2 ## schema file for OpenLDAP 2.0.x
3 ## Schema for storing Samba's smbpasswd file in LDAP
4 ## OIDs are owned by the Samba Team
6 ## Prerequisite schemas - uid (cosine.schema)
7 ## - displayName (inetorgperson.schema)
9 ## 1.3.6.1.4.1.7165.2.1.x - attributetypes
10 ## 1.3.6.1.4.1.7165.2.2.x - objectclasses
13 #######################################################################
14 ## Attributes used by Samba 2.2 schema ##
15 #######################################################################
20 attributetype ( 1.3.6.1.4.1.7165.2.1.1 NAME 'lmPassword'
21 DESC 'LanManager Passwd'
22 EQUALITY caseIgnoreIA5Match
23 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
25 attributetype ( 1.3.6.1.4.1.7165.2.1.2 NAME 'ntPassword'
27 EQUALITY caseIgnoreIA5Match
28 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
31 ## Account flags in string format ([UWDX ])
33 attributetype ( 1.3.6.1.4.1.7165.2.1.4 NAME 'acctFlags'
35 EQUALITY caseIgnoreIA5Match
36 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
39 ## Password timestamps & policies
41 attributetype ( 1.3.6.1.4.1.7165.2.1.3 NAME 'pwdLastSet'
44 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
46 attributetype ( 1.3.6.1.4.1.7165.2.1.5 NAME 'logonTime'
49 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
51 attributetype ( 1.3.6.1.4.1.7165.2.1.6 NAME 'logoffTime'
54 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
56 attributetype ( 1.3.6.1.4.1.7165.2.1.7 NAME 'kickoffTime'
59 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
61 attributetype ( 1.3.6.1.4.1.7165.2.1.8 NAME 'pwdCanChange'
62 DESC 'NT pwdCanChange'
64 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
66 attributetype ( 1.3.6.1.4.1.7165.2.1.9 NAME 'pwdMustChange'
67 DESC 'NT pwdMustChange'
69 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
74 attributetype ( 1.3.6.1.4.1.7165.2.1.10 NAME 'homeDrive'
76 EQUALITY caseIgnoreIA5Match
77 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
79 attributetype ( 1.3.6.1.4.1.7165.2.1.11 NAME 'scriptPath'
81 EQUALITY caseIgnoreIA5Match
82 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
84 attributetype ( 1.3.6.1.4.1.7165.2.1.12 NAME 'profilePath'
86 EQUALITY caseIgnoreIA5Match
87 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
89 attributetype ( 1.3.6.1.4.1.7165.2.1.13 NAME 'userWorkstations'
90 DESC 'userWorkstations'
91 EQUALITY caseIgnoreIA5Match
92 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
94 attributetype ( 1.3.6.1.4.1.7165.2.1.17 NAME 'smbHome'
96 EQUALITY caseIgnoreIA5Match
97 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
99 attributetype ( 1.3.6.1.4.1.7165.2.1.18 NAME 'domain'
100 DESC 'Windows NT domain to which the user belongs'
101 EQUALITY caseIgnoreIA5Match
102 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
105 ## user and group RID
107 attributetype ( 1.3.6.1.4.1.7165.2.1.14 NAME 'rid'
109 EQUALITY integerMatch
110 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
112 attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID'
114 EQUALITY integerMatch
115 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
118 #######################################################################
119 ## Attributes used by Samba 3.0 schema ##
120 #######################################################################
125 attributetype ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword'
126 DESC 'LanManager Passwd'
127 EQUALITY caseIgnoreIA5Match
128 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
130 attributetype ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword'
132 EQUALITY caseIgnoreIA5Match
133 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
136 ## Account flags in string format ([UWDX ])
138 attributetype ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags'
140 EQUALITY caseIgnoreIA5Match
141 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
144 ## Password timestamps & policies
146 attributetype ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet'
148 EQUALITY integerMatch
149 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
151 attributetype ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange'
152 DESC 'NT pwdCanChange'
153 EQUALITY integerMatch
154 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
156 attributetype ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange'
157 DESC 'NT pwdMustChange'
158 EQUALITY integerMatch
159 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
161 attributetype ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime'
163 EQUALITY integerMatch
164 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
166 attributetype ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime'
168 EQUALITY integerMatch
169 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
171 attributetype ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime'
172 DESC 'NT kickoffTime'
173 EQUALITY integerMatch
174 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
