Subversion Repositories configs

Rev

Details | Last modification | View Log | RSS feed

Rev Author Line No. Line
192 - 1 
##
2 
## schema file for OpenLDAP 2.x
3 
## Schema for storing Samba user accounts and group maps in LDAP
4 
## OIDs are owned by the Samba Team
5 
##
6 
## Prerequisite schemas - uid         (cosine.schema)
7 
##                      - displayName (inetorgperson.schema)
8 
##                      - gidNumber   (nis.schema)
9 
##
10 
## 1.3.6.1.4.1.7165.2.1.x - attributetypes
11 
## 1.3.6.1.4.1.7165.2.2.x - objectclasses
12 
##
13 
## Printer support
14 
## 1.3.6.1.4.1.7165.2.3.1.x - attributetypes
15 
## 1.3.6.1.4.1.7165.2.3.2.x - objectclasses
16 
##
17 
## Samba4 - see source4/setup/schema_samba4.ldif
18 
## 1.3.6.1.4.1.7165.4.1.x - attributetypes
19 
## 1.3.6.1.4.1.7165.4.2.x - objectclasses
20 
## 1.3.6.1.4.1.7165.4.3.x - LDB/LDAP Controls
21 
## 1.3.6.1.4.1.7165.4.4.x - LDB/LDAP Extended Operations
22 
## 1.3.6.1.4.1.7165.4.5.x - ldap extended matches
23 
## 1.3.6.1.4.1.7165.4.6.1.x - SELFTEST random attributes
24 
## 1.3.6.1.4.1.7165.4.255.x - mapped OIDs due to conflicts between AD and standards-track
25 
##
26 
## Out of tree use allocated in the wiki
27 
## 1.3.6.1.4.1.7165.777.x - https://wiki.samba.org/index.php/Samba_AD_schema_extensions#OID
28 
##
29 
## External projects
30 
## 1.3.6.1.4.1.7165.655.x
31 
## 1.3.6.1.4.1.7165.655.1.x - GSS-NTLMSSP
32 
##
33 
## ----- READ THIS WHEN ADDING A NEW ATTRIBUTE OR OBJECT CLASS ------
34 
##
35 
## Run the 'get_next_oid' bash script in this directory to find the
36 
## next available OID for attribute type and object classes.
37 
##
38 
##   $ ./get_next_oid
39 
##   attributetype ( 1.3.6.1.4.1.7165.2.1.XX NAME ....
40 
##   objectclass ( 1.3.6.1.4.1.7165.2.2.XX NAME ....
41 
##
42 
## Also ensure that new entries adhere to the declaration style
43 
## used throughout this file
44 
##
45 
##    <attributetype|objectclass> ( 1.3.6.1.4.1.7165.2.XX.XX NAME ....
46 
##                               ^ ^                        ^
47 
##
48 
## The spaces are required for the get_next_oid script (and for
49 
## readability).
50 
##
51 
## ------------------------------------------------------------------
52 
 
53 
# objectIdentifier SambaRoot 1.3.6.1.4.1.7165
54 
# objectIdentifier Samba3 SambaRoot:2
55 
# objectIdentifier Samba3Attrib Samba3:1
56 
# objectIdentifier Samba3ObjectClass Samba3:2
57 
# objectIdentifier Samba4 SambaRoot:4
58 
 
59 
########################################################################
60 
##                            HISTORICAL                              ##
61 
########################################################################
62 
 
63 
##
64 
## Password hashes
65 
##
66 
#attributetype ( 1.3.6.1.4.1.7165.2.1.1 NAME 'lmPassword'
67 
#	DESC 'LanManager Passwd'
68 
#	EQUALITY caseIgnoreIA5Match
69 
#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
70 
 
71 
#attributetype ( 1.3.6.1.4.1.7165.2.1.2 NAME 'ntPassword'
72 
#	DESC 'NT Passwd'
73 
#	EQUALITY caseIgnoreIA5Match
74 
#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
75 
 
76 
##
77 
## Account flags in string format ([UWDX     ])
78 
##
79 
#attributetype ( 1.3.6.1.4.1.7165.2.1.4 NAME 'acctFlags'
80 
#	DESC 'Account Flags'
81 
#	EQUALITY caseIgnoreIA5Match
82 
#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
83 
 
