1#
2# Preliminary Apple OS X Native LDAP Schema
3# This file is subject to change.
4#
5
6#
7# Container structural object class.
8#
9#objectclass (
10#	1.2.840.113556.1.3.23
11#	NAME 'container'
12#	SUP top
13#	STRUCTURAL
14#	MUST ( cn ) )
15
16#
17# Time to live
18#
19attributetype (
20	1.3.6.1.4.1.250.1.60
21	NAME 'ttl'
22	EQUALITY integerMatch
23	SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )
24
25objectclass (
26	1.3.6.1.4.1.250.3.18 
27	NAME 'cacheObject' 
28	AUXILIARY 
29	SUP top
30	DESC 'Auxiliary object class to hold TTL caching information'
31	MAY ( ttl ) )
32
33#
34# User attributes 1.3.6.1.4.1.63.1000.1.1.1.1
35#
36attributetype (
37	1.3.6.1.4.1.63.1000.1.1.1.1.6
38	NAME 'apple-user-homeurl'
39	DESC 'home directory URL'
40	EQUALITY caseExactIA5Match
41	SUBSTR caseExactIA5SubstringsMatch
42	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
43
44attributetype (
45	1.3.6.1.4.1.63.1000.1.1.1.1.7
46	NAME 'apple-user-class'
47	DESC 'user class'
48	EQUALITY caseExactIA5Match
49	SUBSTR caseExactIA5SubstringsMatch
50	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
51
52attributetype (
53	1.3.6.1.4.1.63.1000.1.1.1.1.8
54	NAME 'apple-user-homequota'
55	DESC 'home directory quota'
56	EQUALITY caseExactIA5Match
57	SUBSTR caseExactIA5SubstringsMatch
58	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
59
60attributetype (
61	1.3.6.1.4.1.63.1000.1.1.1.1.9
62	NAME 'apple-user-mailattribute'
63	DESC 'mail attribute'
64	EQUALITY caseExactMatch
65	SUBSTR caseExactSubstringsMatch
66	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
67
68attributetype (
69	1.3.6.1.4.1.63.1000.1.1.1.1.10
70	NAME 'apple-mcxflags'
71	DESC 'mcx flags'
72	EQUALITY caseExactMatch
73	SUBSTR caseExactSubstringsMatch
74	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
75
76#attributetype (
77#	1.3.6.1.4.1.63.1000.1.1.1.1.11
78#	NAME 'apple-mcxsettings'
79#	DESC 'mcx settings'
80#	EQUALITY caseExactMatch
81#	SUBSTR caseExactSubstringsMatch
82#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
83attributetype (
84	1.3.6.1.4.1.63.1000.1.1.1.1.16
85	NAME ( 'apple-mcxsettings' 'apple-mcxsettings2' )
86	DESC 'mcx settings'
87	EQUALITY caseExactMatch
88	SUBSTR caseExactSubstringsMatch
89	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
90
91attributetype (
92	1.3.6.1.4.1.63.1000.1.1.1.1.12
93	NAME 'apple-user-picture'
94	DESC 'picture'
95	EQUALITY caseExactMatch
96	SUBSTR caseExactSubstringsMatch
97	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
98
99attributetype (
100	1.3.6.1.4.1.63.1000.1.1.1.1.13
101	NAME 'apple-user-printattribute'
102	DESC 'print attribute'
103	EQUALITY caseExactMatch
104	SUBSTR caseExactSubstringsMatch
105	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
106
107attributetype (
108	1.3.6.1.4.1.63.1000.1.1.1.1.14
109	NAME 'apple-user-adminlimits'
110	DESC 'admin limits'
111	EQUALITY caseExactMatch
112	SUBSTR caseExactSubstringsMatch
113	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
114
115attributetype (
116        1.3.6.1.4.1.63.1000.1.1.1.1.15
117        NAME 'apple-user-authenticationhint'
118        DESC 'password hint'
119        EQUALITY caseExactMatch
120        SUBSTR caseExactSubstringsMatch
121        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
122
123attributetype (
124	1.3.6.1.4.1.63.1000.1.1.1.1.17
125	NAME 'apple-user-homesoftquota'
126	DESC 'home directory soft quota'
127	EQUALITY caseExactIA5Match
128	SUBSTR caseExactIA5SubstringsMatch
129	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
130
131attributetype (
132        1.3.6.1.4.1.63.1000.1.1.1.1.18
133        NAME 'apple-user-passwordpolicy'
134        DESC 'password policy options'
135        EQUALITY caseExactMatch
136        SUBSTR caseExactSubstringsMatch
137        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
138
139attributetype (
140	1.3.6.1.4.1.63.1000.1.1.1.1.19
141	NAME ( 'apple-keyword' )
142	DESC 'keywords'
143	EQUALITY caseExactMatch
144	SUBSTR caseExactSubstringsMatch
145	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
146
147attributetype (
148	1.3.6.1.4.1.63.1000.1.1.1.1.20
149	NAME ( 'apple-generateduid' )
150	DESC 'generated unique ID'
151	EQUALITY caseExactMatch
152	SUBSTR caseExactSubstringsMatch
153	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
154
155attributetype (
156	1.3.6.1.4.1.63.1000.1.1.1.1.21
157	NAME ( 'apple-imhandle' )
158	DESC 'IM handle (service:account name)'
159	EQUALITY caseExactMatch
160	SUBSTR caseExactSubstringsMatch
161	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
162
163attributetype (
164	1.3.6.1.4.1.63.1000.1.1.1.1.22
165	NAME ( 'apple-webloguri' )
166	DESC 'Weblog URI'
167	EQUALITY caseIgnoreMatch
168	SUBSTR caseExactSubstringsMatch
169	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
170
171attributetype (
172	1.3.6.1.4.1.63.1000.1.1.1.1.23
173	NAME ( 'apple-mapcoordinates' )
174	DESC 'Map Coordinates'
175	EQUALITY caseExactIA5Match
176	SUBSTR caseExactIA5SubstringsMatch
177	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
178
179attributetype (
180	1.3.6.1.4.1.63.1000.1.1.1.1.24
181	NAME ( 'apple-postaladdresses' )
182	DESC 'Postal Addresses'
183	EQUALITY caseExactIA5Match
184	SUBSTR caseExactIA5SubstringsMatch
185	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
186
187attributetype (
188	1.3.6.1.4.1.63.1000.1.1.1.1.25
189	NAME ( 'apple-phonecontacts' )
190	DESC 'Phone Contacts'
191	EQUALITY caseExactIA5Match
192	SUBSTR caseExactIA5SubstringsMatch
193	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
194
195attributetype (
196	1.3.6.1.4.1.63.1000.1.1.1.1.26
197	NAME ( 'apple-emailcontacts' )
198	DESC 'EMail Contacts'
199	EQUALITY caseExactIA5Match
200	SUBSTR caseExactIA5SubstringsMatch
201	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
202
203attributetype (
204	1.3.6.1.4.1.63.1000.1.1.1.1.27
205	NAME ( 'apple-birthday' )
206	DESC 'Birthday'
207	EQUALITY generalizedTimeMatch
208	SUBSTR caseExactIA5SubstringsMatch
209	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
210
211attributetype (
212	1.3.6.1.4.1.63.1000.1.1.1.1.28
213	NAME ( 'apple-relationships' )
214	DESC 'Relationships'
215	EQUALITY caseExactMatch
216	SUBSTR caseExactSubstringsMatch
217	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
218
219attributetype (
220	1.3.6.1.4.1.63.1000.1.1.1.1.29
221	NAME ( 'apple-company' )
222	DESC 'company'
223	EQUALITY caseIgnoreMatch
224	SUBSTR caseExactSubstringsMatch
225	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
226
227attributetype (
228	1.3.6.1.4.1.63.1000.1.1.1.1.30
229	NAME ( 'apple-nickname' )
230	DESC 'nickname'
231	EQUALITY caseExactMatch
232	SUBSTR caseExactSubstringsMatch
233	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
234
235attributetype (
236	1.3.6.1.4.1.63.1000.1.1.1.1.31
237	NAME ( 'apple-mapuri' )
238	DESC 'Map URI'
239	EQUALITY caseExactIA5Match
240	SUBSTR caseExactIA5SubstringsMatch
241	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
242
243attributetype (
244	1.3.6.1.4.1.63.1000.1.1.1.1.32
245	NAME ( 'apple-mapguid' )
246	DESC 'map GUID'
