
HM2-REMOTE-AUTHENTICATION-MIB DEFINITIONS ::= BEGIN

--
-- *************************************************************
-- Hirschmann Remote Authentication Management MIB
-- *************************************************************
--

IMPORTS
	OBJECT-IDENTITY,
    MODULE-IDENTITY,
    NOTIFICATION-TYPE, 
    OBJECT-TYPE,
    Integer32           	FROM SNMPv2-SMI -- RFC 2578
    RowStatus               FROM SNMPv2-TC
    InetAddressType, 
    InetAddress,
	InetPortNumber          FROM INET-ADDRESS-MIB -- RFC4001
    SnmpAdminString     	FROM SNMP-FRAMEWORK-MIB
    Hm2UserAccessRoles		FROM HM2-USERMGMT-MIB
    Hm2TlsVersions,
    Hm2TlsCipherSuites		FROM HM2-MGMTACCESS-MIB
	HmEnabledStatus,
	hm2ConfigurationMibs   	FROM HM2-TC-MIB;

hm2RemoteAuthMib MODULE-IDENTITY
	LAST-UPDATED "201403060000Z" -- March 6, 2014
    ORGANIZATION "Hirschmann Automation and Control GmbH"
    CONTACT-INFO
        "Postal:     Stuttgarter Str. 45-51
                     72654 Neckartenzlingen
                     Germany
         Phone:      +49 7127 140
         E-mail:     hac.support@belden.com"
    DESCRIPTION
        "Hirschmann MIB for remote authentication protocols.
         Copyright (C) 2014. All Rights Reserved."
    REVISION     "201403060000Z" -- March 6, 2014
    DESCRIPTION
         "Initial version."
    ::= { hm2ConfigurationMibs 26 }

--
-- *************************************************************
-- hm2RemoteAuthMib
-- *************************************************************
--
hm2RemoteAuthMibNotifications		OBJECT IDENTIFIER ::= { hm2RemoteAuthMib 0 }
hm2RemoteAuthMibObjects				OBJECT IDENTIFIER ::= { hm2RemoteAuthMib 1 }
-- hm2RemoteAuthMibConformance		OBJECT IDENTIFIER ::= { hm2RemoteAuthMib 2 }
hm2RemoteAuthMibSNMPExtensionGroup 	OBJECT IDENTIFIER ::= { hm2RemoteAuthMib 3 }
 
--
-- *************************************************************
-- hm2RemoteAuthMib groups
-- *************************************************************
--
hm2LdapGroup 	OBJECT IDENTIFIER ::= { hm2RemoteAuthMibObjects 1 }
 
--
-- *************************************************************
-- hm2LdapGroup groups
-- *************************************************************
--
hm2LdapConfigGroup 					OBJECT IDENTIFIER ::= { hm2LdapGroup 10 }
hm2LdapMappingGroup					OBJECT IDENTIFIER ::= { hm2LdapGroup 20 }

--
-- *************************************************************
-- hm2LdapConfigGroup
-- *************************************************************
--
hm2LdapClientAdminState OBJECT-TYPE
   SYNTAX 		HmEnabledStatus
   MAX-ACCESS 	read-write
   STATUS     	current
   DESCRIPTION
		"Enables/disables the LDAP client admin mode."
   DEFVAL { disable }       
   ::= { hm2LdapConfigGroup 1 }

hm2LdapClientCacheTimeout OBJECT-TYPE
   SYNTAX 		Integer32 (1..1440)
   MAX-ACCESS 	read-write
   STATUS     	current
   DESCRIPTION
		"Configures the LDAP user cache entry timeout in minutes.
		 Default timeout value is 10 minutes."
   DEFVAL { 10 }       
   ::= { hm2LdapConfigGroup 2 }

hm2LdapClientServerBaseDN  OBJECT-TYPE
   SYNTAX 		SnmpAdminString (SIZE(0..255)) 
   MAX-ACCESS 	read-write
   STATUS 		current
   DESCRIPTION
	   "Base distinguished name for LDAP query to remote authentication server."
   DEFVAL { "" } 
   ::= { hm2LdapConfigGroup 3 }

