 8ebc3cb25b
			
		
	
	8ebc3cb25b
	
	
	
		
			
			git-svn-id: svn://svn.h5l.se/heimdal/trunk/heimdal@21507 ec53bebd-3082-4978-b11e-865c3cabbd6b
		
			
				
	
	
		
			555 lines
		
	
	
		
			19 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
			
		
		
	
	
			555 lines
		
	
	
		
			19 KiB
		
	
	
	
		
			Plaintext
		
	
	
	
	
	
| ##
 | |
| ## schema file for OpenLDAP 2.x
 | |
| ## Schema for storing Samba user accounts and group maps in LDAP
 | |
| ## OIDs are owned by the Samba Team
 | |
| ##
 | |
| ## Prerequisite schemas - uid         (cosine.schema)
 | |
| ##                      - displayName (inetorgperson.schema)
 | |
| ##                      - gidNumber   (nis.schema)
 | |
| ##
 | |
| ## 1.3.6.1.4.1.7165.2.1.x - attributetypes
 | |
| ## 1.3.6.1.4.1.7165.2.2.x - objectclasses
 | |
| ##
 | |
| ## Printer support
 | |
| ## 1.3.6.1.4.1.7165.2.3.1.x - attributetypes
 | |
| ## 1.3.6.1.4.1.7165.2.3.2.x - objectclasses
 | |
| ##
 | |
| ## Samba4
 | |
| ## 1.3.6.1.4.1.7165.4.1.x - attributetypes
 | |
| ## 1.3.6.1.4.1.7165.4.2.x - objectclasses
 | |
| ## 1.3.6.1.4.1.7165.4.3.x - LDB/LDAP Controls
 | |
| ## 1.3.6.1.4.1.7165.4.4.x - LDB/LDAP Extended Operations
 | |
| ## 1.3.6.1.4.1.7165.4.255.x - mapped OIDs due to conflicts between AD and standards-track
 | |
| ##
 | |
| ## ----- READ THIS WHEN ADDING A NEW ATTRIBUTE OR OBJECT CLASS ------
 | |
| ##
 | |
| ## Run the 'get_next_oid' bash script in this directory to find the 
 | |
| ## next available OID for attribute type and object classes.
 | |
| ##
 | |
| ##   $ ./get_next_oid
 | |
| ##   attributetype ( 1.3.6.1.4.1.7165.2.1.XX NAME ....
 | |
| ##   objectclass ( 1.3.6.1.4.1.7165.2.2.XX NAME ....
 | |
| ##
 | |
| ## Also ensure that new entries adhere to the declaration style
 | |
| ## used throughout this file
 | |
| ##
 | |
| ##    <attributetype|objectclass> ( 1.3.6.1.4.1.7165.2.XX.XX NAME ....
 | |
| ##                               ^ ^                        ^
 | |
| ##
 | |
| ## The spaces are required for the get_next_oid script (and for 
 | |
| ## readability).
 | |
| ##
 | |
| ## ------------------------------------------------------------------
 | |
| 
 | |
| # objectIdentifier SambaRoot 1.3.6.1.4.1.7165
 | |
| # objectIdentifier Samba3 SambaRoot:2
 | |
| # objectIdentifier Samba3Attrib Samba3:1
 | |
| # objectIdentifier Samba3ObjectClass Samba3:2
 | |
| # objectIdentifier Samba4 SambaRoot:4
 | |
| 
 | |
| ########################################################################
 | |
| ##                            HISTORICAL                              ##
 | |
| ########################################################################
 | |
| 
 | |
| ##
 | |
| ## Password hashes
 | |
| ##
 | |
| #attributetype ( 1.3.6.1.4.1.7165.2.1.1 NAME 'lmPassword'
 | |
| #	DESC 'LanManager Passwd'
 | |
| #	EQUALITY caseIgnoreIA5Match
 | |
| #	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
 | |
| 
 | |
| #attributetype ( 1.3.6.1.4.1.7165.2.1.2 NAME 'ntPassword'
 | |
| #	DESC 'NT Passwd'
 | |
| #	EQUALITY caseIgnoreIA5Match
 | |
| #	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
 | |
| 
 | |
| ##
 | |
| ## Account flags in string format ([UWDX     ])
 | |
| ##
 | |
| #attributetype ( 1.3.6.1.4.1.7165.2.1.4 NAME 'acctFlags'
 | |
| #	DESC 'Account Flags'
 | |
| #	EQUALITY caseIgnoreIA5Match
 | |
| #	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
 | |
| 
 | |
| ##
 | |
| ## Password timestamps & policies
 | |
| ##
 | |
| #attributetype ( 1.3.6.1.4.1.7165.2.1.3 NAME 'pwdLastSet'
 | |
| #	DESC 'NT pwdLastSet'
 | |
| #	EQUALITY integerMatch
 | |
| #	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 | |
| 
 | |
| #attributetype ( 1.3.6.1.4.1.7165.2.1.5 NAME 'logonTime'
 | |
| #	DESC 'NT logonTime'
 | |
| #	EQUALITY integerMatch
 | |