247	EQUALITY caseExactMatch
248	SUBSTR caseExactSubstringsMatch
249	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
250
251attributetype (
252	1.3.6.1.4.1.63.1000.1.1.1.1.33
253	NAME ( 'apple-serviceslocator' )
254	DESC 'Calendar Principal URI'
255	EQUALITY caseExactMatch
256	SUBSTR caseExactSubstringsMatch
257	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
258
259attributetype (
260	1.3.6.1.4.1.63.1000.1.1.1.1.34
261	NAME 'apple-organizationinfo'
262	DESC 'Originization Info data'
263	EQUALITY caseExactMatch
264	SUBSTR caseExactSubstringsMatch
265	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15  )
266
267attributetype (
268	1.3.6.1.4.1.63.1000.1.1.1.1.35
269	NAME ( 'apple-namesuffix' )
270	DESC 'namesuffix'
271	EQUALITY caseExactMatch
272	SUBSTR caseExactSubstringsMatch
273	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
274
275attributetype (
276	1.3.6.1.4.1.63.1000.1.1.1.1.36
277	NAME ( 'apple-primarycomputerlist' )
278	DESC 'primary computer list'
279	EQUALITY caseExactMatch
280	SUBSTR caseExactSubstringsMatch
281	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
282
283attributetype (
284        1.3.6.1.4.1.63.1000.1.1.1.1.37
285        NAME 'apple-user-passwordpolicy-effective'
286        DESC 'password effective policy options'
287        EQUALITY caseExactMatch
288        SUBSTR caseExactSubstringsMatch
289        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
290
291attributetype (
292	1.3.6.1.4.1.63.1000.1.1.1.1.38
293	NAME ( 'apple-profiles' )
294	DESC 'profile settings'
295	SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
296
297attributetype (
298	1.3.6.1.4.1.63.1000.1.1.1.1.39
299	NAME ( 'apple-profiles-timestamp' )
300	DESC 'profile timestamp settings'
301	EQUALITY generalizedTimeMatch
302	ORDERING generalizedTimeOrderingMatch
303	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
304
305attributetype (
306	1.3.6.1.4.1.63.1000.1.1.1.1.40
307	NAME 'apple-accountpolicy'
308	DESC 'account policy options'
309	EQUALITY caseExactMatch
310	SUBSTR caseExactSubstringsMatch
311	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
312
313attributetype ( 
314	1.3.6.1.4.1.63.1000.1.1.1.1.41
315  NAME 'lastFailedLoginTime'
316  EQUALITY generalizedTimeMatch
317  SYNTAX '1.3.6.1.4.1.1466.115.121.1.24'
318  SINGLE-VALUE )
319
320attributetype (
321	1.3.6.1.4.1.63.1000.1.1.1.1.42
322	NAME 'apple-authenticationAllowed'
323	DESC 'account policy APAuthenticationAllowed proxy'
324	EQUALITY caseExactMatch
325	SUBSTR caseExactSubstringsMatch
326	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
327
328attributetype (
329	1.3.6.1.4.1.63.1000.1.1.1.1.43
330	NAME 'apple-passwordChangeAllowed'
331	DESC 'account policy APPasswordChangeAllowed proxy'
332	EQUALITY caseExactMatch
333	SUBSTR caseExactSubstringsMatch
334	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
335
336attributetype (
337	1.3.6.1.4.1.63.1000.1.1.1.1.44
338	NAME 'apple-willPasswordExpire'
339	DESC 'account policy APWillPasswordExpire proxy'
340	EQUALITY caseExactMatch
341	SUBSTR caseExactSubstringsMatch
342	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
343
344attributetype (
345	1.3.6.1.4.1.63.1000.1.1.1.1.45
346	NAME 'apple-willAuthenticationsExpire'
347	DESC 'account policy APWillAuthenticationsExpire proxy'
348	EQUALITY caseExactMatch
349	SUBSTR caseExactSubstringsMatch
350	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
351
352attributetype (
353	1.3.6.1.4.1.63.1000.1.1.1.1.46
354	NAME 'apple-secondsUntilPasswordExpires'
355	DESC 'account policy APSecondsUntilPasswordExpiration proxy'
356	EQUALITY caseExactMatch
357	SUBSTR caseExactSubstringsMatch
358	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
359
360attributetype (
361	1.3.6.1.4.1.63.1000.1.1.1.1.47
362	NAME 'apple-secondsUntilAuthenticationsExpire'
363	DESC 'account policy APSecondsUntilAuthenticationExpiration proxy'
364	EQUALITY caseExactMatch
365	SUBSTR caseExactSubstringsMatch
366	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
367
368# Alternative to using homeDirectory from RFC 2307.
369#attributetype (
370#        1.3.6.1.4.1.63.1000.1.1.1.1.100
371#        NAME 'apple-user-homeDirectory'
372#        DESC 'The absolute path to the home directory'
373#        EQUALITY caseExactIA5Match
374#        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
375
376#
377# User object class.
378#
379objectclass (
380	1.3.6.1.4.1.63.1000.1.1.2.1
381	NAME 'apple-user'
382	SUP top
383	AUXILIARY
384	DESC 'apple user account'
385	MAY ( apple-user-homeurl $ apple-user-class $
386		apple-user-homequota $ apple-user-mailattribute $
387		apple-user-printattribute $ apple-mcxflags $
388		apple-mcxsettings $ apple-user-adminlimits $
389		apple-user-picture $ apple-user-authenticationhint $ 
390		apple-user-homesoftquota $ apple-user-passwordpolicy $ apple-accountpolicy $
391		apple-keyword $ apple-generateduid $ apple-imhandle $ apple-webloguri $
392		authAuthority $ acctFlags $ pwdLastSet $ logonTime $ 
393		logoffTime $ kickoffTime $ homeDrive $ scriptPath $ 
394		profilePath $ userWorkstations $ smbHome $ rid $ 
395		primaryGroupID $ sambaSID $ sambaPrimaryGroupSID $ 
396		userCertificate $ userPKCS12 $ jpegPhoto $ apple-nickname $ apple-namesuffix $
397		apple-birthday $ apple-relationships $ apple-organizationinfo $
398		apple-phonecontacts $ apple-emailcontacts $ apple-postaladdresses $
399		apple-mapcoordinates $ apple-mapuri $ apple-mapguid $ apple-serviceslocator $
400		altSecurityIdentities ) )
401
402#
403# Group attributes 1.3.6.1.4.1.63.1000.1.1.1.14
404#
405attributetype (
406	1.3.6.1.4.1.63.1000.1.1.1.14.1
407	NAME 'apple-group-homeurl'
408	DESC 'group home url'
409	EQUALITY caseExactIA5Match
410	SUBSTR caseExactIA5SubstringsMatch
411	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
412
413attributetype (
414	1.3.6.1.4.1.63.1000.1.1.1.14.2
415	NAME 'apple-group-homeowner'
416	DESC 'group home owner settings'
417	EQUALITY caseExactIA5Match
418	SUBSTR caseExactIA5SubstringsMatch
419	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
420
421attributetype (
422	1.3.6.1.4.1.63.1000.1.1.1.14.5
423	NAME 'apple-group-realname'
424	DESC 'group real name'
425	EQUALITY caseIgnoreMatch
426	SUBSTR caseIgnoreSubstringsMatch
427	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
428	
429attributetype (
430	1.3.6.1.4.1.63.1000.1.1.1.14.6
431	NAME 'apple-group-nestedgroup'
432	DESC 'group real name'
433	EQUALITY caseExactMatch
434	SUBSTR caseExactSubstringsMatch
435	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
436
437attributetype (
438	1.3.6.1.4.1.63.1000.1.1.1.14.7
439	NAME 'apple-group-memberguid'
440	DESC 'group real name'
441	EQUALITY caseExactMatch
442	SUBSTR caseExactSubstringsMatch
443	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
444
445attributetype (
446	1.3.6.1.4.1.63.1000.1.1.1.14.8
447	NAME 'apple-group-services'
448	DESC 'group services'
449	EQUALITY caseExactMatch
450	SUBSTR caseExactSubstringsMatch
451	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
452
453# Alternative to using memberUid from RFC 2307.
