2
## schema file for OpenLDAP 2.x
3
## Schema for storing Samba user accounts and group maps in LDAP
4
## OIDs are owned by the Samba Team
6
## Prerequisite schemas - uid (cosine.schema)
7
## - displayName (inetorgperson.schema)
8
## - gidNumber (nis.schema)
10
## 1.3.6.1.4.1.7165.2.1.x - attributetypes
11
## 1.3.6.1.4.1.7165.2.2.x - objectclasses
14
## 1.3.6.1.4.1.7165.2.3.1.x - attributetypes
15
## 1.3.6.1.4.1.7165.2.3.2.x - objectclasses
18
## 1.3.6.1.4.1.7165.4.1.x - attributetypes
19
## 1.3.6.1.4.1.7165.4.2.x - objectclasses
20
## 1.3.6.1.4.1.7165.4.3.x - LDB/LDAP Controls
21
## 1.3.6.1.4.1.7165.4.4.x - LDB/LDAP Extended Operations
22
## 1.3.6.1.4.1.7165.4.255.x - mapped OIDs due to conflicts between AD and standards-track
24
## ----- READ THIS WHEN ADDING A NEW ATTRIBUTE OR OBJECT CLASS ------
26
## Run the 'get_next_oid' bash script in this directory to find the
27
## next available OID for attribute type and object classes.
30
## attributetype ( 1.3.6.1.4.1.7165.2.1.XX NAME ....
31
## objectclass ( 1.3.6.1.4.1.7165.2.2.XX NAME ....
33
## Also ensure that new entries adhere to the declaration style
34
## used throughout this file
36
## <attributetype|objectclass> ( 1.3.6.1.4.1.7165.2.XX.XX NAME ....
39
## The spaces are required for the get_next_oid script (and for
42
## ------------------------------------------------------------------
44
# objectIdentifier SambaRoot 1.3.6.1.4.1.7165
45
# objectIdentifier Samba3 SambaRoot:2
46
# objectIdentifier Samba3Attrib Samba3:1
47
# objectIdentifier Samba3ObjectClass Samba3:2
48
# objectIdentifier Samba4 SambaRoot:4
50
########################################################################
52
########################################################################
57
#attributetype ( 1.3.6.1.4.1.7165.2.1.1 NAME 'lmPassword'
58
# DESC 'LanManager Passwd'
59
# EQUALITY caseIgnoreIA5Match
60
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
62
#attributetype ( 1.3.6.1.4.1.7165.2.1.2 NAME 'ntPassword'
64
# EQUALITY caseIgnoreIA5Match
65
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
68
## Account flags in string format ([UWDX ])
70
#attributetype ( 1.3.6.1.4.1.7165.2.1.4 NAME 'acctFlags'
71
# DESC 'Account Flags'
72
# EQUALITY caseIgnoreIA5Match
73
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
76
## Password timestamps & policies
78
#attributetype ( 1.3.6.1.4.1.7165.2.1.3 NAME 'pwdLastSet'
79
# DESC 'NT pwdLastSet'
80
# EQUALITY integerMatch
81
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
83
#attributetype ( 1.3.6.1.4.1.7165.2.1.5 NAME 'logonTime'
85
# EQUALITY integerMatch
86
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
88
#attributetype ( 1.3.6.1.4.1.7165.2.1.6 NAME 'logoffTime'
89
# DESC 'NT logoffTime'
90
# EQUALITY integerMatch
91
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
93
#attributetype ( 1.3.6.1.4.1.7165.2.1.7 NAME 'kickoffTime'
94
# DESC 'NT kickoffTime'
95
# EQUALITY integerMatch
96
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
98
#attributetype ( 1.3.6.1.4.1.7165.2.1.8 NAME 'pwdCanChange'
99
# DESC 'NT pwdCanChange'
100
# EQUALITY integerMatch
101
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
103
#attributetype ( 1.3.6.1.4.1.7165.2.1.9 NAME 'pwdMustChange'
104
# DESC 'NT pwdMustChange'
105
# EQUALITY integerMatch
106
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
111
#attributetype ( 1.3.6.1.4.1.7165.2.1.10 NAME 'homeDrive'
112
# DESC 'NT homeDrive'
113
# EQUALITY caseIgnoreIA5Match
114
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
116
#attributetype ( 1.3.6.1.4.1.7165.2.1.11 NAME 'scriptPath'
117
# DESC 'NT scriptPath'
118
# EQUALITY caseIgnoreIA5Match
119
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
121
#attributetype ( 1.3.6.1.4.1.7165.2.1.12 NAME 'profilePath'
122
# DESC 'NT profilePath'
123
# EQUALITY caseIgnoreIA5Match
124
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
126
#attributetype ( 1.3.6.1.4.1.7165.2.1.13 NAME 'userWorkstations'
127
# DESC 'userWorkstations'
128
# EQUALITY caseIgnoreIA5Match
129
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
131
#attributetype ( 1.3.6.1.4.1.7165.2.1.17 NAME 'smbHome'
133
# EQUALITY caseIgnoreIA5Match
134
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
136
#attributetype ( 1.3.6.1.4.1.7165.2.1.18 NAME 'domain'
137
# DESC 'Windows NT domain to which the user belongs'
138
# EQUALITY caseIgnoreIA5Match
139
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
142
## user and group RID
144
#attributetype ( 1.3.6.1.4.1.7165.2.1.14 NAME 'rid'
146
# EQUALITY integerMatch
147
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
149
#attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID'
150
# DESC 'NT Group RID'
151
# EQUALITY integerMatch
152
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
155
## The smbPasswordEntry objectclass has been depreciated in favor of the
156
## sambaAccount objectclass
158
#objectclass ( 1.3.6.1.4.1.7165.2.2.1 NAME 'smbPasswordEntry' SUP top AUXILIARY
159
# DESC 'Samba smbpasswd entry'
160
# MUST ( uid $ uidNumber )
161
# MAY ( lmPassword $ ntPassword $ pwdLastSet $ acctFlags ))
163
#objectclass ( 1.3.6.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
