1# 2# Preliminary Apple OS X Native LDAP Schema 3# This file is subject to change. 4# 5 6# 7# Container structural object class. 8# 9#objectclass ( 10# 1.2.840.113556.1.3.23 11# NAME 'container' 12# SUP top 13# STRUCTURAL 14# MUST ( cn ) ) 15 16# 17# Time to live 18# 19attributetype ( 20 1.3.6.1.4.1.250.1.60 21 NAME 'ttl' 22 EQUALITY integerMatch 23 SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) 24 25objectclass ( 26 1.3.6.1.4.1.250.3.18 27 NAME 'cacheObject' 28 AUXILIARY 29 SUP top 30 DESC 'Auxiliary object class to hold TTL caching information' 31 MAY ( ttl ) ) 32 33# 34# User attributes 1.3.6.1.4.1.63.1000.1.1.1.1 35# 36attributetype ( 37 1.3.6.1.4.1.63.1000.1.1.1.1.6 38 NAME 'apple-user-homeurl' 39 DESC 'home directory URL' 40 EQUALITY caseExactIA5Match 41 SUBSTR caseExactIA5SubstringsMatch 42 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 43 44attributetype ( 45 1.3.6.1.4.1.63.1000.1.1.1.1.7 46 NAME 'apple-user-class' 47 DESC 'user class' 48 EQUALITY caseExactIA5Match 49 SUBSTR caseExactIA5SubstringsMatch 50 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 51 52attributetype ( 53 1.3.6.1.4.1.63.1000.1.1.1.1.8 54 NAME 'apple-user-homequota' 55 DESC 'home directory quota' 56 EQUALITY caseExactIA5Match 57 SUBSTR caseExactIA5SubstringsMatch 58 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 59 60attributetype ( 61 1.3.6.1.4.1.63.1000.1.1.1.1.9 62 NAME 'apple-user-mailattribute' 63 DESC 'mail attribute' 64 EQUALITY caseExactMatch 65 SUBSTR caseExactSubstringsMatch 66 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 67 68attributetype ( 69 1.3.6.1.4.1.63.1000.1.1.1.1.10 70 NAME 'apple-mcxflags' 71 DESC 'mcx flags' 72 EQUALITY caseExactMatch 73 SUBSTR caseExactSubstringsMatch 74 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 75 76#attributetype ( 77# 1.3.6.1.4.1.63.1000.1.1.1.1.11 78# NAME 'apple-mcxsettings' 79# DESC 'mcx settings' 80# EQUALITY caseExactMatch 81# SUBSTR caseExactSubstringsMatch 82# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 83attributetype ( 84 1.3.6.1.4.1.63.1000.1.1.1.1.16 85 NAME ( 'apple-mcxsettings' 'apple-mcxsettings2' ) 86 DESC 'mcx settings' 87 EQUALITY caseExactMatch 88 SUBSTR caseExactSubstringsMatch 89 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 90 91attributetype ( 92 1.3.6.1.4.1.63.1000.1.1.1.1.12 93 NAME 'apple-user-picture' 94 DESC 'picture' 95 EQUALITY caseExactMatch 96 SUBSTR caseExactSubstringsMatch 97 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 98 99attributetype ( 100 1.3.6.1.4.1.63.1000.1.1.1.1.13 101 NAME 'apple-user-printattribute' 102 DESC 'print attribute' 103 EQUALITY caseExactMatch 104 SUBSTR caseExactSubstringsMatch 105 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 106 107attributetype ( 108 1.3.6.1.4.1.63.1000.1.1.1.1.14 109 NAME 'apple-user-adminlimits' 110 DESC 'admin limits' 111 EQUALITY caseExactMatch 112 SUBSTR caseExactSubstringsMatch 113 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 114 115attributetype ( 116 1.3.6.1.4.1.63.1000.1.1.1.1.15 117 NAME 'apple-user-authenticationhint' 118 DESC 'password hint' 119 EQUALITY caseExactMatch 120 SUBSTR caseExactSubstringsMatch 121 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 122 123attributetype ( 124 1.3.6.1.4.1.63.1000.1.1.1.1.17 125 NAME 'apple-user-homesoftquota' 126 DESC 'home directory soft quota' 127 EQUALITY caseExactIA5Match 128 SUBSTR caseExactIA5SubstringsMatch 129 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 130 131attributetype ( 132 1.3.6.1.4.1.63.1000.1.1.1.1.18 133 NAME 'apple-user-passwordpolicy' 134 DESC 'password policy options' 135 EQUALITY caseExactMatch 136 SUBSTR caseExactSubstringsMatch 137 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 138 139attributetype ( 140 1.3.6.1.4.1.63.1000.1.1.1.1.19 141 NAME ( 'apple-keyword' ) 142 DESC 'keywords' 143 EQUALITY caseExactMatch 144 SUBSTR caseExactSubstringsMatch 145 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 146 147attributetype ( 148 1.3.6.1.4.1.63.1000.1.1.1.1.20 149 NAME ( 'apple-generateduid' ) 150 DESC 'generated unique ID' 151 EQUALITY caseExactMatch 152 SUBSTR caseExactSubstringsMatch 153 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 154 155attributetype ( 156 1.3.6.1.4.1.63.1000.1.1.1.1.21 157 NAME ( 'apple-imhandle' ) 158 DESC 'IM handle (service:account name)' 159 EQUALITY caseExactMatch 160 SUBSTR caseExactSubstringsMatch 161 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 162 163attributetype ( 164 1.3.6.1.4.1.63.1000.1.1.1.1.22 165 NAME ( 'apple-webloguri' ) 166 DESC 'Weblog URI' 167 EQUALITY caseIgnoreMatch 168 SUBSTR caseExactSubstringsMatch 169 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE) 170 171attributetype ( 172 1.3.6.1.4.1.63.1000.1.1.1.1.23 173 NAME ( 'apple-mapcoordinates' ) 174 DESC 'Map Coordinates' 175 EQUALITY caseExactIA5Match 176 SUBSTR caseExactIA5SubstringsMatch 177 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 178 179attributetype ( 180 1.3.6.1.4.1.63.1000.1.1.1.1.24 181 NAME ( 'apple-postaladdresses' ) 182 DESC 'Postal Addresses' 183 EQUALITY caseExactIA5Match 184 SUBSTR caseExactIA5SubstringsMatch 185 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 186 187attributetype ( 188 1.3.6.1.4.1.63.1000.1.1.1.1.25 189 NAME ( 'apple-phonecontacts' ) 190 DESC 'Phone Contacts' 191 EQUALITY caseExactIA5Match 192 SUBSTR caseExactIA5SubstringsMatch 193 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 194 195attributetype ( 196 1.3.6.1.4.1.63.1000.1.1.1.1.26 197 NAME ( 'apple-emailcontacts' ) 198 DESC 'EMail Contacts' 199 EQUALITY caseExactIA5Match 200 SUBSTR caseExactIA5SubstringsMatch 201 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 202 203attributetype ( 204 1.3.6.1.4.1.63.1000.1.1.1.1.27 205 NAME ( 'apple-birthday' ) 206 DESC 'Birthday' 207 EQUALITY generalizedTimeMatch 208 SUBSTR caseExactIA5SubstringsMatch 209 SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) 210 211attributetype ( 212 1.3.6.1.4.1.63.1000.1.1.1.1.28 213 NAME ( 'apple-relationships' ) 214 DESC 'Relationships' 215 EQUALITY caseExactMatch 216 SUBSTR caseExactSubstringsMatch 217 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 218 219attributetype ( 220 1.3.6.1.4.1.63.1000.1.1.1.1.29 221 NAME ( 'apple-company' ) 222 DESC 'company' 223 EQUALITY caseIgnoreMatch 224 SUBSTR caseExactSubstringsMatch 225 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 226 227attributetype ( 228 1.3.6.1.4.1.63.1000.1.1.1.1.30 229 NAME ( 'apple-nickname' ) 230 DESC 'nickname' 231 EQUALITY caseExactMatch 232 SUBSTR caseExactSubstringsMatch 233 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 234 235attributetype ( 236 1.3.6.1.4.1.63.1000.1.1.1.1.31 237 NAME ( 'apple-mapuri' ) 238 DESC 'Map URI' 239 EQUALITY caseExactIA5Match 240 SUBSTR caseExactIA5SubstringsMatch 241 