RFC 4104
Policy Core Extension Lightweight Directory Access Protocol Schema (PCELS)
5.3. The Three Policy Group Classes
The pcelsGroup class is the base class for representing a policy group. It is mapped from the modified PolicyGroup class [PCIM_EXT]. The pcelsGroup class is derived from the pcelsPolicySet class. To maximize flexibility, the pcelsGroup class is defined as abstract. An auxiliary subclass pcelsGroupAuxClass enables the attachment of a policy group to an existing entry, while a structural subclass pcelsGroupInstance permits the representation of a policy group as a standalone entry. The pcelsGroup class is defined as follows: ( 1.3.6.1.1.9.1.3 NAME 'pcelsGroup' DESC 'Base class for representing a policy group' SUP pcelsPolicySet ABSTRACT MAY ( pcimGroupName ) )
The pcelsGroupAuxClass class is defined as follows:
( 1.3.6.1.1.9.1.4
NAME 'pcelsGroupAuxClass'
DESC 'Auxiliary class for representing a policy group'
SUP pcelsGroup
AUXILIARY
)
The pcelsGroupInstance class is defined as follows:
( 1.3.6.1.1.9.1.5
NAME 'pcelsGroupInstance'
DESC 'Structural class for representing a policy group'
SUP pcelsGroup
STRUCTURAL
)
The pcimGroupName attribute type used by the pcelsGroup class is
defined in the section 5.2 of [PCLS]. In the pcelsGroup object
class, this attribute preserves its syntax and semantics as defined
by [PCLS] and [PCIM].
Note: PCELS implementations SHOULD support pcelsGroup and its two
subclasses and MAY also support pcimGroup and its two subclasses
[PCLS]. Applications that choose to support pcelsGroup and its two
subclasses MUST use the aggregation mechanism provided by
pcelsPolicySetAssociation for aggregating policy groups or policy
rules in policy groups represented as instances of pcelsGroup.
5.4. The Three Policy Rule Classes
The pcelsRule class is the base class for representing a policy rule.
It is mapped from the modified PolicyRule class [PCIM_EXT]. The
pcelsRule class is derived from the pcelsPolicySet class. To
maximize flexibility, the pcelsRule class is defined as abstract. An
auxiliary subclass pcelsRuleAuxClass enables the attachment of a
policy rule to an existing entry, while a structural subclass
pcelsRuleInstance permits the representation of a policy rule as a
standalone entry.
When reading a pcelsRule instance that has a pcimConditionAuxClass
attached, from the policy rule perspective the attribute
pcelsConditionList MUST be ignored. For example, if present, the
attribute MUST NOT be considered an association between this policy
rule and a policy condition. Such situations may occur, for example,
when a pcelsCompoundConditionAuxClass is attached to a pcelsRule
instance.
When reading a pcelsRule instance that has a pcimActionAuxClass
attached, from the policy rule perspective the attribute
pcelsActionList MUST be ignored. For example, if present, the
attribute MUST NOT be considered an association between this policy
rule and a policy action. Such situations may occur, for example,
when a pcelsCompoundActionAuxClass is attached to a pcelsRule
instance.
The pcelsRule class is defined as follows:
( 1.3.6.1.1.9.1.6
NAME 'pcelsRule'
DESC 'Base class for representing a policy rule'
SUP pcelsPolicySet
ABSTRACT
MAY ( pcimRuleName
$ pcimRuleEnabled
$ pcimRuleUsage
$ pcimRuleMandatory
$ pcelsRuleValidityPeriodList
$ pcelsConditionListType
$ pcelsConditionList
$ pcelsActionList
$ pcelsSequencedActions
$ pcelsExecutionStrategy )
)
The pcelsRuleAuxClass class is defined as follows:
( 1.3.6.1.1.9.1.7
NAME 'pcelsRuleAuxClass'
DESC 'Auxiliary class for representing a policy rule'
SUP pcelsRule
AUXILIARY
)
The pcelsRuleInstance class is defined as follows:
( 1.3.6.1.1.9.1.8
NAME 'pcelsRuleInstance'
DESC 'Structural class for representing a policy rule'
SUP pcelsRule
STRUCTURAL
)
Four of the attributes used by the pcelsRule class are defined in the section 5.3 of [PCLS]. These attributes are: pcimRuleName, pcimRuleEnabled, pcimRuleUsage and pcimRuleMandatory. In the pcelsRule object class, these attributes preserve their syntax and semantics as defined by [PCLS] and [PCIM]. The attributes pcimRuleValidityPeriodList, pcimRuleConditionListType, pcimRuleConditionList, pcimRuleActionList and pcimRuleSequencedActions defined in [PCLS] are not used by pcelsRule. Instead, this class uses the new attributes pcelsRuleValidityPeriodList, pcelsConditionListType, pcelsConditionList, pcelsActionList and pcelsSequencedActions. Except for pcelsRuleValidityPeriodList, the new attributes are also used for similar purpose by either pcelsCompoundConditionAuxClass or pcelsCompoundActionAuxClass. The pcelsRuleValidityPeriodList attribute type is used in the realization of the PolicyRuleValidityPeriod association ([PCIM_EXT] and [PCIM]). This attribute type is of syntax DN [LDAP_SYNTAX]. It has an equality matching rule of distinguishedNameMatch [LDAP_SYNTAX]. Attributes of this type can have multiple values. The only allowed values for pcelsRuleValidityPeriodList attributes are DNs of pcimRuleValidityAssociation entries. In a pcelsRule, the pcelsRuleValidityPeriodList attribute represents the associations between this policy rule and its time period conditions. This attribute type is defined as follows: ( 1.3.6.1.1.9.2.62 NAME 'pcelsRuleValidityPeriodList' DESC 'Unordered set of DNs of pcimRuleValidityAssociation entries' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) The pcelsConditionListType attribute type indicates whether the set of aggregated conditions is in disjunctive or conjunctive normal form. It is mapped from the PolicyRule.ConditionListType property [PCIM] (identical to the CompoundPolicyCondition.ConditionListType property defined in [PCIM_EXT]). This attribute type is of syntax Integer [LDAP_SYNTAX]. It has an equality matching rule of integerMatch [LDAP_SYNTAX] and an ordering matching rule of integerOrderingMatch [LDAP_MATCH]. Attributes of this type can only have a single value. The only allowed values for attributes of this type are 1 (Disjunctive) and 2 (Conjunctive). If this attribute is missing from a pcelsRule instance, applications MUST assume that the set of aggregated conditions is in disjunctive normal form.
