1## 2## schema file for OpenLDAP 2.0.x 3## Schema for storing Samba's smbpasswd file in LDAP 4## OIDs are owned by the Samba Team 5## 6## Prerequisite schemas - uid (cosine.schema) 7## - displayName (inetorgperson.schema) 8## 9## 1.3.6.1.4.1.7165.2.1.x - attributetypes 10## 1.3.6.1.4.1.7165.2.2.x - objectclasses 11## 12 13## 14## Password hashes 15## 16attributetype ( 1.3.6.1.4.1.7165.2.1.1 NAME 'lmPassword' 17 DESC 'LanManager Passwd' 18 EQUALITY caseIgnoreIA5Match 19 SUBSTR caseIgnoreIA5SubstringsMatch 20 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 21 22attributetype ( 1.3.6.1.4.1.7165.2.1.2 NAME 'ntPassword' 23 DESC 'NT Passwd' 24 EQUALITY caseIgnoreIA5Match 25 SUBSTR caseIgnoreIA5SubstringsMatch 26 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 27 28## 29## Account flags in string format ([UWDX ]) 30## 31attributetype ( 1.3.6.1.4.1.7165.2.1.4 NAME 'acctFlags' 32 DESC 'Account Flags' 33 EQUALITY caseIgnoreIA5Match 34 SUBSTR caseIgnoreIA5SubstringsMatch 35 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 36 37## 38## Password timestamps & policies 39## 40attributetype ( 1.3.6.1.4.1.7165.2.1.3 NAME 'pwdLastSet' 41 DESC 'NT pwdLastSet' 42 EQUALITY integerMatch 43 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 44 45attributetype ( 1.3.6.1.4.1.7165.2.1.5 NAME 'logonTime' 46 DESC 'NT logonTime' 47 EQUALITY integerMatch 48 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 49 50attributetype ( 1.3.6.1.4.1.7165.2.1.6 NAME 'logoffTime' 51 DESC 'NT logoffTime' 52 EQUALITY integerMatch 53 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 54 55attributetype ( 1.3.6.1.4.1.7165.2.1.7 NAME 'kickoffTime' 56 DESC 'NT kickoffTime' 57 EQUALITY integerMatch 58 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 59 60attributetype ( 1.3.6.1.4.1.7165.2.1.8 NAME 'pwdCanChange' 61 DESC 'NT pwdCanChange' 62 EQUALITY integerMatch 63 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 64 65attributetype ( 1.3.6.1.4.1.7165.2.1.9 NAME 'pwdMustChange' 66 DESC 'NT pwdMustChange' 67 EQUALITY integerMatch 68 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 69 70## 71## string settings 72## 73attributetype ( 1.3.6.1.4.1.7165.2.1.10 NAME 'homeDrive' 74 DESC 'NT homeDrive' 75 EQUALITY caseIgnoreIA5Match 76 SUBSTR caseIgnoreIA5SubstringsMatch 77 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) 78 79attributetype ( 1.3.6.1.4.1.7165.2.1.11 NAME 'scriptPath' 80 DESC 'NT scriptPath' 81 EQUALITY caseIgnoreMatch 82 SUBSTR caseIgnoreSubstringsMatch 83 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 84 85attributetype ( 1.3.6.1.4.1.7165.2.1.12 NAME 'profilePath' 86 DESC 'NT profilePath' 87 EQUALITY caseIgnoreMatch 88 SUBSTR caseIgnoreSubstringsMatch 89 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 90 91attributetype ( 1.3.6.1.4.1.7165.2.1.13 NAME 'userWorkstations' 92 DESC 'userWorkstations' 93 EQUALITY caseIgnoreMatch 94 SUBSTR caseIgnoreSubstringsMatch 95 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) 96 97attributetype ( 1.3.6.1.4.1.7165.2.1.17 NAME 'smbHome' 98 DESC 'smbHome' 99 EQUALITY caseIgnoreMatch 100 SUBSTR caseIgnoreSubstringsMatch 101 SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) 102 103attributetype ( 1.3.6.1.4.1.7165.2.1.18 NAME 'domain' 104 DESC 'Windows NT domain to which the user belongs' 105 EQUALITY caseIgnoreIA5Match 106 SUBSTR caseIgnoreIA5SubstringsMatch 107 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) 108 109## 110## user and group RID 111## 112attributetype ( 1.3.6.1.4.1.7165.2.1.14 NAME 'rid' 113 DESC 'NT rid' 114 EQUALITY integerMatch 115 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 116 117attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID' 118 DESC 'NT Group RID' 119 EQUALITY integerMatch 120 SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) 121 122## 123## The smbPasswordEntry objectclass has been depreciated in favor of the 124## sambaAccount objectclass 125## 126#objectclass ( 1.3.6.1.4.1.7165.2.2.1 NAME 'smbPasswordEntry' SUP top AUXILIARY 127# DESC 'Samba smbpasswd entry' 128# MUST ( uid $ uidNumber ) 129# MAY ( lmPassword $ ntPassword $ pwdLastSet $ acctFlags )) 130 131#objectclass ( 1.3.6.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL 132# DESC 'Samba Account' 133# MUST ( uid $ rid ) 134# MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $ 135# logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $ 136# displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $ 137# description $ userWorkstations $ primaryGroupID $ domain )) 138 139## The X.500 data model (and therefore LDAPv3) says that each entry can 140## only have one structural objectclass. OpenLDAP 2.0 does not enforce 141## this currently but will in v2.1 142 143objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY 144 DESC 'Samba Auxilary Account' 145 MUST ( uid $ rid ) 146 MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $ 147 logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $ 148 displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $ 149 description $ userWorkstations $ primaryGroupID $ domain )) 150 151## 152## Used for Winbind experimentation 153## 154#objectclass ( 1.3.6.1.4.1.7165.1.2.2.3 NAME 'uidPool' SUP top AUXILIARY 155# DESC 'Pool for allocating UNIX uids' 156# MUST ( uidNumber $ cn ) ) 157 158#objectclass ( 1.3.6.1.4.1.7165.1.2.2.4 NAME 'gidPool' SUP top AUXILIARY 159# DESC 'Pool for allocating UNIX gids' 160# MUST ( gidNumber $ cn ) ) 161 162## 163## SID, of any type 164## 165 166attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' 167 DESC 'Security ID' 168 EQUALITY caseIgnoreIA5Match 169 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) 170 171 172## 173## Primary group SID, compatible with ntSid 174## 175 176attributetype ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID' 177 DESC 'Primary Group Security ID' 178 EQUALITY caseIgnoreIA5Match 179 SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) 180