From c5278567746158192dda8a691f0640f6edc9272e Mon Sep 17 00:00:00 2001 From: Gerald Carter Date: Thu, 22 May 2003 17:18:35 +0000 Subject: moving the sambaAccount objectclass to 'historical' to prevent confusion on which one should be used for new servers. I'll add a note about uncommenting the older items for ldapsam_compat in the release notes (This used to be commit 469c5ad1acfb452617b10653e06ce3b34ec9e146) --- examples/LDAP/samba.schema | 292 ++++++++++++++++++++++----------------------- 1 file changed, 142 insertions(+), 150 deletions(-) (limited to 'examples') diff --git a/examples/LDAP/samba.schema b/examples/LDAP/samba.schema index 7093a96b04..3db7094bf2 100644 --- a/examples/LDAP/samba.schema +++ b/examples/LDAP/samba.schema @@ -10,111 +10,139 @@ ## 1.3.6.1.4.1.7165.2.2.x - objectclasses ## -####################################################################### -## Attributes used by Samba 2.2 schema ## -####################################################################### +######################################################################## +## HISTORICAL ## +######################################################################## ## ## Password hashes ## -attributetype ( 1.3.6.1.4.1.7165.2.1.1 NAME 'lmPassword' - DESC 'LanManager Passwd' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) +#attributetype ( 1.3.6.1.4.1.7165.2.1.1 NAME 'lmPassword' +# DESC 'LanManager Passwd' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) -attributetype ( 1.3.6.1.4.1.7165.2.1.2 NAME 'ntPassword' - DESC 'NT Passwd' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) +#attributetype ( 1.3.6.1.4.1.7165.2.1.2 NAME 'ntPassword' +# DESC 'NT Passwd' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) ## ## Account flags in string format ([UWDX ]) ## -attributetype ( 1.3.6.1.4.1.7165.2.1.4 NAME 'acctFlags' - DESC 'Account Flags' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE ) +#attributetype ( 1.3.6.1.4.1.7165.2.1.4 NAME 'acctFlags' +# DESC 'Account Flags' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE ) -## +## ## Password timestamps & policies ## -attributetype ( 1.3.6.1.4.1.7165.2.1.3 NAME 'pwdLastSet' - DESC 'NT pwdLastSet' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +#attributetype ( 1.3.6.1.4.1.7165.2.1.3 NAME 'pwdLastSet' +# DESC 'NT pwdLastSet' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -attributetype ( 1.3.6.1.4.1.7165.2.1.5 NAME 'logonTime' - DESC 'NT logonTime' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +#attributetype ( 1.3.6.1.4.1.7165.2.1.5 NAME 'logonTime' +# DESC 'NT logonTime' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -attributetype ( 1.3.6.1.4.1.7165.2.1.6 NAME 'logoffTime' - DESC 'NT logoffTime' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +#attributetype ( 1.3.6.1.4.1.7165.2.1.6 NAME 'logoffTime' +# DESC 'NT logoffTime' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -attributetype ( 1.3.6.1.4.1.7165.2.1.7 NAME 'kickoffTime' - DESC 'NT kickoffTime' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +#attributetype ( 1.3.6.1.4.1.7165.2.1.7 NAME 'kickoffTime' +# DESC 'NT kickoffTime' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -attributetype ( 1.3.6.1.4.1.7165.2.1.8 NAME 'pwdCanChange' - DESC 'NT pwdCanChange' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +#attributetype ( 1.3.6.1.4.1.7165.2.1.8 NAME 'pwdCanChange' +# DESC 'NT pwdCanChange' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -attributetype ( 1.3.6.1.4.1.7165.2.1.9 NAME 'pwdMustChange' - DESC 'NT pwdMustChange' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +#attributetype ( 1.3.6.1.4.1.7165.2.1.9 NAME 'pwdMustChange' +# DESC 'NT pwdMustChange' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) ## ## string settings ## -attributetype ( 1.3.6.1.4.1.7165.2.1.10 NAME 'homeDrive' - DESC 'NT homeDrive' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE ) +#attributetype ( 1.3.6.1.4.1.7165.2.1.10 NAME 'homeDrive' +# DESC 'NT homeDrive' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE ) -attributetype ( 1.3.6.1.4.1.7165.2.1.11 NAME 'scriptPath' - DESC 'NT scriptPath' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE ) +#attributetype ( 1.3.6.1.4.1.7165.2.1.11 NAME 'scriptPath' +# DESC 'NT scriptPath' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE ) -attributetype ( 1.3.6.1.4.1.7165.2.1.12 NAME 'profilePath' - DESC 'NT profilePath' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE ) +#attributetype ( 1.3.6.1.4.1.7165.2.1.12 NAME 'profilePath' +# DESC 'NT profilePath' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE ) -attributetype ( 1.3.6.1.4.1.7165.2.1.13 NAME 'userWorkstations' - DESC 