From c7dbe58a36db7678a9678e558822a8612c956cf5 Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Fri, 5 Sep 2003 04:09:25 +0000 Subject: updated schema for 3.0 for eDirectory 8.7 and Netscape DS 4.x (This used to be commit c9c7150a627abe93a5d3c866605f2300a3cc5ec9) --- examples/LDAP/samba-nds.schema | 352 ++++++++++++++++++----------------------- 1 file changed, 151 insertions(+), 201 deletions(-) (limited to 'examples/LDAP/samba-nds.schema') diff --git a/examples/LDAP/samba-nds.schema b/examples/LDAP/samba-nds.schema index 99e56d75dc..8369c8404e 100644 --- a/examples/LDAP/samba-nds.schema +++ b/examples/LDAP/samba-nds.schema @@ -1,201 +1,151 @@ --- --- Submitted by Bruno Gimenes Pereti --- --- schema file for Novell's eDirectory 8.6 --- - -SambaAccountSchemaExtensions DEFINITIONS ::= -BEGIN - --- Password hashes -"lmPassword" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_CI_STRING, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 1 } -} - -"ntPassword" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_CI_STRING, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 2 } -} - --- Account flags in string format ([UWDX ]) -"acctFlags" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_CI_STRING, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 4 } -} - --- Password timestamps & policies -"pwdLastSet" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_INTEGER, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 3 } -} - -"logonTime" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_INTEGER, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 5 } -} - -"logoffTime" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_INTEGER, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 6 } -} - -"kickoffTime" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_INTEGER, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 7 } -} - -"pwdCanChange" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_INTEGER, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 8 } -} - -"pwdMustChange" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_INTEGER, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 9 } -} - --- string settings -"homeDrive" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_CI_STRING, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 10 } -} - -"scriptPath" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_CI_STRING, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 5 1 4 1 7165 2 1 11 } -} - -"profilePath" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_CI_STRING, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 12 } -} - -"userWorkstations" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_CI_STRING, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 13 } -} - -"smbHome" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_CI_STRING, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 17 } -} - -"domain" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_CI_STRING, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 18 } -} - --- user and group RID -"rid" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_INTEGER, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 14 } -} - -"primaryGroupID" ATTRIBUTE ::= -{ - Operation ADD, - SyntaxID SYN_INTEGER, - Flags { DS_SINGLE_VALUED_ATTR }, - ASN1ObjID { 1 3 6 1 4 1 7165 2 1 15 } -} - -"sambaAccount" OBJECT-CLASS ::= -{ - Operation ADD, - Flags {DS_AUXILIARY_CLASS}, - SubClassOf {"TOP"}, - MustContain { "uid"}, - MustContain { "rid"}, - MayContain { "CN"}, - MayContain { "lmPassword"}, - MayContain { "ntPassword"}, - MayContain { "pwdLastSet"}, - MayContain { "logonTime"}, - MayContain { "logoffTime"}, - MayContain { "kickoffTime"}, - MayContain { "pwdCanChange"}, - MayContain { "pwdMustChange"}, - MayContain { "acctFlags"}, - MayContain { "displayName"}, - MayContain { "smbHome"}, - MayContain { "homeDrive"}, - MayContain { "scriptPath"}, - MayContain { "profilePath"}, - MayContain { "description"}, - MayContain { "userWorkstations"}, - MayContain { "primaryGroupID"}, - MayContain { "domain"}, - ASN1ObjID { 1 3 6 1 4 1 7165 2 2 3 } -} - --- Used for Winbind experimentation -"uidPool" OBJECT-CLASS ::= -{ - Operation ADD, - Flags {DS_AUXILIARY_CLASS}, - SubClassOf {"TOP"}, - MustContain { "uidNumber"}, - MustContain { "CN"}, - ASN1ObjID { 1 3 6 1 4 1 7165 1 2 2 3 } -} - -"gidPool" OBJECT-CLASS ::= -{ - Operation ADD, - Flags {DS_AUXILIARY_CLASS}, - SubClassOf {"TOP"}, - MustContain { "gidNumber"}, - MustContain { "CN"}, - ASN1ObjID { 1 3 6 1 4 1 7165 1 2 2 4 } -} - -END - - +## +## Schema file for Novell eDirectory 8.7.x by Uli Iske +## Schema for storing Samba's smbpasswd file in LDAP +## OIDs are owned by the Samba Team +## +####################################################################### +## Attributes used by Samba 3.0 schema ## +####################################################################### + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC 'LanManager Password' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC 'MD4 hash of the unicode password' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC 'Account Flags' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' DESC 'Timestamp of the last password update' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange' DESC 'Timestamp of when the user is allowed to update the password' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' DESC 'Timestamp of when the password will expire' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime' DESC 'Timestamp of last logon' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' DESC 'Timestamp of last logoff' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' DESC 'Timestamp of when the user will be logged off automatically' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' DESC 'Driver letter of home directory mapping' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript' DESC 'Logon script path' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' DESC 'Roaming profile path' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations' DESC 'List of user workstations the user is allowed to logon to' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath' DESC 'Home directory UNC path' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' DESC 'Windows NT domain to which the user belongs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Security ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID' DESC 'Primary Group Security ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' DESC 'NT Group Type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid' DESC 'Next NT rid to give our for users' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid' DESC 'Next NT rid to give out for groups' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid' DESC 'Next NT rid to give out for anything' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +dn: cn=schema +changetype: modify +add: attributetypes +attributeTypes: ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase' DESC 'Base at which the samba RID generation algorithm should operate' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +####################################################################### +## objectClasses used by Samba 3.0 schema ## +####################################################################### +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' DESC 'Samba 3.0 Auxilary SAM Account' SUP top AUXILIARY MUST ( uid $ sambaSID ) MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $sambaLogonTime $ sambaLogoffTime $sambaKickoffTime $sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $sambaProfilePath $ description $ sambaUserWorkstations $sambaPrimaryGroupSID $ sambaDomainName )) + +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' DESC 'Samba Group Mapping' SUP top AUXILIARY MUST ( gidNumber $ sambaSID $ sambaGroupType ) MAY ( displayName $ description )) + +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' DESC 'Samba Domain Information' SUP top STRUCTURAL MUST ( sambaDomainName $sambaSID ) MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $sambaAlgorithmicRidBase ) ) + +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( 1.3.6.1.4.1.7165.1.2.2.7 NAME 'sambaUnixIdPool' DESC 'Pool for allocating UNIX uids/gids' SUP top AUXILIARY MUST ( uidNumber $ gidNumber ) ) + +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( 1.3.6.1.4.1.7165.1.2.2.8 NAME 'sambaIdmapEntry' DESC 'Mapping from a SID to an ID' SUP top AUXILIARY MUST ( sambaSID ) MAY ( uidNumber $ gidNumber ) ) + +dn: cn=schema +changetype: modify +add: objectClasses +objectClasses: ( 1.3.6.1.4.1.7165.1.2.2.9 NAME 'sambaSidEntry' DESC 'Structural Class for a SID' SUP top STRUCTURAL MUST ( sambaSID ) ) -- cgit