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 242 243attributetype ( 244 1.3.6.1.4.1.63.1000.1.1.1.1.32 245 NAME ( 'apple-mapguid' ) 246 DESC 'map GUID' 247 EQUALITY caseExactMatch 248 SUBSTR caseExactSubstringsMatch 249 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 250 251attributetype ( 252 1.3.6.1.4.1.63.1000.1.1.1.1.33 253 NAME ( 'apple-serviceslocator' ) 254 DESC 'Calendar Principal URI' 255 EQUALITY caseExactMatch 256 SUBSTR caseExactSubstringsMatch 257 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 258 259attributetype ( 260 1.3.6.1.4.1.63.1000.1.1.1.1.34 261 NAME 'apple-organizationinfo' 262 DESC 'Originization Info data' 263 EQUALITY caseExactMatch 264 SUBSTR caseExactSubstringsMatch 265 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 266 267attributetype ( 268 1.3.6.1.4.1.63.1000.1.1.1.1.35 269 NAME ( 'apple-namesuffix' ) 270 DESC 'namesuffix' 271 EQUALITY caseExactMatch 272 SUBSTR caseExactSubstringsMatch 273 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 274 275attributetype ( 276 1.3.6.1.4.1.63.1000.1.1.1.1.36 277 NAME ( 'apple-primarycomputerlist' ) 278 DESC 'primary computer list' 279 EQUALITY caseExactMatch 280 SUBSTR caseExactSubstringsMatch 281 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 282 283attributetype ( 284 1.3.6.1.4.1.63.1000.1.1.1.1.37 285 NAME 'apple-user-passwordpolicy-effective' 286 DESC 'password effective policy options' 287 EQUALITY caseExactMatch 288 SUBSTR caseExactSubstringsMatch 289 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 290 291attributetype ( 292 1.3.6.1.4.1.63.1000.1.1.1.1.38 293 NAME ( 'apple-profiles' ) 294 DESC 'profile settings' 295 SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) 296 297attributetype ( 298 1.3.6.1.4.1.63.1000.1.1.1.1.39 299 NAME ( 'apple-profiles-timestamp' ) 300 DESC 'profile timestamp settings' 301 EQUALITY generalizedTimeMatch 302 ORDERING generalizedTimeOrderingMatch 303 SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE ) 304 305attributetype ( 306 1.3.6.1.4.1.63.1000.1.1.1.1.40 307 NAME 'apple-accountpolicy' 308 DESC 'account policy options' 309 EQUALITY caseExactMatch 310 SUBSTR caseExactSubstringsMatch 311 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 312 313attributetype ( 314 1.3.6.1.4.1.63.1000.1.1.1.1.41 315 NAME 'lastFailedLoginTime' 316 EQUALITY generalizedTimeMatch 317 SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' 318 SINGLE-VALUE ) 319 320attributetype ( 321 1.3.6.1.4.1.63.1000.1.1.1.1.42 322 NAME 'apple-authenticationAllowed' 323 DESC 'account policy APAuthenticationAllowed proxy' 324 EQUALITY caseExactMatch 325 SUBSTR caseExactSubstringsMatch 326 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 327 328attributetype ( 329 1.3.6.1.4.1.63.1000.1.1.1.1.43 330 NAME 'apple-passwordChangeAllowed' 331 DESC 'account policy APPasswordChangeAllowed proxy' 332 EQUALITY caseExactMatch 333 SUBSTR caseExactSubstringsMatch 334 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 335 336attributetype ( 337 1.3.6.1.4.1.63.1000.1.1.1.1.44 338 NAME 'apple-willPasswordExpire' 339 DESC 'account policy APWillPasswordExpire proxy' 340 EQUALITY caseExactMatch 341 SUBSTR caseExactSubstringsMatch 342 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 343 344attributetype ( 345 1.3.6.1.4.1.63.1000.1.1.1.1.45 346 NAME 'apple-willAuthenticationsExpire' 347 DESC 'account policy APWillAuthenticationsExpire proxy' 348 EQUALITY caseExactMatch 349 SUBSTR caseExactSubstringsMatch 350 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 351 352attributetype ( 353 1.3.6.1.4.1.63.1000.1.1.1.1.46 354 NAME 'apple-secondsUntilPasswordExpires' 355 DESC 'account policy APSecondsUntilPasswordExpiration proxy' 356 EQUALITY caseExactMatch 357 SUBSTR caseExactSubstringsMatch 358 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 359 360attributetype ( 361 1.3.6.1.4.1.63.1000.1.1.1.1.47 362 NAME 'apple-secondsUntilAuthenticationsExpire' 363 DESC 'account policy APSecondsUntilAuthenticationExpiration proxy' 364 EQUALITY caseExactMatch 365 SUBSTR caseExactSubstringsMatch 366 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 367 368# Alternative to using homeDirectory from RFC 2307. 369#attributetype ( 370# 1.3.6.1.4.1.63.1000.1.1.1.1.100 371# NAME 'apple-user-homeDirectory' 372# DESC 'The absolute path to the home directory' 373# EQUALITY caseExactIA5Match 374# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 375 376# 377# User object class. 378# 379objectclass ( 380 1.3.6.1.4.1.63.1000.1.1.2.1 381 NAME 'apple-user' 382 SUP top 383 AUXILIARY 384 DESC 'apple user account' 385 MAY ( apple-user-homeurl $ apple-user-class $ 386 apple-user-homequota $ apple-user-mailattribute $ 387 apple-user-printattribute $ apple-mcxflags $ 388 apple-mcxsettings $ apple-user-adminlimits $ 389 apple-user-picture $ apple-user-authenticationhint $ 390 apple-user-homesoftquota $ apple-user-passwordpolicy $ apple-accountpolicy $ 391 apple-keyword $ apple-generateduid $ apple-imhandle $ apple-webloguri $ 392 authAuthority $ acctFlags $ pwdLastSet $ logonTime $ 393 logoffTime $ kickoffTime $ homeDrive $ scriptPath $ 394 profilePath $ userWorkstations $ smbHome $ rid $ 395 primaryGroupID $ sambaSID $ sambaPrimaryGroupSID $ 396 userCertificate $ userPKCS12 $ jpegPhoto $ apple-nickname $ apple-namesuffix $ 397 apple-birthday $ apple-relationships $ apple-organizationinfo $ 398 apple-phonecontacts $ apple-emailcontacts $ apple-postaladdresses $ 399 apple-mapcoordinates $ apple-mapuri $ apple-mapguid $ apple-serviceslocator $ 400 altSecurityIdentities ) ) 401 402# 403# Group attributes 1.3.6.1.4.1.63.1000.1.1.1.14 404# 405attributetype ( 406 1.3.6.1.4.1.63.1000.1.1.1.14.1 407 NAME 'apple-group-homeurl' 408 DESC 'group home url' 409 EQUALITY caseExactIA5Match 410 SUBSTR caseExactIA5SubstringsMatch 411 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 412 413attributetype ( 414 1.3.6.1.4.1.63.1000.1.1.1.14.2 415 NAME 'apple-group-homeowner' 416 DESC 'group home owner settings' 417 EQUALITY caseExactIA5Match 418 SUBSTR caseExactIA5SubstringsMatch 419 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 420 421attributetype ( 422 1.3.6.1.4.1.63.1000.1.1.1.14.5 423 NAME 'apple-group-realname' 424 DESC 'group real name' 425 EQUALITY caseIgnoreMatch 426 SUBSTR caseIgnoreSubstringsMatch 427 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 428 429attributetype ( 430 1.3.6.1.4.1.63.1000.1.1.1.14.6 431 NAME 'apple-group-nestedgroup' 432 DESC 'group real name' 433 EQUALITY caseExactMatch 434 SUBSTR caseExactSubstringsMatch 435 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 436 437attributetype ( 438 1.3.6.1.4.1.63.1000.1.1.1.14.7 439 NAME 'apple-group-memberguid' 440 DESC 'group real name' 441 EQUALITY caseExactMatch 442 SUBSTR caseExactSubstringsMatch 443 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 444 445attributetype ( 446 1.3.6.1.4.1.63.1000.1.1.1.14.8 447 NAME 'apple-group-services' 448 DESC 'group services' 449 EQUALITY caseExactMatch 450 SUBSTR caseExactSubstringsMatch 451 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 452 453# Alternative to using memberUid from RFC 2307. 