1#
2# Preliminary Apple OS X Native LDAP Schema
3# This file is subject to change.
4#
5
6#
7# Container structural object class.
8#
9#objectclass (
10#	1.2.840.113556.1.3.23
11#	NAME 'container'
12#	SUP top
13#	STRUCTURAL
14#	MUST ( cn ) )
15
16#
17# Time to live
18#
19attributetype (
20	1.3.6.1.4.1.250.1.60
21	NAME 'ttl'
22	EQUALITY integerMatch
23	SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )
24
25objectclass (
26	1.3.6.1.4.1.250.3.18 
27	NAME 'cacheObject' 
28	AUXILIARY 
29	SUP top
30	DESC 'Auxiliary object class to hold TTL caching information'
31	MAY ( ttl ) )
32
33#
34# User attributes 1.3.6.1.4.1.63.1000.1.1.1.1
35#
36attributetype (
37	1.3.6.1.4.1.63.1000.1.1.1.1.6
38	NAME 'apple-user-homeurl'
39	DESC 'home directory URL'
40	EQUALITY caseExactIA5Match
41	SUBSTR caseExactIA5SubstringsMatch
42	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
43
44attributetype (
45	1.3.6.1.4.1.63.1000.1.1.1.1.7
46	NAME 'apple-user-class'
47	DESC 'user class'
48	EQUALITY caseExactIA5Match
49	SUBSTR caseExactIA5SubstringsMatch
50	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
51
52attributetype (
53	1.3.6.1.4.1.63.1000.1.1.1.1.8
54	NAME 'apple-user-homequota'
55	DESC 'home directory quota'
56	EQUALITY caseExactIA5Match
57	SUBSTR caseExactIA5SubstringsMatch
58	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
59
60attributetype (
61	1.3.6.1.4.1.63.1000.1.1.1.1.9
62	NAME 'apple-user-mailattribute'
63	DESC 'mail attribute'
64	EQUALITY caseExactMatch
65	SUBSTR caseExactSubstringsMatch
66	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
67
68attributetype (
69	1.3.6.1.4.1.63.1000.1.1.1.1.10
70	NAME 'apple-mcxflags'
71	DESC 'mcx flags'
72	EQUALITY caseExactMatch
73	SUBSTR caseExactSubstringsMatch
74	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
75
76#attributetype (
77#	1.3.6.1.4.1.63.1000.1.1.1.1.11
78#	NAME 'apple-mcxsettings'
79#	DESC 'mcx settings'
80#	EQUALITY caseExactMatch
81#	SUBSTR caseExactSubstringsMatch
82#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
83attributetype (
84	1.3.6.1.4.1.63.1000.1.1.1.1.16
85	NAME ( 'apple-mcxsettings' 'apple-mcxsettings2' )
86	DESC 'mcx settings'
87	EQUALITY caseExactMatch
88	SUBSTR caseExactSubstringsMatch
89	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
90
91attributetype (
92	1.3.6.1.4.1.63.1000.1.1.1.1.12
93	NAME 'apple-user-picture'
94	DESC 'picture'
95	EQUALITY caseExactMatch
96	SUBSTR caseExactSubstringsMatch
97	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
98
99attributetype (
100	1.3.6.1.4.1.63.1000.1.1.1.1.13
101	NAME 'apple-user-printattribute'
102	DESC 'print attribute'
103	EQUALITY caseExactMatch
104	SUBSTR caseExactSubstringsMatch
105	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
106
107attributetype (
108	1.3.6.1.4.1.63.1000.1.1.1.1.14
109	NAME 'apple-user-adminlimits'
110	DESC 'admin limits'
111	EQUALITY caseExactMatch
112	SUBSTR caseExactSubstringsMatch
113	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
114
115attributetype (
116        1.3.6.1.4.1.63.1000.1.1.1.1.15
117        NAME 'apple-user-authenticationhint'
118        DESC 'password hint'
119        EQUALITY caseExactMatch
120        SUBSTR caseExactSubstringsMatch
121        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
122
123attributetype (
124	1.3.6.1.4.1.63.1000.1.1.1.1.17
125	NAME 'apple-user-homesoftquota'
126	DESC 'home directory soft quota'
127	EQUALITY caseExactIA5Match
128	SUBSTR caseExactIA5SubstringsMatch
129	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
130
131attributetype (
132        1.3.6.1.4.1.63.1000.1.1.1.1.18
133        NAME 'apple-user-passwordpolicy'
134        DESC 'password policy options'
135        EQUALITY caseExactMatch
136        SUBSTR caseExactSubstringsMatch
137        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
138
139attributetype (
140	1.3.6.1.4.1.63.1000.1.1.1.1.19
141	NAME ( 'apple-keyword' )
142	DESC 'keywords'
143	EQUALITY caseExactMatch
144	SUBSTR caseExactSubstringsMatch
145	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
146
147attributetype (
148	1.3.6.1.4.1.63.1000.1.1.1.1.20
149	NAME ( 'apple-generateduid' )
150	DESC 'generated unique ID'
151	EQUALITY caseExactMatch
152	SUBSTR caseExactSubstringsMatch
153	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
154
155attributetype (
156	1.3.6.1.4.1.63.1000.1.1.1.1.21
157	NAME ( 'apple-imhandle' )
158	DESC 'IM handle (service:account name)'
159	EQUALITY caseExactMatch
160	SUBSTR caseExactSubstringsMatch
161	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
162
163attributetype (
164	1.3.6.1.4.1.63.1000.1.1.1.1.22
165	NAME ( 'apple-webloguri' )
166	DESC 'Weblog URI'
167	EQUALITY caseIgnoreMatch
168	SUBSTR caseExactSubstringsMatch
169	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
170
171attributetype (
172	1.3.6.1.4.1.63.1000.1.1.1.1.23
173	NAME ( 'apple-mapcoordinates' )
174	DESC 'Map Coordinates'
175	EQUALITY caseExactIA5Match
176	SUBSTR caseExactIA5SubstringsMatch
177	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
178
179attributetype (
180	1.3.6.1.4.1.63.1000.1.1.1.1.24
181	NAME ( 'apple-postaladdresses' )
182	DESC 'Postal Addresses'
183	EQUALITY caseExactIA5Match
184	SUBSTR caseExactIA5SubstringsMatch
185	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
186
187attributetype (
188	1.3.6.1.4.1.63.1000.1.1.1.1.25
189	NAME ( 'apple-phonecontacts' )
190	DESC 'Phone Contacts'
191	EQUALITY caseExactIA5Match
192	SUBSTR caseExactIA5SubstringsMatch
193	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
194
195attributetype (
196	1.3.6.1.4.1.63.1000.1.1.1.1.26
197	NAME ( 'apple-emailcontacts' )
198	DESC 'EMail Contacts'
199	EQUALITY caseExactIA5Match
200	SUBSTR caseExactIA5SubstringsMatch
201	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
202
203attributetype (
204	1.3.6.1.4.1.63.1000.1.1.1.1.27
205	NAME ( 'apple-birthday' )
206	DESC 'Birthday'
207	EQUALITY generalizedTimeMatch
208	SUBSTR caseExactIA5SubstringsMatch
209	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
210
211attributetype (
212	1.3.6.1.4.1.63.1000.1.1.1.1.28
213	NAME ( 'apple-relationships' )
214	DESC 'Relationships'
215	EQUALITY caseExactMatch
216	SUBSTR caseExactSubstringsMatch
217	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
218
219attributetype (
220	1.3.6.1.4.1.63.1000.1.1.1.1.29
221	NAME ( 'apple-company' )
222	DESC 'company'
223	EQUALITY caseIgnoreMatch
224	SUBSTR caseExactSubstringsMatch
225	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
226
227attributetype (
228	1.3.6.1.4.1.63.1000.1.1.1.1.30
229	NAME ( 'apple-nickname' )
230	DESC 'nickname'
231	EQUALITY caseExactMatch
232	SUBSTR caseExactSubstringsMatch
233	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
234
235attributetype (
236	1.3.6.1.4.1.63.1000.1.1.1.1.31
237	NAME ( 'apple-mapuri' )
238	DESC 'Map URI'
239	EQUALITY caseExactIA5Match
240	SUBSTR caseExactIA5SubstringsMatch
241	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
242
243attributetype (
244	1.3.6.1.4.1.63.1000.1.1.1.1.32
245	NAME ( 'apple-mapguid' )
246	DESC 'map GUID'
247	EQUALITY caseExactMatch
248	SUBSTR caseExactSubstringsMatch
249	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
250
251attributetype (
252	1.3.6.1.4.1.63.1000.1.1.1.1.33
253	NAME ( 'apple-serviceslocator' )
254	DESC 'Calendar Principal URI'
255	EQUALITY caseExactMatch
256	SUBSTR caseExactSubstringsMatch
257	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
258
259attributetype (
260	1.3.6.1.4.1.63.1000.1.1.1.1.34
261	NAME 'apple-organizationinfo'
262	DESC 'Originization Info data'
263	EQUALITY caseExactMatch
264	SUBSTR caseExactSubstringsMatch
265	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15  )
266
267attributetype (
268	1.3.6.1.4.1.63.1000.1.1.1.1.35
269	NAME ( 'apple-namesuffix' )
270	DESC 'namesuffix'
271	EQUALITY caseExactMatch
272	SUBSTR caseExactSubstringsMatch
273	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
274
275attributetype (
276	1.3.6.1.4.1.63.1000.1.1.1.1.36
277	NAME ( 'apple-primarycomputerlist' )
278	DESC 'primary computer list'
279	EQUALITY caseExactMatch
280	SUBSTR caseExactSubstringsMatch
281	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
282
283attributetype (
284        1.3.6.1.4.1.63.1000.1.1.1.1.37
285        NAME 'apple-user-passwordpolicy-effective'
286        DESC 'password effective policy options'
287        EQUALITY caseExactMatch
288        SUBSTR caseExactSubstringsMatch
289        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
290
291attributetype (
292	1.3.6.1.4.1.63.1000.1.1.1.1.38
293	NAME ( 'apple-profiles' )
294	DESC 'profile settings'
295	SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 )
296
297attributetype (
298	1.3.6.1.4.1.63.1000.1.1.1.1.39
299	NAME ( 'apple-profiles-timestamp' )
300	DESC 'profile timestamp settings'
301	EQUALITY generalizedTimeMatch
302	ORDERING generalizedTimeOrderingMatch
303	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
304
305# Alternative to using homeDirectory from RFC 2307.
