summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNadezhda Ivanova <nadezhda.ivanova@postpath.com>2010-01-13 12:02:31 +0200
committerNadezhda Ivanova <nadezhda.ivanova@postpath.com>2010-01-13 12:02:31 +0200
commit9b3871ed293f76e770e572cd6b59f59670f1f6f8 (patch)
tree2b79286e3a6f7af9e26466393a0b26075a238be8
parent309473f938d18b9993c2c4f120eeff7b4641985a (diff)
parentca847952054f5bbde1d40ad4260589b6fcc9721d (diff)
downloadsamba-9b3871ed293f76e770e572cd6b59f59670f1f6f8.tar.gz
samba-9b3871ed293f76e770e572cd6b59f59670f1f6f8.tar.bz2
samba-9b3871ed293f76e770e572cd6b59f59670f1f6f8.zip
Merge branch 'master' of git://git.samba.org/samba
-rw-r--r--WHATSNEW4.txt33
-rw-r--r--docs-xml/manpages-3/eventlogadm.8.xml2
-rw-r--r--docs-xml/manpages-3/pdbedit.8.xml1
-rw-r--r--lib/tsocket/doxy.config1538
-rw-r--r--lib/tsocket/tsocket.h845
-rw-r--r--lib/tsocket/tsocket_helpers.c52
-rw-r--r--lib/util/debug.h4
-rw-r--r--libcli/auth/smbencrypt.c8
-rw-r--r--libcli/util/tstream.c167
-rw-r--r--libcli/util/tstream.h79
-rw-r--r--librpc/gen_ndr/drsuapi.h12
-rw-r--r--librpc/gen_ndr/ndr_drsuapi.c5
-rw-r--r--librpc/idl/drsuapi.idl7
-rwxr-xr-xselftest/selftest.pl13
-rw-r--r--source3/Makefile.in30
-rw-r--r--source3/auth/auth_builtin.c12
-rw-r--r--source3/auth/auth_compat.c10
-rw-r--r--source3/auth/auth_domain.c12
-rw-r--r--source3/auth/auth_netlogond.c6
-rw-r--r--source3/auth/auth_ntlmssp.c2
-rw-r--r--source3/auth/auth_sam.c219
-rw-r--r--source3/auth/auth_script.c4
-rw-r--r--source3/auth/auth_server.c4
-rw-r--r--source3/auth/auth_unix.c4
-rw-r--r--source3/auth/auth_util.c64
-rw-r--r--source3/auth/auth_wbc.c4
-rw-r--r--source3/auth/auth_winbind.c4
-rw-r--r--source3/configure.in2
-rw-r--r--source3/groupdb/mapping.c3
-rw-r--r--source3/include/auth.h10
-rw-r--r--source3/include/proto.h38
-rw-r--r--source3/include/smb.h1
-rw-r--r--source3/lib/time.c12
-rw-r--r--source3/lib/util_seaccess.c40
-rw-r--r--source3/libnet/libnet_samsync_passdb.c15
-rw-r--r--source3/libsmb/cliconnect.c5
-rw-r--r--source3/libsmb/samlogon_cache.c6
-rw-r--r--source3/locking/locking.c3
-rw-r--r--source3/modules/vfs_acl_common.c127
-rw-r--r--source3/modules/vfs_acl_tdb.c3
-rw-r--r--source3/modules/vfs_acl_xattr.c2
-rw-r--r--source3/modules/vfs_cap.c3
-rw-r--r--source3/modules/vfs_scannedonly.c995
-rw-r--r--source3/modules/vfs_zfsacl.c10
-rw-r--r--source3/passdb/lookup_sid.c21
-rw-r--r--source3/passdb/passdb.c3
-rw-r--r--source3/passdb/pdb_compat.c10
-rw-r--r--source3/passdb/pdb_get_set.c141
-rw-r--r--source3/passdb/pdb_interface.c3
-rw-r--r--source3/passdb/pdb_ldap.c11
-rw-r--r--source3/passdb/util_unixsids.c26
-rw-r--r--source3/passdb/util_wellknown.c4
-rw-r--r--source3/printing/nt_printing.c4
-rw-r--r--source3/rpc_client/cli_netlogon.c7
-rw-r--r--source3/rpc_server/srv_lsa_nt.c3
-rw-r--r--source3/rpc_server/srv_netlog_nt.c4
-rw-r--r--source3/rpc_server/srv_samr_nt.c17
-rw-r--r--source3/rpc_server/srv_srvsvc_nt.c21
-rw-r--r--source3/smbd/chgpasswd.c87
-rw-r--r--source3/smbd/close.c11
-rw-r--r--source3/smbd/dir.c8
-rw-r--r--source3/smbd/file_access.c11
-rw-r--r--source3/smbd/globals.c1
-rw-r--r--source3/smbd/globals.h1
-rw-r--r--source3/smbd/lanman.c6
-rw-r--r--source3/smbd/password.c2
-rw-r--r--source3/smbd/posix_acls.c4
-rw-r--r--source3/smbd/reply.c8
-rw-r--r--source3/smbd/sesssetup.c12
-rw-r--r--source3/smbd/vfs.c21
-rw-r--r--source3/utils/net_groupmap.c9
-rw-r--r--source3/utils/net_rpc.c7
-rw-r--r--source3/utils/ntlm_auth.c72
-rw-r--r--source3/utils/pdbedit.c3
-rw-r--r--source3/winbindd/idmap_hash/idmap_hash.c3
-rw-r--r--source3/winbindd/idmap_tdb.c3
-rw-r--r--source3/winbindd/winbindd_ads.c3
-rw-r--r--source3/winbindd/winbindd_cache.c3
-rw-r--r--source3/winbindd/winbindd_ccache_access.c2
-rw-r--r--source3/winbindd/winbindd_cred_cache.c13
-rw-r--r--source3/winbindd/winbindd_creds.c12
-rw-r--r--source3/winbindd/winbindd_pam.c4
-rw-r--r--source3/winbindd/winbindd_rpc.c5
-rw-r--r--source4/VERSION2
-rw-r--r--source4/auth/auth.h40
-rw-r--r--source4/auth/kerberos/kerberos_pac.c124
-rw-r--r--source4/dsdb/common/util.c134
-rw-r--r--source4/dsdb/config.mk3
-rw-r--r--source4/dsdb/repl/drepl_out_helpers.c337
-rw-r--r--source4/dsdb/repl/drepl_out_pull.c63
-rw-r--r--source4/dsdb/repl/drepl_partitions.c80
-rw-r--r--source4/dsdb/repl/drepl_periodic.c2
-rw-r--r--source4/dsdb/repl/drepl_ridalloc.c282
-rw-r--r--source4/dsdb/repl/drepl_service.c1
-rw-r--r--source4/dsdb/repl/drepl_service.h11
-rw-r--r--source4/dsdb/samdb/ldb_modules/acl.c38
-rw-r--r--source4/dsdb/samdb/ldb_modules/config.mk23
-rw-r--r--source4/dsdb/samdb/ldb_modules/instancetype.c3
-rw-r--r--source4/dsdb/samdb/ldb_modules/lazy_commit.c13
-rw-r--r--source4/dsdb/samdb/ldb_modules/partition.c12
-rw-r--r--source4/dsdb/samdb/ldb_modules/pdc_fsmo.c4
-rw-r--r--source4/dsdb/samdb/ldb_modules/repl_meta_data.c12
-rw-r--r--source4/dsdb/samdb/ldb_modules/ridalloc.c646
-rw-r--r--source4/dsdb/samdb/ldb_modules/samba3sid.c197
-rw-r--r--source4/dsdb/samdb/ldb_modules/samba_dsdb.c77
-rw-r--r--source4/dsdb/samdb/ldb_modules/samldb.c684
-rw-r--r--source4/dsdb/samdb/ldb_modules/schema_data.c5
-rw-r--r--source4/dsdb/samdb/ldb_modules/schema_load.c8
-rw-r--r--source4/dsdb/samdb/ldb_modules/show_deleted.c4
-rw-r--r--source4/dsdb/samdb/ldb_modules/tests/samba3sam.py17
-rw-r--r--source4/dsdb/samdb/ldb_modules/util.c192
-rw-r--r--source4/dsdb/samdb/ldb_modules/util.h5
-rw-r--r--source4/dsdb/samdb/samdb.h8
-rw-r--r--source4/dsdb/schema/schema.h1
-rw-r--r--source4/dsdb/schema/schema_init.c64
-rw-r--r--source4/dsdb/schema/schema_query.c30
-rw-r--r--source4/dsdb/schema/schema_syntax.c180
-rw-r--r--source4/kdc/config.mk2
-rw-r--r--source4/kdc/hdb-samba4.c2
-rw-r--r--source4/kdc/kdc.c303
-rw-r--r--source4/lib/events/events.h1
-rw-r--r--source4/lib/events/tevent_s4.c15
-rw-r--r--source4/lib/ldb-samba/ldif_handlers.c120
-rw-r--r--source4/lib/ldb-samba/ldif_handlers.h1
-rw-r--r--source4/lib/ldb/common/ldb_dn.c8
-rw-r--r--source4/lib/ldb/ldb_tdb/ldb_index.c36
-rw-r--r--source4/lib/ldb/ldb_tdb/ldb_tdb.c3
-rwxr-xr-xsource4/lib/ldb/tests/python/acl.py3
-rwxr-xr-xsource4/lib/ldb/tests/python/sec_descriptor.py116
-rw-r--r--source4/lib/ldb/tools/cmdline.c6
-rw-r--r--source4/lib/messaging/messaging.c17
-rw-r--r--source4/lib/messaging/messaging.h1
-rw-r--r--source4/libcli/config.mk5
-rw-r--r--source4/libnet/libnet_become_dc.c77
-rw-r--r--source4/libnet/libnet_vampire.c4
-rw-r--r--source4/rpc_server/config.mk1
-rw-r--r--source4/rpc_server/drsuapi/addentry.c45
-rw-r--r--source4/rpc_server/drsuapi/dcesrv_drsuapi.c77
-rw-r--r--source4/rpc_server/drsuapi/dcesrv_drsuapi.h2
-rw-r--r--source4/rpc_server/drsuapi/getncchanges.c219
-rw-r--r--source4/rpc_server/drsuapi/writespn.c145
-rwxr-xr-xsource4/scripting/bin/setup_dns.sh2
-rwxr-xr-xsource4/scripting/bin/upgradeprovision128
-rwxr-xr-xsource4/scripting/devel/tmpfs.sh13
-rw-r--r--source4/scripting/python/samba/__init__.py5
-rw-r--r--source4/scripting/python/samba/ms_schema.py2
-rw-r--r--source4/scripting/python/samba/provision.py49
-rw-r--r--source4/scripting/python/samba/schema.py28
-rw-r--r--source4/selftest/knownfail1
-rw-r--r--source4/setup/ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt16060
-rw-r--r--source4/setup/ad-schema/MS-AD_Schema_2K8_R2_Classes.txt3577
-rw-r--r--source4/setup/aggregate_schema.ldif2
-rw-r--r--source4/setup/provision.ldif2
-rw-r--r--source4/setup/provision_schema_basedn.ldif1
-rw-r--r--source4/setup/provision_self_join.ldif20
-rw-r--r--source4/setup/provision_self_join_modify.ldif15
-rw-r--r--source4/setup/schema_samba4.ldif1
-rw-r--r--source4/smbd/process_prefork.c8
-rw-r--r--source4/smbd/process_single.c2
-rw-r--r--source4/smbd/process_standard.c6
-rw-r--r--source4/smbd/server.c3
-rw-r--r--source4/torture/raw/lock.c120
-rw-r--r--source4/torture/raw/open.c198
-rw-r--r--source4/torture/rpc/rpc.c1
-rw-r--r--source4/torture/rpc/samr.c605
-rw-r--r--source4/torture/smbtorture.c3
-rw-r--r--source4/torture/smbtorture.h14
-rw-r--r--testprogs/win32/spoolss/Makefile40
-rw-r--r--testprogs/win32/spoolss/Makefile.mingw23
-rw-r--r--testprogs/win32/spoolss/README1
-rw-r--r--testprogs/win32/spoolss/error.c123
-rw-r--r--testprogs/win32/spoolss/error.h36
-rw-r--r--testprogs/win32/spoolss/printlib.c622
-rw-r--r--testprogs/win32/spoolss/printlib_proto.h47
-rw-r--r--testprogs/win32/spoolss/spoolss.c802
-rw-r--r--testprogs/win32/spoolss/spoolss.h51
-rw-r--r--testprogs/win32/spoolss/string.h15
-rw-r--r--testprogs/win32/spoolss/torture.c106
-rw-r--r--testprogs/win32/spoolss/torture.h91
-rw-r--r--testprogs/win32/spoolss/torture_proto.h32
180 files changed, 30190 insertions, 2178 deletions
diff --git a/WHATSNEW4.txt b/WHATSNEW4.txt
index 7becef544f..b4c6e7de10 100644
--- a/WHATSNEW4.txt
+++ b/WHATSNEW4.txt
@@ -1,4 +1,4 @@
-What's new in Samba 4 alpha10
+What's new in Samba 4 alpha11
============================
Samba 4 is the ambitious next version of the Samba suite that is being
@@ -6,13 +6,13 @@ developed in parallel to the stable 3.x series. The main emphasis in
this branch is support for the Active Directory logon protocols used
by Windows 2000 and above.
-Samba4 alpha10 follows on from the alpha release series we have been
+Samba4 alpha11 follows on from the alpha release series we have been
publishing since September 2007
WARNINGS
========
-Samba4 alpha10 is not a final Samba release. That is more a reference
+Samba4 alpha11 is not a final Samba release. That is more a reference
to Samba4's lack of the features we expect you will need than a
statement of code quality, but clearly it hasn't seen a broad
deployment yet. If you were to upgrade Samba3 (or indeed Windows) to
@@ -62,12 +62,29 @@ working on modules to map between AD-like behaviours and this backend.
We are aiming for Samba 4 to be powerful frontend to large
directories.
-CHANGES SINCE alpha9
+CHANGES SINCE alpha10
=====================
-Alpha9 was released last week, but in the time since the release we
-have found and fixed an important segfault, and improved the
-experimental DRS replication.
+Since the alpha10 release, we have fixed a number of serious bugs in
+the implementation of AD-compatible 'Directory Replication Services'.
+We can now join an AD domain as a read-write DC
+
+Importantly, since alpha10, the following serious issues were
+addressed:
+ - We now allocate RID values safely (previous implementations would
+ add users and groups without regard to allocated RID pools, possibly
+ creating duplicates)
+ - In previous Samba4 versions, a failure to 'prepare' a transaction
+ would silently commit the transaction.
+
+Any deployments of Samba4 before this alpha are very strongly
+encouraged to upgrade. Assistance may be found in the
+upgradeprovision script, and the advice of the Samba Team should be
+sought to determine the impact of these issues in your particular
+deployment.
+
+Our progress on DRS is being tracked in the Samba wiki:
+http://wiki.samba.org/index.php/Samba4_DRS_TODO_List
CHANGES
=======
@@ -103,7 +120,7 @@ KNOWN ISSUES
since it's completely experimental!
- ACL are not set by default on shares created by the provision.
- Work is underway on this subject and it should be fixed in Alpha10.
+ Work is underway on this subject and it should be fixed in Alpha12.
RUNNING Samba4
==============
diff --git a/docs-xml/manpages-3/eventlogadm.8.xml b/docs-xml/manpages-3/eventlogadm.8.xml
index 4c399a30cf..c104120598 100644
--- a/docs-xml/manpages-3/eventlogadm.8.xml
+++ b/docs-xml/manpages-3/eventlogadm.8.xml
@@ -111,7 +111,7 @@
<varlistentry>
<term>
<option>-o</option>
- <literal>write</literal>
+ <literal>dump</literal>
<replaceable>EVENTLOG</replaceable>
<replaceable>RECORD_NUMBER</replaceable>
</term>
diff --git a/docs-xml/manpages-3/pdbedit.8.xml b/docs-xml/manpages-3/pdbedit.8.xml
index 2d074d922d..fa8cabcdde 100644
--- a/docs-xml/manpages-3/pdbedit.8.xml
+++ b/docs-xml/manpages-3/pdbedit.8.xml
@@ -32,6 +32,7 @@
<arg choice="opt">-h homedir</arg>
<arg choice="opt">-i passdb-backend</arg>
<arg choice="opt">-I domain</arg>
+ <arg choice="opt">-K</arg>
<arg choice="opt">-L </arg>
<arg choice="opt">-m</arg>
<arg choice="opt">-M SID|RID</arg>
diff --git a/lib/tsocket/doxy.config b/lib/tsocket/doxy.config
new file mode 100644
index 0000000000..584ae73d83
--- /dev/null
+++ b/lib/tsocket/doxy.config
@@ -0,0 +1,1538 @@
+# Doxyfile 1.6.1
+
+# This file describes the settings to be used by the documentation system
+# doxygen (www.doxygen.org) for a project
+#
+# All text after a hash (#) is considered a comment and will be ignored
+# The format is:
+# TAG = value [value, ...]
+# For lists items can also be appended using:
+# TAG += value [value, ...]
+# Values that contain spaces should be placed between quotes (" ")
+
+#---------------------------------------------------------------------------
+# Project related configuration options
+#---------------------------------------------------------------------------
+
+# This tag specifies the encoding used for all characters in the config file
+# that follow. The default is UTF-8 which is also the encoding used for all
+# text before the first occurrence of this tag. Doxygen uses libiconv (or the
+# iconv built into libc) for the transcoding. See
+# http://www.gnu.org/software/libiconv for the list of possible encodings.
+
+DOXYFILE_ENCODING = UTF-8
+
+# The PROJECT_NAME tag is a single word (or a sequence of words surrounded
+# by quotes) that should identify the project.
+
+PROJECT_NAME = tsocket
+
+# The PROJECT_NUMBER tag can be used to enter a project or revision number.
+# This could be handy for archiving the generated documentation or
+# if some version control system is used.
+
+PROJECT_NUMBER = 0.1
+
+# The OUTPUT_DIRECTORY tag is used to specify the (relative or absolute)
+# base path where the generated documentation will be put.
+# If a relative path is entered, it will be relative to the location
+# where doxygen was started. If left blank the current directory will be used.
+
+OUTPUT_DIRECTORY = doc
+
+# If the CREATE_SUBDIRS tag is set to YES, then doxygen will create
+# 4096 sub-directories (in 2 levels) under the output directory of each output
+# format and will distribute the generated files over these directories.
+# Enabling this option can be useful when feeding doxygen a huge amount of
+# source files, where putting all generated files in the same directory would
+# otherwise cause performance problems for the file system.
+
+CREATE_SUBDIRS = NO
+
+# The OUTPUT_LANGUAGE tag is used to specify the language in which all
+# documentation generated by doxygen is written. Doxygen will use this
+# information to generate all constant output in the proper language.
+# The default language is English, other supported languages are:
+# Afrikaans, Arabic, Brazilian, Catalan, Chinese, Chinese-Traditional,
+# Croatian, Czech, Danish, Dutch, Esperanto, Farsi, Finnish, French, German,
+# Greek, Hungarian, Italian, Japanese, Japanese-en (Japanese with English
+# messages), Korean, Korean-en, Lithuanian, Norwegian, Macedonian, Persian,
+# Polish, Portuguese, Romanian, Russian, Serbian, Serbian-Cyrilic, Slovak,
+# Slovene, Spanish, Swedish, Ukrainian, and Vietnamese.
+
+OUTPUT_LANGUAGE = English
+
+# If the BRIEF_MEMBER_DESC tag is set to YES (the default) Doxygen will
+# include brief member descriptions after the members that are listed in
+# the file and class documentation (similar to JavaDoc).
+# Set to NO to disable this.
+
+BRIEF_MEMBER_DESC = YES
+
+# If the REPEAT_BRIEF tag is set to YES (the default) Doxygen will prepend
+# the brief description of a member or function before the detailed description.
+# Note: if both HIDE_UNDOC_MEMBERS and BRIEF_MEMBER_DESC are set to NO, the
+# brief descriptions will be completely suppressed.
+
+REPEAT_BRIEF = YES
+
+# This tag implements a quasi-intelligent brief description abbreviator
+# that is used to form the text in various listings. Each string
+# in this list, if found as the leading text of the brief description, will be
+# stripped from the text and the result after processing the whole list, is
+# used as the annotated text. Otherwise, the brief description is used as-is.
+# If left blank, the following values are used ("$name" is automatically
+# replaced with the name of the entity): "The $name class" "The $name widget"
+# "The $name file" "is" "provides" "specifies" "contains"
+# "represents" "a" "an" "the"
+
+ABBREVIATE_BRIEF = "The $name class" \
+ "The $name widget" \
+ "The $name file" \
+ is \
+ provides \
+ specifies \
+ contains \
+ represents \
+ a \
+ an \
+ the
+
+# If the ALWAYS_DETAILED_SEC and REPEAT_BRIEF tags are both set to YES then
+# Doxygen will generate a detailed section even if there is only a brief
+# description.
+
+ALWAYS_DETAILED_SEC = NO
+
+# If the INLINE_INHERITED_MEMB tag is set to YES, doxygen will show all
+# inherited members of a class in the documentation of that class as if those
+# members were ordinary class members. Constructors, destructors and assignment
+# operators of the base classes will not be shown.
+
+INLINE_INHERITED_MEMB = NO
+
+# If the FULL_PATH_NAMES tag is set to YES then Doxygen will prepend the full
+# path before files name in the file list and in the header files. If set
+# to NO the shortest path that makes the file name unique will be used.
+
+FULL_PATH_NAMES = YES
+
+# If the FULL_PATH_NAMES tag is set to YES then the STRIP_FROM_PATH tag
+# can be used to strip a user-defined part of the path. Stripping is
+# only done if one of the specified strings matches the left-hand part of
+# the path. The tag can be used to show relative paths in the file list.
+# If left blank the directory from which doxygen is run is used as the
+# path to strip.
+
+STRIP_FROM_PATH =
+
+# The STRIP_FROM_INC_PATH tag can be used to strip a user-defined part of
+# the path mentioned in the documentation of a class, which tells
+# the reader which header file to include in order to use a class.
+# If left blank only the name of the header file containing the class
+# definition is used. Otherwise one should specify the include paths that
+# are normally passed to the compiler using the -I flag.
+
+STRIP_FROM_INC_PATH =
+
+# If the SHORT_NAMES tag is set to YES, doxygen will generate much shorter
+# (but less readable) file names. This can be useful is your file systems
+# doesn't support long names like on DOS, Mac, or CD-ROM.
+
+SHORT_NAMES = NO
+
+# If the JAVADOC_AUTOBRIEF tag is set to YES then Doxygen
+# will interpret the first line (until the first dot) of a JavaDoc-style
+# comment as the brief description. If set to NO, the JavaDoc
+# comments will behave just like regular Qt-style comments
+# (thus requiring an explicit @brief command for a brief description.)
+
+JAVADOC_AUTOBRIEF = YES
+
+# If the QT_AUTOBRIEF tag is set to YES then Doxygen will
+# interpret the first line (until the first dot) of a Qt-style
+# comment as the brief description. If set to NO, the comments
+# will behave just like regular Qt-style comments (thus requiring
+# an explicit \brief command for a brief description.)
+
+QT_AUTOBRIEF = NO
+
+# The MULTILINE_CPP_IS_BRIEF tag can be set to YES to make Doxygen
+# treat a multi-line C++ special comment block (i.e. a block of //! or ///
+# comments) as a brief description. This used to be the default behaviour.
+# The new default is to treat a multi-line C++ comment block as a detailed
+# description. Set this tag to YES if you prefer the old behaviour instead.
+
+MULTILINE_CPP_IS_BRIEF = NO
+
+# If the INHERIT_DOCS tag is set to YES (the default) then an undocumented
+# member inherits the documentation from any documented member that it
+# re-implements.
+
+INHERIT_DOCS = YES
+
+# If the SEPARATE_MEMBER_PAGES tag is set to YES, then doxygen will produce
+# a new page for each member. If set to NO, the documentation of a member will
+# be part of the file/class/namespace that contains it.
+
+SEPARATE_MEMBER_PAGES = NO
+
+# The TAB_SIZE tag can be used to set the number of spaces in a tab.
+# Doxygen uses this value to replace tabs by spaces in code fragments.
+
+TAB_SIZE = 8
+
+# This tag can be used to specify a number of aliases that acts
+# as commands in the documentation. An alias has the form "name=value".
+# For example adding "sideeffect=\par Side Effects:\n" will allow you to
+# put the command \sideeffect (or @sideeffect) in the documentation, which
+# will result in a user-defined paragraph with heading "Side Effects:".
+# You can put \n's in the value part of an alias to insert newlines.
+
+ALIASES =
+
+# Set the OPTIMIZE_OUTPUT_FOR_C tag to YES if your project consists of C
+# sources only. Doxygen will then generate output that is more tailored for C.
+# For instance, some of the names that are used will be different. The list
+# of all members will be omitted, etc.
+
+OPTIMIZE_OUTPUT_FOR_C = YES
+
+# Set the OPTIMIZE_OUTPUT_JAVA tag to YES if your project consists of Java
+# sources only. Doxygen will then generate output that is more tailored for
+# Java. For instance, namespaces will be presented as packages, qualified
+# scopes will look different, etc.
+
+OPTIMIZE_OUTPUT_JAVA = NO
+
+# Set the OPTIMIZE_FOR_FORTRAN tag to YES if your project consists of Fortran
+# sources only. Doxygen will then generate output that is more tailored for
+# Fortran.
+
+OPTIMIZE_FOR_FORTRAN = NO
+
+# Set the OPTIMIZE_OUTPUT_VHDL tag to YES if your project consists of VHDL
+# sources. Doxygen will then generate output that is tailored for
+# VHDL.
+
+OPTIMIZE_OUTPUT_VHDL = NO
+
+# Doxygen selects the parser to use depending on the extension of the files it parses.
+# With this tag you can assign which parser to use for a given extension.
+# Doxygen has a built-in mapping, but you can override or extend it using this tag.
+# The format is ext=language, where ext is a file extension, and language is one of
+# the parsers supported by doxygen: IDL, Java, Javascript, C#, C, C++, D, PHP,
+# Objective-C, Python, Fortran, VHDL, C, C++. For instance to make doxygen treat
+# .inc files as Fortran files (default is PHP), and .f files as C (default is Fortran),
+# use: inc=Fortran f=C. Note that for custom extensions you also need to set FILE_PATTERNS otherwise the files are not read by doxygen.
+
+EXTENSION_MAPPING =
+
+# If you use STL classes (i.e. std::string, std::vector, etc.) but do not want
+# to include (a tag file for) the STL sources as input, then you should
+# set this tag to YES in order to let doxygen match functions declarations and
+# definitions whose arguments contain STL classes (e.g. func(std::string); v.s.
+# func(std::string) {}). This also make the inheritance and collaboration
+# diagrams that involve STL classes more complete and accurate.
+
+BUILTIN_STL_SUPPORT = NO
+
+# If you use Microsoft's C++/CLI language, you should set this option to YES to
+# enable parsing support.
+
+CPP_CLI_SUPPORT = NO
+
+# Set the SIP_SUPPORT tag to YES if your project consists of sip sources only.
+# Doxygen will parse them like normal C++ but will assume all classes use public
+# instead of private inheritance when no explicit protection keyword is present.
+
+SIP_SUPPORT = NO
+
+# For Microsoft's IDL there are propget and propput attributes to indicate getter
+# and setter methods for a property. Setting this option to YES (the default)
+# will make doxygen to replace the get and set methods by a property in the
+# documentation. This will only work if the methods are indeed getting or
+# setting a simple type. If this is not the case, or you want to show the
+# methods anyway, you should set this option to NO.
+
+IDL_PROPERTY_SUPPORT = YES
+
+# If member grouping is used in the documentation and the DISTRIBUTE_GROUP_DOC
+# tag is set to YES, then doxygen will reuse the documentation of the first
+# member in the group (if any) for the other members of the group. By default
+# all members of a group must be documented explicitly.
+
+DISTRIBUTE_GROUP_DOC = NO
+
+# Set the SUBGROUPING tag to YES (the default) to allow class member groups of
+# the same type (for instance a group of public functions) to be put as a
+# subgroup of that type (e.g. under the Public Functions section). Set it to
+# NO to prevent subgrouping. Alternatively, this can be done per class using
+# the \nosubgrouping command.
+
+SUBGROUPING = YES
+
+# When TYPEDEF_HIDES_STRUCT is enabled, a typedef of a struct, union, or enum
+# is documented as struct, union, or enum with the name of the typedef. So
+# typedef struct TypeS {} TypeT, will appear in the documentation as a struct
+# with name TypeT. When disabled the typedef will appear as a member of a file,
+# namespace, or class. And the struct will be named TypeS. This can typically
+# be useful for C code in case the coding convention dictates that all compound
+# types are typedef'ed and only the typedef is referenced, never the tag name.
+
+TYPEDEF_HIDES_STRUCT = NO
+
+# The SYMBOL_CACHE_SIZE determines the size of the internal cache use to
+# determine which symbols to keep in memory and which to flush to disk.
+# When the cache is full, less often used symbols will be written to disk.
+# For small to medium size projects (<1000 input files) the default value is
+# probably good enough. For larger projects a too small cache size can cause
+# doxygen to be busy swapping symbols to and from disk most of the time
+# causing a significant performance penality.
+# If the system has enough physical memory increasing the cache will improve the
+# performance by keeping more symbols in memory. Note that the value works on
+# a logarithmic scale so increasing the size by one will rougly double the
+# memory usage. The cache size is given by this formula:
+# 2^(16+SYMBOL_CACHE_SIZE). The valid range is 0..9, the default is 0,
+# corresponding to a cache size of 2^16 = 65536 symbols
+
+SYMBOL_CACHE_SIZE = 0
+
+#---------------------------------------------------------------------------
+# Build related configuration options
+#---------------------------------------------------------------------------
+
+# If the EXTRACT_ALL tag is set to YES doxygen will assume all entities in
+# documentation are documented, even if no documentation was available.
+# Private class members and static file members will be hidden unless
+# the EXTRACT_PRIVATE and EXTRACT_STATIC tags are set to YES
+
+EXTRACT_ALL = NO
+
+# If the EXTRACT_PRIVATE tag is set to YES all private members of a class
+# will be included in the documentation.
+
+EXTRACT_PRIVATE = NO
+
+# If the EXTRACT_STATIC tag is set to YES all static members of a file
+# will be included in the documentation.
+
+EXTRACT_STATIC = NO
+
+# If the EXTRACT_LOCAL_CLASSES tag is set to YES classes (and structs)
+# defined locally in source files will be included in the documentation.
+# If set to NO only classes defined in header files are included.
+
+EXTRACT_LOCAL_CLASSES = NO
+
+# This flag is only useful for Objective-C code. When set to YES local
+# methods, which are defined in the implementation section but not in
+# the interface are included in the documentation.
+# If set to NO (the default) only methods in the interface are included.
+
+EXTRACT_LOCAL_METHODS = NO
+
+# If this flag is set to YES, the members of anonymous namespaces will be
+# extracted and appear in the documentation as a namespace called
+# 'anonymous_namespace{file}', where file will be replaced with the base
+# name of the file that contains the anonymous namespace. By default
+# anonymous namespace are hidden.
+
+EXTRACT_ANON_NSPACES = NO
+
+# If the HIDE_UNDOC_MEMBERS tag is set to YES, Doxygen will hide all
+# undocumented members of documented classes, files or namespaces.
+# If set to NO (the default) these members will be included in the
+# various overviews, but no documentation section is generated.
+# This option has no effect if EXTRACT_ALL is enabled.
+
+HIDE_UNDOC_MEMBERS = YES
+
+# If the HIDE_UNDOC_CLASSES tag is set to YES, Doxygen will hide all
+# undocumented classes that are normally visible in the class hierarchy.
+# If set to NO (the default) these classes will be included in the various
+# overviews. This option has no effect if EXTRACT_ALL is enabled.
+
+HIDE_UNDOC_CLASSES = YES
+
+# If the HIDE_FRIEND_COMPOUNDS tag is set to YES, Doxygen will hide all
+# friend (class|struct|union) declarations.
+# If set to NO (the default) these declarations will be included in the
+# documentation.
+
+HIDE_FRIEND_COMPOUNDS = NO
+
+# If the HIDE_IN_BODY_DOCS tag is set to YES, Doxygen will hide any
+# documentation blocks found inside the body of a function.
+# If set to NO (the default) these blocks will be appended to the
+# function's detailed documentation block.
+
+HIDE_IN_BODY_DOCS = NO
+
+# The INTERNAL_DOCS tag determines if documentation
+# that is typed after a \internal command is included. If the tag is set
+# to NO (the default) then the documentation will be excluded.
+# Set it to YES to include the internal documentation.
+
+INTERNAL_DOCS = NO
+
+# If the CASE_SENSE_NAMES tag is set to NO then Doxygen will only generate
+# file names in lower-case letters. If set to YES upper-case letters are also
+# allowed. This is useful if you have classes or files whose names only differ
+# in case and if your file system supports case sensitive file names. Windows
+# and Mac users are advised to set this option to NO.
+
+CASE_SENSE_NAMES = YES
+
+# If the HIDE_SCOPE_NAMES tag is set to NO (the default) then Doxygen
+# will show members with their full class and namespace scopes in the
+# documentation. If set to YES the scope will be hidden.
+
+HIDE_SCOPE_NAMES = NO
+
+# If the SHOW_INCLUDE_FILES tag is set to YES (the default) then Doxygen
+# will put a list of the files that are included by a file in the documentation
+# of that file.
+
+SHOW_INCLUDE_FILES = YES
+
+# If the INLINE_INFO tag is set to YES (the default) then a tag [inline]
+# is inserted in the documentation for inline members.
+
+INLINE_INFO = YES
+
+# If the SORT_MEMBER_DOCS tag is set to YES (the default) then doxygen
+# will sort the (detailed) documentation of file and class members
+# alphabetically by member name. If set to NO the members will appear in
+# declaration order.
+
+SORT_MEMBER_DOCS = YES
+
+# If the SORT_BRIEF_DOCS tag is set to YES then doxygen will sort the
+# brief documentation of file, namespace and class members alphabetically
+# by member name. If set to NO (the default) the members will appear in
+# declaration order.
+
+SORT_BRIEF_DOCS = NO
+
+# If the SORT_MEMBERS_CTORS_1ST tag is set to YES then doxygen will sort the (brief and detailed) documentation of class members so that constructors and destructors are listed first. If set to NO (the default) the constructors will appear in the respective orders defined by SORT_MEMBER_DOCS and SORT_BRIEF_DOCS. This tag will be ignored for brief docs if SORT_BRIEF_DOCS is set to NO and ignored for detailed docs if SORT_MEMBER_DOCS is set to NO.
+
+SORT_MEMBERS_CTORS_1ST = NO
+
+# If the SORT_GROUP_NAMES tag is set to YES then doxygen will sort the
+# hierarchy of group names into alphabetical order. If set to NO (the default)
+# the group names will appear in their defined order.
+
+SORT_GROUP_NAMES = NO
+
+# If the SORT_BY_SCOPE_NAME tag is set to YES, the class list will be
+# sorted by fully-qualified names, including namespaces. If set to
+# NO (the default), the class list will be sorted only by class name,
+# not including the namespace part.
+# Note: This option is not very useful if HIDE_SCOPE_NAMES is set to YES.
+# Note: This option applies only to the class list, not to the
+# alphabetical list.
+
+SORT_BY_SCOPE_NAME = NO
+
+# The GENERATE_TODOLIST tag can be used to enable (YES) or
+# disable (NO) the todo list. This list is created by putting \todo
+# commands in the documentation.
+
+GENERATE_TODOLIST = YES
+
+# The GENERATE_TESTLIST tag can be used to enable (YES) or
+# disable (NO) the test list. This list is created by putting \test
+# commands in the documentation.
+
+GENERATE_TESTLIST = YES
+
+# The GENERATE_BUGLIST tag can be used to enable (YES) or
+# disable (NO) the bug list. This list is created by putting \bug
+# commands in the documentation.
+
+GENERATE_BUGLIST = YES
+
+# The GENERATE_DEPRECATEDLIST tag can be used to enable (YES) or
+# disable (NO) the deprecated list. This list is created by putting
+# \deprecated commands in the documentation.
+
+GENERATE_DEPRECATEDLIST= YES
+
+# The ENABLED_SECTIONS tag can be used to enable conditional
+# documentation sections, marked by \if sectionname ... \endif.
+
+ENABLED_SECTIONS =
+
+# The MAX_INITIALIZER_LINES tag determines the maximum number of lines
+# the initial value of a variable or define consists of for it to appear in
+# the documentation. If the initializer consists of more lines than specified
+# here it will be hidden. Use a value of 0 to hide initializers completely.
+# The appearance of the initializer of individual variables and defines in the
+# documentation can be controlled using \showinitializer or \hideinitializer
+# command in the documentation regardless of this setting.
+
+MAX_INITIALIZER_LINES = 30
+
+# Set the SHOW_USED_FILES tag to NO to disable the list of files generated
+# at the bottom of the documentation of classes and structs. If set to YES the
+# list will mention the files that were used to generate the documentation.
+
+SHOW_USED_FILES = YES
+
+# If the sources in your project are distributed over multiple directories
+# then setting the SHOW_DIRECTORIES tag to YES will show the directory hierarchy
+# in the documentation. The default is NO.
+
+SHOW_DIRECTORIES = NO
+
+# Set the SHOW_FILES tag to NO to disable the generation of the Files page.
+# This will remove the Files entry from the Quick Index and from the
+# Folder Tree View (if specified). The default is YES.
+
+SHOW_FILES = YES
+
+# Set the SHOW_NAMESPACES tag to NO to disable the generation of the
+# Namespaces page.
+# This will remove the Namespaces entry from the Quick Index
+# and from the Folder Tree View (if specified). The default is YES.
+
+SHOW_NAMESPACES = YES
+
+# The FILE_VERSION_FILTER tag can be used to specify a program or script that
+# doxygen should invoke to get the current version for each file (typically from
+# the version control system). Doxygen will invoke the program by executing (via
+# popen()) the command <command> <input-file>, where <command> is the value of
+# the FILE_VERSION_FILTER tag, and <input-file> is the name of an input file
+# provided by doxygen. Whatever the program writes to standard output
+# is used as the file version. See the manual for examples.
+
+FILE_VERSION_FILTER =
+
+# The LAYOUT_FILE tag can be used to specify a layout file which will be parsed by
+# doxygen. The layout file controls the global structure of the generated output files
+# in an output format independent way. The create the layout file that represents
+# doxygen's defaults, run doxygen with the -l option. You can optionally specify a
+# file name after the option, if omitted DoxygenLayout.xml will be used as the name
+# of the layout file.
+
+LAYOUT_FILE =
+
+#---------------------------------------------------------------------------
+# configuration options related to warning and progress messages
+#---------------------------------------------------------------------------
+
+# The QUIET tag can be used to turn on/off the messages that are generated
+# by doxygen. Possible values are YES and NO. If left blank NO is used.
+
+QUIET = NO
+
+# The WARNINGS tag can be used to turn on/off the warning messages that are
+# generated by doxygen. Possible values are YES and NO. If left blank
+# NO is used.
+
+WARNINGS = YES
+
+# If WARN_IF_UNDOCUMENTED is set to YES, then doxygen will generate warnings
+# for undocumented members. If EXTRACT_ALL is set to YES then this flag will
+# automatically be disabled.
+
+WARN_IF_UNDOCUMENTED = YES
+
+# If WARN_IF_DOC_ERROR is set to YES, doxygen will generate warnings for
+# potential errors in the documentation, such as not documenting some
+# parameters in a documented function, or documenting parameters that
+# don't exist or using markup commands wrongly.
+
+WARN_IF_DOC_ERROR = YES
+
+# This WARN_NO_PARAMDOC option can be abled to get warnings for
+# functions that are documented, but have no documentation for their parameters
+# or return value. If set to NO (the default) doxygen will only warn about
+# wrong or incomplete parameter documentation, but not about the absence of
+# documentation.
+
+WARN_NO_PARAMDOC = NO
+
+# The WARN_FORMAT tag determines the format of the warning messages that
+# doxygen can produce. The string should contain the $file, $line, and $text
+# tags, which will be replaced by the file and line number from which the
+# warning originated and the warning text. Optionally the format may contain
+# $version, which will be replaced by the version of the file (if it could
+# be obtained via FILE_VERSION_FILTER)
+
+WARN_FORMAT = "$file:$line: $text"
+
+# The WARN_LOGFILE tag can be used to specify a file to which warning
+# and error messages should be written. If left blank the output is written
+# to stderr.
+
+WARN_LOGFILE =
+
+#---------------------------------------------------------------------------
+# configuration options related to the input files
+#---------------------------------------------------------------------------
+
+# The INPUT tag can be used to specify the files and/or directories that contain
+# documented source files. You may enter file names like "myfile.cpp" or
+# directories like "/usr/src/myproject". Separate the files or directories
+# with spaces.
+
+INPUT =
+
+# This tag can be used to specify the character encoding of the source files
+# that doxygen parses. Internally doxygen uses the UTF-8 encoding, which is
+# also the default input encoding. Doxygen uses libiconv (or the iconv built
+# into libc) for the transcoding. See http://www.gnu.org/software/libiconv for
+# the list of possible encodings.
+
+INPUT_ENCODING = UTF-8
+
+# If the value of the INPUT tag contains directories, you can use the
+# FILE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
+# and *.h) to filter out the source-files in the directories. If left
+# blank the following patterns are tested:
+# *.c *.cc *.cxx *.cpp *.c++ *.java *.ii *.ixx *.ipp *.i++ *.inl *.h *.hh *.hxx
+# *.hpp *.h++ *.idl *.odl *.cs *.php *.php3 *.inc *.m *.mm *.py *.f90
+
+FILE_PATTERNS = *.cpp \
+ *.cc \
+ *.c \
+ *.h \
+ *.hh \
+ *.hpp \
+ *.dox
+
+# The RECURSIVE tag can be used to turn specify whether or not subdirectories
+# should be searched for input files as well. Possible values are YES and NO.
+# If left blank NO is used.
+
+RECURSIVE = NO
+
+# The EXCLUDE tag can be used to specify files and/or directories that should
+# excluded from the INPUT source files. This way you can easily exclude a
+# subdirectory from a directory tree whose root is specified with the INPUT tag.
+
+EXCLUDE =
+
+# The EXCLUDE_SYMLINKS tag can be used select whether or not files or
+# directories that are symbolic links (a Unix filesystem feature) are excluded
+# from the input.
+
+EXCLUDE_SYMLINKS = NO
+
+# If the value of the INPUT tag contains directories, you can use the
+# EXCLUDE_PATTERNS tag to specify one or more wildcard patterns to exclude
+# certain files from those directories. Note that the wildcards are matched
+# against the file with absolute path, so to exclude all test directories
+# for example use the pattern */test/*
+
+EXCLUDE_PATTERNS = */.git/* \
+ */.svn/* \
+ */cmake/* \
+ */build/*
+
+# The EXCLUDE_SYMBOLS tag can be used to specify one or more symbol names
+# (namespaces, classes, functions, etc.) that should be excluded from the
+# output. The symbol name can be a fully qualified name, a word, or if the
+# wildcard * is used, a substring. Examples: ANamespace, AClass,
+# AClass::ANamespace, ANamespace::*Test
+
+EXCLUDE_SYMBOLS =
+
+# The EXAMPLE_PATH tag can be used to specify one or more files or
+# directories that contain example code fragments that are included (see
+# the \include command).
+
+EXAMPLE_PATH =
+
+# If the value of the EXAMPLE_PATH tag contains directories, you can use the
+# EXAMPLE_PATTERNS tag to specify one or more wildcard pattern (like *.cpp
+# and *.h) to filter out the source-files in the directories. If left
+# blank all files are included.
+
+EXAMPLE_PATTERNS =
+
+# If the EXAMPLE_RECURSIVE tag is set to YES then subdirectories will be
+# searched for input files to be used with the \include or \dontinclude
+# commands irrespective of the value of the RECURSIVE tag.
+# Possible values are YES and NO. If left blank NO is used.
+
+EXAMPLE_RECURSIVE = NO
+
+# The IMAGE_PATH tag can be used to specify one or more files or
+# directories that contain image that are included in the documentation (see
+# the \image command).
+
+IMAGE_PATH =
+
+# The INPUT_FILTER tag can be used to specify a program that doxygen should
+# invoke to filter for each input file. Doxygen will invoke the filter program
+# by executing (via popen()) the command <filter> <input-file>, where <filter>
+# is the value of the INPUT_FILTER tag, and <input-file> is the name of an
+# input file. Doxygen will then use the output that the filter program writes
+# to standard output.
+# If FILTER_PATTERNS is specified, this tag will be
+# ignored.
+
+INPUT_FILTER =
+
+# The FILTER_PATTERNS tag can be used to specify filters on a per file pattern
+# basis.
+# Doxygen will compare the file name with each pattern and apply the
+# filter if there is a match.
+# The filters are a list of the form:
+# pattern=filter (like *.cpp=my_cpp_filter). See INPUT_FILTER for further
+# info on how filters are used. If FILTER_PATTERNS is empty, INPUT_FILTER
+# is applied to all files.
+
+FILTER_PATTERNS =
+
+# If the FILTER_SOURCE_FILES tag is set to YES, the input filter (if set using
+# INPUT_FILTER) will be used to filter the input files when producing source
+# files to browse (i.e. when SOURCE_BROWSER is set to YES).
+
+FILTER_SOURCE_FILES = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to source browsing
+#---------------------------------------------------------------------------
+
+# If the SOURCE_BROWSER tag is set to YES then a list of source files will
+# be generated. Documented entities will be cross-referenced with these sources.
+# Note: To get rid of all source code in the generated output, make sure also
+# VERBATIM_HEADERS is set to NO.
+
+SOURCE_BROWSER = NO
+
+# Setting the INLINE_SOURCES tag to YES will include the body
+# of functions and classes directly in the documentation.
+
+INLINE_SOURCES = NO
+
+# Setting the STRIP_CODE_COMMENTS tag to YES (the default) will instruct
+# doxygen to hide any special comment blocks from generated source code
+# fragments. Normal C and C++ comments will always remain visible.
+
+STRIP_CODE_COMMENTS = YES
+
+# If the REFERENCED_BY_RELATION tag is set to YES
+# then for each documented function all documented
+# functions referencing it will be listed.
+
+REFERENCED_BY_RELATION = NO
+
+# If the REFERENCES_RELATION tag is set to YES
+# then for each documented function all documented entities
+# called/used by that function will be listed.
+
+REFERENCES_RELATION = NO
+
+# If the REFERENCES_LINK_SOURCE tag is set to YES (the default)
+# and SOURCE_BROWSER tag is set to YES, then the hyperlinks from
+# functions in REFERENCES_RELATION and REFERENCED_BY_RELATION lists will
+# link to the source code.
+# Otherwise they will link to the documentation.
+
+REFERENCES_LINK_SOURCE = YES
+
+# If the USE_HTAGS tag is set to YES then the references to source code
+# will point to the HTML generated by the htags(1) tool instead of doxygen
+# built-in source browser. The htags tool is part of GNU's global source
+# tagging system (see http://www.gnu.org/software/global/global.html). You
+# will need version 4.8.6 or higher.
+
+USE_HTAGS = NO
+
+# If the VERBATIM_HEADERS tag is set to YES (the default) then Doxygen
+# will generate a verbatim copy of the header file for each class for
+# which an include is specified. Set to NO to disable this.
+
+VERBATIM_HEADERS = YES
+
+#---------------------------------------------------------------------------
+# configuration options related to the alphabetical class index
+#---------------------------------------------------------------------------
+
+# If the ALPHABETICAL_INDEX tag is set to YES, an alphabetical index
+# of all compounds will be generated. Enable this if the project
+# contains a lot of classes, structs, unions or interfaces.
+
+ALPHABETICAL_INDEX = NO
+
+# If the alphabetical index is enabled (see ALPHABETICAL_INDEX) then
+# the COLS_IN_ALPHA_INDEX tag can be used to specify the number of columns
+# in which this list will be split (can be a number in the range [1..20])
+
+COLS_IN_ALPHA_INDEX = 5
+
+# In case all classes in a project start with a common prefix, all
+# classes will be put under the same header in the alphabetical index.
+# The IGNORE_PREFIX tag can be used to specify one or more prefixes that
+# should be ignored while generating the index headers.
+
+IGNORE_PREFIX =
+
+#---------------------------------------------------------------------------
+# configuration options related to the HTML output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_HTML tag is set to YES (the default) Doxygen will
+# generate HTML output.
+
+GENERATE_HTML = YES
+
+# If the HTML_FOOTER_DESCRIPTION tag is set to YES, Doxygen will
+# add generated date, project name and doxygen version to HTML footer.
+
+HTML_FOOTER_DESCRIPTION= NO
+
+# The HTML_OUTPUT tag is used to specify where the HTML docs will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `html' will be used as the default path.
+
+HTML_OUTPUT = html
+
+# The HTML_FILE_EXTENSION tag can be used to specify the file extension for
+# each generated HTML page (for example: .htm,.php,.asp). If it is left blank
+# doxygen will generate files with .html extension.
+
+HTML_FILE_EXTENSION = .html
+
+# The HTML_HEADER tag can be used to specify a personal HTML header for
+# each generated HTML page. If it is left blank doxygen will generate a
+# standard header.
+
+HTML_HEADER =
+
+# The HTML_FOOTER tag can be used to specify a personal HTML footer for
+# each generated HTML page. If it is left blank doxygen will generate a
+# standard footer.
+
+HTML_FOOTER =
+
+# The HTML_STYLESHEET tag can be used to specify a user-defined cascading
+# style sheet that is used by each HTML page. It can be used to
+# fine-tune the look of the HTML output. If the tag is left blank doxygen
+# will generate a default style sheet. Note that doxygen will try to copy
+# the style sheet file to the HTML output directory, so don't put your own
+# stylesheet in the HTML output directory as well, or it will be erased!
+
+HTML_STYLESHEET =
+
+# If the HTML_ALIGN_MEMBERS tag is set to YES, the members of classes,
+# files or namespaces will be aligned in HTML using tables. If set to
+# NO a bullet list will be used.
+
+HTML_ALIGN_MEMBERS = YES
+
+# If the HTML_DYNAMIC_SECTIONS tag is set to YES then the generated HTML
+# documentation will contain sections that can be hidden and shown after the
+# page has loaded. For this to work a browser that supports
+# JavaScript and DHTML is required (for instance Mozilla 1.0+, Firefox
+# Netscape 6.0+, Internet explorer 5.0+, Konqueror, or Safari).
+
+HTML_DYNAMIC_SECTIONS = NO
+
+# If the GENERATE_DOCSET tag is set to YES, additional index files
+# will be generated that can be used as input for Apple's Xcode 3
+# integrated development environment, introduced with OSX 10.5 (Leopard).
+# To create a documentation set, doxygen will generate a Makefile in the
+# HTML output directory. Running make will produce the docset in that
+# directory and running "make install" will install the docset in
+# ~/Library/Developer/Shared/Documentation/DocSets so that Xcode will find
+# it at startup.
+# See http://developer.apple.com/tools/creatingdocsetswithdoxygen.html for more information.
+
+GENERATE_DOCSET = NO
+
+# When GENERATE_DOCSET tag is set to YES, this tag determines the name of the
+# feed. A documentation feed provides an umbrella under which multiple
+# documentation sets from a single provider (such as a company or product suite)
+# can be grouped.
+
+DOCSET_FEEDNAME = "Doxygen generated docs"
+
+# When GENERATE_DOCSET tag is set to YES, this tag specifies a string that
+# should uniquely identify the documentation set bundle. This should be a
+# reverse domain-name style string, e.g. com.mycompany.MyDocSet. Doxygen
+# will append .docset to the name.
+
+DOCSET_BUNDLE_ID = org.doxygen.Project
+
+# If the GENERATE_HTMLHELP tag is set to YES, additional index files
+# will be generated that can be used as input for tools like the
+# Microsoft HTML help workshop to generate a compiled HTML help file (.chm)
+# of the generated HTML documentation.
+
+GENERATE_HTMLHELP = NO
+
+# If the GENERATE_HTMLHELP tag is set to YES, the CHM_FILE tag can
+# be used to specify the file name of the resulting .chm file. You
+# can add a path in front of the file if the result should not be
+# written to the html output directory.
+
+CHM_FILE =
+
+# If the GENERATE_HTMLHELP tag is set to YES, the HHC_LOCATION tag can
+# be used to specify the location (absolute path including file name) of
+# the HTML help compiler (hhc.exe). If non-empty doxygen will try to run
+# the HTML help compiler on the generated index.hhp.
+
+HHC_LOCATION =
+
+# If the GENERATE_HTMLHELP tag is set to YES, the GENERATE_CHI flag
+# controls if a separate .chi index file is generated (YES) or that
+# it should be included in the master .chm file (NO).
+
+GENERATE_CHI = NO
+
+# If the GENERATE_HTMLHELP tag is set to YES, the CHM_INDEX_ENCODING
+# is used to encode HtmlHelp index (hhk), content (hhc) and project file
+# content.
+
+CHM_INDEX_ENCODING =
+
+# If the GENERATE_HTMLHELP tag is set to YES, the BINARY_TOC flag
+# controls whether a binary table of contents is generated (YES) or a
+# normal table of contents (NO) in the .chm file.
+
+BINARY_TOC = NO
+
+# The TOC_EXPAND flag can be set to YES to add extra items for group members
+# to the contents of the HTML help documentation and to the tree view.
+
+TOC_EXPAND = NO
+
+# If the GENERATE_QHP tag is set to YES and both QHP_NAMESPACE and QHP_VIRTUAL_FOLDER
+# are set, an additional index file will be generated that can be used as input for
+# Qt's qhelpgenerator to generate a Qt Compressed Help (.qch) of the generated
+# HTML documentation.
+
+GENERATE_QHP = NO
+
+# If the QHG_LOCATION tag is specified, the QCH_FILE tag can
+# be used to specify the file name of the resulting .qch file.
+# The path specified is relative to the HTML output folder.
+
+QCH_FILE =
+
+# The QHP_NAMESPACE tag specifies the namespace to use when generating
+# Qt Help Project output. For more information please see
+# http://doc.trolltech.com/qthelpproject.html#namespace
+
+QHP_NAMESPACE =
+
+# The QHP_VIRTUAL_FOLDER tag specifies the namespace to use when generating
+# Qt Help Project output. For more information please see
+# http://doc.trolltech.com/qthelpproject.html#virtual-folders
+
+QHP_VIRTUAL_FOLDER = doc
+
+# If QHP_CUST_FILTER_NAME is set, it specifies the name of a custom filter to add.
+# For more information please see
+# http://doc.trolltech.com/qthelpproject.html#custom-filters
+
+QHP_CUST_FILTER_NAME =
+
+# The QHP_CUST_FILT_ATTRS tag specifies the list of the attributes of the custom filter to add.For more information please see
+# <a href="http://doc.trolltech.com/qthelpproject.html#custom-filters">Qt Help Project / Custom Filters</a>.
+
+QHP_CUST_FILTER_ATTRS =
+
+# The QHP_SECT_FILTER_ATTRS tag specifies the list of the attributes this project's
+# filter section matches.
+# <a href="http://doc.trolltech.com/qthelpproject.html#filter-attributes">Qt Help Project / Filter Attributes</a>.
+
+QHP_SECT_FILTER_ATTRS =
+
+# If the GENERATE_QHP tag is set to YES, the QHG_LOCATION tag can
+# be used to specify the location of Qt's qhelpgenerator.
+# If non-empty doxygen will try to run qhelpgenerator on the generated
+# .qhp file.
+
+QHG_LOCATION =
+
+# The DISABLE_INDEX tag can be used to turn on/off the condensed index at
+# top of each HTML page. The value NO (the default) enables the index and
+# the value YES disables it.
+
+DISABLE_INDEX = NO
+
+# This tag can be used to set the number of enum values (range [1..20])
+# that doxygen will group on one line in the generated HTML documentation.
+
+ENUM_VALUES_PER_LINE = 4
+
+# The GENERATE_TREEVIEW tag is used to specify whether a tree-like index
+# structure should be generated to display hierarchical information.
+# If the tag value is set to YES, a side panel will be generated
+# containing a tree-like index structure (just like the one that
+# is generated for HTML Help). For this to work a browser that supports
+# JavaScript, DHTML, CSS and frames is required (i.e. any modern browser).
+# Windows users are probably better off using the HTML help feature.
+
+GENERATE_TREEVIEW = NONE
+
+# By enabling USE_INLINE_TREES, doxygen will generate the Groups, Directories,
+# and Class Hierarchy pages using a tree view instead of an ordered list.
+
+USE_INLINE_TREES = NO
+
+# If the treeview is enabled (see GENERATE_TREEVIEW) then this tag can be
+# used to set the initial width (in pixels) of the frame in which the tree
+# is shown.
+
+TREEVIEW_WIDTH = 250
+
+# Use this tag to change the font size of Latex formulas included
+# as images in the HTML documentation. The default is 10. Note that
+# when you change the font size after a successful doxygen run you need
+# to manually remove any form_*.png images from the HTML output directory
+# to force them to be regenerated.
+
+FORMULA_FONTSIZE = 10
+
+# When the SEARCHENGINE tag is enable doxygen will generate a search box for the HTML output. The underlying search engine uses javascript
+# and DHTML and should work on any modern browser. Note that when using HTML help (GENERATE_HTMLHELP) or Qt help (GENERATE_QHP)
+# there is already a search function so this one should typically
+# be disabled.
+
+SEARCHENGINE = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the LaTeX output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_LATEX tag is set to YES (the default) Doxygen will
+# generate Latex output.
+
+GENERATE_LATEX = YES
+
+# The LATEX_OUTPUT tag is used to specify where the LaTeX docs will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `latex' will be used as the default path.
+
+LATEX_OUTPUT = latex
+
+# The LATEX_CMD_NAME tag can be used to specify the LaTeX command name to be
+# invoked. If left blank `latex' will be used as the default command name.
+
+LATEX_CMD_NAME = latex
+
+# The MAKEINDEX_CMD_NAME tag can be used to specify the command name to
+# generate index for LaTeX. If left blank `makeindex' will be used as the
+# default command name.
+
+MAKEINDEX_CMD_NAME = makeindex
+
+# If the COMPACT_LATEX tag is set to YES Doxygen generates more compact
+# LaTeX documents. This may be useful for small projects and may help to
+# save some trees in general.
+
+COMPACT_LATEX = NO
+
+# The PAPER_TYPE tag can be used to set the paper type that is used
+# by the printer. Possible values are: a4, a4wide, letter, legal and
+# executive. If left blank a4wide will be used.
+
+PAPER_TYPE = a4wide
+
+# The EXTRA_PACKAGES tag can be to specify one or more names of LaTeX
+# packages that should be included in the LaTeX output.
+
+EXTRA_PACKAGES =
+
+# The LATEX_HEADER tag can be used to specify a personal LaTeX header for
+# the generated latex document. The header should contain everything until
+# the first chapter. If it is left blank doxygen will generate a
+# standard header. Notice: only use this tag if you know what you are doing!
+
+LATEX_HEADER =
+
+# If the PDF_HYPERLINKS tag is set to YES, the LaTeX that is generated
+# is prepared for conversion to pdf (using ps2pdf). The pdf file will
+# contain links (just like the HTML output) instead of page references
+# This makes the output suitable for online browsing using a pdf viewer.
+
+PDF_HYPERLINKS = YES
+
+# If the USE_PDFLATEX tag is set to YES, pdflatex will be used instead of
+# plain latex in the generated Makefile. Set this option to YES to get a
+# higher quality PDF documentation.
+
+USE_PDFLATEX = YES
+
+# If the LATEX_BATCHMODE tag is set to YES, doxygen will add the \\batchmode.
+# command to the generated LaTeX files. This will instruct LaTeX to keep
+# running if errors occur, instead of asking the user for help.
+# This option is also used when generating formulas in HTML.
+
+LATEX_BATCHMODE = NO
+
+# If LATEX_HIDE_INDICES is set to YES then doxygen will not
+# include the index chapters (such as File Index, Compound Index, etc.)
+# in the output.
+
+LATEX_HIDE_INDICES = NO
+
+# If LATEX_SOURCE_CODE is set to YES then doxygen will include source code with syntax highlighting in the LaTeX output. Note that which sources are shown also depends on other settings such as SOURCE_BROWSER.
+
+LATEX_SOURCE_CODE = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the RTF output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_RTF tag is set to YES Doxygen will generate RTF output
+# The RTF output is optimized for Word 97 and may not look very pretty with
+# other RTF readers or editors.
+
+GENERATE_RTF = NO
+
+# The RTF_OUTPUT tag is used to specify where the RTF docs will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `rtf' will be used as the default path.
+
+RTF_OUTPUT = rtf
+
+# If the COMPACT_RTF tag is set to YES Doxygen generates more compact
+# RTF documents. This may be useful for small projects and may help to
+# save some trees in general.
+
+COMPACT_RTF = NO
+
+# If the RTF_HYPERLINKS tag is set to YES, the RTF that is generated
+# will contain hyperlink fields. The RTF file will
+# contain links (just like the HTML output) instead of page references.
+# This makes the output suitable for online browsing using WORD or other
+# programs which support those fields.
+# Note: wordpad (write) and others do not support links.
+
+RTF_HYPERLINKS = NO
+
+# Load stylesheet definitions from file. Syntax is similar to doxygen's
+# config file, i.e. a series of assignments. You only have to provide
+# replacements, missing definitions are set to their default value.
+
+RTF_STYLESHEET_FILE =
+
+# Set optional variables used in the generation of an rtf document.
+# Syntax is similar to doxygen's config file.
+
+RTF_EXTENSIONS_FILE =
+
+#---------------------------------------------------------------------------
+# configuration options related to the man page output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_MAN tag is set to YES (the default) Doxygen will
+# generate man pages
+
+GENERATE_MAN = YES
+
+# The MAN_OUTPUT tag is used to specify where the man pages will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `man' will be used as the default path.
+
+MAN_OUTPUT = man
+
+# The MAN_EXTENSION tag determines the extension that is added to
+# the generated man pages (default is the subroutine's section .3)
+
+MAN_EXTENSION = .3
+
+# If the MAN_LINKS tag is set to YES and Doxygen generates man output,
+# then it will generate one additional man file for each entity
+# documented in the real man page(s). These additional files
+# only source the real man page, but without them the man command
+# would be unable to find the correct page. The default is NO.
+
+MAN_LINKS = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the XML output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_XML tag is set to YES Doxygen will
+# generate an XML file that captures the structure of
+# the code including all documentation.
+
+GENERATE_XML = NO
+
+# The XML_OUTPUT tag is used to specify where the XML pages will be put.
+# If a relative path is entered the value of OUTPUT_DIRECTORY will be
+# put in front of it. If left blank `xml' will be used as the default path.
+
+XML_OUTPUT = xml
+
+# The XML_SCHEMA tag can be used to specify an XML schema,
+# which can be used by a validating XML parser to check the
+# syntax of the XML files.
+
+XML_SCHEMA =
+
+# The XML_DTD tag can be used to specify an XML DTD,
+# which can be used by a validating XML parser to check the
+# syntax of the XML files.
+
+XML_DTD =
+
+# If the XML_PROGRAMLISTING tag is set to YES Doxygen will
+# dump the program listings (including syntax highlighting
+# and cross-referencing information) to the XML output. Note that
+# enabling this will significantly increase the size of the XML output.
+
+XML_PROGRAMLISTING = YES
+
+#---------------------------------------------------------------------------
+# configuration options for the AutoGen Definitions output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_AUTOGEN_DEF tag is set to YES Doxygen will
+# generate an AutoGen Definitions (see autogen.sf.net) file
+# that captures the structure of the code including all
+# documentation. Note that this feature is still experimental
+# and incomplete at the moment.
+
+GENERATE_AUTOGEN_DEF = NO
+
+#---------------------------------------------------------------------------
+# configuration options related to the Perl module output
+#---------------------------------------------------------------------------
+
+# If the GENERATE_PERLMOD tag is set to YES Doxygen will
+# generate a Perl module file that captures the structure of
+# the code including all documentation. Note that this
+# feature is still experimental and incomplete at the
+# moment.
+
+GENERATE_PERLMOD = NO
+
+# If the PERLMOD_LATEX tag is set to YES Doxygen will generate
+# the necessary Makefile rules, Perl scripts and LaTeX code to be able
+# to generate PDF and DVI output from the Perl module output.
+
+PERLMOD_LATEX = NO
+
+# If the PERLMOD_PRETTY tag is set to YES the Perl module output will be
+# nicely formatted so it can be parsed by a human reader.
+# This is useful
+# if you want to understand what is going on.
+# On the other hand, if this
+# tag is set to NO the size of the Perl module output will be much smaller
+# and Perl will parse it just the same.
+
+PERLMOD_PRETTY = YES
+
+# The names of the make variables in the generated doxyrules.make file
+# are prefixed with the string contained in PERLMOD_MAKEVAR_PREFIX.
+# This is useful so different doxyrules.make files included by the same
+# Makefile don't overwrite each other's variables.
+
+PERLMOD_MAKEVAR_PREFIX =
+
+#---------------------------------------------------------------------------
+# Configuration options related to the preprocessor
+#---------------------------------------------------------------------------
+
+# If the ENABLE_PREPROCESSING tag is set to YES (the default) Doxygen will
+# evaluate all C-preprocessor directives found in the sources and include
+# files.
+
+ENABLE_PREPROCESSING = YES
+
+# If the MACRO_EXPANSION tag is set to YES Doxygen will expand all macro
+# names in the source code. If set to NO (the default) only conditional
+# compilation will be performed. Macro expansion can be done in a controlled
+# way by setting EXPAND_ONLY_PREDEF to YES.
+
+MACRO_EXPANSION = NO
+
+# If the EXPAND_ONLY_PREDEF and MACRO_EXPANSION tags are both set to YES
+# then the macro expansion is limited to the macros specified with the
+# PREDEFINED and EXPAND_AS_DEFINED tags.
+
+EXPAND_ONLY_PREDEF = NO
+
+# If the SEARCH_INCLUDES tag is set to YES (the default) the includes files
+# in the INCLUDE_PATH (see below) will be search if a #include is found.
+
+SEARCH_INCLUDES = YES
+
+# The INCLUDE_PATH tag can be used to specify one or more directories that
+# contain include files that are not input files but should be processed by
+# the preprocessor.
+
+INCLUDE_PATH =
+
+# You can use the INCLUDE_FILE_PATTERNS tag to specify one or more wildcard
+# patterns (like *.h and *.hpp) to filter out the header-files in the
+# directories. If left blank, the patterns specified with FILE_PATTERNS will
+# be used.
+
+INCLUDE_FILE_PATTERNS =
+
+# The PREDEFINED tag can be used to specify one or more macro names that
+# are defined before the preprocessor is started (similar to the -D option of
+# gcc). The argument of the tag is a list of macros of the form: name
+# or name=definition (no spaces). If the definition and the = are
+# omitted =1 is assumed. To prevent a macro definition from being
+# undefined via #undef or recursively expanded use the := operator
+# instead of the = operator.
+
+PREDEFINED = DOXYGEN
+
+# If the MACRO_EXPANSION and EXPAND_ONLY_PREDEF tags are set to YES then
+# this tag can be used to specify a list of macro names that should be expanded.
+# The macro definition that is found in the sources will be used.
+# Use the PREDEFINED tag if you want to use a different macro definition.
+
+EXPAND_AS_DEFINED =
+
+# If the SKIP_FUNCTION_MACROS tag is set to YES (the default) then
+# doxygen's preprocessor will remove all function-like macros that are alone
+# on a line, have an all uppercase name, and do not end with a semicolon. Such
+# function macros are typically used for boiler-plate code, and will confuse
+# the parser if not removed.
+
+SKIP_FUNCTION_MACROS = YES
+
+#---------------------------------------------------------------------------
+# Configuration::additions related to external references
+#---------------------------------------------------------------------------
+
+# The TAGFILES option can be used to specify one or more tagfiles.
+# Optionally an initial location of the external documentation
+# can be added for each tagfile. The format of a tag file without
+# this location is as follows:
+#
+# TAGFILES = file1 file2 ...
+# Adding location for the tag files is done as follows:
+#
+# TAGFILES = file1=loc1 "file2 = loc2" ...
+# where "loc1" and "loc2" can be relative or absolute paths or
+# URLs. If a location is present for each tag, the installdox tool
+# does not have to be run to correct the links.
+# Note that each tag file must have a unique name
+# (where the name does NOT include the path)
+# If a tag file is not located in the directory in which doxygen
+# is run, you must also specify the path to the tagfile here.
+
+TAGFILES =
+
+# When a file name is specified after GENERATE_TAGFILE, doxygen will create
+# a tag file that is based on the input files it reads.
+
+GENERATE_TAGFILE =
+
+# If the ALLEXTERNALS tag is set to YES all external classes will be listed
+# in the class index. If set to NO only the inherited external classes
+# will be listed.
+
+ALLEXTERNALS = NO
+
+# If the EXTERNAL_GROUPS tag is set to YES all external groups will be listed
+# in the modules index. If set to NO, only the current project's groups will
+# be listed.
+
+EXTERNAL_GROUPS = YES
+
+# The PERL_PATH should be the absolute path and name of the perl script
+# interpreter (i.e. the result of `which perl').
+
+PERL_PATH = /usr/bin/perl
+
+#---------------------------------------------------------------------------
+# Configuration options related to the dot tool
+#---------------------------------------------------------------------------
+
+# If the CLASS_DIAGRAMS tag is set to YES (the default) Doxygen will
+# generate a inheritance diagram (in HTML, RTF and LaTeX) for classes with base
+# or super classes. Setting the tag to NO turns the diagrams off. Note that
+# this option is superseded by the HAVE_DOT option below. This is only a
+# fallback. It is recommended to install and use dot, since it yields more
+# powerful graphs.
+
+CLASS_DIAGRAMS = YES
+
+# You can define message sequence charts within doxygen comments using the \msc
+# command. Doxygen will then run the mscgen tool (see
+# http://www.mcternan.me.uk/mscgen/) to produce the chart and insert it in the
+# documentation. The MSCGEN_PATH tag allows you to specify the directory where
+# the mscgen tool resides. If left empty the tool is assumed to be found in the
+# default search path.
+
+MSCGEN_PATH =
+
+# If set to YES, the inheritance and collaboration graphs will hide
+# inheritance and usage relations if the target is undocumented
+# or is not a class.
+
+HIDE_UNDOC_RELATIONS = YES
+
+# If you set the HAVE_DOT tag to YES then doxygen will assume the dot tool is
+# available from the path. This tool is part of Graphviz, a graph visualization
+# toolkit from AT&T and Lucent Bell Labs. The other options in this section
+# have no effect if this option is set to NO (the default)
+
+HAVE_DOT = NO
+
+# By default doxygen will write a font called FreeSans.ttf to the output
+# directory and reference it in all dot files that doxygen generates. This
+# font does not include all possible unicode characters however, so when you need
+# these (or just want a differently looking font) you can specify the font name
+# using DOT_FONTNAME. You need need to make sure dot is able to find the font,
+# which can be done by putting it in a standard location or by setting the
+# DOTFONTPATH environment variable or by setting DOT_FONTPATH to the directory
+# containing the font.
+
+DOT_FONTNAME = FreeSans
+
+# The DOT_FONTSIZE tag can be used to set the size of the font of dot graphs.
+# The default size is 10pt.
+
+DOT_FONTSIZE = 10
+
+# By default doxygen will tell dot to use the output directory to look for the
+# FreeSans.ttf font (which doxygen will put there itself). If you specify a
+# different font using DOT_FONTNAME you can set the path where dot
+# can find it using this tag.
+
+DOT_FONTPATH =
+
+# If the CLASS_GRAPH and HAVE_DOT tags are set to YES then doxygen
+# will generate a graph for each documented class showing the direct and
+# indirect inheritance relations. Setting this tag to YES will force the
+# the CLASS_DIAGRAMS tag to NO.
+
+CLASS_GRAPH = YES
+
+# If the COLLABORATION_GRAPH and HAVE_DOT tags are set to YES then doxygen
+# will generate a graph for each documented class showing the direct and
+# indirect implementation dependencies (inheritance, containment, and
+# class references variables) of the class with other documented classes.
+
+COLLABORATION_GRAPH = YES
+
+# If the GROUP_GRAPHS and HAVE_DOT tags are set to YES then doxygen
+# will generate a graph for groups, showing the direct groups dependencies
+
+GROUP_GRAPHS = YES
+
+# If the UML_LOOK tag is set to YES doxygen will generate inheritance and
+# collaboration diagrams in a style similar to the OMG's Unified Modeling
+# Language.
+
+UML_LOOK = NO
+
+# If set to YES, the inheritance and collaboration graphs will show the
+# relations between templates and their instances.
+
+TEMPLATE_RELATIONS = NO
+
+# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDE_GRAPH, and HAVE_DOT
+# tags are set to YES then doxygen will generate a graph for each documented
+# file showing the direct and indirect include dependencies of the file with
+# other documented files.
+
+INCLUDE_GRAPH = YES
+
+# If the ENABLE_PREPROCESSING, SEARCH_INCLUDES, INCLUDED_BY_GRAPH, and
+# HAVE_DOT tags are set to YES then doxygen will generate a graph for each
+# documented header file showing the documented files that directly or
+# indirectly include this file.
+
+INCLUDED_BY_GRAPH = YES
+
+# If the CALL_GRAPH and HAVE_DOT options are set to YES then
+# doxygen will generate a call dependency graph for every global function
+# or class method. Note that enabling this option will significantly increase
+# the time of a run. So in most cases it will be better to enable call graphs
+# for selected functions only using the \callgraph command.
+
+CALL_GRAPH = NO
+
+# If the CALLER_GRAPH and HAVE_DOT tags are set to YES then
+# doxygen will generate a caller dependency graph for every global function
+# or class method. Note that enabling this option will significantly increase
+# the time of a run. So in most cases it will be better to enable caller
+# graphs for selected functions only using the \callergraph command.
+
+CALLER_GRAPH = NO
+
+# If the GRAPHICAL_HIERARCHY and HAVE_DOT tags are set to YES then doxygen
+# will graphical hierarchy of all classes instead of a textual one.
+
+GRAPHICAL_HIERARCHY = YES
+
+# If the DIRECTORY_GRAPH, SHOW_DIRECTORIES and HAVE_DOT tags are set to YES
+# then doxygen will show the dependencies a directory has on other directories
+# in a graphical way. The dependency relations are determined by the #include
+# relations between the files in the directories.
+
+DIRECTORY_GRAPH = YES
+
+# The DOT_IMAGE_FORMAT tag can be used to set the image format of the images
+# generated by dot. Possible values are png, jpg, or gif
+# If left blank png will be used.
+
+DOT_IMAGE_FORMAT = png
+
+# The tag DOT_PATH can be used to specify the path where the dot tool can be
+# found. If left blank, it is assumed the dot tool can be found in the path.
+
+DOT_PATH =
+
+# The DOTFILE_DIRS tag can be used to specify one or more directories that
+# contain dot files that are included in the documentation (see the
+# \dotfile command).
+
+DOTFILE_DIRS =
+
+# The DOT_GRAPH_MAX_NODES tag can be used to set the maximum number of
+# nodes that will be shown in the graph. If the number of nodes in a graph
+# becomes larger than this value, doxygen will truncate the graph, which is
+# visualized by representing a node as a red box. Note that doxygen if the
+# number of direct children of the root node in a graph is already larger than
+# DOT_GRAPH_MAX_NODES then the graph will not be shown at all. Also note
+# that the size of a graph can be further restricted by MAX_DOT_GRAPH_DEPTH.
+
+DOT_GRAPH_MAX_NODES = 50
+
+# The MAX_DOT_GRAPH_DEPTH tag can be used to set the maximum depth of the
+# graphs generated by dot. A depth value of 3 means that only nodes reachable
+# from the root by following a path via at most 3 edges will be shown. Nodes
+# that lay further from the root node will be omitted. Note that setting this
+# option to 1 or 2 may greatly reduce the computation time needed for large
+# code bases. Also note that the size of a graph can be further restricted by
+# DOT_GRAPH_MAX_NODES. Using a depth of 0 means no depth restriction.
+
+MAX_DOT_GRAPH_DEPTH = 0
+
+# Set the DOT_TRANSPARENT tag to YES to generate images with a transparent
+# background. This is disabled by default, because dot on Windows does not
+# seem to support this out of the box. Warning: Depending on the platform used,
+# enabling this option may lead to badly anti-aliased labels on the edges of
+# a graph (i.e. they become hard to read).
+
+DOT_TRANSPARENT = YES
+
+# Set the DOT_MULTI_TARGETS tag to YES allow dot to generate multiple output
+# files in one run (i.e. multiple -o and -T options on the command line). This
+# makes dot run faster, but since only newer versions of dot (>1.8.10)
+# support this, this feature is disabled by default.
+
+DOT_MULTI_TARGETS = NO
+
+# If the GENERATE_LEGEND tag is set to YES (the default) Doxygen will
+# generate a legend page explaining the meaning of the various boxes and
+# arrows in the dot generated graphs.
+
+GENERATE_LEGEND = YES
+
+# If the DOT_CLEANUP tag is set to YES (the default) Doxygen will
+# remove the intermediate dot files that are used to generate
+# the various graphs.
+
+DOT_CLEANUP = YES
diff --git a/lib/tsocket/tsocket.h b/lib/tsocket/tsocket.h
index 7e9cf9eb19..b9b9dc39d9 100644
--- a/lib/tsocket/tsocket.h
+++ b/lib/tsocket/tsocket.h
@@ -32,102 +32,593 @@ struct tdgram_context;
struct tstream_context;
struct iovec;
-/*
- * tsocket_address related functions
+/**
+ * @mainpage
+ *
+ * The tsocket abstraction is an API ...
+ */
+
+/**
+ * @defgroup tsocket The tsocket API
+ *
+ * The tsocket abstraction is splitted into two different kinds of
+ * communitation interfaces.
+ *
+ * There's the "tstream_context" interface with abstracts the communication
+ * through a bidirectional byte stream between two endpoints.
+ *
+ * And there's the "tdgram_context" interface with abstracts datagram based
+ * communication between any number of endpoints.
+ *
+ * Both interfaces share the "tsocket_address" abstraction for endpoint
+ * addresses.
+ *
+ * The whole library is based on the talloc(3) and 'tevent' libraries and
+ * provides "tevent_req" based "foo_send()"/"foo_recv()" functions pairs for
+ * all abstracted methods that need to be async.
+ *
+ * @section vsock Virtual Sockets
+ *
+ * The abstracted layout of tdgram_context and tstream_context allow
+ * implementations arround virtual sockets for encrypted tunnels (like TLS,
+ * SASL or GSSAPI) or named pipes over smb.
+ *
+ * @section npa Named Pipe Auth (NPA) Sockets
+ *
+ * Samba has an implementation to abstract named pipes over smb (within the
+ * server side). See libcli/named_pipe_auth/npa_tstream.[ch] for the core code.
+ * The current callers are located in source4/ntvfs/ipc/vfs_ipc.c and
+ * source4/rpc_server/service_rpc.c for the users.
+ */
+
+/**
+ * @defgroup tsocket_address The tsocket_address abstraction
+ * @ingroup tsocket
+ *
+ * The tsocket_address represents an socket endpoint genericly.
+ * As it's like an abstract class it has no specific constructor.
+ * The specific constructors are descripted in later sections.
+ *
+ * @{
+ */
+
+/**
+ * @brief Get a string representaion of the endpoint.
+ *
+ * This function creates a string representation of the endpoint for debugging.
+ * The output will look as followed:
+ * prefix:address:port
+ *
+ * e.g.
+ * ipv4:192.168.1.1:143
+ *
+ * Callers should not try to parse the string! The should use additional methods
+ * of the specific tsocket_address implemention to get more details.
+ *
+ * @param[in] addr The address to convert.
+ *
+ * @param[in] mem_ctx The talloc memory context to allocate the memory.
+ *
+ * @return The address as a string representation, NULL on error.
+ *
+ * @see tsocket_address_inet_addr_string()
+ * @see tsocket_address_inet_port()
*/
char *tsocket_address_string(const struct tsocket_address *addr,
TALLOC_CTX *mem_ctx);
+#ifdef DOXYGEN
+/**
+ * @brief This creates a copy of a tsocket_address.
+ *
+ * This is useful when before doing modifications to a socket via additional
+ * methods of the specific tsocket_address implementation.
+ *
+ * @param[in] addr The address to create the copy from.
+ *
+ * @param[in] mem_ctx The talloc memory context to use.
+ *
+ * @return A newly allocated copy of addr (tsocket_address *), NULL
+ * on error.
+ */
+struct tsocket_address *tsocket_address_copy(const struct tsocket_address *addr,
+ TALLOC_CTX *mem_ctx);
+#else
struct tsocket_address *_tsocket_address_copy(const struct tsocket_address *addr,
TALLOC_CTX *mem_ctx,
const char *location);
#define tsocket_address_copy(addr, mem_ctx) \
_tsocket_address_copy(addr, mem_ctx, __location__)
+#endif
-/*
- * tdgram_context related functions
+/**
+ * @}
+ */
+
+/**
+ * @defgroup tdgram_context The tdgram_context abstraction
+ * @ingroup tsocket
+ *
+ * The tdgram_context is like an abstract class for datagram based sockets. The
+ * interface provides async 'tevent_req' based functions on top functionality
+ * is similar to the recvfrom(2)/sendto(2)/close(2) syscalls.
+ *
+ * @note You can always use talloc_free(tdgram) to cleanup the resources
+ * of the tdgram_context on a fatal error.
+ * @{
+ */
+
+/**
+ * @brief Ask for next available datagram on the abstracted tdgram_context.
+ *
+ * It returns a 'tevent_req' handle, where the caller can register
+ * a callback with tevent_req_set_callback(). The callback is triggered
+ * when a datagram is available or an error happened.
+ *
+ * @param[in] mem_ctx The talloc memory context to use.
+ *
+ * @param[in] ev The tevent_context to run on.
+ *
+ * @param[in] dgram The dgram context to work on.
+ *
+ * @return Returns a 'tevent_req' handle, where the caller can
+ * register a callback with tevent_req_set_callback().
+ * NULL on fatal error.
+ *
+ * @see tdgram_inet_udp_socket()
+ * @see tdgram_unix_socket()
*/
struct tevent_req *tdgram_recvfrom_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct tdgram_context *dgram);
+
+/**
+ * @brief Receive the next available datagram on the abstracted tdgram_context.
+ *
+ * This function should be called by the callback when a datagram is available
+ * or an error happened.
+ *
+ * The caller can only have one outstanding tdgram_recvfrom_send() at a time
+ * otherwise the caller will get '*perrno = EBUSY'.
+ *
+ * @param[in] req The tevent request from tdgram_recvfrom_send().
+ *
+ * @param[out] perrno The error number, set if an error occured.
+ *
+ * @param[in] mem_ctx The memory context to use.
+ *
+ * @param[out] buf This will hold the buffer of the datagram.
+ *
+ * @param[out] src The abstracted tsocket_address of the sender of the
+ * received datagram.
+ *
+ * @return The length of the datagram (0 is never returned!),
+ * -1 on error with perrno set to the actual errno.
+ *
+ * @see tdgram_recvfrom_send()
+ */
ssize_t tdgram_recvfrom_recv(struct tevent_req *req,
int *perrno,
TALLOC_CTX *mem_ctx,
uint8_t **buf,
struct tsocket_address **src);
+/**
+ * @brief Send a datagram to a destination endpoint.
+ *
+ * The function can be called to send a datagram (specified by a buf/len) to a
+ * destination endpoint (specified by dst). It's not allowed for len to be 0.
+ *
+ * It returns a 'tevent_req' handle, where the caller can register a callback
+ * with tevent_req_set_callback(). The callback is triggered when the specific
+ * implementation (assumes it) has delivered the datagram to the "wire".
+ *
+ * The callback is then supposed to get the result by calling
+ * tdgram_sendto_recv() on the 'tevent_req'.
+ *
+ * @param[in] mem_ctx The talloc memory context to use.
+ *
+ * @param[in] ev The tevent_context to run on.
+ *
+ * @param[in] dgram The dgram context to work on.
+ *
+ * @param[in] buf The buffer to send.
+ *
+ * @param[in] len The length of the buffer to send. It has to be bigger
+ * than 0.
+ *
+ * @param[in] dst The destination to send the datagram to in form of a
+ * tsocket_address.
+ *
+ * @return Returns a 'tevent_req' handle, where the caller can
+ * register a callback with tevent_req_set_callback().
+ * NULL on fatal error.
+ *
+ * @see tdgram_inet_udp_socket()
+ * @see tdgram_unix_socket()
+ * @see tdgram_sendto_recv()
+ */
struct tevent_req *tdgram_sendto_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct tdgram_context *dgram,
const uint8_t *buf, size_t len,
const struct tsocket_address *dst);
+
+/**
+ * @brief Receive the result of the sent datagram.
+ *
+ * The caller can only have one outstanding tdgram_sendto_send() at a time
+ * otherwise the caller will get '*perrno = EBUSY'.
+ *
+ * @param[in] req The tevent request from tdgram_sendto_send().
+ *
+ * @param[out] perrno The error number, set if an error occured.
+ *
+ * @return The length of the datagram (0 is never returned!), -1 on
+ * error with perrno set to the actual errno.
+ *
+ * @see tdgram_sendto_send()
+ */
ssize_t tdgram_sendto_recv(struct tevent_req *req,
int *perrno);
+/**
+ * @brief Shutdown/close an abstracted socket.
+ *
+ * It returns a 'tevent_req' handle, where the caller can register a callback
+ * with tevent_req_set_callback(). The callback is triggered when the specific
+ * implementation (assumes it) has delivered the datagram to the "wire".
+ *
+ * The callback is then supposed to get the result by calling
+ * tdgram_sendto_recv() on the 'tevent_req'.
+ *
+ * @param[in] mem_ctx The talloc memory context to use.
+ *
+ * @param[in] ev The tevent_context to run on.
+ *
+ * @param[in] dgram The dgram context diconnect from.
+ *
+ * @return Returns a 'tevent_req' handle, where the caller can
+ * register a callback with tevent_req_set_callback().
+ * NULL on fatal error.
+ *
+ * @see tdgram_disconnect_recv()
+ */
struct tevent_req *tdgram_disconnect_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct tdgram_context *dgram);
+
+/**
+ * @brief Receive the result from a tdgram_disconnect_send() request.
+ *
+ * The caller should make sure there're no outstanding tdgram_recvfrom_send()
+ * and tdgram_sendto_send() calls otherwise the caller will get
+ * '*perrno = EBUSY'.
+ *
+ * @param[in] req The tevent request from tdgram_disconnect_send().
+ *
+ * @param[out] perrno The error number, set if an error occured.
+ *
+ * @return The length of the datagram (0 is never returned!), -1 on
+ * error with perrno set to the actual errno.
+ *
+ * @see tdgram_disconnect_send()
+ */
int tdgram_disconnect_recv(struct tevent_req *req,
int *perrno);
-/*
- * tstream_context related functions
+/**
+ * @}
+ */
+
+/**
+ * @defgroup tstream_context The tstream_context abstraction
+ * @ingroup tsocket
+ *
+ * The tstream_context is like an abstract class for stream based sockets. The
+ * interface provides async 'tevent_req' based functions on top functionality
+ * is similar to the readv(2)/writev(2)/close(2) syscalls.
+ *
+ * @note You can always use talloc_free(tstream) to cleanup the resources
+ * of the tstream_context on a fatal error.
+ *
+ * @{
+ */
+
+/**
+ * @brief Report the number of bytes received but not consumed yet.
+ *
+ * The tstream_pending_bytes() function reports how much bytes of the incoming
+ * stream have been received but not consumed yet.
+ *
+ * @param[in] stream The tstream_context to check for pending bytes.
+ *
+ * @return The number of bytes received, -1 on error with errno
+ * set.
*/
ssize_t tstream_pending_bytes(struct tstream_context *stream);
+/**
+ * @brief Read a specific amount of bytes from a stream socket.
+ *
+ * The function can be called to read for a specific amount of bytes from the
+ * stream into given buffers. The caller has to preallocate the buffers.
+ *
+ * The caller might need to use tstream_pending_bytes() if the protocol doesn't
+ * have a fixed pdu header containing the pdu size.
+ *
+ * @param[in] mem_ctx The talloc memory context to use.
+ *
+ * @param[in] ev The tevent_context to run on.
+ *
+ * @param[in] stream The tstream context to work on.
+ *
+ * @param[out] vector A preallocated iovec to store the data to read.
+ *
+ * @param[in] count The number of buffers in the vector allocated.
+ *
+ * @return A 'tevent_req' handle, where the caller can register
+ * a callback with tevent_req_set_callback(). NULL on
+ * fatal error.
+ *
+ * @see tstream_unix_connect_send()
+ * @see tstream_inet_tcp_connect_send()
+ */
struct tevent_req *tstream_readv_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct tstream_context *stream,
struct iovec *vector,
size_t count);
+
+/**
+ * @brief Get the result of a tstream_readv_send().
+ *
+ * The caller can only have one outstanding tstream_readv_send()
+ * at a time otherwise the caller will get *perrno = EBUSY.
+ *
+ * @param[in] req The tevent request from tstream_readv_send().
+ *
+ * @param[out] perrno The error number, set if an error occured.
+ *
+ * @return The length of the stream (0 is never returned!), -1 on
+ * error with perrno set to the actual errno.
+ */
int tstream_readv_recv(struct tevent_req *req,
int *perrno);
+/**
+ * @brief Write buffers from a vector into a stream socket.
+ *
+ * The function can be called to write buffers from a given vector
+ * to a stream socket.
+ *
+ * You have to ensure that the vector is not empty.
+ *
+ * @param[in] mem_ctx The talloc memory context to use.
+ *
+ * @param[in] ev The tevent_context to run on.
+ *
+ * @param[in] stream The tstream context to work on.
+ *
+ * @param[in] vector The iovec vector with data to write on a stream socket.
+ *
+ * @param[in] count The number of buffers in the vector to write.
+ *
+ * @return A 'tevent_req' handle, where the caller can register
+ * a callback with tevent_req_set_callback(). NULL on
+ * fatal error.
+ */
struct tevent_req *tstream_writev_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct tstream_context *stream,
const struct iovec *vector,
size_t count);
+
+/**
+ * @brief Get the result of a tstream_writev_send().
+ *
+ * The caller can only have one outstanding tstream_writev_send()
+ * at a time otherwise the caller will get *perrno = EBUSY.
+ *
+ * @param[in] req The tevent request from tstream_writev_send().
+ *
+ * @param[out] perrno The error number, set if an error occured.
+ *
+ * @return The length of the stream (0 is never returned!), -1 on
+ * error with perrno set to the actual errno.
+ */
int tstream_writev_recv(struct tevent_req *req,
int *perrno);
+/**
+ * @brief Shutdown/close an abstracted socket.
+ *
+ * It returns a 'tevent_req' handle, where the caller can register a callback
+ * with tevent_req_set_callback(). The callback is triggered when the specific
+ * implementation (assumes it) has delivered the stream to the "wire".
+ *
+ * The callback is then supposed to get the result by calling
+ * tdgram_sendto_recv() on the 'tevent_req'.
+ *
+ * @param[in] mem_ctx The talloc memory context to use.
+ *
+ * @param[in] ev The tevent_context to run on.
+ *
+ * @param[in] stream The tstream context to work on.
+ *
+ * @return A 'tevent_req' handle, where the caller can register
+ * a callback with tevent_req_set_callback(). NULL on
+ * fatal error.
+ */
struct tevent_req *tstream_disconnect_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct tstream_context *stream);
+
+/**
+ * @brief Get the result of a tstream_disconnect_send().
+ *
+ * The caller can only have one outstanding tstream_writev_send()
+ * at a time otherwise the caller will get *perrno = EBUSY.
+ *
+ * @param[in] req The tevent request from tstream_disconnect_send().
+ *
+ * @param[out] perrno The error number, set if an error occured.
+ *
+ * @return The length of the stream (0 is never returned!), -1 on
+ * error with perrno set to the actual errno.
+ */
int tstream_disconnect_recv(struct tevent_req *req,
int *perrno);
-/*
- * BSD sockets: inet, inet6 and unix
+/**
+ * @}
+ */
+
+
+/**
+ * @defgroup tsocket_bsd tsocket_bsd - inet, inet6 and unix
+ * @ingroup tsocket
+ *
+ * The main tsocket library comes with implentations for BSD style ipv4, ipv6
+ * and unix sockets.
+ *
+ * @{
*/
+#if DOXYGEN
+/**
+ * @brief Create a tsocket_address for ipv4 and ipv6 endpoint addresses.
+ *
+ * @param[in] mem_ctx The talloc memory context to use.
+ *
+ * @param[in] fam The family can be can be "ipv4", "ipv6" or "ip". With
+ * "ip" is autodetects "ipv4" or "ipv6" based on the
+ * addr.
+ *
+ * @param[in] addr A valid ip address string based on the selected family
+ * (dns names are not allowed!). It's valid to pass NULL,
+ * which gets mapped to "0.0.0.0" or "::".
+ *
+ * @param[in] port A valid port number.
+ *
+ * @param[out] _addr A tsocket_address pointer to store the information.
+ *
+ * @return 0 on success, -1 on error with errno set.
+ */
+int tsocket_address_inet_from_strings(TALLOC_CTX *mem_ctx,
+ const char *fam,
+ const char *addr,
+ uint16_t port,
+ struct tsocket_address **_addr);
+#else
int _tsocket_address_inet_from_strings(TALLOC_CTX *mem_ctx,
const char *fam,
const char *addr,
uint16_t port,
struct tsocket_address **_addr,
const char *location);
+
#define tsocket_address_inet_from_strings(mem_ctx, fam, addr, port, _addr) \
_tsocket_address_inet_from_strings(mem_ctx, fam, addr, port, _addr, \
__location__)
+#endif
+/**
+ * @brief Get the address of an 'inet' tsocket_address as a string.
+ *
+ * @param[in] addr The address to convert to a string.
+ *
+ * @param[in] mem_ctx The talloc memory context to use.
+ *
+ * @return A newly allocated string of the address, NULL on error
+ * with errno set.
+ */
char *tsocket_address_inet_addr_string(const struct tsocket_address *addr,
TALLOC_CTX *mem_ctx);
+
+/**
+ * @brief Get the port number as an integer from an 'inet' tsocket_address.
+ *
+ * @param[in] addr The tsocket address to use.
+ *
+ * @return The port number, 0 on error with errno set.
+ */
uint16_t tsocket_address_inet_port(const struct tsocket_address *addr);
+
+/**
+ * @brief Set the port number of an existing 'inet' tsocket_address.
+ *
+ * @param[in] addr The existing tsocket_address to use.
+ *
+ * @param[in] port The valid port number to set.
+ *
+ * @return 0 on success, -1 on error with errno set.
+ */
int tsocket_address_inet_set_port(struct tsocket_address *addr,
uint16_t port);
+#ifdef DOXYGEN
+/**
+ * @brief Create a tsocket_address for a unix domain endpoint addresses.
+ *
+ * @param[in] mem_ctx The talloc memory context to use.
+ *
+ * @param[in] path The filesystem path, NULL will map "".
+ *
+ * @param[in] _addr The tsocket_address pointer to store the information.
+ *
+ * @return 0 on success, -1 on error with errno set.
+ */
+int tsocket_address_unix_from_path(TALLOC_CTX *mem_ctx,
+ const char *path,
+ struct tsocket_address **_addr);
+#else
int _tsocket_address_unix_from_path(TALLOC_CTX *mem_ctx,
const char *path,
struct tsocket_address **_addr,
const char *location);
+
#define tsocket_address_unix_from_path(mem_ctx, path, _addr) \
_tsocket_address_unix_from_path(mem_ctx, path, _addr, \
__location__)
+#endif
+
+/**
+ * @brief Get the address of an 'unix' tsocket_address.
+ *
+ * @param[in] addr A valid 'unix' tsocket_address.
+ *
+ * @param[in] mem_ctx The talloc memory context to use.
+ *
+ * @return The path of the unix domain socket, NULL on error or if
+ * the tsocket_address doesn't represent an unix domain
+ * endpoint path.
+ */
char *tsocket_address_unix_path(const struct tsocket_address *addr,
TALLOC_CTX *mem_ctx);
+#ifdef DOXYGEN
+/**
+ * @brief Create a tdgram_context for a ipv4 or ipv6 UDP communication.
+ *
+ * @param[in] local An 'inet' tsocket_address for the local endpoint.
+ *
+ * @param[in] remote An 'inet' tsocket_address for the remote endpoint or
+ * NULL (??? to create a listener?).
+ *
+ * @param[in] mem_ctx The talloc memory context to use.
+ *
+ * @param[in] dgram The tdgram_context pointer to setup the udp
+ * communication. The function will allocate the memory.
+ *
+ * @return 0 on success, -1 on error with errno set.
+ */
+int tdgram_inet_udp_socket(const struct tsocket_address *local,
+ const struct tsocket_address *remote,
+ TALLOC_CTX *mem_ctx,
+ struct tdgram_context **dgram);
+#else
int _tdgram_inet_udp_socket(const struct tsocket_address *local,
const struct tsocket_address *remote,
TALLOC_CTX *mem_ctx,
@@ -135,19 +626,85 @@ int _tdgram_inet_udp_socket(const struct tsocket_address *local,
const char *location);
#define tdgram_inet_udp_socket(local, remote, mem_ctx, dgram) \
_tdgram_inet_udp_socket(local, remote, mem_ctx, dgram, __location__)
+#endif
+#ifdef DOXYGEN
+/**
+ * @brief Create a tdgram_context for unix domain datagram communication.
+ *
+ * @param[in] local An 'unix' tsocket_address for the local endpoint.
+ *
+ * @param[in] remote An 'unix' tsocket_address for the remote endpoint or
+ * NULL (??? to create a listener?).
+ *
+ * @param[in] mem_ctx The talloc memory context to use.
+ *
+ * @param[in] dgram The tdgram_context pointer to setup the udp
+ * communication. The function will allocate the memory.
+ *
+ * @return 0 on success, -1 on error with errno set.
+ */
+int tdgram_unix_socket(const struct tsocket_address *local,
+ const struct tsocket_address *remote,
+ TALLOC_CTX *mem_ctx,
+ struct tdgram_context **dgram);
+#else
int _tdgram_unix_socket(const struct tsocket_address *local,
const struct tsocket_address *remote,
TALLOC_CTX *mem_ctx,
struct tdgram_context **dgram,
const char *location);
+
#define tdgram_unix_socket(local, remote, mem_ctx, dgram) \
_tdgram_unix_socket(local, remote, mem_ctx, dgram, __location__)
+#endif
-struct tevent_req * tstream_inet_tcp_connect_send(TALLOC_CTX *mem_ctx,
+/**
+ * @brief Connect async to a TCP endpoint and create a tstream_context for the
+ * stream based communication.
+ *
+ * Use this function to connenct asynchronously to a remote ipv4 or ipv6 TCP
+ * endpoint and create a tstream_context for the stream based communication.
+ *
+ * @param[in] mem_ctx The talloc memory context to use.
+ *
+ * @param[in] ev The tevent_context to run on.
+ *
+ * @param[in] local An 'inet' tsocket_address for the local endpoint.
+ *
+ * @param[in] remote An 'inet' tsocket_address for the remote endpoint.
+ *
+ * @return A 'tevent_req' handle, where the caller can register a
+ * callback with tevent_req_set_callback(). NULL on a fatal
+ * error.
+ *
+ * @see tstream_inet_tcp_connect_recv()
+ */
+struct tevent_req *tstream_inet_tcp_connect_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
const struct tsocket_address *local,
const struct tsocket_address *remote);
+
+#ifdef DOXYGEN
+/**
+ * @brief Receive the result from a tstream_inet_tcp_connect_send().
+ *
+ * @param[in] req The tevent request from tstream_inet_tcp_connect_send().
+ *
+ * @param[out] perrno The error number, set if an error occured.
+ *
+ * @param[in] mem_ctx The talloc memory context to use.
+ *
+ * @param[in] stream A tstream_context pointer to setup the tcp communication
+ * on. This function will allocate the memory.
+ *
+ * @return 0 on success, -1 on error with perrno set.
+ */
+int tstream_inet_tcp_connect_recv(struct tevent_req *req,
+ int *perrno,
+ TALLOC_CTX *mem_ctx,
+ struct tstream_context **stream);
+#else
int _tstream_inet_tcp_connect_recv(struct tevent_req *req,
int *perrno,
TALLOC_CTX *mem_ctx,
@@ -156,11 +713,56 @@ int _tstream_inet_tcp_connect_recv(struct tevent_req *req,
#define tstream_inet_tcp_connect_recv(req, perrno, mem_ctx, stream) \
_tstream_inet_tcp_connect_recv(req, perrno, mem_ctx, stream, \
__location__)
+#endif
+/**
+ * @brief Connect async to a unix domain endpoint and create a tstream_context
+ * for the stream based communication.
+ *
+ * Use this function to connenct asynchronously to a unix domainendpoint and
+ * create a tstream_context for the stream based communication.
+ *
+ * The callback is triggered when a socket is connected and ready for IO or an
+ * error happened.
+ *
+ * @param[in] mem_ctx The talloc memory context to use.
+ *
+ * @param[in] ev The tevent_context to run on.
+ *
+ * @param[in] local An 'unix' tsocket_address for the local endpoint.
+ *
+ * @param[in] remote An 'unix' tsocket_address for the remote endpoint.
+ *
+ * @return A 'tevent_req' handle, where the caller can register a
+ * callback with tevent_req_set_callback(). NULL on a falal
+ * error.
+ *
+ * @see tstream_unix_connect_recv()
+ */
struct tevent_req * tstream_unix_connect_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
const struct tsocket_address *local,
const struct tsocket_address *remote);
+
+#ifdef DOXYGEN
+/**
+ * @brief Receive the result from a tstream_unix_connect_send().
+ *
+ * @param[in] req The tevent request from tstream_inet_tcp_connect_send().
+ *
+ * @param[out] perrno The error number, set if an error occured.
+ *
+ * @param[in] mem_ctx The talloc memory context to use.
+ *
+ * @param[in] stream The tstream context to work on.
+ *
+ * @return 0 on success, -1 on error with perrno set.
+ */
+int tstream_unix_connect_recv(struct tevent_req *req,
+ int *perrno,
+ TALLOC_CTX *mem_ctx,
+ struct tstream_context **stream);
+#else
int _tstream_unix_connect_recv(struct tevent_req *req,
int *perrno,
TALLOC_CTX *mem_ctx,
@@ -169,31 +771,121 @@ int _tstream_unix_connect_recv(struct tevent_req *req,
#define tstream_unix_connect_recv(req, perrno, mem_ctx, stream) \
_tstream_unix_connect_recv(req, perrno, mem_ctx, stream, \
__location__)
+#endif
+#ifdef DOXYGEN
+/**
+ * @brief Create two connected 'unix' tsocket_contexts for stream based
+ * communication.
+ *
+ * @param[in] mem_ctx1 The talloc memory context to use for stream1.
+ *
+ * @param[in] stream1 The first stream to connect.
+ *
+ * @param[in] mem_ctx2 The talloc memory context to use for stream2.
+ *
+ * @param[in] stream2 The second stream to connect.
+ *
+ * @return 0 on success, -1 on error with errno set.
+ */
+int tstream_unix_socketpair(TALLOC_CTX *mem_ctx1,
+ struct tstream_context **stream1,
+ TALLOC_CTX *mem_ctx2,
+ struct tstream_context **stream2);
+#else
int _tstream_unix_socketpair(TALLOC_CTX *mem_ctx1,
struct tstream_context **_stream1,
TALLOC_CTX *mem_ctx2,
struct tstream_context **_stream2,
const char *location);
+
#define tstream_unix_socketpair(mem_ctx1, stream1, mem_ctx2, stream2) \
_tstream_unix_socketpair(mem_ctx1, stream1, mem_ctx2, stream2, \
__location__)
+#endif
struct sockaddr;
+#ifdef DOXYGEN
+/**
+ * @brief Convert a tsocket address to a bsd socket address.
+ *
+ * @param[in] mem_ctx The talloc memory context to use.
+ *
+ * @param[in] sa The sockaddr structure to convert.
+ *
+ * @param[in] sa_socklen The lenth of the sockaddr sturucte.
+ *
+ * @param[out] addr The tsocket pointer to allocate and fill.
+ *
+ * @return 0 on success, -1 on error with errno set.
+ */
+int tsocket_address_bsd_from_sockaddr(TALLOC_CTX *mem_ctx,
+ struct sockaddr *sa,
+ size_t sa_socklen,
+ struct tsocket_address **addr);
+#else
int _tsocket_address_bsd_from_sockaddr(TALLOC_CTX *mem_ctx,
struct sockaddr *sa,
size_t sa_socklen,
struct tsocket_address **_addr,
const char *location);
+
#define tsocket_address_bsd_from_sockaddr(mem_ctx, sa, sa_socklen, _addr) \
_tsocket_address_bsd_from_sockaddr(mem_ctx, sa, sa_socklen, _addr, \
__location__)
+#endif
+/**
+ * @brief Fill a bsd sockaddr structure.
+ *
+ * @param[in] addr The tsocket address structure to use.
+ *
+ * @param[in] sa The bsd sockaddr structure to fill out.
+ *
+ * @param[in] sa_socklen The length of the bsd sockaddr structure to fill out.
+ *
+ * @return The actual size of the sockaddr structure, -1 on error
+ * with errno set. The size could differ from sa_socklen.
+ *
+ * @code
+ * ssize_t socklen;
+ * struct sockaddr_storage ss;
+ *
+ * socklen = tsocket_address_bsd_sockaddr(taddr,
+ * (struct sockaddr *) &ss,
+ * sizeof(struct sockaddr_storage));
+ * if (socklen < 0) {
+ * return -1;
+ * }
+ * @endcode
+ */
ssize_t tsocket_address_bsd_sockaddr(const struct tsocket_address *addr,
struct sockaddr *sa,
size_t sa_socklen);
+#ifdef DOXYGEN
+/**
+ * @brief Wrap an existing file descriptors into the tstream abstraction.
+ *
+ * You can use this function to wrap an existing file descriptors into the
+ * tstream abstraction.
+ *
+ * @param[in] mem_ctx The talloc memory context to use.
+ *
+ * @param[in] fd The non blocking fd to use!
+ *
+ * @param[in] stream The filed tstream_context you allocated before.
+ *
+ * @return 0 on success, -1 on error with errno set.
+ *
+ * @warning You should read the tsocket_bsd.c code and unterstand it in order
+ * use this function.
+ */
+int tstream_bsd_existing_socket(TALLOC_CTX *mem_ctx,
+ int fd,
+ struct tstream_context **stream);
+#else
int _tstream_bsd_existing_socket(TALLOC_CTX *mem_ctx,
int fd,
struct tstream_context **_stream,
@@ -201,11 +893,54 @@ int _tstream_bsd_existing_socket(TALLOC_CTX *mem_ctx,
#define tstream_bsd_existing_socket(mem_ctx, fd, stream) \
_tstream_bsd_existing_socket(mem_ctx, fd, stream, \
__location__)
+#endif
-/*
- * Queue and PDU helpers
+/**
+ * @}
+ */
+
+/**
+ * @defgroup tsocket_helper Queue and PDU helpers
+ * @ingroup tsocket
+ *
+ * In order to make the live easier for callers which want to implement a
+ * function to receive a full PDU with a single async function pair, there're
+ * some helper functions.
+ *
+ * There're some cases where the caller wants doesn't care about the order of
+ * doing IO on the abstracted sockets.
+ *
+ * @{
*/
+/**
+ * @brief Queue a dgram blob for sending through the socket.
+ *
+ * This function queues a blob for sending to destination through an existing
+ * dgram socket. The async callback is triggered when the whole blob is
+ * delivered to the underlying system socket.
+ *
+ * The caller needs to make sure that all non-scalar input parameters hang
+ * arround for the whole lifetime of the request.
+ *
+ * @param[in] mem_ctx The memory context for the result.
+ *
+ * @param[in] ev The event context the operation should work on.
+ *
+ * @param[in] dgram The tdgram_context to send the message buffer.
+ *
+ * @param[in] queue The existing dgram queue.
+ *
+ * @param[in] buf The message buffer to send.
+ *
+ * @param[in] len The message length.
+ *
+ * @param[in] dst The destination socket address.
+ *
+ * @return The async request handle. NULL on fatal error.
+ *
+ * @see tdgram_sendto_queue_recv()
+ */
struct tevent_req *tdgram_sendto_queue_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct tdgram_context *dgram,
@@ -213,6 +948,17 @@ struct tevent_req *tdgram_sendto_queue_send(TALLOC_CTX *mem_ctx,
const uint8_t *buf,
size_t len,
struct tsocket_address *dst);
+
+/**
+ * @brief Receive the result of the sent dgram blob.
+ *
+ * @param[in] req The tevent request from tdgram_sendto_queue_send().
+ *
+ * @param[out] perrno The error set to the actual errno.
+ *
+ * @return The length of the datagram (0 is never returned!), -1 on
+ * error with perrno set to the actual errno.
+ */
ssize_t tdgram_sendto_queue_recv(struct tevent_req *req, int *perrno);
typedef int (*tstream_readv_pdu_next_vector_t)(struct tstream_context *stream,
@@ -220,6 +966,7 @@ typedef int (*tstream_readv_pdu_next_vector_t)(struct tstream_context *stream,
TALLOC_CTX *mem_ctx,
struct iovec **vector,
size_t *count);
+
struct tevent_req *tstream_readv_pdu_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct tstream_context *stream,
@@ -227,21 +974,97 @@ struct tevent_req *tstream_readv_pdu_send(TALLOC_CTX *mem_ctx,
void *next_vector_private);
int tstream_readv_pdu_recv(struct tevent_req *req, int *perrno);
+/**
+ * @brief Queue a dgram blob for sending through the socket.
+ *
+ * This function queues a blob for sending to destination through an existing
+ * dgram socket. The async callback is triggered when the whole blob is
+ * delivered to the underlying system socket.
+ *
+ * The caller needs to make sure that all non-scalar input parameters hang
+ * arround for the whole lifetime of the request.
+ *
+ * @param[in] mem_ctx The memory context for the result
+ *
+ * @param[in] ev The tevent_context to run on
+ *
+ * @param[in] stream The stream to send data through
+ *
+ * @param[in] queue The existing send queue
+ *
+ * @param[in] next_vector_fn The next vector function
+ *
+ * @param[in] next_vector_private The private_data of the next vector function
+ *
+ * @return The async request handle. NULL on fatal error.
+ *
+ * @see tstream_readv_pdu_queue_recv()
+ */
struct tevent_req *tstream_readv_pdu_queue_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct tstream_context *stream,
struct tevent_queue *queue,
tstream_readv_pdu_next_vector_t next_vector_fn,
void *next_vector_private);
+
+/**
+ * @brief Receive the result of the sent dgram blob.
+ *
+ * @param[in] req The tevent request from tstream_readv_pdu_queue_send().
+ *
+ * @param[out] perrno The error set to the actual errno.
+ *
+ * @return The length of the datagram (0 is never returned!), -1 on
+ * error with perrno set to the actual errno.
+ */
int tstream_readv_pdu_queue_recv(struct tevent_req *req, int *perrno);
+/**
+ * @brief Queue a dgram blob for sending through the socket
+ *
+ * This function queues a blob for sending to destination through an existing
+ * dgram socket. The async callback is triggered when the whole blob is
+ * delivered to the underlying system socket.
+ *
+ * The caller needs to make sure that all non-scalar input parameters hang
+ * arround for the whole lifetime of the request.
+ *
+ * @param[in] mem_ctx The memory context for the result.
+ *
+ * @param[in] ev The tevent_context to run on.
+ *
+ * @param[in] stream The stream to send data through.
+ *
+ * @param[in] queue The existing send queue.
+ *
+ * @param[in] vector The iovec vector so write.
+ *
+ * @param[in] count The size of the vector.
+ *
+ * @return The async request handle. NULL on fatal error.
+ */
struct tevent_req *tstream_writev_queue_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct tstream_context *stream,
struct tevent_queue *queue,
const struct iovec *vector,
size_t count);
+
+/**
+ * @brief Receive the result of the sent dgram blob.
+ *
+ * @param[in] req The tevent request from tstream_writev_queue_send().
+ *
+ * @param[out] perrno The error set to the actual errno.
+ *
+ * @return The length of the datagram (0 is never returned!), -1 on
+ * error with perrno set to the actual errno.
+ */
int tstream_writev_queue_recv(struct tevent_req *req, int *perrno);
+/**
+ * @}
+ */
+
#endif /* _TSOCKET_H */
diff --git a/lib/tsocket/tsocket_helpers.c b/lib/tsocket/tsocket_helpers.c
index d8db864058..3a41a3efc3 100644
--- a/lib/tsocket/tsocket_helpers.c
+++ b/lib/tsocket/tsocket_helpers.c
@@ -42,24 +42,6 @@ static void tdgram_sendto_queue_trigger(struct tevent_req *req,
void *private_data);
static void tdgram_sendto_queue_done(struct tevent_req *subreq);
-/**
- * @brief Queue a dgram blob for sending through the socket
- * @param[in] mem_ctx The memory context for the result
- * @param[in] ev The event context the operation should work on
- * @param[in] dgram The tdgram_context to send the message buffer
- * @param[in] queue The existing dgram queue
- * @param[in] buf The message buffer
- * @param[in] len The message length
- * @param[in] dst The destination socket address
- * @retval The async request handle
- *
- * This function queues a blob for sending to destination through an existing
- * dgram socket. The async callback is triggered when the whole blob is
- * delivered to the underlying system socket.
- *
- * The caller needs to make sure that all non-scalar input parameters hang
- * arround for the whole lifetime of the request.
- */
struct tevent_req *tdgram_sendto_queue_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct tdgram_context *dgram,
@@ -335,23 +317,6 @@ static void tstream_readv_pdu_queue_trigger(struct tevent_req *req,
void *private_data);
static void tstream_readv_pdu_queue_done(struct tevent_req *subreq);
-/**
- * @brief Queue a dgram blob for sending through the socket
- * @param[in] mem_ctx The memory context for the result
- * @param[in] ev The tevent_context to run on
- * @param[in] stream The stream to send data through
- * @param[in] queue The existing send queue
- * @param[in] next_vector_fn The next vector function
- * @param[in] next_vector_private The private_data of the next vector function
- * @retval The async request handle
- *
- * This function queues a blob for sending to destination through an existing
- * dgram socket. The async callback is triggered when the whole blob is
- * delivered to the underlying system socket.
- *
- * The caller needs to make sure that all non-scalar input parameters hang
- * arround for the whole lifetime of the request.
- */
struct tevent_req *tstream_readv_pdu_queue_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct tstream_context *stream,
@@ -459,23 +424,6 @@ static void tstream_writev_queue_trigger(struct tevent_req *req,
void *private_data);
static void tstream_writev_queue_done(struct tevent_req *subreq);
-/**
- * @brief Queue a dgram blob for sending through the socket
- * @param[in] mem_ctx The memory context for the result
- * @param[in] ev The tevent_context to run on
- * @param[in] stream The stream to send data through
- * @param[in] queue The existing send queue
- * @param[in] vector The iovec vector so write
- * @param[in] count The size of the vector
- * @retval The async request handle
- *
- * This function queues a blob for sending to destination through an existing
- * dgram socket. The async callback is triggered when the whole blob is
- * delivered to the underlying system socket.
- *
- * The caller needs to make sure that all non-scalar input parameters hang
- * arround for the whole lifetime of the request.
- */
struct tevent_req *tstream_writev_queue_send(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct tstream_context *stream,
diff --git a/lib/util/debug.h b/lib/util/debug.h
index f0d16952a9..eb2151fc51 100644
--- a/lib/util/debug.h
+++ b/lib/util/debug.h
@@ -45,17 +45,13 @@ struct debug_ops {
#define DEBUGLEVEL *debug_level
extern int DEBUGLEVEL;
-#define debug_ctx() (_debug_ctx?_debug_ctx:(_debug_ctx=talloc_new(NULL)))
-
#define DEBUGLVL(level) ((level) <= DEBUGLEVEL)
#define _DEBUG(level, body, header) do { \
if (DEBUGLVL(level)) { \
- void* _debug_ctx=NULL; \
if (header) { \
dbghdr(level, __location__, __FUNCTION__); \
} \
dbgtext body; \
- talloc_free(_debug_ctx); \
} \
} while (0)
/**
diff --git a/libcli/auth/smbencrypt.c b/libcli/auth/smbencrypt.c
index a3182cd806..f7c60e7de1 100644
--- a/libcli/auth/smbencrypt.c
+++ b/libcli/auth/smbencrypt.c
@@ -100,13 +100,9 @@ bool E_md4hash(const char *passwd, uint8_t p16[16])
void E_md5hash(const uint8_t salt[16], const uint8_t nthash[16], uint8_t hash_out[16])
{
struct MD5Context tctx;
- uint8_t array[32];
-
- memset(hash_out, '\0', 16);
- memcpy(array, salt, 16);
- memcpy(&array[16], nthash, 16);
MD5Init(&tctx);
- MD5Update(&tctx, array, 32);
+ MD5Update(&tctx, salt, 16);
+ MD5Update(&tctx, nthash, 16);
MD5Final(hash_out, &tctx);
}
diff --git a/libcli/util/tstream.c b/libcli/util/tstream.c
new file mode 100644
index 0000000000..f6c92f3385
--- /dev/null
+++ b/libcli/util/tstream.c
@@ -0,0 +1,167 @@
+/*
+ * Unix SMB/CIFS implementation.
+ *
+ * Copyright (C) Stefan Metzmacher 2009
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#include "includes.h"
+#include <tevent.h>
+#include "system/filesys.h"
+#include "../lib/tsocket/tsocket.h"
+#include "../libcli/util/tstream.h"
+#include "../lib/util/tevent_ntstatus.h"
+
+struct tstream_read_pdu_blob_state {
+ /* this structs are owned by the caller */
+ struct {
+ struct tevent_context *ev;
+ struct tstream_context *stream;
+ NTSTATUS (*full_fn)(void *private_data,
+ DATA_BLOB blob,
+ size_t *packet_size);
+ void *full_private;
+ } caller;
+
+ DATA_BLOB pdu_blob;
+ struct iovec tmp_vector;
+};
+
+static void tstream_read_pdu_blob_done(struct tevent_req *subreq);
+
+struct tevent_req *tstream_read_pdu_blob_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct tstream_context *stream,
+ size_t initial_read_size,
+ NTSTATUS (*full_fn)(void *private_data,
+ DATA_BLOB blob,
+ size_t *packet_size),
+ void *full_private)
+{
+ struct tevent_req *req;
+ struct tstream_read_pdu_blob_state *state;
+ struct tevent_req *subreq;
+ uint8_t *buf;
+
+ req = tevent_req_create(mem_ctx, &state,
+ struct tstream_read_pdu_blob_state);
+ if (!req) {
+ return NULL;
+ }
+
+ state->caller.ev = ev;
+ state->caller.stream = stream;
+ state->caller.full_fn = full_fn;
+ state->caller.full_private = full_private;
+
+ if (initial_read_size == 0) {
+ tevent_req_error(req, EINVAL);
+ return tevent_req_post(req, ev);
+ }
+
+ buf = talloc_array(state, uint8_t, initial_read_size);
+ if (tevent_req_nomem(buf, req)) {
+ return tevent_req_post(req, ev);
+ }
+ state->pdu_blob.data = buf;
+ state->pdu_blob.length = initial_read_size;
+
+ state->tmp_vector.iov_base = buf;
+ state->tmp_vector.iov_len = initial_read_size;
+
+ subreq = tstream_readv_send(state, ev, stream, &state->tmp_vector, 1);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, tstream_read_pdu_blob_done, req);
+
+ return req;
+}
+
+static void tstream_read_pdu_blob_done(struct tevent_req *subreq)
+{
+ struct tevent_req *req =
+ tevent_req_callback_data(subreq,
+ struct tevent_req);
+ struct tstream_read_pdu_blob_state *state =
+ tevent_req_data(req,
+ struct tstream_read_pdu_blob_state);
+ ssize_t ret;
+ int sys_errno;
+ size_t pdu_size;
+ NTSTATUS status;
+ uint8_t *buf;
+
+ ret = tstream_readv_recv(subreq, &sys_errno);
+ TALLOC_FREE(subreq);
+ if (ret == -1) {
+ status = map_nt_error_from_unix(sys_errno);
+ tevent_req_nterror(req, status);
+ return;
+ }
+
+ status = state->caller.full_fn(state->caller.full_private,
+ state->pdu_blob, &pdu_size);
+ if (NT_STATUS_IS_OK(status)) {
+ tevent_req_done(req);
+ return;
+ } else if (NT_STATUS_EQUAL(status, STATUS_MORE_ENTRIES)) {
+ /* more to get */
+ } else if (!NT_STATUS_IS_OK(status)) {
+ tevent_req_nterror(req, status);
+ return;
+ }
+
+ buf = talloc_realloc(state, state->pdu_blob.data, uint8_t, pdu_size);
+ if (tevent_req_nomem(buf, req)) {
+ return;
+ }
+ state->pdu_blob.data = buf;
+ state->pdu_blob.length = pdu_size;
+
+ state->tmp_vector.iov_base = buf + state->tmp_vector.iov_len;
+ state->tmp_vector.iov_len = pdu_size - state->tmp_vector.iov_len;
+
+ subreq = tstream_readv_send(state,
+ state->caller.ev,
+ state->caller.stream,
+ &state->tmp_vector,
+ 1);
+ if (tevent_req_nomem(subreq, req)) {
+ return;
+ }
+ tevent_req_set_callback(subreq, tstream_read_pdu_blob_done, req);
+}
+
+NTSTATUS tstream_read_pdu_blob_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *pdu_blob)
+{
+ struct tstream_read_pdu_blob_state *state = tevent_req_data(req,
+ struct tstream_read_pdu_blob_state);
+ NTSTATUS status;
+
+ if (tevent_req_is_nterror(req, &status)) {
+ tevent_req_received(req);
+ return status;
+ }
+
+ *pdu_blob = state->pdu_blob;
+ talloc_steal(mem_ctx, pdu_blob->data);
+
+ tevent_req_received(req);
+ return NT_STATUS_OK;
+}
+
diff --git a/libcli/util/tstream.h b/libcli/util/tstream.h
new file mode 100644
index 0000000000..a945287985
--- /dev/null
+++ b/libcli/util/tstream.h
@@ -0,0 +1,79 @@
+/*
+ * Unix SMB/CIFS implementation.
+ *
+ * Copyright (C) Stefan Metzmacher 2009
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, see <http://www.gnu.org/licenses/>.
+ */
+
+#ifndef _LIBCLI_UTIL_TSTREAM_H_
+#define _LIBCLI_UTIL_TSTREAM_H_
+
+/**
+ * @brief A helper function to read a full PDU from a stream
+ *
+ * This function is designed for simple PDUs and as compat layer
+ * for the Samba4 packet interface.
+ *
+ * tstream_readv_pdu_send() is a more powerful interface,
+ * which is part of the main (non samba specific) tsocket code.
+ *
+ * @param[in] mem_ctx The memory context for the result.
+ *
+ * @param[in] ev The event context the operation should work on.
+ *
+ * @param[in] stream The stream to read data from.
+ *
+ * @param[in] inital_read_size The initial byte count that is needed to workout
+ * the full pdu size.
+ *
+ * @param[in] full_fn The callback function that will report the size
+ * of the full pdu.
+ *
+ * @param[in] full_private The private data for the callback function.
+ *
+ * @return The async request handle. NULL on fatal error.
+ *
+ * @see tstream_read_pdu_blob_recv()
+ * @see tstream_readv_pdu_send()
+ * @see tstream_readv_pdu_queue_send()
+ *
+ */
+struct tevent_req *tstream_read_pdu_blob_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct tstream_context *stream,
+ size_t inital_read_size,
+ NTSTATUS (*full_fn)(void *private_data,
+ DATA_BLOB blob,
+ size_t *packet_size),
+ void *full_private);
+/**
+ * @brief Receive the result of the tstream_read_pdu_blob_send() call.
+ *
+ * @param[in] req The tevent request from tstream_read_pdu_blob_send().
+ *
+ * @param[in] mem_ctx The memory context for returned pdu DATA_BLOB.
+ *
+ * @param[in] pdu_blob The DATA_BLOB with the full pdu.
+ *
+ * @return The NTSTATUS result, NT_STATUS_OK on success
+ * and others on failure.