| #	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 | |
| 
 | |
| #attributetype ( 1.3.6.1.4.1.7165.2.1.6 NAME 'logoffTime'
 | |
| #	DESC 'NT logoffTime'
 | |
| #	EQUALITY integerMatch
 | |
| #	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 | |
| 
 | |
| #attributetype ( 1.3.6.1.4.1.7165.2.1.7 NAME 'kickoffTime'
 | |
| #	DESC 'NT kickoffTime'
 | |
| #	EQUALITY integerMatch
 | |
| #	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 | |
| 
 | |
| #attributetype ( 1.3.6.1.4.1.7165.2.1.8 NAME 'pwdCanChange'
 | |
| #	DESC 'NT pwdCanChange'
 | |
| #	EQUALITY integerMatch
 | |
| #	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 | |
| 
 | |
| #attributetype ( 1.3.6.1.4.1.7165.2.1.9 NAME 'pwdMustChange'
 | |
| #	DESC 'NT pwdMustChange'
 | |
| #	EQUALITY integerMatch
 | |
| #	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 | |
| 
 | |
| ##
 | |
| ## string settings
 | |
| ##
 | |
| #attributetype ( 1.3.6.1.4.1.7165.2.1.10 NAME 'homeDrive'
 | |
| #	DESC 'NT homeDrive'
 | |
| #	EQUALITY caseIgnoreIA5Match
 | |
| #	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
 | |
| 
 | |
| #attributetype ( 1.3.6.1.4.1.7165.2.1.11 NAME 'scriptPath'
 | |
| #	DESC 'NT scriptPath'
 | |
| #	EQUALITY caseIgnoreIA5Match
 | |
| #	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
 | |
| 
 | |
| #attributetype ( 1.3.6.1.4.1.7165.2.1.12 NAME 'profilePath'
 | |
| #	DESC 'NT profilePath'
 | |
| #	EQUALITY caseIgnoreIA5Match
 | |
| #	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
 | |
| 
 | |
| #attributetype ( 1.3.6.1.4.1.7165.2.1.13 NAME 'userWorkstations'
 | |
| #	DESC 'userWorkstations'
 | |
| #	EQUALITY caseIgnoreIA5Match
 | |
| #	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
 | |
| 
 | |
| #attributetype ( 1.3.6.1.4.1.7165.2.1.17 NAME 'smbHome'
 | |
| #	DESC 'smbHome'
 | |
| #	EQUALITY caseIgnoreIA5Match
 | |
| #	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
 | |
| 
 | |
| #attributetype ( 1.3.6.1.4.1.7165.2.1.18 NAME 'domain'
 | |
| #	DESC 'Windows NT domain to which the user belongs'
 | |
| #	EQUALITY caseIgnoreIA5Match
 | |
| #	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
 | |
| 
 | |
| ##
 | |
| ## user and group RID
 | |
| ##
 | |
| #attributetype ( 1.3.6.1.4.1.7165.2.1.14 NAME 'rid'
 | |
| #	DESC 'NT rid'
 | |
| #	EQUALITY integerMatch
 | |
| #	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 | |
| 
 | |
| #attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID'
 | |
| #	DESC 'NT Group RID'
 | |
| #	EQUALITY integerMatch
 | |
| #	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 | |
| 
 | |
| ##
 | |
| ## The smbPasswordEntry objectclass has been depreciated in favor of the
 | |
| ## sambaAccount objectclass
 | |
| ##
 | |
| #objectclass ( 1.3.6.1.4.1.7165.2.2.1 NAME 'smbPasswordEntry' SUP top AUXILIARY
 | |
| #        DESC 'Samba smbpasswd entry'
 | |
| #        MUST ( uid $ uidNumber )
 | |
| #        MAY  ( lmPassword $ ntPassword $ pwdLastSet $ acctFlags ))
 | |
| 
 | |
| #objectclass ( 1.3.6.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
 | |
| #	DESC 'Samba Account'
 | |
| #	MUST ( uid $ rid )
 | |
| #	MAY  ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
 | |
| #               logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
 | |
| #               displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
 | |
| #               description $ userWorkstations $ primaryGroupID $ domain ))
 | |
| 
 | |
| #objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY
 | |
| #	DESC 'Samba Auxiliary Account'
 | |
| #	MUST ( uid $ rid )
 | |
| #	MAY  ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
 | |
| #              logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
 | |
| #              displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
 | |
