1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-23 17:34:34 +03:00

updated schema for 3.0 for eDirectory 8.7 and Netscape DS 4.x

(This used to be commit c9c7150a62)
This commit is contained in:
Gerald Carter 2003-09-05 04:09:25 +00:00
parent 5bbdf6a5d0
commit c7dbe58a36
2 changed files with 235 additions and 227 deletions

View File

@ -1,201 +1,151 @@
-- ##
-- Submitted by Bruno Gimenes Pereti <pereti@ut mp dot edu dot br> ## Schema file for Novell eDirectory 8.7.x by Uli Iske
-- ## Schema for storing Samba's smbpasswd file in LDAP
-- schema file for Novell's eDirectory 8.6 ## OIDs are owned by the Samba Team
-- ##
#######################################################################
## Attributes used by Samba 3.0 schema ##
#######################################################################
SambaAccountSchemaExtensions DEFINITIONS ::= dn: cn=schema
BEGIN changetype: modify
add: attributetypes
attributeTypes: ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC 'LanManager Password' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-- Password hashes dn: cn=schema
"lmPassword" ATTRIBUTE ::= changetype: modify
{ add: attributetypes
Operation ADD, attributeTypes: ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC 'MD4 hash of the unicode password' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
SyntaxID SYN_CI_STRING,
Flags { DS_SINGLE_VALUED_ATTR },
ASN1ObjID { 1 3 6 1 4 1 7165 2 1 1 }
}
"ntPassword" ATTRIBUTE ::= dn: cn=schema
{ changetype: modify
Operation ADD, add: attributetypes
SyntaxID SYN_CI_STRING, attributeTypes: ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC 'Account Flags' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
Flags { DS_SINGLE_VALUED_ATTR },
ASN1ObjID { 1 3 6 1 4 1 7165 2 1 2 }
}
-- Account flags in string format ([UWDX ]) dn: cn=schema
"acctFlags" ATTRIBUTE ::= changetype: modify
{ add: attributetypes
Operation ADD, attributeTypes: ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' DESC 'Timestamp of the last password update' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
SyntaxID SYN_CI_STRING,
Flags { DS_SINGLE_VALUED_ATTR },
ASN1ObjID { 1 3 6 1 4 1 7165 2 1 4 }
}
-- Password timestamps & policies dn: cn=schema
"pwdLastSet" ATTRIBUTE ::= changetype: modify
{ add: attributetypes
Operation ADD, attributeTypes: ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange' DESC 'Timestamp of when the user is allowed to update the password' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
SyntaxID SYN_INTEGER,
Flags { DS_SINGLE_VALUED_ATTR },
ASN1ObjID { 1 3 6 1 4 1 7165 2 1 3 }
}
"logonTime" ATTRIBUTE ::= dn: cn=schema
{ changetype: modify
Operation ADD, add: attributetypes
SyntaxID SYN_INTEGER, attributeTypes: ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' DESC 'Timestamp of when the password will expire' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
Flags { DS_SINGLE_VALUED_ATTR },
ASN1ObjID { 1 3 6 1 4 1 7165 2 1 5 }
}
"logoffTime" ATTRIBUTE ::= dn: cn=schema
{ changetype: modify
Operation ADD, add: attributetypes
SyntaxID SYN_INTEGER, attributeTypes: ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime' DESC 'Timestamp of last logon' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
Flags { DS_SINGLE_VALUED_ATTR },
ASN1ObjID { 1 3 6 1 4 1 7165 2 1 6 }
}
"kickoffTime" ATTRIBUTE ::= dn: cn=schema
{ changetype: modify
Operation ADD, add: attributetypes
SyntaxID SYN_INTEGER, attributeTypes: ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' DESC 'Timestamp of last logoff' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
Flags { DS_SINGLE_VALUED_ATTR },
ASN1ObjID { 1 3 6 1 4 1 7165 2 1 7 }
}
"pwdCanChange" ATTRIBUTE ::= dn: cn=schema
{ changetype: modify
Operation ADD, add: attributetypes
