diff --git a/ldap/files/DB_CONFIG b/ldap/files/DB_CONFIG new file mode 100644 index 0000000..532fd6a --- /dev/null +++ b/ldap/files/DB_CONFIG @@ -0,0 +1,6 @@ +# one 0.25 GB cache +set_cachesize 0 268435456 1 + +# Transaction Log settings +set_lg_regionmax 262144 +set_lg_bsize 2097152 diff --git a/ldap/files/apple-auth.schema b/ldap/files/apple-auth.schema new file mode 100644 index 0000000..597ec30 --- /dev/null +++ b/ldap/files/apple-auth.schema @@ -0,0 +1,117 @@ +## local kludge to fix the apple.schema /fen + +# +# ACL object attributes 1.3.6.1.4.1.63.1000.1.1.1.21 +# +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.21.1 + NAME 'apple-acl-entry' + DESC 'acl entry' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +# +# Authentication authority attribute 1.3.6.1.4.1.63.1000.1.1.2.16.1 +# +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.2.16.1 + NAME 'authAuthority' + DESC 'password server authentication authority' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +#attributetype ( +# 1.3.6.1.4.1.63.1000.1.1.2.16.2 +# NAME ( 'authAuthority' 'authAuthority2' ) +# DESC 'password server authentication authority' +# EQUALITY caseExactMatch +# SUBSTR caseExactSubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +## +## Account flags in string format ([UWDX ]) +## +attributetype ( 1.3.6.1.4.1.7165.2.1.4 NAME 'acctFlags' + DESC 'Account Flags' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE ) +## +## Password timestamps & policies +## +attributetype ( 1.3.6.1.4.1.7165.2.1.3 NAME 'pwdLastSet' + DESC 'NT pwdLastSet' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.5 NAME 'logonTime' + DESC 'NT logonTime' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.6 NAME 'logoffTime' + DESC 'NT logoffTime' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.7 NAME 'kickoffTime' + DESC 'NT kickoffTime' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.8 NAME 'pwdCanChange' +# DESC 'NT pwdCanChange' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.9 NAME 'pwdMustChange' +# DESC 'NT pwdMustChange' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +## +## string settings +## +attributetype ( 1.3.6.1.4.1.7165.2.1.10 NAME 'homeDrive' + DESC 'NT homeDrive' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.11 NAME 'scriptPath' + DESC 'NT scriptPath' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.12 NAME 'profilePath' + DESC 'NT profilePath' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.13 NAME 'userWorkstations' + DESC 'userWorkstations' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.17 NAME 'smbHome' + DESC 'smbHome' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.18 NAME 'domain' +# DESC 'Windows NT domain to which the user belongs' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) + +## +## user and group RID +## +attributetype ( 1.3.6.1.4.1.7165.2.1.14 NAME 'rid' + DESC 'NT rid' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID' + DESC 'NT Group RID' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) diff --git a/ldap/files/apple.schema b/ldap/files/apple.schema new file mode 100644 index 0000000..11516d5 --- /dev/null +++ b/ldap/files/apple.schema @@ -0,0 +1,937 @@ +#ident $Id: apple.schema,v 1.3 2007/06/19 12:25:43 tmakinen Exp $ +# +# Preliminary Apple OS X Native LDAP Schema +# This file is subject to change. +# + +# +# Container structural object class. +# +#objectclass ( +# 1.2.840.113556.1.3.23 +# NAME 'container' +# SUP top +# STRUCTURAL +# MUST ( cn ) ) + +# +# Time to live +# +attributetype ( + 1.3.6.1.4.1.250.1.60 + NAME 'ttl' + EQUALITY integerMatch + SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE ) + +objectclass ( + 1.3.6.1.4.1.250.3.18 + NAME 'cacheObject' + AUXILIARY + SUP top + DESC 'Auxiliary object class to hold TTL caching information' + MAY ( ttl ) ) + +# +# User attributes 1.3.6.1.4.1.63.1000.1.1.1.1 +# +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.1.6 + NAME 'apple-user-homeurl' + DESC 'home directory URL' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.1.7 + NAME 'apple-user-class' + DESC 'user class' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.1.8 + NAME 'apple-user-homequota' + DESC 'home directory quota' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.1.9 + NAME 'apple-user-mailattribute' + DESC 'mail attribute' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.1.10 + NAME 'apple-mcxflags' + DESC 'mcx flags' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +#attributetype ( +# 1.3.6.1.4.1.63.1000.1.1.1.1.11 +# NAME 'apple-mcxsettings' +# DESC 'mcx settings' +# EQUALITY caseExactMatch +# SUBSTR caseExactSubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.1.16 + NAME ( 'apple-mcxsettings' 'apple-mcxsettings2' ) + DESC 