Docs for schema item activedirectory_object in Open Vulnerability and Assessment Language (OVAL®)

Documentation for Open Vulnerability and Assessment Language (OVAL®)

Definition Type:	Element
Name:	activedirectory_object
Namespace:	http://oval.mitre.org/XMLSchema/oval-definitions-5#windows
Type:	oval-def:ObjectType
Containing Schema:	windows-definitions-schema.xsd
Abstract
Documentation:	The activedirectory_object element is used by an active directory test to define those objects to evaluated based on a specified state. Each object extends the standard ObjectType as definied in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema. An active directory object consists of three pieces of information, a naming context, a relative distinguished name, and an attribute. Each piece helps identify a specific active directory entry.

XSD Schema Diagram:

XSD Diagram of activedirectory_object in schema windows-definitions-schema_xsd (Open Vulnerability and Assessment Language (OVAL®))

XSD Schema Code:

<xsd:element name="activedirectory_object" substitutionGroup="oval-def:object">
    <xsd:annotation>
        <xsd:documentation>The activedirectory_object element is used by an active directory test to define those objects to evaluated based on a specified state. Each object extends the standard ObjectType as definied in the oval-definitions-schema and one should refer to the ObjectType description for more information. The common set element allows complex objects to be created using filters and set logic. Again, please refer to the description of the set element in the oval-definitions-schema.</xsd:documentation>
        <xsd:documentation>An active directory object consists of three pieces of information, a naming context, a relative distinguished name, and an attribute. Each piece helps identify a specific active directory entry.</xsd:documentation>
    </xsd:annotation>
    <xsd:complexType>
        <xsd:complexContent>
            <xsd:extension base="oval-def:ObjectType">
                <xsd:sequence>
                    <xsd:choice>
                        <xsd:element ref="oval-def:set" />
                        <xsd:sequence>
                            <xsd:element name="naming_context" type="win-def:EntityObjectNamingContextType">
                                <xsd:annotation>
                                    <xsd:documentation>Each object in active directory exists under a certain naming context (also known as a partition). A naming context is defined as a single object in the Directory Information Tree (DIT) along with every object in the tree subordinate to it. There are three default naming contexts in Active Directory: domain, configuration, and schema.</xsd:documentation>
                                    <xsd:appinfo>
                                        <sch:pattern id="adobjnaming_context" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                            <sch:rule context="win-def:activedirectory_object/win-def:naming_context">
                                                <sch:assert test="not(@datatype) or @datatype='string'">
                                                    <sch:value-of select="../@id" /> - datatype attribute for the naming_context entity of an activedirectory_object should be 'string'</sch:assert>
                                            </sch:rule>
                                        </sch:pattern>
                                    </xsd:appinfo>
                                </xsd:annotation>
                            </xsd:element>
                            <xsd:element name="relative_dn" type="oval-def:EntityObjectStringType" nillable="true">
                                <xsd:annotation>
                                    <xsd:documentation>The relative_dn field is used to uniquely identify an object inside the specified naming context. It contains all the parts of the object's distinguished name except those outlined by the naming context. If the nillable attribute is set to true, then the object being specified is the higher level naming context. In this case, the relative_dn element should not be collected or used in analysis. Setting nil equal to true is different than using a .* pattern match, which says to collect every relative dn under a given naming context. Note that when nil is used for the relative dn element, the attribute element should also be nilled.</xsd:documentation>
                                    <xsd:appinfo>
                                        <sch:pattern id="adobjrelative_dn" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                            <sch:rule context="win-def:activedirectory_object/win-def:relative_dn">
                                                <sch:assert test="not(@datatype) or @datatype='string'">
                                                    <sch:value-of select="../@id" /> - datatype attribute for the relative_dn entity of an activedirectory_object should be 'string'</sch:assert>
                                                <sch:assert test="not(@xsi:nil='true') or ../win-def:attribute/@xsi:nil='true'">
                                                    <sch:value-of select="../@id" /> - attribute entity must be nil when relative_dn is nil</sch:assert>
                                            </sch:rule>
                                        </sch:pattern>
                                    </xsd:appinfo>
                                </xsd:annotation>
                            </xsd:element>
                            <xsd:element name="attribute" type="oval-def:EntityObjectStringType" nillable="true">
                                <xsd:annotation>
                                    <xsd:documentation>Specifies a named value contained by the object. If the nillable attribute is set to true, then the object being specified is the higher level relative_dn. In this case, the attribute element should not be collected or used in analysis. Setting nil equal to true is different than using a .* pattern match, which says to collect every attribute under a given relative dn.</xsd:documentation>
                                    <xsd:appinfo>
                                        <sch:pattern id="adobjattribute" xmlns:sch="http://purl.oclc.org/dsdl/schematron">
                                            <sch:rule context="win-def:activedirectory_object/win-def:attribute">
                                                <sch:assert test="not(@datatype) or @datatype='string'">
                                                    <sch:value-of select="../@id" /> - datatype attribute for the attribute entity of an activedirectory_object should be 'string'</sch:assert>
                                            </sch:rule>
                                        </sch:pattern>
                                    </xsd:appinfo>
                                </xsd:annotation>
                            </xsd:element>
                        </xsd:sequence>
                    </xsd:choice>
                </xsd:sequence>
            </xsd:extension>
        </xsd:complexContent>
    </xsd:complexType>
</xsd:element>

Child Elements:

Name	Type	Min Occurs	Max Occurs
Signature	ds:Signature	0	1
notes	oval-def:notes	0	1
set	oval-def:set	(1)	(1)
naming_context	win-def:naming_context	(1)	(1)
relative_dn	win-def:relative_dn	(1)	(1)
attribute	win-def:attribute	(1)	(1)

Child Attributes:

Name	Type	Default Value	Use
id	oval-def:id		Required
version	oval-def:version		Required
comment	oval-def:comment		Optional
deprecated	oval-def:deprecated	false	Optional

Derivation Tree:
	oval-def:ObjectType *activedirectory_object*

References:
	oval-def:object

Documentation for Open Vulnerability and Assessment Language (OVAL®)

Generated using Liquid Studio - Developer Bundle 21.0.0.0