1 ## 2 ## schema file for OpenLDAP 2.x 3 ## Schema for storing Samba user accounts and group maps in LDAP 4 ## OIDs are owned by the Samba Team 5 ## 6 ## Prerequisite schemas - uid (cosine.schema) 7 ## - displayName (inetorgperson.schema) 8 ## - gidNumber (nis.schema) 9 ## 10 ## 1.3.6.1.4.1.7165.2.1.x - attributetypes 11 ## 1.3.6.1.4.1.7165.2.2.x - objectclasses 12 ## 13 ## Printer support 14 ## 1.3.6.1.4.1.7165.2.3.1.x - attributetypes 15 ## 1.3.6.1.4.1.7165.2.3.2.x - objectclasses 16 ## 17 ## Samba4 18 ## 1.3.6.1.4.1.7165.4.1.x - attributetypes 19 ## 1.3.6.1.4.1.7165.4.2.x - objectclasses 20 ## 1.3.6.1.4.1.7165.4.3.x - LDB/LDAP Controls 21 ## 1.3.6.1.4.1.7165.4.4.x - LDB/LDAP Extended Operations 22 ## 1.3.6.1.4.1.7165.4.255.x - mapped OIDs due to conflicts between AD and standards-track 23 ## 24 ## ----- READ THIS WHEN ADDING A NEW ATTRIBUTE OR OBJECT CLASS ------ 25 ## 26 ## Run the 'get_next_oid' bash script in this directory to find the 27 ## next available OID for attribute type and object classes. 28 ## 29 ## $ ./get_next_oid 30 ## attributetype ( 1.3.6.1.4.1.7165.2.1.XX NAME .... 31 ## objectclass ( 1.3.6.1.4.1.7165.2.2.XX NAME .... 32 ## 33 ## Also ensure that new entries adhere to the declaration style 34 ## used throughout this file 35 ## 36 ## <attributetype|objectclass> ( 1.3.6.1.4.1.7165.2.XX.XX NAME .... 37 ## ^ ^ ^ 38 ## 39 ## The spaces are required for the get_next_oid script (and for 40 ## readability). 41 ## 42 ## ------------------------------------------------------------------ 43 44 # objectIdentifier SambaRoot 1.3.6.1.4.1.7165 45 # objectIdentifier Samba3 SambaRoot:2 46 # objectIdentifier Samba3Attrib Samba3:1 47 # objectIdentifier Samba3ObjectClass Samba3:2 48 # objectIdentifier Samba4 SambaRoot:4 49 50 ######################################################################## 51 ## HISTORICAL ## 52 ######################################################################## 53 54 ## 55 ## Password hashes 56 ## 57 #attributetype ( 1.3.6.1.4.1.7165.2.1.1 NAME 'lmPassword' 58 # DESC 'LanManager Passwd' 59 # EQUALITY caseIgnoreIA5Match 60 # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) 61 62 #attributetype ( 1.3.6.1.4.1.7165.2.1.2 NAME 'ntPassword' 63 # DESC 'NT Passwd' 64 # EQUALITY caseIgnoreIA5Match 65 # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) 66 67 ## 68 ## Account flags in string format ([UWDX ]) 69 ## 70 #attributetype ( 1.3.6.1.4.1.7165.2.1.4 NAME 'acctFlags' 71 # DESC 'Account Flags' 72 # EQUALITY caseIgnoreIA5Match 73 # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE ) 74 75 ## 76 ## Password timestamps & policies 77 ## 78 #attributetype ( 1.3.6.1.4.1.7165.2.1.3 NAME 'pwdLastSet' 79 # DESC 'NT pwdLastSet' 80 # EQUALITY integerMatch 81 # SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 82 83 #attributetype ( 1.3.6.1.4.1.7165.2.1.5 NAME 'logonTime' 84 # DESC 'NT logonTime' 85 # EQUALITY integerMatch 86 # SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 87 88 #attributetype ( 1.3.6.1.4.1.7165.2.1.6 NAME 'logoffTime' 89 # DESC 'NT logoffTime' 90 # EQUALITY integerMatch 91 # SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 92 93 #attributetype ( 1.3.6.1.4.1.7165.2.1.7 NAME 'kickoffTime' 94 # DESC 'NT kickoffTime' 95 # EQUALITY integerMatch 96 # SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 97 98 #attributetype ( 1.3.6.1.4.1.7165.2.1.8 NAME 'pwdCanChange' 99 # DESC 'NT pwdCanChange' 100 # EQUALITY integerMatch 101 # SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 102 103 #attributetype ( 1.3.6.1.4.1.7165.2.1.9 NAME 'pwdMustChange' 104 # DESC 'NT pwdMustChange' 105 # EQUALITY integerMatch 106 # SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 107 108 ## 109 ## string settings 110 ## 111 #attributetype ( 1.3.6.1.4.1.7165.2.1.10 NAME 'homeDrive' 112 # DESC 'NT homeDrive' 113 # EQUALITY caseIgnoreIA5Match 114 # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE ) 115 116 #attributetype ( 1.3.6.1.4.1.7165.2.1.11 NAME 'scriptPath' 117 # DESC 'NT scriptPath' 118 # EQUALITY caseIgnoreIA5Match 119 # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE ) 120 121 #attributetype ( 1.3.6.1.4.1.7165.2.1.12 NAME 'profilePath' 122 # DESC 'NT profilePath' 123 # EQUALITY caseIgnoreIA5Match 124 # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE ) 125 126 #attributetype ( 1.3.6.1.4.1.7165.2.1.13 NAME 'userWorkstations' 127 # DESC 'userWorkstations' 128 # EQUALITY caseIgnoreIA5Match 129 # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE ) 130 131 #attributetype ( 1.3.6.1.4.1.7165.2.1.17 NAME 'smbHome' 132 # DESC 'smbHome' 133 # EQUALITY caseIgnoreIA5Match 134 # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) 135 136 #attributetype ( 1.3.6.1.4.1.7165.2.1.18 NAME 'domain' 137 # DESC 'Windows NT domain to which the user belongs' 138 # EQUALITY caseIgnoreIA5Match 139 # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) 140 141 ## 142 ## user and group RID 143 ## 144 #attributetype ( 1.3.6.1.4.1.7165.2.1.14 NAME 'rid' 145 # DESC 'NT rid' 146 # EQUALITY integerMatch 147 # SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 148 149 #attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID' 150 # DESC 'NT Group RID' 151 # EQUALITY integerMatch 152 # SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 153 154 ## 155 ## The smbPasswordEntry objectclass has been depreciated in favor of the 156 ## sambaAccount objectclass 157 ## 158 #objectclass ( 1.3.6.1.4.1.7165.2.2.1 NAME 'smbPasswordEntry' SUP top AUXILIARY 159 # DESC 'Samba smbpasswd entry' 160 # MUST ( uid $ uidNumber ) 161 # MAY ( lmPassword $ ntPassword $ pwdLastSet $ acctFlags )) 162 163 #objectclass ( 1.3.6.