164
# DESC 'Samba Account'
166
# MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
167
# logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
168
# displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
169
# description $ userWorkstations $ primaryGroupID $ domain ))
171
#objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY
172
# DESC 'Samba Auxiliary Account'
174
# MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
175
# logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
176
# displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
177
# description $ userWorkstations $ primaryGroupID $ domain ))
179
########################################################################
180
## END OF HISTORICAL ##
181
########################################################################
183
#######################################################################
184
## Attributes used by Samba 3.0 schema ##
185
#######################################################################
190
attributetype ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword'
191
DESC 'LanManager Password'
192
EQUALITY caseIgnoreIA5Match
193
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
195
attributetype ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword'
196
DESC 'MD4 hash of the unicode password'
197
EQUALITY caseIgnoreIA5Match
198
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
201
## Account flags in string format ([UWDX ])
203
attributetype ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags'
205
EQUALITY caseIgnoreIA5Match
206
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
209
## Password timestamps & policies
211
attributetype ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet'
212
DESC 'Timestamp of the last password update'
213
EQUALITY integerMatch
214
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
216
attributetype ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange'
217
DESC 'Timestamp of when the user is allowed to update the password'
218
EQUALITY integerMatch
219
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
221
attributetype ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange'
222
DESC 'Timestamp of when the password will expire'
223
EQUALITY integerMatch
224
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
226
attributetype ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime'
227
DESC 'Timestamp of last logon'
228
EQUALITY integerMatch
229
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
231
attributetype ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime'
232
DESC 'Timestamp of last logoff'
233
EQUALITY integerMatch
234
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
236
attributetype ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime'
237
DESC 'Timestamp of when the user will be logged off automatically'
238
EQUALITY integerMatch
239
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
241
attributetype ( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount'
242
DESC 'Bad password attempt count'
243
EQUALITY integerMatch
244
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
246
attributetype ( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime'
247
DESC 'Time of the last bad password attempt'
248
EQUALITY integerMatch
249
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
251
attributetype ( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours'
253
EQUALITY caseIgnoreIA5Match
254
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42} SINGLE-VALUE )
259
attributetype ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive'
260
DESC 'Driver letter of home directory mapping'
261
EQUALITY caseIgnoreIA5Match
262
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
264
attributetype ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript'
265
DESC 'Logon script path'
266
EQUALITY caseIgnoreMatch
267
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
269
attributetype ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath'
270
DESC 'Roaming profile path'
271
EQUALITY caseIgnoreMatch
272
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
274
attributetype ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations'
275
DESC 'List of user workstations the user is allowed to logon to'
276
EQUALITY caseIgnoreMatch
277
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
279
attributetype ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath'
280
DESC 'Home directory UNC path'
281
EQUALITY caseIgnoreMatch
282
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
284
attributetype ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName'
285
DESC 'Windows NT domain to which the user belongs'
286
EQUALITY caseIgnoreMatch
287
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
289
attributetype ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial'
290
DESC 'Base64 encoded user parameter string'
291
EQUALITY caseExactMatch
292
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
294
attributetype ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory'
295
