# # Preliminary Apple OS X Native LDAP Schema # This file is subject to change. # # # Container structural object class. # #objectclass ( # 1.2.840.113556.1.3.23 # NAME 'container' # SUP top # STRUCTURAL # MUST ( cn ) ) # # Time to live # attributetype ( 1.3.6.1.4.1.250.1.60 NAME 'ttl' EQUALITY integerMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) objectclass ( 1.3.6.1.4.1.250.3.18 NAME 'cacheObject' AUXILIARY SUP top DESC 'Auxiliary object class to hold TTL caching information' MAY ( ttl ) ) # # User attributes 1.3.6.1.4.1.63.1000.1.1.1.1 # attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.6 NAME 'apple-user-homeurl' DESC 'home directory URL' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.7 NAME 'apple-user-class' DESC 'user class' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.8 NAME 'apple-user-homequota' DESC 'home directory quota' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.9 NAME 'apple-user-mailattribute' DESC 'mail attribute' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.10 NAME 'apple-mcxflags' DESC 'mcx flags' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) #attributetype ( # 1.3.6.1.4.1.63.1000.1.1.1.1.11 # NAME 'apple-mcxsettings' # DESC 'mcx settings' # EQUALITY caseExactMatch # SUBSTR caseExactSubstringsMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.16 NAME ( 'apple-mcxsettings' 'apple-mcxsettings2' ) DESC 'mcx settings' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.12 NAME 'apple-user-picture' DESC 'picture' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.13 NAME 'apple-user-printattribute' DESC 'print attribute' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.14 NAME 'apple-user-adminlimits' DESC 'admin limits' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.15 NAME 'apple-user-authenticationhint' DESC 'password hint' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.17 NAME 'apple-user-homesoftquota' DESC 'home directory soft quota' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.18 NAME 'apple-user-passwordpolicy' DESC 'password policy options' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.19 NAME ( 'apple-keyword' ) DESC 'keywords' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.20 NAME ( 'apple-generateduid' ) DESC 'generated unique ID' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.21 NAME ( 'apple-imhandle' ) DESC 'IM handle (service:account name)' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.22 NAME ( 'apple-webloguri' ) DESC 'Weblog URI' EQUALITY caseIgnoreMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.23 NAME ( 'apple-mapcoordinates' ) DESC 'Map Coordinates' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.24 NAME ( 'apple-postaladdresses' ) DESC 'Postal Addresses' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.25 NAME ( 'apple-phonecontacts' ) DESC 'Phone Contacts' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.26 NAME ( 'apple-emailcontacts' ) DESC 'EMail Contacts' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.27 NAME ( 'apple-birthday' ) DESC 'Birthday' EQUALITY generalizedTimeMatch SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.28 NAME ( 'apple-relationships' ) DESC 'Relationships' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.29 NAME ( 'apple-company' ) DESC 'company' EQUALITY caseIgnoreMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.30 NAME ( 'apple-nickname' ) DESC 'nickname' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.31 NAME ( 'apple-mapuri' ) DESC 'Map URI' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.32 NAME ( 'apple-mapguid' ) DESC 'map GUID' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.33 NAME ( 'apple-serviceslocator' ) DESC 'Calendar Principal URI' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.34 NAME 'apple-organizationinfo' DESC 'Originization Info data' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.35 NAME ( 'apple-namesuffix' ) DESC 'namesuffix' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.36 NAME ( 'apple-primarycomputerlist' ) DESC 'primary computer list' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.37 NAME 'apple-user-passwordpolicy-effective' DESC 'password effective policy options' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.38 NAME ( 'apple-profiles' ) DESC 'profile settings' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.39 NAME ( 'apple-profiles-timestamp' ) DESC 'profile timestamp settings' EQUALITY generalizedTimeMatch ORDERING generalizedTimeOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.40 NAME 'apple-accountpolicy' DESC 'account policy options' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.41 NAME 'lastFailedLoginTime' EQUALITY generalizedTimeMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.42 NAME 'apple-authenticationAllowed' DESC 'account policy APAuthenticationAllowed proxy' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.43 NAME 'apple-passwordChangeAllowed' DESC 'account policy APPasswordChangeAllowed proxy' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.44 NAME 'apple-willPasswordExpire' DESC 'account policy APWillPasswordExpire proxy' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.45 NAME 'apple-willAuthenticationsExpire' DESC 'account policy APWillAuthenticationsExpire proxy' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.46 NAME 'apple-secondsUntilPasswordExpires' DESC 'account policy APSecondsUntilPasswordExpiration proxy' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.47 NAME 'apple-secondsUntilAuthenticationsExpire' DESC 'account policy APSecondsUntilAuthenticationExpiration proxy' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # Alternative to using homeDirectory from RFC 2307. #attributetype ( # 1.3.6.1.4.1.63.1000.1.1.1.1.100 # NAME 'apple-user-homeDirectory' # DESC 'The absolute path to the home directory' # EQUALITY caseExactIA5Match # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) # # User object class. # objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.1 NAME 'apple-user' SUP top AUXILIARY DESC 'apple user account' MAY ( apple-user-homeurl $ apple-user-class $ apple-user-homequota $ apple-user-mailattribute $ apple-user-printattribute $ apple-mcxflags $ apple-mcxsettings $ apple-user-adminlimits $ apple-user-picture $ apple-user-authenticationhint $ apple-user-homesoftquota $ apple-user-passwordpolicy $ apple-accountpolicy $ apple-keyword $ apple-generateduid $ apple-imhandle $ apple-webloguri $ authAuthority $ acctFlags $ pwdLastSet $ logonTime $ logoffTime $ kickoffTime $ homeDrive $ scriptPath $ profilePath $ userWorkstations $ smbHome $ rid $ primaryGroupID $ sambaSID $ sambaPrimaryGroupSID $ userCertificate $ userPKCS12 $ jpegPhoto $ apple-nickname $ apple-namesuffix $ apple-birthday $ apple-relationships $ apple-organizationinfo $ apple-phonecontacts $ apple-emailcontacts $ apple-postaladdresses $ apple-mapcoordinates $ apple-mapuri $ apple-mapguid $ apple-serviceslocator $ altSecurityIdentities ) ) # # Group attributes 1.3.6.1.4.1.63.1000.1.1.1.14 # attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.14.1 NAME 'apple-group-homeurl' DESC 'group home url' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.14.2 NAME 'apple-group-homeowner' DESC 'group home owner settings' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.14.5 NAME 'apple-group-realname' DESC 'group real name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.14.6 NAME 'apple-group-nestedgroup' DESC 'group real name' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.14.7 NAME 'apple-group-memberguid' DESC 'group real name' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.14.8 NAME 'apple-group-services' DESC 'group services' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # Alternative to using memberUid from RFC 2307. #attributetype ( # 1.3.6.1.4.1.63.1000.1.1.1.14.1000 # NAME 'apple-group-memberUid' # DESC 'group member list' # EQUALITY caseExactIA5Match # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) # can also use OID 1.3.6.1.4.1.63.1000.1.1.2.1000 attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.14.9 NAME ( 'apple-contactguid' ) DESC 'contact GUID' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.14.10 NAME ( 'apple-ownerguid' ) DESC 'owner GUID' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.14.11 NAME ( 'apple-primarycomputerguid' ) DESC 'primary computer GUID' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.14.12 NAME 'apple-group-expandednestedgroup' DESC 'expanded nested group list' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.14.13 NAME 'apple-selfwrite' DESC 'selfwrite flag' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.14.14 NAME 'apple-locale-relay' DESC 'designated locale relay server for replication' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.14.15 NAME 'apple-locale-subnets' DESC 'subnets associated with a locale' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # # Group auxiliary object class. # objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.14 NAME 'apple-group' SUP top AUXILIARY DESC 'group account' MAY ( apple-group-homeurl $ apple-group-homeowner $ apple-mcxflags $ apple-mcxsettings $ apple-group-realname $ apple-user-picture $ apple-keyword $ apple-generateduid $ apple-group-nestedgroup $ apple-group-memberguid $ mail $ rid $ sambaSID $ ttl $ jpegPhoto $ apple-group-services $ apple-contactguid $ apple-ownerguid $ labeledURI $ apple-locale-relay $ apple-locale-subnets $ apple-serviceslocator ) ) # # Machine attributes 1.3.6.1.4.1.63.1000.1.1.1.3 # attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.3.8 NAME 'apple-machine-software' DESC 'installed system software' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.3.9 NAME 'apple-machine-hardware' DESC 'system hardware description' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeType ( 1.3.6.1.4.1.63.1000.1.1.1.3.10 NAME 'apple-machine-serves' DESC 'NetInfo Domain Server Binding' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeType ( 1.3.6.1.4.1.63.1000.1.1.1.3.11 NAME 'apple-machine-suffix' DESC 'DIT suffix' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeType ( 1.3.6.1.4.1.63.1000.1.1.1.3.12 NAME 'apple-machine-contactperson' DESC 'Name of contact person/owner of this machine' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # # for backward compatibility with directory-based schema from Tiger # attributeType ( 1.3.6.1.4.1.63.1000.1.1.1.22.1 NAME 'attributeTypesConfig' DESC 'RFC2252: attribute types' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributeType ( 1.3.6.1.4.1.63.1000.1.1.1.22.2 NAME 'objectClassesConfig' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # # Machine auxiliary object class. # objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.3 NAME 'apple-machine' SUP top AUXILIARY MAY ( apple-machine-software $ apple-machine-hardware $ apple-machine-serves $ apple-machine-suffix $ apple-machine-contactperson ) ) # # Mount attributes 1.3.6.1.4.1.63.1000.1.1.1.8 # attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.8.1 NAME 'mountDirectory' DESC 'mount path' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.8.2 NAME 'mountType' DESC 'mount VFS type' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.8.3 NAME 'mountOption' DESC 'mount options' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.8.4 NAME 'mountDumpFrequency' DESC 'mount dump frequency' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.8.5 NAME 'mountPassNo' DESC 'mount passno' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) # Alternative to using 'cn' when adding mount record schema to other LDAP servers #attributetype ( # 1.3.6.1.4.1.63.1000.1.1.1.8.100 # NAME ( 'apple-mount-name' ) # DESC 'mount name' # SUP name ) # # Mount object 1.3.6.1.4.1.63.1000.1.1.2.8 # objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.8 NAME 'mount' SUP top STRUCTURAL MUST ( cn ) MAY ( mountDirectory $ mountType $ mountOption $ mountDumpFrequency $ mountPassNo ) ) # # Printer attributes 1.3.6.1.4.1.63.1000.1.1.1.9 # attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.9.1 NAME 'apple-printer-attributes' DESC 'printer attributes in /etc/printcap format' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.9.2 NAME 'apple-printer-lprhost' DESC 'printer LPR host name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.9.3 NAME 'apple-printer-lprqueue' DESC 'printer LPR queue' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.9.4 NAME 'apple-printer-type' DESC 'printer type' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.9.5 NAME 'apple-printer-note' DESC 'printer note' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # # Printer object 1.3.6.1.4.1.63.1000.1.1.2.9 # objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.9 NAME 'apple-printer' SUP top STRUCTURAL MUST ( cn ) MAY ( apple-printer-attributes $ apple-printer-lprhost $ apple-printer-lprqueue $ apple-printer-type $ apple-printer-note ) ) # # Computer attributes 1.3.6.1.4.1.63.1000.1.1.1.10 # attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.10.2 NAME 'apple-realname' DESC 'real name' EQUALITY caseIgnoreMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.10.3 NAME 'apple-networkview' DESC 'Network view for the computer' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.10.4 NAME 'apple-category' DESC 'Category for the computer or neighborhood' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.10.5 NAME 'apple-srv' DESC 'List of