mirror of
https://github.com/samba-team/samba.git
synced 2025-01-27 14:04:05 +03:00
2735fb0119
primaryGroupID (rid). This is consistant with the move from 'rid' to ntSid for the primary user identifier. Also cope with legacy installations where primaryGroupID might have been stored as 0. Andrew Bartlett (This used to be commit 0e432817cb927b41af7b49fb0b5081ffdb46f85e)
217 lines
6.5 KiB
Plaintext
217 lines
6.5 KiB
Plaintext
##
|
|
## schema file for OpenLDAP 2.0.x
|
|
## Schema for storing Samba's smbpasswd file in LDAP
|
|
## OIDs are owned by the Samba Team
|
|
##
|
|
## Prerequisite schemas - uid (cosine.schema)
|
|
## - displayName (inetorgperson.schema)
|
|
##
|
|
## 1.3.6.1.4.1.7165.2.1.x - attributetypes
|
|
## 1.3.6.1.4.1.7165.2.2.x - objectclasses
|
|
##
|
|
|
|
##
|
|
## Password hashes
|
|
##
|
|
attributetype ( 1.3.6.1.4.1.7165.2.1.1 NAME 'lmPassword'
|
|
DESC 'LanManager Passwd'
|
|
EQUALITY caseIgnoreIA5Match
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
|
|
|
|
attributetype ( 1.3.6.1.4.1.7165.2.1.2 NAME 'ntPassword'
|
|
DESC 'NT Passwd'
|
|
EQUALITY caseIgnoreIA5Match
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
|
|
|
|
##
|
|
## Account flags in string format ([UWDX ])
|
|
##
|
|
attributetype ( 1.3.6.1.4.1.7165.2.1.4 NAME 'acctFlags'
|
|
DESC 'Account Flags'
|
|
EQUALITY caseIgnoreIA5Match
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
|
|
|
|
##
|
|
## Password timestamps & policies
|
|
##
|
|
attributetype ( 1.3.6.1.4.1.7165.2.1.3 NAME 'pwdLastSet'
|
|
DESC 'NT pwdLastSet'
|
|
EQUALITY integerMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
|
|
|
attributetype ( 1.3.6.1.4.1.7165.2.1.5 NAME 'logonTime'
|
|
DESC 'NT logonTime'
|
|
EQUALITY integerMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
|
|
|
attributetype ( 1.3.6.1.4.1.7165.2.1.6 NAME 'logoffTime'
|
|
DESC 'NT logoffTime'
|
|
EQUALITY integerMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
|
|
|
attributetype ( 1.3.6.1.4.1.7165.2.1.7 NAME 'kickoffTime'
|
|
DESC 'NT kickoffTime'
|
|
EQUALITY integerMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
|
|
|
attributetype ( 1.3.6.1.4.1.7165.2.1.8 NAME 'pwdCanChange'
|
|
DESC 'NT pwdCanChange'
|
|
EQUALITY integerMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
|
|
|
attributetype ( 1.3.6.1.4.1.7165.2.1.9 NAME 'pwdMustChange'
|
|
DESC 'NT pwdMustChange'
|
|
EQUALITY integerMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
|
|
|
##
|
|
## string settings
|
|
##
|
|
attributetype ( 1.3.6.1.4.1.7165.2.1.10 NAME 'homeDrive'
|
|
DESC 'NT homeDrive'
|
|
EQUALITY caseIgnoreIA5Match
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
|
|
|
|
attributetype ( 1.3.6.1.4.1.7165.2.1.11 NAME 'scriptPath'
|
|
DESC 'NT scriptPath'
|
|
EQUALITY caseIgnoreIA5Match
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
|
|
|
|
attributetype ( 1.3.6.1.4.1.7165.2.1.12 NAME 'profilePath'
|
|
DESC 'NT profilePath'
|
|
EQUALITY caseIgnoreIA5Match
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
|
|
|
|
attributetype ( 1.3.6.1.4.1.7165.2.1.13 NAME 'userWorkstations'
|
|
DESC 'userWorkstations'
|
|
EQUALITY caseIgnoreIA5Match
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
|
|
|
|
attributetype ( 1.3.6.1.4.1.7165.2.1.17 NAME 'smbHome'
|
|
DESC 'smbHome'
|
|
EQUALITY caseIgnoreIA5Match
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
|
|
|
|
attributetype ( 1.3.6.1.4.1.7165.2.1.18 NAME 'domain'
|
|
DESC 'Windows NT domain to which the user belongs'
|
|
EQUALITY caseIgnoreIA5Match
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
|
|
|
|
##
|
|
## user and group RID
|
|
##
|
|
attributetype ( 1.3.6.1.4.1.7165.2.1.14 NAME 'rid'
|
|
DESC 'NT rid'
|
|
