1##
2## schema file for OpenLDAP 2.0.x
3## Schema for storing Samba's smbpasswd file in LDAP
4## OIDs are owned by the Samba Team
5##
6## Prerequisite schemas - uid (cosine.schema)
7##                      - displayName (inetorgperson.schema)
8##
9## 1.3.6.1.4.1.7165.2.1.x - attributetypes
10## 1.3.6.1.4.1.7165.2.2.x - objectclasses
11##
12
13##
14## Password hashes
15##
16attributetype ( 1.3.6.1.4.1.7165.2.1.1 NAME 'lmPassword'
17	DESC 'LanManager Passwd'
18	EQUALITY caseIgnoreIA5Match
19	SUBSTR caseIgnoreIA5SubstringsMatch
20	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
21
22attributetype ( 1.3.6.1.4.1.7165.2.1.2 NAME 'ntPassword'
23	DESC 'NT Passwd'
24	EQUALITY caseIgnoreIA5Match
25	SUBSTR caseIgnoreIA5SubstringsMatch
26	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
27
28##
29## Account flags in string format ([UWDX     ])
30##
31attributetype ( 1.3.6.1.4.1.7165.2.1.4 NAME 'acctFlags'
32	DESC 'Account Flags'
33	EQUALITY caseIgnoreIA5Match
34	SUBSTR caseIgnoreIA5SubstringsMatch
35	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
36
37## 
38## Password timestamps & policies
39##
40attributetype ( 1.3.6.1.4.1.7165.2.1.3 NAME 'pwdLastSet'
41	DESC 'NT pwdLastSet'
42	EQUALITY integerMatch
43	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
44
45attributetype ( 1.3.6.1.4.1.7165.2.1.5 NAME 'logonTime'
46	DESC 'NT logonTime'
47	EQUALITY integerMatch
48	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
49
50attributetype ( 1.3.6.1.4.1.7165.2.1.6 NAME 'logoffTime'
51	DESC 'NT logoffTime'
52	EQUALITY integerMatch
53	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
54
55attributetype ( 1.3.6.1.4.1.7165.2.1.7 NAME 'kickoffTime'
56	DESC 'NT kickoffTime'
57	EQUALITY integerMatch
58	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
59
60attributetype ( 1.3.6.1.4.1.7165.2.1.8 NAME 'pwdCanChange'
61	DESC 'NT pwdCanChange'
62	EQUALITY integerMatch
63	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
64
65attributetype ( 1.3.6.1.4.1.7165.2.1.9 NAME 'pwdMustChange'
66	DESC 'NT pwdMustChange'
67	EQUALITY integerMatch
68	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
69
70##
71## string settings
72##
73attributetype ( 1.3.6.1.4.1.7165.2.1.10 NAME 'homeDrive'
74	DESC 'NT homeDrive'
75	EQUALITY caseIgnoreIA5Match
76	SUBSTR caseIgnoreIA5SubstringsMatch
77	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
78
79attributetype ( 1.3.6.1.4.1.7165.2.1.11 NAME 'scriptPath'
80	DESC 'NT scriptPath'
81	EQUALITY caseIgnoreMatch
82	SUBSTR caseIgnoreSubstringsMatch
83	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
84
85attributetype ( 1.3.6.1.4.1.7165.2.1.12 NAME 'profilePath'
86	DESC 'NT profilePath'
87	EQUALITY caseIgnoreMatch
88	SUBSTR caseIgnoreSubstringsMatch
89	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
90
91attributetype ( 1.3.6.1.4.1.7165.2.1.13 NAME 'userWorkstations'
92	DESC 'userWorkstations'
93	EQUALITY caseIgnoreMatch
94	SUBSTR caseIgnoreSubstringsMatch
95	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
96
97attributetype ( 1.3.6.1.4.1.7165.2.1.17 NAME 'smbHome'
98	DESC 'smbHome'
99	EQUALITY caseIgnoreMatch
100	SUBSTR caseIgnoreSubstringsMatch
101	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
102
103attributetype ( 1.3.6.1.4.1.7165.2.1.18 NAME 'domain'
104	DESC 'Windows NT domain to which the user belongs'
105	EQUALITY caseIgnoreIA5Match
106	SUBSTR caseIgnoreIA5SubstringsMatch
107	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
108
109##
110## user and group RID
111##
112attributetype ( 1.3.6.1.4.1.7165.2.1.14 NAME 'rid'
113	DESC 'NT rid'
114	EQUALITY integerMatch
115	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
116
117attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID'
118	DESC 'NT Group RID'
119	EQUALITY integerMatch
120	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
121
122##
123## The smbPasswordEntry objectclass has been depreciated in favor of the
124## sambaAccount objectclass
125##
126#objectclass ( 1.3.6.1.4.1.7165.2.2.1 NAME 'smbPasswordEntry' SUP top AUXILIARY
127#        DESC 'Samba smbpasswd entry'
128#        MUST ( uid $ uidNumber )
129#        MAY  ( lmPassword $ ntPassword $ pwdLastSet $ acctFlags ))
130
131#objectclass ( 1.3.6.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
132#	DESC 'Samba Account'
133#	MUST ( uid $ rid ) 
134#	MAY  ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
135#               logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $ 
136#               displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
137#               description $ userWorkstations $ primaryGroupID $ domain ))
138
139## The X.500 data model (and therefore LDAPv3) says that each entry can 
140## only have one structural objectclass.  OpenLDAP 2.0 does not enforce 
141## this currently but will in v2.1
142
143objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY
144	DESC 'Samba Auxilary Account'
145	MUST ( uid $ rid ) 
146	MAY  ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
147               logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $ 
148               displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
149               description $ userWorkstations $ primaryGroupID $ domain ))
150
151##
152## Used for Winbind experimentation
153##
154#objectclass ( 1.3.6.1.4.1.7165.1.2.2.3 NAME 'uidPool' SUP top AUXILIARY
155#	DESC 'Pool for allocating UNIX uids'
156#	MUST ( uidNumber $ cn ) )
157
158#objectclass ( 1.3.6.1.4.1.7165.1.2.2.4 NAME 'gidPool' SUP top AUXILIARY
159#	DESC 'Pool for allocating UNIX gids'
160#	MUST ( gidNumber $ cn ) )
161
162##
163## SID, of any type
164##
165
166attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID'
167        DESC 'Security ID'
168        EQUALITY caseIgnoreIA5Match
169        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
170
171
172##
173## Primary group SID, compatible with ntSid
174##
175
176attributetype ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID'
177        DESC 'Primary Group Security ID'
178        EQUALITY caseIgnoreIA5Match
179        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
180