+ *
+ * @see tstream_read_pdu_blob_send()
+ */
+NTSTATUS tstream_read_pdu_blob_recv(struct tevent_req *req,
+ TALLOC_CTX *mem_ctx,
+ DATA_BLOB *pdu_blob);
+
+#endif /* _LIBCLI_UTIL_TSTREAM_H_ */
diff --git a/librpc/gen_ndr/drsuapi.h b/librpc/gen_ndr/drsuapi.h
index a5016fa788..1f5960ddc5 100644
--- a/librpc/gen_ndr/drsuapi.h
+++ b/librpc/gen_ndr/drsuapi.h
@@ -326,6 +326,7 @@ enum drsuapi_DsAttributeId
#ifndef USE_UINT_ENUMS
{
DRSUAPI_ATTRIBUTE_objectClass=(int)(0x00000000),
+ DRSUAPI_ATTRIBUTE_cn=(int)(0x00000003),
DRSUAPI_ATTRIBUTE_description=(int)(0x0000000d),
DRSUAPI_ATTRIBUTE_member=(int)(0x0000001f),
DRSUAPI_ATTRIBUTE_instanceType=(int)(0x00020001),
@@ -336,6 +337,7 @@ enum drsuapi_DsAttributeId
DRSUAPI_ATTRIBUTE_governsID=(int)(0x00020016),
DRSUAPI_ATTRIBUTE_mustContain=(int)(0x00020018),
DRSUAPI_ATTRIBUTE_mayContain=(int)(0x00020019),
+ DRSUAPI_ATTRIBUTE_rDNAttId=(int)(0x0002001A),
DRSUAPI_ATTRIBUTE_attributeID=(int)(0x0002001e),
DRSUAPI_ATTRIBUTE_attributeSyntax=(int)(0x00020020),
DRSUAPI_ATTRIBUTE_isSingleValued=(int)(0x00020021),
@@ -374,6 +376,7 @@ enum drsuapi_DsAttributeId
DRSUAPI_ATTRIBUTE_systemPossSuperiors=(int)(0x000900c3),
DRSUAPI_ATTRIBUTE_systemMayContain=(int)(0x000900c4),
DRSUAPI_ATTRIBUTE_systemMustContain=(int)(0x000900c5),
+ DRSUAPI_ATTRIBUTE_systemAuxiliaryClass=(int)(0x000900c6),
DRSUAPI_ATTRIBUTE_sAMAccountName=(int)(0x000900dd),
DRSUAPI_ATTRIBUTE_sAMAccountType=(int)(0x0009012e),
DRSUAPI_ATTRIBUTE_fSMORoleOwner=(int)(0x00090171),
@@ -390,14 +393,17 @@ enum drsuapi_DsAttributeId
DRSUAPI_ATTRIBUTE_servicePrincipalName=(int)(0x00090303),
DRSUAPI_ATTRIBUTE_objectCategory=(int)(0x0009030e),
DRSUAPI_ATTRIBUTE_gPLink=(int)(0x0009037b),
+ DRSUAPI_ATTRIBUTE_transportAddressAttribute=(int)(0x0009037f),
DRSUAPI_ATTRIBUTE_msDS_Behavior_Version=(int)(0x000905b3),
DRSUAPI_ATTRIBUTE_msDS_KeyVersionNumber=(int)(0x000906f6),
DRSUAPI_ATTRIBUTE_msDS_HasDomainNCs=(int)(0x0009071c),
- DRSUAPI_ATTRIBUTE_msDS_hasMasterNCs=(int)(0x0009072c)
+ DRSUAPI_ATTRIBUTE_msDS_hasMasterNCs=(int)(0x0009072c),
+ DRSUAPI_ATTRIBUTE_NONE=(int)(0xFFFFFFFF)
}
#else
{ __donnot_use_enum_drsuapi_DsAttributeId=0x7FFFFFFF}
#define DRSUAPI_ATTRIBUTE_objectClass ( 0x00000000 )
+#define DRSUAPI_ATTRIBUTE_cn ( 0x00000003 )
#define DRSUAPI_ATTRIBUTE_description ( 0x0000000d )
#define DRSUAPI_ATTRIBUTE_member ( 0x0000001f )
#define DRSUAPI_ATTRIBUTE_instanceType ( 0x00020001 )
@@ -408,6 +414,7 @@ enum drsuapi_DsAttributeId
#define DRSUAPI_ATTRIBUTE_governsID ( 0x00020016 )
#define DRSUAPI_ATTRIBUTE_mustContain ( 0x00020018 )
#define DRSUAPI_ATTRIBUTE_mayContain ( 0x00020019 )
+#define DRSUAPI_ATTRIBUTE_rDNAttId ( 0x0002001A )
#define DRSUAPI_ATTRIBUTE_attributeID ( 0x0002001e )
#define DRSUAPI_ATTRIBUTE_attributeSyntax ( 0x00020020 )
#define DRSUAPI_ATTRIBUTE_isSingleValued ( 0x00020021 )
@@ -446,6 +453,7 @@ enum drsuapi_DsAttributeId
#define DRSUAPI_ATTRIBUTE_systemPossSuperiors ( 0x000900c3 )
#define DRSUAPI_ATTRIBUTE_systemMayContain ( 0x000900c4 )
#define DRSUAPI_ATTRIBUTE_systemMustContain ( 0x000900c5 )
+#define DRSUAPI_ATTRIBUTE_systemAuxiliaryClass ( 0x000900c6 )
#define DRSUAPI_ATTRIBUTE_sAMAccountName ( 0x000900dd )
#define DRSUAPI_ATTRIBUTE_sAMAccountType ( 0x0009012e )
#define DRSUAPI_ATTRIBUTE_fSMORoleOwner ( 0x00090171 )
@@ -462,10 +470,12 @@ enum drsuapi_DsAttributeId
#define DRSUAPI_ATTRIBUTE_servicePrincipalName ( 0x00090303 )
#define DRSUAPI_ATTRIBUTE_objectCategory ( 0x0009030e )
#define DRSUAPI_ATTRIBUTE_gPLink ( 0x0009037b )
+#define DRSUAPI_ATTRIBUTE_transportAddressAttribute ( 0x0009037f )
#define DRSUAPI_ATTRIBUTE_msDS_Behavior_Version ( 0x000905b3 )
#define DRSUAPI_ATTRIBUTE_msDS_KeyVersionNumber ( 0x000906f6 )
#define DRSUAPI_ATTRIBUTE_msDS_HasDomainNCs ( 0x0009071c )
#define DRSUAPI_ATTRIBUTE_msDS_hasMasterNCs ( 0x0009072c )
+#define DRSUAPI_ATTRIBUTE_NONE ( 0xFFFFFFFF )
#endif
;
diff --git a/librpc/gen_ndr/ndr_drsuapi.c b/librpc/gen_ndr/ndr_drsuapi.c
index eb89db767a..5b31d1e3f3 100644
--- a/librpc/gen_ndr/ndr_drsuapi.c
+++ b/librpc/gen_ndr/ndr_drsuapi.c
@@ -1379,6 +1379,7 @@ _PUBLIC_ void ndr_print_drsuapi_DsAttributeId(struct ndr_print *ndr, const char
ndr_set_flags(&ndr->flags, LIBNDR_PRINT_ARRAY_HEX);
switch (r) {
case DRSUAPI_ATTRIBUTE_objectClass: val = "DRSUAPI_ATTRIBUTE_objectClass"; break;
+ case DRSUAPI_ATTRIBUTE_cn: val = "DRSUAPI_ATTRIBUTE_cn"; break;
case DRSUAPI_ATTRIBUTE_description: val = "DRSUAPI_ATTRIBUTE_description"; break;
case DRSUAPI_ATTRIBUTE_member: val = "DRSUAPI_ATTRIBUTE_member"; break;
case DRSUAPI_ATTRIBUTE_instanceType: val = "DRSUAPI_ATTRIBUTE_instanceType"; break;
@@ -1389,6 +1390,7 @@ _PUBLIC_ void ndr_print_drsuapi_DsAttributeId(struct ndr_print *ndr, const char
case DRSUAPI_ATTRIBUTE_governsID: val = "DRSUAPI_ATTRIBUTE_governsID"; break;
case DRSUAPI_ATTRIBUTE_mustContain: val = "DRSUAPI_ATTRIBUTE_mustContain"; break;
case DRSUAPI_ATTRIBUTE_mayContain: val = "DRSUAPI_ATTRIBUTE_mayContain"; break;
+ case DRSUAPI_ATTRIBUTE_rDNAttId: val = "DRSUAPI_ATTRIBUTE_rDNAttId"; break;
case DRSUAPI_ATTRIBUTE_attributeID: val = "DRSUAPI_ATTRIBUTE_attributeID"; break;
case DRSUAPI_ATTRIBUTE_attributeSyntax: val = "DRSUAPI_ATTRIBUTE_attributeSyntax"; break;
case DRSUAPI_ATTRIBUTE_isSingleValued: val = "DRSUAPI_ATTRIBUTE_isSingleValued"; break;
@@ -1427,6 +1429,7 @@ _PUBLIC_ void ndr_print_drsuapi_DsAttributeId(struct ndr_print *ndr, const char
case DRSUAPI_ATTRIBUTE_systemPossSuperiors: val = "DRSUAPI_ATTRIBUTE_systemPossSuperiors"; break;
case DRSUAPI_ATTRIBUTE_systemMayContain: val = "DRSUAPI_ATTRIBUTE_systemMayContain"; break;
case DRSUAPI_ATTRIBUTE_systemMustContain: val = "DRSUAPI_ATTRIBUTE_systemMustContain"; break;
+ case DRSUAPI_ATTRIBUTE_systemAuxiliaryClass: val = "DRSUAPI_ATTRIBUTE_systemAuxiliaryClass"; break;
case DRSUAPI_ATTRIBUTE_sAMAccountName: val = "DRSUAPI_ATTRIBUTE_sAMAccountName"; break;
case DRSUAPI_ATTRIBUTE_sAMAccountType: val = "DRSUAPI_ATTRIBUTE_sAMAccountType"; break;
case DRSUAPI_ATTRIBUTE_fSMORoleOwner: val = "DRSUAPI_ATTRIBUTE_fSMORoleOwner"; break;
@@ -1443,10 +1446,12 @@ _PUBLIC_ void ndr_print_drsuapi_DsAttributeId(struct ndr_print *ndr, const char
case DRSUAPI_ATTRIBUTE_servicePrincipalName: val = "DRSUAPI_ATTRIBUTE_servicePrincipalName"; break;
case DRSUAPI_ATTRIBUTE_objectCategory: val = "DRSUAPI_ATTRIBUTE_objectCategory"; break;
case DRSUAPI_ATTRIBUTE_gPLink: val = "DRSUAPI_ATTRIBUTE_gPLink"; break;
+ case DRSUAPI_ATTRIBUTE_transportAddressAttribute: val = "DRSUAPI_ATTRIBUTE_transportAddressAttribute"; break;
case DRSUAPI_ATTRIBUTE_msDS_Behavior_Version: val = "DRSUAPI_ATTRIBUTE_msDS_Behavior_Version"; break;
case DRSUAPI_ATTRIBUTE_msDS_KeyVersionNumber: val = "DRSUAPI_ATTRIBUTE_msDS_KeyVersionNumber"; break;
case DRSUAPI_ATTRIBUTE_msDS_HasDomainNCs: val = "DRSUAPI_ATTRIBUTE_msDS_HasDomainNCs"; break;
case DRSUAPI_ATTRIBUTE_msDS_hasMasterNCs: val = "DRSUAPI_ATTRIBUTE_msDS_hasMasterNCs"; break;
+ case DRSUAPI_ATTRIBUTE_NONE: val = "DRSUAPI_ATTRIBUTE_NONE"; break;
}
ndr_print_enum(ndr, name, "ENUM", val, r);
ndr->flags = _flags_save_ENUM;
diff --git a/librpc/idl/drsuapi.idl b/librpc/idl/drsuapi.idl
index 3038863e1c..dadaeeee3a 100644
--- a/librpc/idl/drsuapi.idl
+++ b/librpc/idl/drsuapi.idl
@@ -437,6 +437,7 @@ interface drsuapi
typedef [flag(NDR_PAHEX),v1_enum,public] enum {
DRSUAPI_ATTRIBUTE_objectClass = 0x00000000,
+ DRSUAPI_ATTRIBUTE_cn = 0x00000003,
DRSUAPI_ATTRIBUTE_description = 0x0000000d,
DRSUAPI_ATTRIBUTE_member = 0x0000001f,
DRSUAPI_ATTRIBUTE_instanceType = 0x00020001,
@@ -447,6 +448,7 @@ interface drsuapi
DRSUAPI_ATTRIBUTE_governsID = 0x00020016,
DRSUAPI_ATTRIBUTE_mustContain = 0x00020018,
DRSUAPI_ATTRIBUTE_mayContain = 0x00020019,
+ DRSUAPI_ATTRIBUTE_rDNAttId = 0x0002001A,
DRSUAPI_ATTRIBUTE_attributeID = 0x0002001e,
DRSUAPI_ATTRIBUTE_attributeSyntax = 0x00020020,
DRSUAPI_ATTRIBUTE_isSingleValued = 0x00020021,
@@ -485,6 +487,7 @@ interface drsuapi
DRSUAPI_ATTRIBUTE_systemPossSuperiors = 0x000900c3,
DRSUAPI_ATTRIBUTE_systemMayContain = 0x000900c4,
DRSUAPI_ATTRIBUTE_systemMustContain = 0x000900c5,
+ DRSUAPI_ATTRIBUTE_systemAuxiliaryClass = 0x000900c6,
DRSUAPI_ATTRIBUTE_sAMAccountName = 0x000900dd,
DRSUAPI_ATTRIBUTE_sAMAccountType = 0x0009012e,
DRSUAPI_ATTRIBUTE_fSMORoleOwner = 0x00090171,
@@ -501,10 +504,12 @@ interface drsuapi
DRSUAPI_ATTRIBUTE_servicePrincipalName = 0x00090303,
DRSUAPI_ATTRIBUTE_objectCategory = 0x0009030e,
DRSUAPI_ATTRIBUTE_gPLink = 0x0009037b,
+ DRSUAPI_ATTRIBUTE_transportAddressAttribute = 0x0009037f,
DRSUAPI_ATTRIBUTE_msDS_Behavior_Version = 0x000905b3,
DRSUAPI_ATTRIBUTE_msDS_KeyVersionNumber = 0x000906f6,
DRSUAPI_ATTRIBUTE_msDS_HasDomainNCs = 0x0009071c,
- DRSUAPI_ATTRIBUTE_msDS_hasMasterNCs = 0x0009072c
+ DRSUAPI_ATTRIBUTE_msDS_hasMasterNCs = 0x0009072c,
+ DRSUAPI_ATTRIBUTE_NONE = 0xFFFFFFFF
} drsuapi_DsAttributeId;
typedef struct {
diff --git a/selftest/selftest.pl b/selftest/selftest.pl
index 3536d410ae..883d2a0d46 100755
--- a/selftest/selftest.pl
+++ b/selftest/selftest.pl
@@ -212,6 +212,17 @@ sub cleanup_pcap($$)
unlink($pcap_file);
}
+# expand strings from %ENV
+sub expand_environment_strings($)
+{
+ my $s = shift;
+ # we use a reverse sort so we do the longer ones first
+ foreach my $k (sort { $b cmp $a } keys %ENV) {
+ $s =~ s/\$$k/$ENV{$k}/g;
+ }
+ return $s;
+}
+
sub run_testsuite($$$$$)
{
my ($envname, $name, $cmd, $i, $totalsuites) = @_;
@@ -255,6 +266,7 @@ sub run_testsuite($$$$$)
}
print "command: $cmd\n";
+ printf "expanded command: %s\n", expand_environment_strings($cmd);
my $exitcode = $ret >> 8;
@@ -587,6 +599,7 @@ sub write_clientconf($$)
#We don't want to pass our self-tests if the PAC code is wrong
gensec:require_pac = true
modules dir = $ENV{LD_SAMBA_MODULE_PATH}
+ setup directory = ./setup
";
close(CF);
}
diff --git a/source3/Makefile.in b/source3/Makefile.in
index 1376f4c07a..f87cb88801 100644
--- a/source3/Makefile.in
+++ b/source3/Makefile.in
@@ -681,7 +681,7 @@ GROUPDB_OBJ = groupdb/mapping.o groupdb/mapping_tdb.o groupdb/mapping_ldb.o
PROFILE_OBJ = profile/profile.o
PROFILES_OBJ = utils/profiles.o \
- $(LIBSAMBA_OBJ) \
+ $(LIBSMB_ERR_OBJ) \
$(PARAM_OBJ) \
$(LIB_OBJ) $(LIB_DUMMY_OBJ) \
$(POPT_LIB_OBJ)
@@ -740,6 +740,7 @@ VFS_ONEFS_SHADOW_COPY_OBJ = modules/vfs_onefs_shadow_copy.o modules/onefs_shadow
PERFCOUNT_ONEFS_OBJ = modules/perfcount_onefs.o
PERFCOUNT_TEST_OBJ = modules/perfcount_test.o
VFS_DIRSORT_OBJ = modules/vfs_dirsort.o
+VFS_SCANNEDONLY_OBJ = modules/vfs_scannedonly.o
PLAINTEXT_AUTH_OBJ = auth/pampass.o auth/pass_check.o
@@ -860,7 +861,7 @@ SWAT_OBJ = $(SWAT_OBJ1) $(PARAM_OBJ) $(PRINTING_OBJ) $(PRINTBASE_OBJ) $(LIBSMB_O
STATUS_OBJ = utils/status.o utils/status_profile.o \
$(LOCKING_OBJ) $(PARAM_OBJ) \
$(PROFILE_OBJ) $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) \
- $(LIBSAMBA_OBJ) $(FNAME_UTIL_OBJ)
+ $(LIBSMB_ERR_OBJ) $(FNAME_UTIL_OBJ)
SMBCONTROL_OBJ = utils/smbcontrol.o $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \
$(LIBSMB_ERR_OBJ) $(POPT_LIB_OBJ) $(PRINTBASE_OBJ)
@@ -875,7 +876,7 @@ SMBTREE_OBJ = utils/smbtree.o $(PARAM_OBJ) \
TESTPARM_OBJ = utils/testparm.o \
$(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) \
- $(LIBSAMBA_OBJ)
+ $(LIBSMB_ERR_OBJ)
TEST_LP_LOAD_OBJ = param/test_lp_load.o \
$(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \
@@ -1038,7 +1039,7 @@ CIFS_UMOUNT_OBJ = ../client/umount.cifs.o ../client/mtab.o
CIFS_UPCALL_OBJ = ../client/cifs.upcall.o
NMBLOOKUP_OBJ = utils/nmblookup.o $(PARAM_OBJ) $(LIBNMB_OBJ) \
- $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) $(LIBSAMBA_OBJ)
+ $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) $(LIBSMB_ERR_OBJ)
SMBTORTURE_OBJ1 = torture/torture.o torture/nbio.o torture/scanner.o torture/utable.o \
torture/denytest.o torture/mangle_test.o \
@@ -1053,7 +1054,7 @@ MASKTEST_OBJ = torture/masktest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(LDB_OBJ) $(KRBCLI
$(LIB_NONSMBD_OBJ) \
$(LIBNDR_GEN_OBJ0)
-MSGTEST_OBJ = torture/msgtest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(LDB_OBJ) $(KRBCLIENT_OBJ) \
+MSGTEST_OBJ = torture/msgtest.o $(PARAM_OBJ) $(LIBSMB_ERR_OBJ) $(LDB_OBJ) \
$(LIB_NONSMBD_OBJ) \
$(LIBNDR_GEN_OBJ0)
@@ -1070,7 +1071,7 @@ PDBTEST_OBJ = torture/pdbtest.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \
VFSTEST_OBJ = torture/cmd_vfs.o torture/vfstest.o $(SMBD_OBJ_BASE) $(READLINE_OBJ)
-SMBICONV_OBJ = $(PARAM_OBJ) torture/smbiconv.o $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) $(LIBSAMBA_OBJ)
+SMBICONV_OBJ = $(PARAM_OBJ) torture/smbiconv.o $(LIB_NONSMBD_OBJ) $(POPT_LIB_OBJ) $(LIBSMB_ERR_OBJ)
LOG2PCAP_OBJ = utils/log2pcaphex.o
@@ -1092,18 +1093,18 @@ SMBCQUOTAS_OBJ = utils/smbcquotas.o $(LIBSMB_OBJ) $(KRBCLIENT_OBJ) \
EVTLOGADM_OBJ0 = utils/eventlogadm.o
EVTLOGADM_OBJ = $(EVTLOGADM_OBJ0) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \
- $(LIBSAMBA_OBJ) \
+ $(LIBSMB_ERR_OBJ) \
registry/reg_eventlog.o $(LIB_EVENTLOG_OBJ) \
../librpc/gen_ndr/ndr_eventlog.o \
../librpc/gen_ndr/ndr_lsa.o
SHARESEC_OBJ0 = utils/sharesec.o
SHARESEC_OBJ = $(SHARESEC_OBJ0) $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) \
- $(LIBSAMBA_OBJ) \
+ $(LIBSMB_ERR_OBJ) \
$(POPT_LIB_OBJ)
TALLOCTORT_OBJ = @tallocdir@/testsuite.o @tallocdir@/testsuite_main.o \
- $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(LIBSAMBA_OBJ)
+ $(PARAM_OBJ) $(LIB_NONSMBD_OBJ) $(LIBSMB_ERR_OBJ)
REPLACETORT_OBJ = @libreplacedir@/test/testsuite.o \
@libreplacedir@/test/getifaddrs.o \
@@ -1119,8 +1120,7 @@ SMBFILTER_OBJ = utils/smbfilter.o $(PARAM_OBJ) $(LIBSMB_OBJ) $(LDB_OBJ) \
$(LIBNDR_GEN_OBJ0)
WINBIND_WINS_NSS_OBJ = ../nsswitch/wins.o $(PARAM_OBJ) \
- $(LIBSMB_OBJ) $(LIB_NONSMBD_OBJ) $(NSSWINS_OBJ) $(KRBCLIENT_OBJ) \
- $(LIBNDR_GEN_OBJ0) $(LDB_OBJ)
+ $(LIB_NONSMBD_OBJ) $(LIBSMB_ERR_OBJ) $(LIBNMB_OBJ)
PAM_SMBPASS_OBJ_0 = pam_smbpass/pam_smb_auth.o pam_smbpass/pam_smb_passwd.o \
pam_smbpass/pam_smb_acct.o pam_smbpass/support.o ../lib/util/asn1.o
@@ -1334,12 +1334,12 @@ RPC_OPEN_TCP_OBJ = torture/rpc_open_tcp.o \
DBWRAP_TOOL_OBJ = utils/dbwrap_tool.o \
$(PARAM_OBJ) \
$(LIB_NONSMBD_OBJ) \
- $(LIBSAMBA_OBJ)
+ $(LIBSMB_ERR_OBJ)
DBWRAP_TORTURE_OBJ = utils/dbwrap_torture.o \
$(PARAM_OBJ) \
$(LIB_NONSMBD_OBJ) \
- $(LIBSAMBA_OBJ) \
+ $(LIBSMB_ERR_OBJ) \
$(POPT_LIB_OBJ)
SPLIT_TOKENS_OBJ = utils/split_tokens.o \
@@ -2831,6 +2831,10 @@ bin/dirsort.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_DIRSORT_OBJ)
@echo "Building plugin $@"
@$(SHLD_MODULE) $(VFS_DIRSORT_OBJ)
+bin/scannedonly.@SHLIBEXT@: $(BINARY_PREREQS) $(VFS_SCANNEDONLY_OBJ)
+ @echo "Building plugin $@"
+ @$(SHLD_MODULE) $(VFS_SCANNEDONLY_OBJ)
+
#########################################################
## IdMap NSS plugins
diff --git a/source3/auth/auth_builtin.c b/source3/auth/auth_builtin.c
index 3741f29779..f8f048a6f2 100644
--- a/source3/auth/auth_builtin.c
+++ b/source3/auth/auth_builtin.c
@@ -34,8 +34,8 @@
static NTSTATUS check_guest_security(const struct auth_context *auth_context,
void *my_private_data,
TALLOC_CTX *mem_ctx,
- const auth_usersupplied_info *user_info,
- auth_serversupplied_info **server_info)
+ const struct auth_usersupplied_info *user_info,
+ struct auth_serversupplied_info **server_info)
{
/* mark this as 'not for me' */
NTSTATUS nt_status = NT_STATUS_NOT_IMPLEMENTED;
@@ -77,8 +77,8 @@ static NTSTATUS auth_init_guest(struct auth_context *auth_context, const char *o
static NTSTATUS check_name_to_ntstatus_security(const struct auth_context *auth_context,
void *my_private_data,
TALLOC_CTX *mem_ctx,
- const auth_usersupplied_info *user_info,
- auth_serversupplied_info **server_info)
+ const struct auth_usersupplied_info *user_info,
+ struct auth_serversupplied_info **server_info)
{
NTSTATUS nt_status;
fstring user;
@@ -130,8 +130,8 @@ static NTSTATUS auth_init_name_to_ntstatus(struct auth_context *auth_context, co
static NTSTATUS check_fixed_challenge_security(const struct auth_context *auth_context,
void *my_private_data,
TALLOC_CTX *mem_ctx,
- const auth_usersupplied_info *user_info,
- auth_serversupplied_info **server_info)
+ const struct auth_usersupplied_info *user_info,
+ struct auth_serversupplied_info **server_info)
{
return NT_STATUS_NOT_IMPLEMENTED;
}
diff --git a/source3/auth/auth_compat.c b/source3/auth/auth_compat.c
index 77a994828f..e90036f3ff 100644
--- a/source3/auth/auth_compat.c
+++ b/source3/auth/auth_compat.c
@@ -35,10 +35,12 @@ SMB hash
return True if the password is correct, False otherwise
****************************************************************************/
-NTSTATUS check_plaintext_password(const char *smb_name, DATA_BLOB plaintext_password, auth_serversupplied_info **server_info)
+NTSTATUS check_plaintext_password(const char *smb_name,
+ DATA_BLOB plaintext_password,
+ struct auth_serversupplied_info **server_info)
{
struct auth_context *plaintext_auth_context = NULL;
- auth_usersupplied_info *user_info = NULL;
+ struct auth_usersupplied_info *user_info = NULL;
uint8_t chal[8];
NTSTATUS nt_status;
if (!NT_STATUS_IS_OK(nt_status = make_auth_context_subsystem(&plaintext_auth_context))) {
@@ -72,9 +74,9 @@ static NTSTATUS pass_check_smb(struct auth_context *actx,
{
NTSTATUS nt_status;
- auth_serversupplied_info *server_info = NULL;
+ struct auth_serversupplied_info *server_info = NULL;
if (encrypted) {
- auth_usersupplied_info *user_info = NULL;
+ struct auth_usersupplied_info *user_info = NULL;
if (actx == NULL) {
return NT_STATUS_INTERNAL_ERROR;
}
diff --git a/source3/auth/auth_domain.c b/source3/auth/auth_domain.c
index c527360321..a07aa617c4 100644
--- a/source3/auth/auth_domain.c
+++ b/source3/auth/auth_domain.c
@@ -251,10 +251,10 @@ machine %s. Error was : %s.\n", dc_name, cli_errstr(*cli)));
************************************************************************/
static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
- const auth_usersupplied_info *user_info,
+ const struct auth_usersupplied_info *user_info,
const char *domain,
uchar chal[8],
- auth_serversupplied_info **server_info,
+ struct auth_serversupplied_info **server_info,
const char *dc_name,
struct sockaddr_storage *dc_ss)
@@ -372,8 +372,8 @@ static NTSTATUS domain_client_validate(TALLOC_CTX *mem_ctx,
static NTSTATUS check_ntdomain_security(const struct auth_context *auth_context,
void *my_private_data,
TALLOC_CTX *mem_ctx,
- const auth_usersupplied_info *user_info,
- auth_serversupplied_info **server_info)
+ const struct auth_usersupplied_info *user_info,
+ struct auth_serversupplied_info **server_info)
{
NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
const char *domain = lp_workgroup();
@@ -441,8 +441,8 @@ static NTSTATUS auth_init_ntdomain(struct auth_context *auth_context, const char
static NTSTATUS check_trustdomain_security(const struct auth_context *auth_context,
void *my_private_data,
TALLOC_CTX *mem_ctx,
- const auth_usersupplied_info *user_info,
- auth_serversupplied_info **server_info)
+ const struct auth_usersupplied_info *user_info,
+ struct auth_serversupplied_info **server_info)
{
NTSTATUS nt_status = NT_STATUS_LOGON_FAILURE;
unsigned char trust_md4_password[16];
diff --git a/source3/auth/auth_netlogond.c b/source3/auth/auth_netlogond.c
index ebfed83d41..bfd12281c4 100644
--- a/source3/auth/auth_netlogond.c
+++ b/source3/auth/auth_netlogond.c
@@ -27,7 +27,7 @@ static NTSTATUS netlogond_validate(TALLOC_CTX *mem_ctx,
const struct auth_context *auth_context,
const char *ncalrpc_sockname,
uint8_t schannel_key[16],
- const auth_usersupplied_info *user_info,
+ const struct auth_usersupplied_info *user_info,
struct netr_SamInfo3 **pinfo3,
NTSTATUS *schannel_bind_result)
{
@@ -153,8 +153,8 @@ static char *mymachinepw(TALLOC_CTX *mem_ctx)
static NTSTATUS check_netlogond_security(const struct auth_context *auth_context,
void *my_private_data,
TALLOC_CTX *mem_ctx,
- const auth_usersupplied_info *user_info,
- auth_serversupplied_info **server_info)
+ const struct auth_usersupplied_info *user_info,
+ struct auth_serversupplied_info **server_info)
{
TALLOC_CTX *frame = talloc_stackframe();
struct netr_SamInfo3 *info3 = NULL;
diff --git a/source3/auth/auth_ntlmssp.c b/source3/auth/auth_ntlmssp.c
index 4243a24ca7..88f0e69443 100644
--- a/source3/auth/auth_ntlmssp.c
+++ b/source3/auth/auth_ntlmssp.c
@@ -85,7 +85,7 @@ static NTSTATUS auth_ntlmssp_check_password(struct ntlmssp_state *ntlmssp_state,
{
AUTH_NTLMSSP_STATE *auth_ntlmssp_state =
(AUTH_NTLMSSP_STATE *)ntlmssp_state->auth_context;
- auth_usersupplied_info *user_info = NULL;
+ struct auth_usersupplied_info *user_info = NULL;
NTSTATUS nt_status;
bool username_was_mapped;
diff --git a/source3/auth/auth_sam.c b/source3/auth/auth_sam.c
index f0500b3611..1dd8fc950e 100644
--- a/source3/auth/auth_sam.c
+++ b/source3/auth/auth_sam.c
@@ -33,21 +33,23 @@
static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
TALLOC_CTX *mem_ctx,
- struct samu *sampass,
- const auth_usersupplied_info *user_info,
+ const char *username,
+ uint32_t acct_ctrl,
+ const uint8_t *lm_pw,
+ const uint8_t *nt_pw,
+ const struct auth_usersupplied_info *user_info,
DATA_BLOB *user_sess_key,
DATA_BLOB *lm_sess_key)
{
- uint32 acct_ctrl;
- const uint8 *lm_pw, *nt_pw;
- struct samr_Password lm_hash, nt_hash, client_lm_hash, client_nt_hash;
- const char *username = pdb_get_username(sampass);
- bool got_lm = false, got_nt = false;
+ struct samr_Password _lm_hash, _nt_hash, _client_lm_hash, _client_nt_hash;
+ struct samr_Password *lm_hash = NULL;
+ struct samr_Password *nt_hash = NULL;
+ struct samr_Password *client_lm_hash = NULL;
+ struct samr_Password *client_nt_hash = NULL;
- *user_sess_key = data_blob(NULL, 0);
- *lm_sess_key = data_blob(NULL, 0);
+ *user_sess_key = data_blob_null;
+ *lm_sess_key = data_blob_null;
- acct_ctrl = pdb_get_acct_ctrl(sampass);
if (acct_ctrl & ACB_PWNOTREQ) {
if (lp_null_passwords()) {
DEBUG(3,("Account for user '%s' has no password and null passwords are allowed.\n", username));
@@ -58,34 +60,35 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
}
}
- lm_pw = pdb_get_lanman_passwd(sampass);
- nt_pw = pdb_get_nt_passwd(sampass);
if (lm_pw) {
- memcpy(lm_hash.hash, lm_pw, sizeof(lm_hash.hash));
+ memcpy(_lm_hash.hash, lm_pw, sizeof(_lm_hash.hash));
+ lm_hash = &_lm_hash;
}
if (nt_pw) {
- memcpy(nt_hash.hash, nt_pw, sizeof(nt_hash.hash));
+ memcpy(_nt_hash.hash, nt_pw, sizeof(_nt_hash.hash));
+ nt_hash = &_nt_hash;
}
- if (user_info->lm_interactive_pwd.data && sizeof(client_lm_hash.hash) == user_info->lm_interactive_pwd.length) {
- memcpy(client_lm_hash.hash, user_info->lm_interactive_pwd.data, sizeof(lm_hash.hash));
- got_lm = true;
+ if (user_info->lm_interactive_pwd.data && sizeof(_client_lm_hash.hash) == user_info->lm_interactive_pwd.length) {
+ memcpy(_client_lm_hash.hash, user_info->lm_interactive_pwd.data, sizeof(_lm_hash.hash));
+ client_lm_hash = &_client_lm_hash;
}
- if (user_info->nt_interactive_pwd.data && sizeof(client_nt_hash.hash) == user_info->nt_interactive_pwd.length) {
- memcpy(client_nt_hash.hash, user_info->nt_interactive_pwd.data, sizeof(nt_hash.hash));
- got_nt = true;
+ if (user_info->nt_interactive_pwd.data && sizeof(_client_nt_hash.hash) == user_info->nt_interactive_pwd.length) {
+ memcpy(_client_nt_hash.hash, user_info->nt_interactive_pwd.data, sizeof(_nt_hash.hash));
+ client_nt_hash = &_client_nt_hash;
}
- if (got_lm || got_nt) {
- *user_sess_key = data_blob(mem_ctx, 16);
+
+ if (client_lm_hash || client_nt_hash) {
+ *user_sess_key = data_blob_talloc(mem_ctx, NULL, 16);
if (!user_sess_key->data) {
return NT_STATUS_NO_MEMORY;
}
SMBsesskeygen_ntv1(nt_pw, user_sess_key->data);
return hash_password_check(mem_ctx, lp_lanman_auth(),
- got_lm ? &client_lm_hash : NULL,
- got_nt ? &client_nt_hash : NULL,
+ client_lm_hash,
+ client_nt_hash,
username,
- lm_pw ? &lm_hash: NULL,
- nt_pw ? &nt_hash : NULL);
+ lm_hash,
+ nt_hash);
} else {
return ntlm_password_check(mem_ctx, lp_lanman_auth(),
lp_ntlm_auth(),
@@ -95,8 +98,8 @@ static NTSTATUS sam_password_ok(const struct auth_context *auth_context,
username,
user_info->smb_name,
user_info->client_domain,
- lm_pw ? &lm_hash: NULL,
- nt_pw ? &nt_hash : NULL,
+ lm_hash,
+ nt_hash,
user_sess_key, lm_sess_key);
}
}
@@ -165,7 +168,7 @@ static bool logon_hours_ok(struct samu *sampass)
static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx,
struct samu *sampass,
- const auth_usersupplied_info *user_info)
+ const struct auth_usersupplied_info *user_info)
{
uint32 acct_ctrl = pdb_get_acct_ctrl(sampass);
char *workstation_list;
@@ -278,6 +281,75 @@ static NTSTATUS sam_account_ok(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
+/**
+ * Check whether the given password is one of the last two
+ * password history entries. If so, the bad pwcount should
+ * not be incremented even thought the actual password check
+ * failed.
+ */
+static bool need_to_increment_bad_pw_count(
+ const struct auth_context *auth_context,
+ struct samu* sampass,
+ const struct auth_usersupplied_info *user_info)
+{
+ uint8_t i;
+ const uint8_t *pwhistory;
+ uint32_t pwhistory_len;
+ uint32_t policy_pwhistory_len;
+ uint32_t acct_ctrl;
+ const char *username;
+ TALLOC_CTX *mem_ctx = talloc_stackframe();
+ bool result = true;
+
+ pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY,
+ &policy_pwhistory_len);
+ if (policy_pwhistory_len == 0) {
+ goto done;
+ }
+
+ pwhistory = pdb_get_pw_history(sampass, &pwhistory_len);
+ if (!pwhistory || pwhistory_len == 0) {
+ goto done;
+ }
+
+ acct_ctrl = pdb_get_acct_ctrl(sampass);
+ username = pdb_get_username(sampass);
+
+ for (i=1; i < MIN(MIN(3, policy_pwhistory_len), pwhistory_len); i++) {
+ static const uint8_t zero16[SALTED_MD5_HASH_LEN];
+ const uint8_t *salt;
+ const uint8_t *nt_pw;
+ NTSTATUS status;
+ DATA_BLOB user_sess_key = data_blob_null;
+ DATA_BLOB lm_sess_key = data_blob_null;
+
+ salt = &pwhistory[i*PW_HISTORY_ENTRY_LEN];
+ nt_pw = salt + PW_HISTORY_SALT_LEN;
+
+ if (memcmp(zero16, nt_pw, NT_HASH_LEN) == 0) {
+ /* skip zero password hash */
+ continue;
+ }
+
+ if (memcmp(zero16, salt, PW_HISTORY_SALT_LEN) != 0) {
+ /* skip nonzero salt (old format entry) */
+ continue;
+ }
+
+ status = sam_password_ok(auth_context, mem_ctx,
+ username, acct_ctrl, NULL, nt_pw,
+ user_info, &user_sess_key, &lm_sess_key);
+ if (NT_STATUS_IS_OK(status)) {
+ result = false;
+ break;
+ }
+ }
+
+done:
+ TALLOC_FREE(mem_ctx);
+ return result;
+}
+
/****************************************************************************
check if a username/password is OK assuming the password is a 24 byte
SMB hash supplied in the user_info structure
@@ -287,8 +359,8 @@ return an NT_STATUS constant.
static NTSTATUS check_sam_security(const struct auth_context *auth_context,
void *my_private_data,
TALLOC_CTX *mem_ctx,
- const auth_usersupplied_info *user_info,
- auth_serversupplied_info **server_info)
+ const struct auth_usersupplied_info *user_info,
+ struct auth_serversupplied_info **server_info)
{
struct samu *sampass=NULL;
bool ret;
@@ -297,6 +369,10 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
DATA_BLOB user_sess_key = data_blob_null;
DATA_BLOB lm_sess_key = data_blob_null;
bool updated_autolock = False, updated_badpw = False;
+ uint32_t acct_ctrl;
+ const char *username;
+ const uint8_t *nt_pw;
+ const uint8_t *lm_pw;
if (!user_info || !auth_context) {
return NT_STATUS_UNSUCCESSFUL;
@@ -305,7 +381,8 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
/* the returned struct gets kept on the server_info, by means
of a steal further down */
- if ( !(sampass = samu_new( mem_ctx )) ) {
+ sampass = samu_new(mem_ctx);
+ if (sampass == NULL) {
return NT_STATUS_NO_MEMORY;
}
@@ -322,16 +399,22 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
return NT_STATUS_NO_SUCH_USER;
}
+ acct_ctrl = pdb_get_acct_ctrl(sampass);
+ username = pdb_get_username(sampass);
+ nt_pw = pdb_get_nt_passwd(sampass);
+ lm_pw = pdb_get_lanman_passwd(sampass);
+
/* see if autolock flag needs to be updated */
- if (pdb_get_acct_ctrl(sampass) & ACB_NORMAL)
+ if (acct_ctrl & ACB_NORMAL)
pdb_update_autolock_flag(sampass, &updated_autolock);
/* Quit if the account was locked out. */
- if (pdb_get_acct_ctrl(sampass) & ACB_AUTOLOCK) {
- DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", pdb_get_username(sampass)));
+ if (acct_ctrl & ACB_AUTOLOCK) {
+ DEBUG(3,("check_sam_security: Account for user %s was locked out.\n", username));
return NT_STATUS_ACCOUNT_LOCKED_OUT;
}
- nt_status = sam_password_ok(auth_context, mem_ctx, sampass,
+ nt_status = sam_password_ok(auth_context, mem_ctx,
+ username, acct_ctrl, lm_pw, nt_pw,
user_info, &user_sess_key, &lm_sess_key);
/* Notify passdb backend of login success/failure. If not
@@ -340,10 +423,19 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
update_login_attempts_status = pdb_update_login_attempts(sampass, NT_STATUS_IS_OK(nt_status));
if (!NT_STATUS_IS_OK(nt_status)) {
+ bool increment_bad_pw_count = false;
+
if (NT_STATUS_EQUAL(nt_status,NT_STATUS_WRONG_PASSWORD) &&
- pdb_get_acct_ctrl(sampass) &ACB_NORMAL &&
+ acct_ctrl & ACB_NORMAL &&
NT_STATUS_IS_OK(update_login_attempts_status))
- {
+ {
+ increment_bad_pw_count =
+ need_to_increment_bad_pw_count(auth_context,
+ sampass,
+ user_info);
+ }
+
+ if (increment_bad_pw_count) {
pdb_increment_bad_password_count(sampass);
updated_badpw = True;
} else {
@@ -351,18 +443,21 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
&updated_badpw);
}
if (updated_autolock || updated_badpw){
+ NTSTATUS status;
+
become_root();
- if(!NT_STATUS_IS_OK(pdb_update_sam_account(sampass)))
- DEBUG(1, ("Failed to modify entry.\n"));
+ status = pdb_update_sam_account(sampass);
unbecome_root();
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("Failed to modify entry: %s\n",
+ nt_errstr(status)));
+ }
}
- data_blob_free(&user_sess_key);
- data_blob_free(&lm_sess_key);
- TALLOC_FREE(sampass);
- return nt_status;
+ goto done;
}
- if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) &&
+ if ((acct_ctrl & ACB_NORMAL) &&
(pdb_get_bad_password_count(sampass) > 0)){
pdb_set_bad_password_count(sampass, 0, PDB_CHANGED);
pdb_set_bad_password_time(sampass, 0, PDB_CHANGED);
@@ -370,30 +465,36 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
}
if (updated_autolock || updated_badpw){
+ NTSTATUS status;
+
become_root();
- if(!NT_STATUS_IS_OK(pdb_update_sam_account(sampass)))
- DEBUG(1, ("Failed to modify entry.\n"));
+ status = pdb_update_sam_account(sampass);
unbecome_root();
- }
+
+ if (!NT_STATUS_IS_OK(status)) {
+ DEBUG(1, ("Failed to modify entry: %s\n",
+ nt_errstr(status)));
+ }
+ }
nt_status = sam_account_ok(mem_ctx, sampass, user_info);
if (!NT_STATUS_IS_OK(nt_status)) {
- TALLOC_FREE(sampass);
- data_blob_free(&user_sess_key);
- data_blob_free(&lm_sess_key);
- return nt_status;
+ goto done;
}
become_root();
nt_status = make_server_info_sam(server_info, sampass);
unbecome_root();
+ /*
+ * sampass has been stolen to server_info.
+ * So NULL it out to prevent segfaults.
+ */
+ sampass = NULL;
if (!NT_STATUS_IS_OK(nt_status)) {
DEBUG(0,("check_sam_security: make_server_info_sam() failed with '%s'\n", nt_errstr(nt_status)));
- data_blob_free(&user_sess_key);
- data_blob_free(&lm_sess_key);
- return nt_status;
+ goto done;
}
(*server_info)->user_session_key =
@@ -408,6 +509,10 @@ static NTSTATUS check_sam_security(const struct auth_context *auth_context,
(*server_info)->nss_token |= user_info->was_mapped;
+done:
+ TALLOC_FREE(sampass);
+ data_blob_free(&user_sess_key);
+ data_blob_free(&lm_sess_key);
return nt_status;
}
@@ -431,8 +536,8 @@ Check SAM security (above) but with a few extra checks.
static NTSTATUS check_samstrict_security(const struct auth_context *auth_context,
void *my_private_data,
TALLOC_CTX *mem_ctx,
- const auth_usersupplied_info *user_info,
- auth_serversupplied_info **server_info)
+ const struct auth_usersupplied_info *user_info,
+ struct auth_serversupplied_info **server_info)
{
bool is_local_name, is_my_domain;
diff --git a/source3/auth/auth_script.c b/source3/auth/auth_script.c
index 6cbace71e8..be1ae81501 100644
--- a/source3/auth/auth_script.c
+++ b/source3/auth/auth_script.c
@@ -40,8 +40,8 @@
static NTSTATUS script_check_user_credentials(const struct auth_context *auth_context,
void *my_private_data,
TALLOC_CTX *mem_ctx,
- const auth_usersupplied_info *user_info,
- auth_serversupplied_info **server_info)
+ const struct auth_usersupplied_info *user_info,
+ struct auth_serversupplied_info **server_info)
{
const char *script = lp_parm_const_string( GLOBAL_SECTION_SNUM, "auth_script", "script", NULL);
char *secret_str;
diff --git a/source3/auth/auth_server.c b/source3/auth/auth_server.c
index 287b50b080..ec92787dce 100644
--- a/source3/auth/auth_server.c
+++ b/source3/auth/auth_server.c
@@ -270,8 +270,8 @@ static DATA_BLOB auth_get_challenge_server(const struct auth_context *auth_conte
static NTSTATUS check_smbserver_security(const struct auth_context *auth_context,
void *my_private_data,
TALLOC_CTX *mem_ctx,
- const auth_usersupplied_info *user_info,
- auth_serversupplied_info **server_info)
+ const struct auth_usersupplied_info *user_info,
+ struct auth_serversupplied_info **server_info)
{
struct server_security_state *state = talloc_get_type_abort(
my_private_data, struct server_security_state);
diff --git a/source3/auth/auth_unix.c b/source3/auth/auth_unix.c
index 58c765226d..3e2df9a123 100644
--- a/source3/auth/auth_unix.c
+++ b/source3/auth/auth_unix.c
@@ -85,8 +85,8 @@ static bool update_smbpassword_file(const char *user, const char *password)
static NTSTATUS check_unix_security(const struct auth_context *auth_context,
void *my_private_data,
TALLOC_CTX *mem_ctx,
- const auth_usersupplied_info *user_info,
- auth_serversupplied_info **server_info)
+ const struct auth_usersupplied_info *user_info,
+ struct auth_serversupplied_info **server_info)
{
NTSTATUS nt_status;
struct passwd *pass = NULL;
diff --git a/source3/auth/auth_util.c b/source3/auth/auth_util.c
index 8167a80a4f..de552cf57e 100644
--- a/source3/auth/auth_util.c
+++ b/source3/auth/auth_util.c
@@ -33,7 +33,7 @@
auth_serversupplied_info struct.
****************************************************************************/
-static void sort_sid_array_for_smbd(auth_serversupplied_info *result,
+static void sort_sid_array_for_smbd(struct auth_serversupplied_info *result,
const DOM_SID *pgroup_sid)
{
unsigned int i;
@@ -107,7 +107,7 @@ static int _smb_create_user(const char *domain, const char *unix_username, const
Create an auth_usersupplied_data structure
****************************************************************************/
-static NTSTATUS make_user_info(auth_usersupplied_info **user_info,
+static NTSTATUS make_user_info(struct auth_usersupplied_info **user_info,
const char *smb_name,
const char *internal_username,
const char *client_domain,
@@ -121,7 +121,7 @@ static NTSTATUS make_user_info(auth_usersupplied_info **user_info,
DEBUG(5,("attempting to make a user_info for %s (%s)\n", internal_username, smb_name));
- *user_info = SMB_MALLOC_P(auth_usersupplied_info);
+ *user_info = SMB_MALLOC_P(struct auth_usersupplied_info);
if (*user_info == NULL) {
DEBUG(0,("malloc failed for user_info (size %lu)\n", (unsigned long)sizeof(*user_info)));
return NT_STATUS_NO_MEMORY;
@@ -188,7 +188,7 @@ static NTSTATUS make_user_info(auth_usersupplied_info **user_info,
Create an auth_usersupplied_data structure after appropriate mapping.
****************************************************************************/
-NTSTATUS make_user_info_map(auth_usersupplied_info **user_info,
+NTSTATUS make_user_info_map(struct auth_usersupplied_info **user_info,
const char *smb_name,
const char *client_domain,
const char *wksta_name,
@@ -252,7 +252,7 @@ NTSTATUS make_user_info_map(auth_usersupplied_info **user_info,
Decrypt and encrypt the passwords.
****************************************************************************/
-bool make_user_info_netlogon_network(auth_usersupplied_info **user_info,
+bool make_user_info_netlogon_network(struct auth_usersupplied_info **user_info,
const char *smb_name,
const char *client_domain,
const char *wksta_name,
@@ -290,7 +290,7 @@ bool make_user_info_netlogon_network(auth_usersupplied_info **user_info,
Decrypt and encrypt the passwords.
****************************************************************************/
-bool make_user_info_netlogon_interactive(auth_usersupplied_info **user_info,
+bool make_user_info_netlogon_interactive(struct auth_usersupplied_info **user_info,
const char *smb_name,
const char *client_domain,
const char *wksta_name,
@@ -402,7 +402,7 @@ bool make_user_info_netlogon_interactive(auth_usersupplied_info **user_info,
Create an auth_usersupplied_data structure
****************************************************************************/
-bool make_user_info_for_reply(auth_usersupplied_info **user_info,
+bool make_user_info_for_reply(struct auth_usersupplied_info **user_info,
const char *smb_name,
const char *client_domain,
const uint8 chal[8],
@@ -460,7 +460,7 @@ bool make_user_info_for_reply(auth_usersupplied_info **user_info,
Create an auth_usersupplied_data structure
****************************************************************************/
-NTSTATUS make_user_info_for_reply_enc(auth_usersupplied_info **user_info,
+NTSTATUS make_user_info_for_reply_enc(struct auth_usersupplied_info **user_info,
const char *smb_name,
const char *client_domain,
DATA_BLOB lm_resp, DATA_BLOB nt_resp)
@@ -478,7 +478,7 @@ NTSTATUS make_user_info_for_reply_enc(auth_usersupplied_info **user_info,
Create a guest user_info blob, for anonymous authenticaion.
****************************************************************************/
-bool make_user_info_guest(auth_usersupplied_info **user_info)
+bool make_user_info_guest(struct auth_usersupplied_info **user_info)
{
NTSTATUS nt_status;
@@ -494,7 +494,7 @@ bool make_user_info_guest(auth_usersupplied_info **user_info)
return NT_STATUS_IS_OK(nt_status) ? True : False;
}
-static int server_info_dtor(auth_serversupplied_info *server_info)
+static int server_info_dtor(struct auth_serversupplied_info *server_info)
{
TALLOC_FREE(server_info->sam_account);
ZERO_STRUCTP(server_info);
@@ -505,11 +505,11 @@ static int server_info_dtor(auth_serversupplied_info *server_info)
Make a server_info struct. Free with TALLOC_FREE().
***************************************************************************/
-static auth_serversupplied_info *make_server_info(TALLOC_CTX *mem_ctx)
+static struct auth_serversupplied_info *make_server_info(TALLOC_CTX *mem_ctx)
{
struct auth_serversupplied_info *result;
- result = TALLOC_ZERO_P(mem_ctx, auth_serversupplied_info);
+ result = TALLOC_ZERO_P(mem_ctx, struct auth_serversupplied_info);
if (result == NULL) {
DEBUG(0, ("talloc failed\n"));
return NULL;
@@ -562,12 +562,12 @@ static bool is_our_machine_account(const char *username)
Make (and fill) a user_info struct from a struct samu
***************************************************************************/
-NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info,
+NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info,
struct samu *sampass)
{
struct passwd *pwd;
gid_t *gids;
- auth_serversupplied_info *result;
+ struct auth_serversupplied_info *result;
const char *username = pdb_get_username(sampass);
NTSTATUS status;
@@ -701,7 +701,7 @@ static NTSTATUS log_nt_token(NT_USER_TOKEN *token)
* server_info->sids (the info3/sam groups). Find the unix gids.
*/
-NTSTATUS create_local_token(auth_serversupplied_info *server_info)
+NTSTATUS create_local_token(struct auth_serversupplied_info *server_info)
{
NTSTATUS status;
size_t i;
@@ -1140,7 +1140,7 @@ bool user_in_group(const char *username, const char *groupname)
to a struct samu
***************************************************************************/
-NTSTATUS make_server_info_pw(auth_serversupplied_info **server_info,
+NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
char *unix_username,
struct passwd *pwd)
{
@@ -1151,7 +1151,7 @@ NTSTATUS make_server_info_pw(auth_serversupplied_info **server_info,
TALLOC_CTX *mem_ctx = NULL;
DOM_SID u_sid;
enum lsa_SidType type;
- auth_serversupplied_info *result;
+ struct auth_serversupplied_info *result;
if ( !(sampass = samu_new( NULL )) ) {
return NT_STATUS_NO_MEMORY;
@@ -1261,7 +1261,7 @@ NTSTATUS make_server_info_pw(auth_serversupplied_info **server_info,
the guest gid, then create one.
***************************************************************************/
-static NTSTATUS make_new_server_info_guest(auth_serversupplied_info **server_info)
+static NTSTATUS make_new_server_info_guest(struct auth_serversupplied_info **server_info)
{
NTSTATUS status;
struct samu *sampass = NULL;
@@ -1274,8 +1274,7 @@ static NTSTATUS make_new_server_info_guest(auth_serversupplied_info **server_inf
return NT_STATUS_NO_MEMORY;
}
- sid_copy(&guest_sid, get_global_sam_sid());
- sid_append_rid(&guest_sid, DOMAIN_USER_RID_GUEST);
+ sid_compose(&guest_sid, get_global_sam_sid(), DOMAIN_USER_RID_GUEST);
become_root();
ret = pdb_getsampwsid(sampass, &guest_sid);
@@ -1355,9 +1354,9 @@ NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx,
struct auth_serversupplied_info *copy_serverinfo(TALLOC_CTX *mem_ctx,
- const auth_serversupplied_info *src)
+ const struct auth_serversupplied_info *src)
{
- auth_serversupplied_info *dst;
+ struct auth_serversupplied_info *dst;
dst = make_server_info(mem_ctx);
if (dst == NULL) {
@@ -1433,7 +1432,7 @@ bool server_info_set_session_key(struct auth_serversupplied_info *info,
return (info->user_session_key.data != NULL);
}
-static auth_serversupplied_info *guest_info = NULL;
+static struct auth_serversupplied_info *guest_info = NULL;
bool init_guest_info(void)
{
@@ -1444,7 +1443,7 @@ bool init_guest_info(void)
}
NTSTATUS make_server_info_guest(TALLOC_CTX *mem_ctx,
- auth_serversupplied_info **server_info)
+ struct auth_serversupplied_info **server_info)
{
*server_info = copy_serverinfo(mem_ctx, guest_info);
return (*server_info != NULL) ? NT_STATUS_OK : NT_STATUS_NO_MEMORY;
@@ -1620,7 +1619,7 @@ struct passwd *smb_getpwnam( TALLOC_CTX *mem_ctx, char *domuser,
NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
const char *sent_nt_username,
const char *domain,
- auth_serversupplied_info **server_info,
+ struct auth_serversupplied_info **server_info,
struct netr_SamInfo3 *info3)
{
char zeros[16];
@@ -1637,7 +1636,7 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
uid_t uid = (uid_t)-1;
gid_t gid = (gid_t)-1;
- auth_serversupplied_info *result;
+ struct auth_serversupplied_info *result;
/*
Here is where we should check the list of
@@ -1645,13 +1644,12 @@ NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
matches.
*/
- sid_copy(&user_sid, info3->base.domain_sid);
- if (!sid_append_rid(&user_sid, info3->base.rid)) {
+ if (!sid_compose(&user_sid, info3->base.domain_sid, info3->base.rid)) {
return NT_STATUS_INVALID_PARAMETER;
}
- sid_copy(&group_sid, info3->base.domain_sid);
- if (!sid_append_rid(&group_sid, info3->base.primary_gid)) {
+ if (!sid_compose(&group_sid, info3->base.domain_sid,
+ info3->base.primary_gid)) {
return NT_STATUS_INVALID_PARAMETER;
}
@@ -1873,7 +1871,7 @@ NTSTATUS make_server_info_wbcAuthUserInfo(TALLOC_CTX *mem_ctx,
const char *sent_nt_username,
const char *domain,
const struct wbcAuthUserInfo *info,
- auth_serversupplied_info **server_info)
+ struct auth_serversupplied_info **server_info)
{
char zeros[16];
@@ -1890,7 +1888,7 @@ NTSTATUS make_server_info_wbcAuthUserInfo(TALLOC_CTX *mem_ctx,
uid_t uid = (uid_t)-1;
gid_t gid = (gid_t)-1;
- auth_serversupplied_info *result;
+ struct auth_serversupplied_info *result;
result = make_server_info(NULL);
if (result == NULL) {
@@ -2114,7 +2112,7 @@ NTSTATUS make_server_info_wbcAuthUserInfo(TALLOC_CTX *mem_ctx,
Free a user_info struct
***************************************************************************/
-void free_user_info(auth_usersupplied_info **user_info)
+void free_user_info(struct auth_usersupplied_info **user_info)
{
DEBUG(5,("attempting to free (and zero) a user_info structure\n"));
if (*user_info != NULL) {
diff --git a/source3/auth/auth_wbc.c b/source3/auth/auth_wbc.c
index 580c8b550d..85b05efb36 100644
--- a/source3/auth/auth_wbc.c
+++ b/source3/auth/auth_wbc.c
@@ -47,8 +47,8 @@
static NTSTATUS check_wbc_security(const struct auth_context *auth_context,
void *my_private_data,
TALLOC_CTX *mem_ctx,
- const auth_usersupplied_info *user_info,
- auth_serversupplied_info **server_info)
+ const struct auth_usersupplied_info *user_info,
+ struct auth_serversupplied_info **server_info)
{
NTSTATUS nt_status;
wbcErr wbc_status;
diff --git a/source3/auth/auth_winbind.c b/source3/auth/auth_winbind.c
index d1b00a3268..74723e6af4 100644
--- a/source3/auth/auth_winbind.c
+++ b/source3/auth/auth_winbind.c
@@ -30,8 +30,8 @@
static NTSTATUS check_winbind_security(const struct auth_context *auth_context,
void *my_private_data,
TALLOC_CTX *mem_ctx,
- const auth_usersupplied_info *user_info,
- auth_serversupplied_info **server_info)
+ const struct auth_usersupplied_info *user_info,
+ struct auth_serversupplied_info **server_info)
{
NTSTATUS nt_status;
wbcErr wbc_status;
diff --git a/source3/configure.in b/source3/configure.in
index e3f53b45c2..d17cdac846 100644
--- a/source3/configure.in
+++ b/source3/configure.in
@@ -439,6 +439,7 @@ default_shared_modules="$default_shared_modules vfs_acl_tdb"
default_shared_modules="$default_shared_modules vfs_smb_traffic_analyzer"
default_shared_modules="$default_shared_modules vfs_preopen"
default_shared_modules="$default_shared_modules vfs_catia"
+default_shared_modules="$default_shared_modules vfs_scannedonly"
if test "x$developer" = xyes; then
default_static_modules="$default_static_modules rpc_rpcecho pdb_ads"
@@ -6552,6 +6553,7 @@ SMB_MODULE(vfs_smb_traffic_analyzer, \$(VFS_SMB_TRAFFIC_ANALYZER_OBJ), "bin/smb_
SMB_MODULE(vfs_onefs, \$(VFS_ONEFS), "bin/onefs.$SHLIBEXT", VFS)
SMB_MODULE(vfs_onefs_shadow_copy, \$(VFS_ONEFS_SHADOW_COPY), "bin/onefs_shadow_copy.$SHLIBEXT", VFS)
SMB_MODULE(vfs_dirsort, \$(VFS_DIRSORT_OBJ), "bin/dirsort.$SHLIBEXT", VFS)
+SMB_MODULE(vfs_scannedonly, \$(VFS_SCANNEDONLY_OBJ), "bin/scannedonly.$SHLIBEXT", VFS)
SMB_SUBSYSTEM(VFS,smbd/vfs.o)
diff --git a/source3/groupdb/mapping.c b/source3/groupdb/mapping.c
index 12d0bd365c..579486b874 100644
--- a/source3/groupdb/mapping.c
+++ b/source3/groupdb/mapping.c
@@ -519,8 +519,7 @@ NTSTATUS pdb_default_create_alias(struct pdb_methods *methods,
DEBUG(10, ("Creating alias %s with gid %u and rid %u\n",
name, (unsigned int)gid, (unsigned int)new_rid));
- sid_copy(&sid, get_global_sam_sid());
- sid_append_rid(&sid, new_rid);
+ sid_compose(&sid, get_global_sam_sid(), new_rid);
map.gid = gid;
sid_copy(&map.sid, &sid);
diff --git a/source3/include/auth.h b/source3/include/auth.h
index 7d778b92d0..115143fb73 100644
--- a/source3/include/auth.h
+++ b/source3/include/auth.h
@@ -19,7 +19,7 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-typedef struct auth_usersupplied_info {
+struct auth_usersupplied_info {
DATA_BLOB lm_resp;
DATA_BLOB nt_resp;
DATA_BLOB lm_interactive_pwd;
@@ -38,9 +38,9 @@ typedef struct auth_usersupplied_info {
uint32 logon_parameters;
-} auth_usersupplied_info;
+};
-typedef struct auth_serversupplied_info {
+struct auth_serversupplied_info {
bool guest;
DOM_SID *sids; /* These SIDs are preliminary between
@@ -77,7 +77,7 @@ typedef struct auth_serversupplied_info {
* smb request. See set_current_user_info.
*/
char *sanitized_username;
-} auth_serversupplied_info;
+};
struct auth_context {
DATA_BLOB challenge;
@@ -110,7 +110,7 @@ typedef struct auth_methods
void *my_private_data,
TALLOC_CTX *mem_ctx,
const struct auth_usersupplied_info *user_info,
- auth_serversupplied_info **server_info);
+ struct auth_serversupplied_info **server_info);
/* If you are using this interface, then you are probably
* getting something wrong. This interface is only for
diff --git a/source3/include/proto.h b/source3/include/proto.h
index 5b16120294..8e8b35cb5a 100644
--- a/source3/include/proto.h
+++ b/source3/include/proto.h
@@ -38,7 +38,9 @@ NTSTATUS auth_builtin_init(void);
/* The following definitions come from auth/auth_compat.c */
-NTSTATUS check_plaintext_password(const char *smb_name, DATA_BLOB plaintext_password, auth_serversupplied_info **server_info);
+NTSTATUS check_plaintext_password(const char *smb_name,
+ DATA_BLOB plaintext_password,
+ struct auth_serversupplied_info **server_info);
bool password_ok(struct auth_context *actx, bool global_encrypted,
const char *session_workgroup,
const char *smb_name, DATA_BLOB password_blob);
@@ -71,7 +73,7 @@ NTSTATUS auth_unix_init(void);
/* The following definitions come from auth/auth_util.c */
-NTSTATUS make_user_info_map(auth_usersupplied_info **user_info,
+NTSTATUS make_user_info_map(struct auth_usersupplied_info **user_info,
const char *smb_name,
const char *client_domain,
const char *wksta_name,
@@ -79,7 +81,7 @@ NTSTATUS make_user_info_map(auth_usersupplied_info **user_info,
DATA_BLOB *lm_interactive_pwd, DATA_BLOB *nt_interactive_pwd,
DATA_BLOB *plaintext,
bool encrypted);
-bool make_user_info_netlogon_network(auth_usersupplied_info **user_info,
+bool make_user_info_netlogon_network(struct auth_usersupplied_info **user_info,
const char *smb_name,
const char *client_domain,
const char *wksta_name,
@@ -88,7 +90,7 @@ bool make_user_info_netlogon_network(auth_usersupplied_info **user_info,
int lm_pwd_len,
const uchar *nt_network_pwd,
int nt_pwd_len);
-bool make_user_info_netlogon_interactive(auth_usersupplied_info **user_info,
+bool make_user_info_netlogon_interactive(struct auth_usersupplied_info **user_info,
const char *smb_name,
const char *client_domain,
const char *wksta_name,
@@ -97,19 +99,19 @@ bool make_user_info_netlogon_interactive(auth_usersupplied_info **user_info,
const uchar lm_interactive_pwd[16],
const uchar nt_interactive_pwd[16],
const uchar *dc_sess_key);
-bool make_user_info_for_reply(auth_usersupplied_info **user_info,
+bool make_user_info_for_reply(struct auth_usersupplied_info **user_info,
const char *smb_name,
const char *client_domain,
const uint8 chal[8],
DATA_BLOB plaintext_password);
-NTSTATUS make_user_info_for_reply_enc(auth_usersupplied_info **user_info,
+NTSTATUS make_user_info_for_reply_enc(struct auth_usersupplied_info **user_info,
const char *smb_name,
const char *client_domain,
DATA_BLOB lm_resp, DATA_BLOB nt_resp);
-bool make_user_info_guest(auth_usersupplied_info **user_info) ;
-NTSTATUS make_server_info_sam(auth_serversupplied_info **server_info,
+bool make_user_info_guest(struct auth_usersupplied_info **user_info) ;
+NTSTATUS make_server_info_sam(struct auth_serversupplied_info **server_info,
struct samu *sampass);
-NTSTATUS create_local_token(auth_serversupplied_info *server_info);
+NTSTATUS create_local_token(struct auth_serversupplied_info *server_info);
NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
bool is_guest,
uid_t *uid, gid_t *gid,
@@ -117,7 +119,7 @@ NTSTATUS create_token_from_username(TALLOC_CTX *mem_ctx, const char *username,
struct nt_user_token **token);
bool user_in_group_sid(const char *username, const DOM_SID *group_sid);
bool user_in_group(const char *username, const char *groupname);
-NTSTATUS make_server_info_pw(auth_serversupplied_info **server_info,
+NTSTATUS make_server_info_pw(struct auth_serversupplied_info **server_info,
char *unix_username,
struct passwd *pwd);
NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx,
@@ -125,26 +127,26 @@ NTSTATUS make_serverinfo_from_username(TALLOC_CTX *mem_ctx,
bool is_guest,
struct auth_serversupplied_info **presult);
struct auth_serversupplied_info *copy_serverinfo(TALLOC_CTX *mem_ctx,
- const auth_serversupplied_info *src);
+ const struct auth_serversupplied_info *src);
bool init_guest_info(void);
bool server_info_set_session_key(struct auth_serversupplied_info *info,
DATA_BLOB session_key);
NTSTATUS make_server_info_guest(TALLOC_CTX *mem_ctx,
- auth_serversupplied_info **server_info);
+ struct auth_serversupplied_info **server_info);
bool copy_current_user(struct current_user *dst, struct current_user *src);
struct passwd *smb_getpwnam( TALLOC_CTX *mem_ctx, char *domuser,
fstring save_username, bool create );
NTSTATUS make_server_info_info3(TALLOC_CTX *mem_ctx,
const char *sent_nt_username,
const char *domain,
- auth_serversupplied_info **server_info,
+ struct auth_serversupplied_info **server_info,
struct netr_SamInfo3 *info3);
NTSTATUS make_server_info_wbcAuthUserInfo(TALLOC_CTX *mem_ctx,
const char *sent_nt_username,
const char *domain,
const struct wbcAuthUserInfo *info,
- auth_serversupplied_info **server_info);
-void free_user_info(auth_usersupplied_info **user_info);
+ struct auth_serversupplied_info **server_info);
+void free_user_info(struct auth_usersupplied_info **user_info);
bool make_auth_methods(struct auth_context *auth_context, auth_methods **auth_method) ;
bool is_trusted_domain(const char* dom_name);
@@ -1286,7 +1288,6 @@ void security_acl_map_generic(struct security_acl *sa, const struct generic_mapp
void se_map_standard(uint32 *access_mask, struct standard_mapping *mapping);
NTSTATUS se_access_check(const SEC_DESC *sd, const NT_USER_TOKEN *token,
uint32 acc_desired, uint32 *acc_granted);
-NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size);
/* The following definitions come from lib/util_sec.c */
@@ -6116,6 +6117,9 @@ NTSTATUS pass_oem_change(char *user,
uchar password_encrypted_with_nt_hash[516],
const uchar old_nt_hash_encrypted[16],
enum samPwdChangeReason *reject_reason);
+bool password_in_history(uint8_t nt_pw[NT_HASH_LEN],
+ uint32_t pw_history_len,
+ const uint8_t *pw_history);
NTSTATUS check_password_complexity(const char *username,
const char *password,
enum samPwdChangeReason *samr_reject_reason);
@@ -6713,7 +6717,7 @@ void invalidate_all_vuids(struct smbd_server_connection *sconn);
int register_initial_vuid(struct smbd_server_connection *sconn);
int register_existing_vuid(struct smbd_server_connection *sconn,
uint16 vuid,
- auth_serversupplied_info *server_info,
+ struct auth_serversupplied_info *server_info,
DATA_BLOB response_blob,
const char *smb_name);
void add_session_user(struct smbd_server_connection *sconn, const char *user);
diff --git a/source3/include/smb.h b/source3/include/smb.h
index b23ea647ec..bc7a90d549 100644
--- a/source3/include/smb.h
+++ b/source3/include/smb.h
@@ -451,6 +451,7 @@ typedef struct files_struct {
bool aio_write_behind;
bool lockdb_clean;
bool initial_delete_on_close; /* Only set at NTCreateX if file was created. */
+ bool delete_on_close;
bool posix_open;
struct smb_filename *fsp_name;
diff --git a/source3/lib/time.c b/source3/lib/time.c
index 5286af37fd..dffc03b1cf 100644
--- a/source3/lib/time.c
+++ b/source3/lib/time.c
@@ -198,17 +198,17 @@ char *current_timestring(TALLOC_CTX *ctx, bool hires)
void srv_put_dos_date(char *buf,int offset,time_t unixdate)
{
- push_dos_date(buf, offset, unixdate, server_zone_offset);
+ push_dos_date((uint8_t *)buf, offset, unixdate, server_zone_offset);
}
void srv_put_dos_date2(char *buf,int offset, time_t unixdate)
{
- push_dos_date2(buf, offset, unixdate, server_zone_offset);
+ push_dos_date2((uint8_t *)buf, offset, unixdate, server_zone_offset);
}
void srv_put_dos_date3(char *buf,int offset,time_t unixdate)
{
- push_dos_date3(buf, offset, unixdate, server_zone_offset);
+ push_dos_date3((uint8_t *)buf, offset, unixdate, server_zone_offset);
}
void round_timespec(enum timestamp_set_resolution res, struct timespec *ts)
@@ -439,17 +439,17 @@ struct timespec interpret_long_date(const char *p)
void cli_put_dos_date(struct cli_state *cli, char *buf, int offset, time_t unixdate)
{
- push_dos_date(buf, offset, unixdate, cli->serverzone);
+ push_dos_date((uint8_t *)buf, offset, unixdate, cli->serverzone);
}
void cli_put_dos_date2(struct cli_state *cli, char *buf, int offset, time_t unixdate)
{
- push_dos_date2(buf, offset, unixdate, cli->serverzone);
+ push_dos_date2((uint8_t *)buf, offset, unixdate, cli->serverzone);
}
void cli_put_dos_date3(struct cli_state *cli, char *buf, int offset, time_t unixdate)
{
- push_dos_date3(buf, offset, unixdate, cli->serverzone);
+ push_dos_date3((uint8_t *)buf, offset, unixdate, cli->serverzone);
}
time_t cli_make_unix_date(struct cli_state *cli, const void *date_ptr)
diff --git a/source3/lib/util_seaccess.c b/source3/lib/util_seaccess.c
index 0da7442d19..e5562b5289 100644
--- a/source3/lib/util_seaccess.c
+++ b/source3/lib/util_seaccess.c
@@ -246,43 +246,3 @@ done:
return NT_STATUS_OK;
}
-
-/*******************************************************************
- samr_make_sam_obj_sd
- ********************************************************************/
-
-NTSTATUS samr_make_sam_obj_sd(TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd_size)
-{
- DOM_SID adm_sid;
- DOM_SID act_sid;
-
- SEC_ACE ace[3];
-
- SEC_ACL *psa = NULL;
-
- sid_copy(&adm_sid, &global_sid_Builtin);
- sid_append_rid(&adm_sid, BUILTIN_ALIAS_RID_ADMINS);
-
- sid_copy(&act_sid, &global_sid_Builtin);
- sid_append_rid(&act_sid, BUILTIN_ALIAS_RID_ACCOUNT_OPS);
-
- /*basic access for every one*/
- init_sec_ace(&ace[0], &global_sid_World, SEC_ACE_TYPE_ACCESS_ALLOWED,
- GENERIC_RIGHTS_SAM_EXECUTE | GENERIC_RIGHTS_SAM_READ, 0);
-
- /*full access for builtin aliases Administrators and Account Operators*/
- init_sec_ace(&ace[1], &adm_sid,
- SEC_ACE_TYPE_ACCESS_ALLOWED, GENERIC_RIGHTS_SAM_ALL_ACCESS, 0);
- init_sec_ace(&ace[2], &act_sid,
- SEC_ACE_TYPE_ACCESS_ALLOWED, GENERIC_RIGHTS_SAM_ALL_ACCESS, 0);
-
- if ((psa = make_sec_acl(ctx, NT4_ACL_REVISION, 3, ace)) == NULL)
- return NT_STATUS_NO_MEMORY;
-
- if ((*psd = make_sec_desc(ctx, SECURITY_DESCRIPTOR_REVISION_1,
- SEC_DESC_SELF_RELATIVE, NULL, NULL, NULL,
- psa, sd_size)) == NULL)
- return NT_STATUS_NO_MEMORY;
-
- return NT_STATUS_OK;
-}
diff --git a/source3/libnet/libnet_samsync_passdb.c b/source3/libnet/libnet_samsync_passdb.c
index 41a9b3d9f3..51f96dc398 100644
--- a/source3/libnet/libnet_samsync_passdb.c
+++ b/source3/libnet/libnet_samsync_passdb.c
@@ -318,8 +318,7 @@ static NTSTATUS fetch_account_info(TALLOC_CTX *mem_ctx,
goto done;
}
- sid_copy(&user_sid, get_global_sam_sid());
- sid_append_rid(&user_sid, r->rid);
+ sid_compose(&user_sid, get_global_sam_sid(), r->rid);
DEBUG(3, ("Attempting to find SID %s for user %s in the passdb\n",
sid_to_fstring(sid_string, &user_sid), account));
@@ -395,8 +394,7 @@ static NTSTATUS fetch_group_info(TALLOC_CTX *mem_ctx,
fstrcpy(comment, r->description.string);
/* add the group to the mapping table */
- sid_copy(&group_sid, get_global_sam_sid());
- sid_append_rid(&group_sid, rid);
+ sid_compose(&group_sid, get_global_sam_sid(), rid);
sid_to_fstring(sid_string, &group_sid);
if (pdb_getgrsid(&map, group_sid)) {
@@ -459,8 +457,7 @@ static NTSTATUS fetch_group_mem_info(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
- sid_copy(&group_sid, get_global_sam_sid());
- sid_append_rid(&group_sid, rid);
+ sid_compose(&group_sid, get_global_sam_sid(), rid);
if (!get_domain_group_from_sid(group_sid, &map)) {
DEBUG(0, ("Could not find global group %d\n", rid));
@@ -491,8 +488,7 @@ static NTSTATUS fetch_group_mem_info(TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY;
}
- sid_copy(&member_sid, get_global_sam_sid());
- sid_append_rid(&member_sid, r->rids[i]);
+ sid_compose(&member_sid, get_global_sam_sid(), r->rids[i]);
if (!pdb_getsampwsid(member, &member_sid)) {
DEBUG(1, ("Found bogus group member: %d (member_sid=%s group=%s)\n",
@@ -587,8 +583,7 @@ static NTSTATUS fetch_alias_info(TALLOC_CTX *mem_ctx,
fstrcpy(comment, r->description.string);
/* Find out whether the group is already mapped */
- sid_copy(&alias_sid, dom_sid);
- sid_append_rid(&alias_sid, rid);
+ sid_compose(&alias_sid, dom_sid, rid);
sid_to_fstring(sid_string, &alias_sid);
if (pdb_getgrsid(&map, alias_sid)) {
diff --git a/source3/libsmb/cliconnect.c b/source3/libsmb/cliconnect.c
index 31216b8240..fa79ebcea3 100644
--- a/source3/libsmb/cliconnect.c
+++ b/source3/libsmb/cliconnect.c
@@ -1573,6 +1573,8 @@ struct tevent_req *cli_tcon_andx_create(TALLOC_CTX *mem_ctx,
char *tmp = NULL;
uint8_t *bytes;
+ *psmbreq = NULL;
+
req = tevent_req_create(mem_ctx, &state, struct cli_tcon_andx_state);
if (req == NULL) {
return NULL;
@@ -1708,6 +1710,9 @@ struct tevent_req *cli_tcon_andx_send(TALLOC_CTX *mem_ctx,
if (req == NULL) {
return NULL;
}
+ if (subreq == NULL) {
+ return req;
+ }
status = cli_smb_req_send(subreq);
if (!NT_STATUS_IS_OK(status)) {
tevent_req_nterror(req, status);
diff --git a/source3/libsmb/samlogon_cache.c b/source3/libsmb/samlogon_cache.c
index 12901826ee..7339acb4d7 100644
--- a/source3/libsmb/samlogon_cache.c
+++ b/source3/libsmb/samlogon_cache.c
@@ -113,8 +113,7 @@ void netsamlogon_clear_cached_user(struct netr_SamInfo3 *info3)
NETSAMLOGON_TDB));
return;
}
- sid_copy(&user_sid, info3->base.domain_sid);
- sid_append_rid(&user_sid, info3->base.rid);
+ sid_compose(&user_sid, info3->base.domain_sid, info3->base.rid);
/* Prepare key as DOMAIN-SID/USER-RID string */
slprintf(keystr, sizeof(keystr), "%s", sid_to_fstring(tmp, &user_sid));
@@ -151,8 +150,7 @@ bool netsamlogon_cache_store(const char *username, struct netr_SamInfo3 *info3)
return false;
}
- sid_copy(&user_sid, info3->base.domain_sid);
- sid_append_rid(&user_sid, info3->base.rid);
+ sid_compose(&user_sid, info3->base.domain_sid, info3->base.rid);
/* Prepare key as DOMAIN-SID/USER-RID string */
slprintf(keystr, sizeof(keystr), "%s", sid_to_fstring(tmp, &user_sid));
diff --git a/source3/locking/locking.c b/source3/locking/locking.c
index 26018f90db..095d0b17b9 100644
--- a/source3/locking/locking.c
+++ b/source3/locking/locking.c
@@ -1459,6 +1459,9 @@ bool set_delete_on_close(files_struct *fsp, bool delete_on_close, const UNIX_USE
}
TALLOC_FREE(lck);
+
+ fsp->delete_on_close = delete_on_close;
+
return True;
}
diff --git a/source3/modules/vfs_acl_common.c b/source3/modules/vfs_acl_common.c
index 1eec448083..aeb9ce37ea 100644
--- a/source3/modules/vfs_acl_common.c
+++ b/source3/modules/vfs_acl_common.c
@@ -760,6 +760,108 @@ static SMB_STRUCT_DIR *opendir_acl_common(vfs_handle_struct *handle,
return SMB_VFS_NEXT_OPENDIR(handle, fname, mask, attr);
}
+static int acl_common_remove_object(vfs_handle_struct *handle,
+ const char *path,
+ bool is_directory)
+{
+ connection_struct *conn = handle->conn;
+ struct file_id id;
+ files_struct *fsp = NULL;
+ int ret = 0;
+ char *parent_dir = NULL;
+ const char *final_component = NULL;
+ struct smb_filename local_fname;
+ int saved_errno = 0;
+
+ if (!parent_dirname(talloc_tos(), path,
+ &parent_dir, &final_component)) {
+ saved_errno = ENOMEM;
+ goto out;
+ }
+
+ DEBUG(10,("acl_common_remove_object: removing %s %s/%s\n",
+ is_directory ? "directory" : "file",
+ parent_dir, final_component ));
+
+ /* cd into the parent dir to pin it. */
+ ret = SMB_VFS_CHDIR(conn, parent_dir);
+ if (ret == -1) {
+ saved_errno = errno;
+ goto out;
+ }
+
+ ZERO_STRUCT(local_fname);
+ local_fname.base_name = CONST_DISCARD(char *,final_component);
+
+ /* Must use lstat here. */
+ ret = SMB_VFS_LSTAT(conn, &local_fname);
+ if (ret == -1) {
+ saved_errno = errno;
+ goto out;
+ }
+
+ /* Ensure we have this file open with DELETE access. */
+ id = vfs_file_id_from_sbuf(conn, &local_fname.st);
+ for (fsp = file_find_di_first(id); fsp; file_find_di_next(fsp)) {
+ if (fsp->access_mask & DELETE_ACCESS &&
+ fsp->delete_on_close) {
+ /* We did open this for delete,
+ * allow the delete as root.
+ */
+ break;
+ }
+ }
+
+ if (!fsp) {
+ DEBUG(10,("acl_common_remove_object: %s %s/%s "
+ "not an open file\n",
+ is_directory ? "directory" : "file",
+ parent_dir, final_component ));
+ saved_errno = EACCES;
+ goto out;
+ }
+
+ if (is_directory) {
+ ret = SMB_VFS_NEXT_RMDIR(handle, final_component);
+ } else {
+ ret = SMB_VFS_NEXT_UNLINK(handle, &local_fname);
+ }
+ if (ret == -1) {
+ saved_errno = errno;
+ }
+
+ out:
+
+ TALLOC_FREE(parent_dir);
+
+ vfs_ChDir(conn, conn->connectpath);
+ if (saved_errno) {
+ errno = saved_errno;
+ }
+ return ret;
+}
+
+static int rmdir_acl_common(struct vfs_handle_struct *handle,
+ const char *path)
+{
+ int ret;
+
+ ret = SMB_VFS_NEXT_RMDIR(handle, path);
+ if (!(ret == -1 && (errno == EACCES || errno == EPERM))) {
+ DEBUG(10,("rmdir_acl_common: unlink of %s failed %s\n",
+ path,
+ strerror(errno) ));
+ return ret;
+ }
+
+ become_root();
+ ret = acl_common_remove_object(handle,
+ path,
+ true);
+ unbecome_root();
+ return ret;
+}
+
static NTSTATUS create_file_acl_common(struct vfs_handle_struct *handle,
struct smb_request *req,
uint16_t root_dir_fid,
@@ -857,3 +959,28 @@ static NTSTATUS create_file_acl_common(struct vfs_handle_struct *handle,
/* NOTREACHED */
return status;
}
+
+static int unlink_acl_common(struct vfs_handle_struct *handle,
+ const struct smb_filename *smb_fname)
+{
+ int ret;
+
+ ret = SMB_VFS_NEXT_UNLINK(handle, smb_fname);
+ if (!(ret == -1 && (errno == EACCES || errno == EPERM))) {
+ DEBUG(10,("unlink_acl_common: unlink of %s failed %s\n",
+ smb_fname->base_name,
+ strerror(errno) ));
+ return ret;
+ }
+ /* Don't do anything fancy for streams. */
+ if (smb_fname->stream_name) {
+ return ret;
+ }
+
+ become_root();
+ ret = acl_common_remove_object(handle,
+ smb_fname->base_name,
+ false);
+ unbecome_root();
+ return ret;
+}
diff --git a/source3/modules/vfs_acl_tdb.c b/source3/modules/vfs_acl_tdb.c
index a1088ab63c..2afe69d764 100644
--- a/source3/modules/vfs_acl_tdb.c
+++ b/source3/modules/vfs_acl_tdb.c
@@ -265,7 +265,7 @@ static int unlink_acl_tdb(vfs_handle_struct *handle,
goto out;
}
- ret = SMB_VFS_NEXT_UNLINK(handle, smb_fname_tmp);
+ ret = unlink_acl_common(handle, smb_fname_tmp);
if (ret == -1) {
goto out;
@@ -413,6 +413,7 @@ static struct vfs_fn_pointers vfs_acl_tdb_fns = {
.connect_fn = connect_acl_tdb,
.opendir = opendir_acl_common,
.mkdir = mkdir_acl_common,
+ .rmdir = rmdir_acl_common,
.open = open_acl_common,
.create_file = create_file_acl_common,
.unlink = unlink_acl_tdb,
diff --git a/source3/modules/vfs_acl_xattr.c b/source3/modules/vfs_acl_xattr.c
index 625ef91e8f..18f2d42784 100644
--- a/source3/modules/vfs_acl_xattr.c
+++ b/source3/modules/vfs_acl_xattr.c
@@ -199,8 +199,10 @@ static struct vfs_fn_pointers vfs_acl_xattr_fns = {
.connect_fn = connect_acl_xattr,
.opendir = opendir_acl_common,
.mkdir = mkdir_acl_common,
+ .rmdir = rmdir_acl_common,
.open = open_acl_common,
.create_file = create_file_acl_common,
+ .unlink = unlink_acl_common,
.fget_nt_acl = fget_nt_acl_common,
.get_nt_acl = get_nt_acl_common,
.fset_nt_acl = fset_nt_acl_common,
diff --git a/source3/modules/vfs_cap.c b/source3/modules/vfs_cap.c
index 7edbb8783c..35fa740dd0 100644
--- a/source3/modules/vfs_cap.c
+++ b/source3/modules/vfs_cap.c
@@ -695,12 +695,13 @@ static char *capdecode(TALLOC_CTX *ctx, const char *from)
size_t len = 0;
for (p1 = from; *p1; len++) {
- if (is_hex(from)) {
+ if (is_hex(p1)) {
p1 += 3;
} else {
p1++;
}
}
+ len++;
to = TALLOC_ARRAY(ctx, char, len);
if (!to) {
diff --git a/source3/modules/vfs_scannedonly.c b/source3/modules/vfs_scannedonly.c
new file mode 100644
index 0000000000..ff16d78c3f
--- /dev/null
+++ b/source3/modules/vfs_scannedonly.c
@@ -0,0 +1,995 @@
+/*
+ * scannedonly VFS module for Samba 3.5
+ *
+ * Copyright 2007,2008,2009 (C) Olivier Sessink
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ *
+ * ABOUT SCANNEDONLY
+ *
+ * scannedonly implements a 'filter' like vfs module that talks over a
+ * unix domain socket or over UDP to a anti-virus engine.
+ *
+ * files that are clean have a corresponding .scanned:{filename} file
+ * in the same directory. So why the .scanned: files? They take up
+ * only an inode, because they are 0 bytes. To test if the file is
+ * scanned only a stat() call on the filesystem is needed which is
+ * very quick compared to a database lookup. All modern filesystems
+ * use database technology such as balanced trees for lookups anyway.
+ * The number of inodes in modern filesystems is also not limiting
+ * anymore. The .scanned: files are also easy scriptable. You can
+ * remove them with a simple find command or create them with a
+ * simple touch command. Extended filesystem attributes have similar
+ * properties, but are not supported on all filesystems, so that
+ * would limit the usage of the module (and attributes are not as
+ * easily scriptable)
+ *
+ * files that are not clean are sent to the AV-engine. Only the
+ * filename is sent over the socket. The protocol is very simple:
+ * a newline separated list of filenames inside each datagram.
+ *
+ * a file AV-scan may be requested multiple times, the AV-engine
+ * should also check if the file has been scanned already. Requests
+ * can also be dropped by the AV-engine (and we thus don't need the
+ * reliability of TCP).
+ *
+ */
+
+#include "includes.h"
+
+#include "config.h"
+
+#define SENDBUFFERSIZE 1450
+
+struct Tscannedonly {
+ int socket;
+ int domain_socket;
+ int portnum;
+ int scanning_message_len;
+ int recheck_time_open;
+ int recheck_tries_open;
+ int recheck_size_open;
+ int recheck_time_readdir;
+ int recheck_tries_readdir;
+ bool show_special_files;
+ bool rm_hidden_files_on_rmdir;
+ bool hide_nonscanned_files;
+ bool allow_nonscanned_files;
+ char *socketname;
+ char *scanhost;
+ char *scanning_message;
+ char *p_scanned; /* prefix for scanned files */
+ char *p_virus; /* prefix for virus containing files */
+ char *p_failed; /* prefix for failed to scan files */
+ char gsendbuffer[SENDBUFFERSIZE + 1];
+};
+
+#define STRUCTSCANO(var) ((struct Tscannedonly *)var)
+
+struct scannedonly_DIR {
+ char *base;
+ int notify_loop_done;
+ SMB_STRUCT_DIR *DIR;
+};
+#define SCANNEDONLY_DEBUG 9
+/*********************/
+/* utility functions */
+/*********************/
+
+static char *real_path_from_notify_path(TALLOC_CTX *ctx,
+ struct Tscannedonly *so,
+ const char *path)
+{
+ char *name;
+ int len, pathlen;
+
+ name = strrchr(path, '/');
+ if (!name) {
+ return NULL;
+ }
+ pathlen = name - path;
+ name++;
+ len = strlen(name);
+ if (len <= so->scanning_message_len) {
+ return NULL;
+ }
+
+ if (strcmp(name + (len - so->scanning_message_len),
+ so->scanning_message) != 0) {
+ return NULL;
+ }
+
+ return talloc_strndup(ctx,path,
+ pathlen + len - so->scanning_message_len);
+}
+
+static char *cachefile_name(TALLOC_CTX *ctx,
+ const char *shortname,
+ const char *base,
+ const char *p_scanned)
+{
+ return talloc_asprintf(ctx, "%s%s%s", base, p_scanned, shortname);
+}
+
+static char *name_w_ending_slash(TALLOC_CTX *ctx, const char *name)
+{
+ int len = strlen(name);
+ if (name[len - 1] == '/') {
+ return talloc_strdup(ctx,name);
+ } else {
+ return talloc_asprintf(ctx, "%s/", name);
+ }
+}
+
+static char *cachefile_name_f_fullpath(TALLOC_CTX *ctx,
+ const char *fullpath,
+ const char *p_scanned)
+{
+ const char *base;
+ char *tmp, *cachefile, *shortname;
+ tmp = strrchr(fullpath, '/');
+ if (tmp) {
+ base = talloc_strndup(ctx, fullpath, (tmp - fullpath) + 1);
+ shortname = tmp + 1;
+ } else {
+ base = "";
+ shortname = (char *)fullpath;
+ }
+ cachefile = cachefile_name(ctx, shortname, base, p_scanned);
+ DEBUG(SCANNEDONLY_DEBUG,
+ ("cachefile_name_f_fullpath cachefile=%s\n", cachefile));
+ return cachefile;
+}
+
+static char *path_plus_name(TALLOC_CTX *ctx, const char *base,
+ const char *filename)
+{
+ return talloc_asprintf(ctx, "%s%s", base,filename);
+}
+
+static char *construct_full_path(TALLOC_CTX *ctx, vfs_handle_struct * handle,
+ const char *somepath, bool ending_slash)
+{
+ char *tmp;
+
+ if (!somepath) {
+ return NULL;
+ }
+ if (somepath[0] == '/') {
+ if (ending_slash) {
+ return name_w_ending_slash(ctx,somepath);
+ }
+ return talloc_strdup(ctx,somepath);
+ }
+ tmp=(char *)somepath;
+ if (tmp[0]=='.'&&tmp[1]=='/') {
+ tmp+=2;
+ }
+ /* vfs_GetWd() seems to return a path with a slash */
+ if (ending_slash) {
+ return talloc_asprintf(ctx, "%s%s/",
+ vfs_GetWd(ctx, handle->conn),tmp);
+ }
+ return talloc_asprintf(ctx, "%s%s",
+ vfs_GetWd(ctx, handle->conn),tmp);
+}
+
+static int connect_to_scanner(vfs_handle_struct * handle)
+{
+ struct Tscannedonly *so = (struct Tscannedonly *)handle->data;
+
+ if (so->domain_socket) {
+ struct sockaddr_un saun;
+ DEBUG(SCANNEDONLY_DEBUG, ("socket=%s\n", so->socketname));
+ if ((so->socket = socket(AF_UNIX, SOCK_DGRAM, 0)) < 0) {
+ DEBUG(2, ("failed to create socket %s\n",
+ so->socketname));
+ return -1;
+ }
+ saun.sun_family = AF_UNIX;
+ strncpy(saun.sun_path, so->socketname,
+ sizeof(saun.sun_path) - 1);
+ if (connect(so->socket, (struct sockaddr *)(void *)&saun,
+ SUN_LEN(&saun)) < 0) {
+ DEBUG(2, ("failed to connect to socket %s\n",
+ so->socketname));
+ return -1;
+ }
+ DEBUG(SCANNEDONLY_DEBUG,("bound %s to socket %d\n",
+ saun.sun_path, so->socket));
+
+ } else {
+ so->socket = open_udp_socket(so->scanhost, so->portnum);
+ if (so->socket < 0) {
+ DEBUG(2,("failed to open UDP socket to %s:%d\n",
+ so->scanhost,so->portnum));
+ return -1;
+ }
+ }
+
+ {/* increasing the socket buffer is done because we have large bursts
+ of UDP packets or DGRAM's on a domain socket whenever we hit a
+ large directory with lots of unscanned files. */
+ int sndsize;
+ socklen_t size = sizeof(int);
+ getsockopt(so->socket, SOL_SOCKET, SO_RCVBUF,
+ (char *)&sndsize, &size);
+ DEBUG(SCANNEDONLY_DEBUG, ("current socket buffer size=%d\n",
+ sndsize));
+ sndsize = 262144;
+ if (setsockopt(so->socket, SOL_SOCKET, SO_RCVBUF,
+ (char *)&sndsize,
+ (int)sizeof(sndsize)) != 0) {
+ DEBUG(SCANNEDONLY_DEBUG,
+ ("error setting socket buffer %s (%d)\n",
+ strerror(errno), errno));
+ }
+ }
+ set_blocking(so->socket, false);
+ return 0;
+}
+
+static void flush_sendbuffer(vfs_handle_struct * handle)
+{
+ struct Tscannedonly *so = (struct Tscannedonly *)handle->data;
+ int ret, len, loop = 10;
+ if (so->gsendbuffer[0] == '\0') {
+ return;
+ }
+
+ do {
+ loop--;
+ len = strlen(so->gsendbuffer);
+ ret = send(so->socket, so->gsendbuffer, len, MSG_DONTWAIT);
+ if (ret == len) {
+ so->gsendbuffer[0] = '\0';
+ break;
+ }
+ if (ret == -1) {
+ DEBUG(3,("scannedonly flush_sendbuffer: "
+ "error sending on socket %d to scanner:"
+ " %s (%d)\n",
+ so->socket, strerror(errno), errno));
+ if (errno == ECONNREFUSED || errno == ENOTCONN
+ || errno == ECONNRESET) {
+ if (connect_to_scanner(handle) == -1)
+ break; /* connecting fails, abort */
+ /* try again */
+ } else if (errno != EINTR) {
+ /* on EINTR we just try again, all remaining
+ other errors we log the error
+ and try again ONCE */
+ loop = 1;
+ DEBUG(3,("scannedonly flush_sendbuffer: "
+ "error sending data to scanner: %s "
+ "(%d)\n", strerror(errno), errno));
+ }
+ } else {
+ /* --> partial write: Resend all filenames that were
+ not or not completely written. a partial filename
+ written means the filename will not arrive correctly,
+ so resend it completely */
+ int pos = 0;
+ while (pos < len) {
+ char *tmp = strchr(so->gsendbuffer+pos, '\n');
+ if (tmp && tmp - so->gsendbuffer < ret)
+ pos = tmp - so->gsendbuffer + 1;
+ else
+ break;
+ }
+ memmove(so->gsendbuffer, so->gsendbuffer + pos,
+ SENDBUFFERSIZE - ret);
+ /* now try again */
+ }
+ } while (loop > 0);
+
+ if (so->gsendbuffer[0] != '\0') {
+ DEBUG(2,
+ ("scannedonly flush_sendbuffer: "
+ "failed to send files to AV scanner, "
+ "discarding files."));
+ so->gsendbuffer[0] = '\0';
+ }
+}
+
+static void notify_scanner(vfs_handle_struct * handle, const char *scanfile)
+{
+ char *tmp;
+ int tmplen, gsendlen;
+ struct Tscannedonly *so = (struct Tscannedonly *)handle->data;
+ TALLOC_CTX *ctx=talloc_tos();
+ if (scanfile[0] != '/') {
+ tmp = construct_full_path(ctx,handle, scanfile, false);
+ } else {
+ tmp = (char *)scanfile;
+ }
+ tmplen = strlen(tmp);
+ gsendlen = strlen(so->gsendbuffer);
+ DEBUG(SCANNEDONLY_DEBUG,
+ ("scannedonly notify_scanner: tmp=%s, tmplen=%d, gsendlen=%d\n",
+ tmp, tmplen, gsendlen));
+ if (gsendlen + tmplen >= SENDBUFFERSIZE) {
+ flush_sendbuffer(handle);
+ }
+ strlcat(so->gsendbuffer, tmp, SENDBUFFERSIZE + 1);
+ strlcat(so->gsendbuffer, "\n", SENDBUFFERSIZE + 1);
+}
+
+static bool is_scannedonly_file(struct Tscannedonly *so, const char *shortname)
+{
+ if (shortname[0]!='.') {
+ return false;
+ }
+ if (strncmp(shortname, so->p_scanned, strlen(so->p_scanned)) == 0) {
+ return true;
+ }
+ if (strncmp(shortname, so->p_virus, strlen(so->p_virus)) == 0) {
+ return true;
+ }
+ if (strncmp(shortname, so->p_failed, strlen(so->p_failed)) == 0) {
+ return true;
+ }
+ return false;
+}
+
+static bool timespec_is_newer(struct timespec *base, struct timespec *test)
+{
+ return timespec_compare(base,test) < 0;
+}
+
+/*
+vfs_handle_struct *handle the scannedonly handle
+scannedonly_DIR * sDIR the scannedonly struct if called from _readdir()
+or NULL
+fullpath is a full path starting from / or a relative path to the
+current working directory
+shortname is the filename without directory components
+basename, is the directory without file name component
+allow_nonexistant return TRUE if stat() on the requested file fails
+recheck_time, the time in milliseconds to wait for the daemon to
+create a .scanned file
+recheck_tries, the number of tries to wait
+recheck_size, size in Kb of files that should not be waited for
+loop : boolean if we should try to loop over all files in the directory
+and send a notify to the scanner for all files that need scanning
+*/
+static bool scannedonly_allow_access(vfs_handle_struct * handle,
+ struct scannedonly_DIR *sDIR,
+ struct smb_filename *smb_fname,
+ const char *shortname,
+ const char *base_name,
+ int allow_nonexistant,
+ int recheck_time, int recheck_tries,
+ int recheck_size, int loop)
+{
+ struct smb_filename *cache_smb_fname;
+ TALLOC_CTX *ctx=talloc_tos();
+ char *cachefile;
+ int retval;
+ int didloop;
+ DEBUG(SCANNEDONLY_DEBUG,
+ ("smb_fname->base_name=%s, shortname=%s, base_name=%s\n"
+ ,smb_fname->base_name,shortname,base_name));
+
+ if (ISDOT(shortname) || ISDOTDOT(shortname)) {
+ return true;
+ }
+ if (is_scannedonly_file(STRUCTSCANO(handle->data), shortname)) {
+ DEBUG(SCANNEDONLY_DEBUG,
+ ("scannedonly_allow_access, %s is a scannedonly file, "
+ "return 0\n", shortname));
+ return false;
+ }
+
+ if (!VALID_STAT(smb_fname->st)) {
+ DEBUG(SCANNEDONLY_DEBUG,("stat %s\n",smb_fname->base_name));
+ retval = SMB_VFS_NEXT_STAT(handle, smb_fname);
+ if (retval != 0) {
+ /* failed to stat this file?!? --> hide it */
+ DEBUG(SCANNEDONLY_DEBUG,("no valid stat, return"
+ " allow_nonexistant=%d\n",
+ allow_nonexistant));
+ return allow_nonexistant;
+ }
+ }
+ if (!S_ISREG(smb_fname->st.st_ex_mode)) {
+ DEBUG(SCANNEDONLY_DEBUG,
+ ("%s is not a regular file, ISDIR=%d\n",
+ smb_fname->base_name,
+ S_ISDIR(smb_fname->st.st_ex_mode)));
+ return (STRUCTSCANO(handle->data)->
+ show_special_files ||
+ S_ISDIR(smb_fname->st.st_ex_mode));
+ }
+ if (smb_fname->st.st_ex_size == 0) {
+ DEBUG(SCANNEDONLY_DEBUG,("empty file, return 1\n"));
+ return true; /* empty files cannot contain viruses ! */
+ }
+ cachefile = cachefile_name(ctx,
+ shortname,
+ base_name,
+ STRUCTSCANO(handle->data)->p_scanned);
+ create_synthetic_smb_fname(ctx, cachefile,NULL,NULL,&cache_smb_fname);
+ if (!VALID_STAT(cache_smb_fname->st)) {
+ retval = SMB_VFS_NEXT_STAT(handle, cache_smb_fname);
+ }
+ if (retval == 0 && VALID_STAT(cache_smb_fname->st)) {
+ if (timespec_is_newer(&smb_fname->st.st_ex_mtime,
+ &cache_smb_fname->st.st_ex_mtime)) {
+ talloc_free(cache_smb_fname);
+ return true;
+ }
+ /* no cachefile or too old */
+ SMB_VFS_NEXT_UNLINK(handle, cache_smb_fname);
+ retval = -1;
+ }
+
+ notify_scanner(handle, smb_fname->base_name);
+
+ didloop = 0;
+ if (loop && sDIR && !sDIR->notify_loop_done) {
+ /* check the rest of the directory and notify the
+ scanner if some file needs scanning */
+ long offset;
+ SMB_STRUCT_DIRENT *dire;
+
+ offset = SMB_VFS_NEXT_TELLDIR(handle, sDIR->DIR);
+ dire = SMB_VFS_NEXT_READDIR(handle, sDIR->DIR, NULL);
+ while (dire) {
+ char *fpath2;
+ struct smb_filename *smb_fname2;
+ fpath2 = path_plus_name(ctx,base_name, dire->d_name);
+ DEBUG(SCANNEDONLY_DEBUG,
+ ("scannedonly_allow_access in loop, "
+ "found %s\n", fpath2));
+ create_synthetic_smb_fname(ctx, fpath2,NULL,NULL,
+ &smb_fname2);
+ scannedonly_allow_access(handle, NULL,
+ smb_fname2,
+ dire->d_name,
+ base_name, 0, 0, 0, 0, 0);
+ talloc_free(fpath2);
+ talloc_free(smb_fname2);
+ dire = SMB_VFS_NEXT_READDIR(handle, sDIR->DIR,NULL);
+ }
+ sDIR->notify_loop_done = 1;
+ didloop = 1;
+ SMB_VFS_NEXT_SEEKDIR(handle, sDIR->DIR, offset);
+ }
+ if (recheck_time > 0
+ && ((recheck_size > 0
+ && smb_fname->st.st_ex_size < (1024 * recheck_size))
+ || didloop)) {
+ int i = 0;
+ flush_sendbuffer(handle);
+ while (retval != 0 /*&& errno == ENOENT */
+ && i < recheck_tries) {
+ struct timespec req = { 0, recheck_time * 10000 };
+ DEBUG(SCANNEDONLY_DEBUG,
+ ("scannedonly_allow_access, wait (try=%d "
+ "(max %d), %d ms) for %s\n",
+ i, recheck_tries,
+ recheck_time, cache_smb_fname->base_name));
+ nanosleep(&req, NULL);
+ retval = SMB_VFS_NEXT_STAT(handle, cache_smb_fname);
+ i++;
+ }
+ }
+ /* still no cachefile, or still too old, return 0 */
+ if (retval != 0
+ || !timespec_is_newer(&smb_fname->st.st_ex_mtime,
+ &cache_smb_fname->st.st_ex_mtime)) {
+ DEBUG(SCANNEDONLY_DEBUG,
+ ("retval=%d, return 0\n",retval));
+ return false;
+ }
+ return true;
+}
+
+/*********************/
+/* VFS functions */
+/*********************/
+
+static SMB_STRUCT_DIR *scannedonly_opendir(vfs_handle_struct * handle,
+ const char *fname,
+ const char *mask, uint32 attr)
+{
+ SMB_STRUCT_DIR *DIRp;
+ struct scannedonly_DIR *sDIR;
+
+ DIRp = SMB_VFS_NEXT_OPENDIR(handle, fname, mask, attr);
+ if (!DIRp) {
+ return NULL;
+ }
+
+ sDIR = TALLOC_P(NULL, struct scannedonly_DIR);
+ if (fname[0] != '/') {
+ sDIR->base = construct_full_path(sDIR,handle, fname, true);
+ } else {
+ sDIR->base = name_w_ending_slash(sDIR, fname);
+ }
+ sDIR->DIR = DIRp;
+ sDIR->notify_loop_done = 0;
+ return (SMB_STRUCT_DIR *) sDIR;
+}
+
+static SMB_STRUCT_DIRENT *scannedonly_readdir(vfs_handle_struct *handle,
+ SMB_STRUCT_DIR * dirp,
+ SMB_STRUCT_STAT *sbuf)
+{
+ SMB_STRUCT_DIRENT *result;
+ int allowed = 0;
+ char *tmp;
+ struct smb_filename *smb_fname;
+ char *notify_name;
+ int namelen;
+ SMB_STRUCT_DIRENT *newdirent;
+ TALLOC_CTX *ctx=talloc_tos();
+
+ struct scannedonly_DIR *sDIR = (struct scannedonly_DIR *)dirp;
+ if (!dirp) {
+ return NULL;
+ }
+
+ result = SMB_VFS_NEXT_READDIR(handle, sDIR->DIR, sbuf);
+
+ if (!result)
+ return NULL;
+
+ if (is_scannedonly_file(STRUCTSCANO(handle->data), result->d_name)) {
+ DEBUG(SCANNEDONLY_DEBUG,
+ ("scannedonly_readdir, %s is a scannedonly file, "
+ "skip to next entry\n", result->d_name));
+ return scannedonly_readdir(handle, dirp, NULL);
+ }
+
+ tmp = path_plus_name(ctx,sDIR->base, result->d_name);
+ DEBUG(SCANNEDONLY_DEBUG,
+ ("scannedonly_readdir, check access to %s (sbuf=%p)\n",
+ tmp,sbuf));
+
+ /* even if we don't hide nonscanned files or we allow non scanned
+ files we call allow_access because it will notify the daemon to
+ scan these files */
+ create_synthetic_smb_fname(ctx, tmp,NULL,
+ sbuf?VALID_STAT(*sbuf)?sbuf:NULL:NULL,
+ &smb_fname);
+ allowed = scannedonly_allow_access(
+ handle, sDIR, smb_fname,
+ result->d_name,
+ sDIR->base, 0,
+ STRUCTSCANO(handle->data)->hide_nonscanned_files
+ ? STRUCTSCANO(handle->data)->recheck_time_readdir
+ : 0,
+ STRUCTSCANO(handle->data)->recheck_tries_readdir,
+ -1,
+ 1);
+ DEBUG(SCANNEDONLY_DEBUG,
+ ("scannedonly_readdir access to %s (%s) = %d\n", tmp,
+ result->d_name, allowed));
+ if (allowed) {
+ return result;
+ }
+ DEBUG(SCANNEDONLY_DEBUG,
+ ("hide_nonscanned_files=%d, allow_nonscanned_files=%d\n",
+ STRUCTSCANO(handle->data)->hide_nonscanned_files,
+ STRUCTSCANO(handle->data)->allow_nonscanned_files
+ ));
+
+ if (!STRUCTSCANO(handle->data)->hide_nonscanned_files
+ || STRUCTSCANO(handle->data)->allow_nonscanned_files) {
+ return result;
+ }
+
+ DEBUG(SCANNEDONLY_DEBUG,
+ ("scannedonly_readdir, readdir listing for %s not "
+ "allowed, notify user\n", result->d_name));
+ notify_name = talloc_asprintf(
+ ctx,"%s %s",result->d_name,
+ STRUCTSCANO(handle->data)->scanning_message);
+ namelen = strlen(notify_name);
+ newdirent = (SMB_STRUCT_DIRENT *)TALLOC_ARRAY(
+ ctx, char, sizeof(SMB_STRUCT_DIRENT) + namelen + 1);
+ if (!newdirent) {
+ return NULL;
+ }
+ memcpy(newdirent, result, sizeof(SMB_STRUCT_DIRENT));
+ memcpy(&newdirent->d_name, notify_name, namelen + 1);
+ DEBUG(SCANNEDONLY_DEBUG,
+ ("scannedonly_readdir, return newdirent at %p with "
+ "notification %s\n", newdirent, newdirent->d_name));
+ return newdirent;
+}
+
+static void scannedonly_seekdir(struct vfs_handle_struct *handle,
+ SMB_STRUCT_DIR * dirp, long offset)
+{
+ struct scannedonly_DIR *sDIR = (struct scannedonly_DIR *)dirp;
+ SMB_VFS_NEXT_SEEKDIR(handle, sDIR->DIR, offset);
+}
+
+static long scannedonly_telldir(struct vfs_handle_struct *handle,
+ SMB_STRUCT_DIR * dirp)
+{
+ struct scannedonly_DIR *sDIR = (struct scannedonly_DIR *)dirp;
+ return SMB_VFS_NEXT_TELLDIR(handle, sDIR->DIR);
+}
+
+static void scannedonly_rewinddir(struct vfs_handle_struct *handle,
+ SMB_STRUCT_DIR * dirp)
+{
+ struct scannedonly_DIR *sDIR = (struct scannedonly_DIR *)dirp;
+ SMB_VFS_NEXT_REWINDDIR(handle, sDIR->DIR);
+}
+
+static int scannedonly_closedir(vfs_handle_struct * handle,
+ SMB_STRUCT_DIR * dirp)
+{
+ int retval;
+ struct scannedonly_DIR *sDIR = (struct scannedonly_DIR *)dirp;
+ flush_sendbuffer(handle);
+ retval = SMB_VFS_NEXT_CLOSEDIR(handle, sDIR->DIR);
+ TALLOC_FREE(sDIR);
+ return retval;
+}
+
+static int scannedonly_stat(vfs_handle_struct * handle,
+ struct smb_filename *smb_fname)
+{
+ int ret;
+ ret = SMB_VFS_NEXT_STAT(handle, smb_fname);
+ DEBUG(SCANNEDONLY_DEBUG, ("scannedonly_stat: %s returned %d\n",
+ smb_fname->base_name, ret));
+ if (ret != 0 && errno == ENOENT) {
+ TALLOC_CTX *ctx=talloc_tos();
+ char *test_base_name, *tmp_base_name = smb_fname->base_name;
+ /* possibly this was a fake name (file is being scanned for
+ viruses.txt): check for that and create the real name and
+ stat the real name */
+ test_base_name = real_path_from_notify_path(
+ ctx,
+ STRUCTSCANO(handle->data),
+ smb_fname->base_name);
+ if (test_base_name) {
+ smb_fname->base_name = test_base_name;
+ ret = SMB_VFS_NEXT_STAT(handle, smb_fname);
+ DEBUG(5, ("_stat: %s returned %d\n",
+ test_base_name, ret));
+ smb_fname->base_name = tmp_base_name;
+ }
+ }
+ return ret;
+}
+
+static int scannedonly_lstat(vfs_handle_struct * handle,
+ struct smb_filename *smb_fname)
+{
+ int ret;
+ ret = SMB_VFS_NEXT_LSTAT(handle, smb_fname);
+ DEBUG(SCANNEDONLY_DEBUG, ("scannedonly_lstat: %s returned %d\n",
+ smb_fname->base_name, ret));
+ if (ret != 0 && errno == ENOENT) {
+ TALLOC_CTX *ctx=talloc_tos();
+ char *test_base_name, *tmp_base_name = smb_fname->base_name;
+ /* possibly this was a fake name (file is being scanned for
+ viruses.txt): check for that and create the real name and
+ stat the real name */
+ test_base_name = real_path_from_notify_path(
+ ctx, STRUCTSCANO(handle->data), smb_fname->base_name);
+ if (test_base_name) {
+ smb_fname->base_name = test_base_name;
+ ret = SMB_VFS_NEXT_LSTAT(handle, smb_fname);
+ DEBUG(5, ("_lstat: %s returned %d\n",
+ test_base_name, ret));
+ smb_fname->base_name = tmp_base_name;
+ }
+ }
+ return ret;
+}
+
+static int scannedonly_open(vfs_handle_struct * handle,
+ struct smb_filename *smb_fname,
+ files_struct * fsp, int flags, mode_t mode)
+{
+ const char *base;
+ char *tmp, *shortname;
+ int allowed, write_access = 0;
+ TALLOC_CTX *ctx=talloc_tos();
+ /* if open for writing ignore it */
+ if ((flags & O_ACCMODE) == O_WRONLY) {
+ return SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
+ }
+ if ((flags & O_ACCMODE) == O_RDWR) {
+ write_access = 1;
+ }
+ /* check if this file is scanned already */
+ tmp = strrchr(smb_fname->base_name, '/');
+ if (tmp) {
+ base = talloc_strndup(ctx,smb_fname->base_name,
+ (tmp - smb_fname->base_name) + 1);
+ shortname = tmp + 1;
+ } else {
+ base = "";
+ shortname = (char *)smb_fname->base_name;
+ }
+ allowed = scannedonly_allow_access(
+ handle, NULL, smb_fname, shortname,
+ base,
+ write_access,
+ STRUCTSCANO(handle->data)->recheck_time_open,
+ STRUCTSCANO(handle->data)->recheck_tries_open,
+ STRUCTSCANO(handle->data)->recheck_size_open,
+ 0);
+ flush_sendbuffer(handle);
+ DEBUG(SCANNEDONLY_DEBUG, ("scannedonly_open: allow=%d for %s\n",
+ allowed, smb_fname->base_name));
+ if (allowed
+ || STRUCTSCANO(handle->data)->allow_nonscanned_files) {
+ return SMB_VFS_NEXT_OPEN(handle, smb_fname, fsp, flags, mode);
+ }
+ errno = EACCES;
+ return -1;
+}
+
+static int scannedonly_close(vfs_handle_struct * handle, files_struct * fsp)
+{
+ /* we only have to notify the scanner
+ for files that were open readwrite or writable. */
+ if (fsp->can_write) {
+ TALLOC_CTX *ctx = talloc_tos();
+ notify_scanner(handle, construct_full_path(
+ ctx,handle,
+ fsp->fsp_name->base_name,false));
+ flush_sendbuffer(handle);
+ }
+ return SMB_VFS_NEXT_CLOSE(handle, fsp);
+}
+
+static int scannedonly_rename(vfs_handle_struct * handle,
+ const struct smb_filename *smb_fname_src,
+ const struct smb_filename *smb_fname_dst)
+{
+ /* rename the cache file before we pass the actual rename on */
+ struct smb_filename *smb_fname_src_tmp = NULL;
+ struct smb_filename *smb_fname_dst_tmp = NULL;
+ char *cachefile_src, *cachefile_dst;
+ TALLOC_CTX *ctx = talloc_tos();
+
+ /* Setup temporary smb_filename structs. */
+ cachefile_src = cachefile_name_f_fullpath(
+ ctx,
+ smb_fname_src->base_name,
+ STRUCTSCANO(handle->data)->p_scanned);
+ cachefile_dst = cachefile_name_f_fullpath(
+ ctx,
+ smb_fname_dst->base_name,
+ STRUCTSCANO(handle->data)->p_scanned);
+
+ create_synthetic_smb_fname(ctx, cachefile_src,NULL,NULL,
+ &smb_fname_src_tmp);
+ create_synthetic_smb_fname(ctx, cachefile_dst,NULL,NULL,
+ &smb_fname_dst_tmp);
+
+ if (SMB_VFS_NEXT_RENAME(handle, smb_fname_src_tmp, smb_fname_dst_tmp)
+ != 0) {
+ DEBUG(SCANNEDONLY_DEBUG,
+ ("failed to rename %s into %s\n", cachefile_src,
+ cachefile_dst));
+ }
+ return SMB_VFS_NEXT_RENAME(handle, smb_fname_src, smb_fname_dst);
+}
+
+static int scannedonly_unlink(vfs_handle_struct * handle,
+ const struct smb_filename *smb_fname)
+{
+ /* unlink the 'scanned' file too */
+ struct smb_filename *smb_fname_cache = NULL;
+ char * cachefile;
+ TALLOC_CTX *ctx = talloc_tos();
+
+ cachefile = cachefile_name_f_fullpath(
+ ctx,
+ smb_fname->base_name,
+ STRUCTSCANO(handle->data)->p_scanned);
+ create_synthetic_smb_fname(ctx, cachefile,NULL,NULL,
+ &smb_fname_cache);
+ if (SMB_VFS_NEXT_UNLINK(handle, smb_fname_cache) != 0) {
+ DEBUG(SCANNEDONLY_DEBUG, ("_unlink: failed to unlink %s\n",
+ smb_fname_cache->base_name));
+ }
+ return SMB_VFS_NEXT_UNLINK(handle, smb_fname);
+}
+
+static int scannedonly_rmdir(vfs_handle_struct * handle, const char *path)
+{
+ /* if there are only .scanned: .virus: or .failed: files, we delete
+ those, because the client cannot see them */
+ DIR *dirp;
+ SMB_STRUCT_DIRENT *dire;
+ TALLOC_CTX *ctx = talloc_tos();
+ bool only_deletable_files = true, have_files = false;
+ char *path_w_slash;
+
+ if (!STRUCTSCANO(handle->data)->rm_hidden_files_on_rmdir)
+ return SMB_VFS_NEXT_RMDIR(handle, path);
+
+ path_w_slash = name_w_ending_slash(ctx,path);
+ dirp = SMB_VFS_NEXT_OPENDIR(handle, path, NULL, 0);
+ while ((dire = SMB_VFS_NEXT_READDIR(handle, dirp, NULL)) != NULL) {
+ if (ISDOT(dire->d_name) || ISDOTDOT(dire->d_name)) {
+ continue;
+ }
+ have_files = true;
+ if (!is_scannedonly_file(STRUCTSCANO(handle->data),
+ dire->d_name)) {
+ struct smb_filename *smb_fname = NULL;
+ char *fullpath;
+ int retval;
+
+ if (STRUCTSCANO(handle->data)->show_special_files) {
+ only_deletable_files = false;
+ break;
+ }
+ /* stat the file and see if it is a
+ special file */
+ fullpath = path_plus_name(ctx,path_w_slash,
+ dire->d_name);
+ create_synthetic_smb_fname(ctx, fullpath,NULL,NULL,
+ &smb_fname);
+ retval = SMB_VFS_NEXT_STAT(handle, smb_fname);
+ if (retval == 0
+ && S_ISREG(smb_fname->st.st_ex_mode)) {
+ only_deletable_files = false;
+ }
+ TALLOC_FREE(fullpath);
+ TALLOC_FREE(smb_fname);
+ break;
+ }
+ }
+ DEBUG(SCANNEDONLY_DEBUG,
+ ("path=%s, have_files=%d, only_deletable_files=%d\n",
+ path, have_files, only_deletable_files));
+ if (have_files && only_deletable_files) {
+ DEBUG(SCANNEDONLY_DEBUG,
+ ("scannedonly_rmdir, remove leftover scannedonly "
+ "files from %s\n", path_w_slash));
+ SMB_VFS_NEXT_REWINDDIR(handle, dirp);
+ while ((dire = SMB_VFS_NEXT_READDIR(handle, dirp, NULL))
+ != NULL) {
+ char *fullpath;
+ struct smb_filename *smb_fname = NULL;
+ if (ISDOT(dire->d_name) || ISDOTDOT(dire->d_name)) {
+ continue;
+ }
+ fullpath = path_plus_name(ctx,path_w_slash,
+ dire->d_name);
+ create_synthetic_smb_fname(ctx, fullpath,NULL,NULL,
+ &smb_fname);
+ DEBUG(SCANNEDONLY_DEBUG, ("unlink %s\n", fullpath));
+ SMB_VFS_NEXT_UNLINK(handle, smb_fname);
+ TALLOC_FREE(fullpath);
+ TALLOC_FREE(smb_fname);
+ }
+ }
+ return SMB_VFS_NEXT_CLOSEDIR(handle, dirp);
+}
+
+static void free_scannedonly_data(void **data)
+{
+ SAFE_FREE(*data);
+}
+
+static int scannedonly_connect(struct vfs_handle_struct *handle,
+ const char *service, const char *user)
+{
+
+ struct Tscannedonly *so;
+
+ so = SMB_MALLOC_P(struct Tscannedonly);
+ handle->data = (void *)so;
+ handle->free_data = free_scannedonly_data;
+ so->gsendbuffer[0]='\0';
+ so->domain_socket =
+ lp_parm_bool(SNUM(handle->conn), "scannedonly",
+ "domain_socket", True);
+ so->socketname =
+ (char *)lp_parm_const_string(SNUM(handle->conn),
+ "scannedonly", "socketname",
+ "/var/lib/scannedonly/scan");
+ so->portnum =
+ lp_parm_int(SNUM(handle->conn), "scannedonly", "portnum",
+ 2020);
+ so->scanhost =
+ (char *)lp_parm_const_string(SNUM(handle->conn),
+ "scannedonly", "scanhost",
+ "localhost");
+
+ so->show_special_files =
+ lp_parm_bool(SNUM(handle->conn), "scannedonly",
+ "show_special_files", True);
+ so->rm_hidden_files_on_rmdir =
+ lp_parm_bool(SNUM(handle->conn), "scannedonly",
+ "rm_hidden_files_on_rmdir", True);
+ so->hide_nonscanned_files =
+ lp_parm_bool(SNUM(handle->conn), "scannedonly",
+ "hide_nonscanned_files", False);
+ so->allow_nonscanned_files =
+ lp_parm_bool(SNUM(handle->conn), "scannedonly",
+ "allow_nonscanned_files", False);
+ so->scanning_message =
+ (char *)lp_parm_const_string(SNUM(handle->conn),
+ "scannedonly",
+ "scanning_message",
+ "is being scanned for viruses");
+ so->scanning_message_len = strlen(so->scanning_message);
+ so->recheck_time_open =
+ lp_parm_int(SNUM(handle->conn), "scannedonly",
+ "recheck_time_open", 50);
+ so->recheck_tries_open =
+ lp_parm_int(SNUM(handle->conn), "scannedonly",
+ "recheck_tries_open", 100);
+ so->recheck_size_open =
+ lp_parm_int(SNUM(handle->conn), "scannedonly",
+ "recheck_size_open", 100);
+ so->recheck_time_readdir =
+ lp_parm_int(SNUM(handle->conn), "scannedonly",
+ "recheck_time_readdir", 50);
+ so->recheck_tries_readdir =
+ lp_parm_int(SNUM(handle->conn), "scannedonly",
+ "recheck_tries_readdir", 20);
+
+ so->p_scanned =
+ (char *)lp_parm_const_string(SNUM(handle->conn),
+ "scannedonly",
+ "pref_scanned",
+ ".scanned:");
+ so->p_virus =
+ (char *)lp_parm_const_string(SNUM(handle->conn),
+ "scannedonly",
+ "pref_virus",
+ ".virus:");
+ so->p_failed =
+ (char *)lp_parm_const_string(SNUM(handle->conn),
+ "scannedonly",
+ "pref_failed",
+ ".failed:");
+ connect_to_scanner(handle);
+
+ return SMB_VFS_NEXT_CONNECT(handle, service, user);
+}
+
+/* VFS operations structure */
+static struct vfs_fn_pointers vfs_scannedonly_fns = {
+ .opendir = scannedonly_opendir,
+ .readdir = scannedonly_readdir,
+ .seekdir = scannedonly_seekdir,
+ .telldir = scannedonly_telldir,
+ .rewind_dir = scannedonly_rewinddir,
+ .closedir = scannedonly_closedir,
+ .rmdir = scannedonly_rmdir,
+ .stat = scannedonly_stat,
+ .lstat = scannedonly_lstat,
+ .open = scannedonly_open,
+ .close_fn = scannedonly_close,
+ .rename = scannedonly_rename,
+ .unlink = scannedonly_unlink,
+ .connect_fn = scannedonly_connect
+};
+
+NTSTATUS vfs_scannedonly_init(void)
+{
+ return smb_register_vfs(SMB_VFS_INTERFACE_VERSION, "scannedonly",
+ &vfs_scannedonly_fns);
+}
diff --git a/source3/modules/vfs_zfsacl.c b/source3/modules/vfs_zfsacl.c
index 312160c026..a3de30e808 100644
--- a/source3/modules/vfs_zfsacl.c
+++ b/source3/modules/vfs_zfsacl.c
@@ -106,6 +106,7 @@ static bool zfs_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl)
ace_t *acebuf;
SMB4ACE_T *smbace;
TALLOC_CTX *mem_ctx;
+ bool have_special_id = false;
/* allocate the field of ZFS aces */
mem_ctx = talloc_tos();
@@ -140,8 +141,17 @@ static bool zfs_process_smbacl(files_struct *fsp, SMB4ACL_T *smbacl)
aceprop->who.special_id));
continue; /* don't add it !!! */
}
+ have_special_id = true;
}
}
+
+ if (!have_special_id
+ && lp_parm_bool(fsp->conn->params->service, "zfsacl",
+ "denymissingspecial", false)) {
+ errno = EACCES;
+ return false;
+ }
+
SMB_ASSERT(i == naces);
/* store acl */
diff --git a/source3/passdb/lookup_sid.c b/source3/passdb/lookup_sid.c
index a197c51ac8..6149f974ac 100644
--- a/source3/passdb/lookup_sid.c
+++ b/source3/passdb/lookup_sid.c
@@ -75,8 +75,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
/* It's our own domain, lookup the name in passdb */
if (lookup_global_sam_name(name, flags, &rid, &type)) {
- sid_copy(&sid, get_global_sam_sid());
- sid_append_rid(&sid, rid);
+ sid_compose(&sid, get_global_sam_sid(), rid);
goto ok;
}
TALLOC_FREE(tmp_ctx);
@@ -96,8 +95,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
/* Explicit request for a name in BUILTIN */
if (lookup_builtin_name(name, &rid)) {
- sid_copy(&sid, &global_sid_Builtin);
- sid_append_rid(&sid, rid);
+ sid_compose(&sid, &global_sid_Builtin, rid);
type = SID_NAME_ALIAS;
goto ok;
}
@@ -215,8 +213,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
lookup_builtin_name(name, &rid))
{
domain = talloc_strdup(tmp_ctx, builtin_domain_name());
- sid_copy(&sid, &global_sid_Builtin);
- sid_append_rid(&sid, rid);
+ sid_compose(&sid, &global_sid_Builtin, rid);
type = SID_NAME_ALIAS;
goto ok;
}
@@ -230,8 +227,7 @@ bool lookup_name(TALLOC_CTX *mem_ctx,
lookup_global_sam_name(name, flags, &rid, &type))
{
domain = talloc_strdup(tmp_ctx, get_global_sam_name());
- sid_copy(&sid, get_global_sam_sid());
- sid_append_rid(&sid, rid);
+ sid_compose(&sid, get_global_sam_sid(), rid);
goto ok;
}
@@ -544,8 +540,7 @@ static bool lookup_rids(TALLOC_CTX *mem_ctx, const DOM_SID *domain_sid,
if (sid_check_is_wellknown_domain(domain_sid, NULL)) {
for (i=0; i<num_rids; i++) {
DOM_SID sid;
- sid_copy(&sid, domain_sid);
- sid_append_rid(&sid, rids[i]);
+ sid_compose(&sid, domain_sid, rids[i]);
if (lookup_wellknown_sid(mem_ctx, &sid,
domain_name, &(*names)[i])) {
if ((*names)[i] == NULL) {
@@ -1192,9 +1187,8 @@ static void legacy_gid_to_sid(DOM_SID *psid, gid_t gid)
static bool legacy_sid_to_uid(const DOM_SID *psid, uid_t *puid)
{
enum lsa_SidType type;
- uint32 rid;
- if (sid_peek_check_rid(get_global_sam_sid(), psid, &rid)) {
+ if (sid_check_is_in_our_domain(psid)) {
union unid_t id;
bool ret;
@@ -1235,7 +1229,6 @@ done:
static bool legacy_sid_to_gid(const DOM_SID *psid, gid_t *pgid)
{
- uint32 rid;
GROUP_MAP map;
union unid_t id;
enum lsa_SidType type;
@@ -1257,7 +1250,7 @@ static bool legacy_sid_to_gid(const DOM_SID *psid, gid_t *pgid)
return false;
}
- if (sid_peek_check_rid(get_global_sam_sid(), psid, &rid)) {
+ if (sid_check_is_in_our_domain(psid)) {
bool ret;
become_root();
diff --git a/source3/passdb/passdb.c b/source3/passdb/passdb.c
index b2c3b948f1..3ced150803 100644
--- a/source3/passdb/passdb.c
+++ b/source3/passdb/passdb.c
@@ -216,8 +216,7 @@ static NTSTATUS samu_set_unix_internal(struct samu *user, const struct passwd *p
return NT_STATUS_ACCESS_DENIED;
}
- sid_copy( &user_sid, get_global_sam_sid() );
- sid_append_rid( &user_sid, user_rid );
+ sid_compose(&user_sid, get_global_sam_sid(), user_rid);
if ( !pdb_set_user_sid(user, &user_sid, PDB_SET) ) {
DEBUG(3, ("pdb_set_user_sid failed\n"));
diff --git a/source3/passdb/pdb_compat.c b/source3/passdb/pdb_compat.c
index 9967eb53ad..b65be70758 100644
--- a/source3/passdb/pdb_compat.c
+++ b/source3/passdb/pdb_compat.c
@@ -60,10 +60,9 @@ bool pdb_set_user_sid_from_rid (struct samu *sampass, uint32 rid, enum pdb_value
return False;
}
- sid_copy(&u_sid, global_sam_sid);
-
- if (!sid_append_rid(&u_sid, rid))
+ if (!sid_compose(&u_sid, global_sam_sid, rid)) {
return False;
+ }
if (!pdb_set_user_sid(sampass, &u_sid, flag))
return False;
@@ -87,10 +86,9 @@ bool pdb_set_group_sid_from_rid (struct samu *sampass, uint32 grid, enum pdb_val
return False;
}
- sid_copy(&g_sid, global_sam_sid);
-
- if (!sid_append_rid(&g_sid, grid))
+ if (!sid_compose(&g_sid, global_sam_sid, grid)) {
return False;
+ }
if (!pdb_set_group_sid(sampass, &g_sid, flag))
return False;
diff --git a/source3/passdb/pdb_get_set.c b/source3/passdb/pdb_get_set.c
index 30775e49fe..d7fc02f807 100644
--- a/source3/passdb/pdb_get_set.c
+++ b/source3/passdb/pdb_get_set.c
@@ -239,8 +239,7 @@ const DOM_SID *pdb_get_group_sid(struct samu *sampass)
/* Just set it to the 'Domain Users' RID of 512 which will
always resolve to a name */
- sid_copy( gsid, get_global_sam_sid() );
- sid_append_rid( gsid, DOMAIN_GROUP_RID_USERS );
+ sid_compose(gsid, get_global_sam_sid(), DOMAIN_GROUP_RID_USERS);
sampass->group_sid = gsid;
@@ -552,8 +551,8 @@ bool pdb_set_group_sid(struct samu *sampass, const DOM_SID *g_sid, enum pdb_valu
if ( sid_to_gid( g_sid, &gid ) ) {
sid_copy(sampass->group_sid, g_sid);
} else {
- sid_copy( sampass->group_sid, get_global_sam_sid() );
- sid_append_rid( sampass->group_sid, DOMAIN_GROUP_RID_USERS );
+ sid_compose(sampass->group_sid, get_global_sam_sid(),
+ DOMAIN_GROUP_RID_USERS);
}
DEBUG(10, ("pdb_set_group_sid: setting group sid %s\n",
@@ -876,6 +875,7 @@ bool pdb_set_lanman_passwd(struct samu *sampass, const uint8 pwd[LM_HASH_LEN], e
bool pdb_set_pw_history(struct samu *sampass, const uint8 *pwd, uint32 historyLen, enum pdb_value_state flag)
{
if (historyLen && pwd){
+ data_blob_free(&(sampass->nt_pw_his));
sampass->nt_pw_his = data_blob_talloc(sampass,
pwd, historyLen*PW_HISTORY_ENTRY_LEN);
if (!sampass->nt_pw_his.length) {
@@ -980,6 +980,9 @@ bool pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext)
{
uchar new_lanman_p16[LM_HASH_LEN];
uchar new_nt_p16[NT_HASH_LEN];
+ uchar *pwhistory;
+ uint32 pwHistLen;
+ uint32 current_history_len;
if (!plaintext)
return False;
@@ -1009,68 +1012,80 @@ bool pdb_set_plaintext_passwd(struct samu *sampass, const char *plaintext)
if (!pdb_set_pass_last_set_time (sampass, time(NULL), PDB_CHANGED))
return False;
- /* Store the password history. */
- if (pdb_get_acct_ctrl(sampass) & ACB_NORMAL) {
- uchar *pwhistory;
- uint32 pwHistLen;
- pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
- if (pwHistLen != 0){
- uint32 current_history_len;
- /* We need to make sure we don't have a race condition here - the
- account policy history length can change between when the pw_history
- was first loaded into the struct samu struct and now.... JRA. */
- pwhistory = (uchar *)pdb_get_pw_history(sampass, &current_history_len);
-
- if (current_history_len != pwHistLen) {
- /* After closing and reopening struct samu the history
- values will sync up. We can't do this here. */
-
- /* current_history_len > pwHistLen is not a problem - we
- have more history than we need. */
-
- if (current_history_len < pwHistLen) {
- /* Ensure we have space for the needed history. */
- uchar *new_history = (uchar *)TALLOC(sampass,
- pwHistLen*PW_HISTORY_ENTRY_LEN);
- if (!new_history) {
- return False;
- }
-
- /* And copy it into the new buffer. */
- if (current_history_len) {
- memcpy(new_history, pwhistory,
- current_history_len*PW_HISTORY_ENTRY_LEN);
- }
- /* Clearing out any extra space. */
- memset(&new_history[current_history_len*PW_HISTORY_ENTRY_LEN],
- '\0', (pwHistLen-current_history_len)*PW_HISTORY_ENTRY_LEN);
- /* Finally replace it. */
- pwhistory = new_history;
- }
- }
- if (pwhistory && pwHistLen){
- /* Make room for the new password in the history list. */
- if (pwHistLen > 1) {
- memmove(&pwhistory[PW_HISTORY_ENTRY_LEN],
- pwhistory, (pwHistLen -1)*PW_HISTORY_ENTRY_LEN );
- }
- /* Create the new salt as the first part of the history entry. */
- generate_random_buffer(pwhistory, PW_HISTORY_SALT_LEN);
-
- /* Generate the md5 hash of the salt+new password as the second
- part of the history entry. */
-
- E_md5hash(pwhistory, new_nt_p16, &pwhistory[PW_HISTORY_SALT_LEN]);
- pdb_set_pw_history(sampass, pwhistory, pwHistLen, PDB_CHANGED);
- } else {
- DEBUG (10,("pdb_get_set.c: pdb_set_plaintext_passwd: pwhistory was NULL!\n"));
- }
- } else {
- /* Set the history length to zero. */
- pdb_set_pw_history(sampass, NULL, 0, PDB_CHANGED);
+ if ((pdb_get_acct_ctrl(sampass) & ACB_NORMAL) == 0) {
+ /*
+ * No password history for non-user accounts
+ */
+ return true;
+ }
+
+ pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHistLen);
+
+ if (pwHistLen == 0) {
+ /* Set the history length to zero. */
+ pdb_set_pw_history(sampass, NULL, 0, PDB_CHANGED);
+ return true;
+ }
+
+ /*
+ * We need to make sure we don't have a race condition here -
+ * the account policy history length can change between when
+ * the pw_history was first loaded into the struct samu struct
+ * and now.... JRA.
+ */
+ pwhistory = (uchar *)pdb_get_pw_history(sampass, &current_history_len);
+
+ if ((current_history_len != 0) && (pwhistory == NULL)) {
+ DEBUG(1, ("pdb_set_plaintext_passwd: pwhistory == NULL!\n"));
+ return false;
+ }
+
+ if (current_history_len < pwHistLen) {
+ /*
+ * Ensure we have space for the needed history. This
+ * also takes care of an account which did not have
+ * any history at all so far, i.e. pwhistory==NULL
+ */
+ uchar *new_history = talloc_zero_array(
+ sampass, uchar,
+ pwHistLen*PW_HISTORY_ENTRY_LEN);
+
+ if (!new_history) {
+ return False;
}
+
+ memcpy(new_history, pwhistory,
+ current_history_len*PW_HISTORY_ENTRY_LEN);
+
+ pwhistory = new_history;
}
+ /*
+ * Make room for the new password in the history list.
+ */
+ if (pwHistLen > 1) {
+ memmove(&pwhistory[PW_HISTORY_ENTRY_LEN], pwhistory,
+ (pwHistLen-1)*PW_HISTORY_ENTRY_LEN );
+ }
+
+ /*
+ * Fill the salt area with 0-s: this indicates that
+ * a plain nt hash is stored in the has area.
+ * The old format was to store a 16 byte salt and
+ * then an md5hash of the nt_hash concatenated with
+ * the salt.
+ */
+ memset(pwhistory, 0, PW_HISTORY_SALT_LEN);
+
+ /*
+ * Store the plain nt hash in the second 16 bytes.
+ * The old format was to store the md5 hash of
+ * the salt+newpw.
+ */
+ memcpy(&pwhistory[PW_HISTORY_SALT_LEN], new_nt_p16, SALTED_MD5_HASH_LEN);
+
+ pdb_set_pw_history(sampass, pwhistory, pwHistLen, PDB_CHANGED);
+
return True;
}
diff --git a/source3/passdb/pdb_interface.c b/source3/passdb/pdb_interface.c
index de46254dde..bd85ded138 100644
--- a/source3/passdb/pdb_interface.c
+++ b/source3/passdb/pdb_interface.c
@@ -1472,8 +1472,7 @@ static bool lookup_global_sam_rid(TALLOC_CTX *mem_ctx, uint32 rid,
DEBUG(5,("lookup_global_sam_rid: looking up RID %u.\n",
(unsigned int)rid));
- sid_copy(&sid, get_global_sam_sid());
- sid_append_rid(&sid, rid);
+ sid_compose(&sid, get_global_sam_sid(), rid);
/* see if the passdb can help us with the name of the user */
diff --git a/source3/passdb/pdb_ldap.c b/source3/passdb/pdb_ldap.c
index 90ac8e5ffa..30b27d4596 100644
--- a/source3/passdb/pdb_ldap.c
+++ b/source3/passdb/pdb_ldap.c
@@ -915,9 +915,9 @@ static bool init_sam_from_ldap(struct ldapsam_privates *ldap_state,
pwHistLen = MIN(pwHistLen, MAX_PW_HISTORY_LEN);
- if ((pwhist = TALLOC_ARRAY(ctx, uint8,
- pwHistLen * PW_HISTORY_ENTRY_LEN)) ==
- NULL){
+ pwhist = TALLOC_ARRAY(ctx, uint8,
+ pwHistLen * PW_HISTORY_ENTRY_LEN);
+ if (pwhist == NULL) {
DEBUG(0, ("init_sam_from_ldap: talloc failed!\n"));
goto fn_exit;
}
@@ -6394,9 +6394,8 @@ NTSTATUS pdb_init_ldapsam(struct pdb_methods **pdb_method, const char *location)
trim_char( uri, '\"', '\"' );
nt_status = pdb_init_ldapsam_common(pdb_method, uri);
- if (uri) {
- TALLOC_FREE(uri);
- }
+
+ TALLOC_FREE(uri);
if (!NT_STATUS_IS_OK(nt_status)) {
return nt_status;
diff --git a/source3/passdb/util_unixsids.c b/source3/passdb/util_unixsids.c
index ad51253058..afda253c70 100644
--- a/source3/passdb/util_unixsids.c
+++ b/source3/passdb/util_unixsids.c
@@ -37,14 +37,12 @@ bool sid_check_is_in_unix_users(const DOM_SID *sid)
bool uid_to_unix_users_sid(uid_t uid, DOM_SID *sid)
{
- sid_copy(sid, &global_sid_Unix_Users);
- return sid_append_rid(sid, (uint32_t)uid);
+ return sid_compose(sid, &global_sid_Unix_Users, uid);
}
bool gid_to_unix_groups_sid(gid_t gid, DOM_SID *sid)
{
- sid_copy(sid, &global_sid_Unix_Groups);
- return sid_append_rid(sid, (uint32_t)gid);
+ return sid_compose(sid, &global_sid_Unix_Groups, gid);
}
const char *unix_users_domain_name(void)
@@ -55,17 +53,20 @@ const char *unix_users_domain_name(void)
bool lookup_unix_user_name(const char *name, DOM_SID *sid)
{
struct passwd *pwd;
+ bool ret;
pwd = getpwnam_alloc(talloc_autofree_context(), name);
if (pwd == NULL) {
return False;
}
- sid_copy(sid, &global_sid_Unix_Users);
- sid_append_rid(sid, (uint32_t)pwd->pw_uid); /* For 64-bit uid's we have enough
- * space ... */
+ /*
+ * For 64-bit uid's we have enough space in the whole SID,
+ * should they become necessary
+ */
+ ret = sid_compose(sid, &global_sid_Unix_Users, pwd->pw_uid);
TALLOC_FREE(pwd);
- return True;
+ return ret;
}
bool sid_check_is_unix_groups(const DOM_SID *sid)
@@ -98,8 +99,9 @@ bool lookup_unix_group_name(const char *name, DOM_SID *sid)
return False;
}
- sid_copy(sid, &global_sid_Unix_Groups);
- sid_append_rid(sid, (uint32_t)grp->gr_gid); /* For 64-bit uid's we have enough
- * space ... */
- return True;
+ /*
+ * For 64-bit gid's we have enough space in the whole SID,
+ * should they become necessary
+ */
+ return sid_compose(sid, &global_sid_Unix_Groups, grp->gr_gid);
}
diff --git a/source3/passdb/util_wellknown.c b/source3/passdb/util_wellknown.c
index 2af68b7e7c..0c45faab46 100644
--- a/source3/passdb/util_wellknown.c
+++ b/source3/passdb/util_wellknown.c
@@ -160,8 +160,8 @@ bool lookup_wellknown_name(TALLOC_CTX *mem_ctx, const char *name,
for (j=0; users[j].name != NULL; j++) {
if ( strequal(users[j].name, name) ) {
- sid_copy(sid, special_domains[i].sid);
- sid_append_rid(sid, users[j].rid);
+ sid_compose(sid, special_domains[i].sid,
+ users[j].rid);
*domain = talloc_strdup(
mem_ctx, special_domains[i].name);
return True;
diff --git a/source3/printing/nt_printing.c b/source3/printing/nt_printing.c
index 1f306512af..7aef424961 100644
--- a/source3/printing/nt_printing.c
+++ b/source3/printing/nt_printing.c
@@ -5398,8 +5398,8 @@ static SEC_DESC_BUF *construct_default_printer_sdb(TALLOC_CTX *ctx)
if ( IS_DC ) {
DOM_SID domadmins_sid;
- sid_copy(&domadmins_sid, get_global_sam_sid());
- sid_append_rid(&domadmins_sid, DOMAIN_GROUP_RID_ADMINS);
+ sid_compose(&domadmins_sid, get_global_sam_sid(),
+ DOMAIN_GROUP_RID_ADMINS);
sa = PRINTER_ACE_FULL_CONTROL;
init_sec_ace(&ace[i++], &domadmins_sid,
diff --git a/source3/rpc_client/cli_netlogon.c b/source3/rpc_client/cli_netlogon.c
index 03884479f9..e484209cbe 100644
--- a/source3/rpc_client/cli_netlogon.c
+++ b/source3/rpc_client/cli_netlogon.c
@@ -154,10 +154,8 @@ NTSTATUS rpccli_netlogon_sam_logon(struct rpc_pipe_client *cli,
uint8_t authoritative;
int validation_level = 3;
fstring clnt_name_slash;
- uint8 zeros[16];
ZERO_STRUCT(ret_creds);
- ZERO_STRUCT(zeros);
logon = TALLOC_ZERO_P(mem_ctx, union netr_LogonLevel);
if (!logon) {
@@ -302,7 +300,6 @@ NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli,
int validation_level = 3;
const char *workstation_name_slash;
const char *server_name_slash;
- uint8 zeros[16];
struct netr_Authenticator clnt_creds;
struct netr_Authenticator ret_creds;
union netr_LogonLevel *logon = NULL;
@@ -314,7 +311,6 @@ NTSTATUS rpccli_netlogon_sam_network_logon(struct rpc_pipe_client *cli,
*info3 = NULL;
- ZERO_STRUCT(zeros);
ZERO_STRUCT(ret_creds);
ZERO_STRUCT(lm);
@@ -414,7 +410,6 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli,
int validation_level = 3;
const char *workstation_name_slash;
const char *server_name_slash;
- uint8 zeros[16];
union netr_LogonLevel *logon = NULL;
struct netr_NetworkInfo *network_info;
uint8_t authoritative;
@@ -425,8 +420,6 @@ NTSTATUS rpccli_netlogon_sam_network_logon_ex(struct rpc_pipe_client *cli,
*info3 = NULL;
- ZERO_STRUCT(zeros);
-
ZERO_STRUCT(lm);
ZERO_STRUCT(nt);
diff --git a/source3/rpc_server/srv_lsa_nt.c b/source3/rpc_server/srv_lsa_nt.c
index e903f0e974..857040ec8b 100644
--- a/source3/rpc_server/srv_lsa_nt.c
+++ b/source3/rpc_server/srv_lsa_nt.c
@@ -335,8 +335,7 @@ static NTSTATUS make_lsa_object_sd(TALLOC_CTX *mem_ctx, SEC_DESC **sd, size_t *s
SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0);
/* Add Full Access for Domain Admins */
- sid_copy(&adm_sid, get_global_sam_sid());
- sid_append_rid(&adm_sid, DOMAIN_GROUP_RID_ADMINS);
+ sid_compose(&adm_sid, get_global_sam_sid(), DOMAIN_GROUP_RID_ADMINS);
init_sec_ace(&ace[i++], &adm_sid, SEC_ACE_TYPE_ACCESS_ALLOWED,
map->generic_all, 0);
diff --git a/source3/rpc_server/srv_netlog_nt.c b/source3/rpc_server/srv_netlog_nt.c
index 8f4381cde1..66f3bd3130 100644
--- a/source3/rpc_server/srv_netlog_nt.c
+++ b/source3/rpc_server/srv_netlog_nt.c
@@ -1057,8 +1057,8 @@ static NTSTATUS _netr_LogonSamLogon_base(pipes_struct *p,
NTSTATUS status = NT_STATUS_OK;
union netr_LogonLevel *logon = r->in.logon;
const char *nt_username, *nt_domain, *nt_workstation;
- auth_usersupplied_info *user_info = NULL;
- auth_serversupplied_info *server_info = NULL;
+ struct auth_usersupplied_info *user_info = NULL;
+ struct auth_serversupplied_info *server_info = NULL;
struct auth_context *auth_context = NULL;
uint8_t pipe_session_key[16];
bool process_creds = true;
diff --git a/source3/rpc_server/srv_samr_nt.c b/source3/rpc_server/srv_samr_nt.c
index 6b40385744..3626cbdf2a 100644
--- a/source3/rpc_server/srv_samr_nt.c
+++ b/source3/rpc_server/srv_samr_nt.c
@@ -145,8 +145,8 @@ static NTSTATUS make_samr_object_sd( TALLOC_CTX *ctx, SEC_DESC **psd, size_t *sd
/* Add Full Access for Domain Admins if we are a DC */
if ( IS_DC ) {
- sid_copy( &domadmin_sid, get_global_sam_sid() );
- sid_append_rid( &domadmin_sid, DOMAIN_GROUP_RID_ADMINS );
+ sid_compose(&domadmin_sid, get_global_sam_sid(),
+ DOMAIN_GROUP_RID_ADMINS);
init_sec_ace(&ace[i++], &domadmin_sid,
SEC_ACE_TYPE_ACCESS_ALLOWED, map->generic_all, 0);
}
@@ -266,8 +266,8 @@ void map_max_allowed_access(const NT_USER_TOKEN *nt_token,
/* Full access for DOMAIN\Domain Admins. */
if ( IS_DC ) {
DOM_SID domadmin_sid;
- sid_copy( &domadmin_sid, get_global_sam_sid() );
- sid_append_rid( &domadmin_sid, DOMAIN_GROUP_RID_ADMINS );
+ sid_compose(&domadmin_sid, get_global_sam_sid(),
+ DOMAIN_GROUP_RID_ADMINS);
if (is_sid_in_token(nt_token, &domadmin_sid)) {
*pacc_requested |= GENERIC_ALL_ACCESS;
return;
@@ -5837,8 +5837,9 @@ NTSTATUS _samr_CreateDomainGroup(pipes_struct *p,
return status;
}
- if (!sid_equal(&dinfo->sid, get_global_sam_sid()))
+ if (!sid_check_is_domain(&dinfo->sid)) {
return NT_STATUS_ACCESS_DENIED;
+ }
name = r->in.name->string;
if (name == NULL) {
@@ -5898,8 +5899,9 @@ NTSTATUS _samr_CreateDomAlias(pipes_struct *p,
return result;
}
- if (!sid_equal(&dinfo->sid, get_global_sam_sid()))
+ if (!sid_check_is_domain(&dinfo->sid)) {
return NT_STATUS_ACCESS_DENIED;
+ }
name = r->in.alias_name->string;
@@ -6277,8 +6279,9 @@ NTSTATUS _samr_OpenGroup(pipes_struct *p,
/* this should not be hard-coded like this */
- if (!sid_equal(&dinfo->sid, get_global_sam_sid()))
+ if (!sid_check_is_domain(&dinfo->sid)) {
return NT_STATUS_ACCESS_DENIED;
+ }
sid_compose(&info_sid, &dinfo->sid, r->in.rid);
diff --git a/source3/rpc_server/srv_srvsvc_nt.c b/source3/rpc_server/srv_srvsvc_nt.c
index d35557e5bd..a2d1d0716d 100644
--- a/source3/rpc_server/srv_srvsvc_nt.c
+++ b/source3/rpc_server/srv_srvsvc_nt.c
@@ -1033,6 +1033,13 @@ WERROR _srvsvc_NetFileEnum(pipes_struct *p,
return WERR_UNKNOWN_LEVEL;
}
+ if (!nt_token_check_sid(&global_sid_Builtin_Administrators,
+ p->server_info->ptok)) {
+ DEBUG(1, ("Enumerating files only allowed for "
+ "administrators\n"));
+ return WERR_ACCESS_DENIED;
+ }
+
ctx = talloc_tos();
ctr3 = r->in.info_ctr->ctr.ctr3;
if (!ctr3) {
@@ -1185,6 +1192,13 @@ WERROR _srvsvc_NetConnEnum(pipes_struct *p,
DEBUG(5,("_srvsvc_NetConnEnum: %d\n", __LINE__));
+ if (!nt_token_check_sid(&global_sid_Builtin_Administrators,
+ p->server_info->ptok)) {
+ DEBUG(1, ("Enumerating connections only allowed for "
+ "administrators\n"));
+ return WERR_ACCESS_DENIED;
+ }
+
switch (r->in.info_ctr->level) {
case 0:
werr = init_srv_conn_info_0(r->in.info_ctr->ctr.ctr0,
@@ -1216,6 +1230,13 @@ WERROR _srvsvc_NetSessEnum(pipes_struct *p,
DEBUG(5,("_srvsvc_NetSessEnum: %d\n", __LINE__));
+ if (!nt_token_check_sid(&global_sid_Builtin_Administrators,
+ p->server_info->ptok)) {
+ DEBUG(1, ("Enumerating sessions only allowed for "
+ "administrators\n"));
+ return WERR_ACCESS_DENIED;
+ }
+
switch (r->in.info_ctr->level) {
case 0:
werr = init_srv_sess_info_0(p,
diff --git a/source3/smbd/chgpasswd.c b/source3/smbd/chgpasswd.c
index 2da36b2fe6..dcefc82bba 100644
--- a/source3/smbd/chgpasswd.c
+++ b/source3/smbd/chgpasswd.c
@@ -1008,6 +1008,59 @@ static NTSTATUS check_oem_password(const char *user,
return NT_STATUS_WRONG_PASSWORD;
}
+bool password_in_history(uint8_t nt_pw[NT_HASH_LEN],
+ uint32_t pw_history_len,
+ const uint8_t *pw_history)
+{
+ static const uint8_t zero_md5_nt_pw[SALTED_MD5_HASH_LEN] = { 0, };
+ int i;
+
+ dump_data(100, nt_pw, NT_HASH_LEN);
+ dump_data(100, pw_history, PW_HISTORY_ENTRY_LEN * pw_history_len);
+
+ for (i=0; i<pw_history_len; i++) {
+ uint8_t new_nt_pw_salted_md5_hash[SALTED_MD5_HASH_LEN];
+ const uint8_t *current_salt;
+ const uint8_t *old_nt_pw_salted_md5_hash;
+
+ current_salt = &pw_history[i*PW_HISTORY_ENTRY_LEN];
+ old_nt_pw_salted_md5_hash = current_salt + PW_HISTORY_SALT_LEN;
+
+ if (memcmp(zero_md5_nt_pw, old_nt_pw_salted_md5_hash,
+ SALTED_MD5_HASH_LEN) == 0) {
+ /* Ignore zero valued entries. */
+ continue;
+ }
+
+ if (memcmp(zero_md5_nt_pw, current_salt,
+ PW_HISTORY_SALT_LEN) == 0)
+ {
+ /*
+ * New format: zero salt and then plain nt hash.
+ * Directly compare the hashes.
+ */
+ if (memcmp(nt_pw, old_nt_pw_salted_md5_hash,
+ SALTED_MD5_HASH_LEN) == 0)
+ {
+ return true;
+ }
+ } else {
+ /*
+ * Old format: md5sum of salted nt hash.
+ * Create salted version of new pw to compare.
+ */
+ E_md5hash(current_salt, nt_pw, new_nt_pw_salted_md5_hash);
+
+ if (memcmp(new_nt_pw_salted_md5_hash,
+ old_nt_pw_salted_md5_hash,
+ SALTED_MD5_HASH_LEN) == 0) {
+ return true;
+ }
+ }
+ }
+ return false;
+}
+
/***********************************************************
This routine takes the given password and checks it against
the password history. Returns True if this password has been
@@ -1017,11 +1070,8 @@ static NTSTATUS check_oem_password(const char *user,
static bool check_passwd_history(struct samu *sampass, const char *plaintext)
{
uchar new_nt_p16[NT_HASH_LEN];
- uchar zero_md5_nt_pw[SALTED_MD5_HASH_LEN];
const uint8 *nt_pw;
const uint8 *pwhistory;
- bool found = False;
- int i;
uint32 pwHisLen, curr_pwHisLen;
pdb_get_account_policy(PDB_POLICY_PASSWORD_HISTORY, &pwHisLen);
@@ -1048,30 +1098,13 @@ static bool check_passwd_history(struct samu *sampass, const char *plaintext)
return True;
}
- dump_data(100, new_nt_p16, NT_HASH_LEN);
- dump_data(100, pwhistory, PW_HISTORY_ENTRY_LEN*pwHisLen);
-
- memset(zero_md5_nt_pw, '\0', SALTED_MD5_HASH_LEN);
- for (i=0; i<pwHisLen; i++) {
- uchar new_nt_pw_salted_md5_hash[SALTED_MD5_HASH_LEN];
- const uchar *current_salt = &pwhistory[i*PW_HISTORY_ENTRY_LEN];
- const uchar *old_nt_pw_salted_md5_hash = &pwhistory[(i*PW_HISTORY_ENTRY_LEN)+
- PW_HISTORY_SALT_LEN];
- if (!memcmp(zero_md5_nt_pw, old_nt_pw_salted_md5_hash, SALTED_MD5_HASH_LEN)) {
- /* Ignore zero valued entries. */
- continue;
- }
- /* Create salted versions of new to compare. */
- E_md5hash(current_salt, new_nt_p16, new_nt_pw_salted_md5_hash);
-
- if (!memcmp(new_nt_pw_salted_md5_hash, old_nt_pw_salted_md5_hash, SALTED_MD5_HASH_LEN)) {
- DEBUG(1,("check_passwd_history: proposed new password for user %s found in history list !\n",
- pdb_get_username(sampass) ));
- found = True;
- break;
- }
+ if (password_in_history(new_nt_p16, pwHisLen, pwhistory)) {
+ DEBUG(1,("check_passwd_history: proposed new password for "
+ "user %s found in history list !\n",
+ pdb_get_username(sampass) ));
+ return true;
}
- return found;
+ return false;
}
/***********************************************************
@@ -1156,7 +1189,7 @@ NTSTATUS change_oem_password(struct samu *hnd, char *old_passwd, char *new_passw
}
}
- /* removed calculation here, becuase passdb now calculates
+ /* removed calculation here, because passdb now calculates
based on policy. jmcd */
if ((can_change_time != 0) && (time(NULL) < can_change_time)) {
DEBUG(1, ("user %s cannot change password now, must "
diff --git a/source3/smbd/close.c b/source3/smbd/close.c
index 05c3c709a1..ca1ac47fa0 100644
--- a/source3/smbd/close.c
+++ b/source3/smbd/close.c
@@ -336,6 +336,7 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp,
become_user(conn, fsp->vuid);
became_user = True;
}
+ fsp->delete_on_close = true;
set_delete_on_close_lck(lck, True, &current_user.ut);
if (became_user) {
unbecome_user();
@@ -481,6 +482,7 @@ static NTSTATUS close_remove_share_mode(files_struct *fsp,
* the delete on close flag. JRA.