306#attributetype (
307#        1.3.6.1.4.1.63.1000.1.1.1.1.100
308#        NAME 'apple-user-homeDirectory'
309#        DESC 'The absolute path to the home directory'
310#        EQUALITY caseExactIA5Match
311#        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
312
313#
314# User object class.
315#
316objectclass (
317	1.3.6.1.4.1.63.1000.1.1.2.1
318	NAME 'apple-user'
319	SUP top
320	AUXILIARY
321	DESC 'apple user account'
322	MAY ( apple-user-homeurl $ apple-user-class $
323		apple-user-homequota $ apple-user-mailattribute $
324		apple-user-printattribute $ apple-mcxflags $
325		apple-mcxsettings $ apple-user-adminlimits $
326		apple-user-picture $ apple-user-authenticationhint $ 
327		apple-user-homesoftquota $ apple-user-passwordpolicy $
328		apple-keyword $ apple-generateduid $ apple-imhandle $ apple-webloguri $
329		authAuthority $ acctFlags $ pwdLastSet $ logonTime $ 
330		logoffTime $ kickoffTime $ homeDrive $ scriptPath $ 
331		profilePath $ userWorkstations $ smbHome $ rid $ 
332		primaryGroupID $ sambaSID $ sambaPrimaryGroupSID $ 
333		userCertificate $ userPKCS12 $ jpegPhoto $ apple-nickname $ apple-namesuffix $
334		apple-birthday $ apple-relationships $ apple-organizationinfo $
335		apple-phonecontacts $ apple-emailcontacts $ apple-postaladdresses $
336		apple-mapcoordinates $ apple-mapuri $ apple-mapguid $ apple-serviceslocator $
337		altSecurityIdentities ) )
338
339#
340# Group attributes 1.3.6.1.4.1.63.1000.1.1.1.14
341#
342attributetype (
343	1.3.6.1.4.1.63.1000.1.1.1.14.1
344	NAME 'apple-group-homeurl'
345	DESC 'group home url'
346	EQUALITY caseExactIA5Match
347	SUBSTR caseExactIA5SubstringsMatch
348	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
349
350attributetype (
351	1.3.6.1.4.1.63.1000.1.1.1.14.2
352	NAME 'apple-group-homeowner'
353	DESC 'group home owner settings'
354	EQUALITY caseExactIA5Match
355	SUBSTR caseExactIA5SubstringsMatch
356	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
357
358attributetype (
359	1.3.6.1.4.1.63.1000.1.1.1.14.5
360	NAME 'apple-group-realname'
361	DESC 'group real name'
362	EQUALITY caseIgnoreMatch
363	SUBSTR caseIgnoreSubstringsMatch
364	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
365	
366attributetype (
367	1.3.6.1.4.1.63.1000.1.1.1.14.6
368	NAME 'apple-group-nestedgroup'
369	DESC 'group real name'
370	EQUALITY caseExactMatch
371	SUBSTR caseExactSubstringsMatch
372	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
373
374attributetype (
375	1.3.6.1.4.1.63.1000.1.1.1.14.7
376	NAME 'apple-group-memberguid'
377	DESC 'group real name'
378	EQUALITY caseExactMatch
379	SUBSTR caseExactSubstringsMatch
380	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
381
382attributetype (
383	1.3.6.1.4.1.63.1000.1.1.1.14.8
384	NAME 'apple-group-services'
385	DESC 'group services'
386	EQUALITY caseExactMatch
387	SUBSTR caseExactSubstringsMatch
388	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
389
390# Alternative to using memberUid from RFC 2307.
391#attributetype (
392#	1.3.6.1.4.1.63.1000.1.1.1.14.1000
393#	NAME 'apple-group-memberUid'
394#	DESC 'group member list'
395#	EQUALITY caseExactIA5Match
396#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
397# can also use OID 1.3.6.1.4.1.63.1000.1.1.2.1000
398
399attributetype (
400	1.3.6.1.4.1.63.1000.1.1.1.14.9
401	NAME ( 'apple-contactguid' )
402	DESC 'contact GUID'
403	EQUALITY caseExactMatch
404	SUBSTR caseExactSubstringsMatch
405	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
406
407attributetype (
408	1.3.6.1.4.1.63.1000.1.1.1.14.10
409	NAME ( 'apple-ownerguid' )
410	DESC 'owner GUID'
411	EQUALITY caseExactMatch
412	SUBSTR caseExactSubstringsMatch
413	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
414
415attributetype (
416	1.3.6.1.4.1.63.1000.1.1.1.14.11
417	NAME ( 'apple-primarycomputerguid' )
418	DESC 'primary computer GUID'
419	EQUALITY caseExactMatch
420	SUBSTR caseExactSubstringsMatch
421	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
422
423attributetype (
424	1.3.6.1.4.1.63.1000.1.1.1.14.12
425	NAME 'apple-group-expandednestedgroup'
426	DESC 'expanded nested group list'
427	EQUALITY caseExactMatch
428	SUBSTR caseExactSubstringsMatch
429	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
430
431attributetype (
432	1.3.6.1.4.1.63.1000.1.1.1.14.13
433	NAME 'apple-selfwrite'
434	DESC 'selfwrite flag'
435	EQUALITY caseExactMatch
436	SUBSTR caseExactSubstringsMatch
437	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
438
439attributetype (
440	1.3.6.1.4.1.63.1000.1.1.1.14.14
441	NAME 'apple-locale-relay'
442	DESC 'designated locale relay server for replication'
443	EQUALITY caseExactMatch 
444	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
445	
446attributetype (
447	1.3.6.1.4.1.63.1000.1.1.1.14.15
448	NAME 'apple-locale-subnets'
449	DESC 'subnets associated with a locale'
450	EQUALITY caseExactMatch 
451	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
452	
453#
454# Group auxiliary object class.