| #              description $ userWorkstations $ primaryGroupID $ domain ))
 | |
| 
 | |
| ########################################################################
 | |
| ##                        END OF HISTORICAL                           ##
 | |
| ########################################################################
 | |
| 
 | |
| #######################################################################
 | |
| ##                Attributes used by Samba 3.0 schema                ##
 | |
| #######################################################################
 | |
| 
 | |
| ##
 | |
| ## Password hashes
 | |
| ##
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword'
 | |
| 	DESC 'LanManager Password'
 | |
| 	EQUALITY caseIgnoreIA5Match
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
 | |
| 
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword'
 | |
| 	DESC 'MD4 hash of the unicode password'
 | |
| 	EQUALITY caseIgnoreIA5Match
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
 | |
| 
 | |
| ##
 | |
| ## Account flags in string format ([UWDX     ])
 | |
| ##
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags'
 | |
| 	DESC 'Account Flags'
 | |
| 	EQUALITY caseIgnoreIA5Match
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
 | |
| 
 | |
| ##
 | |
| ## Password timestamps & policies
 | |
| ##
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet'
 | |
| 	DESC 'Timestamp of the last password update'
 | |
| 	EQUALITY integerMatch
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 | |
| 
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange'
 | |
| 	DESC 'Timestamp of when the user is allowed to update the password'
 | |
| 	EQUALITY integerMatch
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 | |
| 
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange'
 | |
| 	DESC 'Timestamp of when the password will expire'
 | |
| 	EQUALITY integerMatch
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 | |
| 
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime'
 | |
| 	DESC 'Timestamp of last logon'
 | |
| 	EQUALITY integerMatch
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 | |
| 
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime'
 | |
| 	DESC 'Timestamp of last logoff'
 | |
| 	EQUALITY integerMatch
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 | |
| 
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime'
 | |
| 	DESC 'Timestamp of when the user will be logged off automatically'
 | |
| 	EQUALITY integerMatch
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 | |
| 
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount'
 | |
| 	DESC 'Bad password attempt count'
 | |
| 	EQUALITY integerMatch
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 | |
| 
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime'
 | |
| 	DESC 'Time of the last bad password attempt'
 | |
| 	EQUALITY integerMatch
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 | |
| 
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours'
 | |
| 	DESC 'Logon Hours'
 | |
| 	EQUALITY caseIgnoreIA5Match
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42} SINGLE-VALUE )
 | |
| 
 | |
| ##
 | |
| ## string settings
 | |
| ##
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive'
 | |
| 	DESC 'Driver letter of home directory mapping'
 | |
| 	EQUALITY caseIgnoreIA5Match
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
 | |
| 
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript'
 | |
| 	DESC 'Logon script path'
 | |
| 	EQUALITY caseIgnoreMatch
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
 | |
| 
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath'
 | |
| 	DESC 'Roaming profile path'
 | |
| 	EQUALITY caseIgnoreMatch
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
 | |
| 