454#attributetype (
455#	1.3.6.1.4.1.63.1000.1.1.1.14.1000
456#	NAME 'apple-group-memberUid'
457#	DESC 'group member list'
458#	EQUALITY caseExactIA5Match
459#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
460# can also use OID 1.3.6.1.4.1.63.1000.1.1.2.1000
461
462attributetype (
463	1.3.6.1.4.1.63.1000.1.1.1.14.9
464	NAME ( 'apple-contactguid' )
465	DESC 'contact GUID'
466	EQUALITY caseExactMatch
467	SUBSTR caseExactSubstringsMatch
468	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
469
470attributetype (
471	1.3.6.1.4.1.63.1000.1.1.1.14.10
472	NAME ( 'apple-ownerguid' )
473	DESC 'owner GUID'
474	EQUALITY caseExactMatch
475	SUBSTR caseExactSubstringsMatch
476	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
477
478attributetype (
479	1.3.6.1.4.1.63.1000.1.1.1.14.11
480	NAME ( 'apple-primarycomputerguid' )
481	DESC 'primary computer GUID'
482	EQUALITY caseExactMatch
483	SUBSTR caseExactSubstringsMatch
484	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
485
486attributetype (
487	1.3.6.1.4.1.63.1000.1.1.1.14.12
488	NAME 'apple-group-expandednestedgroup'
489	DESC 'expanded nested group list'
490	EQUALITY caseExactMatch
491	SUBSTR caseExactSubstringsMatch
492	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
493
494attributetype (
495	1.3.6.1.4.1.63.1000.1.1.1.14.13
496	NAME 'apple-selfwrite'
497	DESC 'selfwrite flag'
498	EQUALITY caseExactMatch
499	SUBSTR caseExactSubstringsMatch
500	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
501
502attributetype (
503	1.3.6.1.4.1.63.1000.1.1.1.14.14
504	NAME 'apple-locale-relay'
505	DESC 'designated locale relay server for replication'
506	EQUALITY caseExactMatch 
507	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
508	
509attributetype (
510	1.3.6.1.4.1.63.1000.1.1.1.14.15
511	NAME 'apple-locale-subnets'
512	DESC 'subnets associated with a locale'
513	EQUALITY caseExactMatch 
514	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
515	
516#
517# Group auxiliary object class.
518#
519objectclass (
520	1.3.6.1.4.1.63.1000.1.1.2.14
521	NAME 'apple-group'
522	SUP top
523	AUXILIARY
524	DESC 'group account'
525	MAY ( apple-group-homeurl $
526	      apple-group-homeowner $
527	      apple-mcxflags $
528	      apple-mcxsettings $
529	      apple-group-realname $
530	      apple-user-picture $
531	      apple-keyword $
532	      apple-generateduid $
533	      apple-group-nestedgroup $
534	      apple-group-memberguid $
535	      mail $
536	      rid $
537	      sambaSID $
538	      ttl $
539	      jpegPhoto $
540	      apple-group-services $
541	      apple-contactguid $
542	      apple-ownerguid $
543	      labeledURI $
544		  apple-locale-relay $
545		  apple-locale-subnets $
546	      apple-serviceslocator ) )
547
548#
549# Machine attributes 1.3.6.1.4.1.63.1000.1.1.1.3
550#
551attributetype (
552	1.3.6.1.4.1.63.1000.1.1.1.3.8
553	NAME 'apple-machine-software'
554	DESC 'installed system software'
555	EQUALITY caseIgnoreIA5Match
556	SUBSTR caseIgnoreIA5SubstringsMatch
557	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
558
559attributetype (
560	1.3.6.1.4.1.63.1000.1.1.1.3.9
561	NAME 'apple-machine-hardware'
562	DESC 'system hardware description'
563	EQUALITY caseIgnoreIA5Match
564	SUBSTR caseIgnoreIA5SubstringsMatch
565	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
566
567attributeType ( 
568	1.3.6.1.4.1.63.1000.1.1.1.3.10
569	NAME 'apple-machine-serves'
570	DESC 'NetInfo Domain Server Binding'
571	EQUALITY caseExactIA5Match
572	SUBSTR caseExactIA5SubstringsMatch
573	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
574
575attributeType ( 
576	1.3.6.1.4.1.63.1000.1.1.1.3.11
577	NAME 'apple-machine-suffix'
578	DESC 'DIT suffix'
579	EQUALITY caseIgnoreMatch
580	SUBSTR caseIgnoreSubstringsMatch
581	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
582
583attributeType ( 
584	1.3.6.1.4.1.63.1000.1.1.1.3.12
585	NAME 'apple-machine-contactperson'
586	DESC 'Name of contact person/owner of this machine'
587	EQUALITY caseIgnoreMatch
588	SUBSTR caseIgnoreSubstringsMatch
589	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
590
591#
592# for backward compatibility with directory-based schema from Tiger
593#
594
595attributeType (
596	1.3.6.1.4.1.63.1000.1.1.1.22.1
597	NAME 'attributeTypesConfig'
598	DESC 'RFC2252: attribute types'
599	EQUALITY caseExactMatch
600	SUBSTR caseExactSubstringsMatch
601	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
602		
603attributeType (
604	1.3.6.1.4.1.63.1000.1.1.1.22.2
605	NAME 'objectClassesConfig'
606	EQUALITY caseExactMatch
607	SUBSTR caseExactSubstringsMatch
608	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
609
610#
611# Machine auxiliary object class.
612#
613objectclass (
614	1.3.6.1.4.1.63.1000.1.1.2.3
615	NAME 'apple-machine'
616	SUP top
617	AUXILIARY
618	MAY ( apple-machine-software $
619	      apple-machine-hardware $
620	      apple-machine-serves $
621	      apple-machine-suffix $
622		  apple-machine-contactperson ) )
623
624#
625# Mount attributes 1.3.6.1.4.1.63.1000.1.1.1.8
626#
627attributetype (
628	1.3.6.1.4.1.63.1000.1.1.1.8.1
629	NAME 'mountDirectory'
630	DESC 'mount path'
631	EQUALITY caseExactMatch
632	SUBSTR caseExactSubstringsMatch
633	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
634
635attributetype (
636	1.3.6.1.4.1.63.1000.1.1.1.8.2
637	NAME 'mountType'
638	DESC 'mount VFS type'
639	EQUALITY caseIgnoreIA5Match
640	SUBSTR caseIgnoreIA5SubstringsMatch
641	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
642
643attributetype (
644	1.3.6.1.4.1.63.1000.1.1.1.8.3
645	NAME 'mountOption'
646	DESC 'mount options'
647	EQUALITY caseIgnoreIA5Match
648	SUBSTR caseIgnoreIA5SubstringsMatch
649	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
650
651attributetype (
652	1.3.6.1.4.1.63.1000.1.1.1.8.4
653	NAME 'mountDumpFrequency'
654	DESC 'mount dump frequency'
655	EQUALITY caseIgnoreIA5Match
656	SUBSTR caseIgnoreIA5SubstringsMatch
657	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
658
659attributetype (
660	1.3.6.1.4.1.63.1000.1.1.1.8.5
661	NAME 'mountPassNo'
662	DESC 'mount passno'
663	EQUALITY caseIgnoreIA5Match
664	SUBSTR caseIgnoreIA5SubstringsMatch
665	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
666		
667# Alternative to using 'cn' when adding mount record schema to other LDAP servers
668#attributetype ( 
669#	1.3.6.1.4.1.63.1000.1.1.1.8.100
670#	NAME ( 'apple-mount-name' )
671#	DESC 'mount name'
672#	SUP name )
673
674#
675# Mount object 1.3.6.1.4.1.63.1000.1.1.2.8
676#
677objectclass (
678	1.3.6.1.4.1.63.1000.1.1.2.8
679	NAME 'mount'
680	SUP top STRUCTURAL
681	MUST ( cn )
682	MAY ( mountDirectory $
683	      mountType $
684	      mountOption $
685	      mountDumpFrequency $
686	      mountPassNo ) )
687
688#
689# Printer attributes 1.3.6.1.4.1.63.1000.1.1.1.9
690#
691attributetype (
692	1.3.6.1.4.1.63.1000.1.1.1.9.1
693	NAME 'apple-printer-attributes'
694	DESC 'printer attributes in /etc/printcap format'
695	EQUALITY caseIgnoreIA5Match
696	SUBSTR caseIgnoreIA5SubstringsMatch
697	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
698
699attributetype (
700	1.3.6.1.4.1.63.1000.1.1.1.9.2
701	NAME 'apple-printer-lprhost'
702	DESC 'printer LPR host name'
703	EQUALITY caseIgnoreMatch
704	SUBSTR caseIgnoreSubstringsMatch
705	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
706
707attributetype (
708	1.3.6.1.4.1.63.1000.1.1.1.9.3
709	NAME 'apple-printer-lprqueue'
710	DESC 'printer LPR queue'
711	EQUALITY caseIgnoreMatch
712	SUBSTR caseIgnoreSubstringsMatch
713	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
714
715attributetype (
716	1.3.6.1.4.1.63.1000.1.1.1.9.4
717	NAME 'apple-printer-type'
718	DESC 'printer type'
719	EQUALITY caseIgnoreMatch
720	SUBSTR caseIgnoreSubstringsMatch
721	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
722
723attributetype (
724	1.3.6.1.4.1.63.1000.1.1.1.9.5
725	NAME 'apple-printer-note'
726	DESC 'printer note'
727	EQUALITY caseIgnoreMatch
728	SUBSTR caseIgnoreSubstringsMatch
729	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
730
731#
732# Printer object 1.3.6.1.4.1.63.1000.1.1.2.9
733#
734objectclass (
735	1.3.6.1.4.1.63.1000.1.1.2.9
736	NAME 'apple-printer'
737	SUP top STRUCTURAL
738	MUST ( cn )
739	MAY ( apple-printer-attributes $
740	      apple-printer-lprhost $
741              apple-printer-lprqueue $
742              apple-printer-type $
743              apple-printer-note ) )
744
745#
746# Computer attributes 1.3.6.1.4.1.63.1000.1.1.1.10
747#
748
749attributetype (