455#
456objectclass (
457	1.3.6.1.4.1.63.1000.1.1.2.14
458	NAME 'apple-group'
459	SUP top
460	AUXILIARY
461	DESC 'group account'
462	MAY ( apple-group-homeurl $
463	      apple-group-homeowner $
464	      apple-mcxflags $
465	      apple-mcxsettings $
466	      apple-group-realname $
467	      apple-user-picture $
468	      apple-keyword $
469	      apple-generateduid $
470	      apple-group-nestedgroup $
471	      apple-group-memberguid $
472	      mail $
473	      rid $
474	      sambaSID $
475	      ttl $
476	      jpegPhoto $
477	      apple-group-services $
478	      apple-contactguid $
479	      apple-ownerguid $
480	      labeledURI $
481		  apple-locale-relay $
482		  apple-locale-subnets $
483	      apple-serviceslocator ) )
484
485#
486# Machine attributes 1.3.6.1.4.1.63.1000.1.1.1.3
487#
488attributetype (
489	1.3.6.1.4.1.63.1000.1.1.1.3.8
490	NAME 'apple-machine-software'
491	DESC 'installed system software'
492	EQUALITY caseIgnoreIA5Match
493	SUBSTR caseIgnoreIA5SubstringsMatch
494	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
495
496attributetype (
497	1.3.6.1.4.1.63.1000.1.1.1.3.9
498	NAME 'apple-machine-hardware'
499	DESC 'system hardware description'
500	EQUALITY caseIgnoreIA5Match
501	SUBSTR caseIgnoreIA5SubstringsMatch
502	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
503
504attributeType ( 
505	1.3.6.1.4.1.63.1000.1.1.1.3.10
506	NAME 'apple-machine-serves'
507	DESC 'NetInfo Domain Server Binding'
508	EQUALITY caseExactIA5Match
509	SUBSTR caseExactIA5SubstringsMatch
510	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
511
512attributeType ( 
513	1.3.6.1.4.1.63.1000.1.1.1.3.11
514	NAME 'apple-machine-suffix'
515	DESC 'DIT suffix'
516	EQUALITY caseIgnoreMatch
517	SUBSTR caseIgnoreSubstringsMatch
518	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
519
520attributeType ( 
521	1.3.6.1.4.1.63.1000.1.1.1.3.12
522	NAME 'apple-machine-contactperson'
523	DESC 'Name of contact person/owner of this machine'
524	EQUALITY caseIgnoreMatch
525	SUBSTR caseIgnoreSubstringsMatch
526	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
527
528#
529# for backward compatibility with directory-based schema from Tiger
530#
531
532attributeType (
533	1.3.6.1.4.1.63.1000.1.1.1.22.1
534	NAME 'attributeTypesConfig'
535	DESC 'RFC2252: attribute types'
536	EQUALITY caseExactMatch
537	SUBSTR caseExactSubstringsMatch
538	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
539		
540attributeType (
541	1.3.6.1.4.1.63.1000.1.1.1.22.2
542	NAME 'objectClassesConfig'
543	EQUALITY caseExactMatch
544	SUBSTR caseExactSubstringsMatch
545	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
546
547#
548# Machine auxiliary object class.
549#
550objectclass (
551	1.3.6.1.4.1.63.1000.1.1.2.3
552	NAME 'apple-machine'
553	SUP top
554	AUXILIARY
555	MAY ( apple-machine-software $
556	      apple-machine-hardware $
557	      apple-machine-serves $
558	      apple-machine-suffix $
559		  apple-machine-contactperson ) )
560
561#
562# Mount attributes 1.3.6.1.4.1.63.1000.1.1.1.8
563#
564attributetype (
565	1.3.6.1.4.1.63.1000.1.1.1.8.1
566	NAME 'mountDirectory'
567	DESC 'mount path'
568	EQUALITY caseExactMatch
569	SUBSTR caseExactSubstringsMatch
570	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
571
572attributetype (
573	1.3.6.1.4.1.63.1000.1.1.1.8.2
574	NAME 'mountType'
575	DESC 'mount VFS type'
576	EQUALITY caseIgnoreIA5Match
577	SUBSTR caseIgnoreIA5SubstringsMatch
578	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
579
580attributetype (
581	1.3.6.1.4.1.63.1000.1.1.1.8.3
582	NAME 'mountOption'
583	DESC 'mount options'
584	EQUALITY caseIgnoreIA5Match
585	SUBSTR caseIgnoreIA5SubstringsMatch
586	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
587
588attributetype (
589	1.3.6.1.4.1.63.1000.1.1.1.8.4
590	NAME 'mountDumpFrequency'
591	DESC 'mount dump frequency'
592	EQUALITY caseIgnoreIA5Match
593	SUBSTR caseIgnoreIA5SubstringsMatch
594	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
595
596attributetype (
597	1.3.6.1.4.1.63.1000.1.1.1.8.5
598	NAME 'mountPassNo'
599	DESC 'mount passno'
600	EQUALITY caseIgnoreIA5Match
601	SUBSTR caseIgnoreIA5SubstringsMatch
602	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
603		
604# Alternative to using 'cn' when adding mount record schema to other LDAP servers
605#attributetype ( 
606#	1.3.6.1.4.1.63.1000.1.1.1.8.100
607#	NAME ( 'apple-mount-name' )
608#	DESC 'mount name'
609#	SUP name )
610
611#
612# Mount object 1.3.6.1.4.1.63.1000.1.1.2.8
613#
614objectclass (
615	1.3.6.1.4.1.63.1000.1.1.2.8
616	NAME 'mount'
617	SUP top STRUCTURAL
618	MUST ( cn )
619	MAY ( mountDirectory $
620	      mountType $
621	      mountOption $
622	      mountDumpFrequency $
623	      mountPassNo ) )
624
625#
626# Printer attributes 1.3.6.1.4.1.63.1000.1.1.1.9
627#
628attributetype (
629	1.3.6.1.4.1.63.1000.1.1.1.9.1
630	NAME 'apple-printer-attributes'
631	DESC 'printer attributes in /etc/printcap format'
632	EQUALITY caseIgnoreIA5Match
633	SUBSTR caseIgnoreIA5SubstringsMatch
634	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
635
636attributetype (
637	1.3.6.1.4.1.63.1000.1.1.1.9.2
638	NAME 'apple-printer-lprhost'
639	DESC 'printer LPR host name'
640	EQUALITY caseIgnoreMatch
641	SUBSTR caseIgnoreSubstringsMatch
642	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
643
644attributetype (
645	1.3.6.1.4.1.63.1000.1.1.1.9.3
646	NAME 'apple-printer-lprqueue'
647	DESC 'printer LPR queue'
648	EQUALITY caseIgnoreMatch
649	SUBSTR caseIgnoreSubstringsMatch
650	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
651
652attributetype (
653	1.3.6.1.4.1.63.1000.1.1.1.9.4
654	NAME 'apple-printer-type'
655	DESC 'printer type'
656	EQUALITY caseIgnoreMatch
657	SUBSTR caseIgnoreSubstringsMatch
658	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
659
660attributetype (
661	1.3.6.1.4.1.63.1000.1.1.1.9.5
662	NAME 'apple-printer-note'
663	DESC 'printer note'
664	EQUALITY caseIgnoreMatch
665	SUBSTR caseIgnoreSubstringsMatch
666	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
667
668#
669# Printer object 1.3.6.1.4.1.63.1000.1.1.2.9
670#
671objectclass (
672	1.3.6.1.4.1.63.1000.1.1.2.9
673	NAME 'apple-printer'
674	SUP top STRUCTURAL
675	MUST ( cn )
676	MAY ( apple-printer-attributes $
677	      apple-printer-lprhost $
678              apple-printer-lprqueue $
679              apple-printer-type $
680              apple-printer-note ) )
681
682#
683# Computer attributes 1.3.6.1.4.1.63.1000.1.1.1.10
684#
685
686attributetype (
687	1.3.6.1.4.1.63.1000.1.1.1.10.2
688	NAME 'apple-realname'
689	DESC 'real name'
690	EQUALITY caseIgnoreMatch
691	SUBSTR caseExactSubstringsMatch
692	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
693
694attributetype (
695	1.3.6.1.4.1.63.1000.1.1.1.10.3
696	NAME 'apple-networkview'
697	DESC 'Network view for the computer'
698	EQUALITY caseExactMatch
699	SUBSTR caseExactSubstringsMatch
700	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
701
702attributetype (
703	1.3.6.1.4.1.63.1000.1.1.1.10.4
704	NAME 'apple-category'
705	DESC 'Category for the computer or neighborhood'
706	EQUALITY caseExactMatch
707	SUBSTR caseExactSubstringsMatch
708	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
709
710attributetype (
711	1.3.6.1.4.1.63.1000.1.1.1.10.5
712	NAME 'apple-srv'
713	DESC 'List of services to advertize via srv records'
714	EQUALITY caseExactMatch
715	SUBSTR caseExactSubstringsMatch
716	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
717	
