2 # Schema elements which do not exist in AD, but which we use in Samba4
4 ## Samba4 OID allocation from Samba3's examples/LDAP/samba.schema
5 ## 1.3.6.1.4.1.7165.4.1.x - attributetypes
6 ## 1.3.6.1.4.1.7165.4.2.x - objectclasses
7 ## 1.3.6.1.4.1.7165.4.3.x - LDB/LDAP Controls
8 ## 1.3.6.1.4.1.7165.4.4.x - LDB/LDAP Extended Operations
9 ## 1.3.6.1.4.1.7165.4.255.x - mapped OIDs due to conflicts between AD and standards-track
17 #dn: cn=ntpwdHash,${SCHEMADN}
21 #objectClass: attributeSchema
22 #lDAPDisplayName: ntpwdhash
26 #schemaIDGUID: E961130F-5084-458C-9E9C-DEC16DA08592
27 #adminDisplayName: NT-PWD-Hash
28 #attributeID: 1.3.6.1.4.1.7165.4.1.1
29 #attributeSyntax: 2.5.5.10
35 #dn: cn=lmpwdHash,${SCHEMADN}
39 #objectClass: attributeSchema
40 #lDAPDisplayName: lmpwdhash
44 #schemaIDGUID: CBD0D18C-9C54-4A77-87C4-5CEEAF781253
45 #adminDisplayName: LM-PWD-Hash
46 #attributeID: 1.3.6.1.4.1.7165.4.1.2
47 #attributeSyntax: 2.5.5.10
53 #dn: cn=sambaNtPwdHistory,${SCHEMADN}
54 #cn: sambaNtPwdHistory
55 #name: sambaNtPwdHistory
57 #objectClass: attributeSchema
58 #lDAPDisplayName: sambaNtPwdHistory
62 #schemaIDGUID: 8CCD7658-C574-4435-A38C-99572E349E6B
63 #adminDisplayName: SAMBA-NT-PWD-History
64 #attributeID: 1.3.6.1.4.1.7165.4.1.3
65 #attributeSyntax: 2.5.5.10
71 #dn: cn=sambaLmPwdHistory,${SCHEMADN}
72 #cn: sambaLmPwdHistory
73 #name: sambaLmPwdHistory
75 #objectClass: attributeSchema
76 #lDAPDisplayName: sambaLmPwdHistory
77 #isSingleValued: FALSE
80 #schemaIDGUID: 0EAFE3DD-0F53-495E-8A34-97BB28AF17A4
81 #adminDisplayName: SAMBA-LM-PWDHistory
82 #attributeID: 1.3.6.1.4.1.7165.4.1.4
83 #attributeSyntax: 2.5.5.10
86 dn: CN=sambaPassword,${SCHEMADN}
88 objectClass: attributeSchema
89 lDAPDisplayName: sambaPassword
93 schemaIDGUID: 87F10301-229A-4E69-B63A-998339ADA37A
94 adminDisplayName: SAMBA-Password
95 attributeID: 1.3.6.1.4.1.7165.4.1.5
96 attributeSyntax: 2.5.5.5
102 #dn: cn=dnsDomain,${SCHEMADN}
104 #objectClass: attributeSchema
105 #lDAPDisplayName: dnsDomain
106 #isSingleValued: FALSE
109 #schemaIDGUID: A40165E6-5E45-44A7-A8FA-186C94333018
110 #adminDisplayName: DNS-Domain
111 #attributeID: 1.3.6.1.4.1.7165.4.1.6
112 #attributeSyntax: 2.5.5.4
115 dn: cn=privilege,${SCHEMADN}
117 objectClass: attributeSchema
118 lDAPDisplayName: privilege
119 isSingleValued: FALSE
122 schemaIDGUID: 7429BC94-CC6A-4481-8B2C-A97E316EB182
123 adminDisplayName: Privilege
124 attributeID: 1.3.6.1.4.1.7165.4.1.7
125 attributeSyntax: 2.5.5.4
131 #dn: CN=unixName,${SCHEMADN}
135 #objectClass: attributeSchema
136 #lDAPDisplayName: unixName
137 #isSingleValued: TRUE
140 #schemaIDGUID: bf9679f2-0de6-11d0-a285-00aa003049e2
141 #adminDisplayName: Unix-Name
142 #attributeID: 1.3.6.1.4.1.7165.4.1.9
143 #attributeSyntax: 2.5.5.4
149 #dn: cn=krb5Key,${SCHEMADN}
153 #objectClass: attributeSchema
154 #lDAPDisplayName: krb5Key
155 #isSingleValued: FALSE
158 #schemaIDGUID: 0EAFE3DD-0F53-495E-8A34-97BB28AF17A4
159 #adminDisplayName: krb5-Key
160 #attributeID: 1.3.6.1.4.1.5322.10.1.10
161 #attributeSyntax: 2.5.5.10
164 #Allocated: (not used anymore) DSDB_CONTROL_REPLICATED_OBJECT_OID 1.3.6.1.4.1.7165.4.3.1
166 #Allocated: DSDB_CONTROL_CURRENT_PARTITION_OID 1.3.6.1.4.1.7165.4.3.2