'mcx settings' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.1.12 + NAME 'apple-user-picture' + DESC 'picture' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.1.13 + NAME 'apple-user-printattribute' + DESC 'print attribute' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.1.14 + NAME 'apple-user-adminlimits' + DESC 'admin limits' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.1.15 + NAME 'apple-user-authenticationhint' + DESC 'password hint' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.1.17 + NAME 'apple-user-homesoftquota' + DESC 'home directory soft quota' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.1.18 + NAME 'apple-user-passwordpolicy' + DESC 'password policy options' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.1.19 + NAME ( 'apple-keyword' ) + DESC 'keywords' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.1.20 + NAME ( 'apple-generateduid' ) + DESC 'generated unique ID' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.1.21 + NAME ( 'apple-imhandle' ) + DESC 'IM handle (service:account name)' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.1.22 + NAME ( 'apple-webloguri' ) + DESC 'Weblog URI' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +# Alternative to using homeDirectory from RFC 2307. +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.1.100 + NAME 'apple-user-homeDirectory' + DESC 'The absolute path to the home directory' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +# +# User object class. +# +objectclass ( + 1.3.6.1.4.1.63.1000.1.1.2.1 + NAME 'apple-user' + SUP top + AUXILIARY + DESC 'apple user account' + MAY ( apple-user-homeurl $ apple-user-class $ + apple-user-homequota $ apple-user-mailattribute $ + apple-user-printattribute $ apple-mcxflags $ + apple-mcxsettings $ apple-user-adminlimits $ + apple-user-picture $ apple-user-authenticationhint $ + apple-user-homesoftquota $ apple-user-passwordpolicy $ + apple-keyword $ apple-generateduid $ apple-imhandle $ apple-webloguri $ + authAuthority $ acctFlags $ pwdLastSet $ logonTime $ + logoffTime $ kickoffTime $ homeDrive $ scriptPath $ + profilePath $ userWorkstations $ smbHome $ rid $ + primaryGroupID $ sambaSID $ sambaPrimaryGroupSID $ + userCertificate $ apple-user-homeDirectory ) ) + +# +# Group attributes 1.3.6.1.4.1.63.1000.1.1.1.14 +# +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.14.1 + NAME 'apple-group-homeurl' + DESC 'group home url' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.14.2 + NAME 'apple-group-homeowner' + DESC 'group home owner settings' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.14.5 + NAME 'apple-group-realname' + DESC 'group real name' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.14.6 + NAME 'apple-group-nestedgroup' + DESC 'group real name' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.14.7 + NAME 'apple-group-memberguid' + DESC 'group real name' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +# Alternative to using memberUid from RFC 2307. +#attributetype ( +# 1.3.6.1.4.1.63.1000.1.1.1.14.1000 +# NAME 'apple-group-memberUid' +# DESC 'group member list' +# EQUALITY caseExactIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) +# can also use OID 1.3.6.1.4.1.63.1000.1.1.2.1000 + +# +# Group auxiliary object class. +# +objectclass ( + 1.3.6.1.4.1.63.1000.1.1.2.14 + NAME 'apple-group' + SUP top + AUXILIARY + DESC 'group account' + MAY ( apple-group-homeurl $ + apple-group-homeowner $ + apple-mcxflags $ + apple-mcxsettings $ + apple-group-realname $ + apple-user-picture $ + apple-keyword $ + apple-generateduid $ + apple-group-nestedgroup $ + apple-group-memberguid $ + mail $ + rid $ + sambaSID $ + ttl ) ) + +# +# Machine attributes 1.3.6.1.4.1.63.1000.1.1.1.3 +# +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.3.8 + NAME 'apple-machine-software' + DESC 'installed system software' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.3.9 + NAME 'apple-machine-hardware' + DESC 'system hardware description' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributeType ( + 1.3.6.1.4.1.63.1000.1.1.1.3.10 + NAME 'apple-machine-serves' + DESC 'NetInfo Domain Server Binding' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributeType ( + 1.3.6.1.4.1.63.1000.1.1.1.3.11 + NAME 'apple-machine-suffix' + DESC 'DIT suffix' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributeType ( + 1.3.6.1.4.1.63.1000.1.1.1.3.12 + NAME 'apple-machine-contactperson' + DESC 'Name of contact person/owner of this machine' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +# +# Machine auxiliary object class. +# +objectclass ( + 1.3.6.1.4.1.63.1000.1.1.2.3 + NAME 'apple-machine' + SUP top + AUXILIARY + MAY ( apple-machine-software $ + apple-machine-hardware $ + apple-machine-serves $ + apple-machine-suffix $ + apple-machine-contactperson ) ) + +# +# Mount attributes 1.3.6.1.4.1.63.1000.1.1.1.8 +# +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.8.1 + NAME 'mountDirectory' + DESC 'mount path' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.8.2 + NAME 'mountType' + DESC 'mount VFS type' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.8.3 + NAME 'mountOption' + DESC 'mount options' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.8.4 + NAME 'mountDumpFrequency' + DESC 'mount dump frequency' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.8.5 + NAME 'mountPassNo' + DESC 'mount passno' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +# Alternative to using 'cn' when adding mount record schema to other LDAP servers +#attributetype ( +# 1.3.6.1.4.1.63.1000.1.1.1.8.100 +# NAME ( 'apple-mount-name' ) +# DESC 'mount name' +# SUP name ) + +# +# Mount object 1.3.6.1.4.1.63.1000.1.1.2.8 +# +objectclass ( + 1.3.6.1.4.1.63.1000.1.1.2.8 + NAME 'mount' + SUP top STRUCTURAL + MUST ( cn ) + MAY ( mountDirectory $ + mountType $ + mountOption $ + mountDumpFrequency $ + mountPassNo ) ) + +# +# Printer attributes 1.3.6.1.4.1.63.1000.1.1.1.9 +# +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.9.1 + NAME 'apple-printer-attributes' + DESC 'printer attributes in /etc/printcap format' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.9.2 + NAME 'apple-printer-lprhost' + DESC 'printer LPR host name' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.9.3 + NAME 'apple-printer-lprqueue' + DESC 'printer LPR queue' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.9.4 + NAME 'apple-printer-type' + DESC 'printer type' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.9.5 + NAME 'apple-printer-note' + DESC 'printer note' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +# +# Printer object 1.3.6.1.4.1.63.1000.1.1.2.9 +# +objectclass ( + 1.3.6.1.4.1.63.1000.1.1.2.9 + NAME 'apple-printer' + SUP top STRUCTURAL + MUST ( cn ) + MAY ( apple-printer-attributes $ + apple-printer-lprhost $ + apple-printer-lprqueue $ + apple-printer-type $ + apple-printer-note ) ) + +# +# Computer attributes 1.3.6.1.4.1.63.1000.1.1.1.10 +# + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.10.2 + NAME 'apple-realname' + DESC 'real name' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.10.3 + NAME 'apple-networkview' + DESC 'Network view for the computer' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.10.4 + NAME 'apple-category' + DESC 'Category for the computer or neighborhood' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +# +# Computer list attributes 1.3.6.1.4.1.63.1000.1.1.1.11 +# + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.11.3 + NAME 'apple-computers' + DESC 'computers' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.11.4 + NAME 'apple-computer-list-groups' + DESC 'groups' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +# +# XML plist attribute 1.3.6.1.4.1.63.1000.1.1.1.17.1 +# +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.17.1 + NAME 'apple-xmlplist' + DESC 'XML plist data' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +# +# Service URL attributes 1.3.6.1.4.1.63.1000.1.1.1.19.2 +# +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.19.2 + NAME 'apple-service-url' + DESC 'URL of service' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +# +# Computer object 1.3.6.1.4.1.63.1000.1.1.2.10 +# +objectclass ( + 1.3.6.1.4.1.63.1000.1.1.2.10 + NAME 'apple-computer' + DESC 'computer' + SUP top STRUCTURAL + MUST ( cn ) + MAY ( apple-realname $ + description $ + macAddress $ + apple-category $ + apple-computer-list-groups $ + apple-keyword $ + apple-mcxflags $ + apple-mcxsettings $ + apple-networkview $ + apple-xmlplist $ + apple-service-url $ + authAuthority $ + uidNumber $ gidNumber $ apple-generateduid $ ttl $ + acctFlags $ pwdLastSet $ logonTime $ + logoffTime $ kickoffTime $ rid $ primaryGroupID $ + sambaSID $ sambaPrimaryGroupSID ) ) + +# +# Computer list object 1.3.6.1.4.1.63.1000.1.1.2.11 +# +objectclass ( + 1.3.6.1.4.1.63.1000.1.1.2.11 + NAME 'apple-computer-list' + DESC 'computer list' + SUP top STRUCTURAL + MUST ( cn ) + MAY ( apple-mcxflags $ + apple-mcxsettings $ + apple-computer-list-groups $ + apple-computers $ + apple-generateduid $ + apple-keyword ) ) + +# +# Configuration attributes 1.3.6.1.4.1.63.1000.1.1.1.12 +# +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.12.1 + NAME 'apple-password-server-location' + DESC 'password server location' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.12.2 + NAME 'apple-data-stamp' + DESC 'data stamp' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.12.3 + NAME 