DESC 'Concatenated MD5 hashes of the salted NT passwords used on this account'
296
EQUALITY caseIgnoreIA5Match
297
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} )
303
attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID'
305
EQUALITY caseIgnoreIA5Match
306
SUBSTR caseExactIA5SubstringsMatch
307
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
310
## Primary group SID, compatible with ntSid
313
attributetype ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID'
314
DESC 'Primary Group Security ID'
315
EQUALITY caseIgnoreIA5Match
316
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
318
attributetype ( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList'
319
DESC 'Security ID List'
320
EQUALITY caseIgnoreIA5Match
321
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} )
324
## group mapping attributes
326
attributetype ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType'
328
EQUALITY integerMatch
329
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
332
## Store info on the domain
335
attributetype ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid'
336
DESC 'Next NT rid to give our for users'
337
EQUALITY integerMatch
338
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
340
attributetype ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid'
341
DESC 'Next NT rid to give out for groups'
342
EQUALITY integerMatch
343
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
345
attributetype ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid'
346
DESC 'Next NT rid to give out for anything'
347
EQUALITY integerMatch
348
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
350
attributetype ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase'
351
DESC 'Base at which the samba RID generation algorithm should operate'
352
EQUALITY integerMatch
353
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
355
attributetype ( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName'
357
EQUALITY caseIgnoreMatch
358
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
360
attributetype ( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName'
362
EQUALITY caseIgnoreMatch
363
SUBSTR caseIgnoreSubstringsMatch
364
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
366
attributetype ( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption'
367
DESC 'A boolean option'
368
EQUALITY booleanMatch
369
SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
371
attributetype ( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption'
372
DESC 'An integer option'
373
EQUALITY integerMatch
374
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
376
attributetype ( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption'
377
DESC 'A string option'
378
EQUALITY caseExactIA5Match
379
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
381
attributetype ( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption'
382
DESC 'A string list option'
383
EQUALITY caseIgnoreMatch
384
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
387
##attributetype ( 1.3.6.1.4.1.7165.2.1.50 NAME 'sambaPrivName'
390
##attributetype ( 1.3.6.1.4.1.7165.2.1.52 NAME 'sambaPrivilegeList'
391
## DESC 'Privileges List'
392
## EQUALITY caseIgnoreIA5Match
393
## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} )
395
attributetype ( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags'
396
DESC 'Trust Password Flags'
397
EQUALITY caseIgnoreIA5Match
398
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
400
# "min password length"
401
attributetype ( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength'
402
DESC 'Minimal password length (default: 5)'
403
EQUALITY integerMatch
404
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
407
attributetype ( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength'
408
DESC 'Length of Password History Entries (default: 0 => off)'
409
EQUALITY integerMatch
410
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
412
# "user must logon to change password"
413
attributetype ( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd'
414
DESC 'Force Users to logon for password change (default: 0 => off, 2 => on)'
415
EQUALITY integerMatch
416
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
418
# "maximum password age"
419
attributetype ( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge'
420
DESC 'Maximum password age, in seconds (default: -1 => never expire passwords)'
421
EQUALITY integerMatch
422
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
424
# "minimum password age"
425
attributetype ( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge'
426
DESC 'Minimum password age, in seconds (default: 0 => allow immediate password change)'
427
EQUALITY integerMatch
428
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
431
attributetype ( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration'
432
DESC 'Lockout duration in minutes (default: 30, -1 => forever)'
433
EQUALITY integerMatch
434
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
436
# "reset count minutes"
437
attributetype ( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservationWindow'
438
DESC 'Reset time after lockout in minutes (default: 30)'