750	1.3.6.1.4.1.63.1000.1.1.1.10.2
751	NAME 'apple-realname'
752	DESC 'real name'
753	EQUALITY caseIgnoreMatch
754	SUBSTR caseExactSubstringsMatch
755	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
756
757attributetype (
758	1.3.6.1.4.1.63.1000.1.1.1.10.3
759	NAME 'apple-networkview'
760	DESC 'Network view for the computer'
761	EQUALITY caseExactMatch
762	SUBSTR caseExactSubstringsMatch
763	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
764
765attributetype (
766	1.3.6.1.4.1.63.1000.1.1.1.10.4
767	NAME 'apple-category'
768	DESC 'Category for the computer or neighborhood'
769	EQUALITY caseExactMatch
770	SUBSTR caseExactSubstringsMatch
771	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
772
773attributetype (
774	1.3.6.1.4.1.63.1000.1.1.1.10.5
775	NAME 'apple-srv'
776	DESC 'List of services to advertize via srv records'
777	EQUALITY caseExactMatch
778	SUBSTR caseExactSubstringsMatch
779	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
780	
781attributetype (
782	1.3.6.1.4.1.63.1000.1.1.1.10.6
783	NAME 'apple-primary-locale'
784	DESC 'primary locale for replication'
785	EQUALITY caseExactMatch
786	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )	
787	
788attributetype (
789	1.3.6.1.4.1.63.1000.1.1.1.10.7
790	NAME 'apple-parentlocales'
791	DESC 'parent locale'
792	EQUALITY caseExactMatch 
793	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
794	
795attributetype (
796	1.3.6.1.4.1.63.1000.1.1.1.10.8
797	NAME 'apple-networkinterfaces'
798	DESC 'list of available network interfaces'
799	EQUALITY caseExactMatch 
800	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )	
801	
802#
803# Computer list attributes 1.3.6.1.4.1.63.1000.1.1.1.11
804#
805
806attributetype (
807	1.3.6.1.4.1.63.1000.1.1.1.11.3
808	NAME 'apple-computers'
809	DESC 'computers'
810	EQUALITY caseExactMatch
811	SUBSTR caseExactSubstringsMatch
812	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
813
814attributetype (
815        1.3.6.1.4.1.63.1000.1.1.1.11.4
816        NAME 'apple-computer-list-groups'
817        DESC 'groups'
818        EQUALITY caseExactMatch
819        SUBSTR caseExactSubstringsMatch
820        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
821
822#
823# XML plist attribute 1.3.6.1.4.1.63.1000.1.1.1.17.1
824#
825attributetype (
826        1.3.6.1.4.1.63.1000.1.1.1.17.1
827        NAME 'apple-xmlplist'
828        DESC 'XML plist data'
829        EQUALITY caseExactMatch
830        SUBSTR caseExactSubstringsMatch
831        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
832
833#
834# Service URL attributes 1.3.6.1.4.1.63.1000.1.1.1.19.2
835#
836attributetype (
837       1.3.6.1.4.1.63.1000.1.1.1.19.2
838       NAME 'apple-service-url'
839       DESC 'URL of service'
840       EQUALITY caseExactIA5Match
841       SUBSTR caseExactIA5SubstringsMatch
842       SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
843#
844# Service Info attributes 1.3.6.1.4.1.63.1000.1.1.1.19.6
845#
846attributetype (
847		1.3.6.1.4.1.63.1000.1.1.1.19.6
848		NAME 'apple-serviceinfo'
849		DESC 'service related information'
850		EQUALITY caseExactMatch
851		SUBSTR caseExactSubstringsMatch
852		SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
853
854attributetype (
855		1.3.6.1.4.1.63.1000.1.1.1.19.7
856		NAME 'apple-hwuuid'
857		DESC 'Hardware uuid of computer'
858		EQUALITY caseExactMatch
859		SUBSTR caseExactSubstringsMatch
860		SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
861
862attributetype (
863		1.3.6.1.4.1.63.1000.1.1.1.19.8
864		NAME 'apple-ldap-serverid'
865		DESC 'ID used by LDAP'
866		EQUALITY integerMatch
867		SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
868
869#
870# Computer object 1.3.6.1.4.1.63.1000.1.1.2.10
871#
872objectclass (
873	1.3.6.1.4.1.63.1000.1.1.2.10
874	NAME 'apple-computer'
875	DESC 'computer'
876	SUP top STRUCTURAL
877	MUST ( cn )
878	MAY ( apple-realname $
879	      description $
880	      macAddress $
881		  apple-category $
882	      apple-computer-list-groups $
883	      apple-keyword $
884	      apple-mcxflags $
885	      apple-mcxsettings $
886		  apple-networkview $
887		  apple-xmlplist $
888		  apple-service-url $
889		  apple-serviceinfo $
890		  apple-serviceslocator $
891  	      apple-primarycomputerlist $
892	      apple-ldap-serverid $
893	      authAuthority $
894		  uidNumber $ gidNumber $ apple-generateduid $ ttl $
895	      acctFlags $ pwdLastSet $ logonTime $
896	      logoffTime $ kickoffTime $ rid $ primaryGroupID $
897		  sambaSID $ sambaPrimaryGroupSID $
898		  owner $ apple-ownerguid $ apple-contactguid $
899		  ipHostNumber $ bootFile $ apple-hwuuid $ apple-srv $ 
900		  apple-primary-locale $ apple-parentlocales $ 
901		  apple-networkinterfaces $ userCertificate $ userPKCS12) )
902
903#
904# Computer list object 1.3.6.1.4.1.63.1000.1.1.2.11
905#
906objectclass (
907	1.3.6.1.4.1.63.1000.1.1.2.11
908	NAME 'apple-computer-list'
909	DESC 'computer list'
910	SUP top STRUCTURAL
911	MUST ( cn )
912	MAY ( apple-mcxflags $
913	      apple-mcxsettings $
914	      apple-computer-list-groups $
915	      apple-computers $
916	      apple-generateduid $
917	      apple-keyword ) )
918
919#
920# Configuration attributes 1.3.6.1.4.1.63.1000.1.1.1.12
921#
922attributetype (
923	1.3.6.1.4.1.63.1000.1.1.1.12.1
924	NAME 'apple-password-server-location'
925	DESC 'password server location'
926	EQUALITY caseExactIA5Match
927	SUBSTR caseExactIA5SubstringsMatch
928	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
929
930attributetype (
931	1.3.6.1.4.1.63.1000.1.1.1.12.2
932	NAME 'apple-data-stamp'
933	DESC 'data stamp'
934	EQUALITY caseExactIA5Match
935	SUBSTR caseExactIA5SubstringsMatch
936	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
937
938attributetype (
939	1.3.6.1.4.1.63.1000.1.1.1.12.3
940	NAME 'apple-config-realname'
941	DESC 'config real name'
942	EQUALITY caseExactIA5Match
943	SUBSTR caseExactIA5SubstringsMatch
944	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
945
946attributetype (
947	1.3.6.1.4.1.63.1000.1.1.1.12.4
948	NAME 'apple-password-server-list'
949	DESC 'password server replication plist'
950	EQUALITY caseExactMatch
951	SUBSTR caseExactSubstringsMatch
952	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
953
954attributetype (
955	1.3.6.1.4.1.63.1000.1.1.1.12.5
956	NAME 'apple-ldap-replica'
957	DESC 'LDAP replication list'
958	EQUALITY caseExactMatch
959	SUBSTR caseExactSubstringsMatch
960	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
961
962attributetype (
963	1.3.6.1.4.1.63.1000.1.1.1.12.6
964	NAME 'apple-ldap-writable-replica'
965	DESC 'LDAP writable replication list'
966	EQUALITY caseExactMatch
967	SUBSTR caseExactSubstringsMatch
968	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
969
970attributetype (
971	1.3.6.1.4.1.63.1000.1.1.1.12.7
972	NAME 'apple-kdc-authkey'
973	DESC 'KDC master key RSA encrypted with realm public key'
974	EQUALITY caseExactMatch
975	SUBSTR caseExactSubstringsMatch
976	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
977
978attributetype (
979	1.3.6.1.4.1.63.1000.1.1.1.12.8
980	NAME 'apple-kdc-configdata'
981	DESC 'Contents of the kdc.conf file'
982	EQUALITY caseExactMatch
983	SUBSTR caseExactSubstringsMatch
984	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
985
986attributetype (
987	1.3.6.1.4.1.63.1000.1.1.1.12.9
988	NAME 'apple-last-serverid'
989	DESC 'Last serverID used'
990	EQUALITY integerMatch
991	SYNTAX '1.3.6.1.4.1.1466.115.121.1.27'
992	SINGLE-VALUE )
993
994attributetype (	1.3.6.1.1.1.1.104
995	NAME 'apple-enabled-auth-mech'
996	DESC 'Enabled auth mechs'
997	EQUALITY caseIgnoreMatch
998	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
999
1000attributetype (	1.3.6.1.1.1.1.105
1001	NAME 'apple-disabled-auth-mech'
1002	DESC 'Disabled auth mechs'
1003	EQUALITY caseIgnoreMatch
1004	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
1005
1006#
1007# Configuration object 1.3.6.1.4.1.63.1000.1.1.2.12
1008#
1009objectclass (
1010	1.3.6.1.4.1.63.1000.1.1.2.12
1011	NAME 'apple-configuration'
1012	DESC 'configuration'
1013	SUP top STRUCTURAL 
1014	MAY ( cn $ apple-config-realname $ 
1015		apple-data-stamp $ apple-password-server-location $
1016		apple-password-server-list $ apple-ldap-replica $
1017		apple-ldap-writable-replica $ apple-keyword $
1018		apple-kdc-authkey $ apple-kdc-configdata $ apple-xmlplist $ ttl $
1019		apple-last-serverid $ apple-enabled-auth-mech $ apple-accountpolicy ) )
1020
1021#
1022# Preset computer list object class.