'userWorkstations' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE ) +#attributetype ( 1.3.6.1.4.1.7165.2.1.13 NAME 'userWorkstations' +# DESC 'userWorkstations' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE ) -attributetype ( 1.3.6.1.4.1.7165.2.1.17 NAME 'smbHome' - DESC 'smbHome' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) +#attributetype ( 1.3.6.1.4.1.7165.2.1.17 NAME 'smbHome' +# DESC 'smbHome' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) -attributetype ( 1.3.6.1.4.1.7165.2.1.18 NAME 'domain' - DESC 'Windows NT domain to which the user belongs' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) +#attributetype ( 1.3.6.1.4.1.7165.2.1.18 NAME 'domain' +# DESC 'Windows NT domain to which the user belongs' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) ## ## user and group RID ## -attributetype ( 1.3.6.1.4.1.7165.2.1.14 NAME 'rid' - DESC 'NT rid' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +#attributetype ( 1.3.6.1.4.1.7165.2.1.14 NAME 'rid' +# DESC 'NT rid' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID' - DESC 'NT Group RID' - EQUALITY integerMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) +#attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID' +# DESC 'NT Group RID' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +## +## The smbPasswordEntry objectclass has been depreciated in favor of the +## sambaAccount objectclass +## +#objectclass ( 1.3.6.1.4.1.7165.2.2.1 NAME 'smbPasswordEntry' SUP top AUXILIARY +# DESC 'Samba smbpasswd entry' +# MUST ( uid $ uidNumber ) +# MAY ( lmPassword $ ntPassword $ pwdLastSet $ acctFlags )) + +#objectclass ( 1.3.6.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL +# DESC 'Samba Account' +# MUST ( uid $ rid ) +# MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $ +# logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $ +# displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $ +# description $ userWorkstations $ primaryGroupID $ domain )) + +#objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY +# DESC 'Samba Auxilary Account' +# MUST ( uid $ rid ) +# MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $ +# logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $ +# displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $ +# description $ userWorkstations $ primaryGroupID $ domain )) + +######################################################################## +## END OF HISTORICAL ## +######################################################################## - ####################################################################### ## Attributes used by Samba 3.0 schema ## ####################################################################### @@ -123,12 +151,12 @@ attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID' ## Password hashes ## attributetype ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' - DESC 'LanManager Passwd' + DESC 'LanManager Password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' - DESC 'NT Passwd' + DESC 'MD4 hash of the unicode password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) @@ -140,36 +168,36 @@ attributetype ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE ) -## +## ## Password timestamps & policies ## attributetype ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' - DESC 'NT pwdLastSet' + DESC 'Timestamp of the last password update' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange' - DESC 'NT pwdCanChange' + DESC 'Timestamp of when the user is allowed to update the password' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' - DESC 'NT pwdMustChange' + DESC 'Timestamp of when the password will expire' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) - + attributetype ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime' - DESC 'NT logonTime' + DESC 'Timestamp of last logon' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' - DESC 'NT logoffTime' + DESC 'Timestamp of last logoff' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' - DESC 'NT kickoffTime' + DESC 'Timestamp of when the user will be logged off automatically' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) @@ -178,34 +206,34 @@ attributetype ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' ## string settings ## attributetype ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' - DESC 'NT homeDrive' + DESC 'Driver letter of home directory mapping' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript' - DESC 'NT scriptPath' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE ) + DESC 'Logon script path' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' - DESC 'NT