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.6
NAME 'pcelsConditionListType'
DESC 'Indicates the type of condition aggregation'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE
)
The pcelsConditionList attribute type is used in the realization of
the PolicyConditionStructure association [PCIM_EXT]. This attribute
type is of syntax DN [LDAP_SYNTAX]. It has an equality matching rule
of distinguishedNameMatch [LDAP_SYNTAX]. Attributes of this type can
have multiple values. The only allowed values for pcelsConditionList
attributes are DNs of pcelsConditionAssociation entries. In a
pcelsRule, the pcelsConditionList attribute represents the
associations between this policy rule and its conditions.
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.7
NAME 'pcelsConditionList'
DESC 'Unordered set of DNs of pcelsConditionAssociation entries'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
)
The pcelsActionList attribute type is used in the realization of the
PolicyActionStructure association [PCIM_EXT]. This attribute type is
of syntax DN [LDAP_SYNTAX]. It has an equality matching rule of
distinguishedNameMatch [LDAP_SYNTAX]. Attributes of this type can
have multiple values. The only allowed values for pcelsActionList
attributes are DNs of pcelsActionAssociation entries. In a
pcelsRule, the pcelsActionList attribute represents the associations
between this policy rule and its actions.
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.8
NAME 'pcelsActionList'
DESC 'Unordered set of DNs of pcelsActionAssociation entries'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
)
The pcelsSequencedActions attribute type indicates whether the ordered execution of actions in an aggregate is Mandatory, Recommended or DontCare. It is mapped from the PolicyRule.SequencedActions property [PCIM] (identical to the CompoundPolicyAction.SequencedActions property defined in [PCIM_EXT]). This attribute type is of syntax Integer [LDAP_SYNTAX]. It has an equality matching rule of integerMatch [LDAP_SYNTAX] and an ordering matching rule of integerOrderingMatch [LDAP_MATCH]. Attributes of this type can only have a single value. The only allowed values for attributes of this type are 1 (Mandatory), 2 (Recommended) and 3 (DontCare). If this attribute is missing from a pcelsRule instance, applications MUST assume that the ordered execution of actions in this rule is not important (DontCare). This attribute type is defined as follows: ( 1.3.6.1.1.9.2.9 NAME 'pcelsSequencedActions' DESC 'Indicates the importance of action sequencing' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) The pcelsExecutionStrategy attribute type indicates whether the actions in an aggregate are to be executed until success, all (independent of their outcome) or until failure. It is mapped from the PolicyRule.ExecutionStrategy property [PCIM_EXT] (identical to the CompoundPolicyAction.ExecutionStrategy property). This attribute type is of syntax Integer [LDAP_SYNTAX]. It has an equality matching rule of integerMatch [LDAP_SYNTAX] and an ordering matching rule of integerOrderingMatch [LDAP_MATCH]. Attributes of this type can only have a single value. The only allowed values for attributes of this type are 1 (Do until success), 2 (Do all) and 3 (Do until failure). If this attribute is missing from a pcelsRule instance, applications MUST assume that all the actions are to be executed (Do all). This attribute type is defined as follows: ( 1.3.6.1.1.9.2.10 NAME 'pcelsExecutionStrategy' DESC 'Indicates the action execution strategy' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
Note 1: Rule validity periods for an instance of pcelsRule are realized using the attribute pcelsRuleValidityPeriodList and pcimRuleValidityAssociation [PCLS] entries subordinated to the rule. If DIT structure rules and name forms are written for a PCELS implementation (as suggested in section 5.5 of [PCLS]), they would require that an instance of the pcimRuleValidityAssociation class have as its superior an instance of the pcelsRule class or, if applicable, an instance of the pcimRule class. Any structure rules and name forms that require an instance of the pcimRuleValidityAssociation class to have as its superior only an instance of the pcimRule class, are in conflict and MUST be removed. Note 2: PCELS implementations SHOULD support pcelsRule and its two subclasses and MAY also support pcimRule and its two subclasses [PCLS]. Applications that choose to support pcelsRule and its two subclasses MUST use the aggregation mechanism provided by pcelsPolicySetAssociation for aggregating policy groups or policy rules in policy rules represented as instances of pcelsRule.5.5. The Structural Class pcelsConditionAssociation
The pcelsConditionAssociation class is used in the aggregation of PolicyCondition instances [PCIM]. pcelsConditionAssociation entries are always subordinated to the aggregating entry. When subordinated to an instance of pcelsRule, the pcelsConditionAssociation entry realizes the PolicyConditionInPolicyRule association [PCIM_EXT]. When subordinated to an instance of pcelsCompoundConditionAuxClass, the pcelsConditionAssociation entry realizes the PolicyConditionInPolicyCondition association [PCIM_EXT]. The pcelsConditionAssociation class is a structural object class and it is derived from the pcimRuleConditionAssociation class [PCLS]. The aggregation of a reusable instance of pcimConditionAuxClass is realized via the pcimConditionDN attribute. A non-reusable instance of pcimConditionAuxClass is attached directly to the pcelsConditionAssociation entry. When reading a pcelsConditionAssociation entry that has a pcimConditionAuxClass instance attached, the attribute pcimConditionDN MUST be ignored. Applications SHOULD remove the pcimConditionDN value from a pcelsConditionAssociation upon attachment of a pcimConditionAuxClass to the entry.
The pcelsConditionAssociation class is defined as follows:
( 1.3.6.1.1.9.1.9
NAME 'pcelsConditionAssociation'
DESC 'Associates a policy conditions to an aggregating entry'
SUP pcimRuleConditionAssociation
STRUCTURAL
)
This class extends the semantics of the pcimRuleConditionAssociation
object class without using any new attributes. All its attributes
are inherited from the pcimRuleConditionAssociation that is defined
in section 5.4 of [PCLS].
5.6. The Structural Class pcelsActionAssociation
The pcelsActionAssociation class is used in the aggregation of
PolicyAction instances [PCIM]. pcelsActionAssociation entries are
always subordinated to the aggregating entry. When subordinated to a
pcelsRule instance, the pcelsActionAssociation entry realizes the
PolicyActionInPolicyRule association [PCIM_EXT]. When subordinated
to an instance of pcelsCompoundActionAuxClass, the
pcelsActionAssociation entry realizes the PolicyActionInPolicyAction
association [PCIM_EXT].
The pcelsActionAssociation class is a structural object class and it
is derived from the pcimRuleActionAssociation class [PCLS].
The aggregation of a reusable instance of pcimActionAuxClass is
realized via the pcimActionDN attribute. A non-reusable instance of
pcimActionAuxClass is attached directly to the pcelsActionAssociation
entry.
