2
## schema file for OpenLDAP 2.x
3
## Schema for storing Samba user accounts and group maps in LDAP
4
## OIDs are owned by the Samba Team
6
## Prerequisite schemas - uid (cosine.schema)
7
## - displayName (inetorgperson.schema)
8
## - gidNumber (nis.schema)
10
## 1.3.6.1.4.1.7165.2.1.x - attributetypes
11
## 1.3.6.1.4.1.7165.2.2.x - objectclasses
14
## 1.3.6.1.4.1.7165.2.3.1.x - attributetypes
15
## 1.3.6.1.4.1.7165.2.3.2.x - objectclasses
17
## ----- READ THIS WHEN ADDING A NEW ATTRIBUTE OR OBJECT CLASS ------
19
## Run the 'get_next_oid' bash script in this directory to find the
20
## next available OID for attribute type and object classes.
23
## attributetype ( 1.3.6.1.4.1.7165.2.1.XX NAME ....
24
## objectclass ( 1.3.6.1.4.1.7165.2.2.XX NAME ....
26
## Also ensure that new entries adhere to the declaration style
27
## used throughout this file
29
## <attributetype|objectclass> ( 1.3.6.1.4.1.7165.2.XX.XX NAME ....
32
## The spaces are required for the get_next_oid script (and for
35
## ------------------------------------------------------------------
37
# objectIdentifier SambaRoot 1.3.6.1.4.1.7165
38
# objectIdentifier Samba3 SambaRoot:2
39
# objectIdentifier Samba3Attrib Samba3:1
40
# objectIdentifier Samba3ObjectClass Samba3:2
42
########################################################################
44
########################################################################
49
#attributetype ( 1.3.6.1.4.1.7165.2.1.1 NAME 'lmPassword'
50
# DESC 'LanManager Passwd'
51
# EQUALITY caseIgnoreIA5Match
52
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
54
#attributetype ( 1.3.6.1.4.1.7165.2.1.2 NAME 'ntPassword'
56
# EQUALITY caseIgnoreIA5Match
57
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
60
## Account flags in string format ([UWDX ])
62
#attributetype ( 1.3.6.1.4.1.7165.2.1.4 NAME 'acctFlags'
63
# DESC 'Account Flags'
64
# EQUALITY caseIgnoreIA5Match
65
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
68
## Password timestamps & policies
70
#attributetype ( 1.3.6.1.4.1.7165.2.1.3 NAME 'pwdLastSet'
71
# DESC 'NT pwdLastSet'
72
# EQUALITY integerMatch
73
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
75
#attributetype ( 1.3.6.1.4.1.7165.2.1.5 NAME 'logonTime'
77
# EQUALITY integerMatch
78
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
80
#attributetype ( 1.3.6.1.4.1.7165.2.1.6 NAME 'logoffTime'
81
# DESC 'NT logoffTime'
82
# EQUALITY integerMatch
83
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
85
#attributetype ( 1.3.6.1.4.1.7165.2.1.7 NAME 'kickoffTime'
86
# DESC 'NT kickoffTime'
87
# EQUALITY integerMatch
88
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
90
#attributetype ( 1.3.6.1.4.1.7165.2.1.8 NAME 'pwdCanChange'
91
# DESC 'NT pwdCanChange'
92
# EQUALITY integerMatch
93
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
95
#attributetype ( 1.3.6.1.4.1.7165.2.1.9 NAME 'pwdMustChange'
96
# DESC 'NT pwdMustChange'
97
# EQUALITY integerMatch
98
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
103
#attributetype ( 1.3.6.1.4.1.7165.2.1.10 NAME 'homeDrive'
104
# DESC 'NT homeDrive'
105
# EQUALITY caseIgnoreIA5Match
106
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
108
#attributetype ( 1.3.6.1.4.1.7165.2.1.11 NAME 'scriptPath'
109
# DESC 'NT scriptPath'
110
# EQUALITY caseIgnoreIA5Match
111
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
113
#attributetype ( 1.3.6.1.4.1.7165.2.1.12 NAME 'profilePath'
114
# DESC 'NT profilePath'
115
# EQUALITY caseIgnoreIA5Match
116
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
118
#attributetype ( 1.3.6.1.4.1.7165.2.1.13 NAME 'userWorkstations'
119
# DESC 'userWorkstations'
120
# EQUALITY caseIgnoreIA5Match
121
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
123
#attributetype ( 1.3.6.1.4.1.7165.2.1.17 NAME 'smbHome'
125
# EQUALITY caseIgnoreIA5Match
126
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
128
#attributetype ( 1.3.6.1.4.1.7165.2.1.18 NAME 'domain'
129
# DESC 'Windows NT domain to which the user belongs'
130
# EQUALITY caseIgnoreIA5Match
131
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
134
## user and group RID
136
#attributetype ( 1.3.6.1.4.1.7165.2.1.14 NAME 'rid'
138
# EQUALITY integerMatch
139
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
141
#attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID'
142
# DESC 'NT Group RID'
143
# EQUALITY integerMatch
144
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
147
## The smbPasswordEntry objectclass has been depreciated in favor of the
148
## sambaAccount objectclass
150
#objectclass ( 1.3.6.1.4.1.7165.2.2.1 NAME 'smbPasswordEntry' SUP top AUXILIARY
151
# DESC 'Samba smbpasswd entry'
152
# MUST ( uid $ uidNumber )
153
# MAY ( lmPassword $ ntPassword $ pwdLastSet $ acctFlags ))
155
#objectclass ( 1.3.6.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
156
