From 873f925a51d30fbfd351467999fae850f7e61110 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 20 Aug 2003 21:53:18 +0000 Subject: adding old NDS schema so I can update it (This used to be commit 25753e2a336a72dc2275a0046003c3a659a0f880) --- examples/LDAP/samba-nds.schema | 201 +++++++++++++++++++++++++++++++++++++++++ 1 file changed, 201 insertions(+) create mode 100644 examples/LDAP/samba-nds.schema (limited to 'examples/LDAP/samba-nds.schema') diff --git a/examples/LDAP/samba-nds.schema b/examples/LDAP/samba-nds.schema new file mode 100644 index 0000000000..99e56d75dc --- /dev/null +++ b/examples/LDAP/samba-nds.schema @@ -0,0 +1,201 @@ +-- +-- Submitted by Bruno Gimenes Pereti +-- +-- schema file for Novell's eDirectory 8.6 +-- + +SambaAccountSchemaExtensions DEFINITIONS ::= +BEGIN + +-- Password hashes +"lmPassword" ATTRIBUTE ::= +{ + Operation ADD, + SyntaxID SYN_CI_STRING, + Flags { DS_SINGLE_VALUED_ATTR }, + ASN1ObjID { 1 3 6 1 4 1 7165 2 1 1 } +} + +"ntPassword" ATTRIBUTE ::= +{ + Operation ADD, + SyntaxID SYN_CI_STRING, + Flags { DS_SINGLE_VALUED_ATTR }, + ASN1ObjID { 1 3 6 1 4 1 7165 2 1 2 } +} + +-- Account flags in string format ([UWDX ]) +"acctFlags" ATTRIBUTE ::= +{ + Operation ADD, + SyntaxID SYN_CI_STRING, + Flags { DS_SINGLE_VALUED_ATTR }, + ASN1ObjID { 1 3 6 1 4 1 7165 2 1 4 } +} + +-- Password timestamps & policies +"pwdLastSet" ATTRIBUTE ::= +{ + Operation ADD, + SyntaxID SYN_INTEGER, + Flags { DS_SINGLE_VALUED_ATTR }, + ASN1ObjID { 1 3 6 1 4 1 7165 2 1 3 } +} + +"logonTime" ATTRIBUTE ::= +{ + Operation ADD, + SyntaxID SYN_INTEGER, + Flags { DS_SINGLE_VALUED_ATTR }, + ASN1ObjID { 1 3 6 1 4 1 7165 2 1 5 } +} + +"logoffTime" ATTRIBUTE ::= +{ + Operation ADD, + SyntaxID SYN_INTEGER, + Flags { DS_SINGLE_VALUED_ATTR }, + ASN1ObjID { 1 3 6 1 4 1 7165 2 1 6 } +} + +"kickoffTime" ATTRIBUTE ::= +{ + Operation ADD, + SyntaxID SYN_INTEGER, + Flags { DS_SINGLE_VALUED_ATTR }, + ASN1ObjID { 1 3 6 1 4 1 7165 2 1 7 } +} + +"pwdCanChange" ATTRIBUTE ::= +{ + Operation ADD, + SyntaxID SYN_INTEGER, + Flags { DS_SINGLE_VALUED_ATTR }, + ASN1ObjID { 1 3 6 1 4 1 7165 2 1 8 } +} + +"pwdMustChange" ATTRIBUTE ::= +{ + Operation ADD, + SyntaxID SYN_INTEGER, + Flags { DS_SINGLE_VALUED_ATTR }, + ASN1ObjID { 1 3 6 1 4 1 7165 2 1 9 } +} + +-- string settings +"homeDrive" ATTRIBUTE ::= +{ + Operation ADD, + SyntaxID SYN_CI_STRING, + Flags { DS_SINGLE_VALUED_ATTR }, + ASN1ObjID { 1 3 6 1 4 1 7165 2 1 10 } +} + +"scriptPath" ATTRIBUTE ::= +{ + Operation ADD, + SyntaxID SYN_CI_STRING, + Flags { DS_SINGLE_VALUED_ATTR }, + ASN1ObjID { 1 3 5 1 4 1 7165 2 1 11 } +} + +"profilePath" ATTRIBUTE ::= +{ + Operation ADD, + SyntaxID SYN_CI_STRING, + Flags { DS_SINGLE_VALUED_ATTR }, + ASN1ObjID { 1 3 6 1 4 1 7165 2 1 12 } +} + +"userWorkstations" ATTRIBUTE ::= +{ + Operation ADD, + SyntaxID SYN_CI_STRING, + Flags { DS_SINGLE_VALUED_ATTR }, + ASN1ObjID { 1 3 6 1 4 1 7165 2 1 13 } +} + +"smbHome" ATTRIBUTE ::= +{ + Operation ADD, + SyntaxID SYN_CI_STRING, + ASN1ObjID { 1 3 6 1 4 1 7165 2 1 17 } +} + +"domain" ATTRIBUTE ::= +{ + Operation ADD, + SyntaxID SYN_CI_STRING, + ASN1ObjID { 1 3 6 1 4 1 7165 2 1 18 } +} + +-- user and group RID +"rid" ATTRIBUTE ::= +{ + Operation ADD, + SyntaxID SYN_INTEGER, + Flags { DS_SINGLE_VALUED_ATTR }, + ASN1ObjID { 1 3 6 1 4 1 7165 2 1 14 } +} + +"primaryGroupID" ATTRIBUTE ::= +{ + Operation ADD, + SyntaxID SYN_INTEGER, + Flags { DS_SINGLE_VALUED_ATTR }, + ASN1ObjID { 1 3 6 1 4 1 7165 2 1 15 } +} + +"sambaAccount" OBJECT-CLASS ::= +{ + Operation ADD, + Flags {DS_AUXILIARY_CLASS}, + SubClassOf {"TOP"}, + MustContain { "uid"}, + MustContain { "rid"}, + MayContain { "CN"}, + MayContain { "lmPassword"}, + MayContain { "ntPassword"}, + MayContain { "pwdLastSet"}, + MayContain { "logonTime"}, + MayContain { "logoffTime"}, + MayContain { "kickoffTime"}, + MayContain { "pwdCanChange"}, + MayContain { "pwdMustChange"}, + MayContain { "acctFlags"}, + MayContain { "displayName"}, + MayContain { "smbHome"}, + MayContain { "homeDrive"}, + MayContain { "scriptPath"}, + MayContain { "profilePath"}, + MayContain { "description"}, + MayContain { "userWorkstations"}, + MayContain { "primaryGroupID"}, + MayContain { "domain"}, + ASN1ObjID { 1 3 6 1 4 1 7165 2 2 3 } +} + +-- Used for Winbind experimentation +"uidPool" OBJECT-CLASS ::= +{ + Operation ADD, + Flags {DS_AUXILIARY_CLASS}, + SubClassOf {"TOP"}, + MustContain { "uidNumber"}, + MustContain { "CN"}, + ASN1ObjID { 1 3 6 1 4 1 7165 1 2 2 3 } +} + +"gidPool" OBJECT-CLASS ::= +{ + Operation ADD, + Flags {DS_AUXILIARY_CLASS}, + SubClassOf {"TOP"}, + MustContain { "gidNumber"}, + MustContain { "CN"}, + ASN1ObjID { 1 3 6 1 4 1 7165 1 2 2 4 } +} + +END + + -- cgit From c7dbe58a36db7678a9678e558822a8612c956cf5 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 5 Sep 2003 04:09:25 +0000 Subject: updated schema for 3.0 for eDirectory 8.7 and Netscape DS 4.x (This used to be commit