718attributetype (
719	1.3.6.1.4.1.63.1000.1.1.1.10.6
720	NAME 'apple-primary-locale'
721	DESC 'primary locale for replication'
722	EQUALITY caseExactMatch
723	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )	
724	
725attributetype (
726	1.3.6.1.4.1.63.1000.1.1.1.10.7
727	NAME 'apple-parentlocales'
728	DESC 'parent locale'
729	EQUALITY caseExactMatch 
730	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
731	
732attributetype (
733	1.3.6.1.4.1.63.1000.1.1.1.10.8
734	NAME 'apple-networkinterfaces'
735	DESC 'list of available network interfaces'
736	EQUALITY caseExactMatch 
737	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )	
738	
739#
740# Computer list attributes 1.3.6.1.4.1.63.1000.1.1.1.11
741#
742
743attributetype (
744	1.3.6.1.4.1.63.1000.1.1.1.11.3
745	NAME 'apple-computers'
746	DESC 'computers'
747	EQUALITY caseExactMatch
748	SUBSTR caseExactSubstringsMatch
749	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
750
751attributetype (
752        1.3.6.1.4.1.63.1000.1.1.1.11.4
753        NAME 'apple-computer-list-groups'
754        DESC 'groups'
755        EQUALITY caseExactMatch
756        SUBSTR caseExactSubstringsMatch
757        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
758
759#
760# XML plist attribute 1.3.6.1.4.1.63.1000.1.1.1.17.1
761#
762attributetype (
763        1.3.6.1.4.1.63.1000.1.1.1.17.1
764        NAME 'apple-xmlplist'
765        DESC 'XML plist data'
766        EQUALITY caseExactMatch
767        SUBSTR caseExactSubstringsMatch
768        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
769
770#
771# Service URL attributes 1.3.6.1.4.1.63.1000.1.1.1.19.2
772#
773attributetype (
774       1.3.6.1.4.1.63.1000.1.1.1.19.2
775       NAME 'apple-service-url'
776       DESC 'URL of service'
777       EQUALITY caseExactIA5Match
778       SUBSTR caseExactIA5SubstringsMatch
779       SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
780#
781# Service Info attributes 1.3.6.1.4.1.63.1000.1.1.1.19.6
782#
783attributetype (
784		1.3.6.1.4.1.63.1000.1.1.1.19.6
785		NAME 'apple-serviceinfo'
786		DESC 'service related information'
787		EQUALITY caseExactMatch
788		SUBSTR caseExactSubstringsMatch
789		SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
790
791attributetype (
792		1.3.6.1.4.1.63.1000.1.1.1.19.7
793		NAME 'apple-hwuuid'
794		DESC 'Hardware uuid of computer'
795		EQUALITY caseExactMatch
796		SUBSTR caseExactSubstringsMatch
797		SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
798
799attributetype (
800		1.3.6.1.4.1.63.1000.1.1.1.19.8
801		NAME 'apple-ldap-serverid'
802		DESC 'ID used by LDAP'
803		EQUALITY integerMatch
804		SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
805
806#
807# Computer object 1.3.6.1.4.1.63.1000.1.1.2.10
808#
809objectclass (
810	1.3.6.1.4.1.63.1000.1.1.2.10
811	NAME 'apple-computer'
812	DESC 'computer'
813	SUP top STRUCTURAL
814	MUST ( cn )
815	MAY ( apple-realname $
816	      description $
817	      macAddress $
818		  apple-category $
819	      apple-computer-list-groups $
820	      apple-keyword $
821	      apple-mcxflags $
822	      apple-mcxsettings $
823		  apple-networkview $
824		  apple-xmlplist $
825		  apple-service-url $
826		  apple-serviceinfo $
827		  apple-serviceslocator $
828  	      apple-primarycomputerlist $
829	      apple-ldap-serverid $
830	      authAuthority $
831		  uidNumber $ gidNumber $ apple-generateduid $ ttl $
832	      acctFlags $ pwdLastSet $ logonTime $
833	      logoffTime $ kickoffTime $ rid $ primaryGroupID $
834		  sambaSID $ sambaPrimaryGroupSID $
835		  owner $ apple-ownerguid $ apple-contactguid $
836		  ipHostNumber $ bootFile $ apple-hwuuid $ apple-srv $ 
837		  apple-primary-locale $ apple-parentlocales $ 
838		  apple-networkinterfaces $ userCertificate $ userPKCS12) )
839
840#
841# Computer list object 1.3.6.1.4.1.63.1000.1.1.2.11
842#
843objectclass (
844	1.3.6.1.4.1.63.1000.1.1.2.11
845	NAME 'apple-computer-list'
846	DESC 'computer list'
847	SUP top STRUCTURAL
848	MUST ( cn )
849	MAY ( apple-mcxflags $
850	      apple-mcxsettings $
851	      apple-computer-list-groups $
852	      apple-computers $
853	      apple-generateduid $
854	      apple-keyword ) )
855
856#
857# Configuration attributes 1.3.6.1.4.1.63.1000.1.1.1.12
858#
859attributetype (
860	1.3.6.1.4.1.63.1000.1.1.1.12.1
861	NAME 'apple-password-server-location'
862	DESC 'password server location'
863	EQUALITY caseExactIA5Match
864	SUBSTR caseExactIA5SubstringsMatch
865	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
866
867attributetype (
868	1.3.6.1.4.1.63.1000.1.1.1.12.2
869	NAME 'apple-data-stamp'
870	DESC 'data stamp'
871	EQUALITY caseExactIA5Match
872	SUBSTR caseExactIA5SubstringsMatch
873	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
874
875attributetype (
876	1.3.6.1.4.1.63.1000.1.1.1.12.3
877	NAME 'apple-config-realname'
878	DESC 'config real name'
879	EQUALITY caseExactIA5Match
880	SUBSTR caseExactIA5SubstringsMatch
881	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
882
883attributetype (
884	1.3.6.1.4.1.63.1000.1.1.1.12.4
885	NAME 'apple-password-server-list'
886	DESC 'password server replication plist'
887	EQUALITY caseExactMatch
888	SUBSTR caseExactSubstringsMatch
889	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
890
891attributetype (
892	1.3.6.1.4.1.63.1000.1.1.1.12.5
893	NAME 'apple-ldap-replica'
894	DESC 'LDAP replication list'
895	EQUALITY caseExactMatch
896	SUBSTR caseExactSubstringsMatch
897	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
898
899attributetype (
900	1.3.6.1.4.1.63.1000.1.1.1.12.6
901	NAME 'apple-ldap-writable-replica'
902	DESC 'LDAP writable replication list'
903	EQUALITY caseExactMatch
904	SUBSTR caseExactSubstringsMatch
905	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
906
907attributetype (
908	1.3.6.1.4.1.63.1000.1.1.1.12.7
909	NAME 'apple-kdc-authkey'
910	DESC 'KDC master key RSA encrypted with realm public key'
911	EQUALITY caseExactMatch
912	SUBSTR caseExactSubstringsMatch
913	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
914
915attributetype (
916	1.3.6.1.4.1.63.1000.1.1.1.12.8
917	NAME 'apple-kdc-configdata'
918	DESC 'Contents of the kdc.conf file'
919	EQUALITY caseExactMatch
920	SUBSTR caseExactSubstringsMatch
921	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
922
923attributetype (
924	1.3.6.1.4.1.63.1000.1.1.1.12.9
925	NAME 'apple-last-serverid'
926	DESC 'Last serverID used'
927	EQUALITY integerMatch
928	SYNTAX '1.3.6.1.4.1.1466.115.121.1.27'
929	SINGLE-VALUE )
930
931attributetype (	1.3.6.1.1.1.1.104
932	NAME 'apple-enabled-auth-mech'
933	DESC 'Enabled auth mechs'
934	EQUALITY caseIgnoreMatch
935	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
936
937attributetype (	1.3.6.1.1.1.1.105
938	NAME 'apple-disabled-auth-mech'
939	DESC 'Disabled auth mechs'
940	EQUALITY caseIgnoreMatch
941	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
942
943#
944# Configuration object 1.3.6.1.4.1.63.1000.1.1.2.12
945#
946objectclass (
947	1.3.6.1.4.1.63.1000.1.1.2.12
948	NAME 'apple-configuration'
949	DESC 'configuration'
950	SUP top STRUCTURAL 
951	MAY ( cn $ apple-config-realname $ 
952		apple-data-stamp $ apple-password-server-location $
953		apple-password-server-list $ apple-ldap-replica $
954		apple-ldap-writable-replica $ apple-keyword $
955		apple-kdc-authkey $ apple-kdc-configdata $ apple-xmlplist $ ttl $
956		apple-last-serverid $ apple-enabled-auth-mech ) )
957
958#
959# Preset computer list object class.