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL 164 # DESC 'Samba Account' 165 # MUST ( uid $ rid ) 166 # MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $ 167 # logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $ 168 # displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $ 169 # description $ userWorkstations $ primaryGroupID $ domain )) 170 171 #objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY 172 # DESC 'Samba Auxiliary Account' 173 # MUST ( uid $ rid ) 174 # MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $ 175 # logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $ 176 # displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $ 177 # description $ userWorkstations $ primaryGroupID $ domain )) 178 179 ######################################################################## 180 ## END OF HISTORICAL ## 181 ######################################################################## 182 183 ####################################################################### 184 ## Attributes used by Samba 3.0 schema ## 185 ####################################################################### 186 187 ## 188 ## Password hashes 189 ## 190 attributetype ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' 191 DESC 'LanManager Password' 192 EQUALITY caseIgnoreIA5Match 193 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) 194 195 attributetype ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' 196 DESC 'MD4 hash of the unicode password' 197 EQUALITY caseIgnoreIA5Match 198 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) 199 200 ## 201 ## Account flags in string format ([UWDX ]) 202 ## 203 attributetype ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' 204 DESC 'Account Flags' 205 EQUALITY caseIgnoreIA5Match 206 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE ) 207 208 ## 209 ## Password timestamps & policies 210 ## 211 attributetype ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' 212 DESC 'Timestamp of the last password update' 213 EQUALITY integerMatch 214 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 215 216 attributetype ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange' 217 DESC 'Timestamp of when the user is allowed to update the password' 218 EQUALITY integerMatch 219 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 220 221 attributetype ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' 222 DESC 'Timestamp of when the password will expire' 223 EQUALITY integerMatch 224 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 225 226 attributetype ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime' 227 DESC 'Timestamp of last logon' 228 EQUALITY integerMatch 229 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 230 231 attributetype ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' 232 DESC 'Timestamp of last logoff' 233 EQUALITY integerMatch 234 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 235 236 attributetype ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' 237 DESC 'Timestamp of when the user will be logged off automatically' 238 EQUALITY integerMatch 239 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 240 241 attributetype ( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount' 242 DESC 'Bad password attempt count' 243 EQUALITY integerMatch 244 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 245 246 attributetype ( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime' 247 DESC 'Time of the last bad password attempt' 248 EQUALITY integerMatch 249 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 250 251 attributetype ( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' 252 DESC 'Logon Hours' 253 EQUALITY caseIgnoreIA5Match 254 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42} SINGLE-VALUE ) 255 256 ## 257 ## string settings 258 ## 259 attributetype ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' 260 DESC 'Driver letter of home directory mapping' 261 EQUALITY caseIgnoreIA5Match 262 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE ) 263 264 attributetype ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript' 265 DESC 'Logon script path' 266 EQUALITY caseIgnoreMatch 267 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) 268 269 attributetype ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' 270 DESC 'Roaming profile path' 271 EQUALITY caseIgnoreMatch 272 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) 273 274 attributetype ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations' 275 DESC 'List of user workstations the user is allowed to logon to' 276 EQUALITY caseIgnoreMatch 277 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) 278 279 attributetype ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath' 280 DESC 'Home directory UNC path' 281 EQUALITY caseIgnoreMatch 282 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) 283 284 attributetype ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' 