2001-12-26 08:35:40 +03:00
##
## schema file for OpenLDAP 2.0.x
## Schema for storing Samba's smbpasswd file in LDAP
## OIDs are owned by the Samba Team
##
2002-01-07 02:21:23 +03:00
## Prerequisite schemas - uid (cosine.schema)
2001-12-28 05:03:36 +03:00
## - displayName (inetorgperson.schema)
2001-12-26 08:35:40 +03:00
##
2002-02-11 16:57:44 +03:00
## 1.3.6.1.4.1.7165.2.1.x - attributetypes
## 1.3.6.1.4.1.7165.2.2.x - objectclasses
2001-12-26 08:35:40 +03:00
##
2003-05-22 21:18:35 +04:00
########################################################################
## HISTORICAL ##
########################################################################
2003-05-14 07:32:20 +04:00
2002-02-11 16:49:02 +03:00
##
## Password hashes
##
2003-05-22 21:18:35 +04:00
#attributetype ( 1.3.6.1.4.1.7165.2.1.1 NAME 'lmPassword'
# DESC 'LanManager Passwd'
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
2001-12-26 08:35:40 +03:00
2003-05-22 21:18:35 +04:00
#attributetype ( 1.3.6.1.4.1.7165.2.1.2 NAME 'ntPassword'
# DESC 'NT Passwd'
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
2001-12-26 08:35:40 +03:00
2002-02-11 16:49:02 +03:00
##
## Account flags in string format ([UWDX ])
##
2003-05-22 21:18:35 +04:00
#attributetype ( 1.3.6.1.4.1.7165.2.1.4 NAME 'acctFlags'
# DESC 'Account Flags'
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
2001-12-26 08:35:40 +03:00
2003-05-22 21:18:35 +04:00
##
2002-02-11 16:49:02 +03:00
## Password timestamps & policies
##
2003-05-22 21:18:35 +04:00
#attributetype ( 1.3.6.1.4.1.7165.2.1.3 NAME 'pwdLastSet'
# DESC 'NT pwdLastSet'
# EQUALITY integerMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
2002-02-11 16:49:02 +03:00
2003-05-22 21:18:35 +04:00
#attributetype ( 1.3.6.1.4.1.7165.2.1.5 NAME 'logonTime'
# DESC 'NT logonTime'
# EQUALITY integerMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
2001-12-26 08:35:40 +03:00
2003-05-22 21:18:35 +04:00
#attributetype ( 1.3.6.1.4.1.7165.2.1.6 NAME 'logoffTime'
# DESC 'NT logoffTime'
# EQUALITY integerMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
2001-12-26 08:35:40 +03:00
2003-05-22 21:18:35 +04:00
#attributetype ( 1.3.6.1.4.1.7165.2.1.7 NAME 'kickoffTime'
# DESC 'NT kickoffTime'
# EQUALITY integerMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
2001-12-26 08:35:40 +03:00
2003-05-22 21:18:35 +04:00
#attributetype ( 1.3.6.1.4.1.7165.2.1.8 NAME 'pwdCanChange'
# DESC 'NT pwdCanChange'
# EQUALITY integerMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
2001-12-26 08:35:40 +03:00
2003-05-22 21:18:35 +04:00
#attributetype ( 1.3.6.1.4.1.7165.2.1.9 NAME 'pwdMustChange'
# DESC 'NT pwdMustChange'
# EQUALITY integerMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
2001-12-26 08:35:40 +03:00
2002-02-11 16:49:02 +03:00
##
## string settings
##
2003-05-22 21:18:35 +04:00
#attributetype ( 1.3.6.1.4.1.7165.2.1.10 NAME 'homeDrive'
# DESC 'NT homeDrive'
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
2001-12-26 08:35:40 +03:00
2003-05-22 21:18:35 +04:00
#attributetype ( 1.3.6.1.4.1.7165.2.1.11 NAME 'scriptPath'
# DESC 'NT scriptPath'
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
2001-12-26 08:35:40 +03:00
2003-05-22 21:18:35 +04:00
#attributetype ( 1.3.6.1.4.1.7165.2.1.12 NAME 'profilePath'
# DESC 'NT profilePath'
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
2001-12-26 08:35:40 +03:00
2003-05-22 21:18:35 +04:00
#attributetype ( 1.3.6.1.4.1.7165.2.1.13 NAME 'userWorkstations'
# DESC 'userWorkstations'
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
2001-12-26 08:35:40 +03:00
2003-05-22 21:18:35 +04:00
#attributetype ( 1.3.6.1.4.1.7165.2.1.17 NAME 'smbHome'
# DESC 'smbHome'
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
2002-02-11 16:49:02 +03:00
2003-05-22 21:18:35 +04:00
#attributetype ( 1.3.6.1.4.1.7165.2.1.18 NAME 'domain'
# DESC 'Windows NT domain to which the user belongs'
# EQUALITY caseIgnoreIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
2002-02-11 16:49:02 +03:00
##
## user and group RID
##
2003-05-22 21:18:35 +04:00
#attributetype ( 1.3.6.1.4.1.7165.2.1.14 NAME 'rid'