*/
+ fsp->delete_on_close = false;
set_delete_on_close_lck(lck, False, NULL);
done:
@@ -924,6 +926,7 @@ static NTSTATUS close_directory(struct smb_request *req, files_struct *fsp,
struct share_mode_lock *lck = NULL;
bool delete_dir = False;
NTSTATUS status = NT_STATUS_OK;
+ NTSTATUS status1 = NT_STATUS_OK;
/*
* NT can set delete_on_close of the last open
@@ -958,6 +961,7 @@ static NTSTATUS close_directory(struct smb_request *req, files_struct *fsp,
}
send_stat_cache_delete_message(fsp->fsp_name->base_name);
set_delete_on_close_lck(lck, True, &current_user.ut);
+ fsp->delete_on_close = true;
if (became_user) {
unbecome_user();
}
@@ -1022,9 +1026,9 @@ static NTSTATUS close_directory(struct smb_request *req, files_struct *fsp,
fsp, NT_STATUS_OK);
}
- status = fd_close(fsp);
+ status1 = fd_close(fsp);
- if (!NT_STATUS_IS_OK(status)) {
+ if (!NT_STATUS_IS_OK(status1)) {
DEBUG(0, ("Could not close dir! fname=%s, fd=%d, err=%d=%s\n",
fsp_str_dbg(fsp), fsp->fh->fd, errno,
strerror(errno)));
@@ -1042,6 +1046,9 @@ static NTSTATUS close_directory(struct smb_request *req, files_struct *fsp,
out:
TALLOC_FREE(lck);
+ if (NT_STATUS_IS_OK(status) && !NT_STATUS_IS_OK(status1)) {
+ status = status1;
+ }
return status;
}
diff --git a/source3/smbd/dir.c b/source3/smbd/dir.c
index 5ce4a7b099..3fe3218762 100644
--- a/source3/smbd/dir.c
+++ b/source3/smbd/dir.c
@@ -1227,14 +1227,6 @@ bool is_visible_file(connection_struct *conn, const char *dir_path,
goto out;
}
- /* If it's a dfs symlink, ignore _hide xxxx_ options */
- if (lp_host_msdfs() &&
- lp_msdfs_root(SNUM(conn)) &&
- is_msdfs_link(conn, entry, NULL)) {
- ret = true;
- goto out;
- }
-
/* Create an smb_filename with stream_name == NULL. */
status = create_synthetic_smb_fname(talloc_tos(), entry, NULL,
pst, &smb_fname_base);
diff --git a/source3/smbd/file_access.c b/source3/smbd/file_access.c
index 7d0a552956..631efce677 100644
--- a/source3/smbd/file_access.c
+++ b/source3/smbd/file_access.c
@@ -54,6 +54,17 @@ bool can_access_file_acl(struct connection_struct *conn,
status = se_access_check(secdesc, conn->server_info->ptok,
access_mask, &access_granted);
ret = NT_STATUS_IS_OK(status);
+
+ if (DEBUGLEVEL >= 10) {
+ DEBUG(10,("can_access_file_acl for file %s "
+ "access_mask 0x%x, access_granted 0x%x "
+ "access %s\n",
+ smb_fname_str_dbg(smb_fname),
+ (unsigned int)access_mask,
+ (unsigned int)access_granted,
+ ret ? "ALLOWED" : "DENIED" ));
+ NDR_PRINT_DEBUG(security_descriptor, secdesc);
+ }
out:
TALLOC_FREE(secdesc);
return ret;
diff --git a/source3/smbd/globals.c b/source3/smbd/globals.c
index 68fa795ba2..e6db5ec414 100644
--- a/source3/smbd/globals.c
+++ b/source3/smbd/globals.c
@@ -122,7 +122,6 @@ int conn_ctx_stack_ndx = 0;
struct vfs_init_function_entry *backends = NULL;
char *sparse_buf = NULL;
-char *LastDir = NULL;
/* Current number of oplocks we have outstanding. */
int32_t exclusive_oplocks_open = 0;
diff --git a/source3/smbd/globals.h b/source3/smbd/globals.h
index 0db61f87a3..3cc967f4fd 100644
--- a/source3/smbd/globals.h
+++ b/source3/smbd/globals.h
@@ -131,7 +131,6 @@ extern int conn_ctx_stack_ndx;
struct vfs_init_function_entry;
extern struct vfs_init_function_entry *backends;
extern char *sparse_buf;
-extern char *LastDir;
/* Current number of oplocks we have outstanding. */
extern int32_t exclusive_oplocks_open;
diff --git a/source3/smbd/lanman.c b/source3/smbd/lanman.c
index 7ee6c9b59c..27115021bf 100644
--- a/source3/smbd/lanman.c
+++ b/source3/smbd/lanman.c
@@ -1569,7 +1569,9 @@ static bool check_share_info(int uLevel, char* id)
}
break;
case 1:
- if (strcmp(id,"B13BWz") != 0) {
+ /* Level-2 descriptor is allowed (and ignored) */
+ if (strcmp(id,"B13BWz") != 0 &&
+ strcmp(id,"B13BWzWWWzB9B") != 0) {
return False;
}
break;
@@ -2616,7 +2618,7 @@ static bool api_SetUserPassword(connection_struct *conn,uint16 vuid,
*/
{
- auth_serversupplied_info *server_info = NULL;
+ struct auth_serversupplied_info *server_info = NULL;
DATA_BLOB password = data_blob(pass1, strlen(pass1)+1);
if (NT_STATUS_IS_OK(check_plaintext_password(user,password,&server_info))) {
diff --git a/source3/smbd/password.c b/source3/smbd/password.c
index 755ff5d6cd..2e63f7a395 100644
--- a/source3/smbd/password.c
+++ b/source3/smbd/password.c
@@ -248,7 +248,7 @@ static int register_homes_share(const char *username)
int register_existing_vuid(struct smbd_server_connection *sconn,
uint16 vuid,
- auth_serversupplied_info *server_info,
+ struct auth_serversupplied_info *server_info,
DATA_BLOB response_blob,
const char *smb_name)
{
diff --git a/source3/smbd/posix_acls.c b/source3/smbd/posix_acls.c
index 828053811b..7342420a89 100644
--- a/source3/smbd/posix_acls.c
+++ b/source3/smbd/posix_acls.c
@@ -1109,6 +1109,10 @@ uint32_t map_canon_ace_perms(int snum,
}
}
+ if ((perms & S_IWUSR) && lp_dos_filemode(snum)) {
+ nt_mask |= (SEC_STD_WRITE_DAC|SEC_STD_WRITE_OWNER|DELETE_ACCESS);
+ }
+
DEBUG(10,("map_canon_ace_perms: Mapped (UNIX) %x to (NT) %x\n",
(unsigned int)perms, (unsigned int)nt_mask ));
diff --git a/source3/smbd/reply.c b/source3/smbd/reply.c
index b2d98bfbc0..b6316aac46 100644
--- a/source3/smbd/reply.c
+++ b/source3/smbd/reply.c
@@ -5368,8 +5368,12 @@ void reply_rmdir(struct smb_request *req)
goto out;
}
- close_file(req, fsp, NORMAL_CLOSE);
- reply_outbuf(req, 0, 0);
+ status = close_file(req, fsp, NORMAL_CLOSE);
+ if (!NT_STATUS_IS_OK(status)) {
+ reply_nterror(req, status);
+ } else {
+ reply_outbuf(req, 0, 0);
+ }
dptr_closepath(sconn, smb_dname->base_name, req->smbpid);
diff --git a/source3/smbd/sesssetup.c b/source3/smbd/sesssetup.c
index 612cf2231a..ae99127db2 100644
--- a/source3/smbd/sesssetup.c
+++ b/source3/smbd/sesssetup.c
@@ -41,7 +41,7 @@ struct pending_auth_data {
is set approriately
*/
static NTSTATUS do_map_to_guest(NTSTATUS status,
- auth_serversupplied_info **server_info,
+ struct auth_serversupplied_info **server_info,
const char *user, const char *domain)
{
if (NT_STATUS_EQUAL(status, NT_STATUS_NO_SUCH_USER)) {
@@ -128,10 +128,10 @@ static void reply_sesssetup_blob(struct smb_request *req,
Do a 'guest' logon, getting back the
****************************************************************************/
-static NTSTATUS check_guest_password(auth_serversupplied_info **server_info)
+static NTSTATUS check_guest_password(struct auth_serversupplied_info **server_info)
{
struct auth_context *auth_context;
- auth_usersupplied_info *user_info = NULL;
+ struct auth_usersupplied_info *user_info = NULL;
NTSTATUS nt_status;
unsigned char chal[8];
@@ -244,7 +244,7 @@ static void reply_spnego_kerberos(struct smb_request *req,
NTSTATUS ret = NT_STATUS_OK;
struct PAC_DATA *pac_data = NULL;
DATA_BLOB ap_rep, ap_rep_wrapped, response;
- auth_serversupplied_info *server_info = NULL;
+ struct auth_serversupplied_info *server_info = NULL;
DATA_BLOB session_key = data_blob_null;
uint8 tok_id[2];
DATA_BLOB nullblob = data_blob_null;
@@ -1388,8 +1388,8 @@ void reply_sesssetup_and_X(struct smb_request *req)
const char *native_os;
const char *native_lanman;
const char *primary_domain;
- auth_usersupplied_info *user_info = NULL;
- auth_serversupplied_info *server_info = NULL;
+ struct auth_usersupplied_info *user_info = NULL;
+ struct auth_serversupplied_info *server_info = NULL;
uint16 smb_flag2 = req->flags2;
NTSTATUS nt_status;
diff --git a/source3/smbd/vfs.c b/source3/smbd/vfs.c
index 2ce61eed30..5acec70f54 100644
--- a/source3/smbd/vfs.c
+++ b/source3/smbd/vfs.c
@@ -706,26 +706,7 @@ const char *vfs_readdirname(connection_struct *conn, void *p,
int vfs_ChDir(connection_struct *conn, const char *path)
{
- int res;
-
- if (!LastDir) {
- LastDir = SMB_STRDUP("");
- }
-
- if (strcsequal(path,"."))
- return(0);
-
- if (*path == '/' && strcsequal(LastDir,path))
- return(0);
-
- DEBUG(4,("vfs_ChDir to %s\n",path));
-
- res = SMB_VFS_CHDIR(conn,path);
- if (!res) {
- SAFE_FREE(LastDir);
- LastDir = SMB_STRDUP(path);
- }
- return(res);
+ return SMB_VFS_CHDIR(conn,path);
}
/*******************************************************************
diff --git a/source3/utils/net_groupmap.c b/source3/utils/net_groupmap.c
index 7180a953bb..e82c7b14f2 100644
--- a/source3/utils/net_groupmap.c
+++ b/source3/utils/net_groupmap.c
@@ -299,8 +299,7 @@ static int net_groupmap_add(struct net_context *c, int argc, const char **argv)
/* append the rid to our own domain/machine SID if we don't have a full SID */
if ( !string_sid[0] ) {
- sid_copy(&sid, get_global_sam_sid());
- sid_append_rid(&sid, rid);
+ sid_compose(&sid, get_global_sam_sid(), rid);
sid_to_fstring(string_sid, &sid);
}
@@ -610,8 +609,7 @@ static int net_groupmap_set(struct net_context *c, int argc, const char **argv)
}
}
- sid_copy(&map.sid, get_global_sam_sid());
- sid_append_rid(&map.sid, c->opt_rid);
+ sid_compose(&map.sid, get_global_sam_sid(), c->opt_rid);
map.sid_name_use = SID_NAME_DOM_GRP;
fstrcpy(map.nt_name, ntgroup);
@@ -795,8 +793,7 @@ static bool print_alias_memberships(TALLOC_CTX *mem_ctx,
for (i = 0; i < num_alias_rids; i++) {
DOM_SID alias;
- sid_copy(&alias, domain_sid);
- sid_append_rid(&alias, alias_rids[i]);
+ sid_compose(&alias, domain_sid, alias_rids[i]);
printf("%s\n", sid_string_tos(&alias));
}
diff --git a/source3/utils/net_rpc.c b/source3/utils/net_rpc.c
index 7dc8c1dd2c..762af716f5 100644
--- a/source3/utils/net_rpc.c
+++ b/source3/utils/net_rpc.c
@@ -3889,8 +3889,8 @@ static NTSTATUS rpc_fetch_domain_aliases(struct rpc_pipe_client *pipe_hnd,
sid_array.sids[j].sid);
}
- sid_copy(&alias.sid, domain_sid);
- sid_append_rid(&alias.sid, groups->entries[i].idx);
+ sid_compose(&alias.sid, domain_sid,
+ groups->entries[i].idx);
push_alias(mem_ctx, &alias);
}
@@ -5450,8 +5450,7 @@ static NTSTATUS rpc_trustdom_del_internals(struct net_context *c,
}
/* append the rid to the domain sid */
- sid_copy(&trust_acct_sid, domain_sid);
- if (!sid_append_rid(&trust_acct_sid, user_rids.ids[0])) {
+ if (!sid_compose(&trust_acct_sid, domain_sid, user_rids.ids[0])) {
goto done;
}
diff --git a/source3/utils/ntlm_auth.c b/source3/utils/ntlm_auth.c
index 57e4251543..e018c28c30 100644
--- a/source3/utils/ntlm_auth.c
+++ b/source3/utils/ntlm_auth.c
@@ -223,7 +223,7 @@ DATA_BLOB get_challenge(void)
static DATA_BLOB chal;
if (opt_challenge.length)
return opt_challenge;
-
+
chal = data_blob(NULL, 8);
generate_random_buffer(chal.data, chal.length);
@@ -242,7 +242,7 @@ static bool parse_ntlm_auth_domain_user(const char *domuser, fstring domain,
if (!p) {
return False;
}
-
+
fstrcpy(user, p+1);
fstrcpy(domain, domuser);
domain[PTR_DIFF(p, domuser)] = 0;
@@ -300,23 +300,23 @@ int get_pam_winbind_config()
{
int ctrl = 0;
dictionary *d = NULL;
-
+
if (!opt_pam_winbind_conf || !*opt_pam_winbind_conf) {
opt_pam_winbind_conf = PAM_WINBIND_CONFIG_FILE;
}
d = iniparser_load(CONST_DISCARD(char *, opt_pam_winbind_conf));
-
+
if (!d) {
return 0;
}
-
+
if (iniparser_getboolean(d, CONST_DISCARD(char *, "global:krb5_auth"), false)) {
ctrl |= WINBIND_KRB5_AUTH;
}
iniparser_freedict(d);
-
+
return ctrl;
}
@@ -438,7 +438,7 @@ NTSTATUS contact_winbind_auth_crap(const char *username,
}
request.data.auth_crap.nt_resp_len = nt_response->length;
}
-
+
result = winbindd_request_response(WINBINDD_PAM_AUTH_CRAP, &request, &response);
SAFE_FREE(request.extra_data.data);
@@ -451,7 +451,7 @@ NTSTATUS contact_winbind_auth_crap(const char *username,
winbindd_free_response(&response);
return nt_status;
}
-
+
nt_status = (NT_STATUS(response.data.auth.nt_status));
if (!NT_STATUS_IS_OK(nt_status)) {
if (error_string)
@@ -533,7 +533,7 @@ static NTSTATUS contact_winbind_change_pswd_auth_crap(const char *username,
memcpy(request.data.chng_pswd_auth_crap.old_lm_hash_enc, old_lm_hash_enc.data, sizeof(request.data.chng_pswd_auth_crap.old_lm_hash_enc));
request.data.chng_pswd_auth_crap.old_lm_hash_enc_len = old_lm_hash_enc.length;
}
-
+
result = winbindd_request_response(WINBINDD_PAM_CHNG_PSWD_AUTH_CRAP, &request, &response);
/* Display response */
@@ -546,7 +546,7 @@ static NTSTATUS contact_winbind_change_pswd_auth_crap(const char *username,
winbindd_free_response(&response);
return nt_status;
}
-
+
nt_status = (NT_STATUS(response.data.auth.nt_status));
if (!NT_STATUS_IS_OK(nt_status))
{
@@ -557,7 +557,7 @@ static NTSTATUS contact_winbind_change_pswd_auth_crap(const char *username,
}
winbindd_free_response(&response);
-
+
return nt_status;
}
@@ -585,7 +585,7 @@ static NTSTATUS winbind_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB
memcpy(lm_session_key->data, lm_key, 8);
memset(lm_session_key->data+8, '\0', 8);
}
-
+
if (memcmp(user_sess_key, zeros, 16) != 0) {
*user_session_key = data_blob_talloc(ntlmssp_state, user_sess_key, 16);
}
@@ -611,7 +611,7 @@ static NTSTATUS local_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *u
struct samr_Password lm_pw, nt_pw;
nt_lm_owf_gen (opt_password, nt_pw.hash, lm_pw.hash);
-
+
nt_status = ntlm_password_check(ntlmssp_state,
true, true, 0,
&ntlmssp_state->chal,
@@ -621,7 +621,7 @@ static NTSTATUS local_pw_check(struct ntlmssp_state *ntlmssp_state, DATA_BLOB *u
ntlmssp_state->user,
ntlmssp_state->domain,
&lm_pw, &nt_pw, user_session_key, lm_session_key);
-
+
if (NT_STATUS_IS_OK(nt_status)) {
ntlmssp_state->auth_context = talloc_asprintf(ntlmssp_state,
"%s%c%s", ntlmssp_state->domain,
@@ -674,7 +674,7 @@ static NTSTATUS ntlm_auth_start_ntlmssp_client(struct ntlmssp_state **client_ntl
if (opt_password) {
status = ntlmssp_set_password(*client_ntlmssp_state, opt_password);
-
+
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Could not set password: %s\n",
nt_errstr(status)));
@@ -689,7 +689,7 @@ static NTSTATUS ntlm_auth_start_ntlmssp_client(struct ntlmssp_state **client_ntl
static NTSTATUS ntlm_auth_start_ntlmssp_server(struct ntlmssp_state **ntlmssp_state)
{
NTSTATUS status = ntlmssp_server_start(ntlmssp_state);
-
+
if (!NT_STATUS_IS_OK(status)) {
DEBUG(1, ("Could not start NTLMSSP server: %s\n",
nt_errstr(status)));
@@ -1091,7 +1091,7 @@ static void manage_squid_basic_request(struct ntlm_auth_state *state,
{
char *user, *pass;
user=buf;
-
+
pass=(char *)memchr(buf,' ',length);
if (!pass) {
DEBUG(2, ("Password not found. Denying access\n"));
@@ -1100,12 +1100,12 @@ static void manage_squid_basic_request(struct ntlm_auth_state *state,
}
*pass='\0';
pass++;
-
+
if (state->helper_mode == SQUID_2_5_BASIC) {
rfc1738_unescape(user);
rfc1738_unescape(pass);
}
-
+
if (check_plaintext_auth(user, pass, False)) {
x_fprintf(x_stdout, "OK\n");
} else {
@@ -1513,7 +1513,7 @@ static void manage_client_ntlmssp_targ(struct spnego_data spnego)
status = ntlmssp_update(client_ntlmssp_state,
spnego.negTokenTarg.responseToken,
&request);
-
+
if (!NT_STATUS_EQUAL(status, NT_STATUS_MORE_PROCESSING_REQUIRED)) {
DEBUG(1, ("Expected MORE_PROCESSING_REQUIRED from "
"ntlmssp_client_update, got: %s\n",
@@ -1530,7 +1530,7 @@ static void manage_client_ntlmssp_targ(struct spnego_data spnego)
spnego.negTokenTarg.supportedMech = (char *)OID_NTLMSSP;
spnego.negTokenTarg.responseToken = request;
spnego.negTokenTarg.mechListMIC = null_blob;
-
+
spnego_write_data(ctx, &to_server, &spnego);
data_blob_free(&request);
@@ -1684,7 +1684,7 @@ static void manage_gss_spnego_client_request(struct ntlm_auth_state *state,
/* We asked for a password and obviously got it :-) */
opt_password = SMB_STRNDUP((const char *)request.data, request.length);
-
+
if (opt_password == NULL) {
DEBUG(1, ("Out of memory\n"));
x_fprintf(x_stdout, "BH Out of memory\n");
@@ -1812,7 +1812,7 @@ static void manage_ntlm_server_1_request(struct ntlm_auth_state *state,
static char *plaintext_password;
static bool ntlm_server_1_user_session_key;
static bool ntlm_server_1_lm_session_key;
-
+
if (strequal(buf, ".")) {
if (!full_username && !username) {
x_fprintf(x_stdout, "Error: No username supplied!\n");
@@ -1842,7 +1842,7 @@ static void manage_ntlm_server_1_request(struct ntlm_auth_state *state,
if (full_username && !username) {
fstring fstr_user;
fstring fstr_domain;
-
+
if (!parse_ntlm_auth_domain_user(full_username, fstr_user, fstr_domain)) {
/* username might be 'tainted', don't print into our new-line deleimianted stream */
x_fprintf(x_stdout, "Error: Could not parse into domain and username\n");
@@ -1859,7 +1859,7 @@ static void manage_ntlm_server_1_request(struct ntlm_auth_state *state,
if (ntlm_server_1_lm_session_key)
flags |= WBFLAG_PAM_LMKEY;
-
+
if (ntlm_server_1_user_session_key)
flags |= WBFLAG_PAM_USER_SESSION_KEY;
@@ -1928,13 +1928,13 @@ static void manage_ntlm_server_1_request(struct ntlm_auth_state *state,
parameter = strstr_m(request, ":: ");
if (!parameter) {
parameter = strstr_m(request, ": ");
-
+
if (!parameter) {
DEBUG(0, ("Parameter not found!\n"));
x_fprintf(x_stdout, "Error: Parameter not found!\n.\n");
return;
}
-
+
parameter[0] ='\0';
parameter++;
parameter[0] ='\0';
@@ -2015,7 +2015,7 @@ static void manage_ntlm_change_password_1_request(struct ntlm_auth_state *state,
new_nt_pswd = data_blob(NULL, 516);
old_nt_hash_enc = data_blob(NULL, 16);
-
+
/* Calculate the MD4 hash (NT compatible) of the
* password */
E_md4hash(oldpswd, old_nt_hash);
@@ -2023,7 +2023,7 @@ static void manage_ntlm_change_password_1_request(struct ntlm_auth_state *state,
/* E_deshash returns false for 'long'
passwords (> 14 DOS chars).
-
+
Therefore, don't send a buffer
encrypted with the truncated hash
(it could allow an even easier
@@ -2052,12 +2052,12 @@ static void manage_ntlm_change_password_1_request(struct ntlm_auth_state *state,
encode_pw_buffer(new_nt_pswd.data, newpswd,
STR_UNICODE);
-
+
arcfour_crypt(new_nt_pswd.data, old_nt_hash, 516);
E_old_pw_hash(new_nt_hash, old_nt_hash,
old_nt_hash_enc.data);
}
-
+
if (!full_username && !username) {
x_fprintf(x_stdout, "Error: No username supplied!\n");
} else if ((!new_nt_pswd.data || !old_nt_hash_enc.data) &&
@@ -2066,11 +2066,11 @@ static void manage_ntlm_change_password_1_request(struct ntlm_auth_state *state,
"blobs supplied!\n");
} else {
char *error_string = NULL;
-
+
if (full_username && !username) {
fstring fstr_user;
fstring fstr_domain;
-
+
if (!parse_ntlm_auth_domain_user(full_username,
fstr_user,
fstr_domain)) {
@@ -2088,7 +2088,7 @@ static void manage_ntlm_change_password_1_request(struct ntlm_auth_state *state,
username = smb_xstrdup(fstr_user);
domain = smb_xstrdup(fstr_domain);
}
-
+
}
if(!NT_STATUS_IS_OK(contact_winbind_change_pswd_auth_crap(
@@ -2128,13 +2128,13 @@ static void manage_ntlm_change_password_1_request(struct ntlm_auth_state *state,
parameter = strstr_m(request, ":: ");
if (!parameter) {
parameter = strstr_m(request, ": ");
-
+
if (!parameter) {
DEBUG(0, ("Parameter not found!\n"));
x_fprintf(x_stdout, "Error: Parameter not found!\n.\n");
return;
}
-
+
parameter[0] ='\0';
parameter++;
parameter[0] ='\0';
diff --git a/source3/utils/pdbedit.c b/source3/utils/pdbedit.c
index 06eedef920..ac41dc0ad0 100644
--- a/source3/utils/pdbedit.c
+++ b/source3/utils/pdbedit.c
@@ -68,8 +68,7 @@ static int get_sid_from_cli_string(DOM_SID *sid, const char *str_sid)
"a complete SID or RID!\n");
return -1;
}
- sid_copy(sid, get_global_sam_sid());
- sid_append_rid(sid, rid);
+ sid_compose(sid, get_global_sam_sid(), rid);
}
return 0;
diff --git a/source3/winbindd/idmap_hash/idmap_hash.c b/source3/winbindd/idmap_hash/idmap_hash.c
index 7d4dd2b5ab..1227b2a052 100644
--- a/source3/winbindd/idmap_hash/idmap_hash.c
+++ b/source3/winbindd/idmap_hash/idmap_hash.c
@@ -193,8 +193,7 @@ static NTSTATUS unixids_to_sids(struct idmap_domain *dom,
if (!hashed_domains[h_domain].sid)
continue;
- sid_copy(ids[i]->sid, hashed_domains[h_domain].sid);
- sid_append_rid(ids[i]->sid, h_rid);
+ sid_compose(ids[i]->sid, hashed_domains[h_domain].sid, h_rid);
ids[i]->status = ID_MAPPED;
}
diff --git a/source3/winbindd/idmap_tdb.c b/source3/winbindd/idmap_tdb.c
index 189b088809..8bfe751a8b 100644
--- a/source3/winbindd/idmap_tdb.c
+++ b/source3/winbindd/idmap_tdb.c
@@ -97,8 +97,7 @@ static int convert_fn(struct db_record *rec, void *private_data)
rid = atoi(p);
- sid_copy(&sid, &domain->sid);
- sid_append_rid(&sid, rid);
+ sid_compose(&sid, &domain->sid, rid);
sid_to_fstring(keystr, &sid);
key2 = string_term_tdb_data(keystr);
diff --git a/source3/winbindd/winbindd_ads.c b/source3/winbindd/winbindd_ads.c
index d15fb86d86..f647a3ffaf 100644
--- a/source3/winbindd/winbindd_ads.c
+++ b/source3/winbindd/winbindd_ads.c
@@ -880,8 +880,7 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
goto done;
}
- sid_copy(&primary_group, &domain->sid);
- sid_append_rid(&primary_group, primary_group_rid);
+ sid_compose(&primary_group, &domain->sid, primary_group_rid);
count = ads_pull_sids(ads, mem_ctx, msg, "tokenGroups", &sids);
diff --git a/source3/winbindd/winbindd_cache.c b/source3/winbindd/winbindd_cache.c
index 68972dd18d..b7b5e6d7ed 100644
--- a/source3/winbindd/winbindd_cache.c
+++ b/source3/winbindd/winbindd_cache.c
@@ -2986,8 +2986,7 @@ void wcache_invalidate_samlogon(struct winbindd_domain *domain,
return;
}
- sid_copy(&sid, info3->base.domain_sid);
- sid_append_rid(&sid, info3->base.rid);
+ sid_compose(&sid, info3->base.domain_sid, info3->base.rid);
/* Clear U/SID cache entry */
fstr_sprintf(key_str, "U/%s", sid_to_fstring(sid_string, &sid));
diff --git a/source3/winbindd/winbindd_ccache_access.c b/source3/winbindd/winbindd_ccache_access.c
index 921110a0be..2f71aaae52 100644
--- a/source3/winbindd/winbindd_ccache_access.c
+++ b/source3/winbindd/winbindd_ccache_access.c
@@ -116,7 +116,7 @@ static NTSTATUS do_ntlm_auth_with_hashes(const char *username,
data_blob_free(&reply);
goto done;
}
- *auth_msg = reply;
+ *auth_msg = data_blob(reply.data, reply.length);
status = NT_STATUS_OK;
done:
diff --git a/source3/winbindd/winbindd_cred_cache.c b/source3/winbindd/winbindd_cred_cache.c
index e63e73221e..df09bbe1bd 100644
--- a/source3/winbindd/winbindd_cred_cache.c
+++ b/source3/winbindd/winbindd_cred_cache.c
@@ -523,11 +523,10 @@ NTSTATUS add_ccache_to_list(const char *princ_name,
"user krb5 ccache %s with %s\n", ccname,
error_message(ret)));
return krb5_to_nt_status(ret);
- } else {
- DEBUG(10, ("add_ccache_to_list: successfully destroyed "
- "krb5 ccache %s for user %s\n", ccname,
- username));
}
+ DEBUG(10, ("add_ccache_to_list: successfully destroyed "
+ "krb5 ccache %s for user %s\n", ccname,
+ username));
}
#endif
@@ -545,11 +544,11 @@ NTSTATUS add_ccache_to_list(const char *princ_name,
/* FIXME: in this case we still might want to have a krb5 cred
* event handler created - gd
* Add ticket refresh handler here */
-
+
if (!lp_winbind_refresh_tickets() || renew_until <= 0) {
return NT_STATUS_OK;
}
-
+
if (!entry->event) {
if (postponed_request) {
t = timeval_current_ofs(MAX(30, lp_winbind_cache_time()), 0);
@@ -586,7 +585,7 @@ NTSTATUS add_ccache_to_list(const char *princ_name,
DEBUG(10,("add_ccache_to_list: added krb5_ticket handler\n"));
}
-
+
return NT_STATUS_OK;
}
diff --git a/source3/winbindd/winbindd_creds.c b/source3/winbindd/winbindd_creds.c
index 98a16ee937..46c7a06f7c 100644
--- a/source3/winbindd/winbindd_creds.c
+++ b/source3/winbindd/winbindd_creds.c
@@ -4,17 +4,17 @@
Winbind daemon - cached credentials funcions
Copyright (C) Guenther Deschner 2005
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -66,10 +66,8 @@ NTSTATUS winbindd_store_creds(struct winbindd_domain *domain,
if (info3 != NULL) {
- DOM_SID sid;
- sid_copy(&sid, info3->base.domain_sid);
- sid_append_rid(&sid, info3->base.rid);
- sid_copy(&cred_sid, &sid);
+ sid_compose(&cred_sid, info3->base.domain_sid,
+ info3->base.rid);
info3->base.user_flags |= NETLOGON_CACHED_ACCOUNT;
} else if (user_sid != NULL) {
diff --git a/source3/winbindd/winbindd_pam.c b/source3/winbindd/winbindd_pam.c
index 357b6463d5..4658231a5c 100644
--- a/source3/winbindd/winbindd_pam.c
+++ b/source3/winbindd/winbindd_pam.c
@@ -195,8 +195,8 @@ static NTSTATUS append_afs_token(TALLOC_CTX *mem_ctx,
DOM_SID user_sid;
fstring sidstr;
- sid_copy(&user_sid, info3->base.domain_sid);
- sid_append_rid(&user_sid, info3->base.rid);
+ sid_compose(&user_sid, info3->base.domain_sid,
+ info3->base.rid);
sid_to_fstring(sidstr, &user_sid);
afsname = talloc_string_sub(mem_ctx, afsname,
"%s", sidstr);
diff --git a/source3/winbindd/winbindd_rpc.c b/source3/winbindd/winbindd_rpc.c
index 2146953639..87494db2bb 100644
--- a/source3/winbindd/winbindd_rpc.c
+++ b/source3/winbindd/winbindd_rpc.c
@@ -612,9 +612,8 @@ static NTSTATUS lookup_usergroups(struct winbindd_domain *domain,
return NT_STATUS_NO_MEMORY;
for (i=0;i<(*num_groups);i++) {
- sid_copy(&((*user_grpsids)[i]), &domain->sid);
- sid_append_rid(&((*user_grpsids)[i]),
- rid_array->rids[i].rid);
+ sid_compose(&((*user_grpsids)[i]), &domain->sid,
+ rid_array->rids[i].rid);
}
return NT_STATUS_OK;
diff --git a/source4/VERSION b/source4/VERSION
index ed8d2b0350..76e66da6bd 100644
--- a/source4/VERSION
+++ b/source4/VERSION
@@ -57,7 +57,7 @@ SAMBA_VERSION_TP_RELEASE=
# e.g. SAMBA_VERSION_ALPHA_RELEASE=1 #
# -> "4.0.0alpha1" #
########################################################
-SAMBA_VERSION_ALPHA_RELEASE=11
+SAMBA_VERSION_ALPHA_RELEASE=12
########################################################
# For 'pre' releases the version will be #
diff --git a/source4/auth/auth.h b/source4/auth/auth.h
index fa2329df32..827b441478 100644
--- a/source4/auth/auth.h
+++ b/source4/auth/auth.h
@@ -1,19 +1,19 @@
-/*
+/*
Unix SMB/CIFS implementation.
Standardised Authentication types
Copyright (C) Andrew Bartlett 2001
Copyright (C) Stefan Metzmacher 2005
-
+
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -79,13 +79,13 @@ struct auth_usersupplied_info
struct samr_Password *lanman;
struct samr_Password *nt;
} hash;
-
+
char *plaintext;
} password;
uint32_t flags;
};
-struct auth_serversupplied_info
+struct auth_serversupplied_info
{
struct dom_sid *account_sid;
struct dom_sid *primary_group_sid;
@@ -105,7 +105,7 @@ struct auth_serversupplied_info
const char *home_directory;
const char *home_drive;
const char *logon_server;
-
+
NTTIME last_logon;
NTTIME last_logoff;
NTTIME acct_expiry;
@@ -149,7 +149,7 @@ struct auth_operations {
struct auth_serversupplied_info **server_info);
/* Lookup a 'server info' return based only on the principal */
- NTSTATUS (*get_server_info_principal)(TALLOC_CTX *mem_ctx,
+ NTSTATUS (*get_server_info_principal)(TALLOC_CTX *mem_ctx,
struct auth_context *auth_context,
const char *principal,
struct auth_serversupplied_info **server_info);
@@ -165,12 +165,12 @@ struct auth_method_context {
struct auth_context {
struct {
- /* Who set this up in the first place? */
+ /* Who set this up in the first place? */
const char *set_by;
bool may_be_modified;
- DATA_BLOB data;
+ DATA_BLOB data;
} challenge;
/* methods, in the order they should be called */
@@ -187,16 +187,16 @@ struct auth_context {
NTSTATUS (*check_password)(struct auth_context *auth_ctx,
TALLOC_CTX *mem_ctx,
- const struct auth_usersupplied_info *user_info,
+ const struct auth_usersupplied_info *user_info,
struct auth_serversupplied_info **server_info);
-
+
NTSTATUS (*get_challenge)(struct auth_context *auth_ctx, uint8_t chal[8]);
bool (*challenge_may_be_modified)(struct auth_context *auth_ctx);
NTSTATUS (*set_challenge)(struct auth_context *auth_ctx, const uint8_t chal[8], const char *set_by);
-
- NTSTATUS (*get_server_info_principal)(TALLOC_CTX *mem_ctx,
+
+ NTSTATUS (*get_server_info_principal)(TALLOC_CTX *mem_ctx,
struct auth_context *auth_context,
const char *principal,
struct auth_serversupplied_info **server_info);
@@ -213,7 +213,7 @@ struct auth_critical_sizes {
int sizeof_auth_serversupplied_info;
};
- NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth_context *auth_context,
+ NTSTATUS encrypt_user_info(TALLOC_CTX *mem_ctx, struct auth_context *auth_context,
enum auth_password_state to_state,
const struct auth_usersupplied_info *user_info_in,
const struct auth_usersupplied_info **user_info_encrypted);
@@ -240,22 +240,22 @@ struct auth_session_info *system_session(struct loadparm_context *lp_ctx);
NTSTATUS authsam_make_server_info(TALLOC_CTX *mem_ctx, struct ldb_context *sam_ctx,
const char *netbios_name,
const char *domain_name,
- struct ldb_dn *domain_dn,
+ struct ldb_dn *domain_dn,
struct ldb_message *msg,
DATA_BLOB user_sess_key, DATA_BLOB lm_sess_key,
struct auth_serversupplied_info **_server_info);
-NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx,
+NTSTATUS auth_system_session_info(TALLOC_CTX *parent_ctx,
struct loadparm_context *lp_ctx,
struct auth_session_info **_session_info) ;
NTSTATUS auth_nt_status_squash(NTSTATUS nt_status);
-NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **methods,
+NTSTATUS auth_context_create_methods(TALLOC_CTX *mem_ctx, const char **methods,
struct tevent_context *ev,
struct messaging_context *msg,
struct loadparm_context *lp_ctx,
struct auth_context **auth_ctx);
-NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx,
+NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx,
struct tevent_context *ev,
struct messaging_context *msg,
struct loadparm_context *lp_ctx,
@@ -263,7 +263,7 @@ NTSTATUS auth_context_create(TALLOC_CTX *mem_ctx,
NTSTATUS auth_check_password(struct auth_context *auth_ctx,
TALLOC_CTX *mem_ctx,
- const struct auth_usersupplied_info *user_info,
+ const struct auth_usersupplied_info *user_info,
struct auth_serversupplied_info **server_info);
NTSTATUS auth_init(void);
NTSTATUS auth_register(const struct auth_operations *ops);
diff --git a/source4/auth/kerberos/kerberos_pac.c b/source4/auth/kerberos/kerberos_pac.c
index 7a6d008562..ecd35f3dfa 100644
--- a/source4/auth/kerberos/kerberos_pac.c
+++ b/source4/auth/kerberos/kerberos_pac.c
@@ -1,8 +1,8 @@
-/*
+/*
Unix SMB/CIFS implementation.
Create and parse the krb5 PAC
-
+
Copyright (C) Andrew Bartlett <abartlet@samba.org> 2004-2005,2008
Copyright (C) Andrew Tridgell 2001
Copyright (C) Luke Howard 2002-2003
@@ -12,13 +12,13 @@
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
-
+
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
-
+
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
@@ -31,7 +31,7 @@
#include "lib/ldb/include/ldb.h"
#include "auth/auth_sam_reply.h"
-krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
+krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
DATA_BLOB pac_data,
struct PAC_SIGNATURE_DATA *sig,
krb5_context context,
@@ -50,7 +50,7 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
0,
&crypto);
if (ret) {
- DEBUG(0,("krb5_crypto_init() failed: %s\n",
+ DEBUG(0,("krb5_crypto_init() failed: %s\n",
smb_get_krb5_error_message(context, ret, mem_ctx)));
return ret;
}
@@ -113,7 +113,7 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
return NT_STATUS_NO_MEMORY;
}
- ndr_err = ndr_pull_struct_blob(&blob, pac_data,
+ ndr_err = ndr_pull_struct_blob(&blob, pac_data,
iconv_convenience, pac_data,
(ndr_pull_flags_fn_t)ndr_pull_PAC_DATA);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
@@ -129,7 +129,7 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
return NT_STATUS_INVALID_PARAMETER;
}
- ndr_err = ndr_pull_struct_blob(&blob, pac_data_raw,
+ ndr_err = ndr_pull_struct_blob(&blob, pac_data_raw,
iconv_convenience, pac_data_raw,
(ndr_pull_flags_fn_t)ndr_pull_PAC_DATA_RAW);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
@@ -210,7 +210,7 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
/* Find and zero out the signatures, as required by the signing algorithm */
/* We find the data blobs above, now we parse them to get at the exact portion we should zero */
- ndr_err = ndr_pull_struct_blob(kdc_sig_blob, kdc_sig_wipe,
+ ndr_err = ndr_pull_struct_blob(kdc_sig_blob, kdc_sig_wipe,
iconv_convenience, kdc_sig_wipe,
(ndr_pull_flags_fn_t)ndr_pull_PAC_SIGNATURE_DATA);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
@@ -219,8 +219,8 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
nt_errstr(status)));
return status;
}
-
- ndr_err = ndr_pull_struct_blob(srv_sig_blob, srv_sig_wipe,
+
+ ndr_err = ndr_pull_struct_blob(srv_sig_blob, srv_sig_wipe,
iconv_convenience, srv_sig_wipe,
(ndr_pull_flags_fn_t)ndr_pull_PAC_SIGNATURE_DATA);
if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
@@ -233,9 +233,9 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
/* Now zero the decoded structure */
memset(kdc_sig_wipe->signature.data, '\0', kdc_sig_wipe->signature.length);
memset(srv_sig_wipe->signature.data, '\0', srv_sig_wipe->signature.length);
-
+
/* and reencode, back into the same place it came from */
- ndr_err = ndr_push_struct_blob(kdc_sig_blob, pac_data_raw,
+ ndr_err = ndr_push_struct_blob(kdc_sig_blob, pac_data_raw,
iconv_convenience,
kdc_sig_wipe,
(ndr_push_flags_fn_t)ndr_push_PAC_SIGNATURE_DATA);
@@ -245,7 +245,7 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
nt_errstr(status)));
return status;
}
- ndr_err = ndr_push_struct_blob(srv_sig_blob, pac_data_raw,
+ ndr_err = ndr_push_struct_blob(srv_sig_blob, pac_data_raw,
iconv_convenience,
srv_sig_wipe,
(ndr_push_flags_fn_t)ndr_push_PAC_SIGNATURE_DATA);
@@ -257,7 +257,7 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
}
/* push out the whole structure, but now with zero'ed signatures */
- ndr_err = ndr_push_struct_blob(&modified_pac_blob, pac_data_raw,
+ ndr_err = ndr_push_struct_blob(&modified_pac_blob, pac_data_raw,
iconv_convenience,
pac_data_raw,
(ndr_push_flags_fn_t)ndr_push_PAC_DATA_RAW);
@@ -269,9 +269,9 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
}
/* verify by service_key */
- ret = check_pac_checksum(mem_ctx,
- modified_pac_blob, srv_sig_ptr,
- context,
+ ret = check_pac_checksum(mem_ctx,
+ modified_pac_blob, srv_sig_ptr,
+ context,
service_keyblock);
if (ret) {
DEBUG(1, ("PAC Decode: Failed to verify the service signature: %s\n",
@@ -283,8 +283,8 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
}
if (krbtgt_keyblock) {
- ret = check_pac_checksum(mem_ctx,
- srv_sig_ptr->signature, kdc_sig_ptr,
+ ret = check_pac_checksum(mem_ctx,
+ srv_sig_ptr->signature, kdc_sig_ptr,
context, krbtgt_keyblock);
if (ret) {
DEBUG(1, ("PAC Decode: Failed to verify the KDC signature: %s\n",
@@ -306,11 +306,11 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
return NT_STATUS_ACCESS_DENIED;
}
- ret = krb5_parse_name_flags(context, logon_name->account_name, KRB5_PRINCIPAL_PARSE_NO_REALM,
+ ret = krb5_parse_name_flags(context, logon_name->account_name, KRB5_PRINCIPAL_PARSE_NO_REALM,
&client_principal_pac);
if (ret) {
- DEBUG(2, ("Could not parse name from incoming PAC: [%s]: %s\n",
- logon_name->account_name,
+ DEBUG(2, ("Could not parse name from incoming PAC: [%s]: %s\n",
+ logon_name->account_name,
smb_get_krb5_error_message(context, ret, mem_ctx)));
if (k5ret) {
*k5ret = ret;
@@ -319,20 +319,20 @@ krb5_error_code check_pac_checksum(TALLOC_CTX *mem_ctx,
}
if (!krb5_principal_compare_any_realm(context, client_principal, client_principal_pac)) {
- DEBUG(2, ("Name in PAC [%s] does not match principal name in ticket\n",
+ DEBUG(2, ("Name in PAC [%s] does not match principal name in ticket\n",
logon_name->account_name));
return NT_STATUS_ACCESS_DENIED;
}
-
+
#if 0
- if (strcasecmp(logon_info->info3.base.account_name.string,
+ if (strcasecmp(logon_info->info3.base.account_name.string,
"Administrator")== 0) {
file_save("tmp_pac_data-admin.dat",blob.data,blob.length);
}
#endif
DEBUG(3,("Found account name from PAC: %s [%s]\n",
- logon_info->info3.base.account_name.string,
+ logon_info->info3.base.account_name.string,
logon_info->info3.base.full_name.string));
*pac_data_out = pac_data;
@@ -347,20 +347,20 @@ _PUBLIC_ NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx,
const krb5_keyblock *krbtgt_keyblock,
const krb5_keyblock *service_keyblock,
krb5_const_principal client_principal,
- time_t tgs_authtime,
+ time_t tgs_authtime,
krb5_error_code *k5ret)
{
NTSTATUS nt_status;
struct PAC_DATA *pac_data;
int i;
- nt_status = kerberos_decode_pac(mem_ctx,
+ nt_status = kerberos_decode_pac(mem_ctx,
iconv_convenience,
&pac_data,
blob,
context,
krbtgt_keyblock,
service_keyblock,
- client_principal,
+ client_principal,
tgs_authtime,
k5ret);
if (!NT_STATUS_IS_OK(nt_status)) {
@@ -372,7 +372,7 @@ _PUBLIC_ NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx,
if (pac_data->buffers[i].type != PAC_TYPE_LOGON_INFO) {
continue;
}
- *logon_info = pac_data->buffers[i].info->logon_info.info;
+ *logon_info = pac_data->buffers[i].info->logon_info.info;
}
if (!*logon_info) {
return NT_STATUS_INVALID_PARAMETER;
@@ -380,7 +380,7 @@ _PUBLIC_ NTSTATUS kerberos_pac_logon_info(TALLOC_CTX *mem_ctx,
return NT_STATUS_OK;
}
-static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
+static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
DATA_BLOB *pac_data,
struct PAC_SIGNATURE_DATA *sig,
krb5_context context,
@@ -408,7 +408,7 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
pac_data->length,
&cksum);
if (ret) {
- DEBUG(2, ("PAC Verification failed: %s\n",
+ DEBUG(2, ("PAC Verification failed: %s\n",
smb_get_krb5_error_message(context, ret, mem_ctx)));
}
@@ -431,7 +431,7 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
krb5_context context,
const krb5_keyblock *krbtgt_keyblock,
const krb5_keyblock *service_keyblock,
- DATA_BLOB *pac)
+ DATA_BLOB *pac)
{
NTSTATUS nt_status;
krb5_error_code ret;
@@ -447,28 +447,28 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
if (pac_data->buffers[i].type != PAC_TYPE_KDC_CHECKSUM) {
continue;
}
- kdc_checksum = &pac_data->buffers[i].info->kdc_cksum,
+ kdc_checksum = &pac_data->buffers[i].info->kdc_cksum,
ret = make_pac_checksum(mem_ctx, &zero_blob,
- kdc_checksum,
+ kdc_checksum,
context, krbtgt_keyblock);
if (ret) {
- DEBUG(2, ("making krbtgt PAC checksum failed: %s\n",
+ DEBUG(2, ("making krbtgt PAC checksum failed: %s\n",
smb_get_krb5_error_message(context, ret, mem_ctx)));
talloc_free(pac_data);
return ret;
}
}
-
+
for (i=0; i < pac_data->num_buffers; i++) {
if (pac_data->buffers[i].type != PAC_TYPE_SRV_CHECKSUM) {
continue;
}
- srv_checksum = &pac_data->buffers[i].info->srv_cksum;
- ret = make_pac_checksum(mem_ctx, &zero_blob,
- srv_checksum,
+ srv_checksum = &pac_data->buffers[i].info->srv_cksum;
+ ret = make_pac_checksum(mem_ctx, &zero_blob,
+ srv_checksum,
context, service_keyblock);
if (ret) {
- DEBUG(2, ("making service PAC checksum failed: %s\n",
+ DEBUG(2, ("making service PAC checksum failed: %s\n",
smb_get_krb5_error_message(context, ret, mem_ctx)));
talloc_free(pac_data);
return ret;
@@ -488,7 +488,7 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
memset(kdc_checksum->signature.data, '\0', kdc_checksum->signature.length);
memset(srv_checksum->signature.data, '\0', srv_checksum->signature.length);
- ndr_err = ndr_push_struct_blob(&tmp_blob, mem_ctx,
+ ndr_err = ndr_push_struct_blob(&tmp_blob, mem_ctx,
iconv_convenience,
pac_data,
(ndr_push_flags_fn_t)ndr_push_PAC_DATA);
@@ -506,14 +506,14 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
/* Then sign Server checksum */
ret = make_pac_checksum(mem_ctx, &srv_checksum->signature, kdc_checksum, context, krbtgt_keyblock);
if (ret) {
- DEBUG(2, ("making krbtgt PAC checksum failed: %s\n",
+ DEBUG(2, ("making krbtgt PAC checksum failed: %s\n",
smb_get_krb5_error_message(context, ret, mem_ctx)));
talloc_free(pac_data);
return ret;
}
/* And push it out again, this time to the world. This relies on determanistic pointer values */
- ndr_err = ndr_push_struct_blob(&tmp_blob, mem_ctx,
+ ndr_err = ndr_push_struct_blob(&tmp_blob, mem_ctx,
iconv_convenience,
pac_data,
(ndr_push_flags_fn_t)ndr_push_PAC_DATA);
@@ -552,7 +552,7 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
union PAC_INFO *u_SRV_CHECKSUM;
char *name;
-
+
enum {
PAC_BUF_LOGON_INFO = 0,
PAC_BUF_LOGON_NAME = 1,
@@ -568,7 +568,7 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
pac_data->num_buffers = PAC_BUF_NUM_BUFFERS;
pac_data->version = 0;
- pac_data->buffers = talloc_array(pac_data,
+ pac_data->buffers = talloc_array(pac_data,
struct PAC_BUFFER,
pac_data->num_buffers);
if (!pac_data->buffers) {
@@ -630,7 +630,7 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
u_LOGON_INFO->logon_info.info = LOGON_INFO;
LOGON_INFO->info3 = *sam3;
- ret = krb5_unparse_name_flags(context, client_principal,
+ ret = krb5_unparse_name_flags(context, client_principal,
KRB5_PRINCIPAL_UNPARSE_NO_REALM, &name);
if (ret) {
return ret;
@@ -643,9 +643,9 @@ static krb5_error_code make_pac_checksum(TALLOC_CTX *mem_ctx,
*/
unix_to_nt_time(&LOGON_NAME->logon_time, tgs_authtime);
- ret = kerberos_encode_pac(mem_ctx,
+ ret = kerberos_encode_pac(mem_ctx,
iconv_convenience,
- pac_data,
+ pac_data,
context,
krbtgt_keyblock,
service_keyblock,
@@ -658,7 +658,7 @@ krb5_error_code kerberos_pac_to_server_info(TALLOC_CTX *mem_ctx,
struct smb_iconv_convenience *iconv_convenience,
krb5_pac pac,
krb5_context context,
- struct auth_serversupplied_info **server_info)
+ struct auth_serversupplied_info **server_info)
{
NTSTATUS nt_status;
enum ndr_err_code ndr_err;
@@ -701,12 +701,12 @@ krb5_error_code kerberos_pac_to_server_info(TALLOC_CTX *mem_ctx,
nt_status = make_server_info_netlogon_validation(mem_ctx,
"",
3, &validation,
- &server_info_out);
+ &server_info_out);
if (!NT_STATUS_IS_OK(nt_status)) {
talloc_free(tmp_ctx);
return EINVAL;
}
-
+
ret = krb5_pac_get_buffer(context, pac, PAC_TYPE_SRV_CHECKSUM, &k5pac_srv_checksum_in);
if (ret != 0) {
talloc_free(tmp_ctx);
@@ -714,8 +714,8 @@ krb5_error_code kerberos_pac_to_server_info(TALLOC_CTX *mem_ctx,
}
pac_srv_checksum_in = data_blob_const(k5pac_srv_checksum_in.data, k5pac_srv_checksum_in.length);
-
- ndr_err = ndr_pull_struct_blob(&pac_srv_checksum_in, server_info_out,
+
+ ndr_err = ndr_pull_struct_blob(&pac_srv_checksum_in, server_info_out,
iconv_convenience, &server_info_out->pac_srv_sig,
(ndr_pull_flags_fn_t)ndr_pull_PAC_SIGNATURE_DATA);
krb5_data_free(&k5pac_srv_checksum_in);
@@ -733,8 +733,8 @@ krb5_error_code kerberos_pac_to_server_info(TALLOC_CTX *mem_ctx,
}
pac_kdc_checksum_in = data_blob_const(k5pac_kdc_checksum_in.data, k5pac_kdc_checksum_in.length);
-
- ndr_err = ndr_pull_struct_blob(&pac_kdc_checksum_in, server_info_out,
+
+ ndr_err = ndr_pull_struct_blob(&pac_kdc_checksum_in, server_info_out,
iconv_convenience, &server_info_out->pac_kdc_sig,
(ndr_pull_flags_fn_t)ndr_pull_PAC_SIGNATURE_DATA);
krb5_data_free(&k5pac_kdc_checksum_in);
@@ -746,21 +746,21 @@ krb5_error_code kerberos_pac_to_server_info(TALLOC_CTX *mem_ctx,
}
*server_info = server_info_out;
-
+
return 0;
}
NTSTATUS kerberos_pac_blob_to_server_info(TALLOC_CTX *mem_ctx,
struct smb_iconv_convenience *iconv_convenience,
- DATA_BLOB pac_blob,
+ DATA_BLOB pac_blob,
krb5_context context,
- struct auth_serversupplied_info **server_info)
+ struct auth_serversupplied_info **server_info)
{
krb5_error_code ret;
krb5_pac pac;
- ret = krb5_pac_parse(context,
- pac_blob.data, pac_blob.length,
+ ret = krb5_pac_parse(context,
+ pac_blob.data, pac_blob.length,
&pac);
if (ret) {
return map_nt_error_from_unix(ret);
diff --git a/source4/dsdb/common/util.c b/source4/dsdb/common/util.c
index b8ba26a4ec..6147940e3b 100644
--- a/source4/dsdb/common/util.c
+++ b/source4/dsdb/common/util.c
@@ -1196,11 +1196,18 @@ const struct dom_sid *samdb_domain_sid(struct ldb_context *ldb)
return domain_sid;
failed:
- DEBUG(1,("Failed to find domain_sid for open ldb\n"));
talloc_free(tmp_ctx);
return NULL;
}
+/*
+ get domain sid from cache
+*/
+const struct dom_sid *samdb_domain_sid_cache_only(struct ldb_context *ldb)
+{
+ return (struct dom_sid *)ldb_get_opaque(ldb, "cache.domain_sid");
+}
+
bool samdb_set_domain_sid(struct ldb_context *ldb, const struct dom_sid *dom_sid_in)
{
TALLOC_CTX *tmp_ctx;
@@ -1521,6 +1528,86 @@ struct ldb_dn *samdb_server_site_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx
return server_site_dn;
}
+/*
+ find a 'reference' DN that points at another object
+ (eg. serverReference, rIDManagerReference etc)
+ */
+int samdb_reference_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct ldb_dn *base,
+ const char *attribute, struct ldb_dn **dn)
+{
+ const char *attrs[2];
+ struct ldb_result *res;
+ int ret;
+
+ attrs[0] = attribute;
+ attrs[1] = NULL;
+
+ ret = ldb_search(ldb, mem_ctx, &res, base, LDB_SCOPE_BASE, attrs, NULL);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+ if (res->count != 1) {
+ talloc_free(res);
+ return LDB_ERR_NO_SUCH_OBJECT;
+ }
+
+ *dn = ldb_msg_find_attr_as_dn(ldb, mem_ctx, res->msgs[0], attribute);
+ if (!*dn) {
+ talloc_free(res);
+ return LDB_ERR_NO_SUCH_ATTRIBUTE;
+ }
+
+ talloc_free(res);
+ return LDB_SUCCESS;
+}
+
+/*
+ find our machine account via the serverReference attribute in the
+ server DN
+ */
+int samdb_server_reference_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct ldb_dn **dn)
+{
+ struct ldb_dn *server_dn;
+ int ret;
+
+ server_dn = samdb_server_dn(ldb, mem_ctx);
+ if (server_dn == NULL) {
+ return LDB_ERR_NO_SUCH_OBJECT;
+ }
+
+ ret = samdb_reference_dn(ldb, mem_ctx, server_dn, "serverReference", dn);
+ talloc_free(server_dn);
+
+ return ret;
+}
+
+/*
+ find the RID Manager$ DN via the rIDManagerReference attribute in the
+ base DN
+ */
+int samdb_rid_manager_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct ldb_dn **dn)
+{
+ return samdb_reference_dn(ldb, mem_ctx, samdb_base_dn(ldb), "rIDManagerReference", dn);
+}
+
+/*
+ find the RID Set DN via the rIDSetReferences attribute in our
+ machine account DN
+ */
+int samdb_rid_set_dn(struct ldb_context *ldb, TALLOC_CTX *mem_ctx, struct ldb_dn **dn)
+{
+ struct ldb_dn *server_ref_dn;
+ int ret;
+
+ ret = samdb_server_reference_dn(ldb, mem_ctx, &server_ref_dn);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+ ret = samdb_reference_dn(ldb, mem_ctx, server_ref_dn, "rIDSetReferences", dn);
+ talloc_free(server_ref_dn);
+ return ret;
+}
+
const char *samdb_server_site_name(struct ldb_context *ldb, TALLOC_CTX *mem_ctx)
{
const struct ldb_val *val = ldb_dn_get_rdn_val(samdb_server_site_dn(ldb, mem_ctx));
@@ -2353,16 +2440,20 @@ int dsdb_search_dn_with_deleted(struct ldb_context *ldb,
/*
- use a DN to find a GUID
+ use a DN to find a GUID with a given attribute name
*/
-int dsdb_find_guid_by_dn(struct ldb_context *ldb,
- struct ldb_dn *dn, struct GUID *guid)
+int dsdb_find_guid_attr_by_dn(struct ldb_context *ldb,
+ struct ldb_dn *dn, const char *attribute,
+ struct GUID *guid)
{
int ret;
struct ldb_result *res;
- const char *attrs[] = { "objectGUID", NULL };
+ const char *attrs[2];
TALLOC_CTX *tmp_ctx = talloc_new(ldb);
+ attrs[0] = attribute;
+ attrs[1] = NULL;
+
ret = dsdb_search_dn_with_deleted(ldb, tmp_ctx, &res, dn, attrs);
if (ret != LDB_SUCCESS) {
talloc_free(tmp_ctx);
@@ -2372,11 +2463,20 @@ int dsdb_find_guid_by_dn(struct ldb_context *ldb,
talloc_free(tmp_ctx);
return LDB_ERR_NO_SUCH_OBJECT;
}
- *guid = samdb_result_guid(res->msgs[0], "objectGUID");
+ *guid = samdb_result_guid(res->msgs[0], attribute);
talloc_free(tmp_ctx);
return LDB_SUCCESS;
}
+/*
+ use a DN to find a GUID
+ */
+int dsdb_find_guid_by_dn(struct ldb_context *ldb,
+ struct ldb_dn *dn, struct GUID *guid)
+{
+ return dsdb_find_guid_attr_by_dn(ldb, dn, "objectGUID", guid);
+}
+
/*
@@ -2717,6 +2817,12 @@ int drsuapi_DsReplicaCursor2_compare(const struct drsuapi_DsReplicaCursor2 *c1,
return GUID_compare(&c1->source_dsa_invocation_id, &c2->source_dsa_invocation_id);
}
+int drsuapi_DsReplicaCursor_compare(const struct drsuapi_DsReplicaCursor *c1,
+ const struct drsuapi_DsReplicaCursor *c2)
+{
+ return GUID_compare(&c1->source_dsa_invocation_id, &c2->source_dsa_invocation_id);
+}
+
/*
see if we are a RODC
@@ -3099,3 +3205,19 @@ int dsdb_tombstone_lifetime(struct ldb_context *ldb, uint32_t *lifetime)
talloc_free(dn);
return LDB_SUCCESS;
}
+
+/*
+ compare a ldb_val to a string case insensitively
+ */
+int samdb_ldb_val_case_cmp(const char *s, struct ldb_val *v)
+{
+ size_t len = strlen(s);
+ int ret;
+ if (len > v->length) return 1;
+ ret = strncasecmp(s, (const char *)v->data, v->length);
+ if (ret != 0) return ret;
+ if (v->length > len && v->data[len] != 0) {
+ return -1;
+ }
+ return 0;
+}
diff --git a/source4/dsdb/config.mk b/source4/dsdb/config.mk
index 35a0c84903..3226c08ec0 100644
--- a/source4/dsdb/config.mk
+++ b/source4/dsdb/config.mk
@@ -64,7 +64,8 @@ DREPL_SRV_OBJ_FILES = $(addprefix $(dsdbsrcdir)/repl/, \
drepl_partitions.o \
drepl_out_pull.o \
drepl_out_helpers.o \
- drepl_notify.o)
+ drepl_notify.o \
+ drepl_ridalloc.o)
$(eval $(call proto_header_template,$(dsdbsrcdir)/repl/drepl_service_proto.h,$(DREPL_SRV_OBJ_FILES:.o=.c)))
diff --git a/source4/dsdb/repl/drepl_out_helpers.c b/source4/dsdb/repl/drepl_out_helpers.c
index 722db4f8ee..a4f5d1faec 100644
--- a/source4/dsdb/repl/drepl_out_helpers.c
+++ b/source4/dsdb/repl/drepl_out_helpers.c
@@ -202,81 +202,90 @@ NTSTATUS dreplsrv_out_drsuapi_recv(struct tevent_req *req)
}
struct dreplsrv_op_pull_source_state {
- struct composite_context *creq;
-
struct dreplsrv_out_operation *op;
-
- struct dreplsrv_drsuapi_connection *drsuapi;
-
- bool have_all;
-
- uint32_t ctr_level;
- struct drsuapi_DsGetNCChangesCtr1 *ctr1;
- struct drsuapi_DsGetNCChangesCtr6 *ctr6;
};
static void dreplsrv_op_pull_source_connect_done(struct tevent_req *subreq);
-struct composite_context *dreplsrv_op_pull_source_send(struct dreplsrv_out_operation *op)
+struct tevent_req *dreplsrv_op_pull_source_send(TALLOC_CTX *mem_ctx,
+ struct tevent_context *ev,
+ struct dreplsrv_out_operation *op)
{
- struct composite_context *c;
- struct dreplsrv_op_pull_source_state *st;
+ struct tevent_req *req;
+ struct dreplsrv_op_pull_source_state *state;
struct tevent_req *subreq;
- c = composite_create(op, op->service->task->event_ctx);
- if (c == NULL) return NULL;
-
- st = talloc_zero(c, struct dreplsrv_op_pull_source_state);
- if (composite_nomem(st, c)) return c;
+ req = tevent_req_create(mem_ctx, &state,
+ struct dreplsrv_op_pull_source_state);
+ if (req == NULL) {
+ return NULL;
+ }
- st->creq = c;
- st->op = op;
+ state->op = op;
- subreq = dreplsrv_out_drsuapi_send(st,
- op->service->task->event_ctx,
- op->source_dsa->conn);
- if (composite_nomem(subreq, c)) return c;
- tevent_req_set_callback(subreq, dreplsrv_op_pull_source_connect_done, st);
+ subreq = dreplsrv_out_drsuapi_send(state, ev, op->source_dsa->conn);
+ if (tevent_req_nomem(subreq, req)) {
+ return tevent_req_post(req, ev);
+ }
+ tevent_req_set_callback(subreq, dreplsrv_op_pull_source_connect_done, req);
- return c;
+ return req;
}
-static void dreplsrv_op_pull_source_get_changes_send(struct dreplsrv_op_pull_source_state *st);
+static void dreplsrv_op_pull_source_get_changes_trigger(struct tevent_req *req);
static void dreplsrv_op_pull_source_connect_done(struct tevent_req *subreq)
{
- struct dreplsrv_op_pull_source_state *st = tevent_req_callback_data(subreq,
- struct dreplsrv_op_pull_source_state);
- struct composite_context *c = st->creq;
+ struct tevent_req *req = tevent_req_callback_data(subreq,
+ struct tevent_req);
+ NTSTATUS status;
- c->status = dreplsrv_out_drsuapi_recv(subreq);
+ status = dreplsrv_out_drsuapi_recv(subreq);
TALLOC_FREE(subreq);
- if (!composite_is_ok(c)) return;
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
- dreplsrv_op_pull_source_get_changes_send(st);
+ dreplsrv_op_pull_source_get_changes_trigger(req);
}
-static void dreplsrv_op_pull_source_get_changes_recv(struct rpc_request *req);
+static void dreplsrv_op_pull_source_get_changes_done(struct rpc_request *rreq);
-static void dreplsrv_op_pull_source_get_changes_send(struct dreplsrv_op_pull_source_state *st)
+static void dreplsrv_op_pull_source_get_changes_trigger(struct tevent_req *req)
{
- struct composite_context *c = st->creq;
- struct repsFromTo1 *rf1 = st->op->source_dsa->repsFrom1;
- struct dreplsrv_service *service = st->op->service;
- struct dreplsrv_partition *partition = st->op->source_dsa->partition;
- struct dreplsrv_drsuapi_connection *drsuapi = st->op->source_dsa->conn->drsuapi;
- struct rpc_request *req;
+ struct dreplsrv_op_pull_source_state *state = tevent_req_data(req,
+ struct dreplsrv_op_pull_source_state);
+ struct repsFromTo1 *rf1 = state->op->source_dsa->repsFrom1;
+ struct dreplsrv_service *service = state->op->service;
+ struct dreplsrv_partition *partition = state->op->source_dsa->partition;
+ struct dreplsrv_drsuapi_connection *drsuapi = state->op->source_dsa->conn->drsuapi;
+ struct rpc_request *rreq;
struct drsuapi_DsGetNCChanges *r;
+ struct drsuapi_DsReplicaCursorCtrEx *uptodateness_vector;
- r = talloc(st, struct drsuapi_DsGetNCChanges);
- if (composite_nomem(r, c)) return;
+ r = talloc(state, struct drsuapi_DsGetNCChanges);
+ if (tevent_req_nomem(r, req)) {
+ return;
+ }
r->out.level_out = talloc(r, int32_t);
- if (composite_nomem(r->out.level_out, c)) return;
+ if (tevent_req_nomem(r->out.level_out, req)) {
+ return;
+ }
r->in.req = talloc(r, union drsuapi_DsGetNCChangesRequest);
- if (composite_nomem(r->in.req, c)) return;
+ if (tevent_req_nomem(r->in.req, req)) {
+ return;
+ }
r->out.ctr = talloc(r, union drsuapi_DsGetNCChangesCtr);
- if (composite_nomem(r->out.ctr, c)) return;
+ if (tevent_req_nomem(r->out.ctr, req)) {
+ return;
+ }
+
+ if (partition->uptodatevector_ex.count == 0) {
+ uptodateness_vector = NULL;
+ } else {
+ uptodateness_vector = &partition->uptodatevector_ex;
+ }
r->in.bind_handle = &drsuapi->bind_handle;
if (drsuapi->remote_info28.supported_extensions & DRSUAPI_SUPPORTED_EXTENSION_GETCHGREQ_V8) {
@@ -285,12 +294,12 @@ static void dreplsrv_op_pull_source_get_changes_send(struct dreplsrv_op_pull_sou
r->in.req->req8.source_dsa_invocation_id= rf1->source_dsa_invocation_id;
r->in.req->req8.naming_context = &partition->nc;
r->in.req->req8.highwatermark = rf1->highwatermark;
- r->in.req->req8.uptodateness_vector = NULL;/*&partition->uptodatevector_ex;*/
+ r->in.req->req8.uptodateness_vector = uptodateness_vector;
r->in.req->req8.replica_flags = rf1->replica_flags;
r->in.req->req8.max_object_count = 133;
r->in.req->req8.max_ndr_size = 1336811;
- r->in.req->req8.extended_op = DRSUAPI_EXOP_NONE;
- r->in.req->req8.fsmo_info = 0;
+ r->in.req->req8.extended_op = state->op->extended_op;
+ r->in.req->req8.fsmo_info = state->op->fsmo_info;
r->in.req->req8.partial_attribute_set = NULL;
r->in.req->req8.partial_attribute_set_ex= NULL;
r->in.req->req8.mapping_ctr.num_mappings= 0;
@@ -301,40 +310,50 @@ static void dreplsrv_op_pull_source_get_changes_send(struct dreplsrv_op_pull_sou
r->in.req->req5.source_dsa_invocation_id= rf1->source_dsa_invocation_id;
r->in.req->req5.naming_context = &partition->nc;
r->in.req->req5.highwatermark = rf1->highwatermark;
- r->in.req->req5.uptodateness_vector = NULL;/*&partition->uptodatevector_ex;*/
+ r->in.req->req5.uptodateness_vector = uptodateness_vector;
r->in.req->req5.replica_flags = rf1->replica_flags;
r->in.req->req5.max_object_count = 133;
r->in.req->req5.max_ndr_size = 1336770;
- r->in.req->req5.extended_op = DRSUAPI_EXOP_NONE;
- r->in.req->req5.fsmo_info = 0;
+ r->in.req->req5.extended_op = state->op->extended_op;
+ r->in.req->req5.fsmo_info = state->op->fsmo_info;
}
- req = dcerpc_drsuapi_DsGetNCChanges_send(drsuapi->pipe, r, r);
- composite_continue_rpc(c, req, dreplsrv_op_pull_source_get_changes_recv, st);
+#if 0
+ NDR_PRINT_IN_DEBUG(drsuapi_DsGetNCChanges, r);
+#endif
+
+ rreq = dcerpc_drsuapi_DsGetNCChanges_send(drsuapi->pipe, r, r);
+ if (tevent_req_nomem(rreq, req)) {
+ return;
+ }
+ composite_continue_rpc(NULL, rreq, dreplsrv_op_pull_source_get_changes_done, req);
}
-static void dreplsrv_op_pull_source_apply_changes_send(struct dreplsrv_op_pull_source_state *st,
- struct drsuapi_DsGetNCChanges *r,
- uint32_t ctr_level,
- struct drsuapi_DsGetNCChangesCtr1 *ctr1,
- struct drsuapi_DsGetNCChangesCtr6 *ctr6);
+static void dreplsrv_op_pull_source_apply_changes_trigger(struct tevent_req *req,
+ struct drsuapi_DsGetNCChanges *r,
+ uint32_t ctr_level,
+ struct drsuapi_DsGetNCChangesCtr1 *ctr1,
+ struct drsuapi_DsGetNCChangesCtr6 *ctr6);
-static void dreplsrv_op_pull_source_get_changes_recv(struct rpc_request *req)
+static void dreplsrv_op_pull_source_get_changes_done(struct rpc_request *rreq)
{
- struct dreplsrv_op_pull_source_state *st = talloc_get_type(req->async.private_data,
- struct dreplsrv_op_pull_source_state);
- struct composite_context *c = st->creq;
- struct drsuapi_DsGetNCChanges *r = talloc_get_type(req->ndr.struct_ptr,
+ struct tevent_req *req = talloc_get_type(rreq->async.private_data,
+ struct tevent_req);
+ NTSTATUS status;
+ struct drsuapi_DsGetNCChanges *r = talloc_get_type(rreq->ndr.struct_ptr,
struct drsuapi_DsGetNCChanges);
uint32_t ctr_level = 0;
struct drsuapi_DsGetNCChangesCtr1 *ctr1 = NULL;
struct drsuapi_DsGetNCChangesCtr6 *ctr6 = NULL;
- c->status = dcerpc_ndr_request_recv(req);
- if (!composite_is_ok(c)) return;
+ status = dcerpc_ndr_request_recv(rreq);
+ if (tevent_req_nterror(req, status)) {
+ return;
+ }
if (!W_ERROR_IS_OK(r->out.result)) {
- composite_error(c, werror_to_ntstatus(r->out.result));
+ status = werror_to_ntstatus(r->out.result);
+ tevent_req_nterror(req, status);
return;
}
@@ -361,38 +380,42 @@ static void dreplsrv_op_pull_source_get_changes_recv(struct rpc_request *req)
ctr_level = 6;
ctr6 = &r->out.ctr->ctr7.ctr.xpress6.ts->ctr6;
} else {
- composite_error(c, werror_to_ntstatus(WERR_BAD_NET_RESP));
+ status = werror_to_ntstatus(WERR_BAD_NET_RESP);
+ tevent_req_nterror(req, status);
return;
}
if (!ctr1 && !ctr6) {
- composite_error(c, werror_to_ntstatus(WERR_BAD_NET_RESP));
+ status = werror_to_ntstatus(WERR_BAD_NET_RESP);
+ tevent_req_nterror(req, status);
return;
}
if (ctr_level == 6) {
if (!W_ERROR_IS_OK(ctr6->drs_error)) {
- composite_error(c, werror_to_ntstatus(ctr6->drs_error));
+ status = werror_to_ntstatus(ctr6->drs_error);
+ tevent_req_nterror(req, status);
return;
}
}
- dreplsrv_op_pull_source_apply_changes_send(st, r, ctr_level, ctr1, ctr6);
+ dreplsrv_op_pull_source_apply_changes_trigger(req, r, ctr_level, ctr1, ctr6);
}
-static void dreplsrv_update_refs_send(struct dreplsrv_op_pull_source_state *st);
+static void dreplsrv_update_refs_trigger(struct tevent_req *req);
-static void dreplsrv_op_pull_source_apply_changes_send(struct dreplsrv_op_pull_source_state *st,
- struct drsuapi_DsGetNCChanges *r,
- uint32_t ctr_level,
- struct drsuapi_DsGetNCChangesCtr1 *ctr1,
- struct drsuapi_DsGetNCChangesCtr6 *ctr6)
+static void dreplsrv_op_pull_source_apply_changes_trigger(struct tevent_req *req,
+ struct drsuapi_DsGetNCChanges *r,
+ uint32_t ctr_level,
+ struct drsuapi_DsGetNCChangesCtr1 *ctr1,
+ struct drsuapi_DsGetNCChangesCtr6 *ctr6)
{
- struct composite_context *c = st->creq;
- struct repsFromTo1 rf1 = *st->op->source_dsa->repsFrom1;
- struct dreplsrv_service *service = st->op->service;
- struct dreplsrv_partition *partition = st->op->source_dsa->partition;
- struct dreplsrv_drsuapi_connection *drsuapi = st->op->source_dsa->conn->drsuapi;
+ struct dreplsrv_op_pull_source_state *state = tevent_req_data(req,
+ struct dreplsrv_op_pull_source_state);
+ struct repsFromTo1 rf1 = *state->op->source_dsa->repsFrom1;
+ struct dreplsrv_service *service = state->op->service;
+ struct dreplsrv_partition *partition = state->op->source_dsa->partition;
+ struct dreplsrv_drsuapi_connection *drsuapi = state->op->source_dsa->conn->drsuapi;
const struct drsuapi_DsReplicaOIDMapping_Ctr *mapping_ctr;
uint32_t object_count;
struct drsuapi_DsReplicaObjectListItemEx *first_object;
@@ -402,6 +425,7 @@ static void dreplsrv_op_pull_source_apply_changes_send(struct dreplsrv_op_pull_s
struct dsdb_extended_replicated_objects *objects;
bool more_data = false;
WERROR status;
+ NTSTATUS nt_status;
switch (ctr_level) {
case 1:
@@ -425,7 +449,8 @@ static void dreplsrv_op_pull_source_apply_changes_send(struct dreplsrv_op_pull_s
more_data = ctr6->more_data;
break;
default:
- composite_error(c, werror_to_ntstatus(WERR_BAD_NET_RESP));
+ nt_status = werror_to_ntstatus(WERR_BAD_NET_RESP);
+ tevent_req_nterror(req, nt_status);
return;
}
@@ -439,32 +464,39 @@ static void dreplsrv_op_pull_source_apply_changes_send(struct dreplsrv_op_pull_s
&rf1,
uptodateness_vector,
&drsuapi->gensec_skey,
- st, &objects);
+ state, &objects);
if (!W_ERROR_IS_OK(status)) {
- DEBUG(0,("Failed to convert objects: %s\n", win_errstr(status)));
- composite_error(c, werror_to_ntstatus(status));
+ nt_status = werror_to_ntstatus(WERR_BAD_NET_RESP);
+ DEBUG(0,("Failed to convert objects: %s/%s\n",
+ win_errstr(status), nt_errstr(nt_status)));
+ tevent_req_nterror(req, nt_status);
return;
}
status = dsdb_extended_replicated_objects_commit(service->samdb,
objects,
- &st->op->source_dsa->notify_uSN);
+ &state->op->source_dsa->notify_uSN);
talloc_free(objects);
if (!W_ERROR_IS_OK(status)) {
- DEBUG(0,("Failed to commit objects: %s\n", win_errstr(status)));
- composite_error(c, werror_to_ntstatus(status));
+ nt_status = werror_to_ntstatus(WERR_BAD_NET_RESP);
+ DEBUG(0,("Failed to commit objects: %s/%s\n",
+ win_errstr(status), nt_errstr(nt_status)));
+ tevent_req_nterror(req, nt_status);
return;
}
/* if it applied fine, we need to update the highwatermark */
- *st->op->source_dsa->repsFrom1 = rf1;
+ *state->op->source_dsa->repsFrom1 = rf1;
/*
* TODO: update our uptodatevector!
*/
+ /* we don't need this maybe very large structure anymore */
+ TALLOC_FREE(r);
+
if (more_data) {
- dreplsrv_op_pull_source_get_changes_send(st);
+ dreplsrv_op_pull_source_get_changes_trigger(req);
return;
}
@@ -473,43 +505,89 @@ static void dreplsrv_op_pull_source_apply_changes_send(struct dreplsrv_op_pull_s
we join the domain, but they quickly expire. We do it here
so we can use the already established DRSUAPI pipe
*/
- dreplsrv_update_refs_send(st);
+ dreplsrv_update_refs_trigger(req);
}
-WERROR dreplsrv_op_pull_source_recv(struct composite_context *c)
+static void dreplsrv_update_refs_done(struct rpc_request *rreq);
+
+/*
+ send a UpdateRefs request to refresh our repsTo record on the server
+ */
+static void dreplsrv_update_refs_trigger(struct tevent_req *req)
{
- NTSTATUS status;
+ struct dreplsrv_op_pull_source_state *state = tevent_req_data(req,
+ struct dreplsrv_op_pull_source_state);
+ struct dreplsrv_service *service = state->op->service;
+ struct dreplsrv_partition *partition = state->op->source_dsa->partition;
+ struct dreplsrv_drsuapi_connection *drsuapi = state->op->source_dsa->conn->drsuapi;
+ struct rpc_request *rreq;
+ struct drsuapi_DsReplicaUpdateRefs *r;
+ char *ntds_guid_str;
+ char *ntds_dns_name;
+
+ r = talloc(state, struct drsuapi_DsReplicaUpdateRefs);
+ if (tevent_req_nomem(r, req)) {
+ return;
+ }
- status = composite_wait(c);
+ ntds_guid_str = GUID_string(r, &service->ntds_guid);
+ if (tevent_req_nomem(ntds_guid_str, req)) {
+ return;
+ }
- talloc_free(c);
- return ntstatus_to_werror(status);
+ ntds_dns_name = talloc_asprintf(r, "%s._msdcs.%s",
+ ntds_guid_str,
+ lp_dnsdomain(service->task->lp_ctx));
+ if (tevent_req_nomem(ntds_dns_name, req)) {
+ return;
+ }
+
+ r->in.bind_handle = &drsuapi->bind_handle;
+ r->in.level = 1;
+ r->in.req.req1.naming_context = &partition->nc;
+ r->in.req.req1.dest_dsa_dns_name = ntds_dns_name;
+ r->in.req.req1.dest_dsa_guid = service->ntds_guid;
+ r->in.req.req1.options =
+ DRSUAPI_DS_REPLICA_UPDATE_ADD_REFERENCE |
+ DRSUAPI_DS_REPLICA_UPDATE_DELETE_REFERENCE;
+ if (!samdb_rodc(service->task->lp_ctx)) {
+ r->in.req.req1.options |= DRSUAPI_DS_REPLICA_UPDATE_WRITEABLE;
+ }
+
+ rreq = dcerpc_drsuapi_DsReplicaUpdateRefs_send(drsuapi->pipe, r, r);
+ if (tevent_req_nomem(rreq, req)) {
+ return;
+ }
+ composite_continue_rpc(NULL, rreq, dreplsrv_update_refs_done, req);
}
/*
receive a UpdateRefs reply
*/
-static void dreplsrv_update_refs_recv(struct rpc_request *req)
+static void dreplsrv_update_refs_done(struct rpc_request *rreq)
{
- struct dreplsrv_op_pull_source_state *st = talloc_get_type(req->async.private_data,
- struct dreplsrv_op_pull_source_state);
- struct composite_context *c = st->creq;
- struct drsuapi_DsReplicaUpdateRefs *r = talloc_get_type(req->ndr.struct_ptr,
+ struct tevent_req *req = talloc_get_type(rreq->async.private_data,
+ struct tevent_req);
+ struct drsuapi_DsReplicaUpdateRefs *r = talloc_get_type(rreq->ndr.struct_ptr,
struct drsuapi_DsReplicaUpdateRefs);
+ NTSTATUS status;
- c->status = dcerpc_ndr_request_recv(req);
- if (!composite_is_ok(c)) {
+ status = dcerpc_ndr_request_recv(rreq);
+ if (!NT_STATUS_IS_OK(status)) {
DEBUG(0,("UpdateRefs failed with %s\n",
- nt_errstr(c->status)));
+ nt_errstr(status)));
+ tevent_req_nterror(req, status);
return;
}
if (!W_ERROR_IS_OK(r->out.result)) {
- DEBUG(0,("UpdateRefs failed with %s for %s %s\n",
+ status = werror_to_ntstatus(r->out.result);
+ DEBUG(0,("UpdateRefs failed with %s/%s for %s %s\n",
win_errstr(r->out.result),
+ nt_errstr(status),
r->in.req.req1.dest_dsa_dns_name,
r->in.req.req1.naming_context->dn));
- composite_error(c, werror_to_ntstatus(r->out.result));
+ tevent_req_nterror(req, status);
return;
}
@@ -517,46 +595,19 @@ static void dreplsrv_update_refs_recv(struct rpc_request *req)
r->in.req.req1.dest_dsa_dns_name,
r->in.req.req1.naming_context->dn));
- composite_done(c);
+ tevent_req_done(req);
}
-/*
- send a UpdateRefs request to refresh our repsTo record on the server
- */
-static void dreplsrv_update_refs_send(struct dreplsrv_op_pull_source_state *st)
+WERROR dreplsrv_op_pull_source_recv(struct tevent_req *req)
{
- struct composite_context *c = st->creq;
- struct dreplsrv_service *service = st->op->service;
- struct dreplsrv_partition *partition = st->op->source_dsa->partition;
- struct dreplsrv_drsuapi_connection *drsuapi = st->op->source_dsa->conn->drsuapi;
- struct rpc_request *req;
- struct drsuapi_DsReplicaUpdateRefs *r;
- char *ntds_guid_str;
- char *ntds_dns_name;
-
- r = talloc(st, struct drsuapi_DsReplicaUpdateRefs);
- if (composite_nomem(r, c)) return;
-
- ntds_guid_str = GUID_string(r, &service->ntds_guid);
- if (composite_nomem(ntds_guid_str, c)) return;
-
- ntds_dns_name = talloc_asprintf(r, "%s._msdcs.%s",
- ntds_guid_str,
- lp_dnsdomain(service->task->lp_ctx));
- if (composite_nomem(ntds_dns_name, c)) return;
+ NTSTATUS status;
- r->in.bind_handle = &drsuapi->bind_handle;
- r->in.level = 1;
- r->in.req.req1.naming_context = &partition->nc;
- r->in.req.req1.dest_dsa_dns_name = ntds_dns_name;
- r->in.req.req1.dest_dsa_guid = service->ntds_guid;
- r->in.req.req1.options =
- DRSUAPI_DS_REPLICA_UPDATE_ADD_REFERENCE |
- DRSUAPI_DS_REPLICA_UPDATE_DELETE_REFERENCE;
- if (!samdb_rodc(service->task->lp_ctx)) {
- r->in.req.req1.options |= DRSUAPI_DS_REPLICA_UPDATE_WRITEABLE;
+ if (tevent_req_is_nterror(req, &status)) {
+ tevent_req_received(req);
+ return ntstatus_to_werror(status);
}
- req = dcerpc_drsuapi_DsReplicaUpdateRefs_send(drsuapi->pipe, r, r);
- composite_continue_rpc(c, req, dreplsrv_update_refs_recv, st);
+ tevent_req_received(req);
+ return WERR_OK;
}
+
diff --git a/source4/dsdb/repl/drepl_out_pull.c b/source4/dsdb/repl/drepl_out_pull.c
index 2793eec8b4..101214609a 100644
--- a/source4/dsdb/repl/drepl_out_pull.c
+++ b/source4/dsdb/repl/drepl_out_pull.c
@@ -33,21 +33,25 @@
#include "librpc/gen_ndr/ndr_drsblobs.h"
#include "libcli/composite/composite.h"
-static WERROR dreplsrv_schedule_partition_pull_source(struct dreplsrv_service *s,
- struct dreplsrv_partition *p,
- struct dreplsrv_partition_source_dsa *source,
- TALLOC_CTX *mem_ctx)
+WERROR dreplsrv_schedule_partition_pull_source(struct dreplsrv_service *s,
+ struct dreplsrv_partition_source_dsa *source,
+ enum drsuapi_DsExtendedOperation extended_op,
+ uint64_t fsmo_info,
+ dreplsrv_fsmo_callback_t callback)
{
struct dreplsrv_out_operation *op;
- op = talloc_zero(mem_ctx, struct dreplsrv_out_operation);
+ op = talloc_zero(s, struct dreplsrv_out_operation);
W_ERROR_HAVE_NO_MEMORY(op);
op->service = s;
op->source_dsa = source;
+ op->extended_op = extended_op;
+ op->fsmo_info = fsmo_info;
+ op->callback = callback;
DLIST_ADD_END(s->ops.pending, op, struct dreplsrv_out_operation *);
- talloc_steal(s, op);
+
return WERR_OK;
}
@@ -59,7 +63,7 @@ static WERROR dreplsrv_schedule_partition_pull(struct dreplsrv_service *s,
struct dreplsrv_partition_source_dsa *cur;
for (cur = p->sources; cur; cur = cur->next) {
- status = dreplsrv_schedule_partition_pull_source(s, p, cur, mem_ctx);
+ status = dreplsrv_schedule_partition_pull_source(s, cur, DRSUAPI_EXOP_NONE, 0, NULL);
W_ERROR_NOT_OK_RETURN(status);
}
@@ -95,8 +99,10 @@ WERROR dreplsrv_schedule_partition_pull_by_guid(struct dreplsrv_service *s, TALL
return WERR_NOT_FOUND;
}
-static void dreplsrv_pending_op_callback(struct dreplsrv_out_operation *op)
+static void dreplsrv_pending_op_callback(struct tevent_req *subreq)
{
+ struct dreplsrv_out_operation *op = tevent_req_callback_data(subreq,
+ struct dreplsrv_out_operation);
struct repsFromTo1 *rf = op->source_dsa->repsFrom1;
struct dreplsrv_service *s = op->service;
time_t t;
@@ -105,7 +111,8 @@ static void dreplsrv_pending_op_callback(struct dreplsrv_out_operation *op)
t = time(NULL);
unix_to_nt_time(&now, t);
- rf->result_last_attempt = dreplsrv_op_pull_source_recv(op->creq);
+ rf->result_last_attempt = dreplsrv_op_pull_source_recv(subreq);
+ TALLOC_FREE(subreq);
if (W_ERROR_IS_OK(rf->result_last_attempt)) {
rf->consecutive_sync_failures = 0;
rf->last_success = now;
@@ -116,30 +123,28 @@ static void dreplsrv_pending_op_callback(struct dreplsrv_out_operation *op)
rf->consecutive_sync_failures++;
- DEBUG(1,("dreplsrv_op_pull_source(%s/%s) failures[%u]\n",
- win_errstr(rf->result_last_attempt),
- nt_errstr(werror_to_ntstatus(rf->result_last_attempt)),
- rf->consecutive_sync_failures));
+ DEBUG(1,("dreplsrv_op_pull_source(%s/%s) for %s failures[%u]\n",
+ win_errstr(rf->result_last_attempt),
+ win_errstr(rf->result_last_attempt),
+ ldb_dn_get_linearized(op->source_dsa->partition->dn),
+ rf->consecutive_sync_failures));
done:
+ if (op->callback) {
+ op->callback(s, rf->result_last_attempt);
+ }
talloc_free(op);
s->ops.current = NULL;
dreplsrv_run_pending_ops(s);
dreplsrv_notify_run_ops(s);
}
-static void dreplsrv_pending_op_callback_creq(struct composite_context *creq)
-{
- struct dreplsrv_out_operation *op = talloc_get_type(creq->async.private_data,
- struct dreplsrv_out_operation);
- dreplsrv_pending_op_callback(op);
-}
-
void dreplsrv_run_pending_ops(struct dreplsrv_service *s)
{
struct dreplsrv_out_operation *op;
time_t t;
NTTIME now;
+ struct tevent_req *subreq;
if (s->ops.current || s->ops.n_current) {
/* if there's still one running, we're done */
@@ -160,12 +165,18 @@ void dreplsrv_run_pending_ops(struct dreplsrv_service *s)
op->source_dsa->repsFrom1->last_attempt = now;
- op->creq = dreplsrv_op_pull_source_send(op);
- if (!op->creq) {
- dreplsrv_pending_op_callback(op);
+ subreq = dreplsrv_op_pull_source_send(op, s->task->event_ctx, op);
+ if (!subreq) {
+ struct repsFromTo1 *rf = op->source_dsa->repsFrom1;
+
+ rf->result_last_attempt = WERR_NOMEM;
+ rf->consecutive_sync_failures++;
+
+ DEBUG(1,("dreplsrv_op_pull_source(%s/%s) failures[%u]\n",
+ win_errstr(rf->result_last_attempt),
+ nt_errstr(werror_to_ntstatus(rf->result_last_attempt)),
+ rf->consecutive_sync_failures));
return;
}
-
- op->creq->async.fn = dreplsrv_pending_op_callback_creq;
- op->creq->async.private_data = op;
+ tevent_req_set_callback(subreq, dreplsrv_pending_op_callback, op);
}
diff --git a/source4/dsdb/repl/drepl_partitions.c b/source4/dsdb/repl/drepl_partitions.c
index 5b8227e7de..9a24fe541a 100644
--- a/source4/dsdb/repl/drepl_partitions.c
+++ b/source4/dsdb/repl/drepl_partitions.c
@@ -88,9 +88,9 @@ WERROR dreplsrv_load_partitions(struct dreplsrv_service *s)
return WERR_OK;
}
-static WERROR dreplsrv_out_connection_attach(struct dreplsrv_service *s,
- const struct repsFromTo1 *rft,
- struct dreplsrv_out_connection **_conn)
+WERROR dreplsrv_out_connection_attach(struct dreplsrv_service *s,
+ const struct repsFromTo1 *rft,
+ struct dreplsrv_out_connection **_conn)
{
struct dreplsrv_out_connection *cur, *conn = NULL;
const char *hostname;
@@ -188,6 +188,65 @@ static WERROR dreplsrv_partition_add_source_dsa(struct dreplsrv_service *s,
return WERR_OK;
}
+/*
+ convert from one udv format to the other
+ */
+static WERROR udv_convert(TALLOC_CTX *mem_ctx,
+ const struct replUpToDateVectorCtr2 *udv,
+ struct drsuapi_DsReplicaCursorCtrEx *udv_ex)
+{
+ int i;
+
+ udv_ex->version = 2;
+ udv_ex->reserved1 = 0;
+ udv_ex->reserved2 = 0;
+ udv_ex->count = udv->count;
+ udv_ex->cursors = talloc_array(mem_ctx, struct drsuapi_DsReplicaCursor, udv->count);
+ W_ERROR_HAVE_NO_MEMORY(udv_ex->cursors);
+
+ for (i=0; i<udv->count; i++) {
+ udv_ex->cursors[i].source_dsa_invocation_id = udv->cursors[i].source_dsa_invocation_id;
+ udv_ex->cursors[i].highest_usn = udv->cursors[i].highest_usn;
+ }
+
+ return WERR_OK;
+}
+
+/*
+ add our local UDV element for the partition
+ */
+static WERROR add_local_udv(struct dreplsrv_service *s,
+ struct dreplsrv_partition *p,
+ const struct GUID *our_invocation_id,
+ struct drsuapi_DsReplicaCursorCtrEx *udv)
+{
+ int ret;
+ uint64_t highest_usn;
+ int i;
+
+ ret = dsdb_load_partition_usn(s->samdb, p->dn, &highest_usn);
+ if (ret != LDB_SUCCESS) {
+ /* nothing to add */
+ return WERR_OK;
+ }
+
+ for (i=0; i<udv->count; i++) {
+ if (GUID_equal(our_invocation_id, &udv->cursors[i].source_dsa_invocation_id)) {
+ udv->cursors[i].highest_usn = highest_usn;
+ return WERR_OK;
+ }
+ }
+
+ udv->cursors = talloc_realloc(p, udv->cursors, struct drsuapi_DsReplicaCursor, udv->count+1);
+ W_ERROR_HAVE_NO_MEMORY(udv->cursors);
+
+ udv->cursors[udv->count].source_dsa_invocation_id = *our_invocation_id;
+ udv->cursors[udv->count].highest_usn = highest_usn;
+ udv->count++;
+
+ return WERR_OK;
+}
+
static WERROR dreplsrv_refresh_partition(struct dreplsrv_service *s,
struct dreplsrv_partition *p)
{
@@ -232,6 +291,11 @@ static WERROR dreplsrv_refresh_partition(struct dreplsrv_service *s,
talloc_free(nc_sid);
}
+ talloc_free(p->uptodatevector.cursors);
+ talloc_free(p->uptodatevector_ex.cursors);
+ ZERO_STRUCT(p->uptodatevector);
+ ZERO_STRUCT(p->uptodatevector_ex);
+
ouv_value = ldb_msg_find_ldb_val(r->msgs[0], "replUpToDateVector");
if (ouv_value) {
enum ndr_err_code ndr_err;
@@ -251,14 +315,14 @@ static WERROR dreplsrv_refresh_partition(struct dreplsrv_service *s,
p->uptodatevector.count = ouv.ctr.ctr2.count;
p->uptodatevector.reserved = ouv.ctr.ctr2.reserved;
- talloc_free(p->uptodatevector.cursors);
p->uptodatevector.cursors = talloc_steal(p, ouv.ctr.ctr2.cursors);
- }
- /*
- * TODO: add our own uptodatevector cursor
- */
+ status = udv_convert(p, &p->uptodatevector, &p->uptodatevector_ex);
+ W_ERROR_NOT_OK_RETURN(status);
+ }
+ status = add_local_udv(s, p, samdb_ntds_invocation_id(s->samdb), &p->uptodatevector_ex);
+ W_ERROR_NOT_OK_RETURN(status);
orf_el = ldb_msg_find_element(r->msgs[0], "repsFrom");
if (orf_el) {
diff --git a/source4/dsdb/repl/drepl_periodic.c b/source4/dsdb/repl/drepl_periodic.c
index 61d5598207..d2fbe45586 100644
--- a/source4/dsdb/repl/drepl_periodic.c
+++ b/source4/dsdb/repl/drepl_periodic.c
@@ -109,6 +109,8 @@ static void dreplsrv_periodic_run(struct dreplsrv_service *service)
/* the KCC might have changed repsFrom */
dreplsrv_refresh_partitions(service);
+ dreplsrv_ridalloc_check_rid_pool(service);
+
dreplsrv_run_pending_ops(service);
dreplsrv_notify_run_ops(service);
}
diff --git a/source4/dsdb/repl/drepl_ridalloc.c b/source4/dsdb/repl/drepl_ridalloc.c
new file mode 100644
index 0000000000..43fc5a2c51
--- /dev/null
+++ b/source4/dsdb/repl/drepl_ridalloc.c
@@ -0,0 +1,282 @@
+/*
+ Unix SMB/CIFS mplementation.
+
+ DSDB replication service - RID allocation code
+
+ Copyright (C) Andrew Tridgell 2010
+ Copyright (C) Andrew Bartlett 2010
+
+ based on drepl_notify.c
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+*/
+
+#include "includes.h"
+#include "dsdb/samdb/samdb.h"
+#include "smbd/service.h"
+#include "dsdb/repl/drepl_service.h"
+#include "param/param.h"
+
+
+/*
+ create the RID manager source dsa structure
+ */
+static WERROR drepl_create_rid_manager_source_dsa(struct dreplsrv_service *service,
+ struct ldb_dn *rid_manager_dn, struct ldb_dn *fsmo_role_dn)
+{
+ struct dreplsrv_partition_source_dsa *sdsa;
+ struct ldb_context *ldb = service->samdb;
+ int ret;
+ WERROR werr;
+
+ sdsa = talloc_zero(service, struct dreplsrv_partition_source_dsa);
+ W_ERROR_HAVE_NO_MEMORY(sdsa);
+
+ sdsa->partition = talloc_zero(sdsa, struct dreplsrv_partition);
+ if (!sdsa->partition) {
+ talloc_free(sdsa);
+ return WERR_NOMEM;
+ }
+
+ sdsa->partition->dn = samdb_base_dn(ldb);
+ sdsa->partition->nc.dn = ldb_dn_alloc_linearized(sdsa->partition, rid_manager_dn);
+ ret = dsdb_find_guid_by_dn(ldb, rid_manager_dn, &sdsa->partition->nc.guid);
+ if (ret != LDB_SUCCESS) {
+ DEBUG(0,(__location__ ": Failed to find GUID for %s\n",
+ ldb_dn_get_linearized(rid_manager_dn)));
+ talloc_free(sdsa);
+ return WERR_DS_DRA_INTERNAL_ERROR;
+ }
+
+ sdsa->repsFrom1 = &sdsa->_repsFromBlob.ctr.ctr1;
+ ret = dsdb_find_guid_attr_by_dn(ldb, fsmo_role_dn, "objectGUID", &sdsa->repsFrom1->source_dsa_obj_guid);
+ if (ret != LDB_SUCCESS) {
+ DEBUG(0,(__location__ ": Failed to find objectGUID for %s\n",
+ ldb_dn_get_linearized(fsmo_role_dn)));
+ talloc_free(sdsa);
+ return WERR_DS_DRA_INTERNAL_ERROR;
+ }
+
+ sdsa->repsFrom1->other_info = talloc_zero(sdsa, struct repsFromTo1OtherInfo);
+ if (!sdsa->repsFrom1->other_info) {
+ talloc_free(sdsa);
+ return WERR_NOMEM;
+ }
+
+ sdsa->repsFrom1->other_info->dns_name =
+ talloc_asprintf(sdsa->repsFrom1->other_info, "%s._msdcs.%s",
+ GUID_string(sdsa->repsFrom1->other_info, &sdsa->repsFrom1->source_dsa_obj_guid),
+ lp_dnsdomain(service->task->lp_ctx));
+ if (!sdsa->repsFrom1->other_info->dns_name) {
+ talloc_free(sdsa);
+ return WERR_NOMEM;
+ }
+
+
+ werr = dreplsrv_out_connection_attach(service, sdsa->repsFrom1, &sdsa->conn);
+ if (!W_ERROR_IS_OK(werr)) {
+ DEBUG(0,(__location__ ": Failed to attach to RID manager connection\n"));
+ talloc_free(sdsa);
+ return werr;
+ }
+
+ service->ridalloc.rid_manager_source_dsa = sdsa;
+ return WERR_OK;
+}
+
+/*
+ called when a rid allocation request has completed
+ */
+static void drepl_new_rid_pool_callback(struct dreplsrv_service *service, WERROR werr)
+{
+ if (!W_ERROR_IS_OK(werr)) {
+ DEBUG(0,(__location__ ": RID Manager failed RID allocation - %s\n",
+ win_errstr(werr)));
+ } else {
+ DEBUG(3,(__location__ ": RID Manager completed RID allocation OK\n"));
+ }
+
+ /* don't keep the connection open to the RID Manager */
+ talloc_free(service->ridalloc.rid_manager_source_dsa);
+ service->ridalloc.rid_manager_source_dsa = NULL;
+
+ service->ridalloc.in_progress = false;
+}
+
+/*
+ schedule a getncchanges request to the RID Manager to ask for a new
+ set of RIDs using DRSUAPI_EXOP_FSMO_RID_ALLOC
+ */
+static WERROR drepl_request_new_rid_pool(struct dreplsrv_service *service,
+ struct ldb_dn *rid_manager_dn, struct ldb_dn *fsmo_role_dn,
+ uint64_t alloc_pool)
+{
+ WERROR werr;
+
+ if (service->ridalloc.rid_manager_source_dsa == NULL) {
+ /* we need to establish a connection to the RID
+ Manager */
+ werr = drepl_create_rid_manager_source_dsa(service, rid_manager_dn, fsmo_role_dn);
+ W_ERROR_NOT_OK_RETURN(werr);
+ }
+
+ service->ridalloc.in_progress = true;
+
+ werr = dreplsrv_schedule_partition_pull_source(service, service->ridalloc.rid_manager_source_dsa,
+ DRSUAPI_EXOP_FSMO_RID_ALLOC, alloc_pool,
+ drepl_new_rid_pool_callback);
+ return werr;
+}
+
+
+/*
+ see if we are on the last pool we have
+ */
+static int drepl_ridalloc_pool_exhausted(struct ldb_context *ldb, bool *exhausted, uint64_t *alloc_pool)
+{
+ struct ldb_dn *server_dn, *machine_dn, *rid_set_dn;
+ TALLOC_CTX *tmp_ctx = talloc_new(ldb);
+ uint64_t prev_alloc_pool;
+ const char *attrs[] = { "rIDPreviousAllocationPool", "rIDAllocationPool", NULL };
+ int ret;
+ struct ldb_result *res;
+
+ server_dn = ldb_dn_get_parent(tmp_ctx, samdb_ntds_settings_dn(ldb));
+ if (!server_dn) {
+ talloc_free(tmp_ctx);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ ret = samdb_reference_dn(ldb, tmp_ctx, server_dn, "serverReference", &machine_dn);
+ if (ret != LDB_SUCCESS) {
+ DEBUG(0,(__location__ ": Failed to find serverReference in %s - %s",
+ ldb_dn_get_linearized(server_dn), ldb_errstring(ldb)));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ ret = samdb_reference_dn(ldb, tmp_ctx, machine_dn, "rIDSetReferences", &rid_set_dn);
+ if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE) {
+ *exhausted = true;
+ talloc_free(tmp_ctx);
+ return LDB_SUCCESS;
+ }
+ if (ret != LDB_SUCCESS) {
+ DEBUG(0,(__location__ ": Failed to find rIDSetReferences in %s - %s",
+ ldb_dn_get_linearized(machine_dn), ldb_errstring(ldb)));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ ret = ldb_search(ldb, tmp_ctx, &res, rid_set_dn, LDB_SCOPE_BASE, attrs, NULL);
+ if (ret != LDB_SUCCESS) {
+ DEBUG(0,(__location__ ": Failed to load RID Set attrs from %s - %s",
+ ldb_dn_get_linearized(rid_set_dn), ldb_errstring(ldb)));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ *alloc_pool = ldb_msg_find_attr_as_uint64(res->msgs[0], "rIDAllocationPool", 0);
+ prev_alloc_pool = ldb_msg_find_attr_as_uint64(res->msgs[0], "rIDPreviousAllocationPool", 0);
+
+ if (*alloc_pool != prev_alloc_pool) {
+ *exhausted = false;
+ } else {
+ *exhausted = true;
+ }
+
+ talloc_free(tmp_ctx);
+ return LDB_SUCCESS;
+}
+
+
+/*
+ see if we are low on RIDs in the RID Set rIDAllocationPool. If we
+ are, then schedule a replication call with DRSUAPI_EXOP_FSMO_RID_ALLOC
+ to the RID Manager
+ */
+WERROR dreplsrv_ridalloc_check_rid_pool(struct dreplsrv_service *service)
+{
+ struct ldb_dn *rid_manager_dn, *fsmo_role_dn;
+ TALLOC_CTX *tmp_ctx = talloc_new(service);
+ struct ldb_context *ldb = service->samdb;
+ bool exhausted;
+ WERROR werr;
+ int ret;
+ uint64_t alloc_pool;
+
+ if (service->ridalloc.in_progress) {
+ talloc_free(tmp_ctx);
+ return WERR_OK;
+ }
+
+ /*
+ steps:
+ - find who the RID Manager is
+ - if we are the RID Manager then nothing to do
+ - find our RID Set object
+ - load rIDAllocationPool and rIDPreviousAllocationPool
+ - if rIDAllocationPool != rIDPreviousAllocationPool then
+ nothing to do
+ - schedule a getncchanges with DRSUAPI_EXOP_FSMO_RID_ALLOC
+ to the RID Manager
+ */
+
+ /* work out who is the RID Manager */
+ ret = samdb_rid_manager_dn(ldb, tmp_ctx, &rid_manager_dn);
+ if (ret != LDB_SUCCESS) {
+ DEBUG(0, (__location__ ": Failed to find RID Manager object - %s", ldb_errstring(ldb)));
+ talloc_free(tmp_ctx);
+ return WERR_DS_DRA_INTERNAL_ERROR;
+ }
+
+ /* find the DN of the RID Manager */
+ ret = samdb_reference_dn(ldb, tmp_ctx, rid_manager_dn, "fSMORoleOwner", &fsmo_role_dn);
+ if (ret != LDB_SUCCESS) {
+ DEBUG(0,(__location__ ": Failed to find fSMORoleOwner in RID Manager object - %s",
+ ldb_errstring(ldb)));
+ talloc_free(tmp_ctx);
+ return WERR_DS_DRA_INTERNAL_ERROR;
+ }
+
+ if (ldb_dn_compare(samdb_ntds_settings_dn(ldb), fsmo_role_dn) == 0) {
+ /* we are the RID Manager - no need to do a
+ DRSUAPI_EXOP_FSMO_RID_ALLOC */
+ talloc_free(tmp_ctx);
+ return WERR_OK;
+ }
+
+ ret = drepl_ridalloc_pool_exhausted(ldb, &exhausted, &alloc_pool);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(tmp_ctx);
+ return WERR_DS_DRA_INTERNAL_ERROR;
+ }
+
+ DEBUG(2,(__location__ ": Requesting more RIDs from RID Manager\n"));
+
+ werr = drepl_request_new_rid_pool(service, rid_manager_dn, fsmo_role_dn, alloc_pool);
+ talloc_free(tmp_ctx);
+ return werr;
+}
+
+/* called by the samldb ldb module to tell us to ask for a new RID
+ pool */
+void dreplsrv_allocate_rid(struct messaging_context *msg, void *private_data,
+ uint32_t msg_type,
+ struct server_id server_id, DATA_BLOB *data)
+{
+ struct dreplsrv_service *service = talloc_get_type(private_data, struct dreplsrv_service);
+ dreplsrv_ridalloc_check_rid_pool(service);
+}
diff --git a/source4/dsdb/repl/drepl_service.c b/source4/dsdb/repl/drepl_service.c
index a05ccc8d70..44164ff68f 100644
--- a/source4/dsdb/repl/drepl_service.c
+++ b/source4/dsdb/repl/drepl_service.c
@@ -206,6 +206,7 @@ static void dreplsrv_task_init(struct task_server *task)
irpc_add_name(task->msg_ctx, "dreplsrv");
IRPC_REGISTER(task->msg_ctx, drsuapi, DRSUAPI_DSREPLICASYNC, drepl_replica_sync, service);
+ messaging_register(task->msg_ctx, service, MSG_DREPL_ALLOCATE_RID, dreplsrv_allocate_rid);
}
/*
diff --git a/source4/dsdb/repl/drepl_service.h b/source4/dsdb/repl/drepl_service.h
index 0f9684fa78..0a0d721d5c 100644
--- a/source4/dsdb/repl/drepl_service.h
+++ b/source4/dsdb/repl/drepl_service.h
@@ -100,6 +100,8 @@ struct dreplsrv_partition {
struct dreplsrv_partition_source_dsa *sources;
};
+typedef void (*dreplsrv_fsmo_callback_t)(struct dreplsrv_service *, WERROR );
+
struct dreplsrv_out_operation {
struct dreplsrv_out_operation *prev, *next;
@@ -107,7 +109,9 @@ struct dreplsrv_out_operation {
struct dreplsrv_partition_source_dsa *source_dsa;
- struct composite_context *creq;
+ enum drsuapi_DsExtendedOperation extended_op;
+ uint64_t fsmo_info;
+ dreplsrv_fsmo_callback_t callback;
};
struct dreplsrv_notify_operation {
@@ -204,6 +208,11 @@ struct dreplsrv_service {
/* an active notify operation */
struct dreplsrv_notify_operation *n_current;
} ops;
+
+ struct {
+ bool in_progress;
+ struct dreplsrv_partition_source_dsa *rid_manager_source_dsa;
+ } ridalloc;
};
#include "dsdb/repl/drepl_out_helpers.h"
diff --git a/source4/dsdb/samdb/ldb_modules/acl.c b/source4/dsdb/samdb/ldb_modules/acl.c
index a3298362f3..a779821107 100644
--- a/source4/dsdb/samdb/ldb_modules/acl.c
+++ b/source4/dsdb/samdb/ldb_modules/acl.c
@@ -35,10 +35,10 @@
#include "ldb_module.h"
#include "auth/auth.h"
#include "libcli/security/security.h"
-#include "librpc/gen_ndr/ndr_security.h"
#include "dsdb/samdb/samdb.h"
#include "librpc/gen_ndr/ndr_security.h"
#include "param/param.h"
+#include "dsdb/samdb/ldb_modules/util.h"
struct extended_access_check_attribute {
const char *oa_name;
@@ -53,7 +53,7 @@ struct acl_private {
struct acl_context {
struct ldb_module *module;
struct ldb_request *req;
- enum security_user_level user_type;
+ bool am_system;
bool allowedAttributes;
bool allowedAttributesEffective;
bool allowedChildClasses;
@@ -70,14 +70,6 @@ bool is_root_base_dn(struct ldb_context *ldb, struct ldb_dn *dn_to_check)
return (result==0);
}
-static enum security_user_level what_is_user(struct ldb_module *module)
-{
- struct ldb_context *ldb = ldb_module_get_ctx(module);
- struct auth_session_info *session_info
- = (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo");
- return security_session_user_level(session_info);
-}
-
static struct security_token *acl_user_token(struct ldb_module *module)
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
@@ -309,7 +301,7 @@ static int acl_check_access_on_attribute(struct ldb_module *module,
struct security_descriptor *sd,
struct dom_sid *rp_sid,
uint32_t access,
- struct dsdb_attribute *attr)
+ const struct dsdb_attribute *attr)
{
int ret;
NTSTATUS status;
@@ -370,7 +362,7 @@ static int acl_check_access_on_class(struct ldb_module *module,
uint32_t access_granted;
struct object_tree *root = NULL;
struct object_tree *new_node = NULL;
- struct GUID *guid;
+ const struct GUID *guid;
const struct dsdb_schema *schema = dsdb_get_schema(ldb);
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
struct security_token *token = acl_user_token(module);
@@ -450,7 +442,7 @@ static int acl_allowedAttributes(struct ldb_module *module,
struct ldb_control *as_system = ldb_request_get_control(ac->req,
LDB_CONTROL_AS_SYSTEM_OID);
ldb_msg_remove_attr(msg, "allowedAttributesEffective");
- if (ac->user_type == SECURITY_SYSTEM || as_system) {
+ if (ac->am_system || as_system) {
for (i=0; attr_list && attr_list[i]; i++) {
ldb_msg_add_string(msg, "allowedAttributesEffective", attr_list[i]);
}
@@ -468,7 +460,7 @@ static int acl_allowedAttributes(struct ldb_module *module,
return ret;
}
for (i=0; attr_list && attr_list[i]; i++) {
- struct dsdb_attribute *attr = dsdb_attribute_by_lDAPDisplayName(schema,
+ const struct dsdb_attribute *attr = dsdb_attribute_by_lDAPDisplayName(schema,
attr_list[i]);
if (!attr) {
return LDB_ERR_OPERATIONS_ERROR;
@@ -566,7 +558,7 @@ static int acl_childClassesEffective(struct ldb_module *module,
struct dom_sid *sid = NULL;
int i, j, ret;
- if (ac->user_type == SECURITY_SYSTEM || as_system) {
+ if (ac->am_system || as_system) {
return acl_childClasses(module, sd_msg, msg, "allowedChildClassesEffective");
}
@@ -650,7 +642,7 @@ static int acl_sDRightsEffective(struct ldb_module *module,
if (ret != LDB_SUCCESS) {
return ret;
}
- if (ac->user_type == SECURITY_SYSTEM || as_system) {
+ if (ac->am_system || as_system) {
flags = SECINFO_OWNER | SECINFO_GROUP | SECINFO_SACL | SECINFO_DACL;
}
else {
@@ -707,7 +699,7 @@ static int acl_add(struct ldb_module *module, struct ldb_request *req)
struct object_tree *new_node = NULL;
struct ldb_control *as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID);
- if (what_is_user(module) == SECURITY_SYSTEM || as_system) {
+ if (dsdb_module_am_system(module) || as_system) {
return ldb_next_request(module, req);
}
@@ -773,7 +765,7 @@ static int acl_modify(struct ldb_module *module, struct ldb_request *req)
{
DEBUG(10, ("ldb:acl_modify: %s\n", req->op.mod.message->elements[0].name));
}
- if (what_is_user(module) == SECURITY_SYSTEM || as_system) {
+ if (dsdb_module_am_system(module) || as_system) {
return ldb_next_request(module, req);
}
if (ldb_dn_is_special(req->op.mod.message->dn)) {
@@ -901,7 +893,7 @@ static int acl_delete(struct ldb_module *module, struct ldb_request *req)
struct ldb_control *as_system = ldb_request_get_control(req, LDB_CONTROL_AS_SYSTEM_OID);
DEBUG(10, ("ldb:acl_delete: %s\n", ldb_dn_get_linearized(req->op.del.dn)));
- if (what_is_user(module) == SECURITY_SYSTEM || as_system) {
+ if (dsdb_module_am_system(module) || as_system) {
return ldb_next_request(module, req);
}
@@ -955,7 +947,7 @@ static int acl_rename(struct ldb_module *module, struct ldb_request *req)
};
DEBUG(10, ("ldb:acl_rename: %s\n", ldb_dn_get_linearized(req->op.rename.olddn)));
- if (what_is_user(module) == SECURITY_SYSTEM || as_system) {
+ if (dsdb_module_am_system(module) || as_system) {
return ldb_next_request(module, req);
}
if (ldb_dn_is_special(req->op.rename.olddn)) {
@@ -1135,7 +1127,7 @@ static int acl_search_callback(struct ldb_request *req, struct ldb_reply *ares)
}
}
if (data && data->password_attrs) {
- if (ac->user_type != SECURITY_SYSTEM) {
+ if (!ac->am_system) {
for (i = 0; data->password_attrs[i]; i++) {
ldb_msg_remove_attr(ares->message, data->password_attrs[i]);
}
@@ -1173,7 +1165,7 @@ static int acl_search(struct ldb_module *module, struct ldb_request *req)
ac->module = module;
ac->req = req;
- ac->user_type = what_is_user(module);
+ ac->am_system = dsdb_module_am_system(module);
ac->allowedAttributes = ldb_attr_in_list(req->op.search.attrs, "allowedAttributes");
ac->allowedAttributesEffective = ldb_attr_in_list(req->op.search.attrs, "allowedAttributesEffective");
ac->allowedChildClasses = ldb_attr_in_list(req->op.search.attrs, "allowedChildClasses");
@@ -1183,7 +1175,7 @@ static int acl_search(struct ldb_module *module, struct ldb_request *req)
/* replace any attributes in the parse tree that are private,
so we don't allow a search for 'userPassword=penguin',
just as we would not allow that attribute to be returned */
- if (ac->user_type != SECURITY_SYSTEM) {
+ if (ac->am_system) {
/* FIXME: We should copy the tree and keep the original unmodified. */
/* remove password attributes */
if (data && data->password_attrs) {
diff --git a/source4/dsdb/samdb/ldb_modules/config.mk b/source4/dsdb/samdb/ldb_modules/config.mk
index 6128dc9d65..f9f1714358 100644
--- a/source4/dsdb/samdb/ldb_modules/config.mk
+++ b/source4/dsdb/samdb/ldb_modules/config.mk
@@ -1,9 +1,11 @@
################################################
# Start SUBSYSTEM DSDB_MODULE_HELPERS
[SUBSYSTEM::DSDB_MODULE_HELPERS]
-PRIVATE_DEPENDENCIES = LIBLDB LIBNDR SAMDB_SCHEMA
+PRIVATE_DEPENDENCIES = LIBLDB LIBNDR SAMDB_SCHEMA MESSAGING
-DSDB_MODULE_HELPERS_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/util.o
+DSDB_MODULE_HELPERS_OBJ_FILES = \
+ $(dsdbsrcdir)/samdb/ldb_modules/util.o \
+ $(dsdbsrcdir)/samdb/ldb_modules/ridalloc.o
$(eval $(call proto_header_template,$(dsdbsrcdir)/samdb/ldb_modules/util_proto.h,$(DSDB_MODULE_HELPERS_OBJ_FILES:.o=.c)))
@@ -135,13 +137,26 @@ SUBSYSTEM = LIBLDB
INIT_FUNCTION = LDB_MODULE(samba3sam)
PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBLDB SMBPASSWD \
NSS_WRAPPER LIBSECURITY NDR_SECURITY
-# End MODULE ldb_samldb
+# End MODULE ldb_samba3sam
################################################
ldb_samba3sam_OBJ_FILES = \
$(dsdbsrcdir)/samdb/ldb_modules/samba3sam.o
################################################
+# Start MODULE ldb_samba3sid
+[MODULE::ldb_samba3sid]
+SUBSYSTEM = LIBLDB
+INIT_FUNCTION = LDB_MODULE(samba3sid)
+PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS LIBLDB SMBPASSWD \
+ NSS_WRAPPER LIBSECURITY NDR_SECURITY
+# End MODULE ldb_samba3sid
+################################################
+
+ldb_samba3sid_OBJ_FILES = \
+ $(dsdbsrcdir)/samdb/ldb_modules/samba3sid.o
+
+################################################
# Start MODULE ldb_simple_ldap_map
[MODULE::ldb_simple_ldap_map]
SUBSYSTEM = LIBLDB
@@ -337,7 +352,7 @@ ldb_subtree_delete_OBJ_FILES = $(dsdbsrcdir)/samdb/ldb_modules/subtree_delete.o
[MODULE::ldb_linked_attributes]
INIT_FUNCTION = LDB_MODULE(linked_attributes)
CFLAGS = -Ilib/ldb/include
-PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS SAMDB
+PRIVATE_DEPENDENCIES = LIBTALLOC LIBEVENTS SAMDB DSDB_MODULE_HELPERS
SUBSYSTEM = LIBLDB
# End MODULE ldb_linked_attributes
################################################
diff --git a/source4/dsdb/samdb/ldb_modules/instancetype.c b/source4/dsdb/samdb/ldb_modules/instancetype.c
index b17f40e82a..0a297d587a 100644
--- a/source4/dsdb/samdb/ldb_modules/instancetype.c
+++ b/source4/dsdb/samdb/ldb_modules/instancetype.c
@@ -36,6 +36,7 @@
#include "librpc/gen_ndr/ndr_misc.h"
#include "dsdb/samdb/samdb.h"
#include "../libds/common/flags.h"
+#include "dsdb/samdb/ldb_modules/util.h"
struct it_context {
struct ldb_module *module;
@@ -143,7 +144,7 @@ static int instancetype_add(struct ldb_module *module, struct ldb_request *req)
ret = ldb_build_add_req(&down_req, ldb, req,
msg,
req->controls,
- req->context, req->callback,
+ req, dsdb_next_callback,
req);
if (ret != LDB_SUCCESS) {
return ret;
diff --git a/source4/dsdb/samdb/ldb_modules/lazy_commit.c b/source4/dsdb/samdb/ldb_modules/lazy_commit.c
index 0502b2efa1..b4eaf50d51 100644
--- a/source4/dsdb/samdb/ldb_modules/lazy_commit.c
+++ b/source4/dsdb/samdb/ldb_modules/lazy_commit.c
@@ -28,6 +28,7 @@
*/
#include "ldb_module.h"
+#include "dsdb/samdb/ldb_modules/util.h"
static int unlazy_op(struct ldb_module *module, struct ldb_request *req)
{
@@ -47,28 +48,28 @@ static int unlazy_op(struct ldb_module *module, struct ldb_request *req)
req->op.search.tree,
req->op.search.attrs,
req->controls,
- req->context, req->callback,
+ req, dsdb_next_callback,
req);
break;
case LDB_ADD:
ret = ldb_build_add_req(&new_req, ldb_module_get_ctx(module), req,
req->op.add.message,
req->controls,
- req->context, req->callback,
+ req, dsdb_next_callback,
req);
break;
case LDB_MODIFY:
ret = ldb_build_mod_req(&new_req, ldb_module_get_ctx(module), req,
req->op.mod.message,
req->controls,
- req->context, req->callback,
+ req, dsdb_next_callback,
req);
break;
case LDB_DELETE:
ret = ldb_build_del_req(&new_req, ldb_module_get_ctx(module), req,
req->op.del.dn,
req->controls,
- req->context, req->callback,
+ req, dsdb_next_callback,
req);
break;
case LDB_RENAME:
@@ -76,7 +77,7 @@ static int unlazy_op(struct ldb_module *module, struct ldb_request *req)
req->op.rename.olddn,
req->op.rename.newdn,
req->controls,
- req->context, req->callback,
+ req, dsdb_next_callback,
req);
break;
case LDB_EXTENDED:
@@ -85,7 +86,7 @@ static int unlazy_op(struct ldb_module *module, struct ldb_request *req)
req->op.extended.oid,
req->op.extended.data,
req->controls,
- req->context, req->callback,
+ req, dsdb_next_callback,
req);
break;
default:
diff --git a/source4/dsdb/samdb/ldb_modules/partition.c b/source4/dsdb/samdb/ldb_modules/partition.c
index 01ae0a10a7..59e7fab393 100644
--- a/source4/dsdb/samdb/ldb_modules/partition.c
+++ b/source4/dsdb/samdb/ldb_modules/partition.c
@@ -39,7 +39,6 @@ struct part_request {
struct partition_context {
struct ldb_module *module;
struct ldb_request *req;
- bool got_success;
struct part_request *part_req;
int num_requests;
@@ -160,7 +159,7 @@ static int partition_req_callback(struct ldb_request *req,
}
}
- if (ares->error != LDB_SUCCESS && !ac->got_success) {
+ if (ares->error != LDB_SUCCESS) {
return ldb_module_done(ac->req, ares->controls,
ares->response, ares->error);
}
@@ -182,9 +181,6 @@ static int partition_req_callback(struct ldb_request *req,
return ldb_module_send_entry(ac->req, ares->message, ares->controls);
case LDB_REPLY_DONE:
- if (ares->error == LDB_SUCCESS) {
- ac->got_success = true;
- }
if (ac->req->operation == LDB_EXTENDED) {
/* FIXME: check for ares->response, replmd does not fill it ! */
if (ares->response) {
@@ -205,7 +201,7 @@ static int partition_req_callback(struct ldb_request *req,
/* this was the last one, call callback */
return ldb_module_done(ac->req, ares->controls,
ares->response,
- ac->got_success?LDB_SUCCESS:ares->error);
+ ares->error);
}
/* not the last, now call the next one */
@@ -528,9 +524,7 @@ static int partition_search(struct ldb_module *module, struct ldb_request *req)
*/
if (ldb_dn_compare(data->partitions[i]->ctrl->dn, req->op.search.base) == 0) {
match = true;
- if (req->op.search.scope == LDB_SCOPE_BASE) {
- stop = true;
- }
+ stop = true;
}
if (!match &&
(ldb_dn_compare_base(req->op.search.base, data->partitions[i]->ctrl->dn) == 0 &&
diff --git a/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c b/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c
index 796ecaf7bc..00d9a30fd3 100644
--- a/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c
+++ b/source4/dsdb/samdb/ldb_modules/pdc_fsmo.c
@@ -75,8 +75,8 @@ static int pdc_fsmo_init(struct ldb_module *module)
return ldb_next_init(module);
} else if (ret != LDB_SUCCESS) {
ldb_debug_set(ldb, LDB_DEBUG_FATAL,
- "pdc_fsmo_init: failed to search the domain object: %d:%s",
- ret, ldb_strerror(ret));
+ "pdc_fsmo_init: failed to search the domain object: %d:%s: %s",
+ ret, ldb_strerror(ret), ldb_errstring(ldb));
talloc_free(mem_ctx);
return ret;
}
diff --git a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
index 890eb91d6d..b4caac4c8d 100644
--- a/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
+++ b/source4/dsdb/samdb/ldb_modules/repl_meta_data.c
@@ -672,7 +672,7 @@ static int replmd_add(struct ldb_module *module, struct ldb_request *req)
/* check if there's a show relax control (used by provision to say 'I know what I'm doing') */
control = ldb_request_get_control(req, LDB_CONTROL_RELAX_OID);
if (control) {
- allow_add_guid = 1;
+ allow_add_guid = true;
}
/* do not manipulate our control entries */
@@ -2667,10 +2667,12 @@ static int replmd_replicated_apply_merge(struct replmd_replicated_request *ar)
break;
}
- DEBUG(1,("Discarding older DRS attribute update to %s on %s from %s\n",
- msg->elements[i-removed_attrs].name,
- ldb_dn_get_linearized(msg->dn),
- GUID_string(ar, &rmd->ctr.ctr1.array[i].originating_invocation_id)));
+ if (rmd->ctr.ctr1.array[i].attid != DRSUAPI_ATTRIBUTE_instanceType) {
+ DEBUG(1,("Discarding older DRS attribute update to %s on %s from %s\n",
+ msg->elements[i-removed_attrs].name,
+ ldb_dn_get_linearized(msg->dn),
+ GUID_string(ar, &rmd->ctr.ctr1.array[i].originating_invocation_id)));
+ }
/* we don't want to apply this change so remove the attribute */
ldb_msg_remove_element(msg, &msg->elements[i-removed_attrs]);
diff --git a/source4/dsdb/samdb/ldb_modules/ridalloc.c b/source4/dsdb/samdb/ldb_modules/ridalloc.c
new file mode 100644
index 0000000000..a64062fcdc
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/ridalloc.c
@@ -0,0 +1,646 @@
+/*
+ RID allocation helper functions
+
+ Copyright (C) Andrew Bartlett 2010
+ Copyright (C) Andrew Tridgell 2010
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ * Name: ldb
+ *
+ * Component: RID allocation logic
+ *
+ * Description: manage RID Set and RID Manager objects
+ *
+ */
+
+#include "includes.h"
+#include "ldb_module.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+#include "lib/messaging/irpc.h"
+#include "param/param.h"
+#include "librpc/gen_ndr/ndr_misc.h"
+
+/*
+ Note: the RID allocation attributes in AD are very badly named. Here
+ is what we think they really do:
+
+ in RID Set object:
+ - rIDPreviousAllocationPool: the pool which a DC is currently
+ pulling RIDs from. Managed by client DC
+
+ - rIDAllocationPool: the pool that the DC will switch to next,
+ when rIDPreviousAllocationPool is exhausted. Managed by RID Manager.
+
+ - rIDNextRID: the last RID allocated by this DC. Managed by client DC
+
+ in RID Manager object:
+ - rIDAvailablePool: the pool where the RID Manager gets new rID
+ pools from when it gets a EXOP_RID_ALLOC getncchanges call (or
+ locally when the DC is the RID Manager)
+ */
+
+
+/*
+ make a IRPC call to the drepl task to ask it to get the RID
+ Manager to give us another RID pool.