When reading a pcelsActionAssociation entry that has a
pcimActionAuxClass instance attached, the attribute pcimActionDN MUST
be ignored. Applications SHOULD remove the pcimActionDN value from a
pcelsActionAssociation upon attachment of a pcimActionAuxClass to the
entry.
The pcelsActionAssociation class is defined as follows:
( 1.3.6.1.1.9.1.10
NAME 'pcelsActionAssociation'
DESC 'Associates a policy conditions to an aggregating entry'
SUP pcimRuleActionAssociation
STRUCTURAL
)
This class extends the semantics of the pcimRuleActionAssociation object class without using any new attributes. All its attributes are inherited from the pcimRuleActionAssociation that is defined in section 5.6 of [PCLS].5.7. The Auxiliary Class pcelsSimpleConditionAuxClass
The pcelsSimpleConditionAuxClass class implements a Value matching condition for a Variable. It is mapped from the SimplePolicyCondition class [PCIM_EXT]. The pcelsSimpleConditionAuxClass class is an auxiliary object class and it is derived from the pcimConditionAuxClass class [PCLS]. A reusable variable/value is associated to a pcelsSimpleConditionAuxClass via the pcelsVariableDN/pcelsValueDN reference from the simple condition instance. A non-reusable variable/value is associated directly as auxiliary object class to the same entry as the pcelsSimpleConditionAuxClass instance. When reading a pcelsSimpleConditionAuxClass instance that has an instance of pcelsVariable attached, the attribute pcelsVariableDN MUST be ignored. Applications SHOULD remove the pcelsVariableDN value from a pcelsSimpleConditionAuxClass instance upon attachment of a pcelsVariable instance to the same entry. When reading a pcelsSimpleConditionAuxClass instance that has an instance of pcelsValue attached, the attribute pcelsValueDN MUST be ignored. Applications SHOULD remove the pcelsValueDN value from a pcelsSimpleConditionAuxClass instance upon attachment of a pcelsValue instance to the same entry. The pcelsSimpleConditionAuxClass class is defined as follows: ( 1.3.6.1.1.9.1.11 NAME 'pcelsSimpleConditionAuxClass' DESC 'Value matching condition for a policy variable' SUP pcimConditionAuxClass AUXILIARY MAY ( pcelsVariableDN $ pcelsValueDN ) ) The pcelsVariableDN attribute type realizes the PolicyVariableInSimplePolicyCondition association [PCIM_EXT]. This attribute type is of syntax DN [LDAP_SYNTAX]. It has an equality matching rule of distinguishedNameMatch [LDAP_SYNTAX]. Attributes of this type can only have a single value. The only allowed values for pcelsVariableDN attributes are DNs of pcelsVariable entries. In a
pcelsSimpleConditionAuxClass, the pcelsVariableDN attribute
represents the association between this simple policy condition and
its policy variable.
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.11
NAME 'pcelsVariableDN'
DESC 'DN of a pcelsVariable entry'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
SINGLE-VALUE
)
The pcelsValueDN attribute type realizes the
PolicyValueInSimplePolicyCondition association [PCIM_EXT]. This
attribute type is of syntax DN [LDAP_SYNTAX]. It has an equality
matching rule of distinguishedNameMatch [LDAP_SYNTAX]. Attributes of
this type can only have a single value. The only allowed values for
pcelsValueDN attributes are DNs of pcelsValueAuxClass entries. In a
pcelsSimpleConditionAuxClass, the pcelsValueDN attribute represents
the association between this simple policy condition and its policy
value.
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.12
NAME 'pcelsValueDN'
DESC 'DN of a pcelsValueAuxClass entry'
EQUALITY distinguishedNameMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
SINGLE-VALUE
)
Note: An instance of pcelsSimpleActionAuxClass and an instance of
pcelsSimpleConditionAuxClass MUST NOT be attached to the same entry.
Because the two classes use the same mechanisms to associate
Variables and Values, this restriction is necessary in order to avoid
ambiguities.
5.8. The Auxiliary Class pcelsCompoundConditionAuxClass
The pcelsCompoundConditionAuxClass class represents a compound policy
condition formed by the aggregation of other policy conditions. It
is mapped from the CompoundPolicyCondition class [PCIM_EXT]. The
pcelsCompoundConditionAuxClass class is an auxiliary object class and
it is derived from the pcimConditionAuxClass class [PCLS].
The pcelsCompoundConditionAuxClass class is defined as follows:
( 1.3.6.1.1.9.1.12
NAME 'pcelsCompoundConditionAuxClass'
DESC 'Boolean combination of simpler conditions'
SUP pcimConditionAuxClass
AUXILIARY
MAY ( pcelsConditionListType
$ pcelsConditionList )
)
If the pcelsConditionListType attribute is missing from a
pcelsCompoundConditionAuxClass instance, applications MUST assume
that the set of aggregated conditions is in disjunctive normal form.
In a pcelsCompoundConditionAuxClass instance, the pcelsConditionList
attribute represents the associations between this compound policy
condition and the compounded conditions.
These attribute types are defined in section 5.4.
Like pcelsRule, instances of pcelsCompoundConditionAuxClass use
pcelsConditionList values and subordinated pcelsConditionAssociation
entries to aggregate policy conditions.
5.9. The Auxiliary Class pcelsCompoundFilterConditionAuxClass
The pcelsCompoundFilterConditionAuxClass class represents a domain-
level filter. It is mapped from the CompoundFilterCondition class
[PCIM_EXT]. The pcelsCompoundFilterConditionAuxClass class is an
auxiliary object class and it is derived from the
pcelsCompoundConditionAuxClass class.
The pcelsCompoundFilterConditionAuxClass class is defined as follows:
( 1.3.6.1.1.9.1.13
NAME 'pcelsCompoundFilterConditionAuxClass'
DESC 'A compound condition with mirroring capabilities'
SUP pcelsCompoundConditionAuxClass
AUXILIARY
MAY ( pcelsIsMirrored )
)
The pcelsIsMirrored attribute type indicates whether the traffic that
mirrors the specified filter is to be treated as matching the filter.
It is mapped from the CompoundFilterCondition.IsMirrored property
[PCIM_EXT]. This attribute type is of syntax Boolean [LDAP_SYNTAX].
It has an equality matching rule of booleanMatch [LDAP_MATCH].
Attributes of this type can only have a single value. If this
attribute is missing from a pcelsCompoundFilterConditionAuxClass
instance, applications MUST assume that the filter is not mirrored.