1023#
1024objectclass (
1025	1.3.6.1.4.1.63.1000.1.1.2.13
1026	NAME 'apple-preset-computer-list'
1027	DESC 'preset computer list'
1028	SUP top STRUCTURAL
1029	MUST ( cn )
1030	MAY ( apple-mcxflags $
1031	      apple-mcxsettings $
1032	      apple-computer-list-groups $
1033	      apple-keyword ) )
1034#
1035# Preset computer object class.
1036# 
1037
1038objectclass (
1039	1.3.6.1.4.1.63.1000.1.1.2.25
1040	NAME 'apple-preset-computer'
1041	DESC 'preset computer'
1042	SUP top STRUCTURAL
1043	MUST ( cn )
1044	MAY ( apple-mcxflags $
1045	      apple-mcxsettings $
1046		  apple-computer-list-groups $
1047	      apple-primarycomputerlist $
1048		  description $
1049		  apple-networkview $
1050	      apple-keyword ) )
1051#
1052# Preset computer group object class.
1053#AttributeTypes: 
1054objectclass (
1055	1.3.6.1.4.1.63.1000.1.1.2.26
1056	NAME 'apple-preset-computer-group'
1057	DESC 'preset computer group'
1058	SUP top STRUCTURAL
1059	MUST ( cn )
1060	MAY ( gidNumber $
1061	      memberUID $
1062		  apple-mcxflags $
1063	      apple-mcxsettings $
1064		  apple-group-nestedgroup $
1065		  apple-group-memberguid $
1066		  description $
1067	      jpegPhoto $
1068	      apple-keyword ) )
1069
1070#
1071# Preset group object 1.3.6.1.4.1.63.1000.1.1.3.14
1072#
1073objectclass (
1074	1.3.6.1.4.1.63.1000.1.1.3.14
1075	NAME 'apple-preset-group'
1076	DESC 'preset group'
1077	SUP top STRUCTURAL
1078	MUST ( cn )
1079	MAY ( memberUid $
1080	      gidNumber $
1081	      description $
1082	      apple-group-homeurl $
1083	      apple-group-homeowner $
1084	      apple-mcxflags $
1085	      apple-mcxsettings $
1086	      apple-group-realname $
1087	      apple-keyword $
1088	      apple-group-nestedgroup $
1089	      apple-group-memberguid $
1090	      ttl $
1091	      jpegPhoto $
1092	      apple-group-services $
1093	      labeledURI $
1094	      apple-serviceslocator ) )
1095
1096#
1097# Preset user object attributes 1.3.6.1.4.1.63.1000.1.1.1.15
1098#
1099attributetype (
1100	1.3.6.1.4.1.63.1000.1.1.1.15.1
1101	NAME 'apple-preset-user-is-admin'
1102	DESC 'flag indicating whether the preset user is an administrator'
1103	EQUALITY caseExactIA5Match
1104	SUBSTR caseExactIA5SubstringsMatch
1105	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
1106
1107#
1108# Preset user object 1.3.6.1.4.1.63.1000.1.1.2.15
1109#
1110objectclass (
1111	1.3.6.1.4.1.63.1000.1.1.2.15
1112	NAME 'apple-preset-user'
1113	DESC 'preset user'
1114	SUP top STRUCTURAL
1115	MUST ( cn )
1116	MAY ( uid $
1117	      memberUid $
1118	      apple-group-memberguid $
1119	      gidNumber $
1120	      homeDirectory $
1121	      apple-user-homeurl $
1122	      apple-user-homequota $
1123	      apple-user-homesoftquota $
1124	      apple-user-mailattribute $
1125	      apple-user-printattribute $
1126	      apple-mcxflags $
1127	      apple-mcxsettings $
1128	      apple-user-adminlimits $
1129	      apple-user-passwordpolicy $
1130	      userPassword $
1131	      apple-user-picture $
1132	      apple-keyword $
1133	      loginShell $
1134	      description $
1135	      shadowLastChange $
1136	      shadowExpire $
1137	      authAuthority $
1138	      homeDrive $ scriptPath $ profilePath $ smbHome $
1139	      apple-preset-user-is-admin $
1140	      jpegPhoto $
1141	      apple-relationships $ apple-phonecontacts $ apple-emailcontacts $ apple-postaladdresses $ apple-mapcoordinates $
1142	      apple-serviceslocator ) )
1143
1144#
1145# Authentication authority attribute 1.3.6.1.4.1.63.1000.1.1.2.16.1
1146#
1147#attributetype (
1148#	1.3.6.1.4.1.63.1000.1.1.2.16.1
1149#	NAME 'authAuthority'
1150#	DESC 'password server authentication authority'
1151#	EQUALITY caseExactIA5Match
1152#	SUBSTR caseExactIA5SubstringsMatch
1153#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
1154
1155#attributetype (
1156#	1.3.6.1.4.1.63.1000.1.1.2.16.2
1157#	NAME ( 'authAuthority' 'authAuthority2' )
1158#	DESC 'password server authentication authority'
1159#	EQUALITY caseExactMatch
1160#	SUBSTR caseExactSubstringsMatch
1161#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
1162
1163#
1164# Authentication authority object 1.3.6.1.4.1.63.1000.1.1.2.16
1165#
1166objectclass (
1167	1.3.6.1.4.1.63.1000.1.1.2.16
1168	NAME 'authAuthorityObject'
1169	SUP top AUXILIARY
1170	MAY ( authAuthority ) )
1171
1172#
1173# Server Assistant configuration object 1.3.6.1.4.1.63.1000.1.1.2.17
1174#
1175objectclass (
1176	1.3.6.1.4.1.63.1000.1.1.2.17
1177	NAME 'apple-serverassistant-config'
1178	SUP top STRUCTURAL
1179	MUST ( cn )
1180	MAY ( apple-xmlplist ) )
1181
1182#
1183# Location object attributes 1.3.6.1.4.1.63.1000.1.1.1.18
1184#
1185attributetype (
1186	1.3.6.1.4.1.63.1000.1.1.1.18.1
1187	NAME 'apple-dns-domain'
1188	DESC 'DNS domain'
1189	EQUALITY caseExactMatch
1190	SUBSTR caseExactSubstringsMatch
1191	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
1192
1193attributetype (
1194	1.3.6.1.4.1.63.1000.1.1.1.18.2
1195	NAME 'apple-dns-nameserver'
1196	DESC 'DNS name server list'
1197	EQUALITY caseExactMatch
1198	SUBSTR caseExactSubstringsMatch
1199	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
1200
1201#
1202# Location object 1.3.6.1.4.1.63.1000.1.1.2.18
1203#
1204objectclass (
1205	1.3.6.1.4.1.63.1000.1.1.2.18
1206	NAME 'apple-location'
1207	SUP top AUXILIARY
1208	MUST ( cn )
1209	MAY ( apple-dns-domain $ apple-dns-nameserver ) )
1210	
1211#
1212# Service object attributes 1.3.6.1.4.1.63.1000.1.1.1.19
1213#
1214attributetype (
1215	1.3.6.1.4.1.63.1000.1.1.1.19.1
1216	NAME 'apple-service-type'
1217	DESC 'type of service'
1218	EQUALITY caseExactIA5Match
1219	SUBSTR caseExactIA5SubstringsMatch
1220	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
1221
1222#attributetype (
1223#	1.3.6.1.4.1.63.1000.1.1.1.19.2
1224#	NAME 'apple-service-url'
1225#	DESC 'URL of service'
1226#	EQUALITY caseExactIA5Match
1227#	SUBSTR caseExactIA5SubstringsMatch
1228#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
1229
1230attributetype (
1231	1.3.6.1.4.1.63.1000.1.1.1.19.3
1232	NAME 'apple-service-port'
1233	DESC 'Service port number'
1234	EQUALITY integerMatch
1235	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
1236
1237attributetype (
1238	1.3.6.1.4.1.63.1000.1.1.1.19.4
1239	NAME 'apple-dnsname'
1240	DESC 'DNS name'
1241	EQUALITY caseExactMatch
1242	SUBSTR caseExactSubstringsMatch
1243	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
1244	
1245attributetype (
1246	1.3.6.1.4.1.63.1000.1.1.1.19.5
1247	NAME 'apple-service-location'
1248	DESC 'Service location'
1249	EQUALITY caseExactMatch
1250	SUBSTR caseExactSubstringsMatch
1251	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
