1
0
mirror of https://github.com/samba-team/samba.git synced 2024-12-22 13:34:15 +03:00
samba-mirror/source4/setup/schema_samba4.ldif
Andrew Bartlett 09ae48b415 dsdb: Prepare to handle smartcard password rollover
We do this by allowing the password change control to indicate
that the password is to be randomised, bypassing the quality
checks (as true random passwords often fail these) and
re-randomising with the same code as is used for the KDC.

Signed-off-by: Andrew Bartlett <abartlet@samba.org>
Reviewed-by: Jo Sutton <josutton@catalyst.net.nz>
2024-06-10 04:27:30 +00:00

406 lines
14 KiB
Plaintext

#
# Schema elements which do not exist in AD, but which we use in Samba4
#
## Samba4 OID allocation from Samba3's examples/LDAP/samba.schema
## 1.3.6.1.4.1.7165.4.1.x - attributetypes
## 1.3.6.1.4.1.7165.4.2.x - objectclasses
## 1.3.6.1.4.1.7165.4.3.x - LDB/LDAP Controls
### see dsdb/samdb/samdb.h
## 1.3.6.1.4.1.7165.4.4.x - LDB/LDAP Extended Operations
### see dsdb/samdb/samdb.h
## 1.3.6.1.4.1.7165.4.5.x - ldap extended matches
## 1.3.6.1.4.1.7165.4.6.1.x - SELFTEST random attributes
## 1.3.6.1.4.1.7165.4.6.1.1.x - ldap_syntaxes.py
## 1.3.6.1.4.1.7165.4.6.1.2.x - ldap_syntaxes.py
## 1.3.6.1.4.1.7165.4.6.1.4.x - urgent_replication.py
## 1.3.6.1.4.1.7165.4.6.1.5.x - repl_schema.py
## 1.3.6.1.4.1.7165.4.6.1.6.x - ldap_schema.py
## 1.3.6.1.4.1.7165.4.6.1.7.x - dsdb_schema_info.py
## 1.3.6.1.4.1.7165.4.6.1.8.x - dsdb_schema_attributes.py
## 1.3.6.1.4.1.7165.4.6.2.x - SELFTEST random classes
## 1.3.6.1.4.1.7165.4.6.2.1.x - ldap_syntaxes.py
## 1.3.6.1.4.1.7165.4.6.2.2.x - ldap_syntaxes.py
## 1.3.6.1.4.1.7165.4.6.2.3.x - sec_descriptor.py
## 1.3.6.1.4.1.7165.4.6.2.4.x - urgent_replication.py
## 1.3.6.1.4.1.7165.4.6.2.5.x - repl_schema.py
## 1.3.6.1.4.1.7165.4.6.2.6.x - ldap_schema.py
## 1.3.6.1.4.1.7165.4.6.2.7.x - dsdb_schema_info.py
## 1.3.6.1.4.1.7165.4.6.2.8.x - getnc_schema.py
## 1.3.6.1.4.1.7165.4.6.2.9.x - sid_strings.py
## 1.3.6.1.4.1.7165.4.255.x - mapped OIDs due to conflicts between AD and standards-track
#
#
#
# Not used anymore
#
#dn: cn=ntpwdHash,${SCHEMADN}
#cn: ntpwdHash
#name: NTPWDHash
#objectClass: top
#objectClass: attributeSchema
#lDAPDisplayName: ntpwdhash
#isSingleValued: TRUE
#systemFlags: 17
#systemOnly: TRUE
#schemaIDGUID: E961130F-5084-458C-9E9C-DEC16DA08592
#adminDisplayName: NT-PWD-Hash
#attributeID: 1.3.6.1.4.1.7165.4.1.1
#attributeSyntax: 2.5.5.10
#oMSyntax: 4
#
# Not used anymore
#
#dn: cn=lmpwdHash,${SCHEMADN}
#cn: lmpwdHash
#name: lmpwdHash
#objectClass: top
#objectClass: attributeSchema
#lDAPDisplayName: lmpwdhash
#isSingleValued: TRUE
#systemFlags: 17
#systemOnly: TRUE
#schemaIDGUID: CBD0D18C-9C54-4A77-87C4-5CEEAF781253
#adminDisplayName: LM-PWD-Hash
#attributeID: 1.3.6.1.4.1.7165.4.1.2
#attributeSyntax: 2.5.5.10
#oMSyntax: 4
#
# Not used anymore
#
#dn: cn=sambaNtPwdHistory,${SCHEMADN}
#cn: sambaNtPwdHistory
#name: sambaNtPwdHistory
#objectClass: top
#objectClass: attributeSchema
#lDAPDisplayName: sambaNtPwdHistory
#isSingleValued: TRUE
#systemFlags: 17
#systemOnly: TRUE
#schemaIDGUID: 8CCD7658-C574-4435-A38C-99572E349E6B
#adminDisplayName: SAMBA-NT-PWD-History
#attributeID: 1.3.6.1.4.1.7165.4.1.3
#attributeSyntax: 2.5.5.10
#oMSyntax: 4
#
# Not used anymore
#
#dn: cn=sambaLmPwdHistory,${SCHEMADN}