hm2LdapClientServerSearchAttribute  OBJECT-TYPE
   SYNTAX 		SnmpAdminString (SIZE(0..64))
   MAX-ACCESS 	read-write
   STATUS 		current
   DESCRIPTION
	    "Search attribute for LDAP query to remote authentication server, 
	 	e.g. 'userPrincipalName'."
   DEFVAL { "userPrincipalName" } 
   ::= { hm2LdapConfigGroup 4 }
   
hm2LdapClientServerBindUser  OBJECT-TYPE
   SYNTAX 		SnmpAdminString (SIZE(0..255))
   MAX-ACCESS 	read-write
   STATUS 		current
   DESCRIPTION
	   "User name of user that has permission to do user requests on a 
 	remote authentication server."
   DEFVAL { "" } 
   ::= { hm2LdapConfigGroup 5 }
  
hm2LdapClientServerBindUserPasswd  OBJECT-TYPE
   SYNTAX 		SnmpAdminString (SIZE(0..64))
   MAX-ACCESS 	read-write
   STATUS 		current
   DESCRIPTION
	    "Password of user that has permission to do user requests on a remote authentication server."
   DEFVAL { "" } 
   ::= { hm2LdapConfigGroup 6 }
   
hm2LdapClientServerDefaultDomain  OBJECT-TYPE
  SYNTAX 		SnmpAdminString (SIZE(0..64))
  MAX-ACCESS 	read-write
  STATUS 		current
  DESCRIPTION
	"Default domain used for users without a domain name."
  DEFVAL { "" } 
  ::= { hm2LdapConfigGroup 7 }
   
hm2LdapClientTlsVersions OBJECT-TYPE
   SYNTAX		Hm2TlsVersions
   MAX-ACCESS	read-write
   STATUS	    current
   DESCRIPTION
                "The TLS version supported by the LDAP client."
   DEFVAL       {{ tlsv1-0, tlsv1-2 }}
   ::= { hm2LdapConfigGroup  8 }

hm2LdapClientTlsCipherSuites OBJECT-TYPE
   SYNTAX		Hm2TlsCipherSuites
   MAX-ACCESS	read-write
   STATUS		current
   DESCRIPTION
                "The cipher suite supported by the LDAP client."
   DEFVAL       {{
                 tls-dhe-rsa-with-aes-128-cbc-sha,
                 tls-ecdhe-rsa-with-aes-128-cbc-sha,
                 tls-ecdhe-rsa-with-aes-128-gcm-sha256
                }}
   ::= { hm2LdapConfigGroup  9 }
--
-- *************************************************************
-- hm2LdapClientServerAddrTable
-- *************************************************************
--
hm2LdapClientServerAddrTable OBJECT-TYPE
	SYNTAX SEQUENCE OF Hm2LdapClientServerAddrEntry
	MAX-ACCESS 		not-accessible
	STATUS 			current
	DESCRIPTION
		"This table contains objects to configure
		 client connections to remote authentication server(s)."
	::= { hm2LdapConfigGroup 20 }

hm2LdapClientServerAddrEntry OBJECT-TYPE
   SYNTAX 		Hm2LdapClientServerAddrEntry
   MAX-ACCESS 	not-accessible
   STATUS 		current
   DESCRIPTION 
		"The Ldap client connection objects."
   INDEX { hm2LdapClientServerIndex }
   ::= { hm2LdapClientServerAddrTable 1 }