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.13
NAME 'pcelsIsMirrored'
DESC 'Indicates whether the mirrored traffic matches'
EQUALITY booleanMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
SINGLE-VALUE
)
5.10. The Auxiliary Class pcelsSimpleActionAuxClass
The pcelsSimpleActionAuxClass class implements the action of
assigning a Value to a Variable. It is mapped from the
SimplePolicyAction class [PCIM_EXT]. The pcelsSimpleActionAuxClass
class is an auxiliary object class and it is derived from the
pcimActionAuxClass class [PCLS].
A reusable variable/value is associated to a
pcelsSimpleActionAuxClass via the pcelsVariableDN/pcelsValueDN
reference from the simple action instance. A non-reusable
variable/value is associated directly as auxiliary object class to
the same entry as the pcelsSimpleActionAuxClass instance.
When reading a pcelsSimpleActionAuxClass instance that has an
instance of pcelsVariable attached, the attribute pcelsVariableDN
MUST be ignored. Applications SHOULD remove the pcelsVariableDN
value from a pcelsSimpleActionAuxClass instance upon attachment of a
pcelsVariable instance to the same entry.
When reading a pcelsSimpleActionAuxClass instance that has an
instance of pcelsValue attached, the attribute pcelsValueDN MUST be
ignored. Applications SHOULD remove the pcelsValueDN value from a
pcelsSimpleActionAuxClass instance upon attachment of a pcelsValue
instance to the same entry.
The pcelsSimpleActionAuxClass class is defined as follows:
( 1.3.6.1.1.9.1.14
NAME 'pcelsSimpleActionAuxClass'
DESC 'Value assignment action for a policy variable'
SUP pcimActionAuxClass
AUXILIARY
MAY ( pcelsVariableDN
$ pcelsValueDN )
)
In a pcelsSimpleActionAuxClass, the pcelsVariableDN attribute
represents the association between this simple policy action and its
policy variable. It realizes the PolicyVariableInSimplePolicyAction
association [PCIM_EXT].
In a pcelsSimpleActionAuxClass, the pcelsValueDN attribute represents
the association between this simple policy action and its policy
value. It realizes the PolicyValueInSimplePolicyAction association
[PCIM_EXT].
These attributes are defined in section 5.7.
Note: An instance of pcelsSimpleActionAuxClass and an instance of
pcelsSimpleConditionAuxClass MUST NOT be attached to the same entry.
Because the two classes use the same mechanisms to associate
Variables and Values, this restriction is necessary in order to avoid
ambiguities.
5.11. The Auxiliary Class pcelsCompoundActionAuxClass
The pcelsCompoundActionAuxClass class represents a compound policy
action formed by the aggregation of other policy actions. It is
mapped from the CompoundPolicyCondition class [PCIM_EXT]. The
pcelsCompoundActionAuxClass class is an auxiliary object class and it
is derived from the pcimActionAuxClass class [PCLS].
The pcelsCompoundActionAuxClass class is defined as follows:
( 1.3.6.1.1.9.1.15
NAME 'pcelsCompoundActionAuxClass'
DESC 'Sequence of actions with specific execution strategy'
SUP pcimActionAuxClass
AUXILIARY
MAY ( pcelsActionList
$ pcelsSequencedActions
$ pcelsExecutionStrategy )
)
In a pcelsCompoundActionAuxClass instance, the pcelsActionList attribute represents the associations between this policy rule and its actions. If the pcelsSequencedActions attribute is missing from a pcelsCompoundActionAuxClass instance, applications MUST assume that the ordered execution of actions in this compound policy action is not important (DontCare). If the pcelsExecutionStrategy attribute is missing from a pcelsCompoundActionAuxClass instance, applications MUST assume that all the actions are to be executed (Do all). These attribute types are defined in section 5.4. Like pcelsRule, instances of pcelsCompoundActionAuxClass use pcelsActionList values and subordinated pcelsActionAssociation entries to aggregate policy actions.5.12. The Abstract Class pcelsVariable
The pcelsVariable class is mapped from the PolicyVariable class [PCIM_EXT]. The pcelsVariable is an abstract object class and it is derived directly from the 'top' object class [LDAP_SCHEMA]. A pcelsVariable instance may be associated to a set of pcelsValueAuxClass instances that represent its expected values. The expected values for a variable may be indicated by: (1) pcelsExpectedValueList references to reusable instances of pcelsValueAuxClass, or (2) pcelsExpectedValueList references to subordinated non- reusable instances of pcelsValueAuxClass The pcelsVariable class is defined as follows: ( 1.3.6.1.1.9.1.16 NAME 'pcelsVariable' DESC 'Base class for representing a policy variable' SUP top ABSTRACT MAY ( pcelsVariableName $ pcelsExpectedValueList ) ) The pcelsVariableName attribute type may be used as naming attribute for pcelsVariable entries. This attribute type is of syntax Directory String [LDAP_SYNTAX]. It has an equality matching rule of
caseIgnoreMatch, an ordering matching rule of caseIgnoreOrderingMatch and a substrings matching rule of caseIgnoreSubstringsMatch [LDAP_SYNTAX]. Attributes of this type can only have a single value. This attribute type is defined as follows: ( 1.3.6.1.1.9.2.14 NAME 'pcelsVariableName' DESC 'The user-friendly name of a variable.' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) The pcelsExpectedValueList attribute type realizes the ExpectedPolicyValuesForVariable association [PCIM_EXT]. This attribute type is of syntax DN [LDAP_SYNTAX]. It has an equality matching rule of distinguishedNameMatch [LDAP_SYNTAX]. Attributes of this type can have multiple values. The only allowed values for pcelsExpectedValueList attributes are DNs of pcelsValueAuxClass entries. In a pcelsVariable, the pcelsExpectedValueList attribute represents the associations between this policy variable and its expected values. This attribute type is defined as follows: ( 1.3.6.1.1.9.2.15 NAME 'pcelsExpectedValueList' DESC 'Unordered set of DNs of pcelsValueAuxClass entries representing expected values for a policy variable' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )5.13. The Auxiliary Class pcelsExplicitVariableAuxClass
The pcelsExplicitVariableAuxClass class is mapped from the PolicyExplicitVariable class [PCIM_EXT]. The pcelsExplicitVariableAuxClass is an auxiliary object class and it is derived from the pcelsVariable class.
The pcelsExplicitVariableAuxClass class is defined as follows:
( 1.3.6.1.1.9.1.17
NAME 'pcelsExplicitVariableAuxClass'
DESC 'Explicitly defined policy variable'
SUP pcelsVariable
AUXILIARY
MUST ( pcelsVariableModelClass
$ pcelsVariableModelProperty )
)
The pcelsVariableModelClass attribute type identifies a [CIM] class
whose property is evaluated or set as a variable. It is mapped from
the PolicyExplicitVariable.ModelClass property [PCIM_EXT]. This
attribute type is of syntax Directory String [LDAP_SYNTAX]. It has
an equality matching rule of caseIgnoreMatch [LDAP_SYNTAX].