84 
##
85 
## Password timestamps & policies
86 
##
87 
#attributetype ( 1.3.6.1.4.1.7165.2.1.3 NAME 'pwdLastSet'
88 
#	DESC 'NT pwdLastSet'
89 
#	EQUALITY integerMatch
90 
#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
91 
 
92 
#attributetype ( 1.3.6.1.4.1.7165.2.1.5 NAME 'logonTime'
93 
#	DESC 'NT logonTime'
94 
#	EQUALITY integerMatch
95 
#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
96 
 
97 
#attributetype ( 1.3.6.1.4.1.7165.2.1.6 NAME 'logoffTime'
98 
#	DESC 'NT logoffTime'
99 
#	EQUALITY integerMatch
100 
#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
101 
 
102 
#attributetype ( 1.3.6.1.4.1.7165.2.1.7 NAME 'kickoffTime'
103 
#	DESC 'NT kickoffTime'
104 
#	EQUALITY integerMatch
105 
#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
106 
 
107 
#attributetype ( 1.3.6.1.4.1.7165.2.1.8 NAME 'pwdCanChange'
108 
#	DESC 'NT pwdCanChange'
109 
#	EQUALITY integerMatch
110 
#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
111 
 
112 
#attributetype ( 1.3.6.1.4.1.7165.2.1.9 NAME 'pwdMustChange'
113 
#	DESC 'NT pwdMustChange'
114 
#	EQUALITY integerMatch
115 
#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
116 
 
117 
##
118 
## string settings
119 
##
120 
#attributetype ( 1.3.6.1.4.1.7165.2.1.10 NAME 'homeDrive'
121 
#	DESC 'NT homeDrive'
122 
#	EQUALITY caseIgnoreIA5Match
123 
#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
124 
 
125 
#attributetype ( 1.3.6.1.4.1.7165.2.1.11 NAME 'scriptPath'
126 
#	DESC 'NT scriptPath'
127 
#	EQUALITY caseIgnoreIA5Match
128 
#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
129 
 
130 
#attributetype ( 1.3.6.1.4.1.7165.2.1.12 NAME 'profilePath'
131 
#	DESC 'NT profilePath'
132 
#	EQUALITY caseIgnoreIA5Match
133 
#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
134 
 
135 
#attributetype ( 1.3.6.1.4.1.7165.2.1.13 NAME 'userWorkstations'
136 
#	DESC 'userWorkstations'
137 
#	EQUALITY caseIgnoreIA5Match
138 
#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
139 
 
140 
#attributetype ( 1.3.6.1.4.1.7165.2.1.17 NAME 'smbHome'
141 
#	DESC 'smbHome'
142 
#	EQUALITY caseIgnoreIA5Match
143 
#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
144 
 
145 
#attributetype ( 1.3.6.1.4.1.7165.2.1.18 NAME 'domain'
146 
#	DESC 'Windows NT domain to which the user belongs'
147 
#	EQUALITY caseIgnoreIA5Match
148 
#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
149 
 
150 
##
151 
## user and group RID
152 
##
153 
#attributetype ( 1.3.6.1.4.1.7165.2.1.14 NAME 'rid'
154 
#	DESC 'NT rid'
155 
#	EQUALITY integerMatch
156 
#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
157 
 
158 
#attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID'
159 
#	DESC 'NT Group RID'
160 
#	EQUALITY integerMatch
161 
#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
162 
 
163 
##
164 
## The smbPasswordEntry objectclass has been depreciated in favor of the
165 
## sambaAccount objectclass
166 
##
167 
#objectclass ( 1.3.6.1.4.1.7165.2.2.1 NAME 'smbPasswordEntry' SUP top AUXILIARY
168 
#        DESC 'Samba smbpasswd entry'
169 
#        MUST ( uid $ uidNumber )
170 
#        MAY  ( lmPassword $ ntPassword $ pwdLastSet $ acctFlags ))
171 
 
172 
#objectclass ( 1.3.6.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
173 
#	DESC 'Samba Account'
174 
#	MUST ( uid $ rid )
175 
#	MAY  ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
176 
#               logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
177 
#               displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
178 
#               description $ userWorkstations $ primaryGroupID $ domain ))
179 
 
180 
#objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY
181 
#	DESC 'Samba Auxiliary Account'
182 
#	MUST ( uid $ rid )
183 
#	MAY  ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
184 
#              logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
185 
#              displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
186 
#              description $ userWorkstations $ primaryGroupID $ domain ))
187 
 