285 DESC 'Windows NT domain to which the user belongs' 286 EQUALITY caseIgnoreMatch 287 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) 288 289 attributetype ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' 290 DESC 'Base64 encoded user parameter string' 291 EQUALITY caseExactMatch 292 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) 293 294 attributetype ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' 295 DESC 'Concatenated MD5 hashes of the salted NT passwords used on this account' 296 EQUALITY caseIgnoreIA5Match 297 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} ) 298 299 ## 300 ## SID, of any type 301 ## 302 303 attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' 304 DESC 'Security ID' 305 EQUALITY caseIgnoreIA5Match 306 SUBSTR caseExactIA5SubstringsMatch 307 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) 308 309 ## 310 ## Primary group SID, compatible with ntSid 311 ## 312 313 attributetype ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID' 314 DESC 'Primary Group Security ID' 315 EQUALITY caseIgnoreIA5Match 316 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) 317 318 attributetype ( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList' 319 DESC 'Security ID List' 320 EQUALITY caseIgnoreIA5Match 321 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} ) 322 323 ## 324 ## group mapping attributes 325 ## 326 attributetype ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' 327 DESC 'NT Group Type' 328 EQUALITY integerMatch 329 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 330 331 ## 332 ## Store info on the domain 333 ## 334 335 attributetype ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid' 336 DESC 'Next NT rid to give our for users' 337 EQUALITY integerMatch 338 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 339 340 attributetype ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid' 341 DESC 'Next NT rid to give out for groups' 342 EQUALITY integerMatch 343 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 344 345 attributetype ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid' 346 DESC 'Next NT rid to give out for anything' 347 EQUALITY integerMatch 348 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 349 350 attributetype ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase' 351 DESC 'Base at which the samba RID generation algorithm should operate' 352 EQUALITY integerMatch 353 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 354 355 attributetype ( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName' 356 DESC 'Share Name' 357 EQUALITY caseIgnoreMatch 358 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 359 360 attributetype ( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName' 361 DESC 'Option Name' 362 EQUALITY caseIgnoreMatch 363 SUBSTR caseIgnoreSubstringsMatch 364 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) 365 366 attributetype ( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption' 367 DESC 'A boolean option' 368 EQUALITY booleanMatch 369 SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) 370 371 attributetype ( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption' 372 DESC 'An integer option' 373 EQUALITY integerMatch 374 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 375 376 attributetype ( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption' 377 DESC 'A string option' 378 EQUALITY caseExactIA5Match 379 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 380 381 attributetype ( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption' 382 DESC 'A string list option' 383 EQUALITY caseIgnoreMatch 384 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 385 386 387 ##attributetype ( 1.3.6.1.4.1.7165.2.1.50 NAME 'sambaPrivName' 388 ## SUP name ) 389 390 ##attributetype ( 1.3.6.1.4.1.7165.2.1.52 NAME 'sambaPrivilegeList' 391 ## DESC 'Privileges List' 392 ## EQUALITY caseIgnoreIA5Match 393 ## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} ) 394 395 attributetype ( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags' 396 DESC 'Trust Password Flags' 397 EQUALITY caseIgnoreIA5Match 398 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 399 400 # "min password length" 401 attributetype ( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength' 402 DESC 'Minimal password length (default: 5)' 403 EQUALITY integerMatch 404 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 405 406 # "password history" 407 attributetype ( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength' 408 DESC 'Length of Password History Entries (default: 0 => off)' 409 EQUALITY integerMatch 410 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 411 412 # "user must logon to change password" 413 attributetype ( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd' 414 DESC 'Force Users to logon for password change (default: 0 => off, 2 => on)' 415 EQUALITY integerMatch 416 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 417 418 # "maximum password age" 419 attributetype ( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge' 420 DESC 'Maximum password age, in seconds (default: -1 => never expire passwords)' 421 EQUALITY integerMatch 422 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 423 424 # "minimum password age" 425 attributetype ( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge' 426 DESC 'Minimum password age, in seconds (default: 0 => allow immediate password change)' 427 EQUALITY integerMatch 428 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 429 430 # "lockout duration" 431 attributetype ( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration' 432 DESC 'Lockout duration in minutes (default: 30, -1 => forever)' 433 EQUALITY integerMatch 434 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 435 436 # "reset count minutes" 437 attributetype ( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservationWindow' 438 DESC 'Reset time after lockout in minutes (default: 30)' 439 EQUALITY integerMatch 440 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 441 442 # "bad lockout attempt" 443 attributetype ( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold' 444 DESC 'Lockout users after bad logon attempts (default: 0 => off)' 445 EQUALITY integerMatch 446 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 447 448 # "disconnect time" 449 attributetype ( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff' 450 DESC 'Disconnect Users outside logon hours (default: -1 => off, 0 => on)' 451 EQUALITY integerMatch 452 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 453 454 # "refuse machine password change" 455 attributetype ( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange' 456 DESC 'Allow Machine Password changes (default: 0 => off)' 457 EQUALITY integerMatch 458 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 459 460 461 462 463 ####################################################################### 464 ## objectClasses used by Samba 3.0 schema ## 465 ####################################################################### 466 467 ## The X.500 data model (and therefore LDAPv3) says that each entry can 468 ## only have one structural objectclass. OpenLDAP 2.0 does not enforce 469 ## this currently but will in v2.1 470 471 ## 472 ## added new objectclass (and OID) for 3.0 to help us deal with backwards 473 ## compatibility with 2.2 installations (e.g. ldapsam_compat) --jerry 474 ## 475 objectclass ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY 476 DESC 'Samba 3.0 Auxilary SAM Account' 477 MUST ( uid $ sambaSID ) 478 MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ 479 sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $ 480 sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $ 481 displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $ 482 sambaProfilePath $ description $ sambaUserWorkstations $ 483 sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $ 484 sambaBadPasswordCount $ sambaBadPasswordTime $ 485 sambaPasswordHistory $ sambaLogonHours)) 486 487 ## 488 ## Group mapping info 489 ## 490 objectclass ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY 491 DESC 'Samba Group Mapping' 492 MUST ( gidNumber $ sambaSID $ sambaGroupType ) 493 MAY ( displayName $ description $ sambaSIDList )) 494 495 ## 496 ## Trust password for trust relationships (any kind) 497 ## 498 objectclass ( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' SUP top STRUCTURAL 499 DESC 'Samba Trust Password' 500 MUST ( sambaDomainName $ sambaNTPassword $ sambaTrustFlags ) 501 MAY ( sambaSID $ sambaPwdLastSet )) 502 503 ## 504 ## Whole-of-domain info 505 ## 506 objectclass ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL 507 DESC 'Samba Domain Information' 508 MUST ( sambaDomainName $ 509 sambaSID ) 510 MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ 511 sambaAlgorithmicRidBase $ 512 sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd $ 513 sambaMaxPwdAge $ sambaMinPwdAge $ 514 sambaLockoutDuration $ sambaLockoutObservationWindow $ sambaLockoutThreshold $ 515 sambaForceLogoff $ sambaRefuseMachinePwdChange )) 516 517 ## 518 ## used for idmap_ldap module 519 ## 520 objectclass ( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' SUP top AUXILIARY 521 DESC 'Pool for allocating UNIX uids/gids' 522 MUST ( uidNumber $ gidNumber ) ) 523 524 525 objectclass ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' SUP top AUXILIARY 526 DESC 'Mapping from a SID to an ID' 527 MUST ( sambaSID ) 528 MAY ( uidNumber $ gidNumber ) ) 529 530 objectclass ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' SUP top STRUCTURAL 531 DESC 'Structural Class for a SID' 532 MUST ( sambaSID ) ) 533 534 objectclass ( 1.3.6.1.4.1.7165.2.2.10 NAME 'sambaConfig' SUP top AUXILIARY 535 DESC 'Samba Configuration Section' 536 MAY ( description ) ) 537 538 objectclass ( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' SUP top STRUCTURAL 539 DESC 'Samba Share Section' 540 MUST ( sambaShareName ) 541 MAY ( description ) ) 542 543 objectclass ( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' SUP top STRUCTURAL 544 DESC 'Samba Configuration Option' 545 MUST ( sambaOptionName ) 546 MAY ( sambaBoolOption $ sambaIntegerOption $ sambaStringOption $ 547 sambaStringListoption $ description ) ) 548 549 550 ## retired during privilege rewrite 551 ##objectclass ( 1.3.6.1.4.1.7165.2.2.13 NAME 'sambaPrivilege' SUP top AUXILIARY 552 ## DESC 'Samba Privilege' 553 ## MUST ( sambaSID ) 554 ## MAY ( sambaPrivilegeList ) ) 555
Indexes created Sun Mar 01 05:31:48 UTC 2026