c9c7150a627abe93a5d3c866605f2300a3cc5ec9) --- examples/LDAP/samba-nds.schema | 352 ++++++++++++++++++----------------------- 1 file changed, 151 insertions(+), 201 deletions(-) (limited to 'examples/LDAP/samba-nds.schema') diff --git a/examples/LDAP/samba-nds.schema b/examples/LDAP/samba-nds.schema index 99e56d75dc..8369c8404e 100644 --- a/examples/LDAP/samba-nds.schema +++ b/examples/LDAP/samba-nds.schema @@ -1,201 +1,151 @@ --- --- Submitted by Bruno Gimenes Pereti --- --- schema file for Novell's eDirectory 8.6 --- - -SambaAccountSchemaExtensions DEFINITIONS ::= -BEGIN - --- Password hashes -"lmPassword" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_CI_STRING, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 1 } -} - -"ntPassword" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_CI_STRING, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 2 } -} - --- Account flags in string format ([UWDX ]) -"acctFlags" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_CI_STRING, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 4 } -} - --- Password timestamps & policies -"pwdLastSet" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_INTEGER, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 3 } -} - -"logonTime" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_INTEGER, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 5 } -} - -"logoffTime" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_INTEGER, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 6 } -} - -"kickoffTime" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_INTEGER, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 7 } -} - -"pwdCanChange" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_INTEGER, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 8 } -} - -"pwdMustChange" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_INTEGER, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 9 } -} - --- string settings -"homeDrive" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_CI_STRING, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 10 } -} - -"scriptPath" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_CI_STRING, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 5 1 4 1 7165 2 1 11 } -} - -"profilePath" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_CI_STRING, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 12 } -} - -"userWorkstations" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_CI_STRING, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 13 } -} - -"smbHome" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_CI_STRING, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 17 } -} - -"domain" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_CI_STRING, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 18 } -} - --- user and group RID -"rid" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_INTEGER, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 14 } -} - -"primaryGroupID" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_INTEGER, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 15 } -} - -"sambaAccount" OBJECT-CLASS ::= -{ - Operation ADD, - Flags {DS_AUXILIARY_CLASS}, - SubClassOf {"TOP"}, - MustContain { "uid"}, - MustContain { "rid"}, - MayContain { "CN"}, - MayContain { "lmPassword"}, - MayContain { "ntPassword"}, - MayContain { "pwdLastSet"}, - MayContain { "logonTime"}, - MayContain { "logoffTime"}, - MayContain { "kickoffTime"}, - MayContain { "pwdCanChange"}, - MayContain { "pwdMustChange"}, - MayContain { "acctFlags"}, - MayContain { "displayName"}, - MayContain { "smbHome"}, - MayContain { "homeDrive"}, - MayContain { "scriptPath"}, - MayContain { "profilePath"}, - MayContain { "description"}, - MayContain { "userWorkstations"}, - MayContain { "primaryGroupID"}, - MayContain { "domain"}, - ASN1ObjID { 1 3 6 1 4 1 7165 2 2 3 } -} - --- Used for Winbind experimentation -"uidPool" OBJECT-CLASS ::= -{ - Operation ADD, - Flags {DS_AUXILIARY_CLASS}, - SubClassOf {"TOP"}, - MustContain { "uidNumber"}, - MustContain { "CN"}, - ASN1ObjID { 1 3 6 1 4 1 7165 1 2 2 3 } -} - -"gidPool" OBJECT-CLASS ::= -{ - Operation ADD, - Flags {DS_AUXILIARY_CLASS}, - SubClassOf {"TOP"}, - MustContain { "gidNumber"}, - MustContain { "CN"}, - ASN1ObjID { 1 3 6 1 4 1 7165 1 2 2 4 } -} - -END - - +## +## Schema file for Novell eDirectory 8.7.x by Uli Iske +## Schema for storing Samba's smbpasswd file in LDAP +## OIDs are owned by the Samba Team +## +####################################################################### +## Attributes used by Samba 3.0 schema ## +####################################################################### + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC 'LanManager Password' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC 'MD4 hash of the unicode password' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC 'Account Flags' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' DESC 