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations'
 | |
| 	DESC 'List of user workstations the user is allowed to logon to'
 | |
| 	EQUALITY caseIgnoreMatch
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
 | |
| 
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath'
 | |
| 	DESC 'Home directory UNC path'
 | |
| 	EQUALITY caseIgnoreMatch
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
 | |
| 
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName'
 | |
| 	DESC 'Windows NT domain to which the user belongs'
 | |
| 	EQUALITY caseIgnoreMatch
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
 | |
| 
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial'
 | |
| 	DESC 'Base64 encoded user parameter string'
 | |
| 	EQUALITY caseExactMatch
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
 | |
| 
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory'
 | |
| 	DESC 'Concatenated MD5 hashes of the salted NT passwords used on this account'
 | |
| 	EQUALITY caseIgnoreIA5Match
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} )
 | |
| 
 | |
| ##
 | |
| ## SID, of any type
 | |
| ##
 | |
| 
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID'
 | |
| 	DESC 'Security ID'
 | |
| 	EQUALITY caseIgnoreIA5Match
 | |
| 	SUBSTR caseExactIA5SubstringsMatch
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
 | |
| 
 | |
| ##
 | |
| ## Primary group SID, compatible with ntSid
 | |
| ##
 | |
| 
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID'
 | |
| 	DESC 'Primary Group Security ID'
 | |
| 	EQUALITY caseIgnoreIA5Match
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
 | |
| 
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList'
 | |
| 	DESC 'Security ID List'
 | |
| 	EQUALITY caseIgnoreIA5Match
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} )
 | |
| 
 | |
| ##
 | |
| ## group mapping attributes
 | |
| ##
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType'
 | |
| 	DESC 'NT Group Type'
 | |
| 	EQUALITY integerMatch
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 | |
| 
 | |
| ##
 | |
| ## Store info on the domain
 | |
| ##
 | |
| 
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid'
 | |
| 	DESC 'Next NT rid to give our for users'
 | |
| 	EQUALITY integerMatch
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 | |
| 
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid'
 | |
| 	DESC 'Next NT rid to give out for groups'
 | |
| 	EQUALITY integerMatch
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 | |
| 
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid'
 | |
| 	DESC 'Next NT rid to give out for anything'
 | |
| 	EQUALITY integerMatch
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 | |
| 
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase'
 | |
| 	DESC 'Base at which the samba RID generation algorithm should operate'
 | |
| 	EQUALITY integerMatch
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 | |
| 
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName'
 | |
| 	DESC 'Share Name'
 | |
| 	EQUALITY caseIgnoreMatch
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
 | |
| 
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName'
 | |
| 	DESC 'Option Name'
 | |
| 	EQUALITY caseIgnoreMatch
 | |
| 	SUBSTR caseIgnoreSubstringsMatch
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
 | |
| 
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption'
 | |
| 	DESC 'A boolean option'
 | |
| 	EQUALITY booleanMatch
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
 | |
| 
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption'
 | |
| 	DESC 'An integer option'
 | |
| 	EQUALITY integerMatch
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 | |
| 
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption'
 | |
| 	DESC 'A string option'