services to advertize via srv records' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.10.6 NAME 'apple-primary-locale' DESC 'primary locale for replication' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.10.7 NAME 'apple-parentlocales' DESC 'parent locale' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.10.8 NAME 'apple-networkinterfaces' DESC 'list of available network interfaces' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # # Computer list attributes 1.3.6.1.4.1.63.1000.1.1.1.11 # attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.11.3 NAME 'apple-computers' DESC 'computers' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.11.4 NAME 'apple-computer-list-groups' DESC 'groups' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # # XML plist attribute 1.3.6.1.4.1.63.1000.1.1.1.17.1 # attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.17.1 NAME 'apple-xmlplist' DESC 'XML plist data' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # # Service URL attributes 1.3.6.1.4.1.63.1000.1.1.1.19.2 # attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.19.2 NAME 'apple-service-url' DESC 'URL of service' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) # # Service Info attributes 1.3.6.1.4.1.63.1000.1.1.1.19.6 # attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.19.6 NAME 'apple-serviceinfo' DESC 'service related information' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.19.7 NAME 'apple-hwuuid' DESC 'Hardware uuid of computer' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.19.8 NAME 'apple-ldap-serverid' DESC 'ID used by LDAP' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) # # Computer object 1.3.6.1.4.1.63.1000.1.1.2.10 # objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.10 NAME 'apple-computer' DESC 'computer' SUP top STRUCTURAL MUST ( cn ) MAY ( apple-realname $ description $ macAddress $ apple-category $ apple-computer-list-groups $ apple-keyword $ apple-mcxflags $ apple-mcxsettings $ apple-networkview $ apple-xmlplist $ apple-service-url $ apple-serviceinfo $ apple-serviceslocator $ apple-primarycomputerlist $ apple-ldap-serverid $ authAuthority $ uidNumber $ gidNumber $ apple-generateduid $ ttl $ acctFlags $ pwdLastSet $ logonTime $ logoffTime $ kickoffTime $ rid $ primaryGroupID $ sambaSID $ sambaPrimaryGroupSID $ owner $ apple-ownerguid $ apple-contactguid $ ipHostNumber $ bootFile $ apple-hwuuid $ apple-srv $ apple-primary-locale $ apple-parentlocales $ apple-networkinterfaces $ userCertificate $ userPKCS12) ) # # Computer list object 1.3.6.1.4.1.63.1000.1.1.2.11 # objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.11 NAME 'apple-computer-list' DESC 'computer list' SUP top STRUCTURAL MUST ( cn ) MAY ( apple-mcxflags $ apple-mcxsettings $ apple-computer-list-groups $ apple-computers $ apple-generateduid $ apple-keyword ) ) # # Configuration attributes 1.3.6.1.4.1.63.1000.1.1.1.12 # attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.12.1 NAME 'apple-password-server-location' DESC 'password server location' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.12.2 NAME 'apple-data-stamp' DESC 'data stamp' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.12.3 NAME 'apple-config-realname' DESC 'config real name' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.12.4 NAME 'apple-password-server-list' DESC 'password server replication plist' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.12.5 NAME 'apple-ldap-replica' DESC 'LDAP replication list' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.12.6 NAME 'apple-ldap-writable-replica' DESC 'LDAP writable replication list' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.12.7 NAME 'apple-kdc-authkey' DESC 'KDC master key RSA encrypted with realm public key' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.12.8 NAME 'apple-kdc-configdata' DESC 'Contents of the kdc.conf file' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.12.9 NAME 'apple-last-serverid' DESC 'Last serverID used' EQUALITY integerMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.104 NAME 'apple-enabled-auth-mech' DESC 'Enabled auth mechs' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) attributetype ( 1.3.6.1.1.1.1.105 NAME 'apple-disabled-auth-mech' DESC 'Disabled auth mechs' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) # # Configuration object 1.3.6.1.4.1.63.1000.1.1.2.12 # objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.12 NAME 'apple-configuration' DESC 