Attributes of this type can only have a single value.
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.16
NAME 'pcelsVariableModelClass'
DESC 'Identifies a CIM class'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
)
The pcelsVariableModelProperty attribute type identifies the
attribute of a [CIM] class, which is evaluated or set as a variable.
It is mapped from the PolicyExplicitVariable.ModelProperty property
[PCIM_EXT]. This attribute type is of syntax Directory String
[LDAP_SYNTAX]. It has an equality matching rule of caseIgnoreMatch
[LDAP_SYNTAX]. Attributes of this type can only have a single value.
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.17
NAME 'pcelsVariableModelProperty'
DESC 'Identifies the property of a CIM class.'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
)
5.14. The Auxiliary Class pcelsImplicitVariableAuxClass
The pcelsImplicitVariableAuxClass class is mapped from the PolicyImplicitVariable class [PCIM_EXT]. The pcelsImplicitVariableAuxClass is an auxiliary object class and it is derived from the pcelsVariable class. The pcelsImplicitVariableAuxClass class does not represent actual variables; these are introduced by its subclasses. pcelsImplicitVariableAuxClass introduces the semantics of being an implicitly defined policy variable and these semantics are inherited by all its subclasses. These semantics include those inherited from pcelsVariable that possibly represent either rule-specific or reusable policy variables. In order to preserve the ability to represent rule-specific or reusable variables, all the subclasses of pcelsImplicitVariableAuxClass MUST also be auxiliary classes. The pcelsImplicitVariableAuxClass class is defined as follows: ( 1.3.6.1.1.9.1.18 NAME 'pcelsImplicitVariableAuxClass' DESC 'Implicitly defined policy variable' SUP pcelsVariable AUXILIARY MAY ( pcelsExpectedValueTypes ) ) The pcelsExpectedValueTypes attribute type represents the set of policy value types that may be used with this policy variable. It is mapped from the PolicyImplicitVariable.ValueTypes property [PCIM_EXT]. This attribute type is of syntax Directory String [LDAP_SYNTAX]. It has an equality matching rule of caseIgnoreMatch [LDAP_SYNTAX]. Attributes of this type can have multiple values. This attribute type is defined as follows: ( 1.3.6.1.1.9.2.18 NAME 'pcelsExpectedValueTypes' DESC 'Identifies subclasses of pcelsValueAuxClass by name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
5.15. The Subclasses of pcelsImplicitVariableAuxClass
The following classes are derived from the pcelsImplicitVariableAuxClass class. They are mapped from the corresponding subclasses of the PolicyImplicitVariable class [PCIM_EXT]. All the classes defined below are auxiliary object classes. Each one of the classes defined in this section introduces specific restrictions for the values of the pcelsExpectedValueTypes attribute. If this attribute is missing, applications MUST assume that all allowed value types are expected for the policy variable. Some of these classes have additional restrictions on the actual values of the associated policy value instances (e.g., only integers in the range 0..65535 must be used with a SourcePort variable). The association between a pcelsImplicitVariableAuxClass instance and a pcelsValueAuxClass instance that contains values outside the valid range or set for that variable SHOULD be considered invalid. The entry that realizes such association SHOULD be treated as invalid and the policy rules or groups that refer to it SHOULD be treated as being disabled, meaning that the execution of such policy rules or groups SHOULD be stopped. The pcelsSourceIPv4VariableAuxClass class is defined as follows: ( 1.3.6.1.1.9.1.19 NAME 'pcelsSourceIPv4VariableAuxClass' DESC 'Source IP v4 address' SUP pcelsImplicitVariableAuxClass AUXILIARY ) In a pcelsSourceIPv4VariableAuxClass instance, the only allowed value for the pcelsExpectedValueTypes attribute is 'pcelsIPv4AddrValueAuxClass'. The pcelsSourceIPv6VariableAuxClass class is defined as follows: ( 1.3.6.1.1.9.1.20 NAME 'pcelsSourceIPv6VariableAuxClass' DESC 'Source IP v6 address' SUP pcelsImplicitVariableAuxClass AUXILIARY )
In a pcelsSourceIPv6VariableAuxClass instance, the only allowed value
for the pcelsExpectedValueTypes attribute is
'pcelsIPv6AddrValueAuxClass'.
The pcelsDestinationIPv4VariableAuxClass class is defined as follows:
( 1.3.6.1.1.9.1.21
NAME 'pcelsDestinationIPv4VariableAuxClass'
DESC 'Destination IP v4 address'
SUP pcelsImplicitVariableAuxClass
AUXILIARY
)
In a pcelsDestinationIPv4VariableAuxClass instance, the only allowed
value for the pcelsExpectedValueTypes attribute is
'pcelsIPv4AddrValueAuxClass'.
The pcelsDestinationIPv6VariableAuxClass class is defined as follows:
( 1.3.6.1.1.9.1.22
NAME 'pcelsDestinationIPv6VariableAuxClass'
DESC 'Destination IP v6 address'
SUP pcelsImplicitVariableAuxClass
AUXILIARY
)
In a pcelsDestinationIPv6VariableAuxClass instance, the only allowed
value for the pcelsExpectedValueTypes attribute is
'pcelsIPv6AddrValueAuxClass'.
The pcelsSourcePortVariableAuxClass class is defined as follows:
( 1.3.6.1.1.9.1.23
NAME 'pcelsSourcePortVariableAuxClass'
DESC 'Source port'
SUP pcelsImplicitVariableAuxClass
AUXILIARY
)
In a pcelsSourcePortVariableAuxClass instance, the only allowed value
for the pcelsExpectedValueTypes attribute is
'pcelsIntegerValueAuxClass'. Additionally, only policy values that
represent integers in the range 0..65535 (inclusive) SHOULD be used
with pcelsSourcePortVariableAuxClass instances.
The pcelsDestinationPortVariableAuxClass class is defined as follows:
( 1.3.6.1.1.9.1.24
NAME 'pcelsDestinationPortVariableAuxClass'
DESC 'Destination port'
SUP pcelsImplicitVariableAuxClass
AUXILIARY
)
In a pcelsDestinationPortVariableAuxClass instance, the only allowed
value for the pcelsExpectedValueTypes attribute is
'pcelsIntegerValueAuxClass'. Additionally, only policy values that
represent integers in the range 0..65535 (inclusive) SHOULD be used
with pcelsDestinationPortVariableAuxClass instances.