188 
########################################################################
189 
##                        END OF HISTORICAL                           ##
190 
########################################################################
191 
 
192 
#######################################################################
193 
##                Attributes used by Samba 3.0 schema                ##
194 
#######################################################################
195 
 
196 
##
197 
## Password hashes
198 
##
199 
attributetype ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword'
200 
	DESC 'LanManager Password'
201 
	EQUALITY caseIgnoreIA5Match
202 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
203 
 
204 
attributetype ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword'
205 
	DESC 'MD4 hash of the unicode password'
206 
	EQUALITY caseIgnoreIA5Match
207 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
208 
 
209 
##
210 
## Account flags in string format ([UWDX     ])
211 
##
212 
attributetype ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags'
213 
	DESC 'Account Flags'
214 
	EQUALITY caseIgnoreIA5Match
215 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
216 
 
217 
##
218 
## Password timestamps & policies
219 
##
220 
attributetype ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet'
221 
	DESC 'Timestamp of the last password update'
222 
	EQUALITY integerMatch
223 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
224 
 
225 
attributetype ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange'
226 
	DESC 'Timestamp of when the user is allowed to update the password'
227 
	EQUALITY integerMatch
228 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
229 
 
230 
attributetype ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange'
231 
	DESC 'Timestamp of when the password will expire'
232 
	EQUALITY integerMatch
233 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
234 
 
235 
attributetype ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime'
236 
	DESC 'Timestamp of last logon'
237 
	EQUALITY integerMatch
238 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
239 
 
240 
attributetype ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime'
241 
	DESC 'Timestamp of last logoff'
242 
	EQUALITY integerMatch
243 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
244 
 
245 
attributetype ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime'
246 
	DESC 'Timestamp of when the user will be logged off automatically'
247 
	EQUALITY integerMatch
248 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
249 
 
250 
attributetype ( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount'
251 
	DESC 'Bad password attempt count'
252 
	EQUALITY integerMatch
253 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
254 
 
255 
attributetype ( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime'
256 
	DESC 'Time of the last bad password attempt'
257 
	EQUALITY integerMatch
258 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
259 
 
260 
attributetype ( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours'
261 
	DESC 'Logon Hours'
262 
	EQUALITY caseIgnoreIA5Match
263 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42} SINGLE-VALUE )
264 
 
265 
##
266 
## string settings
267 
##
268 
attributetype ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive'
269 
	DESC 'Driver letter of home directory mapping'
270 
	EQUALITY caseIgnoreIA5Match
271 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
272 
 
273 
attributetype ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript'
274 
	DESC 'Logon script path'
275 
	EQUALITY caseIgnoreMatch
276 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
277 
 
278 
attributetype ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath'
279 
	DESC 'Roaming profile path'
280 
	EQUALITY caseIgnoreMatch
281 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
282 
 
283 
attributetype ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations'
284 
	DESC 'List of user workstations the user is allowed to logon to'
285 
	EQUALITY caseIgnoreMatch
286 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
287 
 
288 
attributetype ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath'
289 
	DESC 'Home directory UNC path'
290 
	EQUALITY caseIgnoreMatch
291 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
292 
 
293 
attributetype ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName'
294 
	DESC 'Windows NT domain to which the user belongs'
295 
	EQUALITY caseIgnoreMatch
296 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
297 
 
298 
attributetype ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial'
299 
	DESC 'Base64 encoded user parameter string'
300 
	EQUALITY caseExactMatch
301 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
302 
 
303 
attributetype ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory'
304 
	DESC 'Concatenated MD5 hashes of the salted NT passwords used on this account'
305 
	EQUALITY caseIgnoreIA5Match
306 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} )
307 
 
308 
##
309 
## SID, of any type
310 
##
311 
 
312 
attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID'
313 
	DESC 'Security ID'
314 
	EQUALITY caseIgnoreIA5Match
315 
	SUBSTR caseExactIA5SubstringsMatch
316 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
317 
 
318 
##
319 
## Primary group SID, compatible with ntSid
320 
##
321 
 
322 
attributetype ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID'
323 
	DESC 'Primary Group Security ID'
324 
	EQUALITY caseIgnoreIA5Match
325 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
326 
 
327 
attributetype ( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList'
328 
	DESC 'Security ID List'
329 
	EQUALITY caseIgnoreIA5Match
330 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} )
331 
 
