From c7dbe58a36db7678a9678e558822a8612c956cf5 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 5 Sep 2003 04:09:25 +0000 Subject: updated schema for 3.0 for eDirectory 8.7 and Netscape DS 4.x (This used to be commit c9c7150a627abe93a5d3c866605f2300a3cc5ec9) --- examples/LDAP/samba-nds.schema | 352 +++++++++++++------------------ examples/LDAP/samba-schema-netscapeds4.x | 158 +++++++++----- 2 files changed, 259 insertions(+), 251 deletions(-) diff --git a/examples/LDAP/samba-nds.schema b/examples/LDAP/samba-nds.schema index 99e56d75dc..8369c8404e 100644 --- a/examples/LDAP/samba-nds.schema +++ b/examples/LDAP/samba-nds.schema @@ -1,201 +1,151 @@ --- --- Submitted by Bruno Gimenes Pereti --- --- schema file for Novell's eDirectory 8.6 --- - -SambaAccountSchemaExtensions DEFINITIONS ::= -BEGIN - --- Password hashes -"lmPassword" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_CI_STRING, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 1 } -} - -"ntPassword" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_CI_STRING, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 2 } -} - --- Account flags in string format ([UWDX ]) -"acctFlags" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_CI_STRING, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 4 } -} - --- Password timestamps & policies -"pwdLastSet" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_INTEGER, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 3 } -} - -"logonTime" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_INTEGER, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 5 } -} - -"logoffTime" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_INTEGER, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 6 } -} - -"kickoffTime" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_INTEGER, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 7 } -} - -"pwdCanChange" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_INTEGER, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 8 } -} - -"pwdMustChange" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_INTEGER, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 9 } -} - --- string settings -"homeDrive" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_CI_STRING, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 10 } -} - -"scriptPath" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_CI_STRING, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 5 1 4 1 7165 2 1 11 } -} - -"profilePath" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_CI_STRING, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 12 } -} - -"userWorkstations" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_CI_STRING, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 13 } -} - -"smbHome" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_CI_STRING, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 17 } -} - -"domain" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_CI_STRING, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 18 } -} - --- user and group RID -"rid" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_INTEGER, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 14 } -} - -"primaryGroupID" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_INTEGER, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 15 } -} - -"sambaAccount" OBJECT-CLASS ::= -{ - Operation ADD, - Flags {DS_AUXILIARY_CLASS}, - SubClassOf {"TOP"}, - MustContain { "uid"}, - MustContain { "rid"}, - MayContain { "CN"}, - MayContain { "lmPassword"}, - MayContain { "ntPassword"}, - MayContain { "pwdLastSet"}, - MayContain { "logonTime"}, - MayContain { "logoffTime"}, - MayContain { "kickoffTime"}, - MayContain { "pwdCanChange"}, - MayContain { "pwdMustChange"}, - MayContain { "acctFlags"}, - MayContain { "displayName"}, - MayContain { "smbHome"}, - MayContain { "homeDrive"}, - MayContain { "scriptPath"}, - MayContain { "profilePath"}, - MayContain { "description"}, - MayContain { "userWorkstations"}, - MayContain { "primaryGroupID"}, - MayContain { "domain"}, - ASN1ObjID { 1 3 6 1 4 1 7165 2 2 3 } -} - --- Used for Winbind experimentation -"uidPool" OBJECT-CLASS ::= -{ - Operation ADD, - Flags {DS_AUXILIARY_CLASS}, - SubClassOf {"TOP"}, - MustContain { "uidNumber"}, - MustContain { "CN"}, - ASN1ObjID { 1 3 6 1 4 1 7165 1 2 2 3 } -} - -"gidPool" OBJECT-CLASS ::= -{ - Operation ADD, - Flags {DS_AUXILIARY_CLASS}, - SubClassOf {"TOP"}, - MustContain { "gidNumber"}, - MustContain { "CN"}, - ASN1ObjID { 1 3 6 1 4 1 7165 1 2 2 4 } -} - -END - - +## +## Schema file for Novell eDirectory 8.7.x by Uli Iske +## Schema for storing Samba's smbpasswd file in LDAP +## OIDs are owned by the Samba Team +## +####################################################################### +## Attributes used by Samba 3.0 schema ## +####################################################################### + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC 'LanManager Password' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC 'MD4 hash of the unicode password' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC 'Account Flags' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' DESC 'Timestamp of the last password update' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange' DESC 'Timestamp of when the user is allowed to update the password' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' DESC 'Timestamp of when the password will expire' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime' DESC 'Timestamp of last logon' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' DESC 'Timestamp of last logoff' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' DESC 'Timestamp of when the user will be logged off automatically' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' DESC 'Driver letter of home directory mapping' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript' DESC 'Logon script path' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' DESC 'Roaming profile path' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations' DESC 'List of user workstations the user is allowed to logon to' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath' DESC 'Home directory UNC path' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' DESC 'Windows NT domain to which the user belongs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Security ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID' DESC 'Primary Group Security ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' DESC 'NT Group Type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid' DESC 'Next NT rid to give our for users' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid' DESC 'Next NT rid to give out for groups' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid' DESC 'Next NT rid to give out for anything' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase' DESC 'Base at which the samba RID generation algorithm should operate' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +####################################################################### +## objectClasses used by Samba 3.0 schema ## +####################################################################### +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' DESC 'Samba 3.0 Auxilary SAM Account' SUP top AUXILIARY MUST ( uid $ sambaSID ) MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $sambaLogonTime $ sambaLogoffTime $sambaKickoffTime $sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $sambaProfilePath $ description $ sambaUserWorkstations $sambaPrimaryGroupSID $ sambaDomainName )) + +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' DESC 'Samba Group Mapping' SUP top AUXILIARY MUST ( gidNumber $ sambaSID $ sambaGroupType ) MAY ( displayName $ description )) + +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' DESC 'Samba Domain Information' SUP top STRUCTURAL MUST ( sambaDomainName $sambaSID ) MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $sambaAlgorithmicRidBase ) ) + +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( 1.3.6.1.4.1.7165.1.2.2.7 NAME 'sambaUnixIdPool' DESC 'Pool for allocating UNIX uids/gids' SUP top AUXILIARY MUST ( uidNumber $ gidNumber ) ) + +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( 1.3.6.1.4.1.7165.1.2.2.8 NAME 'sambaIdmapEntry' DESC 'Mapping from a SID to an ID' SUP top AUXILIARY MUST ( sambaSID ) MAY ( uidNumber $ gidNumber ) ) + +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( 1.3.6.1.4.1.7165.1.2.2.9 NAME 'sambaSidEntry' DESC 'Structural Class for a SID' SUP top STRUCTURAL MUST ( sambaSID ) ) diff --git a/examples/LDAP/samba-schema-netscapeds4.x b/examples/LDAP/samba-schema-netscapeds4.x index c5a11b8b66..9f40966418 