# DESC 'NT rid'
# EQUALITY integerMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
2001-12-26 08:35:40 +03:00
2003-05-22 21:18:35 +04:00
#attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID'
# DESC 'NT Group RID'
# EQUALITY integerMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
##
## The smbPasswordEntry objectclass has been depreciated in favor of the
## sambaAccount objectclass
##
#objectclass ( 1.3.6.1.4.1.7165.2.2.1 NAME 'smbPasswordEntry' SUP top AUXILIARY
# DESC 'Samba smbpasswd entry'
# MUST ( uid $ uidNumber )
# MAY ( lmPassword $ ntPassword $ pwdLastSet $ acctFlags ))
#objectclass ( 1.3.6.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
# DESC 'Samba Account'
# MUST ( uid $ rid )
# MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
# logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
# displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
# description $ userWorkstations $ primaryGroupID $ domain ))
#objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY
# DESC 'Samba Auxilary Account'
# MUST ( uid $ rid )
# MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
# logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
# displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
# description $ userWorkstations $ primaryGroupID $ domain ))
########################################################################
## END OF HISTORICAL ##
########################################################################
2001-12-26 08:35:40 +03:00
2003-05-14 07:32:20 +04:00
#######################################################################
## Attributes used by Samba 3.0 schema ##
#######################################################################
##
## Password hashes
##
attributetype ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword'
2003-05-22 21:18:35 +04:00
DESC 'LanManager Password'
2003-05-14 07:32:20 +04:00
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword'
2003-05-22 21:18:35 +04:00
DESC 'MD4 hash of the unicode password'
2003-05-14 07:32:20 +04:00
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
##
## Account flags in string format ([UWDX ])
##
attributetype ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags'
DESC 'Account Flags'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
2003-05-22 21:18:35 +04:00
##
2003-05-14 07:32:20 +04:00
## Password timestamps & policies
##
attributetype ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet'
2003-05-22 21:18:35 +04:00
DESC 'Timestamp of the last password update'
2003-05-14 07:32:20 +04:00
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange'
2003-05-22 21:18:35 +04:00
DESC 'Timestamp of when the user is allowed to update the password'
2003-05-14 07:32:20 +04:00
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange'
2003-05-22 21:18:35 +04:00
DESC 'Timestamp of when the password will expire'
2003-05-14 07:32:20 +04:00
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
2003-05-22 21:18:35 +04:00
2003-05-14 07:32:20 +04:00
attributetype ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime'
2003-05-22 21:18:35 +04:00
DESC 'Timestamp of last logon'
2003-05-14 07:32:20 +04:00
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime'
2003-05-22 21:18:35 +04:00
DESC 'Timestamp of last logoff'
2003-05-14 07:32:20 +04:00
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime'
2003-05-22 21:18:35 +04:00
DESC 'Timestamp of when the user will be logged off automatically'
2003-05-14 07:32:20 +04:00
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
##
## string settings
##
attributetype ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive'
2003-05-22 21:18:35 +04:00
DESC 'Driver letter of home directory mapping'
2003-05-14 07:32:20 +04:00
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
attributetype ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript'
2003-05-22 21:18:35 +04:00
DESC 'Logon script path'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
2003-05-14 07:32:20 +04:00
attributetype ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath'
2003-05-22 21:18:35 +04:00
DESC 'Roaming profile path'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
