The Master Controller uses a custom LDAP schema to manage identities, access tokens, and hardware reader definitions within an OpenLDAP or Active Directory environment.
Custom Attributes
ESCTL extends the directory with several specific attributes to track security metadata.
| Attribute | Name | Description |
|---|---|---|
et |
escTokenID |
The unique serial number or ID of a security token (card/fob). |
escuid |
escUID |
Link to a system username. |
escDoor |
escDoor |
Integer ID of a physical door logical unit. |
escDateFrom |
escDateFrom |
Validity start time (GeneralizedTime). |
escDateTo |
escDateTo |
Validity end time (GeneralizedTime). |
escTimeFrom |
escTimeFrom |
Daily start time (HH:MM format). |
escTimeTo |
escTimeTo |
Daily end time (HH:MM format). |
escDays |
escDays |
Bitmask or string representing allowed days of the week. |
Object Classes
These classes define the structure of ESCTL entries in the directory.
escToken
Represents an individual access card or fob.
- Must:
et(Token ID) - May:
escuid,escRDN,escDateFrom,escDateTo,description
escReader
Represents a physical RFID or Keypad reader connected to a Door Controller.
- Must:
cn,escDoor - May:
escgid,escGroup,escDateFrom,escDateTo,escDays,escTimeFrom,escTimeTo,description
Installation
The schema definitions are located in server/trunk/schema/.
Active Directory
For AD environments, use the following LDIF files in order:
AD-esctl-attribs.ldifAD-schemaupdate.ldif(Forcing cache update)AD-esctl-classes.ldif
You can use the provided AD-import.cmd batch script to automate this process on a domain controller.
OpenLDAP
Load the schema using the standard configuration method for your distribution:
# Traditional slapd.conf
include /etc/ldap/schema/70esctl.schema
# Modern OLC (cn=config)
ldapadd -Y EXTERNAL -H ldapi:/// -f /etc/ldap/schema/70esctl.ldif