The pcelsIPProtocolVariableAuxClass class is defined as follows:
( 1.3.6.1.1.9.1.25
NAME 'pcelsIPProtocolVariableAuxClass'
DESC 'IP protocol number'
SUP pcelsImplicitVariableAuxClass
AUXILIARY
)
In a pcelsIPProtocolVariableAuxClass instance, the only allowed value
for the pcelsExpectedValueTypes attribute is
'pcelsIntegerValueAuxClass'. Additionally, only policy values that
represent integers in the range 0..255 (inclusive) SHOULD be used
with pcelsIPProtocolVariableAuxClass instances.
The pcelsIPVersionVariableAuxClass class is defined as follows:
( 1.3.6.1.1.9.1.26
NAME 'pcelsIPVersionVariableAuxClass'
DESC 'IP version number'
SUP pcelsImplicitVariableAuxClass
AUXILIARY
)
In a pcelsIPVersionVariableAuxClass instance, the only allowed value
for the pcelsExpectedValueTypes attribute is
'pcelsIntegerValueAuxClass'. Additionally, only policy values that
represent integers in the range 0..15 (inclusive) SHOULD be used with
pcelsIPVersionVariableAuxClass instances.
The pcelsIPToSVariableAuxClass class is defined as follows:
( 1.3.6.1.1.9.1.27
NAME 'pcelsIPToSVariableAuxClass'
DESC 'IP ToS octet'
SUP pcelsImplicitVariableAuxClass
AUXILIARY
)
In a pcelsIPToSVariableAuxClass instance, the only allowed values for
the pcelsExpectedValueTypes attribute are 'pcelsIntegerValueAuxClass'
and 'pcelsBitStringValueAuxClass'. Additionally, only policy values
that represent integers in the range 0..255 (inclusive) or 8-bit
bitStrings SHOULD be used with pcelsIPToSVariableAuxClass instances.
The pcelsDSCPVariableAuxClass class is defined as follows:
( 1.3.6.1.1.9.1.28
NAME 'pcelsDSCPVariableAuxClass'
DESC 'DiffServ code point'
SUP pcelsImplicitVariableAuxClass
AUXILIARY
)
In a pcelsDSCPVariableAuxClass instance, the only allowed values for
the pcelsExpectedValueTypes attribute are 'pcelsIntegerValueAuxClass'
and 'pcelsBitStringValueAuxClass'. Additionally, only policy values
that represent integers in the range 0..63 (inclusive) or 6-bit
bitStrings SHOULD be used with pcelsDSCPVariableAuxClass instances.
The pcelsFlowIdVariableAuxClass class is defined as follows:
( 1.3.6.1.1.9.1.29
NAME 'pcelsFlowIdVariableAuxClass'
DESC 'Flow Identifier'
SUP pcelsImplicitVariableAuxClass
AUXILIARY
)
In a pcelsFlowIdVariableAuxClass instance, the only allowed values
for the pcelsExpectedValueTypes attribute are
'pcelsIntegerValueAuxClass' and 'pcelsBitStringValueAuxClass'.
Additionally, only policy values that represent integers in the range
0..1048575 (inclusive) or 20-bit bitStrings SHOULD be used with
pcelsFlowIdVariableAuxClass instances.
The pcelsSourceMACVariableAuxClass class is defined as follows:
( 1.3.6.1.1.9.1.30
NAME 'pcelsSourceMACVariableAuxClass'
DESC 'Source MAC address'
SUP pcelsImplicitVariableAuxClass
AUXILIARY
)
In a pcelsSourceMACVariableAuxClass instance, the only allowed value
for the pcelsExpectedValueTypes attribute is
'pcelsMACAddrValueAuxClass'.
The pcelsDestinationMACVariableAuxClass class is defined as follows:
( 1.3.6.1.1.9.1.31
NAME 'pcelsDestinationMACVariableAuxClass'
DESC 'Destination MAC address'
SUP pcelsImplicitVariableAuxClass
AUXILIARY
)
In a pcelsDestinationMACVariableAuxClass instance, the only allowed
value for the pcelsExpectedValueTypes attribute is
'pcelsMACAddrValueAuxClass'.
The pcelsVLANVariableAuxClass class is defined as follows:
( 1.3.6.1.1.9.1.32
NAME 'pcelsVLANVariableAuxClass'
DESC 'VLAN'
SUP pcelsImplicitVariableAuxClass
AUXILIARY
)
In a pcelsVLANVariableAuxClass instance, the only allowed values for
the pcelsExpectedValueTypes attribute are 'pcelsIntegerValueAuxClass'
and 'pcelsBitStringValueAuxClass'. Additionally, only policy values
that represent integers in the range 0..4095 (inclusive) or 12-bit
bitStrings SHOULD be used with pcelsVLANVariableAuxClass instances.
The pcelsCoSVariableAuxClass class is defined as follows:
( 1.3.6.1.1.9.1.33
NAME 'pcelsCoSVariableAuxClass'
DESC 'Class of service'
SUP pcelsImplicitVariableAuxClass
AUXILIARY
)
In a pcelsCoSVariableAuxClass instance, the only allowed values for
the pcelsExpectedValueTypes attribute are 'pcelsIntegerValueAuxClass'
and 'pcelsBitStringValueAuxClass'. Additionally, only policy values
that represent integers in the range 0..7 (inclusive) or 3-bit
bitStrings SHOULD be used with pcelsCoSVariableAuxClass instances.
The pcelsEthertypeVariableAuxClass class is defined as follows:
( 1.3.6.1.1.9.1.34
NAME 'pcelsEthertypeVariableAuxClass'
DESC 'Ethertype'
SUP pcelsImplicitVariableAuxClass
AUXILIARY
)
In a pcelsEthertypeVariableAuxClass instance, the only allowed values
for the pcelsExpectedValueTypes attribute are
'pcelsIntegerValueAuxClass' and 'pcelsBitStringValueAuxClass'.
Additionally, only policy values that represent integers in the range
0..65535 (inclusive) or 16-bit bitStrings SHOULD be used with
pcelsEthertypeVariableAuxClass instances.
The pcelsSourceSAPVariableAuxClass class is defined as follows:
( 1.3.6.1.1.9.1.35
NAME 'pcelsSourceSAPVariableAuxClass'
DESC 'Source SAP'
SUP pcelsImplicitVariableAuxClass
AUXILIARY
)
In a pcelsSourceSAPVariableAuxClass instance, the only allowed values
for the pcelsExpectedValueTypes attribute are
'pcelsIntegerValueAuxClass' and 'pcelsBitStringValueAuxClass'.
Additionally, only policy values that represent integers in the range
0..255 (inclusive) or 8-bit bitStrings SHOULD be used with
pcelsSourceSAPVariableAuxClass instances.