332 
##
333 
## group mapping attributes
334 
##
335 
attributetype ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType'
336 
	DESC 'NT Group Type'
337 
	EQUALITY integerMatch
338 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
339 
 
340 
##
341 
## Store info on the domain
342 
##
343 
 
344 
attributetype ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid'
345 
	DESC 'Next NT rid to give our for users'
346 
	EQUALITY integerMatch
347 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
348 
 
349 
attributetype ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid'
350 
	DESC 'Next NT rid to give out for groups'
351 
	EQUALITY integerMatch
352 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
353 
 
354 
attributetype ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid'
355 
	DESC 'Next NT rid to give out for anything'
356 
	EQUALITY integerMatch
357 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
358 
 
359 
attributetype ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase'
360 
	DESC 'Base at which the samba RID generation algorithm should operate'
361 
	EQUALITY integerMatch
362 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
363 
 
364 
attributetype ( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName'
365 
	DESC 'Share Name'
366 
	EQUALITY caseIgnoreMatch
367 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
368 
 
369 
attributetype ( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName'
370 
	DESC 'Option Name'
371 
	EQUALITY caseIgnoreMatch
372 
	SUBSTR caseIgnoreSubstringsMatch
373 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
374 
 
375 
attributetype ( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption'
376 
	DESC 'A boolean option'
377 
	EQUALITY booleanMatch
378 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
379 
 
380 
attributetype ( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption'
381 
	DESC 'An integer option'
382 
	EQUALITY integerMatch
383 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
384 
 
385 
attributetype ( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption'
386 
	DESC 'A string option'
387 
	EQUALITY caseExactIA5Match
388 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
389 
 
390 
attributetype ( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption'
391 
	DESC 'A string list option'
392 
	EQUALITY caseIgnoreMatch
393 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
394 
 
395 
 
396 
##attributetype ( 1.3.6.1.4.1.7165.2.1.50 NAME 'sambaPrivName'
397 
##	SUP name )
398 
 
399 
##attributetype ( 1.3.6.1.4.1.7165.2.1.52 NAME 'sambaPrivilegeList'
400 
##	DESC 'Privileges List'
401 
##	EQUALITY caseIgnoreIA5Match
402 
##	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} )
403 
 
404 
attributetype ( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags'
405 
	DESC 'Trust Password Flags'
406 
	EQUALITY caseIgnoreIA5Match
407 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
408 
 
409 
# "min password length"
410 
attributetype ( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength'
411 
	DESC 'Minimal password length (default: 5)'
412 
	EQUALITY integerMatch
413 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
414 
 
415 
# "password history"
416 
attributetype ( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength'
417 
	DESC 'Length of Password History Entries (default: 0 => off)'
418 
	EQUALITY integerMatch
419 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
420 
 
421 
# "user must logon to change password"
422 
attributetype ( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd'
423 
	DESC 'Force Users to logon for password change (default: 0 => off, 2 => on)'
424 
	EQUALITY integerMatch
425 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
426 
 
427 
# "maximum password age"
428 
attributetype ( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge'
429 
	DESC 'Maximum password age, in seconds (default: -1 => never expire passwords)'
430 
	EQUALITY integerMatch
431 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
432 
 
433 
# "minimum password age"
434 
attributetype ( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge'
435 
	DESC 'Minimum password age, in seconds (default: 0 => allow immediate password change)'
436 
	EQUALITY integerMatch
437 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
438 
 
439 
# "lockout duration"
440 
attributetype ( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration'
441 
	DESC 'Lockout duration in minutes (default: 30, -1 => forever)'
442 
	EQUALITY integerMatch
443 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
444 
 
445 
# "reset count minutes"
446 
attributetype ( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservationWindow'
447 
	DESC 'Reset time after lockout in minutes (default: 30)'
448 
	EQUALITY integerMatch
449 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
450 
 
451 
# "bad lockout attempt"
452 
attributetype ( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold'
453 
	DESC 'Lockout users after bad logon attempts (default: 0 => off)'
454 
	EQUALITY integerMatch
455 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
456 
 
457 
# "disconnect time"
458 
attributetype ( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff'
459 
	DESC 'Disconnect Users outside logon hours (default: -1 => off, 0 => on)'
460 
	EQUALITY integerMatch
461 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
462 
 
463 
# "refuse machine password change"
464 
attributetype ( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange'
465 
	DESC 'Allow Machine Password changes (default: 0 => off)'
466 
	EQUALITY integerMatch
467 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
468 
 