'configuration' SUP top STRUCTURAL MAY ( cn $ apple-config-realname $ apple-data-stamp $ apple-password-server-location $ apple-password-server-list $ apple-ldap-replica $ apple-ldap-writable-replica $ apple-keyword $ apple-kdc-authkey $ apple-kdc-configdata $ apple-xmlplist $ ttl $ apple-last-serverid $ apple-enabled-auth-mech $ apple-accountpolicy ) ) # # Preset computer list object class. # objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.13 NAME 'apple-preset-computer-list' DESC 'preset computer list' SUP top STRUCTURAL MUST ( cn ) MAY ( apple-mcxflags $ apple-mcxsettings $ apple-computer-list-groups $ apple-keyword ) ) # # Preset computer object class. # objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.25 NAME 'apple-preset-computer' DESC 'preset computer' SUP top STRUCTURAL MUST ( cn ) MAY ( apple-mcxflags $ apple-mcxsettings $ apple-computer-list-groups $ apple-primarycomputerlist $ description $ apple-networkview $ apple-keyword ) ) # # Preset computer group object class. #AttributeTypes: objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.26 NAME 'apple-preset-computer-group' DESC 'preset computer group' SUP top STRUCTURAL MUST ( cn ) MAY ( gidNumber $ memberUID $ apple-mcxflags $ apple-mcxsettings $ apple-group-nestedgroup $ apple-group-memberguid $ description $ jpegPhoto $ apple-keyword ) ) # # Preset group object 1.3.6.1.4.1.63.1000.1.1.3.14 # objectclass ( 1.3.6.1.4.1.63.1000.1.1.3.14 NAME 'apple-preset-group' DESC 'preset group' SUP top STRUCTURAL MUST ( cn ) MAY ( memberUid $ gidNumber $ description $ apple-group-homeurl $ apple-group-homeowner $ apple-mcxflags $ apple-mcxsettings $ apple-group-realname $ apple-keyword $ apple-group-nestedgroup $ apple-group-memberguid $ ttl $ jpegPhoto $ apple-group-services $ labeledURI $ apple-serviceslocator ) ) # # Preset user object attributes 1.3.6.1.4.1.63.1000.1.1.1.15 # attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.15.1 NAME 'apple-preset-user-is-admin' DESC 'flag indicating whether the preset user is an administrator' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) # # Preset user object 1.3.6.1.4.1.63.1000.1.1.2.15 # objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.15 NAME 'apple-preset-user' DESC 'preset user' SUP top STRUCTURAL MUST ( cn ) MAY ( uid $ memberUid $ apple-group-memberguid $ gidNumber $ homeDirectory $ apple-user-homeurl $ apple-user-homequota $ apple-user-homesoftquota $ apple-user-mailattribute $ apple-user-printattribute $ apple-mcxflags $ apple-mcxsettings $ apple-user-adminlimits $ apple-user-passwordpolicy $ userPassword $ apple-user-picture $ apple-keyword $ loginShell $ description $ shadowLastChange $ shadowExpire $ authAuthority $ homeDrive $ scriptPath $ profilePath $ smbHome $ apple-preset-user-is-admin $ jpegPhoto $ apple-relationships $ apple-phonecontacts $ apple-emailcontacts $ apple-postaladdresses $ apple-mapcoordinates $ apple-serviceslocator ) ) # # Authentication authority attribute 1.3.6.1.4.1.63.1000.1.1.2.16.1 # #attributetype ( # 1.3.6.1.4.1.63.1000.1.1.2.16.1 # NAME 'authAuthority' # DESC 'password server authentication authority' # EQUALITY caseExactIA5Match # SUBSTR caseExactIA5SubstringsMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) #attributetype ( # 1.3.6.1.4.1.63.1000.1.1.2.16.2 # NAME ( 'authAuthority' 'authAuthority2' ) # DESC 'password server authentication authority' # EQUALITY caseExactMatch # SUBSTR caseExactSubstringsMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # # Authentication authority object 1.3.6.1.4.1.63.1000.1.1.2.16 # objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.16 NAME 'authAuthorityObject' SUP top AUXILIARY MAY ( authAuthority ) ) # # Server Assistant configuration object 1.3.6.1.4.1.63.1000.1.1.2.17 # objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.17 NAME 'apple-serverassistant-config' SUP top STRUCTURAL MUST ( cn ) MAY ( apple-xmlplist ) ) # # Location object attributes 1.3.6.1.4.1.63.1000.1.1.1.18 # attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.18.1 NAME 'apple-dns-domain' DESC 'DNS domain' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.18.2 NAME 'apple-dns-nameserver' DESC 'DNS name server list' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # # Location object 1.3.6.1.4.1.63.1000.1.1.2.18 # objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.18 NAME 'apple-location' SUP top AUXILIARY MUST ( cn ) MAY ( apple-dns-domain $ apple-dns-nameserver ) ) # # Service object attributes 