#cn: sambaLmPwdHistory
#name: sambaLmPwdHistory
#objectClass: top
#objectClass: attributeSchema
#lDAPDisplayName: sambaLmPwdHistory
#isSingleValued: FALSE
#systemFlags: 17
#systemOnly: TRUE
#schemaIDGUID: 0EAFE3DD-0F53-495E-8A34-97BB28AF17A4
#adminDisplayName: SAMBA-LM-PWDHistory
#attributeID: 1.3.6.1.4.1.7165.4.1.4
#attributeSyntax: 2.5.5.10
#oMSyntax: 4
#
# Not used anymore
#
#dn: CN=sambaPassword,${SCHEMADN}
#objectClass: top
#objectClass: attributeSchema
#lDAPDisplayName: sambaPassword
#isSingleValued: FALSE
#systemFlags: 17
#systemOnly: TRUE
#schemaIDGUID: 87F10301-229A-4E69-B63A-998339ADA37A
#adminDisplayName: SAMBA-Password
#attributeID: 1.3.6.1.4.1.7165.4.1.5
#attributeSyntax: 2.5.5.5
#oMSyntax: 22
#
# Not used anymore
#
#dn: cn=dnsDomain,${SCHEMADN}
#objectClass: top
#objectClass: attributeSchema
#lDAPDisplayName: dnsDomain
#isSingleValued: FALSE
#systemFlags: 17
#systemOnly: TRUE
#schemaIDGUID: A40165E6-5E45-44A7-A8FA-186C94333018
#adminDisplayName: DNS-Domain
#attributeID: 1.3.6.1.4.1.7165.4.1.6
#attributeSyntax: 2.5.5.4
#oMSyntax: 20
# not used anymore
#dn: cn=privilege,${SCHEMADN}
#objectClass: top
#objectClass: attributeSchema
#cn: privilege
#lDAPDisplayName: privilege
#isSingleValued: FALSE
#systemFlags: 17
#systemOnly: TRUE
#schemaIDGUID: 7429BC94-CC6A-4481-8B2C-A97E316EB182
#adminDisplayName: Privilege
#attributeID: 1.3.6.1.4.1.7165.4.1.7
#attributeSyntax: 2.5.5.4
#oMSyntax: 20
#
# Not used anymore
#
#dn: CN=unixName,${SCHEMADN}
#cn: unixName
#name: unixName
#objectClass: top
#objectClass: attributeSchema
#lDAPDisplayName: unixName
#isSingleValued: TRUE
#systemFlags: 16
#systemOnly: FALSE
#schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2
#adminDisplayName: Unix-Name
#attributeID: 1.3.6.1.4.1.7165.4.1.9
#attributeSyntax: 2.5.5.4
#oMSyntax: 20
#
# Not used anymore
#
#dn: cn=krb5Key,${SCHEMADN}
#cn: krb5Key
#name: krb5Key
#objectClass: top
#objectClass: attributeSchema
#lDAPDisplayName: krb5Key
#isSingleValued: FALSE
#systemFlags: 17
#systemOnly: TRUE
#schemaIDGUID: 0EAFE3DD-0F53-495E-8A34-97BB28AF17A4
#adminDisplayName: krb5-Key
#attributeID: 1.3.6.1.4.1.5322.10.1.10
#attributeSyntax: 2.5.5.10
#oMSyntax: 4
# Controls 1.3.6.1.4.1.7165.4.3.x
#Allocated: (not used anymore) DSDB_CONTROL_REPLICATED_OBJECT_OID 1.3.6.1.4.1.7165.4.3.1
#Allocated: DSDB_CONTROL_CURRENT_PARTITION_OID 1.3.6.1.4.1.7165.4.3.2
#Allocated: DSDB_CONTROL_REPLICATED_UPDATE_OID 1.3.6.1.4.1.7165.4.3.3
#Allocated: DSDB_CONTROL_DN_STORAGE_FORMAT_OID 1.3.6.1.4.1.7165.4.3.4
#Allocated: LDB_CONTROL_RECALCULATE_SD_OID 1.3.6.1.4.1.7165.4.3.5
#Allocated: LDB_CONTROL_REVEAL_INTERNALS 1.3.6.1.4.1.7165.4.3.6
#Allocated: LDB_CONTROL_AS_SYSTEM_OID 1.3.6.1.4.1.7165.4.3.7
#Allocated: DSDB_CONTROL_PASSWORD_CHANGE_STATUS_OID 1.3.6.1.4.1.7165.4.3.8
#Allocated: DSDB_CONTROL_PASSWORD_HASH_VALUES_OID 1.3.6.1.4.1.7165.4.3.9
#Allocated: DSDB_CONTROL_PASSWORD_CHANGE_OLD_PW_CHECKED_OID 1.3.6.1.4.1.7165.4.3.10
#Allocated: DSDB_CONTROL_APPLY_LINKS 1.3.6.1.4.1.7165.4.3.11
#Allocated: DSDB_CONTROL_BYPASS_PASSWORD_HASH_OID 1.3.6.1.4.1.7165.4.3.12
#Allocated: LDB_CONTROL_BYPASS_OPERATIONAL_OID 1.3.6.1.4.1.7165.4.3.13
#Allocated: DSDB_CONTROL_CHANGEREPLMETADATA_OID 1.3.6.1.4.1.7165.4.3.14
#Allocated: (not used anymore) DSDB_CONTROL_SEARCH_APPLY_ACCESS 1.3.6.1.4.1.7165.4.3.15