1252
1253#
1254# Service object 1.3.6.1.4.1.63.1000.1.1.2.19
1255#
1256objectclass (
1257	1.3.6.1.4.1.63.1000.1.1.2.19
1258	NAME 'apple-service'
1259	SUP top STRUCTURAL
1260	MUST ( cn $ 
1261	       apple-service-type )
1262	MAY ( ipHostNumber $ 
1263	      description $
1264		  apple-service-location $
1265		  apple-service-url $
1266		  apple-service-port $
1267		  apple-dnsname $
1268		  apple-keyword ) )
1269
1270#
1271# Neighborhood object attributes 1.3.6.1.4.1.63.1000.1.1.1.20
1272#
1273attributetype (
1274	1.3.6.1.4.1.63.1000.1.1.1.20.1
1275	NAME 'apple-nodepathxml'
1276	DESC 'XML plist of directory node path'
1277	EQUALITY caseExactMatch
1278	SUBSTR caseExactSubstringsMatch
1279	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
1280
1281attributetype (
1282	1.3.6.1.4.1.63.1000.1.1.1.20.2
1283	NAME 'apple-neighborhoodalias'
1284	DESC 'XML plist referring to another neighborhood record'
1285	EQUALITY caseExactMatch
1286	SUBSTR caseExactSubstringsMatch
1287	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
1288
1289attributetype (
1290	1.3.6.1.4.1.63.1000.1.1.1.20.3
1291	NAME 'apple-computeralias'
1292	DESC 'XML plist referring to a computer record'
1293	EQUALITY caseExactMatch
1294	SUBSTR caseExactSubstringsMatch
1295	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
1296
1297#
1298# Neighborhood object 1.3.6.1.4.1.63.1000.1.1.2.20
1299#
1300objectclass (
1301	1.3.6.1.4.1.63.1000.1.1.2.20
1302	NAME 'apple-neighborhood'
1303	SUP top STRUCTURAL
1304	MUST ( cn )
1305	MAY ( description $
1306	      apple-generateduid $
1307	      apple-category $
1308	      apple-nodepathxml $
1309	      apple-neighborhoodalias $
1310	      apple-computeralias $
1311	      apple-keyword $
1312	      apple-realname $
1313	      apple-xmlplist $
1314	      ttl ) )
1315
1316#
1317# ACL object attributes 1.3.6.1.4.1.63.1000.1.1.1.21
1318#
1319attributetype (
1320	1.3.6.1.4.1.63.1000.1.1.1.21.1
1321	NAME 'apple-acl-entry'
1322	DESC 'acl entry'
1323	EQUALITY caseExactMatch
1324	SUBSTR caseExactSubstringsMatch
1325	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
1326
1327#
1328# ACL object 1.3.6.1.4.1.63.1000.1.1.2.21
1329#
1330objectclass (
1331	1.3.6.1.4.1.63.1000.1.1.2.21
1332	NAME 'apple-acl'
1333	SUP top STRUCTURAL
1334	MUST ( cn $ 
1335	       apple-acl-entry ) )
1336		   
1337#
1338# Schema attributes 1.3.6.1.4.1.63.1000.1.1.1.22
1339#
1340#attributetype (
1341#	1.3.6.1.4.1.63.1000.1.1.1.22.1
1342#	NAME 'attributeTypesConfig'
1343#	DESC 'attribute type configuration'
1344#	EQUALITY objectIdentifierFirstComponentMatch
1345#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 )
1346
1347#attributetype (
1348#	1.3.6.1.4.1.63.1000.1.1.1.22.2
1349#	NAME 'objectClassesConfig'
1350#	DESC 'object class configuration'
1351#	EQUALITY objectIdentifierFirstComponentMatch
1352#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.37 )
1353
1354#
1355# Resource attributes 1.3.6.1.4.1.63.1000.1.1.1.23
1356#
1357
1358attributetype (
1359	1.3.6.1.4.1.63.1000.1.1.1.23.1
1360	NAME 'apple-resource-type'
1361	DESC 'resource type'
1362	EQUALITY caseExactIA5Match
1363	SUBSTR caseExactIA5SubstringsMatch
1364	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
1365
1366attributetype (
1367	1.3.6.1.4.1.63.1000.1.1.1.23.2
1368	NAME 'apple-resource-info'
1369	DESC 'resource info'
1370	EQUALITY caseExactMatch 
1371	SUBSTR caseExactSubstringsMatch
1372	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
1373
1374attributetype (
1375	1.3.6.1.4.1.63.1000.1.1.1.23.3
1376	NAME 'apple-capacity'
1377	DESC 'capacity'
1378	EQUALITY integerMatch
1379	SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )
1380
1381#
1382# Resource object 1.3.6.1.4.1.63.1000.1.1.2.23
1383#
1384
1385objectclass (
1386	1.3.6.1.4.1.63.1000.1.1.2.23
1387	NAME 'apple-resource'
1388	SUP top STRUCTURAL
1389	MUST ( cn )
1390	MAY ( 	apple-realname $ description $ jpegPhoto $ apple-keyword $
1391			apple-generateduid $ apple-contactguid $ apple-ownerguid $ 
1392			apple-resource-info $ apple-resource-type $ apple-capacity $ 	
1393			labeledURI $  apple-mapuri $ apple-serviceslocator $ apple-phonecontacts $
1394			c $ apple-mapguid $ apple-mapcoordinates $ apple-xmlplist ) )
1395
1396#
1397# Augment object 1.3.6.1.4.1.63.1000.1.1.2.24
1398#
1399
1400objectclass (
1401        1.3.6.1.4.1.63.1000.1.1.2.24
1402        NAME 'apple-augment'
1403        SUP top
1404        STRUCTURAL
1405        MUST ( cn ) )
1406
1407attributetype ( 
1408			1.3.6.1.1.1.1.31 
1409			NAME 'automountMapName'
1410            DESC 'automount Map Name'
1411            EQUALITY caseExactMatch
1412            SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
1413            SINGLE-VALUE )
1414
1415attributetype ( 
1416			1.3.6.1.1.1.1.32 
1417			NAME 'automountKey'
1418            DESC 'Automount Key value'
1419            EQUALITY caseExactMatch
1420            SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
1421            SINGLE-VALUE )
1422
1423attributetype ( 
1424			1.3.6.1.1.1.1.33 
1425			NAME 'automountInformation'
1426            DESC 'Automount information'
1427            EQUALITY caseExactMatch
1428            SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
1429            SINGLE-VALUE )
1430
1431objectclass ( 
1432			1.3.6.1.1.1.2.16 
1433			NAME 'automountMap' 
1434			SUP top STRUCTURAL
1435            MUST ( automountMapName )
1436            MAY description )
1437
1438objectclass ( 
1439			1.3.6.1.1.1.2.17 
1440			NAME 'automount' 
1441			SUP top STRUCTURAL
1442            DESC 'Automount'
1443            MUST ( automountKey $ automountInformation )
1444            MAY description )
1445
1446#
1447# Apple User Info object 1.3.6.1.4.1.63.1000.1.1.2.27
1448#
1449
1450objectclass (
1451	1.3.6.1.4.1.63.1000.1.1.2.27
1452	NAME 'apple-user-info'
1453	SUP top STRUCTURAL
1454	MAY ( 	apple-namesuffix $ apple-phonecontacts $ apple-emailcontacts $ apple-postaladdresses $
1455			telephoneNumber $ mobile $ facsimileTelephoneNumber $ pager $
1456			l $ st $ c $ postalCode $ postalAddress $ street $
1457			apple-imhandle $ loginShell $ jpegPhoto $ apple-user-picture $ description $ userCertificate $ userPKCS12) )
1458
1459#
1460# Apple Computer Info object 1.3.6.1.4.1.63.1000.1.1.2.31
1461#
1462
1463objectclass (
1464	1.3.6.1.4.1.63.1000.1.1.2.31
1465	NAME 'apple-computer-info'
1466	SUP top STRUCTURAL
1467	MAY (   apple-serviceinfo $ apple-serviceslocator $ apple-keyword $ userCertificate $ userPKCS12) )
1468
1469
1470## Schema elements for PWS records in LDAP
1471## Proposed schema elements for PWS records in LDAP
1472# Last login time.