960#
961objectclass (
962	1.3.6.1.4.1.63.1000.1.1.2.13
963	NAME 'apple-preset-computer-list'
964	DESC 'preset computer list'
965	SUP top STRUCTURAL
966	MUST ( cn )
967	MAY ( apple-mcxflags $
968	      apple-mcxsettings $
969	      apple-computer-list-groups $
970	      apple-keyword ) )
971#
972# Preset computer object class.
973# 
974
975objectclass (
976	1.3.6.1.4.1.63.1000.1.1.2.25
977	NAME 'apple-preset-computer'
978	DESC 'preset computer'
979	SUP top STRUCTURAL
980	MUST ( cn )
981	MAY ( apple-mcxflags $
982	      apple-mcxsettings $
983		  apple-computer-list-groups $
984	      apple-primarycomputerlist $
985		  description $
986		  apple-networkview $
987	      apple-keyword ) )
988#
989# Preset computer group object class.
990#AttributeTypes: 
991objectclass (
992	1.3.6.1.4.1.63.1000.1.1.2.26
993	NAME 'apple-preset-computer-group'
994	DESC 'preset computer group'
995	SUP top STRUCTURAL
996	MUST ( cn )
997	MAY ( gidNumber $
998	      memberUID $
999		  apple-mcxflags $
1000	      apple-mcxsettings $
1001		  apple-group-nestedgroup $
1002		  apple-group-memberguid $
1003		  description $
1004	      jpegPhoto $
1005	      apple-keyword ) )
1006
1007#
1008# Preset group object 1.3.6.1.4.1.63.1000.1.1.3.14
1009#
1010objectclass (
1011	1.3.6.1.4.1.63.1000.1.1.3.14
1012	NAME 'apple-preset-group'
1013	DESC 'preset group'
1014	SUP top STRUCTURAL
1015	MUST ( cn )
1016	MAY ( memberUid $
1017	      gidNumber $
1018	      description $
1019	      apple-group-homeurl $
1020	      apple-group-homeowner $
1021	      apple-mcxflags $
1022	      apple-mcxsettings $
1023	      apple-group-realname $
1024	      apple-keyword $
1025	      apple-group-nestedgroup $
1026	      apple-group-memberguid $
1027	      ttl $
1028	      jpegPhoto $
1029	      apple-group-services $
1030	      labeledURI $
1031	      apple-serviceslocator ) )
1032
1033#
1034# Preset user object attributes 1.3.6.1.4.1.63.1000.1.1.1.15
1035#
1036attributetype (
1037	1.3.6.1.4.1.63.1000.1.1.1.15.1
1038	NAME 'apple-preset-user-is-admin'
1039	DESC 'flag indicating whether the preset user is an administrator'
1040	EQUALITY caseExactIA5Match
1041	SUBSTR caseExactIA5SubstringsMatch
1042	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
1043
1044#
1045# Preset user object 1.3.6.1.4.1.63.1000.1.1.2.15
1046#
1047objectclass (
1048	1.3.6.1.4.1.63.1000.1.1.2.15
1049	NAME 'apple-preset-user'
1050	DESC 'preset user'
1051	SUP top STRUCTURAL
1052	MUST ( cn )
1053	MAY ( uid $
1054	      memberUid $
1055	      apple-group-memberguid $
1056	      gidNumber $
1057	      homeDirectory $
1058	      apple-user-homeurl $
1059	      apple-user-homequota $
1060	      apple-user-homesoftquota $
1061	      apple-user-mailattribute $
1062	      apple-user-printattribute $
1063	      apple-mcxflags $
1064	      apple-mcxsettings $
1065	      apple-user-adminlimits $
1066	      apple-user-passwordpolicy $
1067	      userPassword $
1068	      apple-user-picture $
1069	      apple-keyword $
1070	      loginShell $
1071	      description $
1072	      shadowLastChange $
1073	      shadowExpire $
1074	      authAuthority $
1075	      homeDrive $ scriptPath $ profilePath $ smbHome $
1076	      apple-preset-user-is-admin $
1077	      jpegPhoto $
1078	      apple-relationships $ apple-phonecontacts $ apple-emailcontacts $ apple-postaladdresses $ apple-mapcoordinates $
1079	      apple-serviceslocator ) )
1080
1081#
1082# Authentication authority attribute 1.3.6.1.4.1.63.1000.1.1.2.16.1
1083#
1084#attributetype (
1085#	1.3.6.1.4.1.63.1000.1.1.2.16.1
1086#	NAME 'authAuthority'
1087#	DESC 'password server authentication authority'
1088#	EQUALITY caseExactIA5Match
1089#	SUBSTR caseExactIA5SubstringsMatch
1090#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
1091
1092#attributetype (
1093#	1.3.6.1.4.1.63.1000.1.1.2.16.2
1094#	NAME ( 'authAuthority' 'authAuthority2' )
1095#	DESC 'password server authentication authority'
1096#	EQUALITY caseExactMatch
1097#	SUBSTR caseExactSubstringsMatch
1098#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
1099
1100#
1101# Authentication authority object 1.3.6.1.4.1.63.1000.1.1.2.16
1102#
1103objectclass (
1104	1.3.6.1.4.1.63.1000.1.1.2.16
1105	NAME 'authAuthorityObject'
1106	SUP top AUXILIARY
1107	MAY ( authAuthority ) )
1108
1109#
1110# Server Assistant configuration object 1.3.6.1.4.1.63.1000.1.1.2.17
1111#
1112objectclass (
1113	1.3.6.1.4.1.63.1000.1.1.2.17
1114	NAME 'apple-serverassistant-config'
1115	SUP top STRUCTURAL
1116	MUST ( cn )
1117	MAY ( apple-xmlplist ) )
1118
1119#
1120# Location object attributes 1.3.6.1.4.1.63.1000.1.1.1.18
1121#
1122attributetype (
1123	1.3.6.1.4.1.63.1000.1.1.1.18.1
1124	NAME 'apple-dns-domain'
1125	DESC 'DNS domain'
1126	EQUALITY caseExactMatch
1127	SUBSTR caseExactSubstringsMatch
1128	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
1129
1130attributetype (
1131	1.3.6.1.4.1.63.1000.1.1.1.18.2
1132	NAME 'apple-dns-nameserver'
1133	DESC 'DNS name server list'
1134	EQUALITY caseExactMatch
1135	SUBSTR caseExactSubstringsMatch
1136	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
1137
1138#
1139# Location object 1.3.6.1.4.1.63.1000.1.1.2.18
1140#
1141objectclass (
1142	1.3.6.1.4.1.63.1000.1.1.2.18
1143	NAME 'apple-location'
1144	SUP top AUXILIARY
1145	MUST ( cn )
1146	MAY ( apple-dns-domain $ apple-dns-nameserver ) )
1147	
1148#
1149# Service object attributes 1.3.6.1.4.1.63.1000.1.1.1.19
1150#
1151attributetype (
1152	1.3.6.1.4.1.63.1000.1.1.1.19.1
1153	NAME 'apple-service-type'
1154	DESC 'type of service'
1155	EQUALITY caseExactIA5Match
1156	SUBSTR caseExactIA5SubstringsMatch
1157	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
1158
1159#attributetype (
1160#	1.3.6.1.4.1.63.1000.1.1.1.19.2
1161#	NAME 'apple-service-url'
1162#	DESC 'URL of service'
1163#	EQUALITY caseExactIA5Match
1164#	SUBSTR caseExactIA5SubstringsMatch
1165#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
1166
1167attributetype (
1168	1.3.6.1.4.1.63.1000.1.1.1.19.3
1169	NAME 'apple-service-port'
1170	DESC 'Service port number'
1171	EQUALITY integerMatch
1172	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
1173
1174attributetype (
1175	1.3.6.1.4.1.63.1000.1.1.1.19.4
1176	NAME 'apple-dnsname'
1177	DESC 'DNS name'
1178	EQUALITY caseExactMatch
1179	SUBSTR caseExactSubstringsMatch
1180	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
1181	
1182attributetype (
1183	1.3.6.1.4.1.63.1000.1.1.1.19.5
1184	NAME 'apple-service-location'
1185	DESC 'Service location'
1186	EQUALITY caseExactMatch
1187	SUBSTR caseExactSubstringsMatch
1188	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