#Allocated: LDB_CONTROL_PROVISION_OID 1.3.6.1.4.1.7165.4.3.16
#Allocated: DSDB_CONTROL_NO_GLOBAL_CATALOG 1.3.6.1.4.1.7165.4.3.17
#Allocated: DSDB_CONTROL_PARTIAL_REPLICA 1.3.6.1.4.1.7165.4.3.18
#Allocated: DSDB_CONTROL_DBCHECK 1.3.6.1.4.1.7165.4.3.19
#Allocated: DSDB_CONTROL_DBCHECK_MODIFY_RO_REPLICA 1.3.6.1.4.1.7165.4.3.19.1
#Allocated: DSDB_CONTROL_DBCHECK_FIX_DUPLICATE_LINKS 1.3.6.1.4.1.7165.4.3.19.2
#Allocated: DSDB_CONTROL_DBCHECK_FIX_LINK_DN_NAME 1.3.6.1.4.1.7165.4.3.19.3
#Allocated: DSDB_CONTROL_DBCHECK_FIX_LINK_DN_SID 1.3.6.1.4.1.7165.4.3.19.4
#Allocated: DSDB_CONTROL_PASSWORD_BYPASS_LAST_SET_OID 1.3.6.1.4.1.7165.4.3.20
#Allocated: DSDB_CONTROL_SEC_DESC_PROPAGATION_OID 1.3.6.1.4.1.7165.4.3.21
#Allocated: DSDB_CONTROL_PERMIT_INTERDOMAIN_TRUST_UAC_OID 1.3.6.1.4.1.7165.4.3.23
#Allocated: DSDB_CONTROL_RESTORE_TOMBSTONE_OID 1.3.6.1.4.1.7165.4.3.24
#Allocated: DSDB_CONTROL_CHANGEREPLMETADATA_RESORT_OID 1.3.6.1.4.1.7165.4.3.25
#Allocated: DSDB_CONTROL_PASSWORD_DEFAULT_LAST_SET_OID 1.3.6.1.4.1.7165.4.3.26
#Allocated: DSDB_CONTROL_PASSWORD_USER_ACCOUNT_CONTROL_OID 1.3.6.1.4.1.7165.4.3.27
#Allocated: DSDB_CONTROL_SKIP_DUPLICATES_CHECK_OID 1.3.6.1.4.1.7165.4.3.28
#Allocated: DSDB_CONTROL_REPLMD_VANISH_LINKS 1.3.6.1.4.1.7165.4.3.29
#Allocated: LDB_CONTROL_RECALCULATE_RDN_OID 1.3.6.1.4.1.7165.4.3.30
#Allocated: DSDB_CONTROL_FORCE_RODC_LOCAL_CHANGE 1.3.6.1.4.1.7165.4.3.31
#Allocated: DSDB_CONTROL_INVALID_NOT_IMPLEMENTED 1.3.6.1.4.1.7165.4.3.32
#Allocated: DSDB_CONTROL_PASSWORD_ACL_VALIDATION_OID 1.3.6.1.4.1.7165.4.3.33
#Allocated: DSDB_CONTROL_TRANSACTION_IDENTIFIER_OID 1.3.6.1.4.1.7165.4.3.34
#Allocated: DSDB_CONTROL_FORCE_ALLOW_VALIDATED_DNS_HOSTNAME_SPN_WRITE_OID 1.3.6.1.4.1.7165.4.3.35
#Allocated: DSDB_CONTROL_CALCULATED_DEFAULT_SD_OID 1.3.6.1.4.1.7165.4.3.36
#Allocated: DSDB_CONTROL_ACL_READ_OID 1.3.6.1.4.1.7165.4.3.37
#Allocated: DSDB_CONTROL_GMSA_UPDATE_OID 1.3.6.1.4.1.7165.4.3.38
#Allocated: DSDB_CONTROL_PASSWORD_KDC_RESET_SMARTCARD_ACCOUNT_PASSWORD 1.3.6.1.4.1.7165.4.3.39
# Extended 1.3.6.1.4.1.7165.4.4.x
#Allocated: DSDB_EXTENDED_REPLICATED_OBJECTS_OID 1.3.6.1.4.1.7165.4.4.1
#Allocated: DSDB_EXTENDED_SCHEMA_UPDATE_NOW_OID 1.3.6.1.4.1.7165.4.4.2
#Allocated: LDB_EXTENDED_SEQUENCE_NUMBER 1.3.6.1.4.1.7165.4.4.3
#Allocated: DSDB_EXTENDED_CREATE_PARTITION_OID 1.3.6.1.4.1.7165.4.4.4
#Allocated: DSDB_EXTENDED_ALLOCATE_RID_POOL 1.3.6.1.4.1.7165.4.4.5
#Allocated: DSDB_EXTENDED_SCHEMA_UPGRADE_IN_PROGRESS_OID 1.3.6.1.4.1.7165.4.4.6
#Allocated: DSDB_EXTENDED_SEC_DESC_PROPAGATION_OID 1.3.6.1.4.1.7165.4.4.7
#Allocated: DSDB_EXTENDED_CREATE_OWN_RID_SET 1.3.6.1.4.1.7165.4.4.8
#Allocated: DSDB_EXTENDED_ALLOCATE_RID 1.3.6.1.4.1.7165.4.4.9