Hm2LdapClientServerAddrEntry ::= SEQUENCE {
   hm2LdapClientServerIndex 				Integer32,
   hm2LdapClientServerDescr	 				SnmpAdminString,
   hm2LdapClientServerAddrType 				InetAddressType,
   hm2LdapClientServerAddr 					InetAddress,
   hm2LdapClientServerPort	 				InetPortNumber,
   hm2LdapClientServerSecurity				INTEGER,
   hm2LdapClientServerStatus 				INTEGER,
   hm2LdapClientServerRowStatus				RowStatus
   }		 

hm2LdapClientServerIndex OBJECT-TYPE
    SYNTAX		Integer32 (1..4)
	MAX-ACCESS	accessible-for-notify
	STATUS		current
	DESCRIPTION
				"Index for remote authentication server table."
     ::= { hm2LdapClientServerAddrEntry 1 }

hm2LdapClientServerDescr  OBJECT-TYPE
   SYNTAX 		SnmpAdminString (SIZE(0..255))
   MAX-ACCESS 	read-create
   STATUS 		current
   DESCRIPTION
   	   "The description of the server configured."
   ::= { hm2LdapClientServerAddrEntry 2 }

hm2LdapClientServerAddrType OBJECT-TYPE
    SYNTAX		InetAddressType
	MAX-ACCESS	read-create
	STATUS		current
	DESCRIPTION
				"Address type."
	DEFVAL		{ ipv4 }                   
     ::= { hm2LdapClientServerAddrEntry 3 }
         
hm2LdapClientServerAddr OBJECT-TYPE
    SYNTAX		InetAddress
	MAX-ACCESS	read-create
	STATUS		current
	DESCRIPTION
				"IP address of remote authentication server."
	DEFVAL		{ '00000000'H }                   
     ::= { hm2LdapClientServerAddrEntry 4 }

hm2LdapClientServerPort OBJECT-TYPE
    SYNTAX		InetPortNumber
	MAX-ACCESS	read-create
	STATUS		current
	DESCRIPTION
				"The port number of the remote authentication server."
	DEFVAL		{ 389 }                   
     ::= { hm2LdapClientServerAddrEntry 5 }

hm2LdapClientServerSecurity OBJECT-TYPE
   SYNTAX      INTEGER {
				 none(1),
				 ssl(2),
				 startTLS(3)
				 }
   MAX-ACCESS 	read-create
   STATUS     	current
   DESCRIPTION
		"Configures connection security options.
		 		  - none		-> connection to AD server is unprotected.
		 						   (Attention: passwords are transmitted as plain text)
				  - ssl			-> SSL connection is established between device and AD server
								   and AD server certificate is proved valid with loaded
				  				   certificate authority (CA certificate).
				  - startTLS 	-> TLS connection is established between device and AD server
				  				   and AD server certificate is proved valid with loaded
				  				   certificate authority (CA certificate)."
   DEFVAL { startTLS }       
   ::= { hm2LdapClientServerAddrEntry 6 }

hm2LdapClientServerStatus OBJECT-TYPE
   SYNTAX      INTEGER {
				 ok(1),
				 unreachable(2),
				 other(3)
				 }
   MAX-ACCESS  read-only
   STATUS      current
   DESCRIPTION
               "Status of authentication against remote authentication server:
                - ok			-> Server reachable, authentication succeeded
                - unreachable -> Server (primary and backup) not reachable
                - other       -> any other error state"
   DEFVAL  { other }					    
   ::= { hm2LdapClientServerAddrEntry 7 }
		 
hm2LdapClientServerRowStatus OBJECT-TYPE
	SYNTAX      RowStatus
	MAX-ACCESS  read-create
	STATUS      current
	DESCRIPTION
		"Indicates the status of an entry in this table,
		and is used to create/delete entries. Objects
		within this table can by changed while the status
		is 'active'."
	::= { hm2LdapClientServerAddrEntry 8 }


--
-- *************************************************************
-- hm2LdapMappingGroup
-- *************************************************************
--
hm2LdapRoleMatchingPolicy OBJECT-TYPE
   SYNTAX 		INTEGER {
   					highest(1),
   					first(2)
   				}
   MAX-ACCESS 	read-write
   STATUS     	current
   DESCRIPTION
		"Configures the way role mapping table entries are
		 applied. If set to first (2) the first matching entry
		 determines the user's role. If set to highest (1) the
		 the matching entry with the highest role is used."
   DEFVAL { 1 }       
   ::= { hm2LdapMappingGroup 1 } 

