxClass object class is an auxiliary class
# that allows a set of pointers to be defined which point to sets of
# objects that are at the root of subtrees containing policy-related
# information. By attaching this pointer attribute to instances of
# various other classes, a policy administrator has a flexible way of
# providing an entry point into the directory that allows a client to
# locate and retrieve the policy information relevant to it in an
# efficient manner. This class applies to version 3 policies.
objectclass ibm-policySubtreesPtrAuxClass
requires
objectClass
allows
ibm-policySubtreesAuxContainedSet
# The ibm-policyGroupContainmentAuxClass object class is an auxiliary
# class used to bind policy group objects to an appropriate container
# object (e.g., another policy group object) via its attribute pointer
# ibm-policyGroupsAuxContainedSet. It is attached to instances of
# ibm-policyGroup.
objectclass ibm-policyGroupContainmentAuxClass
requires
objectClass
allows
ibm-policyGroupsAuxContainedSet
# The ibm-policyRuleContainmentAuxClass object class is an auxiliary
# class used to bind policy rule objects to an appropriate container
# object (e.g., a # policy group object) via its attribute pointer
# ibm-policyRulesAuxContainedSet. It is attached to instances of
# ibm-policyGroup.
objectclass ibm-policyRuleContainmentAuxClass
requires
objectClass
allows
ibm-policyRulesAuxContainedSet
# The ibm-policyGroupLoadDistributionAuxClass object class is an
# auxiliary class used to specify load distribution attributes for
# policy rules contained in the policy group. It is attached to
# instances of ibm-policyGroup. This class applies to version 2
# policies.
objectclass ibm-policyGroupLoadDistributionAuxClass
requires
objectClass
allows
ibm-policyGroupForLoadDistribution
# The SetSubnetPrioTosMask object class is a structural class that
# defines a mapping of IP type of service (TOS) byte to outbound
# interface priority values. It is not directly related to the other
# object classes defined for policy groups, rules, conditions, or
# actions.
objectclass SetSubnetPrioTosMask
requires
objectClass,
SubnetTosMask
allows
cn,
SubnetAddr,
PriorityTosMapping,
description