#Allocated: DSDB_EXTENDED_SCHEMA_LOAD 1.3.6.1.4.1.7165.4.4.10
############
# ldap extended matches
#Allocated: SAMBA_LDAP_MATCH_ALWAYS_FALSE 1.3.6.1.4.1.7165.4.5.1
#Allocated: DSDB_MATCH_FOR_EXPUNGE 1.3.6.1.4.1.7165.4.5.2
#Allocated: DSDB_MATCH_FOR_DNS_TO_TOMBSTONE_TIME 1.3.6.1.4.1.7165.4.5.3
#Allocated: (middleName) attributeID: 1.3.6.1.4.1.7165.4.255.1
#Allocated: (defaultGroup) attributeID: 1.3.6.1.4.1.7165.4.255.2
#Allocated: (modifyTimestamp) samba4ModifyTimestamp: 1.3.6.1.4.1.7165.4.255.3
#Allocated: (subSchema) samba4SubSchema: 1.3.6.1.4.1.7165.4.255.4
#Allocated: (objectClasses) samba4ObjectClasses: 1.3.6.1.4.1.7165.4.255.5
#Allocated: (ditContentRules) samba4DitContentRules: 1.3.6.1.4.1.7165.4.255.6
#Allocated: (attributeTypes) samba4AttributeTypes: 1.3.6.1.4.1.7165.4.255.7
#Allocated: (dynamicObject) samba4DynamicObject: 1.3.6.1.4.1.7165.4.255.8
#Allocated: (entryTTL) samba4EntryTTL: 1.3.6.1.4.1.7165.4.255.9
#Allocated: (thumbnailPhoto) attributeID: 1.3.6.1.4.1.7165.4.255.10
#Allocated: (thumbnailLogo) attributeID: 1.3.6.1.4.1.7165.4.255.11
#
# Based on domainDNS, but without the DNS bits.
#
#
# Not used anymore
#
#dn: CN=Samba4-Local-Domain,${SCHEMADN}
#objectClass: top
#objectClass: classSchema
#cn: Samba4-Local-Domain
#subClassOf: top
#governsID: 1.3.6.1.4.1.7165.4.2.2
#rDNAttID: cn
#adminDisplayName: Samba4-Local-Domain
#adminDescription: Samba4-Local-Domain
#systemMayContain: msDS-Behavior-Version
#systemMayContain: managedBy
#objectClassCategory: 1
#lDAPDisplayName: samba4LocalDomain
#schemaIDGUID: 07be1647-8310-4fba-91ae-34e55d5a8293
#systemOnly: FALSE
#systemAuxiliaryClass: samDomain
#defaultSecurityDescriptor: D:(A;;RPLCLORC;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
#systemFlags: 16
#defaultHidingValue: TRUE
#defaultObjectCategory: CN=Samba4-Local-Domain,${SCHEMADN}
dn: CN=Samba4Top,${SCHEMADN}
objectClass: top
objectClass: classSchema
cn: Samba4Top
subClassOf: top
objectGUID: 4af54ff0-ff3c-4f17-8fb0-611ec83ddfb4
governsID: 1.3.6.1.4.1.7165.4.2.1
mayContain: msDS-ObjectReferenceBL
rDNAttID: cn
adminDisplayName: Samba4TopTop
adminDescription: Attributes used in top in Samba4 that OpenLDAP does not
objectClassCategory: 3
lDAPDisplayName: samba4Top
schemaIDGUID: 073598d0-635b-4685-a929-da731b98d84e
systemOnly: TRUE
systemPossSuperiors: lostAndFound
systemMayContain: url
systemMayContain: wWWHomePage
systemMayContain: wellKnownObjects
systemMayContain: wbemPath
systemMayContain: uSNSource
systemMayContain: uSNLastObjRem
systemMayContain: USNIntersite
systemMayContain: uSNDSALastObjRemoved
systemMayContain: systemFlags
systemMayContain: subRefs
systemMayContain: siteObjectBL