SyntaxID SYN_INTEGER, attributeTypes: ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' DESC 'Timestamp of when the user will be logged off automatically' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
Flags { DS_SINGLE_VALUED_ATTR },
ASN1ObjID { 1 3 6 1 4 1 7165 2 1 8 }
}
"pwdMustChange" ATTRIBUTE ::= dn: cn=schema
{ changetype: modify
Operation ADD, add: attributetypes
SyntaxID SYN_INTEGER, attributeTypes: ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' DESC 'Driver letter of home directory mapping' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
Flags { DS_SINGLE_VALUED_ATTR },
ASN1ObjID { 1 3 6 1 4 1 7165 2 1 9 }
}
-- string settings dn: cn=schema
"homeDrive" ATTRIBUTE ::= changetype: modify
{ add: attributetypes
Operation ADD, attributeTypes: ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript' DESC 'Logon script path' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
SyntaxID SYN_CI_STRING,
Flags { DS_SINGLE_VALUED_ATTR },
ASN1ObjID { 1 3 6 1 4 1 7165 2 1 10 }
}
"scriptPath" ATTRIBUTE ::= dn: cn=schema
{ changetype: modify
Operation ADD, add: attributetypes
SyntaxID SYN_CI_STRING, attributeTypes: ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' DESC 'Roaming profile path' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
Flags { DS_SINGLE_VALUED_ATTR },
ASN1ObjID { 1 3 5 1 4 1 7165 2 1 11 }
}
"profilePath" ATTRIBUTE ::= dn: cn=schema
{ changetype: modify
Operation ADD, add: attributetypes
SyntaxID SYN_CI_STRING, attributeTypes: ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations' DESC 'List of user workstations the user is allowed to logon to' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
Flags { DS_SINGLE_VALUED_ATTR },
ASN1ObjID { 1 3 6 1 4 1 7165 2 1 12 }
}
"userWorkstations" ATTRIBUTE ::= dn: cn=schema
{ changetype: modify
Operation ADD, add: attributetypes
SyntaxID SYN_CI_STRING, attributeTypes: ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath' DESC 'Home directory UNC path' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
Flags { DS_SINGLE_VALUED_ATTR },
ASN1ObjID { 1 3 6 1 4 1 7165 2 1 13 }
}
"smbHome" ATTRIBUTE ::= dn: cn=schema
{ changetype: modify
Operation ADD, add: attributetypes
SyntaxID SYN_CI_STRING, attributeTypes: ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' DESC 'Windows NT domain to which the user belongs' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
ASN1ObjID { 1 3 6 1 4 1 7165 2 1 17 }
}
"domain" ATTRIBUTE ::= dn: cn=schema
{ changetype: modify
Operation ADD, add: attributetypes
SyntaxID SYN_CI_STRING, attributeTypes: ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Security ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
ASN1ObjID { 1 3 6 1 4 1 7165 2 1 18 }
}
-- user and group RID dn: cn=schema
"rid" ATTRIBUTE ::= changetype: modify
{ add: attributetypes
Operation ADD, attributeTypes: ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID' DESC 'Primary Group Security ID' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
SyntaxID SYN_INTEGER,
Flags { DS_SINGLE_VALUED_ATTR },
ASN1ObjID { 1 3 6 1 4 1 7165 2 1 14 }
}
"primaryGroupID" ATTRIBUTE ::= dn: cn=schema
{ changetype: modify
Operation ADD, add: attributetypes
SyntaxID SYN_INTEGER, attributeTypes: ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' DESC 'NT Group Type' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
Flags { DS_SINGLE_VALUED_ATTR },
ASN1ObjID { 1 3 6 1 4 1 7165 2 1 15 }
}
"sambaAccount" OBJECT-CLASS ::= dn: cn=schema
{ changetype: modify
Operation ADD, add: attributetypes
Flags {DS_AUXILIARY_CLASS}, attributeTypes: ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid' DESC 'Next NT rid to give our for users' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
SubClassOf {"TOP"},