+
+ This function just sends the message to the drepl task then
+ returns immediately. It should be called well before we
+ completely run out of RIDs
+ */
+static void ridalloc_poke_rid_manager(struct ldb_module *module)
+{
+ struct messaging_context *msg;
+ struct server_id *server;
+ struct ldb_context *ldb = ldb_module_get_ctx(module);
+ struct loadparm_context *lp_ctx = ldb_get_opaque(ldb, "loadparm");
+ TALLOC_CTX *tmp_ctx = talloc_new(module);
+
+ msg = messaging_client_init(tmp_ctx, lp_messaging_path(tmp_ctx, lp_ctx),
+ lp_iconv_convenience(lp_ctx),
+ ldb_get_event_context(ldb));
+ if (!msg) {
+ DEBUG(3,(__location__ ": Failed to create messaging context\n"));
+ talloc_free(tmp_ctx);
+ return;
+ }
+
+ server = irpc_servers_byname(msg, msg, "dreplsrv");
+ if (!server) {
+ /* this means the drepl service is not running */
+ talloc_free(tmp_ctx);
+ return;
+ }
+
+ messaging_send(msg, server[0], MSG_DREPL_ALLOCATE_RID, NULL);
+
+ /* we don't care if the message got through */
+ talloc_free(tmp_ctx);
+}
+
+
+/*
+ allocate a new range of RIDs in the RID Manager object
+ */
+static int ridalloc_rid_manager_allocate(struct ldb_module *module, struct ldb_dn *rid_manager_dn, uint64_t *new_pool)
+{
+ int ret;
+ TALLOC_CTX *tmp_ctx = talloc_new(module);
+ const char *attrs[] = { "rIDAvailablePool", NULL };
+ uint64_t rid_pool, new_rid_pool, dc_pool;
+ uint32_t rid_pool_lo, rid_pool_hi;
+ struct ldb_result *res;
+ struct ldb_context *ldb = ldb_module_get_ctx(module);
+ const unsigned alloc_size = 500;
+
+ ret = dsdb_module_search_dn(module, tmp_ctx, &res, rid_manager_dn, attrs, 0);
+ if (ret != LDB_SUCCESS) {
+ ldb_asprintf_errstring(ldb, "Failed to find rIDAvailablePool in %s - %s",
+ ldb_dn_get_linearized(rid_manager_dn), ldb_errstring(ldb));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ rid_pool = ldb_msg_find_attr_as_uint64(res->msgs[0], "rIDAvailablePool", 0);
+ rid_pool_lo = rid_pool & 0xFFFFFFFF;
+ rid_pool_hi = rid_pool >> 32;
+ if (rid_pool_lo >= rid_pool_hi) {
+ ldb_asprintf_errstring(ldb, "Out of RIDs in RID Manager - rIDAvailablePool is %u-%u",
+ rid_pool_lo, rid_pool_hi);
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ /* lower part of new pool is the low part of the rIDAvailablePool */
+ dc_pool = rid_pool_lo;
+
+ /* allocate 500 RIDs to this DC */
+ rid_pool_lo = MIN(rid_pool_hi, rid_pool_lo + alloc_size);
+
+ /* work out upper part of new pool */
+ dc_pool |= (((uint64_t)rid_pool_lo-1)<<32);
+
+ /* and new rIDAvailablePool value */
+ new_rid_pool = rid_pool_lo | (((uint64_t)rid_pool_hi)<<32);
+
+ ret = dsdb_module_constrainted_update_integer(module, rid_manager_dn, "rIDAvailablePool",
+ rid_pool, new_rid_pool);
+ if (ret != LDB_SUCCESS) {
+ ldb_asprintf_errstring(ldb, "Failed to update rIDAvailablePool - %s",
+ ldb_errstring(ldb));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ (*new_pool) = dc_pool;
+ talloc_free(tmp_ctx);
+ return LDB_SUCCESS;
+}
+
+/*
+ create a RID Set object for the specified DC
+ */
+static int ridalloc_create_rid_set_ntds(struct ldb_module *module, TALLOC_CTX *mem_ctx,
+ struct ldb_dn *rid_manager_dn,
+ struct ldb_dn *ntds_dn, struct ldb_dn **dn)
+{
+ TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+ struct ldb_dn *server_dn, *machine_dn, *rid_set_dn;
+ int ret;
+ uint64_t dc_pool;
+ struct ldb_message *msg;
+ struct ldb_context *ldb = ldb_module_get_ctx(module);
+
+ /*
+ steps:
+
+ find the machine object for the DC
+ construct the RID Set DN
+ load rIDAvailablePool to find next available set
+ modify RID Manager object to update rIDAvailablePool
+ add the RID Set object
+ link to the RID Set object in machine object
+ */
+
+ server_dn = ldb_dn_get_parent(tmp_ctx, ntds_dn);
+ if (!server_dn) {
+ ldb_module_oom(module);
+ talloc_free(tmp_ctx);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ ret = dsdb_module_reference_dn(module, tmp_ctx, server_dn, "serverReference", &machine_dn);
+ if (ret != LDB_SUCCESS) {
+ ldb_asprintf_errstring(ldb, "Failed to find serverReference in %s - %s",
+ ldb_dn_get_linearized(server_dn), ldb_errstring(ldb));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ rid_set_dn = ldb_dn_copy(tmp_ctx, machine_dn);
+ if (rid_set_dn == NULL) {
+ ldb_module_oom(module);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ if (! ldb_dn_add_child_fmt(rid_set_dn, "CN=RID Set")) {
+ ldb_module_oom(module);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ /* grab a pool from the RID Manager object */
+ ret = ridalloc_rid_manager_allocate(module, rid_manager_dn, &dc_pool);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ /* create the RID Set object */
+ msg = ldb_msg_new(tmp_ctx);
+ msg->dn = rid_set_dn;
+
+ ret = ldb_msg_add_string(msg, "objectClass", "rIDSet");
+ if (ret != LDB_SUCCESS) {
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+ ret = ldb_msg_add_fmt(msg, "rIDAllocationPool", "%llu", (unsigned long long)dc_pool);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ /* w2k8-r2 sets these to zero when first created */
+ ret = ldb_msg_add_fmt(msg, "rIDPreviousAllocationPool", "0");
+ if (ret != LDB_SUCCESS) {
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+ ret = ldb_msg_add_fmt(msg, "rIDUsedPool", "0");
+ if (ret != LDB_SUCCESS) {
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+ ret = ldb_msg_add_fmt(msg, "rIDNextRID", "0");
+ if (ret != LDB_SUCCESS) {
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ /* we need this to go all the way to the top of the module
+ * stack, as we need all the extra attributes added (including
+ * complex ones like ntsecuritydescriptor) */
+ ret = dsdb_module_add(module, msg, DSDB_FLAG_TOP_MODULE | DSDB_MODIFY_RELAX);
+ if (ret != LDB_SUCCESS) {
+ ldb_asprintf_errstring(ldb, "Failed to add RID Set %s - %s",
+ ldb_dn_get_linearized(msg->dn),
+ ldb_errstring(ldb));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ /* add the rIDSetReferences link */
+ msg = ldb_msg_new(tmp_ctx);
+ msg->dn = machine_dn;
+
+ ret = ldb_msg_add_string(msg, "rIDSetReferences", ldb_dn_get_linearized(rid_set_dn));
+ if (ret != LDB_SUCCESS) {
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+ msg->elements[0].flags = LDB_FLAG_MOD_ADD;
+
+ ret = dsdb_module_modify(module, msg, 0);
+ if (ret != LDB_SUCCESS) {
+ ldb_asprintf_errstring(ldb, "Failed to add rIDSetReferences to %s - %s",
+ ldb_dn_get_linearized(msg->dn),
+ ldb_errstring(ldb));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ (*dn) = talloc_steal(mem_ctx, rid_set_dn);
+
+ talloc_free(tmp_ctx);
+ return LDB_SUCCESS;
+}
+
+
+/*
+ create a RID Set object for this DC
+ */
+static int ridalloc_create_own_rid_set(struct ldb_module *module, TALLOC_CTX *mem_ctx,
+ struct ldb_dn **dn)
+{
+ TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+ struct ldb_dn *rid_manager_dn, *fsmo_role_dn;
+ int ret;
+ struct ldb_context *ldb = ldb_module_get_ctx(module);
+
+ /* work out who is the RID Manager */
+ ret = dsdb_module_rid_manager_dn(module, tmp_ctx, &rid_manager_dn);
+ if (ret != LDB_SUCCESS) {
+ ldb_asprintf_errstring(ldb, "Failed to find RID Manager object - %s",
+ ldb_errstring(ldb));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ /* find the DN of the RID Manager */
+ ret = dsdb_module_reference_dn(module, tmp_ctx, rid_manager_dn, "fSMORoleOwner", &fsmo_role_dn);
+ if (ret != LDB_SUCCESS) {
+ ldb_asprintf_errstring(ldb, "Failed to find fSMORoleOwner in RID Manager object - %s",
+ ldb_errstring(ldb));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ if (ldb_dn_compare(samdb_ntds_settings_dn(ldb), fsmo_role_dn) != 0) {
+ ridalloc_poke_rid_manager(module);
+ ldb_asprintf_errstring(ldb, "Remote RID Set allocation needs refresh");
+ talloc_free(tmp_ctx);
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ }
+
+ ret = ridalloc_create_rid_set_ntds(module, mem_ctx, rid_manager_dn, fsmo_role_dn, dn);
+ talloc_free(tmp_ctx);
+ return ret;
+}
+
+/*
+ refresh a RID Set object for the specified DC
+ also returns the first RID for the new pool
+ */
+static int ridalloc_refresh_rid_set_ntds(struct ldb_module *module,
+ struct ldb_dn *rid_manager_dn,
+ struct ldb_dn *ntds_dn, uint64_t *new_pool)
+{
+ TALLOC_CTX *tmp_ctx = talloc_new(module);
+ struct ldb_dn *server_dn, *machine_dn, *rid_set_dn;
+ struct ldb_context *ldb = ldb_module_get_ctx(module);
+ int ret;
+
+ /* grab a pool from the RID Manager object */
+ ret = ridalloc_rid_manager_allocate(module, rid_manager_dn, new_pool);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ server_dn = ldb_dn_get_parent(tmp_ctx, ntds_dn);
+ if (!server_dn) {
+ ldb_module_oom(module);
+ talloc_free(tmp_ctx);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ ret = dsdb_module_reference_dn(module, tmp_ctx, server_dn, "serverReference", &machine_dn);
+ if (ret != LDB_SUCCESS) {
+ ldb_asprintf_errstring(ldb, "Failed to find serverReference in %s - %s",
+ ldb_dn_get_linearized(server_dn), ldb_errstring(ldb));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ ret = dsdb_module_reference_dn(module, tmp_ctx, machine_dn, "rIDSetReferences", &rid_set_dn);
+ if (ret != LDB_SUCCESS) {
+ ldb_asprintf_errstring(ldb, "Failed to find rIDSetReferences in %s - %s",
+ ldb_dn_get_linearized(machine_dn), ldb_errstring(ldb));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ ret = dsdb_module_set_integer(module, rid_set_dn, "rIDAllocationPool", *new_pool);
+ if (ret != LDB_SUCCESS) {
+ ldb_asprintf_errstring(ldb, "Failed to modify RID Set object %s - %s",
+ ldb_dn_get_linearized(rid_set_dn), ldb_errstring(ldb));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ talloc_free(tmp_ctx);
+ return LDB_SUCCESS;
+}
+
+
+/*
+ get a new RID pool for ourselves
+ also returns the first rid for the new pool
+ */
+static int ridalloc_refresh_own_pool(struct ldb_module *module, uint64_t *new_pool)
+{
+ TALLOC_CTX *tmp_ctx = talloc_new(module);
+ struct ldb_dn *rid_manager_dn, *fsmo_role_dn;
+ int ret;
+ struct ldb_context *ldb = ldb_module_get_ctx(module);
+
+ /* work out who is the RID Manager */
+ ret = dsdb_module_rid_manager_dn(module, tmp_ctx, &rid_manager_dn);
+ if (ret != LDB_SUCCESS) {
+ ldb_asprintf_errstring(ldb, "Failed to find RID Manager object - %s",
+ ldb_errstring(ldb));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ /* find the DN of the RID Manager */
+ ret = dsdb_module_reference_dn(module, tmp_ctx, rid_manager_dn, "fSMORoleOwner", &fsmo_role_dn);
+ if (ret != LDB_SUCCESS) {
+ ldb_asprintf_errstring(ldb, "Failed to find fSMORoleOwner in RID Manager object - %s",
+ ldb_errstring(ldb));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ if (ldb_dn_compare(samdb_ntds_settings_dn(ldb), fsmo_role_dn) != 0) {
+ ridalloc_poke_rid_manager(module);
+ ldb_asprintf_errstring(ldb, "Remote RID Set allocation needs refresh");
+ talloc_free(tmp_ctx);
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ }
+
+ ret = ridalloc_refresh_rid_set_ntds(module, rid_manager_dn, fsmo_role_dn, new_pool);
+ talloc_free(tmp_ctx);
+ return ret;
+}
+
+
+/* allocate a RID using our RID Set
+ If we run out of RIDs then allocate a new pool
+ either locally or by contacting the RID Manager
+*/
+int ridalloc_allocate_rid(struct ldb_module *module, uint32_t *rid)
+{
+ struct ldb_context *ldb;
+ static const char * const attrs[] = { "rIDAllocationPool", "rIDPreviousAllocationPool",
+ "rIDNextRID" , "rIDUsedPool", NULL };
+ int ret;
+ struct ldb_dn *rid_set_dn;
+ struct ldb_result *res;
+ uint64_t alloc_pool, prev_alloc_pool;
+ uint32_t prev_alloc_pool_lo, prev_alloc_pool_hi;
+ uint32_t rid_used_pool;
+ int prev_rid;
+ TALLOC_CTX *tmp_ctx = talloc_new(module);
+
+ (*rid) = 0;
+ ldb = ldb_module_get_ctx(module);
+
+ ret = samdb_rid_set_dn(ldb, tmp_ctx, &rid_set_dn);
+ if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE) {
+ ret = ridalloc_create_own_rid_set(module, tmp_ctx, &rid_set_dn);
+ }
+ if (ret != LDB_SUCCESS) {
+ ldb_asprintf_errstring(ldb, __location__ ": No RID Set DN - %s",
+ ldb_errstring(ldb));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ ret = dsdb_module_search_dn(module, tmp_ctx, &res, rid_set_dn, attrs, 0);
+ if (ret != LDB_SUCCESS) {
+ ldb_asprintf_errstring(ldb, __location__ ": No RID Set %s",
+ ldb_dn_get_linearized(rid_set_dn));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ prev_alloc_pool = ldb_msg_find_attr_as_uint64(res->msgs[0], "rIDPreviousAllocationPool", 0);
+ alloc_pool = ldb_msg_find_attr_as_uint64(res->msgs[0], "rIDAllocationPool", 0);
+ prev_rid = ldb_msg_find_attr_as_int(res->msgs[0], "rIDNextRID", 0);
+ rid_used_pool = ldb_msg_find_attr_as_int(res->msgs[0], "rIDUsedPool", 0);
+ if (alloc_pool == 0) {
+ ldb_asprintf_errstring(ldb, __location__ ": Bad RID Set %s",
+ ldb_dn_get_linearized(rid_set_dn));
+ talloc_free(tmp_ctx);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ prev_alloc_pool_lo = prev_alloc_pool & 0xFFFFFFFF;
+ prev_alloc_pool_hi = prev_alloc_pool >> 32;
+ if (prev_rid >= prev_alloc_pool_hi) {
+ if (prev_alloc_pool == 0) {
+ ret = dsdb_module_set_integer(module, rid_set_dn, "rIDPreviousAllocationPool", alloc_pool);
+ } else {
+ ret = dsdb_module_constrainted_update_integer(module, rid_set_dn, "rIDPreviousAllocationPool",
+ prev_alloc_pool, alloc_pool);
+ }
+ if (ret != LDB_SUCCESS) {
+ ldb_asprintf_errstring(ldb, __location__ ": Failed to update rIDPreviousAllocationPool on %s - %s",
+ ldb_dn_get_linearized(rid_set_dn), ldb_errstring(ldb));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+ prev_alloc_pool = alloc_pool;
+ prev_alloc_pool_lo = prev_alloc_pool & 0xFFFFFFFF;
+ prev_alloc_pool_hi = prev_alloc_pool >> 32;
+
+ /* update the rIDUsedPool attribute */
+ ret = dsdb_module_set_integer(module, rid_set_dn, "rIDUsedPool", rid_used_pool+1);
+ if (ret != LDB_SUCCESS) {
+ ldb_asprintf_errstring(ldb, __location__ ": Failed to update rIDUsedPool on %s - %s",
+ ldb_dn_get_linearized(rid_set_dn), ldb_errstring(ldb));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ (*rid) = prev_alloc_pool_lo;
+ }
+
+ /* see if we are still out of RIDs, and if so then ask
+ the RID Manager to give us more */
+ if (prev_rid >= prev_alloc_pool_hi) {
+ uint64_t new_pool;
+ ret = ridalloc_refresh_own_pool(module, &new_pool);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+ ret = dsdb_module_constrainted_update_integer(module, rid_set_dn, "rIDPreviousAllocationPool",
+ prev_alloc_pool, new_pool);
+ if (ret != LDB_SUCCESS) {
+ ldb_asprintf_errstring(ldb, __location__ ": Failed to update rIDPreviousAllocationPool on %s - %s",
+ ldb_dn_get_linearized(rid_set_dn), ldb_errstring(ldb));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+ prev_alloc_pool = new_pool;
+ prev_alloc_pool_lo = prev_alloc_pool & 0xFFFFFFFF;
+ prev_alloc_pool_hi = prev_alloc_pool >> 32;
+ (*rid) = prev_alloc_pool_lo;
+ } else {
+ /* despite the name, rIDNextRID is the value of the last user
+ * added by this DC, not the next available RID */
+ if (*rid == 0) {
+ (*rid) = prev_rid + 1;
+ }
+ }
+
+ if (*rid < prev_alloc_pool_lo || *rid > prev_alloc_pool_hi) {
+ ldb_asprintf_errstring(ldb, __location__ ": Bad rid chosen %u from range %u-%u",
+ (unsigned)*rid, (unsigned)prev_alloc_pool_lo,
+ (unsigned)prev_alloc_pool_hi);
+ talloc_free(tmp_ctx);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ /* now modify the RID Set to use up this RID using a
+ * constrained delete/add if possible */
+ if (prev_rid == 0) {
+ ret = dsdb_module_set_integer(module, rid_set_dn, "rIDNextRID", *rid);
+ } else {
+ ret = dsdb_module_constrainted_update_integer(module, rid_set_dn, "rIDNextRID", prev_rid, *rid);
+ }
+
+ /* if we are half-exhausted then ask the repl task to start
+ * getting another one */
+ if (*rid > (prev_alloc_pool_hi + prev_alloc_pool_lo)/2) {
+ ridalloc_poke_rid_manager(module);
+ }
+
+ talloc_free(tmp_ctx);
+
+ return ret;
+}
+
+
+/*
+ called by DSDB_EXTENDED_ALLOCATE_RID_POOL extended operation in samldb
+ */
+int ridalloc_allocate_rid_pool_fsmo(struct ldb_module *module, struct dsdb_fsmo_extended_op *exop)
+{
+ struct ldb_dn *ntds_dn, *server_dn, *machine_dn, *rid_set_dn;
+ struct ldb_dn *rid_manager_dn;
+ TALLOC_CTX *tmp_ctx = talloc_new(module);
+ int ret;
+ struct ldb_context *ldb = ldb_module_get_ctx(module);
+ uint64_t new_pool;
+
+ ret = dsdb_module_dn_by_guid(module, tmp_ctx, &exop->destination_dsa_guid, &ntds_dn);
+ if (ret != LDB_SUCCESS) {
+ ldb_asprintf_errstring(ldb, __location__ ": Unable to find NTDS object for guid %s - %s\n",
+ GUID_string(tmp_ctx, &exop->destination_dsa_guid), ldb_errstring(ldb));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ server_dn = ldb_dn_get_parent(tmp_ctx, ntds_dn);
+ if (!server_dn) {
+ ldb_module_oom(module);
+ talloc_free(tmp_ctx);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ ret = dsdb_module_reference_dn(module, tmp_ctx, server_dn, "serverReference", &machine_dn);
+ if (ret != LDB_SUCCESS) {
+ ldb_asprintf_errstring(ldb, __location__ ": Failed to find serverReference in %s - %s",
+ ldb_dn_get_linearized(server_dn), ldb_errstring(ldb));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+
+ ret = dsdb_module_rid_manager_dn(module, tmp_ctx, &rid_manager_dn);
+ if (ret != LDB_SUCCESS) {
+ ldb_asprintf_errstring(ldb, __location__ ": Failed to find RID Manager object - %s",
+ ldb_errstring(ldb));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ ret = dsdb_module_reference_dn(module, tmp_ctx, machine_dn, "rIDSetReferences", &rid_set_dn);
+ if (ret == LDB_ERR_NO_SUCH_ATTRIBUTE) {
+ ret = ridalloc_create_rid_set_ntds(module, tmp_ctx, rid_manager_dn, ntds_dn, &rid_set_dn);
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ if (ret != LDB_SUCCESS) {
+ ldb_asprintf_errstring(ldb, "Failed to find rIDSetReferences in %s - %s",
+ ldb_dn_get_linearized(machine_dn), ldb_errstring(ldb));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ if (exop->fsmo_info != 0) {
+ const char *attrs[] = { "rIDAllocationPool", NULL };
+ struct ldb_result *res;
+ uint64_t alloc_pool;
+
+ ret = dsdb_module_search_dn(module, tmp_ctx, &res, rid_set_dn, attrs, 0);
+ if (ret != LDB_SUCCESS) {
+ ldb_asprintf_errstring(ldb, __location__ ": No RID Set %s",
+ ldb_dn_get_linearized(rid_set_dn));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ alloc_pool = ldb_msg_find_attr_as_uint64(res->msgs[0], "rIDAllocationPool", 0);
+ if (alloc_pool != exop->fsmo_info) {
+ /* it has already been updated */
+ DEBUG(2,(__location__ ": rIDAllocationPool fsmo_info mismatch - already changed (0x%llx 0x%llx)\n",
+ (unsigned long long)exop->fsmo_info,
+ (unsigned long long)alloc_pool));
+ talloc_free(tmp_ctx);
+ return LDB_SUCCESS;
+ }
+ }
+
+ ret = ridalloc_refresh_rid_set_ntds(module, rid_manager_dn, ntds_dn, &new_pool);
+ talloc_free(tmp_ctx);
+ return ret;
+}
diff --git a/source4/dsdb/samdb/ldb_modules/samba3sid.c b/source4/dsdb/samdb/ldb_modules/samba3sid.c
new file mode 100644
index 0000000000..76848eb258
--- /dev/null
+++ b/source4/dsdb/samdb/ldb_modules/samba3sid.c
@@ -0,0 +1,197 @@
+/*
+ samba3sid module
+
+ Copyright (C) Andrew Bartlett 2010
+ Copyright (C) Andrew Tridgell 2010
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/*
+ add objectSID to users and groups using samba3 nextRid method
+ */
+
+#include "includes.h"
+#include "libcli/ldap/ldap_ndr.h"
+#include "ldb_module.h"
+#include "dsdb/samdb/samdb.h"
+#include "dsdb/samdb/ldb_modules/util.h"
+#include "libcli/security/security.h"
+#include "librpc/gen_ndr/ndr_security.h"
+#include "../lib/util/util_ldb.h"
+#include "ldb_wrap.h"
+#include "param/param.h"
+
+/*
+ RID algorithm from pdb_ldap.c in source3/passdb/
+ (loosely based on Volkers code)
+ */
+static int samba3sid_next_sid(struct ldb_module *module,
+ TALLOC_CTX *mem_ctx, char **sid)
+{
+ TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
+ struct ldb_result *res;
+ const char *attrs[] = { "sambaNextRid", "sambaNextUserRid",
+ "sambaNextGroupRid", "sambaSID", NULL };
+ int ret;
+ struct ldb_context *ldb = ldb_module_get_ctx(module);
+ int sambaNextRid, sambaNextGroupRid, sambaNextUserRid;
+ struct ldb_message *msg;
+ int rid;
+ const char *sambaSID;
+
+ ret = dsdb_module_search(module, tmp_ctx, &res, NULL, LDB_SCOPE_SUBTREE,
+ attrs, DSDB_SEARCH_SEARCH_ALL_PARTITIONS,
+ "(&(objectClass=sambaDomain)(sambaDomainName=%s))",
+ lp_sam_name(ldb_get_opaque(ldb, "loadparm")));
+ if (ret != LDB_SUCCESS) {
+ ldb_asprintf_errstring(ldb,
+ __location__
+ ": Failed to find domain object - %s",
+ ldb_errstring(ldb));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+ if (res->count != 1) {
+ ldb_asprintf_errstring(ldb,
+ __location__
+ ": Expected exactly 1 domain object - got %u",
+ res->count);
+ talloc_free(tmp_ctx);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ msg = res->msgs[0];
+
+ sambaNextRid = ldb_msg_find_attr_as_uint(msg, "sambaNextRid", -1);
+ sambaNextUserRid = ldb_msg_find_attr_as_uint(msg, "sambaNextUserRid", -1);
+ sambaNextGroupRid = ldb_msg_find_attr_as_uint(msg, "sambaNextGroupRid", -1);
+ sambaSID = ldb_msg_find_attr_as_string(msg, "sambaSID", NULL);
+
+ if (sambaSID == NULL) {
+ ldb_asprintf_errstring(ldb,
+ __location__
+ ": No sambaSID in %s",
+ ldb_dn_get_linearized(msg->dn));
+ talloc_free(tmp_ctx);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ /* choose the highest of the 3 - see pdb_ldap.c for an
+ * explanation */
+ rid = sambaNextRid;
+ if (sambaNextUserRid > rid) {
+ rid = sambaNextUserRid;
+ }
+ if (sambaNextGroupRid > rid) {
+ rid = sambaNextGroupRid;
+ }
+ if (rid == -1) {
+ ldb_asprintf_errstring(ldb,
+ __location__
+ ": No sambaNextRid in %s",
+ ldb_dn_get_linearized(msg->dn));
+ talloc_free(tmp_ctx);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ /* sambaNextRid is actually the previous RID .... */
+ rid += 1;
+
+ (*sid) = talloc_asprintf(tmp_ctx, "%s-%d", sambaSID, rid);
+ if (!*sid) {
+ ldb_module_oom(module);
+ talloc_free(tmp_ctx);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ ret = dsdb_module_constrainted_update_integer(module, msg->dn,
+ "sambaNextRid",
+ sambaNextRid, rid);
+ if (ret != LDB_SUCCESS) {
+ ldb_asprintf_errstring(ldb,
+ __location__
+ ": Failed to update sambaNextRid - %s",
+ ldb_errstring(ldb));
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ talloc_steal(mem_ctx, *sid);
+ talloc_free(tmp_ctx);
+ return LDB_SUCCESS;
+}
+
+
+
+/* add */
+static int samba3sid_add(struct ldb_module *module, struct ldb_request *req)
+{
+ struct ldb_context *ldb;
+ int ret;
+ const struct ldb_message *msg = req->op.add.message;
+ struct ldb_message *new_msg;
+ char *sid;
+ struct ldb_request *new_req;
+
+ ldb = ldb_module_get_ctx(module);
+
+ /* do not manipulate our control entries */
+ if (ldb_dn_is_special(req->op.add.message->dn)) {
+ return ldb_next_request(module, req);
+ }
+
+ if (!samdb_find_attribute(ldb, msg, "objectclass", "posixAccount") &&
+ !samdb_find_attribute(ldb, msg, "objectclass", "posixGroup")) {
+ /* its not a user or a group */
+ return ldb_next_request(module, req);
+ }
+
+ if (ldb_msg_find_element(msg, "sambaSID")) {
+ /* a SID was supplied */
+ return ldb_next_request(module, req);
+ }
+
+ new_msg = ldb_msg_copy_shallow(req, req->op.add.message);
+ if (!new_msg) {
+ ldb_module_oom(module);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+
+ ret = samba3sid_next_sid(module, new_msg, &sid);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
+ ret = ldb_msg_add_steal_string(new_msg, "sambaSID", sid);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
+ ret = ldb_build_add_req(&new_req, ldb, req,
+ new_msg,
+ req->controls,
+ req, dsdb_next_callback,
+ req);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
+ return ldb_next_request(module, new_req);
+}
+
+_PUBLIC_ const struct ldb_module_ops ldb_samba3sid_module_ops = {
+ .name = "samba3sid",
+ .add = samba3sid_add,
+};
+
diff --git a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
index a461a94806..44526128f1 100644
--- a/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
+++ b/source4/dsdb/samdb/ldb_modules/samba_dsdb.c
@@ -138,53 +138,6 @@ static int prepare_modules_line(struct ldb_context *ldb,
-/*
- initialise the invocationID for a standalone server
- */
-static int initialise_invocation_id(struct ldb_module *module, struct GUID *guid)
-{
- struct ldb_message *msg;
- struct ldb_context *ldb = ldb_module_get_ctx(module);
- int ret;
-
- *guid = GUID_random();
-
- msg = ldb_msg_new(module);
- if (msg == NULL) {
- ldb_module_oom(module);
- return LDB_ERR_OPERATIONS_ERROR;
- }
- msg->dn = ldb_dn_new(msg, ldb, "@SAMBA_DSDB");
- if (!msg->dn) {
- ldb_module_oom(module);
- talloc_free(msg);
- return LDB_ERR_OPERATIONS_ERROR;
- }
- ret = dsdb_msg_add_guid(msg, guid, "invocationID");
- if (ret != LDB_SUCCESS) {
- ldb_module_oom(module);
- talloc_free(msg);
- return ret;
- }
- msg->elements[0].flags = LDB_FLAG_MOD_ADD;
-
- ret = ldb_modify(ldb, msg);
- if (ret != LDB_SUCCESS) {
- ldb_asprintf_errstring(ldb, "Failed to setup standalone invocationID - %s",
- ldb_errstring(ldb));
- talloc_free(msg);
- return ret;
- }
-
- DEBUG(1,("Initialised standalone invocationID to %s\n",
- GUID_string(msg, guid)));
-
- talloc_free(msg);
-
- return LDB_SUCCESS;
-}
-
-
static int samba_dsdb_init(struct ldb_module *module)
{
struct ldb_context *ldb = ldb_module_get_ctx(module);
@@ -258,7 +211,7 @@ static int samba_dsdb_init(struct ldb_module *module)
static const char *openldap_backend_modules[] = {
"entryuuid", "paged_searches", NULL };
- static const char *samba_dsdb_attrs[] = { "backendType", "serverRole", "invocationID", NULL };
+ static const char *samba_dsdb_attrs[] = { "backendType", "serverRole", NULL };
const char *backendType, *serverRole;
if (!tmp_ctx) {
@@ -293,34 +246,6 @@ static int samba_dsdb_init(struct ldb_module *module)
return ret;
}
- if (strcmp(serverRole, "standalone") == 0 ||
- strcmp(serverRole, "member server") == 0) {
- struct GUID *guid;
-
- guid = talloc(module, struct GUID);
- if (!guid) {
- ldb_module_oom(module);
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- *guid = samdb_result_guid(res->msgs[0], "invocationID");
- if (GUID_all_zero(guid)) {
- ret = initialise_invocation_id(module, guid);
- if (ret != LDB_SUCCESS) {
- talloc_free(tmp_ctx);
- return ret;
- }
- }
-
- /* cache the domain_sid in the ldb. See the matching
- * code in samdb_ntds_invocation_id() */
- ret = ldb_set_opaque(ldb, "cache.invocation_id", guid);
- if (ret != LDB_SUCCESS) {
- talloc_free(tmp_ctx);
- return ret;
- }
- }
-
backend_modules = NULL;
if (strcasecmp(backendType, "ldb") == 0) {
extended_dn_module = extended_dn_module_ldb;
diff --git a/source4/dsdb/samdb/ldb_modules/samldb.c b/source4/dsdb/samdb/ldb_modules/samldb.c
index 17a99c74c7..ccf76aaef2 100644
--- a/source4/dsdb/samdb/ldb_modules/samldb.c
+++ b/source4/dsdb/samdb/ldb_modules/samldb.c
@@ -59,12 +59,6 @@ struct samldb_ctx {
/* the resulting message */
struct ldb_message *msg;
- /* used to find parent domain */
- struct ldb_dn *check_dn;
- struct ldb_dn *domain_dn;
- struct dom_sid *domain_sid;
- uint32_t next_rid;
-
/* holds the entry SID */
struct dom_sid *sid;
@@ -175,139 +169,6 @@ static int samldb_next_step(struct samldb_ctx *ac)
}
}
-/*
- * samldb_get_parent_domain (async)
- */
-
-static int samldb_get_parent_domain(struct samldb_ctx *ac);
-
-static int samldb_get_parent_domain_callback(struct ldb_request *req,
- struct ldb_reply *ares)
-{
- struct ldb_context *ldb;
- struct samldb_ctx *ac;
- const char *nextRid;
- int ret;
-
- ac = talloc_get_type(req->context, struct samldb_ctx);
- ldb = ldb_module_get_ctx(ac->module);
-
- if (!ares) {
- ret = LDB_ERR_OPERATIONS_ERROR;
- goto done;
- }
- if (ares->error != LDB_SUCCESS) {
- return ldb_module_done(ac->req, ares->controls,
- ares->response, ares->error);
- }
-
- switch (ares->type) {
- case LDB_REPLY_ENTRY:
- /* save entry */
- if ((ac->domain_dn != NULL) || (ac->domain_sid != NULL)) {
- /* one too many! */
- ldb_set_errstring(ldb,
- "Invalid number of results while searching "
- "for domain object!");
- ret = LDB_ERR_OPERATIONS_ERROR;
- break;
- }
-
- nextRid = ldb_msg_find_attr_as_string(ares->message,
- "nextRid", NULL);
- if (nextRid == NULL) {
- ldb_asprintf_errstring(ldb,
- "While looking for domain above %s attribute nextRid not found in %s!",
- ldb_dn_get_linearized(
- ac->req->op.add.message->dn),
- ldb_dn_get_linearized(ares->message->dn));
- ret = LDB_ERR_OPERATIONS_ERROR;
- break;
- }
-
- ac->next_rid = strtol(nextRid, NULL, 0);
-
- ac->domain_sid = samdb_result_dom_sid(ac, ares->message,
- "objectSid");
- if (ac->domain_sid == NULL) {
- ldb_set_errstring(ldb,
- "Unable to get the parent domain SID!");
- ret = LDB_ERR_CONSTRAINT_VIOLATION;
- break;
- }
- ac->domain_dn = ldb_dn_copy(ac, ares->message->dn);
-
- talloc_free(ares);
- ret = LDB_SUCCESS;
- break;
-
- case LDB_REPLY_REFERRAL:
- /* ignore */
- talloc_free(ares);
- ret = LDB_SUCCESS;
- break;
-
- case LDB_REPLY_DONE:
- talloc_free(ares);
- if ((ac->domain_dn == NULL) || (ac->domain_sid == NULL)) {
- /* not found -> retry */
- ret = samldb_get_parent_domain(ac);
- } else {
- /* found, go on */
- ret = samldb_next_step(ac);
- }
- break;
- }
-
-done:
- if (ret != LDB_SUCCESS) {
- return ldb_module_done(ac->req, NULL, NULL, ret);
- }
-
- return LDB_SUCCESS;
-}
-
-/* Find a domain object in the parents of a particular DN. */
-static int samldb_get_parent_domain(struct samldb_ctx *ac)
-{
- struct ldb_context *ldb;
- static const char * const attrs[] = { "objectSid", "nextRid", NULL };
- struct ldb_request *req;
- struct ldb_dn *dn;
- int ret;
-
- ldb = ldb_module_get_ctx(ac->module);
-
- if (ac->check_dn == NULL) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- dn = ldb_dn_get_parent(ac, ac->check_dn);
- if (dn == NULL) {
- ldb_set_errstring(ldb,
- "Unable to find parent domain object!");
- return LDB_ERR_CONSTRAINT_VIOLATION;
- }
-
- ac->check_dn = dn;
-
- ret = ldb_build_search_req(&req, ldb, ac,
- dn, LDB_SCOPE_BASE,
- "(|(objectClass=domain)"
- "(objectClass=builtinDomain))",
- attrs,
- NULL,
- ac, samldb_get_parent_domain_callback,
- ac->req);
-
- if (ret != LDB_SUCCESS) {
- return ret;
- }
-
- return ldb_next_request(ac->module, req);
-}
-
-
static int samldb_generate_samAccountName(struct ldb_message *msg)
{
char *name;
@@ -395,7 +256,7 @@ static int samldb_check_samAccountName(struct samldb_ctx *ac)
}
ret = ldb_build_search_req(&req, ldb, ac,
- ac->domain_dn, LDB_SCOPE_SUBTREE,
+ samdb_base_dn(ldb), LDB_SCOPE_SUBTREE,
filter, NULL,
NULL,
ac, samldb_check_samAccountName_callback,
@@ -464,134 +325,45 @@ static int samldb_check_samAccountType(struct samldb_ctx *ac)
return samldb_next_step(ac);
}
-
-/*
- * samldb_get_sid_domain (async)
- */
-
-static int samldb_get_sid_domain_callback(struct ldb_request *req,
- struct ldb_reply *ares)
+static bool samldb_msg_add_sid(struct ldb_message *msg,
+ const char *name,
+ const struct dom_sid *sid)
{
- struct ldb_context *ldb;
- struct samldb_ctx *ac;
- const char *nextRid;
- int ret;
-
- ac = talloc_get_type(req->context, struct samldb_ctx);
- ldb = ldb_module_get_ctx(ac->module);
-
- if (!ares) {
- ret = LDB_ERR_OPERATIONS_ERROR;
- goto done;
- }
- if (ares->error != LDB_SUCCESS) {
- return ldb_module_done(ac->req, ares->controls,
- ares->response, ares->error);
- }
-
- switch (ares->type) {
- case LDB_REPLY_ENTRY:
- /* save entry */
- if (ac->next_rid != 0) {
- /* one too many! */
- ldb_set_errstring(ldb,
- "Invalid number of results while searching "
- "for domain object!");
- ret = LDB_ERR_OPERATIONS_ERROR;
- break;
- }
-
- nextRid = ldb_msg_find_attr_as_string(ares->message,
- "nextRid", NULL);
- if (nextRid == NULL) {
- ldb_asprintf_errstring(ldb,
- "Attribute nextRid not found in %s!",
- ldb_dn_get_linearized(ares->message->dn));
- ret = LDB_ERR_OPERATIONS_ERROR;
- break;
- }
-
- ac->next_rid = strtol(nextRid, NULL, 0);
-
- ac->domain_dn = ldb_dn_copy(ac, ares->message->dn);
-
- talloc_free(ares);
- ret = LDB_SUCCESS;
- break;
-
- case LDB_REPLY_REFERRAL:
- /* ignore */
- talloc_free(ares);
- ret = LDB_SUCCESS;
- break;
-
- case LDB_REPLY_DONE:
- talloc_free(ares);
- if (ac->next_rid == 0) {
- ldb_asprintf_errstring(ldb,
- "Unable to get nextRid from domain entry!");
- ret = LDB_ERR_OPERATIONS_ERROR;
- break;
- }
-
- /* found, go on */
- ret = samldb_next_step(ac);
- break;
- }
+ struct ldb_val v;
+ enum ndr_err_code ndr_err;
-done:
- if (ret != LDB_SUCCESS) {
- return ldb_module_done(ac->req, NULL, NULL, ret);
+ ndr_err = ndr_push_struct_blob(&v, msg, NULL, sid,
+ (ndr_push_flags_fn_t)ndr_push_dom_sid);
+ if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
+ return false;
}
-
- return LDB_SUCCESS;
+ return (ldb_msg_add_value(msg, name, &v, NULL) == 0);
}
-/* Find a domain object in the parents of a particular DN. */
-static int samldb_get_sid_domain(struct samldb_ctx *ac)
+
+/* allocate a SID using our RID Set */
+static int samldb_allocate_sid(struct samldb_ctx *ac)
{
- struct ldb_context *ldb;
- static const char * const attrs[] = { "nextRid", NULL };
- struct ldb_request *req;
- char *filter;
+ uint32_t rid;
int ret;
+ struct ldb_context *ldb = ldb_module_get_ctx(ac->module);
- ldb = ldb_module_get_ctx(ac->module);
-
- if (ac->sid == NULL) {
- return LDB_ERR_OPERATIONS_ERROR;
+ ret = ridalloc_allocate_rid(ac->module, &rid);
+ if (ret != LDB_SUCCESS) {
+ return ret;
}
- ac->domain_sid = dom_sid_dup(ac, ac->sid);
- if (!ac->domain_sid) {
+ ac->sid = dom_sid_add_rid(ac, samdb_domain_sid(ldb), rid);
+ if (ac->sid == NULL) {
+ ldb_module_oom(ac->module);
return LDB_ERR_OPERATIONS_ERROR;
}
- /* get the domain component part of the provided SID */
- ac->domain_sid->num_auths--;
- filter = talloc_asprintf(ac,
- "(&(objectSid=%s)"
- "(|(objectClass=domain)"
- "(objectClass=builtinDomain)))",
- ldap_encode_ndr_dom_sid(ac, ac->domain_sid));
- if (filter == NULL) {
+ if ( ! samldb_msg_add_sid(ac->msg, "objectSid", ac->sid)) {
return LDB_ERR_OPERATIONS_ERROR;
}
- ret = ldb_build_search_req(&req, ldb, ac,
- ldb_get_default_basedn(ldb),
- LDB_SCOPE_SUBTREE,
- filter, attrs,
- NULL,
- ac, samldb_get_sid_domain_callback,
- ac->req);
-
- if (ret != LDB_SUCCESS) {
- return ret;
- }
-
- ac->next_rid = 0;
- return ldb_next_request(ac->module, req);
+ return samldb_next_step(ac);
}
/*
@@ -722,161 +494,6 @@ static int samldb_check_primaryGroupID_2(struct samldb_ctx *ac)
}
-static bool samldb_msg_add_sid(struct ldb_message *msg,
- const char *name,
- const struct dom_sid *sid)
-{
- struct ldb_val v;
- enum ndr_err_code ndr_err;
-
- ndr_err = ndr_push_struct_blob(&v, msg, NULL, sid,
- (ndr_push_flags_fn_t)ndr_push_dom_sid);
- if (!NDR_ERR_CODE_IS_SUCCESS(ndr_err)) {
- return false;
- }
- return (ldb_msg_add_value(msg, name, &v, NULL) == 0);
-}
-
-static int samldb_new_sid(struct samldb_ctx *ac)
-{
-
- if (ac->domain_sid == NULL || ac->next_rid == 0) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- ac->sid = dom_sid_add_rid(ac, ac->domain_sid, ac->next_rid + 1);
- if (ac->sid == NULL) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- if ( ! samldb_msg_add_sid(ac->msg, "objectSid", ac->sid)) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- return samldb_next_step(ac);
-}
-
-/*
- * samldb_notice_sid_callback (async)
- */
-
-static int samldb_notice_sid_callback(struct ldb_request *req,
- struct ldb_reply *ares)
-{
- struct ldb_context *ldb;
- struct samldb_ctx *ac;
- int ret;
-
- ac = talloc_get_type(req->context, struct samldb_ctx);
- ldb = ldb_module_get_ctx(ac->module);
-
- if (!ares) {
- ret = LDB_ERR_OPERATIONS_ERROR;
- goto done;
- }
- if (ares->error != LDB_SUCCESS) {
- return ldb_module_done(ac->req, ares->controls,
- ares->response, ares->error);
- }
- if (ares->type != LDB_REPLY_DONE) {
- ldb_set_errstring(ldb,
- "Invalid reply type!");
- ret = LDB_ERR_OPERATIONS_ERROR;
- goto done;
- }
-
- ret = samldb_next_step(ac);
-
-done:
- if (ret != LDB_SUCCESS) {
- return ldb_module_done(ac->req, NULL, NULL, ret);
- }
-
- return LDB_SUCCESS;
-}
-
-/* If we are adding new users/groups, we need to update the nextRid
- * attribute to be 'above' the new/incoming RID. Attempt to do it
- * atomically. */
-static int samldb_notice_sid(struct samldb_ctx *ac)
-{
- struct ldb_context *ldb;
- uint32_t old_id, new_id;
- struct ldb_request *req;
- struct ldb_message *msg;
- struct ldb_message_element *els;
- struct ldb_val *vals;
- int ret;
-
- ldb = ldb_module_get_ctx(ac->module);
- old_id = ac->next_rid;
- new_id = ac->sid->sub_auths[ac->sid->num_auths - 1];
-
- if (old_id >= new_id) {
- /* no need to update the domain nextRid attribute */
- return samldb_next_step(ac);
- }
-
- /* we do a delete and add as a single operation. That prevents
- a race, in case we are not actually on a transaction db */
- msg = ldb_msg_new(ac);
- if (msg == NULL) {
- ldb_oom(ldb);
- return LDB_ERR_OPERATIONS_ERROR;
- }
- els = talloc_array(msg, struct ldb_message_element, 2);
- if (els == NULL) {
- ldb_oom(ldb);
- return LDB_ERR_OPERATIONS_ERROR;
- }
- vals = talloc_array(msg, struct ldb_val, 2);
- if (vals == NULL) {
- ldb_oom(ldb);
- return LDB_ERR_OPERATIONS_ERROR;
- }
- msg->dn = ac->domain_dn;
- msg->num_elements = 2;
- msg->elements = els;
-
- els[0].num_values = 1;
- els[0].values = &vals[0];
- els[0].flags = LDB_FLAG_MOD_DELETE;
- els[0].name = talloc_strdup(msg, "nextRid");
- if (!els[0].name) {
- ldb_oom(ldb);
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- els[1].num_values = 1;
- els[1].values = &vals[1];
- els[1].flags = LDB_FLAG_MOD_ADD;
- els[1].name = els[0].name;
-
- vals[0].data = (uint8_t *)talloc_asprintf(vals, "%u", old_id);
- if (!vals[0].data) {
- ldb_oom(ldb);
- return LDB_ERR_OPERATIONS_ERROR;
- }
- vals[0].length = strlen((char *)vals[0].data);
-
- vals[1].data = (uint8_t *)talloc_asprintf(vals, "%u", new_id);
- if (!vals[1].data) {
- ldb_oom(ldb);
- return LDB_ERR_OPERATIONS_ERROR;
- }
- vals[1].length = strlen((char *)vals[1].data);
-
- ret = ldb_build_mod_req(&req, ldb, ac,
- msg, NULL,
- ac, samldb_notice_sid_callback,
- ac->req);
- if (ret != LDB_SUCCESS) {
- return ret;
- }
-
- return ldb_next_request(ac->module, req);
-}
-
/*
* samldb_set_defaultObjectCategory_callback (async)
*/
@@ -1142,11 +759,6 @@ static int samldb_fill_object(struct samldb_ctx *ac, const char *type)
ldb = ldb_module_get_ctx(ac->module);
- /* search for a parent domain objet */
- ac->check_dn = ac->req->op.add.message->dn;
- ret = samldb_add_step(ac, samldb_get_parent_domain);
- if (ret != LDB_SUCCESS) return ret;
-
/* Add informations for the different account types */
ac->type = type;
if (strcmp(ac->type, "user") == 0) {
@@ -1174,9 +786,11 @@ static int samldb_fill_object(struct samldb_ctx *ac, const char *type)
ret = samdb_find_or_add_attribute(ldb, ac->msg,
"pwdLastSet", "0");
if (ret != LDB_SUCCESS) return ret;
- ret = samdb_find_or_add_attribute(ldb, ac->msg,
- "primaryGroupID", "513");
- if (ret != LDB_SUCCESS) return ret;
+ if (!ldb_msg_find_element(ac->msg, "primaryGroupID")) {
+ ret = samdb_msg_add_uint(ldb, ac->msg, ac->msg,
+ "primaryGroupID", DOMAIN_RID_USERS);
+ if (ret != LDB_SUCCESS) return ret;
+ }
ret = samdb_find_or_add_attribute(ldb, ac->msg,
"accountExpires", "9223372036854775807");
if (ret != LDB_SUCCESS) return ret;
@@ -1287,20 +901,21 @@ static int samldb_fill_object(struct samldb_ctx *ac, const char *type)
lp_ctx = talloc_get_type(ldb_get_opaque(ldb, "loadparm"),
struct loadparm_context);
- sid_generator = lp_sid_generator(lp_ctx);
- if (sid_generator == SID_GENERATOR_INTERNAL) {
- /* check if we have a valid SID */
- ac->sid = samdb_result_dom_sid(ac, ac->msg, "objectSid");
- if ( ! ac->sid) {
- ret = samldb_add_step(ac, samldb_new_sid);
- if (ret != LDB_SUCCESS) return ret;
- } else {
- ret = samldb_add_step(ac, samldb_get_sid_domain);
+ /* don't allow objectSID to be specified without the RELAX control */
+ ac->sid = samdb_result_dom_sid(ac, ac->msg, "objectSid");
+ if (ac->sid && !ldb_request_get_control(ac->req, LDB_CONTROL_RELAX_OID) &&
+ !dsdb_module_am_system(ac->module)) {
+ ldb_asprintf_errstring(ldb, "No SID may be specified in user/group creation for %s",
+ ldb_dn_get_linearized(ac->msg->dn));
+ return LDB_ERR_UNWILLING_TO_PERFORM;
+ }
+
+ if ( ! ac->sid) {
+ sid_generator = lp_sid_generator(lp_ctx);
+ if (sid_generator == SID_GENERATOR_INTERNAL) {
+ ret = samldb_add_step(ac, samldb_allocate_sid);
if (ret != LDB_SUCCESS) return ret;
}
-
- ret = samldb_add_step(ac, samldb_notice_sid);
- if (ret != LDB_SUCCESS) return ret;
}
/* finally proceed with adding the entry */
@@ -1310,144 +925,6 @@ static int samldb_fill_object(struct samldb_ctx *ac, const char *type)
return samldb_first_step(ac);
}
-/*
- * samldb_foreign_notice_sid (async)
- */
-
-static int samldb_foreign_notice_sid_callback(struct ldb_request *req,
- struct ldb_reply *ares)
-{
- struct ldb_context *ldb;
- struct samldb_ctx *ac;
- const char *nextRid;
- const char *name;
- int ret;
-
- ac = talloc_get_type(req->context, struct samldb_ctx);
- ldb = ldb_module_get_ctx(ac->module);
-
- if (!ares) {
- ret = LDB_ERR_OPERATIONS_ERROR;
- goto done;
- }
- if (ares->error != LDB_SUCCESS) {
- return ldb_module_done(ac->req, ares->controls,
- ares->response, ares->error);
- }
-
- switch (ares->type) {
- case LDB_REPLY_ENTRY:
- /* save entry */
- if (ac->next_rid != 0) {
- /* one too many! */
- ldb_set_errstring(ldb,
- "Invalid number of results while searching "
- "for domain object!");
- ret = LDB_ERR_OPERATIONS_ERROR;
- break;
- }
-
- nextRid = ldb_msg_find_attr_as_string(ares->message,
- "nextRid", NULL);
- if (nextRid == NULL) {
- ldb_asprintf_errstring(ldb,
- "While looking for foreign SID %s attribute nextRid not found in %s",
- dom_sid_string(ares, ac->sid),
- ldb_dn_get_linearized(ares->message->dn));
- ret = LDB_ERR_OPERATIONS_ERROR;
- break;
- }
-
- ac->next_rid = strtol(nextRid, NULL, 0);
-
- ac->domain_dn = ldb_dn_copy(ac, ares->message->dn);
-
- name = samdb_result_string(ares->message, "name", NULL);
- ldb_debug(ldb, LDB_DEBUG_TRACE,
- "NOTE (strange but valid): Adding foreign SID "
- "record with SID %s, but this domain (%s) is "
- "not foreign in the database\n",
- dom_sid_string(ares, ac->sid), name);
-
- talloc_free(ares);
- ret = LDB_SUCCESS;
- break;
-
- case LDB_REPLY_REFERRAL:
- /* ignore */
- talloc_free(ares);
- ret = LDB_SUCCESS;
- break;
-
- case LDB_REPLY_DONE:
- talloc_free(ares);
-
- /* if this is a fake foreign SID, notice the SID */
- if (ac->domain_dn) {
- ret = samldb_notice_sid(ac);
- break;
- }
-
- /* found, go on */
- ret = samldb_next_step(ac);
- break;
- }
-
-done:
- if (ret != LDB_SUCCESS) {
- return ldb_module_done(ac->req, NULL, NULL, ret);
- }
-
- return LDB_SUCCESS;
-}
-
-/* Find a domain object in the parents of a particular DN. */
-static int samldb_foreign_notice_sid(struct samldb_ctx *ac)
-{
- struct ldb_context *ldb;
- static const char * const attrs[3] = { "nextRid", "name", NULL };
- struct ldb_request *req;
- NTSTATUS status;
- char *filter;
- int ret;
-
- ldb = ldb_module_get_ctx(ac->module);
-
- if (ac->sid == NULL) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- status = dom_sid_split_rid(ac, ac->sid, &ac->domain_sid, NULL);
- if (!NT_STATUS_IS_OK(status)) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
-
- filter = talloc_asprintf(ac,
- "(&(objectSid=%s)"
- "(|(objectClass=domain)"
- "(objectClass=builtinDomain)))",
- ldap_encode_ndr_dom_sid(ac, ac->domain_sid));
- if (filter == NULL) {
- return LDB_ERR_OPERATIONS_ERROR;
- }
-
- ret = ldb_build_search_req(&req, ldb, ac,
- ldb_get_default_basedn(ldb),
- LDB_SCOPE_SUBTREE,
- filter, attrs,
- NULL,
- ac, samldb_foreign_notice_sid_callback,
- ac->req);
-
- if (ret != LDB_SUCCESS) {
- return ret;
- }
-
- return ldb_next_request(ac->module, req);
-}
-
-
static int samldb_fill_foreignSecurityPrincipal_object(struct samldb_ctx *ac)
{
struct ldb_context *ldb;
@@ -1455,8 +932,6 @@ static int samldb_fill_foreignSecurityPrincipal_object(struct samldb_ctx *ac)
ldb = ldb_module_get_ctx(ac->module);
- ac->next_rid = 0;
-
ac->sid = samdb_result_dom_sid(ac->msg, ac->msg, "objectSid");
if (ac->sid == NULL) {
ac->sid = dom_sid_parse_talloc(ac->msg,
@@ -1474,10 +949,6 @@ static int samldb_fill_foreignSecurityPrincipal_object(struct samldb_ctx *ac)
}
}
- /* check if we need to notice this SID */
- ret = samldb_add_step(ac, samldb_foreign_notice_sid);
- if (ret != LDB_SUCCESS) return ret;
-
/* finally proceed with adding the entry */
ret = samldb_add_step(ac, samldb_add_entry);
if (ret != LDB_SUCCESS) return ret;
@@ -2313,6 +1784,20 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req)
el2->flags = LDB_FLAG_MOD_REPLACE;
}
+ el = ldb_msg_find_element(req->op.mod.message, "primaryGroupID");
+ if (el && el->flags & (LDB_FLAG_MOD_ADD|LDB_FLAG_MOD_REPLACE) && el->num_values == 1) {
+ struct samldb_ctx *ac;
+
+ ac = samldb_ctx_init(module, req);
+ if (ac == NULL)
+ return LDB_ERR_OPERATIONS_ERROR;
+
+ req->op.mod.message = ac->msg = ldb_msg_copy_shallow(req,
+ req->op.mod.message);
+
+ return samldb_prim_group_change(ac);
+ }
+
el = ldb_msg_find_element(req->op.mod.message, "userAccountControl");
if (el && el->flags & (LDB_FLAG_MOD_ADD|LDB_FLAG_MOD_REPLACE) && el->num_values == 1) {
uint32_t user_account_control;
@@ -2340,21 +1825,18 @@ static int samldb_modify(struct ldb_module *module, struct ldb_request *req)
}
el2 = ldb_msg_find_element(msg, "isCriticalSystemObject");
el2->flags = LDB_FLAG_MOD_REPLACE;
- }
- }
-
- el = ldb_msg_find_element(req->op.mod.message, "primaryGroupID");
- if (el && el->flags & (LDB_FLAG_MOD_ADD|LDB_FLAG_MOD_REPLACE) && el->num_values == 1) {
- struct samldb_ctx *ac;
- ac = samldb_ctx_init(module, req);
- if (ac == NULL)
- return LDB_ERR_OPERATIONS_ERROR;
-
- req->op.mod.message = ac->msg = ldb_msg_copy_shallow(req,
- req->op.mod.message);
-
- return samldb_prim_group_change(ac);
+ /* DCs have primaryGroupID of DOMAIN_RID_DCS */
+ if (!ldb_msg_find_element(msg, "primaryGroupID")) {
+ ret = samdb_msg_add_uint(ldb, msg, msg,
+ "primaryGroupID", DOMAIN_RID_DCS);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+ el2 = ldb_msg_find_element(msg, "primaryGroupID");
+ el2->flags = LDB_FLAG_MOD_REPLACE;
+ }
+ }
}
el = ldb_msg_find_element(req->op.mod.message, "member");
@@ -2392,17 +1874,41 @@ static int samldb_delete(struct ldb_module *module, struct ldb_request *req)
return samldb_prim_group_users_check(ac);
}
+static int samldb_extended_allocate_rid_pool(struct ldb_module *module, struct ldb_request *req)
+{
+ struct ldb_context *ldb = ldb_module_get_ctx(module);
+ struct dsdb_fsmo_extended_op *exop;
+ int ret;
+
+ exop = talloc_get_type(req->op.extended.data, struct dsdb_fsmo_extended_op);
+ if (!exop) {
+ ldb_debug(ldb, LDB_DEBUG_FATAL, "samldb_extended_allocate_rid_pool: invalid extended data\n");
+ return LDB_ERR_PROTOCOL_ERROR;
+ }
+
+ ret = ridalloc_allocate_rid_pool_fsmo(module, exop);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
+ return ldb_module_done(req, NULL, NULL, LDB_SUCCESS);
+}
-static int samldb_init(struct ldb_module *module)
+static int samldb_extended(struct ldb_module *module, struct ldb_request *req)
{
- return ldb_next_init(module);
+ if (strcmp(req->op.extended.oid, DSDB_EXTENDED_ALLOCATE_RID_POOL) == 0) {
+ return samldb_extended_allocate_rid_pool(module, req);
+ }
+
+ return ldb_next_request(module, req);
}
+
_PUBLIC_ const struct ldb_module_ops ldb_samldb_module_ops = {
.name = "samldb",
- .init_context = samldb_init,
.add = samldb_add,
.modify = samldb_modify,
- .del = samldb_delete
+ .del = samldb_delete,
+ .extended = samldb_extended
};
diff --git a/source4/dsdb/samdb/ldb_modules/schema_data.c b/source4/dsdb/samdb/ldb_modules/schema_data.c
index 2e99113953..8125a46cbb 100644
--- a/source4/dsdb/samdb/ldb_modules/schema_data.c
+++ b/source4/dsdb/samdb/ldb_modules/schema_data.c
@@ -290,6 +290,11 @@ static int schema_data_add(struct ldb_module *module, struct ldb_request *req)
}
}
+ /* bypass further processing if CONTROL_RELAX is set */
+ if (ldb_request_get_control(req, LDB_CONTROL_RELAX_OID)) {
+ return ldb_next_request(module, req);
+ }
+
/* generate and add msDS-IntId attr value */
if (attributeID
&& (dsdb_functional_level(ldb) >= DS_DOMAIN_FUNCTION_2003)
diff --git a/source4/dsdb/samdb/ldb_modules/schema_load.c b/source4/dsdb/samdb/ldb_modules/schema_load.c
index c72911fe89..6c11df21ce 100644
--- a/source4/dsdb/samdb/ldb_modules/schema_load.c
+++ b/source4/dsdb/samdb/ldb_modules/schema_load.c
@@ -181,8 +181,8 @@ static int schema_load_init(struct ldb_module *module)
ret = dsdb_set_schema(ldb, schema);
if (ret != LDB_SUCCESS) {
ldb_debug_set(ldb, LDB_DEBUG_FATAL,
- "schema_load_init: dsdb_set_schema() failed: %d:%s",
- ret, ldb_strerror(ret));
+ "schema_load_init: dsdb_set_schema() failed: %d:%s: %s",
+ ret, ldb_strerror(ret), ldb_errstring(ldb));
talloc_free(mem_ctx);
return ret;
}
@@ -240,8 +240,8 @@ static int schema_load_extended(struct ldb_module *module, struct ldb_request *r
ret = dsdb_set_schema(ldb, schema);
if (ret != LDB_SUCCESS) {
ldb_debug_set(ldb, LDB_DEBUG_FATAL,
- "schema_load_extended: dsdb_set_schema() failed: %d:%s",
- ret, ldb_strerror(ret));
+ "schema_load_extended: dsdb_set_schema() failed: %d:%s: %s",
+ ret, ldb_strerror(ret), ldb_errstring(ldb));
talloc_free(mem_ctx);
return ret;
}
diff --git a/source4/dsdb/samdb/ldb_modules/show_deleted.c b/source4/dsdb/samdb/ldb_modules/show_deleted.c
index 666d28053c..93463ae95f 100644
--- a/source4/dsdb/samdb/ldb_modules/show_deleted.c
+++ b/source4/dsdb/samdb/ldb_modules/show_deleted.c
@@ -32,7 +32,7 @@
#include "includes.h"
#include "ldb/include/ldb_module.h"
#include "dsdb/samdb/samdb.h"
-
+#include "dsdb/samdb/ldb_modules/util.h"
static int show_deleted_search(struct ldb_module *module, struct ldb_request *req)
{
@@ -83,7 +83,7 @@ static int show_deleted_search(struct ldb_module *module, struct ldb_request *re
new_tree,
req->op.search.attrs,
req->controls,
- req->context, req->callback,
+ req, dsdb_next_callback,
req);
if (ret != LDB_SUCCESS) {
return ret;
diff --git a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py
index 2478043eb4..cc1a86ed4a 100644
--- a/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py
+++ b/source4/dsdb/samdb/ldb_modules/tests/samba3sam.py
@@ -29,6 +29,8 @@ from samba import Ldb, substitute_var
from samba.tests import LdbTestCase, TestCaseInTempDir, cmdline_loadparm
import samba.dcerpc.security
import samba.ndr
+from samba.auth import system_session
+from samba import param
datadir = os.path.join(os.path.dirname(__file__),
"../../../../../testdata/samba3")
@@ -49,7 +51,7 @@ class MapBaseTestCase(TestCaseInTempDir):
"@TO": "sambaDomainName=TESTS," + s3.basedn})
ldb.add({"dn": "@MODULES",
- "@LIST": "rootdse,paged_results,server_sort,asq,samldb,password_hash,operational,objectguid,rdn_name,samba3sam,partition"})
+ "@LIST": "rootdse,paged_results,server_sort,asq,samldb,password_hash,operational,objectguid,rdn_name,samba3sam,samba3sid,partition"})
ldb.add({"dn": "@PARTITION",
"partition": ["%s" % (s4.basedn_casefold),
@@ -58,6 +60,9 @@ class MapBaseTestCase(TestCaseInTempDir):
"modules": "*:"})
def setUp(self):
+ cmdline_loadparm.set("sid generator", "backend")
+ cmdline_loadparm.set("workgroup", "TESTS")
+ cmdline_loadparm.set("netbios name", "TESTS")
super(MapBaseTestCase, self).setUp()
def make_dn(basedn, rdn):
@@ -75,7 +80,7 @@ class MapBaseTestCase(TestCaseInTempDir):
"""Simple helper class that contains data for a specific SAM
connection."""
def __init__(self, basedn, dn):
- self.db = Ldb(lp=cmdline_loadparm)
+ self.db = Ldb(lp=cmdline_loadparm, session_info=system_session())
self.basedn = basedn
self.basedn_casefold = ldb.Dn(self.db, basedn).get_casefold()
self.substvars = {"BASEDN": self.basedn}
@@ -124,13 +129,13 @@ class Samba3SamTestCase(MapBaseTestCase):
def setUp(self):
super(Samba3SamTestCase, self).setUp()
- ldb = Ldb(self.ldburl, lp=cmdline_loadparm)
+ ldb = Ldb(self.ldburl, lp=cmdline_loadparm, session_info=system_session())
self.samba3.setup_data("samba3.ldif")
ldif = read_datafile("provision_samba3sam.ldif")
ldb.add_ldif(self.samba4.subst(ldif))
self.setup_modules(ldb, self.samba3, self.samba4)
del ldb
- self.ldb = Ldb(self.ldburl, lp=cmdline_loadparm)
+ self.ldb = Ldb(self.ldburl, lp=cmdline_loadparm, session_info=system_session())
def test_search_non_mapped(self):
"""Looking up by non-mapped attribute"""
@@ -291,12 +296,12 @@ class MapTestCase(MapBaseTestCase):
def setUp(self):
super(MapTestCase, self).setUp()
- ldb = Ldb(self.ldburl, lp=cmdline_loadparm)
+ ldb = Ldb(self.ldburl, lp=cmdline_loadparm, session_info=system_session())
ldif = read_datafile("provision_samba3sam.ldif")
ldb.add_ldif(self.samba4.subst(ldif))
self.setup_modules(ldb, self.samba3, self.samba4)
del ldb
- self.ldb = Ldb(self.ldburl, lp=cmdline_loadparm)
+ self.ldb = Ldb(self.ldburl, lp=cmdline_loadparm, session_info=system_session())
def test_map_search(self):
"""Running search tests on mapped data."""
diff --git a/source4/dsdb/samdb/ldb_modules/util.c b/source4/dsdb/samdb/ldb_modules/util.c
index 32b79a6701..46252cb279 100644
--- a/source4/dsdb/samdb/ldb_modules/util.c
+++ b/source4/dsdb/samdb/ldb_modules/util.c
@@ -26,6 +26,7 @@
#include "dsdb/samdb/ldb_modules/util.h"
#include "dsdb/samdb/samdb.h"
#include "util.h"
+#include "libcli/security/security.h"
/*
add a set of controls to a ldb_request structure based on a set of
@@ -214,6 +215,8 @@ int dsdb_module_search(struct ldb_module *module,
if (dsdb_flags & DSDB_FLAG_OWN_MODULE) {
const struct ldb_module_ops *ops = ldb_module_get_ops(module);
ret = ops->search(module, req);
+ } else if (dsdb_flags & DSDB_FLAG_TOP_MODULE) {
+ ret = ldb_request(ldb_module_get_ctx(module), req);
} else {
ret = ldb_next_request(module, req);
}
@@ -332,6 +335,8 @@ int dsdb_module_modify(struct ldb_module *module,
if (dsdb_flags & DSDB_FLAG_OWN_MODULE) {
const struct ldb_module_ops *ops = ldb_module_get_ops(module);
ret = ops->modify(module, mod_req);
+ } else if (dsdb_flags & DSDB_FLAG_TOP_MODULE) {
+ ret = ldb_request(ldb_module_get_ctx(module), mod_req);
} else {
ret = ldb_next_request(module, mod_req);
}
@@ -380,6 +385,8 @@ int dsdb_module_rename(struct ldb_module *module,
if (dsdb_flags & DSDB_FLAG_OWN_MODULE) {
const struct ldb_module_ops *ops = ldb_module_get_ops(module);
ret = ops->rename(module, req);
+ } else if (dsdb_flags & DSDB_FLAG_TOP_MODULE) {
+ ret = ldb_request(ldb_module_get_ctx(module), req);
} else {
ret = ldb_next_request(module, req);
}
@@ -391,6 +398,54 @@ int dsdb_module_rename(struct ldb_module *module,
return ret;
}
+/*
+ a ldb_add request operating on modules below the
+ current module
+ */
+int dsdb_module_add(struct ldb_module *module,
+ const struct ldb_message *message,
+ uint32_t dsdb_flags)
+{
+ struct ldb_request *req;
+ int ret;
+ struct ldb_context *ldb = ldb_module_get_ctx(module);
+ TALLOC_CTX *tmp_ctx = talloc_new(module);
+
+ ret = ldb_build_add_req(&req, ldb, tmp_ctx,
+ message,
+ NULL,
+ NULL,
+ ldb_op_default_callback,
+ NULL);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ ret = dsdb_request_add_controls(module, req, dsdb_flags);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(tmp_ctx);
+ return ret;
+ }
+
+ /* Run the new request */
+ if (dsdb_flags & DSDB_FLAG_OWN_MODULE) {
+ const struct ldb_module_ops *ops = ldb_module_get_ops(module);
+ ret = ops->add(module, req);
+ } else if (dsdb_flags & DSDB_FLAG_TOP_MODULE) {
+ ret = ldb_request(ldb_module_get_ctx(module), req);
+ } else {
+ ret = ldb_next_request(module, req);
+ }
+ if (ret == LDB_SUCCESS) {
+ ret = ldb_wait(req->handle, LDB_WAIT_ALL);
+ }
+
+ talloc_free(tmp_ctx);
+ return ret;
+}
+
+
const struct dsdb_class * get_last_structural_class(const struct dsdb_schema *schema,const struct ldb_message_element *element)
{
const struct dsdb_class *last_class = NULL;
@@ -446,3 +501,140 @@ int dsdb_check_single_valued_link(const struct dsdb_attribute *attr,
return LDB_SUCCESS;
}
+
+
+/*
+ find a 'reference' DN that points at another object
+ (eg. serverReference, rIDManagerReference etc)
+ */
+int dsdb_module_reference_dn(struct ldb_module *module, TALLOC_CTX *mem_ctx, struct ldb_dn *base,
+ const char *attribute, struct ldb_dn **dn)
+{
+ const char *attrs[2];
+ struct ldb_result *res;
+ int ret;
+
+ attrs[0] = attribute;
+ attrs[1] = NULL;
+
+ ret = dsdb_module_search_dn(module, mem_ctx, &res, base, attrs, 0);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+
+ *dn = ldb_msg_find_attr_as_dn(ldb_module_get_ctx(module),
+ mem_ctx, res->msgs[0], attribute);
+ if (!*dn) {
+ talloc_free(res);
+ return LDB_ERR_NO_SUCH_ATTRIBUTE;
+ }
+
+ talloc_free(res);
+ return LDB_SUCCESS;
+}
+
+/*
+ find the RID Manager$ DN via the rIDManagerReference attribute in the
+ base DN
+ */
+int dsdb_module_rid_manager_dn(struct ldb_module *module, TALLOC_CTX *mem_ctx, struct ldb_dn **dn)
+{
+ return dsdb_module_reference_dn(module, mem_ctx,
+ samdb_base_dn(ldb_module_get_ctx(module)),
+ "rIDManagerReference", dn);
+}
+
+
+/*
+ update an integer attribute safely via a constrained delete/add
+ */
+int dsdb_module_constrainted_update_integer(struct ldb_module *module, struct ldb_dn *dn,
+ const char *attr, uint64_t old_val, uint64_t new_val)
+{
+ struct ldb_message *msg;
+ struct ldb_message_element *el;
+ struct ldb_val v1, v2;
+ int ret;
+ char *vstring;
+
+ msg = ldb_msg_new(module);
+ msg->dn = dn;
+
+ ret = ldb_msg_add_empty(msg, attr, LDB_FLAG_MOD_DELETE, &el);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(msg);
+ return ret;
+ }
+ el->num_values = 1;
+ el->values = &v1;
+ vstring = talloc_asprintf(msg, "%llu", (unsigned long long)old_val);
+ if (!vstring) {
+ ldb_module_oom(module);
+ talloc_free(msg);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ v1 = data_blob_string_const(vstring);
+
+ ret = ldb_msg_add_empty(msg, attr, LDB_FLAG_MOD_ADD, &el);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(msg);
+ return ret;
+ }
+ el->num_values = 1;
+ el->values = &v2;
+ vstring = talloc_asprintf(msg, "%llu", (unsigned long long)new_val);
+ if (!vstring) {
+ ldb_module_oom(module);
+ talloc_free(msg);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ v2 = data_blob_string_const(vstring);
+
+ ret = dsdb_module_modify(module, msg, 0);
+ talloc_free(msg);
+ return ret;
+}
+
+/*
+ used to chain to the callers callback
+ */
+int dsdb_next_callback(struct ldb_request *req, struct ldb_reply *ares)
+{
+ struct ldb_request *up_req = talloc_get_type(req->context, struct ldb_request);
+
+ talloc_steal(up_req, req);
+ return up_req->callback(up_req, ares);
+}
+
+
+/*
+ set an integer attribute
+ */
+int dsdb_module_set_integer(struct ldb_module *module, struct ldb_dn *dn,
+ const char *attr, uint64_t new_val)
+{
+ struct ldb_message *msg;
+ int ret;
+
+ msg = ldb_msg_new(module);
+ msg->dn = dn;
+
+ ret = ldb_msg_add_fmt(msg, attr, "%llu", (unsigned long long)new_val);
+ if (ret != LDB_SUCCESS) {
+ talloc_free(msg);
+ return ret;
+ }
+ msg->elements[0].flags = LDB_FLAG_MOD_REPLACE;
+
+ ret = dsdb_module_modify(module, msg, 0);
+ talloc_free(msg);
+ return ret;
+}
+
+bool dsdb_module_am_system(struct ldb_module *module)
+{
+ struct ldb_context *ldb = ldb_module_get_ctx(module);
+ struct auth_session_info *session_info
+ = (struct auth_session_info *)ldb_get_opaque(ldb, "sessionInfo");
+ return security_session_user_level(session_info) == SECURITY_SYSTEM;
+}
diff --git a/source4/dsdb/samdb/ldb_modules/util.h b/source4/dsdb/samdb/ldb_modules/util.h
index add39e110a..53ed9bd48e 100644
--- a/source4/dsdb/samdb/ldb_modules/util.h
+++ b/source4/dsdb/samdb/ldb_modules/util.h
@@ -19,9 +19,11 @@
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
-struct dsdb_schema; /* predeclare schema struct */
+/* predeclare some structures used by utility functions */
+struct dsdb_schema;
struct GUID;
struct dsdb_attribute;
+struct dsdb_fsmo_extended_op;
#include "dsdb/samdb/ldb_modules/util_proto.h"
@@ -32,3 +34,4 @@ struct dsdb_attribute;
#define DSDB_SEARCH_SHOW_EXTENDED_DN 0x0010
#define DSDB_MODIFY_RELAX 0x0020
#define DSDB_FLAG_OWN_MODULE 0x0040
+#define DSDB_FLAG_TOP_MODULE 0x0080
diff --git a/source4/dsdb/samdb/samdb.h b/source4/dsdb/samdb/samdb.h
index a05aa00f7a..6df30b2904 100644
--- a/source4/dsdb/samdb/samdb.h
+++ b/source4/dsdb/samdb/samdb.h
@@ -142,4 +142,12 @@ struct dsdb_extended_dn_store_format {
#define DSDB_OPAQUE_PARTITION_MODULE_MSG_OPAQUE_NAME "DSDB_OPAQUE_PARTITION_MODULE_MSG"
+/* this takes a struct dsdb_fsmo_extended_op */
+#define DSDB_EXTENDED_ALLOCATE_RID_POOL "1.3.6.1.4.1.7165.4.4.5"
+
+struct dsdb_fsmo_extended_op {
+ uint64_t fsmo_info;
+ struct GUID destination_dsa_guid;
+};
+
#endif /* __SAMDB_H__ */
diff --git a/source4/dsdb/schema/schema.h b/source4/dsdb/schema/schema.h
index 186f5d5ddb..1a40c45b21 100644
--- a/source4/dsdb/schema/schema.h
+++ b/source4/dsdb/schema/schema.h
@@ -62,6 +62,7 @@ struct dsdb_attribute {
uint32_t attributeID_id;
struct GUID schemaIDGUID;
uint32_t mAPIID;
+ uint32_t msDS_IntId;
struct GUID attributeSecurityGUID;
struct GUID objectGUID;
diff --git a/source4/dsdb/schema/schema_init.c b/source4/dsdb/schema/schema_init.c
index ccdf97cf2d..77b4e2a473 100644
--- a/source4/dsdb/schema/schema_init.c
+++ b/source4/dsdb/schema/schema_init.c
@@ -558,21 +558,19 @@ WERROR dsdb_attribute_from_ldb(struct ldb_context *ldb,
/* set an invalid value */
attr->attributeID_id = 0xFFFFFFFF;
} else {
- /* check if msDS-IntId element is set */
- attr->attributeID_id = samdb_result_uint(msg, "msDS-IntId", 0xFFFFFFFF);
- if (attr->attributeID_id == 0xFFFFFFFF) {
- /* msDS-IntId is not set, make */
- status = dsdb_schema_pfm_make_attid(schema->prefixmap,
- attr->attributeID_oid,
- &attr->attributeID_id);
- if (!W_ERROR_IS_OK(status)) {
- DEBUG(0,("%s: '%s': unable to map attributeID %s: %s\n",
- __location__, attr->lDAPDisplayName, attr->attributeID_oid,
- win_errstr(status)));
- return status;
- }
+ status = dsdb_schema_pfm_make_attid(schema->prefixmap,
+ attr->attributeID_oid,
+ &attr->attributeID_id);
+ if (!W_ERROR_IS_OK(status)) {
+ DEBUG(0,("%s: '%s': unable to map attributeID %s: %s\n",
+ __location__, attr->lDAPDisplayName, attr->attributeID_oid,
+ win_errstr(status)));
+ return status;
}
}
+ /* fetch msDS-IntId to be used in resolving ATTRTYP values */
+ GET_UINT32_LDB(msg, "msDS-IntId", attr, msDS_IntId);
+
GET_GUID_LDB(msg, "schemaIDGUID", attr, schemaIDGUID);
GET_UINT32_LDB(msg, "mAPIID", attr, mAPIID);
@@ -621,10 +619,14 @@ WERROR dsdb_attribute_from_ldb(struct ldb_context *ldb,
attr->syntax = dsdb_syntax_for_attribute(attr);
if (!attr->syntax) {
+ DEBUG(0,(__location__ ": Unknown schema syntax for %s\n",
+ attr->lDAPDisplayName));
return WERR_DS_ATT_SCHEMA_REQ_SYNTAX;
}
if (dsdb_schema_setup_ldb_schema_attribute(ldb, attr) != LDB_SUCCESS) {
+ DEBUG(0,(__location__ ": Unknown schema syntax for %s\n",
+ attr->lDAPDisplayName));
return WERR_DS_ATT_SCHEMA_REQ_SYNTAX;
}
@@ -833,6 +835,7 @@ static const struct {
{ "mayContain", "1.2.840.113556.1.2.25" },
{ "defaultSecurityDescriptor", "1.2.840.113556.1.4.224" },
{ "defaultHidingValue", "1.2.840.113556.1.4.518" },
+ { "msDS-IntId", "1.2.840.113556.1.4.1716" },
};
static struct drsuapi_DsReplicaAttribute *dsdb_find_object_attr_name(struct dsdb_schema *schema,
@@ -945,7 +948,7 @@ static struct drsuapi_DsReplicaAttribute *dsdb_find_object_attr_name(struct dsdb
} \
} while (0)
-#define GET_UINT32_DS(s, r, attr, p, elem) do { \
+#define GET_UINT32_DS(s, r, attr, p, elem, def_val) do { \
struct drsuapi_DsReplicaAttribute *_a; \
_a = dsdb_find_object_attr_name(s, r, attr, NULL); \
if (_a && _a->value_ctr.num_values >= 1 \
@@ -953,7 +956,7 @@ static struct drsuapi_DsReplicaAttribute *dsdb_find_object_attr_name(struct dsdb
&& _a->value_ctr.values[0].blob->length == 4) { \
(p)->elem = IVAL(_a->value_ctr.values[0].blob->data,0);\
} else { \
- (p)->elem = 0; \
+ (p)->elem = def_val; \
} \
} while (0)
@@ -1011,7 +1014,7 @@ WERROR dsdb_attribute_from_drsuapi(struct ldb_context *ldb,
GET_STRING_DS(schema, r, "name", mem_ctx, attr, cn, true);
GET_STRING_DS(schema, r, "lDAPDisplayName", mem_ctx, attr, lDAPDisplayName, true);
- GET_UINT32_DS(schema, r, "attributeID", attr, attributeID_id);
+ GET_UINT32_DS(schema, r, "attributeID", attr, attributeID_id, 0xFFFFFFFF);
status = dsdb_schema_pfm_oid_from_attid(schema->prefixmap, attr->attributeID_id,
mem_ctx, &attr->attributeID_oid);
if (!W_ERROR_IS_OK(status)) {
@@ -1020,19 +1023,22 @@ WERROR dsdb_attribute_from_drsuapi(struct ldb_context *ldb,
win_errstr(status)));
return status;
}
+ /* fetch msDS-IntId to be used in resolving ATTRTYP values */
+ GET_UINT32_DS(schema, r, "msDS-IntId", attr, msDS_IntId, 0);
+
GET_GUID_DS(schema, r, "schemaIDGUID", mem_ctx, attr, schemaIDGUID);
- GET_UINT32_DS(schema, r, "mAPIID", attr, mAPIID);
+ GET_UINT32_DS(schema, r, "mAPIID", attr, mAPIID, 0);
GET_GUID_DS(schema, r, "attributeSecurityGUID", mem_ctx, attr, attributeSecurityGUID);
attr->objectGUID = r->identifier->guid;
- GET_UINT32_DS(schema, r, "searchFlags", attr, searchFlags);
- GET_UINT32_DS(schema, r, "systemFlags", attr, systemFlags);
+ GET_UINT32_DS(schema, r, "searchFlags", attr, searchFlags, 0);
+ GET_UINT32_DS(schema, r, "systemFlags", attr, systemFlags, 0);
GET_BOOL_DS(schema, r, "isMemberOfPartialAttributeSet", attr, isMemberOfPartialAttributeSet, false);
- GET_UINT32_DS(schema, r, "linkID", attr, linkID);
+ GET_UINT32_DS(schema, r, "linkID", attr, linkID, 0);
- GET_UINT32_DS(schema, r, "attributeSyntax", attr, attributeSyntax_id);
+ GET_UINT32_DS(schema, r, "attributeSyntax", attr, attributeSyntax_id, 0xFFFFFFFF);
status = dsdb_schema_pfm_oid_from_attid(schema->prefixmap, attr->attributeSyntax_id,
mem_ctx, &attr->attributeSyntax_oid);
if (!W_ERROR_IS_OK(status)) {
@@ -1041,7 +1047,7 @@ WERROR dsdb_attribute_from_drsuapi(struct ldb_context *ldb,
win_errstr(status)));
return status;
}
- GET_UINT32_DS(schema, r, "oMSyntax", attr, oMSyntax);
+ GET_UINT32_DS(schema, r, "oMSyntax", attr, oMSyntax, 0);
GET_BLOB_DS(schema, r, "oMObjectClass", mem_ctx, attr, oMObjectClass);
GET_BOOL_DS(schema, r, "isSingleValued", attr, isSingleValued, true);
@@ -1049,7 +1055,7 @@ WERROR dsdb_attribute_from_drsuapi(struct ldb_context *ldb,
GET_UINT32_PTR_DS(schema, r, "rangeUpper", attr, rangeUpper);
GET_BOOL_DS(schema, r, "extendedCharsAllowed", attr, extendedCharsAllowed, false);
- GET_UINT32_DS(schema, r, "schemaFlagsEx", attr, schemaFlagsEx);
+ GET_UINT32_DS(schema, r, "schemaFlagsEx", attr, schemaFlagsEx, 0);
GET_BLOB_DS(schema, r, "msDs-Schema-Extensions", mem_ctx, attr, msDs_Schema_Extensions);
GET_BOOL_DS(schema, r, "showInAdvancedViewOnly", attr, showInAdvancedViewOnly, false);
@@ -1062,10 +1068,14 @@ WERROR dsdb_attribute_from_drsuapi(struct ldb_context *ldb,
attr->syntax = dsdb_syntax_for_attribute(attr);
if (!attr->syntax) {
+ DEBUG(0,(__location__ ": Unknown schema syntax for %s\n",
+ attr->lDAPDisplayName));
return WERR_DS_ATT_SCHEMA_REQ_SYNTAX;
}
if (dsdb_schema_setup_ldb_schema_attribute(ldb, attr) != LDB_SUCCESS) {
+ DEBUG(0,(__location__ ": Unknown schema syntax for %s\n",
+ attr->lDAPDisplayName));
return WERR_DS_ATT_SCHEMA_REQ_SYNTAX;
}
@@ -1084,7 +1094,7 @@ WERROR dsdb_class_from_drsuapi(struct ldb_context *ldb,
GET_STRING_DS(schema, r, "name", mem_ctx, obj, cn, true);
GET_STRING_DS(schema, r, "lDAPDisplayName", mem_ctx, obj, lDAPDisplayName, true);
- GET_UINT32_DS(schema, r, "governsID", obj, governsID_id);
+ GET_UINT32_DS(schema, r, "governsID", obj, governsID_id, 0xFFFFFFFF);
status = dsdb_schema_pfm_oid_from_attid(schema->prefixmap, obj->governsID_id,
mem_ctx, &obj->governsID_oid);
if (!W_ERROR_IS_OK(status)) {
@@ -1097,7 +1107,7 @@ WERROR dsdb_class_from_drsuapi(struct ldb_context *ldb,
obj->objectGUID = r->identifier->guid;
- GET_UINT32_DS(schema, r, "objectClassCategory", obj, objectClassCategory);
+ GET_UINT32_DS(schema, r, "objectClassCategory", obj, objectClassCategory, 0);
GET_STRING_DS(schema, r, "rDNAttID", mem_ctx, obj, rDNAttID, false);
attr = dsdb_find_object_attr_name(schema, r, "defaultObjectCategory", NULL);
@@ -1114,7 +1124,7 @@ WERROR dsdb_class_from_drsuapi(struct ldb_context *ldb,
}
obj->defaultObjectCategory = (char *)blob.data;
- GET_UINT32_DS(schema, r, "subClassOf", obj, subClassOf_id);
+ GET_UINT32_DS(schema, r, "subClassOf", obj, subClassOf_id, 0);
GET_UINT32_LIST_DS(schema, r, "systemAuxiliaryClass", mem_ctx, obj, systemAuxiliaryClass_ids);
GET_UINT32_LIST_DS(schema, r, "auxiliaryClass", mem_ctx, obj, auxiliaryClass_ids);
@@ -1129,7 +1139,7 @@ WERROR dsdb_class_from_drsuapi(struct ldb_context *ldb,
GET_STRING_DS(schema, r, "defaultSecurityDescriptor", mem_ctx, obj, defaultSecurityDescriptor, false);
- GET_UINT32_DS(schema, r, "schemaFlagsEx", obj, schemaFlagsEx);
+ GET_UINT32_DS(schema, r, "schemaFlagsEx", obj, schemaFlagsEx, 0);
GET_BLOB_DS(schema, r, "msDs-Schema-Extensions", mem_ctx, obj, msDs_Schema_Extensions);
GET_BOOL_DS(schema, r, "showInAdvancedViewOnly", obj, showInAdvancedViewOnly, false);
diff --git a/source4/dsdb/schema/schema_query.c b/source4/dsdb/schema/schema_query.c
index df17787f38..4e11e50c17 100644
--- a/source4/dsdb/schema/schema_query.c
+++ b/source4/dsdb/schema/schema_query.c
@@ -39,7 +39,14 @@ static int strcasecmp_with_ldb_val(const struct ldb_val *target, const char *str
{
int ret = strncasecmp((const char *)target->data, str, target->length);
if (ret == 0) {
- return (target->length - strlen(str));
+ size_t len = strlen(str);
+ if (target->length > len) {
+ if (target->data[len] == 0) {
+ return 0;
+ }
+ return 1;
+ }
+ return (target->length - len);
}
return ret;
}
@@ -55,6 +62,15 @@ const struct dsdb_attribute *dsdb_attribute_by_attributeID_id(const struct dsdb_
*/
if (id == 0xFFFFFFFF) return NULL;
+ /* check for msDS-IntId type attribute */
+ if (dsdb_pfm_get_attid_type(id) == dsdb_attid_type_intid) {
+ for (c = schema->attributes; c; c = c->next) {
+ if (c->msDS_IntId == id) {
+ return c;
+ }
+ }
+ }
+
BINARY_ARRAY_SEARCH_P(schema->attributes_by_attributeID_id,
schema->num_attributes, attributeID_id, id, uint32_cmp, c);
return c;
@@ -84,6 +100,18 @@ const struct dsdb_attribute *dsdb_attribute_by_lDAPDisplayName(const struct dsdb
return c;
}
+const struct dsdb_attribute *dsdb_attribute_by_lDAPDisplayName_ldb_val(const struct dsdb_schema *schema,
+ const struct ldb_val *name)
+{
+ struct dsdb_attribute *a;
+
+ if (!name) return NULL;
+
+ BINARY_ARRAY_SEARCH_P(schema->attributes_by_lDAPDisplayName,
+ schema->num_attributes, lDAPDisplayName, name, strcasecmp_with_ldb_val, a);
+ return a;
+}
+
const struct dsdb_attribute *dsdb_attribute_by_linkID(const struct dsdb_schema *schema,
int linkID)
{
diff --git a/source4/dsdb/schema/schema_syntax.c b/source4/dsdb/schema/schema_syntax.c
index de52b9c628..48c2031024 100644
--- a/source4/dsdb/schema/schema_syntax.c
+++ b/source4/dsdb/schema/schema_syntax.c
@@ -576,6 +576,57 @@ static WERROR dsdb_syntax_DATA_BLOB_ldb_to_drsuapi(struct ldb_context *ldb,
return WERR_OK;
}
+static WERROR _dsdb_syntax_auto_OID_drsuapi_to_ldb(struct ldb_context *ldb,
+ const struct dsdb_schema *schema,
+ const struct dsdb_attribute *attr,
+ const struct drsuapi_DsReplicaAttribute *in,
+ TALLOC_CTX *mem_ctx,
+ struct ldb_message_element *out)
+{
+ uint32_t i;
+
+ out->flags = 0;
+ out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
+ W_ERROR_HAVE_NO_MEMORY(out->name);
+
+ out->num_values = in->value_ctr.num_values;
+ out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
+ W_ERROR_HAVE_NO_MEMORY(out->values);
+
+ for (i=0; i < out->num_values; i++) {
+ uint32_t v;
+ const struct dsdb_class *c;
+ const struct dsdb_attribute *a;
+ const char *str = NULL;
+
+ if (in->value_ctr.values[i].blob == NULL) {
+ return WERR_FOOBAR;
+ }
+
+ if (in->value_ctr.values[i].blob->length != 4) {
+ return WERR_FOOBAR;
+ }
+
+ v = IVAL(in->value_ctr.values[i].blob->data, 0);
+
+ if ((c = dsdb_class_by_governsID_id(schema, v))) {
+ str = talloc_strdup(out->values, c->lDAPDisplayName);
+ } else if ((a = dsdb_attribute_by_attributeID_id(schema, v))) {
+ str = talloc_strdup(out->values, a->lDAPDisplayName);
+ } else {
+ WERROR werr;
+ werr = dsdb_schema_pfm_oid_from_attid(schema->prefixmap, v, out->values, &str);
+ W_ERROR_NOT_OK_RETURN(werr);
+ }
+ W_ERROR_HAVE_NO_MEMORY(str);
+
+ /* the values need to be reversed */
+ out->values[out->num_values - (i + 1)] = data_blob_string_const(str);
+ }
+
+ return WERR_OK;
+}
+
static WERROR _dsdb_syntax_OID_obj_drsuapi_to_ldb(struct ldb_context *ldb,
const struct dsdb_schema *schema,
const struct dsdb_attribute *attr,
@@ -711,6 +762,60 @@ static WERROR _dsdb_syntax_OID_oid_drsuapi_to_ldb(struct ldb_context *ldb,
return WERR_OK;
}
+static WERROR _dsdb_syntax_auto_OID_ldb_to_drsuapi(struct ldb_context *ldb,
+ const struct dsdb_schema *schema,
+ const struct dsdb_attribute *attr,
+ const struct ldb_message_element *in,
+ TALLOC_CTX *mem_ctx,
+ struct drsuapi_DsReplicaAttribute *out)
+{
+ uint32_t i;
+ DATA_BLOB *blobs;
+
+ out->attid= attr->attributeID_id;
+ out->value_ctr.num_values= in->num_values;
+ out->value_ctr.values= talloc_array(mem_ctx,
+ struct drsuapi_DsAttributeValue,
+ in->num_values);
+ W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
+
+ blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
+ W_ERROR_HAVE_NO_MEMORY(blobs);
+
+ for (i=0; i < in->num_values; i++) {
+ const struct dsdb_class *obj_class;
+ const struct dsdb_attribute *obj_attr;
+ struct ldb_val *v;
+
+ out->value_ctr.values[i].blob= &blobs[i];
+
+ blobs[i] = data_blob_talloc(blobs, NULL, 4);
+ W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
+
+ /* in DRS windows puts the classes in the opposite
+ order to the order used in ldap */
+ v = &in->values[(in->num_values-1)-i];
+
+ if ((obj_class = dsdb_class_by_lDAPDisplayName_ldb_val(schema, v))) {
+ SIVAL(blobs[i].data, 0, obj_class->governsID_id);
+ } else if ((obj_attr = dsdb_attribute_by_lDAPDisplayName_ldb_val(schema, v))) {
+ SIVAL(blobs[i].data, 0, obj_attr->attributeID_id);
+ } else {
+ uint32_t attid;
+ WERROR werr;
+ werr = dsdb_schema_pfm_make_attid(schema->prefixmap,
+ (const char *)v->data,
+ &attid);
+ W_ERROR_NOT_OK_RETURN(werr);
+ SIVAL(blobs[i].data, 0, attid);
+ }
+
+ }
+
+
+ return WERR_OK;
+}
+
static WERROR _dsdb_syntax_OID_obj_ldb_to_drsuapi(struct ldb_context *ldb,
const struct dsdb_schema *schema,
const struct dsdb_attribute *attr,
@@ -839,18 +944,19 @@ static WERROR dsdb_syntax_OID_drsuapi_to_ldb(struct ldb_context *ldb,
TALLOC_CTX *mem_ctx,
struct ldb_message_element *out)
{
- uint32_t i;
-
switch (attr->attributeID_id) {
case DRSUAPI_ATTRIBUTE_objectClass:
case DRSUAPI_ATTRIBUTE_subClassOf:
case DRSUAPI_ATTRIBUTE_auxiliaryClass:
+ case DRSUAPI_ATTRIBUTE_systemAuxiliaryClass:
case DRSUAPI_ATTRIBUTE_systemPossSuperiors:
case DRSUAPI_ATTRIBUTE_possSuperiors:
return _dsdb_syntax_OID_obj_drsuapi_to_ldb(ldb, schema, attr, in, mem_ctx, out);
case DRSUAPI_ATTRIBUTE_systemMustContain:
case DRSUAPI_ATTRIBUTE_systemMayContain:
case DRSUAPI_ATTRIBUTE_mustContain:
+ case DRSUAPI_ATTRIBUTE_rDNAttId:
+ case DRSUAPI_ATTRIBUTE_transportAddressAttribute:
case DRSUAPI_ATTRIBUTE_mayContain:
return _dsdb_syntax_OID_attr_drsuapi_to_ldb(ldb, schema, attr, in, mem_ctx, out);
case DRSUAPI_ATTRIBUTE_governsID:
@@ -859,41 +965,9 @@ static WERROR dsdb_syntax_OID_drsuapi_to_ldb(struct ldb_context *ldb,
return _dsdb_syntax_OID_oid_drsuapi_to_ldb(ldb, schema, attr, in, mem_ctx, out);
}
- out->flags = 0;
- out->name = talloc_strdup(mem_ctx, attr->lDAPDisplayName);
- W_ERROR_HAVE_NO_MEMORY(out->name);
-
- out->num_values = in->value_ctr.num_values;
- out->values = talloc_array(mem_ctx, struct ldb_val, out->num_values);
- W_ERROR_HAVE_NO_MEMORY(out->values);
-
- for (i=0; i < out->num_values; i++) {
- uint32_t v;
- const char *name;
- char *str;
-
- if (in->value_ctr.values[i].blob == NULL) {
- return WERR_FOOBAR;
- }
-
- if (in->value_ctr.values[i].blob->length != 4) {
- return WERR_FOOBAR;
- }
-
- v = IVAL(in->value_ctr.values[i].blob->data, 0);
-
- name = dsdb_lDAPDisplayName_by_id(schema, v);
- if (!name) {
- return WERR_FOOBAR;
- }
-
- str = talloc_strdup(out->values, name);
- W_ERROR_HAVE_NO_MEMORY(str);
-
- out->values[i] = data_blob_string_const(str);
- }
-
- return WERR_OK;
+ DEBUG(0,(__location__ ": Unknown handling for attributeID_id for %s\n",
+ attr->lDAPDisplayName));
+ return _dsdb_syntax_auto_OID_drsuapi_to_ldb(ldb, schema, attr, in, mem_ctx, out);
}
static WERROR dsdb_syntax_OID_ldb_to_drsuapi(struct ldb_context *ldb,
@@ -903,9 +977,6 @@ static WERROR dsdb_syntax_OID_ldb_to_drsuapi(struct ldb_context *ldb,
TALLOC_CTX *mem_ctx,
struct drsuapi_DsReplicaAttribute *out)
{
- uint32_t i;
- DATA_BLOB *blobs;
-
if (attr->attributeID_id == 0xFFFFFFFF) {
return WERR_FOOBAR;
}
@@ -914,12 +985,15 @@ static WERROR dsdb_syntax_OID_ldb_to_drsuapi(struct ldb_context *ldb,
case DRSUAPI_ATTRIBUTE_objectClass:
case DRSUAPI_ATTRIBUTE_subClassOf:
case DRSUAPI_ATTRIBUTE_auxiliaryClass:
+ case DRSUAPI_ATTRIBUTE_systemAuxiliaryClass:
case DRSUAPI_ATTRIBUTE_systemPossSuperiors:
case DRSUAPI_ATTRIBUTE_possSuperiors:
return _dsdb_syntax_OID_obj_ldb_to_drsuapi(ldb, schema, attr, in, mem_ctx, out);
case DRSUAPI_ATTRIBUTE_systemMustContain:
case DRSUAPI_ATTRIBUTE_systemMayContain:
case DRSUAPI_ATTRIBUTE_mustContain:
+ case DRSUAPI_ATTRIBUTE_rDNAttId:
+ case DRSUAPI_ATTRIBUTE_transportAddressAttribute:
case DRSUAPI_ATTRIBUTE_mayContain:
return _dsdb_syntax_OID_attr_ldb_to_drsuapi(ldb, schema, attr, in, mem_ctx, out);
case DRSUAPI_ATTRIBUTE_governsID:
@@ -928,30 +1002,10 @@ static WERROR dsdb_syntax_OID_ldb_to_drsuapi(struct ldb_context *ldb,
return _dsdb_syntax_OID_oid_ldb_to_drsuapi(ldb, schema, attr, in, mem_ctx, out);
}
- out->attid = attr->attributeID_id;
- out->value_ctr.num_values = in->num_values;
- out->value_ctr.values = talloc_array(mem_ctx,
- struct drsuapi_DsAttributeValue,
- in->num_values);
- W_ERROR_HAVE_NO_MEMORY(out->value_ctr.values);
-
- blobs = talloc_array(mem_ctx, DATA_BLOB, in->num_values);
- W_ERROR_HAVE_NO_MEMORY(blobs);
+ DEBUG(0,(__location__ ": Unknown handling for attributeID_id for %s\n",
+ attr->lDAPDisplayName));
- for (i=0; i < in->num_values; i++) {
- uint32_t v;
-
- out->value_ctr.values[i].blob = &blobs[i];
-
- blobs[i] = data_blob_talloc(blobs, NULL, 4);
- W_ERROR_HAVE_NO_MEMORY(blobs[i].data);
-
- v = strtol((const char *)in->values[i].data, NULL, 10);
-
- SIVAL(blobs[i].data, 0, v);
- }
-
- return WERR_OK;
+ return _dsdb_syntax_auto_OID_ldb_to_drsuapi(ldb, schema, attr, in, mem_ctx, out);
}
static WERROR dsdb_syntax_UNICODE_drsuapi_to_ldb(struct ldb_context *ldb,
diff --git a/source4/kdc/config.mk b/source4/kdc/config.mk
index a9d01585f0..3ae5fe5921 100644
--- a/source4/kdc/config.mk
+++ b/source4/kdc/config.mk
@@ -7,7 +7,7 @@ INIT_FUNCTION = server_service_kdc_init
SUBSYSTEM = service
PRIVATE_DEPENDENCIES = \
HEIMDAL_KDC HDB_SAMBA4 PAC_GLUE LIBSAMBA-HOSTCONFIG \
- LIBTSOCKET
+ LIBTSOCKET LIBSAMBA_TSOCKET
# End SUBSYSTEM KDC
#######################
diff --git a/source4/kdc/hdb-samba4.c b/source4/kdc/hdb-samba4.c
index 2f3c30c283..f7a72b41bc 100644
--- a/source4/kdc/hdb-samba4.c
+++ b/source4/kdc/hdb-samba4.c
@@ -1542,7 +1542,7 @@ krb5_error_code hdb_samba4_check_pkinit_ms_upn_match(krb5_context context, HDB *
"objectSid", NULL
};
- TALLOC_CTX *mem_ctx = talloc_named(db, 0, "hdb_samba4_check_constrained_delegation");
+ TALLOC_CTX *mem_ctx = talloc_named(db, 0, "hdb_samba4_check_pkinit_ms_upn_match");
if (!mem_ctx) {
ret = ENOMEM;
diff --git a/source4/kdc/kdc.c b/source4/kdc/kdc.c
index 93f1c7d6ec..026eaf4122 100644
--- a/source4/kdc/kdc.c
+++ b/source4/kdc/kdc.c
@@ -29,6 +29,7 @@
#include "lib/events/events.h"
#include "lib/socket/socket.h"
#include "lib/tsocket/tsocket.h"
+#include "libcli/util/tstream.h"
#include "system/network.h"
#include "../lib/util/dlinklist.h"
#include "lib/messaging/irpc.h"
@@ -73,7 +74,9 @@ struct kdc_tcp_connection {
/* the kdc_server the connection belongs to */
struct kdc_socket *kdc_socket;
- struct packet_context *packet;
+ struct tstream_context *tstream;
+
+ struct tevent_queue *send_queue;
};
static void kdc_tcp_terminate_connection(struct kdc_tcp_connection *kdcconn, const char *reason)
@@ -81,83 +84,20 @@ static void kdc_tcp_terminate_connection(struct kdc_tcp_connection *kdcconn, con
stream_terminate_connection(kdcconn->conn, reason);
}
-/*
- receive a full packet on a KDC connection
-*/
-static NTSTATUS kdc_tcp_recv(void *private_data, DATA_BLOB blob)
-{
- struct kdc_tcp_connection *kdcconn = talloc_get_type(private_data,
- struct kdc_tcp_connection);
- NTSTATUS status = NT_STATUS_UNSUCCESSFUL;
- TALLOC_CTX *tmp_ctx = talloc_new(kdcconn);
- int ret;
- DATA_BLOB input, reply;
- talloc_steal(tmp_ctx, blob.data);
-
- /* Call krb5 */
- input = data_blob_const(blob.data + 4, blob.length - 4);
-
- ret = kdcconn->kdc_socket->process(kdcconn->kdc_socket->kdc,
- tmp_ctx,
- &input,
- &reply,
- kdcconn->conn->remote_address,
- kdcconn->conn->local_address,
- 0 /* Not datagram */);
- if (!ret) {
- talloc_free(tmp_ctx);
- return NT_STATUS_INTERNAL_ERROR;
- }
-
- /* and now encode the reply */
- blob = data_blob_talloc(kdcconn, NULL, reply.length + 4);
- if (!blob.data) {
- talloc_free(tmp_ctx);
- return NT_STATUS_NO_MEMORY;
- }
-
- RSIVAL(blob.data, 0, reply.length);
- memcpy(blob.data + 4, reply.data, reply.length);
-
- status = packet_send(kdcconn->packet, blob);
- if (!NT_STATUS_IS_OK(status)) {
- talloc_free(tmp_ctx);
- return status;
- }
-
- /* the call isn't needed any more */
- talloc_free(tmp_ctx);
- return NT_STATUS_OK;
-}
-
-/*
- receive some data on a KDC connection
-*/
-static void kdc_tcp_recv_handler(struct stream_connection *conn, uint16_t flags)
+static void kdc_tcp_recv(struct stream_connection *conn, uint16_t flags)
{
struct kdc_tcp_connection *kdcconn = talloc_get_type(conn->private_data,
struct kdc_tcp_connection);
- packet_recv(kdcconn->packet);
-}
-
-/*
- called on a tcp recv error
-*/
-static void kdc_tcp_recv_error(void *private_data, NTSTATUS status)
-{
- struct kdc_tcp_connection *kdcconn = talloc_get_type(private_data,
- struct kdc_tcp_connection);
- kdc_tcp_terminate_connection(kdcconn, nt_errstr(status));
+ /* this should never be triggered! */
+ kdc_tcp_terminate_connection(kdcconn, "kdc_tcp_recv: called");
}
-/*
- called when we can write to a connection
-*/
static void kdc_tcp_send(struct stream_connection *conn, uint16_t flags)
{
struct kdc_tcp_connection *kdcconn = talloc_get_type(conn->private_data,
struct kdc_tcp_connection);
- packet_queue_run(kdcconn->packet);
+ /* this should never be triggered! */
+ kdc_tcp_terminate_connection(kdcconn, "kdc_tcp_send: called");
}
/**
@@ -214,42 +154,201 @@ static bool kdc_process(struct kdc_server *kdc,
return true;
}
+struct kdc_tcp_call {
+ struct kdc_tcp_connection *kdc_conn;
+ DATA_BLOB in;
+ DATA_BLOB out;
+ uint8_t out_hdr[4];
+ struct iovec out_iov[2];
+};
+
+static void kdc_tcp_call_writev_done(struct tevent_req *subreq);
+
+static void kdc_tcp_call_loop(struct tevent_req *subreq)
+{
+ struct kdc_tcp_connection *kdc_conn = tevent_req_callback_data(subreq,
+ struct kdc_tcp_connection);
+ struct kdc_tcp_call *call;
+ NTSTATUS status;
+ bool ok;
+
+ call = talloc(kdc_conn, struct kdc_tcp_call);
+ if (call == NULL) {
+ kdc_tcp_terminate_connection(kdc_conn, "kdc_tcp_call_loop: "
+ "no memory for kdc_tcp_call");
+ return;
+ }
+ call->kdc_conn = kdc_conn;
+
+ status = tstream_read_pdu_blob_recv(subreq,
+ call,
+ &call->in);
+ TALLOC_FREE(subreq);
+ if (!NT_STATUS_IS_OK(status)) {
+ const char *reason;
+
+ reason = talloc_asprintf(call, "kdc_tcp_call_loop: "
+ "tstream_read_pdu_blob_recv() - %s",
+ nt_errstr(status));
+ if (!reason) {
+ reason = nt_errstr(status);
+ }
+
+ kdc_tcp_terminate_connection(kdc_conn, reason);
+ return;
+ }
+
+ DEBUG(10,("Received krb5 TCP packet of length %lu from %s\n",
+ (long) call->in.length,
+ tsocket_address_string(kdc_conn->conn->remote_address, call)));
+
+ /* skip length header */
+ call->in.data +=4;
+ call->in.length -= 4;
+
+ /* Call krb5 */
+ ok = kdc_conn->kdc_socket->process(kdc_conn->kdc_socket->kdc,
+ call,
+ &call->in,
+ &call->out,
+ kdc_conn->conn->remote_address,
+ kdc_conn->conn->local_address,
+ 0 /* Stream */);
+ if (!ok) {
+ kdc_tcp_terminate_connection(kdc_conn,
+ "kdc_tcp_call_loop: process function failed");
+ return;
+ }
+
+ /* First add the length of the out buffer */
+ RSIVAL(call->out_hdr, 0, call->out.length);
+ call->out_iov[0].iov_base = call->out_hdr;
+ call->out_iov[0].iov_len = 4;
+
+ call->out_iov[1].iov_base = call->out.data;
+ call->out_iov[1].iov_len = call->out.length;
+
+ subreq = tstream_writev_queue_send(call,
+ kdc_conn->conn->event.ctx,
+ kdc_conn->tstream,
+ kdc_conn->send_queue,
+ call->out_iov, 2);
+ if (subreq == NULL) {
+ kdc_tcp_terminate_connection(kdc_conn, "kdc_tcp_call_loop: "
+ "no memory for tstream_writev_queue_send");
+ return;
+ }
+ tevent_req_set_callback(subreq, kdc_tcp_call_writev_done, call);
+
+ /*
+ * The krb5 tcp pdu's has the length as 4 byte (initial_read_size),
+ * packet_full_request_u32 provides the pdu length then.
+ */
+ subreq = tstream_read_pdu_blob_send(kdc_conn,
+ kdc_conn->conn->event.ctx,
+ kdc_conn->tstream,
+ 4, /* initial_read_size */
+ packet_full_request_u32,
+ kdc_conn);
+ if (subreq == NULL) {
+ kdc_tcp_terminate_connection(kdc_conn, "kdc_tcp_call_loop: "
+ "no memory for tstream_read_pdu_blob_send");
+ return;
+ }
+ tevent_req_set_callback(subreq, kdc_tcp_call_loop, kdc_conn);
+}
+
+static void kdc_tcp_call_writev_done(struct tevent_req *subreq)
+{
+ struct kdc_tcp_call *call = tevent_req_callback_data(subreq,
+ struct kdc_tcp_call);
+ int sys_errno;
+ int rc;
+
+ rc = tstream_writev_queue_recv(subreq, &sys_errno);
+ TALLOC_FREE(subreq);
+ if (rc == -1) {
+ const char *reason;
+
+ reason = talloc_asprintf(call, "kdc_tcp_call_writev_done: "
+ "tstream_writev_queue_recv() - %d:%s",
+ sys_errno, strerror(sys_errno));
+ if (!reason) {
+ reason = "kdc_tcp_call_writev_done: tstream_writev_queue_recv() failed";
+ }
+
+ kdc_tcp_terminate_connection(call->kdc_conn, reason);
+ return;
+ }
+
+ /* We don't care about errors */
+
+ talloc_free(call);
+}
+
/*
called when we get a new connection
*/
static void kdc_tcp_accept(struct stream_connection *conn)
{
- struct kdc_socket *kdc_socket = talloc_get_type(conn->private_data, struct kdc_socket);
- struct kdc_tcp_connection *kdcconn;
+ struct kdc_socket *kdc_socket;
+ struct kdc_tcp_connection *kdc_conn;
+ struct tevent_req *subreq;
+ int rc;
+
+ kdc_conn = talloc_zero(conn, struct kdc_tcp_connection);
+ if (kdc_conn == NULL) {
+ stream_terminate_connection(conn,
+ "kdc_tcp_accept: out of memory");
+ return;
+ }
- kdcconn = talloc_zero(conn, struct kdc_tcp_connection);
- if (!kdcconn) {
- stream_terminate_connection(conn, "kdc_tcp_accept: out of memory");
+ kdc_conn->send_queue = tevent_queue_create(conn, "kdc_tcp_accept");
+ if (kdc_conn->send_queue == NULL) {
+ stream_terminate_connection(conn,
+ "kdc_tcp_accept: out of memory");
return;
}
- kdcconn->conn = conn;
- kdcconn->kdc_socket = kdc_socket;
- conn->private_data = kdcconn;
- kdcconn->packet = packet_init(kdcconn);
- if (kdcconn->packet == NULL) {
- kdc_tcp_terminate_connection(kdcconn, "kdc_tcp_accept: out of memory");
+ kdc_socket = talloc_get_type(conn->private_data, struct kdc_socket);
+
+ TALLOC_FREE(conn->event.fde);
+
+ rc = tstream_bsd_existing_socket(kdc_conn->tstream,
+ socket_get_fd(conn->socket),
+ &kdc_conn->tstream);
+ if (rc < 0) {
+ stream_terminate_connection(conn,
+ "kdc_tcp_accept: out of memory");
return;
}
- packet_set_private(kdcconn->packet, kdcconn);
- packet_set_socket(kdcconn->packet, conn->socket);
- packet_set_callback(kdcconn->packet, kdc_tcp_recv);
- packet_set_full_request(kdcconn->packet, packet_full_request_u32);
- packet_set_error_handler(kdcconn->packet, kdc_tcp_recv_error);
- packet_set_event_context(kdcconn->packet, conn->event.ctx);
- packet_set_fde(kdcconn->packet, conn->event.fde);
- packet_set_serialise(kdcconn->packet);
+
+ kdc_conn->conn = conn;
+ kdc_conn->kdc_socket = kdc_socket;
+ conn->private_data = kdc_conn;
+
+ /*
+ * The krb5 tcp pdu's has the length as 4 byte (initial_read_size),
+ * packet_full_request_u32 provides the pdu length then.
+ */
+ subreq = tstream_read_pdu_blob_send(kdc_conn,
+ kdc_conn->conn->event.ctx,
+ kdc_conn->tstream,
+ 4, /* initial_read_size */
+ packet_full_request_u32,
+ kdc_conn);
+ if (subreq == NULL) {
+ kdc_tcp_terminate_connection(kdc_conn, "kdc_tcp_accept: "
+ "no memory for tstream_read_pdu_blob_send");
+ return;
+ }
+ tevent_req_set_callback(subreq, kdc_tcp_call_loop, kdc_conn);
}
static const struct stream_server_ops kdc_tcp_stream_ops = {
.name = "kdc_tcp",
.accept_connection = kdc_tcp_accept,
- .recv_handler = kdc_tcp_recv_handler,
+ .recv_handler = kdc_tcp_recv,
.send_handler = kdc_tcp_send
};
@@ -276,7 +375,7 @@ static void kdc_udp_call_loop(struct tevent_req *subreq)
uint8_t *buf;
ssize_t len;
int sys_errno;
- int ret;
+ bool ok;
call = talloc(sock, struct kdc_udp_call);
if (call == NULL) {
@@ -300,14 +399,14 @@ static void kdc_udp_call_loop(struct tevent_req *subreq)
tsocket_address_string(call->src, call)));
/* Call krb5 */
- ret = sock->kdc_socket->process(sock->kdc_socket->kdc,
- call,
- &call->in,
- &call->out,
- call->src,
- sock->kdc_socket->local_address,
- 1 /* Datagram */);
- if (!ret) {
+ ok = sock->kdc_socket->process(sock->kdc_socket->kdc,
+ call,
+ &call->in,
+ &call->out,
+ call->src,
+ sock->kdc_socket->local_address,
+ 1 /* Datagram */);
+ if (!ok) {
talloc_free(call);
goto done;
}
@@ -663,22 +762,22 @@ static void kdc_task_init(struct task_server *task)
PLUGIN_TYPE_DATA, "hdb",
&hdb_samba4);
if(ret) {
- task_server_terminate(task, "kdc: failed to register hdb keytab", true);
+ task_server_terminate(task, "kdc: failed to register hdb plugin", true);
return;
}
ret = krb5_kt_register(kdc->smb_krb5_context->krb5_context, &hdb_kt_ops);
if(ret) {
- task_server_terminate(task, "kdc: failed to register hdb keytab", true);
+ task_server_terminate(task, "kdc: failed to register keytab plugin", true);
return;
}
- /* Registar WinDC hooks */
+ /* Register WinDC hooks */
ret = krb5_plugin_register(kdc->smb_krb5_context->krb5_context,
PLUGIN_TYPE_DATA, "windc",
&windc_plugin_table);
if(ret) {
- task_server_terminate(task, "kdc: failed to register hdb keytab", true);
+ task_server_terminate(task, "kdc: failed to register windc plugin", true);
return;
}
diff --git a/source4/lib/events/events.h b/source4/lib/events/events.h
index 1b2dbde32b..5fdb96794e 100644
--- a/source4/lib/events/events.h
+++ b/source4/lib/events/events.h
@@ -4,4 +4,5 @@
#include <../lib/tevent/tevent.h>
struct tevent_context *s4_event_context_init(TALLOC_CTX *mem_ctx);
struct tevent_context *event_context_find(TALLOC_CTX *mem_ctx) _DEPRECATED_;
+void s4_event_context_set_default(struct tevent_context *ev);
#endif /* __LIB_EVENTS_H__ */
diff --git a/source4/lib/events/tevent_s4.c b/source4/lib/events/tevent_s4.c
index 1898269c2c..838f20debe 100644
--- a/source4/lib/events/tevent_s4.c
+++ b/source4/lib/events/tevent_s4.c
@@ -71,6 +71,16 @@ struct tevent_context *s4_event_context_init(TALLOC_CTX *mem_ctx)
return ev;
}
+static struct tevent_context *default_tevent_context;
+
+/* set a default event context that will be used for
+ * event_context_find() if a parent event context is not found
+ */
+void s4_event_context_set_default(struct tevent_context *ev)
+{
+ default_tevent_context = ev;
+}
+
/*
find an event context that is a parent of the given memory context,
or create a new event context as a child of the given context if
@@ -83,7 +93,10 @@ struct tevent_context *s4_event_context_init(TALLOC_CTX *mem_ctx)
struct tevent_context *event_context_find(TALLOC_CTX *mem_ctx)
{
struct tevent_context *ev = talloc_find_parent_bytype(mem_ctx, struct tevent_context);
- if (ev == NULL) {
+ if (ev == NULL) {
+ ev = default_tevent_context;
+ }
+ if (ev == NULL) {
ev = tevent_context_init(mem_ctx);
}
return ev;
diff --git a/source4/lib/ldb-samba/ldif_handlers.c b/source4/lib/ldb-samba/ldif_handlers.c
index 4611eba3f1..88888bf0a7 100644
--- a/source4/lib/ldb-samba/ldif_handlers.c
+++ b/source4/lib/ldb-samba/ldif_handlers.c
@@ -406,7 +406,7 @@ static int ldif_write_ntSecurityDescriptor(struct ldb_context *ldb, void *mem_ct
talloc_free(sd);
return -1;
}
- out->data = (uint8_t *)sddl_encode(mem_ctx, sd, NULL);
+ out->data = (uint8_t *)sddl_encode(mem_ctx, sd, samdb_domain_sid_cache_only(ldb));
talloc_free(sd);
if (out->data == NULL) {
return -1;
@@ -700,6 +700,26 @@ static int val_to_int32(const struct ldb_val *in, int32_t *v)
return LDB_SUCCESS;
}
+/* length limited conversion of a ldb_val to a int64_t */
+static int val_to_int64(const struct ldb_val *in, int64_t *v)
+{
+ char *end;
+ char buf[64];
+
+ /* make sure we don't read past the end of the data */
+ if (in->length > sizeof(buf)-1) {
+ return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
+ }
+ strncpy(buf, (char *)in->data, in->length);
+ buf[in->length] = 0;
+
+ *v = (int64_t) strtoll(buf, &end, 0);
+ if (*end != 0) {
+ return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
+ }
+ return LDB_SUCCESS;
+}
+
/* Canonicalisation of two 32-bit integers */
static int ldif_canonicalise_int32(struct ldb_context *ldb, void *mem_ctx,
const struct ldb_val *in, struct ldb_val *out)
@@ -731,6 +751,37 @@ static int ldif_comparison_int32(struct ldb_context *ldb, void *mem_ctx,
return i1 > i2? 1 : -1;
}
+/* Canonicalisation of two 64-bit integers */
+static int ldif_canonicalise_int64(struct ldb_context *ldb, void *mem_ctx,
+ const struct ldb_val *in, struct ldb_val *out)
+{
+ int64_t i;
+ int ret;
+
+ ret = val_to_int64(in, &i);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+ out->data = (uint8_t *) talloc_asprintf(mem_ctx, "%lld", (long long)i);
+ if (out->data == NULL) {
+ ldb_oom(ldb);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ out->length = strlen((char *)out->data);
+ return 0;
+}
+
+/* Comparison of two 64-bit integers */
+static int ldif_comparison_int64(struct ldb_context *ldb, void *mem_ctx,
+ const struct ldb_val *v1, const struct ldb_val *v2)
+{
+ int64_t i1=0, i2=0;
+ val_to_int64(v1, &i1);
+ val_to_int64(v2, &i2);
+ if (i1 == i2) return 0;
+ return i1 > i2? 1 : -1;
+}
+
/*
convert a NDR formatted blob to a ldif formatted repsFromTo
*/
@@ -778,6 +829,64 @@ static int extended_dn_write_hex(struct ldb_context *ldb, void *mem_ctx,
return 0;
}
+
+/*
+ write a 64 bit 2-part range
+*/
+static int ldif_write_range64(struct ldb_context *ldb, void *mem_ctx,
+ const struct ldb_val *in, struct ldb_val *out)
+{
+ int64_t v;
+ int ret;
+ ret = val_to_int64(in, &v);
+ if (ret != LDB_SUCCESS) {
+ return ret;
+ }
+ out->data = (uint8_t *)talloc_asprintf(mem_ctx, "%lu-%lu",
+ (unsigned long)(v&0xFFFFFFFF),
+ (unsigned long)(v>>32));
+ if (out->data == NULL) {
+ ldb_oom(ldb);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ out->length = strlen((char *)out->data);
+ return LDB_SUCCESS;
+}
+
+/*
+ read a 64 bit 2-part range
+*/
+static int ldif_read_range64(struct ldb_context *ldb, void *mem_ctx,
+ const struct ldb_val *in, struct ldb_val *out)
+{
+ unsigned long high, low;
+ char buf[64];
+
+ if (memchr(in->data, '-', in->length) == NULL) {
+ return ldb_handler_copy(ldb, mem_ctx, in, out);
+ }
+
+ if (in->length > sizeof(buf)-1) {
+ return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
+ }
+ strncpy(buf, (const char *)in->data, in->length);
+ buf[in->length] = 0;
+
+ if (sscanf(buf, "%lu-%lu", &low, &high) != 2) {
+ return LDB_ERR_INVALID_ATTRIBUTE_SYNTAX;
+ }
+
+ out->data = (uint8_t *)talloc_asprintf(mem_ctx, "%llu",
+ (unsigned long long)(((uint64_t)high)<<32) | (low));
+
+ if (out->data == NULL) {
+ ldb_oom(ldb);
+ return LDB_ERR_OPERATIONS_ERROR;
+ }
+ out->length = strlen((char *)out->data);
+ return LDB_SUCCESS;
+}
+
static const struct ldb_schema_syntax samba_syntaxes[] = {
{
.name = LDB_SYNTAX_SAMBA_SID,
@@ -845,6 +954,12 @@ static const struct ldb_schema_syntax samba_syntaxes[] = {
.ldif_write_fn = ldb_handler_copy,
.canonicalise_fn = dsdb_dn_string_canonicalise,
.comparison_fn = dsdb_dn_string_comparison
+ },{
+ .name = LDB_SYNTAX_SAMBA_RANGE64,
+ .ldif_read_fn = ldif_read_range64,
+ .ldif_write_fn = ldif_write_range64,
+ .canonicalise_fn = ldif_canonicalise_int64,
+ .comparison_fn = ldif_comparison_int64
},
};
@@ -928,6 +1043,9 @@ static const struct {
{ "repsTo", LDB_SYNTAX_SAMBA_REPSFROMTO },
{ "replPropertyMetaData", LDB_SYNTAX_SAMBA_REPLPROPERTYMETADATA },
{ "replUpToDateVector", LDB_SYNTAX_SAMBA_REPLUPTODATEVECTOR },
+ { "rIDAllocationPool", LDB_SYNTAX_SAMBA_RANGE64 },
+ { "rIDPreviousAllocationPool", LDB_SYNTAX_SAMBA_RANGE64 },
+ { "rIDAvailablePool", LDB_SYNTAX_SAMBA_RANGE64 },
};
const struct ldb_schema_syntax *ldb_samba_syntax_by_name(struct ldb_context *ldb, const char *name)
diff --git a/source4/lib/ldb-samba/ldif_handlers.h b/source4/lib/ldb-samba/ldif_handlers.h
index 6906c822f9..8e4df77ffc 100644
--- a/source4/lib/ldb-samba/ldif_handlers.h
+++ b/source4/lib/ldb-samba/ldif_handlers.h
@@ -10,6 +10,7 @@
#define LDB_SYNTAX_SAMBA_REPSFROMTO "LDB_SYNTAX_SAMBA_REPSFROMTO"
#define LDB_SYNTAX_SAMBA_REPLPROPERTYMETADATA "LDB_SYNTAX_SAMBA_REPLPROPERTYMETADATA"
#define LDB_SYNTAX_SAMBA_REPLUPTODATEVECTOR "LDB_SYNTAX_SAMBA_REPLUPTODATEVECTOR"
+#define LDB_SYNTAX_SAMBA_RANGE64 "LDB_SYNTAX_SAMBA_RANGE64"
#include "lib/ldb-samba/ldif_handlers_proto.h"
diff --git a/source4/lib/ldb/common/ldb_dn.c b/source4/lib/ldb/common/ldb_dn.c
index 79953c6018..252a0c632b 100644
--- a/source4/lib/ldb/common/ldb_dn.c
+++ b/source4/lib/ldb/common/ldb_dn.c
@@ -103,7 +103,13 @@ struct ldb_dn *ldb_dn_from_ldb_val(void *mem_ctx,
dn = talloc_zero(mem_ctx, struct ldb_dn);
LDB_DN_NULL_FAILED(dn);
- dn->ldb = ldb;
+ dn->ldb = talloc_get_type(ldb, struct ldb_context);
+ if (dn->ldb == NULL) {
+ /* the caller probably got the arguments to
+ ldb_dn_new() mixed up */
+ talloc_free(dn);
+ return NULL;
+ }
if (strdn->data && strdn->length) {
const char *data = (const char *)strdn->data;
diff --git a/source4/lib/ldb/ldb_tdb/ldb_index.c b/source4/lib/ldb/ldb_tdb/ldb_index.c
index 52f9f00c58..01d0d6ce34 100644
--- a/source4/lib/ldb/ldb_tdb/ldb_index.c
+++ b/source4/lib/ldb/ldb_tdb/ldb_index.c
@@ -1104,6 +1104,8 @@ static int ltdb_index_add1(struct ldb_module *module, const char *dn,
if (list->count > 0 &&
a->flags & LDB_ATTR_FLAG_UNIQUE_INDEX) {
talloc_free(list);
+ ldb_asprintf_errstring(ldb, __location__ ": unique index violation on %s in %s",
+ el->name, dn);
return LDB_ERR_ENTRY_ALREADY_EXISTS;
}
@@ -1168,6 +1170,10 @@ static int ltdb_index_add_all(struct ldb_module *module, const char *dn,
}
ret = ltdb_index_add_el(module, dn, &elements[i]);
if (ret != LDB_SUCCESS) {
+ struct ldb_context *ldb = ldb_module_get_ctx(module);
+ ldb_asprintf_errstring(ldb,
+ __location__ ": Failed to re-index %s in %s - %s",
+ elements[i].name, dn, ldb_errstring(ldb));
return ret;
}
}
@@ -1446,13 +1452,19 @@ static int delete_index(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, vo
return 0;
}
+struct ltdb_reindex_context {
+ struct ldb_module *module;
+ int error;
+};
+
/*
traversal function that adds @INDEX records during a re index
*/
static int re_index(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, void *state)
{
struct ldb_context *ldb;
- struct ldb_module *module = (struct ldb_module *)state;
+ struct ltdb_reindex_context *ctx = (struct ltdb_reindex_context *)state;
+ struct ldb_module *module = ctx->module;
struct ldb_message *msg;
const char *dn = NULL;
int ret;
@@ -1511,9 +1523,13 @@ static int re_index(struct tdb_context *tdb, TDB_DATA key, TDB_DATA data, void *
ret = ltdb_index_add_all(module, dn, msg->elements, msg->num_elements);
- talloc_free(msg);
+ if (ret != LDB_SUCCESS) {
+ ctx->error = ret;
+ talloc_free(msg);
+ return -1;
+ }
- if (ret != LDB_SUCCESS) return -1;
+ talloc_free(msg);
return 0;
}
@@ -1525,6 +1541,7 @@ int ltdb_reindex(struct ldb_module *module)
{
struct ltdb_private *ltdb = talloc_get_type(ldb_module_get_private(module), struct ltdb_private);
int ret;
+ struct ltdb_reindex_context ctx;
if (ltdb_cache_reload(module) != 0) {
return LDB_ERR_OPERATIONS_ERROR;
@@ -1543,11 +1560,22 @@ int ltdb_reindex(struct ldb_module *module)
return LDB_SUCCESS;
}
+ ctx.module = module;
+ ctx.error = 0;
+
/* now traverse adding any indexes for normal LDB records */
- ret = tdb_traverse(ltdb->tdb, re_index, module);
+ ret = tdb_traverse(ltdb->tdb, re_index, &ctx);
if (ret == -1) {
+ struct ldb_context *ldb = ldb_module_get_ctx(module);
+ ldb_asprintf_errstring(ldb, "reindexing traverse failed: %s", ldb_errstring(ldb));
return LDB_ERR_OPERATIONS_ERROR;
}
+ if (ctx.error != LDB_SUCCESS) {
+ struct ldb_context *ldb = ldb_module_get_ctx(module);
+ ldb_asprintf_errstring(ldb, "reindexing failed: %s", ldb_errstring(ldb));
+ return ctx.error;
+ }
+
return LDB_SUCCESS;
}
diff --git a/source4/lib/ldb/ldb_tdb/ldb_tdb.c b/source4/lib/ldb/ldb_tdb/ldb_tdb.c
index a146b96b20..b8b4d399ef 100644
--- a/source4/lib/ldb/ldb_tdb/ldb_tdb.c
+++ b/source4/lib/ldb/ldb_tdb/ldb_tdb.c
@@ -230,7 +230,8 @@ static int ltdb_modified(struct ldb_module *module, struct ldb_dn *dn)
}
/* If the modify was to @OPTIONS, reload the cache */
- if (ldb_dn_is_special(dn) &&
+ if (ret == LDB_SUCCESS &&
+ ldb_dn_is_special(dn) &&
(ldb_dn_check_special(dn, LTDB_OPTIONS)) ) {
ret = ltdb_cache_reload(module);
}
diff --git a/source4/lib/ldb/tests/python/acl.py b/source4/lib/ldb/tests/python/acl.py
index 4544f60736..909adc5129 100755
--- a/source4/lib/ldb/tests/python/acl.py
+++ b/source4/lib/ldb/tests/python/acl.py
@@ -164,7 +164,8 @@ replace: nTSecurityDescriptor
"""
ldif = """
dn: """ + group_dn + """
-changetype: add
+changetype: modify
+add: member
member: """ + member_dn
_ldb.modify_ldif(ldif)
diff --git a/source4/lib/ldb/tests/python/sec_descriptor.py b/source4/lib/ldb/tests/python/sec_descriptor.py
index e420cec3bd..4589178a42 100755
--- a/source4/lib/ldb/tests/python/sec_descriptor.py
+++ b/source4/lib/ldb/tests/python/sec_descriptor.py
@@ -285,8 +285,30 @@ userAccountControl: %s""" % userAccountControl
class OwnerGroupDescriptorTests(DescriptorTests):
+ def deleteAll(self):
+ if self.SAMBA:
+ self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser1"))
+ self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser2"))
+ self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser3"))
+ self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser4"))
+ self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser5"))
+ self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser6"))
+ self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser7"))
+ self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser8"))
+ # DOMAIN
+ self.delete_force(self.ldb_admin, self.get_users_domain_dn("test_domain_group1"))
+ self.delete_force(self.ldb_admin, "CN=test_domain_user1,OU=test_domain_ou1," + self.base_dn)
+ self.delete_force(self.ldb_admin, "OU=test_domain_ou2,OU=test_domain_ou1," + self.base_dn)
+ self.delete_force(self.ldb_admin, "OU=test_domain_ou1," + self.base_dn)
+ # SCHEMA
+ # CONFIGURATION
+ self.delete_force(self.ldb_admin, "CN=test-specifier1,CN=test-container1,CN=DisplaySpecifiers," \
+ + self.configuration_dn)
+ self.delete_force(self.ldb_admin, "CN=test-container1,CN=DisplaySpecifiers," + self.configuration_dn)
+
def setUp(self):
DescriptorTests.setUp(self)
+ self.deleteAll()
if self.SAMBA:
### Create users
# User 1
@@ -295,7 +317,8 @@ class OwnerGroupDescriptorTests(DescriptorTests):
self.enable_account(user_dn)
ldif = """
dn: CN=Enterprise Admins,CN=Users,""" + self.base_dn + """
-changetype: add
+changetype: modify
+add: member
member: """ + user_dn
self.ldb_admin.modify_ldif(ldif)
# User 2
@@ -304,7 +327,8 @@ member: """ + user_dn
self.enable_account(user_dn)
ldif = """
dn: CN=Domain Admins,CN=Users,""" + self.base_dn + """
-changetype: add
+changetype: modify
+add: member
member: """ + user_dn
self.ldb_admin.modify_ldif(ldif)
# User 3
@@ -313,7 +337,8 @@ member: """ + user_dn
self.enable_account(user_dn)
ldif = """
dn: CN=Schema Admins,CN=Users,""" + self.base_dn + """
-changetype: add
+changetype: modify
+add: member
member: """ + user_dn
self.ldb_admin.modify_ldif(ldif)
# User 4
@@ -326,11 +351,13 @@ member: """ + user_dn
self.enable_account(user_dn)
ldif = """
dn: CN=Enterprise Admins,CN=Users,""" + self.base_dn + """
-changetype: add
+changetype: modify
+add: member
member: """ + user_dn + """
dn: CN=Domain Admins,CN=Users,""" + self.base_dn + """
-changetype: add
+changetype: modify
+add: member
member: """ + user_dn
self.ldb_admin.modify_ldif(ldif)
# User 6
@@ -339,15 +366,18 @@ member: """ + user_dn
self.enable_account(user_dn)
ldif = """
dn: CN=Enterprise Admins,CN=Users,""" + self.base_dn + """
-changetype: add
+changetype: modify
+add: member
member: """ + user_dn + """
dn: CN=Domain Admins,CN=Users,""" + self.base_dn + """
-changetype: add
+changetype: modify
+add: member
member: """ + user_dn + """
dn: CN=Schema Admins,CN=Users,""" + self.base_dn + """
-changetype: add
+changetype: modify
+add: member
member: """ + user_dn
self.ldb_admin.modify_ldif(ldif)
# User 7
@@ -356,11 +386,13 @@ member: """ + user_dn
self.enable_account(user_dn)
ldif = """
dn: CN=Domain Admins,CN=Users,""" + self.base_dn + """
-changetype: add
+changetype: modify
+add: member
member: """ + user_dn + """
dn: CN=Schema Admins,CN=Users,""" + self.base_dn + """
-changetype: add
+changetype: modify
+add: member
member: """ + user_dn
self.ldb_admin.modify_ldif(ldif)
# User 8
@@ -369,11 +401,13 @@ member: """ + user_dn
self.enable_account(user_dn)
ldif = """
dn: CN=Enterprise Admins,CN=Users,""" + self.base_dn + """
-changetype: add
+changetype: modify
+add: member
member: """ + user_dn + """
dn: CN=Schema Admins,CN=Users,""" + self.base_dn + """
-changetype: add
+changetype: modify
+add: member
member: """ + user_dn
self.ldb_admin.modify_ldif(ldif)
self.results = {
@@ -490,25 +524,7 @@ member: """ + user_dn
self.DS_BEHAVIOR = "ds_behavior_win2008"
def tearDown(self):
- if self.SAMBA:
- self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser1"))
- self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser2"))
- self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser3"))
- self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser4"))
- self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser5"))
- self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser6"))
- self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser7"))
- self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser8"))
- # DOMAIN
- self.delete_force(self.ldb_admin, self.get_users_domain_dn("test_domain_group1"))
- self.delete_force(self.ldb_admin, "CN=test_domain_user1,OU=test_domain_ou1," + self.base_dn)
- self.delete_force(self.ldb_admin, "OU=test_domain_ou2,OU=test_domain_ou1," + self.base_dn)
- self.delete_force(self.ldb_admin, "OU=test_domain_ou1," + self.base_dn)
- # SCHEMA
- # CONFIGURATION
- self.delete_force(self.ldb_admin, "CN=test-specifier1,CN=test-container1,CN=DisplaySpecifiers," \
- + self.configuration_dn)
- self.delete_force(self.ldb_admin, "CN=test-container1,CN=DisplaySpecifiers," + self.configuration_dn)
+ self.deleteAll()
def check_user_belongs(self, user_dn, groups=[]):
""" Test wether user is member of the expected group(s) """
@@ -1414,12 +1430,16 @@ member: """ + user_dn
class DaclDescriptorTests(DescriptorTests):
+ def deleteAll(self):
+ self.delete_force(self.ldb_admin, "CN=test_inherit_group,OU=test_inherit_ou," + self.base_dn)
+ self.delete_force(self.ldb_admin, "OU=test_inherit_ou," + self.base_dn)
+
def setUp(self):
DescriptorTests.setUp(self)
+ self.deleteAll()
def tearDown(self):
- self.delete_force(self.ldb_admin, "CN=test_inherit_group,OU=test_inherit_ou," + self.base_dn)
- self.delete_force(self.ldb_admin, "OU=test_inherit_ou," + self.base_dn)
+ self.deleteAll()
def create_clean_ou(self, object_dn):
""" Base repeating setup for unittests to follow """
@@ -1686,12 +1706,16 @@ class DaclDescriptorTests(DescriptorTests):
class SdFlagsDescriptorTests(DescriptorTests):
+ def deleteAll(self):
+ self.delete_force(self.ldb_admin, "OU=test_sdflags_ou," + self.base_dn)
+
def setUp(self):
DescriptorTests.setUp(self)
self.test_descr = "O:AUG:AUD:(D;;CC;;;LG)S:(OU;;WP;;;AU)"
+ self.deleteAll()
def tearDown(self):
- self.delete_force(self.ldb_admin, "OU=test_sdflags_ou," + self.base_dn)
+ self.deleteAll()
def test_301(self):
""" Modify a descriptor with OWNER_SECURITY_INFORMATION set.
@@ -1841,8 +1865,16 @@ class SdFlagsDescriptorTests(DescriptorTests):
class RightsAttributesTests(DescriptorTests):
+ def deleteAll(self):
+ if self.SAMBA:
+ self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser_attr"))
+ self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser_attr2"))
+
+ self.delete_force(self.ldb_admin, "OU=test_domain_ou1," + self.base_dn)
+
def setUp(self):
DescriptorTests.setUp(self)
+ self.deleteAll()
if self.SAMBA:
### Create users
# User 1
@@ -1855,17 +1887,13 @@ class RightsAttributesTests(DescriptorTests):
self.enable_account(user_dn)
ldif = """
dn: CN=Domain Admins,CN=Users,""" + self.base_dn + """
-changetype: add
+changetype: modify
+add: member
member: """ + user_dn
self.ldb_admin.modify_ldif(ldif)
def tearDown(self):
-
- if self.SAMBA:
- self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser_attr"))
- self.delete_force(self.ldb_admin, self.get_users_domain_dn("testuser_attr2"))
-
- self.delete_force(self.ldb_admin, "OU=test_domain_ou1," + self.base_dn)
+ self.deleteAll()
def test_sDRightsEffective(self):
object_dn = "OU=test_domain_ou1," + self.base_dn
@@ -1964,7 +1992,11 @@ member: """ + user_dn
self.assertTrue("managedBy" in res[0]["allowedAttributesEffective"])
if not "://" in host:
- host = "ldap://%s" % host
+ if os.path.isfile(host):
+ host = "tdb://%s" % host
+ else:
+ host = "ldap://%s" % host
+
ldb = Ldb(host, credentials=creds, session_info=system_session(), lp=lp, options=["modules:paged_searches"])
runner = SubunitTestRunner()
diff --git a/source4/lib/ldb/tools/cmdline.c b/source4/lib/ldb/tools/cmdline.c
index 39a460763c..44ae23b26c 100644
--- a/source4/lib/ldb/tools/cmdline.c
+++ b/source4/lib/ldb/tools/cmdline.c
@@ -33,6 +33,7 @@
#include "auth/auth.h"
#include "ldb_wrap.h"
#include "param/param.h"
+#include "dsdb/common/proto.h"
#endif
static struct ldb_cmdline options; /* needs to be static for older compilers */
@@ -321,6 +322,11 @@ struct ldb_cmdline *ldb_cmdline_process(struct ldb_context *ldb,
goto failed;
}
+#if (_SAMBA_BUILD_ >= 4)
+ /* get the domain SID into the cache for SDDL processing */
+ samdb_domain_sid(ldb);
+#endif
+
return ret;
failed:
diff --git a/source4/lib/messaging/messaging.c b/source4/lib/messaging/messaging.c
index 277688e8b6..c12945b622 100644
--- a/source4/lib/messaging/messaging.c
+++ b/source4/lib/messaging/messaging.c
@@ -119,8 +119,15 @@ static NTSTATUS irpc_uptime(struct irpc_message *msg,
*/
static char *messaging_path(struct messaging_context *msg, struct server_id server_id)
{
- return talloc_asprintf(msg, "%s/msg.%s", msg->base_path,
- cluster_id_string(msg, server_id));
+ TALLOC_CTX *tmp_ctx = talloc_new(msg);
+ const char *id = cluster_id_string(tmp_ctx, server_id);
+ char *s;
+ if (id == NULL) {
+ return NULL;
+ }
+ s = talloc_asprintf(msg, "%s/msg.%s", msg->base_path, id);
+ talloc_steal(s, tmp_ctx);
+ return s;
}
/*
@@ -261,11 +268,13 @@ static void messaging_send_handler(struct messaging_context *msg)
}
rec->retries = 0;
if (!NT_STATUS_IS_OK(status)) {
+ TALLOC_CTX *tmp_ctx = talloc_new(msg);
DEBUG(1,("messaging: Lost message from %s to %s of type %u - %s\n",
- cluster_id_string(debug_ctx(), rec->header->from),
- cluster_id_string(debug_ctx(), rec->header->to),
+ cluster_id_string(tmp_ctx, rec->header->from),
+ cluster_id_string(tmp_ctx, rec->header->to),
rec->header->msg_type,
nt_errstr(status)));
+ talloc_free(tmp_ctx);
}
DLIST_REMOVE(msg->pending, rec);
talloc_free(rec);
diff --git a/source4/lib/messaging/messaging.h b/source4/lib/messaging/messaging.h
index 4ec69c8f34..08953856a0 100644
--- a/source4/lib/messaging/messaging.h
+++ b/source4/lib/messaging/messaging.h
@@ -32,6 +32,7 @@ struct messaging_context;
#define MSG_IRPC 6
#define MSG_PVFS_NOTIFY 7
#define MSG_NTVFS_OPLOCK_BREAK 8
+#define MSG_DREPL_ALLOCATE_RID 9
/* temporary messaging endpoints are allocated above this line */
#define MSG_TMP_BASE 1000
diff --git a/source4/libcli/config.mk b/source4/libcli/config.mk
index 340cd2ae41..f67250d4b0 100644
--- a/source4/libcli/config.mk
+++ b/source4/libcli/config.mk
@@ -8,6 +8,11 @@ LIBSAMBA-ERRORS_OBJ_FILES = $(addprefix ../libcli/util/, doserr.o ) $(libclisrcd
PUBLIC_HEADERS += $(addprefix ../libcli/util/, error.h ntstatus.h doserr.h werror.h)
+[SUBSYSTEM::LIBSAMBA_TSOCKET]
+PUBLIC_DEPENDENCIES = LIBTSOCKET UTIL_TEVENT
+
+LIBSAMBA_TSOCKET_OBJ_FILES = $(addprefix ../libcli/util/, tstream.o)
+
[SUBSYSTEM::LIBCLI_LSA]
PUBLIC_DEPENDENCIES = RPC_NDR_LSA
PRIVATE_DEPENDENCIES = LIBSECURITY
diff --git a/source4/libnet/libnet_become_dc.c b/source4/libnet/libnet_become_dc.c
index b8fed68b59..bccdb8d7f2 100644
--- a/source4/libnet/libnet_become_dc.c
+++ b/source4/libnet/libnet_become_dc.c
@@ -1031,14 +1031,6 @@ static NTSTATUS becomeDC_ldap1_infrastructure_fsmo(struct libnet_BecomeDC_state
struct ldb_dn *basedn;
struct ldb_dn *ntds_dn;
struct ldb_dn *server_dn;
- static const char *_1_1_attrs[] = {
- "1.1",
- NULL
- };
- static const char *fsmo_attrs[] = {
- "fSMORoleOwner",
- NULL
- };
static const char *dns_attrs[] = {
"dnsHostName",
NULL
@@ -1048,41 +1040,21 @@ static NTSTATUS becomeDC_ldap1_infrastructure_fsmo(struct libnet_BecomeDC_state
NULL
};
- basedn = ldb_dn_new_fmt(s, s->ldap1.ldb, "<WKGUID=2fbac1870ade11d297c400c04fd8d5cd,%s>",
- s->domain.dn_str);
- NT_STATUS_HAVE_NO_MEMORY(basedn);
-
- ret = ldb_search(s->ldap1.ldb, s, &r, basedn, LDB_SCOPE_BASE,
- _1_1_attrs, "(objectClass=*)");
- talloc_free(basedn);
+ ret = dsdb_wellknown_dn(s->ldap1.ldb, s, samdb_base_dn(s->ldap1.ldb),
+ DS_GUID_INFRASTRUCTURE_CONTAINER,
+ &basedn);
if (ret != LDB_SUCCESS) {
return NT_STATUS_LDAP(ret);
- } else if (r->count != 1) {
- talloc_free(r);
- return NT_STATUS_INVALID_NETWORK_RESPONSE;
}
- basedn = talloc_steal(s, r->msgs[0]->dn);
- talloc_free(r);
-
- ret = ldb_search(s->ldap1.ldb, s, &r, basedn, LDB_SCOPE_BASE,
- fsmo_attrs, "(objectClass=*)");
- talloc_free(basedn);
+ ret = samdb_reference_dn(s->ldap1.ldb, s, basedn, "fSMORoleOwner", &ntds_dn);
if (ret != LDB_SUCCESS) {
+ talloc_free(basedn);
return NT_STATUS_LDAP(ret);
- } else if (r->count != 1) {
- talloc_free(r);
- return NT_STATUS_INVALID_NETWORK_RESPONSE;
}
- s->infrastructure_fsmo.ntds_dn_str = samdb_result_string(r->msgs[0], "fSMORoleOwner", NULL);
- if (!s->infrastructure_fsmo.ntds_dn_str) return NT_STATUS_INVALID_NETWORK_RESPONSE;
- talloc_steal(s, s->infrastructure_fsmo.ntds_dn_str);
-
- talloc_free(r);
-
- ntds_dn = ldb_dn_new(s, s->ldap1.ldb, s->infrastructure_fsmo.ntds_dn_str);
- NT_STATUS_HAVE_NO_MEMORY(ntds_dn);
+ s->infrastructure_fsmo.ntds_dn_str = ldb_dn_get_linearized(ntds_dn);
+ NT_STATUS_HAVE_NO_MEMORY(s->infrastructure_fsmo.ntds_dn_str);
server_dn = ldb_dn_get_parent(s, ntds_dn);
NT_STATUS_HAVE_NO_MEMORY(server_dn);
@@ -2951,55 +2923,40 @@ static NTSTATUS becomeDC_ldap2_modify_computer(struct libnet_BecomeDC_state *s)
static NTSTATUS becomeDC_ldap2_move_computer(struct libnet_BecomeDC_state *s)
{
int ret;
- struct ldb_result *r;
- struct ldb_dn *basedn;
struct ldb_dn *old_dn;
struct ldb_dn *new_dn;
- static const char *_1_1_attrs[] = {
- "1.1",
- NULL
- };
-
- basedn = ldb_dn_new_fmt(s, s->ldap2.ldb, "<WKGUID=a361b2ffffd211d1aa4b00c04fd7d83a,%s>",
- s->domain.dn_str);
- NT_STATUS_HAVE_NO_MEMORY(basedn);
- ret = ldb_search(s->ldap2.ldb, s, &r, basedn, LDB_SCOPE_BASE,
- _1_1_attrs, "(objectClass=*)");
- talloc_free(basedn);
+ ret = dsdb_wellknown_dn(s->ldap2.ldb, s, samdb_base_dn(s->ldap2.ldb),
+ DS_GUID_DOMAIN_CONTROLLERS_CONTAINER,
+ &new_dn);
if (ret != LDB_SUCCESS) {
return NT_STATUS_LDAP(ret);
- } else if (r->count != 1) {
- talloc_free(r);
- return NT_STATUS_INVALID_NETWORK_RESPONSE;
}
- old_dn = ldb_dn_new(r, s->ldap2.ldb, s->dest_dsa.computer_dn_str);
- NT_STATUS_HAVE_NO_MEMORY(old_dn);
-
- new_dn = r->msgs[0]->dn;
-
if (!ldb_dn_add_child_fmt(new_dn, "CN=%s", s->dest_dsa.netbios_name)) {
- talloc_free(r);
+ talloc_free(new_dn);
return NT_STATUS_NO_MEMORY;
}
+ old_dn = ldb_dn_new(new_dn, s->ldap2.ldb, s->dest_dsa.computer_dn_str);
+ NT_STATUS_HAVE_NO_MEMORY(old_dn);
+
if (ldb_dn_compare(old_dn, new_dn) == 0) {
/* we don't need to rename if the old and new dn match */
- talloc_free(r);
+ talloc_free(new_dn);
return NT_STATUS_OK;
}
ret = ldb_rename(s->ldap2.ldb, old_dn, new_dn);
if (ret != LDB_SUCCESS) {
- talloc_free(r);
+ talloc_free(new_dn);
return NT_STATUS_LDAP(ret);
}
s->dest_dsa.computer_dn_str = ldb_dn_alloc_linearized(s, new_dn);
NT_STATUS_HAVE_NO_MEMORY(s->dest_dsa.computer_dn_str);
- talloc_free(r);
+ talloc_free(new_dn);
return NT_STATUS_OK;
}
diff --git a/source4/libnet/libnet_vampire.c b/source4/libnet/libnet_vampire.c
index fa7e0bf179..37a9d7e72d 100644
--- a/source4/libnet/libnet_vampire.c
+++ b/source4/libnet/libnet_vampire.c
@@ -720,7 +720,7 @@ NTSTATUS libnet_Vampire(struct libnet_context *ctx, TALLOC_CTX *mem_ctx,
printf("mark ROOTDSE with isSynchronized=TRUE\n");
ldb_ret = ldb_modify(s->ldb, msg);
if (ldb_ret != LDB_SUCCESS) {
- printf("ldb_modify() failed: %d\n", ldb_ret);
+ printf("ldb_modify() failed: %d : %s\n", ldb_ret, ldb_errstring(s->ldb));
talloc_free(s);
return NT_STATUS_INTERNAL_DB_ERROR;
}
@@ -730,7 +730,7 @@ NTSTATUS libnet_Vampire(struct libnet_context *ctx, TALLOC_CTX *mem_ctx,
triggers the writing of the linked attribute backlinks.
*/
if (ldb_transaction_prepare_commit(s->ldb) != LDB_SUCCESS) {
- printf("Failed to prepare_commit vampire transaction\n");
+ printf("Failed to prepare_commit vampire transaction: %s\n", ldb_errstring(s->ldb));
return NT_STATUS_INTERNAL_DB_ERROR;
}
diff --git a/source4/rpc_server/config.mk b/source4/rpc_server/config.mk
index 527770a8cd..5ff1bd5722 100644
--- a/source4/rpc_server/config.mk
+++ b/source4/rpc_server/config.mk
@@ -188,6 +188,7 @@ dcerpc_drsuapi_OBJ_FILES = $(rpc_serversrcdir)/drsuapi/dcesrv_drsuapi.o \
$(rpc_serversrcdir)/drsuapi/updaterefs.o \
$(rpc_serversrcdir)/drsuapi/getncchanges.o \
$(rpc_serversrcdir)/drsuapi/addentry.o \
+ $(rpc_serversrcdir)/drsuapi/writespn.o \
$(rpc_serversrcdir)/drsuapi/drsutil.o
################################################
diff --git a/source4/rpc_server/drsuapi/addentry.c b/source4/rpc_server/drsuapi/addentry.c
index ac94daa6a6..f63a96740f 100644
--- a/source4/rpc_server/drsuapi/addentry.c
+++ b/source4/rpc_server/drsuapi/addentry.c
@@ -43,13 +43,15 @@ static WERROR drsuapi_add_SPNs(struct drsuapi_bind_state *b_state,
for (obj = first_object; obj; obj=obj->next_object) {
const char *dn_string = obj->object.identifier->dn;
struct ldb_dn *dn = ldb_dn_new(mem_ctx, b_state->sam_ctx, dn_string);
- struct ldb_result *res;
+ struct ldb_result *res, *res2;
struct ldb_dn *ref_dn;
struct GUID ntds_guid;
struct ldb_message *msg;
struct ldb_message_element *el;
const char *ntds_guid_str;
const char *dom_string;
+ const char *attrs2[] = { "dNSHostName", "cn", NULL };
+ const char *dNSHostName, *cn;
DEBUG(6,(__location__ ": Adding SPNs for %s\n",
ldb_dn_get_linearized(dn)));
@@ -78,6 +80,18 @@ static WERROR drsuapi_add_SPNs(struct drsuapi_bind_state *b_state,
dom_string = lp_dnsdomain(dce_call->conn->dce_ctx->lp_ctx);
+ /* get the dNSHostName and cn */
+ ret = ldb_search(b_state->sam_ctx, mem_ctx, &res2,
+ ref_dn, LDB_SCOPE_BASE, attrs2, NULL);
+ if (ret != LDB_SUCCESS) {
+ DEBUG(0,(__location__ ": Failed to find ref_dn '%s'\n",
+ ldb_dn_get_linearized(ref_dn)));
+ return WERR_DS_DRA_INTERNAL_ERROR;
+ }
+
+ dNSHostName = ldb_msg_find_attr_as_string(res2->msgs[0], "dNSHostName", NULL);
+ cn = ldb_msg_find_attr_as_string(res2->msgs[0], "cn", NULL);
+
/*
* construct a modify request to add the new SPNs to
* the machine account
@@ -94,20 +108,25 @@ static WERROR drsuapi_add_SPNs(struct drsuapi_bind_state *b_state,
return WERR_NOMEM;
}
- el->num_values = 2;
- el->values = talloc_array(msg->elements, struct ldb_val, 2);
- if (el->values == NULL) {
+
+ ldb_msg_add_steal_string(msg, "servicePrincipalName",
+ talloc_asprintf(el->values,
+ "E3514235-4B06-11D1-AB04-00C04FC2DCD2/%s/%s",
+ ntds_guid_str, dom_string));
+ ldb_msg_add_steal_string(msg, "servicePrincipalName",
+ talloc_asprintf(el->values, "ldap/%s._msdcs.%s",
+ ntds_guid_str, dom_string));
+ if (cn) {
+ ldb_msg_add_steal_string(msg, "servicePrincipalName",
+ talloc_asprintf(el->values, "ldap/%s", cn));
+ }
+ if (dNSHostName) {
+ ldb_msg_add_steal_string(msg, "servicePrincipalName",
+ talloc_asprintf(el->values, "ldap/%s", dNSHostName));
+ }
+ if (el->num_values < 2) {
return WERR_NOMEM;
}
- /* the magic constant is the GUID of the DRSUAPI RPC
- interface */
- el->values[0].data = (uint8_t *)talloc_asprintf(el->values,
- "E3514235-4B06-11D1-AB04-00C04FC2DCD2/%s/%s",
- ntds_guid_str, dom_string);
- el->values[0].length = strlen((char *)el->values[0].data);
- el->values[1].data = (uint8_t *)talloc_asprintf(el->values, "ldap/%s._msdcs.%s",
- ntds_guid_str, dom_string);
- el->values[1].length = strlen((char *)el->values[1].data);
ret = ldb_modify(b_state->sam_ctx, msg);
if (ret != LDB_SUCCESS) {
diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
index 6a6bc8be7e..96cb58ef3e 100644
--- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
+++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.c
@@ -60,7 +60,7 @@ static WERROR dcesrv_drsuapi_DsBind(struct dcesrv_call_state *dce_call, TALLOC_C
/* if this is a DC connecting, give them system level access */
werr = drs_security_level_check(dce_call, NULL);
if (W_ERROR_IS_OK(werr)) {
- DEBUG(2,(__location__ ": doing DsBind with system_session\n"));
+ DEBUG(3,(__location__ ": doing DsBind with system_session\n"));
auth_info = system_session(dce_call->conn->dce_ctx->lp_ctx);
} else {
auth_info = dce_call->conn->auth_state.session_info;
@@ -378,81 +378,6 @@ static WERROR dcesrv_drsuapi_DsCrackNames(struct dcesrv_call_state *dce_call, TA
return WERR_UNKNOWN_LEVEL;
}
-/*
- drsuapi_DsWriteAccountSpn
-*/
-static WERROR dcesrv_drsuapi_DsWriteAccountSpn(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
- struct drsuapi_DsWriteAccountSpn *r)
-{
- struct drsuapi_bind_state *b_state;
- struct dcesrv_handle *h;
-
- *r->out.level_out = r->in.level;
-
- DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
- b_state = h->data;
-
- r->out.res = talloc(mem_ctx, union drsuapi_DsWriteAccountSpnResult);
- W_ERROR_HAVE_NO_MEMORY(r->out.res);
-
- switch (r->in.level) {
- case 1: {
- struct drsuapi_DsWriteAccountSpnRequest1 *req;
- struct ldb_message *msg;
- int count, i, ret;
- req = &r->in.req->req1;
- count = req->count;
-
- msg = ldb_msg_new(mem_ctx);
- if (msg == NULL) {
- return WERR_NOMEM;
- }
-
- msg->dn = ldb_dn_new(msg, b_state->sam_ctx, req->object_dn);
- if ( ! ldb_dn_validate(msg->dn)) {
- r->out.res->res1.status = WERR_OK;
- return WERR_OK;
- }
-
- /* construct mods */
- for (i = 0; i < count; i++) {
- samdb_msg_add_string(b_state->sam_ctx,
- msg, msg, "servicePrincipalName",
- req->spn_names[i].str);
- }
- for (i=0;i<msg->num_elements;i++) {
- switch (req->operation) {
- case DRSUAPI_DS_SPN_OPERATION_ADD:
- msg->elements[i].flags = LDB_FLAG_MOD_ADD;
- break;
- case DRSUAPI_DS_SPN_OPERATION_REPLACE:
- msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
- break;
- case DRSUAPI_DS_SPN_OPERATION_DELETE:
- msg->elements[i].flags = LDB_FLAG_MOD_DELETE;
- break;
- }
- }
-
- /* Apply to database */
-
- ret = ldb_modify(b_state->sam_ctx, msg);
- if (ret != 0) {
- DEBUG(0,("Failed to modify SPNs on %s: %s\n",
- ldb_dn_get_linearized(msg->dn),
- ldb_errstring(b_state->sam_ctx)));
- r->out.res->res1.status = WERR_ACCESS_DENIED;
- } else {
- r->out.res->res1.status = WERR_OK;
- }
-
- return WERR_OK;
- }
- }
-
- return WERR_UNKNOWN_LEVEL;
-}
-
/*
drsuapi_DsRemoveDSServer
diff --git a/source4/rpc_server/drsuapi/dcesrv_drsuapi.h b/source4/rpc_server/drsuapi/dcesrv_drsuapi.h
index 3a64ef5c9c..ba6bb21145 100644
--- a/source4/rpc_server/drsuapi/dcesrv_drsuapi.h
+++ b/source4/rpc_server/drsuapi/dcesrv_drsuapi.h
@@ -47,6 +47,8 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
struct drsuapi_DsGetNCChanges *r);
WERROR dcesrv_drsuapi_DsAddEntry(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
struct drsuapi_DsAddEntry *r);
+WERROR dcesrv_drsuapi_DsWriteAccountSpn(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct drsuapi_DsWriteAccountSpn *r);
char *drs_ObjectIdentifier_to_string(TALLOC_CTX *mem_ctx,
struct drsuapi_DsReplicaObjectIdentifier *nc);
diff --git a/source4/rpc_server/drsuapi/getncchanges.c b/source4/rpc_server/drsuapi/getncchanges.c
index 437dc87ae8..908060a0dd 100644
--- a/source4/rpc_server/drsuapi/getncchanges.c
+++ b/source4/rpc_server/drsuapi/getncchanges.c
@@ -30,6 +30,7 @@
#include "rpc_server/dcerpc_server_proto.h"
#include "../libcli/drsuapi/drsuapi.h"
#include "libcli/security/security.h"
+#include "lib/util/binsearch.h"
/*
build a DsReplicaObjectIdentifier from a ldb msg
@@ -57,6 +58,29 @@ static struct drsuapi_DsReplicaObjectIdentifier *get_object_identifier(TALLOC_CT
return identifier;
}
+static int udv_compare(const struct GUID *guid1, struct GUID guid2)
+{
+ return GUID_compare(guid1, &guid2);
+}
+
+/*
+ see if we can filter an attribute using the uptodateness_vector
+ */
+static bool udv_filter(const struct drsuapi_DsReplicaCursorCtrEx *udv,
+ const struct GUID *originating_invocation_id,
+ uint64_t originating_usn)
+{
+ const struct drsuapi_DsReplicaCursor *c;
+ if (udv == NULL) return false;
+ BINARY_ARRAY_SEARCH(udv->cursors, udv->count, source_dsa_invocation_id,
+ originating_invocation_id, udv_compare, c);
+ if (c && originating_usn <= c->highest_usn) {
+ return true;
+ }
+ return false;
+
+}
+
/*
drsuapi_DsGetNCChanges for one object
*/
@@ -67,7 +91,8 @@ static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItem
struct dsdb_schema *schema,
DATA_BLOB *session_key,
uint64_t highest_usn,
- uint32_t replica_flags)
+ uint32_t replica_flags,
+ struct drsuapi_DsReplicaCursorCtrEx *uptodateness_vector)
{
const struct ldb_val *md_value;
int i, n;
@@ -77,8 +102,10 @@ static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItem
uint32_t *attids;
const char *rdn;
const struct dsdb_attribute *rdn_sa;
+ unsigned int instanceType;
- if (ldb_dn_compare(ncRoot_dn, msg->dn) == 0) {
+ instanceType = ldb_msg_find_attr_as_uint(msg, "instanceType", 0);
+ if (instanceType & INSTANCE_TYPE_IS_NC_HEAD) {
obj->is_nc_prefix = true;
obj->parent_object_guid = NULL;
} else {
@@ -156,6 +183,14 @@ static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItem
}
}
+ /* filter by uptodateness_vector */
+ if (md.ctr.ctr1.array[i].attid != DRSUAPI_ATTRIBUTE_instanceType &&
+ udv_filter(uptodateness_vector,
+ &md.ctr.ctr1.array[i].originating_invocation_id,
+ md.ctr.ctr1.array[i].originating_usn)) {
+ continue;
+ }
+
obj->meta_data_ctr->meta_data[n].originating_change_time = md.ctr.ctr1.array[i].originating_change_time;
obj->meta_data_ctr->meta_data[n].version = md.ctr.ctr1.array[i].version;
obj->meta_data_ctr->meta_data[n].originating_invocation_id = md.ctr.ctr1.array[i].originating_invocation_id;
@@ -164,11 +199,15 @@ static WERROR get_nc_changes_build_object(struct drsuapi_DsReplicaObjectListItem
n++;
}
- /*
- note that if n==0 we still need to send the change, as it
- could be a rename, which changes the uSNChanged, but not any
- of the replicated attributes
- */
+ /* ignore it if its an empty change. Note that renames always
+ * change the 'name' attribute, so they won't be ignored by
+ * this */
+ if (n == 0 ||
+ (n == 1 && attids[0] == DRSUAPI_ATTRIBUTE_instanceType)) {
+ talloc_free(obj->meta_data_ctr);
+ obj->meta_data_ctr = NULL;
+ return WERR_OK;
+ }
obj->meta_data_ctr->count = n;
@@ -302,7 +341,8 @@ static WERROR get_nc_changes_add_links(struct ldb_context *sam_ctx,
uint32_t replica_flags,
struct ldb_message *msg,
struct drsuapi_DsReplicaLinkedAttribute **la_list,
- uint32_t *la_count)
+ uint32_t *la_count,
+ struct drsuapi_DsReplicaCursorCtrEx *uptodateness_vector)
{
int i;
TALLOC_CTX *tmp_ctx = talloc_new(mem_ctx);
@@ -430,6 +470,10 @@ static WERROR get_nc_changes_udv(struct ldb_context *sam_ctx,
struct replUpToDateVectorBlob ouv;
int i;
+ udv->version = 2;
+ udv->reserved1 = 0;
+ udv->reserved2 = 0;
+
werr = load_udv(sam_ctx, udv, ncRoot_dn, &ouv);
if (!W_ERROR_IS_OK(werr)) {
return werr;
@@ -564,6 +608,103 @@ static int site_res_cmp_usn_order(const struct ldb_message **m1, const struct ld
}
+/*
+ handle a DRSUAPI_EXOP_FSMO_RID_ALLOC call
+ */
+static WERROR getncchanges_rid_alloc(struct drsuapi_bind_state *b_state,
+ TALLOC_CTX *mem_ctx,
+ struct drsuapi_DsGetNCChangesRequest8 *req8,
+ struct drsuapi_DsGetNCChangesCtr6 *ctr6)
+{
+ struct ldb_dn *rid_manager_dn, *fsmo_role_dn, *req_dn;
+ int ret;
+ struct ldb_context *ldb = b_state->sam_ctx;
+ struct ldb_result *ext_res;
+ struct ldb_dn *base_dn;
+ struct dsdb_fsmo_extended_op *exop;
+
+ /*
+ steps:
+ - verify that the DN being asked for is the RID Manager DN
+ - verify that we are the RID Manager
+ */
+
+ /* work out who is the RID Manager */
+ ret = samdb_rid_manager_dn(ldb, mem_ctx, &rid_manager_dn);
+ if (ret != LDB_SUCCESS) {
+ DEBUG(0, (__location__ ": Failed to find RID Manager object - %s\n", ldb_errstring(ldb)));
+ return WERR_DS_DRA_INTERNAL_ERROR;
+ }
+
+ req_dn = ldb_dn_new(mem_ctx, ldb, req8->naming_context->dn);
+ if (!req_dn ||
+ !ldb_dn_validate(req_dn) ||
+ ldb_dn_compare(req_dn, rid_manager_dn) != 0) {
+ /* that isn't the RID Manager DN */
+ DEBUG(0,(__location__ ": RID Alloc request for wrong DN %s\n",
+ req8->naming_context->dn));
+ ctr6->extended_ret = DRSUAPI_EXOP_ERR_MISMATCH;
+ return WERR_OK;
+ }
+
+ /* find the DN of the RID Manager */
+ ret = samdb_reference_dn(ldb, mem_ctx, rid_manager_dn, "fSMORoleOwner", &fsmo_role_dn);
+ if (ret != LDB_SUCCESS) {
+ DEBUG(0,(__location__ ": Failed to find fSMORoleOwner in RID Manager object - %s\n",
+ ldb_errstring(ldb)));
+ ctr6->extended_ret = DRSUAPI_EXOP_ERR_FSMO_NOT_OWNER;
+ return WERR_DS_DRA_INTERNAL_ERROR;
+ }
+
+ if (ldb_dn_compare(samdb_ntds_settings_dn(ldb), fsmo_role_dn) != 0) {
+ /* we're not the RID Manager - go away */
+ DEBUG(0,(__location__ ": RID Alloc request when not RID Manager\n"));
+ ctr6->extended_ret = DRSUAPI_EXOP_ERR_FSMO_NOT_OWNER;
+ return WERR_OK;
+ }
+
+ exop = talloc(mem_ctx, struct dsdb_fsmo_extended_op);
+ W_ERROR_HAVE_NO_MEMORY(exop);
+
+ exop->fsmo_info = req8->fsmo_info;
+ exop->destination_dsa_guid = req8->destination_dsa_guid;
+
+ ret = ldb_transaction_start(ldb);
+ if (ret != LDB_SUCCESS) {
+ DEBUG(0,(__location__ ": Failed transaction start - %s\n",
+ ldb_errstring(ldb)));
+ return WERR_DS_DRA_INTERNAL_ERROR;
+ }
+
+ ret = ldb_extended(ldb, DSDB_EXTENDED_ALLOCATE_RID_POOL, exop, &ext_res);
+ if (ret != LDB_SUCCESS) {
+ DEBUG(0,(__location__ ": Failed extended allocation RID pool operation - %s\n",
+ ldb_errstring(ldb)));
+ ldb_transaction_cancel(ldb);
+ return WERR_DS_DRA_INTERNAL_ERROR;
+ }
+
+ ret = ldb_transaction_commit(ldb);
+ if (ret != LDB_SUCCESS) {
+ DEBUG(0,(__location__ ": Failed transaction commit - %s\n",
+ ldb_errstring(ldb)));
+ return WERR_DS_DRA_INTERNAL_ERROR;
+ }
+
+ talloc_free(ext_res);
+
+ base_dn = samdb_base_dn(ldb);
+
+ DEBUG(2,("Allocated RID pool for server %s\n",
+ GUID_string(mem_ctx, &req8->destination_dsa_guid)));
+
+ ctr6->extended_ret = DRSUAPI_EXOP_ERR_SUCCESS;
+
+ return WERR_OK;
+}
+
+
+
/* state of a partially completed getncchanges call */
struct drsuapi_getncchanges_state {
struct ldb_result *site_res;
@@ -574,6 +715,7 @@ struct drsuapi_getncchanges_state {
struct ldb_dn *last_dn;
struct drsuapi_DsReplicaLinkedAttribute *la_list;
uint32_t la_count;
+ struct drsuapi_DsReplicaCursorCtrEx *uptodateness_vector;
};
/*
@@ -609,6 +751,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
struct drsuapi_DsGetNCChangesRequest8 *req8;
uint32_t options;
uint32_t max_objects;
+ struct ldb_dn *search_dn = NULL;
DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
b_state = h->data;
@@ -669,6 +812,28 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
return werr;
}
+ /* we don't yet support extended operations */
+ switch (req8->extended_op) {
+ case DRSUAPI_EXOP_NONE:
+ break;
+
+ case DRSUAPI_EXOP_FSMO_RID_ALLOC:
+ werr = getncchanges_rid_alloc(b_state, mem_ctx, req8, &r->out.ctr->ctr6);
+ W_ERROR_NOT_OK_RETURN(werr);
+ search_dn = samdb_base_dn(b_state->sam_ctx);
+ break;
+
+ case DRSUAPI_EXOP_FSMO_REQ_ROLE:
+ case DRSUAPI_EXOP_FSMO_RID_REQ_ROLE:
+ case DRSUAPI_EXOP_FSMO_REQ_PDC:
+ case DRSUAPI_EXOP_FSMO_ABANDON_ROLE:
+ case DRSUAPI_EXOP_REPL_OBJ:
+ case DRSUAPI_EXOP_REPL_SECRET:
+ DEBUG(0,(__location__ ": Request for DsGetNCChanges unsupported extended op 0x%x\n",
+ (unsigned)req8->extended_op));
+ return WERR_DS_DRA_NOT_SUPPORTED;
+ }
+
getnc_state = b_state->getncchanges_state;
/* see if a previous replication has been abandoned */
@@ -706,13 +871,6 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
return WERR_DS_DRA_INTERNAL_ERROR;
}
- /* we don't yet support extended operations */
- if (req8->extended_op != DRSUAPI_EXOP_NONE) {
- DEBUG(0,(__location__ ": Request for DsGetNCChanges extended op 0x%x\n",
- (unsigned)req8->extended_op));
- return WERR_DS_DRA_NOT_SUPPORTED;
- }
-
/*
TODO: MS-DRSR section 4.1.10.1.1
Work out if this is the start of a new cycle */
@@ -745,10 +903,14 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
scope = LDB_SCOPE_BASE;
}
+ if (!search_dn) {
+ search_dn = getnc_state->ncRoot_dn;
+ }
+
DEBUG(1,(__location__ ": getncchanges on %s using filter %s\n",
ldb_dn_get_linearized(getnc_state->ncRoot_dn), search_filter));
ret = drsuapi_search_with_extended_dn(b_state->sam_ctx, getnc_state, &getnc_state->site_res,
- getnc_state->ncRoot_dn, scope, attrs,
+ search_dn, scope, attrs,
search_filter);
if (ret != LDB_SUCCESS) {
return WERR_DS_DRA_INTERNAL_ERROR;
@@ -766,6 +928,14 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
(comparison_fn_t)site_res_cmp_usn_order);
}
+ getnc_state->uptodateness_vector = talloc_steal(getnc_state, req8->uptodateness_vector);
+ if (getnc_state->uptodateness_vector) {
+ /* make sure its sorted */
+ qsort(getnc_state->uptodateness_vector->cursors,
+ getnc_state->uptodateness_vector->count,
+ sizeof(getnc_state->uptodateness_vector->cursors[0]),
+ (comparison_fn_t)drsuapi_DsReplicaCursor_compare);
+ }
}
/* Prefix mapping */
@@ -821,7 +991,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
werr = get_nc_changes_build_object(obj, msg,
b_state->sam_ctx, getnc_state->ncRoot_dn,
schema, &session_key, getnc_state->min_usn,
- req8->replica_flags);
+ req8->replica_flags, getnc_state->uptodateness_vector);
if (!W_ERROR_IS_OK(werr)) {
return werr;
}
@@ -832,7 +1002,8 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
req8->replica_flags,
msg,
&getnc_state->la_list,
- &getnc_state->la_count);
+ &getnc_state->la_count,
+ getnc_state->uptodateness_vector);
if (!W_ERROR_IS_OK(werr)) {
return werr;
}
@@ -846,7 +1017,7 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
}
if (obj->meta_data_ctr == NULL) {
- DEBUG(0,(__location__ ": getncchanges skipping send of object %s\n",
+ DEBUG(8,(__location__ ": getncchanges skipping send of object %s\n",
ldb_dn_get_linearized(msg->dn)));
/* no attributes to send */
talloc_free(obj);
@@ -902,10 +1073,6 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
b_state->sam_ctx, (ldb_qsort_cmp_fn_t)linked_attribute_compare);
r->out.ctr->ctr6.uptodateness_vector = talloc(mem_ctx, struct drsuapi_DsReplicaCursor2CtrEx);
- r->out.ctr->ctr6.uptodateness_vector->version = 2;
- r->out.ctr->ctr6.uptodateness_vector->reserved1 = 0;
- r->out.ctr->ctr6.uptodateness_vector->reserved2 = 0;
-
r->out.ctr->ctr6.new_highwatermark.highest_usn = r->out.ctr->ctr6.new_highwatermark.tmp_highest_usn;
werr = get_nc_changes_udv(b_state->sam_ctx, getnc_state->ncRoot_dn,
@@ -919,6 +1086,12 @@ WERROR dcesrv_drsuapi_DsGetNCChanges(struct dcesrv_call_state *dce_call, TALLOC_
b_state->getncchanges_state = NULL;
}
+ if (req8->extended_op != DRSUAPI_EXOP_NONE) {
+ r->out.ctr->ctr6.uptodateness_vector = NULL;
+ r->out.ctr->ctr6.nc_object_count = 0;
+ ZERO_STRUCT(r->out.ctr->ctr6.new_highwatermark);
+ }
+
DEBUG(r->out.ctr->ctr6.more_data?2:1,
("DsGetNCChanges with uSNChanged >= %llu flags 0x%08x on %s gave %u objects (done %d/%d la=%d)\n",
(unsigned long long)(req8->highwatermark.highest_usn+1),
diff --git a/source4/rpc_server/drsuapi/writespn.c b/source4/rpc_server/drsuapi/writespn.c
new file mode 100644
index 0000000000..8e20c88fae
--- /dev/null
+++ b/source4/rpc_server/drsuapi/writespn.c
@@ -0,0 +1,145 @@
+/*
+ Unix SMB/CIFS implementation.
+
+ implement the DsWriteAccountSpn call
+
+ Copyright (C) Stefan Metzmacher 2009
+ Copyright (C) Andrew Tridgell 2010
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "includes.h"
+#include "rpc_server/dcerpc_server.h"
+#include "dsdb/samdb/samdb.h"
+#include "rpc_server/drsuapi/dcesrv_drsuapi.h"
+
+/*
+ drsuapi_DsWriteAccountSpn
+*/
+WERROR dcesrv_drsuapi_DsWriteAccountSpn(struct dcesrv_call_state *dce_call, TALLOC_CTX *mem_ctx,
+ struct drsuapi_DsWriteAccountSpn *r)
+{
+ struct drsuapi_bind_state *b_state;
+ struct dcesrv_handle *h;
+
+ *r->out.level_out = r->in.level;
+
+ DCESRV_PULL_HANDLE_WERR(h, r->in.bind_handle, DRSUAPI_BIND_HANDLE);
+ b_state = h->data;
+
+ r->out.res = talloc(mem_ctx, union drsuapi_DsWriteAccountSpnResult);
+ W_ERROR_HAVE_NO_MEMORY(r->out.res);
+
+ switch (r->in.level) {
+ case 1: {
+ struct drsuapi_DsWriteAccountSpnRequest1 *req;
+ struct ldb_message *msg;
+ int count, i, ret;
+ struct ldb_result *res;
+ const char *attrs[] = { "servicePrincipalName", NULL };
+ struct ldb_message_element *el;
+ unsigned spn_count=0;
+
+ req = &r->in.req->req1;
+ count = req->count;
+
+ msg = ldb_msg_new(mem_ctx);
+ if (msg == NULL) {
+ return WERR_NOMEM;
+ }
+
+ msg->dn = ldb_dn_new(msg, b_state->sam_ctx, req->object_dn);
+ if ( ! ldb_dn_validate(msg->dn)) {
+ r->out.res->res1.status = WERR_OK;
+ return WERR_OK;
+ }
+
+ /* load the existing SPNs, as these are
+ * ignored for adds and deletes (see MS-DRSR
+ * section 4.1.28.3)
+ */
+ ret = ldb_search(b_state->sam_ctx, msg, &res, msg->dn, LDB_SCOPE_BASE,
+ attrs, NULL);
+ if (ret != LDB_SUCCESS) {
+ DEBUG(0,("Failed to load existing SPNs on %s: %s\n",
+ ldb_dn_get_linearized(msg->dn),
+ ldb_errstring(b_state->sam_ctx)));
+ r->out.res->res1.status = WERR_DS_OBJ_NOT_FOUND;
+ return WERR_OK;
+ }
+ el = ldb_msg_find_element(res->msgs[0], "servicePrincipalName");
+
+ /* construct mods */
+ for (i = 0; i < count; i++) {
+ bool found = false;
+ int j;
+ for (j=0; el && j<el->num_values; j++) {
+ if (samdb_ldb_val_case_cmp(req->spn_names[i].str, &el->values[j]) == 0) {
+ found = true;
+ break;
+ }
+ }
+ if ((req->operation == DRSUAPI_DS_SPN_OPERATION_ADD && found) ||
+ (req->operation == DRSUAPI_DS_SPN_OPERATION_DELETE && !found)) {
+ continue;
+ }
+ ret = samdb_msg_add_string(b_state->sam_ctx,
+ msg, msg, "servicePrincipalName",
+ req->spn_names[i].str);
+ if (ret != LDB_SUCCESS) {
+ return WERR_NOMEM;
+ }
+ spn_count++;
+ }
+
+ if (msg->num_elements == 0) {
+ DEBUG(2,("No SPNs need changing on %s\n", ldb_dn_get_linearized(msg->dn)));
+ r->out.res->res1.status = WERR_OK;
+ return WERR_OK;
+ }
+
+ for (i=0;i<msg->num_elements;i++) {
+ switch (req->operation) {
+ case DRSUAPI_DS_SPN_OPERATION_ADD:
+ msg->elements[i].flags = LDB_FLAG_MOD_ADD;
+ break;
+ case DRSUAPI_DS_SPN_OPERATION_REPLACE:
+ msg->elements[i].flags = LDB_FLAG_MOD_REPLACE;
+ break;
+ case DRSUAPI_DS_SPN_OPERATION_DELETE:
+ msg->elements[i].flags = LDB_FLAG_MOD_DELETE;
+ break;
+ }
+ }
+
+ /* Apply to database */
+
+ ret = ldb_modify(b_state->sam_ctx, msg);
+ if (ret != 0) {
+ DEBUG(0,("Failed to modify SPNs on %s: %s\n",
+ ldb_dn_get_linearized(msg->dn),
+ ldb_errstring(b_state->sam_ctx)));
+ r->out.res->res1.status = WERR_ACCESS_DENIED;
+ } else {
+ DEBUG(2,("Modified %u SPNs on %s\n", spn_count, ldb_dn_get_linearized(msg->dn)));
+ r->out.res->res1.status = WERR_OK;
+ }
+
+ return WERR_OK;
+ }
+ }
+
+ return WERR_UNKNOWN_LEVEL;
+}
diff --git a/source4/scripting/bin/setup_dns.sh b/source4/scripting/bin/setup_dns.sh
index f20ad145c1..de4485fc07 100755
--- a/source4/scripting/bin/setup_dns.sh
+++ b/source4/scripting/bin/setup_dns.sh
@@ -16,7 +16,7 @@ RSUFFIX=$(echo $DOMAIN | sed s/[\.]/,DC=/g)
PRIVATEDIR=$(bin/testparm --section-name=global --parameter-name='private dir' --suppress-prompt 2> /dev/null)
}
-OBJECTGUID=$(bin/ldbsearch -H "$PRIVATEDIR/sam.ldb" -b "CN=NTDS Settings,CN=$HOSTNAME,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=$RSUFFIX" objectguid|grep ^objectGUID| cut -d: -f2)
+OBJECTGUID=$(bin/ldbsearch -s base -H "$PRIVATEDIR/sam.ldb" -b "CN=NTDS Settings,CN=$HOSTNAME,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,DC=$RSUFFIX" objectguid|grep ^objectGUID| cut -d: -f2)
echo "Found objectGUID $OBJECTGUID"
diff --git a/source4/scripting/bin/upgradeprovision b/source4/scripting/bin/upgradeprovision
index da827ace42..23980cd3da 100755
--- a/source4/scripting/bin/upgradeprovision
+++ b/source4/scripting/bin/upgradeprovision
@@ -66,8 +66,10 @@ GUESS = 0x04
PROVISION = 0x08
CHANGEALL = 0xff
-# Attributes that not copied from the reference provision even if they do not exists in the destination object
-# This is most probably because they are populated automatcally when object is created
+# Attributes that are never copied from the reference provision (even if they
+# do not exist in the destination object).
+# This is most probably because they are populated automatcally when object is
+# created
hashAttrNotCopied = { "dn": 1,"whenCreated": 1,"whenChanged": 1,"objectGUID": 1,"replPropertyMetaData": 1,"uSNChanged": 1,\
"uSNCreated": 1,"parentGUID": 1,"objectCategory": 1,"distinguishedName": 1,\
"showInAdvancedViewOnly": 1,"instanceType": 1, "cn": 1, "msDS-Behavior-Version":1, "nextRid":1,\
@@ -75,8 +77,9 @@ hashAttrNotCopied = { "dn": 1,"whenCreated": 1,"whenChanged": 1,"objectGUID": 1
"dBCSPwd":1,"supplementalCredentials":1,"gPCUserExtensionNames":1, "gPCMachineExtensionNames":1,\
"maxPwdAge":1, "mail":1, "secret":1,"possibleInferiors":1, "sAMAccountType":1}
-# Usually for an object that already exists we do not overwrite attributes as they might have been changed for good
-# reasons. Anyway for a few of thems it's mandatory to replace them otherwise the provision will be broken somehow.
+# Usually for an object that already exists we do not overwrite attributes as
+# they might have been changed for good reasons. Anyway for a few of them it's
+# mandatory to replace them otherwise the provision will be broken somehow.
hashOverwrittenAtt = { "prefixMap": replace, "systemMayContain": replace,"systemOnly":replace, "searchFlags":replace,\
"mayContain":replace, "systemFlags":replace,"description":replace,
"oEMInformation":replace, "operatingSystemVersion":replace, "adminPropertyPages":replace,
@@ -167,11 +170,13 @@ def get_paths(targetdir=None,smbconf=None):
lp = param.LoadParm()
lp.load(smbconf)
-# Normaly we need the domain name for this function but for our needs it's pointless
+# Normally we need the domain name for this function but for our needs it's
+# pointless
paths = provision_paths_from_lp(lp,"foo")
return paths
-# This function guess(fetch) informations needed to make a fresh provision from the current provision
+# This function guesses (fetches) informations needed to make a fresh provision
+# from the current provision
# It includes: realm, workgroup, partitions, netbiosname, domain guid, ...
def guess_names_from_current_provision(credentials,session_info,paths):
lp = param.LoadParm()
@@ -191,11 +196,13 @@ def guess_names_from_current_provision(credentials,session_info,paths):
names.netbiosname = str(res[0]["sAMAccountName"]).replace("$","")
names.smbconf = smbconf
- #It's important here to let ldb load with the old module or it's quite certain that the LDB won't load ...
+ # It's important here to let ldb load with the old module or it's quite
+ # certain that the LDB won't load ...
samdb = Ldb(paths.samdb, session_info=session_info,
credentials=credentials, lp=lp, options=["modules:samba_dsdb"])
- # That's a bit simplistic but it's ok as long as we have only 3 partitions
+ # That's a bit simplistic but it's ok as long as we have only 3
+ # partitions
attrs2 = ["defaultNamingContext", "schemaNamingContext","configurationNamingContext","rootDomainNamingContext"]
current = samdb.search(expression="(objectClass=*)",base="", scope=SCOPE_BASE, attrs=attrs2)
@@ -311,9 +318,10 @@ def newprovision(names,setup_dir,creds,session,smbconf):
ldap_dryrun_mode=None)
return provdir
-# This function sorts two dn in the lexicographical order and put higher level DN before
-# So given the dns cn=bar,cn=foo and cn=foo the later will be return as smaller (-1) as it has less
-# level
+# This function sorts two DNs in the lexicographical order and put higher level
+# DN before.
+# So given the dns cn=bar,cn=foo and cn=foo the later will be return as smaller
+# (-1) as it has less level
def dn_sort(x,y):
p = re.compile(r'(?<!\\),')
tab1 = p.split(str(x))
@@ -343,7 +351,7 @@ def dn_sort(x,y):
return -1
return ret
-# check from security descriptors modifications return 1 if it is 0 otherwise
+# Check for security descriptors modifications return 1 if it is and 0 otherwise
# it also populate hash structure for later use in the upgrade process
def handle_security_desc(ischema,att,msgElt,hashallSD,old,new):
if ischema == 1 and att == "defaultSecurityDescriptor" and msgElt.flags() == ldb.FLAG_MOD_REPLACE:
@@ -361,8 +369,8 @@ def handle_security_desc(ischema,att,msgElt,hashallSD,old,new):
return 1
return 0
-# Hangle special cases ... That's when we want to update an attribute only
-# if it has a certain value or if it's for a certain object or
+# Handle special cases ... That's when we want to update a particular attribute
+# only, e.g. if it has a certain value or if it's for a certain object or
# a class of object.
# It can be also if we want to do a merge of value instead of a simple replace
def handle_special_case(att,delta,new,old,ischema):
@@ -431,7 +439,8 @@ def update_secrets(newpaths,paths,creds,session):
for i in range(0,len(reference)):
hash_new[str(reference[i]["dn"]).lower()] = reference[i]["dn"]
- # Create a hash for speeding the search of existing object in the current provision
+ # Create a hash for speeding the search of existing object in the
+ # current provision
for i in range(0,len(current)):
hash[str(current[i]["dn"]).lower()] = current[i]["dn"]
@@ -486,9 +495,9 @@ def update_secrets(newpaths,paths,creds,session):
# Check difference between the current provision and the reference provision.
-# It looks for all object which base DN is name if ischema is false then scan is done in
-# cross partition mode.
-# If ischema is true, then special handling is done for dealing with schema
+# It looks for all objects which base DN is name. If ischema is "false" then
+# the scan is done in cross partition mode.
+# If "ischema" is true, then special handling is done for dealing with schema
def check_diff_name(newpaths,paths,creds,session,basedn,names,ischema):
hash_new = {}
hash = {}
@@ -497,7 +506,8 @@ def check_diff_name(newpaths,paths,creds,session,basedn,names,ischema):
listPresent = []
reference = []
current = []
- # Connect to the reference provision and get all the attribute in the partition referred by name
+ # Connect to the reference provision and get all the attribute in the
+ # partition referred by name
newsam_ldb = Ldb(newpaths.samdb, session_info=session, credentials=creds,lp=lp)
sam_ldb = Ldb(paths.samdb, session_info=session, credentials=creds,lp=lp, options=["modules:samba_dsdb"])
sam_ldb.transaction_start()
@@ -513,7 +523,8 @@ def check_diff_name(newpaths,paths,creds,session,basedn,names,ischema):
for i in range(0,len(reference)):
hash_new[str(reference[i]["dn"]).lower()] = reference[i]["dn"]
- # Create a hash for speeding the search of existing object in the current provision
+ # Create a hash for speeding the search of existing object in the
+ # current provision
for i in range(0,len(current)):
hash[str(current[i]["dn"]).lower()] = current[i]["dn"]
@@ -523,40 +534,78 @@ def check_diff_name(newpaths,paths,creds,session,basedn,names,ischema):
else:
listPresent.append(hash_new[k])
- # Sort the missing object in order to have object of the lowest level first (which can be
- # containers for higher level objects)
+ # Sort the missing object in order to have object of the lowest level
+ # first (which can be containers for higher level objects)
listMissing.sort(dn_sort)
listPresent.sort(dn_sort)
if ischema:
- # The following lines (up to the for loop) is to load the up to date schema into our current LDB
- # a complete schema is needed as the insertion of attributes and class is done against it
+ # The following lines (up to the for loop) is to load the up to
+ # date schema into our current LDB
+ # a complete schema is needed as the insertion of attributes
+ # and class is done against it
# and the schema is self validated
- # The double ldb open and schema validation is taken from the initial provision script
+ # The double ldb open and schema validation is taken from the
+ # initial provision script
# it's not certain that it is really needed ....
sam_ldb = Ldb(session_info=session, credentials=creds, lp=lp)
schema = Schema(setup_path, names.domainsid, schemadn=basedn, serverdn=str(names.serverdn))
# Load the schema from the one we computed earlier
sam_ldb.set_schema_from_ldb(schema.ldb)
- # And now we can connect to the DB - the schema won't be loaded from the DB
+ # And now we can connect to the DB - the schema won't be loaded
+ # from the DB
sam_ldb.connect(paths.samdb)
else:
sam_ldb = Ldb(paths.samdb, session_info=session, credentials=creds,lp=lp, options=["modules:samba_dsdb"])
sam_ldb.transaction_start()
- empty = ldb.Message()
- message(SIMPLE,"There are %d missing objects"%(len(listMissing)))
- for dn in listMissing:
- reference = newsam_ldb.search(expression="dn=%s"%(str(dn)),base=basedn, scope=SCOPE_SUBTREE,controls=["search_options:1:2"])
- delta = sam_ldb.msg_diff(empty,reference[0])
- for att in hashAttrNotCopied.keys():
- delta.remove(att)
- for att in backlinked:
- delta.remove(att)
- delta.dn = dn
+ err_num = 0
+ err_msg = ""
+ while len(listMissing) > 0:
+ listMissing2 = []
+
+ empty = ldb.Message()
+ message(SIMPLE,"There are still %d objects missing"%(len(listMissing)))
- sam_ldb.add(delta,["relax:0"])
+ for dn in listMissing:
+ reference = newsam_ldb.search(expression="dn=%s" % (str(dn)),
+ base=basedn, scope=SCOPE_SUBTREE,
+ controls=["search_options:1:2"])
+ delta = sam_ldb.msg_diff(empty,reference[0])
+ for att in hashAttrNotCopied.keys():
+ delta.remove(att)
+ for att in backlinked:
+ delta.remove(att)
+ delta.dn = dn
+
+ try:
+ sam_ldb.add(delta,["relax:0"])
+ # This is needed here since otherwise the
+ # "replmd_meta_data" module doesn't see the
+ # updated data
+ sam_ldb.transaction_commit()
+ sam_ldb.transaction_start()
+ except LdbError, (num, msg):
+ # An exception can happen if a linked object
+ # doesn't exist which can happen if it is also
+ # to be added
+ err_num = num
+ err_msg = msg
+ listMissing2.append(dn)
+
+ if len(listMissing2) == len(listMissing):
+ # We couldn't add any object in this iteration ->
+ # we have to resign and hope that the user manually
+ # fixes the damage
+
+ message(ERROR, "The script isn't capable to do the upgrade fully automatically!")
+ message(ERROR, "Often this happens when important system objects moved their location. Please look for them (for example doable using the displayed 'sAMAccountName' attribute), backup if personally changed and remove them.")
+ message(ERROR, "Reinvoke this script and reapply eventual modifications done before. It is possible to get this error more than once (for each problematic object).")
+
+ raise LdbError(err_num, err_msg)
+
+ listMissing = listMissing2
changed = 0
for dn in listPresent:
@@ -626,7 +675,8 @@ def check_updated_sd(newpaths,paths,creds,session,names):
print "%s new sddl/sddl in ref"%key
print "%s\n%s"%(sddl,hash_new[key])
-# Simple update method for updating the SD that rely on the fact that nobody should have modified the SD
+# Simple update method for updating the SD that rely on the fact that nobody
+# should have modified the SD
# This assumption is safe right now (alpha9) but should be removed asap
def update_sd(paths,creds,session,names):
sam_ldb = Ldb(paths.samdb, session_info=session, credentials=creds,lp=lp,options=["modules:samba_dsdb"])
@@ -748,7 +798,7 @@ def update_machine_account_password(paths,creds,session,names):
secretsdb_self_join(secrets_ldb, domain=names.domain,
realm=names.realm,
- domainsid=names.domainsid,
+ domainsid=names.domainsid,
dnsdomain=names.dnsdomain,
netbiosname=names.netbiosname,
machinepass=machinepass,
diff --git a/source4/scripting/devel/tmpfs.sh b/source4/scripting/devel/tmpfs.sh
new file mode 100755
index 0000000000..5604f68dd7
--- /dev/null
+++ b/source4/scripting/devel/tmpfs.sh
@@ -0,0 +1,13 @@
+#!/bin/bash
+
+# This sets up bin/ and st/ as tmpfs filesystems, which saves a lot of
+# time waiting on the disk!
+
+rm -rf bin st
+mkdir -p bin st || exit 1
+sudo mount -t tmpfs /dev/null bin || exit 1
+sudo chown $USER bin || exit 1
+echo "tmpfs setup for bin/"
+sudo mount -t tmpfs /dev/null st || exit 1
+sudo chown $USER st || exit 1
+echo "tmpfs setup for st/"
diff --git a/source4/scripting/python/samba/__init__.py b/source4/scripting/python/samba/__init__.py
index 5d61c1bd8c..d7df6b979b 100644
--- a/source4/scripting/python/samba/__init__.py
+++ b/source4/scripting/python/samba/__init__.py
@@ -255,7 +255,10 @@ class Ldb(ldb.Ldb):
:param ldif: LDIF text.
"""
for changetype, msg in self.parse_ldif(ldif):
- self.modify(msg, controls)
+ if (changetype == ldb.CHANGETYPE_ADD):
+ self.add(msg, controls)
+ else:
+ self.modify(msg, controls)
def set_domain_sid(self, sid):
"""Change the domain SID used by this LDB.
diff --git a/source4/scripting/python/samba/ms_schema.py b/source4/scripting/python/samba/ms_schema.py
index a4eed581c6..9f5ebcf8cc 100644
--- a/source4/scripting/python/samba/ms_schema.py
+++ b/source4/scripting/python/samba/ms_schema.py
@@ -229,6 +229,8 @@ def __transform_entry(entry, objectClass):
entry.insert(1, ["objectClass", ["top", objectClass]])
entry.insert(2, ["cn", cn])
entry.insert(2, ["objectGUID", str(uuid.uuid4())])
+ entry.insert(2, ["adminDescription", cn])
+ entry.insert(2, ["adminDisplayName", cn])
for l in entry:
key = l[0].lower()
diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index d7d0a790ca..a71b561a86 100644
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -793,9 +793,9 @@ def setup_self_join(samdb, names,
"DEFAULTSITE": names.sitename,
"DNSNAME": "%s.%s" % (names.hostname, names.dnsdomain),
"MACHINEPASS_B64": b64encode(machinepass),
- "DNSPASS_B64": b64encode(dnspass),
"REALM": names.realm,
"DOMAIN": names.domain,
+ "DOMAINSID": str(domainsid),
"DNSDOMAIN": names.dnsdomain,
"SAMBA_VERSION_STRING": version,
"NTDSGUID": ntdsguid_line,
@@ -824,7 +824,8 @@ def setup_self_join(samdb, names,
"DEFAULTSITE": names.sitename,
"SERVERDN": names.serverdn,
"NETBIOSNAME": names.netbiosname,
- "NTDSGUID": names.ntdsguid
+ "NTDSGUID": names.ntdsguid,
+ "DNSPASS_B64": b64encode(dnspass),
})
@@ -892,10 +893,7 @@ def setup_samdb(path, setup_path, session_info, provision_backend, lp,
samdb.set_opaque_integer("domainControllerFunctionality", domainControllerFunctionality)
samdb.set_domain_sid(str(domainsid))
- if serverrole == "domain controller":
- samdb.set_invocation_id(invocationid)
- # NOTE: the invocationid for standalone and member server
- # cases is setup in the sambd_dsdb module init function
+ samdb.set_invocation_id(invocationid)
message("Adding DomainDN: %s" % names.domaindn)
@@ -945,6 +943,14 @@ def setup_samdb(path, setup_path, session_info, provision_backend, lp,
setup_add_ldif(samdb, setup_path("aggregate_schema.ldif"),
{"SCHEMADN": names.schemadn})
+ message("Reopening sam.ldb with new schema");
+ samdb.transaction_commit()
+ samdb = Ldb(session_info=session_info,
+ credentials=provision_backend.credentials, lp=lp)
+ samdb.connect(path)
+ samdb.transaction_start()
+ samdb.set_invocation_id(invocationid)
+
message("Setting up sam.ldb configuration data")
setup_add_ldif(samdb, setup_path("provision_configuration.ldif"), {
"CONFIGDN": names.configdn,
@@ -1003,21 +1009,20 @@ def setup_samdb(path, setup_path, session_info, provision_backend, lp,
"KRBTGTPASS_B64": b64encode(krbtgtpass),
})
- if serverrole == "domain controller":
- message("Setting up self join")
- setup_self_join(samdb, names=names, invocationid=invocationid,
- dnspass=dnspass,
- machinepass=machinepass,
- domainsid=domainsid, policyguid=policyguid,
- policyguid_dc=policyguid_dc,
- setup_path=setup_path,
- domainControllerFunctionality=domainControllerFunctionality,
- ntdsguid=ntdsguid)
-
- ntds_dn = "CN=NTDS Settings,CN=%s,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,%s" % (names.hostname, names.domaindn)
- names.ntdsguid = samdb.searchone(basedn=ntds_dn,
- attribute="objectGUID", expression="", scope=SCOPE_BASE)
- assert isinstance(names.ntdsguid, str)
+ message("Setting up self join")
+ setup_self_join(samdb, names=names, invocationid=invocationid,
+ dnspass=dnspass,
+ machinepass=machinepass,
+ domainsid=domainsid, policyguid=policyguid,
+ policyguid_dc=policyguid_dc,
+ setup_path=setup_path,
+ domainControllerFunctionality=domainControllerFunctionality,
+ ntdsguid=ntdsguid)
+
+ ntds_dn = "CN=NTDS Settings,CN=%s,CN=Servers,CN=Default-First-Site-Name,CN=Sites,CN=Configuration,%s" % (names.hostname, names.domaindn)
+ names.ntdsguid = samdb.searchone(basedn=ntds_dn,
+ attribute="objectGUID", expression="", scope=SCOPE_BASE)
+ assert isinstance(names.ntdsguid, str)
except:
samdb.transaction_cancel()
@@ -1136,7 +1141,7 @@ def provision(setup_dir, message, session_info,
serverrole = lp.get("server role")
assert serverrole in ("domain controller", "member server", "standalone")
- if invocationid is None and serverrole == "domain controller":
+ if invocationid is None:
invocationid = str(uuid.uuid4())
if not os.path.exists(paths.private_dir):
diff --git a/source4/scripting/python/samba/schema.py b/source4/scripting/python/samba/schema.py
index 8913e53b00..f702e9829f 100644
--- a/source4/scripting/python/samba/schema.py
+++ b/source4/scripting/python/samba/schema.py
@@ -35,16 +35,20 @@ from ldb import SCOPE_SUBTREE, SCOPE_ONELEVEL, SCOPE_BASE
import os
def get_schema_descriptor(domain_sid):
- sddl = "O:SAG:SAD:(A;CI;RPLCLORC;;;AU)(A;CI;RPWPCRCCLCLORCWOWDSW;;;SA)" \
- "(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)" \
- "(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;ED)" \
- "(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)" \
- "(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)" \
- "(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)" \
- "S:(AU;SA;WPCCDCWOWDSDDTSW;;;WD)" \
- "(AU;CISA;WP;;;WD)(AU;SA;CR;;;BA)" \
- "(AU;SA;CR;;;DU)(OU;SA;CR;e12b56b6-0a95-11d1-adbb-00c04fd8d5cd;;WD)" \
- "(OU;SA;CR;45ec5156-db7e-47bb-b53f-dbeb2d03c40f;;WD)"
+ sddl = "O:SAG:SAD:AI(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c" \
+ ";;ER)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ER)(OA;;CR;1131f6ad-9c07-1" \
+ "1d1-f79f-00c04fc2dcd2;;ER)(OA;;CR;e12b56b6-0a95-11d1-adbb-00c04fd8d5cd;;SA)(O" \
+ "A;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)(OA;;CR;1131f6aa-9c07-11d1-f79" \
+ "f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1" \
+ "131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04" \
+ "fc2dcd2;;BA)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)(OA;;CR;1131f6aa" \
+ "-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2" \
+ ";;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ad-9c07-1" \
+ "1d1-f79f-00c04fc2dcd2;;ED)(A;;RPWPCCDCLCLORCWOWDSDDTSW;;;LA)(A;CI;RPWPCRCCLCL" \
+ "ORCWOWDSW;;;SA)(A;CI;RPLCLORC;;;AU)(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)S:(O" \
+ "U;SA;CR;45ec5156-db7e-47bb-b53f-dbeb2d03c40f;;WD)(OU;SA;CR;e12b56b6-0a95-11d1" \
+ "-adbb-00c04fd8d5cd;;WD)(AU;SA;CR;;;DU)(AU;SA;CR;;;BA)(AU;SA;WPCCDCWOWDSDDTSW;" \
+ ";;WD)(AU;CISA;WP;;;WD)"
sec = security.descriptor.from_sddl(sddl, domain_sid)
return ndr_pack(sec)
@@ -64,8 +68,8 @@ class Schema(object):
self.schemadn = schemadn
self.ldb = Ldb()
- self.schema_data = read_ms_schema(setup_path('ad-schema/MS-AD_Schema_2K8_Attributes.txt'),
- setup_path('ad-schema/MS-AD_Schema_2K8_Classes.txt'))
+ self.schema_data = read_ms_schema(setup_path('ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt'),
+ setup_path('ad-schema/MS-AD_Schema_2K8_R2_Classes.txt'))
if files is not None:
for file in files:
diff --git a/source4/selftest/knownfail b/source4/selftest/knownfail
index 93a9f38cd2..0c3fd7ca98 100644
--- a/source4/selftest/knownfail
+++ b/source4/selftest/knownfail
@@ -40,6 +40,7 @@ rpc.netlogon.*.DatabaseRedo
rpc.netlogon.*.ServerGetTrustInfo
rpc.netlogon.*.GetDomainInfo # Also fails against W2K8 (but in a different way)
samba4.rpc.samr.passwords.pwdlastset # Not provided by Samba 4 yet
+samba4.rpc.samr.passwords.badpwdcount # Not provided by Samba 4 yet
samba4.rpc.samr.users.privileges
samba4.rpc.spoolss # Not provided by Samba 4 yet
base.charset.*.Testing partial surrogate
diff --git a/source4/setup/ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt b/source4/setup/ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt
new file mode 100644
index 0000000000..fef134794e
--- /dev/null
+++ b/source4/setup/ad-schema/MS-AD_Schema_2K8_R2_Attributes.txt
@@ -0,0 +1,16060 @@
+#Intellectual Property Rights Notice for Protocol Documentation
+#• Copyrights. This protocol documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you may make copies of it in order to develop implementations of the protocols, and may distribute portions of it in your implementations of the protocols or your documentation as necessary to properly document the implementation. You may also distribute in your implementation, with or without modification, any schema, IDL’s, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the protocol documentation.
+#• No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation.
+#• Patents. Microsoft has patents that may cover your implementations of the protocols. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, the protocols may be covered by Microsoft’s Open Specification Promise (available here: http://www.microsoft.com/interop/osp). If you would prefer a written license, or if the protocols are not covered by the OSP, patent licenses are available by contacting protocol@microsoft.com.
+#• Trademarks. The names of companies and products contained in this documentation may be covered by trademarks or similar intellectual property rights. This notice does not grant any licenses under those rights.
+#Reservation of Rights. All other rights are reserved, and this notice does not grant any rights other than specifically described above, whether by implication, estoppel, or otherwise.
+#Tools. This protocol documentation is intended for use in conjunction with publicly available standard specifications and network programming art, and assumes that the reader either is familiar with the aforementioned material or has immediate access to it. A protocol specification does not require the use of Microsoft programming tools or programming environments in order for you to develop an implementation. If you have access to Microsoft programming tools and environments you are free to take advantage of them.
+#
+
+
+cn: Account-Expires
+ldapDisplayName: accountExpires
+attributeId: 1.2.840.113556.1.4.159
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967915-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 4c164200-20c0-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Account-Name-History
+ldapDisplayName: accountNameHistory
+attributeId: 1.2.840.113556.1.4.1307
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 031952ec-3b72-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Aggregate-Token-Rate-Per-User
+ldapDisplayName: aCSAggregateTokenRatePerUser
+attributeId: 1.2.840.113556.1.4.760
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 7f56127d-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Allocable-RSVP-Bandwidth
+ldapDisplayName: aCSAllocableRSVPBandwidth
+attributeId: 1.2.840.113556.1.4.766
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 7f561283-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Cache-Timeout
+ldapDisplayName: aCSCacheTimeout
+attributeId: 1.2.840.113556.1.4.779
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1cb355a1-56d0-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Direction
+ldapDisplayName: aCSDirection
+attributeId: 1.2.840.113556.1.4.757
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7f56127a-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-DSBM-DeadTime
+ldapDisplayName: aCSDSBMDeadTime
+attributeId: 1.2.840.113556.1.4.778
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1cb355a0-56d0-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-DSBM-Priority
+ldapDisplayName: aCSDSBMPriority
+attributeId: 1.2.840.113556.1.4.776
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1cb3559e-56d0-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-DSBM-Refresh
+ldapDisplayName: aCSDSBMRefresh
+attributeId: 1.2.840.113556.1.4.777
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1cb3559f-56d0-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Enable-ACS-Service
+ldapDisplayName: aCSEnableACSService
+attributeId: 1.2.840.113556.1.4.770
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 7f561287-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Enable-RSVP-Accounting
+ldapDisplayName: aCSEnableRSVPAccounting
+attributeId: 1.2.840.113556.1.4.899
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: f072230e-aef5-11d1-bdcf-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Enable-RSVP-Message-Logging
+ldapDisplayName: aCSEnableRSVPMessageLogging
+attributeId: 1.2.840.113556.1.4.768
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 7f561285-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Event-Log-Level
+ldapDisplayName: aCSEventLogLevel
+attributeId: 1.2.840.113556.1.4.769
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7f561286-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Identity-Name
+ldapDisplayName: aCSIdentityName
+attributeId: 1.2.840.113556.1.4.784
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: dab029b6-ddf7-11d1-90a5-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Max-Aggregate-Peak-Rate-Per-User
+ldapDisplayName: aCSMaxAggregatePeakRatePerUser
+attributeId: 1.2.840.113556.1.4.897
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: f072230c-aef5-11d1-bdcf-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Max-Duration-Per-Flow
+ldapDisplayName: aCSMaxDurationPerFlow
+attributeId: 1.2.840.113556.1.4.761
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7f56127e-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Maximum-SDU-Size
+ldapDisplayName: aCSMaximumSDUSize
+attributeId: 1.2.840.113556.1.4.1314
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 87a2d8f9-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Max-No-Of-Account-Files
+ldapDisplayName: aCSMaxNoOfAccountFiles
+attributeId: 1.2.840.113556.1.4.901
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: f0722310-aef5-11d1-bdcf-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Max-No-Of-Log-Files
+ldapDisplayName: aCSMaxNoOfLogFiles
+attributeId: 1.2.840.113556.1.4.774
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1cb3559c-56d0-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Max-Peak-Bandwidth
+ldapDisplayName: aCSMaxPeakBandwidth
+attributeId: 1.2.840.113556.1.4.767
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 7f561284-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Max-Peak-Bandwidth-Per-Flow
+ldapDisplayName: aCSMaxPeakBandwidthPerFlow
+attributeId: 1.2.840.113556.1.4.759
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 7f56127c-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Max-Size-Of-RSVP-Account-File
+ldapDisplayName: aCSMaxSizeOfRSVPAccountFile
+attributeId: 1.2.840.113556.1.4.902
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: f0722311-aef5-11d1-bdcf-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Max-Size-Of-RSVP-Log-File
+ldapDisplayName: aCSMaxSizeOfRSVPLogFile
+attributeId: 1.2.840.113556.1.4.775
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1cb3559d-56d0-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Max-Token-Bucket-Per-Flow
+ldapDisplayName: aCSMaxTokenBucketPerFlow
+attributeId: 1.2.840.113556.1.4.1313
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 81f6e0df-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Max-Token-Rate-Per-Flow
+ldapDisplayName: aCSMaxTokenRatePerFlow
+attributeId: 1.2.840.113556.1.4.758
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 7f56127b-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Minimum-Delay-Variation
+ldapDisplayName: aCSMinimumDelayVariation
+attributeId: 1.2.840.113556.1.4.1317
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 9c65329b-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Minimum-Latency
+ldapDisplayName: aCSMinimumLatency
+attributeId: 1.2.840.113556.1.4.1316
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 9517fefb-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Minimum-Policed-Size
+ldapDisplayName: aCSMinimumPolicedSize
+attributeId: 1.2.840.113556.1.4.1315
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 8d0e7195-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Non-Reserved-Max-SDU-Size
+ldapDisplayName: aCSNonReservedMaxSDUSize
+attributeId: 1.2.840.113556.1.4.1320
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: aec2cfe3-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Non-Reserved-Min-Policed-Size
+ldapDisplayName: aCSNonReservedMinPolicedSize
+attributeId: 1.2.840.113556.1.4.1321
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: b6873917-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Non-Reserved-Peak-Rate
+ldapDisplayName: aCSNonReservedPeakRate
+attributeId: 1.2.840.113556.1.4.1318
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: a331a73f-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Non-Reserved-Token-Size
+ldapDisplayName: aCSNonReservedTokenSize
+attributeId: 1.2.840.113556.1.4.1319
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: a916d7c9-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Non-Reserved-Tx-Limit
+ldapDisplayName: aCSNonReservedTxLimit
+attributeId: 1.2.840.113556.1.4.780
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 1cb355a2-56d0-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Non-Reserved-Tx-Size
+ldapDisplayName: aCSNonReservedTxSize
+attributeId: 1.2.840.113556.1.4.898
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: f072230d-aef5-11d1-bdcf-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Permission-Bits
+ldapDisplayName: aCSPermissionBits
+attributeId: 1.2.840.113556.1.4.765
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 7f561282-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Policy-Name
+ldapDisplayName: aCSPolicyName
+attributeId: 1.2.840.113556.1.4.772
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1cb3559a-56d0-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Priority
+ldapDisplayName: aCSPriority
+attributeId: 1.2.840.113556.1.4.764
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7f561281-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-RSVP-Account-Files-Location
+ldapDisplayName: aCSRSVPAccountFilesLocation
+attributeId: 1.2.840.113556.1.4.900
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f072230f-aef5-11d1-bdcf-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-RSVP-Log-Files-Location
+ldapDisplayName: aCSRSVPLogFilesLocation
+attributeId: 1.2.840.113556.1.4.773
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1cb3559b-56d0-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Server-List
+ldapDisplayName: aCSServerList
+attributeId: 1.2.840.113556.1.4.1312
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7cbd59a5-3b90-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Service-Type
+ldapDisplayName: aCSServiceType
+attributeId: 1.2.840.113556.1.4.762
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7f56127f-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Time-Of-Day
+ldapDisplayName: aCSTimeOfDay
+attributeId: 1.2.840.113556.1.4.756
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7f561279-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Total-No-Of-Flows
+ldapDisplayName: aCSTotalNoOfFlows
+attributeId: 1.2.840.113556.1.4.763
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7f561280-5301-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Additional-Information
+ldapDisplayName: notes
+attributeId: 1.2.840.113556.1.4.265
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 6d05fb41-246b-11d0-a9c8-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 32768
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Additional-Trusted-Service-Names
+ldapDisplayName: additionalTrustedServiceNames
+attributeId: 1.2.840.113556.1.4.889
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 032160be-9824-11d1-aec0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Address
+ldapDisplayName: streetAddress
+attributeId: 1.2.840.113556.1.2.256
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f0f8ff84-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 1024
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14889
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Address-Book-Roots
+ldapDisplayName: addressBookRoots
+attributeId: 1.2.840.113556.1.4.1244
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: f70b6e48-06f4-11d2-aa53-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Address-Book-Roots2
+ldapDisplayName: addressBookRoots2
+attributeId: 1.2.840.113556.1.4.2046
+attributeSyntax: 2.5.5.1
+linkID: 2122
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 508ca374-a511-4e4e-9f4f-856f61a6b7e4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Address-Entry-Display-Table
+ldapDisplayName: addressEntryDisplayTable
+attributeId: 1.2.840.113556.1.2.324
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5fd42461-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+mapiID: 32791
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Address-Entry-Display-Table-MSDOS
+ldapDisplayName: addressEntryDisplayTableMSDOS
+attributeId: 1.2.840.113556.1.2.400
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5fd42462-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+mapiID: 32839
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Address-Home
+ldapDisplayName: homePostalAddress
+attributeId: 1.2.840.113556.1.2.617
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 16775781-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 4096
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14941
+systemFlags: 0
+
+cn: Address-Syntax
+ldapDisplayName: addressSyntax
+attributeId: 1.2.840.113556.1.2.255
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5fd42463-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 4096
+mapiID: 32792
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Address-Type
+ldapDisplayName: addressType
+attributeId: 1.2.840.113556.1.2.350
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: TRUE
+schemaIdGuid: 5fd42464-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32
+mapiID: 32840
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Admin-Context-Menu
+ldapDisplayName: adminContextMenu
+attributeId: 1.2.840.113556.1.4.614
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 553fd038-f32e-11d0-b0bc-00c04fd8dca6
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Admin-Count
+ldapDisplayName: adminCount
+attributeId: 1.2.840.113556.1.4.150
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967918-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Admin-Description
+ldapDisplayName: adminDescription
+attributeId: 1.2.840.113556.1.2.226
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967919-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 1024
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+mapiID: 32842
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Admin-Display-Name
+ldapDisplayName: adminDisplayName
+attributeId: 1.2.840.113556.1.2.194
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf96791a-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+mapiID: 32843
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Admin-Multiselect-Property-Pages
+ldapDisplayName: adminMultiselectPropertyPages
+attributeId: 1.2.840.113556.1.4.1690
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 18f9b67d-5ac6-4b3b-97db-d0a406afb7ba
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Admin-Property-Pages
+ldapDisplayName: adminPropertyPages
+attributeId: 1.2.840.113556.1.4.562
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 52458038-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Allowed-Attributes
+ldapDisplayName: allowedAttributes
+attributeId: 1.2.840.113556.1.4.913
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad940-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Allowed-Attributes-Effective
+ldapDisplayName: allowedAttributesEffective
+attributeId: 1.2.840.113556.1.4.914
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad941-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Allowed-Child-Classes
+ldapDisplayName: allowedChildClasses
+attributeId: 1.2.840.113556.1.4.911
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad942-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Allowed-Child-Classes-Effective
+ldapDisplayName: allowedChildClassesEffective
+attributeId: 1.2.840.113556.1.4.912
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad943-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Alt-Security-Identities
+ldapDisplayName: altSecurityIdentities
+attributeId: 1.2.840.113556.1.4.867
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 00fbf30c-91fe-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ANR
+ldapDisplayName: aNR
+attributeId: 1.2.840.113556.1.4.1208
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 45b01500-c419-11d1-bbc9-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Application-Name
+ldapDisplayName: applicationName
+attributeId: 1.2.840.113556.1.4.218
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: dd712226-10e4-11d0-a05f-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Applies-To
+ldapDisplayName: appliesTo
+attributeId: 1.2.840.113556.1.4.341
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 8297931d-86d3-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 36
+rangeUpper: 36
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: App-Schema-Version
+ldapDisplayName: appSchemaVersion
+attributeId: 1.2.840.113556.1.4.848
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 96a7dd65-9118-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Asset-Number
+ldapDisplayName: assetNumber
+attributeId: 1.2.840.113556.1.4.283
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ba305f75-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Assistant
+ldapDisplayName: assistant
+attributeId: 1.2.840.113556.1.4.652
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 0296c11c-40da-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: associatedDomain
+ldapDisplayName: associatedDomain
+attributeId: 0.9.2342.19200300.100.1.37
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 3320fc38-c379-4c17-a510-1bdf6133c5da
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 256
+
+cn: associatedName
+ldapDisplayName: associatedName
+attributeId: 0.9.2342.19200300.100.1.38
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: f7fbfc45-85ab-42a4-a435-780e62f7858b
+systemOnly: FALSE
+searchFlags: 0
+
+cn: Assoc-NT-Account
+ldapDisplayName: assocNTAccount
+attributeId: 1.2.840.113556.1.4.1213
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 398f63c0-ca60-11d1-bbd1-0000f81f10c0
+systemOnly: FALSE
+searchFlags: 0
+
+cn: attributeCertificateAttribute
+ldapDisplayName: attributeCertificateAttribute
+attributeId: 2.5.4.58
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: fa4693bb-7bc2-4cb9-81a8-c99c43b7905e
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: 0
+
+cn: Attribute-Display-Names
+ldapDisplayName: attributeDisplayNames
+attributeId: 1.2.840.113556.1.4.748
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: cb843f80-48d9-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Attribute-ID
+ldapDisplayName: attributeID
+attributeId: 1.2.840.113556.1.2.30
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: TRUE
+schemaIdGuid: bf967922-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags:fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Attribute-Security-GUID
+ldapDisplayName: attributeSecurityGUID
+attributeId: 1.2.840.113556.1.4.149
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967924-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Attribute-Syntax
+ldapDisplayName: attributeSyntax
+attributeId: 1.2.840.113556.1.2.32
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: TRUE
+schemaIdGuid: bf967925-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags:fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Attribute-Types
+ldapDisplayName: attributeTypes
+attributeId: 2.5.21.5
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad944-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: audio
+ldapDisplayName: audio
+attributeId: 0.9.2342.19200300.100.1.55
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: d0e1d224-e1a0-42ce-a2da-793ba5244f35
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 250000
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+cn: Auditing-Policy
+ldapDisplayName: auditingPolicy
+attributeId: 1.2.840.113556.1.4.202
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 6da8a4fe-0e52-11d0-a286-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Authentication-Options
+ldapDisplayName: authenticationOptions
+attributeId: 1.2.840.113556.1.4.11
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967928-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Authority-Revocation-List
+ldapDisplayName: authorityRevocationList
+attributeId: 2.5.4.38
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 1677578d-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10485760
+mapiID: 32806
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Auxiliary-Class
+ldapDisplayName: auxiliaryClass
+attributeId: 1.2.840.113556.1.2.351
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: bf96792c-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Bad-Password-Time
+ldapDisplayName: badPasswordTime
+attributeId: 1.2.840.113556.1.4.49
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf96792d-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Bad-Pwd-Count
+ldapDisplayName: badPwdCount
+attributeId: 1.2.840.113556.1.4.12
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf96792e-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Birth-Location
+ldapDisplayName: birthLocation
+attributeId: 1.2.840.113556.1.4.332
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 1f0075f9-7e40-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 32
+rangeUpper: 32
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: BootFile
+ldapDisplayName: bootFile
+attributeId: 1.3.6.1.1.1.1.24
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: e3f3cb4e-0f20-42eb-9703-d2ff26e52667
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10240
+
+cn: BootParameter
+ldapDisplayName: bootParameter
+attributeId: 1.3.6.1.1.1.1.23
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: d72a0750-8c7c-416e-8714-e65f11e908be
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10240
+
+cn: Bridgehead-Server-List-BL
+ldapDisplayName: bridgeheadServerListBL
+attributeId: 1.2.840.113556.1.4.820
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: d50c2cdb-8951-11d1-aebc-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 99
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Bridgehead-Transport-List
+ldapDisplayName: bridgeheadTransportList
+attributeId: 1.2.840.113556.1.4.819
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: d50c2cda-8951-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 98
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: buildingName
+ldapDisplayName: buildingName
+attributeId: 0.9.2342.19200300.100.1.48
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f87fa54b-b2c5-4fd7-88c0-daccb21d93c5
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: Builtin-Creation-Time
+ldapDisplayName: builtinCreationTime
+attributeId: 1.2.840.113556.1.4.13
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf96792f-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Builtin-Modified-Count
+ldapDisplayName: builtinModifiedCount
+attributeId: 1.2.840.113556.1.4.14
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967930-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Business-Category
+ldapDisplayName: businessCategory
+attributeId: 2.5.4.15
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf967931-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 128
+mapiID: 32855
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Bytes-Per-Minute
+ldapDisplayName: bytesPerMinute
+attributeId: 1.2.840.113556.1.4.284
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ba305f76-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: CA-Certificate
+ldapDisplayName: cACertificate
+attributeId: 2.5.4.37
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967932-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+mapiID: 32771
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: CA-Certificate-DN
+ldapDisplayName: cACertificateDN
+attributeId: 1.2.840.113556.1.4.697
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 963d2740-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: CA-Connect
+ldapDisplayName: cAConnect
+attributeId: 1.2.840.113556.1.4.687
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 963d2735-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Canonical-Name
+ldapDisplayName: canonicalName
+attributeId: 1.2.840.113556.1.4.916
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad945-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Can-Upgrade-Script
+ldapDisplayName: canUpgradeScript
+attributeId: 1.2.840.113556.1.4.815
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: d9e18314-8939-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: carLicense
+ldapDisplayName: carLicense
+attributeId: 2.16.840.1.113730.3.1.1
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: d4159c92-957d-4a87-8a67-8d2934e01649
+systemOnly: FALSE
+searchFlags: 0
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+cn: Catalogs
+ldapDisplayName: catalogs
+attributeId: 1.2.840.113556.1.4.675
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7bfdcb81-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Categories
+ldapDisplayName: categories
+attributeId: 1.2.840.113556.1.4.672
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7bfdcb7e-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 36
+rangeUpper: 36
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Category-Id
+ldapDisplayName: categoryId
+attributeId: 1.2.840.113556.1.4.322
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 7d6c0e94-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: CA-Usages
+ldapDisplayName: cAUsages
+attributeId: 1.2.840.113556.1.4.690
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 963d2738-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: CA-WEB-URL
+ldapDisplayName: cAWEBURL
+attributeId: 1.2.840.113556.1.4.688
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 963d2736-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Certificate-Authority-Object
+ldapDisplayName: certificateAuthorityObject
+attributeId: 1.2.840.113556.1.4.684
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 963d2732-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Certificate-Revocation-List
+ldapDisplayName: certificateRevocationList
+attributeId: 2.5.4.39
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 1677579f-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10485760
+mapiID: 32790
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Certificate-Templates
+ldapDisplayName: certificateTemplates
+attributeId: 1.2.840.113556.1.4.823
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 2a39c5b1-8960-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Class-Display-Name
+ldapDisplayName: classDisplayName
+attributeId: 1.2.840.113556.1.4.610
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 548e1c22-dea6-11d0-b010-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Code-Page
+ldapDisplayName: codePage
+attributeId: 1.2.840.113556.1.4.16
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967938-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 0
+rangeUpper: 65535
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: COM-ClassID
+ldapDisplayName: cOMClassID
+attributeId: 1.2.840.113556.1.4.19
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf96793b-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: COM-CLSID
+ldapDisplayName: cOMCLSID
+attributeId: 1.2.840.113556.1.4.249
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 281416d9-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 36
+rangeUpper: 36
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: COM-InterfaceID
+ldapDisplayName: cOMInterfaceID
+attributeId: 1.2.840.113556.1.4.20
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf96793c-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 36
+rangeUpper: 36
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Comment
+ldapDisplayName: info
+attributeId: 1.2.840.113556.1.2.81
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf96793e-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 1024
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 12292
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Common-Name
+ldapDisplayName: cn
+attributeId: 2.5.4.3
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf96793f-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14863
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: COM-Other-Prog-Id
+ldapDisplayName: cOMOtherProgId
+attributeId: 1.2.840.113556.1.4.253
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 281416dd-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Company
+ldapDisplayName: company
+attributeId: 1.2.840.113556.1.2.146
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f0f8ff88-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14870
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: COM-ProgID
+ldapDisplayName: cOMProgID
+attributeId: 1.2.840.113556.1.4.21
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf96793d-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: COM-Treat-As-Class-Id
+ldapDisplayName: cOMTreatAsClassId
+attributeId: 1.2.840.113556.1.4.251
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 281416db-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 36
+rangeUpper: 36
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: COM-Typelib-Id
+ldapDisplayName: cOMTypelibId
+attributeId: 1.2.840.113556.1.4.254
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 281416de-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 36
+rangeUpper: 36
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: COM-Unique-LIBID
+ldapDisplayName: cOMUniqueLIBID
+attributeId: 1.2.840.113556.1.4.250
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 281416da-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 36
+rangeUpper: 36
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Content-Indexing-Allowed
+ldapDisplayName: contentIndexingAllowed
+attributeId: 1.2.840.113556.1.4.24
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: bf967943-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Context-Menu
+ldapDisplayName: contextMenu
+attributeId: 1.2.840.113556.1.4.499
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 4d8601ee-ac85-11d0-afe3-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Control-Access-Rights
+ldapDisplayName: controlAccessRights
+attributeId: 1.2.840.113556.1.4.200
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 6da8a4fc-0e52-11d0-a286-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Cost
+ldapDisplayName: cost
+attributeId: 1.2.840.113556.1.2.135
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967944-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 32872
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Country-Code
+ldapDisplayName: countryCode
+attributeId: 1.2.840.113556.1.4.25
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 5fd42471-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 0
+rangeUpper: 65535
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Country-Name
+ldapDisplayName: c
+attributeId: 2.5.4.6
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967945-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 3
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 32873
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Create-Dialog
+ldapDisplayName: createDialog
+attributeId: 1.2.840.113556.1.4.810
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2b09958a-8931-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Create-Time-Stamp
+ldapDisplayName: createTimeStamp
+attributeId: 2.5.18.1
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: 2df90d73-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Create-Wizard-Ext
+ldapDisplayName: createWizardExt
+attributeId: 1.2.840.113556.1.4.812
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 2b09958b-8931-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Creation-Time
+ldapDisplayName: creationTime
+attributeId: 1.2.840.113556.1.4.26
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967946-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Creation-Wizard
+ldapDisplayName: creationWizard
+attributeId: 1.2.840.113556.1.4.498
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 4d8601ed-ac85-11d0-afe3-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Creator
+ldapDisplayName: creator
+attributeId: 1.2.840.113556.1.4.679
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7bfdcb85-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: CRL-Object
+ldapDisplayName: cRLObject
+attributeId: 1.2.840.113556.1.4.689
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 963d2737-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: CRL-Partitioned-Revocation-List
+ldapDisplayName: cRLPartitionedRevocationList
+attributeId: 1.2.840.113556.1.4.683
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 963d2731-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10485760
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Cross-Certificate-Pair
+ldapDisplayName: crossCertificatePair
+attributeId: 2.5.4.40
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 167757b2-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 32768
+mapiID: 32805
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Current-Location
+ldapDisplayName: currentLocation
+attributeId: 1.2.840.113556.1.4.335
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 1f0075fc-7e40-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 32
+rangeUpper: 32
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Current-Parent-CA
+ldapDisplayName: currentParentCA
+attributeId: 1.2.840.113556.1.4.696
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 963d273f-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Current-Value
+ldapDisplayName: currentValue
+attributeId: 1.2.840.113556.1.4.27
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967947-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Curr-Machine-Id
+ldapDisplayName: currMachineId
+attributeId: 1.2.840.113556.1.4.337
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 1f0075fe-7e40-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DBCS-Pwd
+ldapDisplayName: dBCSPwd
+attributeId: 1.2.840.113556.1.4.55
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf96799c-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Default-Class-Store
+ldapDisplayName: defaultClassStore
+attributeId: 1.2.840.113556.1.4.213
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: bf967948-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Default-Group
+ldapDisplayName: defaultGroup
+attributeId: 1.2.840.113556.1.4.480
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 720bc4e2-a54a-11d0-afdf-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Default-Hiding-Value
+ldapDisplayName: defaultHidingValue
+attributeId: 1.2.840.113556.1.4.518
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: b7b13116-b82e-11d0-afee-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Default-Local-Policy-Object
+ldapDisplayName: defaultLocalPolicyObject
+attributeId: 1.2.840.113556.1.4.57
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: bf96799f-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Default-Object-Category
+ldapDisplayName: defaultObjectCategory
+attributeId: 1.2.840.113556.1.4.783
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 26d97367-6070-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Default-Priority
+ldapDisplayName: defaultPriority
+attributeId: 1.2.840.113556.1.4.232
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 281416c8-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Default-Security-Descriptor
+ldapDisplayName: defaultSecurityDescriptor
+attributeId: 1.2.840.113556.1.4.224
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 807a6d30-1669-11d0-a064-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Delta-Revocation-List
+ldapDisplayName: deltaRevocationList
+attributeId: 2.5.4.53
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 167757b5-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10485760
+mapiID: 35910
+
+cn: Department
+ldapDisplayName: department
+attributeId: 1.2.840.113556.1.2.141
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf96794f-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14872
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: departmentNumber
+ldapDisplayName: departmentNumber
+attributeId: 2.16.840.1.113730.3.1.2
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: be9ef6ee-cbc7-4f22-b27b-96967e7ee585
+systemOnly: FALSE
+searchFlags: 0
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+cn: Description
+ldapDisplayName: description
+attributeId: 2.5.4.13
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf967950-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 1024
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 32879
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Desktop-Profile
+ldapDisplayName: desktopProfile
+attributeId: 1.2.840.113556.1.4.346
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: eea65906-8ac6-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Destination-Indicator
+ldapDisplayName: destinationIndicator
+attributeId: 2.5.4.27
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: bf967951-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 128
+mapiID: 32880
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Classes
+ldapDisplayName: dhcpClasses
+attributeId: 1.2.840.113556.1.4.715
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 963d2750-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Flags
+ldapDisplayName: dhcpFlags
+attributeId: 1.2.840.113556.1.4.700
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 963d2741-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Identification
+ldapDisplayName: dhcpIdentification
+attributeId: 1.2.840.113556.1.4.701
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 963d2742-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Mask
+ldapDisplayName: dhcpMask
+attributeId: 1.2.840.113556.1.4.706
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: 963d2747-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-MaxKey
+ldapDisplayName: dhcpMaxKey
+attributeId: 1.2.840.113556.1.4.719
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 963d2754-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Obj-Description
+ldapDisplayName: dhcpObjDescription
+attributeId: 1.2.840.113556.1.4.703
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 963d2744-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Obj-Name
+ldapDisplayName: dhcpObjName
+attributeId: 1.2.840.113556.1.4.702
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 963d2743-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Options
+ldapDisplayName: dhcpOptions
+attributeId: 1.2.840.113556.1.4.714
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 963d274f-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Properties
+ldapDisplayName: dhcpProperties
+attributeId: 1.2.840.113556.1.4.718
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 963d2753-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Ranges
+ldapDisplayName: dhcpRanges
+attributeId: 1.2.840.113556.1.4.707
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: 963d2748-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Reservations
+ldapDisplayName: dhcpReservations
+attributeId: 1.2.840.113556.1.4.709
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: 963d274a-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Servers
+ldapDisplayName: dhcpServers
+attributeId: 1.2.840.113556.1.4.704
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: 963d2745-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+extendedCharsAllowed: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Sites
+ldapDisplayName: dhcpSites
+attributeId: 1.2.840.113556.1.4.708
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: 963d2749-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-State
+ldapDisplayName: dhcpState
+attributeId: 1.2.840.113556.1.4.717
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: 963d2752-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Subnets
+ldapDisplayName: dhcpSubnets
+attributeId: 1.2.840.113556.1.4.705
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: 963d2746-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Type
+ldapDisplayName: dhcpType
+attributeId: 1.2.840.113556.1.4.699
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 963d273b-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Unique-Key
+ldapDisplayName: dhcpUniqueKey
+attributeId: 1.2.840.113556.1.4.698
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 963d273a-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: dhcp-Update-Time
+ldapDisplayName: dhcpUpdateTime
+attributeId: 1.2.840.113556.1.4.720
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 963d2755-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Display-Name
+ldapDisplayName: displayName
+attributeId: 1.2.840.113556.1.2.13
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967953-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fANR | fATTINDEX
+rangeLower: 0
+rangeUpper: 256
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Display-Name-Printable
+ldapDisplayName: displayNamePrintable
+attributeId: 1.2.840.113556.1.2.353
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: TRUE
+schemaIdGuid: bf967954-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14847
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: DIT-Content-Rules
+ldapDisplayName: dITContentRules
+attributeId: 2.5.21.2
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad946-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Division
+ldapDisplayName: division
+attributeId: 1.2.840.113556.1.4.261
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: fe6136a0-2073-11d0-a9c2-00aa006c33ed
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 0
+rangeUpper: 256
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DMD-Location
+ldapDisplayName: dMDLocation
+attributeId: 1.2.840.113556.1.2.36
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: f0f8ff8b-1191-11d0-a060-00aa006c33ed
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: DMD-Name
+ldapDisplayName: dmdName
+attributeId: 1.2.840.113556.1.2.598
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 167757b9-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 1024
+mapiID: 35926
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DN-Reference-Update
+ldapDisplayName: dNReferenceUpdate
+attributeId: 1.2.840.113556.1.4.1242
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 2df90d86-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: TRUE
+searchFlags:fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Dns-Allow-Dynamic
+ldapDisplayName: dnsAllowDynamic
+attributeId: 1.2.840.113556.1.4.378
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: e0fa1e65-9b45-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Dns-Allow-XFR
+ldapDisplayName: dnsAllowXFR
+attributeId: 1.2.840.113556.1.4.379
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: e0fa1e66-9b45-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DNS-Host-Name
+ldapDisplayName: dNSHostName
+attributeId: 1.2.840.113556.1.4.619
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 72e39547-7b18-11d1-adef-00c04fd8d5cd
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+attributeSecurityGuid: 72e39547-7b18-11d1-adef-00c04fd8d5cd
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Dns-Notify-Secondaries
+ldapDisplayName: dnsNotifySecondaries
+attributeId: 1.2.840.113556.1.4.381
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+schemaIdGuid: e0fa1e68-9b45-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DNS-Property
+ldapDisplayName: dNSProperty
+attributeId: 1.2.840.113556.1.4.1306
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 675a15fe-3b70-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Dns-Record
+ldapDisplayName: dnsRecord
+attributeId: 1.2.840.113556.1.4.382
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: e0fa1e69-9b45-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Dns-Root
+ldapDisplayName: dnsRoot
+attributeId: 1.2.840.113556.1.4.28
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf967959-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 1
+rangeUpper: 255
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Dns-Secure-Secondaries
+ldapDisplayName: dnsSecureSecondaries
+attributeId: 1.2.840.113556.1.4.380
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+schemaIdGuid: e0fa1e67-9b45-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DNS-Tombstoned
+ldapDisplayName: dNSTombstoned
+attributeId: 1.2.840.113556.1.4.1414
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: d5eb2eb7-be4e-463b-a214-634a44d7392e
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: documentAuthor
+ldapDisplayName: documentAuthor
+attributeId: 0.9.2342.19200300.100.1.14
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: f18a8e19-af5f-4478-b096-6f35c27eb83f
+systemOnly: FALSE
+searchFlags: 0
+
+cn: documentIdentifier
+ldapDisplayName: documentIdentifier
+attributeId: 0.9.2342.19200300.100.1.11
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0b21ce82-ff63-46d9-90fb-c8b9f24e97b9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: documentLocation
+ldapDisplayName: documentLocation
+attributeId: 0.9.2342.19200300.100.1.15
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: b958b14e-ac6d-4ec4-8892-be70b69f7281
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: documentPublisher
+ldapDisplayName: documentPublisher
+attributeId: 0.9.2342.19200300.100.1.56
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 170f09d7-eb69-448a-9a30-f1afecfd32d7
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: documentTitle
+ldapDisplayName: documentTitle
+attributeId: 0.9.2342.19200300.100.1.12
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: de265a9c-ff2c-47b9-91dc-6e6fe2c43062
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: documentVersion
+ldapDisplayName: documentVersion
+attributeId: 0.9.2342.19200300.100.1.13
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 94b3a8a9-d613-4cec-9aad-5fbcc1046b43
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: Domain-Certificate-Authorities
+ldapDisplayName: domainCAs
+attributeId: 1.2.840.113556.1.4.668
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 7bfdcb7a-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Domain-Component
+ldapDisplayName: dc
+attributeId: 0.9.2342.19200300.100.1.25
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 19195a55-6da0-11d0-afd3-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 255
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Domain-Cross-Ref
+ldapDisplayName: domainCrossRef
+attributeId: 1.2.840.113556.1.4.472
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: b000ea7b-a086-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Domain-ID
+ldapDisplayName: domainID
+attributeId: 1.2.840.113556.1.4.686
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 963d2734-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Domain-Identifier
+ldapDisplayName: domainIdentifier
+attributeId: 1.2.840.113556.1.4.755
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7f561278-5301-11d1-a9c5-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Domain-Policy-Object
+ldapDisplayName: domainPolicyObject
+attributeId: 1.2.840.113556.1.4.32
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: bf96795d-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Domain-Policy-Reference
+ldapDisplayName: domainPolicyReference
+attributeId: 1.2.840.113556.1.4.422
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 80a67e2a-9f22-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: a29b89fe-c7e8-11d0-9bae-00c04fd92ef5
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Domain-Replica
+ldapDisplayName: domainReplica
+attributeId: 1.2.840.113556.1.4.158
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf96795e-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+attributeSecurityGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Domain-Wide-Policy
+ldapDisplayName: domainWidePolicy
+attributeId: 1.2.840.113556.1.4.421
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 80a67e29-9f22-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: a29b89fd-c7e8-11d0-9bae-00c04fd92ef5
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: drink
+ldapDisplayName: drink
+attributeId: 0.9.2342.19200300.100.1.5
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 1a1aa5b5-262e-4df6-af04-2cf6b0d80048
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: Driver-Name
+ldapDisplayName: driverName
+attributeId: 1.2.840.113556.1.4.229
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 281416c5-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Driver-Version
+ldapDisplayName: driverVersion
+attributeId: 1.2.840.113556.1.4.276
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ba305f6e-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DSA-Signature
+ldapDisplayName: dSASignature
+attributeId: 1.2.840.113556.1.2.74
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 167757bc-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 32887
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: DS-Core-Propagation-Data
+ldapDisplayName: dSCorePropagationData
+attributeId: 1.2.840.113556.1.4.1357
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: FALSE
+schemaIdGuid: d167aa4b-8b08-11d2-9939-0000f87a57d4
+systemOnly: TRUE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: DS-Heuristics
+ldapDisplayName: dSHeuristics
+attributeId: 1.2.840.113556.1.2.212
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f0f8ff86-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: DS-UI-Admin-Maximum
+ldapDisplayName: dSUIAdminMaximum
+attributeId: 1.2.840.113556.1.4.1344
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ee8d0ae0-6f91-11d2-9905-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DS-UI-Admin-Notification
+ldapDisplayName: dSUIAdminNotification
+attributeId: 1.2.840.113556.1.4.1343
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f6ea0a94-6f91-11d2-9905-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DS-UI-Shell-Maximum
+ldapDisplayName: dSUIShellMaximum
+attributeId: 1.2.840.113556.1.4.1345
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: fcca766a-6f91-11d2-9905-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Dynamic-LDAP-Server
+ldapDisplayName: dynamicLDAPServer
+attributeId: 1.2.840.113556.1.4.537
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 52458021-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: EFSPolicy
+ldapDisplayName: eFSPolicy
+attributeId: 1.2.840.113556.1.4.268
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 8e4eb2ec-4712-11d0-a1a0-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: a29b89fd-c7e8-11d0-9bae-00c04fd92ef5
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: E-mail-Addresses
+ldapDisplayName: mail
+attributeId: 0.9.2342.19200300.100.1.3
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967961-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 256
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14846
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Employee-ID
+ldapDisplayName: employeeID
+attributeId: 1.2.840.113556.1.4.35
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967962-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Employee-Number
+ldapDisplayName: employeeNumber
+attributeId: 1.2.840.113556.1.2.610
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a8df73ef-c5ea-11d1-bbcb-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 512
+mapiID: 35943
+systemFlags: 0
+
+cn: Employee-Type
+ldapDisplayName: employeeType
+attributeId: 1.2.840.113556.1.2.613
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a8df73f0-c5ea-11d1-bbcb-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 256
+mapiID: 35945
+systemFlags: 0
+
+cn: Enabled
+ldapDisplayName: Enabled
+attributeId: 1.2.840.113556.1.2.557
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: a8df73f2-c5ea-11d1-bbcb-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 35873
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Enabled-Connection
+ldapDisplayName: enabledConnection
+attributeId: 1.2.840.113556.1.4.36
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: bf967963-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Enrollment-Providers
+ldapDisplayName: enrollmentProviders
+attributeId: 1.2.840.113556.1.4.825
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2a39c5b3-8960-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Entry-TTL
+ldapDisplayName: entryTTL
+attributeId: 1.3.6.1.4.1.1466.101.119.3
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d213decc-d81a-4384-aac2-dcfcfd631cf8
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 31557600
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+
+cn: Extended-Attribute-Info
+ldapDisplayName: extendedAttributeInfo
+attributeId: 1.2.840.113556.1.4.909
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad947-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Extended-Chars-Allowed
+ldapDisplayName: extendedCharsAllowed
+attributeId: 1.2.840.113556.1.2.380
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: bf967966-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 32935
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Extended-Class-Info
+ldapDisplayName: extendedClassInfo
+attributeId: 1.2.840.113556.1.4.908
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad948-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Extension-Name
+ldapDisplayName: extensionName
+attributeId: 1.2.840.113556.1.2.227
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf967972-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 255
+mapiID: 32937
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Extra-Columns
+ldapDisplayName: extraColumns
+attributeId: 1.2.840.113556.1.4.1687
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: d24e2846-1dd9-4bcf-99d7-a6227cc86da7
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Facsimile-Telephone-Number
+ldapDisplayName: facsimileTelephoneNumber
+attributeId: 2.5.4.23
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967974-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14883
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: File-Ext-Priority
+ldapDisplayName: fileExtPriority
+attributeId: 1.2.840.113556.1.4.816
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: d9e18315-8939-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Flags
+ldapDisplayName: flags
+attributeId: 1.2.840.113556.1.4.38
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967976-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Flat-Name
+ldapDisplayName: flatName
+attributeId: 1.2.840.113556.1.4.511
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b7b13117-b82e-11d0-afee-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Force-Logoff
+ldapDisplayName: forceLogoff
+attributeId: 1.2.840.113556.1.4.39
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967977-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Foreign-Identifier
+ldapDisplayName: foreignIdentifier
+attributeId: 1.2.840.113556.1.4.356
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 3e97891e-8c01-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Friendly-Names
+ldapDisplayName: friendlyNames
+attributeId: 1.2.840.113556.1.4.682
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7bfdcb88-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: From-Entry
+ldapDisplayName: fromEntry
+attributeId: 1.2.840.113556.1.4.910
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad949-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: From-Server
+ldapDisplayName: fromServer
+attributeId: 1.2.840.113556.1.4.40
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: bf967979-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Frs-Computer-Reference
+ldapDisplayName: frsComputerReference
+attributeId: 1.2.840.113556.1.4.869
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 2a132578-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 102
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+
+cn: Frs-Computer-Reference-BL
+ldapDisplayName: frsComputerReferenceBL
+attributeId: 1.2.840.113556.1.4.870
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 2a132579-9373-11d1-aebc-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 103
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: FRS-Control-Data-Creation
+ldapDisplayName: fRSControlDataCreation
+attributeId: 1.2.840.113556.1.4.871
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2a13257a-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Control-Inbound-Backlog
+ldapDisplayName: fRSControlInboundBacklog
+attributeId: 1.2.840.113556.1.4.872
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2a13257b-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Control-Outbound-Backlog
+ldapDisplayName: fRSControlOutboundBacklog
+attributeId: 1.2.840.113556.1.4.873
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2a13257c-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Directory-Filter
+ldapDisplayName: fRSDirectoryFilter
+attributeId: 1.2.840.113556.1.4.484
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1be8f171-a9ff-11d0-afe2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-DS-Poll
+ldapDisplayName: fRSDSPoll
+attributeId: 1.2.840.113556.1.4.490
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1be8f177-a9ff-11d0-afe2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Extensions
+ldapDisplayName: fRSExtensions
+attributeId: 1.2.840.113556.1.4.536
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 52458020-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65536
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Fault-Condition
+ldapDisplayName: fRSFaultCondition
+attributeId: 1.2.840.113556.1.4.491
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1be8f178-a9ff-11d0-afe2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-File-Filter
+ldapDisplayName: fRSFileFilter
+attributeId: 1.2.840.113556.1.4.483
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1be8f170-a9ff-11d0-afe2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Flags
+ldapDisplayName: fRSFlags
+attributeId: 1.2.840.113556.1.4.874
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 2a13257d-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Level-Limit
+ldapDisplayName: fRSLevelLimit
+attributeId: 1.2.840.113556.1.4.534
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 5245801e-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Member-Reference
+ldapDisplayName: fRSMemberReference
+attributeId: 1.2.840.113556.1.4.875
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 2a13257e-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 104
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+
+cn: FRS-Member-Reference-BL
+ldapDisplayName: fRSMemberReferenceBL
+attributeId: 1.2.840.113556.1.4.876
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 2a13257f-9373-11d1-aebc-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 105
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: FRS-Partner-Auth-Level
+ldapDisplayName: fRSPartnerAuthLevel
+attributeId: 1.2.840.113556.1.4.877
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 2a132580-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Primary-Member
+ldapDisplayName: fRSPrimaryMember
+attributeId: 1.2.840.113556.1.4.878
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 2a132581-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 106
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Replica-Set-GUID
+ldapDisplayName: fRSReplicaSetGUID
+attributeId: 1.2.840.113556.1.4.533
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5245801a-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Replica-Set-Type
+ldapDisplayName: fRSReplicaSetType
+attributeId: 1.2.840.113556.1.4.31
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 26d9736b-6070-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Root-Path
+ldapDisplayName: fRSRootPath
+attributeId: 1.2.840.113556.1.4.487
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1be8f174-a9ff-11d0-afe2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Root-Security
+ldapDisplayName: fRSRootSecurity
+attributeId: 1.2.840.113556.1.4.535
+attributeSyntax: 2.5.5.15
+omSyntax: 66
+isSingleValued: TRUE
+schemaIdGuid: 5245801f-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65535
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Service-Command
+ldapDisplayName: fRSServiceCommand
+attributeId: 1.2.840.113556.1.4.500
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ddac0cee-af8f-11d0-afeb-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 512
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Service-Command-Status
+ldapDisplayName: fRSServiceCommandStatus
+attributeId: 1.2.840.113556.1.4.879
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2a132582-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 512
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Staging-Path
+ldapDisplayName: fRSStagingPath
+attributeId: 1.2.840.113556.1.4.488
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1be8f175-a9ff-11d0-afe2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Time-Last-Command
+ldapDisplayName: fRSTimeLastCommand
+attributeId: 1.2.840.113556.1.4.880
+attributeSyntax: 2.5.5.11
+omSyntax: 23
+isSingleValued: TRUE
+schemaIdGuid: 2a132583-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Time-Last-Config-Change
+ldapDisplayName: fRSTimeLastConfigChange
+attributeId: 1.2.840.113556.1.4.881
+attributeSyntax: 2.5.5.11
+omSyntax: 23
+isSingleValued: TRUE
+schemaIdGuid: 2a132584-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Update-Timeout
+ldapDisplayName: fRSUpdateTimeout
+attributeId: 1.2.840.113556.1.4.485
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1be8f172-a9ff-11d0-afe2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Version
+ldapDisplayName: fRSVersion
+attributeId: 1.2.840.113556.1.4.882
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2a132585-9373-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Version-GUID
+ldapDisplayName: fRSVersionGUID
+attributeId: 1.2.840.113556.1.4.43
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 26d9736c-6070-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FRS-Working-Path
+ldapDisplayName: fRSWorkingPath
+attributeId: 1.2.840.113556.1.4.486
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1be8f173-a9ff-11d0-afe2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: FSMO-Role-Owner
+ldapDisplayName: fSMORoleOwner
+attributeId: 1.2.840.113556.1.4.369
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 66171887-8f3c-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Garbage-Coll-Period
+ldapDisplayName: garbageCollPeriod
+attributeId: 1.2.840.113556.1.2.301
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 5fd424a1-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 32943
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Gecos
+ldapDisplayName: gecos
+attributeId: 1.3.6.1.1.1.1.2
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: a3e03f1f-1d55-4253-a0af-30c2a784e46e
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10240
+
+cn: Generated-Connection
+ldapDisplayName: generatedConnection
+attributeId: 1.2.840.113556.1.4.41
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: bf96797a-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Generation-Qualifier
+ldapDisplayName: generationQualifier
+attributeId: 2.5.4.44
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 16775804-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+mapiID: 35923
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: GidNumber
+ldapDisplayName: gidNumber
+attributeId: 1.3.6.1.1.1.1.1
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: c5b95f0c-ec9e-41c4-849c-b46597ed6696
+systemOnly: FALSE
+searchFlags: fATTINDEX
+
+cn: Given-Name
+ldapDisplayName: givenName
+attributeId: 2.5.4.42
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f0f8ff8e-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: fANR | fATTINDEX
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14854
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Global-Address-List
+ldapDisplayName: globalAddressList
+attributeId: 1.2.840.113556.1.4.1245
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: f754c748-06f4-11d2-aa53-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Global-Address-List2
+ldapDisplayName: globalAddressList2
+attributeId: 1.2.840.113556.1.4.2047
+attributeSyntax: 2.5.5.1
+linkID: 2124
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 4898f63d-4112-477c-8826-3ca00bd8277d
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Governs-ID
+ldapDisplayName: governsID
+attributeId: 1.2.840.113556.1.2.22
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: TRUE
+schemaIdGuid: bf96797d-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags:fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: GPC-File-Sys-Path
+ldapDisplayName: gPCFileSysPath
+attributeId: 1.2.840.113556.1.4.894
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f30e3bc1-9ff0-11d1-b603-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: GPC-Functionality-Version
+ldapDisplayName: gPCFunctionalityVersion
+attributeId: 1.2.840.113556.1.4.893
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: f30e3bc0-9ff0-11d1-b603-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: GPC-Machine-Extension-Names
+ldapDisplayName: gPCMachineExtensionNames
+attributeId: 1.2.840.113556.1.4.1348
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 32ff8ecc-783f-11d2-9916-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: GPC-User-Extension-Names
+ldapDisplayName: gPCUserExtensionNames
+attributeId: 1.2.840.113556.1.4.1349
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 42a75fc6-783f-11d2-9916-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: GPC-WQL-Filter
+ldapDisplayName: gPCWQLFilter
+attributeId: 1.2.840.113556.1.4.1694
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7bd4c7a6-1add-4436-8c04-3999a880154c
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: GP-Link
+ldapDisplayName: gPLink
+attributeId: 1.2.840.113556.1.4.891
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f30e3bbe-9ff0-11d1-b603-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: GP-Options
+ldapDisplayName: gPOptions
+attributeId: 1.2.840.113556.1.4.892
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: f30e3bbf-9ff0-11d1-b603-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Group-Attributes
+ldapDisplayName: groupAttributes
+attributeId: 1.2.840.113556.1.4.152
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf96797e-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Group-Membership-SAM
+ldapDisplayName: groupMembershipSAM
+attributeId: 1.2.840.113556.1.4.166
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967980-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Group-Priority
+ldapDisplayName: groupPriority
+attributeId: 1.2.840.113556.1.4.345
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: eea65905-8ac6-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Groups-to-Ignore
+ldapDisplayName: groupsToIgnore
+attributeId: 1.2.840.113556.1.4.344
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: eea65904-8ac6-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Group-Type
+ldapDisplayName: groupType
+attributeId: 1.2.840.113556.1.4.750
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a9a021e-4a5b-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags:fPRESERVEONDELETE | fATTINDEX
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Has-Master-NCs
+ldapDisplayName: hasMasterNCs
+attributeId: 1.2.840.113556.1.2.14
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: bf967982-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+linkID: 76
+mapiID: 32950
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Has-Partial-Replica-NCs
+ldapDisplayName: hasPartialReplicaNCs
+attributeId: 1.2.840.113556.1.2.15
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: bf967981-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+linkID: 74
+mapiID: 32949
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Help-Data16
+ldapDisplayName: helpData16
+attributeId: 1.2.840.113556.1.2.402
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5fd424a7-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+mapiID: 32826
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Help-Data32
+ldapDisplayName: helpData32
+attributeId: 1.2.840.113556.1.2.9
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5fd424a8-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+mapiID: 32784
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Help-File-Name
+ldapDisplayName: helpFileName
+attributeId: 1.2.840.113556.1.2.327
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 5fd424a9-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 13
+mapiID: 32827
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Hide-From-AB
+ldapDisplayName: hideFromAB
+attributeId: 1.2.840.113556.1.4.1780
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: ec05b750-a977-4efe-8e8d-ba6c1a6e33a8
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: 0
+
+cn: Home-Directory
+ldapDisplayName: homeDirectory
+attributeId: 1.2.840.113556.1.4.44
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967985-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Home-Drive
+ldapDisplayName: homeDrive
+attributeId: 1.2.840.113556.1.4.45
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967986-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: host
+ldapDisplayName: host
+attributeId: 0.9.2342.19200300.100.1.9
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 6043df71-fa48-46cf-ab7c-cbd54644b22d
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: houseIdentifier
+ldapDisplayName: houseIdentifier
+attributeId: 2.5.4.51
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: a45398b7-c44a-4eb6-82d3-13c10946dbfe
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+
+cn: Icon-Path
+ldapDisplayName: iconPath
+attributeId: 1.2.840.113556.1.4.219
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f0f8ff83-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Implemented-Categories
+ldapDisplayName: implementedCategories
+attributeId: 1.2.840.113556.1.4.320
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 7d6c0e92-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: IndexedScopes
+ldapDisplayName: indexedScopes
+attributeId: 1.2.840.113556.1.4.681
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7bfdcb87-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Initial-Auth-Incoming
+ldapDisplayName: initialAuthIncoming
+attributeId: 1.2.840.113556.1.4.539
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 52458023-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Initial-Auth-Outgoing
+ldapDisplayName: initialAuthOutgoing
+attributeId: 1.2.840.113556.1.4.540
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 52458024-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Initials
+ldapDisplayName: initials
+attributeId: 2.5.4.43
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f0f8ff90-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 6
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14858
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Install-Ui-Level
+ldapDisplayName: installUiLevel
+attributeId: 1.2.840.113556.1.4.847
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 96a7dd64-9118-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Instance-Type
+ldapDisplayName: instanceType
+attributeId: 1.2.840.113556.1.2.1
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf96798c-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags:fPRESERVEONDELETE
+mapiID: 32957
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: International-ISDN-Number
+ldapDisplayName: internationalISDNNumber
+attributeId: 2.5.4.25
+attributeSyntax: 2.5.5.6
+omSyntax: 18
+isSingleValued: FALSE
+schemaIdGuid: bf96798d-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 16
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 32958
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Inter-Site-Topology-Failover
+ldapDisplayName: interSiteTopologyFailover
+attributeId: 1.2.840.113556.1.4.1248
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: b7c69e60-2cc7-11d2-854e-00a0c983f608
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Inter-Site-Topology-Generator
+ldapDisplayName: interSiteTopologyGenerator
+attributeId: 1.2.840.113556.1.4.1246
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: b7c69e5e-2cc7-11d2-854e-00a0c983f608
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Inter-Site-Topology-Renew
+ldapDisplayName: interSiteTopologyRenew
+attributeId: 1.2.840.113556.1.4.1247
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: b7c69e5f-2cc7-11d2-854e-00a0c983f608
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Invocation-Id
+ldapDisplayName: invocationId
+attributeId: 1.2.840.113556.1.2.115
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf96798e-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fATTINDEX
+mapiID: 32959
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: IpHostNumber
+ldapDisplayName: ipHostNumber
+attributeId: 1.3.6.1.1.1.1.19
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: de8bb721-85dc-4fde-b687-9657688e667e
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 128
+
+cn: IpNetmaskNumber
+ldapDisplayName: ipNetmaskNumber
+attributeId: 1.3.6.1.1.1.1.21
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: 6ff64fcd-462e-4f62-b44a-9a5347659eb9
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 128
+
+cn: IpNetworkNumber
+ldapDisplayName: ipNetworkNumber
+attributeId: 1.3.6.1.1.1.1.20
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: 4e3854f4-3087-42a4-a813-bb0c528958d3
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 128
+
+cn: IpProtocolNumber
+ldapDisplayName: ipProtocolNumber
+attributeId: 1.3.6.1.1.1.1.17
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ebf5c6eb-0e2d-4415-9670-1081993b4211
+systemOnly: FALSE
+searchFlags: 0
+
+cn: Ipsec-Data
+ldapDisplayName: ipsecData
+attributeId: 1.2.840.113556.1.4.623
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: b40ff81f-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-Data-Type
+ldapDisplayName: ipsecDataType
+attributeId: 1.2.840.113556.1.4.622
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: b40ff81e-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-Filter-Reference
+ldapDisplayName: ipsecFilterReference
+attributeId: 1.2.840.113556.1.4.629
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: b40ff823-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-ID
+ldapDisplayName: ipsecID
+attributeId: 1.2.840.113556.1.4.621
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b40ff81d-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-ISAKMP-Reference
+ldapDisplayName: ipsecISAKMPReference
+attributeId: 1.2.840.113556.1.4.626
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: b40ff820-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-Name
+ldapDisplayName: ipsecName
+attributeId: 1.2.840.113556.1.4.620
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b40ff81c-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: IPSEC-Negotiation-Policy-Action
+ldapDisplayName: iPSECNegotiationPolicyAction
+attributeId: 1.2.840.113556.1.4.888
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 07383075-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-Negotiation-Policy-Reference
+ldapDisplayName: ipsecNegotiationPolicyReference
+attributeId: 1.2.840.113556.1.4.628
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: b40ff822-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: IPSEC-Negotiation-Policy-Type
+ldapDisplayName: iPSECNegotiationPolicyType
+attributeId: 1.2.840.113556.1.4.887
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 07383074-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-NFA-Reference
+ldapDisplayName: ipsecNFAReference
+attributeId: 1.2.840.113556.1.4.627
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: b40ff821-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-Owners-Reference
+ldapDisplayName: ipsecOwnersReference
+attributeId: 1.2.840.113556.1.4.624
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: b40ff824-427a-11d1-a9c2-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-Policy-Reference
+ldapDisplayName: ipsecPolicyReference
+attributeId: 1.2.840.113556.1.4.517
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: b7b13118-b82e-11d0-afee-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: IpServicePort
+ldapDisplayName: ipServicePort
+attributeId: 1.3.6.1.1.1.1.15
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ff2daebf-f463-495a-8405-3e483641eaa2
+systemOnly: FALSE
+searchFlags: 0
+
+cn: IpServiceProtocol
+ldapDisplayName: ipServiceProtocol
+attributeId: 1.3.6.1.1.1.1.16
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: cd96ec0b-1ed6-43b4-b26b-f170b645883f
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: Is-Critical-System-Object
+ldapDisplayName: isCriticalSystemObject
+attributeId: 1.2.840.113556.1.4.868
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 00fbf30d-91fe-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Is-Defunct
+ldapDisplayName: isDefunct
+attributeId: 1.2.840.113556.1.4.661
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 28630ebe-41d5-11d1-a9c1-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Is-Deleted
+ldapDisplayName: isDeleted
+attributeId: 1.2.840.113556.1.2.48
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: bf96798f-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 32960
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Is-Ephemeral
+ldapDisplayName: isEphemeral
+attributeId: 1.2.840.113556.1.4.1212
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: f4c453f0-c5f1-11d1-bbcb-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Is-Member-Of-DL
+ldapDisplayName: memberOf
+attributeId: 1.2.840.113556.1.2.102
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: bf967991-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fCOPY
+attributeSecurityGuid: bc0ac240-79a9-11d0-9020-00c04fc2d4cf
+linkID: 3
+mapiID: 32776
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Is-Member-Of-Partial-Attribute-Set
+ldapDisplayName: isMemberOfPartialAttributeSet
+attributeId: 1.2.840.113556.1.4.639
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 19405b9d-3cfa-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Is-Privilege-Holder
+ldapDisplayName: isPrivilegeHolder
+attributeId: 1.2.840.113556.1.4.638
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 19405b9c-3cfa-11d1-a9c0-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 71
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: Is-Recycled
+ldapDisplayName: isRecycled
+attributeId: 1.2.840.113556.1.4.2058
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 8fb59256-55f1-444b-aacb-f5b482fe3459
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+isMemberOfPartialAttributeSet: TRUE
+
+cn: Is-Single-Valued
+ldapDisplayName: isSingleValued
+attributeId: 1.2.840.113556.1.2.33
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: bf967992-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 32961
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: jpegPhoto
+ldapDisplayName: jpegPhoto
+attributeId: 0.9.2342.19200300.100.1.60
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bac80572-09c4-4fa9-9ae6-7628d7adbe0e
+systemOnly: FALSE
+searchFlags: 0
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+cn: Keywords
+ldapDisplayName: keywords
+attributeId: 1.2.840.113556.1.4.48
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf967993-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 1
+rangeUpper: 256
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Knowledge-Information
+ldapDisplayName: knowledgeInformation
+attributeId: 2.5.4.2
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: FALSE
+schemaIdGuid: 1677581f-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 32963
+
+cn: labeledURI
+ldapDisplayName: labeledURI
+attributeId: 1.3.6.1.4.1.250.1.57
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: c569bb46-c680-44bc-a273-e6c227d71b45
+systemOnly: FALSE
+searchFlags: 0
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+cn: Last-Backup-Restoration-Time
+ldapDisplayName: lastBackupRestorationTime
+attributeId: 1.2.840.113556.1.4.519
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 1fbb0be8-ba63-11d0-afef-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Last-Content-Indexed
+ldapDisplayName: lastContentIndexed
+attributeId: 1.2.840.113556.1.4.50
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967995-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Last-Known-Parent
+ldapDisplayName: lastKnownParent
+attributeId: 1.2.840.113556.1.4.781
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 52ab8670-5709-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Last-Logoff
+ldapDisplayName: lastLogoff
+attributeId: 1.2.840.113556.1.4.51
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967996-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Last-Logon
+ldapDisplayName: lastLogon
+attributeId: 1.2.840.113556.1.4.52
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967997-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Last-Logon-Timestamp
+ldapDisplayName: lastLogonTimestamp
+attributeId: 1.2.840.113556.1.4.1696
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: c0e20a04-0e5a-4ff3-9482-5efeaecd7060
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+isMemberOfPartialAttributeSet: TRUE
+
+cn: Last-Set-Time
+ldapDisplayName: lastSetTime
+attributeId: 1.2.840.113556.1.4.53
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967998-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Last-Update-Sequence
+ldapDisplayName: lastUpdateSequence
+attributeId: 1.2.840.113556.1.4.330
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7d6c0e9c-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: LDAP-Admin-Limits
+ldapDisplayName: lDAPAdminLimits
+attributeId: 1.2.840.113556.1.4.843
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7359a352-90f7-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: LDAP-Display-Name
+ldapDisplayName: lDAPDisplayName
+attributeId: 1.2.840.113556.1.2.460
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf96799a-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags:fPRESERVEONDELETE | fATTINDEX
+rangeLower: 1
+rangeUpper: 256
+mapiID: 33137
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: LDAP-IPDeny-List
+ldapDisplayName: lDAPIPDenyList
+attributeId: 1.2.840.113556.1.4.844
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 7359a353-90f7-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Legacy-Exchange-DN
+ldapDisplayName: legacyExchangeDN
+attributeId: 1.2.840.113556.1.4.655
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: TRUE
+schemaIdGuid: 28630ebc-41d5-11d1-a9c1-0000f80367c1
+systemOnly: FALSE
+searchFlags:fPRESERVEONDELETE| fANR | fATTINDEX
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Link-ID
+ldapDisplayName: linkID
+attributeId: 1.2.840.113556.1.2.50
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf96799b-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 32965
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Link-Track-Secret
+ldapDisplayName: linkTrackSecret
+attributeId: 1.2.840.113556.1.4.269
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 2ae80fe2-47b4-11d0-a1a4-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Lm-Pwd-History
+ldapDisplayName: lmPwdHistory
+attributeId: 1.2.840.113556.1.4.160
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf96799d-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Locale-ID
+ldapDisplayName: localeID
+attributeId: 1.2.840.113556.1.4.58
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+schemaIdGuid: bf9679a1-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Locality-Name
+ldapDisplayName: l
+attributeId: 2.5.4.7
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf9679a2-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY | fATTINDEX
+rangeLower: 1
+rangeUpper: 128
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14887
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Localization-Display-Id
+ldapDisplayName: localizationDisplayId
+attributeId: 1.2.840.113556.1.4.1353
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: a746f0d1-78d0-11d2-9916-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Localized-Description
+ldapDisplayName: localizedDescription
+attributeId: 1.2.840.113556.1.4.817
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: d9e18316-8939-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Local-Policy-Flags
+ldapDisplayName: localPolicyFlags
+attributeId: 1.2.840.113556.1.4.56
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf96799e-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Local-Policy-Reference
+ldapDisplayName: localPolicyReference
+attributeId: 1.2.840.113556.1.4.457
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 80a67e4d-9f22-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: a29b8a01-c7e8-11d0-9bae-00c04fd92ef5
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Location
+ldapDisplayName: location
+attributeId: 1.2.840.113556.1.4.222
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 09dcb79f-165f-11d0-a064-00aa006c33ed
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 1024
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Lockout-Duration
+ldapDisplayName: lockoutDuration
+attributeId: 1.2.840.113556.1.4.60
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679a5-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Lock-Out-Observation-Window
+ldapDisplayName: lockOutObservationWindow
+attributeId: 1.2.840.113556.1.4.61
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679a4-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Lockout-Threshold
+ldapDisplayName: lockoutThreshold
+attributeId: 1.2.840.113556.1.4.73
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf9679a6-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 65535
+attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Lockout-Time
+ldapDisplayName: lockoutTime
+attributeId: 1.2.840.113556.1.4.662
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 28630ebf-41d5-11d1-a9c1-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: LoginShell
+ldapDisplayName: loginShell
+attributeId: 1.3.6.1.1.1.1.4
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: a553d12c-3231-4c5e-8adf-8d189697721e
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: Logo
+ldapDisplayName: thumbnailLogo
+attributeId: 2.16.840.1.113730.3.1.36
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf9679a9-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Logon-Count
+ldapDisplayName: logonCount
+attributeId: 1.2.840.113556.1.4.169
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf9679aa-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Logon-Hours
+ldapDisplayName: logonHours
+attributeId: 1.2.840.113556.1.4.64
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf9679ab-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Logon-Workstation
+ldapDisplayName: logonWorkstation
+attributeId: 1.2.840.113556.1.4.65
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf9679ac-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: LSA-Creation-Time
+ldapDisplayName: lSACreationTime
+attributeId: 1.2.840.113556.1.4.66
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679ad-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: LSA-Modified-Count
+ldapDisplayName: lSAModifiedCount
+attributeId: 1.2.840.113556.1.4.67
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679ae-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MacAddress
+ldapDisplayName: macAddress
+attributeId: 1.3.6.1.1.1.1.22
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: e6a522dd-9770-43e1-89de-1de5044328f7
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 128
+
+cn: Machine-Architecture
+ldapDisplayName: machineArchitecture
+attributeId: 1.2.840.113556.1.4.68
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: FALSE
+schemaIdGuid: bf9679af-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Machine-Password-Change-Interval
+ldapDisplayName: machinePasswordChangeInterval
+attributeId: 1.2.840.113556.1.4.520
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: c9b6358e-bb38-11d0-afef-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: a29b89fe-c7e8-11d0-9bae-00c04fd92ef5
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Machine-Role
+ldapDisplayName: machineRole
+attributeId: 1.2.840.113556.1.4.71
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+schemaIdGuid: bf9679b2-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Machine-Wide-Policy
+ldapDisplayName: machineWidePolicy
+attributeId: 1.2.840.113556.1.4.459
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 80a67e4f-9f22-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: a29b8a01-c7e8-11d0-9bae-00c04fd92ef5
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Managed-By
+ldapDisplayName: managedBy
+attributeId: 1.2.840.113556.1.4.653
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 0296c120-40da-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 72
+mapiID: 32780
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Managed-Objects
+ldapDisplayName: managedObjects
+attributeId: 1.2.840.113556.1.4.654
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 0296c124-40da-11d1-a9c0-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 73
+mapiID: 32804
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: Manager
+ldapDisplayName: manager
+attributeId: 0.9.2342.19200300.100.1.10
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: bf9679b5-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+linkID: 42
+mapiID: 32773
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MAPI-ID
+ldapDisplayName: mAPIID
+attributeId: 1.2.840.113556.1.2.49
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf9679b7-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 32974
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Marshalled-Interface
+ldapDisplayName: marshalledInterface
+attributeId: 1.2.840.113556.1.4.72
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf9679b9-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Mastered-By
+ldapDisplayName: masteredBy
+attributeId: 1.2.840.113556.1.4.1409
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: e48e64e0-12c9-11d3-9102-00c04fd91ab1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 77
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Max-Pwd-Age
+ldapDisplayName: maxPwdAge
+attributeId: 1.2.840.113556.1.4.74
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679bb-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Max-Renew-Age
+ldapDisplayName: maxRenewAge
+attributeId: 1.2.840.113556.1.4.75
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679bc-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Max-Storage
+ldapDisplayName: maxStorage
+attributeId: 1.2.840.113556.1.4.76
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679bd-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Max-Ticket-Age
+ldapDisplayName: maxTicketAge
+attributeId: 1.2.840.113556.1.4.77
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679be-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: May-Contain
+ldapDisplayName: mayContain
+attributeId: 1.2.840.113556.1.2.25
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: bf9679bf-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: meetingAdvertiseScope
+ldapDisplayName: meetingAdvertiseScope
+attributeId: 1.2.840.113556.1.4.582
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc8b-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingApplication
+ldapDisplayName: meetingApplication
+attributeId: 1.2.840.113556.1.4.573
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc83-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingBandwidth
+ldapDisplayName: meetingBandwidth
+attributeId: 1.2.840.113556.1.4.589
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc92-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingBlob
+ldapDisplayName: meetingBlob
+attributeId: 1.2.840.113556.1.4.590
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc93-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingContactInfo
+ldapDisplayName: meetingContactInfo
+attributeId: 1.2.840.113556.1.4.578
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc87-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingDescription
+ldapDisplayName: meetingDescription
+attributeId: 1.2.840.113556.1.4.567
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc7e-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingEndTime
+ldapDisplayName: meetingEndTime
+attributeId: 1.2.840.113556.1.4.588
+attributeSyntax: 2.5.5.11
+omSyntax: 23
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc91-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingID
+ldapDisplayName: meetingID
+attributeId: 1.2.840.113556.1.4.565
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc7c-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingIP
+ldapDisplayName: meetingIP
+attributeId: 1.2.840.113556.1.4.580
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc89-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingIsEncrypted
+ldapDisplayName: meetingIsEncrypted
+attributeId: 1.2.840.113556.1.4.585
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc8e-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingKeyword
+ldapDisplayName: meetingKeyword
+attributeId: 1.2.840.113556.1.4.568
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc7f-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingLanguage
+ldapDisplayName: meetingLanguage
+attributeId: 1.2.840.113556.1.4.574
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc84-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingLocation
+ldapDisplayName: meetingLocation
+attributeId: 1.2.840.113556.1.4.569
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc80-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingMaxParticipants
+ldapDisplayName: meetingMaxParticipants
+attributeId: 1.2.840.113556.1.4.576
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc85-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingName
+ldapDisplayName: meetingName
+attributeId: 1.2.840.113556.1.4.566
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc7d-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingOriginator
+ldapDisplayName: meetingOriginator
+attributeId: 1.2.840.113556.1.4.577
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc86-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingOwner
+ldapDisplayName: meetingOwner
+attributeId: 1.2.840.113556.1.4.579
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc88-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingProtocol
+ldapDisplayName: meetingProtocol
+attributeId: 1.2.840.113556.1.4.570
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc81-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingRating
+ldapDisplayName: meetingRating
+attributeId: 1.2.840.113556.1.4.584
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc8d-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingRecurrence
+ldapDisplayName: meetingRecurrence
+attributeId: 1.2.840.113556.1.4.586
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc8f-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingScope
+ldapDisplayName: meetingScope
+attributeId: 1.2.840.113556.1.4.581
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc8a-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingStartTime
+ldapDisplayName: meetingStartTime
+attributeId: 1.2.840.113556.1.4.587
+attributeSyntax: 2.5.5.11
+omSyntax: 23
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc90-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingType
+ldapDisplayName: meetingType
+attributeId: 1.2.840.113556.1.4.571
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 11b6cc82-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: meetingURL
+ldapDisplayName: meetingURL
+attributeId: 1.2.840.113556.1.4.583
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 11b6cc8c-48c4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Member
+ldapDisplayName: member
+attributeId: 2.5.4.31
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: bf9679c0-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: bc0ac240-79a9-11d0-9020-00c04fc2d4cf
+linkID: 2
+mapiID: 32777
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: MemberNisNetgroup
+ldapDisplayName: memberNisNetgroup
+attributeId: 1.3.6.1.1.1.1.13
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 0f6a17dc-53e5-4be8-9442-8f3ce2f9012a
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 153600
+
+cn: MemberUid
+ldapDisplayName: memberUid
+attributeId: 1.3.6.1.1.1.1.12
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 03dab236-672e-4f61-ab64-f77d2dc2ffab
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 256000
+
+cn: MHS-OR-Address
+ldapDisplayName: mhsORAddress
+attributeId: 1.2.840.113556.1.4.650
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0296c122-40da-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Min-Pwd-Age
+ldapDisplayName: minPwdAge
+attributeId: 1.2.840.113556.1.4.78
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679c2-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Min-Pwd-Length
+ldapDisplayName: minPwdLength
+attributeId: 1.2.840.113556.1.4.79
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf9679c3-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Min-Ticket-Age
+ldapDisplayName: minTicketAge
+attributeId: 1.2.840.113556.1.4.80
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679c4-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Modified-Count
+ldapDisplayName: modifiedCount
+attributeId: 1.2.840.113556.1.4.168
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679c5-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Modified-Count-At-Last-Prom
+ldapDisplayName: modifiedCountAtLastProm
+attributeId: 1.2.840.113556.1.4.81
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf9679c6-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Modify-Time-Stamp
+ldapDisplayName: modifyTimeStamp
+attributeId: 2.5.18.2
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: 9a7ad94a-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Moniker
+ldapDisplayName: moniker
+attributeId: 1.2.840.113556.1.4.82
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf9679c7-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Moniker-Display-Name
+ldapDisplayName: monikerDisplayName
+attributeId: 1.2.840.113556.1.4.83
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf9679c8-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Move-Tree-State
+ldapDisplayName: moveTreeState
+attributeId: 1.2.840.113556.1.4.1305
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 1f2ac2c8-3b71-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-COM-DefaultPartitionLink
+ldapDisplayName: msCOM-DefaultPartitionLink
+attributeId: 1.2.840.113556.1.4.1427
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 998b10f7-aa1a-4364-b867-753d197fe670
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-COM-ObjectId
+ldapDisplayName: msCOM-ObjectId
+attributeId: 1.2.840.113556.1.4.1428
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 430f678b-889f-41f2-9843-203b5a65572f
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-COM-PartitionLink
+ldapDisplayName: msCOM-PartitionLink
+attributeId: 1.2.840.113556.1.4.1423
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 09abac62-043f-4702-ac2b-6ca15eee5754
+systemOnly: FALSE
+searchFlags: 0
+linkID: 1040
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-COM-PartitionSetLink
+ldapDisplayName: msCOM-PartitionSetLink
+attributeId: 1.2.840.113556.1.4.1424
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 67f121dc-7d02-4c7d-82f5-9ad4c950ac34
+systemOnly: TRUE
+searchFlags: 0
+linkID: 1041
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-COM-UserLink
+ldapDisplayName: msCOM-UserLink
+attributeId: 1.2.840.113556.1.4.1425
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 9e6f3a4d-242c-4f37-b068-36b57f9fc852
+systemOnly: TRUE
+searchFlags: 0
+linkID: 1049
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-COM-UserPartitionSetLink
+ldapDisplayName: msCOM-UserPartitionSetLink
+attributeId: 1.2.840.113556.1.4.1426
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 8e940c8a-e477-4367-b08d-ff2ff942dcd7
+systemOnly: FALSE
+searchFlags: 0
+linkID: 1048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Mscope-Id
+ldapDisplayName: mscopeId
+attributeId: 1.2.840.113556.1.4.716
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: TRUE
+schemaIdGuid: 963d2751-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DFS-Comment-v2
+ldapDisplayName: msDFS-Commentv2
+attributeId: 1.2.840.113556.1.4.2036
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b786cec9-61fd-4523-b2c1-5ceb3860bb32
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32766
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DFS-Generation-GUID-v2
+ldapDisplayName: msDFS-GenerationGUIDv2
+attributeId: 1.2.840.113556.1.4.2032
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 35b8b3d9-c58f-43d6-930e-5040f2f1a781
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: 16
+
+cn: ms-DFS-Last-Modified-v2
+ldapDisplayName: msDFS-LastModifiedv2
+attributeId: 1.2.840.113556.1.4.2034
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: 3c095e8a-314e-465b-83f5-ab8277bcf29b
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+systemFlags: 16
+
+cn: ms-DFS-Link-Identity-GUID-v2
+ldapDisplayName: msDFS-LinkIdentityGUIDv2
+attributeId: 1.2.840.113556.1.4.2041
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: edb027f3-5726-4dee-8d4e-dbf07e1ad1f1
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower:16
+rangeUpper: 16
+systemFlags: 16
+
+cn: ms-DFS-Link-Path-v2
+ldapDisplayName: msDFS-LinkPathv2
+attributeId: 1.2.840.113556.1.4.2039
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 86b021f6-10ab-40a2-a252-1dc0cc3be6a9
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32766
+systemFlags: 16
+
+cn: ms-DFS-Link-Security-Descriptor-v2
+ldapDisplayName: msDFS-LinkSecurityDescriptorv2
+attributeId: 1.2.840.113556.1.4.2040
+attributeSyntax: 2.5.5.15
+omSyntax: 66
+isSingleValued: TRUE
+schemaIdGuid: 57cf87f7-3426-4841-b322-02b3b6e9eba8
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+systemFlags: 16
+
+cn: ms-DFS-Namespace-Identity-GUID-v2
+ldapDisplayName: msDFS-NamespaceIdentityGUIDv2
+attributeId: 1.2.840.113556.1.4.2033
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 200432ce-ec5f-4931-a525-d7f4afe34e68
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: 16
+
+cn: ms-DFS-Properties-v2
+ldapDisplayName: msDFS-Propertiesv2
+attributeId: 1.2.840.113556.1.4.2037
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0c3e5bc5-eb0e-40f5-9b53-334e958dffdb
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 1024
+systemFlags: 16
+
+cn: ms-DFSR-CachePolicy
+ldapDisplayName: msDFSR-CachePolicy
+attributeId: 1.2.840.113556.1.6.13.3.29
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: db7a08e7-fc76-4569-a45f-f5ecb66a88b5
+searchFlags: 0
+
+cn: ms-DFSR-CommonStagingPath
+ldapDisplayName: msDFSR-CommonStagingPath
+attributeId: 1.2.840.113556.1.6.13.3.38
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 936eac41-d257-4bb9-bd55-f310a3cf09ad
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-CommonStagingSizeInMb
+ldapDisplayName: msDFSR-CommonStagingSizeInMb
+attributeId: 1.2.840.113556.1.6.13.3.39
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 135eb00e-4846-458b-8ea2-a37559afd405
+searchFlags: 0
+rangeLower: 0
+rangeUpper: -1
+
+cn: ms-DFSR-ComputerReference
+ldapDisplayName: msDFSR-ComputerReference
+attributeId: 1.2.840.113556.1.6.13.3.101
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 6c7b5785-3d21-41bf-8a8a-627941544d5a
+searchFlags: 0
+linkID: 2050
+
+cn: ms-DFSR-ComputerReferenceBL
+ldapDisplayName: msDFSR-ComputerReferenceBL
+attributeId: 1.2.840.113556.1.6.13.3.103
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 5eb526d7-d71b-44ae-8cc6-95460052e6ac
+searchFlags: 0
+linkID: 2051
+systemFlags: FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DFSR-ConflictPath
+ldapDisplayName: msDFSR-ConflictPath
+attributeId: 1.2.840.113556.1.6.13.3.7
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 5cf0bcc8-60f7-4bff-bda6-aea0344eb151
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-ConflictSizeInMb
+ldapDisplayName: msDFSR-ConflictSizeInMb
+attributeId: 1.2.840.113556.1.6.13.3.8
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 9ad33fc9-aacf-4299-bb3e-d1fc6ea88e49
+searchFlags: 0
+rangeLower: 0
+rangeUpper: -1
+
+cn: ms-DFSR-ContentSetGuid
+ldapDisplayName: msDFSR-ContentSetGuid
+attributeId: 1.2.840.113556.1.6.13.3.18
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 1035a8e1-67a8-4c21-b7bb-031cdf99d7a0
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+
+cn: ms-DFSR-DefaultCompressionExclusionFilter
+ldapDisplayName: msDFSR-DefaultCompressionExclusionFilter
+attributeId: 1.2.840.113556.1.6.13.3.34
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 87811bd5-cd8b-45cb-9f5d-980f3a9e0c97
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-DeletedPath
+ldapDisplayName: msDFSR-DeletedPath
+attributeId: 1.2.840.113556.1.6.13.3.26
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 817cf0b8-db95-4914-b833-5a079ef65764
+searchFlags: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-DeletedSizeInMb
+ldapDisplayName: msDFSR-DeletedSizeInMb
+attributeId: 1.2.840.113556.1.6.13.3.27
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 53ed9ad1-9975-41f4-83f5-0c061a12553a
+searchFlags: 0
+rangeUpper: -1
+
+cn: ms-DFSR-DfsLinkTarget
+ldapDisplayName: msDFSR-DfsLinkTarget
+attributeId: 1.2.840.113556.1.6.13.3.24
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f7b85ba9-3bf9-428f-aab4-2eee6d56f063
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-DfsPath
+ldapDisplayName: msDFSR-DfsPath
+attributeId: 1.2.840.113556.1.6.13.3.21
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2cc903e2-398c-443b-ac86-ff6b01eac7ba
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-DirectoryFilter
+ldapDisplayName: msDFSR-DirectoryFilter
+attributeId: 1.2.840.113556.1.6.13.3.13
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 93c7b477-1f2e-4b40-b7bf-007e8d038ccf
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-DisablePacketPrivacy
+ldapDisplayName: msDFSR-DisablePacketPrivacy
+attributeId: 1.2.840.113556.1.6.13.3.32
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 6a84ede5-741e-43fd-9dd6-aa0f61578621
+searchFlags: 0
+
+cn: ms-DFSR-Enabled
+ldapDisplayName: msDFSR-Enabled
+attributeId: 1.2.840.113556.1.6.13.3.9
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 03726ae7-8e7d-4446-8aae-a91657c00993
+searchFlags: 0
+
+cn: ms-DFSR-Extension
+ldapDisplayName: msDFSR-Extension
+attributeId: 1.2.840.113556.1.6.13.3.2
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 78f011ec-a766-4b19-adcf-7b81ed781a4d
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65536
+
+cn: ms-DFSR-FileFilter
+ldapDisplayName: msDFSR-FileFilter
+attributeId: 1.2.840.113556.1.6.13.3.12
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: d68270ac-a5dc-4841-a6ac-cd68be38c181
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-Flags
+ldapDisplayName: msDFSR-Flags
+attributeId: 1.2.840.113556.1.6.13.3.16
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: fe515695-3f61-45c8-9bfa-19c148c57b09
+searchFlags: 0
+
+cn: ms-DFSR-Keywords
+ldapDisplayName: msDFSR-Keywords
+attributeId: 1.2.840.113556.1.6.13.3.15
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 048b4692-6227-4b67-a074-c4437083e14b
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-MaxAgeInCacheInMin
+ldapDisplayName: msDFSR-MaxAgeInCacheInMin
+attributeId: 1.2.840.113556.1.6.13.3.31
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 2ab0e48d-ac4e-4afc-83e5-a34240db6198
+searchFlags: 0
+rangeUpper: 2147483647
+
+cn: ms-DFSR-MemberReference
+ldapDisplayName: msDFSR-MemberReference
+attributeId: 1.2.840.113556.1.6.13.3.100
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 261337aa-f1c3-44b2-bbea-c88d49e6f0c7
+searchFlags: 0
+linkID: 2052
+
+cn: ms-DFSR-MemberReferenceBL
+ldapDisplayName: msDFSR-MemberReferenceBL
+attributeId: 1.2.840.113556.1.6.13.3.102
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: adde62c6-1880-41ed-bd3c-30b7d25e14f0
+searchFlags: 0
+linkID: 2053
+systemFlags: FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DFSR-MinDurationCacheInMin
+ldapDisplayName: msDFSR-MinDurationCacheInMin
+attributeId: 1.2.840.113556.1.6.13.3.30
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 4c5d607a-ce49-444a-9862-82a95f5d1fcc
+searchFlags: 0
+rangeUpper: 2147483647
+
+cn: ms-DFSR-OnDemandExclusionDirectoryFilter
+ldapDisplayName: msDFSR-OnDemandExclusionDirectoryFilter
+attributeId: 1.2.840.113556.1.6.13.3.36
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7d523aff-9012-49b2-9925-f922a0018656
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-OnDemandExclusionFileFilter
+ldapDisplayName: msDFSR-OnDemandExclusionFileFilter
+attributeId: 1.2.840.113556.1.6.13.3.35
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a68359dc-a581-4ee6-9015-5382c60f0fb4
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-Options
+ldapDisplayName: msDFSR-Options
+attributeId: 1.2.840.113556.1.6.13.3.17
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d6d67084-c720-417d-8647-b696237a114c
+searchFlags: 0
+
+cn: ms-DFSR-Options2
+ldapDisplayName: msDFSR-Options2
+attributeId: 1.2.840.113556.1.6.13.3.37
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 11e24318-4ca6-4f49-9afe-e5eb1afa3473
+searchFlags: 0
+
+cn: ms-DFSR-Priority
+ldapDisplayName: msDFSR-Priority
+attributeId: 1.2.840.113556.1.6.13.3.25
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: eb20e7d6-32ad-42de-b141-16ad2631b01b
+searchFlags: 0
+
+cn: ms-DFSR-RdcEnabled
+ldapDisplayName: msDFSR-RdcEnabled
+attributeId: 1.2.840.113556.1.6.13.3.19
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: e3b44e05-f4a7-4078-a730-f48670a743f8
+searchFlags: 0
+
+cn: ms-DFSR-RdcMinFileSizeInKb
+ldapDisplayName: msDFSR-RdcMinFileSizeInKb
+attributeId: 1.2.840.113556.1.6.13.3.20
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: f402a330-ace5-4dc1-8cc9-74d900bf8ae0
+searchFlags: 0
+rangeLower: 0
+rangeUpper: -1
+
+cn: ms-DFSR-ReadOnly
+ldapDisplayName: msDFSR-ReadOnly
+attributeId: 1.2.840.113556.1.6.13.3.28
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 5ac48021-e447-46e7-9d23-92c0c6a90dfb
+searchFlags: 0
+
+cn: ms-DFSR-ReplicationGroupGuid
+ldapDisplayName: msDFSR-ReplicationGroupGuid
+attributeId: 1.2.840.113556.1.6.13.3.23
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 2dad8796-7619-4ff8-966e-0a5cc67b287f
+searchFlags: fATTINDEX
+rangeLower: 16
+rangeUpper: 16
+
+cn: ms-DFSR-ReplicationGroupType
+ldapDisplayName: msDFSR-ReplicationGroupType
+attributeId: 1.2.840.113556.1.6.13.3.10
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: eeed0fc8-1001-45ed-80cc-bbf744930720
+searchFlags: 0
+
+cn: ms-DFSR-RootFence
+ldapDisplayName: msDFSR-RootFence
+attributeId: 1.2.840.113556.1.6.13.3.22
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 51928e94-2cd8-4abe-b552-e50412444370
+searchFlags: 0
+
+cn: ms-DFSR-RootPath
+ldapDisplayName: msDFSR-RootPath
+attributeId: 1.2.840.113556.1.6.13.3.3
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: d7d5e8c1-e61f-464f-9fcf-20bbe0a2ec54
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-RootSizeInMb
+ldapDisplayName: msDFSR-RootSizeInMb
+attributeId: 1.2.840.113556.1.6.13.3.4
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 90b769ac-4413-43cf-ad7a-867142e740a3
+searchFlags: 0
+rangeLower: 0
+
+cn: ms-DFSR-Schedule
+ldapDisplayName: msDFSR-Schedule
+attributeId: 1.2.840.113556.1.6.13.3.14
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 4699f15f-a71f-48e2-9ff5-5897c0759205
+searchFlags: 0
+rangeLower: 336
+rangeUpper: 336
+
+cn: ms-DFSR-StagingCleanupTriggerInPercent
+ldapDisplayName: msDFSR-StagingCleanupTriggerInPercent
+attributeId: 1.2.840.113556.1.6.13.3.40
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d64b9c23-e1fa-467b-b317-6964d744d633
+searchFlags: 0
+
+cn: ms-DFSR-StagingPath
+ldapDisplayName: msDFSR-StagingPath
+attributeId: 1.2.840.113556.1.6.13.3.5
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 86b9a69e-f0a6-405d-99bb-77d977992c2a
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+
+cn: ms-DFSR-StagingSizeInMb
+ldapDisplayName: msDFSR-StagingSizeInMb
+attributeId: 1.2.840.113556.1.6.13.3.6
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 250a8f20-f6fc-4559-ae65-e4b24c67aebe
+searchFlags: 0
+rangeLower: 0
+rangeUpper: -1
+
+cn: ms-DFSR-TombstoneExpiryInMin
+ldapDisplayName: msDFSR-TombstoneExpiryInMin
+attributeId: 1.2.840.113556.1.6.13.3.11
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 23e35d4c-e324-4861-a22f-e199140dae00
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2147483647
+
+cn: ms-DFSR-Version
+ldapDisplayName: msDFSR-Version
+attributeId: 1.2.840.113556.1.6.13.3.1
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1a861408-38c3-49ea-ba75-85481a77c655
+searchFlags: 0
+rangeUpper: 256
+
+cn: ms-DFS-Schema-Major-Version
+ldapDisplayName: msDFS-SchemaMajorVersion
+attributeId: 1.2.840.113556.1.4.2030
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ec6d7855-704a-4f61-9aa6-c49a7c1d54c7
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower: 2
+rangeUpper: 2
+systemFlags: 16
+
+cn: ms-DFS-Schema-Minor-Version
+ldapDisplayName: msDFS-SchemaMinorVersion
+attributeId: 1.2.840.113556.1.4.2031
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: fef9a725-e8f1-43ab-bd86-6a0115ce9e38
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 0
+systemFlags: 16
+
+cn: ms-DFS-Short-Name-Link-Path-v2
+ldapDisplayName: msDFS-ShortNameLinkPathv2
+attributeId: 1.2.840.113556.1.4.2042
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2d7826f0-4cf7-42e9-a039-1110e0d9ca99
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32766
+systemFlags: 16
+
+cn: ms-DFS-Target-List-v2
+ldapDisplayName: msDFS-TargetListv2
+attributeId: 1.2.840.113556.1.4.2038
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 6ab126c6-fa41-4b36-809e-7ca91610d48f
+isMemberOfPartialAttributeSet: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2097152
+systemFlags: 16
+
+cn: ms-DFS-Ttl-v2
+ldapDisplayName: msDFS-Ttlv2
+attributeId: 1.2.840.113556.1.4.2035
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ea944d31-864a-4349-ada5-062e2c614f5e
+isMemberOfPartialAttributeSet: FALSE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+searchFlags: 0
+
+cn: MS-DRM-Identity-Certificate
+ldapDisplayName: msDRM-IdentityCertificate
+attributeId: 1.2.840.113556.1.4.1843
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: e85e1204-3434-41ad-9b56-e2901228fff0
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 10240
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+isMemberOfPartialAttributeSet: TRUE
+
+cn: ms-DS-Additional-Dns-Host-Name
+ldapDisplayName: msDS-AdditionalDnsHostName
+attributeId: 1.2.840.113556.1.4.1717
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 80863791-dbe9-4eb8-837e-7f0ab55d9ac7
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+attributeSecurityGuid: 72e39547-7b18-11d1-adef-00c04fd8d5cd
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Additional-Sam-Account-Name
+ldapDisplayName: msDS-AdditionalSamAccountName
+attributeId: 1.2.840.113556.1.4.1718
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 975571df-a4d5-429a-9f59-cdc6581d91e6
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE| fANR | fATTINDEX
+rangeLower: 0
+rangeUpper: 256
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Allowed-DNS-Suffixes
+ldapDisplayName: msDS-AllowedDNSSuffixes
+attributeId: 1.2.840.113556.1.4.1710
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 8469441b-9ac4-4e45-8205-bd219dbf672d
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Allowed-To-Delegate-To
+ldapDisplayName: msDS-AllowedToDelegateTo
+attributeId: 1.2.840.113556.1.4.1787
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 800d94d7-b7a1-42a1-b14d-7cae1423d07f
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: MS-DS-All-Users-Trust-Quota
+ldapDisplayName: msDS-AllUsersTrustQuota
+attributeId: 1.2.840.113556.1.4.1789
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d3aa4a5c-4e03-4810-97aa-2b339e7a434b
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Approx-Immed-Subordinates
+ldapDisplayName: msDS-Approx-Immed-Subordinates
+attributeId: 1.2.840.113556.1.4.1669
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: e185d243-f6ce-4adb-b496-b0c005d7823c
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-AuthenticatedAt-DC
+ldapDisplayName: msDS-AuthenticatedAtDC
+attributeId: 1.2.840.113556.1.4.1958
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 3e1ee99c-6604-4489-89d9-84798a89515a
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2112
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-AuthenticatedTo-Accountlist
+ldapDisplayName: msDS-AuthenticatedToAccountlist
+attributeId: 1.2.840.113556.1.4.1957
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: e8b2c971-a6df-47bc-8d6f-62770d527aa5
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2113
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Auxiliary-Classes
+ldapDisplayName: msDS-Auxiliary-Classes
+attributeId: 1.2.840.113556.1.4.1458
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: c4af1073-ee50-4be0-b8c0-89a41fe99abe
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Az-Application-Data
+ldapDisplayName: msDS-AzApplicationData
+attributeId: 1.2.840.113556.1.4.1819
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 503fc3e8-1cc6-461a-99a3-9eee04f402a7
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Application-Name
+ldapDisplayName: msDS-AzApplicationName
+attributeId: 1.2.840.113556.1.4.1798
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: db5b0728-6208-4876-83b7-95d3e5695275
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 512
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Application-Version
+ldapDisplayName: msDS-AzApplicationVersion
+attributeId: 1.2.840.113556.1.4.1817
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7184a120-3ac4-47ae-848f-fe0ab20784d4
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Biz-Rule
+ldapDisplayName: msDS-AzBizRule
+attributeId: 1.2.840.113556.1.4.1801
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 33d41ea8-c0c9-4c92-9494-f104878413fd
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65536
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Biz-Rule-Language
+ldapDisplayName: msDS-AzBizRuleLanguage
+attributeId: 1.2.840.113556.1.4.1802
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 52994b56-0e6c-4e07-aa5c-ef9d7f5a0e25
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 64
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Class-ID
+ldapDisplayName: msDS-AzClassId
+attributeId: 1.2.840.113556.1.4.1816
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 013a7277-5c2d-49ef-a7de-b765b36a3f6f
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 40
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Domain-Timeout
+ldapDisplayName: msDS-AzDomainTimeout
+attributeId: 1.2.840.113556.1.4.1795
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 6448f56a-ca70-4e2e-b0af-d20e4ce653d0
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Generate-Audits
+ldapDisplayName: msDS-AzGenerateAudits
+attributeId: 1.2.840.113556.1.4.1805
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: f90abab0-186c-4418-bb85-88447c87222a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Generic-Data
+ldapDisplayName: msDS-AzGenericData
+attributeId: 1.2.840.113556.1.4.1950
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b5f7e349-7a5b-407c-a334-a31c3f538b98
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 65536
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Last-Imported-Biz-Rule-Path
+ldapDisplayName: msDS-AzLastImportedBizRulePath
+attributeId: 1.2.840.113556.1.4.1803
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 665acb5c-bb92-4dbc-8c59-b3638eab09b3
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65536
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-LDAP-Query
+ldapDisplayName: msDS-AzLDAPQuery
+attributeId: 1.2.840.113556.1.4.1792
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 5e53368b-fc94-45c8-9d7d-daf31ee7112d
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 4096
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Az-Major-Version
+ldapDisplayName: msDS-AzMajorVersion
+attributeId: 1.2.840.113556.1.4.1824
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: cfb9adb7-c4b7-4059-9568-1ed9db6b7248
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Minor-Version
+ldapDisplayName: msDS-AzMinorVersion
+attributeId: 1.2.840.113556.1.4.1825
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ee85ed93-b209-4788-8165-e702f51bfbf3
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Object-Guid
+ldapDisplayName: msDS-AzObjectGuid
+attributeId: 1.2.840.113556.1.4.1949
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 8491e548-6c38-4365-a732-af041569b02c
+systemOnly: TRUE
+searchFlags: fATTINDEX
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Operation-ID
+ldapDisplayName: msDS-AzOperationID
+attributeId: 1.2.840.113556.1.4.1800
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: a5f3b553-5d76-4cbe-ba3f-4312152cab18
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Scope-Name
+ldapDisplayName: msDS-AzScopeName
+attributeId: 1.2.840.113556.1.4.1799
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 515a6b06-2617-4173-8099-d5605df043c6
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65536
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Script-Engine-Cache-Max
+ldapDisplayName: msDS-AzScriptEngineCacheMax
+attributeId: 1.2.840.113556.1.4.1796
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 2629f66a-1f95-4bf3-a296-8e9d7b9e30c8
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Script-Timeout
+ldapDisplayName: msDS-AzScriptTimeout
+attributeId: 1.2.840.113556.1.4.1797
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 87d0fb41-2c8b-41f6-b972-11fdfd50d6b0
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Task-Is-Role-Definition
+ldapDisplayName: msDS-AzTaskIsRoleDefinition
+attributeId: 1.2.840.113556.1.4.1818
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 7b078544-6c82-4fe9-872f-ff48ad2b2e26
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Behavior-Version
+ldapDisplayName: msDS-Behavior-Version
+attributeId: 1.2.840.113556.1.4.1459
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d31a8757-2447-4545-8081-3bb610cacbf2
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-BridgeHead-Servers-Used
+ldapDisplayName: msDS-BridgeHeadServersUsed
+attributeId: 1.2.840.113556.1.4.2049
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+linkID: 2160
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+schemaIdGuid: 3ced1465-7b71-2541-8780-1e1ea6243a82
+searchFlags: 0
+systemFlags: FLAG_ATTR_NOT_REPLICATED | FLAG_ATTR_IS_OPERATIONAL |FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Byte-Array
+ldapDisplayName: msDS-ByteArray
+attributeId: 1.2.840.113556.1.4.1831
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: f0d8972e-dd5b-40e5-a51d-044c7c17ece7
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1000000
+showInAdvancedViewOnly: FALSE
+
+cn: ms-DS-Cached-Membership
+ldapDisplayName: msDS-Cached-Membership
+attributeId: 1.2.840.113556.1.4.1441
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 69cab008-cdd4-4bc9-bab8-0ff37efe1b20
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Cached-Membership-Time-Stamp
+ldapDisplayName: msDS-Cached-Membership-Time-Stamp
+attributeId: 1.2.840.113556.1.4.1442
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 3566bf1f-beee-4dcb-8abe-ef89fcfec6c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: MS-DS-Consistency-Child-Count
+ldapDisplayName: mS-DS-ConsistencyChildCount
+attributeId: 1.2.840.113556.1.4.1361
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 178b7bc2-b63a-11d2-90e1-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-DS-Consistency-Guid
+ldapDisplayName: mS-DS-ConsistencyGuid
+attributeId: 1.2.840.113556.1.4.1360
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 23773dc2-b63a-11d2-90e1-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-DS-Creator-SID
+ldapDisplayName: mS-DS-CreatorSID
+attributeId: 1.2.840.113556.1.4.1410
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: c5e60132-1480-11d3-91c1-0000f87a57d4
+systemOnly: TRUE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Date-Time
+ldapDisplayName: msDS-DateTime
+attributeId: 1.2.840.113556.1.4.1832
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: FALSE
+schemaIdGuid: 234fcbd8-fb52-4908-a328-fd9f6e58e403
+systemOnly: FALSE
+searchFlags: 0
+showInAdvancedViewOnly: FALSE
+
+cn: ms-DS-Default-Quota
+ldapDisplayName: msDS-DefaultQuota
+attributeId: 1.2.840.113556.1.4.1846
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 6818f726-674b-441b-8a3a-f40596374cea
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Deleted-Object-Lifetime
+ldapDisplayName: msDS-DeletedObjectLifetime
+attributeId: 1.2.840.113556.1.4.2068
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+schemaIdGuid: a9b38cb6-189a-4def-8a70-0fcfa158148e
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-DnsRootAlias
+ldapDisplayName: msDS-DnsRootAlias
+attributeId: 1.2.840.113556.1.4.1719
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2143acca-eead-4d29-b591-85fa49ce9173
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 255
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Enabled-Feature
+ldapDisplayName: msDS-EnabledFeature
+attributeId: 1.2.840.113556.1.4.2061
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+linkId: 2168
+isSingleValued: FALSE
+schemaIdGuid: 5706aeaf-b940-4fb2-bcfc-5268683ad9fe
+isMemberOfPartialAttributeSet: TRUE
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Enabled-Feature-BL
+ldapDisplayName: msDS-EnabledFeatureBL
+attributeId: 1.2.840.113556.1.4.2069
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+linkId: 2169
+isSingleValued: FALSE
+schemaIdGuid: ce5b01bc-17c6-44b8-9dc1-a9668b00901b
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT|FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Entry-Time-To-Die
+ldapDisplayName: msDS-Entry-Time-To-Die
+attributeId: 1.2.840.113556.1.4.1622
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: e1e9bad7-c6dd-4101-a843-794cec85b038
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE | fATTINDEX
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_OPERATIONAL
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-ExecuteScriptPassword
+ldapDisplayName: msDS-ExecuteScriptPassword
+attributeId: 1.2.840.113556.1.4.1783
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 9d054a5a-d187-46c1-9d85-42dfc44a56dd
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 64
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-External-Key
+ldapDisplayName: msDS-ExternalKey
+attributeId: 1.2.840.113556.1.4.1833
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: b92fd528-38ac-40d4-818d-0433380837c1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10000
+
+cn: ms-DS-External-Store
+ldapDisplayName: msDS-ExternalStore
+attributeId: 1.2.840.113556.1.4.1834
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 604877cd-9cdb-47c7-b03d-3daadb044910
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10000
+
+cn: ms-DS-Failed-Interactive-Logon-Count
+ldapDisplayName: msDS-FailedInteractiveLogonCount
+attributeId: 1.2.840.113556.1.4.1972
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: dc3ca86f-70ad-4960-8425-a4d6313d93dd
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Failed-Interactive-Logon-Count-At-Last-Successful-Logon
+ldapDisplayName: msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon
+attributeId: 1.2.840.113556.1.4.1973
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: c5d234e5-644a-4403-a665-e26e0aef5e98
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Filter-Containers
+ldapDisplayName: msDS-FilterContainers
+attributeId: 1.2.840.113556.1.4.1703
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: fb00dcdf-ac37-483a-9c12-ac53a6603033
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-HAB-Seniority-Index
+ldapDisplayName: msDS-HABSeniorityIndex
+attributeId: 1.2.840.113556.1.4.1997
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: def449f1-fd3b-4045-98cf-d9658da788b5
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 36000
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+isMemberOfPartialAttributeSet: TRUE
+
+cn: ms-DS-Has-Domain-NCs
+ldapDisplayName: msDS-HasDomainNCs
+attributeId: 1.2.840.113556.1.4.1820
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 6f17e347-a842-4498-b8b3-15e007da4fed
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 4
+rangeUpper: 4
+linkID: 2026
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Has-Full-Replica-NCs
+ldapDisplayName: msDS-hasFullReplicaNCs
+attributeId: 1.2.840.113556.1.4.1925
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 1d3c2d18-42d0-4868-99fe-0eca1e6fa9f3
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2104
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Has-Instantiated-NCs
+ldapDisplayName: msDS-HasInstantiatedNCs
+attributeId: 1.2.840.113556.1.4.1709
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+isSingleValued: FALSE
+schemaIdGuid: 11e9a5bc-4517-4049-af9c-51554fb0fc09
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 4
+rangeUpper: 4
+linkID: 2002
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Has-Master-NCs
+ldapDisplayName: msDS-hasMasterNCs
+attributeId: 1.2.840.113556.1.4.1836
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: ae2de0e2-59d7-4d47-8d47-ed4dfe4357ad
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2036
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Host-Service-Account
+ldapDisplayName: msDS-HostServiceAccount
+attributeId: 1.2.840.113556.1.4.2056
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 80641043-15a2-40e1-92a2-8ca866f70776
+attributeSecurityGUID: 77b5b886-944a-11d1-aebd-0000f80367c1
+searchFlags: 0
+linkID: 2166
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Host-Service-Account-BL
+ldapDisplayName: msDS-HostServiceAccountBL
+attributeId: 1.2.840.113556.1.4.2057
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 79abe4eb-88f3-48e7-89d6-f4bc7e98c331
+searchFlags: 0
+linkID: 2167
+systemFlags: FLAG_SCHEMA_BASE_OBJECT|FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Integer
+ldapDisplayName: msDS-Integer
+attributeId: 1.2.840.113556.1.4.1835
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+schemaIdGuid: 7bc64cea-c04e-4318-b102-3e0729371a65
+systemOnly: FALSE
+searchFlags: 0
+showInAdvancedViewOnly: FALSE
+
+cn: ms-DS-IntId
+ldapDisplayName: msDS-IntId
+attributeId: 1.2.840.113556.1.4.1716
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bc60096a-1b47-4b30-8877-602c93f56532
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Is-Domain-For
+ldapDisplayName: msDS-IsDomainFor
+attributeId: 1.2.840.113556.1.4.1933
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: ff155a2a-44e5-4de0-8318-13a58988de4f
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2027
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-Is-Full-Replica-For
+ldapDisplayName: msDS-IsFullReplicaFor
+attributeId: 1.2.840.113556.1.4.1932
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: c8bc72e0-a6b4-48f0-94a5-fd76a88c9987
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2105
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-isGC
+ldapDisplayName: msDS-isGC
+attributeId: 1.2.840.113556.1.4.1959
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 1df5cf33-0fe5-499e-90e1-e94b42718a46
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Is-Partial-Replica-For
+ldapDisplayName: msDS-IsPartialReplicaFor
+attributeId: 1.2.840.113556.1.4.1934
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 37c94ff6-c6d4-498f-b2f9-c6f7f8647809
+systemOnly: TRUE
+searchFlags: 0
+linkID: 75
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-isRODC
+ldapDisplayName: msDS-isRODC
+attributeId: 1.2.840.113556.1.4.1960
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: a8e8aa23-3e67-4af1-9d7a-2f1a1d633ac9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Is-User-Cachable-At-Rodc
+ldapDisplayName: msDS-IsUserCachableAtRodc
+attributeId: 1.2.840.113556.1.4.2025
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: fe01245a-341f-4556-951f-48c033a89050
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-KeyVersionNumber
+ldapDisplayName: msDS-KeyVersionNumber
+attributeId: 1.2.840.113556.1.4.1782
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: c523e9c0-33b5-4ac8-8923-b57b927f42f6
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-KrbTgt-Link
+ldapDisplayName: msDS-KrbTgtLink
+attributeId: 1.2.840.113556.1.4.1923
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 778ff5c9-6f4e-4b74-856a-d68383313910
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2100
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-KrbTgt-Link-BL
+ldapDisplayName: msDS-KrbTgtLinkBl
+attributeId: 1.2.840.113556.1.4.1931
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 5dd68c41-bfdf-438b-9b5d-39d9618bf260
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2101
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Last-Failed-Interactive-Logon-Time
+ldapDisplayName: msDS-LastFailedInteractiveLogonTime
+attributeId: 1.2.840.113556.1.4.1971
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: c7e7dafa-10c3-4b8b-9acd-54f11063742e
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Last-Known-RDN
+ldapDisplayName: msDS-LastKnownRDN
+attributeId: 1.2.840.113556.1.4.2067
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 8ab15858-683e-466d-877f-d640e1f9a611
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+rangeLower: 1
+rangeUpper: 255
+
+cn: ms-DS-Last-Successful-Interactive-Logon-Time
+ldapDisplayName: msDS-LastSuccessfulInteractiveLogonTime
+attributeId: 1.2.840.113556.1.4.1970
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 011929e6-8b5d-4258-b64a-00b0b4949747
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Local-Effective-Deletion-Time
+ldapDisplayName: msDS-LocalEffectiveDeletionTime
+attributeId: 1.2.840.113556.1.4.2059
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: 94f2800c-531f-4aeb-975d-48ac39fd8ca4
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT|FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Local-Effective-Recycle-Time
+ldapDisplayName: msDS-LocalEffectiveRecycleTime
+attributeId: 1.2.840.113556.1.4.2060
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: 4ad6016b-b0d2-4c9b-93b6-5964b17b968c
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT|FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Lockout-Duration
+ldapDisplayName: msDS-LockoutDuration
+attributeId: 1.2.840.113556.1.4.2018
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 0
+schemaIdGuid: 421f889a-472e-4fe4-8eb9-e1d0bc6071b2
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Lockout-Observation-Window
+ldapDisplayName: msDS-LockoutObservationWindow
+attributeId: 1.2.840.113556.1.4.2017
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 0
+schemaIdGuid: b05bda89-76af-468a-b892-1be55558ecc8
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Lockout-Threshold
+ldapDisplayName: msDS-LockoutThreshold
+attributeId: 1.2.840.113556.1.4.2019
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65535
+schemaIdGuid: b8c8c35e-4a19-4a95-99d0-69fe4446286f
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Logon-Time-Sync-Interval
+ldapDisplayName: msDS-LogonTimeSyncInterval
+attributeId: 1.2.840.113556.1.4.1784
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ad7940f8-e43a-4a42-83bc-d688e59ea605
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: MS-DS-Machine-Account-Quota
+ldapDisplayName: ms-DS-MachineAccountQuota
+attributeId: 1.2.840.113556.1.4.1411
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d064fb68-1480-11d3-91c1-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Mastered-By
+ldapDisplayName: msDs-masteredBy
+attributeId: 1.2.840.113556.1.4.1837
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 60234769-4819-4615-a1b2-49d2f119acb5
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2037
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Maximum-Password-Age
+ldapDisplayName: msDS-MaximumPasswordAge
+attributeId: 1.2.840.113556.1.4.2011
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 0
+schemaIdGuid: fdd337f5-4999-4fce-b252-8ff9c9b43875
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Max-Values
+ldapDisplayName: msDs-MaxValues