439
EQUALITY integerMatch
440
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
442
# "bad lockout attempt"
443
attributetype ( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold'
444
DESC 'Lockout users after bad logon attempts (default: 0 => off)'
445
EQUALITY integerMatch
446
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
449
attributetype ( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff'
450
DESC 'Disconnect Users outside logon hours (default: -1 => off, 0 => on)'
451
EQUALITY integerMatch
452
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
454
# "refuse machine password change"
455
attributetype ( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange'
456
DESC 'Allow Machine Password changes (default: 0 => off)'
457
EQUALITY integerMatch
458
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
461
attributetype ( 1.3.6.1.4.1.7165.2.1.68 NAME 'sambaClearTextPassword'
462
DESC 'Clear text password (used for trusted domain passwords)'
463
EQUALITY octetStringMatch
464
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
467
attributetype ( 1.3.6.1.4.1.7165.2.1.69 NAME 'sambaPreviousClearTextPassword'
468
DESC 'Previous clear text password (used for trusted domain passwords)'
469
EQUALITY octetStringMatch
470
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
474
#######################################################################
475
## objectClasses used by Samba 3.0 schema ##
476
#######################################################################
478
## The X.500 data model (and therefore LDAPv3) says that each entry can
479
## only have one structural objectclass. OpenLDAP 2.0 does not enforce
480
## this currently but will in v2.1
483
## added new objectclass (and OID) for 3.0 to help us deal with backwards
484
## compatibility with 2.2 installations (e.g. ldapsam_compat) --jerry
486
objectclass ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY
487
DESC 'Samba 3.0 Auxilary SAM Account'
488
MUST ( uid $ sambaSID )
489
MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $
490
sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $
491
sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $
492
displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $
493
sambaProfilePath $ description $ sambaUserWorkstations $
494
sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $
495
sambaBadPasswordCount $ sambaBadPasswordTime $
496
sambaPasswordHistory $ sambaLogonHours))
499
## Group mapping info
501
objectclass ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY
502
DESC 'Samba Group Mapping'
503
MUST ( gidNumber $ sambaSID $ sambaGroupType )
504
MAY ( displayName $ description $ sambaSIDList ))
507
## Trust password for trust relationships (any kind)
509
objectclass ( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' SUP top STRUCTURAL
510
DESC 'Samba Trust Password'
511
MUST ( sambaDomainName $ sambaNTPassword $ sambaTrustFlags )
512
MAY ( sambaSID $ sambaPwdLastSet ))
515
## Trust password for trusted domains
516
## (to be stored beneath the trusting sambaDomain object in the DIT)
518
objectclass ( 1.3.6.1.4.1.7165.2.2.15 NAME 'sambaTrustedDomainPassword' SUP top STRUCTURAL
519
DESC 'Samba Trusted Domain Password'
520
MUST ( sambaDomainName $ sambaSID $
521
sambaClearTextPassword $ sambaPwdLastSet )
522
MAY ( sambaPreviousClearTextPassword ))
525
## Whole-of-domain info
527
objectclass ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL
528
DESC 'Samba Domain Information'
529
MUST ( sambaDomainName $
531
MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $
532
sambaAlgorithmicRidBase $
533
sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd $
534
sambaMaxPwdAge $ sambaMinPwdAge $
535
sambaLockoutDuration $ sambaLockoutObservationWindow $ sambaLockoutThreshold $
536
sambaForceLogoff $ sambaRefuseMachinePwdChange ))
539
## used for idmap_ldap module
541
objectclass ( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' SUP top AUXILIARY
542
DESC 'Pool for allocating UNIX uids/gids'
543
MUST ( uidNumber $ gidNumber ) )
546
objectclass ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' SUP top AUXILIARY
547
DESC 'Mapping from a SID to an ID'
549
MAY ( uidNumber $ gidNumber ) )
551
objectclass ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' SUP top STRUCTURAL
552
DESC 'Structural Class for a SID'
555
objectclass ( 1.3.6.1.4.1.7165.2.2.10 NAME 'sambaConfig' SUP top AUXILIARY
556
DESC 'Samba Configuration Section'
557
MAY ( description ) )
559
objectclass ( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' SUP top STRUCTURAL
560
DESC 'Samba Share Section'
561
MUST ( sambaShareName )
562
MAY ( description ) )
564
objectclass ( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' SUP top STRUCTURAL
565
DESC 'Samba Configuration Option'
566
MUST ( sambaOptionName )
567
MAY ( sambaBoolOption $ sambaIntegerOption $ sambaStringOption $
568
sambaStringListoption $ description ) )
571
## retired during privilege rewrite
572
##objectclass ( 1.3.6.1.4.1.7165.2.2.13 NAME 'sambaPrivilege' SUP top AUXILIARY
573
## DESC 'Samba Privilege'
575
## MAY ( sambaPrivilegeList ) )