469 
#
470 
attributetype ( 1.3.6.1.4.1.7165.2.1.68 NAME 'sambaClearTextPassword'
471 
	DESC 'Clear text password (used for trusted domain passwords)'
472 
	EQUALITY octetStringMatch
473 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
474 
 
475 
#
476 
attributetype ( 1.3.6.1.4.1.7165.2.1.69 NAME 'sambaPreviousClearTextPassword'
477 
	DESC 'Previous clear text password (used for trusted domain passwords)'
478 
	EQUALITY octetStringMatch
479 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
480 
 
481 
attributetype ( 1.3.6.1.4.1.7165.2.1.70 NAME 'sambaTrustType'
482 
	DESC 'Type of trust'
483 
	EQUALITY integerMatch
484 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
485 
 
486 
attributetype ( 1.3.6.1.4.1.7165.2.1.71 NAME 'sambaTrustAttributes'
487 
	DESC 'Trust attributes for a trusted domain'
488 
	EQUALITY integerMatch
489 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
490 
 
491 
attributetype ( 1.3.6.1.4.1.7165.2.1.72 NAME 'sambaTrustDirection'
492 
	DESC 'Direction of a trust'
493 
	EQUALITY integerMatch
494 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
495 
 
496 
attributetype ( 1.3.6.1.4.1.7165.2.1.73 NAME 'sambaTrustPartner'
497 
	DESC 'Fully qualified name of the domain with which a trust exists'
498 
	EQUALITY caseIgnoreMatch
499 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
500 
 
501 
attributetype ( 1.3.6.1.4.1.7165.2.1.74 NAME 'sambaFlatName'
502 
	DESC 'NetBIOS name of a domain'
503 
	EQUALITY caseIgnoreMatch
504 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
505 
 
506 
attributetype ( 1.3.6.1.4.1.7165.2.1.75 NAME 'sambaTrustAuthOutgoing'
507 
	DESC 'Authentication information for the outgoing portion of a trust'
508 
	EQUALITY caseExactMatch
509 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
510 
 
511 
attributetype ( 1.3.6.1.4.1.7165.2.1.76 NAME 'sambaTrustAuthIncoming'
512 
	DESC 'Authentication information for the incoming portion of a trust'
513 
	EQUALITY caseExactMatch
514 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
515 
 
516 
attributetype ( 1.3.6.1.4.1.7165.2.1.77 NAME 'sambaSecurityIdentifier'
517 
	DESC 'SID of a trusted domain'
518 
	EQUALITY caseIgnoreIA5Match SUBSTR caseExactIA5SubstringsMatch
519 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
520 
 
521 
attributetype ( 1.3.6.1.4.1.7165.2.1.78 NAME 'sambaTrustForestTrustInfo'
522 
	DESC 'Forest trust information for a trusted domain object'
523 
	EQUALITY caseExactMatch
524 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
525 
 
526 
attributetype ( 1.3.6.1.4.1.7165.2.1.79 NAME 'sambaTrustPosixOffset'
527 
	DESC 'POSIX offset of a trust'
528 
	EQUALITY integerMatch
529 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
530 
 
531 
attributetype ( 1.3.6.1.4.1.7165.2.1.80 NAME 'sambaSupportedEncryptionTypes'
532 
	DESC 'Supported encryption types of a trust'
533 
	EQUALITY integerMatch
534 
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
535 
 
536 
#######################################################################
537 
##              objectClasses used by Samba 3.0 schema               ##
538 
#######################################################################
539 
 
540 
## The X.500 data model (and therefore LDAPv3) says that each entry can
541 
## only have one structural objectclass.  OpenLDAP 2.0 does not enforce
542 
## this currently but will in v2.1
543 
 
544 
##
545 
## added new objectclass (and OID) for 3.0 to help us deal with backwards
546 
## compatibility with 2.2 installations (e.g. ldapsam_compat)  --jerry
547 
##
548 
objectclass ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY
549 
	DESC 'Samba 3.0 Auxilary SAM Account'
550 
	MUST ( uid $ sambaSID )
551 
	MAY  ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $
552 
	       sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $
553 
	       sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $
554 
               displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $
555 
	       sambaProfilePath $ description $ sambaUserWorkstations $
556 
	       sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $
557 
	       sambaBadPasswordCount $ sambaBadPasswordTime $
558 
	       sambaPasswordHistory $ sambaLogonHours))
559 
 