# DESC 'Samba Account'
158
# MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
159
# logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
160
# displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
161
# description $ userWorkstations $ primaryGroupID $ domain ))
163
#objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY
164
# DESC 'Samba Auxiliary Account'
166
# MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
167
# logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
168
# displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
169
# description $ userWorkstations $ primaryGroupID $ domain ))
171
########################################################################
172
## END OF HISTORICAL ##
173
########################################################################
175
#######################################################################
176
## Attributes used by Samba 3.0 schema ##
177
#######################################################################
182
attributetype ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword'
183
DESC 'LanManager Password'
184
EQUALITY caseIgnoreIA5Match
185
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
187
attributetype ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword'
188
DESC 'MD4 hash of the unicode password'
189
EQUALITY caseIgnoreIA5Match
190
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
193
## Account flags in string format ([UWDX ])
195
attributetype ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags'
197
EQUALITY caseIgnoreIA5Match
198
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
201
## Password timestamps & policies
203
attributetype ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet'
204
DESC 'Timestamp of the last password update'
205
EQUALITY integerMatch
206
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
208
attributetype ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange'
209
DESC 'Timestamp of when the user is allowed to update the password'
210
EQUALITY integerMatch
211
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
213
attributetype ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange'
214
DESC 'Timestamp of when the password will expire'
215
EQUALITY integerMatch
216
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
218
attributetype ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime'
219
DESC 'Timestamp of last logon'
220
EQUALITY integerMatch
221
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
223
attributetype ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime'
224
DESC 'Timestamp of last logoff'
225
EQUALITY integerMatch
226
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
228
attributetype ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime'
229
DESC 'Timestamp of when the user will be logged off automatically'
230
EQUALITY integerMatch
231
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
233
attributetype ( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount'
234
DESC 'Bad password attempt count'
235
EQUALITY integerMatch
236
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
238
attributetype ( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime'
239
DESC 'Time of the last bad password attempt'
240
EQUALITY integerMatch
241
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
243
attributetype ( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours'
245
EQUALITY caseIgnoreIA5Match
246
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42} SINGLE-VALUE )
251
attributetype ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive'
252
DESC 'Driver letter of home directory mapping'
253
EQUALITY caseIgnoreIA5Match
254
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
256
attributetype ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript'
257
DESC 'Logon script path'
258
EQUALITY caseIgnoreMatch
259
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
261
attributetype ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath'
262
DESC 'Roaming profile path'
263
EQUALITY caseIgnoreMatch
264
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
266
attributetype ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations'
267
DESC 'List of user workstations the user is allowed to logon to'
268
EQUALITY caseIgnoreMatch
269
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
271
attributetype ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath'
272
DESC 'Home directory UNC path'
273
EQUALITY caseIgnoreMatch
274
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
276
attributetype ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName'
277
DESC 'Windows NT domain to which the user belongs'
278
EQUALITY caseIgnoreMatch
279
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
281
attributetype ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial'