1189
1190#
1191# Service object 1.3.6.1.4.1.63.1000.1.1.2.19
1192#
1193objectclass (
1194	1.3.6.1.4.1.63.1000.1.1.2.19
1195	NAME 'apple-service'
1196	SUP top STRUCTURAL
1197	MUST ( cn $ 
1198	       apple-service-type )
1199	MAY ( ipHostNumber $ 
1200	      description $
1201		  apple-service-location $
1202		  apple-service-url $
1203		  apple-service-port $
1204		  apple-dnsname $
1205		  apple-keyword ) )
1206
1207#
1208# Neighborhood object attributes 1.3.6.1.4.1.63.1000.1.1.1.20
1209#
1210attributetype (
1211	1.3.6.1.4.1.63.1000.1.1.1.20.1
1212	NAME 'apple-nodepathxml'
1213	DESC 'XML plist of directory node path'
1214	EQUALITY caseExactMatch
1215	SUBSTR caseExactSubstringsMatch
1216	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
1217
1218attributetype (
1219	1.3.6.1.4.1.63.1000.1.1.1.20.2
1220	NAME 'apple-neighborhoodalias'
1221	DESC 'XML plist referring to another neighborhood record'
1222	EQUALITY caseExactMatch
1223	SUBSTR caseExactSubstringsMatch
1224	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
1225
1226attributetype (
1227	1.3.6.1.4.1.63.1000.1.1.1.20.3
1228	NAME 'apple-computeralias'
1229	DESC 'XML plist referring to a computer record'
1230	EQUALITY caseExactMatch
1231	SUBSTR caseExactSubstringsMatch
1232	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
1233
1234#
1235# Neighborhood object 1.3.6.1.4.1.63.1000.1.1.2.20
1236#
1237objectclass (
1238	1.3.6.1.4.1.63.1000.1.1.2.20
1239	NAME 'apple-neighborhood'
1240	SUP top STRUCTURAL
1241	MUST ( cn )
1242	MAY ( description $
1243	      apple-generateduid $
1244	      apple-category $
1245	      apple-nodepathxml $
1246	      apple-neighborhoodalias $
1247	      apple-computeralias $
1248	      apple-keyword $
1249	      apple-realname $
1250	      apple-xmlplist $
1251	      ttl ) )
1252
1253#
1254# ACL object attributes 1.3.6.1.4.1.63.1000.1.1.1.21
1255#
1256attributetype (
1257	1.3.6.1.4.1.63.1000.1.1.1.21.1
1258	NAME 'apple-acl-entry'
1259	DESC 'acl entry'
1260	EQUALITY caseExactMatch
1261	SUBSTR caseExactSubstringsMatch
1262	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
1263
1264#
1265# ACL object 1.3.6.1.4.1.63.1000.1.1.2.21
1266#
1267objectclass (
1268	1.3.6.1.4.1.63.1000.1.1.2.21
1269	NAME 'apple-acl'
1270	SUP top STRUCTURAL
1271	MUST ( cn $ 
1272	       apple-acl-entry ) )
1273		   
1274#
1275# Schema attributes 1.3.6.1.4.1.63.1000.1.1.1.22
1276#
1277#attributetype (
1278#	1.3.6.1.4.1.63.1000.1.1.1.22.1
1279#	NAME 'attributeTypesConfig'
1280#	DESC 'attribute type configuration'
1281#	EQUALITY objectIdentifierFirstComponentMatch
1282#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 )
1283
1284#attributetype (
1285#	1.3.6.1.4.1.63.1000.1.1.1.22.2
1286#	NAME 'objectClassesConfig'
1287#	DESC 'object class configuration'
1288#	EQUALITY objectIdentifierFirstComponentMatch
1289#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.37 )
1290
1291#
1292# Resource attributes 1.3.6.1.4.1.63.1000.1.1.1.23
1293#
1294
1295attributetype (
1296	1.3.6.1.4.1.63.1000.1.1.1.23.1
1297	NAME 'apple-resource-type'
1298	DESC 'resource type'
1299	EQUALITY caseExactIA5Match
1300	SUBSTR caseExactIA5SubstringsMatch
1301	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
1302
1303attributetype (
1304	1.3.6.1.4.1.63.1000.1.1.1.23.2
1305	NAME 'apple-resource-info'
1306	DESC 'resource info'
1307	EQUALITY caseExactMatch 
1308	SUBSTR caseExactSubstringsMatch
1309	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
1310
1311attributetype (
1312	1.3.6.1.4.1.63.1000.1.1.1.23.3
1313	NAME 'apple-capacity'
1314	DESC 'capacity'
1315	EQUALITY integerMatch
1316	SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )
1317
1318#
1319# Resource object 1.3.6.1.4.1.63.1000.1.1.2.23
1320#
1321
1322objectclass (
1323	1.3.6.1.4.1.63.1000.1.1.2.23
1324	NAME 'apple-resource'
1325	SUP top STRUCTURAL
1326	MUST ( cn )
1327	MAY ( 	apple-realname $ description $ jpegPhoto $ apple-keyword $
1328			apple-generateduid $ apple-contactguid $ apple-ownerguid $ 
1329			apple-resource-info $ apple-resource-type $ apple-capacity $ 	
1330			labeledURI $  apple-mapuri $ apple-serviceslocator $ apple-phonecontacts $
1331			c $ apple-mapguid $ apple-mapcoordinates $ apple-xmlplist ) )
1332
1333#
1334# Augment object 1.3.6.1.4.1.63.1000.1.1.2.24
1335#
1336
1337objectclass (
1338        1.3.6.1.4.1.63.1000.1.1.2.24
1339        NAME 'apple-augment'
1340        SUP top
1341        STRUCTURAL
1342        MUST ( cn ) )
1343
1344attributetype ( 
1345			1.3.6.1.1.1.1.31 
1346			NAME 'automountMapName'
1347            DESC 'automount Map Name'
1348            EQUALITY caseExactMatch
1349            SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
1350            SINGLE-VALUE )
1351
1352attributetype ( 
1353			1.3.6.1.1.1.1.32 
1354			NAME 'automountKey'
1355            DESC 'Automount Key value'
1356            EQUALITY caseExactMatch
1357            SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
1358            SINGLE-VALUE )
1359
1360attributetype ( 
1361			1.3.6.1.1.1.1.33 
1362			NAME 'automountInformation'
1363            DESC 'Automount information'
1364            EQUALITY caseExactMatch
1365            SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
1366            SINGLE-VALUE )
1367
1368objectclass ( 
1369			1.3.6.1.1.1.2.16 
1370			NAME 'automountMap' 
1371			SUP top STRUCTURAL
1372            MUST ( automountMapName )
1373            MAY description )
1374
1375objectclass ( 
1376			1.3.6.1.1.1.2.17 
1377			NAME 'automount' 
1378			SUP top STRUCTURAL
1379            DESC 'Automount'
1380            MUST ( automountKey $ automountInformation )
1381            MAY description )
1382
1383#
1384# Apple User Info object 1.3.6.1.4.1.63.1000.1.1.2.27
1385#
1386
1387objectclass (
1388	1.3.6.1.4.1.63.1000.1.1.2.27
1389	NAME 'apple-user-info'
1390	SUP top STRUCTURAL
1391	MAY ( 	apple-namesuffix $ apple-phonecontacts $ apple-emailcontacts $ apple-postaladdresses $
1392			telephoneNumber $ mobile $ facsimileTelephoneNumber $ pager $
1393			l $ st $ c $ postalCode $ postalAddress $ street $
1394			apple-imhandle $ loginShell $ jpegPhoto $ apple-user-picture $ description $ userCertificate $ userPKCS12) )
1395
1396#
1397# Apple Computer Info object 1.3.6.1.4.1.63.1000.1.1.2.31
1398#
1399
1400objectclass (
1401	1.3.6.1.4.1.63.1000.1.1.2.31
1402	NAME 'apple-computer-info'
1403	SUP top STRUCTURAL
1404	MAY (   apple-serviceinfo $ apple-serviceslocator $ apple-keyword $ userCertificate $ userPKCS12) )
1405
1406
1407## Schema elements for PWS records in LDAP
1408## Proposed schema elements for PWS records in LDAP
1409# Last login time.
