1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-24 21:34:56 +03:00
samba-mirror/source4/setup/schema_samba4.ldif
Endi Sukma Dewata b1dabb1133 s4: Use SASL authentication against Fedora DS.
1. During instance creation the provisioning script will import the SASL
   mapping for samba-admin. It's done here due to missing config schema
   preventing adding the mapping via ldapi.

2. After that it will use ldif2db to import the cn=samba-admin user as
   the target of SASL mapping.

3. Then it will start FDS and continue to do provisioning using the
   Directory Manager with simple bind.

4. The SASL credentials will be stored in secrets.ldb, so when Samba
   server runs later it will use the SASL credentials.

5. After the provisioning is done (just before stopping the slapd)
   it will use the DM over direct ldapi to delete the default SASL
   mappings included automatically by FDS, leaving just the new
   samba-admin mapping.

6. Also before stopping slapd it will use the DM over direct ldapi to
   set the ACL on the root entries of the user, configuration, and
   schema partitions. The ACL will give samba-admin the full access
   to these partitions.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
2009-09-10 09:52:22 +10:00

345 lines
9.7 KiB
Plaintext

#
# Schema elements which do not exist in AD, but which we use in Samba4
#
## Samba4 OID allocation from Samba3's examples/LDAP/samba.schema
## 1.3.6.1.4.1.7165.4.1.x - attributetypes
## 1.3.6.1.4.1.7165.4.2.x - objectclasses
## 1.3.6.1.4.1.7165.4.3.x - LDB/LDAP Controls
### see dsdb/samdb/samdb.h
## 1.3.6.1.4.1.7165.4.4.x - LDB/LDAP Extended Operations
### see dsdb/samdb/samdb.h
## 1.3.6.1.4.1.7165.4.255.x - mapped OIDs due to conflicts between AD and standards-track
#
#
#
# Not used anymore
#
#dn: cn=ntpwdHash,${SCHEMADN}
#cn: ntpwdHash
#name: NTPWDHash
#objectClass: top
#objectClass: attributeSchema
#lDAPDisplayName: ntpwdhash
#isSingleValued: TRUE
#systemFlags: 17
#systemOnly: TRUE
#schemaIDGUID: E961130F-5084-458C-9E9C-DEC16DA08592
#adminDisplayName: NT-PWD-Hash
#attributeID: 1.3.6.1.4.1.7165.4.1.1
#attributeSyntax: 2.5.5.10
#oMSyntax: 4
#
# Not used anymore
#
#dn: cn=lmpwdHash,${SCHEMADN}
#cn: lmpwdHash
#name: lmpwdHash
#objectClass: top
#objectClass: attributeSchema
#lDAPDisplayName: lmpwdhash
#isSingleValued: TRUE
#systemFlags: 17
#systemOnly: TRUE
#schemaIDGUID: CBD0D18C-9C54-4A77-87C4-5CEEAF781253
#adminDisplayName: LM-PWD-Hash
#attributeID: 1.3.6.1.4.1.7165.4.1.2
#attributeSyntax: 2.5.5.10
#oMSyntax: 4
#
# Not used anymore
#
#dn: cn=sambaNtPwdHistory,${SCHEMADN}
#cn: sambaNtPwdHistory
#name: sambaNtPwdHistory
#objectClass: top
#objectClass: attributeSchema
#lDAPDisplayName: sambaNtPwdHistory
#isSingleValued: TRUE
#systemFlags: 17
#systemOnly: TRUE
#schemaIDGUID: 8CCD7658-C574-4435-A38C-99572E349E6B
#adminDisplayName: SAMBA-NT-PWD-History
#attributeID: 1.3.6.1.4.1.7165.4.1.3
#attributeSyntax: 2.5.5.10
#oMSyntax: 4
#
# Not used anymore
#
#dn: cn=sambaLmPwdHistory,${SCHEMADN}
#cn: sambaLmPwdHistory
#name: sambaLmPwdHistory
#objectClass: top
#objectClass: attributeSchema
#lDAPDisplayName: sambaLmPwdHistory
#isSingleValued: FALSE
#systemFlags: 17
#systemOnly: TRUE
#schemaIDGUID: 0EAFE3DD-0F53-495E-8A34-97BB28AF17A4
#adminDisplayName: SAMBA-LM-PWDHistory
#attributeID: 1.3.6.1.4.1.7165.4.1.4
#attributeSyntax: 2.5.5.10
#oMSyntax: 4
#
# Not used anymore
#
#dn: CN=sambaPassword,${SCHEMADN}
#objectClass: top
#objectClass: attributeSchema
#lDAPDisplayName: sambaPassword
#isSingleValued: FALSE
#systemFlags: 17
#systemOnly: TRUE
#schemaIDGUID: 87F10301-229A-4E69-B63A-998339ADA37A
#adminDisplayName: SAMBA-Password
#attributeID: 1.3.6.1.4.1.7165.4.1.5