168 #Allocated: DSDB_EXTENDED_REPLICATED_OBJECTS_OID 1.3.6.1.4.1.7165.4.4.1
170 #Allocated: (middleName) attributeID: 1.3.6.1.4.1.7165.4.255.1
172 #Allocated: (defaultGroup) attributeID: 1.3.6.1.4.1.7165.4.255.2
174 #Allocated: (modifyTimestamp) samba4ModifyTimestamp: 1.3.6.1.4.1.7165.4.255.3
175 #Allocated: (subSchema) samba4SubSchema: 1.3.6.1.4.1.7165.4.255.4
176 #Allocated: (objectClasses) samba4ObjectClasses: 1.3.6.1.4.1.7165.4.255.5
177 #Allocated: (ditContentRules) samba4DitContentRules: 1.3.6.1.4.1.7165.4.255.6
178 #Allocated: (attributeTypes) samba4AttributeTypes: 1.3.6.1.4.1.7165.4.255.7
181 # Fedora DS uses this attribute, and we need to set it via our module stack
183 dn: CN=aci,${SCHEMADN}
187 objectClass: attributeSchema
192 schemaIDGUID: d8e6c1fa-db08-4f26-a53b-23c414aac92d
193 adminDisplayName: aci
194 attributeID: 1.3.6.1.4.1.7165.4.1.11
195 attributeSyntax: 2.5.5.4
199 # Based on domainDNS, but without the DNS bits.
202 dn: CN=Samba4-Local-Domain,${SCHEMADN}
204 objectClass: classSchema
206 governsID: 1.3.6.1.4.1.7165.4.2.2
207 possibleInferiors: group
208 possibleInferiors: lostAndFound
209 possibleInferiors: builtinDomain
210 possibleInferiors: computer
211 possibleInferiors: user
212 possibleInferiors: container
213 possibleInferiors: groupPolicyContainer
214 possibleInferiors: organization
215 possibleInferiors: domainDNS
216 possibleInferiors: locality
217 possibleInferiors: msDS-AzAdminManager
218 possibleInferiors: country
219 possibleInferiors: organizationalUnit
221 showInAdvancedViewOnly: TRUE
222 adminDisplayName: Samba4-Local-Domain
223 adminDescription: Samba4-Local-Domain
224 systemMayContain: msDS-Behavior-Version
225 systemMayContain: managedBy
226 objectClassCategory: 1
227 lDAPDisplayName: samba4LocalDomain
228 schemaIDGUID: 07be1647-8310-4fba-91ae-34e55d5a8293
230 systemAuxiliaryClass: samDomain
231 defaultSecurityDescriptor: D:(A;;RPLCLORC;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
233 defaultHidingValue: TRUE
234 defaultObjectCategory: CN=Builtin-Domain,${SCHEMADN}
237 dn: CN=Samba4Top,${SCHEMADN}
239 objectClass: classSchema
241 governsID: 1.3.6.1.4.1.7165.4.2.1
242 mayContain: msDS-ObjectReferenceBL
244 showInAdvancedViewOnly: TRUE
245 adminDisplayName: Samba4TopTop
246 adminDescription: Attributes used in top in Samba4 that OpenLDAP does not
247 objectClassCategory: 3
248 lDAPDisplayName: samba4Top
249 schemaIDGUID: 073598d0-635b-4685-a929-da731b98d84e
251 systemPossSuperiors: lostAndFound
252 systemMayContain: url
253 systemMayContain: wWWHomePage
254 systemMayContain: wellKnownObjects
255 systemMayContain: wbemPath
256 systemMayContain: uSNSource
257 systemMayContain: uSNLastObjRem
258 systemMayContain: USNIntersite
259 systemMayContain: uSNDSALastObjRemoved
260 systemMayContain: systemFlags
261 systemMayContain: subRefs
262 systemMayContain: siteObjectBL
263 systemMayContain: serverReferenceBL
264 systemMayContain: sDRightsEffective
265 systemMayContain: revision
266 systemMayContain: repsTo
267 systemMayContain: repsFrom
268 systemMayContain: directReports
269 systemMayContain: replUpToDateVector
270 systemMayContain: replPropertyMetaData
271 systemMayContain: name
272 systemMayContain: queryPolicyBL
273 systemMayContain: proxyAddresses