180 attributetype ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive'
182 EQUALITY caseIgnoreIA5Match
183 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
185 attributetype ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript'
187 EQUALITY caseIgnoreIA5Match
188 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
190 attributetype ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath'
191 DESC 'NT profilePath'
192 EQUALITY caseIgnoreIA5Match
193 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
195 attributetype ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations'
196 DESC 'userWorkstations'
197 EQUALITY caseIgnoreIA5Match
198 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
200 attributetype ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath'
202 EQUALITY caseIgnoreIA5Match
203 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
205 attributetype ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName'
206 DESC 'Windows NT domain to which the user belongs'
207 EQUALITY caseIgnoreIA5Match
208 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
214 attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID'
216 EQUALITY caseIgnoreIA5Match
217 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
221 ## Primary group SID, compatible with ntSid
224 attributetype ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID'
225 DESC 'Primary Group Security ID'
226 EQUALITY caseIgnoreIA5Match
227 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
230 ## group mapping attributes
232 attributetype ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType'
234 EQUALITY integerMatch
235 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
238 ## Store info on the domain
241 attributetype ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid'
242 DESC 'Next NT rid to give our for users'
243 EQUALITY integerMatch
244 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
246 attributetype ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid'
247 DESC 'Next NT rid to give out for groups'
248 EQUALITY integerMatch
249 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
252 ########################################################################
254 ########################################################################
257 ## The smbPasswordEntry objectclass has been depreciated in favor of the
258 ## sambaAccount objectclass
260 #objectclass ( 1.3.6.1.4.1.7165.2.2.1 NAME 'smbPasswordEntry' SUP top AUXILIARY
261 # DESC 'Samba smbpasswd entry'
262 # MUST ( uid $ uidNumber )
263 # MAY ( lmPassword $ ntPassword $ pwdLastSet $ acctFlags ))
265 #objectclass ( 1.3.6.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
266 # DESC 'Samba Account'
268 # MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
269 # logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
270 # displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
271 # description $ userWorkstations $ primaryGroupID $ domain ))
273 ########################################################################
274 ## END OF HISTORICAL ##
275 ########################################################################
277 ## The X.500 data model (and therefore LDAPv3) says that each entry can
278 ## only have one structural objectclass. OpenLDAP 2.0 does not enforce
279 ## this currently but will in v2.1
281 objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY
282 DESC 'Samba Auxilary Account'
284 MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
285 logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
286 displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
287 description $ userWorkstations $ primaryGroupID $ domain ))
290 ## added new objectclass (and OID) for 3.0 to help us deal with backwards
291 ## compatibility with 2.2 installations (e.g. ldapsam_compat) --jerry
293 objectclass ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY
294 DESC 'Samba 3.0 Auxilary Account'
295 MUST ( uid $ sambaSID )
296 MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $
297 sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $
298 sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $
299 displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $
300 sambaProfilePath $ description $ sambaUserWorkstations $
301 sambaPrimaryGroupSID $ sambaDomainName ))
303 ############################################################################
305 ## Please note that this schema is really experimental and might
306 ## change before the 3.0 release.
308 ############################################################################
311 ## Group mapping info
313 objectclass ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY
314 DESC 'Samba Group Mapping'
315 MUST ( gidNumber $ sambaSID $ sambaGroupType )
316 MAY ( displayName $ description $ cn ))
319 ## Whole-of-domain info
321 objectclass ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL
322 DESC 'Samba Domain Information'
323 MUST ( sambaDomainName $ sambaNextGroupRid $ sambaNextUserRid $