+#These attributes are only used as far as the bootstrapping of the
+# schema. After that, the attributes from the schema are used.
+#
+# Therefore, they must strictly match the schema
+
dn: @ATTRIBUTES
userPrincipalName: CASE_INSENSITIVE
servicePrincipalName: CASE_INSENSITIVE
cn: CASE_INSENSITIVE
dc: CASE_INSENSITIVE
name: CASE_INSENSITIVE
+lDAPDisplayName: CASE_INSENSITIVE
+subClassOf: CASE_INSENSITIVE
dn: CASE_INSENSITIVE
sAMAccountName: CASE_INSENSITIVE
objectClass: CASE_INSENSITIVE
-sambaPassword: HIDDEN
+userPassword: HIDDEN
krb5Key: HIDDEN
ntPwdHash: HIDDEN
sambaNTPwdHistory: HIDDEN
systemFlags: INTEGER
userAccountControl: INTEGER
-dn: @SUBCLASSES
-top: domain
-top: person
-top: group
-domain: domainDNS
-person: organizationalPerson
-organizationalPerson: user
-user: computer
-template: userTemplate
-template: groupTemplate
+dn: @OPTIONS
+checkBaseOnSearch: TRUE
dn: @KLUDGEACL
-passwordAttribute: sambaPassword
+passwordAttribute: clearTextPassword
+passwordAttribute: userPassword
passwordAttribute: ntPwdHash
passwordAttribute: sambaNTPwdHistory
passwordAttribute: lmPwdHash
passwordAttribute: sambaLMPwdHistory
passwordAttribute: krb5key
-
-# the rootDSE module looks in this record for its base data
-dn: cn=ROOTDSE
-subschemaSubentry: CN=Aggregate,${SCHEMADN}
-dsServiceName: CN=NTDS Settings,CN=${NETBIOSNAME},CN=Servers,CN=${DEFAULTSITE},CN=Sites,${CONFIGDN}
-defaultNamingContext: ${BASEDN}
-rootDomainNamingContext: ${BASEDN}
-configurationNamingContext: ${CONFIGDN}
-schemaNamingContext: ${SCHEMADN}
-supportedLDAPVersion: 3
-dnsHostName: ${DNSNAME}
-ldapServiceName: ${DNSDOMAIN}:${NETBIOSNAME}$@${REALM}
-serverName: CN=${NETBIOSNAME},CN=Servers,${DEFAULTSITE},CN=Sites,${CONFIGDN}
-domainFunctionality: 0
-forestFunctionality: 0
-domainControllerFunctionality: 2
-isSynchronized: TRUE
-vendorName: Samba Team (http://samba.org)
-vendorVersion: ${VERSION}
-
+passwordAttribute: dBCSPwd
+passwordAttribute: unicodePwd
+passwordAttribute: ntPwdHistory
+passwordAttribute: lmPwdHistory
+passwordAttribute: supplementalCredentials
+passwordAttribute: priorValue
+passwordAttribute: currentValue
+passwordAttribute: trustAuthOutgoing
+passwordAttribute: trustAuthIncoming
+passwordAttribute: initialAuthOutgoing
+passwordAttribute: initialAuthIncoming