+attributeId: 1.2.840.113556.1.4.1842
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d1e169a4-ebe9-49bf-8fcb-8aef3874592d
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Members-For-Az-Role
+ldapDisplayName: msDS-MembersForAzRole
+attributeId: 1.2.840.113556.1.4.1806
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: cbf7e6cd-85a4-4314-8939-8bfe80597835
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2016
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Members-For-Az-Role-BL
+ldapDisplayName: msDS-MembersForAzRoleBL
+attributeId: 1.2.840.113556.1.4.1807
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: ececcd20-a7e0-4688-9ccf-02ece5e287f5
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2017
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-Minimum-Password-Age
+ldapDisplayName: msDS-MinimumPasswordAge
+attributeId: 1.2.840.113556.1.4.2012
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 0
+schemaIdGuid: 2a74f878-4d9c-49f9-97b3-6767d1cbd9a3
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Minimum-Password-Length
+ldapDisplayName: msDS-MinimumPasswordLength
+attributeId: 1.2.840.113556.1.4.2013
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 255
+schemaIdGuid: b21b3439-4c3a-441c-bb5f-08f20e9b315e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-NC-Repl-Cursors
+ldapDisplayName: msDS-NCReplCursors
+attributeId: 1.2.840.113556.1.4.1704
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 8a167ce4-f9e8-47eb-8d78-f7fe80abb2cc
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-NC-Replica-Locations
+ldapDisplayName: msDS-NC-Replica-Locations
+attributeId: 1.2.840.113556.1.4.1661
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 97de9615-b537-46bc-ac0f-10720f3909f3
+systemOnly: FALSE
+searchFlags: 0
+linkID: 1044
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-NC-Repl-Inbound-Neighbors
+ldapDisplayName: msDS-NCReplInboundNeighbors
+attributeId: 1.2.840.113556.1.4.1705
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9edba85a-3e9e-431b-9b1a-a5b6e9eda796
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-NC-Repl-Outbound-Neighbors
+ldapDisplayName: msDS-NCReplOutboundNeighbors
+attributeId: 1.2.840.113556.1.4.1706
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 855f2ef5-a1c5-4cc4-ba6d-32522848b61f
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-NC-RO-Replica-Locations
+ldapDisplayName: msDS-NC-RO-Replica-Locations
+attributeId: 1.2.840.113556.1.4.1967
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 3df793df-9858-4417-a701-735a1ecebf74
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2114
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-NC-RO-Replica-Locations-BL
+ldapDisplayName: msDS-NC-RO-Replica-Locations-BL
+attributeId: 1.2.840.113556.1.4.1968
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: f547511c-5b2a-44cc-8358-992a88258164
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2115
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-NC-Type
+ldapDisplayName: msDS-NcType
+attributeId: 1.2.840.113556.1.4.2024
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+schemaIdGuid: 5a2eacd7-cc2b-48cf-9d9a-b6f1a0024de9
+showInAdvancedViewOnly: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Never-Reveal-Group
+ldapDisplayName: msDS-NeverRevealGroup
+attributeId: 1.2.840.113556.1.4.1926
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 15585999-fd49-4d66-b25d-eeb96aba8174
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2106
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Non-Members
+ldapDisplayName: msDS-NonMembers
+attributeId: 1.2.840.113556.1.4.1793
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: cafcb1de-f23c-46b5-adf7-1e64957bd5db
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2014
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Non-Members-BL
+ldapDisplayName: msDS-NonMembersBL
+attributeId: 1.2.840.113556.1.4.1794
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 2a8c68fc-3a7a-4e87-8720-fe77c51cbe74
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2015
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-Non-Security-Group-Extra-Classes
+ldapDisplayName: msDS-Non-Security-Group-Extra-Classes
+attributeId: 1.2.840.113556.1.4.1689
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 2de144fc-1f52-486f-bdf4-16fcc3084e54
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Object-Reference
+ldapDisplayName: msDS-ObjectReference
+attributeId: 1.2.840.113556.1.4.1840
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 638ec2e8-22e7-409c-85d2-11b21bee72de
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2038
+
+cn: ms-DS-Object-Reference-BL
+ldapDisplayName: msDS-ObjectReferenceBL
+attributeId: 1.2.840.113556.1.4.1841
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 2b702515-c1f7-4b3b-b148-c0e4c6ceecb4
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2039
+systemFlags: FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-OIDToGroup-Link
+ldapDisplayName: msDS-OIDToGroupLink
+attributeId: 1.2.840.113556.1.4.2051
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: f9c9a57c-3941-438d-bebf-0edaf2aca187
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2164
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-OIDToGroup-Link-BL
+ldapDisplayName: msDS-OIDToGroupLinkBl
+attributeId: 1.2.840.113556.1.4.2052
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 1a3d0d20-5844-4199-ad25-0f5039a76ada
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2165
+systemFlags: FLAG_SCHEMA_BASE_OBJECT|FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Operations-For-Az-Role
+ldapDisplayName: msDS-OperationsForAzRole
+attributeId: 1.2.840.113556.1.4.1812
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 93f701be-fa4c-43b6-bc2f-4dbea718ffab
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2022
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Operations-For-Az-Role-BL
+ldapDisplayName: msDS-OperationsForAzRoleBL
+attributeId: 1.2.840.113556.1.4.1813
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: f85b6228-3734-4525-b6b7-3f3bb220902c
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2023
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-Operations-For-Az-Task
+ldapDisplayName: msDS-OperationsForAzTask
+attributeId: 1.2.840.113556.1.4.1808
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 1aacb436-2e9d-44a9-9298-ce4debeb6ebf
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2018
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Operations-For-Az-Task-BL
+ldapDisplayName: msDS-OperationsForAzTaskBL
+attributeId: 1.2.840.113556.1.4.1809
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: a637d211-5739-4ed1-89b2-88974548bc59
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2019
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-Optional-Feature-Flags
+ldapDisplayName: msDS-OptionalFeatureFlags
+attributeId: 1.2.840.113556.1.4.2063
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 8a0560c1-97b9-4811-9db7-dc061598965b
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Optional-Feature-GUID
+ldapDisplayName: msDS-OptionalFeatureGUID
+attributeId: 1.2.840.113556.1.4.2062
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 9b88bda8-dd82-4998-a91d-5f2d2baf1927
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Other-Settings
+ldapDisplayName: msDS-Other-Settings
+attributeId: 1.2.840.113556.1.4.1621
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 79d2f34c-9d7d-42bb-838f-866b3e4400e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Password-Complexity-Enabled
+ldapDisplayName: msDS-PasswordComplexityEnabled
+attributeId: 1.2.840.113556.1.4.2015
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid: db68054b-c9c3-4bf0-b15b-0fb52552a610
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Password-History-Length
+ldapDisplayName: msDS-PasswordHistoryLength
+attributeId: 1.2.840.113556.1.4.2014
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65535
+schemaIdGuid: fed81bb7-768c-4c2f-9641-2245de34794d
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Password-Reversible-Encryption-Enabled
+ldapDisplayName: msDS-PasswordReversibleEncryptionEnabled
+attributeId: 1.2.840.113556.1.4.2016
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+schemaIdGuid: 75ccdd8f-af6c-4487-bb4b-69e4d38a959c
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Password-Settings-Precedence
+ldapDisplayName: msDS-PasswordSettingsPrecedence
+attributeId: 1.2.840.113556.1.4.2023
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+schemaIdGuid: 456374ac-1f0a-4617-93cf-bc55a7c9d341
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: MS-DS-Per-User-Trust-Quota
+ldapDisplayName: msDS-PerUserTrustQuota
+attributeId: 1.2.840.113556.1.4.1788
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d161adf0-ca24-4993-a3aa-8b2c981302e8
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: MS-DS-Per-User-Trust-Tombstones-Quota
+ldapDisplayName: msDS-PerUserTrustTombstonesQuota
+attributeId: 1.2.840.113556.1.4.1790
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 8b70a6c6-50f9-4fa3-a71e-1ce03040449b
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Phonetic-Company-Name
+ldapDisplayName: msDS-PhoneticCompanyName
+attributeId: 1.2.840.113556.1.4.1945
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 5bd5208d-e5f4-46ae-a514-543bc9c47659
+systemOnly: FALSE
+searchFlags: fATTINDEX | fANR
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 35985
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+isMemberOfPartialAttributeSet: TRUE
+
+cn: ms-DS-Phonetic-Department
+ldapDisplayName: msDS-PhoneticDepartment
+attributeId: 1.2.840.113556.1.4.1944
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 6cd53daf-003e-49e7-a702-6fa896e7a6ef
+systemOnly: FALSE
+searchFlags: fATTINDEX | fANR
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 35984
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+isMemberOfPartialAttributeSet: TRUE
+
+cn: ms-DS-Phonetic-Display-Name
+ldapDisplayName: msDS-PhoneticDisplayName
+attributeId: 1.2.840.113556.1.4.1946
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: e21a94e4-2d66-4ce5-b30d-0ef87a776ff0
+systemOnly: FALSE
+searchFlags: fATTINDEX | fANR
+rangeLower: 0
+rangeUpper: 256
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 35986
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+isMemberOfPartialAttributeSet: TRUE
+
+cn: ms-DS-Phonetic-First-Name
+ldapDisplayName: msDS-PhoneticFirstName
+attributeId: 1.2.840.113556.1.4.1942
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 4b1cba4e-302f-4134-ac7c-f01f6c797843
+systemOnly: FALSE
+searchFlags: fATTINDEX | fANR
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 35982
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+isMemberOfPartialAttributeSet: TRUE
+
+cn: ms-DS-Phonetic-Last-Name
+ldapDisplayName: msDS-PhoneticLastName
+attributeId: 1.2.840.113556.1.4.1943
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f217e4ec-0836-4b90-88af-2f5d4bbda2bc
+systemOnly: FALSE
+searchFlags: fATTINDEX | fANR
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 35983
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+isMemberOfPartialAttributeSet: TRUE
+
+cn: ms-DS-Preferred-GC-Site
+ldapDisplayName: msDS-Preferred-GC-Site
+attributeId: 1.2.840.113556.1.4.1444
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: d921b50a-0ab2-42cd-87f6-09cf83a91854
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Principal-Name
+ldapDisplayName: msDS-PrincipalName
+attributeId: 1.2.840.113556.1.4.1865
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 564e9325-d057-c143-9e3b-4f9e5ef46f93
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Promotion-Settings
+ldapDisplayName: msDS-PromotionSettings
+attributeId: 1.2.840.113556.1.4.1962
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: c881b4e2-43c0-4ebe-b9bb-5250aa9b434c
+systemOnly: TRUE
+searchFlags: 0
+rangeUpper: 65536
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-PSO-Applied
+ldapDisplayName: msDS-PSOApplied
+attributeId: 1.2.840.113556.1.4.2021
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass: 1.3.12.2.1011.28.0.714
+schemaIdGuid: 5e6cf031-bda8-43c8-aca4-8fee4127005b
+linkID: 2119
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-PSO-Applies-To
+ldapDisplayName: msDS-PSOAppliesTo
+attributeId: 1.2.840.113556.1.4.2020
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass: 1.3.12.2.1011.28.0.714
+schemaIdGuid: 64c80f48-cdd2-4881-a86d-4e97b6f561fc
+linkID: 2118
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Quota-Amount
+ldapDisplayName: msDS-QuotaAmount
+attributeId: 1.2.840.113556.1.4.1845
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: fbb9a00d-3a8c-4233-9cf9-7189264903a1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Quota-Effective
+ldapDisplayName: msDS-QuotaEffective
+attributeId: 1.2.840.113556.1.4.1848
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 6655b152-101c-48b4-b347-e1fcebc60157
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Quota-Trustee
+ldapDisplayName: msDS-QuotaTrustee
+attributeId: 1.2.840.113556.1.4.1844
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 16378906-4ea5-49be-a8d1-bfd41dff4f65
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 28
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Quota-Used
+ldapDisplayName: msDS-QuotaUsed
+attributeId: 1.2.840.113556.1.4.1849
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: b5a84308-615d-4bb7-b05f-2f1746aa439f
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Repl-Attribute-Meta-Data
+ldapDisplayName: msDS-ReplAttributeMetaData
+attributeId: 1.2.840.113556.1.4.1707
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: d7c53242-724e-4c39-9d4c-2df8c9d66c7a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: MS-DS-Replicates-NC-Reason
+ldapDisplayName: mS-DS-ReplicatesNCReason
+attributeId: 1.2.840.113556.1.4.1408
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+isSingleValued: FALSE
+schemaIdGuid: 0ea12b84-08b3-11d3-91bc-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-ReplicationEpoch
+ldapDisplayName: msDS-ReplicationEpoch
+attributeId: 1.2.840.113556.1.4.1720
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 08e3aa79-eb1c-45b5-af7b-8f94246c8e41
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Replication-Notify-First-DSA-Delay
+ldapDisplayName: msDS-Replication-Notify-First-DSA-Delay
+attributeId: 1.2.840.113556.1.4.1663
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 85abd4f4-0a89-4e49-bdec-6f35bb2562ba
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Replication-Notify-Subsequent-DSA-Delay
+ldapDisplayName: msDS-Replication-Notify-Subsequent-DSA-Delay
+attributeId: 1.2.840.113556.1.4.1664
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d63db385-dd92-4b52-b1d8-0d3ecc0e86b6
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Repl-Value-Meta-Data
+ldapDisplayName: msDS-ReplValueMetaData
+attributeId: 1.2.840.113556.1.4.1708
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 2f5c8145-e1bd-410b-8957-8bfa81d5acfd
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Required-Domain-Behavior-Version
+ldapDisplayName: msDS-RequiredDomainBehaviorVersion
+attributeId: 1.2.840.113556.1.4.2066
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: eadd3dfe-ae0e-4cc2-b9b9-5fe5b6ed2dd2
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Required-Forest-Behavior-Version
+ldapDisplayName: msDS-RequiredForestBehaviorVersion
+attributeId: 1.2.840.113556.1.4.2079
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 4beca2e8-a653-41b2-8fee-721575474bec
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Resultant-PSO
+ldapDisplayName: msDS-ResultantPSO
+attributeId: 1.2.840.113556.1.4.2022
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+isSingleValued: TRUE
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass: 1.3.12.2.1011.28.0.714
+schemaIdGuid: b77ea093-88d0-4780-9a98-911f8e8b1dca
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Retired-Repl-NC-Signatures
+ldapDisplayName: msDS-RetiredReplNCSignatures
+attributeId: 1.2.840.113556.1.4.1826
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: d5b35506-19d6-4d26-9afb-11357ac99b5e
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Revealed-DSAs
+ldapDisplayName: msDS-RevealedDSAs
+attributeId: 1.2.840.113556.1.4.1930
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 94f6f2ac-c76d-4b5e-b71f-f332c3e93c22
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2103
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Revealed-List
+ldapDisplayName: msDS-RevealedList
+attributeId: 1.2.840.113556.1.4.1940
+attributeSyntax: 2.5.5.14
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.12
+isSingleValued: FALSE
+schemaIdGuid: cbdad11c-7fec-387b-6219-3a0627d9af81
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Revealed-List-BL
+ldapDisplayName: msDS-RevealedListBL
+attributeId: 1.2.840.113556.1.4.1975
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: aa1c88fd-b0f6-429f-b2ca-9d902266e808
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Revealed-Users
+ldapDisplayName: msDS-RevealedUsers
+attributeId: 1.2.840.113556.1.4.1924
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+isSingleValued: FALSE
+schemaIdGuid: 185c7821-3749-443a-bd6a-288899071adb
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2102
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Reveal-OnDemand-Group
+ldapDisplayName: msDS-RevealOnDemandGroup
+attributeId: 1.2.840.113556.1.4.1928
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 303d9f4a-1dd6-4b38-8fc5-33afe8c988ad
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2110
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-ds-Schema-Extensions
+ldapDisplayName: msDs-Schema-Extensions
+attributeId: 1.2.840.113556.1.4.1440
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: b39a61be-ed07-4cab-9a4a-4963ed0141e1
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-SD-Reference-Domain
+ldapDisplayName: msDS-SDReferenceDomain
+attributeId: 1.2.840.113556.1.4.1711
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 4c51e316-f628-43a5-b06b-ffb695fcb4f3
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2000
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Secondary-KrbTgt-Number
+ldapDisplayName: msDS-SecondaryKrbTgtNumber
+attributeId: 1.2.840.113556.1.4.1929
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: aa156612-2396-467e-ad6a-28d23fdb1865
+systemOnly: TRUE
+searchFlags: fATTINDEX
+rangeLower: 65536
+rangeUpper: 65536
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Security-Group-Extra-Classes
+ldapDisplayName: msDS-Security-Group-Extra-Classes
+attributeId: 1.2.840.113556.1.4.1688
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 4f146ae8-a4fe-4801-a731-f51848a4f4e4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Settings
+ldapDisplayName: msDS-Settings
+attributeId: 1.2.840.113556.1.4.1697
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0e1b47d7-40a3-4b48-8d1b-4cac0c1cdf21
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1000000
+systemFlags: 0
+
+cn: ms-DS-Site-Affinity
+ldapDisplayName: msDS-Site-Affinity
+attributeId: 1.2.840.113556.1.4.1443
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: c17c5602-bcb7-46f0-9656-6370ca884b72
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-SiteName
+ldapDisplayName: msDS-SiteName
+attributeId: 1.2.840.113556.1.4.1961
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 98a7f36d-3595-448a-9e6f-6b8965baed9c
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Source-Object-DN
+ldapDisplayName: msDS-SourceObjectDN
+attributeId: 1.2.840.113556.1.4.1879
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 773e93af-d3b4-48d4-b3f9-06457602d3d0
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 10240
+
+cn: ms-DS-SPN-Suffixes
+ldapDisplayName: msDS-SPNSuffixes
+attributeId: 1.2.840.113556.1.4.1715
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 789ee1eb-8c8e-4e4c-8cec-79b31b7617b5
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 255
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Supported-Encryption-Types
+ldapDisplayName: msDS-SupportedEncryptionTypes
+attributeId: 1.2.840.113556.1.4.1963
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 20119867-1d04-4ab7-9371-cfc3d5df0afd
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Tasks-For-Az-Role
+ldapDisplayName: msDS-TasksForAzRole
+attributeId: 1.2.840.113556.1.4.1814
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 35319082-8c4a-4646-9386-c2949d49894d
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2024
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Tasks-For-Az-Role-BL
+ldapDisplayName: msDS-TasksForAzRoleBL
+attributeId: 1.2.840.113556.1.4.1815
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: a0dcd536-5158-42fe-8c40-c00a7ad37959
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2025
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-Tasks-For-Az-Task
+ldapDisplayName: msDS-TasksForAzTask
+attributeId: 1.2.840.113556.1.4.1810
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: b11c8ee2-5fcd-46a7-95f0-f38333f096cf
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2020
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Tasks-For-Az-Task-BL
+ldapDisplayName: msDS-TasksForAzTaskBL
+attributeId: 1.2.840.113556.1.4.1811
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: df446e52-b5fa-4ca2-a42f-13f98a526c8f
+systemOnly: TRUE
+searchFlags: 0
+linkID: 2021
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-DS-Tombstone-Quota-Factor
+ldapDisplayName: msDS-TombstoneQuotaFactor
+attributeId: 1.2.840.113556.1.4.1847
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 461744d7-f3b6-45ba-8753-fb9552a5df32
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 100
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Top-Quota-Usage
+ldapDisplayName: msDS-TopQuotaUsage
+attributeId: 1.2.840.113556.1.4.1850
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7b7cce4f-f1f5-4bb6-b7eb-23504af19e75
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-Trust-Forest-Trust-Info
+ldapDisplayName: msDS-TrustForestTrustInfo
+attributeId: 1.2.840.113556.1.4.1702
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 29cc866e-49d3-4969-942e-1dbc0925d183
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-UpdateScript
+ldapDisplayName: msDS-UpdateScript
+attributeId: 1.2.840.113556.1.4.1721
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 146eb639-bb9f-4fc1-a825-e29e00c77920
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-User-Account-Control-Computed
+ldapDisplayName: msDS-User-Account-Control-Computed
+attributeId: 1.2.840.113556.1.4.1460
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 2cc4b836-b63f-4940-8d23-ea7acf06af56
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 4c164200-20c0-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-User-Password-Expiry-Time-Computed
+ldapDisplayName: msDS-UserPasswordExpiryTimeComputed
+attributeId: 1.2.840.113556.1.4.1996
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: add5cf10-7b09-4449-9ae6-2534148f8a72
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 4c164200-20c0-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-DS-USN-Last-Sync-Success
+ldapDisplayName: msDS-USNLastSyncSuccess
+attributeId: 1.2.840.113556.1.4.2055
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 31f7b8b6-c9f8-4f2d-a37b-58a823030331
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED | FLAG_ATTR_IS_OPERATIONAL
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: ms-Exch-Assistant-Name
+ldapDisplayName: msExchAssistantName
+attributeId: 1.2.840.113556.1.2.444
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a8df7394-c5ea-11d1-bbcb-0080c76670c0
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+mapiID: 14896
+
+cn: ms-Exch-House-Identifier
+ldapDisplayName: msExchHouseIdentifier
+attributeId: 1.2.840.113556.1.2.596
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a8df7407-c5ea-11d1-bbcb-0080c76670c0
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 128
+mapiID: 35924
+
+cn: ms-Exch-LabeledURI
+ldapDisplayName: msExchLabeledURI
+attributeId: 1.2.840.113556.1.2.593
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 16775820-47f3-11d1-a9c3-0000f80367c1
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 1024
+mapiID: 35921
+
+cn: ms-Exch-Owner-BL
+ldapDisplayName: ownerBL
+attributeId: 1.2.840.113556.1.2.104
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: bf9679f4-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+linkID: 45
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: ms-FRS-Hub-Member
+ldapDisplayName: msFRS-Hub-Member
+attributeId: 1.2.840.113556.1.4.1693
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 5643ff81-35b6-4ca9-9512-baf0bd0a2772
+searchFlags: 0
+linkID: 1046
+
+cn: ms-FRS-Topology-Pref
+ldapDisplayName: msFRS-Topology-Pref
+attributeId: 1.2.840.113556.1.4.1692
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 92aa27e0-5c50-402d-9ec1-ee847def9788
+searchFlags: 0
+
+cn: ms-FVE-KeyPackage
+ldapDisplayName: msFVE-KeyPackage
+attributeId: 1.2.840.113556.1.4.1999
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+rangeUpper: 102400
+schemaIdGuid: 1fd55ea8-88a7-47dc-8129-0daa97186a54
+searchFlags: fRODCFilteredAttribute | fCONFIDENTIAL | fCOPY |fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-FVE-RecoveryGuid
+ldapDisplayName: msFVE-RecoveryGuid
+attributeId: 1.2.840.113556.1.4.1965
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: f76909bc-e678-47a0-b0b3-f86a0044c06d
+searchFlags: fCOPY | fPRESERVEONDELETE | fPDNTATTINDEX | fATTINDEX
+rangeUpper: 128
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+isMemberOfPartialAttributeSet: TRUE
+
+cn: ms-FVE-RecoveryPassword
+ldapDisplayName: msFVE-RecoveryPassword
+attributeId: 1.2.840.113556.1.4.1964
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+rangeUpper: 256
+schemaIdGuid: 43061ac1-c8ad-4ccc-b785-2bfac20fc60a
+searchFlags: fRODCFilteredAttribute | fCONFIDENTIAL | fCOPY |fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-FVE-VolumeGuid
+ldapDisplayName: msFVE-VolumeGuid
+attributeId: 1.2.840.113556.1.4.1998
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+searchFlags: fCOPY | fPRESERVEONDELETE | fPDNTATTINDEX | fATTINDEX
+rangeUpper: 128
+schemaIdGuid: 85e5a5cf-dcee-4075-9cfd-ac9db6a2f245
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+isMemberOfPartialAttributeSet: TRUE
+
+cn: ms-ieee-80211-Data
+ldapDisplayName: msieee80211-Data
+attributeId: 1.2.840.113556.1.4.1821
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 0e0d0938-2658-4580-a9f6-7a0ac7b566cb
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-ieee-80211-Data-Type
+ldapDisplayName: msieee80211-DataType
+attributeId: 1.2.840.113556.1.4.1822
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 6558b180-35da-4efe-beed-521f8f48cafb
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-ieee-80211-ID
+ldapDisplayName: msieee80211-ID
+attributeId: 1.2.840.113556.1.4.1823
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7f73ef75-14c9-4c23-81de-dd07a06f9e8b
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Msi-File-List
+ldapDisplayName: msiFileList
+attributeId: 1.2.840.113556.1.4.671
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7bfdcb7d-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-IIS-FTP-Dir
+ldapDisplayName: msIIS-FTPDir
+attributeId: 1.2.840.113556.1.4.1786
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 8a5c99e9-2230-46eb-b8e8-e59d712eb9ee
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-IIS-FTP-Root
+ldapDisplayName: msIIS-FTPRoot
+attributeId: 1.2.840.113556.1.4.1785
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2a7827a4-1483-49a5-9d84-52e3812156b4
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-Imaging-PSP-Identifier
+ldapDisplayName: msImaging-PSPIdentifier
+attributeId: 1.2.840.113556.1.4.2053
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 51583ce9-94fa-4b12-b990-304c35b18595
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-Imaging-PSP-String
+ldapDisplayName: msImaging-PSPString
+attributeId: 1.2.840.113556.1.4.2054
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7b6760ae-d6ed-44a6-b6be-9de62c09ec67
+searchFlags: 0
+rangeUpper: 524288
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Msi-Script
+ldapDisplayName: msiScript
+attributeId: 1.2.840.113556.1.4.814
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: d9e18313-8939-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Msi-Script-Name
+ldapDisplayName: msiScriptName
+attributeId: 1.2.840.113556.1.4.845
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 96a7dd62-9118-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Msi-Script-Path
+ldapDisplayName: msiScriptPath
+attributeId: 1.2.840.113556.1.4.15
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967937-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Msi-Script-Size
+ldapDisplayName: msiScriptSize
+attributeId: 1.2.840.113556.1.4.846
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 96a7dd63-9118-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Authenticate
+ldapDisplayName: mSMQAuthenticate
+attributeId: 1.2.840.113556.1.4.923
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc326-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Base-Priority
+ldapDisplayName: mSMQBasePriority
+attributeId: 1.2.840.113556.1.4.920
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc323-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Computer-Type
+ldapDisplayName: mSMQComputerType
+attributeId: 1.2.840.113556.1.4.933
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc32e-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Computer-Type-Ex
+ldapDisplayName: mSMQComputerTypeEx
+attributeId: 1.2.840.113556.1.4.1417
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 18120de8-f4c4-4341-bd95-32eb5bcf7c80
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Cost
+ldapDisplayName: mSMQCost
+attributeId: 1.2.840.113556.1.4.946
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc33a-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-CSP-Name
+ldapDisplayName: mSMQCSPName
+attributeId: 1.2.840.113556.1.4.940
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc334-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Dependent-Client-Service
+ldapDisplayName: mSMQDependentClientService
+attributeId: 1.2.840.113556.1.4.1239
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 2df90d83-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Dependent-Client-Services
+ldapDisplayName: mSMQDependentClientServices
+attributeId: 1.2.840.113556.1.4.1226
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 2df90d76-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Digests
+ldapDisplayName: mSMQDigests
+attributeId: 1.2.840.113556.1.4.948
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 9a0dc33c-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 16
+rangeUpper: 16
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Digests-Mig
+ldapDisplayName: mSMQDigestsMig
+attributeId: 1.2.840.113556.1.4.966
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 0f71d8e0-da3b-11d1-90a5-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Ds-Service
+ldapDisplayName: mSMQDsService
+attributeId: 1.2.840.113556.1.4.1238
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 2df90d82-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Ds-Services
+ldapDisplayName: mSMQDsServices
+attributeId: 1.2.840.113556.1.4.1228
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 2df90d78-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Encrypt-Key
+ldapDisplayName: mSMQEncryptKey
+attributeId: 1.2.840.113556.1.4.936
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc331-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Foreign
+ldapDisplayName: mSMQForeign
+attributeId: 1.2.840.113556.1.4.934
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc32f-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-In-Routing-Servers
+ldapDisplayName: mSMQInRoutingServers
+attributeId: 1.2.840.113556.1.4.929
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 9a0dc32c-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Interval1
+ldapDisplayName: mSMQInterval1
+attributeId: 1.2.840.113556.1.4.1308
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 8ea825aa-3b7b-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Interval2
+ldapDisplayName: mSMQInterval2
+attributeId: 1.2.840.113556.1.4.1309
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 99b88f52-3b7b-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Journal
+ldapDisplayName: mSMQJournal
+attributeId: 1.2.840.113556.1.4.918
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc321-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Journal-Quota
+ldapDisplayName: mSMQJournalQuota
+attributeId: 1.2.840.113556.1.4.921
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc324-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Label
+ldapDisplayName: mSMQLabel
+attributeId: 1.2.840.113556.1.4.922
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc325-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 124
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Label-Ex
+ldapDisplayName: mSMQLabelEx
+attributeId: 1.2.840.113556.1.4.1415
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 4580ad25-d407-48d2-ad24-43e6e56793d7
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 124
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Long-Lived
+ldapDisplayName: mSMQLongLived
+attributeId: 1.2.840.113556.1.4.941
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc335-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Migrated
+ldapDisplayName: mSMQMigrated
+attributeId: 1.2.840.113556.1.4.952
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc33f-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Multicast-Address
+ldapDisplayName: MSMQ-MulticastAddress
+attributeId: 1.2.840.113556.1.4.1714
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1d2f4412-f10d-4337-9b48-6e5b125cd265
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 9
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Name-Style
+ldapDisplayName: mSMQNameStyle
+attributeId: 1.2.840.113556.1.4.939
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc333-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Nt4-Flags
+ldapDisplayName: mSMQNt4Flags
+attributeId: 1.2.840.113556.1.4.964
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: eb38a158-d57f-11d1-90a2-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Nt4-Stub
+ldapDisplayName: mSMQNt4Stub
+attributeId: 1.2.840.113556.1.4.960
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+schemaIdGuid: 6f914be6-d57e-11d1-90a2-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-OS-Type
+ldapDisplayName: mSMQOSType
+attributeId: 1.2.840.113556.1.4.935
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc330-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Out-Routing-Servers
+ldapDisplayName: mSMQOutRoutingServers
+attributeId: 1.2.840.113556.1.4.928
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 9a0dc32b-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Owner-ID
+ldapDisplayName: mSMQOwnerID
+attributeId: 1.2.840.113556.1.4.925
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc328-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fPRESERVEONDELETE | fATTINDEX
+rangeLower: 16
+rangeUpper: 16
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: MSMQ-Prev-Site-Gates
+ldapDisplayName: mSMQPrevSiteGates
+attributeId: 1.2.840.113556.1.4.1225
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 2df90d75-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Privacy-Level
+ldapDisplayName: mSMQPrivacyLevel
+attributeId: 1.2.840.113556.1.4.924
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc327-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-QM-ID
+ldapDisplayName: mSMQQMID
+attributeId: 1.2.840.113556.1.4.951
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc33e-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Queue-Journal-Quota
+ldapDisplayName: mSMQQueueJournalQuota
+attributeId: 1.2.840.113556.1.4.963
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 8e441266-d57f-11d1-90a2-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Queue-Name-Ext
+ldapDisplayName: mSMQQueueNameExt
+attributeId: 1.2.840.113556.1.4.1243
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2df90d87-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 92
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Queue-Quota
+ldapDisplayName: mSMQQueueQuota
+attributeId: 1.2.840.113556.1.4.962
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 3f6b8e12-d57f-11d1-90a2-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Queue-Type
+ldapDisplayName: mSMQQueueType
+attributeId: 1.2.840.113556.1.4.917
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc320-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 16
+rangeUpper: 16
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Quota
+ldapDisplayName: mSMQQuota
+attributeId: 1.2.840.113556.1.4.919
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc322-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Recipient-FormatName
+ldapDisplayName: msMQ-Recipient-FormatName
+attributeId: 1.2.840.113556.1.4.1695
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3bfe6748-b544-485a-b067-1b310c4334bf
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 255
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Routing-Service
+ldapDisplayName: mSMQRoutingService
+attributeId: 1.2.840.113556.1.4.1237
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 2df90d81-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Routing-Services
+ldapDisplayName: mSMQRoutingServices
+attributeId: 1.2.840.113556.1.4.1227
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 2df90d77-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Secured-Source
+ldapDisplayName: MSMQ-SecuredSource
+attributeId: 1.2.840.113556.1.4.1713
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 8bf0221b-7a06-4d63-91f0-1499941813d3
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Services
+ldapDisplayName: mSMQServices
+attributeId: 1.2.840.113556.1.4.950
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc33d-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Service-Type
+ldapDisplayName: mSMQServiceType
+attributeId: 1.2.840.113556.1.4.930
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc32d-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Sign-Certificates
+ldapDisplayName: mSMQSignCertificates
+attributeId: 1.2.840.113556.1.4.947
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc33b-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1048576
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Sign-Certificates-Mig
+ldapDisplayName: mSMQSignCertificatesMig
+attributeId: 1.2.840.113556.1.4.967
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 3881b8ea-da3b-11d1-90a5-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1048576
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Sign-Key
+ldapDisplayName: mSMQSignKey
+attributeId: 1.2.840.113556.1.4.937
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc332-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Site-1
+ldapDisplayName: mSMQSite1
+attributeId: 1.2.840.113556.1.4.943
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc337-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Site-2
+ldapDisplayName: mSMQSite2
+attributeId: 1.2.840.113556.1.4.944
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc338-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Site-Foreign
+ldapDisplayName: mSMQSiteForeign
+attributeId: 1.2.840.113556.1.4.961
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: FALSE
+schemaIdGuid: fd129d8a-d57e-11d1-90a2-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Site-Gates
+ldapDisplayName: mSMQSiteGates
+attributeId: 1.2.840.113556.1.4.945
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 9a0dc339-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Site-Gates-Mig
+ldapDisplayName: mSMQSiteGatesMig
+attributeId: 1.2.840.113556.1.4.1310
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: e2704852-3b7b-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Site-ID
+ldapDisplayName: mSMQSiteID
+attributeId: 1.2.840.113556.1.4.953
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc340-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Site-Name
+ldapDisplayName: mSMQSiteName
+attributeId: 1.2.840.113556.1.4.965
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: TRUE
+schemaIdGuid: ffadb4b2-de39-11d1-90a5-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Site-Name-Ex
+ldapDisplayName: mSMQSiteNameEx
+attributeId: 1.2.840.113556.1.4.1416
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 422144fa-c17f-4649-94d6-9731ed2784ed
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Sites
+ldapDisplayName: mSMQSites
+attributeId: 1.2.840.113556.1.4.927
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 9a0dc32a-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Transactional
+ldapDisplayName: mSMQTransactional
+attributeId: 1.2.840.113556.1.4.926
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc329-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-User-Sid
+ldapDisplayName: mSMQUserSid
+attributeId: 1.2.840.113556.1.4.1337
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: c58aae32-56f9-11d2-90d0-00c04fd91ab1
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 128
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+
+cn: MSMQ-Version
+ldapDisplayName: mSMQVersion
+attributeId: 1.2.840.113556.1.4.942
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 9a0dc336-c100-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-net-ieee-80211-GP-PolicyData
+ldapDisplayName: ms-net-ieee-80211-GP-PolicyData
+attributeId: 1.2.840.113556.1.4.1952
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 9c1495a5-4d76-468e-991e-1433b0a67855
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 4194304
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-net-ieee-80211-GP-PolicyGUID
+ldapDisplayName: ms-net-ieee-80211-GP-PolicyGUID
+attributeId: 1.2.840.113556.1.4.1951
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 35697062-1eaf-448b-ac1e-388e0be4fdee
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 64
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-net-ieee-80211-GP-PolicyReserved
+ldapDisplayName: ms-net-ieee-80211-GP-PolicyReserved
+attributeId: 1.2.840.113556.1.4.1953
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 0f69c62e-088e-4ff5-a53a-e923cec07c0a
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 4194304
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-net-ieee-8023-GP-PolicyData
+ldapDisplayName: ms-net-ieee-8023-GP-PolicyData
+attributeId: 1.2.840.113556.1.4.1955
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 8398948b-7457-4d91-bd4d-8d7ed669c9f7
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1048576
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-net-ieee-8023-GP-PolicyGUID
+ldapDisplayName: ms-net-ieee-8023-GP-PolicyGUID
+attributeId: 1.2.840.113556.1.4.1954
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 94a7b05a-b8b2-4f59-9c25-39e69baa1684
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 64
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-net-ieee-8023-GP-PolicyReserved
+ldapDisplayName: ms-net-ieee-8023-GP-PolicyReserved
+attributeId: 1.2.840.113556.1.4.1956
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: d3c527c7-2606-4deb-8cfd-18426feec8ce
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1048576
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msNPAllowDialin
+ldapDisplayName: msNPAllowDialin
+attributeId: 1.2.840.113556.1.4.1119
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: db0c9085-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msNPCalledStationID
+ldapDisplayName: msNPCalledStationID
+attributeId: 1.2.840.113556.1.4.1123
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: db0c9089-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+searchFlags: 0
+
+cn: msNPCallingStationID
+ldapDisplayName: msNPCallingStationID
+attributeId: 1.2.840.113556.1.4.1124
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: db0c908a-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msNPSavedCallingStationID
+ldapDisplayName: msNPSavedCallingStationID
+attributeId: 1.2.840.113556.1.4.1130
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: db0c908e-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-AccountCredentials
+ldapDisplayName: msPKIAccountCredentials
+attributeId: 1.2.840.113556.1.4.1894
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+isSingleValued: FALSE
+schemaIdGuid: b8dfa744-31dc-4ef1-ac7c-84baf7ef9da7
+systemOnly: FALSE
+searchFlags: fCONFIDENTIAL | fRODCFilteredAttribute
+attributeSecurityGuid: 91e647de-d96f-4b70-9557-d63ff4f3ccd8
+linkID: 2048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+isMemberOfPartialAttributeSet: FALSE
+
+cn: ms-PKI-Certificate-Application-Policy
+ldapDisplayName: msPKI-Certificate-Application-Policy
+attributeId: 1.2.840.113556.1.4.1674
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: dbd90548-aa37-4202-9966-8c537ba5ce32
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Certificate-Name-Flag
+ldapDisplayName: msPKI-Certificate-Name-Flag
+attributeId: 1.2.840.113556.1.4.1432
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ea1dddc4-60ff-416e-8cc0-17cee534bce7
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Certificate-Policy
+ldapDisplayName: msPKI-Certificate-Policy
+attributeId: 1.2.840.113556.1.4.1439
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 38942346-cc5b-424b-a7d8-6ffd12029c5f
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+systemOnly: FALSE
+
+cn: ms-PKI-Cert-Template-OID
+ldapDisplayName: msPKI-Cert-Template-OID
+attributeId: 1.2.840.113556.1.4.1436
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3164c36a-ba26-468c-8bda-c1e5cc256728
+systemOnly: FALSE
+searchFlags: 1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Credential-Roaming-Tokens
+ldapDisplayName: msPKI-CredentialRoamingTokens
+attributeId: 1.2.840.113556.1.4.2050
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+schemaIdGuid: b7ff5a38-0818-42b0-8110-d3d154c97f24
+attributeSecurityGUID: 91e647de-d96f-4b70-9557-d63ff4f3ccd8
+searchFlags: fCONFIDENTIAL
+linkID: 2162
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-DPAPIMasterKeys
+ldapDisplayName: msPKIDPAPIMasterKeys
+attributeId: 1.2.840.113556.1.4.1893
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+isSingleValued: FALSE
+schemaIdGuid: b3f93023-9239-4f7c-b99c-6745d87adbc2
+systemOnly: FALSE
+searchFlags: fCONFIDENTIAL | fRODCFilteredAttribute
+attributeSecurityGuid: 91e647de-d96f-4b70-9557-d63ff4f3ccd8
+linkID: 2046
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+isMemberOfPartialAttributeSet: FALSE
+
+cn: ms-PKI-Enrollment-Flag
+ldapDisplayName: msPKI-Enrollment-Flag
+attributeId: 1.2.840.113556.1.4.1430
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: d15ef7d8-f226-46db-ae79-b34e560bd12c
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Enrollment-Servers
+ldapDisplayName: msPKI-Enrollment-Servers
+attributeId: 1.2.840.113556.1.4.2076
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f22bd38f-a1d0-4832-8b28-0331438886a6
+systemOnly: FALSE
+rangeUpper: 65536
+isMemberOfPartialAttributeSet: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Minimal-Key-Size
+ldapDisplayName: msPKI-Minimal-Key-Size
+attributeId: 1.2.840.113556.1.4.1433
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: e96a63f5-417f-46d3-be52-db7703c503df
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-OID-Attribute
+ldapDisplayName: msPKI-OID-Attribute
+attributeId: 1.2.840.113556.1.4.1671
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 8c9e1288-5028-4f4f-a704-76d026f246ef
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-OID-CPS
+ldapDisplayName: msPKI-OID-CPS
+attributeId: 1.2.840.113556.1.4.1672
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 5f49940e-a79f-4a51-bb6f-3d446a54dc6b
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 32768
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-OID-LocalizedName
+ldapDisplayName: msPKI-OIDLocalizedName
+attributeId: 1.2.840.113556.1.4.1712
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7d59a816-bb05-4a72-971f-5c1331f67559
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 512
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-OID-User-Notice
+ldapDisplayName: msPKI-OID-User-Notice
+attributeId: 1.2.840.113556.1.4.1673
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 04c4da7a-e114-4e69-88de-e293f2d3b395
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 32768
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Private-Key-Flag
+ldapDisplayName: msPKI-Private-Key-Flag
+attributeId: 1.2.840.113556.1.4.1431
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bab04ac2-0435-4709-9307-28380e7c7001
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-RA-Application-Policies
+ldapDisplayName: msPKI-RA-Application-Policies
+attributeId: 1.2.840.113556.1.4.1675
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 3c91fbbf-4773-4ccd-a87b-85d53e7bcf6a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-RA-Policies
+ldapDisplayName: msPKI-RA-Policies
+attributeId: 1.2.840.113556.1.4.1438
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: d546ae22-0951-4d47-817e-1c9f96faad46
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-RA-Signature
+ldapDisplayName: msPKI-RA-Signature
+attributeId: 1.2.840.113556.1.4.1429
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: fe17e04b-937d-4f7e-8e0e-9292c8d5683e
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-RoamingTimeStamp
+ldapDisplayName: msPKIRoamingTimeStamp
+attributeId: 1.2.840.113556.1.4.1892
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 6617e4ac-a2f1-43ab-b60c-11fbd1facf05
+systemOnly: FALSE
+searchFlags: fCONFIDENTIAL | fRODCFilteredAttribute
+attributeSecurityGuid: 91e647de-d96f-4b70-9557-d63ff4f3ccd8
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+isMemberOfPartialAttributeSet: FALSE
+
+cn: ms-PKI-Site-Name
+ldapDisplayName: msPKI-Site-Name
+attributeId: 1.2.840.113556.1.4.2077
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 0cd8711f-0afc-4926-a4b1-09b08d3d436c
+systemOnly: FALSE
+rangeUpper: 1024
+isMemberOfPartialAttributeSet: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Supersede-Templates
+ldapDisplayName: msPKI-Supersede-Templates
+attributeId: 1.2.840.113556.1.4.1437
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9de8ae7d-7a5b-421d-b5e4-061f79dfd5d7
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Template-Minor-Revision
+ldapDisplayName: msPKI-Template-Minor-Revision
+attributeId: 1.2.840.113556.1.4.1435
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 13f5236c-1884-46b1-b5d0-484e38990d58
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Template-Schema-Version
+ldapDisplayName: msPKI-Template-Schema-Version
+attributeId: 1.2.840.113556.1.4.1434
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 0c15e9f5-491d-4594-918f-32813a091da9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msRADIUSCallbackNumber
+ldapDisplayName: msRADIUSCallbackNumber
+attributeId: 1.2.840.113556.1.4.1145
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: db0c909c-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-RADIUS-FramedInterfaceId
+ldapDisplayName: msRADIUS-FramedInterfaceId
+attributeId: 1.2.840.113556.1.4.1913
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: a6f24a23-d65c-4d65-a64f-35fb6873c2b9
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeUpper: 8
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msRADIUSFramedIPAddress
+ldapDisplayName: msRADIUSFramedIPAddress
+attributeId: 1.2.840.113556.1.4.1153
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: db0c90a4-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-RADIUS-FramedIpv6Prefix
+ldapDisplayName: msRADIUS-FramedIpv6Prefix
+attributeId: 1.2.840.113556.1.4.1915
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: f63ed610-d67c-494d-87be-cd1e24359a38
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-RADIUS-FramedIpv6Route
+ldapDisplayName: msRADIUS-FramedIpv6Route
+attributeId: 1.2.840.113556.1.4.1917
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 5a5aa804-3083-4863-94e5-018a79a22ec0
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeUpper: 4096
+
+cn: msRADIUSFramedRoute
+ldapDisplayName: msRADIUSFramedRoute
+attributeId: 1.2.840.113556.1.4.1158
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: db0c90a9-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-RADIUS-SavedFramedInterfaceId
+ldapDisplayName: msRADIUS-SavedFramedInterfaceId
+attributeId: 1.2.840.113556.1.4.1914
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: a4da7289-92a3-42e5-b6b6-dad16d280ac9
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeUpper: 8
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-RADIUS-SavedFramedIpv6Prefix
+ldapDisplayName: msRADIUS-SavedFramedIpv6Prefix
+attributeId: 1.2.840.113556.1.4.1916
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: 0965a062-b1e1-403b-b48d-5c0eb0e952cc
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-RADIUS-SavedFramedIpv6Route
+ldapDisplayName: msRADIUS-SavedFramedIpv6Route
+attributeId: 1.2.840.113556.1.4.1918
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 9666bb5c-df9d-4d41-b437-2eec7e27c9b3
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeUpper: 4096
+
+cn: msRADIUSServiceType
+ldapDisplayName: msRADIUSServiceType
+attributeId: 1.2.840.113556.1.4.1171
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: db0c90b6-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msRASSavedCallbackNumber
+ldapDisplayName: msRASSavedCallbackNumber
+attributeId: 1.2.840.113556.1.4.1189
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: db0c90c5-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msRASSavedFramedIPAddress
+ldapDisplayName: msRASSavedFramedIPAddress
+attributeId: 1.2.840.113556.1.4.1190
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: db0c90c6-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msRASSavedFramedRoute
+ldapDisplayName: msRASSavedFramedRoute
+attributeId: 1.2.840.113556.1.4.1191
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: db0c90c7-c1f2-11d1-bbc5-0080c76670c0
+systemOnly: FALSE
+searchFlags: fCOPY
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-RRAS-Attribute
+ldapDisplayName: msRRASAttribute
+attributeId: 1.2.840.113556.1.4.884
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f39b98ad-938d-11d1-aebd-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-RRAS-Vendor-Attribute-Entry
+ldapDisplayName: msRRASVendorAttributeEntry
+attributeId: 1.2.840.113556.1.4.883
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f39b98ac-938d-11d1-aebd-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: msSFU-30-Aliases
+ldapDisplayName: msSFU30Aliases
+attributeId: 1.2.840.113556.1.6.18.1.323
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 20ebf171-c69a-4c31-b29d-dcb837d8912d
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 153600
+
+cn: msSFU-30-Crypt-Method
+ldapDisplayName: msSFU30CryptMethod
+attributeId: 1.2.840.113556.1.6.18.1.352
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: 4503d2a3-3d70-41b8-b077-dff123c15865
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: msSFU-30-Domains
+ldapDisplayName: msSFU30Domains
+attributeId: 1.2.840.113556.1.6.18.1.340
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 93095ed3-6f30-4bdd-b734-65d569f5f7c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeUpper: 256000
+
+cn: msSFU-30-Field-Separator
+ldapDisplayName: msSFU30FieldSeparator
+attributeId: 1.2.840.113556.1.6.18.1.302
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a2e11a42-e781-4ca1-a7fa-ec307f62b6a1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 50
+
+cn: msSFU-30-Intra-Field-Separator
+ldapDisplayName: msSFU30IntraFieldSeparator
+attributeId: 1.2.840.113556.1.6.18.1.303
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 95b2aef0-27e4-4cb9-880a-a2d9a9ea23b8
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 50
+
+cn: msSFU-30-Is-Valid-Container
+ldapDisplayName: msSFU30IsValidContainer
+attributeId: 1.2.840.113556.1.6.18.1.350
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 0dea42f5-278d-4157-b4a7-49b59664915b
+systemOnly: FALSE
+searchFlags: fATTINDEX
+
+cn: msSFU-30-Key-Attributes
+ldapDisplayName: msSFU30KeyAttributes
+attributeId: 1.2.840.113556.1.6.18.1.301
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 32ecd698-ce9e-4894-a134-7ad76b082e83
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: msSFU-30-Key-Values
+ldapDisplayName: msSFU30KeyValues
+attributeId: 1.2.840.113556.1.6.18.1.324
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 37830235-e5e9-46f2-922b-d8d44f03e7ae
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10240
+
+cn: msSFU-30-Map-Filter
+ldapDisplayName: msSFU30MapFilter
+attributeId: 1.2.840.113556.1.6.18.1.306
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b7b16e01-024f-4e23-ad0d-71f1a406b684
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: msSFU-30-Master-Server-Name
+ldapDisplayName: msSFU30MasterServerName
+attributeId: 1.2.840.113556.1.6.18.1.307
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 4cc908a2-9e18-410e-8459-f17cc422020a
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeUpper: 1024
+
+cn: msSFU-30-Max-Gid-Number
+ldapDisplayName: msSFU30MaxGidNumber
+attributeId: 1.2.840.113556.1.6.18.1.342
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 04ee6aa6-f83b-469a-bf5a-3c00d3634669
+systemOnly: FALSE
+searchFlags: fATTINDEX
+
+cn: msSFU-30-Max-Uid-Number
+ldapDisplayName: msSFU30MaxUidNumber
+attributeId: 1.2.840.113556.1.6.18.1.343
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ec998437-d944-4a28-8500-217588adfc75
+systemOnly: FALSE
+searchFlags: fATTINDEX
+
+cn: msSFU-30-Name
+ldapDisplayName: msSFU30Name
+attributeId: 1.2.840.113556.1.6.18.1.309
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: 16c5d1d3-35c2-4061-a870-a5cefda804f0
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeUpper: 1024
+
+cn: msSFU-30-Netgroup-Host-At-Domain
+ldapDisplayName: msSFU30NetgroupHostAtDomain
+attributeId: 1.2.840.113556.1.6.18.1.348
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 97d2bf65-0466-4852-a25a-ec20f57ee36c
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeUpper: 2048
+
+cn: msSFU-30-Netgroup-User-At-Domain
+ldapDisplayName: msSFU30NetgroupUserAtDomain
+attributeId: 1.2.840.113556.1.6.18.1.349
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: a9e84eed-e630-4b67-b4b3-cad2a82d345e
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeUpper: 2048
+
+cn: msSFU-30-Nis-Domain
+ldapDisplayName: msSFU30NisDomain
+attributeId: 1.2.840.113556.1.6.18.1.339
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: 9ee3b2e3-c7f3-45f8-8c9f-1382be4984d2
+systemOnly: FALSE
+searchFlags: fPRESERVEONDELETE | fATTINDEX
+rangeUpper: 1024
+
+cn: msSFU-30-NSMAP-Field-Position
+ldapDisplayName: msSFU30NSMAPFieldPosition
+attributeId: 1.2.840.113556.1.6.18.1.345
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: 585c9d5e-f599-4f07-9cf9-4373af4b89d3
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: msSFU-30-Order-Number
+ldapDisplayName: msSFU30OrderNumber
+attributeId: 1.2.840.113556.1.6.18.1.308
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 02625f05-d1ee-4f9f-b366-55266becb95c
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeUpper: 1024
+
+cn: msSFU-30-Posix-Member
+ldapDisplayName: msSFU30PosixMember
+attributeId: 1.2.840.113556.1.6.18.1.346
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: c875d82d-2848-4cec-bb50-3c5486d09d57
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2030
+
+cn: msSFU-30-Posix-Member-Of
+ldapDisplayName: msSFU30PosixMemberOf
+attributeId: 1.2.840.113556.1.6.18.1.347
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 7bd76b92-3244-438a-ada6-24f5ea34381e
+systemOnly: FALSE
+searchFlags: 0
+linkID: 2031
+systemFlags: FLAG_ATTR_NOT_REPLICATED
+
+cn: msSFU-30-Result-Attributes
+ldapDisplayName: msSFU30ResultAttributes
+attributeId: 1.2.840.113556.1.6.18.1.305
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: e167b0b6-4045-4433-ac35-53f972d45cba
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: msSFU-30-Search-Attributes
+ldapDisplayName: msSFU30SearchAttributes
+attributeId: 1.2.840.113556.1.6.18.1.304
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: ef9a2df0-2e57-48c8-8950-0cc674004733
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: msSFU-30-Search-Container
+ldapDisplayName: msSFU30SearchContainer
+attributeId: 1.2.840.113556.1.6.18.1.300
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 27eebfa2-fbeb-4f8e-aad6-c50247994291
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 2048
+
+cn: msSFU-30-Yp-Servers
+ldapDisplayName: msSFU30YpServers
+attributeId: 1.2.840.113556.1.6.18.1.341
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 084a944b-e150-4bfe-9345-40e1aedaebba
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeUpper: 20480
+
+cn: MS-SQL-Alias
+ldapDisplayName: mS-SQL-Alias
+attributeId: 1.2.840.113556.1.4.1395
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: e0c6baae-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: fATTINDEX
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-AllowAnonymousSubscription
+ldapDisplayName: mS-SQL-AllowAnonymousSubscription
+attributeId: 1.2.840.113556.1.4.1394
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: db77be4a-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-AllowImmediateUpdatingSubscription
+ldapDisplayName: mS-SQL-AllowImmediateUpdatingSubscription
+attributeId: 1.2.840.113556.1.4.1404
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: c4186b6e-d34b-11d2-999a-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-AllowKnownPullSubscription
+ldapDisplayName: mS-SQL-AllowKnownPullSubscription
+attributeId: 1.2.840.113556.1.4.1403
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: c3bb7054-d34b-11d2-999a-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-AllowQueuedUpdatingSubscription
+ldapDisplayName: mS-SQL-AllowQueuedUpdatingSubscription
+attributeId: 1.2.840.113556.1.4.1405
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: c458ca80-d34b-11d2-999a-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-AllowSnapshotFilesFTPDownloading
+ldapDisplayName: mS-SQL-AllowSnapshotFilesFTPDownloading
+attributeId: 1.2.840.113556.1.4.1406
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: c49b8be8-d34b-11d2-999a-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-AppleTalk
+ldapDisplayName: mS-SQL-AppleTalk
+attributeId: 1.2.840.113556.1.4.1378
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 8fda89f4-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Applications
+ldapDisplayName: mS-SQL-Applications
+attributeId: 1.2.840.113556.1.4.1400
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: fbcda2ea-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Build
+ldapDisplayName: mS-SQL-Build
+attributeId: 1.2.840.113556.1.4.1368
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 603e94c4-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-CharacterSet
+ldapDisplayName: mS-SQL-CharacterSet
+attributeId: 1.2.840.113556.1.4.1370
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 696177a6-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Clustered
+ldapDisplayName: mS-SQL-Clustered
+attributeId: 1.2.840.113556.1.4.1373
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 7778bd90-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-ConnectionURL
+ldapDisplayName: mS-SQL-ConnectionURL
+attributeId: 1.2.840.113556.1.4.1383
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a92d23da-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Contact
+ldapDisplayName: mS-SQL-Contact
+attributeId: 1.2.840.113556.1.4.1365
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 4f6cbdd8-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-CreationDate
+ldapDisplayName: mS-SQL-CreationDate
+attributeId: 1.2.840.113556.1.4.1397
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ede14754-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Database
+ldapDisplayName: mS-SQL-Database
+attributeId: 1.2.840.113556.1.4.1393
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: d5a0dbdc-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: fATTINDEX
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Description
+ldapDisplayName: mS-SQL-Description
+attributeId: 1.2.840.113556.1.4.1390
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 8386603c-ccef-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-GPSHeight
+ldapDisplayName: mS-SQL-GPSHeight
+attributeId: 1.2.840.113556.1.4.1387
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bcdd4f0e-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-GPSLatitude
+ldapDisplayName: mS-SQL-GPSLatitude
+attributeId: 1.2.840.113556.1.4.1385
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b222ba0e-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-GPSLongitude
+ldapDisplayName: mS-SQL-GPSLongitude
+attributeId: 1.2.840.113556.1.4.1386
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b7577c94-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-InformationDirectory
+ldapDisplayName: mS-SQL-InformationDirectory
+attributeId: 1.2.840.113556.1.4.1392
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: d0aedb2e-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-InformationURL
+ldapDisplayName: mS-SQL-InformationURL
+attributeId: 1.2.840.113556.1.4.1382
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a42cd510-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Keywords
+ldapDisplayName: mS-SQL-Keywords
+attributeId: 1.2.840.113556.1.4.1401
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 01e9a98a-ccef-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Language
+ldapDisplayName: mS-SQL-Language
+attributeId: 1.2.840.113556.1.4.1389
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: c57f72f4-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-LastBackupDate
+ldapDisplayName: mS-SQL-LastBackupDate
+attributeId: 1.2.840.113556.1.4.1398
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f2b6abca-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-LastDiagnosticDate
+ldapDisplayName: mS-SQL-LastDiagnosticDate
+attributeId: 1.2.840.113556.1.4.1399
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f6d6dd88-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-LastUpdatedDate
+ldapDisplayName: mS-SQL-LastUpdatedDate
+attributeId: 1.2.840.113556.1.4.1381
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 9fcc43d4-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Location
+ldapDisplayName: mS-SQL-Location
+attributeId: 1.2.840.113556.1.4.1366
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 561c9644-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Memory
+ldapDisplayName: mS-SQL-Memory
+attributeId: 1.2.840.113556.1.4.1367
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 5b5d448c-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-MultiProtocol
+ldapDisplayName: mS-SQL-MultiProtocol
+attributeId: 1.2.840.113556.1.4.1375
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 8157fa38-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Name
+ldapDisplayName: mS-SQL-Name
+attributeId: 1.2.840.113556.1.4.1363
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3532dfd8-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: fATTINDEX
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-NamedPipe
+ldapDisplayName: mS-SQL-NamedPipe
+attributeId: 1.2.840.113556.1.4.1374
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7b91c840-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-PublicationURL
+ldapDisplayName: mS-SQL-PublicationURL
+attributeId: 1.2.840.113556.1.4.1384
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ae0c11b8-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Publisher
+ldapDisplayName: mS-SQL-Publisher
+attributeId: 1.2.840.113556.1.4.1402
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: c1676858-d34b-11d2-999a-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-RegisteredOwner
+ldapDisplayName: mS-SQL-RegisteredOwner
+attributeId: 1.2.840.113556.1.4.1364
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 48fd44ea-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-ServiceAccount
+ldapDisplayName: mS-SQL-ServiceAccount
+attributeId: 1.2.840.113556.1.4.1369
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 64933a3e-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Size
+ldapDisplayName: mS-SQL-Size
+attributeId: 1.2.840.113556.1.4.1396
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: e9098084-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-SortOrder
+ldapDisplayName: mS-SQL-SortOrder
+attributeId: 1.2.840.113556.1.4.1371
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 6ddc42c0-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-SPX
+ldapDisplayName: mS-SQL-SPX
+attributeId: 1.2.840.113556.1.4.1376
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 86b08004-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Status
+ldapDisplayName: mS-SQL-Status
+attributeId: 1.2.840.113556.1.4.1380
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 9a7d4770-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-TCPIP
+ldapDisplayName: mS-SQL-TCPIP
+attributeId: 1.2.840.113556.1.4.1377
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 8ac263a6-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-ThirdParty
+ldapDisplayName: mS-SQL-ThirdParty
+attributeId: 1.2.840.113556.1.4.1407
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: c4e311fc-d34b-11d2-999a-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Type
+ldapDisplayName: mS-SQL-Type
+attributeId: 1.2.840.113556.1.4.1391
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ca48eba8-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-UnicodeSortOrder
+ldapDisplayName: mS-SQL-UnicodeSortOrder
+attributeId: 1.2.840.113556.1.4.1372
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 72dc918a-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Version
+ldapDisplayName: mS-SQL-Version
+attributeId: 1.2.840.113556.1.4.1388
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: c07cc1d0-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: fATTINDEX
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-Vines
+ldapDisplayName: mS-SQL-Vines
+attributeId: 1.2.840.113556.1.4.1379
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 94c56394-ccee-11d2-9993-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TAPI-Conference-Blob
+ldapDisplayName: msTAPI-ConferenceBlob
+attributeId: 1.2.840.113556.1.4.1700
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 4cc4601e-7201-4141-abc8-3e529ae88863
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TAPI-Ip-Address
+ldapDisplayName: msTAPI-IpAddress
+attributeId: 1.2.840.113556.1.4.1701
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: efd7d7f7-178e-4767-87fa-f8a16b840544
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TAPI-Protocol-Id
+ldapDisplayName: msTAPI-ProtocolId
+attributeId: 1.2.840.113556.1.4.1699
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 89c1ebcf-7a5f-41fd-99ca-c900b32299ab
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TAPI-Unique-Identifier
+ldapDisplayName: msTAPI-uid
+attributeId: 1.2.840.113556.1.4.1698
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 70a4e7ea-b3b9-4643-8918-e6dd2471bfd4
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 256
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TPM-OwnerInformation
+ldapDisplayName: msTPM-OwnerInformation
+attributeId: 1.2.840.113556.1.4.1966
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: aa4e1a6d-550d-4e05-8c35-4afcb917a9fe
+searchFlags: fPRESERVEONDELETE | fCOPY | fCONFIDENTIAL |fRODCFilteredAttribute
+rangeUpper: 128
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Allow-Logon
+ldapDisplayName: msTSAllowLogon
+attributeId: 1.2.840.113556.1.4.1979
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 3a0cd464-bc54-40e7-93ae-a646a6ecc4b4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Broken-Connection-Action
+ldapDisplayName: msTSBrokenConnectionAction
+attributeId: 1.2.840.113556.1.4.1985
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 1cf41bba-5604-463e-94d6-1a1287b72ca3
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Connect-Client-Drives
+ldapDisplayName: msTSConnectClientDrives
+attributeId: 1.2.840.113556.1.4.1986
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 23572aaf-29dd-44ea-b0fa-7e8438b9a4a3
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Connect-Printer-Drives
+ldapDisplayName: msTSConnectPrinterDrives
+attributeId: 1.2.840.113556.1.4.1987
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 8ce6a937-871b-4c92-b285-d99d4036681c
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Default-To-Main-Printer
+ldapDisplayName: msTSDefaultToMainPrinter
+attributeId: 1.2.840.113556.1.4.1988
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: c0ffe2bd-cacf-4dc7-88d5-61e9e95766f6
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Endpoint-Data
+ldapDisplayName: msTSEndpointData
+attributeId: 1.2.840.113556.1.4.2070
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 40e1c407-4344-40f3-ab43-3625a34a63a2
+systemOnly: FALSE
+rangeLower: 0
+rangeUpper: 32767
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Endpoint-Plugin
+ldapDisplayName: msTSEndpointPlugin
+attributeId: 1.2.840.113556.1.4.2072
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3c08b569-801f-4158-b17b-e363d6ae696a
+systemOnly: FALSE
+rangeLower: 0
+rangeUpper: 32767
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Endpoint-Type
+ldapDisplayName: msTSEndpointType
+attributeId: 1.2.840.113556.1.4.2071
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 377ade80-e2d8-46c5-9bcd-6d9dec93b35e
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-ExpireDate
+ldapDisplayName: msTSExpireDate
+attributeId: 1.2.840.113556.1.4.1993
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: 70004ef5-25c3-446a-97c8-996ae8566776
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: TRUE
+
+cn: MS-TS-ExpireDate2
+ldapDisplayName: msTSExpireDate2
+attributeId: 1.2.840.113556.1.4.2000
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: 54dfcf71-bc3f-4f0b-9d5a-4b2476bb8925
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: TRUE
+
+cn: MS-TS-ExpireDate3
+ldapDisplayName: msTSExpireDate3
+attributeId: 1.2.840.113556.1.4.2003
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: 41bc7f04-be72-4930-bd10-1f3439412387
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: TRUE
+
+cn: MS-TS-ExpireDate4
+ldapDisplayName: msTSExpireDate4
+attributeId: 1.2.840.113556.1.4.2006
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: 5e11dc43-204a-4faf-a008-6863621c6f5f
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: TRUE
+
+cn: ms-TS-Home-Directory
+ldapDisplayName: msTSHomeDirectory
+attributeId: 1.2.840.113556.1.4.1977
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 5d3510f0-c4e7-4122-b91f-a20add90e246
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Home-Drive
+ldapDisplayName: msTSHomeDrive
+attributeId: 1.2.840.113556.1.4.1978
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 5f0a24d9-dffa-4cd9-acbf-a0680c03731e
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Initial-Program
+ldapDisplayName: msTSInitialProgram
+attributeId: 1.2.840.113556.1.4.1990
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 9201ac6f-1d69-4dfb-802e-d95510109599
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-LicenseVersion
+ldapDisplayName: msTSLicenseVersion
+attributeId: 1.2.840.113556.1.4.1994
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 0ae94a89-372f-4df2-ae8a-c64a2bc47278
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-LicenseVersion2
+ldapDisplayName: msTSLicenseVersion2
+attributeId: 1.2.840.113556.1.4.2001
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 4b0df103-8d97-45d9-ad69-85c3080ba4e7
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 255
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-LicenseVersion3
+ldapDisplayName: msTSLicenseVersion3
+attributeId: 1.2.840.113556.1.4.2004
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f8ba8f81-4cab-4973-a3c8-3a6da62a5e31
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 255
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-LicenseVersion4
+ldapDisplayName: msTSLicenseVersion4
+attributeId: 1.2.840.113556.1.4.2007
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 70ca5d97-2304-490a-8a27-52678c8d2095
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 255
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TSLS-Property01
+ldapDisplayName: msTSLSProperty01
+attributeId: 1.2.840.113556.1.4.2009
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid: 87e53590-971d-4a52-955b-4794d15a84ae
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TSLS-Property02
+ldapDisplayName: msTSLSProperty02
+attributeId: 1.2.840.113556.1.4.2010
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 32767
+schemaIdGuid: 47c77bb0-316e-4e2f-97f1-0d4c48fca9dd
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-ManagingLS
+ldapDisplayName: msTSManagingLS
+attributeId: 1.2.840.113556.1.4.1995
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f3bcc547-85b0-432c-9ac0-304506bf2c83
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-ManagingLS2
+ldapDisplayName: msTSManagingLS2
+attributeId: 1.2.840.113556.1.4.2002
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+rangeLower: 0
+rangeUpper: 255
+schemaIdGuid: 349f0757-51bd-4fc8-9d66-3eceea8a25be
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-ManagingLS3
+ldapDisplayName: msTSManagingLS3
+attributeId: 1.2.840.113556.1.4.2005
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+rangeLower: 0
+rangeUpper: 255
+schemaIdGuid: fad5dcc1-2130-4c87-a118-75322cd67050
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-ManagingLS4
+ldapDisplayName: msTSManagingLS4
+attributeId: 1.2.840.113556.1.4.2008
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+systemOnly: FALSE
+rangeLower: 0
+rangeUpper: 255
+schemaIdGuid: f7a3b6a0-2107-4140-b306-75cb521731e5
+searchFlags: fATTINDEX
+attributeSecurityGuid: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Max-Connection-Time
+ldapDisplayName: msTSMaxConnectionTime
+attributeId: 1.2.840.113556.1.4.1982
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1d960ee2-6464-4e95-a781-e3b5cd5f9588
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Max-Disconnection-Time
+ldapDisplayName: msTSMaxDisconnectionTime
+attributeId: 1.2.840.113556.1.4.1981
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 326f7089-53d8-4784-b814-46d8535110d2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Max-Idle-Time
+ldapDisplayName: msTSMaxIdleTime
+attributeId: 1.2.840.113556.1.4.1983
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ff739e9c-6bb7-460e-b221-e250f3de0f95
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Primary-Desktop
+ldapDisplayName: msTSPrimaryDesktop
+attributeId: 1.2.840.113556.1.4.2073
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+linkID: 2170
+isSingleValued: TRUE
+schemaIdGuid: 29259694-09e4-4237-9f72-9306ebe63ab2
+omObjectClass: 1.3.12.2.1011.28.0.714
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Primary-Desktop-BL
+ldapDisplayName: msTSPrimaryDesktopBL
+attributeId: 1.2.840.113556.1.4.2074
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+linkID: 2171
+isSingleValued: FALSE
+omObjectClass: 1.3.12.2.1011.28.0.714
+schemaIdGuid: 9daadc18-40d1-4ed1-a2bf-6b9bf47d3daa
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: 17
+
+cn: ms-TS-Profile-Path
+ldapDisplayName: msTSProfilePath
+attributeId: 1.2.840.113556.1.4.1976
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: e65c30db-316c-4060-a3a0-387b083f09cd
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-Property01
+ldapDisplayName: msTSProperty01
+attributeId: 1.2.840.113556.1.4.1991
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: faaea977-9655-49d7-853d-f27bb7aaca0f
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-TS-Property02
+ldapDisplayName: msTSProperty02
+attributeId: 1.2.840.113556.1.4.1992
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 3586f6ac-51b7-4978-ab42-f936463198e7
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Reconnection-Action
+ldapDisplayName: msTSReconnectionAction
+attributeId: 1.2.840.113556.1.4.1984
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 366ed7ca-3e18-4c7f-abae-351a01e4b4f7
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Remote-Control
+ldapDisplayName: msTSRemoteControl
+attributeId: 1.2.840.113556.1.4.1980
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 15177226-8642-468b-8c48-03ddfd004982
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Secondary-Desktop-BL
+ldapDisplayName: msTSSecondaryDesktopBL
+attributeId: 1.2.840.113556.1.4.2078
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+linkID: 2173
+isSingleValued: FALSE
+schemaIdGuid: 34b107af-a00a-455a-b139-dd1a1b12d8af
+systemOnly: TRUE
+searchFlags: 0
+omObjectClass: 1.3.12.2.1011.28.0.714
+systemFlags: 17
+
+cn: ms-TS-Secondary-Desktops
+ldapDisplayName: msTSSecondaryDesktops
+attributeId: 1.2.840.113556.1.4.2075
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+linkID: 2172
+isSingleValued: FALSE
+schemaIdGuid: f63aa29a-bb31-48e1-bfab-0a6c5a1d39c2
+systemOnly: FALSE
+searchFlags: 0
+omObjectClass: 1.3.12.2.1011.28.0.714
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TS-Work-Directory
+ldapDisplayName: msTSWorkDirectory
+attributeId: 1.2.840.113556.1.4.1989
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a744f666-3d3c-4cc8-834b-9d4f6f687b8b
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Author
+ldapDisplayName: msWMI-Author
+attributeId: 1.2.840.113556.1.4.1623
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 6366c0c1-6972-4e66-b3a5-1d52ad0c0547
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: FALSE
+
+cn: ms-WMI-ChangeDate
+ldapDisplayName: msWMI-ChangeDate
+attributeId: 1.2.840.113556.1.4.1624
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f9cdf7a0-ec44-4937-a79b-cd91522b3aa8
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: FALSE
+
+cn: ms-WMI-Class
+ldapDisplayName: msWMI-Class
+attributeId: 1.2.840.113556.1.4.1676
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 90c1925f-4a24-4b07-b202-be32eb3c8b74
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-ClassDefinition
+ldapDisplayName: msWMI-ClassDefinition
+attributeId: 1.2.840.113556.1.4.1625
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2b9c0ebc-c272-45cb-99d2-4d0e691632e0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-CreationDate
+ldapDisplayName: msWMI-CreationDate
+attributeId: 1.2.840.113556.1.4.1626
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 748b0a2e-3351-4b3f-b171-2f17414ea779
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Genus
+ldapDisplayName: msWMI-Genus
+attributeId: 1.2.840.113556.1.4.1677
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 50c8673a-8f56-4614-9308-9e1340fb9af3
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-ID
+ldapDisplayName: msWMI-ID
+attributeId: 1.2.840.113556.1.4.1627
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 9339a803-94b8-47f7-9123-a853b9ff7e45
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: FALSE
+
+cn: ms-WMI-int8Default
+ldapDisplayName: msWMI-Int8Default
+attributeId: 1.2.840.113556.1.4.1632
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: f4d8085a-8c5b-4785-959b-dc585566e445
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-int8Max
+ldapDisplayName: msWMI-Int8Max
+attributeId: 1.2.840.113556.1.4.1633
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: e3d8b547-003d-4946-a32b-dc7cedc96b74
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: FALSE
+
+cn: ms-WMI-int8Min
+ldapDisplayName: msWMI-Int8Min
+attributeId: 1.2.840.113556.1.4.1634
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: ed1489d1-54cc-4066-b368-a00daa2664f1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: FALSE
+
+cn: ms-WMI-int8ValidValues
+ldapDisplayName: msWMI-Int8ValidValues
+attributeId: 1.2.840.113556.1.4.1635
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: FALSE
+schemaIdGuid: 103519a9-c002-441b-981a-b0b3e012c803
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-intDefault
+ldapDisplayName: msWMI-IntDefault
+attributeId: 1.2.840.113556.1.4.1628
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 1b0c07f8-76dd-4060-a1e1-70084619dc90
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: FALSE
+
+cn: ms-WMI-intFlags1
+ldapDisplayName: msWMI-intFlags1
+attributeId: 1.2.840.113556.1.4.1678
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 18e006b9-6445-48e3-9dcf-b5ecfbc4df8e
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-intFlags2
+ldapDisplayName: msWMI-intFlags2
+attributeId: 1.2.840.113556.1.4.1679
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 075a42c9-c55a-45b1-ac93-eb086b31f610
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-intFlags3
+ldapDisplayName: msWMI-intFlags3
+attributeId: 1.2.840.113556.1.4.1680
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: f29fa736-de09-4be4-b23a-e734c124bacc
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-intFlags4
+ldapDisplayName: msWMI-intFlags4
+attributeId: 1.2.840.113556.1.4.1681
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bd74a7ac-c493-4c9c-bdfa-5c7b119ca6b2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-intMax
+ldapDisplayName: msWMI-IntMax
+attributeId: 1.2.840.113556.1.4.1629
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: fb920c2c-f294-4426-8ac1-d24b42aa2bce
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: FALSE
+
+cn: ms-WMI-intMin
+ldapDisplayName: msWMI-IntMin
+attributeId: 1.2.840.113556.1.4.1630
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 68c2e3ba-9837-4c70-98e0-f0c33695d023
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: FALSE
+
+cn: ms-WMI-intValidValues
+ldapDisplayName: msWMI-IntValidValues
+attributeId: 1.2.840.113556.1.4.1631
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+schemaIdGuid: 6af565f6-a749-4b72-9634-3c5d47e6b4e0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Mof
+ldapDisplayName: msWMI-Mof
+attributeId: 1.2.840.113556.1.4.1638
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 6736809f-2064-443e-a145-81262b1f1366
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: FALSE
+
+cn: ms-WMI-Name
+ldapDisplayName: msWMI-Name
+attributeId: 1.2.840.113556.1.4.1639
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: c6c8ace5-7e81-42af-ad72-77412c5941c4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: FALSE
+
+cn: ms-WMI-NormalizedClass
+ldapDisplayName: msWMI-NormalizedClass
+attributeId: 1.2.840.113556.1.4.1640
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: eaba628f-eb8e-4fe9-83fc-693be695559b
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Parm1
+ldapDisplayName: msWMI-Parm1
+attributeId: 1.2.840.113556.1.4.1682
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 27e81485-b1b0-4a8b-bedd-ce19a837e26e
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Parm2
+ldapDisplayName: msWMI-Parm2
+attributeId: 1.2.840.113556.1.4.1683
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 0003508e-9c42-4a76-a8f4-38bf64bab0de
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Parm3
+ldapDisplayName: msWMI-Parm3
+attributeId: 1.2.840.113556.1.4.1684
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 45958fb6-52bd-48ce-9f9f-c2712d9f2bfc
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Parm4
+ldapDisplayName: msWMI-Parm4
+attributeId: 1.2.840.113556.1.4.1685
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3800d5a3-f1ce-4b82-a59a-1528ea795f59
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-PropertyName
+ldapDisplayName: msWMI-PropertyName
+attributeId: 1.2.840.113556.1.4.1641
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ab920883-e7f8-4d72-b4a0-c0449897509d
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Query
+ldapDisplayName: msWMI-Query
+attributeId: 1.2.840.113556.1.4.1642
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 65fff93e-35e3-45a3-85ae-876c6718297f
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+showInAdvancedViewOnly: FALSE
+
+cn: ms-WMI-QueryLanguage
+ldapDisplayName: msWMI-QueryLanguage
+attributeId: 1.2.840.113556.1.4.1643
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7d3cfa98-c17b-4254-8bd7-4de9b932a345
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-ScopeGuid
+ldapDisplayName: msWMI-ScopeGuid
+attributeId: 1.2.840.113556.1.4.1686
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 87b78d51-405f-4b7f-80ed-2bd28786f48d
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-SourceOrganization
+ldapDisplayName: msWMI-SourceOrganization
+attributeId: 1.2.840.113556.1.4.1644
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 34f7ed6c-615d-418d-aa00-549a7d7be03e
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-stringDefault
+ldapDisplayName: msWMI-StringDefault
+attributeId: 1.2.840.113556.1.4.1636
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 152e42b6-37c5-4f55-ab48-1606384a9aea
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-stringValidValues
+ldapDisplayName: msWMI-StringValidValues
+attributeId: 1.2.840.113556.1.4.1637
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 37609d31-a2bf-4b58-8f53-2b64e57a076d
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-TargetClass
+ldapDisplayName: msWMI-TargetClass
+attributeId: 1.2.840.113556.1.4.1645
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 95b6d8d6-c9e8-4661-a2bc-6a5cabc04c62
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-TargetNameSpace
+ldapDisplayName: msWMI-TargetNameSpace
+attributeId: 1.2.840.113556.1.4.1646
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 1c4ab61f-3420-44e5-849d-8b5dbf60feb7
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-TargetObject
+ldapDisplayName: msWMI-TargetObject
+attributeId: 1.2.840.113556.1.4.1647
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: c44f67a5-7de5-4a1f-92d9-662b57364b77
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-TargetPath
+ldapDisplayName: msWMI-TargetPath
+attributeId: 1.2.840.113556.1.4.1648
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 5006a79a-6bfe-4561-9f52-13cf4dd3e560
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-TargetType
+ldapDisplayName: msWMI-TargetType
+attributeId: 1.2.840.113556.1.4.1649
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ca2a281e-262b-4ff7-b419-bc123352a4e9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Must-Contain
+ldapDisplayName: mustContain
+attributeId: 1.2.840.113556.1.2.24
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: bf9679d3-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Name-Service-Flags
+ldapDisplayName: nameServiceFlags
+attributeId: 1.2.840.113556.1.4.753
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 80212840-4bdc-11d1-a9c4-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NC-Name
+ldapDisplayName: nCName
+attributeId: 1.2.840.113556.1.2.16
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: bf9679d6-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: NETBIOS-Name
+ldapDisplayName: nETBIOSName
+attributeId: 1.2.840.113556.1.4.87
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf9679d8-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 1
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: netboot-Allow-New-Clients
+ldapDisplayName: netbootAllowNewClients
+attributeId: 1.2.840.113556.1.4.849
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 07383076-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-Answer-Only-Valid-Clients
+ldapDisplayName: netbootAnswerOnlyValidClients
+attributeId: 1.2.840.113556.1.4.854
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 0738307b-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-Answer-Requests
+ldapDisplayName: netbootAnswerRequests
+attributeId: 1.2.840.113556.1.4.853
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 0738307a-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-Current-Client-Count
+ldapDisplayName: netbootCurrentClientCount
+attributeId: 1.2.840.113556.1.4.852
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 07383079-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Netboot-GUID
+ldapDisplayName: netbootGUID
+attributeId: 1.2.840.113556.1.4.359
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 3e978921-8c01-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 16
+rangeUpper: 16
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Netboot-Initialization
+ldapDisplayName: netbootInitialization
+attributeId: 1.2.840.113556.1.4.358
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3e978920-8c01-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-IntelliMirror-OSes
+ldapDisplayName: netbootIntelliMirrorOSes
+attributeId: 1.2.840.113556.1.4.857
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0738307e-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-Limit-Clients
+ldapDisplayName: netbootLimitClients
+attributeId: 1.2.840.113556.1.4.850
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 07383077-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-Locally-Installed-OSes
+ldapDisplayName: netbootLocallyInstalledOSes
+attributeId: 1.2.840.113556.1.4.859
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 07383080-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Netboot-Machine-File-Path
+ldapDisplayName: netbootMachineFilePath
+attributeId: 1.2.840.113556.1.4.361
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3e978923-8c01-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-Max-Clients
+ldapDisplayName: netbootMaxClients
+attributeId: 1.2.840.113556.1.4.851
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 07383078-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Netboot-Mirror-Data-File
+ldapDisplayName: netbootMirrorDataFile
+attributeId: 1.2.840.113556.1.4.1241
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 2df90d85-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-New-Machine-Naming-Policy
+ldapDisplayName: netbootNewMachineNamingPolicy
+attributeId: 1.2.840.113556.1.4.855
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0738307c-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-New-Machine-OU
+ldapDisplayName: netbootNewMachineOU
+attributeId: 1.2.840.113556.1.4.856
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 0738307d-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-SCP-BL
+ldapDisplayName: netbootSCPBL
+attributeId: 1.2.840.113556.1.4.864
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 07383082-91df-11d1-aebc-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 101
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: netboot-Server
+ldapDisplayName: netbootServer
+attributeId: 1.2.840.113556.1.4.860
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 07383081-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 100
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Netboot-SIF-File
+ldapDisplayName: netbootSIFFile
+attributeId: 1.2.840.113556.1.4.1240
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 2df90d84-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: netboot-Tools
+ldapDisplayName: netbootTools
+attributeId: 1.2.840.113556.1.4.858
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0738307f-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Network-Address
+ldapDisplayName: networkAddress
+attributeId: 1.2.840.113556.1.2.459
+attributeSyntax: 2.5.5.4
+omSyntax: 20
+isSingleValued: FALSE
+schemaIdGuid: bf9679d9-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 256
+mapiID: 33136
+
+cn: Next-Level-Store
+ldapDisplayName: nextLevelStore
+attributeId: 1.2.840.113556.1.4.214
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: bf9679da-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Next-Rid
+ldapDisplayName: nextRid
+attributeId: 1.2.840.113556.1.4.88
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf9679db-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: NisMapEntry
+ldapDisplayName: nisMapEntry
+attributeId: 1.3.6.1.1.1.1.27
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: 4a95216e-fcc0-402e-b57f-5971626148a9
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: NisMapName
+ldapDisplayName: nisMapName
+attributeId: 1.3.6.1.1.1.1.26
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: 969d3c79-0e9a-4d95-b0ac-bdde7ff8f3a1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+
+cn: NisNetgroupTriple
+ldapDisplayName: nisNetgroupTriple
+attributeId: 1.3.6.1.1.1.1.14
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: a8032e74-30ef-4ff5-affc-0fc217783fec
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 153600
+
+cn: Non-Security-Member
+ldapDisplayName: nonSecurityMember
+attributeId: 1.2.840.113556.1.4.530
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 52458018-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 50
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Non-Security-Member-BL
+ldapDisplayName: nonSecurityMemberBL
+attributeId: 1.2.840.113556.1.4.531
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 52458019-ca6a-11d0-afff-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 51
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: Notification-List
+ldapDisplayName: notificationList
+attributeId: 1.2.840.113556.1.4.303
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 19195a56-6da0-11d0-afd3-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NT-Group-Members
+ldapDisplayName: nTGroupMembers
+attributeId: 1.2.840.113556.1.4.89
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf9679df-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NT-Mixed-Domain
+ldapDisplayName: nTMixedDomain
+attributeId: 1.2.840.113556.1.4.357
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 3e97891f-8c01-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Nt-Pwd-History
+ldapDisplayName: ntPwdHistory
+attributeId: 1.2.840.113556.1.4.94
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf9679e2-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: NT-Security-Descriptor
+ldapDisplayName: nTSecurityDescriptor
+attributeId: 1.2.840.113556.1.2.281
+attributeSyntax: 2.5.5.15
+omSyntax: 66
+isSingleValued: TRUE
+schemaIdGuid: bf9679e3-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fPRESERVEONDELETE
+rangeLower: 0
+rangeUpper: 132096
+mapiID: 32787
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_OPERATIONAL |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Obj-Dist-Name
+ldapDisplayName: distinguishedName
+attributeId: 2.5.4.49
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: bf9679e4-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags:fPRESERVEONDELETE
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 32828
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Object-Category
+ldapDisplayName: objectCategory
+attributeId: 1.2.840.113556.1.4.782
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 26d97369-6070-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Object-Class
+ldapDisplayName: objectClass
+attributeId: 2.5.4.0
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: bf9679e5-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fATTINDEX | fPRESERVEONDELETE
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Object-Class-Category
+ldapDisplayName: objectClassCategory
+attributeId: 1.2.840.113556.1.2.370
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+schemaIdGuid: bf9679e6-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 3
+mapiID: 33014
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Object-Classes
+ldapDisplayName: objectClasses
+attributeId: 2.5.21.6
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad94b-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Object-Count
+ldapDisplayName: objectCount
+attributeId: 1.2.840.113556.1.4.506
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 34aaa216-b699-11d0-afee-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Object-Guid
+ldapDisplayName: objectGUID
+attributeId: 1.2.840.113556.1.4.2
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf9679e7-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE | fATTINDEX
+rangeLower: 16
+rangeUpper: 16
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 35949
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Object-Sid
+ldapDisplayName: objectSid
+attributeId: 1.2.840.113556.1.4.146
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf9679e8-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE | fATTINDEX
+rangeLower: 0
+rangeUpper: 28
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+mapiID: 32807
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Object-Version
+ldapDisplayName: objectVersion
+attributeId: 1.2.840.113556.1.2.76
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 16775848-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33015
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: OEM-Information
+ldapDisplayName: oEMInformation
+attributeId: 1.2.840.113556.1.4.151
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf9679ea-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+attributeSecurityGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: OM-Object-Class
+ldapDisplayName: oMObjectClass
+attributeId: 1.2.840.113556.1.2.218
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf9679ec-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 33021
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: OM-Syntax
+ldapDisplayName: oMSyntax
+attributeId: 1.2.840.113556.1.2.231
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf9679ed-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE
+mapiID: 33022
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: OMT-Guid
+ldapDisplayName: oMTGuid
+attributeId: 1.2.840.113556.1.4.505
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: ddac0cf3-af8f-11d0-afeb-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: OMT-Indx-Guid
+ldapDisplayName: oMTIndxGuid
+attributeId: 1.2.840.113556.1.4.333
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 1f0075fa-7e40-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: OncRpcNumber
+ldapDisplayName: oncRpcNumber
+attributeId: 1.3.6.1.1.1.1.18
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 966825f5-01d9-4a5c-a011-d15ae84efa55
+systemOnly: FALSE
+searchFlags: 0
+
+cn: Operating-System
+ldapDisplayName: operatingSystem
+attributeId: 1.2.840.113556.1.4.363
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3e978925-8c01-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Operating-System-Hotfix
+ldapDisplayName: operatingSystemHotfix
+attributeId: 1.2.840.113556.1.4.415
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bd951b3c-9c96-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Operating-System-Service-Pack
+ldapDisplayName: operatingSystemServicePack
+attributeId: 1.2.840.113556.1.4.365
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3e978927-8c01-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Operating-System-Version
+ldapDisplayName: operatingSystemVersion
+attributeId: 1.2.840.113556.1.4.364
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3e978926-8c01-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Operator-Count
+ldapDisplayName: operatorCount
+attributeId: 1.2.840.113556.1.4.144
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf9679ee-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Option-Description
+ldapDisplayName: optionDescription
+attributeId: 1.2.840.113556.1.4.712
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 963d274d-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Options
+ldapDisplayName: options
+attributeId: 1.2.840.113556.1.4.307
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 19195a53-6da0-11d0-afd3-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Options-Location
+ldapDisplayName: optionsLocation
+attributeId: 1.2.840.113556.1.4.713
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: 963d274e-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: organizationalStatus
+ldapDisplayName: organizationalStatus
+attributeId: 0.9.2342.19200300.100.1.45
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 28596019-7349-4d2f-adff-5a629961f942
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: Organizational-Unit-Name
+ldapDisplayName: ou
+attributeId: 2.5.4.11
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf9679f0-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 33026
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Organization-Name
+ldapDisplayName: o
+attributeId: 2.5.4.10
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf9679ef-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 33025
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Original-Display-Table
+ldapDisplayName: originalDisplayTable
+attributeId: 1.2.840.113556.1.2.445
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5fd424ce-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+mapiID: 33027
+
+cn: Original-Display-Table-MSDOS
+ldapDisplayName: originalDisplayTableMSDOS
+attributeId: 1.2.840.113556.1.2.214
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5fd424cf-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+mapiID: 33028
+
+cn: Other-Login-Workstations
+ldapDisplayName: otherLoginWorkstations
+attributeId: 1.2.840.113556.1.4.91
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf9679f1-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 0
+rangeUpper: 1024
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Other-Mailbox
+ldapDisplayName: otherMailbox
+attributeId: 1.2.840.113556.1.4.651
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0296c123-40da-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+
+cn: Other-Name
+ldapDisplayName: middleName
+attributeId: 2.16.840.1.113730.3.1.34
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf9679f2-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 64
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Other-Well-Known-Objects
+ldapDisplayName: otherWellKnownObjects
+attributeId: 1.2.840.113556.1.4.1359
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+isSingleValued: FALSE
+schemaIdGuid: 1ea64e5d-ac0f-11d2-90df-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Owner
+ldapDisplayName: owner
+attributeId: 2.5.4.32
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: bf9679f3-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+linkID: 44
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Package-Flags
+ldapDisplayName: packageFlags
+attributeId: 1.2.840.113556.1.4.327
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7d6c0e99-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Package-Name
+ldapDisplayName: packageName
+attributeId: 1.2.840.113556.1.4.326
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7d6c0e98-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Package-Type
+ldapDisplayName: packageType
+attributeId: 1.2.840.113556.1.4.324
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7d6c0e96-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Parent-CA
+ldapDisplayName: parentCA
+attributeId: 1.2.840.113556.1.4.557
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 5245801b-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Parent-CA-Certificate-Chain
+ldapDisplayName: parentCACertificateChain
+attributeId: 1.2.840.113556.1.4.685
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 963d2733-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Parent-GUID
+ldapDisplayName: parentGUID
+attributeId: 1.2.840.113556.1.4.1224
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 2df90d74-009f-11d2-aa4c-00c04fd7d83a
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Partial-Attribute-Deletion-List
+ldapDisplayName: partialAttributeDeletionList
+attributeId: 1.2.840.113556.1.4.663
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 28630ec0-41d5-11d1-a9c1-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Partial-Attribute-Set
+ldapDisplayName: partialAttributeSet
+attributeId: 1.2.840.113556.1.4.640
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 19405b9e-3cfa-11d1-a9c0-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Pek-Key-Change-Interval
+ldapDisplayName: pekKeyChangeInterval
+attributeId: 1.2.840.113556.1.4.866
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 07383084-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Pek-List
+ldapDisplayName: pekList
+attributeId: 1.2.840.113556.1.4.865
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 07383083-91df-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Pending-CA-Certificates
+ldapDisplayName: pendingCACertificates
+attributeId: 1.2.840.113556.1.4.693
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 963d273c-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Pending-Parent-CA
+ldapDisplayName: pendingParentCA
+attributeId: 1.2.840.113556.1.4.695
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 963d273e-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Per-Msg-Dialog-Display-Table
+ldapDisplayName: perMsgDialogDisplayTable
+attributeId: 1.2.840.113556.1.2.325
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5fd424d3-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+mapiID: 33032
+
+cn: Per-Recip-Dialog-Display-Table
+ldapDisplayName: perRecipDialogDisplayTable
+attributeId: 1.2.840.113556.1.2.326
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 5fd424d4-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32768
+mapiID: 33033
+
+cn: Personal-Title
+ldapDisplayName: personalTitle
+attributeId: 1.2.840.113556.1.2.615
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 16775858-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 35947
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-Fax-Other
+ldapDisplayName: otherFacsimileTelephoneNumber
+attributeId: 1.2.840.113556.1.4.646
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0296c11d-40da-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-Home-Other
+ldapDisplayName: otherHomePhone
+attributeId: 1.2.840.113556.1.2.277
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f0f8ffa2-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14895
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-Home-Primary
+ldapDisplayName: homePhone
+attributeId: 0.9.2342.19200300.100.1.20
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f0f8ffa1-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14857
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-Ip-Other
+ldapDisplayName: otherIpPhone
+attributeId: 1.2.840.113556.1.4.722
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 4d146e4b-48d4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-Ip-Primary
+ldapDisplayName: ipPhone
+attributeId: 1.2.840.113556.1.4.721
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 4d146e4a-48d4-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-ISDN-Primary
+ldapDisplayName: primaryInternationalISDNNumber
+attributeId: 1.2.840.113556.1.4.649
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 0296c11f-40da-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-Mobile-Other
+ldapDisplayName: otherMobile
+attributeId: 1.2.840.113556.1.4.647
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0296c11e-40da-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-Mobile-Primary
+ldapDisplayName: mobile
+attributeId: 0.9.2342.19200300.100.1.41
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f0f8ffa3-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14876
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-Office-Other
+ldapDisplayName: otherTelephone
+attributeId: 1.2.840.113556.1.2.18
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f0f8ffa5-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14875
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-Pager-Other
+ldapDisplayName: otherPager
+attributeId: 1.2.840.113556.1.2.118
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f0f8ffa4-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 35950
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Phone-Pager-Primary
+ldapDisplayName: pager
+attributeId: 0.9.2342.19200300.100.1.42
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f0f8ffa6-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14881
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: photo
+ldapDisplayName: photo
+attributeId: 0.9.2342.19200300.100.1.7
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 9c979768-ba1a-4c08-9632-c6a5c1ed649a
+systemOnly: FALSE
+searchFlags: 0
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+cn: Physical-Delivery-Office-Name
+ldapDisplayName: physicalDeliveryOfficeName
+attributeId: 2.5.4.19
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf9679f7-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fANR | fATTINDEX
+rangeLower: 1
+rangeUpper: 128
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14873
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Physical-Location-Object
+ldapDisplayName: physicalLocationObject
+attributeId: 1.2.840.113556.1.4.514
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: b7b13119-b82e-11d0-afee-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Picture
+ldapDisplayName: thumbnailPhoto
+attributeId: 2.16.840.1.113730.3.1.35
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 8d3bca50-1d7e-11d0-a081-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 102400
+mapiId: 35998
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Critical-Extensions
+ldapDisplayName: pKICriticalExtensions
+attributeId: 1.2.840.113556.1.4.1330
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: fc5a9106-3b9d-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Default-CSPs
+ldapDisplayName: pKIDefaultCSPs
+attributeId: 1.2.840.113556.1.4.1334
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 1ef6336e-3b9e-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Default-Key-Spec
+ldapDisplayName: pKIDefaultKeySpec
+attributeId: 1.2.840.113556.1.4.1327
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 426cae6e-3b9d-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Enrollment-Access
+ldapDisplayName: pKIEnrollmentAccess
+attributeId: 1.2.840.113556.1.4.1335
+attributeSyntax: 2.5.5.15
+omSyntax: 66
+isSingleValued: FALSE
+schemaIdGuid: 926be278-56f9-11d2-90d0-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Expiration-Period
+ldapDisplayName: pKIExpirationPeriod
+attributeId: 1.2.840.113556.1.4.1331
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 041570d2-3b9e-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Extended-Key-Usage
+ldapDisplayName: pKIExtendedKeyUsage
+attributeId: 1.2.840.113556.1.4.1333
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 18976af6-3b9e-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Key-Usage
+ldapDisplayName: pKIKeyUsage
+attributeId: 1.2.840.113556.1.4.1328
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: e9b0a87e-3b9d-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Max-Issuing-Depth
+ldapDisplayName: pKIMaxIssuingDepth
+attributeId: 1.2.840.113556.1.4.1329
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: f0bfdefa-3b9d-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Overlap-Period
+ldapDisplayName: pKIOverlapPeriod
+attributeId: 1.2.840.113556.1.4.1332
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 1219a3ec-3b9e-11d2-90cc-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKT
+ldapDisplayName: pKT
+attributeId: 1.2.840.113556.1.4.206
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 8447f9f1-1027-11d0-a05f-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 10485760
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKT-Guid
+ldapDisplayName: pKTGuid
+attributeId: 1.2.840.113556.1.4.205
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 8447f9f0-1027-11d0-a05f-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Policy-Replication-Flags
+ldapDisplayName: policyReplicationFlags
+attributeId: 1.2.840.113556.1.4.633
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 19405b96-3cfa-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Port-Name
+ldapDisplayName: portName
+attributeId: 1.2.840.113556.1.4.228
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 281416c4-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Possible-Inferiors
+ldapDisplayName: possibleInferiors
+attributeId: 1.2.840.113556.1.4.915
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad94c-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Poss-Superiors
+ldapDisplayName: possSuperiors
+attributeId: 1.2.840.113556.1.2.8
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: bf9679fa-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Postal-Address
+ldapDisplayName: postalAddress
+attributeId: 2.5.4.16
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf9679fc-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 4096
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 33036
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Postal-Code
+ldapDisplayName: postalCode
+attributeId: 2.5.4.17
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf9679fd-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 40
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14890
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Post-Office-Box
+ldapDisplayName: postOfficeBox
+attributeId: 2.5.4.18
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf9679fb-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 40
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14891
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Preferred-Delivery-Method
+ldapDisplayName: preferredDeliveryMethod
+attributeId: 2.5.4.28
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: FALSE
+schemaIdGuid: bf9679fe-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 33037
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: preferredLanguage
+ldapDisplayName: preferredLanguage
+attributeId: 2.16.840.1.113730.3.1.39
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 856be0d0-18e7-46e1-8f5f-7ee4d9020e0d
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: 0
+
+cn: Preferred-OU
+ldapDisplayName: preferredOU
+attributeId: 1.2.840.113556.1.4.97
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: bf9679ff-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Prefix-Map
+ldapDisplayName: prefixMap
+attributeId: 1.2.840.113556.1.4.538
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 52458022-ca6a-11d0-afff-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Presentation-Address
+ldapDisplayName: presentationAddress
+attributeId: 2.5.4.29
+attributeSyntax: 2.5.5.13
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.732
+isSingleValued: TRUE
+schemaIdGuid: a8df744b-c5ea-11d1-bbcb-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Previous-CA-Certificates
+ldapDisplayName: previousCACertificates
+attributeId: 1.2.840.113556.1.4.692
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 963d2739-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Previous-Parent-CA
+ldapDisplayName: previousParentCA
+attributeId: 1.2.840.113556.1.4.694
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 963d273d-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Primary-Group-ID
+ldapDisplayName: primaryGroupID
+attributeId: 1.2.840.113556.1.4.98
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a00-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY| fATTINDEX
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Primary-Group-Token
+ldapDisplayName: primaryGroupToken
+attributeId: 1.2.840.113556.1.4.1412
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: c0ed8738-7efd-4481-84d9-66d2db8be369
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Print-Attributes
+ldapDisplayName: printAttributes
+attributeId: 1.2.840.113556.1.4.247
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 281416d7-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Bin-Names
+ldapDisplayName: printBinNames
+attributeId: 1.2.840.113556.1.4.237
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 281416cd-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Collate
+ldapDisplayName: printCollate
+attributeId: 1.2.840.113556.1.4.242
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 281416d2-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Color
+ldapDisplayName: printColor
+attributeId: 1.2.840.113556.1.4.243
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 281416d3-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Duplex-Supported
+ldapDisplayName: printDuplexSupported
+attributeId: 1.2.840.113556.1.4.1311
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 281416cc-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-End-Time
+ldapDisplayName: printEndTime
+attributeId: 1.2.840.113556.1.4.234
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 281416ca-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Printer-Name
+ldapDisplayName: printerName
+attributeId: 1.2.840.113556.1.4.300
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 244b296e-5abd-11d0-afd2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Form-Name
+ldapDisplayName: printFormName
+attributeId: 1.2.840.113556.1.4.235
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 281416cb-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Keep-Printed-Jobs
+ldapDisplayName: printKeepPrintedJobs
+attributeId: 1.2.840.113556.1.4.275
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: ba305f6d-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Language
+ldapDisplayName: printLanguage
+attributeId: 1.2.840.113556.1.4.246
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 281416d6-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-MAC-Address
+ldapDisplayName: printMACAddress
+attributeId: 1.2.840.113556.1.4.288
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ba305f7a-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Max-Copies
+ldapDisplayName: printMaxCopies
+attributeId: 1.2.840.113556.1.4.241
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 281416d1-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Max-Resolution-Supported
+ldapDisplayName: printMaxResolutionSupported
+attributeId: 1.2.840.113556.1.4.238
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 281416cf-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Max-X-Extent
+ldapDisplayName: printMaxXExtent
+attributeId: 1.2.840.113556.1.4.277
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ba305f6f-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Max-Y-Extent
+ldapDisplayName: printMaxYExtent
+attributeId: 1.2.840.113556.1.4.278
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ba305f70-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Media-Ready
+ldapDisplayName: printMediaReady
+attributeId: 1.2.840.113556.1.4.289
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 3bcbfcf5-4d3d-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Media-Supported
+ldapDisplayName: printMediaSupported
+attributeId: 1.2.840.113556.1.4.299
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 244b296f-5abd-11d0-afd2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Memory
+ldapDisplayName: printMemory
+attributeId: 1.2.840.113556.1.4.282
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ba305f74-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Min-X-Extent
+ldapDisplayName: printMinXExtent
+attributeId: 1.2.840.113556.1.4.279
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ba305f71-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Min-Y-Extent
+ldapDisplayName: printMinYExtent
+attributeId: 1.2.840.113556.1.4.280
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ba305f72-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Network-Address
+ldapDisplayName: printNetworkAddress
+attributeId: 1.2.840.113556.1.4.287
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ba305f79-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Notify
+ldapDisplayName: printNotify
+attributeId: 1.2.840.113556.1.4.272
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ba305f6a-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Number-Up
+ldapDisplayName: printNumberUp
+attributeId: 1.2.840.113556.1.4.290
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 3bcbfcf4-4d3d-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Orientations-Supported
+ldapDisplayName: printOrientationsSupported
+attributeId: 1.2.840.113556.1.4.240
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 281416d0-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Owner
+ldapDisplayName: printOwner
+attributeId: 1.2.840.113556.1.4.271
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ba305f69-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Pages-Per-Minute
+ldapDisplayName: printPagesPerMinute
+attributeId: 1.2.840.113556.1.4.631
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 19405b97-3cfa-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Rate
+ldapDisplayName: printRate
+attributeId: 1.2.840.113556.1.4.285
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ba305f77-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Rate-Unit
+ldapDisplayName: printRateUnit
+attributeId: 1.2.840.113556.1.4.286
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ba305f78-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Separator-File
+ldapDisplayName: printSeparatorFile
+attributeId: 1.2.840.113556.1.4.230
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 281416c6-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Share-Name
+ldapDisplayName: printShareName
+attributeId: 1.2.840.113556.1.4.270
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: ba305f68-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Spooling
+ldapDisplayName: printSpooling
+attributeId: 1.2.840.113556.1.4.274
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ba305f6c-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Stapling-Supported
+ldapDisplayName: printStaplingSupported
+attributeId: 1.2.840.113556.1.4.281
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: ba305f73-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Start-Time
+ldapDisplayName: printStartTime
+attributeId: 1.2.840.113556.1.4.233
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 281416c9-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Print-Status
+ldapDisplayName: printStatus
+attributeId: 1.2.840.113556.1.4.273
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: ba305f6b-47e3-11d0-a1a6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Priority
+ldapDisplayName: priority
+attributeId: 1.2.840.113556.1.4.231
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 281416c7-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Prior-Set-Time
+ldapDisplayName: priorSetTime
+attributeId: 1.2.840.113556.1.4.99
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967a01-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Prior-Value
+ldapDisplayName: priorValue
+attributeId: 1.2.840.113556.1.4.100
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967a02-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Private-Key
+ldapDisplayName: privateKey
+attributeId: 1.2.840.113556.1.4.101
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967a03-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Privilege-Attributes
+ldapDisplayName: privilegeAttributes
+attributeId: 1.2.840.113556.1.4.636
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 19405b9a-3cfa-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Privilege-Display-Name
+ldapDisplayName: privilegeDisplayName
+attributeId: 1.2.840.113556.1.4.634
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 19405b98-3cfa-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Privilege-Holder
+ldapDisplayName: privilegeHolder
+attributeId: 1.2.840.113556.1.4.637
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 19405b9b-3cfa-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 70
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Privilege-Value
+ldapDisplayName: privilegeValue
+attributeId: 1.2.840.113556.1.4.635
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 19405b99-3cfa-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Product-Code
+ldapDisplayName: productCode
+attributeId: 1.2.840.113556.1.4.818
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: d9e18317-8939-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Profile-Path
+ldapDisplayName: profilePath
+attributeId: 1.2.840.113556.1.4.139
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a05-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Proxied-Object-Name
+ldapDisplayName: proxiedObjectName
+attributeId: 1.2.840.113556.1.4.1249
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+isSingleValued: TRUE
+schemaIdGuid: e1aea402-cd5b-11d0-afff-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Proxy-Addresses
+ldapDisplayName: proxyAddresses
+attributeId: 1.2.840.113556.1.2.210
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf967a06-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fANR | fATTINDEX
+rangeLower: 1
+rangeUpper: 1123
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 32783
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Proxy-Generation-Enabled
+ldapDisplayName: proxyGenerationEnabled
+attributeId: 1.2.840.113556.1.2.523
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 5fd424d6-1262-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33201
+
+cn: Proxy-Lifetime
+ldapDisplayName: proxyLifetime
+attributeId: 1.2.840.113556.1.4.103
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967a07-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Public-Key-Policy
+ldapDisplayName: publicKeyPolicy
+attributeId: 1.2.840.113556.1.4.420
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 80a67e28-9f22-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: a29b89fd-c7e8-11d0-9bae-00c04fd92ef5
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Purported-Search
+ldapDisplayName: purportedSearch
+attributeId: 1.2.840.113556.1.4.886
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b4b54e50-943a-11d1-aebd-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 2048
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Pwd-History-Length
+ldapDisplayName: pwdHistoryLength
+attributeId: 1.2.840.113556.1.4.95
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a09-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 65535
+attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Pwd-Last-Set
+ldapDisplayName: pwdLastSet
+attributeId: 1.2.840.113556.1.4.96
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967a0a-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 4c164200-20c0-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Pwd-Properties
+ldapDisplayName: pwdProperties
+attributeId: 1.2.840.113556.1.4.93
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a0b-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: c7407360-20bf-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Quality-Of-Service
+ldapDisplayName: qualityOfService
+attributeId: 1.2.840.113556.1.4.458
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 80a67e4e-9f22-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: a29b8a01-c7e8-11d0-9bae-00c04fd92ef5
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Query-Filter
+ldapDisplayName: queryFilter
+attributeId: 1.2.840.113556.1.4.1355
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: cbf70a26-7e78-11d2-9921-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: QueryPoint
+ldapDisplayName: queryPoint
+attributeId: 1.2.840.113556.1.4.680
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7bfdcb86-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Query-Policy-BL
+ldapDisplayName: queryPolicyBL
+attributeId: 1.2.840.113556.1.4.608
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: e1aea404-cd5b-11d0-afff-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 69
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: Query-Policy-Object
+ldapDisplayName: queryPolicyObject
+attributeId: 1.2.840.113556.1.4.607
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: e1aea403-cd5b-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 68
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Range-Lower
+ldapDisplayName: rangeLower
+attributeId: 1.2.840.113556.1.2.34
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a0c-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33043
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Range-Upper
+ldapDisplayName: rangeUpper
+attributeId: 1.2.840.113556.1.2.35
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a0d-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33044
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: RDN
+ldapDisplayName: name
+attributeId: 1.2.840.113556.1.4.1
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a0e-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE| fANR | fATTINDEX
+rangeLower: 1
+rangeUpper: 255
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 33282
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: RDN-Att-ID
+ldapDisplayName: rDNAttID
+attributeId: 1.2.840.113556.1.2.26
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: TRUE
+schemaIdGuid: bf967a0f-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Registered-Address
+ldapDisplayName: registeredAddress
+attributeId: 2.5.4.26
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967a10-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 4096
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 33049
+
+cn: Remote-Server-Name
+ldapDisplayName: remoteServerName
+attributeId: 1.2.840.113556.1.4.105
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf967a12-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Remote-Source
+ldapDisplayName: remoteSource
+attributeId: 1.2.840.113556.1.4.107
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a14-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 1024
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Remote-Source-Type
+ldapDisplayName: remoteSourceType
+attributeId: 1.2.840.113556.1.4.108
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a15-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Remote-Storage-GUID
+ldapDisplayName: remoteStorageGUID
+attributeId: 1.2.840.113556.1.4.809
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2a39c5b0-8960-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Replica-Source
+ldapDisplayName: replicaSource
+attributeId: 1.2.840.113556.1.4.109
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a18-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Repl-Interval
+ldapDisplayName: replInterval
+attributeId: 1.2.840.113556.1.4.1336
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 45ba9d1a-56fa-11d2-90d0-00c04fd91ab1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Repl-Property-Meta-Data
+ldapDisplayName: replPropertyMetaData
+attributeId: 1.2.840.113556.1.4.3
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 281416c0-1968-11d0-a28f-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_OPERATIONAL |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Repl-Topology-Stay-Of-Execution
+ldapDisplayName: replTopologyStayOfExecution
+attributeId: 1.2.840.113556.1.4.677
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7bfdcb83-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Repl-UpToDate-Vector
+ldapDisplayName: replUpToDateVector
+attributeId: 1.2.840.113556.1.4.4
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967a16-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Reports
+ldapDisplayName: directReports
+attributeId: 1.2.840.113556.1.2.436
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: bf967a1c-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+linkID: 43
+mapiID: 32782
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: Reps-From
+ldapDisplayName: repsFrom
+attributeId: 1.2.840.113556.1.2.91
+attributeSyntax: 2.5.5.10
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.6
+isSingleValued: FALSE
+schemaIdGuid: bf967a1d-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Reps-To
+ldapDisplayName: repsTo
+attributeId: 1.2.840.113556.1.2.83
+attributeSyntax: 2.5.5.10
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.6
+isSingleValued: FALSE
+schemaIdGuid: bf967a1e-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Required-Categories
+ldapDisplayName: requiredCategories
+attributeId: 1.2.840.113556.1.4.321
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 7d6c0e93-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Retired-Repl-DSA-Signatures
+ldapDisplayName: retiredReplDSASignatures
+attributeId: 1.2.840.113556.1.4.673
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 7bfdcb7f-4807-11d1-a9c3-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Revision
+ldapDisplayName: revision
+attributeId: 1.2.840.113556.1.4.145
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a21-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Rid
+ldapDisplayName: rid
+attributeId: 1.2.840.113556.1.4.153
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a22-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: RID-Allocation-Pool
+ldapDisplayName: rIDAllocationPool
+attributeId: 1.2.840.113556.1.4.371
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 66171889-8f3c-11d0-afda-00c04fd930c9
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: RID-Available-Pool
+ldapDisplayName: rIDAvailablePool
+attributeId: 1.2.840.113556.1.4.370
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 66171888-8f3c-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: RID-Manager-Reference
+ldapDisplayName: rIDManagerReference
+attributeId: 1.2.840.113556.1.4.368
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 66171886-8f3c-11d0-afda-00c04fd930c9
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: RID-Next-RID
+ldapDisplayName: rIDNextRID
+attributeId: 1.2.840.113556.1.4.374
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 6617188c-8f3c-11d0-afda-00c04fd930c9
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: RID-Previous-Allocation-Pool
+ldapDisplayName: rIDPreviousAllocationPool
+attributeId: 1.2.840.113556.1.4.372
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 6617188a-8f3c-11d0-afda-00c04fd930c9
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: RID-Set-References
+ldapDisplayName: rIDSetReferences
+attributeId: 1.2.840.113556.1.4.669
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 7bfdcb7b-4807-11d1-a9c3-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: RID-Used-Pool
+ldapDisplayName: rIDUsedPool
+attributeId: 1.2.840.113556.1.4.373
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 6617188b-8f3c-11d0-afda-00c04fd930c9
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Rights-Guid
+ldapDisplayName: rightsGuid
+attributeId: 1.2.840.113556.1.4.340
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 8297931c-86d3-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 36
+rangeUpper: 36
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Role-Occupant
+ldapDisplayName: roleOccupant
+attributeId: 2.5.4.33
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: a8df7465-c5ea-11d1-bbcb-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33061
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: roomNumber
+ldapDisplayName: roomNumber
+attributeId: 0.9.2342.19200300.100.1.6
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 81d7f8c2-e327-4a0d-91c6-b42d4009115f
+systemOnly: FALSE
+searchFlags: 0
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+cn: Root-Trust
+ldapDisplayName: rootTrust
+attributeId: 1.2.840.113556.1.4.674
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 7bfdcb80-4807-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: rpc-Ns-Annotation
+ldapDisplayName: rpcNsAnnotation
+attributeId: 1.2.840.113556.1.4.366
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 88611bde-8cf4-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Ns-Bindings
+ldapDisplayName: rpcNsBindings
+attributeId: 1.2.840.113556.1.4.113
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf967a23-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Ns-Codeset
+ldapDisplayName: rpcNsCodeset
+attributeId: 1.2.840.113556.1.4.367
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 7a0ba0e0-8e98-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Ns-Entry-Flags
+ldapDisplayName: rpcNsEntryFlags
+attributeId: 1.2.840.113556.1.4.754
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 80212841-4bdc-11d1-a9c4-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Ns-Group
+ldapDisplayName: rpcNsGroup
+attributeId: 1.2.840.113556.1.4.114
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: bf967a24-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Ns-Interface-ID
+ldapDisplayName: rpcNsInterfaceID
+attributeId: 1.2.840.113556.1.4.115
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a25-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Ns-Object-ID
+ldapDisplayName: rpcNsObjectID
+attributeId: 1.2.840.113556.1.4.312
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 29401c48-7a27-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Ns-Priority
+ldapDisplayName: rpcNsPriority
+attributeId: 1.2.840.113556.1.4.117
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+schemaIdGuid: bf967a27-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Ns-Profile-Entry
+ldapDisplayName: rpcNsProfileEntry
+attributeId: 1.2.840.113556.1.4.118
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a28-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Ns-Transfer-Syntax
+ldapDisplayName: rpcNsTransferSyntax
+attributeId: 1.2.840.113556.1.4.314
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 29401c4a-7a27-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: SAM-Account-Name
+ldapDisplayName: sAMAccountName
+attributeId: 1.2.840.113556.1.4.221
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 3e0abfd0-126a-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: fPRESERVEONDELETE| fANR | fATTINDEX
+rangeLower: 0
+rangeUpper: 256
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: SAM-Account-Type
+ldapDisplayName: sAMAccountType
+attributeId: 1.2.840.113556.1.4.302
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 6e7b626c-64f2-11d0-afd2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: SAM-Domain-Updates
+ldapDisplayName: samDomainUpdates
+attributeId: 1.2.840.113556.1.4.1969
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 04d2d114-f799-4e9b-bcdc-90e8f5ba7ebe
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 1024
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Schedule
+ldapDisplayName: schedule
+attributeId: 1.2.840.113556.1.4.211
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: dd712224-10e4-11d0-a05f-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Schema-Flags-Ex
+ldapDisplayName: schemaFlagsEx
+attributeId: 1.2.840.113556.1.4.120
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a2b-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Schema-ID-GUID
+ldapDisplayName: schemaIDGUID
+attributeId: 1.2.840.113556.1.4.148
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967923-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Schema-Info
+ldapDisplayName: schemaInfo
+attributeId: 1.2.840.113556.1.4.1358
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: f9fb64ae-93b4-11d2-9945-0000f87a57d4
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Schema-Update
+ldapDisplayName: schemaUpdate
+attributeId: 1.2.840.113556.1.4.481
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: 1e2d06b4-ac8f-11d0-afe3-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: Schema-Version
+ldapDisplayName: schemaVersion
+attributeId: 1.2.840.113556.1.2.471
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: FALSE
+schemaIdGuid: bf967a2c-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33148
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Scope-Flags
+ldapDisplayName: scopeFlags
+attributeId: 1.2.840.113556.1.4.1354
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 16f3a4c2-7e79-11d2-9921-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Script-Path
+ldapDisplayName: scriptPath
+attributeId: 1.2.840.113556.1.4.62
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf9679a8-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: SD-Rights-Effective
+ldapDisplayName: sDRightsEffective
+attributeId: 1.2.840.113556.1.4.1304
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: c3dbafa6-33df-11d2-98b2-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Search-Flags
+ldapDisplayName: searchFlags
+attributeId: 1.2.840.113556.1.2.334
+attributeSyntax: 2.5.5.9
+omSyntax: 10
+isSingleValued: TRUE
+schemaIdGuid: bf967a2d-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+mapiID: 33069
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Search-Guide
+ldapDisplayName: searchGuide
+attributeId: 2.5.4.14
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967a2e-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33070
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: secretary
+ldapDisplayName: secretary
+attributeId: 0.9.2342.19200300.100.1.21
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 01072d9a-98ad-4a53-9744-e83e287278fb
+systemOnly: FALSE
+searchFlags: 0
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+cn: Security-Identifier
+ldapDisplayName: securityIdentifier
+attributeId: 1.2.840.113556.1.4.121
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967a2f-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: See-Also
+ldapDisplayName: seeAlso
+attributeId: 2.5.4.34
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: bf967a31-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33071
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Seq-Notification
+ldapDisplayName: seqNotification
+attributeId: 1.2.840.113556.1.4.504
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: ddac0cf2-af8f-11d0-afeb-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Serial-Number
+ldapDisplayName: serialNumber
+attributeId: 2.5.4.5
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: bf967a32-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+mapiID: 33072
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Server-Name
+ldapDisplayName: serverName
+attributeId: 1.2.840.113556.1.4.223
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 09dcb7a0-165f-11d0-a064-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 1024
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Server-Reference
+ldapDisplayName: serverReference
+attributeId: 1.2.840.113556.1.4.515
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 26d9736d-6070-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 94
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Server-Reference-BL
+ldapDisplayName: serverReferenceBL
+attributeId: 1.2.840.113556.1.4.516
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 26d9736e-6070-11d1-a9c6-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 95
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Server-Role
+ldapDisplayName: serverRole
+attributeId: 1.2.840.113556.1.4.157
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a33-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Server-State
+ldapDisplayName: serverState
+attributeId: 1.2.840.113556.1.4.154
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a34-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Service-Binding-Information
+ldapDisplayName: serviceBindingInformation
+attributeId: 1.2.840.113556.1.4.510
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: b7b1311c-b82e-11d0-afee-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-Class-ID
+ldapDisplayName: serviceClassID
+attributeId: 1.2.840.113556.1.4.122
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967a35-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-Class-Info
+ldapDisplayName: serviceClassInfo
+attributeId: 1.2.840.113556.1.4.123
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967a36-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-Class-Name
+ldapDisplayName: serviceClassName
+attributeId: 1.2.840.113556.1.4.509
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: b7b1311d-b82e-11d0-afee-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-DNS-Name
+ldapDisplayName: serviceDNSName
+attributeId: 1.2.840.113556.1.4.657
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 28630eb8-41d5-11d1-a9c1-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-DNS-Name-Type
+ldapDisplayName: serviceDNSNameType
+attributeId: 1.2.840.113556.1.4.659
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 28630eba-41d5-11d1-a9c1-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-Instance-Version
+ldapDisplayName: serviceInstanceVersion
+attributeId: 1.2.840.113556.1.4.199
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967a37-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 8
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-Principal-Name
+ldapDisplayName: servicePrincipalName
+attributeId: 1.2.840.113556.1.4.771
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: f3a64788-5306-11d1-a9c5-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Setup-Command
+ldapDisplayName: setupCommand
+attributeId: 1.2.840.113556.1.4.325
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 7d6c0e97-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ShadowExpire
+ldapDisplayName: shadowExpire
+attributeId: 1.3.6.1.1.1.1.10
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 75159a00-1fff-4cf4-8bff-4ef2695cf643
+systemOnly: FALSE
+searchFlags: 0
+
+cn: ShadowFlag
+ldapDisplayName: shadowFlag
+attributeId: 1.3.6.1.1.1.1.11
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 8dfeb70d-c5db-46b6-b15e-a4389e6cee9b
+systemOnly: FALSE
+searchFlags: 0
+
+cn: ShadowInactive
+ldapDisplayName: shadowInactive
+attributeId: 1.3.6.1.1.1.1.9
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 86871d1f-3310-4312-8efd-af49dcfb2671
+systemOnly: FALSE
+searchFlags: 0
+
+cn: ShadowLastChange
+ldapDisplayName: shadowLastChange
+attributeId: 1.3.6.1.1.1.1.5
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: f8f2689c-29e8-4843-8177-e8b98e15eeac
+systemOnly: FALSE
+searchFlags: 0
+
+cn: ShadowMax
+ldapDisplayName: shadowMax
+attributeId: 1.3.6.1.1.1.1.7
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: f285c952-50dd-449e-9160-3b880d99988d
+systemOnly: FALSE
+searchFlags: 0
+
+cn: ShadowMin
+ldapDisplayName: shadowMin
+attributeId: 1.3.6.1.1.1.1.6
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: a76b8737-e5a1-4568-b057-dc12e04be4b2
+systemOnly: FALSE
+searchFlags: 0
+
+cn: ShadowWarning
+ldapDisplayName: shadowWarning
+attributeId: 1.3.6.1.1.1.1.8
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7ae89c9c-2976-4a46-bb8a-340f88560117
+systemOnly: FALSE
+searchFlags: 0
+
+cn: Shell-Context-Menu
+ldapDisplayName: shellContextMenu
+attributeId: 1.2.840.113556.1.4.615
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 553fd039-f32e-11d0-b0bc-00c04fd8dca6
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Shell-Property-Pages
+ldapDisplayName: shellPropertyPages
+attributeId: 1.2.840.113556.1.4.563
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 52458039-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Short-Server-Name
+ldapDisplayName: shortServerName
+attributeId: 1.2.840.113556.1.4.1209
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 45b01501-c419-11d1-bbc9-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Show-In-Address-Book
+ldapDisplayName: showInAddressBook
+attributeId: 1.2.840.113556.1.4.644
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 3e74f60e-3e73-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: fCOPY
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Show-In-Advanced-View-Only
+ldapDisplayName: showInAdvancedViewOnly
+attributeId: 1.2.840.113556.1.2.169
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: bf967984-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY| fATTINDEX
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: SID-History
+ldapDisplayName: sIDHistory
+attributeId: 1.2.840.113556.1.4.609
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 17eb4278-d167-11d0-b002-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Signature-Algorithms
+ldapDisplayName: signatureAlgorithms
+attributeId: 1.2.840.113556.1.4.824
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 2a39c5b2-8960-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Site-GUID
+ldapDisplayName: siteGUID
+attributeId: 1.2.840.113556.1.4.362
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 3e978924-8c01-11d0-afda-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Site-Link-List
+ldapDisplayName: siteLinkList
+attributeId: 1.2.840.113556.1.4.822
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: d50c2cdd-8951-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 142
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Site-List
+ldapDisplayName: siteList
+attributeId: 1.2.840.113556.1.4.821
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: d50c2cdc-8951-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 144
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Site-Object
+ldapDisplayName: siteObject
+attributeId: 1.2.840.113556.1.4.512
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 3e10944c-c354-11d0-aff8-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 46
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Site-Object-BL
+ldapDisplayName: siteObjectBL
+attributeId: 1.2.840.113556.1.4.513
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 3e10944d-c354-11d0-aff8-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+linkID: 47
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_NOT_REPLICATED
+
+cn: Site-Server
+ldapDisplayName: siteServer
+attributeId: 1.2.840.113556.1.4.494
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 1be8f17c-a9ff-11d0-afe2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: SMTP-Mail-Address
+ldapDisplayName: mailAddress
+attributeId: 1.2.840.113556.1.4.786
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 26d9736f-6070-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: SPN-Mappings
+ldapDisplayName: sPNMappings
+attributeId: 1.2.840.113556.1.4.1347
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 2ab0e76c-7041-11d2-9905-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: State-Or-Province-Name
+ldapDisplayName: st
+attributeId: 2.5.4.8
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a39-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 128
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14888
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Street-Address
+ldapDisplayName: street
+attributeId: 2.5.4.9
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a3a-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 1024
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 33082
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Structural-Object-Class
+ldapDisplayName: structuralObjectClass
+attributeId: 2.5.21.9
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: 3860949f-f6a8-4b38-9950-81ecb6bc2982
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Sub-Class-Of
+ldapDisplayName: subClassOf
+attributeId: 1.2.840.113556.1.2.21
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: TRUE
+schemaIdGuid: bf967a3b-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Sub-Refs
+ldapDisplayName: subRefs
+attributeId: 1.2.840.113556.1.2.7
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: bf967a3c-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 33083
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: SubSchemaSubEntry
+ldapDisplayName: subSchemaSubEntry
+attributeId: 2.5.18.10
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 9a7ad94d-ca53-11d1-bbd0-0080c76670c0
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Superior-DNS-Root
+ldapDisplayName: superiorDNSRoot
+attributeId: 1.2.840.113556.1.4.532
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 5245801d-ca6a-11d0-afff-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Super-Scope-Description
+ldapDisplayName: superScopeDescription
+attributeId: 1.2.840.113556.1.4.711
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 963d274c-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Super-Scopes
+ldapDisplayName: superScopes
+attributeId: 1.2.840.113556.1.4.710
+attributeSyntax: 2.5.5.5
+omSyntax: 19
+isSingleValued: FALSE
+schemaIdGuid: 963d274b-48be-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Supplemental-Credentials
+ldapDisplayName: supplementalCredentials
+attributeId: 1.2.840.113556.1.4.125
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967a3f-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Supported-Application-Context
+ldapDisplayName: supportedApplicationContext
+attributeId: 2.5.4.30
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 1677588f-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33085
+
+cn: Surname
+ldapDisplayName: sn
+attributeId: 2.5.4.4
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a41-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fANR | fATTINDEX
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14865
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Sync-Attributes
+ldapDisplayName: syncAttributes
+attributeId: 1.2.840.113556.1.4.666
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 037651e4-441d-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Sync-Membership
+ldapDisplayName: syncMembership
+attributeId: 1.2.840.113556.1.4.665
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 037651e3-441d-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+linkID: 78
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Sync-With-Object
+ldapDisplayName: syncWithObject
+attributeId: 1.2.840.113556.1.4.664
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 037651e2-441d-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Sync-With-SID
+ldapDisplayName: syncWithSID
+attributeId: 1.2.840.113556.1.4.667
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 037651e5-441d-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: System-Auxiliary-Class
+ldapDisplayName: systemAuxiliaryClass
+attributeId: 1.2.840.113556.1.4.198
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: bf967a43-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: System-Flags
+ldapDisplayName: systemFlags
+attributeId: 1.2.840.113556.1.4.375
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: e0fa1e62-9b45-11d0-afdd-00c04fd930c9
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: System-May-Contain
+ldapDisplayName: systemMayContain
+attributeId: 1.2.840.113556.1.4.196
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: bf967a44-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: System-Must-Contain
+ldapDisplayName: systemMustContain
+attributeId: 1.2.840.113556.1.4.197
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: bf967a45-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: System-Only
+ldapDisplayName: systemOnly
+attributeId: 1.2.840.113556.1.4.170
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: bf967a46-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: System-Poss-Superiors
+ldapDisplayName: systemPossSuperiors
+attributeId: 1.2.840.113556.1.4.195
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: FALSE
+schemaIdGuid: bf967a47-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Telephone-Number
+ldapDisplayName: telephoneNumber
+attributeId: 2.5.4.20
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a49-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14856
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Teletex-Terminal-Identifier
+ldapDisplayName: teletexTerminalIdentifier
+attributeId: 2.5.4.22
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967a4a-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 33091
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Telex-Number
+ldapDisplayName: telexNumber
+attributeId: 2.5.4.21
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967a4b-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 32
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14892
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Telex-Primary
+ldapDisplayName: primaryTelexNumber
+attributeId: 1.2.840.113556.1.4.648
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 0296c121-40da-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 64
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Template-Roots
+ldapDisplayName: templateRoots
+attributeId: 1.2.840.113556.1.4.1346
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: ed9de9a0-7041-11d2-9905-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Template-Roots2
+ldapDisplayName: templateRoots2
+attributeId: 1.2.840.113556.1.4.2048
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+linkId: 2126
+schemaIdGuid: b1cba91a-0682-4362-a659-153e201ef069
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Terminal-Server
+ldapDisplayName: terminalServer
+attributeId: 1.2.840.113556.1.4.885
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 6db69a1c-9422-11d1-aebd-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeUpper: 20480
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+attributeSecurityGUID: 5805bc62-bdc9-4428-a5e2-856a0f4c185e
+
+cn: Text-Country
+ldapDisplayName: co
+attributeId: 1.2.840.113556.1.2.131
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: f0f8ffa7-1191-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 1
+rangeUpper: 128
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14886
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Text-Encoded-OR-Address
+ldapDisplayName: textEncodedORAddress
+attributeId: 0.9.2342.19200300.100.1.2
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: a8df7489-c5ea-11d1-bbcb-0080c76670c0
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 1024
+mapiID: 35969
+
+cn: Time-Refresh
+ldapDisplayName: timeRefresh
+attributeId: 1.2.840.113556.1.4.503
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: ddac0cf1-af8f-11d0-afeb-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Time-Vol-Change
+ldapDisplayName: timeVolChange
+attributeId: 1.2.840.113556.1.4.502
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: ddac0cf0-af8f-11d0-afeb-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Title
+ldapDisplayName: title
+attributeId: 2.5.4.12
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a55-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 128
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+mapiID: 14871
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Token-Groups
+ldapDisplayName: tokenGroups
+attributeId: 1.2.840.113556.1.4.1301
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: b7c69e6d-2cc7-11d2-854e-00a0c983f608
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Token-Groups-Global-And-Universal
+ldapDisplayName: tokenGroupsGlobalAndUniversal
+attributeId: 1.2.840.113556.1.4.1418
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 46a9b11d-60ae-405a-b7e8-ff8a58d456d2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Token-Groups-No-GC-Acceptable
+ldapDisplayName: tokenGroupsNoGCAcceptable
+attributeId: 1.2.840.113556.1.4.1303
+attributeSyntax: 2.5.5.17
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 040fc392-33df-11d2-98b2-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 037088f8-0ae1-11d2-b422-00a0c968f939
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_ATTR_IS_CONSTRUCTED |FLAG_DOMAIN_DISALLOW_RENAME
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Tombstone-Lifetime
+ldapDisplayName: tombstoneLifetime
+attributeId: 1.2.840.113556.1.2.54
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 16c3a860-1273-11d0-a060-00aa006c33ed
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33093
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Transport-Address-Attribute
+ldapDisplayName: transportAddressAttribute
+attributeId: 1.2.840.113556.1.4.895
+attributeSyntax: 2.5.5.2
+omSyntax: 6
+isSingleValued: TRUE
+schemaIdGuid: c1dc867c-a261-11d1-b606-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Transport-DLL-Name
+ldapDisplayName: transportDLLName
+attributeId: 1.2.840.113556.1.4.789
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 26d97372-6070-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 1024
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Transport-Type
+ldapDisplayName: transportType
+attributeId: 1.2.840.113556.1.4.791
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: 26d97374-6070-11d1-a9c6-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Treat-As-Leaf
+ldapDisplayName: treatAsLeaf
+attributeId: 1.2.840.113556.1.4.806
+attributeSyntax: 2.5.5.8
+omSyntax: 1
+isSingleValued: TRUE
+schemaIdGuid: 8fd044e3-771f-11d1-aeae-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Tree-Name
+ldapDisplayName: treeName
+attributeId: 1.2.840.113556.1.4.660
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 28630ebd-41d5-11d1-a9c1-0000f80367c1
+systemOnly: TRUE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Trust-Attributes
+ldapDisplayName: trustAttributes
+attributeId: 1.2.840.113556.1.4.470
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 80a67e5a-9f22-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Trust-Auth-Incoming
+ldapDisplayName: trustAuthIncoming
+attributeId: 1.2.840.113556.1.4.129
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967a59-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Trust-Auth-Outgoing
+ldapDisplayName: trustAuthOutgoing
+attributeId: 1.2.840.113556.1.4.135
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967a5f-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Trust-Direction
+ldapDisplayName: trustDirection
+attributeId: 1.2.840.113556.1.4.132
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a5c-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Trust-Parent
+ldapDisplayName: trustParent
+attributeId: 1.2.840.113556.1.4.471
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: TRUE
+schemaIdGuid: b000ea7a-a086-11d0-afdd-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Trust-Partner
+ldapDisplayName: trustPartner
+attributeId: 1.2.840.113556.1.4.133
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a5d-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 1
+rangeUpper: 1024
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Trust-Posix-Offset
+ldapDisplayName: trustPosixOffset
+attributeId: 1.2.840.113556.1.4.134
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a5e-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Trust-Type
+ldapDisplayName: trustType
+attributeId: 1.2.840.113556.1.4.136
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a60-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: UAS-Compat
+ldapDisplayName: uASCompat
+attributeId: 1.2.840.113556.1.4.155
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a61-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: b8119fd0-04f6-4762-ab7a-4986c76b3f9a
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: uid
+ldapDisplayName: uid
+attributeId: 0.9.2342.19200300.100.1.1
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 0bb0fca0-1e89-429f-901a-1413894d9f59
+systemOnly: FALSE
+searchFlags: fPRESERVEONDELETE
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+cn: UidNumber
+ldapDisplayName: uidNumber
+attributeId: 1.3.6.1.1.1.1.0
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 850fcc8f-9c6b-47e1-b671-7c654be4d5b3
+systemOnly: FALSE
+searchFlags: fATTINDEX
+
+cn: UNC-Name
+ldapDisplayName: uNCName
+attributeId: 1.2.840.113556.1.4.137
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a64-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fATTINDEX
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Unicode-Pwd
+ldapDisplayName: unicodePwd
+attributeId: 1.2.840.113556.1.4.90
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf9679e1-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: uniqueIdentifier
+ldapDisplayName: uniqueIdentifier
+attributeId: 0.9.2342.19200300.100.1.44
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: ba0184c7-38c5-4bed-a526-75421470580c
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: uniqueMember
+ldapDisplayName: uniqueMember
+attributeId: 2.5.4.50
+attributeSyntax: 2.5.5.1
+omSyntax: 127
+omObjectClass: 1.3.12.2.1011.28.0.714
+isSingleValued: FALSE
+schemaIdGuid: 8f888726-f80a-44d7-b1ee-cb9df21392c8
+systemOnly: FALSE
+searchFlags: 0
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+cn: UnixHomeDirectory
+ldapDisplayName: unixHomeDirectory
+attributeId: 1.3.6.1.1.1.1.3
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: TRUE
+schemaIdGuid: bc2dba12-000f-464d-bf1d-0808465d8843
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 2048
+
+cn: UnixUserPassword
+ldapDisplayName: unixUserPassword
+attributeId: 1.2.840.113556.1.4.1910
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 612cb747-c0e8-4f92-9221-fdd5f15b550d
+systemOnly: FALSE
+searchFlags:fCONFIDENTIAL
+rangeLower: 1
+rangeUpper: 128
+
+cn: unstructuredAddress
+ldapDisplayName: unstructuredAddress
+attributeId: 1.2.840.113549.1.9.8
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 50950839-cc4c-4491-863a-fcf942d684b7
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 256
+systemFlags: 0
+
+cn: unstructuredName
+ldapDisplayName: unstructuredName
+attributeId: 1.2.840.113549.1.9.2
+attributeSyntax: 2.5.5.5
+omSyntax: 22
+isSingleValued: FALSE
+schemaIdGuid: 9c8ef177-41cf-45c9-9673-7716c0c8901b
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 256
+systemFlags: 0
+
+cn: Upgrade-Product-Code
+ldapDisplayName: upgradeProductCode
+attributeId: 1.2.840.113556.1.4.813
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: d9e18312-8939-11d1-aebc-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: UPN-Suffixes
+ldapDisplayName: uPNSuffixes
+attributeId: 1.2.840.113556.1.4.890
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 032160bf-9824-11d1-aec0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: User-Account-Control
+ldapDisplayName: userAccountControl
+attributeId: 1.2.840.113556.1.4.8
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a68-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY| fPRESERVEONDELETE | fATTINDEX
+attributeSecurityGuid: 4c164200-20c0-11d0-a768-00aa006e0529
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: User-Cert
+ldapDisplayName: userCert
+attributeId: 1.2.840.113556.1.4.645
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: bf967a69-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14882
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: userClass
+ldapDisplayName: userClass
+attributeId: 0.9.2342.19200300.100.1.8
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 11732a8a-e14d-4cc5-b92f-d93f51c6d8e4
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 256
+
+cn: User-Comment
+ldapDisplayName: comment
+attributeId: 1.2.840.113556.1.4.156
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a6a-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 59ba2f42-79a2-11d0-9020-00c04fc2d3cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: User-Parameters
+ldapDisplayName: userParameters
+attributeId: 1.2.840.113556.1.4.138
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a6d-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 32767
+attributeSecurityGuid: 4c164200-20c0-11d0-a768-00aa006e0529
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: User-Password
+ldapDisplayName: userPassword
+attributeId: 2.5.4.35
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967a6e-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 128
+mapiID: 33107
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: userPKCS12
+ldapDisplayName: userPKCS12
+attributeId: 2.16.840.1.113730.3.1.216
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: 23998ab5-70f8-4007-a4c1-a84a38311f9a
+systemOnly: FALSE
+searchFlags: 0
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+cn: User-Principal-Name
+ldapDisplayName: userPrincipalName
+attributeId: 1.2.840.113556.1.4.656
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 28630ebb-41d5-11d1-a9c1-0000f80367c1
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeUpper: 1024
+attributeSecurityGuid: e48d0154-bcf8-11d1-8702-00c04fb96050
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: User-Shared-Folder
+ldapDisplayName: userSharedFolder
+attributeId: 1.2.840.113556.1.4.751
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 9a9a021f-4a5b-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: User-Shared-Folder-Other
+ldapDisplayName: userSharedFolderOther
+attributeId: 1.2.840.113556.1.4.752
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9a9a0220-4a5b-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: User-SMIME-Certificate
+ldapDisplayName: userSMIMECertificate
+attributeId: 2.16.840.1.113730.3.140
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: e16a9db2-403c-11d1-a9c0-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 32768
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 14960
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: 0
+
+cn: User-Workstations
+ldapDisplayName: userWorkstations
+attributeId: 1.2.840.113556.1.4.86
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf9679d7-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: fCOPY
+rangeLower: 0
+rangeUpper: 1024
+attributeSecurityGuid: 5f202010-79a5-11d0-9020-00c04fc2d4cf
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: USN-Changed
+ldapDisplayName: uSNChanged
+attributeId: 1.2.840.113556.1.2.120
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967a6f-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE | fATTINDEX
+mapiID: 32809
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: USN-Created
+ldapDisplayName: uSNCreated
+attributeId: 1.2.840.113556.1.2.19
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967a70-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: fPRESERVEONDELETE | fATTINDEX
+mapiID: 33108
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: USN-DSA-Last-Obj-Removed
+ldapDisplayName: uSNDSALastObjRemoved
+attributeId: 1.2.840.113556.1.2.267
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967a71-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 33109
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: USN-Intersite
+ldapDisplayName: USNIntersite
+attributeId: 1.2.840.113556.1.2.469
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: a8df7498-c5ea-11d1-bbcb-0080c76670c0
+systemOnly: FALSE
+searchFlags: fATTINDEX
+mapiID: 33146
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: USN-Last-Obj-Rem
+ldapDisplayName: uSNLastObjRem
+attributeId: 1.2.840.113556.1.2.121
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: bf967a73-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 33110
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: USN-Source
+ldapDisplayName: uSNSource
+attributeId: 1.2.840.113556.1.4.896
+attributeSyntax: 2.5.5.16
+omSyntax: 65
+isSingleValued: TRUE
+schemaIdGuid: 167758ad-47f3-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+mapiID: 33111
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Valid-Accesses
+ldapDisplayName: validAccesses
+attributeId: 1.2.840.113556.1.4.1356
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 4d2fa380-7f54-11d2-992a-0000f87a57d4
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Vendor
+ldapDisplayName: vendor
+attributeId: 1.2.840.113556.1.4.255
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: 281416df-1968-11d0-a28f-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 512
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Version-Number
+ldapDisplayName: versionNumber
+attributeId: 1.2.840.113556.1.4.141
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: bf967a76-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Version-Number-Hi
+ldapDisplayName: versionNumberHi
+attributeId: 1.2.840.113556.1.4.328
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7d6c0e9a-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Version-Number-Lo
+ldapDisplayName: versionNumberLo
+attributeId: 1.2.840.113556.1.4.329
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 7d6c0e9b-7e20-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Vol-Table-GUID
+ldapDisplayName: volTableGUID
+attributeId: 1.2.840.113556.1.4.336
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 1f0075fd-7e40-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 0
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Vol-Table-Idx-GUID
+ldapDisplayName: volTableIdxGUID
+attributeId: 1.2.840.113556.1.4.334
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: TRUE
+schemaIdGuid: 1f0075fb-7e40-11d0-afd6-00c04fd930c9
+systemOnly: FALSE
+searchFlags: fATTINDEX
+rangeLower: 0
+rangeUpper: 16
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Volume-Count
+ldapDisplayName: volumeCount
+attributeId: 1.2.840.113556.1.4.507
+attributeSyntax: 2.5.5.9
+omSyntax: 2
+isSingleValued: TRUE
+schemaIdGuid: 34aaa217-b699-11d0-afee-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Wbem-Path
+ldapDisplayName: wbemPath
+attributeId: 1.2.840.113556.1.4.301
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 244b2970-5abd-11d0-afd2-00c04fd930c9
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Well-Known-Objects
+ldapDisplayName: wellKnownObjects
+attributeId: 1.2.840.113556.1.4.618
+attributeSyntax: 2.5.5.7
+omSyntax: 127
+omObjectClass: 1.2.840.113556.1.1.1.11
+isSingleValued: FALSE
+schemaIdGuid: 05308983-7688-11d1-aded-00c04fd8d5cd
+systemOnly: TRUE
+searchFlags: 0
+rangeLower: 16
+rangeUpper: 16
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: When-Changed
+ldapDisplayName: whenChanged
+attributeId: 1.2.840.113556.1.2.3
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: bf967a77-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 12296
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER | FLAG_ATTR_NOT_REPLICATED
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: When-Created
+ldapDisplayName: whenCreated
+attributeId: 1.2.840.113556.1.2.2
+attributeSyntax: 2.5.5.11
+omSyntax: 24
+isSingleValued: TRUE
+schemaIdGuid: bf967a78-0de6-11d0-a285-00aa003049e2
+systemOnly: TRUE
+searchFlags: 0
+mapiID: 12295
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT |FLAG_ATTR_REQ_PARTIAL_SET_MEMBER
+schemaFlagsEx: FLAG_ATTR_IS_CRITICAL
+
+cn: Winsock-Addresses
+ldapDisplayName: winsockAddresses
+attributeId: 1.2.840.113556.1.4.142
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967a79-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: WWW-Home-Page
+ldapDisplayName: wWWHomePage
+attributeId: 1.2.840.113556.1.2.464
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: TRUE
+schemaIdGuid: bf967a7a-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 2048
+attributeSecurityGuid: e45795b3-9455-11d1-aebd-0000f80367c1
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: WWW-Page-Other
+ldapDisplayName: url
+attributeId: 1.2.840.113556.1.4.749
+attributeSyntax: 2.5.5.12
+omSyntax: 64
+isSingleValued: FALSE
+schemaIdGuid: 9a9a0221-4a5b-11d1-a9c3-0000f80367c1
+systemOnly: FALSE
+searchFlags: 0
+attributeSecurityGuid: e45795b3-9455-11d1-aebd-0000f80367c1
+mapiID: 33141
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: X121-Address
+ldapDisplayName: x121Address
+attributeId: 2.5.4.24
+attributeSyntax: 2.5.5.6
+omSyntax: 18
+isSingleValued: FALSE
+schemaIdGuid: bf967a7b-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeLower: 1
+rangeUpper: 15
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 33112
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: x500uniqueIdentifier
+ldapDisplayName: x500uniqueIdentifier
+attributeId: 2.5.4.45
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: d07da11f-8a3d-42b6-b0aa-76c962be719a
+systemOnly: FALSE
+searchFlags: 0
+systemFlags: 0
+
+cn: X509-Cert
+ldapDisplayName: userCertificate
+attributeId: 2.5.4.36
+attributeSyntax: 2.5.5.10
+omSyntax: 4
+isSingleValued: FALSE
+schemaIdGuid: bf967a7f-0de6-11d0-a285-00aa003049e2
+systemOnly: FALSE
+searchFlags: 0
+rangeUpper: 32768
+attributeSecurityGuid: 77b5b886-944a-11d1-aebd-0000f80367c1
+mapiID: 35946
+isMemberOfPartialAttributeSet: TRUE
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
diff --git a/source4/setup/ad-schema/MS-AD_Schema_2K8_R2_Classes.txt b/source4/setup/ad-schema/MS-AD_Schema_2K8_R2_Classes.txt
new file mode 100644
index 0000000000..27beb3546e
--- /dev/null
+++ b/source4/setup/ad-schema/MS-AD_Schema_2K8_R2_Classes.txt
@@ -0,0 +1,3577 @@
+#Intellectual Property Rights Notice for Protocol Documentation
+#• Copyrights. This protocol documentation is covered by Microsoft copyrights. Regardless of any other terms that are contained in the terms of use for the Microsoft website that hosts this documentation, you may make copies of it in order to develop implementations of the protocols, and may distribute portions of it in your implementations of the protocols or your documentation as necessary to properly document the implementation. You may also distribute in your implementation, with or without modification, any schema, IDL’s, or code samples that are included in the documentation. This permission also applies to any documents that are referenced in the protocol documentation.
