diff options
| author | Andrew Bartlett <abartlet@samba.org> | 2003-04-29 12:54:46 +0000 |
|---|---|---|
| committer | Andrew Bartlett <abartlet@samba.org> | 2003-04-29 12:54:46 +0000 |
| commit | a60682e9ab98bdeaf1c216616fb3f50515e2cc23 (patch) | |
| tree | 43e22649ffda0e85622cb43fabb602d3af8bd09e /examples/LDAP/samba.schema | |
| parent | 2aadb320a4485b5610928fa13a784680246a3489 (diff) | |
| download | samba-a60682e9ab98bdeaf1c216616fb3f50515e2cc23.tar.gz samba-a60682e9ab98bdeaf1c216616fb3f50515e2cc23.tar.bz2 samba-a60682e9ab98bdeaf1c216616fb3f50515e2cc23.zip | |
Merge Samba 3.0 pdb_ldap from 3.0 into HEAD, so as to allow idra to continue
his IDMAP work.
This version also works properly (the HEAD version had suffered from bitrot),
and should be a good basis to change into the new IDMAP rules.
It also includes UTF8 conversions.
Included also are the schema changes, and a note about the now very old scripts
in examples/LDAP (they don't work for this, or even the previous schema).
Andrew Bartlett
(This used to be commit 38a8f2b23a12f6a964d447f7904dd722a1ca046c)
Diffstat (limited to 'examples/LDAP/samba.schema')
| -rw-r--r-- | examples/LDAP/samba.schema | 39 |
1 files changed, 34 insertions, 5 deletions
diff --git a/examples/LDAP/samba.schema b/examples/LDAP/samba.schema index b95fbeb8ff..f9475f07ea 100644 --- a/examples/LDAP/samba.schema +++ b/examples/LDAP/samba.schema @@ -111,6 +111,15 @@ attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) ## +## SID, of any type +## + +attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'ntSid' + DESC 'Security ID' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) + +## ## group mapping attributes ## attributetype ( 1.3.6.1.4.1.7165.2.1.19 NAME 'ntGroupType' @@ -118,10 +127,19 @@ attributetype ( 1.3.6.1.4.1.7165.2.1.19 NAME 'ntGroupType' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'ntSid' - DESC 'Security ID' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) +## +## Store info on the domain +## + +attributetype ( 1.3.6.1.4.1.7165.2.1.21 NAME 'nextUserRid' + DESC 'Next NT rid to give our for users' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.22 NAME 'nextGroupRid' + DESC 'Next NT rid to give out for groups' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) ## ## The smbPasswordEntry objectclass has been depreciated in favor of the @@ -146,7 +164,7 @@ attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'ntSid' objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY DESC 'Samba Auxilary Account' - MUST ( uid $ rid ) + MUST ( uid $ ntSid ) MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $ logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $ displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $ @@ -159,6 +177,17 @@ objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY ## ############################################################################ +## +## Whole-of-domain info +## + +objectclass ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL + DESC 'Samba Domain Information' + MUST ( domain $ nextGroupRid $ nextUserRid $ ntSid)) + +## +## Group mapping info +## objectclass ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY DESC 'Samba Group Mapping' MUST ( gidNumber $ ntSid $ ntGroupType ) |