'apple-config-realname' + DESC 'config real name' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.12.4 + NAME 'apple-password-server-list' + DESC 'password server replication plist' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.12.5 + NAME 'apple-ldap-replica' + DESC 'LDAP replication list' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.12.6 + NAME 'apple-ldap-writable-replica' + DESC 'LDAP writable replication list' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.12.7 + NAME 'apple-kdc-authkey' + DESC 'KDC master key RSA encrypted with realm public key' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.12.8 + NAME 'apple-kdc-configdata' + DESC 'Contents of the kdc.conf file' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +# +# Configuration object 1.3.6.1.4.1.63.1000.1.1.2.12 +# +objectclass ( + 1.3.6.1.4.1.63.1000.1.1.2.12 + NAME 'apple-configuration' + DESC 'configuration' + SUP top STRUCTURAL + MAY ( cn $ apple-config-realname $ + apple-data-stamp $ apple-password-server-location $ + apple-password-server-list $ apple-ldap-replica $ + apple-ldap-writable-replica $ apple-keyword $ + apple-kdc-authkey $ apple-kdc-configdata $ apple-xmlplist $ ttl ) ) + +# +# Preset computer list object class. +# +objectclass ( + 1.3.6.1.4.1.63.1000.1.1.2.13 + NAME 'apple-preset-computer-list' + DESC 'preset computer list' + SUP top STRUCTURAL + MUST ( cn ) + MAY ( apple-mcxflags $ + apple-mcxsettings $ + apple-computer-list-groups $ + apple-keyword ) ) + +# +# Preset group object 1.3.6.1.4.1.63.1000.1.1.3.14 +# +objectclass ( + 1.3.6.1.4.1.63.1000.1.1.3.14 + NAME 'apple-preset-group' + DESC 'preset group' + SUP top STRUCTURAL + MUST ( cn ) + MAY ( memberUid $ + gidNumber $ + description $ + apple-group-homeurl $ + apple-group-homeowner $ + apple-mcxflags $ + apple-mcxsettings $ + apple-group-realname $ + apple-keyword $ + apple-group-nestedgroup $ + apple-group-memberguid $ + ttl ) ) + +# +# Preset user object attributes 1.3.6.1.4.1.63.1000.1.1.1.15 +# +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.15.1 + NAME 'apple-preset-user-is-admin' + DESC 'flag indicating whether the preset user is an administrator' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +# +# Preset user object 1.3.6.1.4.1.63.1000.1.1.2.15 +# +objectclass ( + 1.3.6.1.4.1.63.1000.1.1.2.15 + NAME 'apple-preset-user' + DESC 'preset user' + SUP top STRUCTURAL + MUST ( cn ) + MAY ( uid $ + memberUid $ + gidNumber $ + homeDirectory $ + apple-user-homeurl $ + apple-user-homequota $ + apple-user-homesoftquota $ + apple-user-mailattribute $ + apple-user-printattribute $ + apple-mcxflags $ + apple-mcxsettings $ + apple-user-adminlimits $ + apple-user-passwordpolicy $ + userPassword $ + apple-user-picture $ + apple-keyword $ + loginShell $ + description $ + shadowLastChange $ + shadowExpire $ + authAuthority $ + homeDrive $ scriptPath $ profilePath $ smbHome $ + apple-preset-user-is-admin ) ) + +# +# Authentication authority attribute 1.3.6.1.4.1.63.1000.1.1.2.16.1 +# +#attributetype ( +# 1.3.6.1.4.1.63.1000.1.1.2.16.1 +# NAME 'authAuthority' +# DESC 'password server authentication authority' +# EQUALITY caseExactIA5Match +# SUBSTR caseExactIA5SubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +#attributetype ( +# 1.3.6.1.4.1.63.1000.1.1.2.16.2 +# NAME ( 'authAuthority' 'authAuthority2' ) +# DESC 'password server authentication authority' +# EQUALITY caseExactMatch +# SUBSTR caseExactSubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +# +# Authentication authority object 1.3.6.1.4.1.63.1000.1.1.2.16 +# +objectclass ( + 1.3.6.1.4.1.63.1000.1.1.2.16 + NAME 'authAuthorityObject' + SUP top AUXILIARY + MAY ( authAuthority ) ) + +# +# Server Assistant configuration object 1.3.6.1.4.1.63.1000.1.1.2.17 +# +objectclass ( + 1.3.6.1.4.1.63.1000.1.1.2.17 + NAME 'apple-serverassistant-config' + SUP top STRUCTURAL + MUST ( cn ) + MAY ( apple-xmlplist ) ) + +# +# Location object attributes 1.3.6.1.4.1.63.1000.1.1.1.18 +# +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.18.1 + NAME 'apple-dns-domain' + DESC 'DNS domain' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.18.2 + NAME 'apple-dns-nameserver' + DESC 'DNS name server list' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +# +# Location object 1.3.6.1.4.1.63.1000.1.1.2.18 +# +objectclass ( + 1.3.6.1.4.1.63.1000.1.1.2.18 + NAME 'apple-location' + SUP top AUXILIARY + MUST ( cn ) + MAY ( apple-dns-domain $ apple-dns-nameserver ) ) + +# +# Service object attributes 1.3.6.1.4.1.63.1000.1.1.1.19 +# +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.19.1 + NAME 'apple-service-type' + DESC 'type of service' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +#attributetype ( +# 1.3.6.1.4.1.63.1000.1.1.1.19.2 +# NAME 'apple-service-url' +# DESC 'URL of service' +# EQUALITY caseExactIA5Match +# SUBSTR caseExactIA5SubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.19.3 + NAME 'apple-service-port' + DESC 'Service port number' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.19.4 + NAME 'apple-dnsname' + DESC 'DNS name' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.19.5 + NAME 'apple-service-location' + DESC 'Service location' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +# +# Service object 1.3.6.1.4.1.63.1000.1.1.2.19 +# +objectclass ( + 1.3.6.1.4.1.63.1000.1.1.2.19 + NAME 'apple-service' + SUP top STRUCTURAL + MUST ( cn $ + apple-service-type ) + MAY ( ipHostNumber $ + description $ + apple-service-location $ + apple-service-url $ + apple-service-port $ + apple-dnsname $ + apple-keyword ) ) + +# +# Neighborhood object attributes 1.3.6.1.4.1.63.1000.1.1.1.20 +# +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.20.1 + NAME 'apple-nodepathxml' + DESC 'XML plist of directory node path' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.20.2 + NAME 'apple-neighborhoodalias' + DESC 'XML plist referring to another neighborhood record' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +attributetype ( + 1.3.6.1.4.1.63.1000.1.1.1.20.3 + NAME 'apple-computeralias' + DESC 'XML plist referring to a computer record' + EQUALITY caseExactMatch + SUBSTR caseExactSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +# +# Neighborhood object 1.3.6.1.4.1.63.1000.1.1.2.20 +# +objectclass ( + 1.3.6.1.4.1.63.1000.1.1.2.20 + NAME 'apple-neighborhood' + SUP top STRUCTURAL + MUST ( cn ) + MAY ( description $ + apple-generateduid $ + apple-category $ + apple-nodepathxml $ + apple-neighborhoodalias $ + apple-computeralias $ + apple-keyword $ + apple-realname $ + apple-xmlplist $ + ttl ) ) + +# +# ACL object attributes 1.3.6.1.4.1.63.1000.1.1.1.21 +# +#attributetype ( +# 1.3.6.1.4.1.63.1000.1.1.1.21.1 +# NAME 'apple-acl-entry' +# DESC 'acl entry' +# EQUALITY caseExactMatch +# SUBSTR caseExactSubstringsMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + +# +# ACL object 1.3.6.1.4.1.63.1000.1.1.2.21 +# +objectclass ( + 1.3.6.1.4.1.63.1000.1.1.2.21 + NAME 'apple-acl' + SUP top STRUCTURAL + MUST ( cn $ + apple-acl-entry ) ) + +# +# Schema attributes 1.3.6.1.4.1.63.1000.1.1.1.22 +# +#attributetype ( +# 1.3.6.1.4.1.63.1000.1.1.1.22.1 +# NAME 'attributeTypesConfig' +# DESC 'attribute type configuration' +# EQUALITY objectIdentifierFirstComponentMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 ) + +#attributetype ( +# 1.3.6.1.4.1.63.1000.1.1.1.22.2 +# NAME 'objectClassesConfig' +# DESC 'object class configuration' +# EQUALITY objectIdentifierFirstComponentMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.37 ) diff --git a/ldap/files/autofs.schema b/ldap/files/autofs.schema new file mode 100644 index 0000000..d8af6f4 --- /dev/null +++ b/ldap/files/autofs.schema @@ -0,0 +1,23 @@ +# Depends upon core.schema and cosine.schema + +# OID Base is 1.3.6.1.4.1.2312.4 +# +# Attribute types are under 1.3.6.1.4.1.2312.4.1 +# Object classes are under 1.3.6.1.4.1.2312.4.2 +# Syntaxes are under 1.3.6.1.4.1.2312.4.3 + +# Attribute Type Definitions + +attributetype ( 1.3.6.1.1.1.1.25 NAME 'automountInformation' + DESC 'Information used by the autofs automounter' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +objectclass ( 1.3.6.1.1.1.1.13 NAME 'automount' SUP top STRUCTURAL + DESC 'An entry in an automounter map' + MUST ( cn $ automountInformation ) + MAY ( description ) ) + +objectclass ( 1.3.6.1.4.1.2312.4.2.2 NAME 'automountMap' SUP top STRUCTURAL + DESC 'An group of related automount objects' + MUST ( ou ) ) diff --git a/ldap/files/dnszone.schema b/ldap/files/dnszone.schema new file mode 100644 index 0000000..0714b0b --- /dev/null +++ b/ldap/files/dnszone.schema @@ -0,0 +1,155 @@ +# A schema for storing DNS zones in LDAP +# +attributetype ( 1.3.6.1.4.1.2428.20.0.0 NAME 'dNSTTL' + DESC 'An integer denoting time to live' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +attributetype ( 1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass' + DESC 'The class of a resource record' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.0.2 NAME 'zoneName' + DESC 'The name of a zone, i.e. the name of the highest node in the zone' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.0.3 NAME 'relativeDomainName' + DESC 'The starting labels of a domain name' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.12 NAME 'pTRRecord' + DESC 'domain name pointer, RFC 1035' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.13 NAME 'hInfoRecord' + DESC 'host information, RFC 1035' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.14 