1410attributetype ( 1.3.6.1.1.1.1.35
1411  NAME 'lastLoginTime'
1412  EQUALITY generalizedTimeMatch
1413  SYNTAX '1.3.6.1.4.1.1466.115.121.1.24'
1414  SINGLE-VALUE )
1415
1416# Time of last password change.
1417attributetype ( 1.3.6.1.1.1.1.36
1418  NAME 'passwordModDate'
1419  EQUALITY generalizedTimeMatch
1420  SYNTAX '1.3.6.1.4.1.1466.115.121.1.24'
1421  SINGLE-VALUE )
1422
1423# User's authdata GUID, this is essentially the PWS slotid
1424attributetype ( 1.3.6.1.1.1.1.37
1425  NAME 'authGUID'
1426  EQUALITY caseIgnoreMatch
1427  SUBSTR caseIgnoreSubstringsMatch
1428  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
1429
1430# Running tally of login failures.
1431attributetype ( 1.3.6.1.1.1.1.38
1432  NAME 'loginFailedAttempts'
1433  EQUALITY integerMatch
1434  SYNTAX '1.3.6.1.4.1.1466.115.121.1.27'
1435  SINGLE-VALUE )
1436
1437# Links the authdata record to the user record
1438attributetype ( 1.3.6.1.1.1.1.39
1439  NAME 'userLinkage'
1440  EQUALITY caseIgnoreMatch
1441  SUBSTR caseIgnoreSubstringsMatch
1442  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
1443
1444# String containing the reason for disabling.
1445attributetype ( 1.3.6.1.1.1.1.40
1446  NAME 'disableReason'
1447  EQUALITY caseIgnoreMatch
1448  SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
1449  SINGLE-VALUE )
1450
1451# The following are attributes storing the secrets for each auth type
1452attributetype ( 1.3.6.1.1.1.1.42
1453  NAME 'cmusaslsecretSMBNT'
1454  EQUALITY octetStringMatch
1455  SYNTAX '1.3.6.1.4.1.1466.115.121.1.40'
1456  SINGLE-VALUE )
1457
1458attributetype ( 1.3.6.1.1.1.1.43
1459  NAME 'cmusaslsecretSMBLM'
1460  EQUALITY octetStringMatch
1461  SYNTAX '1.3.6.1.4.1.1466.115.121.1.40'
1462  SINGLE-VALUE )
1463
1464attributetype ( 1.3.6.1.1.1.1.44
1465  NAME 'cmusaslsecretDIGEST-MD5'
1466  EQUALITY octetStringMatch
1467  SYNTAX '1.3.6.1.4.1.1466.115.121.1.40'
1468  SINGLE-VALUE )
1469
1470attributetype ( 1.3.6.1.1.1.1.45
1471  NAME 'cmusaslsecretCRAM-MD5'
1472  EQUALITY octetStringMatch
1473  SYNTAX '1.3.6.1.4.1.1466.115.121.1.40'
1474  SINGLE-VALUE )
1475
1476attributetype ( 1.3.6.1.1.1.1.46
1477  NAME 'cmusaslsecretPPS'
1478  EQUALITY octetStringMatch
1479  SYNTAX '1.3.6.1.4.1.1466.115.121.1.40'
1480  SINGLE-VALUE )
1481
1482# The realm name and principal name are stored in the "secrets" area for
1483# the kerberos auth types.  These may be unnecessary after the Heimdal transition.
1484attributetype ( 1.3.6.1.1.1.1.47
1485  NAME 'KerberosRealmName'
1486  EQUALITY caseIgnoreMatch
1487  SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
1488  SINGLE-VALUE )
1489
1490attributetype ( 1.3.6.1.1.1.1.48
1491  NAME 'KerberosPrincName'
1492  EQUALITY caseIgnoreMatch
1493  SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
1494  SINGLE-VALUE )
1495
1496# User password, stored DES encrypted for obfuscation.
1497attributetype ( 1.3.6.1.1.1.1.49
1498  NAME 'password'
1499  EQUALITY octetStringMatch
1500  SYNTAX '1.3.6.1.4.1.1466.115.121.1.40'
1501  SINGLE-VALUE )
1502
1503attributetype ( 1.3.6.1.1.1.1.50
1504  NAME 'adminGroups'
1505  SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
1506  SINGLE-VALUE )
1507
1508# DIGEST-MD5 hash with username, sasl realm, password
1509attributetype ( 1.3.6.1.1.1.1.51
1510  NAME 'cmusaslsecretDIGEST-UMD5'
1511  EQUALITY octetStringMatch
1512  SYNTAX '1.3.6.1.4.1.1466.115.121.1.40'
1513  SINGLE-VALUE )
1514
1515# Time the user was created.
1516attributetype ( 1.3.6.1.1.1.1.55
1517  NAME 'creationDate'
1518	EQUALITY generalizedTimeMatch
1519  SYNTAX '1.3.6.1.4.1.1466.115.121.1.24'
1520  SINGLE-VALUE )
1521
1522# History data
1523attributetype ( 1.3.6.1.1.1.1.56
1524  NAME 'historyData'
1525  EQUALITY octetStringMatch
1526  SYNTAX '1.3.6.1.4.1.1466.115.121.1.40'
1527  SINGLE-VALUE )
1528
1529# Time of newPasswordRequired being set.
1530attributetype ( 1.3.6.1.1.1.1.57
1531  NAME 'passwordRequiredDate'
1532  EQUALITY generalizedTimeMatch
1533  SYNTAX '1.3.6.1.4.1.1466.115.121.1.24'
1534  SINGLE-VALUE )
1535
1536# Krb schema 
1537attributetype ( 1.3.6.1.1.1.1.86
1538  NAME 'draft-krbPrincipalName'
1539  DESC 'Canonical principal name'
1540  EQUALITY caseExactIA5Match
1541  SUBSTR caseExactSubstringsMatch
1542  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
1543  SINGLE-VALUE )
1544
1545attributetype ( 1.3.6.1.1.1.1.87
1546  NAME 'draft-krbRealmName'
1547  EQUALITY octetStringMatch
1548  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
1549  
1550attributetype ( 1.3.6.1.1.1.1.88
1551  NAME 'draft-krbPrincipalAliases'
1552  SUP draft-krbPrincipalName )
1553  
1554attributetype ( 1.3.6.1.1.1.1.89
1555  NAME 'draft-krbTicketMaxLife'
1556  EQUALITY integerMatch
1557  ORDERING integerOrderingMatch
1558  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
1559  SINGLE-VALUE )
1560  
1561attributetype ( 1.3.6.1.1.1.1.90
1562  NAME 'draft-krbTicketMaxRenewal'
1563  EQUALITY integerMatch
1564  ORDERING integerOrderingMatch
1565  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
1566  SINGLE-VALUE )
1567  
1568attributetype ( 1.3.6.1.1.1.1.91
1569  NAME 'draft-krbEncSaltTypes'
1570  EQUALITY caseIgnoreMatch
1571  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
1572	
1573attributetype ( 1.3.6.1.1.1.1.92
1574  NAME 'draft-krbKeySet'
1575  EQUALITY octetStringMatch
1576  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) 
1577
1578attributetype ( 1.3.6.1.1.1.1.93
1579  NAME 'draft-krbKeyVersion'
1580  EQUALITY integerMatch
1581  ORDERING integerOrderingMatch
1582  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
1583  SINGLE-VALUE )
1584  
1585attributetype ( 1.3.6.1.1.1.1.94
1586  NAME 'draft-krbPrincipalRealm'
1587  DESC 'DN of krbRealm entry'
1588  SUP distinguishedName )
1589
1590attributetype ( 1.3.6.1.1.1.1.95
1591  NAME 'draft-krbTicketPolicy'
1592  EQUALITY integerMatch
1593  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
1594  SINGLE-VALUE )
1595  
1596attributetype ( 1.3.6.1.1.1.1.96
1597  NAME 'draft-krbExtraData'
1598  EQUALITY octetStringMatch
1599  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
1600
1601attributetype ( 1.3.6.1.1.1.1.98
1602  NAME 'draft-krbPrincipalACL'
1603  EQUALITY integerMatch
1604  SYNTAX '1.3.6.1.4.1.1466.115.121.1.27'
1605  SINGLE-VALUE )
1606  
1607attributetype ( 1.3.6.1.1.1.1.97
1608  NAME 'crschallenge'
1609  EQUALITY caseIgnoreMatch
1610  SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
1611  SINGLE-VALUE )
1612  
1613#  multivalued attribute to store computer account owner GUID.