The pcelsDestinationSAPVariableAuxClass class is defined as follows:
( 1.3.6.1.1.9.1.36
NAME 'pcelsDestinationSAPVariableAuxClass'
DESC 'Destination SAP'
SUP pcelsImplicitVariableAuxClass
AUXILIARY
)
In a pcelsDestinationSAPVariableAuxClass instance, the only allowed
values for the pcelsExpectedValueTypes attribute are
'pcelsIntegerValueAuxClass' and 'pcelsBitStringValueAuxClass'.
Additionally, only policy values that represent integers in the range
0..255 (inclusive) or 8-bit bitStrings SHOULD be used with
pcelsDestinationSAPVariableAuxClass instances.
The pcelsSNAPOUIVariableAuxClass class is defined as follows:
( 1.3.6.1.1.9.1.37
NAME 'pcelsSNAPOUIVariableAuxClass'
DESC 'SNAP OUI'
SUP pcelsImplicitVariableAuxClass
AUXILIARY
)
In a pcelsSNAPOUIVariableAuxClass instance, the only allowed values
for the pcelsExpectedValueTypes attribute are
'pcelsIntegerValueAuxClass' and 'pcelsBitStringValueAuxClass'.
Additionally, only policy values that represent integers in the range
0..16777215 (inclusive) or 24-bit bitStrings SHOULD be used with
pcelsSNAPOUIVariableAuxClass instances.
The pcelsSNAPTypeVariableAuxClass class is defined as follows:
( 1.3.6.1.1.9.1.38
NAME 'pcelsSNAPTypeVariableAuxClass'
DESC 'SNAP type'
SUP pcelsImplicitVariableAuxClass
AUXILIARY
)
In a pcelsSNAPTypeVariableAuxClass instance, the only allowed values
for the pcelsExpectedValueTypes attribute are
'pcelsIntegerValueAuxClass' and 'pcelsBitStringValueAuxClass'.
Additionally, only policy values that represent integers in the range
0..65535 (inclusive) or 16-bit bitStrings SHOULD be used with
pcelsSNAPTypeVariableAuxClass instances.
The pcelsFlowDirectionVariableAuxClass class is defined as follows:
( 1.3.6.1.1.9.1.39
NAME 'pcelsFlowDirectionVariableAuxClass'
DESC 'Flow direction'
SUP pcelsImplicitVariableAuxClass
AUXILIARY
)
In a pcelsFlowDirectionVariableAuxClass instance, the only allowed
value for the pcelsExpectedValueTypes attribute is
'pcelsStringValueAuxClass'. Additionally, only policy values that
represent the strings 'IN' and 'OUT' SHOULD be used with
pcelsFlowDirectionVariableAuxClass instances.
5.16. The Auxiliary Class pcelsValueAuxClass
The pcelsValueAuxClass class is the base class for representing a
policy value. It is mapped from the PolicyValue class [PCIM_EXT].
The pcelsValueAuxClass is an auxiliary object class and it is derived
directly from the 'top' object class [LDAP_SCHEMA].
The pcelsValueAuxClass class does not represent actual values; these
are introduced by its subclasses. pcelsValueAuxClass introduces the
semantics of being a policy value that are inherited by all its
subclasses. Among these semantics are those of representing either
rule-specific or reusable policy values.
In order to preserve the ability to represent rule-specific or
reusable values, all the subclasses of pcelsValueAuxClass MUST also
be auxiliary classes.
The pcelsValueAuxClass class is defined as follows:
( 1.3.6.1.1.9.1.40
NAME 'pcelsValueAuxClass'
DESC 'Base class for representing a policy value'
SUP top
AUXILIARY
MAY ( pcelsValueName )
)
The pcelsValueName attribute type may be used as naming attribute for
pcelsValueAuxClass entries. This attribute type is of syntax
Directory String [LDAP_SYNTAX]. It has an equality matching rule of
caseIgnoreMatch, an ordering matching rule of caseIgnoreOrderingMatch
and a substrings matching rule of caseIgnoreSubstringsMatch
[LDAP_SYNTAX]. Attributes of this type can only have a single value.
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.19
NAME 'pcelsValueName'
DESC 'The user-friendly name of a value'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE
)
5.17. The Subclasses of pcelsValueAuxClass
The following classes are derived from the pcelsValueAuxClass class.
They are mapped from the corresponding subclasses of the PolicyValue
class [PCIM_EXT]. All the classes defined below are auxiliary object
classes.
The pcelsIPv4AddrValueAuxClass class represents a policy value that
provides an unordered set of IPv4 addresses, IPv4 address ranges or
hosts. It is mapped from the PolicyIPv4AddrValue class [PCIM_EXT].
The pcelsIPv4AddrValueAuxClass class is defined as follows:
( 1.3.6.1.1.9.1.41
NAME 'pcelsIPv4AddrValueAuxClass'
DESC 'Provides IPv4 addresses'
SUP pcelsValueAuxClass
AUXILIARY
MUST ( pcelsIPv4AddrList )
)
The pcelsIPv4AddrList attribute type represents an unordered set of
IPv4 addresses, IPv4 address ranges or hosts. It is mapped from the
PolicyIPv4AddrValue.IPv4AddrList property [PCIM_EXT]. This attribute
type is of syntax Directory String [LDAP_SYNTAX]. It has an equality
matching rule of caseIgnoreMatch, an ordering matching rule of
caseIgnoreOrderingMatch and a substrings matching rule of
caseIgnoreSubstringsMatch [LDAP_SYNTAX]. Attributes of this type can
have multiple values. The only allowed values for attributes of this
type are strings conforming to any of the formats defined for the
IPv4AddrList property [PCIM_EXT].
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.20
NAME 'pcelsIPv4AddrList'
DESC 'Unordered set of IPv4 addresses, IPv4 address ranges or
hosts'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
)
The pcelsIPv6AddrValueAuxClass class represents a policy value that
provides an unordered set of IPv6 addresses, IPv6 address ranges or
hosts. It is mapped from the PolicyIPv6AddrValue class [PCIM_EXT].
The pcelsIPv6AddrValueAuxClass class is defined as follows:
( 1.3.6.1.1.9.1.42
NAME 'pcelsIPv6AddrValueAuxClass'
DESC 'Provides IPv6 addresses'
SUP pcelsValueAuxClass
AUXILIARY
MUST ( pcelsIPv6AddrList )
)
The pcelsIPv6AddrList attribute type represents an unordered set of
IPv6 addresses, IPv6 address ranges or hosts. It is mapped from the
PolicyIPv6AddrValue.IPv6AddrList property [PCIM_EXT]. This attribute
type is of syntax Directory String [LDAP_SYNTAX]. It has an equality
matching rule of caseIgnoreMatch, an ordering matching rule of
caseIgnoreOrderingMatch and a substrings matching rule of
caseIgnoreSubstringsMatch [LDAP_SYNTAX]. Attributes of this type can
have multiple values. The only allowed values for attributes of this
type are strings conforming to any of the formats defined for the
IPv6AddrList property [PCIM_EXT].