#attributeSyntax: 2.5.5.5
#oMSyntax: 22
#
# Not used anymore
#
#dn: cn=dnsDomain,${SCHEMADN}
#objectClass: top
#objectClass: attributeSchema
#lDAPDisplayName: dnsDomain
#isSingleValued: FALSE
#systemFlags: 17
#systemOnly: TRUE
#schemaIDGUID: A40165E6-5E45-44A7-A8FA-186C94333018
#adminDisplayName: DNS-Domain
#attributeID: 1.3.6.1.4.1.7165.4.1.6
#attributeSyntax: 2.5.5.4
#oMSyntax: 20
dn: cn=privilege,${SCHEMADN}
objectClass: top
objectClass: attributeSchema
cn: privilege
lDAPDisplayName: privilege
isSingleValued: FALSE
systemFlags: 17
systemOnly: TRUE
schemaIDGUID: 7429BC94-CC6A-4481-8B2C-A97E316EB182
adminDisplayName: Privilege
attributeID: 1.3.6.1.4.1.7165.4.1.7
attributeSyntax: 2.5.5.4
oMSyntax: 20
#
# Not used anymore
#
#dn: CN=unixName,${SCHEMADN}
#cn: unixName
#name: unixName
#objectClass: top
#objectClass: attributeSchema
#lDAPDisplayName: unixName
#isSingleValued: TRUE
#systemFlags: 16
#systemOnly: FALSE
#schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2
#adminDisplayName: Unix-Name
#attributeID: 1.3.6.1.4.1.7165.4.1.9
#attributeSyntax: 2.5.5.4
#oMSyntax: 20
#
# Not used anymore
#
#dn: cn=krb5Key,${SCHEMADN}
#cn: krb5Key
#name: krb5Key
#objectClass: top
#objectClass: attributeSchema
#lDAPDisplayName: krb5Key
#isSingleValued: FALSE
#systemFlags: 17
#systemOnly: TRUE
#schemaIDGUID: 0EAFE3DD-0F53-495E-8A34-97BB28AF17A4
#adminDisplayName: krb5-Key
#attributeID: 1.3.6.1.4.1.5322.10.1.10
#attributeSyntax: 2.5.5.10
#oMSyntax: 4
#Allocated: (not used anymore) DSDB_CONTROL_REPLICATED_OBJECT_OID 1.3.6.1.4.1.7165.4.3.1
#Allocated: DSDB_CONTROL_CURRENT_PARTITION_OID 1.3.6.1.4.1.7165.4.3.2
#Allocated: DSDB_CONTROL_REPLICATED_UPDATE_OID 1.3.6.1.4.1.7165.4.3.3
#Allocated: DSDB_EXTENDED_REPLICATED_OBJECTS_OID 1.3.6.1.4.1.7165.4.4.1
#Allocated: DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID 1.3.6.1.4.1.7165.4.4.2
#Allocated: LDB_EXTENDED_SEQUENCE_NUMBER 1.3.6.1.4.1.7165.4.4.3
#Allocated: (middleName) attributeID: 1.3.6.1.4.1.7165.4.255.1
#Allocated: (defaultGroup) attributeID: 1.3.6.1.4.1.7165.4.255.2
#Allocated: (modifyTimestamp) samba4ModifyTimestamp: 1.3.6.1.4.1.7165.4.255.3
#Allocated: (subSchema) samba4SubSchema: 1.3.6.1.4.1.7165.4.255.4
#Allocated: (objectClasses) samba4ObjectClasses: 1.3.6.1.4.1.7165.4.255.5
#Allocated: (ditContentRules) samba4DitContentRules: 1.3.6.1.4.1.7165.4.255.6
#Allocated: (attributeTypes) samba4AttributeTypes: 1.3.6.1.4.1.7165.4.255.7
#Allocated: (dynamicObject) samba4DynamicObject: 1.3.6.1.4.1.7165.4.255.8
#Allocated: (entryTTL) samba4EntryTTL: 1.3.6.1.4.1.7165.4.255.9
#
# Based on domainDNS, but without the DNS bits.
#
dn: CN=Samba4-Local-Domain,${SCHEMADN}
objectClass: top
objectClass: classSchema
cn: Samba4-Local-Domain
subClassOf: top
governsID: 1.3.6.1.4.1.7165.4.2.2
rDNAttID: cn
adminDisplayName: Samba4-Local-Domain
adminDescription: Samba4-Local-Domain
systemMayContain: msDS-Behavior-Version
systemMayContain: managedBy
objectClassCategory: 1
lDAPDisplayName: samba4LocalDomain
schemaIDGUID: 07be1647-8310-4fba-91ae-34e55d5a8293
systemOnly: FALSE
systemAuxiliaryClass: samDomain
defaultSecurityDescriptor: D:(A;;RPLCLORC;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
systemFlags: 16
defaultHidingValue: TRUE
defaultObjectCategory: CN=Samba4-Local-Domain,${SCHEMADN}
dn: CN=Samba4Top,${SCHEMADN}
objectClass: top
objectClass: classSchema
cn: Samba4Top
subClassOf: top
governsID: 1.3.6.1.4.1.7165.4.2.1
mayContain: msDS-ObjectReferenceBL
rDNAttID: cn
adminDisplayName: Samba4TopTop
adminDescription: Attributes used in top in Samba4 that OpenLDAP does not
objectClassCategory: 3
lDAPDisplayName: samba4Top
schemaIDGUID: 073598d0-635b-4685-a929-da731b98d84e
systemOnly: TRUE