+#• No Trade Secrets. Microsoft does not claim any trade secret rights in this documentation.
+#• Patents. Microsoft has patents that may cover your implementations of the protocols. Neither this notice nor Microsoft's delivery of the documentation grants any licenses under those or any other Microsoft patents. However, the protocols may be covered by Microsoft’s Open Specification Promise (available here: http://www.microsoft.com/interop/osp). If you would prefer a written license, or if the protocols are not covered by the OSP, patent licenses are available by contacting protocol@microsoft.com.
+#• Trademarks. The names of companies and products contained in this documentation may be covered by trademarks or similar intellectual property rights. This notice does not grant any licenses under those rights.
+#Reservation of Rights. All other rights are reserved, and this notice does not grant any rights other than specifically described above, whether by implication, estoppel, or otherwise.
+#Tools. This protocol documentation is intended for use in conjunction with publicly available standard specifications and network programming art, and assumes that the reader either is familiar with the aforementioned material or has immediate access to it. A protocol specification does not require the use of Microsoft programming tools or programming environments in order for you to develop an implementation. If you have access to Microsoft programming tools and environments you are free to take advantage of them.
+#
+
+
+cn: account
+ldapDisplayName: account
+governsId: 0.9.2342.19200300.100.4.5
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: uid, host, ou, o, l, seeAlso, description
+possSuperiors: organizationalUnit, container
+schemaIdGuid:2628a46a-a6ad-4ae0-b854-2b12d9fe6f9e
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=account,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ACS-Policy
+ldapDisplayName: aCSPolicy
+governsId: 1.2.840.113556.1.5.137
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: aCSTotalNoOfFlows, aCSTimeOfDay, aCSServiceType,aCSPriority, aCSPermissionBits, aCSMinimumDelayVariation,aCSMinimumLatency, aCSMaximumSDUSize, aCSMinimumPolicedSize,aCSMaxTokenRatePerFlow, aCSMaxTokenBucketPerFlow,aCSMaxPeakBandwidthPerFlow, aCSMaxDurationPerFlow,aCSMaxAggregatePeakRatePerUser, aCSIdentityName, aCSDirection,aCSAggregateTokenRatePerUser
+systemPossSuperiors: container
+schemaIdGuid:7f561288-5301-11d1-a9c5-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ACS-Policy,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Resource-Limits
+ldapDisplayName: aCSResourceLimits
+governsId: 1.2.840.113556.1.5.191
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: aCSMaxTokenRatePerFlow, aCSServiceType,aCSMaxPeakBandwidthPerFlow, aCSMaxPeakBandwidth,aCSAllocableRSVPBandwidth
+systemPossSuperiors: container
+schemaIdGuid:2e899b04-2834-11d3-91d4-0000f87a57d4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ACS-Resource-Limits,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ACS-Subnet
+ldapDisplayName: aCSSubnet
+governsId: 1.2.840.113556.1.5.138
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: aCSServerList, aCSRSVPLogFilesLocation,aCSRSVPAccountFilesLocation, aCSNonReservedTxSize,aCSNonReservedTxLimit, aCSNonReservedTokenSize,aCSNonReservedPeakRate, aCSNonReservedMinPolicedSize,aCSNonReservedMaxSDUSize, aCSMaxTokenRatePerFlow,aCSMaxSizeOfRSVPLogFile, aCSMaxSizeOfRSVPAccountFile,aCSMaxPeakBandwidthPerFlow, aCSMaxPeakBandwidth, aCSMaxNoOfLogFiles,aCSMaxNoOfAccountFiles, aCSMaxDurationPerFlow, aCSEventLogLevel,aCSEnableRSVPMessageLogging, aCSEnableRSVPAccounting,aCSEnableACSService, aCSDSBMRefresh, aCSDSBMPriority,aCSDSBMDeadTime, aCSCacheTimeout, aCSAllocableRSVPBandwidth
+systemPossSuperiors: container
+schemaIdGuid:7f561289-5301-11d1-a9c5-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ACS-Subnet,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Address-Book-Container
+ldapDisplayName: addressBookContainer
+governsId: 1.2.840.113556.1.5.125
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: displayName
+systemMayContain: purportedSearch
+systemPossSuperiors: addressBookContainer, configuration
+schemaIdGuid:3e74f60f-3e73-11d1-a9c0-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(OA;;CR;a1990816-4298-11d1-ade2-00c04fd8d5cd;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Address-Book-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Address-Template
+ldapDisplayName: addressTemplate
+governsId: 1.2.840.113556.1.3.58
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: displayTemplate
+systemMustContain: displayName
+systemMayContain: proxyGenerationEnabled, perRecipDialogDisplayTable,perMsgDialogDisplayTable, addressType, addressSyntax
+systemPossSuperiors: container
+schemaIdGuid:5fd4250a-1262-11d0-a060-00aa006c33ed
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Address-Template,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Application-Entity
+ldapDisplayName: applicationEntity
+governsId: 2.5.6.12
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: presentationAddress, cn
+systemMayContain: supportedApplicationContext, seeAlso, ou, o, l
+systemPossSuperiors: applicationProcess, organizationalUnit,container
+schemaIdGuid:3fdfee4f-47f4-11d1-a9c3-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Application-Entity,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Application-Process
+ldapDisplayName: applicationProcess
+governsId: 2.5.6.11
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+systemMayContain: seeAlso, ou, l
+systemPossSuperiors: organizationalUnit, organization, container,computer
+schemaIdGuid:5fd4250b-1262-11d0-a060-00aa006c33ed
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=Application-Process,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Application-Settings
+ldapDisplayName: applicationSettings
+governsId: 1.2.840.113556.1.5.7000.49
+objectClassCategory: 2
+rdnAttId: cn
+subClassOf: top
+systemMayContain: notificationList, msDS-Settings, applicationName
+systemPossSuperiors: server
+schemaIdGuid:f780acc1-56f0-11d1-a9c6-0000f80367c1
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Application-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Application-Site-Settings
+ldapDisplayName: applicationSiteSettings
+governsId: 1.2.840.113556.1.5.68
+objectClassCategory: 2
+rdnAttId: cn
+subClassOf: top
+systemMayContain: notificationList, applicationName
+systemPossSuperiors: site
+schemaIdGuid:19195a5c-6da0-11d0-afd3-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Application-Site-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Application-Version
+ldapDisplayName: applicationVersion
+governsId: 1.2.840.113556.1.5.216
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: applicationSettings
+mayContain: owner, managedBy, keywords, versionNumberLo,versionNumberHi, versionNumber, vendor, appSchemaVersion
+possSuperiors: organizationalUnit, computer, container
+schemaIdGuid:ddc790ac-af4d-442a-8f0f-a1d4caa7dd92
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Application-Version,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: 0
+
+cn: Attribute-Schema
+ldapDisplayName: attributeSchema
+governsId: 1.2.840.113556.1.3.14
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: schemaIDGUID, oMSyntax, lDAPDisplayName,isSingleValued, cn, attributeSyntax, attributeID
+systemMayContain: systemOnly, searchFlags, schemaFlagsEx, rangeUpper,rangeLower, oMObjectClass, msDs-Schema-Extensions, msDS-IntId,mAPIID, linkID, isMemberOfPartialAttributeSet, isEphemeral,isDefunct, extendedCharsAllowed, classDisplayName,attributeSecurityGUID
+systemPossSuperiors: dMD
+schemaIdGuid:bf967a80-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:S:
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_DOMAIN_DISALLOW_RENAME
+
+cn: BootableDevice
+ldapDisplayName: bootableDevice
+governsId: 1.3.6.1.1.1.2.12
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+mayContain: cn, bootParameter, bootFile
+schemaIdGuid:4bcb2477-4bb3-4545-a9fc-fb66e136b435
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=BootableDevice,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Builtin-Domain
+ldapDisplayName: builtinDomain
+governsId: 1.2.840.113556.1.5.4
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemAuxiliaryClass: samDomainBase
+systemPossSuperiors: domainDNS
+schemaIdGuid:bf967a81-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Builtin-Domain,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Category-Registration
+ldapDisplayName: categoryRegistration
+governsId: 1.2.840.113556.1.5.74
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: leaf
+systemMayContain: managedBy, localizedDescription, localeID,categoryId
+systemPossSuperiors: classStore
+schemaIdGuid:7d6c0e9d-7e20-11d0-afd6-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Category-Registration,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Certification-Authority
+ldapDisplayName: certificationAuthority
+governsId: 2.5.6.16
+objectClassCategory: 0
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn, certificateRevocationList, cACertificate,authorityRevocationList
+systemMayContain: teletexTerminalIdentifier,supportedApplicationContext, signatureAlgorithms, searchGuide,previousParentCA, previousCACertificates, pendingParentCA,pendingCACertificates, parentCACertificateChain, parentCA,enrollmentProviders, domainPolicyObject, domainID, dNSHostName,deltaRevocationList, currentParentCA, crossCertificatePair,cRLObject, certificateTemplates, cAWEBURL, cAUsages, cAConnect,cACertificateDN
+systemPossSuperiors: container
+schemaIdGuid:3fdfee50-47f4-11d1-a9c3-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Certification-Authority,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Class-Registration
+ldapDisplayName: classRegistration
+governsId: 1.2.840.113556.1.5.10
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: leaf
+systemMayContain: requiredCategories, managedBy,implementedCategories, cOMTreatAsClassId, cOMProgID,cOMOtherProgId, cOMInterfaceID, cOMCLSID
+systemPossSuperiors: classStore
+schemaIdGuid:bf967a82-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Class-Registration,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Class-Schema
+ldapDisplayName: classSchema
+governsId: 1.2.840.113556.1.3.13
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: subClassOf, schemaIDGUID, objectClassCategory,governsID, defaultObjectCategory, cn
+systemMayContain: systemPossSuperiors, systemOnly, systemMustContain,systemMayContain, systemAuxiliaryClass, schemaFlagsEx, rDNAttID,possSuperiors, mustContain, msDs-Schema-Extensions, msDS-IntId,mayContain, lDAPDisplayName, isDefunct, defaultSecurityDescriptor,defaultHidingValue, classDisplayName, auxiliaryClass
+systemPossSuperiors: dMD
+schemaIdGuid:bf967a83-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:S:
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_DOMAIN_DISALLOW_RENAME
+
+cn: Class-Store
+ldapDisplayName: classStore
+governsId: 1.2.840.113556.1.5.44
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: versionNumber, nextLevelStore, lastUpdateSequence,appSchemaVersion
+systemPossSuperiors: domainPolicy, computer, group, user, classStore,organizationalUnit, domainDNS, container
+schemaIdGuid:bf967a84-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Class-Store,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Com-Connection-Point
+ldapDisplayName: comConnectionPoint
+governsId: 1.2.840.113556.1.5.11
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: connectionPoint
+systemMustContain: cn
+systemMayContain: monikerDisplayName, moniker, marshalledInterface
+systemPossSuperiors: container
+schemaIdGuid:bf967a85-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Com-Connection-Point,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Computer
+ldapDisplayName: computer
+governsId: 1.2.840.113556.1.3.30
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: user
+auxiliaryClass: ipHost
+mayContain: msSFU30Aliases, msSFU30NisDomain, nisMapName,msSFU30Name
+systemMayContain: msTSEndpointData, msTSEndpointType,msTSEndpointPlugin, msDS-HostServiceAccount,msDS-IsUserCachableAtRodc, msTSProperty02,msTSProperty01, msTPM-OwnerInformation, msDS-RevealOnDemandGroup,msDS-NeverRevealGroup, msDS-PromotionSettings, msDS-SiteName,msDS-isRODC, msDS-isGC, msDS-AuthenticatedAtDC, msDS-RevealedList,msDS-RevealedUsers, msDS-ExecuteScriptPassword, msDS-KrbTgtLink,volumeCount, siteGUID, rIDSetReferences, policyReplicationFlags,physicalLocationObject, operatingSystemVersion,operatingSystemServicePack, operatingSystemHotfix, operatingSystem,networkAddress, netbootSIFFile, netbootMirrorDataFile,netbootMachineFilePath, netbootInitialization, netbootGUID,msDS-AdditionalSamAccountName, msDS-AdditionalDnsHostName,managedBy, machineRole, location, localPolicyFlags, dNSHostName,defaultLocalPolicyObject, cn, catalogs, msTSPrimaryDesktopBL, msTSSecondaryDesktopBL
+systemPossSuperiors: container, organizationalUnit, domainDNS
+schemaIdGuid:bf967a86-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCRLCLORCSDDT;;;CO)(OA;;WP;4c164200-20c0-11d0-a768-00aa006e0529;;CO)(A;;RPLCLORC;;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(A;;CCDC;;;PS)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO)(OA;;WP;3e0abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Computer,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Configuration
+ldapDisplayName: configuration
+governsId: 1.2.840.113556.1.5.12
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+systemMayContain: msDS-USNLastSyncSuccess, gPOptions, gPLink
+systemPossSuperiors: domainDNS
+schemaIdGuid:bf967a87-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=Configuration,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Connection-Point
+ldapDisplayName: connectionPoint
+governsId: 1.2.840.113556.1.5.14
+objectClassCategory: 2
+rdnAttId: cn
+subClassOf: leaf
+systemMustContain: cn
+systemMayContain: msDS-Settings, managedBy, keywords
+systemPossSuperiors: container, computer
+schemaIdGuid:5cb41ecf-0e4c-11d0-a286-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Connection-Point,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Contact
+ldapDisplayName: contact
+governsId: 1.2.840.113556.1.5.15
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: organizationalPerson
+systemAuxiliaryClass: mailRecipient
+systemMustContain: cn
+mayContain: msDS-SourceObjectDN
+systemMayContain: notes
+systemPossSuperiors: organizationalUnit, domainDNS
+schemaIdGuid:5cb41ed0-0e4c-11d0-a286-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Container
+ldapDisplayName: container
+governsId: 1.2.840.113556.1.3.23
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+mayContain: msDS-ObjectReference
+systemMayContain: schemaVersion, defaultClassStore
+systemPossSuperiors: msDS-AzScope, msDS-AzApplication,msDS-AzAdminManager, subnet, server, nTDSService, domainDNS,organization, configuration, container, organizationalUnit
+schemaIdGuid:bf967a8b-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Control-Access-Right
+ldapDisplayName: controlAccessRight
+governsId: 1.2.840.113556.1.5.77
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: validAccesses, rightsGuid, localizationDisplayId,appliesTo
+systemPossSuperiors: container
+schemaIdGuid:8297931e-86d3-11d0-afda-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Control-Access-Right,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Country
+ldapDisplayName: country
+governsId: 2.5.6.2
+objectClassCategory: 0
+rdnAttId: c
+subClassOf: top
+systemMustContain: c
+systemMayContain: co, searchGuide
+systemPossSuperiors: domainDNS, organization
+schemaIdGuid:bf967a8c-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Country,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: CRL-Distribution-Point
+ldapDisplayName: cRLDistributionPoint
+governsId: 2.5.6.19
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+systemMayContain: deltaRevocationList, cRLPartitionedRevocationList,certificateRevocationList, certificateAuthorityObject,authorityRevocationList
+systemPossSuperiors: container
+schemaIdGuid:167758ca-47f3-11d1-a9c3-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=CRL-Distribution-Point,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Cross-Ref
+ldapDisplayName: crossRef
+governsId: 1.2.840.113556.1.3.11
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: nCName, dnsRoot, cn
+systemMayContain: msDS-NC-RO-Replica-Locations, trustParent,superiorDNSRoot, rootTrust, nTMixedDomain, nETBIOSName, Enabled,msDS-SDReferenceDomain,msDS-Replication-Notify-Subsequent-DSA-Delay,msDS-Replication-Notify-First-DSA-Delay, msDS-NC-Replica-Locations,msDS-DnsRootAlias, msDS-Behavior-Version
+systemPossSuperiors: crossRefContainer
+schemaIdGuid:bf967a8d-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Cross-Ref,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Cross-Ref-Container
+ldapDisplayName: crossRefContainer
+governsId: 1.2.840.113556.1.5.7000.53
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msDS-EnabledFeature, msDS-SPNSuffixes, uPNSuffixes,msDS-UpdateScript, msDS-ExecuteScriptPassword, msDS-Behavior-Version
+systemPossSuperiors: configuration
+schemaIdGuid:ef9e60e0-56f7-11d1-a9c6-0000f80367c1
+defaultSecurityDescriptor: D:(A;;GA;;;SY)
+defaultHidingValue: FALSE
+systemOnly: TRUE
+defaultObjectCategory: CN=Cross-Ref-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Device
+ldapDisplayName: device
+governsId: 2.5.6.14
+objectClassCategory: 0
+rdnAttId: cn
+subClassOf: top
+auxiliaryClass: ipHost, ieee802Device, bootableDevice
+systemMustContain: cn
+mayContain: msSFU30Name, msSFU30NisDomain, nisMapName, msSFU30Aliases
+systemMayContain: serialNumber, seeAlso, owner, ou, o, l
+systemPossSuperiors: domainDNS, organizationalUnit, organization,container
+schemaIdGuid:bf967a8e-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Device,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Dfs-Configuration
+ldapDisplayName: dfsConfiguration
+governsId: 1.2.840.113556.1.5.42
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemPossSuperiors: container, domainDNS
+schemaIdGuid:8447f9f2-1027-11d0-a05f-00aa006c33ed
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Dfs-Configuration,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DHCP-Class
+ldapDisplayName: dHCPClass
+governsId: 1.2.840.113556.1.5.132
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: dhcpUniqueKey, dhcpType, dhcpIdentification,dhcpFlags
+systemMayContain: superScopes, superScopeDescription,optionsLocation, optionDescription, networkAddress, mscopeId,dhcpUpdateTime, dhcpSubnets, dhcpState, dhcpSites, dhcpServers,dhcpReservations, dhcpRanges, dhcpProperties, dhcpOptions,dhcpObjName, dhcpObjDescription, dhcpMaxKey, dhcpMask, dhcpClasses
+systemPossSuperiors: container
+schemaIdGuid:963d2756-48be-11d1-a9c3-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=DHCP-Class,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Display-Specifier
+ldapDisplayName: displaySpecifier
+governsId: 1.2.840.113556.1.5.84
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: treatAsLeaf, shellPropertyPages, shellContextMenu,scopeFlags, queryFilter, iconPath, extraColumns, creationWizard,createWizardExt, createDialog, contextMenu, classDisplayName,attributeDisplayNames, adminPropertyPages,adminMultiselectPropertyPages, adminContextMenu
+systemPossSuperiors: container
+schemaIdGuid:e0fa1e8a-9b45-11d0-afdd-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Display-Specifier,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Display-Template
+ldapDisplayName: displayTemplate
+governsId: 1.2.840.113556.1.3.59
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+systemMayContain: originalDisplayTableMSDOS, originalDisplayTable,helpFileName, helpData32, helpData16, addressEntryDisplayTableMSDOS,addressEntryDisplayTable
+systemPossSuperiors: container
+schemaIdGuid:5fd4250c-1262-11d0-a060-00aa006c33ed
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Display-Template,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: DMD
+ldapDisplayName: dMD
+governsId: 1.2.840.113556.1.3.9
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+systemMayContain: msDS-USNLastSyncSuccess, schemaUpdate, schemaInfo,prefixMap, msDs-Schema-Extensions, msDS-IntId, dmdName
+systemPossSuperiors: configuration
+schemaIdGuid:bf967a8f-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+defaultObjectCategory: CN=DMD,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+systemOnly: TRUE
+
+cn: Dns-Node
+ldapDisplayName: dnsNode
+governsId: 1.2.840.113556.1.5.86
+objectClassCategory: 1
+rdnAttId: dc
+subClassOf: top
+systemMustContain: dc
+systemMayContain: dNSTombstoned, dnsRecord, dNSProperty
+systemPossSuperiors: dnsZone
+schemaIdGuid:e0fa1e8c-9b45-11d0-afdd-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;ED)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLORC;;;WD)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Dns-Node,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Dns-Zone
+ldapDisplayName: dnsZone
+governsId: 1.2.840.113556.1.5.85
+objectClassCategory: 1
+rdnAttId: dc
+subClassOf: top
+systemMustContain: dc
+systemMayContain: managedBy, dnsSecureSecondaries, dNSProperty,dnsNotifySecondaries, dnsAllowXFR, dnsAllowDynamic
+systemPossSuperiors: container
+schemaIdGuid:e0fa1e8b-9b45-11d0-afdd-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;ED)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;CC;;;AU)(A;;RPLCLORC;;;WD)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Dns-Zone,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: document
+ldapDisplayName: document
+governsId: 0.9.2342.19200300.100.4.6
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: documentIdentifier, documentPublisher, documentLocation,documentAuthor, documentVersion, documentTitle, ou, o, l, seeAlso,description, cn
+possSuperiors: organizationalUnit, container
+schemaIdGuid:39bad96d-c2d6-4baf-88ab-7e4207600117
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=document,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: documentSeries
+ldapDisplayName: documentSeries
+governsId: 0.9.2342.19200300.100.4.9
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: cn
+mayContain: telephoneNumber, ou, o, l, seeAlso, description
+possSuperiors: organizationalUnit, container
+schemaIdGuid:7a2be07c-302f-4b96-bc90-0795d66885f8
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=documentSeries,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Domain
+ldapDisplayName: domain
+governsId: 1.2.840.113556.1.5.66
+objectClassCategory: 2
+rdnAttId: dc
+subClassOf: top
+systemMustContain: dc
+systemPossSuperiors: domain, organization
+schemaIdGuid:19195a5a-6da0-11d0-afd3-00c04fd930c9
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Domain-DNS
+ldapDisplayName: domainDNS
+governsId: 1.2.840.113556.1.5.67
+objectClassCategory: 1
+rdnAttId: dc
+subClassOf: domain
+systemAuxiliaryClass: samDomain
+systemMayContain: msDS-EnabledFeature, msDS-USNLastSyncSuccess,msDS-Behavior-Version, msDS-AllowedDNSSuffixes, managedBy
+systemPossSuperiors: domainDNS
+schemaIdGuid:19195a5b-6da0-11d0-afd3-00c04fd930c9
+defaultSecurityDescriptor: D:(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;S-1
+ -5-21-2848215498-2472035911-1947525656-498)(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-
+ 11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(
+ OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f7
+ 9f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;
+ 1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRC
+ WDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;
+ ;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8
+ -0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO
+ ;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2
+ ;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-
+ 00aa003049e2;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de
+ 6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;
+ bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;RP;c7407360-20bf-11d0-a768-00aa0
+ 06e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RP
+ RC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(A;;LCRPLO
+ RC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828CC14-1437-45bc-9
+ B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828CC14
+ -1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d
+ 4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a7
+ 68-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;5f202010-
+ 79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;
+ RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;;RP;b8119fd0-04f6-4762-
+ ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)(OA;CI
+ IO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049
+ e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a28
+ 5-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0
+ de6-11d0-a285-00aa003049e2;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;D
+ D)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)(OA;;CR;1131f6ad-9c07-11d1
+ -f79f-00c04fc2dcd2;;BA)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)(OA;;
+ CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5-32-557)(OA;;CR;280f369c-67c7-4
+ 38e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)(O
+ A;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)(OA;;CR;1131f6ae-9c07-11d1-f79
+ f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;CIIO;
+ CRRPWP;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)S:(AU;SA;WDWOWP;;;WD)(AU;SA;C
+ R;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967a
+ a5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80
+ 367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Domain-DNS,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Domain-Policy
+ldapDisplayName: domainPolicy
+governsId: 1.2.840.113556.1.5.18
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: leaf
+systemMayContain: qualityOfService, pwdProperties, pwdHistoryLength,publicKeyPolicy, proxyLifetime, minTicketAge, minPwdLength,minPwdAge, maxTicketAge, maxRenewAge, maxPwdAge, managedBy,lockoutThreshold, lockoutDuration, lockOutObservationWindow,ipsecPolicyReference, forceLogoff, eFSPolicy, domainWidePolicy,domainPolicyReference, domainCAs, defaultLocalPolicyObject,authenticationOptions
+systemPossSuperiors: organizationalUnit, domainDNS, container
+schemaIdGuid:bf967a99-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Domain-Policy,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: domainRelatedObject
+ldapDisplayName: domainRelatedObject
+governsId: 0.9.2342.19200300.100.4.17
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+mayContain: associatedDomain
+schemaIdGuid:8bfd2d3d-efda-4549-852c-f85e137aedc6
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=domainRelatedObject,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: DSA
+ldapDisplayName: dSA
+governsId: 2.5.6.13
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: applicationEntity
+systemMayContain: knowledgeInformation
+systemPossSuperiors: server, computer
+schemaIdGuid:3fdfee52-47f4-11d1-a9c3-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=DSA,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: DS-UI-Settings
+ldapDisplayName: dSUISettings
+governsId: 1.2.840.113556.1.5.183
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msDS-Non-Security-Group-Extra-Classes,msDS-Security-Group-Extra-Classes, msDS-FilterContainers,dSUIShellMaximum, dSUIAdminNotification, dSUIAdminMaximum
+systemPossSuperiors: container
+schemaIdGuid:09b10f14-6f93-11d2-9905-0000f87a57d4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=DS-UI-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Dynamic-Object
+ldapDisplayName: dynamicObject
+governsId: 1.3.6.1.4.1.1466.101.119.2
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msDS-Entry-Time-To-Die, entryTTL
+schemaIdGuid:66d51249-3355-4c1f-b24e-81f252aca23b
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Dynamic-Object,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: File-Link-Tracking
+ldapDisplayName: fileLinkTracking
+governsId: 1.2.840.113556.1.5.52
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemPossSuperiors: container
+schemaIdGuid:dd712229-10e4-11d0-a05f-00aa006c33ed
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=File-Link-Tracking,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: File-Link-Tracking-Entry
+ldapDisplayName: fileLinkTrackingEntry
+governsId: 1.2.840.113556.1.5.59
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemPossSuperiors: fileLinkTracking
+schemaIdGuid:8e4eb2ed-4712-11d0-a1a0-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=File-Link-Tracking-Entry,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Foreign-Security-Principal
+ldapDisplayName: foreignSecurityPrincipal
+governsId: 1.2.840.113556.1.5.76
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: objectSid
+systemMayContain: foreignIdentifier
+systemPossSuperiors: container
+schemaIdGuid:89e31c12-8530-11d0-afda-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Foreign-Security-Principal,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: friendlyCountry
+ldapDisplayName: friendlyCountry
+governsId: 0.9.2342.19200300.100.4.18
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: country
+mustContain: co
+schemaIdGuid:c498f152-dc6b-474a-9f52-7cdba3d7d351
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=friendlyCountry,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: FT-Dfs
+ldapDisplayName: fTDfs
+governsId: 1.2.840.113556.1.5.43
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: remoteServerName, pKTGuid, pKT
+systemMayContain: uNCName, managedBy, keywords
+systemPossSuperiors: dfsConfiguration
+schemaIdGuid:8447f9f3-1027-11d0-a05f-00aa006c33ed
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=FT-Dfs,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Group
+ldapDisplayName: group
+governsId: 1.2.840.113556.1.5.8
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+auxiliaryClass: posixGroup
+systemAuxiliaryClass: mailRecipient, securityPrincipal
+systemMustContain: groupType
+mayContain: msSFU30Name, msSFU30NisDomain, msSFU30PosixMember
+systemMayContain: msDS-AzApplicationData,msDS-AzLastImportedBizRulePath, msDS-AzBizRuleLanguage,msDS-AzBizRule, msDS-AzGenericData, msDS-AzObjectGuid,primaryGroupToken, operatorCount, nTGroupMembers, nonSecurityMember,msDS-NonMembers, msDS-AzLDAPQuery, member, managedBy,groupMembershipSAM, groupAttributes, mail, desktopProfile,controlAccessRights, adminCount
+systemPossSuperiors: msDS-AzScope, msDS-AzApplication,msDS-AzAdminManager, container, builtinDomain, organizationalUnit,domainDNS
+schemaIdGuid:bf967a9c-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Group,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Group-Of-Names
+ldapDisplayName: groupOfNames
+governsId: 2.5.6.9
+objectClassCategory: 0
+rdnAttId: cn
+subClassOf: top
+systemMustContain: member, cn
+systemMayContain: seeAlso, owner, ou, o, businessCategory
+systemPossSuperiors: organizationalUnit, locality, organization,container
+schemaIdGuid:bf967a9d-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Group-Of-Names,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: groupOfUniqueNames
+ldapDisplayName: groupOfUniqueNames
+governsId: 2.5.6.17
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: uniqueMember, cn
+mayContain: seeAlso, owner, ou, o, description, businessCategory
+possSuperiors: domainDNS, organizationalUnit, container
+schemaIdGuid:0310a911-93a3-4e21-a7a3-55d85ab2c48b
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=groupOfUniqueNames,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: 0
+
+cn: Group-Policy-Container
+ldapDisplayName: groupPolicyContainer
+governsId: 1.2.840.113556.1.5.157
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: container
+systemMayContain: versionNumber, gPCWQLFilter, gPCUserExtensionNames,gPCMachineExtensionNames, gPCFunctionalityVersion, gPCFileSysPath,flags
+schemaIdGuid:f30e3bc2-9ff0-11d1-b603-0000f80367c1
+defaultSecurityDescriptor: D:P(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;DA)(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;EA)(A;CI;RPWPCCDCLCLOLORCWOWDSDDTSW;;;CO)(A;CI;RPWPCCDCLCLORCWOWDSDDTSW;;;SY)(A;CI;RPLCLORC;;;AU)(OA;CI;CR;edacfd8f-ffb3-11d1-b41d-00a0c968f939;;AU)(A;CI;LCRPLORC;;;ED)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Group-Policy-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: IEEE802Device
+ldapDisplayName: ieee802Device
+governsId: 1.3.6.1.1.1.2.11
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+mayContain: cn, macAddress
+schemaIdGuid:a699e529-a637-4b7d-a0fb-5dc466a0b8a7
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=IEEE802Device,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Index-Server-Catalog
+ldapDisplayName: indexServerCatalog
+governsId: 1.2.840.113556.1.5.130
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: connectionPoint
+systemMustContain: creator
+systemMayContain: uNCName, queryPoint, indexedScopes, friendlyNames
+systemPossSuperiors: organizationalUnit, container
+schemaIdGuid:7bfdcb8a-4807-11d1-a9c3-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Index-Server-Catalog,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: inetOrgPerson
+ldapDisplayName: inetOrgPerson
+governsId: 2.16.840.1.113730.3.2.2
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: user
+mayContain: x500uniqueIdentifier, userSMIMECertificate, userPKCS12,userCertificate, uid, secretary, roomNumber, preferredLanguage,photo, pager, o, mobile, manager, mail, labeledURI, jpegPhoto,initials, homePostalAddress, homePhone, givenName, employeeType,employeeNumber, displayName, departmentNumber, carLicense,businessCategory, audio
+possSuperiors: domainDNS, organizationalUnit, container
+schemaIdGuid:4828cc14-1437-45bc-9b07-ad6f015e5f28
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32-561)(OA;;WPRP;5805bc62-bdc9-4428-a5e2-856a0f4c185e;;S-1-5-32-561)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,<RootDomainDN>
+showInAdvancedViewOnly: FALSE
+systemFlags: 0
+
+cn: Infrastructure-Update
+ldapDisplayName: infrastructureUpdate
+governsId: 1.2.840.113556.1.5.175
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: dNReferenceUpdate
+systemPossSuperiors: infrastructureUpdate, domain
+schemaIdGuid:2df90d89-009f-11d2-aa4c-00c04fd7d83a
+defaultSecurityDescriptor: D:(A;;GA;;;SY)
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=Infrastructure-Update,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Intellimirror-Group
+ldapDisplayName: intellimirrorGroup
+governsId: 1.2.840.113556.1.5.152
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemPossSuperiors: domainDNS, organizationalUnit, container
+schemaIdGuid:07383086-91df-11d1-aebc-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;CCDC;;;CO)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Intellimirror-Group,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Intellimirror-SCP
+ldapDisplayName: intellimirrorSCP
+governsId: 1.2.840.113556.1.5.151
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: serviceAdministrationPoint
+systemMayContain: netbootTools, netbootServer, netbootNewMachineOU,netbootNewMachineNamingPolicy, netbootMaxClients,netbootMachineFilePath, netbootLocallyInstalledOSes,netbootLimitClients, netbootIntelliMirrorOSes,netbootCurrentClientCount, netbootAnswerRequests,netbootAnswerOnlyValidClients, netbootAllowNewClients
+systemPossSuperiors: computer, intellimirrorGroup
+schemaIdGuid:07383085-91df-11d1-aebc-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Intellimirror-SCP,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Inter-Site-Transport
+ldapDisplayName: interSiteTransport
+governsId: 1.2.840.113556.1.5.141
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: transportDLLName, transportAddressAttribute
+systemMayContain: replInterval, options
+systemPossSuperiors: interSiteTransportContainer
+schemaIdGuid:26d97376-6070-11d1-a9c6-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Inter-Site-Transport,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Inter-Site-Transport-Container
+ldapDisplayName: interSiteTransportContainer
+governsId: 1.2.840.113556.1.5.140
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemPossSuperiors: sitesContainer
+schemaIdGuid:26d97375-6070-11d1-a9c6-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Inter-Site-Transport-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: IpHost
+ldapDisplayName: ipHost
+governsId: 1.3.6.1.1.1.2.6
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+mayContain: manager, cn, description, ipHostNumber, uid, l
+schemaIdGuid:ab911646-8827-4f95-8780-5a8f008eb68f
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=IpHost,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: IpNetwork
+ldapDisplayName: ipNetwork
+governsId: 1.3.6.1.1.1.2.7
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: cn, ipNetworkNumber
+mayContain: manager, description, ipNetmaskNumber, uid, l,msSFU30Name, msSFU30NisDomain, nisMapName, msSFU30Aliases
+possSuperiors: domainDNS, nisMap, container, organizationalUnit
+schemaIdGuid:d95836c3-143e-43fb-992a-b057f1ecadf9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=IpNetwork,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: IpProtocol
+ldapDisplayName: ipProtocol
+governsId: 1.3.6.1.1.1.2.4
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: cn, ipProtocolNumber
+mayContain: description, msSFU30Name, msSFU30NisDomain, nisMapName,msSFU30Aliases
+possSuperiors: domainDNS, nisMap, container, organizationalUnit
+schemaIdGuid:9c2dcbd2-fbf0-4dc7-ace0-8356dcd0f013
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=IpProtocol,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Ipsec-Base
+ldapDisplayName: ipsecBase
+governsId: 1.2.840.113556.1.5.7000.56
+objectClassCategory: 2
+rdnAttId: cn
+subClassOf: top
+systemMayContain: ipsecOwnersReference, ipsecName, ipsecID,ipsecDataType, ipsecData
+schemaIdGuid:b40ff825-427a-11d1-a9c2-0000f80367c1
+defaultSecurityDescriptor: D:
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Ipsec-Base,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-Filter
+ldapDisplayName: ipsecFilter
+governsId: 1.2.840.113556.1.5.118
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: ipsecBase
+systemPossSuperiors: organizationalUnit, computer, container
+schemaIdGuid:b40ff826-427a-11d1-a9c2-0000f80367c1
+defaultSecurityDescriptor: D:
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Ipsec-Filter,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-ISAKMP-Policy
+ldapDisplayName: ipsecISAKMPPolicy
+governsId: 1.2.840.113556.1.5.120
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: ipsecBase
+systemPossSuperiors: container, computer, organizationalUnit
+schemaIdGuid:b40ff828-427a-11d1-a9c2-0000f80367c1
+defaultSecurityDescriptor: D:
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Ipsec-ISAKMP-Policy,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-Negotiation-Policy
+ldapDisplayName: ipsecNegotiationPolicy
+governsId: 1.2.840.113556.1.5.119
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: ipsecBase
+systemMayContain: iPSECNegotiationPolicyType,iPSECNegotiationPolicyAction
+systemPossSuperiors: organizationalUnit, computer, container
+schemaIdGuid:b40ff827-427a-11d1-a9c2-0000f80367c1
+defaultSecurityDescriptor: D:
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Ipsec-Negotiation-Policy,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-NFA
+ldapDisplayName: ipsecNFA
+governsId: 1.2.840.113556.1.5.121
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: ipsecBase
+systemMayContain: ipsecNegotiationPolicyReference,ipsecFilterReference
+systemPossSuperiors: container, computer, organizationalUnit
+schemaIdGuid:b40ff829-427a-11d1-a9c2-0000f80367c1
+defaultSecurityDescriptor: D:
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Ipsec-NFA,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Ipsec-Policy
+ldapDisplayName: ipsecPolicy
+governsId: 1.2.840.113556.1.5.98
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: ipsecBase
+systemMayContain: ipsecNFAReference, ipsecISAKMPReference
+systemPossSuperiors: organizationalUnit, computer, container
+schemaIdGuid:b7b13121-b82e-11d0-afee-0000f80367c1
+defaultSecurityDescriptor: D:
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Ipsec-Policy,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: IpService
+ldapDisplayName: ipService
+governsId: 1.3.6.1.1.1.2.3
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: ipServiceProtocol, ipServicePort, cn
+mayContain: description, msSFU30Name, msSFU30NisDomain,msSFU30Aliases, nisMapName
+possSuperiors: domainDNS, nisMap, container, organizationalUnit
+schemaIdGuid:2517fadf-fa97-48ad-9de6-79ac5721f864
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=IpService,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Leaf
+ldapDisplayName: leaf
+governsId: 1.2.840.113556.1.5.20
+objectClassCategory: 2
+rdnAttId: cn
+subClassOf: top
+schemaIdGuid:bf967a9e-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Leaf,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Licensing-Site-Settings
+ldapDisplayName: licensingSiteSettings
+governsId: 1.2.840.113556.1.5.78
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: applicationSiteSettings
+systemMayContain: siteServer
+systemPossSuperiors: site
+schemaIdGuid:1be8f17d-a9ff-11d0-afe2-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Licensing-Site-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Link-Track-Object-Move-Table
+ldapDisplayName: linkTrackObjectMoveTable
+governsId: 1.2.840.113556.1.5.91
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: fileLinkTracking
+systemPossSuperiors: fileLinkTracking
+schemaIdGuid:ddac0cf5-af8f-11d0-afeb-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Link-Track-Object-Move-Table,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Link-Track-OMT-Entry
+ldapDisplayName: linkTrackOMTEntry
+governsId: 1.2.840.113556.1.5.93
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: leaf
+systemMayContain: timeRefresh, oMTIndxGuid, oMTGuid, currentLocation,birthLocation
+systemPossSuperiors: linkTrackObjectMoveTable
+schemaIdGuid:ddac0cf7-af8f-11d0-afeb-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Link-Track-OMT-Entry,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Link-Track-Vol-Entry
+ldapDisplayName: linkTrackVolEntry
+governsId: 1.2.840.113556.1.5.92
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: leaf
+systemMayContain: volTableIdxGUID, volTableGUID, timeVolChange,timeRefresh, seqNotification, objectCount, linkTrackSecret,currMachineId
+systemPossSuperiors: linkTrackVolumeTable
+schemaIdGuid:ddac0cf6-af8f-11d0-afeb-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Link-Track-Vol-Entry,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Link-Track-Volume-Table
+ldapDisplayName: linkTrackVolumeTable
+governsId: 1.2.840.113556.1.5.90
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: fileLinkTracking
+systemPossSuperiors: fileLinkTracking
+schemaIdGuid:ddac0cf4-af8f-11d0-afeb-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Link-Track-Volume-Table,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Locality
+ldapDisplayName: locality
+governsId: 2.5.6.3
+objectClassCategory: 1
+rdnAttId: l
+subClassOf: top
+systemMustContain: l
+systemMayContain: street, st, seeAlso, searchGuide
+systemPossSuperiors: domainDNS, country, organizationalUnit,organization, locality
+schemaIdGuid:bf967aa0-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Locality,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Lost-And-Found
+ldapDisplayName: lostAndFound
+governsId: 1.2.840.113556.1.5.139
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: moveTreeState
+systemPossSuperiors: configuration, domainDNS, dMD
+schemaIdGuid:52ab8671-5709-11d1-a9c6-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Lost-And-Found,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Mail-Recipient
+ldapDisplayName: mailRecipient
+governsId: 1.2.840.113556.1.3.46
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+mayContain: msDS-PhoneticDisplayName, userSMIMECertificate,secretary, msExchLabeledURI, msExchAssistantName, labeledURI
+systemMayContain: userCertificate, userCert, textEncodedORAddress,telephoneNumber, showInAddressBook, legacyExchangeDN,garbageCollPeriod, info
+systemPossSuperiors: container
+schemaIdGuid:bf967aa1-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Mail-Recipient,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Meeting
+ldapDisplayName: meeting
+governsId: 1.2.840.113556.1.5.104
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: meetingName
+systemMayContain: meetingURL, meetingType, meetingStartTime,meetingScope, meetingRecurrence, meetingRating, meetingProtocol,meetingOwner, meetingOriginator, meetingMaxParticipants,meetingLocation, meetingLanguage, meetingKeyword,meetingIsEncrypted, meetingIP, meetingID, meetingEndTime,meetingDescription, meetingContactInfo, meetingBlob,meetingBandwidth, meetingApplication, meetingAdvertiseScope
+systemPossSuperiors: container
+schemaIdGuid:11b6cc94-48c4-11d1-a9c3-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Meeting,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-COM-Partition
+ldapDisplayName: msCOM-Partition
+governsId: 1.2.840.113556.1.5.193
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msCOM-ObjectId
+systemPossSuperiors: domainDNS, organizationalUnit, container
+schemaIdGuid:c9010e74-4e58-49f7-8a89-5e3e2340fcf8
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-COM-Partition,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-COM-PartitionSet
+ldapDisplayName: msCOM-PartitionSet
+governsId: 1.2.840.113556.1.5.194
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msCOM-PartitionLink, msCOM-DefaultPartitionLink,msCOM-ObjectId
+systemPossSuperiors: domainDNS, organizationalUnit, container
+schemaIdGuid:250464ab-c417-497a-975a-9e0d459a7ca1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-COM-PartitionSet,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DFS-Deleted-Link-v2
+ldapDisplayName: msDFS-DeletedLinkv2
+governsId: 1.2.840.113556.1.5.260
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msDFS-NamespaceIdentityGUIDv2,msDFS-LinkIdentityGUIDv2, msDFS-LastModifiedv2, msDFS-LinkPathv2
+systemMayContain: msDFS-Commentv2, msDFS-ShortNameLinkPathv2
+systemPossSuperiors: msDFS-Namespacev2
+schemaIdGuid: 25173408-04ca-40e8-865e-3f9ce9bf1bd3
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFS-Deleted-Link-v2, CN=Schema,CN=Configuration, <RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DFS-Link-v2
+ldapDisplayName: msDFS-Linkv2
+governsId: 1.2.840.113556.1.5.259
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msDFS-GenerationGUIDv2,msDFS-NamespaceIdentityGUIDv2, msDFS-LinkIdentityGUIDv2,msDFS-LastModifiedv2, msDFS-Ttlv2, msDFS-TargetListv2,msDFS-Propertiesv2, msDFS-LinkPathv2
+systemMayContain: msDFS-Commentv2, msDFS-LinkSecurityDescriptorv2,msDFS-ShortNameLinkPathv2
+systemPossSuperiors: msDFS-Namespacev2
+schemaIdGuid: 7769fb7a-1159-4e96-9ccd-68bc487073eb
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFS-Link-v2, CN=Schema,CN=Configuration, <RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DFS-Namespace-Anchor
+ldapDisplayName: msDFS-NamespaceAnchor
+governsId: 1.2.840.113556.1.5.257
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msDFS-SchemaMajorVersion
+systemPossSuperiors: dfsConfiguration
+schemaIdGuid: da73a085-6e64-4d61-b064-015d04164795
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFS-Namespace-Anchor, CN=Schema,CN=Configuration, <RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DFS-Namespace-v2
+ldapDisplayName: msDFS-Namespacev2
+governsId: 1.2.840.113556.1.5.258
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msDFS-SchemaMajorVersion,msDFS-SchemaMinorVersion, msDFS-GenerationGUIDv2,msDFS-NamespaceIdentityGUIDv2, msDFS-LastModifiedv2, msDFS-Ttlv2,msDFS-TargetListv2, msDFS-Propertiesv2
+systemMayContain: msDFS-Commentv2
+systemPossSuperiors: msDFS-NamespaceAnchor
+schemaIdGuid: 21cb8628-f3c3-4bbf-bff6-060b2d8f299a
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFS-Namespace-v2, CN=Schema,CN=Configuration, <RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DFSR-Connection
+ldapDisplayName: msDFSR-Connection
+governsId: 1.2.840.113556.1.6.13.4.10
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: fromServer
+mayContain: msDFSR-Options2, msDFSR-DisablePacketPrivacy,msDFSR-Priority, msDFSR-Enabled, msDFSR-RdcEnabled,msDFSR-RdcMinFileSizeInKb, msDFSR-Keywords, msDFSR-Schedule,msDFSR-Flags, msDFSR-Options, msDFSR-Extension
+possSuperiors: msDFSR-Member
+schemaIdGuid:e58f972e-64b5-46ef-8d8b-bbc3e1897eab
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-Connection,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DFSR-Content
+ldapDisplayName: msDFSR-Content
+governsId: 1.2.840.113556.1.6.13.4.6
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msDFSR-Options2, msDFSR-Flags, msDFSR-Options,msDFSR-Extension
+possSuperiors: msDFSR-ReplicationGroup
+schemaIdGuid:64759b35-d3a1-42e4-b5f1-a3de162109b3
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-Content,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DFSR-ContentSet
+ldapDisplayName: msDFSR-ContentSet
+governsId: 1.2.840.113556.1.6.13.4.7
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msDFSR-Options2, msDFSR-OnDemandExclusionDirectoryFilter,msDFSR-OnDemandExclusionFileFilter,msDFSR-DefaultCompressionExclusionFilter, msDFSR-DeletedSizeInMb,msDFSR-Priority, msDFSR-ConflictSizeInMb, msDFSR-StagingSizeInMb,msDFSR-RootSizeInMb, description, msDFSR-DfsPath, msDFSR-FileFilter,msDFSR-DirectoryFilter, msDFSR-Flags, msDFSR-Options,msDFSR-Extension
+possSuperiors: msDFSR-Content
+schemaIdGuid:4937f40d-a6dc-4d48-97ca-06e5fbfd3f16
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-ContentSet,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DFSR-GlobalSettings
+ldapDisplayName: msDFSR-GlobalSettings
+governsId: 1.2.840.113556.1.6.13.4.4
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msDFSR-Options2, msDFSR-Flags, msDFSR-Options,msDFSR-Extension
+possSuperiors: container
+schemaIdGuid:7b35dbad-b3ec-486a-aad4-2fec9d6ea6f6
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-GlobalSettings,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DFSR-LocalSettings
+ldapDisplayName: msDFSR-LocalSettings
+governsId: 1.2.840.113556.1.6.13.4.1
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msDFSR-StagingCleanupTriggerInPercent,msDFSR-CommonStagingSizeInMb, msDFSR-CommonStagingPath,msDFSR-Options2, msDFSR-Version, msDFSR-Flags, msDFSR-Options,msDFSR-Extension
+possSuperiors: computer
+schemaIdGuid:fa85c591-197f-477e-83bd-ea5a43df2239
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-LocalSettings,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DFSR-Member
+ldapDisplayName: msDFSR-Member
+governsId: 1.2.840.113556.1.6.13.4.9
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: msDFSR-ComputerReference
+mayContain: msDFSR-Options2, serverReference, msDFSR-Keywords,msDFSR-Flags, msDFSR-Options, msDFSR-Extension
+possSuperiors: msDFSR-Topology
+schemaIdGuid:4229c897-c211-437c-a5ae-dbf705b696e5
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-Member,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DFSR-ReplicationGroup
+ldapDisplayName: msDFSR-ReplicationGroup
+governsId: 1.2.840.113556.1.6.13.4.5
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: msDFSR-ReplicationGroupType
+mayContain: msDFSR-Options2, msDFSR-OnDemandExclusionDirectoryFilter,msDFSR-OnDemandExclusionFileFilter,msDFSR-DefaultCompressionExclusionFilter, msDFSR-DeletedSizeInMb,msDFSR-DirectoryFilter, msDFSR-FileFilter, msDFSR-ConflictSizeInMb,msDFSR-StagingSizeInMb, msDFSR-RootSizeInMb, description,msDFSR-TombstoneExpiryInMin, msDFSR-Flags, msDFSR-Options,msDFSR-Extension, msDFSR-Schedule, msDFSR-Version
+possSuperiors: msDFSR-GlobalSettings
+schemaIdGuid:1c332fe0-0c2a-4f32-afca-23c5e45a9e77
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-ReplicationGroup,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DFSR-Subscriber
+ldapDisplayName: msDFSR-Subscriber
+governsId: 1.2.840.113556.1.6.13.4.2
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: msDFSR-MemberReference, msDFSR-ReplicationGroupGuid
+mayContain: msDFSR-Options2, msDFSR-Flags, msDFSR-Options,msDFSR-Extension
+possSuperiors: msDFSR-LocalSettings
+schemaIdGuid:e11505d7-92c4-43e7-bf5c-295832ffc896
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-Subscriber,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DFSR-Subscription
+ldapDisplayName: msDFSR-Subscription
+governsId: 1.2.840.113556.1.6.13.4.3
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: msDFSR-ContentSetGuid, msDFSR-ReplicationGroupGuid
+mayContain: msDFSR-StagingCleanupTriggerInPercent, msDFSR-Options2,msDFSR-OnDemandExclusionDirectoryFilter,msDFSR-OnDemandExclusionFileFilter, msDFSR-MaxAgeInCacheInMin,msDFSR-MinDurationCacheInMin, msDFSR-CachePolicy, msDFSR-ReadOnly,msDFSR-DeletedSizeInMb, msDFSR-DeletedPath, msDFSR-RootPath,msDFSR-RootSizeInMb, msDFSR-StagingPath, msDFSR-StagingSizeInMb,msDFSR-ConflictPath, msDFSR-ConflictSizeInMb, msDFSR-Enabled,msDFSR-RootFence, msDFSR-DfsLinkTarget, msDFSR-Flags,msDFSR-Options, msDFSR-Extension
+possSuperiors: msDFSR-Subscriber
+schemaIdGuid:67212414-7bcc-4609-87e0-088dad8abdee
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-Subscription,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DFSR-Topology
+ldapDisplayName: msDFSR-Topology
+governsId: 1.2.840.113556.1.6.13.4.8
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msDFSR-Options2, msDFSR-Flags, msDFSR-Options,msDFSR-Extension
+possSuperiors: msDFSR-ReplicationGroup
+schemaIdGuid:04828aa9-6e42-4e80-b962-e2fe00754d17
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DFSR-Topology,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: ms-DS-App-Configuration
+ldapDisplayName: msDS-App-Configuration
+governsId: 1.2.840.113556.1.5.220
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: applicationSettings
+mayContain: owner, msDS-ObjectReference, msDS-Integer, msDS-DateTime,msDS-ByteArray, managedBy, keywords
+possSuperiors: organizationalUnit, computer, container
+schemaIdGuid:90df3c3e-1854-4455-a5d7-cad40d56657a
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-App-Configuration,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: 0
+
+cn: ms-DS-App-Data
+ldapDisplayName: msDS-AppData
+governsId: 1.2.840.113556.1.5.241
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: applicationSettings
+mayContain: owner, msDS-ObjectReference, msDS-Integer, msDS-DateTime,msDS-ByteArray, managedBy, keywords
+possSuperiors: organizationalUnit, computer, container
+schemaIdGuid:9e67d761-e327-4d55-bc95-682f875e2f8e
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-App-Data,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: 0
+
+cn: ms-DS-Az-Admin-Manager
+ldapDisplayName: msDS-AzAdminManager
+governsId: 1.2.840.113556.1.5.234
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msDS-AzGenericData, msDS-AzObjectGuid,msDS-AzMinorVersion, msDS-AzMajorVersion, msDS-AzApplicationData,msDS-AzGenerateAudits, msDS-AzScriptTimeout,msDS-AzScriptEngineCacheMax, msDS-AzDomainTimeout, description
+systemPossSuperiors: domainDNS, organizationalUnit, container
+schemaIdGuid:cfee1051-5f28-4bae-a863-5d0cc18a8ed1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Az-Admin-Manager,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Application
+ldapDisplayName: msDS-AzApplication
+governsId: 1.2.840.113556.1.5.235
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msDS-AzGenericData, msDS-AzObjectGuid,msDS-AzApplicationData, msDS-AzGenerateAudits,msDS-AzApplicationVersion, msDS-AzClassId, msDS-AzApplicationName,description
+systemPossSuperiors: msDS-AzAdminManager
+schemaIdGuid:ddf8de9b-cba5-4e12-842e-28d8b66f75ec
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Az-Application,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Operation
+ldapDisplayName: msDS-AzOperation
+governsId: 1.2.840.113556.1.5.236
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msDS-AzOperationID
+systemMayContain: msDS-AzGenericData, msDS-AzObjectGuid,msDS-AzApplicationData, description
+systemPossSuperiors: container, msDS-AzApplication
+schemaIdGuid:860abe37-9a9b-4fa4-b3d2-b8ace5df9ec5
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Az-Operation,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Role
+ldapDisplayName: msDS-AzRole
+governsId: 1.2.840.113556.1.5.239
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msDS-AzGenericData, msDS-AzObjectGuid,msDS-AzApplicationData, msDS-TasksForAzRole,msDS-OperationsForAzRole, msDS-MembersForAzRole, description
+systemPossSuperiors: container, msDS-AzScope, msDS-AzApplication
+schemaIdGuid:8213eac9-9d55-44dc-925c-e9a52b927644
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Az-Role,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Scope
+ldapDisplayName: msDS-AzScope
+governsId: 1.2.840.113556.1.5.237
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msDS-AzScopeName
+systemMayContain: msDS-AzGenericData, msDS-AzObjectGuid,msDS-AzApplicationData, description
+systemPossSuperiors: msDS-AzApplication
+schemaIdGuid:4feae054-ce55-47bb-860e-5b12063a51de
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Az-Scope,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Az-Task
+ldapDisplayName: msDS-AzTask
+governsId: 1.2.840.113556.1.5.238
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msDS-AzGenericData, msDS-AzObjectGuid,msDS-TasksForAzTask, msDS-OperationsForAzTask,msDS-AzApplicationData, msDS-AzTaskIsRoleDefinition,msDS-AzLastImportedBizRulePath, msDS-AzBizRuleLanguage,msDS-AzBizRule, description
+systemPossSuperiors: container, msDS-AzScope, msDS-AzApplication
+schemaIdGuid:1ed3a473-9b1b-418a-bfa0-3a37b95a5306
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Az-Task,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Managed-Service-Account
+ldapDisplayName: msDS-ManagedServiceAccount
+governsId: 1.2.840.113556.1.5.264
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: computer
+systemPossSuperiors: domainDNS,organizationalUnit,container
+schemaIdGuid: ce206244-5827-4a86-ba1c-1c0c386c1b64
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCRLCLORCSDDT;;;CO)(OA;;WP;4c164200-20c0-11d0-a768-00aa006e0529;;CO)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;CO)(OA;;WP;3e0abfd0-126a-11d0-a060-00aa006c33ed;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967950-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;WP;bf967953-0de6-11d0-a285-00aa003049e2;bf967a86-0de6-11d0-a285-00aa003049e2;CO)(OA;;SW;f3a64788-5306-11d1-a9c5-0000f80367c1;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;SW;72e39547-7b18-11d1-adef-00c04fd8d5cd;;PS)(A;;RPLCLORC;;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;;ED)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Managed-Service-Account,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Optional-Feature
+ldapDisplayName: msDS-OptionalFeature
+governsId: 1.2.840.113556.1.5.265
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msDS-OptionalFeatureFlags,msDS-OptionalFeatureGUID
+systemMayContain: msDS-RequiredDomainBehaviorVersion,msDS-RequiredForestBehaviorVersion
+systemPossSuperiors: container
+schemaIdGuid: 44f00041-35af-468b-b20a-6ce8737c580b
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=ms-DS-Optional-Feature,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Password-Settings
+ldapDisplayName: msDS-PasswordSettings
+governsId: 1.2.840.113556.1.5.255
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msDS-MaximumPasswordAge, msDS-MinimumPasswordAge,msDS-MinimumPasswordLength, msDS-PasswordComplexityEnabled,msDS-LockoutObservationWindow, msDS-LockoutDuration,msDS-LockoutThreshold, msDS-PasswordReversibleEncryptionEnabled,msDS-PasswordSettingsPrecedence, msDS-PasswordHistoryLength
+systemMayContain: msDS-PSOAppliesTo
+systemPossSuperiors: msDS-PasswordSettingsContainer
+schemaIdGuid: 3bcd9db8-f84b-451c-952f-6c52b81f9ec6
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Password-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Password-Settings-Container
+ldapDisplayName: msDS-PasswordSettingsContainer
+governsId: 1.2.840.113556.1.5.256
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemPossSuperiors: container
+schemaIdGuid: 5b06b06a-4cf3-44c0-bd16-43bc10a987da
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Password-Settings-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Quota-Container
+ldapDisplayName: msDS-QuotaContainer
+governsId: 1.2.840.113556.1.5.242
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+systemMayContain: msDS-TopQuotaUsage, msDS-QuotaUsed,msDS-QuotaEffective, msDS-TombstoneQuotaFactor, msDS-DefaultQuota
+systemPossSuperiors: configuration, domainDNS
+schemaIdGuid:da83fc4f-076f-4aea-b4dc-8f4dab9b5993
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;BA)(OA;;CR;4ecc03fe-ffc0-4947-b630-eb672a8a9dbc;;WD)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Quota-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-DS-Quota-Control
+ldapDisplayName: msDS-QuotaControl
+governsId: 1.2.840.113556.1.5.243
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msDS-QuotaAmount, msDS-QuotaTrustee, cn
+systemPossSuperiors: msDS-QuotaContainer
+schemaIdGuid:de91fc26-bd02-4b52-ae26-795999e96fc7
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPLCLORC;;;BA)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-DS-Quota-Control,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-Exch-Configuration-Container
+ldapDisplayName: msExchConfigurationContainer
+governsId: 1.2.840.113556.1.5.176
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: container
+systemMayContain: templateRoots, addressBookRoots, globalAddressList,templateRoots2, addressBookRoots2, globalAddressList2
+schemaIdGuid:d03d6858-06f4-11d2-aa53-00c04fd7d83a
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-Exch-Configuration-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-FVE-RecoveryInformation
+ldapDisplayName: msFVE-RecoveryInformation
+governsId: 1.2.840.113556.1.5.253
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msFVE-RecoveryPassword, msFVE-RecoveryGuid
+mayContain: msFVE-KeyPackage, msFVE-VolumeGuid
+systemPossSuperiors: computer
+schemaIdGuid:ea715d30-8f53-40d0-bd1e-6109186d782c
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-FVE-RecoveryInformation,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-ieee-80211-Policy
+ldapDisplayName: msieee80211-Policy
+governsId: 1.2.840.113556.1.5.240
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msieee80211-ID, msieee80211-DataType,msieee80211-Data
+systemPossSuperiors: organizationalUnit, container, computer
+schemaIdGuid:7b9a2d92-b7eb-4382-9772-c3e0f9baaf94
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-ieee-80211-Policy,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-Imaging-PostScanProcess
+ldapDisplayName: msImaging-PostScanProcess
+governsId: 1.2.840.113556.1.5.263
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msImaging-PSPString, serverName
+systemMustContain: displayName, msImaging-PSPIdentifier
+systemPossSuperiors: msImaging-PSPs
+schemaIdGuid: 1f7c257c-b8a3-4525-82f8-11ccc7bee36e
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-Imaging-PostScanProcess,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-Imaging-PSPs
+ldapDisplayName: msImaging-PSPs
+governsId: 1.2.840.113556.1.5.262
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: container
+systemPossSuperiors: container
+schemaIdGuid: a0ed2ac1-970c-4777-848e-ec63a0ec44fc
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-Imaging-PSPs,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+
+cn: MSMQ-Configuration
+ldapDisplayName: mSMQConfiguration
+governsId: 1.2.840.113556.1.5.162
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mSMQSites, mSMQSignKey, mSMQServiceType,mSMQRoutingServices, mSMQQuota, mSMQOwnerID, mSMQOutRoutingServers,mSMQOSType, mSMQJournalQuota, mSMQInRoutingServers, mSMQForeign,mSMQEncryptKey, mSMQDsServices, mSMQDependentClientServices,mSMQComputerTypeEx, mSMQComputerType
+systemPossSuperiors: computer
+schemaIdGuid:9a0dc344-c100-11d1-bbc5-0080c76670c0
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Configuration,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Custom-Recipient
+ldapDisplayName: msMQ-Custom-Recipient
+governsId: 1.2.840.113556.1.5.218
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msMQ-Recipient-FormatName
+systemPossSuperiors: organizationalUnit, domainDNS, container
+schemaIdGuid:876d6817-35cc-436c-acea-5ef7174dd9be
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Custom-Recipient,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Enterprise-Settings
+ldapDisplayName: mSMQEnterpriseSettings
+governsId: 1.2.840.113556.1.5.163
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mSMQVersion, mSMQNameStyle, mSMQLongLived,mSMQInterval2, mSMQInterval1, mSMQCSPName
+systemPossSuperiors: container
+schemaIdGuid:9a0dc345-c100-11d1-bbc5-0080c76670c0
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Enterprise-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Group
+ldapDisplayName: msMQ-Group
+governsId: 1.2.840.113556.1.5.219
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: member
+systemPossSuperiors: organizationalUnit
+schemaIdGuid:46b27aac-aafa-4ffb-b773-e5bf621ee87b
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Group,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Migrated-User
+ldapDisplayName: mSMQMigratedUser
+governsId: 1.2.840.113556.1.5.179
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mSMQUserSid, mSMQSignCertificatesMig,mSMQSignCertificates, mSMQDigestsMig, mSMQDigests, objectSid
+systemPossSuperiors: organizationalUnit, domainDNS, builtinDomain
+schemaIdGuid:50776997-3c3d-11d2-90cc-00c04fd91ab1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Migrated-User,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Queue
+ldapDisplayName: mSMQQueue
+governsId: 1.2.840.113556.1.5.161
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mSMQTransactional, MSMQ-SecuredSource,mSMQQueueType, mSMQQueueQuota, mSMQQueueNameExt,mSMQQueueJournalQuota, mSMQPrivacyLevel, mSMQOwnerID,MSMQ-MulticastAddress, mSMQLabelEx, mSMQLabel, mSMQJournal,mSMQBasePriority, mSMQAuthenticate
+systemPossSuperiors: mSMQConfiguration
+schemaIdGuid:9a0dc343-c100-11d1-bbc5-0080c76670c0
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Queue,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Settings
+ldapDisplayName: mSMQSettings
+governsId: 1.2.840.113556.1.5.165
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mSMQSiteNameEx, mSMQSiteName, mSMQServices,mSMQRoutingService, mSMQQMID, mSMQOwnerID, mSMQNt4Flags,mSMQMigrated, mSMQDsService, mSMQDependentClientService
+systemPossSuperiors: server
+schemaIdGuid:9a0dc347-c100-11d1-bbc5-0080c76670c0
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MSMQ-Site-Link
+ldapDisplayName: mSMQSiteLink
+governsId: 1.2.840.113556.1.5.164
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: mSMQSite2, mSMQSite1, mSMQCost
+systemMayContain: mSMQSiteGatesMig, mSMQSiteGates
+systemPossSuperiors: mSMQEnterpriseSettings
+schemaIdGuid:9a0dc346-c100-11d1-bbc5-0080c76670c0
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=MSMQ-Site-Link,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-net-ieee-80211-GroupPolicy
+lDAPDisplayName: ms-net-ieee-80211-GroupPolicy
+governsID: 1.2.840.113556.1.5.251
+objectClassCategory: 1
+rDNAttID: cn
+subClassOf: top
+systemMayContain: ms-net-ieee-80211-GP-PolicyReserved,ms-net-ieee-80211-GP-PolicyData, ms-net-ieee-80211-GP-PolicyGUID
+systemPossSuperiors: computer, container, person
+schemaIDGUID: 1cb81863-b822-4379-9ea2-5ff7bdc6386d
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-net-ieee-80211-GroupPolicy,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-net-ieee-8023-GroupPolicy
+lDAPDisplayName: ms-net-ieee-8023-GroupPolicy
+governsID: 1.2.840.113556.1.5.252
+objectClassCategory: 1
+rDNAttID: cn
+subClassOf: top
+systemMayContain: ms-net-ieee-8023-GP-PolicyReserved,ms-net-ieee-8023-GP-PolicyData, ms-net-ieee-8023-GP-PolicyGUID
+systemPossSuperiors: computer, container, person
+schemaIDGUID: 99a03a6a-ab19-4446-9350-0cb878ed2d9b
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-net-ieee-8023-GroupPolicy,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Enterprise-Oid
+ldapDisplayName: msPKI-Enterprise-Oid
+governsId: 1.2.840.113556.1.5.196
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msDS-OIDToGroupLink, msPKI-OID-User-Notice,msPKI-OIDLocalizedName, msPKI-OID-CPS, msPKI-OID-Attribute,msPKI-Cert-Template-OID
+systemPossSuperiors: msPKI-Enterprise-Oid, container
+schemaIdGuid:37cfd85c-6719-4ad8-8f9e-8678ba627563
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-PKI-Enterprise-Oid,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Key-Recovery-Agent
+ldapDisplayName: msPKI-Key-Recovery-Agent
+governsId: 1.2.840.113556.1.5.195
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: user
+systemPossSuperiors: container
+schemaIdGuid:26ccf238-a08e-4b86-9a82-a8c9ac7ee5cb
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-PKI-Key-Recovery-Agent,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-PKI-Private-Key-Recovery-Agent
+ldapDisplayName: msPKI-PrivateKeyRecoveryAgent
+governsId: 1.2.840.113556.1.5.223
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: userCertificate
+systemPossSuperiors: container
+schemaIdGuid:1562a632-44b9-4a7e-a2d3-e426c96a3acc
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-PKI-Private-Key-Recovery-Agent,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-Print-ConnectionPolicy
+ldapDisplayName: msPrint-ConnectionPolicy
+governsId: 1.2.840.113556.1.6.23.2
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: cn
+mayContain: printerName, printAttributes, serverName, uNCName
+possSuperiors: container
+schemaIdGuid:a16f33c7-7fd6-4828-9364-435138fda08d
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-Print-ConnectionPolicy,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: msSFU-30-Domain-Info
+ldapDisplayName: msSFU30DomainInfo
+governsId: 1.2.840.113556.1.6.18.2.215
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msSFU30Domains, msSFU30YpServers, msSFU30SearchContainer,msSFU30IsValidContainer, msSFU30MasterServerName,msSFU30OrderNumber, msSFU30MaxGidNumber, msSFU30MaxUidNumber,msSFU30CryptMethod
+possSuperiors: container
+schemaIdGuid:36297dce-656b-4423-ab65-dabb2770819e
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=msSFU-30-Domain-Info,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: msSFU-30-Mail-Aliases
+ldapDisplayName: msSFU30MailAliases
+governsId: 1.2.840.113556.1.6.18.2.211
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msSFU30Name, msSFU30NisDomain, msSFU30Aliases, nisMapName
+possSuperiors: domainDNS, nisMap, container
+schemaIdGuid:d6710785-86ff-44b7-85b5-f1f8689522ce
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=msSFU-30-Mail-Aliases,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: msSFU-30-Net-Id
+ldapDisplayName: msSFU30NetId
+governsId: 1.2.840.113556.1.6.18.2.212
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msSFU30KeyValues, msSFU30Name, msSFU30NisDomain,nisMapName
+possSuperiors: domainDNS, nisMap, container
+schemaIdGuid:e263192c-2a02-48df-9792-94f2328781a0
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=msSFU-30-Net-Id,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: msSFU-30-Network-User
+ldapDisplayName: msSFU30NetworkUser
+governsId: 1.2.840.113556.1.6.18.2.216
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msSFU30KeyValues, msSFU30Name, msSFU30NisDomain,nisMapName
+possSuperiors: domainDNS, nisMap, container
+schemaIdGuid:e15334a3-0bf0-4427-b672-11f5d84acc92
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=msSFU-30-Network-User,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: msSFU-30-NIS-Map-Config
+ldapDisplayName: msSFU30NISMapConfig
+governsId: 1.2.840.113556.1.6.18.2.217
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mayContain: msSFU30KeyAttributes, msSFU30FieldSeparator,msSFU30NSMAPFieldPosition, msSFU30IntraFieldSeparator,msSFU30SearchAttributes, msSFU30ResultAttributes, msSFU30MapFilter
+possSuperiors: container
+schemaIdGuid:faf733d0-f8eb-4dcf-8d75-f1753af6a50b
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=msSFU-30-NIS-Map-Config,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: MS-SQL-OLAPCube
+ldapDisplayName: mS-SQL-OLAPCube
+governsId: 1.2.840.113556.1.5.190
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mS-SQL-Keywords, mS-SQL-PublicationURL,mS-SQL-InformationURL, mS-SQL-Status, mS-SQL-LastUpdatedDate,mS-SQL-Size, mS-SQL-Description, mS-SQL-Contact, mS-SQL-Name
+systemPossSuperiors: mS-SQL-OLAPDatabase
+schemaIdGuid:09f0506a-cd28-11d2-9993-0000f87a57d4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MS-SQL-OLAPCube,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-OLAPDatabase
+ldapDisplayName: mS-SQL-OLAPDatabase
+governsId: 1.2.840.113556.1.5.189
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mS-SQL-Keywords, mS-SQL-PublicationURL,mS-SQL-ConnectionURL, mS-SQL-InformationURL, mS-SQL-Status,mS-SQL-Applications, mS-SQL-LastBackupDate, mS-SQL-LastUpdatedDate,mS-SQL-Size, mS-SQL-Type, mS-SQL-Description, mS-SQL-Contact,mS-SQL-Name
+systemPossSuperiors: mS-SQL-OLAPServer
+schemaIdGuid:20af031a-ccef-11d2-9993-0000f87a57d4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MS-SQL-OLAPDatabase,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-OLAPServer
+ldapDisplayName: mS-SQL-OLAPServer
+governsId: 1.2.840.113556.1.5.185
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: serviceConnectionPoint
+systemMayContain: mS-SQL-Keywords, mS-SQL-PublicationURL,mS-SQL-InformationURL, mS-SQL-Status, mS-SQL-Language,mS-SQL-ServiceAccount, mS-SQL-Contact, mS-SQL-RegisteredOwner,mS-SQL-Build, mS-SQL-Version, mS-SQL-Name
+systemPossSuperiors: serviceConnectionPoint
+schemaIdGuid:0c7e18ea-ccef-11d2-9993-0000f87a57d4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MS-SQL-OLAPServer,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-SQLDatabase
+ldapDisplayName: mS-SQL-SQLDatabase
+governsId: 1.2.840.113556.1.5.188
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mS-SQL-Keywords, mS-SQL-InformationURL,mS-SQL-Status, mS-SQL-Applications, mS-SQL-LastDiagnosticDate,mS-SQL-LastBackupDate, mS-SQL-CreationDate, mS-SQL-Size,mS-SQL-Contact, mS-SQL-Alias, mS-SQL-Description, mS-SQL-Name
+systemPossSuperiors: mS-SQL-SQLServer
+schemaIdGuid:1d08694a-ccef-11d2-9993-0000f87a57d4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MS-SQL-SQLDatabase,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-SQLPublication
+ldapDisplayName: mS-SQL-SQLPublication
+governsId: 1.2.840.113556.1.5.187
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mS-SQL-ThirdParty,mS-SQL-AllowSnapshotFilesFTPDownloading,mS-SQL-AllowQueuedUpdatingSubscription,mS-SQL-AllowImmediateUpdatingSubscription,mS-SQL-AllowKnownPullSubscription, mS-SQL-Publisher,mS-SQL-AllowAnonymousSubscription, mS-SQL-Database, mS-SQL-Type,mS-SQL-Status, mS-SQL-Description, mS-SQL-Name
+systemPossSuperiors: mS-SQL-SQLServer
+schemaIdGuid:17c2f64e-ccef-11d2-9993-0000f87a57d4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MS-SQL-SQLPublication,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-SQLRepository
+ldapDisplayName: mS-SQL-SQLRepository
+governsId: 1.2.840.113556.1.5.186
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: mS-SQL-InformationDirectory, mS-SQL-Version,mS-SQL-Description, mS-SQL-Status, mS-SQL-Build, mS-SQL-Contact,mS-SQL-Name
+systemPossSuperiors: mS-SQL-SQLServer
+schemaIdGuid:11d43c5c-ccef-11d2-9993-0000f87a57d4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MS-SQL-SQLRepository,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: MS-SQL-SQLServer
+ldapDisplayName: mS-SQL-SQLServer
+governsId: 1.2.840.113556.1.5.184
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: serviceConnectionPoint
+systemMayContain: mS-SQL-Keywords, mS-SQL-GPSHeight,mS-SQL-GPSLongitude, mS-SQL-GPSLatitude, mS-SQL-InformationURL,mS-SQL-LastUpdatedDate, mS-SQL-Status, mS-SQL-Vines,mS-SQL-AppleTalk, mS-SQL-TCPIP, mS-SQL-SPX, mS-SQL-MultiProtocol,mS-SQL-NamedPipe, mS-SQL-Clustered, mS-SQL-UnicodeSortOrder,mS-SQL-SortOrder, mS-SQL-CharacterSet, mS-SQL-ServiceAccount,mS-SQL-Build, mS-SQL-Memory, mS-SQL-Location, mS-SQL-Contact,mS-SQL-RegisteredOwner, mS-SQL-Name
+systemPossSuperiors: serviceConnectionPoint
+schemaIdGuid:05f6c878-ccef-11d2-9993-0000f87a57d4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=MS-SQL-SQLServer,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TAPI-Rt-Conference
+ldapDisplayName: msTAPI-RtConference
+governsId: 1.2.840.113556.1.5.221
+objectClassCategory: 1
+rdnAttId: msTAPI-uid
+subClassOf: top
+systemMustContain: msTAPI-uid
+systemMayContain: msTAPI-ConferenceBlob, msTAPI-ProtocolId
+systemPossSuperiors: organizationalUnit
+schemaIdGuid:ca7b9735-4b2a-4e49-89c3-99025334dc94
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-TAPI-Rt-Conference,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-TAPI-Rt-Person
+ldapDisplayName: msTAPI-RtPerson
+governsId: 1.2.840.113556.1.5.222
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msTAPI-uid, msTAPI-IpAddress
+systemPossSuperiors: organization, organizationalUnit
+schemaIdGuid:53ea1cb5-b704-4df9-818f-5cb4ec86cac1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-TAPI-Rt-Person,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-IntRangeParam
+ldapDisplayName: msWMI-IntRangeParam
+governsId: 1.2.840.113556.1.5.205
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: msWMI-RangeParam
+systemMustContain: msWMI-IntDefault
+systemMayContain: msWMI-IntMax, msWMI-IntMin
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+schemaIdGuid:50ca5d7d-5c8b-4ef3-b9df-5b66d491e526
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-IntRangeParam,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-IntSetParam
+ldapDisplayName: msWMI-IntSetParam
+governsId: 1.2.840.113556.1.5.206
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: msWMI-RangeParam
+systemMustContain: msWMI-IntDefault
+systemMayContain: msWMI-IntValidValues
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+schemaIdGuid:292f0d9a-cf76-42b0-841f-b650f331df62
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-IntSetParam,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-MergeablePolicyTemplate
+ldapDisplayName: msWMI-MergeablePolicyTemplate
+governsId: 1.2.840.113556.1.5.202
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: msWMI-PolicyTemplate
+systemPossSuperiors: container
+schemaIdGuid:07502414-fdca-4851-b04a-13645b11d226
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-MergeablePolicyTemplate,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-ObjectEncoding
+ldapDisplayName: msWMI-ObjectEncoding
+governsId: 1.2.840.113556.1.5.217
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msWMI-Class, msWMI-ScopeGuid, msWMI-Parm1,msWMI-Parm2, msWMI-Parm3, msWMI-Parm4, msWMI-Genus, msWMI-intFlags1,msWMI-intFlags2, msWMI-intFlags3, msWMI-intFlags4, msWMI-ID,msWMI-TargetObject
+systemPossSuperiors: container
+schemaIdGuid:55dd81c9-c312-41f9-a84d-c6adbdf1e8e1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-ObjectEncoding,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-PolicyTemplate
+ldapDisplayName: msWMI-PolicyTemplate
+governsId: 1.2.840.113556.1.5.200
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msWMI-NormalizedClass, msWMI-TargetPath,msWMI-TargetClass, msWMI-TargetNameSpace, msWMI-Name, msWMI-ID
+systemMayContain: msWMI-TargetType, msWMI-SourceOrganization,msWMI-Parm4, msWMI-Parm3, msWMI-Parm2, msWMI-Parm1, msWMI-intFlags4,msWMI-intFlags3, msWMI-intFlags2, msWMI-intFlags1,msWMI-CreationDate, msWMI-ChangeDate, msWMI-Author
+systemPossSuperiors: container
+schemaIdGuid:e2bc80f1-244a-4d59-acc6-ca5c4f82e6e1
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-PolicyTemplate,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-PolicyType
+ldapDisplayName: msWMI-PolicyType
+governsId: 1.2.840.113556.1.5.211
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msWMI-TargetObject, msWMI-ID
+systemMayContain: msWMI-SourceOrganization, msWMI-Parm4,msWMI-Parm3, msWMI-Parm2, msWMI-Parm1, msWMI-intFlags4,msWMI-intFlags3, msWMI-intFlags2, msWMI-intFlags1,msWMI-CreationDate, msWMI-ChangeDate, msWMI-Author
+systemPossSuperiors: container
+schemaIdGuid:595b2613-4109-4e77-9013-a3bb4ef277c7
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-PolicyType,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-RangeParam
+ldapDisplayName: msWMI-RangeParam
+governsId: 1.2.840.113556.1.5.203
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msWMI-TargetType, msWMI-TargetClass,msWMI-PropertyName
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+schemaIdGuid:45fb5a57-5018-4d0f-9056-997c8c9122d9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-RangeParam,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-RealRangeParam
+ldapDisplayName: msWMI-RealRangeParam
+governsId: 1.2.840.113556.1.5.209
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: msWMI-RangeParam
+systemMustContain: msWMI-Int8Default
+systemMayContain: msWMI-Int8Max, msWMI-Int8Min
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+schemaIdGuid:6afe8fe2-70bc-4cce-b166-a96f7359c514
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-RealRangeParam,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Rule
+ldapDisplayName: msWMI-Rule
+governsId: 1.2.840.113556.1.5.214
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msWMI-QueryLanguage, msWMI-TargetNameSpace,msWMI-Query
+systemPossSuperiors: msWMI-Som, container
+schemaIdGuid:3c7e6f83-dd0e-481b-a0c2-74cd96ef2a66
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-Rule,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-ShadowObject
+ldapDisplayName: msWMI-ShadowObject
+governsId: 1.2.840.113556.1.5.212
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msWMI-TargetObject
+systemPossSuperiors: msWMI-PolicyType
+schemaIdGuid:f1e44bdf-8dd3-4235-9c86-f91f31f5b569
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-ShadowObject,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-SimplePolicyTemplate
+ldapDisplayName: msWMI-SimplePolicyTemplate
+governsId: 1.2.840.113556.1.5.201
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: msWMI-PolicyTemplate
+systemMustContain: msWMI-TargetObject
+systemPossSuperiors: container
+schemaIdGuid:6cc8b2b5-12df-44f6-8307-e74f5cdee369
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-SimplePolicyTemplate,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-Som
+ldapDisplayName: msWMI-Som
+governsId: 1.2.840.113556.1.5.213
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msWMI-Name, msWMI-ID
+systemMayContain: msWMI-SourceOrganization, msWMI-Parm4, msWMI-Parm3,msWMI-Parm2, msWMI-Parm1, msWMI-intFlags4, msWMI-intFlags3,msWMI-intFlags2, msWMI-intFlags1, msWMI-CreationDate,msWMI-ChangeDate, msWMI-Author
+systemPossSuperiors: container
+schemaIdGuid:ab857078-0142-4406-945b-34c9b6b13372
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-Som,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-StringSetParam
+ldapDisplayName: msWMI-StringSetParam
+governsId: 1.2.840.113556.1.5.210
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: msWMI-RangeParam
+systemMustContain: msWMI-StringDefault
+systemMayContain: msWMI-StringValidValues
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+schemaIdGuid:0bc579a2-1da7-4cea-b699-807f3b9d63a4
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-StringSetParam,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-UintRangeParam
+ldapDisplayName: msWMI-UintRangeParam
+governsId: 1.2.840.113556.1.5.207
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: msWMI-RangeParam
+systemMustContain: msWMI-IntDefault
+systemMayContain: msWMI-IntMax, msWMI-IntMin
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+schemaIdGuid:d9a799b2-cef3-48b3-b5ad-fb85f8dd3214
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-UintRangeParam,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-UintSetParam
+ldapDisplayName: msWMI-UintSetParam
+governsId: 1.2.840.113556.1.5.208
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: msWMI-RangeParam
+systemMustContain: msWMI-IntDefault
+systemMayContain: msWMI-IntValidValues
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+schemaIdGuid:8f4beb31-4e19-46f5-932e-5fa03c339b1d
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPCCDCLCLODTRC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-UintSetParam,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-UnknownRangeParam
+ldapDisplayName: msWMI-UnknownRangeParam
+governsId: 1.2.840.113556.1.5.204
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: msWMI-RangeParam
+systemMustContain: msWMI-TargetObject, msWMI-NormalizedClass
+systemPossSuperiors: msWMI-MergeablePolicyTemplate
+schemaIdGuid:b82ac26b-c6db-4098-92c6-49c18a3336e1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-UnknownRangeParam,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ms-WMI-WMIGPO
+ldapDisplayName: msWMI-WMIGPO
+governsId: 1.2.840.113556.1.5.215
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: msWMI-TargetClass
+systemMayContain: msWMI-Parm4, msWMI-Parm3, msWMI-Parm2, msWMI-Parm1,msWMI-intFlags4, msWMI-intFlags3, msWMI-intFlags2, msWMI-intFlags1
+systemPossSuperiors: container
+schemaIdGuid:05630000-3927-4ede-bf27-ca91f275c26f
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSW;;;DA)(A;;CC;;;PA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ms-WMI-WMIGPO,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NisMap
+ldapDisplayName: nisMap
+governsId: 1.3.6.1.1.1.2.9
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: cn, nisMapName
+mayContain: description
+possSuperiors: domainDNS, container, organizationalUnit
+schemaIdGuid:7672666c-02c1-4f33-9ecf-f649c1dd9b7c
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NisMap,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: NisNetgroup
+ldapDisplayName: nisNetgroup
+governsId: 1.3.6.1.1.1.2.8
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: cn
+mayContain: description, memberNisNetgroup, nisNetgroupTriple,msSFU30Name, msSFU30NisDomain, nisMapName,msSFU30NetgroupHostAtDomain, msSFU30NetgroupUserAtDomain
+possSuperiors: domainDNS, nisMap, container, organizationalUnit
+schemaIdGuid:72efbf84-6e7b-4a5c-a8db-8a75a7cad254
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NisNetgroup,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: NisObject
+ldapDisplayName: nisObject
+governsId: 1.3.6.1.1.1.2.10
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: cn, nisMapName, nisMapEntry
+mayContain: description, msSFU30Name, msSFU30NisDomain
+possSuperiors: domainDNS, nisMap, container, organizationalUnit
+schemaIdGuid:904f8a93-4954-4c5f-b1e1-53c097a31e13
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NisObject,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: NTDS-Connection
+ldapDisplayName: nTDSConnection
+governsId: 1.2.840.113556.1.5.71
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: leaf
+systemMustContain: options, fromServer, enabledConnection
+systemMayContain: transportType, schedule, mS-DS-ReplicatesNCReason,generatedConnection
+systemPossSuperiors: nTFRSMember, nTFRSReplicaSet, nTDSDSA
+schemaIdGuid:19195a60-6da0-11d0-afd3-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTDS-Connection,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NTDS-DSA
+ldapDisplayName: nTDSDSA
+governsId: 1.2.840.113556.1.5.7000.47
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: applicationSettings
+systemMayContain: msDS-IsUserCachableAtRodc, msDS-SiteName,msDS-isRODC, msDS-isGC, msDS-RevealedUsers,msDS-NeverRevealGroup, msDS-RevealOnDemandGroup,msDS-hasFullReplicaNCs, serverReference,msDS-RetiredReplNCSignatures, retiredReplDSASignatures,queryPolicyObject, options, networkAddress, msDS-ReplicationEpoch,msDS-HasInstantiatedNCs, msDS-hasMasterNCs, msDS-HasDomainNCs,msDS-Behavior-Version, managedBy, lastBackupRestorationTime,invocationId, hasPartialReplicaNCs, hasMasterNCs, fRSRootPath,dMDLocation, msDS-EnabledFeature
+systemPossSuperiors: organization, server
+schemaIdGuid:f0f8ffab-1191-11d0-a060-00aa006c33ed
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=NTDS-DSA,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NTDS-DSA-RO
+ldapDisplayName: nTDSDSARO
+governsId: 1.2.840.113556.1.5.254
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: nTDSDSA
+systemPossSuperiors: server, organization
+schemaIdGuid:85d16ec1-0791-4bc8-8ab3-70980602ff8c
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=NTDS-DSA-RO,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NTDS-Service
+ldapDisplayName: nTDSService
+governsId: 1.2.840.113556.1.5.72
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msDS-DeletedObjectLifetime, tombstoneLifetime,sPNMappings, replTopologyStayOfExecution, msDS-Other-Settings,garbageCollPeriod, dSHeuristics
+systemPossSuperiors: container
+schemaIdGuid:19195a5f-6da0-11d0-afd3-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTDS-Service,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NTDS-Site-Settings
+ldapDisplayName: nTDSSiteSettings
+governsId: 1.2.840.113556.1.5.69
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: applicationSiteSettings
+systemMayContain: schedule, queryPolicyObject, options,msDS-Preferred-GC-Site, managedBy, interSiteTopologyRenew,interSiteTopologyGenerator, interSiteTopologyFailover
+systemPossSuperiors: site
+schemaIdGuid:19195a5d-6da0-11d0-afd3-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTDS-Site-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NTFRS-Member
+ldapDisplayName: nTFRSMember
+governsId: 1.2.840.113556.1.5.153
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: serverReference, fRSUpdateTimeout,fRSServiceCommand, fRSRootSecurity, fRSPartnerAuthLevel, fRSFlags,fRSExtensions, fRSControlOutboundBacklog, fRSControlInboundBacklog,fRSControlDataCreation, frsComputerReference
+systemPossSuperiors: nTFRSReplicaSet
+schemaIdGuid:2a132586-9373-11d1-aebc-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTFRS-Member,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NTFRS-Replica-Set
+ldapDisplayName: nTFRSReplicaSet
+governsId: 1.2.840.113556.1.5.102
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: schedule, msFRS-Topology-Pref, msFRS-Hub-Member,managedBy, fRSVersionGUID, fRSServiceCommand, fRSRootSecurity,fRSReplicaSetType, fRSReplicaSetGUID, fRSPrimaryMember,fRSPartnerAuthLevel, fRSLevelLimit, fRSFlags, fRSFileFilter,fRSExtensions, fRSDSPoll, fRSDirectoryFilter
+systemPossSuperiors: nTFRSSettings
+schemaIdGuid:5245803a-ca6a-11d0-afff-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(OA;;CCDC;2a132586-9373-11d1-aebc-0000f80367c1;;ED)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTFRS-Replica-Set,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NTFRS-Settings
+ldapDisplayName: nTFRSSettings
+governsId: 1.2.840.113556.1.5.89
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: applicationSettings
+systemMayContain: managedBy, fRSExtensions
+systemPossSuperiors: nTFRSSettings, container, organizationalUnit,organization
+schemaIdGuid:f780acc2-56f0-11d1-a9c6-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTFRS-Settings,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NTFRS-Subscriber
+ldapDisplayName: nTFRSSubscriber
+governsId: 1.2.840.113556.1.5.155
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: fRSStagingPath, fRSRootPath
+systemMayContain: schedule, fRSUpdateTimeout,fRSTimeLastConfigChange, fRSTimeLastCommand,fRSServiceCommandStatus, fRSServiceCommand, fRSMemberReference,fRSFlags, fRSFaultCondition, fRSExtensions
+systemPossSuperiors: nTFRSSubscriptions
+schemaIdGuid:2a132588-9373-11d1-aebc-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTFRS-Subscriber,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: NTFRS-Subscriptions
+ldapDisplayName: nTFRSSubscriptions
+governsId: 1.2.840.113556.1.5.154
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: fRSWorkingPath, fRSVersion, fRSExtensions
+systemPossSuperiors: user, computer, nTFRSSubscriptions
+schemaIdGuid:2a132587-9373-11d1-aebc-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=NTFRS-Subscriptions,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: OncRpc
+ldapDisplayName: oncRpc
+governsId: 1.3.6.1.1.1.2.5
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: cn, oncRpcNumber
+mayContain: description, msSFU30Name, msSFU30NisDomain, nisMapName,msSFU30Aliases
+possSuperiors: domainDNS, nisMap, container, organizationalUnit
+schemaIdGuid:cadd1e5e-fefc-4f3f-b5a9-70e994204303
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=OncRpc,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Organization
+ldapDisplayName: organization
+governsId: 2.5.6.4
+objectClassCategory: 1
+rdnAttId: o
+subClassOf: top
+systemMustContain: o
+systemMayContain: x121Address, userPassword, telexNumber,teletexTerminalIdentifier, telephoneNumber, street, st, seeAlso,searchGuide, registeredAddress, preferredDeliveryMethod, postalCode,postalAddress, postOfficeBox, physicalDeliveryOfficeName, l,internationalISDNNumber, facsimileTelephoneNumber,destinationIndicator, businessCategory
+systemPossSuperiors: locality, country, domainDNS
+schemaIdGuid:bf967aa3-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Organization,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Organizational-Person
+ldapDisplayName: organizationalPerson
+governsId: 2.5.6.7
+objectClassCategory: 0
+rdnAttId: cn
+subClassOf: person
+mayContain: msDS-HABSeniorityIndex, msDS-PhoneticDisplayName,msDS-PhoneticCompanyName, msDS-PhoneticDepartment,msDS-PhoneticLastName, msDS-PhoneticFirstName, houseIdentifier,msExchHouseIdentifier, homePostalAddress
+systemMayContain: x121Address, comment, title, co,primaryTelexNumber, telexNumber, teletexTerminalIdentifier, street,st, registeredAddress, preferredDeliveryMethod, postalCode,postalAddress, postOfficeBox, thumbnailPhoto,physicalDeliveryOfficeName, pager, otherPager, otherTelephone,mobile, otherMobile, primaryInternationalISDNNumber, ipPhone,otherIpPhone, otherHomePhone, homePhone,otherFacsimileTelephoneNumber, personalTitle, middleName,otherMailbox, ou, o, mhsORAddress, msDS-AllowedToDelegateTo,manager, thumbnailLogo, l, internationalISDNNumber, initials,givenName, generationQualifier, facsimileTelephoneNumber,employeeID, mail, division, destinationIndicator, department, c,countryCode, company, assistant, streetAddress
+systemPossSuperiors: organizationalUnit, organization, container
+schemaIdGuid:bf967aa4-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Organizational-Role
+ldapDisplayName: organizationalRole
+governsId: 2.5.6.8
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+systemMayContain: x121Address, telexNumber,teletexTerminalIdentifier, telephoneNumber, street, st, seeAlso,roleOccupant, registeredAddress, preferredDeliveryMethod,postalCode, postalAddress, postOfficeBox,physicalDeliveryOfficeName, ou, l, internationalISDNNumber,facsimileTelephoneNumber, destinationIndicator
+systemPossSuperiors: organizationalUnit, organization, container
+schemaIdGuid:a8df74bf-c5ea-11d1-bbcb-0080c76670c0
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Organizational-Role,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Organizational-Unit
+ldapDisplayName: organizationalUnit
+governsId: 2.5.6.5
+objectClassCategory: 1
+rdnAttId: ou
+subClassOf: top
+systemMustContain: ou
+systemMayContain: x121Address, userPassword, uPNSuffixes, co,telexNumber, teletexTerminalIdentifier, telephoneNumber, street, st,seeAlso, searchGuide, registeredAddress, preferredDeliveryMethod,postalCode, postalAddress, postOfficeBox,physicalDeliveryOfficeName, msCOM-UserPartitionSetLink, managedBy,thumbnailLogo, l, internationalISDNNumber, gPOptions, gPLink,facsimileTelephoneNumber, destinationIndicator, desktopProfile,defaultGroup, countryCode, c, businessCategory
+systemPossSuperiors: country, organization, organizationalUnit,domainDNS
+schemaIdGuid:bf967aa5-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(OA;;CCDC;bf967a86-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aba-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967a9c-0de6-11d0-a285-00aa003049e2;;AO)(OA;;CCDC;bf967aa8-0de6-11d0-a285-00aa003049e2;;PO)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;ED)(OA;;CCDC;4828CC14-1437-45bc-9B07-AD6F015E5F28;;AO)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Organizational-Unit,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Package-Registration
+ldapDisplayName: packageRegistration
+governsId: 1.2.840.113556.1.5.49
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: versionNumberLo, versionNumberHi, vendor,upgradeProductCode, setupCommand, productCode, packageType,packageName, packageFlags, msiScriptSize, msiScriptPath,msiScriptName, msiScript, msiFileList, managedBy,machineArchitecture, localeID, lastUpdateSequence, installUiLevel,iconPath, fileExtPriority, cOMTypelibId, cOMProgID, cOMInterfaceID,cOMClassID, categories, canUpgradeScript
+systemPossSuperiors: classStore
+schemaIdGuid:bf967aa6-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Package-Registration,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Person
+ldapDisplayName: person
+governsId: 2.5.6.6
+objectClassCategory: 0
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+mayContain: attributeCertificateAttribute
+systemMayContain: userPassword, telephoneNumber, sn, serialNumber,seeAlso
+systemPossSuperiors: organizationalUnit, container
+schemaIdGuid:bf967aa7-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Physical-Location
+ldapDisplayName: physicalLocation
+governsId: 1.2.840.113556.1.5.97
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: locality
+systemMayContain: managedBy
+systemPossSuperiors: physicalLocation, configuration
+schemaIdGuid:b7b13122-b82e-11d0-afee-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Physical-Location,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Certificate-Template
+ldapDisplayName: pKICertificateTemplate
+governsId: 1.2.840.113556.1.5.177
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: pKIOverlapPeriod, pKIMaxIssuingDepth, pKIKeyUsage,pKIExtendedKeyUsage, pKIExpirationPeriod, pKIEnrollmentAccess,pKIDefaultCSPs, pKIDefaultKeySpec, pKICriticalExtensions,msPKI-RA-Signature, msPKI-RA-Policies,msPKI-RA-Application-Policies, msPKI-Template-Schema-Version,msPKI-Template-Minor-Revision, msPKI-Supersede-Templates,msPKI-Private-Key-Flag, msPKI-Minimal-Key-Size,msPKI-Enrollment-Flag, msPKI-Certificate-Policy,msPKI-Certificate-Name-Flag, msPKI-Certificate-Application-Policy,msPKI-Cert-Template-OID, flags, displayName
+systemPossSuperiors: container
+schemaIdGuid:e5209ca2-3bba-11d2-90cc-00c04fd91ab1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=PKI-Certificate-Template,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PKI-Enrollment-Service
+ldapDisplayName: pKIEnrollmentService
+governsId: 1.2.840.113556.1.5.178
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msPKI-Enrollment-Servers, msPKI-Site-Name,signatureAlgorithms, enrollmentProviders, dNSHostName,certificateTemplates, cACertificateDN, cACertificate
+systemPossSuperiors: container
+schemaIdGuid:ee4aa692-3bba-11d2-90cc-00c04fd91ab1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=PKI-Enrollment-Service,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: PosixAccount
+ldapDisplayName: posixAccount
+governsId: 1.3.6.1.1.1.2.0
+objectClassCategory: 3
+rdnAttId: uid
+subClassOf: top
+mayContain: uid, cn, uidNumber, gidNumber, unixHomeDirectory,homeDirectory, userPassword, unixUserPassword, loginShell, gecos,description
+schemaIdGuid:ad44bb41-67d5-4d88-b575-7b20674e76d8
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=PosixAccount,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: PosixGroup
+ldapDisplayName: posixGroup
+governsId: 1.3.6.1.1.1.2.2
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+mayContain: cn, userPassword, unixUserPassword, description,gidNumber, memberUid
+schemaIdGuid:2a9350b8-062c-4ed0-9903-dde10d06deba
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=PosixGroup,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Print-Queue
+ldapDisplayName: printQueue
+governsId: 1.2.840.113556.1.5.23
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: connectionPoint
+systemMustContain: versionNumber, uNCName, shortServerName,serverName, printerName
+systemMayContain: priority, printStatus, printStartTime,printStaplingSupported, printSpooling, printShareName,printSeparatorFile, printRateUnit, printRate, printPagesPerMinute,printOwner, printOrientationsSupported, printNumberUp, printNotify,printNetworkAddress, printMinYExtent, printMinXExtent, printMemory,printMediaSupported, printMediaReady, printMaxYExtent,printMaxXExtent, printMaxResolutionSupported, printMaxCopies,printMACAddress, printLanguage, printKeepPrintedJobs, printFormName,printEndTime, printDuplexSupported, printColor, printCollate,printBinNames, printAttributes, portName, physicalLocationObject,operatingSystemVersion, operatingSystemServicePack,operatingSystemHotfix, operatingSystem, location, driverVersion,driverName, defaultPriority, bytesPerMinute, assetNumber
+systemPossSuperiors: organizationalUnit, domainDNS, container,computer
+schemaIdGuid:bf967aa8-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;PO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Print-Queue,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Query-Policy
+ldapDisplayName: queryPolicy
+governsId: 1.2.840.113556.1.5.106
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: lDAPIPDenyList, lDAPAdminLimits
+systemPossSuperiors: container
+schemaIdGuid:83cc7075-cca7-11d0-afff-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Query-Policy,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Remote-Mail-Recipient
+ldapDisplayName: remoteMailRecipient
+governsId: 1.2.840.113556.1.5.24
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemAuxiliaryClass: mailRecipient
+systemMayContain: remoteSourceType, remoteSource, managedBy
+systemPossSuperiors: organizationalUnit, domainDNS
+schemaIdGuid:bf967aa9-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(OA;;CR;ab721a55-1e2f-11d0-9819-00aa0040529b;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Remote-Mail-Recipient,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Remote-Storage-Service-Point
+ldapDisplayName: remoteStorageServicePoint
+governsId: 1.2.840.113556.1.5.146
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: serviceAdministrationPoint
+systemMayContain: remoteStorageGUID
+systemPossSuperiors: computer
+schemaIdGuid:2a39c5bd-8960-11d1-aebc-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Remote-Storage-Service-Point,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Residential-Person
+ldapDisplayName: residentialPerson
+governsId: 2.5.6.10
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: person
+systemMayContain: x121Address, title, telexNumber,teletexTerminalIdentifier, street, st, registeredAddress,preferredDeliveryMethod, postalCode, postalAddress, postOfficeBox,physicalDeliveryOfficeName, ou, l, internationalISDNNumber,facsimileTelephoneNumber, destinationIndicator, businessCategory
+systemPossSuperiors: locality, container
+schemaIdGuid:a8df74d6-c5ea-11d1-bbcb-0080c76670c0
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Residential-Person,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rFC822LocalPart
+ldapDisplayName: rFC822LocalPart
+governsId: 0.9.2342.19200300.100.4.14
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: domain
+mayContain: x121Address, telexNumber, teletexTerminalIdentifier,telephoneNumber, street, sn, seeAlso, registeredAddress,preferredDeliveryMethod, postOfficeBox, postalCode, postalAddress,physicalDeliveryOfficeName, internationalISDNNumber,facsimileTelephoneNumber, destinationIndicator, description, cn
+possSuperiors: organizationalUnit, container
+schemaIdGuid:b93e3a78-cbae-485e-a07b-5ef4ae505686
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=rFC822LocalPart,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: RID-Manager
+ldapDisplayName: rIDManager
+governsId: 1.2.840.113556.1.5.83
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: rIDAvailablePool
+systemPossSuperiors: container
+schemaIdGuid:6617188d-8f3c-11d0-afda-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)S:(AU;SA;CRWP;;;WD)
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=RID-Manager,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: RID-Set
+ldapDisplayName: rIDSet
+governsId: 1.2.840.113556.1.5.129
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: rIDUsedPool, rIDPreviousAllocationPool,rIDNextRID, rIDAllocationPool
+systemPossSuperiors: user, container, computer
+schemaIdGuid:7bfdcb89-4807-11d1-a9c3-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=RID-Set,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: room
+ldapDisplayName: room
+governsId: 0.9.2342.19200300.100.4.7
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+mustContain: cn
+mayContain: location, telephoneNumber, seeAlso, description,roomNumber
+possSuperiors: organizationalUnit, container
+schemaIdGuid:7860e5d2-c8b0-4cbb-bd45-d9455beb9206
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=room,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Rpc-Container
+ldapDisplayName: rpcContainer
+governsId: 1.2.840.113556.1.5.136
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: container
+systemMayContain: nameServiceFlags
+systemPossSuperiors: container
+schemaIdGuid:80212842-4bdc-11d1-a9c4-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Rpc-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Entry
+ldapDisplayName: rpcEntry
+governsId: 1.2.840.113556.1.5.27
+objectClassCategory: 2
+rdnAttId: cn
+subClassOf: connectionPoint
+systemPossSuperiors: container
+schemaIdGuid:bf967aac-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=rpc-Entry,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Group
+ldapDisplayName: rpcGroup
+governsId: 1.2.840.113556.1.5.80
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: rpcEntry
+systemMayContain: rpcNsObjectID, rpcNsGroup
+systemPossSuperiors: container
+schemaIdGuid:88611bdf-8cf4-11d0-afda-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=rpc-Group,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Profile
+ldapDisplayName: rpcProfile
+governsId: 1.2.840.113556.1.5.82
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: rpcEntry
+systemPossSuperiors: container
+schemaIdGuid:88611be1-8cf4-11d0-afda-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=rpc-Profile,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Profile-Element
+ldapDisplayName: rpcProfileElement
+governsId: 1.2.840.113556.1.5.26
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: rpcEntry
+systemMustContain: rpcNsPriority, rpcNsInterfaceID
+systemMayContain: rpcNsProfileEntry, rpcNsAnnotation
+systemPossSuperiors: rpcProfile
+schemaIdGuid:f29653cf-7ad0-11d0-afd6-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=rpc-Profile-Element,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Server
+ldapDisplayName: rpcServer
+governsId: 1.2.840.113556.1.5.81
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: rpcEntry
+systemMayContain: rpcNsObjectID, rpcNsEntryFlags, rpcNsCodeset
+systemPossSuperiors: container
+schemaIdGuid:88611be0-8cf4-11d0-afda-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=rpc-Server,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: rpc-Server-Element
+ldapDisplayName: rpcServerElement
+governsId: 1.2.840.113556.1.5.73
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: rpcEntry
+systemMustContain: rpcNsTransferSyntax, rpcNsInterfaceID,rpcNsBindings
+systemPossSuperiors: rpcServer
+schemaIdGuid:f29653d0-7ad0-11d0-afd6-00c04fd930c9
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=rpc-Server-Element,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: RRAS-Administration-Connection-Point
+ldapDisplayName: rRASAdministrationConnectionPoint
+governsId: 1.2.840.113556.1.5.150
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: serviceAdministrationPoint
+systemMayContain: msRRASAttribute
+systemPossSuperiors: computer
+schemaIdGuid:2a39c5be-8960-11d1-aebc-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;DA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;CO)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=RRAS-Administration-Connection-Point,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: RRAS-Administration-Dictionary
+ldapDisplayName: rRASAdministrationDictionary
+governsId: 1.2.840.113556.1.5.156
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msRRASVendorAttributeEntry
+systemPossSuperiors: container
+schemaIdGuid:f39b98ae-938d-11d1-aebd-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPLCLORC;;;AU)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=RRAS-Administration-Dictionary,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Sam-Domain
+ldapDisplayName: samDomain
+governsId: 1.2.840.113556.1.5.3
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+systemAuxiliaryClass: samDomainBase
+systemMayContain: treeName, rIDManagerReference, replicaSource,pwdProperties, pwdHistoryLength, privateKey, pekList,pekKeyChangeInterval, nTMixedDomain, nextRid, nETBIOSName,msDS-PerUserTrustTombstonesQuota, msDS-PerUserTrustQuota,ms-DS-MachineAccountQuota, msDS-LogonTimeSyncInterval,msDS-AllUsersTrustQuota, modifiedCountAtLastProm, minPwdLength,minPwdAge, maxPwdAge, lSAModifiedCount, lSACreationTime,lockoutThreshold, lockoutDuration, lockOutObservationWindow,gPOptions, gPLink, eFSPolicy, domainPolicyObject, desktopProfile,description, defaultLocalPolicyObject, creationTime,controlAccessRights, cACertificate, builtinModifiedCount,builtinCreationTime, auditingPolicy
+schemaIdGuid:bf967a90-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;S-1-5-21-2848215498-2472035911-1947525656-498)(A;;RP;;;WD)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6aa-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ab-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;1131f6ac-9c07-11d1-f79f-00c04fc2dcd2;;BA)(A;;RPLCLORC;;;AU)(A;;RPWPCRLCLOCCRCWDWOSW;;;DA)(A;CI;RPWPCRLCLOCCRCWDWOSDSW;;;BA)(A;;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;SY)(A;CI;RPWPCRLCLOCCDCRCWDWOSDDTSW;;;EA)(A;CI;LC;;;RU)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(OA;;RP;c7407360-20bf-11d0-a768-00aa006e0529;;RU)(OA;CIIO;RPLCLORC;;bf967a9c-0de6-11d0-a285-00aa003049e2;RU)(A;;RPRC;;;RU)(OA;CIIO;RPLCLORC;;bf967aba-0de6-11d0-a285-00aa003049e2;RU)(A;;LCRPLORC;;;ED)(OA;CIIO;RP;037088f8-0ae1-11d2-b422-00a0c968f939;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;4c164200-20c0-11d0-a768-00aa006e0529;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;CIIO;RPLCLORC;;4828CC14-1437-45bc-9B07-AD6F015E5F28;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;RU)(OA;;RP;b8119fd0-04f6-4762-ab7a-4986c76b3f9a;;AU)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967aba-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a9c-0de6-11d0-a285-00aa003049e2;ED)(OA;CIIO;RP;b7c69e6d-2cc7-11d2-854e-00a0c983f608;bf967a86-0de6-11d0-a285-00aa003049e2;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;DD)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;ED)(OA;;CR;1131f6ad-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;;CR;89e95b76-444d-4c62-991a-0facbeda640c;;BA)(OA;;CR;e2a36dc9-ae17-47c3-b58b-be34c55ba633;;S-1-5-32-557)(OA;;CR;280f369c-67c7-438e-ae98-1d46f3c6f541;;AU)(OA;;CR;ccc2dc7d-a6ad-4a7a-8846-c04e3cc53501;;AU)(OA;;CR;05c74c5e-4deb-43b4-bd9f-86664c2a7fd5;;AU)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;ED)(OA;;CR;1131f6ae-9c07-11d1-f79f-00c04fc2dcd2;;BA)(OA;CIIO;CRRPWP;91e647de-d96f-4b70-9557-d63ff4f3ccd8;;PS)S:(AU;SA;WDWOWP;;;WD)(AU;SA;CR;;;BA)(AU;SA;CR;;;DU)(OU;CISA;WP;f30e3bbe-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)(OU;CISA;WP;f30e3bbf-9ff0-11d1-b603-0000f80367c1;bf967aa5-0de6-11d0-a285-00aa003049e2;WD)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Sam-Domain,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Sam-Domain-Base
+ldapDisplayName: samDomainBase
+governsId: 1.2.840.113556.1.5.2
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+systemMayContain: uASCompat, serverState, serverRole, revision,pwdProperties, pwdHistoryLength, oEMInformation, objectSid,nTSecurityDescriptor, nextRid, modifiedCountAtLastProm,modifiedCount, minPwdLength, minPwdAge, maxPwdAge, lockoutThreshold,lockoutDuration, lockOutObservationWindow, forceLogoff,domainReplica, creationTime
+schemaIdGuid:bf967a91-0de6-11d0-a285-00aa003049e2
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Sam-Domain-Base,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Sam-Server
+ldapDisplayName: samServer
+governsId: 1.2.840.113556.1.5.5
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: securityObject
+systemMayContain: samDomainUpdates
+systemPossSuperiors: domainDNS
+schemaIdGuid:bf967aad-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;RPLCLORC;;;RU)(OA;;CR;91d67418-0135-4acc-8d79-c08e857cfbec;;AU)(OA;;CR;91d67418-0135-4acc-8d79-c08e857cfbec;;RU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Sam-Server,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Secret
+ldapDisplayName: secret
+governsId: 1.2.840.113556.1.5.28
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: leaf
+systemMayContain: priorValue, priorSetTime, lastSetTime, currentValue
+systemPossSuperiors: container
+schemaIdGuid:bf967aae-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Secret,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Security-Object
+ldapDisplayName: securityObject
+governsId: 1.2.840.113556.1.5.1
+objectClassCategory: 2
+rdnAttId: cn
+subClassOf: top
+systemMustContain: cn
+systemPossSuperiors: container
+schemaIdGuid:bf967aaf-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Security-Object,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Security-Principal
+ldapDisplayName: securityPrincipal
+governsId: 1.2.840.113556.1.5.6
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+systemMustContain: sAMAccountName, objectSid
+systemMayContain: supplementalCredentials, sIDHistory,securityIdentifier, sAMAccountType, rid, tokenGroupsNoGCAcceptable,tokenGroupsGlobalAndUniversal, tokenGroups, nTSecurityDescriptor,msDS-KeyVersionNumber, altSecurityIdentities, accountNameHistory
+schemaIdGuid:bf967ab0-0de6-11d0-a285-00aa003049e2
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Security-Principal,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Server
+ldapDisplayName: server
+governsId: 1.2.840.113556.1.5.17
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: msDS-IsUserCachableAtRodc, msDS-SiteName,msDS-isRODC, msDS-isGC, mailAddress, serverReference, serialNumber,managedBy, dNSHostName, bridgeheadTransportList
+systemPossSuperiors: serversContainer
+schemaIdGuid:bf967a92-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;CI;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Server,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Servers-Container
+ldapDisplayName: serversContainer
+governsId: 1.2.840.113556.1.5.7000.48
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemPossSuperiors: site
+schemaIdGuid:f780acc0-56f0-11d1-a9c6-0000f80367c1
+defaultSecurityDescriptor: D:(A;;CC;;;BA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Servers-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-Administration-Point
+ldapDisplayName: serviceAdministrationPoint
+governsId: 1.2.840.113556.1.5.94
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: serviceConnectionPoint
+systemPossSuperiors: computer
+schemaIdGuid:b7b13123-b82e-11d0-afee-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Service-Administration-Point,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-Class
+ldapDisplayName: serviceClass
+governsId: 1.2.840.113556.1.5.29
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: leaf
+systemMustContain: serviceClassID, displayName
+systemMayContain: serviceClassInfo
+systemPossSuperiors: container
+schemaIdGuid:bf967ab1-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Service-Class,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-Connection-Point
+ldapDisplayName: serviceConnectionPoint
+governsId: 1.2.840.113556.1.5.126
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: connectionPoint
+systemMayContain: versionNumberLo, versionNumberHi, versionNumber,vendor, serviceDNSNameType, serviceDNSName, serviceClassName,serviceBindingInformation, appSchemaVersion
+systemPossSuperiors: organizationalUnit, container, computer
+schemaIdGuid:28630ec1-41d5-11d1-a9c1-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;CO)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Service-Connection-Point,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Service-Instance
+ldapDisplayName: serviceInstance
+governsId: 1.2.840.113556.1.5.30
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: connectionPoint
+systemMustContain: serviceClassID, displayName
+systemMayContain: winsockAddresses, serviceInstanceVersion
+systemPossSuperiors: container
+schemaIdGuid:bf967ab2-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Service-Instance,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: ShadowAccount
+ldapDisplayName: shadowAccount
+governsId: 1.3.6.1.1.1.2.1
+objectClassCategory: 3
+rdnAttId: uid
+subClassOf: top
+mayContain: uid, userPassword, description, shadowLastChange,shadowMin, shadowMax, shadowWarning, shadowInactive, shadowExpire,shadowFlag
+schemaIdGuid:5b6d8467-1a18-4174-b350-9cc6e7b4ac8d
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=ShadowAccount,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: simpleSecurityObject
+ldapDisplayName: simpleSecurityObject
+governsId: 0.9.2342.19200300.100.4.19
+objectClassCategory: 3
+rdnAttId: cn
+subClassOf: top
+mayContain: userPassword
+schemaIdGuid:5fe69b0b-e146-4f15-b0ab-c1e5d488e094
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLOLORCWOWDSDDTDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=simpleSecurityObject,CN=Schema,CN=Configuration,<RootDomainDN>
+
+cn: Site
+ldapDisplayName: site
+governsId: 1.2.840.113556.1.5.31
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: notificationList, mSMQSiteID, mSMQSiteForeign,mSMQNt4Stub, mSMQInterval2, mSMQInterval1, managedBy, location,gPOptions, gPLink, msDS-BridgeHeadServersUsed
+systemPossSuperiors: sitesContainer
+schemaIdGuid:bf967ab3-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(A;;LCRPLORC;;;ED)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Site,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Site-Link
+ldapDisplayName: siteLink
+governsId: 1.2.840.113556.1.5.147
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: siteList
+systemMayContain: schedule, replInterval, options, cost
+systemPossSuperiors: interSiteTransport
+schemaIdGuid:d50c2cde-8951-11d1-aebc-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Site-Link,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Site-Link-Bridge
+ldapDisplayName: siteLinkBridge
+governsId: 1.2.840.113556.1.5.148
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMustContain: siteLinkList
+systemPossSuperiors: interSiteTransport
+schemaIdGuid:d50c2cdf-8951-11d1-aebc-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Site-Link-Bridge,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Sites-Container
+ldapDisplayName: sitesContainer
+governsId: 1.2.840.113556.1.5.107
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemPossSuperiors: configuration
+schemaIdGuid:7a4117da-cd67-11d0-afff-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Sites-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Storage
+ldapDisplayName: storage
+governsId: 1.2.840.113556.1.5.33
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: connectionPoint
+systemMayContain: monikerDisplayName, moniker, iconPath
+systemPossSuperiors: container
+schemaIdGuid:bf967ab5-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Storage,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Subnet
+ldapDisplayName: subnet
+governsId: 1.2.840.113556.1.5.96
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: siteObject, physicalLocationObject, location
+systemPossSuperiors: subnetContainer
+schemaIdGuid:b7b13124-b82e-11d0-afee-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Subnet,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Subnet-Container
+ldapDisplayName: subnetContainer
+governsId: 1.2.840.113556.1.5.95
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemPossSuperiors: sitesContainer
+schemaIdGuid:b7b13125-b82e-11d0-afee-0000f80367c1
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Subnet-Container,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: SubSchema
+ldapDisplayName: subSchema
+governsId: 2.5.20.1
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: objectClasses, modifyTimeStamp, extendedClassInfo,extendedAttributeInfo, dITContentRules, attributeTypes
+systemPossSuperiors: dMD
+schemaIdGuid:5a8b3261-c38d-11d1-bbc9-0080c76670c0
+defaultSecurityDescriptor: D:S:
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=SubSchema,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT | FLAG_DOMAIN_DISALLOW_RENAME
+
+cn: Top
+ldapDisplayName: top
+governsId: 2.5.6.0
+objectClassCategory: 2
+rdnAttId: cn
+subClassOf: top
+systemMustContain: objectClass, objectCategory, nTSecurityDescriptor,instanceType
+mayContain: msSFU30PosixMemberOf, msDFSR-ComputerReferenceBL,msDFSR-MemberReferenceBL, msDS-ObjectReferenceBL
+systemMayContain: msDS-EnabledFeatureBL, msDS-LastKnownRDN, msDS-HostServiceAccountBL,msDS-OIDToGroupLinkBl, msDS-LocalEffectiveRecycleTime,msDS-LocalEffectiveDeletionTime, isRecycled, msDS-NcType,msDS-PSOApplied, msDS-PrincipalName,msDS-RevealedListBL, msDS-AuthenticatedToAccountlist,msDS-IsPartialReplicaFor, msDS-IsDomainFor, msDS-IsFullReplicaFor,msDS-RevealedDSAs, msDS-KrbTgtLinkBl, url, wWWHomePage, whenCreated,whenChanged, wellKnownObjects, wbemPath, uSNSource, uSNLastObjRem,USNIntersite, uSNDSALastObjRemoved, uSNCreated, uSNChanged,systemFlags, subSchemaSubEntry, subRefs, structuralObjectClass,siteObjectBL, serverReferenceBL, sDRightsEffective, revision,repsTo, repsFrom, directReports, replUpToDateVector,replPropertyMetaData, name, queryPolicyBL, proxyAddresses,proxiedObjectName, possibleInferiors, partialAttributeSet,partialAttributeDeletionList, otherWellKnownObjects, objectVersion,objectGUID, distinguishedName, nonSecurityMemberBL, netbootSCPBL,ownerBL, msDS-ReplValueMetaData, msDS-ReplAttributeMetaData,msDS-NonMembersBL, msDS-NCReplOutboundNeighbors,msDS-NCReplInboundNeighbors, msDS-NCReplCursors,msDS-TasksForAzRoleBL, msDS-TasksForAzTaskBL,msDS-OperationsForAzRoleBL, msDS-OperationsForAzTaskBL,msDS-MembersForAzRoleBL, msDs-masteredBy, mS-DS-ConsistencyGuid,mS-DS-ConsistencyChildCount, msDS-Approx-Immed-Subordinates,msCOM-PartitionSetLink, msCOM-UserLink, modifyTimeStamp, masteredBy,managedObjects, lastKnownParent, isPrivilegeHolder, memberOf,isDeleted, isCriticalSystemObject, showInAdvancedViewOnly,fSMORoleOwner, fRSMemberReferenceBL, frsComputerReferenceBL,fromEntry, flags, extensionName, dSASignature,dSCorePropagationData, displayNamePrintable, displayName,description, createTimeStamp, cn, canonicalName,bridgeheadServerListBL, allowedChildClassesEffective,allowedChildClasses, allowedAttributesEffective, allowedAttributes,adminDisplayName, adminDescription, msDS-NC-RO-Replica-Locations-BL
+systemPossSuperiors: lostAndFound
+schemaIdGuid:bf967ab7-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: TRUE
+defaultObjectCategory: CN=Top,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Trusted-Domain
+ldapDisplayName: trustedDomain
+governsId: 1.2.840.113556.1.5.34
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: leaf
+systemMayContain: msDS-SupportedEncryptionTypes, trustType,trustPosixOffset, trustPartner, trustDirection, trustAuthOutgoing,trustAuthIncoming, trustAttributes, securityIdentifier,msDS-TrustForestTrustInfo, mS-DS-CreatorSID, initialAuthOutgoing,initialAuthIncoming, flatName, domainIdentifier, domainCrossRef,additionalTrustedServiceNames
+systemPossSuperiors: container
+schemaIdGuid:bf967ab8-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)(OA;;WP;736e4812-af31-11d2-b7df-00805f48caeb;bf967ab8-0de6-11d0-a285-00aa003049e2;CO)(A;;SD;;;CO)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Trusted-Domain,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Type-Library
+ldapDisplayName: typeLibrary
+governsId: 1.2.840.113556.1.5.53
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: top
+systemMayContain: cOMUniqueLIBID, cOMInterfaceID, cOMClassID
+systemPossSuperiors: classStore
+schemaIdGuid:281416e2-1968-11d0-a28f-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: TRUE
+systemOnly: FALSE
+defaultObjectCategory: CN=Type-Library,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: User
+ldapDisplayName: user
+governsId: 1.2.840.113556.1.5.9
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: organizationalPerson
+auxiliaryClass: shadowAccount, posixAccount
+systemAuxiliaryClass: securityPrincipal, mailRecipient
+mayContain: msSFU30NisDomain, msSFU30Name, msDS-SourceObjectDN,x500uniqueIdentifier, userSMIMECertificate, userPKCS12, uid,secretary, roomNumber, preferredLanguage, photo, labeledURI,jpegPhoto, homePostalAddress, givenName, employeeType,employeeNumber, displayName, departmentNumber, carLicense, audio
+systemMayContain: msTSPrimaryDesktop, msTSSecondaryDesktops,msPKI-CredentialRoamingTokens, msDS-ResultantPSO, msTSLSProperty01,msTSLSProperty02, msTSManagingLS2, msTSManagingLS3, msTSManagingLS4,msTSLicenseVersion2, msTSLicenseVersion3, msTSLicenseVersion4,msTSExpireDate2, msTSExpireDate3, msTSExpireDate4,msDS-AuthenticatedAtDC, msDS-UserPasswordExpiryTimeComputed,msTSManagingLS, msTSLicenseVersion, msTSExpireDate, msTSProperty02,msTSProperty01, msTSInitialProgram, msTSWorkDirectory,msTSDefaultToMainPrinter, msTSConnectPrinterDrives,msTSConnectClientDrives, msTSBrokenConnectionAction,msTSReconnectionAction, msTSMaxIdleTime, msTSMaxConnectionTime,msTSMaxDisconnectionTime, msTSRemoteControl, msTSAllowLogon,msTSHomeDrive, msTSHomeDirectory, msTSProfilePath,msDS-FailedInteractiveLogonCountAtLastSuccessfulLogon,msDS-FailedInteractiveLogonCount,msDS-LastFailedInteractiveLogonTime,msDS-LastSuccessfulInteractiveLogonTime,msRADIUS-SavedFramedIpv6Route, msRADIUS-FramedIpv6Route,msRADIUS-SavedFramedIpv6Prefix, msRADIUS-FramedIpv6Prefix,msRADIUS-SavedFramedInterfaceId, msRADIUS-FramedInterfaceId,msPKIAccountCredentials, msPKIDPAPIMasterKeys,msPKIRoamingTimeStamp, msDS-SupportedEncryptionTypes,msDS-SecondaryKrbTgtNumber, pager, o, mobile, manager, mail,initials, homePhone, businessCategory, userCertificate,userWorkstations, userSharedFolderOther, userSharedFolder,userPrincipalName, userParameters, userAccountControl, unicodePwd,terminalServer, servicePrincipalName, scriptPath, pwdLastSet,profilePath, primaryGroupID, preferredOU, otherLoginWorkstations,operatorCount, ntPwdHistory, networkAddress, msRASSavedFramedRoute,msRASSavedFramedIPAddress, msRASSavedCallbackNumber,msRADIUSServiceType, msRADIUSFramedRoute, msRADIUSFramedIPAddress,msRADIUSCallbackNumber, msNPSavedCallingStationID,msNPCallingStationID, msNPAllowDialin, mSMQSignCertificatesMig,mSMQSignCertificates, mSMQDigestsMig, mSMQDigests, msIIS-FTPRoot,msIIS-FTPDir, msDS-User-Account-Control-Computed,msDS-Site-Affinity, mS-DS-CreatorSID,msDS-Cached-Membership-Time-Stamp, msDS-Cached-Membership,msDRM-IdentityCertificate, msCOM-UserPartitionSetLink, maxStorage,logonWorkstation, logonHours, logonCount, lockoutTime, localeID,lmPwdHistory, lastLogonTimestamp, lastLogon, lastLogoff, homeDrive,homeDirectory, groupsToIgnore, groupPriority, groupMembershipSAM,dynamicLDAPServer, desktopProfile, defaultClassStore, dBCSPwd,controlAccessRights, codePage, badPwdCount, badPasswordTime,adminCount, aCSPolicyName, accountExpires
+schemaIdGuid:bf967aba-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;AO)(A;;RPLCLORC;;;PS)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a54-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;CR;ab721a56-1e2f-11d0-9819-00aa0040529b;;PS)(OA;;RPWP;77B5B886-944A-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B2-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RPWP;E45795B3-9455-11d1-AEBD-0000F80367C1;;PS)(OA;;RP;037088f8-0ae1-11d2-b422-00a0c968f939;;RS)(OA;;RP;4c164200-20c0-11d0-a768-00aa006e0529;;RS)(OA;;RP;bc0ac240-79a9-11d0-9020-00c04fc2d4cf;;RS)(A;;RC;;;AU)(OA;;RP;59ba2f42-79a2-11d0-9020-00c04fc2d3cf;;AU)(OA;;RP;77B5B886-944A-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;E45795B3-9455-11d1-AEBD-0000F80367C1;;AU)(OA;;RP;e48d0154-bcf8-11d1-8702-00c04fb96050;;AU)(OA;;CR;ab721a53-1e2f-11d0-9819-00aa0040529b;;WD)(OA;;RP;5f202010-79a5-11d0-9020-00c04fc2d4cf;;RS)(OA;;RPWP;bf967a7f-0de6-11d0-a285-00aa003049e2;;CA)(OA;;RP;46a9b11d-60ae-405a-b7e8-ff8a58d456d2;;S-1-5-32-560)(OA;;WPRP;6db69a1c-9422-11d1-aebd-0000f80367c1;;S-1-5-32-561)(OA;;WPRP;5805bc62-bdc9-4428-a5e2-856a0f4c185e;;S-1-5-32-561)
+systemPossSuperiors: builtinDomain, organizationalUnit, domainDNS
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Person,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
+cn: Volume
+ldapDisplayName: volume
+governsId: 1.2.840.113556.1.5.36
+objectClassCategory: 1
+rdnAttId: cn
+subClassOf: connectionPoint
+systemMustContain: uNCName
+systemMayContain: lastContentIndexed, contentIndexingAllowed
+systemPossSuperiors: organizationalUnit, domainDNS
+schemaIdGuid:bf967abb-0de6-11d0-a285-00aa003049e2
+defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
+defaultHidingValue: FALSE
+systemOnly: FALSE
+defaultObjectCategory: CN=Volume,CN=Schema,CN=Configuration,<RootDomainDN>
+systemFlags: FLAG_SCHEMA_BASE_OBJECT
+
diff --git a/source4/setup/aggregate_schema.ldif b/source4/setup/aggregate_schema.ldif
index 2726704719..662f1abd00 100644
--- a/source4/setup/aggregate_schema.ldif
+++ b/source4/setup/aggregate_schema.ldif
@@ -1,3 +1,5 @@
dn: CN=Aggregate,${SCHEMADN}
objectClass: top
objectClass: subSchema
+showInAdvancedViewOnly: FALSE
+systemFlags: 134217728
diff --git a/source4/setup/provision.ldif b/source4/setup/provision.ldif
index 395d404268..93fa0bf322 100644
--- a/source4/setup/provision.ldif
+++ b/source4/setup/provision.ldif
@@ -431,7 +431,7 @@ dn: CN=RID Manager$,CN=System,${DOMAINDN}
objectClass: top
objectClass: rIDManager
systemFlags: -1946157056
-rIDAvailablePool: 4611686014132423217
+rIDAvailablePool: 1001-1073741823
isCriticalSystemObject: TRUE
dn: CN=RpcServices,CN=System,${DOMAINDN}
diff --git a/source4/setup/provision_schema_basedn.ldif b/source4/setup/provision_schema_basedn.ldif
index 6fe0b0ea93..77720fa82b 100644
--- a/source4/setup/provision_schema_basedn.ldif
+++ b/source4/setup/provision_schema_basedn.ldif
@@ -7,3 +7,4 @@ objectClass: dMD
cn: Schema
nTSecurityDescriptor:: ${DESCRIPTOR}
instanceType: 13
+msDS-NcType: 0
diff --git a/source4/setup/provision_self_join.ldif b/source4/setup/provision_self_join.ldif
index 0d28b51a43..6cfdc197cc 100644
--- a/source4/setup/provision_self_join.ldif
+++ b/source4/setup/provision_self_join.ldif
@@ -15,7 +15,6 @@ localPolicyFlags: 0
operatingSystem: Samba
operatingSystemVersion: ${SAMBA_VERSION_STRING}
primaryGroupID: 516
-# "rIDSetReferences" doesn't exist since we still miss distributed RIDs
sAMAccountName: ${NETBIOSNAME}$
# "servicePrincipalName" for FRS doesn't exit since we still miss FRS support
# "servicePrincipalName"s for DNS ("ldap/../ForestDnsZones",
@@ -33,9 +32,10 @@ servicePrincipalName: ldap/${DNSNAME}
servicePrincipalName: ldap/${DNSNAME}/${REALM}
userAccountControl: 532480
userPassword:: ${MACHINEPASS_B64}
+objectSID: ${DOMAINSID}-1000
-# Here are missing the objects for the NTFRS subscription and the RID set since
-# we don't support those techniques (FRS, distributed RIDs) yet.