 | |
| 	EQUALITY caseExactIA5Match
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
 | |
| 
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption'
 | |
| 	DESC 'A string list option'
 | |
| 	EQUALITY caseIgnoreMatch
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
 | |
| 
 | |
| 
 | |
| ##attributetype ( 1.3.6.1.4.1.7165.2.1.50 NAME 'sambaPrivName' 
 | |
| ##	SUP name )
 | |
| 
 | |
| ##attributetype ( 1.3.6.1.4.1.7165.2.1.52 NAME 'sambaPrivilegeList'
 | |
| ##	DESC 'Privileges List'
 | |
| ##	EQUALITY caseIgnoreIA5Match
 | |
| ##	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} )
 | |
| 
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags'
 | |
| 	DESC 'Trust Password Flags'
 | |
| 	EQUALITY caseIgnoreIA5Match
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
 | |
| 
 | |
| # "min password length"
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength'
 | |
| 	DESC 'Minimal password length (default: 5)'
 | |
| 	EQUALITY integerMatch
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 | |
| 
 | |
| # "password history"
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength'
 | |
| 	DESC 'Length of Password History Entries (default: 0 => off)'
 | |
| 	EQUALITY integerMatch
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 | |
| 
 | |
| # "user must logon to change password"
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd'
 | |
| 	DESC 'Force Users to logon for password change (default: 0 => off, 2 => on)'
 | |
| 	EQUALITY integerMatch
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 | |
| 
 | |
| # "maximum password age"
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge'
 | |
| 	DESC 'Maximum password age, in seconds (default: -1 => never expire passwords)'
 | |
| 	EQUALITY integerMatch
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 | |
| 
 | |
| # "minimum password age"
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge'
 | |
| 	DESC 'Minimum password age, in seconds (default: 0 => allow immediate password change)'
 | |
| 	EQUALITY integerMatch
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 | |
| 
 | |
| # "lockout duration"
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration'
 | |
| 	DESC 'Lockout duration in minutes (default: 30, -1 => forever)'
 | |
| 	EQUALITY integerMatch
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 | |
| 
 | |
| # "reset count minutes"
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservationWindow'
 | |
| 	DESC 'Reset time after lockout in minutes (default: 30)'
 | |
| 	EQUALITY integerMatch
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 | |
| 
 | |
| # "bad lockout attempt"
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold'
 | |
| 	DESC 'Lockout users after bad logon attempts (default: 0 => off)'
 | |
| 	EQUALITY integerMatch
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 | |
| 
 | |
| # "disconnect time"
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff'
 | |
| 	DESC 'Disconnect Users outside logon hours (default: -1 => off, 0 => on)'
 | |
| 	EQUALITY integerMatch
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 | |
| 
 | |
| # "refuse machine password change"
 | |
| attributetype ( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange'
 | |
| 	DESC 'Allow Machine Password changes (default: 0 => off)'
 | |
| 	EQUALITY integerMatch
 | |
| 	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
 | |
| 
 | |
| 
 | |
| 
 | |
| 
 | |
| #######################################################################
 | |
| ##              objectClasses used by Samba 3.0 schema               ##
 | |
| #######################################################################
 | |
| 
 | |
| ## The X.500 data model (and therefore LDAPv3) says that each entry can
 | |