454#attributetype ( 455# 1.3.6.1.4.1.63.1000.1.1.1.14.1000 456# NAME 'apple-group-memberUid' 457# DESC 'group member list' 458# EQUALITY caseExactIA5Match 459# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 460# can also use OID 1.3.6.1.4.1.63.1000.1.1.2.1000 461 462attributetype ( 463 1.3.6.1.4.1.63.1000.1.1.1.14.9 464 NAME ( 'apple-contactguid' ) 465 DESC 'contact GUID' 466 EQUALITY caseExactMatch 467 SUBSTR caseExactSubstringsMatch 468 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 469 470attributetype ( 471 1.3.6.1.4.1.63.1000.1.1.1.14.10 472 NAME ( 'apple-ownerguid' ) 473 DESC 'owner GUID' 474 EQUALITY caseExactMatch 475 SUBSTR caseExactSubstringsMatch 476 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 477 478attributetype ( 479 1.3.6.1.4.1.63.1000.1.1.1.14.11 480 NAME ( 'apple-primarycomputerguid' ) 481 DESC 'primary computer GUID' 482 EQUALITY caseExactMatch 483 SUBSTR caseExactSubstringsMatch 484 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 485 486attributetype ( 487 1.3.6.1.4.1.63.1000.1.1.1.14.12 488 NAME 'apple-group-expandednestedgroup' 489 DESC 'expanded nested group list' 490 EQUALITY caseExactMatch 491 SUBSTR caseExactSubstringsMatch 492 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 493 494attributetype ( 495 1.3.6.1.4.1.63.1000.1.1.1.14.13 496 NAME 'apple-selfwrite' 497 DESC 'selfwrite flag' 498 EQUALITY caseExactMatch 499 SUBSTR caseExactSubstringsMatch 500 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 501 502attributetype ( 503 1.3.6.1.4.1.63.1000.1.1.1.14.14 504 NAME 'apple-locale-relay' 505 DESC 'designated locale relay server for replication' 506 EQUALITY caseExactMatch 507 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 508 509attributetype ( 510 1.3.6.1.4.1.63.1000.1.1.1.14.15 511 NAME 'apple-locale-subnets' 512 DESC 'subnets associated with a locale' 513 EQUALITY caseExactMatch 514 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 515 516# 517# Group auxiliary object class. 518# 519objectclass ( 520 1.3.6.1.4.1.63.1000.1.1.2.14 521 NAME 'apple-group' 522 SUP top 523 AUXILIARY 524 DESC 'group account' 525 MAY ( apple-group-homeurl $ 526 apple-group-homeowner $ 527 apple-mcxflags $ 528 apple-mcxsettings $ 529 apple-group-realname $ 530 apple-user-picture $ 531 apple-keyword $ 532 apple-generateduid $ 533 apple-group-nestedgroup $ 534 apple-group-memberguid $ 535 mail $ 536 rid $ 537 sambaSID $ 538 ttl $ 539 jpegPhoto $ 540 apple-group-services $ 541 apple-contactguid $ 542 apple-ownerguid $ 543 labeledURI $ 544 apple-locale-relay $ 545 apple-locale-subnets $ 546 apple-serviceslocator ) ) 547 548# 549# Machine attributes 1.3.6.1.4.1.63.1000.1.1.1.3 550# 551attributetype ( 552 1.3.6.1.4.1.63.1000.1.1.1.3.8 553 NAME 'apple-machine-software' 554 DESC 'installed system software' 555 EQUALITY caseIgnoreIA5Match 556 SUBSTR caseIgnoreIA5SubstringsMatch 557 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 558 559attributetype ( 560 1.3.6.1.4.1.63.1000.1.1.1.3.9 561 NAME 'apple-machine-hardware' 562 DESC 'system hardware description' 563 EQUALITY caseIgnoreIA5Match 564 SUBSTR caseIgnoreIA5SubstringsMatch 565 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 566 567attributeType ( 568 1.3.6.1.4.1.63.1000.1.1.1.3.10 569 NAME 'apple-machine-serves' 570 DESC 'NetInfo Domain Server Binding' 571 EQUALITY caseExactIA5Match 572 SUBSTR caseExactIA5SubstringsMatch 573 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 574 575attributeType ( 576 1.3.6.1.4.1.63.1000.1.1.1.3.11 577 NAME 'apple-machine-suffix' 578 DESC 'DIT suffix' 579 EQUALITY caseIgnoreMatch 580 SUBSTR caseIgnoreSubstringsMatch 581 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 582 583attributeType ( 584 1.3.6.1.4.1.63.1000.1.1.1.3.12 585 NAME 'apple-machine-contactperson' 586 DESC 'Name of contact person/owner of this machine' 587 EQUALITY caseIgnoreMatch 588 SUBSTR caseIgnoreSubstringsMatch 589 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 590 591# 592# for backward compatibility with directory-based schema from Tiger 593# 594 595attributeType ( 596 1.3.6.1.4.1.63.1000.1.1.1.22.1 597 NAME 'attributeTypesConfig' 598 DESC 'RFC2252: attribute types' 599 EQUALITY caseExactMatch 600 SUBSTR caseExactSubstringsMatch 601 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 602 603attributeType ( 604 1.3.6.1.4.1.63.1000.1.1.1.22.2 605 NAME 'objectClassesConfig' 606 EQUALITY caseExactMatch 607 SUBSTR caseExactSubstringsMatch 608 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 609 610# 611# Machine auxiliary object class. 612# 613objectclass ( 614 1.3.6.1.4.1.63.1000.1.1.2.3 615 NAME 'apple-machine' 616 SUP top 617 AUXILIARY 618 MAY ( apple-machine-software $ 619 apple-machine-hardware $ 620 apple-machine-serves $ 621 apple-machine-suffix $ 622 apple-machine-contactperson ) ) 623 624# 625# Mount attributes 1.3.6.1.4.1.63.1000.1.1.1.8 626# 627attributetype ( 628 1.3.6.1.4.1.63.1000.1.1.1.8.1 629 NAME 'mountDirectory' 630 DESC 'mount path' 631 EQUALITY caseExactMatch 632 SUBSTR caseExactSubstringsMatch 633 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 634 635attributetype ( 636 1.3.6.1.4.1.63.1000.1.1.1.8.2 637 NAME 'mountType' 638 DESC 'mount VFS type' 639 EQUALITY caseIgnoreIA5Match 640 SUBSTR caseIgnoreIA5SubstringsMatch 641 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 642 643attributetype ( 644 1.3.6.1.4.1.63.1000.1.1.1.8.3 645 NAME 'mountOption' 646 DESC 'mount options' 647 EQUALITY caseIgnoreIA5Match 648 SUBSTR caseIgnoreIA5SubstringsMatch 649 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 650 651attributetype ( 652 1.3.6.1.4.1.63.1000.1.1.1.8.4 653 NAME 'mountDumpFrequency' 654 DESC 'mount dump frequency' 655 EQUALITY caseIgnoreIA5Match 656 SUBSTR caseIgnoreIA5SubstringsMatch 657 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 658 659attributetype ( 660 1.3.6.1.4.1.63.1000.1.1.1.8.5 661 NAME 'mountPassNo' 662 DESC 'mount passno' 663 EQUALITY caseIgnoreIA5Match 664 SUBSTR caseIgnoreIA5SubstringsMatch 665 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 666 667# Alternative to using 'cn' when adding mount record schema to other LDAP servers 668#attributetype ( 669# 1.3.6.1.4.1.63.1000.1.1.1.8.100 670# NAME ( 'apple-mount-name' ) 671# DESC 'mount name' 672# SUP name ) 673 674# 675# Mount object 1.3.6.1.4.1.63.1000.1.1.2.8 676# 677objectclass ( 678 1.3.6.1.4.1.63.1000.1.1.2.8 679 NAME 'mount' 680 SUP top STRUCTURAL 681 MUST ( cn ) 682 MAY ( mountDirectory $ 683 mountType $ 684 mountOption $ 685 mountDumpFrequency $ 686 mountPassNo ) ) 687 688# 689# Printer attributes 1.3.6.1.4.1.63.1000.1.1.1.9 690# 691attributetype ( 692 1.3.6.1.4.1.63.1000.1.1.1.9.1 693 NAME 'apple-printer-attributes' 694 DESC 'printer attributes in /etc/printcap format' 695 EQUALITY caseIgnoreIA5Match 696 SUBSTR caseIgnoreIA5SubstringsMatch 697 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 698 699attributetype ( 700 1.3.6.1.4.1.63.1000.1.1.1.9.2 701 NAME 'apple-printer-lprhost' 702 DESC 'printer LPR host name' 703 EQUALITY caseIgnoreMatch 704 SUBSTR caseIgnoreSubstringsMatch 705 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 706 707attributetype ( 708 1.3.6.1.4.1.63.1000.1.1.1.9.3 709 NAME 'apple-printer-lprqueue' 710 DESC 'printer LPR queue' 711 EQUALITY caseIgnoreMatch 712 SUBSTR caseIgnoreSubstringsMatch 713 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 714 715attributetype ( 716 1.3.6.1.4.1.63.1000.1.1.1.9.4 717 NAME 'apple-printer-type' 718 DESC 'printer type' 719 EQUALITY caseIgnoreMatch 720 SUBSTR caseIgnoreSubstringsMatch 721 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 722 723attributetype ( 724 1.3.6.1.4.1.63.1000.1.1.1.9.5 725 NAME 'apple-printer-note' 726 DESC 'printer note' 727 EQUALITY caseIgnoreMatch 728 SUBSTR caseIgnoreSubstringsMatch 729 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 730 731# 732# Printer object 1.3.6.1.4.1.63.1000.1.1.2.9 733# 734objectclass ( 735 1.3.6.1.4.1.63.1000.1.1.2.9 736 NAME 'apple-printer' 737 SUP top STRUCTURAL 738 MUST ( cn ) 739 MAY ( apple-printer-attributes $ 740 apple-printer-lprhost $ 741 apple-printer-lprqueue $ 742 apple-printer-type $ 743 apple-printer-note ) ) 744 745# 746# Computer attributes 1.3.6.1.4.1.63.1000.1.1.1.10 747# 748 749attributetype ( 750 1.3.6.1.4.1.63.1000.1.1.1.10.2 751 NAME 'apple-realname' 752 DESC 'real name' 753 EQUALITY caseIgnoreMatch 754 SUBSTR caseExactSubstringsMatch 755 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 756 757attributetype ( 758 1.3.6.1.4.1.63.1000.1.1.1.10.3 759 NAME 'apple-networkview' 760 DESC 'Network view for the computer' 761 EQUALITY caseExactMatch 762 SUBSTR caseExactSubstringsMatch 763 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 764 765attributetype ( 766 1.3.6.1.4.1.63.1000.1.1.1.10.4 767 NAME 'apple-category' 768 DESC 'Category for the computer or neighborhood' 769 EQUALITY caseExactMatch 770 SUBSTR caseExactSubstringsMatch 771 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 772 773attributetype ( 774 1.3.6.1.4.1.63.1000.1.1.1.10.5 775 NAME 'apple-srv' 776 DESC 'List of services to advertize via srv records' 777 EQUALITY caseExactMatch 778 SUBSTR caseExactSubstringsMatch 779 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 780 781attributetype ( 782 1.3.6.1.4.1.63.1000.1.1.1.10.6 783 NAME 'apple-primary-locale' 784 DESC 'primary locale for replication' 785 EQUALITY caseExactMatch 786 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 787 788attributetype ( 789 1.3.6.1.4.1.63.1000.1.1.1.10.7 790 NAME 'apple-parentlocales' 791 DESC 'parent locale' 792 EQUALITY caseExactMatch 793 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 794 795attributetype ( 796 1.3.6.1.4.1.63.1000.1.1.1.10.8 797 NAME 'apple-networkinterfaces' 798 DESC 'list of available network interfaces' 799 EQUALITY caseExactMatch 800 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 801 802# 803# Computer list attributes 1.3.6.1.4.1.63.1000.1.1.1.11 804# 805 806attributetype ( 807 1.3.6.1.4.1.63.1000.1.1.1.11.3 808 NAME 'apple-computers' 809 DESC 'computers' 810 EQUALITY caseExactMatch 811 SUBSTR caseExactSubstringsMatch 812 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 813 814attributetype ( 815 1.3.6.1.4.1.63.1000.1.1.1.11.4 816 NAME 'apple-computer-list-groups' 817 DESC 'groups' 818 EQUALITY caseExactMatch 819 SUBSTR caseExactSubstringsMatch 820 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 821 822# 823# XML plist attribute 1.3.6.1.4.1.63.1000.1.1.1.17.1 824# 825attributetype ( 826 1.3.6.1.4.1.63.1000.1.1.1.17.1 827 NAME 'apple-xmlplist' 828 DESC 'XML plist data' 829 EQUALITY caseExactMatch 830 SUBSTR caseExactSubstringsMatch 831 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 832 833# 834# Service URL attributes 1.3.6.1.4.1.63.1000.1.1.1.19.2 835# 836attributetype ( 837 1.3.6.1.4.1.63.1000.1.1.1.19.2 838 NAME 'apple-service-url' 839 DESC 'URL of service' 840 EQUALITY caseExactIA5Match 841 SUBSTR caseExactIA5SubstringsMatch 842 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 843# 844# Service Info attributes 1.3.6.1.4.1.63.1000.1.1.1.19.6 845# 846attributetype ( 847 1.3.6.1.4.1.63.1000.1.1.1.19.6 848 NAME 'apple-serviceinfo' 849 DESC 'service related information' 850 EQUALITY caseExactMatch 851 SUBSTR caseExactSubstringsMatch 852 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 853 854attributetype ( 855 1.3.6.1.4.1.63.1000.1.1.1.19.7 856 NAME 'apple-hwuuid' 857 DESC 'Hardware uuid of computer' 858 EQUALITY caseExactMatch 859 SUBSTR caseExactSubstringsMatch 860 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 861 862attributetype ( 863 1.3.6.1.4.1.63.1000.1.1.1.19.8 864 NAME 'apple-ldap-serverid' 865 DESC 'ID used by LDAP' 866 EQUALITY integerMatch 867 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 868 869# 870# Computer object 1.3.6.1.4.1.63.1000.1.1.2.10 871# 872objectclass ( 873 1.3.6.1.4.1.63.1000.1.1.2.10 874 NAME 'apple-computer' 875 DESC 'computer' 876 SUP top STRUCTURAL 877 MUST ( cn ) 878 MAY ( apple-realname $ 879 description $ 880 macAddress $ 881 apple-category $ 882 apple-computer-list-groups $ 883 apple-keyword $ 884 apple-mcxflags $ 885 apple-mcxsettings $ 886 apple-networkview $ 887 apple-xmlplist $ 888 apple-service-url $ 889 apple-serviceinfo $ 890 apple-serviceslocator $ 891 apple-primarycomputerlist $ 892 apple-ldap-serverid $ 893 authAuthority $ 894 uidNumber $ gidNumber $ apple-generateduid $ ttl $ 895 acctFlags $ pwdLastSet $ logonTime $ 896 logoffTime $ kickoffTime $ rid $ primaryGroupID $ 897 sambaSID $ sambaPrimaryGroupSID $ 898 owner $ apple-ownerguid $ apple-contactguid $ 899 ipHostNumber $ bootFile $ apple-hwuuid $ apple-srv $ 900 apple-primary-locale $ apple-parentlocales $ 901 apple-networkinterfaces $ userCertificate $ userPKCS12) ) 902 903# 904# Computer list object 1.3.6.1.4.1.63.1000.1.1.2.11 905# 906objectclass ( 907 1.3.6.1.4.1.63.1000.1.1.2.11 908 NAME 'apple-computer-list' 909 DESC 'computer list' 910 SUP top STRUCTURAL 911 MUST ( cn ) 912 MAY ( apple-mcxflags $ 913 apple-mcxsettings $ 914 apple-computer-list-groups $ 915 apple-computers $ 916 apple-generateduid $ 917 apple-keyword ) ) 918 919# 920# Configuration attributes 1.3.6.1.4.1.63.1000.1.1.1.12 921# 922attributetype ( 923 1.3.6.1.4.1.63.1000.1.1.1.12.1 924 NAME 'apple-password-server-location' 925 DESC 'password server location' 926 EQUALITY