NAME 'mInfoRecord' + DESC 'mailbox or mail list information, RFC 1035' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.16 NAME 'tXTRecord' + DESC 'text string, RFC 1035' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.18 NAME 'aFSDBRecord' + DESC 'for AFS Data Base location, RFC 1183' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.24 NAME 'SigRecord' + DESC 'Signature, RFC 2535' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.25 NAME 'KeyRecord' + DESC 'Key, RFC 2535' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.28 NAME 'aAAARecord' + DESC 'IPv6 address, RFC 1886' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.29 NAME 'LocRecord' + DESC 'Location, RFC 1876' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.30 NAME 'nXTRecord' + DESC 'non-existant, RFC 2535' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.33 NAME 'sRVRecord' + DESC 'service location, RFC 2782' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.35 NAME 'nAPTRRecord' + DESC 'Naming Authority Pointer, RFC 2915' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.36 NAME 'kXRecord' + DESC 'Key Exchange Delegation, RFC 2230' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.37 NAME 'certRecord' + DESC 'certificate, RFC 2538' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.38 NAME 'a6Record' + DESC 'A6 Record Type, RFC 2874' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.39 NAME 'dNameRecord' + DESC 'Non-Terminal DNS Name Redirection, RFC 2672' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.43 NAME 'dSRecord' + DESC 'Delegation Signer, RFC 3658' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.44 NAME 'sSHFPRecord' + DESC 'SSH Key Fingerprint, draft-ietf-secsh-dns-05.txt' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.46 NAME 'rRSIGRecord' + DESC 'RRSIG, RFC 3755' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.2428.20.1.47 NAME 'nSECRecord' + DESC 'NSEC, RFC 3755' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +objectclass ( 1.3.6.1.4.1.2428.20.3 NAME 'dNSZone' + SUP top STRUCTURAL + MUST ( zoneName $ relativeDomainName ) + MAY ( DNSTTL $ DNSClass $ + ARecord $ MDRecord $ MXRecord $ NSRecord $ + SOARecord $ CNAMERecord $ PTRRecord $ HINFORecord $ + MINFORecord $ TXTRecord $ AFSDBRecord $ SIGRecord $ + KEYRecord $ AAAARecord $ LOCRecord $ NXTRecord $ + SRVRecord $ NAPTRRecord $ KXRecord $ CERTRecord $ + A6Record $ DNAMERecord $ DSRecord $ SSHFPRecord $ + RRSIGRecord $ NSECRecord ) ) diff --git a/ldap/files/hdb.schema b/ldap/files/hdb.schema new file mode 100644 index 0000000..3a55972 --- /dev/null +++ b/ldap/files/hdb.schema @@ -0,0 +1,139 @@ +# Definitions for a Kerberos V KDC schema +# +# $Id: hdb.schema,v 1.1 2006/12/30 19:30:57 tmakinen Exp $ +# +# This version is compatible with OpenLDAP 1.8 +# +# OID Base is iso(1) org(3) dod(6) internet(1) private(4) enterprise(1) padl(5322) kdcSchema(10) +# +# Syntaxes are under 1.3.6.1.4.1.5322.10.0 +# Attributes types are under 1.3.6.1.4.1.5322.10.1 +# Object classes are under 1.3.6.1.4.1.5322.10.2 + +# Syntax definitions + +#krb5KDCFlagsSyntax SYNTAX ::= { +# WITH SYNTAX INTEGER +#-- initial(0), -- require as-req +#-- forwardable(1), -- may issue forwardable +#-- proxiable(2), -- may issue proxiable +#-- renewable(3), -- may issue renewable +#-- postdate(4), -- may issue postdatable +#-- server(5), -- may be server +#-- client(6), -- may be client +#-- invalid(7), -- entry is invalid +#-- require-preauth(8), -- must use preauth +#-- change-pw(9), -- change password service +#-- require-hwauth(10), -- must use hwauth +#-- ok-as-delegate(11), -- as in TicketFlags +#-- user-to-user(12), -- may use user-to-user auth +#-- immutable(13) -- may not be deleted +# ID { 1.3.6.1.4.1.5322.10.0.1 } +#} + +#krb5PrincipalNameSyntax SYNTAX ::= { +# WITH SYNTAX OCTET STRING +#-- String representations of distinguished names as per RFC1510 +# ID { 1.3.6.1.4.1.5322.10.0.2 } +#} + +# Attribute type definitions + +attributetype ( 1.3.6.1.4.1.5322.10.1.1 + NAME 'krb5PrincipalName' + DESC 'The unparsed Kerberos principal name' + EQUALITY caseExactIA5Match + SINGLE-VALUE + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.4.1.5322.10.1.2 + NAME 'krb5KeyVersionNumber' + EQUALITY integerMatch + SINGLE-VALUE + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +attributetype ( 1.3.6.1.4.1.5322.10.1.3 + NAME 'krb5MaxLife' + EQUALITY integerMatch + SINGLE-VALUE + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +attributetype ( 1.3.6.1.4.1.5322.10.1.4 + NAME 'krb5MaxRenew' + EQUALITY integerMatch + SINGLE-VALUE + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +attributetype ( 1.3.6.1.4.1.5322.10.1.5 + NAME 'krb5KDCFlags' + EQUALITY integerMatch + SINGLE-VALUE + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +attributetype ( 1.3.6.1.4.1.5322.10.1.6 + NAME 'krb5EncryptionType' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) + +attributetype ( 1.3.6.1.4.1.5322.10.1.7 + NAME 'krb5ValidStart' + EQUALITY generalizedTimeMatch + ORDERING generalizedTimeOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.5322.10.1.8 + NAME 'krb5ValidEnd' + EQUALITY generalizedTimeMatch + ORDERING generalizedTimeOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.5322.10.1.9 + NAME 'krb5PasswordEnd' + EQUALITY generalizedTimeMatch + ORDERING generalizedTimeOrderingMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 + SINGLE-VALUE ) + +# this is temporary; keys will eventually +# be child entries or compound attributes. +attributetype ( 1.3.6.1.4.1.5322.10.1.10 + NAME 'krb5Key' + DESC 'Encoded ASN1 Key as an octet string' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) + +attributetype ( 1.3.6.1.4.1.5322.10.1.11 + NAME 'krb5PrincipalRealm' + DESC 'Distinguished name of krb5Realm entry' + SUP distinguishedName ) + +attributetype ( 1.3.6.1.4.1.5322.10.1.12 + NAME 'krb5RealmName' + EQUALITY octetStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128} ) + +# Object class definitions + +objectclass ( 1.3.6.1.4.1.5322.10.2.1 + NAME 'krb5Principal' + SUP top + AUXILIARY + MUST ( krb5PrincipalName ) + MAY ( cn $ krb5PrincipalRealm ) ) + +objectclass ( 1.3.6.1.4.1.5322.10.2.2 + NAME 'krb5KDCEntry' + SUP krb5Principal + AUXILIARY + MUST ( krb5KeyVersionNumber ) + MAY ( krb5ValidStart $ krb5ValidEnd $ krb5PasswordEnd $ + krb5MaxLife $ krb5MaxRenew $ krb5KDCFlags $ + krb5EncryptionType $ krb5Key ) ) + +objectclass ( 1.3.6.1.4.1.5322.10.2.3 + NAME 'krb5Realm' + SUP top + AUXILIARY + MUST ( krb5RealmName ) ) + diff --git a/ldap/files/openssh-lpk.schema b/ldap/files/openssh-lpk.schema new file mode 100644 index 0000000..62cdde7 --- /dev/null +++ b/ldap/files/openssh-lpk.schema @@ -0,0 +1,19 @@ +# +# LDAP Public Key Patch schema for use with openssh-ldappubkey +# Author: Eric AUGE +# +# Based on the proposal of : Mark Ruijter +# + + +# octetString SYNTAX +attributetype ( 1.3.6.1.4.1.22054.1.1.1.13 NAME 'sshPublicKey' + DESC 'MANDATORY: OpenSSH Public key' + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) + +# printableString SYNTAX yes|no +objectclass ( 1.3.6.1.4.1.22054.500.1.1.2.0 NAME 'ldapPublicKey' SUP top AUXILIARY + DESC 'MANDATORY: OpenSSH LPK objectclass' + MUST ( uid ) + MAY ( sshPublicKey ) + ) diff --git a/ldap/files/rfc2307bis.schema b/ldap/files/rfc2307bis.schema new file mode 100644 index 0000000..34e093a --- /dev/null +++ b/ldap/files/rfc2307bis.schema @@ -0,0 +1,270 @@ +#attributetype ( 1.3.6.1.1.1.1.0 NAME 'uidNumber' +# DESC 'An integer uniquely identifying a user in an administrative domain' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +#attributetype ( 1.3.6.1.1.1.1.1 NAME 'gidNumber' +# DESC 'An integer uniquely identifying a group in an administrative domain' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.2 NAME 'gecos' + DESC 'The GECOS field; the common name' + EQUALITY caseIgnoreIA5Match + SUBSTR caseIgnoreIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.3 NAME 'homeDirectory' + DESC 'The absolute path to the home directory' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.4 NAME 'loginShell' + DESC 'The path to the login shell' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.5 NAME 'shadowLastChange' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.6 NAME 'shadowMin' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.7 NAME 'shadowMax' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.8 NAME 'shadowWarning' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.9 NAME 'shadowInactive' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.10 NAME 'shadowExpire' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.11 NAME 'shadowFlag' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.12 NAME 'memberUid' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.1.1.1.13 NAME 'memberNisNetgroup' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.1.1.1.14 NAME 'nisNetgroupTriple' + DESC 'Netgroup triple' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.1.1.1.15 NAME 'ipServicePort' + DESC 'Service port number' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.16 NAME 'ipServiceProtocol' + DESC 'Service protocol name' + SUP name ) + +attributetype ( 1.3.6.1.1.1.1.17 NAME 'ipProtocolNumber' + DESC 'IP protocol number' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.18 NAME 'oncRpcNumber' + DESC 'ONC RPC number' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 + SINGLE-VALUE ) +attributetype ( 1.3.6.1.1.1.1.19 NAME 'ipHostNumber' + DESC 