282
DESC 'Base64 encoded user parameter string'
283
EQUALITY caseExactMatch
284
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
286
attributetype ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory'
287
DESC 'Concatenated MD4 hashes of the unicode passwords used on this account'
288
EQUALITY caseIgnoreIA5Match
289
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} )
295
attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID'
297
EQUALITY caseIgnoreIA5Match
298
SUBSTR caseExactIA5SubstringsMatch
299
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
302
## Primary group SID, compatible with ntSid
305
attributetype ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID'
306
DESC 'Primary Group Security ID'
307
EQUALITY caseIgnoreIA5Match
308
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
310
attributetype ( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList'
311
DESC 'Security ID List'
312
EQUALITY caseIgnoreIA5Match
313
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} )
316
## group mapping attributes
318
attributetype ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType'
320
EQUALITY integerMatch
321
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
324
## Store info on the domain
327
attributetype ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid'
328
DESC 'Next NT rid to give our for users'
329
EQUALITY integerMatch
330
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
332
attributetype ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid'
333
DESC 'Next NT rid to give out for groups'
334
EQUALITY integerMatch
335
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
337
attributetype ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid'
338
DESC 'Next NT rid to give out for anything'
339
EQUALITY integerMatch
340
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
342
attributetype ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase'
343
DESC 'Base at which the samba RID generation algorithm should operate'
344
EQUALITY integerMatch
345
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
347
attributetype ( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName'
349
EQUALITY caseIgnoreMatch
350
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
352
attributetype ( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName'
354
EQUALITY caseIgnoreMatch
355
SUBSTR caseIgnoreSubstringsMatch
356
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
358
attributetype ( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption'
359
DESC 'A boolean option'
360
EQUALITY booleanMatch
361
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
363
attributetype ( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption'
364
DESC 'An integer option'
365
EQUALITY integerMatch
366
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
368
attributetype ( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption'
369
DESC 'A string option'
370
EQUALITY caseExactIA5Match
371
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
373
attributetype ( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption'
374
DESC 'A string list option'
375
EQUALITY caseIgnoreMatch
376
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
379
##attributetype ( 1.3.6.1.4.1.7165.2.1.50 NAME 'sambaPrivName'
382
##attributetype ( 1.3.6.1.4.1.7165.2.1.52 NAME 'sambaPrivilegeList'
383
## DESC 'Privileges List'
384
## EQUALITY caseIgnoreIA5Match
385
## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} )
387
attributetype ( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags'
388
DESC 'Trust Password Flags'
389
EQUALITY caseIgnoreIA5Match
390
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
392
# "min password length"
393
attributetype ( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength'
394
DESC 'Minimal password length (default: 5)'
395
EQUALITY integerMatch
396
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
399
attributetype ( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength'
400
DESC 'Length of Password History Entries (default: 0 => off)'
401
EQUALITY integerMatch
402
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
404
# "user must logon to change password"
405
attributetype ( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd'
406
DESC 'Force Users to logon for password change (default: 0 => off, 2 => on)'
407
EQUALITY integerMatch
408
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
410
# "maximum password age"
411
attributetype ( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge'
412
DESC 'Maximum password age, in seconds (default: -1 => never expire passwords)'
413
EQUALITY integerMatch
414
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
416
# "minimum password age"
417
attributetype ( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge'
418
