sync 3_0 branch with HEAD

[bbaumbach/samba-autobuild/.git] / examples / LDAP / samba.schema

diff --git a/examples/LDAP/samba.schema b/examples/LDAP/samba.schema
index be088c74033af1a5eadbf03b3fbcb60ceb086bcd..61dface0a202d587b3af286273a867d8b95c0d14 100644 (file)
--- a/examples/LDAP/samba.schema
+++ b/examples/LDAP/samba.schema
@@ -119,8 +119,20 @@ attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID'
 #        MUST ( uid $ uidNumber )
 #        MAY  ( lmPassword $ ntPassword $ pwdLastSet $ acctFlags ))
 
-objectclass ( 1.3.6.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
-       DESC 'Samba Account'
+#objectclass ( 1.3.6.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
+#      DESC 'Samba Account'
+#      MUST ( uid $ rid ) 
+#      MAY  ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
+#               logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $ 
+#               displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
+#               description $ userWorkstations $ primaryGroupID $ domain ))
+
+## The X.500 data model (and therefore LDAPv3) says that each entry can 
+## only have one structural objectclass.  OpenLDAP 2.0 does not enforce 
+## this currently but will in v2.1
+
+objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY
+       DESC 'Samba Auxilary Account'
        MUST ( uid $ rid ) 
        MAY  ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
                logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $