git.samba.org / kai / samba.git / blob
? search:


8128c43ac48798327fae4f96499397b0887866ca
[kai/samba.git] / source4 / setup / schema_samba4.ldif
1 #
2 # Schema elements which do not exist in AD, but which we use in Samba4
3 #
4 ## Samba4 OID allocation from Samba3's examples/LDAP/samba.schema
5 ## 1.3.6.1.4.1.7165.4.1.x - attributetypes
6 ## 1.3.6.1.4.1.7165.4.2.x - objectclasses
7 ## 1.3.6.1.4.1.7165.4.3.x - LDB/LDAP Controls
8 ## 1.3.6.1.4.1.7165.4.4.x - LDB/LDAP Extended Operations
9 ## 1.3.6.1.4.1.7165.4.255.x - mapped OIDs due to conflicts between AD and standards-track
10 #
11 #
12
13
14 #
15 # Not used anymore
16 #
17 #dn: cn=ntpwdHash,${SCHEMADN}
18 #cn: ntpwdHash
19 #name: NTPWDHash
20 #objectClass: top
21 #objectClass: attributeSchema
22 #lDAPDisplayName: ntpwdhash
23 #isSingleValued: TRUE
24 #systemFlags: 17
25 #systemOnly: TRUE
26 #schemaIDGUID: E961130F-5084-458C-9E9C-DEC16DA08592
27 #adminDisplayName: NT-PWD-Hash
28 #attributeID: 1.3.6.1.4.1.7165.4.1.1
29 #attributeSyntax: 2.5.5.10
30 #oMSyntax: 4
31
32 #
33 # Not used anymore
34 #
35 #dn: cn=lmpwdHash,${SCHEMADN}
36 #cn: lmpwdHash
37 #name: lmpwdHash
38 #objectClass: top
39 #objectClass: attributeSchema
40 #lDAPDisplayName: lmpwdhash
41 #isSingleValued: TRUE
42 #systemFlags: 17
43 #systemOnly: TRUE
44 #schemaIDGUID: CBD0D18C-9C54-4A77-87C4-5CEEAF781253
45 #adminDisplayName: LM-PWD-Hash
46 #attributeID: 1.3.6.1.4.1.7165.4.1.2
47 #attributeSyntax: 2.5.5.10
48 #oMSyntax: 4
49
50 #
51 # Not used anymore
52 #
53 #dn: cn=sambaNtPwdHistory,${SCHEMADN}
54 #cn: sambaNtPwdHistory
55 #name: sambaNtPwdHistory
56 #objectClass: top
57 #objectClass: attributeSchema
58 #lDAPDisplayName: sambaNtPwdHistory
59 #isSingleValued: TRUE
60 #systemFlags: 17
61 #systemOnly: TRUE
62 #schemaIDGUID: 8CCD7658-C574-4435-A38C-99572E349E6B
63 #adminDisplayName: SAMBA-NT-PWD-History
64 #attributeID: 1.3.6.1.4.1.7165.4.1.3
65 #attributeSyntax: 2.5.5.10
66 #oMSyntax: 4
67
68 #
69 # Not used anymore
70 #
71 #dn: cn=sambaLmPwdHistory,${SCHEMADN}
72 #cn: sambaLmPwdHistory
73 #name: sambaLmPwdHistory
74 #objectClass: top
75 #objectClass: attributeSchema
76 #lDAPDisplayName: sambaLmPwdHistory
77 #isSingleValued: FALSE
78 #systemFlags: 17
79 #systemOnly: TRUE
80 #schemaIDGUID: 0EAFE3DD-0F53-495E-8A34-97BB28AF17A4
81 #adminDisplayName: SAMBA-LM-PWDHistory
82 #attributeID: 1.3.6.1.4.1.7165.4.1.4
83 #attributeSyntax: 2.5.5.10
84 #oMSyntax: 4
85
86 dn: CN=sambaPassword,${SCHEMADN}
87 objectClass: top
88 objectClass: attributeSchema
89 lDAPDisplayName: sambaPassword
90 isSingleValued: FALSE
91 systemFlags: 17
92 systemOnly: TRUE
93 schemaIDGUID: 87F10301-229A-4E69-B63A-998339ADA37A
94 adminDisplayName: SAMBA-Password
95 attributeID: 1.3.6.1.4.1.7165.4.1.5
96 attributeSyntax: 2.5.5.5
97 oMSyntax: 22
98
99 #
100 # Not used anymore
101 #
102 #dn: cn=dnsDomain,${SCHEMADN}
103 #objectClass: top
104 #objectClass: attributeSchema
105 #lDAPDisplayName: dnsDomain
106 #isSingleValued: FALSE
107 #systemFlags: 17
108 #systemOnly: TRUE
109 #schemaIDGUID: A40165E6-5E45-44A7-A8FA-186C94333018
110 #adminDisplayName: DNS-Domain
111 #attributeID: 1.3.6.1.4.1.7165.4.1.6
112 #attributeSyntax: 2.5.5.4
113 #oMSyntax: 20
114
115 dn: cn=privilege,${SCHEMADN}
116 objectClass: top
117 objectClass: attributeSchema
118 lDAPDisplayName: privilege
119 isSingleValued: FALSE
120 systemFlags: 17
121 systemOnly: TRUE
122 schemaIDGUID: 7429BC94-CC6A-4481-8B2C-A97E316EB182
123 adminDisplayName: Privilege
124 attributeID: 1.3.6.1.4.1.7165.4.1.7
125 attributeSyntax: 2.5.5.4
126 oMSyntax: 20
127
128 #
129 # Not used anymore
130 #
131 #dn: CN=unixName,${SCHEMADN}
132 #cn: unixName
133 #name: unixName
134 #objectClass: top
135 #objectClass: attributeSchema
136 #lDAPDisplayName: unixName
137 #isSingleValued: TRUE
138 #systemFlags: 16
139 #systemOnly: FALSE
140 #schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2
141 #adminDisplayName: Unix-Name
142 #attributeID: 1.3.6.1.4.1.7165.4.1.9
143 #attributeSyntax: 2.5.5.4
144 #oMSyntax: 20
145
146 #
147 # Not used anymore
148 #
149 #dn: cn=krb5Key,${SCHEMADN}
150 #cn: krb5Key
151 #name: krb5Key
152 #objectClass: top
153 #objectClass: attributeSchema
154 #lDAPDisplayName: krb5Key
155 #isSingleValued: FALSE
156 #systemFlags: 17
157 #systemOnly: TRUE
158 #schemaIDGUID: 0EAFE3DD-0F53-495E-8A34-97BB28AF17A4
159 #adminDisplayName: krb5-Key
160 #attributeID: 1.3.6.1.4.1.5322.10.1.10
161 #attributeSyntax: 2.5.5.10
162 #oMSyntax: 4
163
164 #Allocated: (not used anymore) DSDB_CONTROL_REPLICATED_OBJECT_OID 1.3.6.1.4.1.7165.4.3.1
165
166 #Allocated: DSDB_CONTROL_CURRENT_PARTITION_OID 1.3.6.1.4.1.7165.4.3.2
167
168 #Allocated: DSDB_EXTENDED_REPLICATED_OBJECTS_OID 1.3.6.1.4.1.7165.4.4.1
169
170 #Allocated: (middleName) attributeID: 1.3.6.1.4.1.7165.4.255.1
171
172 #Allocated: (defaultGroup) attributeID: 1.3.6.1.4.1.7165.4.255.2
173
174 #Allocated: (modifyTimestamp) samba4ModifyTimestamp: 1.3.6.1.4.1.7165.4.255.3
175 #Allocated: (subSchema) samba4SubSchema: 1.3.6.1.4.1.7165.4.255.4
176 #Allocated: (objectClasses) samba4ObjectClasses: 1.3.6.1.4.1.7165.4.255.5
177 #Allocated: (ditContentRules) samba4DitContentRules: 1.3.6.1.4.1.7165.4.255.6
178 #Allocated: (attributeTypes) samba4AttributeTypes: 1.3.6.1.4.1.7165.4.255.7
179
180 #
181 # Fedora DS uses this attribute, and we need to set it via our module stack
182 #
183 dn: CN=aci,${SCHEMADN}
184 cn: aci
185 name: aci
186 objectClass: top
187 objectClass: attributeSchema
188 lDAPDisplayName: aci
189 isSingleValued: TRUE
190 systemFlags: 16
191 systemOnly: FALSE
192 schemaIDGUID: d8e6c1fa-db08-4f26-a53b-23c414aac92d
193 adminDisplayName: aci
194 attributeID: 1.3.6.1.4.1.7165.4.1.11
195 attributeSyntax: 2.5.5.4
196 oMSyntax: 20
197
198 #
199 # Based on domainDNS, but without the DNS bits.