2003-05-14 07:32:20 +04:00
attributetype ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations'
2003-05-22 21:18:35 +04:00
DESC 'List of user workstations the user is allowed to logon to'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
2003-05-14 07:32:20 +04:00
attributetype ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath'
2003-05-22 21:18:35 +04:00
DESC 'Home directory UNC path'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
2003-05-14 07:32:20 +04:00
attributetype ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName'
DESC 'Windows NT domain to which the user belongs'
2003-05-22 21:18:35 +04:00
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
2003-05-14 07:32:20 +04:00
2003-04-28 14:20:55 +04:00
##
## SID, of any type
##
2003-05-14 07:32:20 +04:00
attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID'
2003-04-28 14:20:55 +04:00
DESC 'Security ID'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
2003-05-11 09:59:34 +04:00
##
## Primary group SID, compatible with ntSid
##
2003-05-14 07:32:20 +04:00
attributetype ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID'
2003-05-11 09:59:34 +04:00
DESC 'Primary Group Security ID'
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
2003-03-19 12:43:23 +03:00
##
## group mapping attributes
##
2003-05-14 07:32:20 +04:00
attributetype ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType'
2003-03-19 12:43:23 +03:00
DESC 'NT Group Type'
2003-03-27 17:25:30 +03:00
EQUALITY integerMatch
2003-03-19 12:43:23 +03:00
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
2003-04-28 14:20:55 +04:00
##
## Store info on the domain
##
2003-05-14 07:32:20 +04:00
attributetype ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid'
2003-04-28 14:20:55 +04:00
DESC 'Next NT rid to give our for users'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
2003-05-14 07:32:20 +04:00
attributetype ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid'
2003-04-28 14:20:55 +04:00
DESC 'Next NT rid to give out for groups'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
2003-03-19 12:43:23 +03:00
2003-05-14 07:32:20 +04:00
2003-05-22 21:18:35 +04:00
#######################################################################
## objectClasses used by Samba 3.0 schema ##
#######################################################################
2003-05-14 07:32:20 +04:00
2003-05-22 21:18:35 +04:00
## The X.500 data model (and therefore LDAPv3) says that each entry can
## only have one structural objectclass. OpenLDAP 2.0 does not enforce
2002-08-17 18:15:33 +04:00
## this currently but will in v2.1
2003-05-14 07:32:20 +04:00
##
2003-05-22 21:18:35 +04:00
## added new objectclass (and OID) for 3.0 to help us deal with backwards
2003-05-14 07:32:20 +04:00
## compatibility with 2.2 installations (e.g. ldapsam_compat) --jerry
##
objectclass ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY
2003-05-22 21:18:35 +04:00
DESC 'Samba 3.0 Auxilary SAM Account'
MUST ( uid $ sambaSID )
MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $
sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $
sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $
displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $
sambaProfilePath $ description $ sambaUserWorkstations $
2003-05-14 07:32:20 +04:00
sambaPrimaryGroupSID $ sambaDomainName ))
2002-02-11 16:49:02 +03:00
2003-04-28 14:20:55 +04:00
##
## Group mapping info
##
2003-03-19 12:43:23 +03:00
objectclass ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY
DESC 'Samba Group Mapping'
2003-05-22 21:18:35 +04:00
MUST ( gidNumber $ sambaSID $ sambaGroupType )
2003-05-14 09:28:16 +04:00
MAY ( displayName $ description ))
2003-03-19 12:43:23 +03:00
2002-02-11 16:49:02 +03:00
##
2003-05-14 07:32:20 +04:00
## Whole-of-domain info
2002-02-11 16:49:02 +03:00
##
2003-05-14 07:32:20 +04:00
objectclass ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL
DESC 'Samba Domain Information'
2003-05-22 21:18:35 +04:00
MUST ( sambaDomainName $ sambaNextGroupRid $ sambaNextUserRid $
sambaSID ) )
2002-02-11 16:49:02 +03:00