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.21
NAME 'pcelsIPv6AddrList'
DESC 'Unordered set of IPv6 addresses, IPv6 address ranges or
hosts'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
)
The pcelsMACAddrValueAuxClass class represents a policy value that provides an unordered set of MAC addresses or MAC address ranges. It is mapped from the PolicyMACAddrValue class [PCIM_EXT]. The pcelsMACAddrValueAuxClass class is defined as follows: ( 1.3.6.1.1.9.1.43 NAME 'pcelsMACAddrValueAuxClass' DESC 'Provides MAC addresses' SUP pcelsValueAuxClass AUXILIARY MUST ( pcelsMACAddrList ) ) The pcelsMACAddrList attribute type represents an unordered set of MAC addresses or MAC address ranges. It is mapped from the PolicyMACAddrValue.MACAddrList property [PCIM_EXT]. This attribute type is of syntax Directory String [LDAP_SYNTAX]. It has an equality matching rule of caseIgnoreMatch, an ordering matching rule of caseIgnoreOrderingMatch and a substrings matching rule of caseIgnoreSubstringsMatch [LDAP_SYNTAX]. Attributes of this type can have multiple values. The only allowed values for attributes of this type are strings conforming to any of the formats defined for the MACAddrList property [PCIM_EXT]. This attribute type is defined as follows: ( 1.3.6.1.1.9.2.22 NAME 'pcelsMACAddrList' DESC 'Unordered set of MAC addresses or MAC address ranges' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) The pcelsStringValueAuxClass class represents a policy value that provides an unordered set of strings with wildcards. It is mapped from the PolicyStringValue class [PCIM_EXT]. The pcelsStringValueAuxClass class is defined as follows: ( 1.3.6.1.1.9.1.44 NAME 'pcelsStringValueAuxClass' DESC 'Provides string values' SUP pcelsValueAuxClass AUXILIARY MUST ( pcelsStringList )
) The pcelsStringList attribute type represents an unordered set of strings with wildcards. It is mapped from the PolicyStringValue.StringList property [PCIM_EXT]. This attribute type is of syntax Directory String [LDAP_SYNTAX]. It has an equality matching rule of caseIgnoreMatch, an ordering matching rule of caseIgnoreOrderingMatch and a substrings matching rule of caseIgnoreSubstringsMatch [LDAP_SYNTAX]. Attributes of this type can have multiple values. The only allowed values for attributes of this type are strings conforming to the format defined for the StringList property [PCIM_EXT]. This attribute type is defined as follows: ( 1.3.6.1.1.9.2.23 NAME 'pcelsStringList' DESC 'Unordered set of strings with wildcards' EQUALITY caseIgnoreMatch ORDERING caseIgnoreOrderingMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) The pcelsBitStringValueAuxClass class represents a policy value that provides an unordered set of bit strings or bit string ranges. It is mapped from the PolicyBitStringValue class [PCIM_EXT]. The pcelsBitStringValueAuxClass class is defined as follows: ( 1.3.6.1.1.9.1.45 NAME 'pcelsBitStringValueAuxClass' DESC 'Provides bit strings' SUP pcelsValueAuxClass AUXILIARY MUST ( pcelsBitStringList ) ) The pcelsBitStringList attribute type represents an unordered set of bit strings or bit string ranges. It is mapped from the PolicyBitStringValue.BitStringList property [PCIM_EXT]. This attribute type is of syntax Directory String [LDAP_SYNTAX]. It has an equality matching rule of caseIgnoreMatch, an ordering matching rule of caseIgnoreOrderingMatch and a substrings matching rule of caseIgnoreSubstringsMatch [LDAP_SYNTAX]. Attributes of this type can have multiple values. The only allowed values for attributes of this type are strings conforming to any of the formats defined for the BitStringList property [PCIM_EXT].
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.24
NAME 'pcelsBitStringList'
DESC 'Unordered set of bit strings or bit string ranges'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
)
The pcelsIntegerValueAuxClass class represents a policy value that
provides an unordered set of integers or integer ranges. It is
mapped from the PolicyIntegerValue class [PCIM_EXT].
The pcelsIntegerValueAuxClass class is defined as follows:
( 1.3.6.1.1.9.1.46
NAME 'pcelsIntegerValueAuxClass'
DESC 'Provides integer values'
SUP pcelsValueAuxClass
AUXILIARY
MUST ( pcelsIntegerList )
)
The pcelsIntegerList attribute type represents an unordered set of
integers or integer ranges. It is mapped from the
PolicyIntegerValue.IntegerList property [PCIM_EXT]. This attribute
type is of syntax Directory String [LDAP_SYNTAX]. It has an equality
matching rule of caseIgnoreMatch, an ordering matching rule of
caseIgnoreOrderingMatch and a substrings matching rule of
caseIgnoreSubstringsMatch [LDAP_SYNTAX]. Attributes of this type can
have multiple values. The only allowed values for attributes of this
type are strings conforming to the format defined for the IntegerList
property [PCIM_EXT].
This attribute type is defined as follows:
( 1.3.6.1.1.9.2.25
NAME 'pcelsIntegerList'
DESC 'Unordered set of integers or integer ranges'
EQUALITY caseIgnoreMatch
ORDERING caseIgnoreOrderingMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
)
The pcelsBooleanValueAuxClass class represents a policy value that provides a boolean. It is mapped from the PolicyIntegerValue class [PCIM_EXT]. The pcelsBooleanValueAuxClass class is defined as follows: ( 1.3.6.1.1.9.1.47 NAME 'pcelsBooleanValueAuxClass' DESC 'Provides a boolean value.' SUP pcelsValueAuxClass AUXILIARY MUST ( pcelsBoolean ) ) The pcelsBoolean attribute type represents a boolean. It is mapped from the PolicyBooleanValue.BooleanValue property [PCIM_EXT]. This attribute type is of syntax Boolean [LDAP_SYNTAX]. It has an equality matching rule of booleanMatch [LDAP_MATCH]. Attributes of this type can only have a single value. This attribute type is defined as follows: ( 1.3.6.1.1.9.2.26 NAME 'pcelsBoolean' DESC 'Boolean value' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
(page 60 continued on part 4)