200 #
201
202 dn: CN=Samba4-Local-Domain,${SCHEMADN}
203 objectClass: top
204 objectClass: classSchema
205 subClassOf: top
206 governsID: 1.3.6.1.4.1.7165.4.2.2
207 possibleInferiors: group
208 possibleInferiors: lostAndFound
209 possibleInferiors: builtinDomain
210 possibleInferiors: computer
211 possibleInferiors: user
212 possibleInferiors: container
213 possibleInferiors: groupPolicyContainer
214 possibleInferiors: organization
215 possibleInferiors: domainDNS
216 possibleInferiors: locality
217 possibleInferiors: msDS-AzAdminManager
218 possibleInferiors: country
219 possibleInferiors: organizationalUnit
220 rDNAttID: cn
221 showInAdvancedViewOnly: TRUE
222 adminDisplayName: Samba4-Local-Domain
223 adminDescription: Samba4-Local-Domain
224 systemMayContain: msDS-Behavior-Version
225 systemMayContain: managedBy
226 objectClassCategory: 1
227 lDAPDisplayName: samba4LocalDomain
228 schemaIDGUID: 07be1647-8310-4fba-91ae-34e55d5a8293
229 systemOnly: FALSE
230 systemAuxiliaryClass: samDomain
231 defaultSecurityDescriptor: D:(A;;RPLCLORC;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
232 systemFlags: 16
233 defaultHidingValue: TRUE
234 defaultObjectCategory: CN=Builtin-Domain,${SCHEMADN}
235
236
237 dn: CN=Samba4Top,${SCHEMADN}
238 objectClass: top
239 objectClass: classSchema
240 subClassOf: top
241 governsID: 1.3.6.1.4.1.7165.4.2.1
242 mayContain: msDS-ObjectReferenceBL
243 rDNAttID: cn
244 showInAdvancedViewOnly: TRUE
245 adminDisplayName: Samba4TopTop
246 adminDescription: Attributes used in top in Samba4 that OpenLDAP does not
247 objectClassCategory: 3
248 lDAPDisplayName: samba4Top
249 schemaIDGUID: 073598d0-635b-4685-a929-da731b98d84e
250 systemOnly: TRUE
251 systemPossSuperiors: lostAndFound
252 systemMayContain: url
253 systemMayContain: wWWHomePage
254 systemMayContain: wellKnownObjects
255 systemMayContain: wbemPath
256 systemMayContain: uSNSource
257 systemMayContain: uSNLastObjRem
258 systemMayContain: USNIntersite
259 systemMayContain: uSNDSALastObjRemoved
260 systemMayContain: systemFlags
261 systemMayContain: subRefs
262 systemMayContain: siteObjectBL
263 systemMayContain: serverReferenceBL
264 systemMayContain: sDRightsEffective
265 systemMayContain: revision
266 systemMayContain: repsTo
267 systemMayContain: repsFrom
268 systemMayContain: directReports
269 systemMayContain: replUpToDateVector
270 systemMayContain: replPropertyMetaData
271 systemMayContain: name
272 systemMayContain: queryPolicyBL
273 systemMayContain: proxyAddresses
274 systemMayContain: proxiedObjectName
275 systemMayContain: possibleInferiors
276 systemMayContain: partialAttributeSet
277 systemMayContain: partialAttributeDeletionList
278 systemMayContain: otherWellKnownObjects
279 systemMayContain: objectVersion
280 systemMayContain: nonSecurityMemberBL
281 systemMayContain: netbootSCPBL
282 systemMayContain: ownerBL
283 systemMayContain: msDS-ReplValueMetaData