EQUALITY integerMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
|
|
|
attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID'
|
|
DESC 'NT Group RID'
|
|
EQUALITY integerMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
|
|
|
##
|
|
## SID, of any type
|
|
##
|
|
|
|
attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'ntSid'
|
|
DESC 'Security ID'
|
|
EQUALITY caseIgnoreIA5Match
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
|
|
|
|
|
|
##
|
|
## Primary group SID, compatible with ntSid
|
|
##
|
|
|
|
attributetype ( 1.3.6.1.4.1.7165.2.1.23 NAME 'primaryGroupSID'
|
|
DESC 'Primary Group Security ID'
|
|
EQUALITY caseIgnoreIA5Match
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
|
|
|
|
##
|
|
## group mapping attributes
|
|
##
|
|
attributetype ( 1.3.6.1.4.1.7165.2.1.19 NAME 'ntGroupType'
|
|
DESC 'NT Group Type'
|
|
EQUALITY integerMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
|
|
|
##
|
|
## Store info on the domain
|
|
##
|
|
|
|
attributetype ( 1.3.6.1.4.1.7165.2.1.21 NAME 'nextUserRid'
|
|
DESC 'Next NT rid to give our for users'
|
|
EQUALITY integerMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
|
|
|
attributetype ( 1.3.6.1.4.1.7165.2.1.22 NAME 'nextGroupRid'
|
|
DESC 'Next NT rid to give out for groups'
|
|
EQUALITY integerMatch
|
|
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
|
|
|
##
|
|
## The smbPasswordEntry objectclass has been depreciated in favor of the
|
|
## sambaAccount objectclass
|
|
##
|
|
#objectclass ( 1.3.6.1.4.1.7165.2.2.1 NAME 'smbPasswordEntry' SUP top AUXILIARY
|
|
# DESC 'Samba smbpasswd entry'
|
|
# MUST ( uid $ uidNumber )
|
|
# MAY ( lmPassword $ ntPassword $ pwdLastSet $ acctFlags ))
|
|
|
|
#objectclass ( 1.3.6.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
|
|
# DESC 'Samba Account'
|
|
# MUST ( uid $ rid )
|
|
# MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
|
|
# logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
|
|
# displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
|
|
# description $ userWorkstations $ primaryGroupID $ domain ))
|
|
|
|
## The X.500 data model (and therefore LDAPv3) says that each entry can
|
|
## only have one structural objectclass. OpenLDAP 2.0 does not enforce
|
|
## this currently but will in v2.1
|
|
|
|
objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY
|
|
DESC 'Samba Auxilary Account'
|
|
MUST ( uid $ ntSid )
|
|
MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
|
|
logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
|
|
displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
|
|
description $ userWorkstations $ primaryGroupSID $ domain ))
|
|
|
|
############################################################################
|
|
##
|
|
## Please note that this schema is really experimental and might
|
|
## change before the 3.0 release.
|
|
##
|
|
############################################################################
|
|
|
|
##
|
|
## Whole-of-domain info
|
|
##
|
|
|
|
objectclass ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL
|
|
DESC 'Samba Domain Information'
|
|
MUST ( domain $ nextGroupRid $ nextUserRid $ ntSid))
|
|
|
|
##
|
|
## Group mapping info
|
|
##
|
|
objectclass ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY
|
|
DESC 'Samba Group Mapping'
|
|
MUST ( gidNumber $ ntSid $ ntGroupType )
|
|
MAY ( displayName $ description ))
|
|
|
|
##
|
|
## Used for Winbind experimentation
|
|
##
|
|
#objectclass ( 1.3.6.1.4.1.7165.1.2.2.3 NAME 'uidPool' SUP top AUXILIARY
|
|
# DESC 'Pool for allocating UNIX uids'
|
|
# MUST ( uidNumber ) )
|
|
|
|
#objectclass ( 1.3.6.1.4.1.7165.1.2.2.4 NAME 'gidPool' SUP top AUXILIARY
|
|
# DESC 'Pool for allocating UNIX gids'
|
|
# MUST ( gidNumber ) )
|
|
|