1.3.6.1.4.1.63.1000.1.1.1.19 # attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.19.1 NAME 'apple-service-type' DESC 'type of service' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) #attributetype ( # 1.3.6.1.4.1.63.1000.1.1.1.19.2 # NAME 'apple-service-url' # DESC 'URL of service' # EQUALITY caseExactIA5Match # SUBSTR caseExactIA5SubstringsMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.19.3 NAME 'apple-service-port' DESC 'Service port number' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.19.4 NAME 'apple-dnsname' DESC 'DNS name' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.19.5 NAME 'apple-service-location' DESC 'Service location' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # # Service object 1.3.6.1.4.1.63.1000.1.1.2.19 # objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.19 NAME 'apple-service' SUP top STRUCTURAL MUST ( cn $ apple-service-type ) MAY ( ipHostNumber $ description $ apple-service-location $ apple-service-url $ apple-service-port $ apple-dnsname $ apple-keyword ) ) # # Neighborhood object attributes 1.3.6.1.4.1.63.1000.1.1.1.20 # attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.20.1 NAME 'apple-nodepathxml' DESC 'XML plist of directory node path' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.20.2 NAME 'apple-neighborhoodalias' DESC 'XML plist referring to another neighborhood record' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.20.3 NAME 'apple-computeralias' DESC 'XML plist referring to a computer record' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # # Neighborhood object 1.3.6.1.4.1.63.1000.1.1.2.20 # objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.20 NAME 'apple-neighborhood' SUP top STRUCTURAL MUST ( cn ) MAY ( description $ apple-generateduid $ apple-category $ apple-nodepathxml $ apple-neighborhoodalias $ apple-computeralias $ apple-keyword $ apple-realname $ apple-xmlplist $ ttl ) ) # # ACL object attributes 1.3.6.1.4.1.63.1000.1.1.1.21 # attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.21.1 NAME 'apple-acl-entry' DESC 'acl entry' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # # ACL object 1.3.6.1.4.1.63.1000.1.1.2.21 # objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.21 NAME 'apple-acl' SUP top STRUCTURAL MUST ( cn $ apple-acl-entry ) ) # # Schema attributes 1.3.6.1.4.1.63.1000.1.1.1.22 # #attributetype ( # 1.3.6.1.4.1.63.1000.1.1.1.22.1 # NAME 'attributeTypesConfig' # DESC 'attribute type configuration' # EQUALITY objectIdentifierFirstComponentMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 ) #attributetype ( # 1.3.6.1.4.1.63.1000.1.1.1.22.2 # NAME 'objectClassesConfig' # DESC 'object class configuration' # EQUALITY objectIdentifierFirstComponentMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.37 ) # # Resource attributes 1.3.6.1.4.1.63.1000.1.1.1.23 # attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.23.1 NAME 'apple-resource-type' DESC 'resource type' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.23.2 NAME 'apple-resource-info' DESC 'resource info' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.23.3 NAME 'apple-capacity' DESC 'capacity' EQUALITY integerMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) # # Resource object 1.3.6.1.4.1.63.1000.1.1.2.23 # objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.23 NAME 'apple-resource' SUP top STRUCTURAL MUST ( cn ) MAY ( apple-realname $ description $ jpegPhoto $ apple-keyword $ apple-generateduid $ apple-contactguid $ apple-ownerguid $ apple-resource-info $ apple-resource-type $ apple-capacity $ labeledURI $ apple-mapuri $ apple-serviceslocator $ apple-phonecontacts $ c $ apple-mapguid $ apple-mapcoordinates $ apple-xmlplist ) ) # # Augment object 1.3.6.1.4.1.63.1000.1.1.2.24 # objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.24 NAME 'apple-augment' SUP top STRUCTURAL MUST ( cn ) ) attributetype ( 1.3.6.1.1.1.1.31 NAME 'automountMapName' DESC 'automount Map Name' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.32 NAME 'automountKey' DESC 'Automount Key value' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.33 NAME 'automountInformation' DESC 'Automount information' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) objectclass ( 1.3.6.1.1.1.2.16 NAME 'automountMap' SUP top STRUCTURAL MUST ( automountMapName ) MAY description ) objectclass ( 1.3.6.1.1.1.2.17 NAME 'automount' SUP top STRUCTURAL DESC 'Automount' MUST ( automountKey $ automountInformation ) MAY description ) # # Apple User Info object 1.3.6.1.4.1.63.1000.1.1.2.27 # objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.27 NAME 'apple-user-info' SUP top STRUCTURAL MAY ( apple-namesuffix $ apple-phonecontacts $ apple-emailcontacts $ apple-postaladdresses $ telephoneNumber $ mobile $ facsimileTelephoneNumber $ pager $ l $ st $ c $ postalCode $ postalAddress $ street $ apple-imhandle $ loginShell $ jpegPhoto $ apple-user-picture $ description $ userCertificate $ userPKCS12) ) # # Apple Computer Info object 1.3.6.1.4.1.63.1000.1.1.2.31 # objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.31 NAME 'apple-computer-info' SUP top STRUCTURAL MAY ( apple-serviceinfo $ apple-serviceslocator $ apple-keyword $ userCertificate $ userPKCS12) ) ## Schema elements for PWS records in LDAP ## Proposed schema elements for PWS records in LDAP # Last login time. attributetype ( 1.3.6.1.1.1.1.35 NAME 'lastLoginTime' EQUALITY generalizedTimeMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE ) # Time of last password change. attributetype ( 1.3.6.1.1.1.1.36 NAME 'passwordModDate' EQUALITY generalizedTimeMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE ) # User's authdata GUID, this is essentially the PWS slotid attributetype ( 1.3.6.1.1.1.1.37 NAME 'authGUID' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # Running tally of login failures. attributetype ( 1.3.6.1.1.1.1.38 NAME 'loginFailedAttempts' EQUALITY integerMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) # Links the authdata record to the user record attributetype ( 1.3.6.1.1.1.1.39 NAME 'userLinkage' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # String containing the reason for disabling. attributetype ( 1.3.6.1.1.1.1.40 NAME 'disableReason' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) # The following are attributes storing the secrets for each auth type attributetype ( 1.3.6.1.1.1.1.42 NAME 'cmusaslsecretSMBNT' EQUALITY octetStringMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.43 NAME 'cmusaslsecretSMBLM' EQUALITY octetStringMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.44 NAME 'cmusaslsecretDIGEST-MD5' EQUALITY octetStringMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.45 NAME 'cmusaslsecretCRAM-MD5' EQUALITY octetStringMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.46 NAME 'cmusaslsecretPPS' EQUALITY octetStringMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) # The realm name and principal name are stored in the "secrets" area for # the kerberos auth types. These may be unnecessary after the Heimdal transition. attributetype ( 1.3.6.1.1.1.1.47 NAME 'KerberosRealmName' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.48 NAME 'KerberosPrincName' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) # User password, stored DES encrypted for obfuscation. attributetype ( 1.3.6.1.1.1.1.49 NAME 'password' EQUALITY octetStringMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.50 NAME 'adminGroups' SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) # DIGEST-MD5 hash with username, sasl realm, password attributetype ( 1.3.6.1.1.1.1.51 NAME 'cmusaslsecretDIGEST-UMD5' EQUALITY octetStringMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) # Time the user was created. attributetype ( 1.3.6.1.1.1.1.55 NAME 'creationDate' EQUALITY generalizedTimeMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE ) # History data attributetype ( 1.3.6.1.1.1.1.56 NAME 'historyData' EQUALITY octetStringMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) # Time of newPasswordRequired being set. attributetype ( 1.3.6.1.1.1.1.57 NAME 'passwordRequiredDate' EQUALITY generalizedTimeMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE ) # Krb schema attributetype ( 1.3.6.1.1.1.1.86 NAME 'draft-krbPrincipalName' DESC 'Canonical principal name' EQUALITY caseExactIA5Match SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.87 NAME 'draft-krbRealmName' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributetype ( 1.3.6.1.1.1.1.88 NAME 'draft-krbPrincipalAliases' SUP draft-krbPrincipalName ) attributetype ( 1.3.6.1.1.1.1.89 NAME 'draft-krbTicketMaxLife' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.90 NAME 'draft-krbTicketMaxRenewal' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.91 NAME 'draft-krbEncSaltTypes' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.1.1.1.92 NAME 'draft-krbKeySet' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributetype ( 1.3.6.1.1.1.1.93 NAME 'draft-krbKeyVersion' EQUALITY