1614attributetype ( 1.3.6.1.1.1.1.103
1615  NAME 'ownerGUIDList'
1616  DESC 'computer account owner GUID'
1617  EQUALITY caseIgnoreMatch
1618  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
1619   
1620# objectclass representing a user/slot.
1621# uid is the shortname of the user as stored in PWS.
1622# apple-generateduid is intended to match the user's UID.  Currently unpopulated
1623objectclass (
1624	1.3.6.1.4.1.63.1000.1.1.2.28
1625  NAME 'pwsAuthdata'
1626  STRUCTURAL
1627  MUST ( authGUID )
1628  MAY ( uid $ authGUID $ passwordModDate $ lastLoginTime $ loginFailedAttempts $
1629        disableReason $ apple-user-passwordpolicy $ adminGroups $ cmusaslsecretSMBNT $
1630		 cmusaslsecretSMBLM $ cmusaslsecretDIGEST-MD5 $ cmusaslsecretCRAM-MD5 $ cmusaslsecretPPS $
1631		 KerberosRealmName $ KerberosPrincName $ password $ creationDate $ historyData $
1632		 draft-krbPrincipalName $ draft-krbRealmName $ draft-krbPrincipalAliases $
1633		 draft-krbTicketMaxLife $ draft-krbTicketMaxRenewal $ draft-krbEncSaltTypes $
1634		 draft-krbKeySet $ draft-krbKeyVersion $ draft-krbPrincipalRealm $ draft-krbTicketPolicy $ 
1635		 draft-krbExtraData $ draft-krbPrincipalACL $ crschallenge $ userLinkage $
1636		 cmusaslsecretDIGEST-UMD5 $ ownerGUIDList ) )
1637
1638# Multi valued attribute to store the names of auth methods considered "weak"
1639# "weak" auth methods are not allowed to be used for some privileged operations
1640attributetype ( 1.3.6.1.1.1.1.76
1641      NAME 'weakAuthMethod'
1642      EQUALITY caseIgnoreMatch
1643      SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
1644
1645# object class storing global policy and weak auth methods.
1646objectclass (
1647	1.3.6.1.4.1.63.1000.1.1.2.29
1648  NAME 'pwPolicy'
1649  STRUCTURAL
1650  MUST ( cn )
1651  MAY ( apple-user-passwordpolicy $ weakAuthMethod $ passwordRequiredDate) )
1652
1653# PWS' private key.  Stored in authdata container for security.
1654attributetype ( 1.3.6.1.1.1.1.77
1655  NAME 'PWSPrivateKey'
1656  EQUALITY octetStringMatch
1657  SYNTAX '1.3.6.1.4.1.1466.115.121.1.40'
1658  SINGLE-VALUE )
1659
1660attributetype ( 1.3.6.1.1.1.1.78
1661   NAME 'PWSPublicKey'
1662   EQUALITY caseIgnoreMatch
1663   SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
1664   SINGLE-VALUE )
1665
1666# Allow storing the PWS private key in the root of the container, cn=config style
1667objectclass (
1668	1.3.6.1.4.1.63.1000.1.1.2.30
1669  NAME 'pwAuthData'
1670  SUP container
1671  MAY ( PWSPrivateKey $ PWSPublicKey ) )
1672
1673
1674# Allow storing certificate request information
1675
1676attributetype (	1.3.6.1.1.1.1.79
1677	NAME 'apple-transactionID'
1678	EQUALITY caseIgnoreMatch
1679	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
1680	SINGLE-VALUE )
1681
1682attributetype (	1.3.6.1.1.1.1.80
1683	NAME 'apple-pkiStatus'
1684	EQUALITY integerMatch
1685	SYNTAX '1.3.6.1.4.1.1466.115.121.1.27'
1686	SINGLE-VALUE )
1687
1688attributetype (	1.3.6.1.1.1.1.81
1689	NAME 'apple-failInfo'
1690	EQUALITY integerMatch
1691	SYNTAX '1.3.6.1.4.1.1466.115.121.1.27'
1692	SINGLE-VALUE )
1693
1694attributetype (	1.3.6.1.1.1.1.82
1695	NAME 'apple-certificateSigningRequest'
1696	EQUALITY certificateExactMatch
1697	SYNTAX '1.3.6.1.4.1.1466.115.121.1.8'
1698	SINGLE-VALUE )
1699
1700attributetype (	1.3.6.1.1.1.1.83
1701	NAME 'apple-device-guid'
1702	EQUALITY caseIgnoreMatch
1703	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
1704	SINGLE-VALUE )
1705
1706attributetype (	1.3.6.1.1.1.1.84
1707	NAME 'apple-issuer'
1708	EQUALITY caseIgnoreMatch
1709	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
1710	SINGLE-VALUE )
1711
1712attributetype (	1.3.6.1.1.1.1.85
1713	NAME 'apple-serialNumber'
1714	EQUALITY caseIgnoreMatch
1715	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
1716	SINGLE-VALUE )
1717	
1718attributetype (	1.3.6.1.1.1.1.99
1719	NAME 'apple-revocationReason'
1720	EQUALITY integerMatch
1721	SYNTAX '1.3.6.1.4.1.1466.115.121.1.27'
1722	SINGLE-VALUE )
1723
1724attributetype (	1.3.6.1.1.1.1.100
1725	NAME 'apple-revocationDate'
1726	EQUALITY generalizedTimeMatch
1727        SYNTAX '1.3.6.1.4.1.1466.115.121.1.24'
1728        SINGLE-VALUE )
1729
1730attributetype (	1.3.6.1.1.1.1.101
1731	NAME 'apple-validNotBefore'
1732	EQUALITY generalizedTimeMatch
1733        SYNTAX '1.3.6.1.4.1.1466.115.121.1.24'
1734        SINGLE-VALUE )
1735
1736attributetype (	1.3.6.1.1.1.1.102
1737	NAME 'apple-validNotAfter'
1738	EQUALITY generalizedTimeMatch
1739        SYNTAX '1.3.6.1.4.1.1466.115.121.1.24'
1740        SINGLE-VALUE )
1741
1742objectclass (
1743	1.3.6.1.4.1.63.1000.1.1.2.33
1744	NAME 'apple-certificateRequestInfo'
1745	SUP top STRUCTURAL
1746	MUST ( apple-transactionID $ apple-pkiStatus )
1747	MAY ( apple-failInfo $ apple-issuer $ apple-serialNumber $ 
1748              userCertificate $ apple-certificateSigningRequest $ apple-device-guid $ 
1749              apple-xmlplist $ apple-revocationReason $ apple-revocationDate $
1750              apple-validNotBefore $ apple-validNotAfter ) )
1751
1752