| ## only have one structural objectclass.  OpenLDAP 2.0 does not enforce
 | |
| ## this currently but will in v2.1
 | |
| 
 | |
| ##
 | |
| ## added new objectclass (and OID) for 3.0 to help us deal with backwards
 | |
| ## compatibility with 2.2 installations (e.g. ldapsam_compat)  --jerry
 | |
| ##
 | |
| objectclass ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY
 | |
| 	DESC 'Samba 3.0 Auxilary SAM Account'
 | |
| 	MUST ( uid $ sambaSID )
 | |
| 	MAY  ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $
 | |
| 	       sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $
 | |
| 	       sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $
 | |
|                displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $
 | |
| 	       sambaProfilePath $ description $ sambaUserWorkstations $
 | |
| 	       sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $
 | |
| 	       sambaBadPasswordCount $ sambaBadPasswordTime $
 | |
| 	       sambaPasswordHistory $ sambaLogonHours))
 | |
| 
 | |
| ##
 | |
| ## Group mapping info
 | |
| ##
 | |
| objectclass ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY
 | |
| 	DESC 'Samba Group Mapping'
 | |
| 	MUST ( gidNumber $ sambaSID $ sambaGroupType )
 | |
| 	MAY  ( displayName $ description $ sambaSIDList ))
 | |
| 
 | |
| ##
 | |
| ## Trust password for trust relationships (any kind)
 | |
| ##
 | |
| objectclass ( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' SUP top STRUCTURAL
 | |
| 	DESC 'Samba Trust Password'
 | |
| 	MUST ( sambaDomainName $ sambaNTPassword $ sambaTrustFlags )
 | |
| 	MAY ( sambaSID $ sambaPwdLastSet ))
 | |
| 
 | |
| ##
 | |
| ## Whole-of-domain info
 | |
| ##
 | |
| objectclass ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL
 | |
| 	DESC 'Samba Domain Information'
 | |
| 	MUST ( sambaDomainName $ 
 | |
| 	       sambaSID ) 
 | |
| 	MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $
 | |
| 	      sambaAlgorithmicRidBase $ 
 | |
| 	      sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd $
 | |
| 	      sambaMaxPwdAge $ sambaMinPwdAge $
 | |
| 	      sambaLockoutDuration $ sambaLockoutObservationWindow $ sambaLockoutThreshold $
 | |
| 	      sambaForceLogoff $ sambaRefuseMachinePwdChange ))
 | |
| 
 | |
| ##
 | |
| ## used for idmap_ldap module
 | |
| ##
 | |
| objectclass ( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' SUP top AUXILIARY
 | |
|         DESC 'Pool for allocating UNIX uids/gids'
 | |
|         MUST ( uidNumber $ gidNumber ) )
 | |
| 
 | |
| 
 | |
| objectclass ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' SUP top AUXILIARY
 | |
|         DESC 'Mapping from a SID to an ID'
 | |
|         MUST ( sambaSID )
 | |
| 	MAY ( uidNumber $ gidNumber ) )
 | |
| 
 | |
| objectclass ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' SUP top STRUCTURAL
 | |
| 	DESC 'Structural Class for a SID'
 | |
| 	MUST ( sambaSID ) )
 | |
| 
 | |
| objectclass ( 1.3.6.1.4.1.7165.2.2.10 NAME 'sambaConfig' SUP top AUXILIARY
 | |
| 	DESC 'Samba Configuration Section'
 | |
| 	MAY ( description ) )
 | |
| 
 | |
| objectclass ( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' SUP top STRUCTURAL
 | |
| 	DESC 'Samba Share Section'
 | |
| 	MUST ( sambaShareName )
 | |
| 	MAY ( description ) )
 | |
| 
 | |
| objectclass ( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' SUP top STRUCTURAL
 | |
| 	DESC 'Samba Configuration Option'
 | |
| 	MUST ( sambaOptionName )
 | |
| 	MAY ( sambaBoolOption $ sambaIntegerOption $ sambaStringOption $ 
 | |
| 	      sambaStringListoption $ description ) )
 | |
| 
 | |
| 
 | |
| ## retired during privilege rewrite
 | |
| ##objectclass ( 1.3.6.1.4.1.7165.2.2.13 NAME 'sambaPrivilege' SUP top AUXILIARY
 | |
| ##	DESC 'Samba Privilege'
 | |
| ##	MUST ( sambaSID )
 | |
| ##	MAY ( sambaPrivilegeList ) )
 |