'Timestamp of the last password update' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange' DESC 'Timestamp of when the user is allowed to update the password' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' DESC 'Timestamp of when the password will expire' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime' DESC 'Timestamp of last logon' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' DESC 'Timestamp of last logoff' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' DESC 'Timestamp of when the user will be logged off automatically' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' DESC 'Driver letter of home directory mapping' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript' DESC 'Logon script path' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' DESC 'Roaming profile path' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations' DESC 'List of user workstations the user is allowed to logon to' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath' DESC 'Home directory UNC path' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' DESC 'Windows NT domain to which the user belongs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Security ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID' DESC 'Primary Group Security ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' DESC 'NT Group Type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid' DESC 'Next NT rid to give our for users' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid' DESC 'Next NT rid to give out for groups' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid' DESC 'Next NT rid to give out for anything' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase' DESC 'Base at which the samba RID generation algorithm should operate' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +####################################################################### +## objectClasses used by Samba 3.0 schema ## +####################################################################### +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' DESC 'Samba 3.0 Auxilary SAM Account' SUP top AUXILIARY MUST ( uid $ sambaSID ) MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $sambaLogonTime $ sambaLogoffTime $sambaKickoffTime $sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $sambaProfilePath $ description $ sambaUserWorkstations $sambaPrimaryGroupSID $ sambaDomainName )) + +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' DESC 'Samba Group Mapping' SUP top AUXILIARY MUST ( gidNumber $ sambaSID $ sambaGroupType ) MAY ( displayName $ description )) + +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' DESC 'Samba Domain Information' SUP top STRUCTURAL MUST ( sambaDomainName $sambaSID ) MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $sambaAlgorithmicRidBase ) ) + +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( 1.3.6.1.4.1.7165.1.2.2.7 NAME 'sambaUnixIdPool' DESC 'Pool for allocating UNIX uids/gids' SUP top AUXILIARY MUST ( uidNumber $ gidNumber ) ) + +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( 1.3.6.1.4.1.7165.1.2.2.8 NAME 'sambaIdmapEntry' DESC 'Mapping from a SID to an ID' SUP top AUXILIARY MUST ( sambaSID ) MAY ( uidNumber $ gidNumber ) ) + +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( 1.3.6.1.4.1.7165.1.2.2.9 NAME 'sambaSidEntry' DESC 'Structural Class for a SID' SUP top STRUCTURAL MUST ( sambaSID ) ) -- cgit From 1e8cb5430807a5975af33d7305cb66e0d4819a01 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Wed, 20 Oct 2004 15:37:47 +0000 Subject: r3088: update nds schema file from Uli Iske (This used to be commit 3e28c576951051439e6b5e1022ab76a44e30ff9d) --- examples/LDAP/samba-nds.schema | 219 +++++++++++++++++++++++++++++++++++------ 1 file changed, 189 insertions(+), 30 deletions(-) (limited to 'examples/LDAP/samba-nds.schema') diff --git a/examples/LDAP/samba-nds.schema b/examples/LDAP/samba-nds.schema index 8369c8404e..c623b4da67 100644 --- a/examples/LDAP/samba-nds.schema +++ b/examples/LDAP/samba-nds.schema @@ -1,151 +1,310 @@ ## -## Schema file for Novell eDirectory 8.7.x by Uli Iske -## Schema for storing Samba's smbpasswd file in LDAP +## Schema file for Novell eDirectory by Uli Iske +## Schema for storing Samba user accounts and group maps in LDAP +## OIDs are owned by the Samba Team +## +## Prerequisite schemas rfc2307-usergroup.ldif +## +## 1.3.6.1.4.1.7165.2.1.x - attributetypes +## 1.3.6.1.4.1.7165.2.2.x - objectclasses +## ## OIDs are owned by the Samba Team ## ####################################################################### ## Attributes used by Samba 3.0 schema ## ####################################################################### +## +## Password hashes +## + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC 'LanManager Password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC 'MD4 hash of the