MustContain { "uid"},
MustContain { "rid"},
MayContain { "CN"},
MayContain { "lmPassword"},
MayContain { "ntPassword"},
MayContain { "pwdLastSet"},
MayContain { "logonTime"},
MayContain { "logoffTime"},
MayContain { "kickoffTime"},
MayContain { "pwdCanChange"},
MayContain { "pwdMustChange"},
MayContain { "acctFlags"},
MayContain { "displayName"},
MayContain { "smbHome"},
MayContain { "homeDrive"},
MayContain { "scriptPath"},
MayContain { "profilePath"},
MayContain { "description"},
MayContain { "userWorkstations"},
MayContain { "primaryGroupID"},
MayContain { "domain"},
ASN1ObjID { 1 3 6 1 4 1 7165 2 2 3 }
}
-- Used for Winbind experimentation dn: cn=schema
"uidPool" OBJECT-CLASS ::= changetype: modify
{ add: attributetypes
Operation ADD, attributeTypes: ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid' DESC 'Next NT rid to give out for groups' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
Flags {DS_AUXILIARY_CLASS},
SubClassOf {"TOP"},
MustContain { "uidNumber"},
MustContain { "CN"},
ASN1ObjID { 1 3 6 1 4 1 7165 1 2 2 3 }
}
"gidPool" OBJECT-CLASS ::= dn: cn=schema
{ changetype: modify
Operation ADD, add: attributetypes
Flags {DS_AUXILIARY_CLASS}, attributeTypes: ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid' DESC 'Next NT rid to give out for anything' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
SubClassOf {"TOP"},
MustContain { "gidNumber"},
MustContain { "CN"},
ASN1ObjID { 1 3 6 1 4 1 7165 1 2 2 4 }
}
END dn: cn=schema
changetype: modify
add: attributetypes
attributeTypes: ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase' DESC 'Base at which the samba RID generation algorithm should operate' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
#######################################################################
## objectClasses used by Samba 3.0 schema ##
#######################################################################
dn: cn=schema
changetype: modify
add: objectClasses
objectClasses: ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' DESC 'Samba 3.0 Auxilary SAM Account' SUP top AUXILIARY MUST ( uid $ sambaSID ) MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $sambaLogonTime $ sambaLogoffTime $sambaKickoffTime $sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $sambaProfilePath $ description $ sambaUserWorkstations $sambaPrimaryGroupSID $ sambaDomainName ))
dn: cn=schema
changetype: modify
add: objectClasses
objectClasses: ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' DESC 'Samba Group Mapping' SUP top AUXILIARY MUST ( gidNumber $ sambaSID $ sambaGroupType ) MAY ( displayName $ description ))
dn: cn=schema
changetype: modify
add: objectClasses
objectClasses: ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' DESC 'Samba Domain Information' SUP top STRUCTURAL MUST ( sambaDomainName $sambaSID ) MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $sambaAlgorithmicRidBase ) )
dn: cn=schema
changetype: modify
add: objectClasses
objectClasses: ( 1.3.6.1.4.1.7165.1.2.2.7 NAME 'sambaUnixIdPool' DESC 'Pool for allocating UNIX uids/gids' SUP top AUXILIARY MUST ( uidNumber $ gidNumber ) )
dn: cn=schema
changetype: modify
add: objectClasses
objectClasses: ( 1.3.6.1.4.1.7165.1.2.2.8 NAME 'sambaIdmapEntry' DESC 'Mapping from a SID to an ID' SUP top AUXILIARY MUST ( sambaSID ) MAY ( uidNumber $ gidNumber ) )
dn: cn=schema
changetype: modify
add: objectClasses
objectClasses: ( 1.3.6.1.4.1.7165.1.2.2.9 NAME 'sambaSidEntry' DESC 'Structural Class for a SID' SUP top STRUCTURAL MUST ( sambaSID ) )

View File

@ -1,54 +1,112 @@
# #
# LDAP Schema file for SAMBA attribute storage # LDAP Schema file for SAMBA 3.0 attribute storage
# This file is suitable for usage with Netscape Directory Server 4.1x # For Netscape Directory Server 4.1x
# Adapted by Scott Lawson with help from Ron Creamer # Prepared by Osman Demirhan
#
attribute lmPassword 1.3.6.1.4.1.7165.2.1.1 cis single attribute sambaLMPassword 1.3.6.1.4.1.7165.2.1.24 cis single