--
-- *************************************************************
-- hm2LdapRoleMappingTable
-- *************************************************************
--
hm2LdapRoleMappingTable OBJECT-TYPE
	SYNTAX SEQUENCE OF Hm2LdapRoleMappingEntry
	MAX-ACCESS 		not-accessible
	STATUS 			current
	DESCRIPTION
		"This table contains string objects to configure
		 the mapping to an available user role."
	::= { hm2LdapMappingGroup 10 }

hm2LdapRoleMappingEntry OBJECT-TYPE
   SYNTAX 		Hm2LdapRoleMappingEntry
   MAX-ACCESS 	not-accessible
   STATUS 		current
   DESCRIPTION 
		"The role mapping string objects."
   INDEX { hm2LdapRoleMappingIndex }
   ::= { hm2LdapRoleMappingTable 1 }

Hm2LdapRoleMappingEntry ::= SEQUENCE {
   hm2LdapRoleMappingIndex 				Integer32,
   hm2LdapRoleMappingAccessRole			Hm2UserAccessRoles,
   hm2LdapRoleMappingType				INTEGER,
   hm2LdapRoleMappingParameter			SnmpAdminString,
   hm2LdapRoleMappingRowStatus			RowStatus
   }		 

hm2LdapRoleMappingIndex OBJECT-TYPE
    SYNTAX		Integer32 (1..64)
	MAX-ACCESS	accessible-for-notify
	STATUS		current
	DESCRIPTION
		"Index for remote authentication role mapping table."
     ::= { hm2LdapRoleMappingEntry 1 }

hm2LdapRoleMappingAccessRole  OBJECT-TYPE
   SYNTAX 		Hm2UserAccessRoles 
   MAX-ACCESS 	read-create
   STATUS 		current
   DESCRIPTION
   	   "The access role to be mapped."
   ::= { hm2LdapRoleMappingEntry 2 }
  
hm2LdapRoleMappingType OBJECT-TYPE
    SYNTAX		INTEGER
    	{
    		attribute(1),
    		group(2)
    	}
	MAX-ACCESS	read-create
	STATUS		current
	DESCRIPTION
				"Type of this entry"                 
     ::= { hm2LdapRoleMappingEntry 3 }
      
hm2LdapRoleMappingParameter  OBJECT-TYPE
   SYNTAX 		SnmpAdminString (SIZE(0..255))
   MAX-ACCESS 	read-create
   STATUS 		current
   DESCRIPTION
   	   "The search string for the entry. For hm2LdapRoleMappingType attribute(1) this
   	   is in the form attribute=value. For hm2LdapRoleMappingType group(2) this is the group."
   ::= { hm2LdapRoleMappingEntry 4 }

hm2LdapRoleMappingRowStatus OBJECT-TYPE
	SYNTAX      RowStatus
	MAX-ACCESS  read-create
	STATUS      current
	DESCRIPTION
		"Indicates the status of an entry in this table,
		and is used to create/delete entries. Objects
		within this table can by changed while the status
		is 'active'."
	::= { hm2LdapRoleMappingEntry 5 }

-- ***********************************************************
-- hm2RemoteAuthMibSNMPExtensionGroup
-- ***********************************************************
hm2LdapSESGroup 	OBJECT IDENTIFIER ::= { hm2RemoteAuthMibSNMPExtensionGroup 1 }

-- ***********************************************************
-- hm2LdapSESGroup
-- ***********************************************************
hm2LdapSESDuplicateIPorHost OBJECT-IDENTITY
           STATUS      current
           DESCRIPTION 
           		"Indicates that there exists a remote authentication client server
           		 entry with the same IP address or host name."
           ::= { hm2LdapSESGroup 1 }


-- 
-- ***********************************************************
-- hm2LdapMgmtMibNotifications
-- ***********************************************************
--
hm2LdapConfigStatusTrap  NOTIFICATION-TYPE
	OBJECTS		{ hm2LdapClientServerIndex, hm2LdapClientServerStatus }
	STATUS		current
	DESCRIPTION 
				"This notification is send when authentication via Ldap to a
				 remote authentication server is done."
	::= { hm2RemoteAuthMibNotifications 1 }
	
END