systemMayContain: serverReferenceBL
systemMayContain: sDRightsEffective
systemMayContain: revision
systemMayContain: repsTo
systemMayContain: repsFrom
systemMayContain: directReports
systemMayContain: replUpToDateVector
systemMayContain: replPropertyMetaData
systemMayContain: name
systemMayContain: queryPolicyBL
systemMayContain: parentGUID
systemMayContain: proxyAddresses
systemMayContain: proxiedObjectName
systemMayContain: possibleInferiors
systemMayContain: partialAttributeSet
systemMayContain: partialAttributeDeletionList
systemMayContain: otherWellKnownObjects
systemMayContain: objectVersion
systemMayContain: nonSecurityMemberBL
systemMayContain: netbootSCPBL
systemMayContain: ownerBL
systemMayContain: msDS-ReplValueMetaData
systemMayContain: msDS-ReplAttributeMetaData
systemMayContain: msDS-NcType
systemMayContain: msDS-NonMembersBL
systemMayContain: msDS-NCReplOutboundNeighbors
systemMayContain: msDS-NCReplInboundNeighbors
systemMayContain: msDS-NCReplCursors
systemMayContain: msDS-TasksForAzRoleBL
systemMayContain: msDS-TasksForAzTaskBL
systemMayContain: msDS-OperationsForAzRoleBL
systemMayContain: msDS-OperationsForAzTaskBL
systemMayContain: msDS-MembersForAzRoleBL
systemMayContain: msDs-masteredBy
systemMayContain: mS-DS-ConsistencyGuid
systemMayContain: mS-DS-ConsistencyChildCount
systemMayContain: msDS-Approx-Immed-Subordinates
systemMayContain: msCOM-PartitionSetLink
systemMayContain: msCOM-UserLink
systemMayContain: masteredBy
systemMayContain: managedObjects
systemMayContain: lastKnownParent
systemMayContain: isPrivilegeHolder
systemMayContain: isDeleted
systemMayContain: isCriticalSystemObject
systemMayContain: showInAdvancedViewOnly
systemMayContain: fSMORoleOwner
systemMayContain: fRSMemberReferenceBL
systemMayContain: frsComputerReferenceBL
systemMayContain: fromEntry
systemMayContain: flags
systemMayContain: extensionName
systemMayContain: dSASignature
systemMayContain: dSCorePropagationData
systemMayContain: displayNamePrintable
systemMayContain: displayName
systemMayContain: description
systemMayContain: cn
systemMayContain: canonicalName
systemMayContain: bridgeheadServerListBL
systemMayContain: allowedChildClassesEffective
systemMayContain: allowedChildClasses
systemMayContain: allowedAttributesEffective
systemMayContain: allowedAttributes
systemMayContain: adminDisplayName
systemMayContain: adminDescription
systemMustContain: objectCategory
systemMustContain: nTSecurityDescriptor
systemMustContain: instanceType
defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
systemFlags: 16
defaultHidingValue: TRUE
objectCategory: CN=Class-Schema,${SCHEMADN}
defaultObjectCategory: CN=Samba4Top,${SCHEMADN}