274 systemMayContain: proxiedObjectName
275 systemMayContain: possibleInferiors
276 systemMayContain: partialAttributeSet
277 systemMayContain: partialAttributeDeletionList
278 systemMayContain: otherWellKnownObjects
279 systemMayContain: objectVersion
280 systemMayContain: nonSecurityMemberBL
281 systemMayContain: netbootSCPBL
282 systemMayContain: ownerBL
283 systemMayContain: msDS-ReplValueMetaData
284 systemMayContain: msDS-ReplAttributeMetaData
285 systemMayContain: msDS-NonMembersBL
286 systemMayContain: msDS-NCReplOutboundNeighbors
287 systemMayContain: msDS-NCReplInboundNeighbors
288 systemMayContain: msDS-NCReplCursors
289 systemMayContain: msDS-TasksForAzRoleBL
290 systemMayContain: msDS-TasksForAzTaskBL
291 systemMayContain: msDS-OperationsForAzRoleBL
292 systemMayContain: msDS-OperationsForAzTaskBL
293 systemMayContain: msDS-MembersForAzRoleBL
294 systemMayContain: msDs-masteredBy
295 systemMayContain: mS-DS-ConsistencyGuid
296 systemMayContain: mS-DS-ConsistencyChildCount
297 systemMayContain: msDS-Approx-Immed-Subordinates
298 systemMayContain: msCOM-PartitionSetLink
299 systemMayContain: msCOM-UserLink
300 systemMayContain: masteredBy
301 systemMayContain: managedObjects
302 systemMayContain: lastKnownParent
303 systemMayContain: isPrivilegeHolder
304 systemMayContain: isDeleted
305 systemMayContain: isCriticalSystemObject
306 systemMayContain: showInAdvancedViewOnly
307 systemMayContain: fSMORoleOwner
308 systemMayContain: fRSMemberReferenceBL
309 systemMayContain: frsComputerReferenceBL
310 systemMayContain: fromEntry
311 systemMayContain: flags
312 systemMayContain: extensionName
313 systemMayContain: dSASignature
314 systemMayContain: dSCorePropagationData
315 systemMayContain: displayNamePrintable
316 systemMayContain: displayName
317 systemMayContain: description
319 systemMayContain: canonicalName
320 systemMayContain: bridgeheadServerListBL
321 systemMayContain: allowedChildClassesEffective
322 systemMayContain: allowedChildClasses
323 systemMayContain: allowedAttributesEffective
324 systemMayContain: allowedAttributes
325 systemMayContain: adminDisplayName
326 systemMayContain: adminDescription
327 systemMustContain: objectCategory
328 systemMustContain: nTSecurityDescriptor
329 systemMustContain: instanceType
330 systemAuxiliaryClass: samba4TopExtra
331 defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
333 defaultHidingValue: TRUE
334 objectCategory: CN=Class-Schema,${SCHEMADN}
335 defaultObjectCategory: CN=Samba4Top,${SCHEMADN}
338 dn: CN=Samba4TopExtra,${SCHEMADN}
340 objectClass: classSchema
342 governsID: 1.3.6.1.4.1.7165.4.2.3
344 showInAdvancedViewOnly: TRUE
345 adminDisplayName: Samba4TopExtra
346 adminDescription: Attributes used in top in Samba4 that OpenLDAP does not
347 objectClassCategory: 2
348 lDAPDisplayName: samba4TopExtra
349 schemaIDGUID: 073598d0-635b-4685-a929-da731b98d84e
351 mayContain: privilege
352 systemPossSuperiors: lostAndFound
353 defaultSecurityDescriptor: D:(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;DA)(A;;RPWPCRCCDCLCLORCWOWDSDDTSW;;;SY)(A;;RPLCLORC;;;AU)
355 defaultHidingValue: TRUE
356 objectCategory: CN=Class-Schema,${SCHEMADN}
357 defaultObjectCategory: CN=Samba4TopExtra,${SCHEMADN}