caseExactIA5Match 927 SUBSTR caseExactIA5SubstringsMatch 928 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 929 930attributetype ( 931 1.3.6.1.4.1.63.1000.1.1.1.12.2 932 NAME 'apple-data-stamp' 933 DESC 'data stamp' 934 EQUALITY caseExactIA5Match 935 SUBSTR caseExactIA5SubstringsMatch 936 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 937 938attributetype ( 939 1.3.6.1.4.1.63.1000.1.1.1.12.3 940 NAME 'apple-config-realname' 941 DESC 'config real name' 942 EQUALITY caseExactIA5Match 943 SUBSTR caseExactIA5SubstringsMatch 944 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 945 946attributetype ( 947 1.3.6.1.4.1.63.1000.1.1.1.12.4 948 NAME 'apple-password-server-list' 949 DESC 'password server replication plist' 950 EQUALITY caseExactMatch 951 SUBSTR caseExactSubstringsMatch 952 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 953 954attributetype ( 955 1.3.6.1.4.1.63.1000.1.1.1.12.5 956 NAME 'apple-ldap-replica' 957 DESC 'LDAP replication list' 958 EQUALITY caseExactMatch 959 SUBSTR caseExactSubstringsMatch 960 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 961 962attributetype ( 963 1.3.6.1.4.1.63.1000.1.1.1.12.6 964 NAME 'apple-ldap-writable-replica' 965 DESC 'LDAP writable replication list' 966 EQUALITY caseExactMatch 967 SUBSTR caseExactSubstringsMatch 968 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 969 970attributetype ( 971 1.3.6.1.4.1.63.1000.1.1.1.12.7 972 NAME 'apple-kdc-authkey' 973 DESC 'KDC master key RSA encrypted with realm public key' 974 EQUALITY caseExactMatch 975 SUBSTR caseExactSubstringsMatch 976 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 977 978attributetype ( 979 1.3.6.1.4.1.63.1000.1.1.1.12.8 980 NAME 'apple-kdc-configdata' 981 DESC 'Contents of the kdc.conf file' 982 EQUALITY caseExactMatch 983 SUBSTR caseExactSubstringsMatch 984 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 985 986attributetype ( 987 1.3.6.1.4.1.63.1000.1.1.1.12.9 988 NAME 'apple-last-serverid' 989 DESC 'Last serverID used' 990 EQUALITY integerMatch 991 SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' 992 SINGLE-VALUE ) 993 994attributetype ( 1.3.6.1.1.1.1.104 995 NAME 'apple-enabled-auth-mech' 996 DESC 'Enabled auth mechs' 997 EQUALITY caseIgnoreMatch 998 SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) 999 1000attributetype ( 1.3.6.1.1.1.1.105 1001 NAME 'apple-disabled-auth-mech' 1002 DESC 'Disabled auth mechs' 1003 EQUALITY caseIgnoreMatch 1004 SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) 1005 1006# 1007# Configuration object 1.3.6.1.4.1.63.1000.1.1.2.12 1008# 1009objectclass ( 1010 1.3.6.1.4.1.63.1000.1.1.2.12 1011 NAME 'apple-configuration' 1012 DESC 'configuration' 1013 SUP top STRUCTURAL 1014 MAY ( cn $ apple-config-realname $ 1015 apple-data-stamp $ apple-password-server-location $ 1016 apple-password-server-list $ apple-ldap-replica $ 1017 apple-ldap-writable-replica $ apple-keyword $ 1018 apple-kdc-authkey $ apple-kdc-configdata $ apple-xmlplist $ ttl $ 1019 apple-last-serverid $ apple-enabled-auth-mech $ apple-accountpolicy ) ) 1020 1021# 1022# Preset computer list object class. 1023# 1024objectclass ( 1025 1.3.6.1.4.1.63.1000.1.1.2.13 1026 NAME 'apple-preset-computer-list' 1027 DESC 'preset computer list' 1028 SUP top STRUCTURAL 1029 MUST ( cn ) 1030 MAY ( apple-mcxflags $ 1031 apple-mcxsettings $ 1032 apple-computer-list-groups $ 1033 apple-keyword ) ) 1034# 1035# Preset computer object class. 1036# 1037 1038objectclass ( 1039 1.3.6.1.4.1.63.1000.1.1.2.25 1040 NAME 'apple-preset-computer' 1041 DESC 'preset computer' 1042 SUP top STRUCTURAL 1043 MUST ( cn ) 1044 MAY ( apple-mcxflags $ 1045 apple-mcxsettings $ 1046 apple-computer-list-groups $ 1047 apple-primarycomputerlist $ 1048 description $ 1049 apple-networkview $ 1050 apple-keyword ) ) 1051# 1052# Preset computer group object class. 1053#AttributeTypes: 1054objectclass ( 1055 1.3.6.1.4.1.63.1000.1.1.2.26 1056 NAME 'apple-preset-computer-group' 1057 DESC 'preset computer group' 1058 SUP top STRUCTURAL 1059 MUST ( cn ) 1060 MAY ( gidNumber $ 1061 memberUID $ 1062 apple-mcxflags $ 1063 apple-mcxsettings $ 1064 apple-group-nestedgroup $ 1065 apple-group-memberguid $ 1066 description $ 1067 jpegPhoto $ 1068 apple-keyword ) ) 1069 1070# 1071# Preset group object 1.3.6.1.4.1.63.1000.1.1.3.14 1072# 1073objectclass ( 1074 1.3.6.1.4.1.63.1000.1.1.3.14 1075 NAME 'apple-preset-group' 1076 DESC 'preset group' 1077 SUP top STRUCTURAL 1078 MUST ( cn ) 1079 MAY ( memberUid $ 1080 gidNumber $ 1081 description $ 1082 apple-group-homeurl $ 1083 apple-group-homeowner $ 1084 apple-mcxflags $ 1085 apple-mcxsettings $ 1086 apple-group-realname $ 1087 apple-keyword $ 1088 apple-group-nestedgroup $ 1089 apple-group-memberguid $ 1090 ttl $ 1091 jpegPhoto $ 1092 apple-group-services $ 1093 labeledURI $ 1094 apple-serviceslocator ) ) 1095 1096# 1097# Preset user object attributes 1.3.6.1.4.1.63.1000.1.1.1.15 1098# 1099attributetype ( 1100 1.3.6.1.4.1.63.1000.1.1.1.15.1 1101 NAME 'apple-preset-user-is-admin' 1102 DESC 'flag indicating whether the preset user is an administrator' 1103 EQUALITY caseExactIA5Match 1104 SUBSTR caseExactIA5SubstringsMatch 1105 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 1106 1107# 1108# Preset user object 1.3.6.1.4.1.63.1000.1.1.2.15 1109# 1110objectclass ( 1111 1.3.6.1.4.1.63.1000.1.1.2.15 1112 NAME 'apple-preset-user' 1113 DESC 'preset user' 1114 SUP top STRUCTURAL 1115 MUST ( cn ) 1116 MAY ( uid $ 1117 memberUid $ 1118 apple-group-memberguid $ 1119 gidNumber $ 1120 homeDirectory $ 1121 apple-user-homeurl $ 1122 apple-user-homequota $ 1123 apple-user-homesoftquota $ 1124 apple-user-mailattribute $ 1125 apple-user-printattribute $ 1126 apple-mcxflags $ 1127 apple-mcxsettings $ 1128 apple-user-adminlimits $ 1129 apple-user-passwordpolicy $ 1130 userPassword $ 1131 apple-user-picture $ 1132 apple-keyword $ 1133 loginShell $ 1134 description $ 1135 shadowLastChange $ 1136 shadowExpire $ 1137 authAuthority $ 1138 homeDrive $ scriptPath $ profilePath $ smbHome $ 1139 apple-preset-user-is-admin $ 1140 jpegPhoto $ 1141 apple-relationships $ apple-phonecontacts $ apple-emailcontacts $ apple-postaladdresses $ apple-mapcoordinates $ 1142 apple-serviceslocator ) ) 1143 1144# 1145# Authentication authority attribute 1.3.6.1.4.1.63.1000.1.1.2.16.1 1146# 1147#attributetype ( 1148# 1.3.6.1.4.1.63.1000.1.1.2.16.1 1149# NAME 'authAuthority' 1150# DESC 'password server authentication authority' 1151# EQUALITY caseExactIA5Match 1152# SUBSTR caseExactIA5SubstringsMatch 1153# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 1154 1155#attributetype ( 1156# 1.3.6.1.4.1.63.1000.1.1.2.16.2 1157# NAME ( 'authAuthority' 'authAuthority2' ) 1158# DESC 'password server authentication authority' 1159# EQUALITY caseExactMatch 1160# SUBSTR caseExactSubstringsMatch 