+# Here are missing the objects for the NTFRS subscription since we don't
+# support this technique yet.
# Objects under "Configuration/Sites/<Default sitename>/Servers"
@@ -68,17 +68,3 @@ msDS-hasMasterNCs: ${DOMAINDN}
options: 1
systemFlags: 33554432
${NTDSGUID}
-
-# Provides an account for DNS keytab export
-dn: CN=dns,CN=Users,${DOMAINDN}
-objectClass: top
-objectClass: person
-objectClass: organizationalPerson
-objectClass: user
-description: DNS Service Account
-userAccountControl: 514
-accountExpires: 9223372036854775807
-sAMAccountName: dns
-servicePrincipalName: DNS/${DNSDOMAIN}
-userPassword:: ${DNSPASS_B64}
-isCriticalSystemObject: TRUE
diff --git a/source4/setup/provision_self_join_modify.ldif b/source4/setup/provision_self_join_modify.ldif
index dfcca728f2..f81a2b69c7 100644
--- a/source4/setup/provision_self_join_modify.ldif
+++ b/source4/setup/provision_self_join_modify.ldif
@@ -33,3 +33,18 @@ changetype: modify
add: servicePrincipalName
servicePrincipalName: E3514235-4B06-11D1-AB04-00C04FC2DCD2/${NTDSGUID}/${DNSDOMAIN}
servicePrincipalName: ldap/${NTDSGUID}._msdcs.${DNSDOMAIN}
+
+# NOTE: This account is SAMBA4 specific!
+dn: CN=dns,CN=Users,${DOMAINDN}
+changetype: add
+objectClass: top
+objectClass: person
+objectClass: organizationalPerson
+objectClass: user
+description: DNS Service Account
+userAccountControl: 514
+accountExpires: 9223372036854775807
+sAMAccountName: dns
+servicePrincipalName: DNS/${DNSDOMAIN}
+userPassword:: ${DNSPASS_B64}
+isCriticalSystemObject: TRUE
diff --git a/source4/setup/schema_samba4.ldif b/source4/setup/schema_samba4.ldif
index 70ae5d8d77..e28aa0e5cb 100644
--- a/source4/setup/schema_samba4.ldif
+++ b/source4/setup/schema_samba4.ldif
@@ -182,6 +182,7 @@
#Allocated: DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID 1.3.6.1.4.1.7165.4.4.2
#Allocated: LDB_EXTENDED_SEQUENCE_NUMBER 1.3.6.1.4.1.7165.4.4.3
#Allocated: DSDB_EXTENDED_CREATE_PARTITION_OID 1.3.6.1.4.1.7165.4.4.4
+#Allocated: DSDB_EXTENDED_ALLOCATE_RID_POOL 1.3.6.1.4.1.7165.4.4.5
#Allocated: (middleName) attributeID: 1.3.6.1.4.1.7165.4.255.1
diff --git a/source4/smbd/process_prefork.c b/source4/smbd/process_prefork.c
index f890a528d5..721856bb46 100644
--- a/source4/smbd/process_prefork.c
+++ b/source4/smbd/process_prefork.c
@@ -114,6 +114,9 @@ static void prefork_new_task(struct tevent_context *ev,
/* This is now the child code. We need a completely new event_context to work with */
ev2 = s4_event_context_init(NULL);
+ /* setup this as the default context */
+ s4_event_context_set_default(ev2);
+
/* the service has given us a private pointer that
encapsulates the context it needs for this new connection -
everything else will be freed */
@@ -171,7 +174,10 @@ static void prefork_new_task(struct tevent_context *ev,
/* But we need a events system to handle reaping children */
ev_parent = s4_event_context_init(NULL);
-
+
+ /* setup this as the default context */
+ s4_event_context_set_default(ev_parent);
+
/* TODO: Handle some events... */
/* we can't return to the top level here, as that event context is gone,
diff --git a/source4/smbd/process_single.c b/source4/smbd/process_single.c
index ff57a0bc34..f873de47af 100644
--- a/source4/smbd/process_single.c
+++ b/source4/smbd/process_single.c
@@ -99,7 +99,7 @@ static void single_new_task(struct tevent_context *ev,
/* called when a task goes down */
static void single_terminate(struct tevent_context *ev, struct loadparm_context *lp_ctx, const char *reason)
{
- DEBUG(2,("single_terminate: reason[%s]\n",reason));
+ DEBUG(3,("single_terminate: reason[%s]\n",reason));
}
/* called to set a title of a task or connection */
diff --git a/source4/smbd/process_standard.c b/source4/smbd/process_standard.c
index ab5ad5760c..145cbc0a2b 100644
--- a/source4/smbd/process_standard.c
+++ b/source4/smbd/process_standard.c
@@ -108,6 +108,9 @@ static void standard_accept_connection(struct tevent_context *ev,
/* This is now the child code. We need a completely new event_context to work with */
ev2 = s4_event_context_init(NULL);
+ /* setup this as the default context */
+ s4_event_context_set_default(ev2);
+
/* the service has given us a private pointer that
encapsulates the context it needs for this new connection -
everything else will be freed */
@@ -179,6 +182,9 @@ static void standard_new_task(struct tevent_context *ev,
/* This is now the child code. We need a completely new event_context to work with */
ev2 = s4_event_context_init(NULL);
+ /* setup this as the default context */
+ s4_event_context_set_default(ev2);
+
/* the service has given us a private pointer that
encapsulates the context it needs for this new connection -
everything else will be freed */
diff --git a/source4/smbd/server.c b/source4/smbd/server.c
index e73cdfd659..99e9c68a87 100644
--- a/source4/smbd/server.c
+++ b/source4/smbd/server.c
@@ -376,6 +376,9 @@ static int binary_smbd_main(const char *binary_name, int argc, const char *argv[
should hang off that */
event_ctx = s4_event_context_init(talloc_autofree_context());
+ /* setup this as the default context */
+ s4_event_context_set_default(event_ctx);
+
if (event_ctx == NULL) {
DEBUG(0,("Initializing event context failed\n"));
return 1;
diff --git a/source4/torture/raw/lock.c b/source4/torture/raw/lock.c
index 7eb461048b..6c86a6f615 100644
--- a/source4/torture/raw/lock.c
+++ b/source4/torture/raw/lock.c
@@ -80,10 +80,14 @@
#define TARGET_SUPPORTS_INVALID_LOCK_RANGE(_tctx) \
(torture_setting_bool(_tctx, "invalid_lock_range_support", true))
+#define TARGET_SUPPORTS_SMBEXIT(_tctx) \
+ (torture_setting_bool(_tctx, "smbexit_pdu_support", true))
#define TARGET_SUPPORTS_SMBLOCK(_tctx) \
(torture_setting_bool(_tctx, "smblock_pdu_support", true))
#define TARGET_SUPPORTS_OPENX_DENY_DOS(_tctx) \
(torture_setting_bool(_tctx, "openx_deny_dos_support", true))
+#define TARGET_RETURNS_RANGE_NOT_LOCKED(_tctx) \
+ (torture_setting_bool(_tctx, "range_not_locked_on_file_close", true))
/*
test SMBlock and SMBunlock ops
*/
@@ -786,7 +790,10 @@ static bool test_async(struct torture_context *tctx,
CHECK_STATUS(status, NT_STATUS_OK);
status = smbcli_request_simple_recv(req);
- CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+ if (TARGET_RETURNS_RANGE_NOT_LOCKED(tctx))
+ CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+ else
+ CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
torture_assert(tctx,!(time(NULL) > t+2), talloc_asprintf(tctx,
"lock cancel by close was not immediate (%s)\n", __location__));
@@ -816,46 +823,57 @@ static bool test_async(struct torture_context *tctx,
tree->tid = tcon.tconx.out.tid;
torture_comment(tctx, "testing cancel by exit\n");
- fname = BASEDIR "\\test_exit.txt";
- fnum = smbcli_open(tree, fname, O_RDWR|O_CREAT, DENY_NONE);
- torture_assert(tctx,(fnum != -1), talloc_asprintf(tctx,
- "Failed to reopen %s - %s\n",
- fname, smbcli_errstr(tree)));
-
- io.lockx.level = RAW_LOCK_LOCKX;
- io.lockx.in.file.fnum = fnum;
- io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
- io.lockx.in.timeout = 0;
- io.lockx.in.ulock_cnt = 0;
- io.lockx.in.lock_cnt = 1;
- lock[0].pid = session->pid;
- lock[0].offset = 100;
- lock[0].count = 10;
- io.lockx.in.locks = &lock[0];
- status = smb_raw_lock(tree, &io);
- CHECK_STATUS(status, NT_STATUS_OK);
-
- io.lockx.in.ulock_cnt = 0;
- io.lockx.in.lock_cnt = 1;
- io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
- io.lockx.in.timeout = 0;
- status = smb_raw_lock(tree, &io);
- CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+ if (TARGET_SUPPORTS_SMBEXIT(tctx)) {
+ fname = BASEDIR "\\test_exit.txt";
+ fnum = smbcli_open(tree, fname, O_RDWR|O_CREAT, DENY_NONE);
+ torture_assert(tctx,(fnum != -1), talloc_asprintf(tctx,
+ "Failed to reopen %s - %s\n",
+ fname, smbcli_errstr(tree)));
+
+ io.lockx.level = RAW_LOCK_LOCKX;
+ io.lockx.in.file.fnum = fnum;
+ io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+ io.lockx.in.timeout = 0;
+ io.lockx.in.ulock_cnt = 0;
+ io.lockx.in.lock_cnt = 1;
+ lock[0].pid = session->pid;
+ lock[0].offset = 100;
+ lock[0].count = 10;
+ io.lockx.in.locks = &lock[0];
+ status = smb_raw_lock(tree, &io);
+ CHECK_STATUS(status, NT_STATUS_OK);
- io.lockx.in.timeout = 10000;
- t = time(NULL);
- req = smb_raw_lock_send(tree, &io);
- torture_assert(tctx,(req != NULL), talloc_asprintf(tctx,
- "Failed to setup timed lock (%s)\n", __location__));
+ io.lockx.in.ulock_cnt = 0;
+ io.lockx.in.lock_cnt = 1;
+ io.lockx.in.mode = LOCKING_ANDX_LARGE_FILES;
+ io.lockx.in.timeout = 0;
+ status = smb_raw_lock(tree, &io);
+ CHECK_STATUS(status, NT_STATUS_LOCK_NOT_GRANTED);
+
+ io.lockx.in.timeout = 10000;
+ t = time(NULL);
+ req = smb_raw_lock_send(tree, &io);
+ torture_assert(tctx,(req != NULL), talloc_asprintf(tctx,
+ "Failed to setup timed lock (%s)\n",
+ __location__));
+
+ status = smb_raw_exit(session);
+ CHECK_STATUS(status, NT_STATUS_OK);
- status = smb_raw_exit(session);
- CHECK_STATUS(status, NT_STATUS_OK);
+ status = smbcli_request_simple_recv(req);
+ if (TARGET_RETURNS_RANGE_NOT_LOCKED(tctx))
+ CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+ else
+ CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
- status = smbcli_request_simple_recv(req);
- CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
-
- torture_assert(tctx,!(time(NULL) > t+2), talloc_asprintf(tctx,
- "lock cancel by exit was not immediate (%s)\n", __location__));
+ torture_assert(tctx,!(time(NULL) > t+2), talloc_asprintf(tctx,
+ "lock cancel by exit was not immediate (%s)\n",
+ __location__));
+ }
+ else {
+ torture_comment(tctx,
+ " skipping test, SMBExit not supported\n");
+ }
torture_comment(tctx, "testing cancel by ulogoff\n");
fname = BASEDIR "\\test_ulogoff.txt";
@@ -894,15 +912,20 @@ static bool test_async(struct torture_context *tctx,
CHECK_STATUS(status, NT_STATUS_OK);
status = smbcli_request_simple_recv(req);
- if (NT_STATUS_EQUAL(NT_STATUS_FILE_LOCK_CONFLICT, status)) {
- torture_result(tctx, TORTURE_FAIL,
- "lock not canceled by ulogoff - %s (ignored because of vfs_vifs fails it)\n",
- nt_errstr(status));
- smb_tree_disconnect(tree);
- smb_raw_exit(session);
- goto done;
+ if (TARGET_RETURNS_RANGE_NOT_LOCKED(tctx)) {
+ if (NT_STATUS_EQUAL(NT_STATUS_FILE_LOCK_CONFLICT, status)) {
+ torture_result(tctx, TORTURE_FAIL,
+ "lock not canceled by ulogoff - %s "
+ "(ignored because of vfs_vifs fails it)\n",
+ nt_errstr(status));
+ smb_tree_disconnect(tree);
+ smb_raw_exit(session);
+ goto done;
+ }
+ CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+ } else {
+ CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
}
- CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
torture_assert(tctx,!(time(NULL) > t+2), talloc_asprintf(tctx,
"lock cancel by ulogoff was not immediate (%s)\n", __location__));
@@ -942,7 +965,10 @@ static bool test_async(struct torture_context *tctx,
CHECK_STATUS(status, NT_STATUS_OK);
status = smbcli_request_simple_recv(req);
- CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+ if (TARGET_RETURNS_RANGE_NOT_LOCKED(tctx))
+ CHECK_STATUS(status, NT_STATUS_RANGE_NOT_LOCKED);
+ else
+ CHECK_STATUS(status, NT_STATUS_FILE_LOCK_CONFLICT);
torture_assert(tctx,!(time(NULL) > t+2), talloc_asprintf(tctx,
"lock cancel by tdis was not immediate (%s)\n", __location__));
diff --git a/source4/torture/raw/open.c b/source4/torture/raw/open.c
index 8c4311b530..e37fd8e09a 100644
--- a/source4/torture/raw/open.c
+++ b/source4/torture/raw/open.c
@@ -1879,6 +1879,203 @@ done:
return ret;
}
+/**
+ * Test what happens when trying to open a file with directory parameters and
+ * vice-versa. Also test that NTCREATEX_OPTIONS_DIRECTORY is treated as
+ * mandatory and FILE_ATTRIBUTE_DIRECTORY is advisory for directory
+ * creation/opening.
+ */
+static bool test_ntcreatexdir(struct torture_context *tctx,
+ struct smbcli_state *cli)
+{
+ union smb_open io;
+ union smb_fileinfo finfo;
+ const char *fname = BASEDIR "\\torture_ntcreatex.txt";
+ const char *dname = BASEDIR "\\torture_ntcreatex_dir";
+ NTSTATUS status, expected_status;
+ bool ret = true;
+ int i;
+ uint32_t access_mask = 0;
+
+ struct {
+ uint32_t open_disp;
+ uint32_t file_attr;
+ uint32_t create_options;
+ NTSTATUS correct_status;
+ } open_funcs[] = {
+ { NTCREATEX_DISP_SUPERSEDE, 0, NTCREATEX_OPTIONS_DIRECTORY,
+ NT_STATUS_INVALID_PARAMETER },
+ { NTCREATEX_DISP_OPEN, 0, NTCREATEX_OPTIONS_DIRECTORY,
+ NT_STATUS_OBJECT_NAME_NOT_FOUND },
+ { NTCREATEX_DISP_CREATE, 0, NTCREATEX_OPTIONS_DIRECTORY,
+ NT_STATUS_OK },
+ { NTCREATEX_DISP_OPEN_IF, 0, NTCREATEX_OPTIONS_DIRECTORY,
+ NT_STATUS_OK },
+ { NTCREATEX_DISP_OVERWRITE, 0, NTCREATEX_OPTIONS_DIRECTORY,
+ NT_STATUS_INVALID_PARAMETER },
+ { NTCREATEX_DISP_OVERWRITE_IF, 0, NTCREATEX_OPTIONS_DIRECTORY,
+ NT_STATUS_INVALID_PARAMETER },
+ { NTCREATEX_DISP_SUPERSEDE, FILE_ATTRIBUTE_DIRECTORY, 0,
+ NT_STATUS_OK },
+ { NTCREATEX_DISP_OPEN, FILE_ATTRIBUTE_DIRECTORY, 0,
+ NT_STATUS_OBJECT_NAME_NOT_FOUND },
+ { NTCREATEX_DISP_CREATE, FILE_ATTRIBUTE_DIRECTORY, 0,
+ NT_STATUS_OK },
+ { NTCREATEX_DISP_OPEN_IF, FILE_ATTRIBUTE_DIRECTORY, 0,
+ NT_STATUS_OK },
+ { NTCREATEX_DISP_OVERWRITE, FILE_ATTRIBUTE_DIRECTORY, 0,
+ NT_STATUS_OBJECT_NAME_NOT_FOUND },
+ { NTCREATEX_DISP_OVERWRITE_IF, FILE_ATTRIBUTE_DIRECTORY, 0,
+ NT_STATUS_OK },
+
+ };
+
+ if (!torture_setup_dir(cli, BASEDIR)) {
+ return false;
+ }
+
+ /* setup some base params. */
+ io.generic.level = RAW_OPEN_NTCREATEX;
+ io.ntcreatex.in.flags = NTCREATEX_FLAGS_EXTENDED;
+ io.ntcreatex.in.root_fid.fnum = 0;
+ io.ntcreatex.in.access_mask = SEC_RIGHTS_FILE_ALL;
+ io.ntcreatex.in.alloc_size = 0;
+ io.ntcreatex.in.share_access = NTCREATEX_SHARE_ACCESS_NONE;
+ io.ntcreatex.in.impersonation = NTCREATEX_IMPERSONATION_ANONYMOUS;
+ io.ntcreatex.in.security_flags = 0;
+ io.ntcreatex.in.fname = fname;
+
+ /*
+ * Test the validity checking for create dispositions, which is done
+ * against the requested parameters rather than what's actually on
+ * disk.
+ */
+ for (i=0; i<ARRAY_SIZE(open_funcs); i++) {
+ io.ntcreatex.in.open_disposition = open_funcs[i].open_disp;
+ io.ntcreatex.in.file_attr = open_funcs[i].file_attr;
+ io.ntcreatex.in.create_options = open_funcs[i].create_options;
+ status = smb_raw_open(cli->tree, tctx, &io);
+ if (!NT_STATUS_EQUAL(status, open_funcs[i].correct_status)) {
+ torture_result(tctx, TORTURE_FAIL,
+ "(%s) incorrect status %s should be %s "
+ "(i=%d open_disp=%d)\n",
+ __location__, nt_errstr(status),
+ nt_errstr(open_funcs[i].correct_status),
+ i, (int)open_funcs[i].open_disp);
+ ret = false;
+ }
+ /* Close and delete the file. */
+ if (NT_STATUS_IS_OK(status)) {
+ if (open_funcs[i].create_options != 0) {
+ /* out attrib should be a directory. */
+ torture_assert_int_equal(tctx,
+ io.ntcreatex.out.attrib,
+ FILE_ATTRIBUTE_DIRECTORY, "should have "
+ "created a directory");
+
+ smbcli_close(cli->tree,
+ io.ntcreatex.out.file.fnum);
+
+ /* Make sure unlink fails. */
+ status = smbcli_unlink(cli->tree, fname);
+ torture_assert_ntstatus_equal(tctx, status,
+ NT_STATUS_FILE_IS_A_DIRECTORY,
+ "unlink should fail for a directory");
+
+ status = smbcli_rmdir(cli->tree, fname);
+ torture_assert_ntstatus_ok(tctx, status,
+ "rmdir failed");
+ } else {
+ torture_assert_int_equal(tctx,
+ io.ntcreatex.out.attrib,
+ FILE_ATTRIBUTE_ARCHIVE, "should not have "
+ "created a directory");
+
+ smbcli_close(cli->tree,
+ io.ntcreatex.out.file.fnum);
+
+ /* Make sure rmdir fails. */
+ status = smbcli_rmdir(cli->tree, fname);
+ torture_assert_ntstatus_equal(tctx, status,
+ NT_STATUS_NOT_A_DIRECTORY,
+ "rmdir should fail for a file");
+
+ status = smbcli_unlink(cli->tree, fname);
+ torture_assert_ntstatus_ok(tctx, status,
+ "unlink failed");
+ }
+ }
+ }
+
+ /* Create a file. */
+ io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+ io.ntcreatex.in.create_options = 0;
+ io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+ status = smb_raw_open(cli->tree, tctx, &io);
+ torture_assert_ntstatus_ok(tctx, status, "Failed to create file.");
+ smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+
+ /* Try and open the file with file_attr_dir and check the error. */
+ io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_DIRECTORY;
+ io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+
+ status = smb_raw_open(cli->tree, tctx, &io);
+ torture_assert_ntstatus_ok(tctx, status, "FILE_ATTRIBUTE_DIRECTORY "
+ "doesn't produce a hard failure.");
+ smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+
+ /* Try and open file with createx_option_dir and check the error. */
+ io.ntcreatex.in.file_attr = 0;
+ io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+
+ status = smb_raw_open(cli->tree, tctx, &io);
+ torture_assert_ntstatus_equal(tctx, status, NT_STATUS_NOT_A_DIRECTORY,
+ "NTCREATEX_OPTIONS_DIRECTORY will a file from being opened.");
+ smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+
+ /* Delete the file and move onto directory testing. */
+ smbcli_unlink(cli->tree, fname);
+
+ /* Now try some tests on a directory. */
+ io.ntcreatex.in.open_disposition = NTCREATEX_DISP_CREATE;
+ io.ntcreatex.in.file_attr = 0;
+ io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_DIRECTORY;
+ io.ntcreatex.in.fname = dname;
+
+ status = smb_raw_open(cli->tree, tctx, &io);
+ torture_assert_ntstatus_ok(tctx, status, "Failed to create dir.");
+
+ /* out attrib should be a directory. */
+ torture_assert_int_equal(tctx, io.ntcreatex.out.attrib,
+ FILE_ATTRIBUTE_DIRECTORY, "should have created a directory");
+
+ smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+
+ /* Try and open it with normal attr and check the error. */
+ io.ntcreatex.in.file_attr = FILE_ATTRIBUTE_NORMAL;
+ io.ntcreatex.in.open_disposition = NTCREATEX_DISP_OPEN;
+
+ status = smb_raw_open(cli->tree, tctx, &io);
+ torture_assert_ntstatus_ok(tctx, status, "FILE_ATTRIBUTE_NORMAL "
+ "doesn't produce a hard failure.");
+ smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+
+ /* Try and open it with file create_options and check the error. */
+ io.ntcreatex.in.file_attr = 0;
+ io.ntcreatex.in.create_options = NTCREATEX_OPTIONS_NON_DIRECTORY_FILE;
+
+ status = smb_raw_open(cli->tree, tctx, &io);
+ torture_assert_ntstatus_equal(tctx, status,
+ NT_STATUS_FILE_IS_A_DIRECTORY,
+ "NTCREATEX_OPTIONS_NON_DIRECTORY_FILE should be returned ");
+ smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+
+done:
+ smbcli_close(cli->tree, io.ntcreatex.out.file.fnum);
+ smbcli_deltree(cli->tree, BASEDIR);
+
+ return ret;
+}
/* basic testing of all RAW_OPEN_* calls
*/
@@ -1902,6 +2099,7 @@ struct torture_suite *torture_raw_open(TALLOC_CTX *mem_ctx)
torture_suite_add_1smb_test(suite, "OPENX-OVER-DIR", test_openx_over_dir);
torture_suite_add_1smb_test(suite, "OPEN-FOR-DELETE", test_open_for_delete);
torture_suite_add_1smb_test(suite, "OPENDISP-DIR", test_ntcreatex_opendisp_dir);
+ torture_suite_add_1smb_test(suite, "NTCREATEDIR", test_ntcreatexdir);
return suite;
}
diff --git a/source4/torture/rpc/rpc.c b/source4/torture/rpc/rpc.c
index 3362bad605..2ab0d12743 100644
--- a/source4/torture/rpc/rpc.c
+++ b/source4/torture/rpc/rpc.c
@@ -462,6 +462,7 @@ NTSTATUS torture_rpc_init(void)
torture_suite_add_suite(suite, torture_rpc_samr_accessmask(suite));
torture_suite_add_suite(suite, torture_rpc_samr_workstation_auth(suite));
torture_suite_add_suite(suite, torture_rpc_samr_passwords_pwdlastset(suite));
+ torture_suite_add_suite(suite, torture_rpc_samr_passwords_badpwdcount(suite));
torture_suite_add_suite(suite, torture_rpc_samr_user_privileges(suite));
torture_suite_add_suite(suite, torture_rpc_samr_large_dc(suite));
torture_suite_add_suite(suite, torture_rpc_epmapper(suite));
diff --git a/source4/torture/rpc/samr.c b/source4/torture/rpc/samr.c
index b5aa761b79..8b466e8ef0 100644
--- a/source4/torture/rpc/samr.c
+++ b/source4/torture/rpc/samr.c
@@ -4,7 +4,7 @@
Copyright (C) Andrew Tridgell 2003
Copyright (C) Andrew Bartlett <abartlet@samba.org> 2003
- Copyright (C) Guenther Deschner 2008,2009
+ Copyright (C) Guenther Deschner 2008-2010
This program is free software; you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
@@ -33,6 +33,10 @@
#include "libcli/security/security.h"
#include "torture/rpc/rpc.h"
#include "param/param.h"
+#include "auth/gensec/gensec.h"
+#include "auth/gensec/gensec_proto.h"
+#include "../libcli/auth/schannel.h"
+#include "auth/gensec/schannel_state.h"
#include <unistd.h>
@@ -46,6 +50,7 @@
enum torture_samr_choice {
TORTURE_SAMR_PASSWORDS,
TORTURE_SAMR_PASSWORDS_PWDLASTSET,
+ TORTURE_SAMR_PASSWORDS_BADPWDCOUNT,
TORTURE_SAMR_USER_ATTRIBUTES,
TORTURE_SAMR_USER_PRIVILEGES,
TORTURE_SAMR_OTHER,
@@ -2634,11 +2639,13 @@ static bool test_GetAliasMembership(struct dcerpc_pipe *p,
/* only true for w2k8 it seems
* win7, xp, w2k3 will return a 0 length array pointer */
- torture_assert(tctx, (rids.ids && !rids.count),
- "samr_GetAliasMembership protocol misbehaviour");
+ if (rids.ids && (rids.count == 0)) {
+ torture_fail(tctx, "samr_GetAliasMembership returned 0 count and a rids array");
+ }
#endif
- torture_assert(tctx, (!rids.ids && rids.count),
- "samr_GetAliasMembership protocol misbehaviour");
+ if (!rids.ids && rids.count) {
+ torture_fail(tctx, "samr_GetAliasMembership returned non-0 count but no rids");
+ }
return true;
}
@@ -2730,17 +2737,24 @@ static bool test_QueryUserInfo_pwdlastset(struct dcerpc_pipe *p,
static bool test_SamLogon(struct torture_context *tctx,
struct dcerpc_pipe *p,
struct cli_credentials *test_credentials,
- NTSTATUS expected_result)
+ NTSTATUS expected_result,
+ bool interactive)
{
NTSTATUS status;
struct netr_LogonSamLogonEx r;
union netr_LogonLevel logon;
union netr_Validation validation;
uint8_t authoritative;
+ struct netr_IdentityInfo identity;
struct netr_NetworkInfo ninfo;
+ struct netr_PasswordInfo pinfo;
DATA_BLOB names_blob, chal, lm_resp, nt_resp;
int flags = CLI_CRED_NTLM_AUTH;
uint32_t samlogon_flags = 0;
+ struct netlogon_creds_CredentialState *creds;
+ struct netr_Authenticator a;
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_schannel_creds(p->conn->security_state.generic_state, tctx, &creds), "");
if (lp_client_lanman_auth(tctx->lp_ctx)) {
flags |= CLI_CRED_LANMAN_AUTH;
@@ -2751,50 +2765,74 @@ static bool test_SamLogon(struct torture_context *tctx,
}
cli_credentials_get_ntlm_username_domain(test_credentials, tctx,
- &ninfo.identity_info.account_name.string,
- &ninfo.identity_info.domain_name.string);
+ &identity.account_name.string,
+ &identity.domain_name.string);
+
+ identity.parameter_control =
+ MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT |
+ MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT;
+ identity.logon_id_low = 0;
+ identity.logon_id_high = 0;
+ identity.workstation.string = cli_credentials_get_workstation(test_credentials);
+
+ if (interactive) {
+ netlogon_creds_client_authenticator(creds, &a);
+
+ if (!E_deshash(cli_credentials_get_password(test_credentials), pinfo.lmpassword.hash)) {
+ ZERO_STRUCT(pinfo.lmpassword.hash);
+ }
+ E_md4hash(cli_credentials_get_password(test_credentials), pinfo.ntpassword.hash);
+
+ if (creds->negotiate_flags & NETLOGON_NEG_ARCFOUR) {
+ netlogon_creds_arcfour_crypt(creds, pinfo.lmpassword.hash, 16);
+ netlogon_creds_arcfour_crypt(creds, pinfo.ntpassword.hash, 16);
+ } else {
+ netlogon_creds_des_encrypt(creds, &pinfo.lmpassword);
+ netlogon_creds_des_encrypt(creds, &pinfo.ntpassword);
+ }
- generate_random_buffer(ninfo.challenge,
- sizeof(ninfo.challenge));
- chal = data_blob_const(ninfo.challenge,
- sizeof(ninfo.challenge));
+ pinfo.identity_info = identity;
+ logon.password = &pinfo;
- names_blob = NTLMv2_generate_names_blob(tctx, cli_credentials_get_workstation(test_credentials),
- cli_credentials_get_domain(test_credentials));
+ r.in.logon_level = NetlogonInteractiveInformation;
+ } else {
+ generate_random_buffer(ninfo.challenge,
+ sizeof(ninfo.challenge));
+ chal = data_blob_const(ninfo.challenge,
+ sizeof(ninfo.challenge));
- status = cli_credentials_get_ntlm_response(test_credentials, tctx,
- &flags,
- chal,
- names_blob,
- &lm_resp, &nt_resp,
- NULL, NULL);
- torture_assert_ntstatus_ok(tctx, status, "cli_credentials_get_ntlm_response failed");
+ names_blob = NTLMv2_generate_names_blob(tctx, cli_credentials_get_workstation(test_credentials),
+ cli_credentials_get_domain(test_credentials));
- ninfo.lm.data = lm_resp.data;
- ninfo.lm.length = lm_resp.length;
+ status = cli_credentials_get_ntlm_response(test_credentials, tctx,
+ &flags,
+ chal,
+ names_blob,
+ &lm_resp, &nt_resp,
+ NULL, NULL);
+ torture_assert_ntstatus_ok(tctx, status, "cli_credentials_get_ntlm_response failed");
- ninfo.nt.data = nt_resp.data;
- ninfo.nt.length = nt_resp.length;
+ ninfo.lm.data = lm_resp.data;
+ ninfo.lm.length = lm_resp.length;
- ninfo.identity_info.parameter_control =
- MSV1_0_ALLOW_SERVER_TRUST_ACCOUNT |
- MSV1_0_ALLOW_WORKSTATION_TRUST_ACCOUNT;
- ninfo.identity_info.logon_id_low = 0;
- ninfo.identity_info.logon_id_high = 0;
- ninfo.identity_info.workstation.string = cli_credentials_get_workstation(test_credentials);
+ ninfo.nt.data = nt_resp.data;
+ ninfo.nt.length = nt_resp.length;
- logon.network = &ninfo;
+ ninfo.identity_info = identity;
+ logon.network = &ninfo;
+
+ r.in.logon_level = NetlogonNetworkInformation;
+ }
r.in.server_name = talloc_asprintf(tctx, "\\\\%s", dcerpc_server_name(p));
r.in.computer_name = cli_credentials_get_workstation(test_credentials);
- r.in.logon_level = NetlogonNetworkInformation;
r.in.logon = &logon;
r.in.flags = &samlogon_flags;
r.out.flags = &samlogon_flags;
r.out.validation = &validation;
r.out.authoritative = &authoritative;
- torture_comment(tctx, "Testing LogonSamLogon with name %s\n", ninfo.identity_info.account_name.string);
+ torture_comment(tctx, "Testing LogonSamLogon with name %s\n", identity.account_name.string);
r.in.validation_level = 6;
@@ -2818,7 +2856,8 @@ static bool test_SamLogon_with_creds(struct torture_context *tctx,
struct cli_credentials *machine_creds,
const char *acct_name,
char *password,
- NTSTATUS expected_samlogon_result)
+ NTSTATUS expected_samlogon_result,
+ bool interactive)
{
bool ret = true;
struct cli_credentials *test_credentials;
@@ -2834,11 +2873,11 @@ static bool test_SamLogon_with_creds(struct torture_context *tctx,
cli_credentials_set_password(test_credentials,
password, CRED_SPECIFIED);
- torture_comment(tctx, "testing samlogon as %s password: %s\n",
- acct_name, password);
+ torture_comment(tctx, "testing samlogon (%s) as %s password: %s\n",
+ interactive ? "interactive" : "network", acct_name, password);
if (!test_SamLogon(tctx, p, test_credentials,
- expected_samlogon_result)) {
+ expected_samlogon_result, interactive)) {
torture_warning(tctx, "new password did not work\n");
ret = false;
}
@@ -2904,7 +2943,8 @@ static bool test_SetPassword_level(struct dcerpc_pipe *p,
machine_creds,
acct_name,
*password,
- expected_samlogon_result)) {
+ expected_samlogon_result,
+ false)) {
ret = false;
}
@@ -3337,6 +3377,428 @@ static bool test_SetPassword_pwdlastset(struct dcerpc_pipe *p,
return ret;
}
+static bool test_QueryUserInfo_badpwdcount(struct dcerpc_pipe *p,
+ struct torture_context *tctx,
+ struct policy_handle *handle,
+ uint32_t *badpwdcount)
+{
+ union samr_UserInfo *info;
+ struct samr_QueryUserInfo r;
+
+ r.in.user_handle = handle;
+ r.in.level = 3;
+ r.out.info = &info;
+
+ torture_comment(tctx, "Testing QueryUserInfo level %d", r.in.level);
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_samr_QueryUserInfo(p, tctx, &r),
+ "failed to query userinfo");
+
+ *badpwdcount = info->info3.bad_password_count;
+
+ torture_comment(tctx, " (bad password count: %d)\n", *badpwdcount);
+
+ return true;
+}
+
+static bool test_reset_badpwdcount(struct dcerpc_pipe *p,
+ struct torture_context *tctx,
+ struct policy_handle *user_handle,
+ uint32_t acct_flags,
+ char **password)
+{
+ struct samr_SetUserInfo r;
+ union samr_UserInfo user_info;
+
+ torture_assert(tctx, test_SetUserPass(p, tctx, user_handle, password),
+ "failed to set password");
+
+ torture_comment(tctx, "Testing SetUserInfo level 16 (enable account)\n");
+
+ user_info.info16.acct_flags = acct_flags;
+ user_info.info16.acct_flags &= ~ACB_DISABLED;
+
+ r.in.user_handle = user_handle;
+ r.in.level = 16;
+ r.in.info = &user_info;
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo(p, tctx, &r),
+ "failed to enable user");
+
+ torture_assert(tctx, test_SetUserPass(p, tctx, user_handle, password),
+ "failed to set password");
+
+ return true;
+}
+
+static bool test_Password_badpwdcount(struct dcerpc_pipe *p,
+ struct dcerpc_pipe *np,
+ struct torture_context *tctx,
+ uint32_t acct_flags,
+ const char *acct_name,
+ struct policy_handle *domain_handle,
+ struct policy_handle *user_handle,
+ char **password,
+ struct cli_credentials *machine_credentials,
+ const char *comment,
+ bool disable,
+ bool interactive,
+ NTSTATUS expected_success_status,
+ struct samr_DomInfo1 *info1,
+ struct samr_DomInfo12 *info12)
+{
+ union samr_DomainInfo info;
+ char **passwords;
+ int i;
+ uint32_t badpwdcount, tmp;
+ uint32_t password_history_length = 12;
+ uint32_t lockout_threshold = 15;
+
+ torture_comment(tctx, "\nTesting bad pwd count with: %s\n", comment);
+
+ torture_assert(tctx, password_history_length < lockout_threshold,
+ "password history length needs to be smaller than account lockout threshold for this test");
+
+
+ /* set policies */
+
+ info.info1 = *info1;
+
+ info.info1.password_history_length = password_history_length;
+
+ {
+ struct samr_SetDomainInfo r;
+
+ r.in.domain_handle = domain_handle;
+ r.in.level = DomainPasswordInformation;
+ r.in.info = &info;
+
+ torture_assert_ntstatus_ok(tctx,
+ dcerpc_samr_SetDomainInfo(p, tctx, &r),
+ "failed to set domain info level 1");
+ }
+
+ info.info12 = *info12;
+
+ info.info12.lockout_threshold = lockout_threshold;
+
+ {
+ struct samr_SetDomainInfo r;
+
+ r.in.domain_handle = domain_handle;
+ r.in.level = DomainLockoutInformation;
+ r.in.info = &info;
+
+ torture_assert_ntstatus_ok(tctx,
+ dcerpc_samr_SetDomainInfo(p, tctx, &r),
+ "failed to set domain info level 12");
+ }
+
+ /* reset bad pwd count */
+
+ torture_assert(tctx,
+ test_reset_badpwdcount(p, tctx, user_handle, acct_flags, password), "");
+
+
+ /* enable or disable account */
+ {
+ struct samr_SetUserInfo r;
+ union samr_UserInfo user_info;
+
+ torture_comment(tctx, "Testing SetUserInfo level 16 (%s account)\n",
+ disable ? "disable" : "enable");
+
+ user_info.info16.acct_flags = acct_flags;
+ if (disable) {
+ user_info.info16.acct_flags |= ACB_DISABLED;
+ } else {
+ user_info.info16.acct_flags &= ~ACB_DISABLED;
+ }
+
+ r.in.user_handle = user_handle;
+ r.in.level = 16;
+ r.in.info = &user_info;
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_samr_SetUserInfo(p, tctx, &r),
+ "failed to enable user");
+ }
+
+
+ /* setup password history */
+
+ passwords = talloc_array(tctx, char *, password_history_length);
+
+ for (i=0; i < password_history_length; i++) {
+
+ torture_assert(tctx, test_SetUserPass(p, tctx, user_handle, password),
+ "failed to set password");
+ passwords[i] = talloc_strdup(tctx, *password);
+
+ if (!test_SamLogon_with_creds(tctx, np, machine_credentials,
+ acct_name, passwords[i],
+ expected_success_status, interactive)) {
+ torture_fail(tctx, "failed to auth with latest password");
+ }
+
+ torture_assert(tctx,
+ test_QueryUserInfo_badpwdcount(p, tctx, user_handle, &badpwdcount), "");
+
+ torture_assert_int_equal(tctx, badpwdcount, 0, "expected badpwdcount to be 0");
+ }
+
+
+ /* test with wrong password */
+
+ if (!test_SamLogon_with_creds(tctx, np, machine_credentials,
+ acct_name, "random_crap",
+ NT_STATUS_WRONG_PASSWORD, interactive)) {
+ torture_fail(tctx, "succeeded to authenticate with wrong password");
+ }
+
+ torture_assert(tctx,
+ test_QueryUserInfo_badpwdcount(p, tctx, user_handle, &badpwdcount), "");
+
+ torture_assert_int_equal(tctx, badpwdcount, 1, "expected badpwdcount to be 1");
+
+
+ /* test with latest good password */
+
+ if (!test_SamLogon_with_creds(tctx, np, machine_credentials, acct_name,
+ passwords[password_history_length-1],
+ expected_success_status, interactive)) {
+ torture_fail(tctx, "succeeded to authenticate with wrong password");
+ }
+
+ torture_assert(tctx,
+ test_QueryUserInfo_badpwdcount(p, tctx, user_handle, &badpwdcount), "");
+
+ if (disable) {
+ torture_assert_int_equal(tctx, badpwdcount, 1, "expected badpwdcount to be 1");
+ } else {
+ /* only enabled accounts get the bad pwd count reset upon
+ * successful logon */
+ torture_assert_int_equal(tctx, badpwdcount, 0, "expected badpwdcount to be 0");
+ }
+
+ tmp = badpwdcount;
+
+
+ /* test password history */
+
+ for (i=0; i < password_history_length; i++) {
+
+ torture_comment(tctx, "Testing bad password count behavior with "
+ "password #%d of #%d\n", i, password_history_length);
+
+ /* - network samlogon will succeed auth and not
+ * increase badpwdcount for 2 last entries
+ * - interactive samlogon only for the last one */
+
+ if (i == password_history_length - 1 ||
+ (i == password_history_length - 2 && !interactive)) {
+
+ if (!test_SamLogon_with_creds(tctx, np, machine_credentials,
+ acct_name, passwords[i],
+ expected_success_status, interactive)) {
+ torture_fail(tctx, talloc_asprintf(tctx, "succeeded to authenticate with old password (#%d of #%d in history)", i, password_history_length));
+ }
+
+ torture_assert(tctx,
+ test_QueryUserInfo_badpwdcount(p, tctx, user_handle, &badpwdcount), "");
+
+ if (disable) {
+ /* torture_comment(tctx, "expecting bad pwd count to *NOT INCREASE* for pwd history entry %d\n", i); */
+ torture_assert_int_equal(tctx, badpwdcount, tmp, "unexpected badpwdcount");
+ } else {
+ /* torture_comment(tctx, "expecting bad pwd count to be 0 for pwd history entry %d\n", i); */
+ torture_assert_int_equal(tctx, badpwdcount, 0, "expected badpwdcount to be 0");
+ }
+
+ tmp = badpwdcount;
+
+ continue;
+ }
+
+ if (!test_SamLogon_with_creds(tctx, np, machine_credentials,
+ acct_name, passwords[i],
+ NT_STATUS_WRONG_PASSWORD, interactive)) {
+ torture_fail(tctx, talloc_asprintf(tctx, "succeeded to authenticate with old password (#%d of #%d in history)", i, password_history_length));
+ }
+
+ torture_assert(tctx,
+ test_QueryUserInfo_badpwdcount(p, tctx, user_handle, &badpwdcount), "");
+
+ /* - network samlogon will fail auth but not increase
+ * badpwdcount for 3rd last entry
+ * - interactive samlogon for 3rd and 2nd last entry */
+
+ if (i == password_history_length - 3 ||
+ (i == password_history_length - 2 && interactive)) {
+ /* torture_comment(tctx, "expecting bad pwd count to *NOT INCREASE * by one for pwd history entry %d\n", i); */
+ torture_assert_int_equal(tctx, badpwdcount, tmp, "unexpected badpwdcount");
+ } else {
+ /* torture_comment(tctx, "expecting bad pwd count to increase by one for pwd history entry %d\n", i); */
+ torture_assert_int_equal(tctx, badpwdcount, tmp + 1, "unexpected badpwdcount");
+ }
+
+ tmp = badpwdcount;
+ }
+
+ return true;
+}
+
+static bool test_Password_badpwdcount_wrap(struct dcerpc_pipe *p,
+ struct torture_context *tctx,
+ uint32_t acct_flags,
+ const char *acct_name,
+ struct policy_handle *domain_handle,
+ struct policy_handle *user_handle,
+ char **password,
+ struct cli_credentials *machine_credentials)
+{
+ union samr_DomainInfo *q_info, s_info;
+ struct samr_DomInfo1 info1, _info1;
+ struct samr_DomInfo12 info12, _info12;
+ bool ret = true;
+ struct dcerpc_binding *b;
+ struct dcerpc_pipe *np;
+ int i;
+
+ struct {
+ const char *comment;
+ bool disabled;
+ bool interactive;
+ NTSTATUS expected_success_status;
+ } creds[] = {
+ {
+ .comment = "network logon (disabled account)",
+ .disabled = true,
+ .interactive = false,
+ .expected_success_status= NT_STATUS_ACCOUNT_DISABLED
+ },
+ {
+ .comment = "network logon (enabled account)",
+ .disabled = false,
+ .interactive = false,
+ .expected_success_status= NT_STATUS_OK
+ },
+ {
+ .comment = "interactive logon (disabled account)",
+ .disabled = true,
+ .interactive = true,
+ .expected_success_status= NT_STATUS_ACCOUNT_DISABLED
+ },
+ {
+ .comment = "interactive logon (enabled account)",
+ .disabled = false,
+ .interactive = true,
+ .expected_success_status= NT_STATUS_OK
+ },
+ };
+
+ /* setup netlogon schannel pipe */
+
+ torture_assert_ntstatus_ok(tctx, torture_rpc_binding(tctx, &b), "failed to obtain rpc binding");
+
+ b->flags &= ~DCERPC_AUTH_OPTIONS;
+ b->flags |= DCERPC_SCHANNEL | DCERPC_SIGN | DCERPC_SCHANNEL_128;
+
+ torture_assert_ntstatus_ok(tctx, dcerpc_pipe_connect_b(tctx, &np, b, &ndr_table_netlogon,
+ machine_credentials, tctx->ev, tctx->lp_ctx),
+ "failed to connect to NETLOGON pipe");
+
+ /* backup old policies */
+
+ {
+ struct samr_QueryDomainInfo2 r;
+
+ r.in.domain_handle = domain_handle;
+ r.in.level = DomainPasswordInformation;
+ r.out.info = &q_info;
+
+ torture_assert_ntstatus_ok(tctx,
+ dcerpc_samr_QueryDomainInfo2(p, tctx, &r),
+ "failed to query domain info level 1");
+
+ info1 = q_info->info1;
+ }
+
+ {
+ struct samr_QueryDomainInfo2 r;
+
+ r.in.domain_handle = domain_handle;
+ r.in.level = DomainLockoutInformation;
+ r.out.info = &q_info;
+
+ torture_assert_ntstatus_ok(tctx,
+ dcerpc_samr_QueryDomainInfo2(p, tctx, &r),
+ "failed to query domain info level 12");
+
+ info12 = q_info->info12;
+ }
+
+ _info1 = info1;
+ _info12 = info12;
+
+ /* run tests */
+
+ for (i=0; i < ARRAY_SIZE(creds); i++) {
+
+ /* skip trust tests for now */
+ if (acct_flags & ACB_WSTRUST ||
+ acct_flags & ACB_SVRTRUST ||
+ acct_flags & ACB_DOMTRUST) {
+ continue;
+ }
+
+ ret &= test_Password_badpwdcount(p, np, tctx, acct_flags, acct_name,
+ domain_handle, user_handle, password,
+ machine_credentials,
+ creds[i].comment,
+ creds[i].disabled,
+ creds[i].interactive,
+ creds[i].expected_success_status,
+ &_info1, &_info12);
+ if (!ret) {
+ torture_warning(tctx, "TEST #%d (%s) failed\n", i, creds[i].comment);
+ } else {
+ torture_comment(tctx, "TEST #%d (%s) succeeded\n", i, creds[i].comment);
+ }
+ }
+
+ /* restore policies */
+
+ s_info.info1 = info1;
+
+ {
+ struct samr_SetDomainInfo r;
+
+ r.in.domain_handle = domain_handle;
+ r.in.level = DomainPasswordInformation;
+ r.in.info = &s_info;
+
+ torture_assert_ntstatus_ok(tctx,
+ dcerpc_samr_SetDomainInfo(p, tctx, &r),
+ "failed to set domain info level 1");
+ }
+
+ s_info.info12 = info12;
+
+ {
+ struct samr_SetDomainInfo r;
+
+ r.in.domain_handle = domain_handle;
+ r.in.level = DomainLockoutInformation;
+ r.in.info = &s_info;
+
+ torture_assert_ntstatus_ok(tctx,
+ dcerpc_samr_SetDomainInfo(p, tctx, &r),
+ "failed to set domain info level 12");
+ }
+
+ return ret;
+}
+
static bool test_DeleteUser_with_privs(struct dcerpc_pipe *p,
struct dcerpc_pipe *lp,
struct torture_context *tctx,
@@ -3836,6 +4298,25 @@ static bool test_user_ops(struct dcerpc_pipe *p,
break;
+ case TORTURE_SAMR_PASSWORDS_BADPWDCOUNT:
+
+ /* test bad pwd count change behaviour */
+ if (!test_Password_badpwdcount_wrap(p, tctx, base_acct_flags,
+ base_acct_name,
+ domain_handle,
+ user_handle, &password,
+ machine_credentials)) {
+ ret = false;
+ }
+
+ if (ret == true) {
+ torture_comment(tctx, "badPwdCount test succeeded\n");
+ } else {
+ torture_warning(tctx, "badPwdCount test failed\n");
+ }
+
+ break;
+
case TORTURE_SAMR_USER_PRIVILEGES: {
struct dcerpc_pipe *lp;
@@ -6527,12 +7008,13 @@ static bool test_OpenDomain(struct dcerpc_pipe *p, struct torture_context *tctx,
}
break;
case TORTURE_SAMR_PASSWORDS_PWDLASTSET:
+ case TORTURE_SAMR_PASSWORDS_BADPWDCOUNT:
if (!torture_setting_bool(tctx, "samba3", false)) {
ret &= test_CreateUser2(p, tctx, &domain_handle, sid, ctx->choice, ctx->machine_credentials);
}
ret &= test_CreateUser(p, tctx, &domain_handle, TEST_ACCOUNT_NAME, &user_handle, sid, ctx->choice, ctx->machine_credentials, true);
if (!ret) {
- torture_warning(tctx, "Testing PASSWORDS PWDLASTSET on domain %s failed!\n", dom_sid_string(tctx, sid));
+ torture_warning(tctx, "Testing PASSWORDS PWDLASTSET or BADPWDCOUNT on domain %s failed!\n", dom_sid_string(tctx, sid));
}
break;
case TORTURE_SAMR_MANY_ACCOUNTS:
@@ -7123,3 +7605,46 @@ struct torture_suite *torture_rpc_samr_large_dc(TALLOC_CTX *mem_ctx)
return suite;
}
+
+static bool torture_rpc_samr_badpwdcount(struct torture_context *torture,
+ struct dcerpc_pipe *p2,
+ struct cli_credentials *machine_credentials)
+{
+ NTSTATUS status;
+ struct dcerpc_pipe *p;
+ bool ret = true;
+ struct torture_samr_context *ctx;
+
+ status = torture_rpc_connection(torture, &p, &ndr_table_samr);
+ if (!NT_STATUS_IS_OK(status)) {
+ return false;
+ }
+
+ ctx = talloc_zero(torture, struct torture_samr_context);
+
+ ctx->choice = TORTURE_SAMR_PASSWORDS_BADPWDCOUNT;
+ ctx->machine_credentials = machine_credentials;
+
+ ret &= test_Connect(p, torture, &ctx->handle);
+
+ ret &= test_EnumDomains(p, torture, ctx);
+
+ ret &= test_samr_handle_Close(p, torture, &ctx->handle);
+
+ return ret;
+}
+
+struct torture_suite *torture_rpc_samr_passwords_badpwdcount(TALLOC_CTX *mem_ctx)
+{
+ struct torture_suite *suite = torture_suite_create(mem_ctx, "SAMR-PASSWORDS-BADPWDCOUNT");
+ struct torture_rpc_tcase *tcase;
+
+ tcase = torture_suite_add_machine_bdc_rpc_iface_tcase(suite, "samr",
+ &ndr_table_samr,
+ TEST_ACCOUNT_NAME_PWD);
+
+ torture_rpc_tcase_add_test_creds(tcase, "badPwdCount",
+ torture_rpc_samr_badpwdcount);
+
+ return suite;
+}
diff --git a/source4/torture/smbtorture.c b/source4/torture/smbtorture.c
index 8e0a25b032..53e860a144 100644
--- a/source4/torture/smbtorture.c
+++ b/source4/torture/smbtorture.c
@@ -550,8 +550,11 @@ int main(int argc,char *argv[])
lp_set_cmdline(cmdline_lp_ctx, "torture:onefs", "true");
lp_set_cmdline(cmdline_lp_ctx, "torture:openx_deny_dos_support",
"false");
+ lp_set_cmdline(cmdline_lp_ctx, "torture:range_not_locked_on_file_close", "false");
lp_set_cmdline(cmdline_lp_ctx, "torture:sacl_support", "false");
lp_set_cmdline(cmdline_lp_ctx, "torture:ea_support", "false");
+ lp_set_cmdline(cmdline_lp_ctx, "torture:smbexit_pdu_support",
+ "false");
lp_set_cmdline(cmdline_lp_ctx, "torture:smblock_pdu_support",
"false");
lp_set_cmdline(cmdline_lp_ctx, "torture:2_step_break_to_none",
diff --git a/source4/torture/smbtorture.h b/source4/torture/smbtorture.h
index 38969f1bcc..5b12f4e3f5 100644
--- a/source4/torture/smbtorture.h
+++ b/source4/torture/smbtorture.h
@@ -74,6 +74,15 @@ bool torture_register_suite(struct torture_suite *suite);
* This parameter specifies whether the server supports the DENY_DOS open mode
* of the SMBOpenX PDU. */
+/* torture:range_not_locked_on_file_close
+ *
+ * When a byte range lock is pending, and the file which is being locked is
+ * closed, Windows servers return the error NT_STATUS_RANGE_NOT_LOCKED. This
+ * is strange, as this error is meant to be returned only for unlock requests.
+ * When true, torture will expect the Windows behavior, otherwise it will
+ * expect the more logical NT_STATUS_LOCK_NOT_GRANTED.
+ */
+
/* torture:sacl_support
*
* This parameter specifies whether the server supports the setting and
@@ -81,6 +90,10 @@ bool torture_register_suite(struct torture_suite *suite);
* supports the use of the SEC_FLAG_SYSTEM_SECURITY bit in the open access
* mask.*/
+/* torture:smbexit_pdu_support
+ *
+ * This parameter specifies whether the server supports the SMBExit (0x11) PDU. */
+
/* torture:smblock_pdu_support
*
* This parameter specifies whether the server supports the SMBLock (0x0C) PDU. */
@@ -119,4 +132,5 @@ bool torture_register_suite(struct torture_suite *suite);
* denied. When true, torture will expect NT_STATUS_OBJECT_NAME_NOT_FOUND
* rather than NT_STATUS_ACCESS_DENIED when trying to open one of these files.
*/
+
#endif /* __SMBTORTURE_H__ */
diff --git a/testprogs/win32/spoolss/Makefile b/testprogs/win32/spoolss/Makefile
new file mode 100644
index 0000000000..8c9d71683e
--- /dev/null
+++ b/testprogs/win32/spoolss/Makefile
@@ -0,0 +1,40 @@
+CFLAGS = /nologo /Zi /MT /Gm- /W4 /FR /D_CRT_SECURE_NO_WARNINGS
+LIBS = kernel32.lib gdi32.lib user32.lib shell32.lib \
+ advapi32.lib ole32.lib ws2_32.lib rpcrt4.lib
+WINSPOOL_LIBS = winspool.lib
+
+all: spoolss.exe
+
+.cpp.obj:
+ cl /c $(CFLAGS) $*.cpp
+
+.c.obj:
+ cl /c $(CFLAGS) $*.c
+
+clean: cleantmp
+ -del *.dll 2>nul
+
+cleantmp:
+ -del *~ *.o *.obj *.sbr *.bsc *.pdb *.lib *.ilk *.exp 2>nul
+ -del test_s.c test_c.c test.h 2>nul
+
+###############################
+# helpers
+###############################
+
+printlib.obj: printlib.c
+
+error.obj: error.c
+
+torture.obj: torture.c
+
+###############################
+# binaries
+###############################
+
+spoolss.obj: spoolss.c
+
+spoolss.exe: spoolss.obj printlib.obj error.obj torture.obj
+ cl $(CFLAGS) /Fe$@ spoolss.obj printlib.obj error.obj torture.obj \
+ /link /incremental:no /subsystem:console $(LIBS) $(WINSPOOL_LIBS)
+
diff --git a/testprogs/win32/spoolss/Makefile.mingw b/testprogs/win32/spoolss/Makefile.mingw
new file mode 100644
index 0000000000..4ff7155250
--- /dev/null
+++ b/testprogs/win32/spoolss/Makefile.mingw
@@ -0,0 +1,23 @@
+MAKE=mingw32-make
+CFLAGS=-I../../../ -I/usr/i686-pc-mingw32/sys-root/mingw/include
+LDFLAGS=-L/usr/i686-pc-mingw32/sys-root/mingw/lib
+CC=/usr/bin/i686-pc-mingw32-gcc
+LIBS=-lwinspool
+
+all: spoolss.exe
+
+clean:
+ rm -vf *.exe tags
+
+ctags:
+ ctags `find . -name "*.[ch]" | grep -v include/proto.h`
+ ctags --c-kinds=-p -a `find /usr/i686-pc-mingw32/sys-root/mingw/include -name "*.[ch]" | grep -v /CVS/`
+
+proto:
+ mkproto.pl printlib.c --private=printlib_proto.h --public=printlib_proto_pub.h --srcdir=. --builddir=.
+ mkproto.pl torture.c --private=torture_proto.h --public=torture_proto_pub.h --srcdir=. --builddir=.
+
+spoolss.exe: spoolss.c printlib.c torture.c error.c
+ @echo Compiling spoolss.exe
+ @$(CC) $(CFLAGS) $(LDFLAGS) spoolss.c printlib.c torture.c error.c $(LIBS) -o spoolss.exe
+
diff --git a/testprogs/win32/spoolss/README b/testprogs/win32/spoolss/README
new file mode 100644
index 0000000000..9d6cf4b7fb
--- /dev/null
+++ b/testprogs/win32/spoolss/README
@@ -0,0 +1 @@
+FIXME
diff --git a/testprogs/win32/spoolss/error.c b/testprogs/win32/spoolss/error.c
new file mode 100644
index 0000000000..6296f07c35
--- /dev/null
+++ b/testprogs/win32/spoolss/error.c
@@ -0,0 +1,123 @@
+/*
+ Unix SMB/CIFS implementation.
+ test suite for spoolss rpc operations
+
+ Copyright (C) Guenther Deschner 2009
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "spoolss.h"
+
+const char *errstr(DWORD error)
+{
+ static char tmp[20];
+
+ switch (error) {
+ case ERROR_FILE_NOT_FOUND:
+ return "ERROR_FILE_NOT_FOUND";
+ case ERROR_ACCESS_DENIED:
+ return "ERROR_ACCESS_DENIED";
+ case ERROR_INVALID_PARAMETER:
+ return "ERROR_INVALID_PARAMETER";
+ case ERROR_INVALID_HANDLE:
+ return "ERROR_INVALID_HANDLE";
+ case ERROR_CALL_NOT_IMPLEMENTED:
+ return "ERROR_CALL_NOT_IMPLEMENTED";
+ case ERROR_INSUFFICIENT_BUFFER:
+ return "ERROR_INSUFFICIENT_BUFFER";
+ case ERROR_INVALID_NAME:
+ return "ERROR_INVALID_NAME";
+ case ERROR_INVALID_LEVEL:
+ return "ERROR_INVALID_LEVEL";
+ case ERROR_MORE_DATA:
+ return "ERROR_MORE_DATA";
+#ifdef ERROR_INVALID_DATATYPE
+ case ERROR_INVALID_DATATYPE:
+ return "ERROR_INVALID_DATATYPE";
+#endif
+ case ERROR_INVALID_ENVIRONMENT:
+ return "ERROR_INVALID_ENVIRONMENT";
+ case ERROR_INVALID_PRINTER_COMMAND:
+ return "ERROR_INVALID_PRINTER_COMMAND";
+ case ERROR_PRINTER_ALREADY_EXISTS:
+ return "ERROR_PRINTER_ALREADY_EXISTS";
+ case ERROR_INVALID_PRINTER_NAME:
+ return "ERROR_INVALID_PRINTER_NAME";
+ case ERROR_INVALID_PRIORITY:
+ return "ERROR_INVALID_PRIORITY";
+ case ERROR_INVALID_SEPARATOR_FILE:
+ return "ERROR_INVALID_SEPARATOR_FILE";
+ case ERROR_UNKNOWN_PRINTPROCESSOR:
+ return "ERROR_UNKNOWN_PRINTPROCESSOR";
+ case ERROR_UNKNOWN_PRINTER_DRIVER:
+ return "ERROR_UNKNOWN_PRINTER_DRIVER";
+ case ERROR_UNKNOWN_PORT:
+ return "ERROR_UNKNOWN_PORT";
+ case ERROR_PRINTER_DRIVER_ALREADY_INSTALLED:
+ return "ERROR_PRINTER_DRIVER_ALREADY_INSTALLED";
+ case ERROR_UNKNOWN_PRINT_MONITOR:
+ return "ERROR_UNKNOWN_PRINT_MONITOR";
+ case ERROR_PRINTER_DRIVER_IN_USE:
+ return "ERROR_PRINTER_DRIVER_IN_USE";
+ case ERROR_SPOOL_FILE_NOT_FOUND:
+ return "ERROR_SPOOL_FILE_NOT_FOUND";
+ case ERROR_SPL_NO_STARTDOC:
+ return "ERROR_SPL_NO_STARTDOC";
+ case ERROR_SPL_NO_ADDJOB:
+ return "ERROR_SPL_NO_ADDJOB";
+ case ERROR_PRINT_PROCESSOR_ALREADY_INSTALLED:
+ return "ERROR_PRINT_PROCESSOR_ALREADY_INSTALLED";
+ case ERROR_PRINT_MONITOR_ALREADY_INSTALLED:
+ return "ERROR_PRINT_MONITOR_ALREADY_INSTALLED";
+ case ERROR_INVALID_PRINT_MONITOR:
+ return "ERROR_INVALID_PRINT_MONITOR";
+ case ERROR_PRINT_MONITOR_IN_USE:
+ return "ERROR_PRINT_MONITOR_IN_USE";
+ case ERROR_PRINTER_HAS_JOBS_QUEUED:
+ return "ERROR_PRINTER_HAS_JOBS_QUEUED";
+ case ERROR_PRINTER_NOT_FOUND:
+ return "ERROR_PRINTER_NOT_FOUND";
+ case ERROR_PRINTER_DRIVER_WARNED:
+ return "ERROR_PRINTER_DRIVER_WARNED";
+ case ERROR_PRINTER_DRIVER_BLOCKED:
+ return "ERROR_PRINTER_DRIVER_BLOCKED";
+#ifdef ERROR_PRINTER_DRIVER_PACKAGE_IN_USE
+ case ERROR_PRINTER_DRIVER_PACKAGE_IN_USE:
+ return "ERROR_PRINTER_DRIVER_PACKAGE_IN_USE";
+#endif
+#ifdef ERROR_CORE_DRIVER_PACKAGE_NOT_FOUND
+ case ERROR_CORE_DRIVER_PACKAGE_NOT_FOUND:
+ return "ERROR_CORE_DRIVER_PACKAGE_NOT_FOUND";
+#endif
+#ifdef ERROR_PRINTER_DRIVER_DOWNLOAD_NEEDED
+ case ERROR_PRINTER_DRIVER_DOWNLOAD_NEEDED:
+ return "ERROR_PRINTER_DRIVER_DOWNLOAD_NEEDED";
+#endif
+#ifdef ERROR_PRINT_JOB_RESTART_REQUIRED
+ case ERROR_PRINT_JOB_RESTART_REQUIRED:
+ return "ERROR_PRINT_JOB_RESTART_REQUIRED";
+#endif
+ case ERROR_CANCELLED:
+ return "ERROR_CANCELLED";
+ case RPC_S_SERVER_UNAVAILABLE:
+ return "RPC_S_SERVER_UNAVAILABLE";
+ default:
+ break;
+ }
+
+ sprintf(tmp, "0x%08x", error);
+
+ return tmp;
+}
diff --git a/testprogs/win32/spoolss/error.h b/testprogs/win32/spoolss/error.h
new file mode 100644
index 0000000000..581c1097c1
--- /dev/null
+++ b/testprogs/win32/spoolss/error.h
@@ -0,0 +1,36 @@
+/*
+ Unix SMB/CIFS implementation.
+ test suite for spoolss rpc operations
+
+ Copyright (C) Guenther Deschner 2009
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef ERROR_INVALID_PARAMETER
+#define ERROR_INVALID_PARAMETER 87
+#endif
+
+#ifndef ERROR_INSUFFICIENT_BUFFER
+#define ERROR_INSUFFICIENT_BUFFER 0x007a
+#endif
+
+#if 0
+#ifdef STATUS_PENDING
+#undef STATUS_PENDING
+#define STATUS_PENDING 0x0103
+#endif
+#endif
+
+const char *errstr(DWORD error);
diff --git a/testprogs/win32/spoolss/printlib.c b/testprogs/win32/spoolss/printlib.c
new file mode 100644
index 0000000000..9fc9d046f2
--- /dev/null
+++ b/testprogs/win32/spoolss/printlib.c
@@ -0,0 +1,622 @@
+/*
+ Unix SMB/CIFS implementation.
+ test suite for spoolss rpc operations
+
+ Copyright (C) Gerald (Jerry) Carter 2007
+ Copyright (C) Guenther Deschner 2009-2010
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 2 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include <windows.h>
+#include <stdio.h>
+
+void print_devmode(DEVMODE *pDevModeIn)
+{
+ if (pDevModeIn == NULL) {
+ printf("\tDevice Mode\t= (null)\n");
+ return;
+ }
+
+ printf("\tDEVMODE:----------\n");
+ printf("\tDeviceName: [%s]\n", pDevModeIn->dmDeviceName);
+ printf("\tSpecVersion: %d\n", pDevModeIn->dmSpecVersion);
+ printf("\tDriverVersion: %d\n", pDevModeIn->dmDriverVersion);
+ printf("\tSize: %d\n", pDevModeIn->dmSize);
+ printf("\tDriverExtra: %d\n", pDevModeIn->dmDriverExtra);
+ printf("\tFields: 0x%x\n", pDevModeIn->dmFields);
+
+ if (pDevModeIn->dmFields & DM_ORIENTATION)
+ printf("\tOrientation: %d\n", pDevModeIn->dmOrientation);
+ if (pDevModeIn->dmFields & DM_PAPERSIZE)
+ printf("\tPaperSize: %d\n", pDevModeIn->dmPaperSize);
+ if (pDevModeIn->dmFields & DM_PAPERLENGTH)
+ printf("\tPaperLength: %d\n", pDevModeIn->dmPaperLength);
+ if (pDevModeIn->dmFields & DM_PAPERWIDTH)
+ printf("\tPaperWidth: %d\n", pDevModeIn->dmPaperWidth);
+// if (pDevModeIn->dmFields & DM_POSITION)
+// printf("\tPosition: %d\n", pDevModeIn->dmPosition);
+ if (pDevModeIn->dmFields & DM_SCALE)
+ printf("\tScale: %d\n", pDevModeIn->dmScale);
+ if (pDevModeIn->dmFields & DM_COPIES)
+ printf("\tCopies: %d\n", pDevModeIn->dmCopies );
+ if (pDevModeIn->dmFields & DM_DEFAULTSOURCE)
+ printf("\tDefaultSource: %d\n", pDevModeIn->dmDefaultSource);
+ if (pDevModeIn->dmFields & DM_PRINTQUALITY)
+ printf("\tPrintQuality: %d\n", pDevModeIn->dmPrintQuality);
+ if (pDevModeIn->dmFields & DM_COLOR)
+ printf("\tColor: %d\n", pDevModeIn->dmColor);
+ if (pDevModeIn->dmFields & DM_DUPLEX)
+ printf("\tDuplex: %d\n", pDevModeIn->dmDuplex);
+ if (pDevModeIn->dmFields & DM_YRESOLUTION)
+ printf("\tYResolution: %d\n", pDevModeIn->dmYResolution);
+ if (pDevModeIn->dmFields & DM_TTOPTION)
+ printf("\tTTOption: %d\n", pDevModeIn->dmTTOption);
+ if (pDevModeIn->dmFields & DM_COLLATE)
+ printf("\tCollate: %d\n", pDevModeIn->dmCollate);
+ if (pDevModeIn->dmFields & DM_FORMNAME)
+ printf("\tForm: [%s]\n", pDevModeIn->dmFormName);
+ if (pDevModeIn->dmFields & DM_LOGPIXELS)
+ printf("\tLogPixels: %d\n", pDevModeIn->dmLogPixels);
+ if (pDevModeIn->dmFields & DM_BITSPERPEL)
+ printf("\tBitsPerPel: %d\n", pDevModeIn->dmBitsPerPel);
+ if (pDevModeIn->dmFields & DM_PELSWIDTH)
+ printf("\tPelsWidth: %d\n", pDevModeIn->dmPelsWidth);
+ if (pDevModeIn->dmFields & DM_PELSHEIGHT)
+ printf("\tPelsHeight: %d\n", pDevModeIn->dmPelsHeight);
+ if (pDevModeIn->dmFields & DM_DISPLAYFLAGS)
+ printf("\tDisplayFlags: %d\n", pDevModeIn->dmDisplayFlags);
+// if (pDevModeIn->dmFields & DM_NUP)
+// printf("\tNup: %d\n", pDevModeIn->dmNup);
+ if (pDevModeIn->dmFields & DM_DISPLAYFREQUENCY)
+ printf("\tDisplayFrequency:%d\n", pDevModeIn->dmDisplayFrequency);
+ if (pDevModeIn->dmFields & DM_ICMMETHOD)
+ printf("\tICMMethod: %d\n", pDevModeIn->dmICMMethod);
+ if (pDevModeIn->dmFields & DM_ICMINTENT)
+ printf("\tICMIntent: %d\n", pDevModeIn->dmICMIntent);
+ if (pDevModeIn->dmFields & DM_MEDIATYPE)
+ printf("\tMediaType: %d\n", pDevModeIn->dmMediaType);
+ if (pDevModeIn->dmFields & DM_DITHERTYPE)
+ printf("\tDitherType: %d\n", pDevModeIn->dmDitherType);
+// if (pDevModeIn->dmFields & DM_PANNINGWIDTH)
+// printf("\tPanningWidth: %d\n", pDevModeIn->dmPanningWidth);
+// if (pDevModeIn->dmFields & DM_PANNINGHEIGHT)
+// printf("\tPanningHeight: %d\n", pDevModeIn->dmPanningHeight);
+
+#if 0
+ if (bForceIn) {
+ printf("DEVMODE\n");
+ Dump((BYTE*)pDevModeIn, sizeof(DEVMODE), LEADER);
+
+ if (pDevModeIn->dmDriverExtra) {
+ printf("DriverExtra\n");
+ Dump((BYTE*)pDevModeIn + sizeof(DEVMODE), pDevModeIn->dmDriverExtra, LEADER);
+ }
+ }
+#endif
+
+ return;
+}
+
+void print_acl(const char* str, ACL *acl)
+{
+ printf("%s\n", str);
+ if (acl == NULL)
+ return;
+
+ printf("\t\tACL Revision \t\t 0x%x\n", acl->AclRevision);
+ printf("\t\tSbz1\t\t 0x%x\n", acl->Sbz1);
+ printf("\t\tSbz2\t\t 0x%x\n", acl->Sbz2);
+ printf("\t\tACL Size\t\t 0x%x\n", acl->AclSize);
+ printf("\t\tACL Count\t\t 0x%x\n", acl->AceCount);
+
+ return;
+}
+
+void print_sid(const char* str, SID *sid)
+{
+ DWORD i = 0;
+
+ printf("%s\n", str);
+ printf("0x%x\n", sid);
+ if (sid == NULL)
+ return;
+ printf("\t\tRevision\t\t0x%x\n", sid->Revision);
+ printf("\t\tSubAuthorityCount\t0x%x\n", sid->SubAuthorityCount);
+ printf("\t\tSubAuthority\n\t");
+ while (i < sid->SubAuthorityCount) {
+ printf("\t0x%x", sid->SubAuthority[i]);
+ if (i%4 == 3)
+ printf("\n\t");
+ i++;
+ }
+
+ return;
+}
+
+void print_secdesc(SECURITY_DESCRIPTOR *secdesc)
+{
+ if (secdesc == NULL) {
+ printf("\tSecurity Descriptor\t= (null)\n");
+ return;
+ }
+
+ printf("\tRevision\t= 0x%x\n", secdesc->Revision);
+ printf("\tSbz1\t\t= 0x%x\n", secdesc->Sbz1);
+#if 0
+ print_sid("\tOwner\t\t= ", secdesc->Owner);
+ print_sid("\tGroup\t\t= ",secdesc->Group);
+ print_acl("\tSacl\t\t= ", secdesc->Sacl);
+ print_acl("\tDacl\t\t= ", secdesc->Dacl);
+#endif
+ return;
+}
+
+void PrintLastError()
+{
+ LPVOID lpMsgBuf;
+ DWORD status;
+
+ status = GetLastError();
+
+ FormatMessage(FORMAT_MESSAGE_ALLOCATE_BUFFER | FORMAT_MESSAGE_FROM_SYSTEM | FORMAT_MESSAGE_IGNORE_INSERTS,
+ NULL, GetLastError(), MAKELANGID(LANG_NEUTRAL, SUBLANG_DEFAULT), // Default language
+ (LPTSTR)&lpMsgBuf, 0, NULL);
+ printf("ERROR [0x%x] : %s\n", status, (char*)lpMsgBuf);
+ LocalFree(lpMsgBuf);
+
+ return;
+}
+
+
+void print_job_info_1(PJOB_INFO_1 info)
+{
+ printf("\tJob ID\t\t= %d\n", info->JobId);
+ printf("\tPrinter Name\t= %s\n", info->pPrinterName);
+ printf("\tMachine Name\t= %s\n", info->pMachineName);
+ printf("\tUser Name\t= %s\n", info->pUserName);
+ printf("\tDocument\t= %s\n", info->pDocument);
+ printf("\tDatatype\t= %s\n", info->pDatatype);
+ printf("\tStatus\t\t= %s\n", info->pStatus);
+ printf("\tStatus\t= %d\n", info->Status);
+ printf("\tPriority\t= %d\n", info->Priority);
+ printf("\tPosition\t= %d\n", info->Position);
+ printf("\tTotal Pages\t= %d\n", info->TotalPages);
+ printf("\tPages Printed\t= %d\n", info->PagesPrinted);
+ printf("\tSubmitted (DD:MM:YY HH:MM:SS)\t= %d:%d:%d %d:%d:%d UTC\n",
+ info->Submitted.wDay, info->Submitted.wMonth,
+ info->Submitted.wYear, info->Submitted.wHour,
+ info->Submitted.wMinute, info->Submitted.wSecond);
+
+ return;
+}
+
+void print_job_info_2(PJOB_INFO_2 info)
+{
+ printf("\tJob ID\t\t= %d\n", info->JobId);
+ printf("\tPrinter Name\t= %s\n", info->pPrinterName);
+ printf("\tMachine Name\t= %s\n", info->pMachineName);
+ printf("\tUser Name\t= %s\n", info->pUserName);
+ printf("\tDocument\t= %s\n", info->pDocument);
+ printf("\tDatatype\t= %s\n", info->pDatatype);
+ printf("\tNotify Name\t= %s\n", info->pNotifyName);
+ printf("\tPrint Processor\t= %s\n", info->pPrintProcessor);
+ printf("\tParameters\t= %s\n", info->pParameters);
+ printf("\tDriver Name\t= %s\n", info->pDriverName);
+ printf("\tStatus\t\t= %s\n", info->pStatus);
+ printf("\tStatus\t\t= %d\n", info->Status);
+ printf("\tPriority\t= %d\n", info->Priority);
+ printf("\tPosition\t= %d\n", info->Position);
+ printf("\tTotal Pages\t= %d\n", info->TotalPages);
+ printf("\tPages Printed\t= %d\n", info->PagesPrinted);
+ printf("\tStart Time\t= %d\n", info->StartTime);
+ printf("\tUntil Time\t= %d\n", info->UntilTime);
+ printf("\tTime\t\t= %d\n", info->Time);
+ printf("\tSize\t\t= %d\n", info->Size);
+ printf("\tSubmitted (DD:MM:YY HH:MM:SS)\t= %d:%d:%d %d:%d:%d UTC\n",
+ info->Submitted.wDay, info->Submitted.wMonth,
+ info->Submitted.wYear, info->Submitted.wHour,
+ info->Submitted.wMinute, info->Submitted.wSecond);
+ printf("\tDevice Mode Information\n");
+ printf("\t-----------------------\n");
+ print_devmode(info->pDevMode);
+ printf("\tSecurity Descriptor Information\n");
+ printf("\t-------------------------------\n");
+ print_secdesc(info->pSecurityDescriptor);
+
+ return;
+}
+
+void print_job_info_3(PJOB_INFO_3 info)
+{
+ printf("\tJob ID\t\t= %d\n", info->JobId);
+ printf("\tJob ID Next Job\t= %d\n", info->NextJobId);
+ printf("\tReserved (must be 0)\t= %d\n",info->Reserved);
+
+ return;
+}
+
+void print_monitor_info_1(PMONITOR_INFO_1 info)
+{
+ printf("\tMonitor Name\t= %s\n", info->pName);
+
+ return;
+}
+
+void print_monitor_info_2(PMONITOR_INFO_2 info)
+{
+ printf("\tMonitor Name\t= %s\n", info->pName);
+ printf("\tEnvironment\t= %s\n", info->pEnvironment);
+ printf("\tDLL Name\t= %s\n", info->pDLLName);
+
+ return;
+}
+
+void print_form_info_1(PFORM_INFO_1 info)
+{
+ printf("\tForm Name\t= %s\n", info->pName);
+ printf("\tFlags\t\t= 0x%x\n", info->Flags);
+ printf("\tSize\t\t= %d x %d\n", info->Size.cx, info->Size.cy);
+ printf("\tRectangle\t= [left]%d [right]%d [top]%d [bottom]%d\n",
+ info->ImageableArea.left, info->ImageableArea.right,
+ info->ImageableArea.top, info->ImageableArea.bottom);
+
+ return;
+}
+
+void print_printer_info_1(PPRINTER_INFO_1 info)
+{
+ printf("\tPrinter Name\t= %s\n", info->pName);
+ printf("\tDescription\t= %s\n", info->pDescription);
+ printf("\tComment\t\t= %s\n", info->pComment);
+ printf("\tFlags\t\t= 0x%x\n", info->Flags);
+
+ return;
+}
+
+void print_printer_info_2(PPRINTER_INFO_2 info)
+{
+ printf("\tServer Name\t\t= %s\n", info->pServerName);
+ printf("\tPrinter Name\t\t= %s\n", info->pPrinterName);
+ printf("\tPort Name\t\t= %s\n", info->pPortName);
+ printf("\tShare Name\t\t= %s\n", info->pShareName);
+ printf("\tDriver Name\t\t= %s\n", info->pDriverName);
+ printf("\tComment\t\t\t= %s\n", info->pComment);
+ printf("\tLocation\t\t= %s\n", info->pLocation);
+ printf("\tSeparator File\t\t= %s\n", info->pSepFile);
+ printf("\tDefault Data Type\t= %s\n", info->pDatatype);
+ printf("\tPrint Processor\t\t= %s\n", info->pPrintProcessor);
+ printf("\tParameters\t\t= %s\n", info->pParameters);
+ printf("\tAttributes\t\t= 0x%x\n", info->Attributes);
+ printf("\tPriority\t\t= 0x%x\n", info->Priority);
+ printf("\tDefault Priority\t= 0x%x\n", info->DefaultPriority);
+ printf("\tStart Time\t\t= 0x%x\n", info->StartTime);
+ printf("\tUntil Time\t\t= 0x%x\n", info->UntilTime);
+ printf("\tStatus\t\t\t= 0x%x\n", info->Status);
+ printf("\tcJobs\t\t\t= 0x%x\n", info->cJobs);
+ printf("\tAverage PPM\t\t= 0x%x\n", info->AveragePPM);
+
+ printf("\tDevice Mode Information\n");
+ printf("\t-----------------------\n");
+ print_devmode(info->pDevMode);
+#if 0
+ printf("\tSecurity Descriptor Information\n");
+ printf("\t-------------------------------\n");
+ print_secdesc(info->pSecurityDescriptor);
+#endif
+ return;
+}
+
+void print_printer_info_5(PPRINTER_INFO_5 info)
+{
+ printf("\tPrinter Name\t\t\t= %s\n", info->pPrinterName);
+ printf("\tPort Name\t\t\t= %s\n", info->pPortName);
+ printf("\tAttributes\t\t\t= 0x%x\n", info->Attributes);
+ printf("\tDev NotSelect Timeout\t= 0x%x\n", info->DeviceNotSelectedTimeout);
+ printf("\tTX RetryTimeout\t\t= 0x%x\n", info->TransmissionRetryTimeout);
+ return;
+}
+
+void print_printer_info_6(PPRINTER_INFO_6 info)
+{
+ printf("\tStatus\t\t\t= 0x%x\n", info->dwStatus);
+ return;
+}
+
+void print_printer_info_7(PPRINTER_INFO_7 info)
+{
+ printf("\tObject GUID\t\t\t= %s\n", info->pszObjectGUID);
+ printf("\tAction\t\t\t= 0x%x\n", info->dwAction);
+ return;
+}
+
+void print_printer_info_8(PPRINTER_INFO_8 info)
+{
+ print_devmode(info->pDevMode);
+}
+
+void print_printer_info_9(PPRINTER_INFO_9 info)
+{
+ print_devmode(info->pDevMode);
+}
+
+void print_printer_info_bylevel(DWORD level, LPBYTE buffer, DWORD count)
+{
+ DWORD i;
+ PPRINTER_INFO_1 buffer1 = NULL;
+ PPRINTER_INFO_2 buffer2 = NULL;
+ PPRINTER_INFO_3 buffer3 = NULL;
+ PPRINTER_INFO_4 buffer4 = NULL;
+ PPRINTER_INFO_5 buffer5 = NULL;
+ PPRINTER_INFO_6 buffer6 = NULL;
+ PPRINTER_INFO_7 buffer7 = NULL;
+ PPRINTER_INFO_8 buffer8 = NULL;
+
+ if (!buffer) {
+ return;
+ }
+
+ switch (level) {
+ case 1:
+ buffer1 = (PPRINTER_INFO_1)buffer;
+ break;
+ case 2:
+ buffer2 = (PPRINTER_INFO_2)buffer;
+ break;
+ case 3:
+ buffer3 = (PPRINTER_INFO_3)buffer;
+ break;
+ case 4:
+ buffer4 = (PPRINTER_INFO_4)buffer;
+ break;
+ case 5:
+ buffer5 = (PPRINTER_INFO_5)buffer;
+ break;
+ case 6:
+ buffer6 = (PPRINTER_INFO_6)buffer;
+ break;
+ case 7:
+ buffer7 = (PPRINTER_INFO_7)buffer;
+ break;
+ case 8:
+ buffer8 = (PPRINTER_INFO_8)buffer;
+ break;
+ default:
+ break;
+ }
+
+ printf("Printer Info Level %d:\n", level);
+
+ switch (level) {
+ case 1:
+ for (i=0; i<count; i++) {
+ print_printer_info_1(&buffer1[i]);
+ printf("\n");
+ }
+ break;
+ case 2:
+ for (i=0; i<count; i++) {
+ print_printer_info_2(&buffer2[i]);
+ printf("\n");
+ }
+ break;
+#if 0
+ case 3:
+ for (i=0; i<count; i++) {
+ print_printer_info_3(&buffer3[i]);
+ printf("\n");
+ }
+ break;
+ case 4:
+ for (i=0; i<count; i++) {
+ print_printer_info_4(&buffer4[i]);
+ printf("\n");
+ }
+ break;
+#endif
+ case 5:
+ for (i=0; i<count; i++) {
+ print_printer_info_5(&buffer5[i]);
+ printf("\n");
+ }
+ break;
+ case 6:
+ for (i=0; i<count; i++) {
+ print_printer_info_6(&buffer6[i]);
+ printf("\n");
+ }
+ break;
+ case 7:
+ for (i=0; i<count; i++) {
+ print_printer_info_7(&buffer7[i]);
+ printf("\n");
+ }
+ break;
+ case 8:
+ for (i=0; i<count; i++) {
+ print_printer_info_8(&buffer8[i]);
+ printf("\n");
+ }
+ break;
+ default:
+ break;
+ }
+}
+
+void print_printprocessor_info_1(PPRINTPROCESSOR_INFO_1 info)
+{
+ printf("\tPrint Processor Name\t= %s\n", info->pName);
+
+ return;
+}
+
+void print_driver_info_1(PDRIVER_INFO_1 info)
+{
+ printf("\tDriver Name\t= %s\n\n", info->pName);
+
+ return;
+}
+
+void print_driver_info_2(PDRIVER_INFO_2 info)
+{
+ printf("\tDriver Name\t= %s\n", info->pName);
+ printf("\tEnvironment\t= %s\n", info->pEnvironment);
+ printf("\tVersion\t\t= %d\n", info->cVersion);
+ printf("\tDriver Path\t= %s\n", info->pDriverPath);
+ printf("\tData File\t= %s\n", info->pDataFile);
+ printf("\tConfig File\t= %s\n\n", info->pConfigFile);
+
+ return;
+}
+
+void print_driver_info_3(PDRIVER_INFO_3 info)
+{
+ char *ptr = NULL;
+
+ printf("\tDriver Name\t= %s\n", info->pName);
+ printf("\tEnvironment\t= %s\n", info->pEnvironment);
+ printf("\tVersion\t\t= %d\n", info->cVersion);
+ printf("\tDriver Path\t= %s\n", info->pDriverPath);
+ printf("\tData File\t= %s\n", info->pDataFile);
+ printf("\tConfig File\t= %s\n", info->pConfigFile);
+ printf("\tHelp Path\t= %s\n", info->pHelpFile);
+ printf("\tMonitor Name\t= %s\n", info->pMonitorName);
+ printf("\tData Type\t= %s\n", info->pDefaultDataType);
+ ptr = (char*)info->pDependentFiles;
+ while ((ptr != NULL) && (*ptr != '\0')) {
+ printf("\tDependent Files\t= %s\n", ptr);
+ for (;*ptr != '\0'; ptr++)
+ /* printf("%s\n", ptr); */
+ ;
+ ptr++;
+ }
+
+ return;
+}
+
+void print_driver_info_4(PDRIVER_INFO_4 info)
+{
+ char *ptr = NULL;
+
+ printf("\tDriver Name\t= %s\n", info->pName);
+ printf("\tEnvironment\t= %s\n", info->pEnvironment);
+ printf("\tVersion\t\t= %d\n", info->cVersion);
+ printf("\tDriver Path\t= %s\n", info->pDriverPath);
+ printf("\tData File\t= %s\n", info->pDataFile);
+ printf("\tConfig File\t= %s\n", info->pConfigFile);
+ printf("\tHelp Path\t= %s\n", info->pHelpFile);
+ printf("\tMonitor Name\t= %s\n", info->pMonitorName);
+ printf("\tData Type\t= %s\n", info->pDefaultDataType);
+ printf("\tPrevious Names\t= %s\n", info->pszzPreviousNames);
+ ptr = (char*)info->pDependentFiles;
+ while ((ptr != NULL) && (*ptr != '\0')) {
+ printf("\tDependent Files\t= %s\n", ptr);
+ for (;*ptr != '\0'; ptr++)
+ /* printf("%s\n", ptr); */
+ ;
+ ptr++;
+ }
+
+ return;
+}
+
+void print_driver_info_6(PDRIVER_INFO_6 info)
+{
+ char *ptr = NULL;
+
+ printf("\tDriver Name\t= %s\n", info->pName);
+ printf("\tEnvironment\t= %s\n", info->pEnvironment);
+ printf("\tVersion\t\t= %d\n", info->cVersion);
+ printf("\tDriver Path\t= %s\n", info->pDriverPath);
+ printf("\tData File\t= %s\n", info->pDataFile);
+ printf("\tConfig File\t= %s\n", info->pConfigFile);
+ printf("\tHelp Path\t= %s\n", info->pHelpFile);
+ printf("\tMonitor Name\t= %s\n", info->pMonitorName);
+ printf("\tData Type\t= %s\n", info->pDefaultDataType);
+ printf("\tPrevious Names\t= %s\n", info->pszzPreviousNames);
+ ptr = (char*)info->pDependentFiles;
+ if (ptr != NULL) {
+ while (*ptr != '\0') {
+ printf("\tDependent Files\t= %s\n", ptr);
+ for (;*ptr != '\0'; ptr++)
+ /* printf("%s\n", ptr); */
+ ;
+ ptr++;
+ }
+ } else {
+ printf("\tPrevious Names\t= (null)\n");
+ }
+
+ ptr = (char*)info->pszzPreviousNames;
+ if (ptr != NULL) {
+ while (*ptr != '\0') {
+ printf("\tPrevious Names\t= %s\n", ptr);
+ for (;*ptr != '\0'; ptr++)
+ /* printf("%s\n", ptr); */
+ ;
+ ptr++;
+ }
+ } else {
+ printf("\tPrevious Names\t= (null)\n");
+ }
+
+ printf("\tDriver Date\t= %d\n", info->ftDriverDate);
+ printf("\tDriver Version\t= %d\n", info->dwlDriverVersion);
+ printf("\tManufacture Name = %s\n", info->pszMfgName);
+ printf("\tOEM URL\t\t= %s\n", info->pszOEMUrl);
+ printf("\tHardware ID\t= %s\n", info->pszHardwareID);
+ printf("\tProvider\t= %s\n", info->pszProvider);
+ return;
+}
+
+void print_doc_info_1(PDOC_INFO_1 info)
+{
+ printf("\tDocument Name\t= %s\n", info->pDocName);
+ printf("\tOutput Filename\t= %s\n", info->pOutputFile);
+ printf("\tDatatype\t= %s\n", info->pDatatype);
+ return;
+}
+
+void print_printer_enum_values(PRINTER_ENUM_VALUES *info)
+{
+ DWORD i = 0;
+
+ printf("\tValue Name\t= %s [0x%x]\n", info->pValueName, info->cbValueName);
+ printf("\tType\t\t= 0x%x\n", info->dwType);
+ printf("\tSize\t\t= 0x%x\n", info->cbData);
+
+ while (i < info->cbData) {
+ printf("\t0x%x", *(info->pData++));
+ if (i%4 == 3)
+ printf("\n");
+ i++;
+ }
+ printf("\n");
+
+ return;
+}
+
+void print_printer_keys(LPSTR buffer)
+{
+ LPSTR p = NULL;
+
+ p = buffer;
+
+ while (p && *p) {
+ printf("%s\n", p);
+ for (; *p; p = CharNext(p)) {
+ p = CharNext(p);
+ }
+ }
+}
diff --git a/testprogs/win32/spoolss/printlib_proto.h b/testprogs/win32/spoolss/printlib_proto.h
new file mode 100644
index 0000000000..d408523ac4
--- /dev/null
+++ b/testprogs/win32/spoolss/printlib_proto.h
@@ -0,0 +1,47 @@
+#ifndef __PRINTLIB_H__
+#define __PRINTLIB_H__
+
+#undef _PRINTF_ATTRIBUTE
+#define _PRINTF_ATTRIBUTE(a1, a2) PRINTF_ATTRIBUTE(a1, a2)
+/* This file was automatically generated by mkproto.pl. DO NOT EDIT */
+
+/* this file contains prototypes for functions that are private
+ * to this subsystem or library. These functions should not be
+ * used outside this particular subsystem! */
+
+
+/* The following definitions come from printlib.c */
+
+void print_devmode (DEVMODE *pDevModeIn);
+void print_acl (const char* str, ACL *acl);
+void print_sid (const char* str, SID *sid);
+void print_secdesc (SECURITY_DESCRIPTOR *secdesc);
+void PrintLastError();
+void print_job_info_1(PJOB_INFO_1 info);
+void print_job_info_2(PJOB_INFO_2 info);
+void print_job_info_3(PJOB_INFO_3 info);
+void print_monitor_info_1 (PMONITOR_INFO_1 info);
+void print_monitor_info_2 (PMONITOR_INFO_2 info);
+void print_form_info_1 (PFORM_INFO_1 info);
+void print_printer_info_1 (PPRINTER_INFO_1 info);
+void print_printer_info_2 (PPRINTER_INFO_2 info);
+void print_printer_info_5 (PPRINTER_INFO_5 info);
+void print_printer_info_6 (PPRINTER_INFO_6 info);
+void print_printer_info_7 (PPRINTER_INFO_7 info);
+void print_printer_info_8 (PPRINTER_INFO_8 info);
+void print_printer_info_9 (PPRINTER_INFO_9 info);
+void print_printer_info_bylevel(DWORD level, LPBYTE buffer, DWORD count);
+void print_printprocessor_info_1 (PPRINTPROCESSOR_INFO_1 info);
+void print_driver_info_1 (PDRIVER_INFO_1 info);
+void print_driver_info_2 (PDRIVER_INFO_2 info);
+void print_driver_info_3 (PDRIVER_INFO_3 info);
+void print_driver_info_4 (PDRIVER_INFO_4 info);
+void print_driver_info_6 (PDRIVER_INFO_6 info);
+void print_doc_info_1 (PDOC_INFO_1 info);
+void print_printer_enum_values (PRINTER_ENUM_VALUES *info);
+void print_printer_keys(LPSTR buffer);
+#undef _PRINTF_ATTRIBUTE
+#define _PRINTF_ATTRIBUTE(a1, a2)
+
+#endif /* __PRINTLIB_H__ */
+
diff --git a/testprogs/win32/spoolss/spoolss.c b/testprogs/win32/spoolss/spoolss.c
new file mode 100644
index 0000000000..d68ca89f48
--- /dev/null
+++ b/testprogs/win32/spoolss/spoolss.c
@@ -0,0 +1,802 @@
+/*
+ Unix SMB/CIFS implementation.
+ test suite for spoolss rpc operations
+
+ Copyright (C) Guenther Deschner 2009-2010
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+/****************************************************************************
+****************************************************************************/
+
+#include "spoolss.h"
+#include "string.h"
+#include "torture.h"
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL test_OpenPrinter(struct torture_context *tctx,
+ LPSTR printername,
+ HANDLE handle)
+{
+ torture_comment(tctx, "Testing OpenPrinter(%s)", printername);
+
+ if (!OpenPrinter(printername, handle, NULL)) {
+ char tmp[1024];
+ sprintf(tmp, "failed to open printer %s, error was: 0x%08x\n",
+ printername, GetLastError());
+ torture_fail(tctx, tmp);
+ }
+
+ return TRUE;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL test_ClosePrinter(struct torture_context *tctx,
+ HANDLE handle)
+{
+ torture_comment(tctx, "Testing ClosePrinter");
+
+ if (!ClosePrinter(handle)) {
+ char tmp[1024];
+ sprintf(tmp, "failed to close printer, error was: %s\n",
+ errstr(GetLastError()));
+ torture_fail(tctx, tmp);
+ }
+
+ return TRUE;
+}
+
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL test_EnumPrinters(struct torture_context *tctx,
+ LPSTR servername)
+{
+ DWORD levels[] = { 1, 2, 5 };
+ DWORD success[] = { 1, 1, 1 };
+ DWORD i;
+ DWORD flags = PRINTER_ENUM_NAME;
+ LPBYTE buffer = NULL;
+
+ for (i=0; i < ARRAY_SIZE(levels); i++) {
+
+ DWORD needed = 0;
+ DWORD returned = 0;
+ DWORD err = 0;
+ char tmp[1024];
+
+ torture_comment(tctx, "Testing EnumPrinters level %d", levels[i]);
+
+ EnumPrinters(flags, servername, levels[i], NULL, 0, &needed, &returned);
+ err = GetLastError();
+ if (err == ERROR_INSUFFICIENT_BUFFER) {
+ err = 0;
+ buffer = malloc(needed);
+ torture_assert(tctx, buffer, "malloc failed");
+ if (!EnumPrinters(flags, servername, levels[i], buffer, needed, &needed, &returned)) {
+ err = GetLastError();
+ }
+ }
+ if (err) {
+ sprintf(tmp, "EnumPrinters failed level %d on [%s] (buffer size = %d), error: %s\n",
+ levels[i], servername, needed, errstr(err));
+ if (success[i]) {
+ torture_fail(tctx, tmp);
+ } else {
+ torture_warning(tctx, tmp);
+ }
+ }
+
+ if (tctx->print) {
+ print_printer_info_bylevel(levels[i], buffer, returned);
+ }
+
+ free(buffer);
+ buffer = NULL;
+ }
+
+ return TRUE;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL test_EnumDrivers(struct torture_context *tctx,
+ LPSTR servername,
+ LPSTR architecture)
+{
+ DWORD levels[] = { 1, 2, 3, 4, 5, 6 };
+ DWORD success[] = { 1, 1, 1, 1, 1, 1 };
+ DWORD i;
+ LPBYTE buffer = NULL;
+
+ for (i=0; i < ARRAY_SIZE(levels); i++) {
+
+ DWORD needed = 0;
+ DWORD returned = 0;
+ DWORD err = 0;
+ char tmp[1024];
+
+ torture_comment(tctx, "Testing EnumPrinterDrivers level %d", levels[i]);
+
+ EnumPrinterDrivers(servername, architecture, levels[i], NULL, 0, &needed, &returned);
+ err = GetLastError();
+ if (err == ERROR_INSUFFICIENT_BUFFER) {
+ err = 0;
+ buffer = malloc(needed);
+ torture_assert(tctx, buffer, "malloc failed");
+ if (!EnumPrinterDrivers(servername, architecture, levels[i], buffer, needed, &needed, &returned)) {
+ err = GetLastError();
+ }
+ }
+ if (err) {
+ sprintf(tmp, "EnumPrinterDrivers failed level %d on [%s] (buffer size = %d), error: %s\n",
+ levels[i], servername, needed, errstr(err));
+ if (success[i]) {
+ torture_fail(tctx, tmp);
+ } else {
+ torture_warning(tctx, tmp);
+ }
+ }
+
+ free(buffer);
+ buffer = NULL;
+ }
+
+ return TRUE;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL test_EnumForms(struct torture_context *tctx,
+ LPSTR servername,
+ HANDLE handle)
+{
+ DWORD levels[] = { 1, 2 };
+ DWORD success[] = { 1, 0 };
+ DWORD i;
+ LPBYTE buffer = NULL;
+
+ for (i=0; i < ARRAY_SIZE(levels); i++) {
+
+ DWORD needed = 0;
+ DWORD returned = 0;
+ DWORD err = 0;
+ char tmp[1024];
+
+ torture_comment(tctx, "Testing EnumForms level %d", levels[i]);
+
+ EnumForms(handle, levels[i], NULL, 0, &needed, &returned);
+ err = GetLastError();
+ if (err == ERROR_INSUFFICIENT_BUFFER) {
+ err = 0;
+ buffer = malloc(needed);
+ torture_assert(tctx, buffer, "malloc failed");
+ if (!EnumForms(handle, levels[i], buffer, needed, &needed, &returned)) {
+ err = GetLastError();
+ }
+ }
+ if (err) {
+ sprintf(tmp, "EnumForms failed level %d on [%s] (buffer size = %d), error: %s\n",
+ levels[i], servername, needed, errstr(err));
+ if (success[i]) {
+ torture_fail(tctx, tmp);
+ } else {
+ torture_warning(tctx, tmp);
+ }
+ }
+
+ free(buffer);
+ buffer = NULL;
+ }
+
+ return TRUE;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL test_EnumPorts(struct torture_context *tctx,
+ LPSTR servername)
+{
+ DWORD levels[] = { 1, 2 };
+ DWORD success[] = { 1, 1 };
+ DWORD i;
+ LPBYTE buffer = NULL;
+
+ for (i=0; i < ARRAY_SIZE(levels); i++) {
+
+ DWORD needed = 0;
+ DWORD returned = 0;
+ DWORD err = 0;
+ char tmp[1024];
+
+ torture_comment(tctx, "Testing EnumPorts level %d", levels[i]);
+
+ EnumPorts(servername, levels[i], NULL, 0, &needed, &returned);
+ err = GetLastError();
+ if (err == ERROR_INSUFFICIENT_BUFFER) {
+ err = 0;
+ buffer = malloc(needed);
+ torture_assert(tctx, buffer, "malloc failed");
+ if (!EnumPorts(servername, levels[i], buffer, needed, &needed, &returned)) {
+ err = GetLastError();
+ }
+ }
+ if (err) {
+ sprintf(tmp, "EnumPorts failed level %d on [%s] (buffer size = %d), error: %s\n",
+ levels[i], servername, needed, errstr(err));
+ if (success[i]) {
+ torture_fail(tctx, tmp);
+ } else {
+ torture_warning(tctx, tmp);
+ }
+ }
+
+ free(buffer);
+ buffer = NULL;
+ }
+
+ return TRUE;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL test_EnumMonitors(struct torture_context *tctx,
+ LPSTR servername)
+{
+ DWORD levels[] = { 1, 2 };
+ DWORD success[] = { 1, 1 };
+ DWORD i;
+ LPBYTE buffer = NULL;
+
+ for (i=0; i < ARRAY_SIZE(levels); i++) {
+
+ DWORD needed = 0;
+ DWORD returned = 0;
+ DWORD err = 0;
+ char tmp[1024];
+
+ torture_comment(tctx, "Testing EnumMonitors level %d", levels[i]);
+
+ EnumMonitors(servername, levels[i], NULL, 0, &needed, &returned);
+ err = GetLastError();
+ if (err == ERROR_INSUFFICIENT_BUFFER) {
+ err = 0;
+ buffer = malloc(needed);
+ torture_assert(tctx, buffer, "malloc failed");
+ if (!EnumMonitors(servername, levels[i], buffer, needed, &needed, &returned)) {
+ err = GetLastError();
+ }
+ }
+ if (err) {
+ sprintf(tmp, "EnumMonitors failed level %d on [%s] (buffer size = %d), error: %s\n",
+ levels[i], servername, needed, errstr(err));
+ if (success[i]) {
+ torture_fail(tctx, tmp);
+ } else {
+ torture_warning(tctx, tmp);
+ }
+ }
+
+ free(buffer);
+ buffer = NULL;
+ }
+
+ return TRUE;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL test_EnumPrintProcessors(struct torture_context *tctx,
+ LPSTR servername,
+ LPSTR architecture)
+{
+ DWORD levels[] = { 1 };
+ DWORD success[] = { 1 };
+ DWORD i;
+ LPBYTE buffer = NULL;
+
+ for (i=0; i < ARRAY_SIZE(levels); i++) {
+
+ DWORD needed = 0;
+ DWORD returned = 0;
+ DWORD err = 0;
+ char tmp[1024];
+
+ torture_comment(tctx, "Testing EnumPrintProcessors level %d", levels[i]);
+
+ EnumPrintProcessors(servername, architecture, levels[i], NULL, 0, &needed, &returned);
+ err = GetLastError();
+ if (err == ERROR_INSUFFICIENT_BUFFER) {
+ err = 0;
+ buffer = malloc(needed);
+ torture_assert(tctx, buffer, "malloc failed");
+ if (!EnumPrintProcessors(servername, architecture, levels[i], buffer, needed, &needed, &returned)) {
+ err = GetLastError();
+ }
+ }
+ if (err) {
+ sprintf(tmp, "EnumPrintProcessors failed level %d on [%s] (buffer size = %d), error: %s\n",
+ levels[i], servername, needed, errstr(err));
+ if (success[i]) {
+ torture_fail(tctx, tmp);
+ } else {
+ torture_warning(tctx, tmp);
+ }
+ }
+
+ free(buffer);
+ buffer = NULL;
+ }
+
+ return TRUE;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL test_EnumPrintProcessorDatatypes(struct torture_context *tctx,
+ LPSTR servername)
+{
+ DWORD levels[] = { 1 };
+ DWORD success[] = { 1 };
+ DWORD i;
+ LPBYTE buffer = NULL;
+
+ for (i=0; i < ARRAY_SIZE(levels); i++) {
+
+ DWORD needed = 0;
+ DWORD returned = 0;
+ DWORD err = 0;
+ char tmp[1024];
+
+ torture_comment(tctx, "Testing EnumPrintProcessorDatatypes level %d", levels[i]);
+
+ EnumPrintProcessorDatatypes(servername, "winprint", levels[i], NULL, 0, &needed, &returned);
+ err = GetLastError();
+ if (err == ERROR_INSUFFICIENT_BUFFER) {
+ err = 0;
+ buffer = malloc(needed);
+ torture_assert(tctx, buffer, "malloc failed");
+ if (!EnumPrintProcessorDatatypes(servername, "winprint", levels[i], buffer, needed, &needed, &returned)) {
+ err = GetLastError();
+ }
+ }
+ if (err) {
+ sprintf(tmp, "EnumPrintProcessorDatatypes failed level %d on [%s] (buffer size = %d), error: %s\n",
+ levels[i], servername, needed, errstr(err));
+ if (success[i]) {
+ torture_fail(tctx, tmp);
+ } else {
+ torture_warning(tctx, tmp);
+ }
+ }
+
+ free(buffer);
+ buffer = NULL;
+ }
+
+ return TRUE;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL test_EnumPrinterKey(struct torture_context *tctx,
+ LPSTR servername,
+ HANDLE handle,
+ LPCSTR key)
+{
+ LPSTR buffer = NULL;
+ DWORD needed = 0;
+ DWORD err = 0;
+ char tmp[1024];
+
+ torture_comment(tctx, "Testing EnumPrinterKey(%s)", key);
+
+ err = EnumPrinterKey(handle, key, NULL, 0, &needed);
+ if (err == ERROR_MORE_DATA) {
+ buffer = (LPTSTR)malloc(needed);
+ torture_assert(tctx, buffer, "malloc failed");
+ err = EnumPrinterKey(handle, key, buffer, needed, &needed);
+ }
+ if (err) {
+ sprintf(tmp, "EnumPrinterKey(%s) failed on [%s] (buffer size = %d), error: %s\n",
+ key, servername, needed, errstr(err));
+ torture_fail(tctx, tmp);
+ }
+
+ if (tctx->print) {
+ print_printer_keys(buffer);
+ }
+
+ free(buffer);
+
+ return TRUE;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL test_GetPrinter(struct torture_context *tctx,
+ LPSTR printername,
+ HANDLE handle)
+{
+ DWORD levels[] = { 1, 2, 3, 4, 5, 6, 7, 8 };
+ DWORD success[] = { 1, 1, 1, 1, 1, 1, 1, 1 };
+ DWORD i;
+ LPBYTE buffer = NULL;
+
+ for (i=0; i < ARRAY_SIZE(levels); i++) {
+
+ DWORD needed = 0;
+ DWORD err = 0;
+ char tmp[1024];
+
+ torture_comment(tctx, "Testing GetPrinter level %d", levels[i]);
+
+ GetPrinter(handle, levels[i], NULL, 0, &needed);
+ err = GetLastError();
+ if (err == ERROR_INSUFFICIENT_BUFFER) {
+ err = 0;
+ buffer = malloc(needed);
+ torture_assert(tctx, buffer, "malloc failed");
+ if (!GetPrinter(handle, levels[i], buffer, needed, &needed)) {
+ err = GetLastError();
+ }
+ }
+ if (err) {
+ sprintf(tmp, "GetPrinter failed level %d on [%s] (buffer size = %d), error: %s\n",
+ levels[i], printername, needed, errstr(err));
+ if (success[i]) {
+ torture_fail(tctx, tmp);
+ } else {
+ torture_warning(tctx, tmp);
+ }
+ }
+
+ free(buffer);
+ buffer = NULL;
+ }
+
+ return TRUE;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL test_GetPrinterDriver(struct torture_context *tctx,
+ LPSTR printername,
+ LPSTR architecture,
+ HANDLE handle)
+{
+ DWORD levels[] = { 1, 2, 3, 4, 5, 6, 8 };
+ DWORD success[] = { 1, 1, 1, 1, 1, 1, 1 };
+ DWORD i;
+ LPBYTE buffer = NULL;
+
+ for (i=0; i < ARRAY_SIZE(levels); i++) {
+
+ DWORD needed = 0;
+ DWORD err = 0;
+ char tmp[1024];
+
+ torture_comment(tctx, "Testing GetPrinterDriver level %d", levels[i]);
+
+ GetPrinterDriver(handle, architecture, levels[i], NULL, 0, &needed);
+ err = GetLastError();
+ if (err == ERROR_INSUFFICIENT_BUFFER) {
+ err = 0;
+ buffer = malloc(needed);
+ torture_assert(tctx, buffer, "malloc failed");
+ if (!GetPrinterDriver(handle, architecture, levels[i], buffer, needed, &needed)) {
+ err = GetLastError();
+ }
+ }
+ if (err) {
+ sprintf(tmp, "GetPrinterDriver failed level %d on [%s] (buffer size = %d), error: %s\n",
+ levels[i], printername, needed, errstr(err));
+ if (success[i]) {
+ torture_fail(tctx, tmp);
+ } else {
+ torture_warning(tctx, tmp);
+ }
+ }
+
+ free(buffer);
+ buffer = NULL;
+ }
+
+ return TRUE;
+}
+
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL test_EnumJobs(struct torture_context *tctx,
+ LPSTR printername,
+ HANDLE handle)
+{
+ DWORD levels[] = { 1, 2, 3, 4 };
+ DWORD success[] = { 1, 1, 1, 1 };
+ DWORD i;
+ LPBYTE buffer = NULL;
+
+ for (i=0; i < ARRAY_SIZE(levels); i++) {
+
+ DWORD needed = 0;
+ DWORD returned = 0;
+ DWORD err = 0;
+ char tmp[1024];
+
+ torture_comment(tctx, "Testing EnumJobs level %d", levels[i]);
+
+ EnumJobs(handle, 0, 100, levels[i], NULL, 0, &needed, &returned);
+ err = GetLastError();
+ if (err == ERROR_INSUFFICIENT_BUFFER) {
+ err = 0;
+ buffer = malloc(needed);
+ torture_assert(tctx, buffer, "malloc failed");
+ if (!EnumJobs(handle, 0, 100, levels[i], buffer, needed, &needed, &returned)) {
+ err = GetLastError();
+ }
+ }
+ if (err) {
+ sprintf(tmp, "EnumJobs failed level %d on [%s] (buffer size = %d), error: %s\n",
+ levels[i], printername, needed, errstr(err));
+ if (success[i]) {
+ torture_fail(tctx, tmp);
+ } else {
+ torture_warning(tctx, tmp);
+ }
+ }
+
+ free(buffer);
+ buffer = NULL;
+ }
+
+ return TRUE;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL test_OnePrinter(struct torture_context *tctx,
+ LPSTR printername,
+ LPSTR architecture)
+{
+ HANDLE handle;
+ BOOL ret = TRUE;
+
+ torture_comment(tctx, "Testing Printer %s", printername);
+
+ ret &= test_OpenPrinter(tctx, printername, &handle);
+ ret &= test_GetPrinter(tctx, printername, handle);
+ ret &= test_GetPrinterDriver(tctx, printername, architecture, handle);
+ ret &= test_EnumForms(tctx, printername, handle);
+ ret &= test_EnumJobs(tctx, printername, handle);
+ ret &= test_EnumPrinterKey(tctx, printername, handle, "");
+ ret &= test_EnumPrinterKey(tctx, printername, handle, "PrinterDriverData");
+ ret &= test_ClosePrinter(tctx, handle);
+
+ return ret;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL test_EachPrinter(struct torture_context *tctx,
+ LPSTR servername,
+ LPSTR architecture)
+{
+ DWORD needed = 0;
+ DWORD returned = 0;
+ DWORD err = 0;
+ char tmp[1024];
+ DWORD i;
+ DWORD flags = PRINTER_ENUM_NAME;
+ PPRINTER_INFO_1 buffer = NULL;
+ BOOL ret = TRUE;
+
+ torture_comment(tctx, "Testing EnumPrinters level %d", 1);
+
+ EnumPrinters(flags, servername, 1, NULL, 0, &needed, &returned);
+ err = GetLastError();
+ if (err == ERROR_INSUFFICIENT_BUFFER) {
+ err = 0;
+ buffer = (PPRINTER_INFO_1)malloc(needed);
+ torture_assert(tctx, buffer, "malloc failed");
+ if (!EnumPrinters(flags, servername, 1, (LPBYTE)buffer, needed, &needed, &returned)) {
+ err = GetLastError();
+ }
+ }
+ if (err) {
+ sprintf(tmp, "EnumPrinters failed level %d on [%s] (buffer size = %d), error: %s\n",
+ 1, servername, needed, errstr(err));
+ torture_fail(tctx, tmp);
+ }
+
+ for (i=0; i < returned; i++) {
+ ret &= test_OnePrinter(tctx, buffer[i].pName, architecture);
+ }
+
+ free(buffer);
+
+ return ret;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL test_GetPrintProcessorDirectory(struct torture_context *tctx,
+ LPSTR servername,
+ LPSTR architecture)
+{
+ DWORD levels[] = { 1 };
+ DWORD success[] = { 1 };
+ DWORD i;
+ LPBYTE buffer = NULL;
+
+ for (i=0; i < ARRAY_SIZE(levels); i++) {
+
+ DWORD needed = 0;
+ DWORD err = 0;
+ char tmp[1024];
+
+ torture_comment(tctx, "Testing GetPrintProcessorDirectory level %d", levels[i]);
+
+ GetPrintProcessorDirectory(servername, architecture, levels[i], NULL, 0, &needed);
+ err = GetLastError();
+ if (err == ERROR_INSUFFICIENT_BUFFER) {
+ err = 0;
+ buffer = malloc(needed);
+ torture_assert(tctx, buffer, "malloc failed");
+ if (!GetPrintProcessorDirectory(servername, architecture, levels[i], buffer, needed, &needed)) {
+ err = GetLastError();
+ }
+ }
+ if (err) {
+ sprintf(tmp, "GetPrintProcessorDirectory failed level %d on [%s] (buffer size = %d), error: %s\n",
+ levels[i], servername, needed, errstr(err));
+ if (success[i]) {
+ torture_fail(tctx, tmp);
+ } else {
+ torture_warning(tctx, tmp);
+ }
+ }
+
+ free(buffer);
+ buffer = NULL;
+ }
+
+ return TRUE;
+}
+
+/****************************************************************************
+****************************************************************************/
+
+static BOOL test_GetPrinterDriverDirectory(struct torture_context *tctx,
+ LPSTR servername,
+ LPSTR architecture)
+{
+ DWORD levels[] = { 1 };
+ DWORD success[] = { 1 };
+ DWORD i;
+ LPBYTE buffer = NULL;
+
+ for (i=0; i < ARRAY_SIZE(levels); i++) {
+
+ DWORD needed = 0;
+ DWORD err = 0;
+ char tmp[1024];
+
+ torture_comment(tctx, "Testing GetPrinterDriverDirectory level %d", levels[i]);
+
+ GetPrinterDriverDirectory(servername, architecture, levels[i], NULL, 0, &needed);
+ err = GetLastError();
+ if (err == ERROR_INSUFFICIENT_BUFFER) {
+ err = 0;
+ buffer = malloc(needed);
+ torture_assert(tctx, buffer, "malloc failed");
+ if (!GetPrinterDriverDirectory(servername, architecture, levels[i], buffer, needed, &needed)) {
+ err = GetLastError();
+ }
+ }
+ if (err) {
+ sprintf(tmp, "GetPrinterDriverDirectory failed level %d on [%s] (buffer size = %d), error: %s\n",
+ levels[i], servername, needed, errstr(err));
+ if (success[i]) {
+ torture_fail(tctx, tmp);
+ } else {
+ torture_warning(tctx, tmp);
+ }
+ }
+
+ free(buffer);
+ buffer = NULL;
+ }
+
+ return TRUE;
+}
+
+
+/****************************************************************************
+****************************************************************************/
+
+int main(int argc, char *argv[])
+{
+ BOOL ret = FALSE;
+ LPSTR servername;
+ LPSTR architecture = "Windows NT x86";
+ HANDLE server_handle;
+ struct torture_context *tctx;
+
+ if (argc < 2) {
+ fprintf(stderr, "usage: %s <servername> [print]\n", argv[0]);
+ exit(-1);
+ }
+
+ tctx = malloc(sizeof(struct torture_context));
+ if (!tctx) {
+ fprintf(stderr, "out of memory\n");
+ exit(-1);
+ }
+ memset(tctx, '\0', sizeof(*tctx));
+
+ servername = argv[1];
+
+ if (argc >= 3) {
+ if (strcmp(argv[2], "print") == 0) {
+ tctx->print = TRUE;
+ }
+ }
+
+ ret &= test_EnumPrinters(tctx, servername);
+ ret &= test_EnumDrivers(tctx, servername, architecture);
+ ret &= test_OpenPrinter(tctx, servername, &server_handle);
+/* ret &= test_EnumPrinterKey(tctx, servername, server_handle, ""); */
+ ret &= test_EnumForms(tctx, servername, server_handle);
+ ret &= test_ClosePrinter(tctx, server_handle);
+ ret &= test_EnumPorts(tctx, servername);
+ ret &= test_EnumMonitors(tctx, servername);
+ ret &= test_EnumPrintProcessors(tctx, servername, architecture);
+ ret &= test_EnumPrintProcessorDatatypes(tctx, servername);
+ ret &= test_GetPrintProcessorDirectory(tctx, servername, architecture);
+ ret &= test_GetPrinterDriverDirectory(tctx, servername, architecture);
+ ret &= test_EachPrinter(tctx, servername, architecture);
+
+ if (!ret) {
+ if (tctx->last_reason) {
+ fprintf(stderr, "failed: %s\n", tctx->last_reason);
+ }
+ free(tctx);
+ return -1;
+ }
+
+ printf("%s run successfully\n", argv[0]);
+
+ free(tctx);
+ return 0;
+}
diff --git a/testprogs/win32/spoolss/spoolss.h b/testprogs/win32/spoolss/spoolss.h
new file mode 100644
index 0000000000..f025fccb3f
--- /dev/null
+++ b/testprogs/win32/spoolss/spoolss.h
@@ -0,0 +1,51 @@
+/*
+ Unix SMB/CIFS implementation.
+ test suite for spoolss rpc operations
+
+ Copyright (C) Guenther Deschner 2009
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#if 0
+#include "lib/replace/replace.h"
+#endif
+
+#include <windows.h>
+#include <stdio.h>
+
+#include "error.h"
+#include "printlib_proto.h"
+
+#if 0
+#include "lib/talloc/talloc.h"
+#include "libcli/util/ntstatus.h"
+#include "lib/torture/torture.h"
+#endif
+
+#ifndef ARRAY_SIZE
+#define ARRAY_SIZE(a) (sizeof(a)/sizeof(a[0]))
+#endif
+
+#ifndef true
+#define true TRUE
+#endif
+
+#ifndef false
+#define false FALSE
+#endif
+
+#ifndef PRINTER_ENUM_NAME
+#define PRINTER_ENUM_NAME 8
+#endif
diff --git a/testprogs/win32/spoolss/string.h b/testprogs/win32/spoolss/string.h
new file mode 100644
index 0000000000..17561eb7ad
--- /dev/null
+++ b/testprogs/win32/spoolss/string.h
@@ -0,0 +1,15 @@
+/* __location__ macro replacement taken from talloc.h */
+
+/*
+ this uses a little trick to allow __LINE__ to be stringified
+*/
+#ifndef __location__
+#define __STRING_LINE1__(s) #s
+#define __STRING_LINE2__(s) __STRING_LINE1__(s)
+#define __STRING_LINE3__ __STRING_LINE2__(__LINE__)
+#define __location__ __FILE__ ":" __STRING_LINE3__
+#endif
+
+#ifndef __STRING
+#define __STRING(s) #s
+#endif
diff --git a/testprogs/win32/spoolss/torture.c b/testprogs/win32/spoolss/torture.c
new file mode 100644
index 0000000000..27872a6ccc
--- /dev/null
+++ b/testprogs/win32/spoolss/torture.c
@@ -0,0 +1,106 @@
+/*
+ Unix SMB/CIFS implementation.
+ SMB torture UI functions
+
+ Copyright (C) Jelmer Vernooij 2006
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#include "spoolss.h"
+#include "torture.h"
+
+/****************************************************************************
+****************************************************************************/
+
+void torture_warning(struct torture_context *context, const char *comment, ...)
+{
+ va_list ap;
+ char tmp[1024];
+
+#if 0
+ if (!context->results->ui_ops->warning)
+ return;
+#endif
+
+ va_start(ap, comment);
+ if (vsprintf(tmp, comment, ap) == -1) {
+ return;
+ }
+ va_end(ap);
+
+ fprintf(stderr, "WARNING: %s\n", tmp);
+#if 0
+ context->results->ui_ops->warning(context, tmp);
+
+ free(tmp);
+#endif
+}
+
+/****************************************************************************
+****************************************************************************/
+
+void torture_result(struct torture_context *context,
+ enum torture_result result, const char *fmt, ...)
+{
+ va_list ap;
+ char tmp[1024];
+
+ va_start(ap, fmt);
+
+ if (context->last_reason) {
+ torture_warning(context, "%s", context->last_reason);
+ free(context->last_reason);
+ context->last_reason = NULL;
+ }
+
+ context->last_result = result;
+ if (vsprintf(tmp, fmt, ap) == -1) {
+ return;
+ }
+ context->last_reason = malloc(sizeof(tmp));
+ if (!context->last_reason) {
+ return;
+ }
+ memcpy(context->last_reason, tmp, sizeof(tmp));
+
+ va_end(ap);
+}
+
+/****************************************************************************
+****************************************************************************/
+
+void torture_comment(struct torture_context *context, const char *comment, ...)
+{
+ va_list ap;
+ char tmp[1024];
+#if 0
+ if (!context->results->ui_ops->comment)
+ return;
+#endif
+ va_start(ap, comment);
+ if (vsprintf(tmp, comment, ap) == -1) {
+ return;
+ }
+ va_end(ap);
+
+#if 0
+ context->results->ui_ops->comment(context, tmp);
+#endif
+ fprintf(stdout, "%s\n", tmp);
+
+#if 0
+ free(tmp);
+#endif
+}
diff --git a/testprogs/win32/spoolss/torture.h b/testprogs/win32/spoolss/torture.h
new file mode 100644
index 0000000000..23746cc2b7
--- /dev/null
+++ b/testprogs/win32/spoolss/torture.h
@@ -0,0 +1,91 @@
+/*
+ Unix SMB/CIFS implementation.
+ SMB torture UI functions
+
+ Copyright (C) Jelmer Vernooij 2006
+
+ This program is free software; you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>.
+*/
+
+#ifndef __TORTURE_UI_H__
+#define __TORTURE_UI_H__
+
+/****************************************************************************
+****************************************************************************/
+
+enum torture_result {
+ TORTURE_OK=0,
+ TORTURE_FAIL=1,
+ TORTURE_ERROR=2,
+ TORTURE_SKIP=3
+};
+
+struct torture_context {
+ enum torture_result last_result;
+ char *last_reason;
+ BOOL print;
+};
+
+/****************************************************************************
+****************************************************************************/
+
+#define torture_assert(torture_ctx,expr,cmt) do {\
+ if (!(expr)) {\
+ torture_result(torture_ctx, TORTURE_FAIL, __location__": Expression `%s' failed: %s", __STRING(expr), cmt); \
+ return false;\
+ }\
+} while(0)
+
+#define torture_assert_str_equal(torture_ctx,got,expected,cmt)\
+ do { const char *__got = (got), *__expected = (expected); \
+ if (strcmp_safe(__got, __expected) != 0) { \
+ torture_result(torture_ctx, TORTURE_FAIL, \
+ __location__": "#got" was %s, expected %s: %s", \
+ __got, __expected, cmt); \
+ return false; \
+ } \
+ } while(0)
+
+#define torture_assert_int_equal(torture_ctx,got,expected,cmt)\
+ do { int __got = (got), __expected = (expected); \
+ if (__got != __expected) { \
+ torture_result(torture_ctx, TORTURE_FAIL, \
+ __location__": "#got" was %d, expected %d: %s", \
+ __got, __expected, cmt); \
+ return false; \
+ } \
+ } while(0)
+
+#define torture_assert_mem_equal(torture_ctx,got,expected,len,cmt)\
+ do { const void *__got = (got), *__expected = (expected); \
+ if (memcmp(__got, __expected, len) != 0) { \
+ torture_result(torture_ctx, TORTURE_FAIL, \
+ __location__": "#got" of len %d did not match "#expected": %s", (int)len, cmt); \
+ return false; \
+ } \
+ } while(0)
+
+#define torture_skip(torture_ctx,cmt) do {\
+ torture_result(torture_ctx, TORTURE_SKIP, __location__": %s", cmt);\
+ return true; \
+ } while(0)
+
+#define torture_fail(torture_ctx,cmt) do {\
+ torture_result(torture_ctx, TORTURE_FAIL, __location__": %s", cmt);\
+ return false; \
+ } while (0)
+
+#include "torture_proto.h"
+
+#endif
diff --git a/testprogs/win32/spoolss/torture_proto.h b/testprogs/win32/spoolss/torture_proto.h
new file mode 100644
index 0000000000..5d1dd8804b
--- /dev/null
+++ b/testprogs/win32/spoolss/torture_proto.h
@@ -0,0 +1,32 @@
+#ifndef __TORTURE_PROTO_H__
+#define __TORTURE_PROTO_H__
+
+#undef _PRINTF_ATTRIBUTE
+#define _PRINTF_ATTRIBUTE(a1, a2) PRINTF_ATTRIBUTE(a1, a2)
+/* This file was automatically generated by mkproto.pl. DO NOT EDIT */
+
+/* this file contains prototypes for functions that are private
+ * to this subsystem or library. These functions should not be
+ * used outside this particular subsystem! */
+
+
+/* The following definitions come from torture.c */
+
+
+/****************************************************************************
+****************************************************************************/
+void torture_warning(struct torture_context *context, const char *comment, ...);
+
+/****************************************************************************
+****************************************************************************/
+void torture_result(struct torture_context *context,
+ enum torture_result result, const char *fmt, ...);
+
+/****************************************************************************
+****************************************************************************/
+void torture_comment(struct torture_context *context, const char *comment, ...);
+#undef _PRINTF_ATTRIBUTE
+#define _PRINTF_ATTRIBUTE(a1, a2)
+
+#endif /* __TORTURE_PROTO_H__ */
+