integerMatch ORDERING integerOrderingMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.94 NAME 'draft-krbPrincipalRealm' DESC 'DN of krbRealm entry' SUP distinguishedName ) attributetype ( 1.3.6.1.1.1.1.95 NAME 'draft-krbTicketPolicy' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.96 NAME 'draft-krbExtraData' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) attributetype ( 1.3.6.1.1.1.1.98 NAME 'draft-krbPrincipalACL' EQUALITY integerMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.97 NAME 'crschallenge' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) # multivalued attribute to store computer account owner GUID. attributetype ( 1.3.6.1.1.1.1.103 NAME 'ownerGUIDList' DESC 'computer account owner GUID' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # objectclass representing a user/slot. # uid is the shortname of the user as stored in PWS. # apple-generateduid is intended to match the user's UID. Currently unpopulated objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.28 NAME 'pwsAuthdata' STRUCTURAL MUST ( authGUID ) MAY ( uid $ authGUID $ passwordModDate $ lastLoginTime $ lastFailedLoginTime $ loginFailedAttempts $ disableReason $ apple-user-passwordpolicy $ apple-accountpolicy $ adminGroups $ cmusaslsecretSMBNT $ cmusaslsecretSMBLM $ cmusaslsecretDIGEST-MD5 $ cmusaslsecretCRAM-MD5 $ cmusaslsecretPPS $ KerberosRealmName $ KerberosPrincName $ password $ creationDate $ historyData $ draft-krbPrincipalName $ draft-krbRealmName $ draft-krbPrincipalAliases $ draft-krbTicketMaxLife $ draft-krbTicketMaxRenewal $ draft-krbEncSaltTypes $ draft-krbKeySet $ draft-krbKeyVersion $ draft-krbPrincipalRealm $ draft-krbTicketPolicy $ draft-krbExtraData $ draft-krbPrincipalACL $ crschallenge $ userLinkage $ cmusaslsecretDIGEST-UMD5 $ ownerGUIDList ) ) # Multi valued attribute to store the names of auth methods considered "weak" # "weak" auth methods are not allowed to be used for some privileged operations attributetype ( 1.3.6.1.1.1.1.76 NAME 'weakAuthMethod' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) # object class storing global policy and weak auth methods. objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.29 NAME 'pwPolicy' STRUCTURAL MUST ( cn ) MAY ( apple-user-passwordpolicy $ apple-accountpolicy $ weakAuthMethod $ passwordRequiredDate) ) # PWS' private key. Stored in authdata container for security. attributetype ( 1.3.6.1.1.1.1.77 NAME 'PWSPrivateKey' EQUALITY octetStringMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.78 NAME 'PWSPublicKey' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) # Allow storing the PWS private key in the root of the container, cn=config style objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.30 NAME 'pwAuthData' SUP container MAY ( PWSPrivateKey $ PWSPublicKey ) ) # Allow storing certificate request information attributetype ( 1.3.6.1.1.1.1.79 NAME 'apple-transactionID' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.80 NAME 'apple-pkiStatus' EQUALITY integerMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.81 NAME 'apple-failInfo' EQUALITY integerMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.82 NAME 'apple-certificateSigningRequest' EQUALITY certificateExactMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.8' SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.83 NAME 'apple-device-guid' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.84 NAME 'apple-issuer' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.85 NAME 'apple-serialNumber' EQUALITY caseIgnoreMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.99 NAME 'apple-revocationReason' EQUALITY integerMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.100 NAME 'apple-revocationDate' EQUALITY generalizedTimeMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.101 NAME 'apple-validNotBefore' EQUALITY generalizedTimeMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE ) attributetype ( 1.3.6.1.1.1.1.102 NAME 'apple-validNotAfter' EQUALITY generalizedTimeMatch SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' SINGLE-VALUE ) objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.33 NAME 'apple-certificateRequestInfo' SUP top STRUCTURAL MUST ( apple-transactionID $ apple-pkiStatus ) MAY ( apple-failInfo $ apple-issuer $ apple-serialNumber $ userCertificate $ apple-certificateSigningRequest $ apple-device-guid $ apple-xmlplist $ apple-revocationReason $ apple-revocationDate $ apple-validNotBefore $ apple-validNotAfter ) )