1161# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 1162 1163# 1164# Authentication authority object 1.3.6.1.4.1.63.1000.1.1.2.16 1165# 1166objectclass ( 1167 1.3.6.1.4.1.63.1000.1.1.2.16 1168 NAME 'authAuthorityObject' 1169 SUP top AUXILIARY 1170 MAY ( authAuthority ) ) 1171 1172# 1173# Server Assistant configuration object 1.3.6.1.4.1.63.1000.1.1.2.17 1174# 1175objectclass ( 1176 1.3.6.1.4.1.63.1000.1.1.2.17 1177 NAME 'apple-serverassistant-config' 1178 SUP top STRUCTURAL 1179 MUST ( cn ) 1180 MAY ( apple-xmlplist ) ) 1181 1182# 1183# Location object attributes 1.3.6.1.4.1.63.1000.1.1.1.18 1184# 1185attributetype ( 1186 1.3.6.1.4.1.63.1000.1.1.1.18.1 1187 NAME 'apple-dns-domain' 1188 DESC 'DNS domain' 1189 EQUALITY caseExactMatch 1190 SUBSTR caseExactSubstringsMatch 1191 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 1192 1193attributetype ( 1194 1.3.6.1.4.1.63.1000.1.1.1.18.2 1195 NAME 'apple-dns-nameserver' 1196 DESC 'DNS name server list' 1197 EQUALITY caseExactMatch 1198 SUBSTR caseExactSubstringsMatch 1199 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 1200 1201# 1202# Location object 1.3.6.1.4.1.63.1000.1.1.2.18 1203# 1204objectclass ( 1205 1.3.6.1.4.1.63.1000.1.1.2.18 1206 NAME 'apple-location' 1207 SUP top AUXILIARY 1208 MUST ( cn ) 1209 MAY ( apple-dns-domain $ apple-dns-nameserver ) ) 1210 1211# 1212# Service object attributes 1.3.6.1.4.1.63.1000.1.1.1.19 1213# 1214attributetype ( 1215 1.3.6.1.4.1.63.1000.1.1.1.19.1 1216 NAME 'apple-service-type' 1217 DESC 'type of service' 1218 EQUALITY caseExactIA5Match 1219 SUBSTR caseExactIA5SubstringsMatch 1220 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 1221 1222#attributetype ( 1223# 1.3.6.1.4.1.63.1000.1.1.1.19.2 1224# NAME 'apple-service-url' 1225# DESC 'URL of service' 1226# EQUALITY caseExactIA5Match 1227# SUBSTR caseExactIA5SubstringsMatch 1228# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 1229 1230attributetype ( 1231 1.3.6.1.4.1.63.1000.1.1.1.19.3 1232 NAME 'apple-service-port' 1233 DESC 'Service port number' 1234 EQUALITY integerMatch 1235 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) 1236 1237attributetype ( 1238 1.3.6.1.4.1.63.1000.1.1.1.19.4 1239 NAME 'apple-dnsname' 1240 DESC 'DNS name' 1241 EQUALITY caseExactMatch 1242 SUBSTR caseExactSubstringsMatch 1243 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 1244 1245attributetype ( 1246 1.3.6.1.4.1.63.1000.1.1.1.19.5 1247 NAME 'apple-service-location' 1248 DESC 'Service location' 1249 EQUALITY caseExactMatch 1250 SUBSTR caseExactSubstringsMatch 1251 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 1252 1253# 1254# Service object 1.3.6.1.4.1.63.1000.1.1.2.19 1255# 1256objectclass ( 1257 1.3.6.1.4.1.63.1000.1.1.2.19 1258 NAME 'apple-service' 1259 SUP top STRUCTURAL 1260 MUST ( cn $ 1261 apple-service-type ) 1262 MAY ( ipHostNumber $ 1263 description $ 1264 apple-service-location $ 1265 apple-service-url $ 1266 apple-service-port $ 1267 apple-dnsname $ 1268 apple-keyword ) ) 1269 1270# 1271# Neighborhood object attributes 1.3.6.1.4.1.63.1000.1.1.1.20 1272# 1273attributetype ( 1274 1.3.6.1.4.1.63.1000.1.1.1.20.1 1275 NAME 'apple-nodepathxml' 1276 DESC 'XML plist of directory node path' 1277 EQUALITY caseExactMatch 1278 SUBSTR caseExactSubstringsMatch 1279 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 1280 1281attributetype ( 1282 1.3.6.1.4.1.63.1000.1.1.1.20.2 1283 NAME 'apple-neighborhoodalias' 1284 DESC 'XML plist referring to another neighborhood record' 1285 EQUALITY caseExactMatch 1286 SUBSTR caseExactSubstringsMatch 1287 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 1288 1289attributetype ( 1290 1.3.6.1.4.1.63.1000.1.1.1.20.3 1291 NAME 'apple-computeralias' 1292 DESC 'XML plist referring to a computer record' 1293 EQUALITY caseExactMatch 1294 SUBSTR caseExactSubstringsMatch 1295 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 1296 1297# 1298# Neighborhood object 1.3.6.1.4.1.63.1000.1.1.2.20 1299# 1300objectclass ( 1301 1.3.6.1.4.1.63.1000.1.1.2.20 1302 NAME 'apple-neighborhood' 1303 SUP top STRUCTURAL 1304 MUST ( cn ) 1305 MAY ( description $ 1306 apple-generateduid $ 1307 apple-category $ 1308 apple-nodepathxml $ 1309 apple-neighborhoodalias $ 1310 apple-computeralias $ 1311 apple-keyword $ 1312 apple-realname $ 1313 apple-xmlplist $ 1314 ttl ) ) 1315 1316# 1317# ACL object attributes 1.3.6.1.4.1.63.1000.1.1.1.21 1318# 1319attributetype ( 1320 1.3.6.1.4.1.63.1000.1.1.1.21.1 1321 NAME 'apple-acl-entry' 1322 DESC 'acl entry' 1323 EQUALITY caseExactMatch 1324 SUBSTR caseExactSubstringsMatch 1325 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 1326 1327# 1328# ACL object 1.3.6.1.4.1.63.1000.1.1.2.21 1329# 1330objectclass ( 1331 1.3.6.1.4.1.63.1000.1.1.2.21 1332 NAME 'apple-acl' 1333 SUP top STRUCTURAL 1334 MUST ( cn $ 1335 apple-acl-entry ) ) 1336 1337# 1338# Schema attributes 1.3.6.1.4.1.63.1000.1.1.1.22 1339# 1340#attributetype ( 1341# 1.3.6.1.4.1.63.1000.1.1.1.22.1 1342# NAME 'attributeTypesConfig' 1343# DESC 'attribute type configuration' 1344# EQUALITY objectIdentifierFirstComponentMatch 1345# SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 ) 1346 1347#attributetype ( 1348# 1.3.6.1.4.1.63.1000.1.1.1.22.2 1349# NAME 'objectClassesConfig' 1350# DESC 'object class configuration' 1351# EQUALITY objectIdentifierFirstComponentMatch 1352# SYNTAX 1.3.6.1.4.1.1466.115.121.1.37 ) 1353 1354# 1355# Resource attributes 1.3.6.1.4.1.63.1000.1.1.1.23 1356# 1357 1358attributetype ( 1359 1.3.6.1.4.1.63.1000.1.1.1.23.1 1360 NAME 'apple-resource-type' 1361 DESC 'resource type' 1362 EQUALITY caseExactIA5Match 1363 SUBSTR caseExactIA5SubstringsMatch 1364 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 1365 1366attributetype ( 1367 1.3.6.1.4.1.63.1000.1.1.1.23.2 1368 NAME 'apple-resource-info' 1369 DESC 'resource info' 1370 EQUALITY caseExactMatch 1371 SUBSTR caseExactSubstringsMatch 1372 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 1373 1374attributetype ( 1375 1.3.6.1.4.1.63.1000.1.1.1.23.3 1376 NAME 'apple-capacity' 1377 DESC 'capacity' 1378 EQUALITY integerMatch 1379 SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) 1380 1381# 1382# Resource object 1.3.6.1.4.1.63.1000.1.1.2.23 1383# 1384 1385objectclass ( 1386 1.3.6.1.4.1.63.1000.1.1.2.23 1387 NAME 'apple-resource' 1388 SUP top STRUCTURAL 1389 MUST ( cn ) 1390 MAY ( apple-realname $ description $ jpegPhoto $ apple-keyword $ 1391 apple-generateduid $ apple-contactguid $ apple-ownerguid $ 1392 apple-resource-info $ apple-resource-type $ apple-capacity $ 1393 labeledURI $ apple-mapuri $ apple-serviceslocator $ apple-phonecontacts $ 1394 c $ apple-mapguid $ apple-mapcoordinates $ apple-xmlplist ) ) 1395 1396# 1397# Augment object 1.3.6.1.4.1.63.1000.1.1.2.24 1398# 1399 1400objectclass ( 1401 1.3.6.1.4.1.63.1000.1.1.2.24 1402 NAME 'apple-augment' 