profilePath' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE ) + DESC 'Roaming profile path' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations' - DESC 'userWorkstations' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE ) + DESC 'List of user workstations the user is allowed to logon to' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath' - DESC 'smbHome' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) + DESC 'Home directory UNC path' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) attributetype ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' DESC 'Windows NT domain to which the user belongs' - EQUALITY caseIgnoreIA5Match - SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) ## ## SID, of any type @@ -249,70 +277,34 @@ attributetype ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -######################################################################## -## HISTORICAL ## -######################################################################## - -## -## The smbPasswordEntry objectclass has been depreciated in favor of the -## sambaAccount objectclass -## -#objectclass ( 1.3.6.1.4.1.7165.2.2.1 NAME 'smbPasswordEntry' SUP top AUXILIARY -# DESC 'Samba smbpasswd entry' -# MUST ( uid $ uidNumber ) -# MAY ( lmPassword $ ntPassword $ pwdLastSet $ acctFlags )) - -#objectclass ( 1.3.6.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL -# DESC 'Samba Account' -# MUST ( uid $ rid ) -# MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $ -# logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $ -# displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $ -# description $ userWorkstations $ primaryGroupID $ domain )) - -######################################################################## -## END OF HISTORICAL ## -######################################################################## +####################################################################### +## objectClasses used by Samba 3.0 schema ## +####################################################################### -## The X.500 data model (and therefore LDAPv3) says that each entry can -## only have one structural objectclass. OpenLDAP 2.0 does not enforce +## The X.500 data model (and therefore LDAPv3) says that each entry can +## only have one structural objectclass. OpenLDAP 2.0 does not enforce ## this currently but will in v2.1 -objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY - DESC 'Samba Auxilary Account' - MUST ( uid $ rid ) - MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $ - logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $ - displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $ - description $ userWorkstations $ primaryGroupID $ domain )) - ## -## added new objectclass (and OID) for 3.0 to help us deal with backwards +## added new objectclass (and OID) for 3.0 to help us deal with backwards ## compatibility with 2.2 installations (e.g. ldapsam_compat) --jerry ## objectclass ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY - DESC 'Samba 3.0 Auxilary Account' - MUST ( uid $ sambaSID ) - MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ - sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $ - sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $ - displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $ - sambaProfilePath $ description $ sambaUserWorkstations $ + DESC 'Samba 3.0 Auxilary SAM Account' + MUST ( uid $ sambaSID ) + MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ + sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $ + sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $ + displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $ + sambaProfilePath $ description $ sambaUserWorkstations $ sambaPrimaryGroupSID $ sambaDomainName )) -############################################################################ -## -## Please note that this schema is really experimental and might -## change before the 3.0 release. -## -############################################################################ - ## ## Group mapping info ## objectclass ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY DESC 'Samba Group Mapping' - MUST ( gidNumber $ sambaSID $ sambaGroupType ) + MUST ( gidNumber $ sambaSID $ sambaGroupType ) MAY ( displayName $ description )) ## @@ -320,6 +312,6 @@ objectclass ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY ## objectclass ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL DESC 'Samba Domain Information' - MUST ( sambaDomainName $ sambaNextGroupRid $ sambaNextUserRid $ - sambaSID ) ) + MUST ( sambaDomainName $ sambaNextGroupRid $ sambaNextUserRid $ + sambaSID ) ) -- cgit