560 
##
561 
## Group mapping info
562 
##
563 
objectclass ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY
564 
	DESC 'Samba Group Mapping'
565 
	MUST ( gidNumber $ sambaSID $ sambaGroupType )
566 
	MAY  ( displayName $ description $ sambaSIDList ))
567 
 
568 
##
569 
## Trust password for trust relationships (any kind)
570 
##
571 
objectclass ( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' SUP top STRUCTURAL
572 
	DESC 'Samba Trust Password'
573 
	MUST ( sambaDomainName $ sambaNTPassword $ sambaTrustFlags )
574 
	MAY ( sambaSID $ sambaPwdLastSet ))
575 
 
576 
##
577 
## Trust password for trusted domains
578 
## (to be stored beneath the trusting sambaDomain object in the DIT)
579 
##
580 
objectclass ( 1.3.6.1.4.1.7165.2.2.15 NAME 'sambaTrustedDomainPassword' SUP top STRUCTURAL
581 
	DESC 'Samba Trusted Domain Password'
582 
	MUST ( sambaDomainName $ sambaSID $
583 
	       sambaClearTextPassword $ sambaPwdLastSet )
584 
	MAY  ( sambaPreviousClearTextPassword ))
585 
 
586 
##
587 
## Whole-of-domain info
588 
##
589 
objectclass ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL
590 
	DESC 'Samba Domain Information'
591 
	MUST ( sambaDomainName $
592 
	       sambaSID )
593 
	MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $
594 
	      sambaAlgorithmicRidBase $
595 
	      sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd $
596 
	      sambaMaxPwdAge $ sambaMinPwdAge $
597 
	      sambaLockoutDuration $ sambaLockoutObservationWindow $ sambaLockoutThreshold $
598 
	      sambaForceLogoff $ sambaRefuseMachinePwdChange ))
599 
 
600 
##
601 
## used for idmap_ldap module
602 
##
603 
objectclass ( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' SUP top AUXILIARY
604 
        DESC 'Pool for allocating UNIX uids/gids'
605 
        MUST ( uidNumber $ gidNumber ) )
606 
 
607 
 
608 
objectclass ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' SUP top AUXILIARY
609 
        DESC 'Mapping from a SID to an ID'
610 
        MUST ( sambaSID )
611 
	MAY ( uidNumber $ gidNumber ) )
612 
 
613 
objectclass ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' SUP top STRUCTURAL
614 
	DESC 'Structural Class for a SID'
615 
	MUST ( sambaSID ) )
616 
 
617 
objectclass ( 1.3.6.1.4.1.7165.2.2.10 NAME 'sambaConfig' SUP top AUXILIARY
618 
	DESC 'Samba Configuration Section'
619 
	MAY ( description ) )
620 
 
621 
objectclass ( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' SUP top STRUCTURAL
622 
	DESC 'Samba Share Section'
623 
	MUST ( sambaShareName )
624 
	MAY ( description ) )
625 
 
626 
objectclass ( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' SUP top STRUCTURAL
627 
	DESC 'Samba Configuration Option'
628 
	MUST ( sambaOptionName )
629 
	MAY ( sambaBoolOption $ sambaIntegerOption $ sambaStringOption $
630 
	      sambaStringListoption $ description ) )
631 
 
632 
 
633 
## retired during privilege rewrite
634 
##objectclass ( 1.3.6.1.4.1.7165.2.2.13 NAME 'sambaPrivilege' SUP top AUXILIARY
635 
##	DESC 'Samba Privilege'
636 
##	MUST ( sambaSID )
637 
##	MAY ( sambaPrivilegeList ) )
638 
 
639 
##
640 
## used for IPA_ldapsam
641 
##
642 
objectclass ( 1.3.6.1.4.1.7165.2.2.16 NAME 'sambaTrustedDomain' SUP top STRUCTURAL
643 
	DESC 'Samba Trusted Domain Object'
644 
	MUST ( cn )
645 
	MAY ( sambaTrustType $ sambaTrustAttributes $ sambaTrustDirection $
646 
	      sambaTrustPartner $ sambaFlatName $ sambaTrustAuthOutgoing $
647 
	      sambaTrustAuthIncoming $ sambaSecurityIdentifier $
648 
	      sambaTrustForestTrustInfo $ sambaTrustPosixOffset $
649 
	      sambaSupportedEncryptionTypes) )