1403 SUP top 1404 STRUCTURAL 1405 MUST ( cn ) ) 1406 1407attributetype ( 1408 1.3.6.1.1.1.1.31 1409 NAME 'automountMapName' 1410 DESC 'automount Map Name' 1411 EQUALITY caseExactMatch 1412 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 1413 SINGLE-VALUE ) 1414 1415attributetype ( 1416 1.3.6.1.1.1.1.32 1417 NAME 'automountKey' 1418 DESC 'Automount Key value' 1419 EQUALITY caseExactMatch 1420 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 1421 SINGLE-VALUE ) 1422 1423attributetype ( 1424 1.3.6.1.1.1.1.33 1425 NAME 'automountInformation' 1426 DESC 'Automount information' 1427 EQUALITY caseExactMatch 1428 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 1429 SINGLE-VALUE ) 1430 1431objectclass ( 1432 1.3.6.1.1.1.2.16 1433 NAME 'automountMap' 1434 SUP top STRUCTURAL 1435 MUST ( automountMapName ) 1436 MAY description ) 1437 1438objectclass ( 1439 1.3.6.1.1.1.2.17 1440 NAME 'automount' 1441 SUP top STRUCTURAL 1442 DESC 'Automount' 1443 MUST ( automountKey $ automountInformation ) 1444 MAY description ) 1445 1446# 1447# Apple User Info object 1.3.6.1.4.1.63.1000.1.1.2.27 1448# 1449 1450objectclass ( 1451 1.3.6.1.4.1.63.1000.1.1.2.27 1452 NAME 'apple-user-info' 1453 SUP top STRUCTURAL 1454 MAY ( apple-namesuffix $ apple-phonecontacts $ apple-emailcontacts $ apple-postaladdresses $ 1455 telephoneNumber $ mobile $ facsimileTelephoneNumber $ pager $ 1456 l $ st $ c $ postalCode $ postalAddress $ street $ 1457 apple-imhandle $ loginShell $ jpegPhoto $ apple-user-picture $ description $ userCertificate $ userPKCS12) ) 1458 1459# 1460# Apple Computer Info object 1.3.6.1.4.1.63.1000.1.1.2.31 1461# 1462 1463objectclass ( 1464 1.3.6.1.4.1.63.1000.1.1.2.31 1465 NAME 'apple-computer-info' 1466 SUP top STRUCTURAL 1467 MAY ( apple-serviceinfo $ apple-serviceslocator $ apple-keyword $ userCertificate $ userPKCS12) ) 1468 1469 1470## Schema elements for PWS records in LDAP 1471## Proposed schema elements for PWS records in LDAP 1472# Last login time. 1473attributetype ( 1.3.6.1.1.1.1.35 1474 NAME 'lastLoginTime' 1475 EQUALITY generalizedTimeMatch 1476 SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' 1477 SINGLE-VALUE ) 1478 1479# Time of last password change. 1480attributetype ( 1.3.6.1.1.1.1.36 1481 NAME 'passwordModDate' 1482 EQUALITY generalizedTimeMatch 1483 SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' 1484 SINGLE-VALUE ) 1485 1486# User's authdata GUID, this is essentially the PWS slotid 1487attributetype ( 1.3.6.1.1.1.1.37 1488 NAME 'authGUID' 1489 EQUALITY caseIgnoreMatch 1490 SUBSTR caseIgnoreSubstringsMatch 1491 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 1492 1493# Running tally of login failures. 1494attributetype ( 1.3.6.1.1.1.1.38 1495 NAME 'loginFailedAttempts' 1496 EQUALITY integerMatch 1497 SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' 1498 SINGLE-VALUE ) 1499 1500# Links the authdata record to the user record 1501attributetype ( 1.3.6.1.1.1.1.39 1502 NAME 'userLinkage' 1503 EQUALITY caseIgnoreMatch 1504 SUBSTR caseIgnoreSubstringsMatch 1505 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 1506 1507# String containing the reason for disabling. 1508attributetype ( 1.3.6.1.1.1.1.40 1509 NAME 'disableReason' 1510 EQUALITY caseIgnoreMatch 1511 SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' 1512 SINGLE-VALUE ) 1513 1514# The following are attributes storing the secrets for each auth type 1515attributetype ( 1.3.6.1.1.1.1.42 1516 NAME 'cmusaslsecretSMBNT' 1517 EQUALITY octetStringMatch 1518 SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' 1519 SINGLE-VALUE ) 1520 1521attributetype ( 1.3.6.1.1.1.1.43 1522 NAME 'cmusaslsecretSMBLM' 1523 EQUALITY octetStringMatch 1524 SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' 1525 SINGLE-VALUE ) 1526 1527attributetype ( 1.3.6.1.1.1.1.44 1528 NAME 'cmusaslsecretDIGEST-MD5' 1529 EQUALITY octetStringMatch 1530 SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' 1531 SINGLE-VALUE ) 1532 1533attributetype ( 1.3.6.1.1.1.1.45 1534 NAME 'cmusaslsecretCRAM-MD5' 1535 EQUALITY octetStringMatch 1536 SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' 1537 SINGLE-VALUE ) 1538 1539attributetype ( 1.3.6.1.1.1.1.46 1540 NAME 'cmusaslsecretPPS' 1541 EQUALITY octetStringMatch 1542 SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' 1543 SINGLE-VALUE ) 1544 1545# The realm name and principal name are stored in the "secrets" area for 1546# the kerberos auth types. These may be unnecessary after the Heimdal transition. 1547attributetype ( 1.3.6.1.1.1.1.47 1548 NAME 'KerberosRealmName' 1549 EQUALITY caseIgnoreMatch 1550 SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' 1551 SINGLE-VALUE ) 1552 1553attributetype ( 1.3.6.1.1.1.1.48 1554 NAME 'KerberosPrincName' 1555 EQUALITY caseIgnoreMatch 1556 SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' 1557 SINGLE-VALUE ) 1558 1559# User password, stored DES encrypted for obfuscation. 1560attributetype ( 1.3.6.1.1.1.1.49 1561 NAME 'password' 1562 EQUALITY octetStringMatch 1563 SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' 1564 SINGLE-VALUE ) 1565 1566attributetype ( 1.3.6.1.1.1.1.50 1567 NAME 'adminGroups' 1568 SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' 1569 SINGLE-VALUE ) 1570 1571# DIGEST-MD5 hash with username, sasl realm, password 1572attributetype ( 1.3.6.1.1.1.1.51 1573 NAME 'cmusaslsecretDIGEST-UMD5' 1574 EQUALITY octetStringMatch 1575 SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' 1576 SINGLE-VALUE ) 1577 1578# Time the user was created. 1579attributetype ( 1.3.6.1.1.1.1.55 1580 NAME 'creationDate' 1581 EQUALITY generalizedTimeMatch 1582 SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' 1583 SINGLE-VALUE ) 1584 1585# History data 1586attributetype ( 1.3.6.1.1.1.1.56 1587 NAME 'historyData' 1588 EQUALITY octetStringMatch 1589 SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' 1590 SINGLE-VALUE ) 1591 1592# Time of newPasswordRequired being set. 1593attributetype ( 1.3.6.1.1.1.1.57 1594 NAME 'passwordRequiredDate' 1595 EQUALITY generalizedTimeMatch 1596 SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' 1597 SINGLE-VALUE ) 1598 1599# Krb schema 1600attributetype ( 1.3.6.1.1.1.1.86 1601 NAME 'draft-krbPrincipalName' 1602 DESC 'Canonical principal name' 1603 EQUALITY caseExactIA5Match 1604 SUBSTR caseExactSubstringsMatch 1605 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 1606 SINGLE-VALUE ) 1607 1608attributetype ( 1.3.6.1.1.1.1.87 1609 NAME 'draft-krbRealmName' 1610 EQUALITY octetStringMatch 1611 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) 1612 1613attributetype ( 1.3.6.1.1.1.1.88 1614 NAME 'draft-krbPrincipalAliases' 1615 SUP draft-krbPrincipalName ) 1616 1617attributetype ( 1.3.6.1.1.1.1.89 1618 NAME 'draft-krbTicketMaxLife' 1619 EQUALITY integerMatch 1620 ORDERING