284 systemMayContain: msDS-ReplAttributeMetaData
285 systemMayContain: msDS-NonMembersBL
286 systemMayContain: msDS-NCReplOutboundNeighbors
287 systemMayContain: msDS-NCReplInboundNeighbors
288 systemMayContain: msDS-NCReplCursors
289 systemMayContain: msDS-TasksForAzRoleBL
290 systemMayContain: msDS-TasksForAzTaskBL
291 systemMayContain: msDS-OperationsForAzRoleBL
292 systemMayContain: msDS-OperationsForAzTaskBL
293 systemMayContain: msDS-MembersForAzRoleBL
294 systemMayContain: msDs-masteredBy
295 systemMayContain: mS-DS-ConsistencyGuid
296 systemMayContain: mS-DS-ConsistencyChildCount
297 systemMayContain: msDS-Approx-Immed-Subordinates
298 systemMayContain: msCOM-PartitionSetLink
299 systemMayContain: msCOM-UserLink
300 systemMayContain: masteredBy
301 systemMayContain: managedObjects
302 systemMayContain: lastKnownParent
303 systemMayContain: isPrivilegeHolder
304 systemMayContain: isDeleted
305 systemMayContain: isCriticalSystemObject
306 systemMayContain: showInAdvancedViewOnly
307 systemMayContain: fSMORoleOwner
308 systemMayContain: fRSMemberReferenceBL
309 systemMayContain: frsComputerReferenceBL
310 systemMayContain: fromEntry
311 systemMayContain: flags
312 systemMayContain: extensionName
313 systemMayContain: dSASignature
314 systemMayContain: dSCorePropagationData
315 systemMayContain: displayNamePrintable
316 systemMayContain: displayName
317 systemMayContain: description
318 systemMayContain: cn
319 systemMayContain: canonicalName
320 systemMayContain: bridgeheadServerListBL
321 systemMayContain: allowedChildClassesEffective
322 systemMayContain: allowedChildClasses
323 systemMayContain: allowedAttributesEffective
324 systemMayContain: allowedAttributes
325 systemMayContain: adminDisplayName
326 systemMayContain: adminDescription
327 systemMustContain: objectCategory
328 systemMustContain: nTSecurityDescriptor
329 systemMustContain: instanceType
330 systemAuxiliaryClass: samba4TopExtra
331 defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
332 systemFlags: 16
333 defaultHidingValue: TRUE
334 objectCategory: CN=Class-Schema,${SCHEMADN}
335 defaultObjectCategory: CN=Samba4Top,${SCHEMADN}
336
337
338 dn: CN=Samba4TopExtra,${SCHEMADN}
339 objectClass: top
340 objectClass: classSchema
341 subClassOf: top
342 governsID: 1.3.6.1.4.1.7165.4.2.3
343 rDNAttID: cn
344 showInAdvancedViewOnly: TRUE
345 adminDisplayName: Samba4TopExtra
346 adminDescription: Attributes used in top in Samba4 that OpenLDAP does not
347 objectClassCategory: 2
348 lDAPDisplayName: samba4TopExtra
349 schemaIDGUID: 073598d0-635b-4685-a929-da731b98d84e
350 systemOnly: TRUE
351 mayContain: privilege
352 systemPossSuperiors: lostAndFound
353 defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
354 systemFlags: 16
355 defaultHidingValue: TRUE
356 objectCategory: CN=Class-Schema,${SCHEMADN}
357 defaultObjectCategory: CN=Samba4TopExtra,${SCHEMADN}
358
Kai's WIP code