1473attributetype ( 1.3.6.1.1.1.1.35
1474  NAME 'lastLoginTime'
1475  EQUALITY generalizedTimeMatch
1476  SYNTAX '1.3.6.1.4.1.1466.115.121.1.24'
1477  SINGLE-VALUE )
1478
1479# Time of last password change.
1480attributetype ( 1.3.6.1.1.1.1.36
1481  NAME 'passwordModDate'
1482  EQUALITY generalizedTimeMatch
1483  SYNTAX '1.3.6.1.4.1.1466.115.121.1.24'
1484  SINGLE-VALUE )
1485
1486# User's authdata GUID, this is essentially the PWS slotid
1487attributetype ( 1.3.6.1.1.1.1.37
1488  NAME 'authGUID'
1489  EQUALITY caseIgnoreMatch
1490  SUBSTR caseIgnoreSubstringsMatch
1491  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
1492
1493# Running tally of login failures.
1494attributetype ( 1.3.6.1.1.1.1.38
1495  NAME 'loginFailedAttempts'
1496  EQUALITY integerMatch
1497  SYNTAX '1.3.6.1.4.1.1466.115.121.1.27'
1498  SINGLE-VALUE )
1499
1500# Links the authdata record to the user record
1501attributetype ( 1.3.6.1.1.1.1.39
1502  NAME 'userLinkage'
1503  EQUALITY caseIgnoreMatch
1504  SUBSTR caseIgnoreSubstringsMatch
1505  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
1506
1507# String containing the reason for disabling.
1508attributetype ( 1.3.6.1.1.1.1.40
1509  NAME 'disableReason'
1510  EQUALITY caseIgnoreMatch
1511  SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
1512  SINGLE-VALUE )
1513
1514# The following are attributes storing the secrets for each auth type
1515attributetype ( 1.3.6.1.1.1.1.42
1516  NAME 'cmusaslsecretSMBNT'
1517  EQUALITY octetStringMatch
1518  SYNTAX '1.3.6.1.4.1.1466.115.121.1.40'
1519  SINGLE-VALUE )
1520
1521attributetype ( 1.3.6.1.1.1.1.43
1522  NAME 'cmusaslsecretSMBLM'
1523  EQUALITY octetStringMatch
1524  SYNTAX '1.3.6.1.4.1.1466.115.121.1.40'
1525  SINGLE-VALUE )
1526
1527attributetype ( 1.3.6.1.1.1.1.44
1528  NAME 'cmusaslsecretDIGEST-MD5'
1529  EQUALITY octetStringMatch
1530  SYNTAX '1.3.6.1.4.1.1466.115.121.1.40'
1531  SINGLE-VALUE )
1532
1533attributetype ( 1.3.6.1.1.1.1.45
1534  NAME 'cmusaslsecretCRAM-MD5'
1535  EQUALITY octetStringMatch
1536  SYNTAX '1.3.6.1.4.1.1466.115.121.1.40'
1537  SINGLE-VALUE )
1538
1539attributetype ( 1.3.6.1.1.1.1.46
1540  NAME 'cmusaslsecretPPS'
1541  EQUALITY octetStringMatch
1542  SYNTAX '1.3.6.1.4.1.1466.115.121.1.40'
1543  SINGLE-VALUE )
1544
1545# The realm name and principal name are stored in the "secrets" area for
1546# the kerberos auth types.  These may be unnecessary after the Heimdal transition.
1547attributetype ( 1.3.6.1.1.1.1.47
1548  NAME 'KerberosRealmName'
1549  EQUALITY caseIgnoreMatch
1550  SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
1551  SINGLE-VALUE )
1552
1553attributetype ( 1.3.6.1.1.1.1.48
1554  NAME 'KerberosPrincName'
1555  EQUALITY caseIgnoreMatch
1556  SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
1557  SINGLE-VALUE )
1558
1559# User password, stored DES encrypted for obfuscation.
1560attributetype ( 1.3.6.1.1.1.1.49
1561  NAME 'password'
1562  EQUALITY octetStringMatch
1563  SYNTAX '1.3.6.1.4.1.1466.115.121.1.40'
1564  SINGLE-VALUE )
1565
1566attributetype ( 1.3.6.1.1.1.1.50
1567  NAME 'adminGroups'
1568  SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
1569  SINGLE-VALUE )
1570
1571# DIGEST-MD5 hash with username, sasl realm, password
1572attributetype ( 1.3.6.1.1.1.1.51
1573  NAME 'cmusaslsecretDIGEST-UMD5'
1574  EQUALITY octetStringMatch
1575  SYNTAX '1.3.6.1.4.1.1466.115.121.1.40'
1576  SINGLE-VALUE )
1577
1578# Time the user was created.
1579attributetype ( 1.3.6.1.1.1.1.55
1580  NAME 'creationDate'
1581	EQUALITY generalizedTimeMatch
1582  SYNTAX '1.3.6.1.4.1.1466.115.121.1.24'
1583  SINGLE-VALUE )
1584
1585# History data
1586attributetype ( 1.3.6.1.1.1.1.56
1587  NAME 'historyData'
1588  EQUALITY octetStringMatch
1589  SYNTAX '1.3.6.1.4.1.1466.115.121.1.40'
1590  SINGLE-VALUE )
1591
1592# Time of newPasswordRequired being set.
