|
| Directory Services Schema | 357 | |
|
|
|
|
|
| Remarks | This attribute is only used on role objects. |
|
|
|
| IP restrictions are satisfied when the address matches |
|
|
|
| and general access is denied, and unsatisfied when the |
|
|
|
| address matches and general access is allowed. |
|
|
|
| Values are an identifier byte followed by a |
|
|
|
| number of bytes specifying a network address. |
|
|
|
| • For IP subnets, the identifier is <0x01>, followed by |
|
|
|
| the IP network address in network order, followed by |
|
|
|
| the IP network subnet mask in network order. For |
|
|
|
| example, the IP subnet 127.0.0.1/255.0.0.0 would be |
|
|
|
| represented as <0x01 0x7F 0x00 0x00 0x01 0xFF |
|
|
|
| 0x00 0x00 0x00>. For IP ranges, the identifier is |
|
|
|
| <0x02>, followed by the lower bound IP address, |
|
|
|
| followed by the upper bound IP address. Both are |
|
|
|
| inclusive and in network order, for example the IP |
|
|
|
| range 10.0.0.1 to 10.0.10.255 would be represented |
|
|
|
| as <0x02 0x0A 0x00 0x00 0x01 0x0A 0x00 0x0A |
|
|
|
| 0xFF> |
|
|
|
| • For DNS names or domains, the identifier is <0x03>, |
|
|
|
| followed by the ASCII encoded DNS name. DNS |
|
|
|
| names can be prefixed with a * (ASCII 0x2A), to |
|
|
|
| indicate they should match all names which end with |
|
|
|
| the specified string, for example the DNS domain |
|
|
|
| *.acme.com is represented as <0x03 0x2A 0x2E |
|
|
|
| 0x61 0x63 0x6D 0x65 0x2E 0x63 0x6F 0x6D>. |
|
|
|
| General access is allowed. |
|
|
|
|
|
|
|
hpqRoleTimeRestriction |
|
|
| |
|
|
|
|
|
| OID | 1.3.6.1.4.1.232.1001.1.1.2.6 |
|
|
|
|
|
|
|
| Description | A seven day time grid, with |
|
|
|
| specifies rights restrictions under a time constraint. |
|
|
|
|
|
|
|
| Syntax | Octet String |
|
|
|
|
|
|
|
| Options | Single Valued |
|
|
|
|
|
|
|