unicode password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) + +## +## Account flags in string format ((UWDX ]) +## + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC 'Account Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE ) + +## +## Password timestamps & policies +## + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' DESC 'Timestamp of the last password update' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange' DESC 'Timestamp of when the user is allowed to update the password' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' DESC 'Timestamp of when the password will expire' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime' DESC 'Timestamp of last logon' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' DESC 'Timestamp of last logoff' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' DESC 'Timestamp of when the user will be logged off automatically' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount' DESC 'Bad password attempt count' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime' DESC 'Time of the last bad password attempt' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' DESC 'Logon Hours' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +## +## String settings +## + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' DESC 'Driver letter of home directory mapping' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE ) + dn: cn=schema changetype: modify add: attributetypes -attributeTypes: ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC 'LanManager Password' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript' DESC 'Logon script path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) dn: cn=schema changetype: modify add: attributetypes -attributeTypes: ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC 'MD4 hash of the unicode password' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' DESC 'Roaming profile path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) dn: cn=schema changetype: modify add: attributetypes -attributeTypes: ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC 'Account Flags' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations' DESC 'List of user workstations the user is allowed to logon to' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) dn: cn=schema changetype: modify add: attributetypes -attributeTypes: ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' DESC 'Timestamp of the last password update' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath' DESC 'Home directory UNC path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) dn: cn=schema changetype: modify add: attributetypes -attributeTypes: ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange' DESC 'Timestamp of when the user is allowed to update the password' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' DESC 'Windows NT domain to which the user belongs' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) dn: cn=schema changetype: modify add: attributetypes -attributeTypes: ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' DESC 'Timestamp of when the password will expire' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' DESC '' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' DESC 'Concatenated MD4 hashes of the unicode passwords used on this account' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} ) + +## +## SID, of any type +## dn: cn=schema changetype: modify add: attributetypes -attributeTypes: ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime' DESC 'Timestamp of last logon' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Security ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) + +## +## Primary group SID, compatible with ntSid +## dn: cn=schema changetype: modify add: attributetypes -attributeTypes: ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' DESC 'Timestamp of last logoff' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID' DESC 'Primary Group Security ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) dn: cn=schema changetype: modify add: attributetypes -attributeTypes: ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' DESC 'Timestamp of when the user will be logged off automatically' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList' DESC 'Security ID List' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} ) + +## +## group mapping attributes +## dn: cn=schema changetype: modify add: attributetypes -attributeTypes: ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' DESC 'Driver letter of home directory mapping' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' DESC 'NT Group Type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +## +## Store info on domain +## dn: cn=schema changetype: modify add: attributetypes -attributeTypes: ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript' DESC 'Logon script path' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid' DESC 'Next NT rid to give our for users' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) dn: cn=schema changetype: modify add: attributetypes -attributeTypes: ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' DESC 'Roaming profile path' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid' DESC 'Next NT rid to give out for groups' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) dn: cn=schema changetype: modify add: attributetypes -attributeTypes: ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations' DESC 'List of user workstations the user is allowed to logon to' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid' DESC 'Next NT rid to give out for anything' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) dn: cn=schema changetype: modify add: attributetypes -attributeTypes: ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath' DESC 'Home directory UNC path' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase' DESC 'Base at which the samba RID generation algorithm should operate' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) dn: cn=schema changetype: modify add: attributetypes -attributeTypes: ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' DESC 'Windows NT domain to which the user belongs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName' DESC 'Share Name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) dn: cn=schema changetype: modify add: attributetypes -attributeTypes: ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Security ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName' DESC 'Option Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) dn: cn=schema changetype: modify add: attributetypes -attributeTypes: ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID' DESC 'Primary Group Security ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption' DESC 'A boolean option' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) dn: cn=schema changetype: modify add: attributetypes -attributeTypes: ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' DESC 'NT Group Type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption' DESC 'An integer option' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) dn: cn=schema changetype: modify add: attributetypes -attributeTypes: ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid' DESC 'Next NT rid to give our for users' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption' DESC 'A string option' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) dn: cn=schema changetype: modify add: attributetypes -attributeTypes: ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid' DESC 'Next NT rid to give out for groups' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption' DESC 'A string list option' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +## +## unused +## +## dn: cn=schema +## changetype: modify +## add: attributetypes +## attributeTypes: ( 1.3.6.1.4.1.7165.2.1.50 NAME 'sambaPrivName' SUP name ) dn: cn=schema changetype: modify add: attributetypes -attributeTypes: ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid' DESC 'Next NT rid to give out for anything' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.52 NAME 'sambaPrivilegeList' DESC 'Privileges List' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} ) dn: cn=schema changetype: modify add: attributetypes -attributeTypes: ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase' DESC 'Base at which the samba RID generation algorithm should operate' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags' DESC 'Trust Password Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) ####################################################################### ## objectClasses used by Samba 3.0 schema ## ####################################################################### + +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' DESC 'Samba 3.0 Auxilary SAM Account' SUP top AUXILIARY MUST ( uid $ sambaSID ) MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $ displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $ sambaProfilePath $ description $ sambaUserWorkstations $ sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $ sambaBadPasswordCount $ sambaBadPasswordTime $ sambaPasswordHistory $ sambaLogonHours)) + +## +## Group mapping info +## + +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' DESC 'Samba Group Mapping' SUP top AUXILIARY MUST ( gidNumber $ sambaSID $ sambaGroupType ) MAY ( displayName $ description $ sambaSIDList)) + +## +## Trust password for trust relationships (any kind) +## + +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' DESC 'Samba Trust Password' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaNTPassword $ sambaTrustFlags ) MAY ( sambaSID $ sambaPwdLastSet )) + +## +## Whole-of-domain info +## + +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' DESC 'Samba Domain Information' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaSID ) MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithmicRidBase )) + +## +## used for idmap_ldap module +## + +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( 1.3.6.1.4.1.7165.1.2.2.7 NAME 'sambaUnixIdPool' DESC 'Pool for allocating UNIX uids/gids' SUP top AUXILIARY MUST ( uidNumber $ gidNumber )) + dn: cn=schema changetype: modify add: objectClasses -objectClasses: ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' DESC 'Samba 3.0 Auxilary SAM Account' SUP top AUXILIARY MUST ( uid $ sambaSID ) MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $sambaLogonTime $ sambaLogoffTime $sambaKickoffTime $sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $sambaProfilePath $ description $ sambaUserWorkstations $sambaPrimaryGroupSID $ sambaDomainName )) +objectClasses: ( 1.3.6.1.4.1.7165.1.2.2.8 NAME 'sambaIdmapEntry' DESC 'Mapping from a SID to an ID' SUP top AUXILIARY MUST ( sambaSID ) MAY ( uidNumber $ gidNumber )) dn: cn=schema changetype: modify add: objectClasses -objectClasses: ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' DESC 'Samba Group Mapping' SUP top AUXILIARY MUST ( gidNumber $ sambaSID $ sambaGroupType ) MAY ( displayName $ description )) +objectClasses: ( 1.3.6.1.4.1.7165.1.2.2.9 NAME 'sambaSidEntry' DESC 'Structural Class for a SID' SUP top STRUCTURAL MUST ( sambaSID )) dn: cn=schema changetype: modify add: objectClasses -objectClasses: ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' DESC 'Samba Domain Information' SUP top STRUCTURAL MUST ( sambaDomainName $sambaSID ) MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $sambaAlgorithmicRidBase ) ) +objectClasses: ( 1.3.6.1.4.1.7165.1.2.2.10 NAME 'sambaConfig' DESC 'Samba Configuration Section' SUP top AUXILIARY MAY ( description )) dn: cn=schema changetype: modify add: objectClasses -objectClasses: ( 1.3.6.1.4.1.7165.1.2.2.7 NAME 'sambaUnixIdPool' DESC 'Pool for allocating UNIX uids/gids' SUP top AUXILIARY MUST ( uidNumber $ gidNumber ) ) +objectClasses: ( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' DESC 'Samba Share Section' SUP top STRUCTURAL MUST ( sambaShareName ) MAY ( description )) dn: cn=schema changetype: modify add: objectClasses -objectClasses: ( 1.3.6.1.4.1.7165.1.2.2.8 NAME 'sambaIdmapEntry' DESC 'Mapping from a SID to an ID' SUP top AUXILIARY MUST ( sambaSID ) MAY ( uidNumber $ gidNumber ) ) +objectClasses: ( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' DESC 'Samba Configuration Option' SUP top STRUCTURAL MUST ( sambaOptionName ) MAY ( sambaBoolOption $ sambaIntegerOption $ sambaStringOption $ sambaStringListoption $ description )) dn: cn=schema changetype: modify add: objectClasses -objectClasses: ( 1.3.6.1.4.1.7165.1.2.2.9 NAME 'sambaSidEntry' DESC 'Structural Class for a SID' SUP top STRUCTURAL MUST ( sambaSID ) ) +objectClasses: ( 1.3.6.1.4.1.7165.2.2.13 NAME 'sambaPrivilege' DESC 'Samba Privilege' SUP top AUXILIARY MUST ( sambaSID ) MAY ( sambaPrivilegeList )) -- cgit From fa6085a5bfdd7969e582e635f971fe78b69108ca Mon Sep 17 00:00:00 2001 From: Jeremy Allison Date: Thu, 17 Mar 2005 01:25:16 +0000 Subject: r5847: Fixes from Lars Müller and Vince Brimhall @Novell for NDS schema. Jeremy. (This used to be commit 0d3075b2c06709b05513d4be1530ef6df2471480) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- examples/LDAP/samba-nds.schema | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'examples/LDAP/samba-nds.schema') diff --git a/examples/LDAP/samba-nds.schema b/examples/LDAP/samba-nds.schema index c623b4da67..de01f5115a 100644 --- a/examples/LDAP/samba-nds.schema +++ b/examples/LDAP/samba-nds.schema @@ -128,7 +128,7 @@ attributeTypes: ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' DESC '' EQUALIT dn: cn=schema changetype: modify add: attributetypes -attributeTypes: ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' DESC 'Concatenated MD4 hashes of the unicode passwords used on this account' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' DESC 'Concatenated MD4 hashes of the unicode passwords used on this account' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} ) ## ## SID, of any type -- cgit From 9454668a90ab453761c6064835cbc7ac36f9341b Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Tue, 23 Aug 2005 14:02:12 +0000 Subject: r9523: Fix password history for eDirectory (by allowing to store more then 1 password history entry in LDAP...) Thanks to Bernhard Borgmann @ Novell for showing me how to debug eDirecory. Guenther (This used to be commit a6e8de5c3c44d39724c81d371339e67bb0c4f416) --- examples/LDAP/samba-nds.schema | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'examples/LDAP/samba-nds.schema') diff --git a/examples/LDAP/samba-nds.schema b/examples/LDAP/samba-nds.schema index de01f5115a..bb03a67d4d 100644 --- a/examples/LDAP/samba-nds.schema +++ b/examples/LDAP/samba-nds.schema @@ -128,7 +128,7 @@ attributeTypes: ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' DESC '' EQUALIT dn: cn=schema changetype: modify add: attributetypes -attributeTypes: ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' DESC 'Concatenated MD4 hashes of the unicode passwords used on this account' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' DESC 'Concatenated MD4 hashes of the unicode passwords used on this account' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{1024} ) ## ## SID, of any type -- cgit From 3e80ef29a60373a443668357f63ad6f7fda6dab2 Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Fri, 23 Dec 2005 14:45:56 +0000 Subject: r12452: Fix Bug #3053 to allow esp. older eDirectory releases to load our LDAP schema. Maybe "Base64 encoded user parameter string" is not much clearer then "munged dial" - anyone got a better description ? Guenther (This used to be commit 02ccde5f4792e34ad88b7adb5ebaf1747cb8151f) --- examples/LDAP/samba-nds.schema | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'examples/LDAP/samba-nds.schema') diff --git a/examples/LDAP/samba-nds.schema b/examples/LDAP/samba-nds.schema index bb03a67d4d..7bfa5040f8 100644 --- a/examples/LDAP/samba-nds.schema +++ b/examples/LDAP/samba-nds.schema @@ -123,7 +123,7 @@ attributeTypes: ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' DESC 'Windows N dn: cn=schema changetype: modify add: attributetypes -attributeTypes: ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' DESC '' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' DESC 'Base64 encoded user parameter string' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) dn: cn=schema changetype: modify -- cgit From 8b54e0b2a042b6624f8b360dc7bc9e4b691c47eb Mon Sep 17 00:00:00 2001 From: Günther Deschner Date: Thu, 2 Feb 2006 16:25:58 +0000 Subject: r13290: Adding Account Policy LDAP attributes for eDirectory schema. Guenther (This used to be commit de012e33a75e0aa72fbfe2cf1258689e0d7680e2) --- examples/LDAP/samba-nds.schema | 53 +++++++++++++++++++++++++++++++++++++++++- 1 file changed, 52 insertions(+), 1 deletion(-) (limited to 'examples/LDAP/samba-nds.schema') diff --git a/examples/LDAP/samba-nds.schema b/examples/LDAP/samba-nds.schema index 7bfa5040f8..8e8c5bcdf3 100644 --- a/examples/LDAP/samba-nds.schema +++ b/examples/LDAP/samba-nds.schema @@ -234,6 +234,57 @@ changetype: modify add: attributetypes attributeTypes: ( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags' DESC 'Trust Password Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength' DESC 'Minimal password length (default: 5)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength' DESC 'Length of Password History Entries (default: 0 => off)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd' DESC 'Force Users to logon for password change (default: 0 => off, 2 => on)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge' DESC 'Maximum password age, in seconds (default: -1 => never expire passwords)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge' DESC 'Minimum password age, in seconds (default: 0 => allow immediate password change)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration' DESC 'Lockout duration in minutes (default: 30, -1 => forever)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservationWindow' DESC 'Reset time after lockout in minutes (default: 30)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold' DESC 'Lockout users after bad logon attempts (default: 0 => off)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff' DESC 'Disconnect Users outside logon hours (default: -1 => off, 0 => on)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange' DESC 'Allow Machine Password changes (default: 0 => off)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + + ####################################################################### ## objectClasses used by Samba 3.0 schema ## ####################################################################### @@ -268,7 +319,7 @@ objectClasses: ( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' DESC 'Samba T dn: cn=schema changetype: modify add: objectClasses -objectClasses: ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' DESC 'Samba Domain Information' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaSID ) MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithmicRidBase )) +objectClasses: ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' DESC 'Samba Domain Information' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaSID ) MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithmicRidBase $ sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd $ sambaMaxPwdAge $ sambaMinPwdAge $ sambaLockoutDuration $ sambaLockoutObservationWindow $ sambaLockoutThreshold $ sambaForceLogoff $ sambaRefuseMachinePwdChange )) ## ## used for idmap_ldap module -- cgit