1593attributetype ( 1.3.6.1.1.1.1.57
1594  NAME 'passwordRequiredDate'
1595  EQUALITY generalizedTimeMatch
1596  SYNTAX '1.3.6.1.4.1.1466.115.121.1.24'
1597  SINGLE-VALUE )
1598
1599# Krb schema 
1600attributetype ( 1.3.6.1.1.1.1.86
1601  NAME 'draft-krbPrincipalName'
1602  DESC 'Canonical principal name'
1603  EQUALITY caseExactIA5Match
1604  SUBSTR caseExactSubstringsMatch
1605  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
1606  SINGLE-VALUE )
1607
1608attributetype ( 1.3.6.1.1.1.1.87
1609  NAME 'draft-krbRealmName'
1610  EQUALITY octetStringMatch
1611  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
1612  
1613attributetype ( 1.3.6.1.1.1.1.88
1614  NAME 'draft-krbPrincipalAliases'
1615  SUP draft-krbPrincipalName )
1616  
1617attributetype ( 1.3.6.1.1.1.1.89
1618  NAME 'draft-krbTicketMaxLife'
1619  EQUALITY integerMatch
1620  ORDERING integerOrderingMatch
1621  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
1622  SINGLE-VALUE )
1623  
1624attributetype ( 1.3.6.1.1.1.1.90
1625  NAME 'draft-krbTicketMaxRenewal'
1626  EQUALITY integerMatch
1627  ORDERING integerOrderingMatch
1628  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
1629  SINGLE-VALUE )
1630  
1631attributetype ( 1.3.6.1.1.1.1.91
1632  NAME 'draft-krbEncSaltTypes'
1633  EQUALITY caseIgnoreMatch
1634  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
1635	
1636attributetype ( 1.3.6.1.1.1.1.92
1637  NAME 'draft-krbKeySet'
1638  EQUALITY octetStringMatch
1639  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) 
1640
1641attributetype ( 1.3.6.1.1.1.1.93
1642  NAME 'draft-krbKeyVersion'
1643  EQUALITY integerMatch
1644  ORDERING integerOrderingMatch
1645  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
1646  SINGLE-VALUE )
1647  
1648attributetype ( 1.3.6.1.1.1.1.94
1649  NAME 'draft-krbPrincipalRealm'
1650  DESC 'DN of krbRealm entry'
1651  SUP distinguishedName )
1652
1653attributetype ( 1.3.6.1.1.1.1.95
1654  NAME 'draft-krbTicketPolicy'
1655  EQUALITY integerMatch
1656  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
1657  SINGLE-VALUE )
1658  
1659attributetype ( 1.3.6.1.1.1.1.96
1660  NAME 'draft-krbExtraData'
1661  EQUALITY octetStringMatch
1662  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
1663
1664attributetype ( 1.3.6.1.1.1.1.98
1665  NAME 'draft-krbPrincipalACL'
1666  EQUALITY integerMatch
1667  SYNTAX '1.3.6.1.4.1.1466.115.121.1.27'
1668  SINGLE-VALUE )
1669  
1670attributetype ( 1.3.6.1.1.1.1.97
1671  NAME 'crschallenge'
1672  EQUALITY caseIgnoreMatch
1673  SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
1674  SINGLE-VALUE )
1675  
1676#  multivalued attribute to store computer account owner GUID.
1677attributetype ( 1.3.6.1.1.1.1.103
1678  NAME 'ownerGUIDList'
1679  DESC 'computer account owner GUID'
1680  EQUALITY caseIgnoreMatch
1681  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
1682   
1683# objectclass representing a user/slot.
1684# uid is the shortname of the user as stored in PWS.
1685# apple-generateduid is intended to match the user's UID.  Currently unpopulated
1686objectclass (
1687	1.3.6.1.4.1.63.1000.1.1.2.28
1688  NAME 'pwsAuthdata'
1689  STRUCTURAL
1690  MUST ( authGUID )
1691  MAY ( uid $ authGUID $ passwordModDate $ lastLoginTime $ lastFailedLoginTime $ loginFailedAttempts $
1692        disableReason $ apple-user-passwordpolicy $ apple-accountpolicy $ adminGroups $ cmusaslsecretSMBNT $
1693		 cmusaslsecretSMBLM $ cmusaslsecretDIGEST-MD5 $ cmusaslsecretCRAM-MD5 $ cmusaslsecretPPS $
1694		 KerberosRealmName $ KerberosPrincName $ password $ creationDate $ historyData $
1695		 draft-krbPrincipalName $ draft-krbRealmName $ draft-krbPrincipalAliases $
1696		 draft-krbTicketMaxLife $ draft-krbTicketMaxRenewal $ draft-krbEncSaltTypes $
1697		 draft-krbKeySet $ draft-krbKeyVersion $ draft-krbPrincipalRealm $ draft-krbTicketPolicy $ 
1698		 draft-krbExtraData $ draft-krbPrincipalACL $ crschallenge $ userLinkage $
1699		 cmusaslsecretDIGEST-UMD5 $ ownerGUIDList ) )
1700
1701# Multi valued attribute to store the names of auth methods considered "weak"
1702# "weak" auth methods are not allowed to be used for some privileged operations
1703attributetype ( 1.3.6.1.1.1.1.76
1704      NAME 'weakAuthMethod'
1705      EQUALITY caseIgnoreMatch
1706      SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
1707
1708# object class storing global policy and weak auth methods.
1709objectclass (
1710	1.3.6.1.4.1.63.1000.1.1.2.29
1711  NAME 'pwPolicy'
1712  STRUCTURAL
1713  MUST ( cn )
1714  MAY ( apple-user-passwordpolicy $ apple-accountpolicy $ weakAuthMethod $ passwordRequiredDate) )
1715
1716# PWS' private key.  Stored in authdata container for security.
1717attributetype ( 1.3.6.1.1.1.1.77
1718  NAME 'PWSPrivateKey'
1719  EQUALITY octetStringMatch
1720  SYNTAX '1.3.6.1.4.1.1466.115.121.1.40'
1721  SINGLE-VALUE )
1722
1723attributetype ( 1.3.6.1.1.1.1.78
1724   NAME 'PWSPublicKey'
1725   EQUALITY caseIgnoreMatch
1726   SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
1727   SINGLE-VALUE )
1728
1729# Allow storing the PWS private key in the root of the container, cn=config style
1730objectclass (
1731	1.3.6.1.4.1.63.1000.1.1.2.30
1732  NAME 'pwAuthData'
1733  SUP container
1734  MAY ( PWSPrivateKey $ PWSPublicKey ) )
1735
1736
1737# Allow storing certificate request information
1738
1739attributetype (	1.3.6.1.1.1.1.79
1740	NAME 'apple-transactionID'
1741	EQUALITY caseIgnoreMatch
1742	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
1743	SINGLE-VALUE )
1744
1745attributetype (	1.3.6.1.1.1.1.80
1746	NAME 'apple-pkiStatus'
1747	EQUALITY integerMatch
1748	SYNTAX '1.3.6.1.4.1.1466.115.121.1.27'
1749	SINGLE-VALUE )
1750
1751attributetype (	1.3.6.1.1.1.1.81
1752	NAME 'apple-failInfo'
1753	EQUALITY integerMatch
1754	SYNTAX '1.3.6.1.4.1.1466.115.121.1.27'
1755	SINGLE-VALUE )
1756
1757attributetype (	1.3.6.1.1.1.1.82
1758	NAME 'apple-certificateSigningRequest'
1759	EQUALITY certificateExactMatch
1760	SYNTAX '1.3.6.1.4.1.1466.115.121.1.8'
1761	SINGLE-VALUE )
1762
1763attributetype (	1.3.6.1.1.1.1.83
1764	NAME 'apple-device-guid'
1765	EQUALITY caseIgnoreMatch
1766	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
1767	SINGLE-VALUE )
1768
1769attributetype (	1.3.6.1.1.1.1.84
1770	NAME 'apple-issuer'
1771	EQUALITY caseIgnoreMatch
1772	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
1773	SINGLE-VALUE )
1774
1775attributetype (	1.3.6.1.1.1.1.85
1776	NAME 'apple-serialNumber'
1777	EQUALITY caseIgnoreMatch
1778	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
1779	SINGLE-VALUE )
1780	
1781attributetype (	1.3.6.1.1.1.1.99
1782	NAME 'apple-revocationReason'
1783	EQUALITY integerMatch
1784	SYNTAX '1.3.6.1.4.1.1466.115.121.1.27'
1785	SINGLE-VALUE )
1786
1787attributetype (	1.3.6.1.1.1.1.100
1788	NAME 'apple-revocationDate'
1789	EQUALITY generalizedTimeMatch
1790        SYNTAX '1.3.6.1.4.1.1466.115.121.1.24'
1791        SINGLE-VALUE )
1792
1793attributetype (	1.3.6.1.1.1.1.101
1794	NAME 'apple-validNotBefore'
1795	EQUALITY generalizedTimeMatch
1796        SYNTAX '1.3.6.1.4.1.1466.115.121.1.24'
1797        SINGLE-VALUE )
1798
1799attributetype (	1.3.6.1.1.1.1.102
1800	NAME 'apple-validNotAfter'
1801	EQUALITY generalizedTimeMatch
1802        SYNTAX '1.3.6.1.4.1.1466.115.121.1.24'
1803        SINGLE-VALUE )
1804
1805objectclass (
1806	1.3.6.1.4.1.63.1000.1.1.2.33
1807	NAME 'apple-certificateRequestInfo'
1808	SUP top STRUCTURAL
1809	MUST ( apple-transactionID $ apple-pkiStatus )
1810	MAY ( apple-failInfo $ apple-issuer $ apple-serialNumber $ 
1811              userCertificate $ apple-certificateSigningRequest $ apple-device-guid $ 
1812              apple-xmlplist $ apple-revocationReason $ apple-revocationDate $
1813              apple-validNotBefore $ apple-validNotAfter ) )
1814
1815