100644 --- a/examples/LDAP/samba-schema-netscapeds4.x +++ b/examples/LDAP/samba-schema-netscapeds4.x @@ -1,54 +1,112 @@ # -# LDAP Schema file for SAMBA attribute storage -# This file is suitable for usage with Netscape Directory Server 4.1x -# Adapted by Scott Lawson with help from Ron Creamer -# +# LDAP Schema file for SAMBA 3.0 attribute storage +# For Netscape Directory Server 4.1x +# Prepared by Osman Demirhan + +attribute sambaLMPassword 1.3.6.1.4.1.7165.2.1.24 cis single +attribute sambaNTPassword 1.3.6.1.4.1.7165.2.1.25 cis single +attribute sambaAcctFlags 1.3.6.1.4.1.7165.2.1.26 cis single +attribute sambaPwdLastSet 1.3.6.1.4.1.7165.2.1.27 int single +attribute sambaPwdCanChange 1.3.6.1.4.1.7165.2.1.28 int single +attribute sambaPwdMustChange 1.3.6.1.4.1.7165.2.1.29 int single +attribute sambaLogonTime 1.3.6.1.4.1.7165.2.1.30 int single +attribute sambaLogoffTime 1.3.6.1.4.1.7165.2.1.31 int single +attribute sambaKickoffTime 1.3.6.1.4.1.7165.2.1.32 int single +attribute sambaHomeDrive 1.3.6.1.4.1.7165.2.1.33 cis single +attribute sambaLogonScript 1.3.6.1.4.1.7165.2.1.34 cis single +attribute sambaProfilePath 1.3.6.1.4.1.7165.2.1.35 cis single +attribute sambaUserWorkstations 1.3.6.1.4.1.7165.2.1.36 cis single +attribute sambaHomePath 1.3.6.1.4.1.7165.2.1.37 cis single +attribute sambaDomainName 1.3.6.1.4.1.7165.2.1.38 cis single +attribute sambaSID 1.3.6.1.4.1.7165.2.1.20 cis single +attribute sambaPrimaryGroupSID 1.3.6.1.4.1.7165.2.1.23 cis single +attribute sambaGroupType 1.3.6.1.4.1.7165.2.1.19 int single +attribute sambaNextUserRid 1.3.6.1.4.1.7165.2.1.21 int single +attribute sambaNextGroupRid 1.3.6.1.4.1.7165.2.1.22 int single +attribute sambaNextRid 1.3.6.1.4.1.7165.2.1.39 int single +attribute sambaAlgorithmicRidBase 1.3.6.1.4.1.7165.2.1.40 int single + +objectclass sambaSamAccount + oid + 1.3.6.1.4.1.7165.2.2.6 + superior + top + requires + objectClass, + uid, + sambaSID + allows + cn, + sambaLMPassword, + sambaNTPassword, + sambaPwdLastSet, + sambaLogonTime, + sambaLogoffTime, + sambaKickoffTime, + sambaPwdCanChange, + sambaPwdMustChange, + sambaAcctFlags, + displayName, + sambaHomePath, + sambaHomeDrive, + sambaLogonScript, + sambaProfilePath, + description, + sambaUserWorkstations, + sambaPrimaryGroupSID, + sambaDomainName + +objectclass sambaGroupMapping + oid + 1.3.6.1.4.1.7165.2.2.4 + superior + top + requires + gidNumber, + sambaSID, + sambaGroupType + allows + displayName, + description + +objectclass sambaDomain + oid + 1.3.6.1.4.1.7165.2.2.5 + superior + top + requires + sambaDomainName, + sambaSID + allows + sambaNextRid, + sambaNextGroupRid, + sambaNextUserRid, + sambaAlgorithmicRidBase -attribute lmPassword 1.3.6.1.4.1.7165.2.1.1 cis single -attribute ntPassword 1.3.6.1.4.1.7165.2.1.2 cis single -attribute acctFlags 1.3.6.1.4.1.7165.2.1.4 cis single -attribute pwdLastSet 1.3.6.1.4.1.7165.2.1.3 int single -attribute logonTime 1.3.6.1.4.1.7165.2.1.5 int single -attribute logoffTime 1.3.6.1.4.1.7165.2.1.6 int single -attribute kickoffTime 1.3.6.1.4.1.7165.2.1.7 int single -attribute pwdCanChange 1.3.6.1.4.1.7165.2.1.8 int single -attribute pwdMustChange 1.3.6.1.4.1.7165.2.1.9 int single -attribute homedrive 1.3.6.1.4.1.7165.2.1.10 cis single -attribute scriptPath 1.3.6.1.4.1.7165.2.1.11 cis single -attribute profilePath 1.3.6.1.4.1.7165.2.1.12 cis single -attribute userWorkstations 1.3.6.1.4.1.7165.2.1.13 cis single -attribute rid 1.3.6.1.4.1.7165.2.1.14 int single -attribute primaryGroupID 1.3.6.1.4.1.7165.2.1.15 int single -attribute smbHome 1.3.6.1.4.1.7165.2.1.17 cis single -attribute domain 1.3.6.1.4.1.7165.2.1.18 cis single +objectclass sambaUnixIdPool + oid + 1.3.6.1.4.1.7165.1.2.2.7 + superior + top + requires + uidNumber, + gidNumber -objectclass sambaAccount - oid - 1.3.1.5.1.4.1.7165.2.2.2 - superior - top - requires - objectClass, - uid, - rid - allows - cn, - lmPassword, - ntPassword, - pwdLastSet, - logonTime, - logoffTime, - KickoffTime, - pwdCanChange, - pwdMustChange, - acctFlags, - displayName, - smbHome, - homeDrive, - scriptPath, - profilePath, - description, - userWorkstations, - primaryGroupID, - domain +objectclass sambaIdmapEntry + oid + 1.3.6.1.4.1.7165.1.2.2.8 + superior + top + requires + sambaSID + allows + uidNumber, + gidNumber +objectclass sambaSidEntry + oid + 1.3.6.1.4.1.7165.1.2.2.9 + superior + top + requires + sambaSID -- cgit