integerOrderingMatch 1621 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 1622 SINGLE-VALUE ) 1623 1624attributetype ( 1.3.6.1.1.1.1.90 1625 NAME 'draft-krbTicketMaxRenewal' 1626 EQUALITY integerMatch 1627 ORDERING integerOrderingMatch 1628 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 1629 SINGLE-VALUE ) 1630 1631attributetype ( 1.3.6.1.1.1.1.91 1632 NAME 'draft-krbEncSaltTypes' 1633 EQUALITY caseIgnoreMatch 1634 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 1635 1636attributetype ( 1.3.6.1.1.1.1.92 1637 NAME 'draft-krbKeySet' 1638 EQUALITY octetStringMatch 1639 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) 1640 1641attributetype ( 1.3.6.1.1.1.1.93 1642 NAME 'draft-krbKeyVersion' 1643 EQUALITY integerMatch 1644 ORDERING integerOrderingMatch 1645 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 1646 SINGLE-VALUE ) 1647 1648attributetype ( 1.3.6.1.1.1.1.94 1649 NAME 'draft-krbPrincipalRealm' 1650 DESC 'DN of krbRealm entry' 1651 SUP distinguishedName ) 1652 1653attributetype ( 1.3.6.1.1.1.1.95 1654 NAME 'draft-krbTicketPolicy' 1655 EQUALITY integerMatch 1656 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 1657 SINGLE-VALUE ) 1658 1659attributetype ( 1.3.6.1.1.1.1.96 1660 NAME 'draft-krbExtraData' 1661 EQUALITY octetStringMatch 1662 SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) 1663 1664attributetype ( 1.3.6.1.1.1.1.98 1665 NAME 'draft-krbPrincipalACL' 1666 EQUALITY integerMatch 1667 SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' 1668 SINGLE-VALUE ) 1669 1670attributetype ( 1.3.6.1.1.1.1.97 1671 NAME 'crschallenge' 1672 EQUALITY caseIgnoreMatch 1673 SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' 1674 SINGLE-VALUE ) 1675 1676# multivalued attribute to store computer account owner GUID. 1677attributetype ( 1.3.6.1.1.1.1.103 1678 NAME 'ownerGUIDList' 1679 DESC 'computer account owner GUID' 1680 EQUALITY caseIgnoreMatch 1681 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 1682 1683# objectclass representing a user/slot. 1684# uid is the shortname of the user as stored in PWS. 1685# apple-generateduid is intended to match the user's UID. Currently unpopulated 1686objectclass ( 1687 1.3.6.1.4.1.63.1000.1.1.2.28 1688 NAME 'pwsAuthdata' 1689 STRUCTURAL 1690 MUST ( authGUID ) 1691 MAY ( uid $ authGUID $ passwordModDate $ lastLoginTime $ lastFailedLoginTime $ loginFailedAttempts $ 1692 disableReason $ apple-user-passwordpolicy $ apple-accountpolicy $ adminGroups $ cmusaslsecretSMBNT $ 1693 cmusaslsecretSMBLM $ cmusaslsecretDIGEST-MD5 $ cmusaslsecretCRAM-MD5 $ cmusaslsecretPPS $ 1694 KerberosRealmName $ KerberosPrincName $ password $ creationDate $ historyData $ 1695 draft-krbPrincipalName $ draft-krbRealmName $ draft-krbPrincipalAliases $ 1696 draft-krbTicketMaxLife $ draft-krbTicketMaxRenewal $ draft-krbEncSaltTypes $ 1697 draft-krbKeySet $ draft-krbKeyVersion $ draft-krbPrincipalRealm $ draft-krbTicketPolicy $ 1698 draft-krbExtraData $ draft-krbPrincipalACL $ crschallenge $ userLinkage $ 1699 cmusaslsecretDIGEST-UMD5 $ ownerGUIDList ) ) 1700 1701# Multi valued attribute to store the names of auth methods considered "weak" 1702# "weak" auth methods are not allowed to be used for some privileged operations 1703attributetype ( 1.3.6.1.1.1.1.76 1704 NAME 'weakAuthMethod' 1705 EQUALITY caseIgnoreMatch 1706 SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' ) 1707 1708# object class storing global policy and weak auth methods. 1709objectclass ( 1710 1.3.6.1.4.1.63.1000.1.1.2.29 1711 NAME 'pwPolicy' 1712 STRUCTURAL 1713 MUST ( cn ) 1714 MAY ( apple-user-passwordpolicy $ apple-accountpolicy $ weakAuthMethod $ passwordRequiredDate) ) 1715 1716# PWS' private key. Stored in authdata container for security. 1717attributetype ( 1.3.6.1.1.1.1.77 1718 NAME 'PWSPrivateKey' 1719 EQUALITY octetStringMatch 1720 SYNTAX '1.3.6.1.4.1.1466.115.121.1.40' 1721 SINGLE-VALUE ) 1722 1723attributetype ( 1.3.6.1.1.1.1.78 1724 NAME 'PWSPublicKey' 1725 EQUALITY caseIgnoreMatch 1726 SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' 1727 SINGLE-VALUE ) 1728 1729# Allow storing the PWS private key in the root of the container, cn=config style 1730objectclass ( 1731 1.3.6.1.4.1.63.1000.1.1.2.30 1732 NAME 'pwAuthData' 1733 SUP container 1734 MAY ( PWSPrivateKey $ PWSPublicKey ) ) 1735 1736 1737# Allow storing certificate request information 1738 1739attributetype ( 1.3.6.1.1.1.1.79 1740 NAME 'apple-transactionID' 1741 EQUALITY caseIgnoreMatch 1742 SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' 1743 SINGLE-VALUE ) 1744 1745attributetype ( 1.3.6.1.1.1.1.80 1746 NAME 'apple-pkiStatus' 1747 EQUALITY integerMatch 1748 SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' 1749 SINGLE-VALUE ) 1750 1751attributetype ( 1.3.6.1.1.1.1.81 1752 NAME 'apple-failInfo' 1753 EQUALITY integerMatch 1754 SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' 1755 SINGLE-VALUE ) 1756 1757attributetype ( 1.3.6.1.1.1.1.82 1758 NAME 'apple-certificateSigningRequest' 1759 EQUALITY certificateExactMatch 1760 SYNTAX '1.3.6.1.4.1.1466.115.121.1.8' 1761 SINGLE-VALUE ) 1762 1763attributetype ( 1.3.6.1.1.1.1.83 1764 NAME 'apple-device-guid' 1765 EQUALITY caseIgnoreMatch 1766 SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' 1767 SINGLE-VALUE ) 1768 1769attributetype ( 1.3.6.1.1.1.1.84 1770 NAME 'apple-issuer' 1771 EQUALITY caseIgnoreMatch 1772 SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' 1773 SINGLE-VALUE ) 1774 1775attributetype ( 1.3.6.1.1.1.1.85 1776 NAME 'apple-serialNumber' 1777 EQUALITY caseIgnoreMatch 1778 SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' 1779 SINGLE-VALUE ) 1780 1781attributetype ( 1.3.6.1.1.1.1.99 1782 NAME 'apple-revocationReason' 1783 EQUALITY integerMatch 1784 SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' 1785 SINGLE-VALUE ) 1786 1787attributetype ( 1.3.6.1.1.1.1.100 1788 NAME 'apple-revocationDate' 1789 EQUALITY generalizedTimeMatch 1790 SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' 1791 SINGLE-VALUE ) 1792 1793attributetype ( 1.3.6.1.1.1.1.101 1794 NAME 'apple-validNotBefore' 1795 EQUALITY generalizedTimeMatch 1796 SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' 1797 SINGLE-VALUE ) 1798 1799attributetype ( 1.3.6.1.1.1.1.102 1800 NAME 'apple-validNotAfter' 1801 EQUALITY generalizedTimeMatch 1802 SYNTAX '1.3.6.1.4.1.1466.115.121.1.24' 1803 SINGLE-VALUE ) 1804 1805objectclass ( 1806 1.3.6.1.4.1.63.1000.1.1.2.33 1807 NAME 'apple-certificateRequestInfo' 1808 SUP top STRUCTURAL 1809 MUST ( apple-transactionID $ apple-pkiStatus ) 1810 MAY ( apple-failInfo $ apple-issuer $ apple-serialNumber $ 1811 userCertificate $ apple-certificateSigningRequest $ apple-device-guid $ 1812 apple-xmlplist $ apple-revocationReason $ apple-revocationDate $ 1813 apple-validNotBefore $ apple-validNotAfter ) ) 1814 1815