##
## schema file for OpenLDAP 2.0.x
## Schema for storing Samba's smbpasswd file in LDAP
## OIDs are owned by the Samba Team
##
## Prerequisite schemas - uid & uidNumber (nis.schema)
##                      - displayName (inetorgperson.schema)
##
## 1.3.1.5.1.4.1.7165.2.1.x - attributetypes
## 1.3.1.5.1.4.1.7165.2.2.x - objectclasses
##

attributetype ( 1.3.6.1.4.1.7165.2.1.1 NAME 'lmPassword'
	DESC 'LanManager Passwd'
	EQUALITY caseIgnoreIA5Match
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.7165.2.1.2 NAME 'ntPassword'
	DESC 'NT Passwd'
	EQUALITY caseIgnoreIA5Match
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.7165.2.1.3 NAME 'pwdLastSet'
	DESC 'NT pwdLastSet'
	EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.7165.2.1.4 NAME 'acctFlags'
	DESC 'Account Flags'
	EQUALITY caseIgnoreIA5Match
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.7165.2.1.5 NAME 'logonTime'
	DESC 'NT logonTime'
	EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.7165.2.1.6 NAME 'logoffTime'
	DESC 'NT logoffTime'
	EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.7165.2.1.7 NAME 'kickoffTime'
	DESC 'NT kickoffTime'
	EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.7165.2.1.8 NAME 'pwdCanChange'
	DESC 'NT pwdCanChange'
	EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.7165.2.1.9 NAME 'pwdMustChange'
	DESC 'NT pwdMustChange'
	EQUALITY caseIgnoreIA5Match
        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.7165.2.1.10 NAME 'homeDrive'
	DESC 'NT homeDrive'
	EQUALITY caseIgnoreIA5Match
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.7165.2.1.11 NAME 'scriptPath'
	DESC 'NT scriptPath'
	EQUALITY caseIgnoreIA5Match
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.7165.2.1.12 NAME 'profilePath'
	DESC 'NT profilePath'
	EQUALITY caseIgnoreIA5Match
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.7165.2.1.13 NAME 'userWorkstations'
	DESC 'userWorkstations'
	EQUALITY caseIgnoreIA5Match
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.7165.2.1.14 NAME 'rid'
	DESC 'NT rid'
	EQUALITY caseIgnoreIA5Match
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID'
	DESC 'NT Group RID'
	EQUALITY caseIgnoreIA5Match
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )

attributetype ( 1.3.6.1.4.1.7165.2.1.17 NAME 'smbHome'
	DESC 'smbHome'
	EQUALITY caseIgnoreIA5Match
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )

##
## The smbPasswordEntry objectclass has been depreciated in favor of the
## sambaAccount objectclass
##
#objectclass ( 1.3.1.5.1.4.1.7165.2.2.1 NAME 'smbPasswordEntry' SUP top AUXILIARY
#        DESC 'Samba smbpasswd entry'
#        MUST ( uid $ uidNumber )
#        MAY  ( lmPassword $ ntPassword $ pwdLastSet $ acctFlags ))

objectclass ( 1.3.1.5.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
	DESC 'Samba Account'
	MUST ( uid $ uidNumber ) 
	MAY  ( cn $ gidNumber $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
               logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $ 
               displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
               description $ userWorkstations $ rid $ primaryGroupID ))