DESC 'Minimum password age, in seconds (default: 0 => allow immediate password change)'
419
EQUALITY integerMatch
420
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
423
attributetype ( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration'
424
DESC 'Lockout duration in minutes (default: 30, -1 => forever)'
425
EQUALITY integerMatch
426
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
428
# "reset count minutes"
429
attributetype ( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservationWindow'
430
DESC 'Reset time after lockout in minutes (default: 30)'
431
EQUALITY integerMatch
432
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
434
# "bad lockout attempt"
435
attributetype ( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold'
436
DESC 'Lockout users after bad logon attempts (default: 0 => off)'
437
EQUALITY integerMatch
438
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
441
attributetype ( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff'
442
DESC 'Disconnect Users outside logon hours (default: -1 => off, 0 => on)'
443
EQUALITY integerMatch
444
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
446
# "refuse machine password change"
447
attributetype ( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange'
448
DESC 'Allow Machine Password changes (default: 0 => off)'
449
EQUALITY integerMatch
450
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
455
#######################################################################
456
## objectClasses used by Samba 3.0 schema ##
457
#######################################################################
459
## The X.500 data model (and therefore LDAPv3) says that each entry can
460
## only have one structural objectclass. OpenLDAP 2.0 does not enforce
461
## this currently but will in v2.1
464
## added new objectclass (and OID) for 3.0 to help us deal with backwards
465
## compatibility with 2.2 installations (e.g. ldapsam_compat) --jerry
467
objectclass ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY
468
DESC 'Samba 3.0 Auxilary SAM Account'
469
MUST ( uid $ sambaSID )
470
MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $
471
sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $
472
sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $
473
displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $
474
sambaProfilePath $ description $ sambaUserWorkstations $
475
sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $
476
sambaBadPasswordCount $ sambaBadPasswordTime $
477
sambaPasswordHistory $ sambaLogonHours))
480
## Group mapping info
482
objectclass ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY
483
DESC 'Samba Group Mapping'
484
MUST ( gidNumber $ sambaSID $ sambaGroupType )
485
MAY ( displayName $ description $ sambaSIDList ))
488
## Trust password for trust relationships (any kind)
490
objectclass ( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' SUP top STRUCTURAL
491
DESC 'Samba Trust Password'
492
MUST ( sambaDomainName $ sambaNTPassword $ sambaTrustFlags )
493
MAY ( sambaSID $ sambaPwdLastSet ))
496
## Whole-of-domain info
498
objectclass ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL
499
DESC 'Samba Domain Information'
500
MUST ( sambaDomainName $
502
MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $
503
sambaAlgorithmicRidBase $
504
sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd $
505
sambaMaxPwdAge $ sambaMinPwdAge $
506
sambaLockoutDuration $ sambaLockoutObservationWindow $ sambaLockoutThreshold $
507
sambaForceLogoff $ sambaRefuseMachinePwdChange ))
510
## used for idmap_ldap module
512
objectclass ( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' SUP top AUXILIARY
513
DESC 'Pool for allocating UNIX uids/gids'
514
MUST ( uidNumber $ gidNumber ) )
517
objectclass ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' SUP top AUXILIARY
518
DESC 'Mapping from a SID to an ID'
520
MAY ( uidNumber $ gidNumber ) )
522
objectclass ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' SUP top STRUCTURAL
523
DESC 'Structural Class for a SID'
526
objectclass ( 1.3.6.1.4.1.7165.2.2.10 NAME 'sambaConfig' SUP top AUXILIARY
527
DESC 'Samba Configuration Section'
528
MAY ( description ) )
530
objectclass ( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' SUP top STRUCTURAL
531
DESC 'Samba Share Section'
532
MUST ( sambaShareName )
533
MAY ( description ) )
535
objectclass ( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' SUP top STRUCTURAL
536
DESC 'Samba Configuration Option'
537
MUST ( sambaOptionName )
538
MAY ( sambaBoolOption $ sambaIntegerOption $ sambaStringOption $
539
sambaStringListoption $ description ) )
542
## retired during privilege rewrite
543
##objectclass ( 1.3.6.1.4.1.7165.2.2.13 NAME 'sambaPrivilege' SUP top AUXILIARY
544
## DESC 'Samba Privilege'
546
## MAY ( sambaPrivilegeList ) )