1 module o-ran-usermgmt {
3 namespace "urn:o-ran:user-mgmt:1.0";
4 prefix "o-ran-usermgmt";
6 import ietf-netconf-acm {
9 "RFC 8341: Network Configuration Access Control Model";
12 organization "O-RAN Alliance";
18 "This module defines the user management model for the O-RAN Equipment.
20 Copyright 2019 the O-RAN Alliance.
22 THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS 'AS IS'
23 AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
24 IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
25 ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE
26 LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
27 CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
28 SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
29 INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
30 CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
31 ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
32 POSSIBILITY OF SUCH DAMAGE.
34 Redistribution and use in source and binary forms, with or without
35 modification, are permitted provided that the following conditions are met:
37 * Redistributions of source code must retain the above copyright notice,
38 this list of conditions and the above disclaimer.
39 * Redistributions in binary form must reproduce the above copyright notice,
40 this list of conditions and the above disclaimer in the documentation
41 and/or other materials provided with the distribution.
42 * Neither the Members of the O-RAN Alliance nor the names of its
43 contributors may be used to endorse or promote products derived from
44 this software without specific prior written permission.";
46 revision "2020-12-10" {
50 1) updated description for enabled leaf";
52 reference "ORAN-WG4.M.0-v01.00";
55 revision "2019-07-03" {
59 1) change name leaf to type nacm:user-name-type
60 2) added account-type to qualify when password is required ";
62 reference "ORAN-WG4.M.0-v01.00";
65 revision "2019-02-04" {
69 1) imported model from xRAN
70 2) changed namespace and reference from xran to o-ran";
72 reference "ORAN-WG4.M.0-v01.00";
75 typedef password-type {
78 pattern "[a-zA-Z0-9!$%\\^()\\[\\]_\\-~{}.+]*" {
79 error-message "Password content does not meet the requirements";
83 "The password for this entry. This shouldn't be in clear text
84 The Password must contain at least 2 characters from
85 each of the following groups:
86 a) Lower case alphabetic (a-z)
87 b) Upper case alphabetic (A-Z)
89 d) Special characters Allowed !$%^()[]_-~{}.+
90 Password must not contain Username.";
97 "The list of local users configured on this device.";
99 type nacm:user-name-type;
101 "The user name string identifying this entry.
103 NOTE: o-ran-usermgmt:user-profile/user/name is
104 identical to nacm:nacm/groups/group/user-name
105 but the current schema is preserved for backwards
111 description "the user-name is for password based authentication";
114 description "the user-name is for certificate based authentciation";
121 nacm:default-deny-all;
124 "The password for this entry.
126 This field is only valid when account-type is NOT set to CERTIFICATE,
127 i.e., when account-type is NOT present or present and set to
133 "Indicates whether an account is enabled or disabled.
135 A NETCONF Server shall reject a configuration that attempts to
136 enable a Password account for an account where the password leaf
139 This validation statement is included in the YANG description and
140 not in a MUST statement to preserve backwards compatibility.";
147 // must "user/enabled='true'" {
148 // error-message "At least one account needs to be enabled.";
151 //TAKE NOTE - any configuration with zero enabled users is invalid.
152 //This will typically be the case when using a simulated NETCONF Server
153 //and so this constraint should be removed when operating in those scenarios
155 //The config data base of the O-RAN equipment should ensure that the user
156 //default account is enabled on factory restart
158 description "list of user accounts";
163 nacm:default-deny-all;
165 leaf currentPassword {
169 "provide the current password";
175 "provide a new password";
177 leaf newPasswordConfirm {
181 "re-enter the new password ";
196 "Successful or Failed";
198 leaf status-message {
201 "Gives a more detailed reason for success / failure";