attribute ntPassword 1.3.6.1.4.1.7165.2.1.2 cis single attribute sambaNTPassword 1.3.6.1.4.1.7165.2.1.25 cis single
attribute acctFlags 1.3.6.1.4.1.7165.2.1.4 cis single attribute sambaAcctFlags 1.3.6.1.4.1.7165.2.1.26 cis single
attribute pwdLastSet 1.3.6.1.4.1.7165.2.1.3 int single attribute sambaPwdLastSet 1.3.6.1.4.1.7165.2.1.27 int single
attribute logonTime 1.3.6.1.4.1.7165.2.1.5 int single attribute sambaPwdCanChange 1.3.6.1.4.1.7165.2.1.28 int single
attribute logoffTime 1.3.6.1.4.1.7165.2.1.6 int single attribute sambaPwdMustChange 1.3.6.1.4.1.7165.2.1.29 int single
attribute kickoffTime 1.3.6.1.4.1.7165.2.1.7 int single attribute sambaLogonTime 1.3.6.1.4.1.7165.2.1.30 int single
attribute pwdCanChange 1.3.6.1.4.1.7165.2.1.8 int single attribute sambaLogoffTime 1.3.6.1.4.1.7165.2.1.31 int single
attribute pwdMustChange 1.3.6.1.4.1.7165.2.1.9 int single attribute sambaKickoffTime 1.3.6.1.4.1.7165.2.1.32 int single
attribute homedrive 1.3.6.1.4.1.7165.2.1.10 cis single attribute sambaHomeDrive 1.3.6.1.4.1.7165.2.1.33 cis single
attribute scriptPath 1.3.6.1.4.1.7165.2.1.11 cis single attribute sambaLogonScript 1.3.6.1.4.1.7165.2.1.34 cis single
attribute profilePath 1.3.6.1.4.1.7165.2.1.12 cis single attribute sambaProfilePath 1.3.6.1.4.1.7165.2.1.35 cis single
attribute userWorkstations 1.3.6.1.4.1.7165.2.1.13 cis single attribute sambaUserWorkstations 1.3.6.1.4.1.7165.2.1.36 cis single
attribute rid 1.3.6.1.4.1.7165.2.1.14 int single attribute sambaHomePath 1.3.6.1.4.1.7165.2.1.37 cis single
attribute primaryGroupID 1.3.6.1.4.1.7165.2.1.15 int single attribute sambaDomainName 1.3.6.1.4.1.7165.2.1.38 cis single
attribute smbHome 1.3.6.1.4.1.7165.2.1.17 cis single attribute sambaSID 1.3.6.1.4.1.7165.2.1.20 cis single
attribute domain 1.3.6.1.4.1.7165.2.1.18 cis single attribute sambaPrimaryGroupSID 1.3.6.1.4.1.7165.2.1.23 cis single
attribute sambaGroupType 1.3.6.1.4.1.7165.2.1.19 int single
attribute sambaNextUserRid 1.3.6.1.4.1.7165.2.1.21 int single
attribute sambaNextGroupRid 1.3.6.1.4.1.7165.2.1.22 int single
attribute sambaNextRid 1.3.6.1.4.1.7165.2.1.39 int single
attribute sambaAlgorithmicRidBase 1.3.6.1.4.1.7165.2.1.40 int single
objectclass sambaAccount objectclass sambaSamAccount
oid oid
1.3.1.5.1.4.1.7165.2.2.2 1.3.6.1.4.1.7165.2.2.6
superior superior
top top
requires requires
objectClass, objectClass,
uid, uid,
rid sambaSID
allows allows
cn, cn,
lmPassword, sambaLMPassword,
ntPassword, sambaNTPassword,
pwdLastSet, sambaPwdLastSet,
logonTime, sambaLogonTime,
logoffTime, sambaLogoffTime,
KickoffTime, sambaKickoffTime,
pwdCanChange, sambaPwdCanChange,
pwdMustChange, sambaPwdMustChange,
acctFlags, sambaAcctFlags,
displayName, displayName,
smbHome, sambaHomePath,
homeDrive, sambaHomeDrive,
scriptPath, sambaLogonScript,
profilePath, sambaProfilePath,
description, description,
userWorkstations, sambaUserWorkstations,
primaryGroupID, sambaPrimaryGroupSID,
domain sambaDomainName
objectclass sambaGroupMapping
oid
1.3.6.1.4.1.7165.2.2.4
superior
top
requires
gidNumber,
sambaSID,
sambaGroupType
allows
displayName,
description
objectclass sambaDomain
oid
1.3.6.1.4.1.7165.2.2.5
superior
top
requires
sambaDomainName,
sambaSID
allows
sambaNextRid,
sambaNextGroupRid,
sambaNextUserRid,
sambaAlgorithmicRidBase
objectclass sambaUnixIdPool
oid
1.3.6.1.4.1.7165.1.2.2.7
superior
top
requires
uidNumber,
gidNumber
objectclass sambaIdmapEntry
oid
1.3.6.1.4.1.7165.1.2.2.8
superior
top
requires
sambaSID
allows
uidNumber,
gidNumber
objectclass sambaSidEntry
oid
1.3.6.1.4.1.7165.1.2.2.9
superior
top
requires
sambaSID