systemPossSuperiors: lostAndFound
systemMayContain: url
systemMayContain: wWWHomePage
systemMayContain: wellKnownObjects
systemMayContain: wbemPath
systemMayContain: uSNSource
systemMayContain: uSNLastObjRem
systemMayContain: USNIntersite
systemMayContain: uSNDSALastObjRemoved
systemMayContain: systemFlags
systemMayContain: subRefs
systemMayContain: siteObjectBL
systemMayContain: serverReferenceBL
systemMayContain: sDRightsEffective
systemMayContain: revision
systemMayContain: repsTo
systemMayContain: repsFrom
systemMayContain: directReports
systemMayContain: replUpToDateVector
systemMayContain: replPropertyMetaData
systemMayContain: name
systemMayContain: queryPolicyBL
systemMayContain: parentGUID
systemMayContain: proxyAddresses
systemMayContain: proxiedObjectName
systemMayContain: possibleInferiors
systemMayContain: partialAttributeSet
systemMayContain: partialAttributeDeletionList
systemMayContain: otherWellKnownObjects
systemMayContain: objectVersion
systemMayContain: nonSecurityMemberBL
systemMayContain: netbootSCPBL
systemMayContain: ownerBL
systemMayContain: msDS-ReplValueMetaData
systemMayContain: msDS-ReplAttributeMetaData
systemMayContain: msDS-NonMembersBL
systemMayContain: msDS-NCReplOutboundNeighbors
systemMayContain: msDS-NCReplInboundNeighbors
systemMayContain: msDS-NCReplCursors
systemMayContain: msDS-TasksForAzRoleBL
systemMayContain: msDS-TasksForAzTaskBL
systemMayContain: msDS-OperationsForAzRoleBL
systemMayContain: msDS-OperationsForAzTaskBL
systemMayContain: msDS-MembersForAzRoleBL
systemMayContain: msDs-masteredBy
systemMayContain: mS-DS-ConsistencyGuid
systemMayContain: mS-DS-ConsistencyChildCount
systemMayContain: msDS-Approx-Immed-Subordinates
systemMayContain: msCOM-PartitionSetLink
systemMayContain: msCOM-UserLink
systemMayContain: masteredBy
systemMayContain: managedObjects
systemMayContain: lastKnownParent
systemMayContain: isPrivilegeHolder
systemMayContain: isDeleted
systemMayContain: isCriticalSystemObject
systemMayContain: showInAdvancedViewOnly
systemMayContain: fSMORoleOwner
systemMayContain: fRSMemberReferenceBL
systemMayContain: frsComputerReferenceBL
systemMayContain: fromEntry
systemMayContain: flags
systemMayContain: extensionName
systemMayContain: dSASignature
systemMayContain: dSCorePropagationData
systemMayContain: displayNamePrintable
systemMayContain: displayName
systemMayContain: description
systemMayContain: cn
systemMayContain: canonicalName
systemMayContain: bridgeheadServerListBL
systemMayContain: allowedChildClassesEffective
systemMayContain: allowedChildClasses
systemMayContain: allowedAttributesEffective
systemMayContain: allowedAttributes
systemMayContain: adminDisplayName
systemMayContain: adminDescription
systemMustContain: objectCategory
systemMustContain: nTSecurityDescriptor
systemMustContain: instanceType
systemAuxiliaryClass: samba4TopExtra
defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
systemFlags: 16
defaultHidingValue: TRUE
objectCategory: CN=Class-Schema,${SCHEMADN}
defaultObjectCategory: CN=Samba4Top,${SCHEMADN}
dn: CN=Samba4TopExtra,${SCHEMADN}
objectClass: top
objectClass: classSchema
cn: Samba4TopExtra
subClassOf: top
governsID: 1.3.6.1.4.1.7165.4.2.3
rDNAttID: cn
adminDisplayName: Samba4TopExtra
adminDescription: Attributes used in top in Samba4 that OpenLDAP does not
objectClassCategory: 2
lDAPDisplayName: samba4TopExtra
schemaIDGUID: 073598d0-635b-4685-a929-da731b98d84e
systemOnly: TRUE
mayContain: privilege
systemPossSuperiors: lostAndFound
defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
systemFlags: 16
defaultHidingValue: TRUE
objectCategory: CN=Class-Schema,${SCHEMADN}
defaultObjectCategory: CN=Samba4TopExtra,${SCHEMADN}