'IPv4 addresses as a dotted decimal omitting leading + zeros or IPv6 addresses as defined in RFC2373' + SUP name ) + +attributetype ( 1.3.6.1.1.1.1.20 NAME 'ipNetworkNumber' + DESC 'IP network as a dotted decimal, eg. 192.168, + omitting leading zeros' + SUP name + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.21 NAME 'ipNetmaskNumber' + DESC 'IP netmask as a dotted decimal, eg. 255.255.255.0, + omitting leading zeros' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.22 NAME 'macAddress' + DESC 'MAC address in maximal, colon separated hex + notation, eg. 00:00:92:90:ee:e2' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.1.1.1.23 NAME 'bootParameter' + DESC 'rpc.bootparamd parameter' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.1.1.1.24 NAME 'bootFile' + DESC 'Boot image name' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +attributetype ( 1.3.6.1.1.1.1.26 NAME 'nisMapName' + DESC 'Name of a A generic NIS map' + SUP name ) + +attributetype ( 1.3.6.1.1.1.1.27 NAME 'nisMapEntry' + DESC 'A generic NIS entry' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 + SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.28 NAME 'nisPublicKey' + DESC 'NIS public key' + EQUALITY octetStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.29 NAME 'nisSecretKey' + DESC 'NIS secret key' + EQUALITY octetStringMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.30 NAME 'nisDomain' + DESC 'NIS domain' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26) + +attributetype ( 1.3.6.1.1.1.1.31 NAME 'automountMapName' + DESC 'automount Map Name' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.32 NAME 'automountKey' + DESC 'Automount Key value' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.1.1.1.33 NAME 'automountInformation' + DESC 'Automount information' + EQUALITY caseExactIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' SUP top AUXILIARY + DESC 'Abstraction of an account with POSIX attributes' + MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory ) + MAY ( userPassword $ loginShell $ gecos $ + description ) ) + +objectclass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' SUP top AUXILIARY + DESC 'Additional attributes for shadow passwords' + MUST uid + MAY ( userPassword $ description $ + shadowLastChange $ shadowMin $ shadowMax $ + shadowWarning $ shadowInactive $ + shadowExpire $ shadowFlag ) ) + +objectclass ( 1.3.6.1.1.1.2.2 NAME 'posixGroup' SUP top AUXILIARY + DESC 'Abstraction of a group of accounts' + MUST gidNumber + MAY ( userPassword $ memberUid $ + description ) ) + +objectclass ( 1.3.6.1.1.1.2.3 NAME 'ipService' SUP top STRUCTURAL + DESC 'Abstraction an Internet Protocol service. + Maps an IP port and protocol (such as tcp or udp) + to one or more names; the distinguished value of + the cn attribute denotes the services canonical + name' + MUST ( cn $ ipServicePort $ ipServiceProtocol ) + MAY description ) + +objectclass ( 1.3.6.1.1.1.2.4 NAME 'ipProtocol' SUP top STRUCTURAL + DESC 'Abstraction of an IP protocol. Maps a protocol number + to one or more names. The distinguished value of the cn + attribute denotes the protocols canonical name' + MUST ( cn $ ipProtocolNumber ) + MAY description ) + +objectclass ( 1.3.6.1.1.1.2.5 NAME 'oncRpc' SUP top STRUCTURAL + DESC 'Abstraction of an Open Network Computing (ONC) + [RFC1057] Remote Procedure Call (RPC) binding. + This class maps an ONC RPC number to a name. + The distinguished value of the cn attribute denotes + the RPC services canonical name' + MUST ( cn $ oncRpcNumber ) + MAY description ) + +objectclass ( 1.3.6.1.1.1.2.6 NAME 'ipHost' SUP top AUXILIARY + DESC 'Abstraction of a host, an IP device. The distinguished + value of the cn attribute denotes the hosts canonical + name. Device SHOULD be used as a structural class' + MUST ( cn $ ipHostNumber ) + MAY ( userPassword $ l $ description $ manager ) ) + +objectclass ( 1.3.6.1.1.1.2.7 NAME 'ipNetwork' SUP top STRUCTURAL + DESC 'Abstraction of a network. The distinguished value of + the cn attribute denotes the networks canonical name' + MUST ipNetworkNumber + MAY ( cn $ ipNetmaskNumber $ l $ description $ manager ) ) + +objectclass ( 1.3.6.1.1.1.2.8 NAME 'nisNetgroup' SUP top STRUCTURAL + DESC 'Abstraction of a netgroup. May refer to other netgroups' + MUST cn + MAY ( nisNetgroupTriple $ memberNisNetgroup $ description ) ) + +objectclass ( 1.3.6.1.1.1.2.9 NAME 'nisMap' SUP top STRUCTURAL + DESC 'A generic abstraction of a NIS map' + MUST nisMapName + MAY description ) + +objectclass ( 1.3.6.1.1.1.2.10 NAME 'nisObject' SUP top STRUCTURAL + DESC 'An entry in a NIS map' + MUST ( cn $ nisMapEntry $ nisMapName ) + MAY description ) + +objectclass ( 1.3.6.1.1.1.2.11 NAME 'ieee802Device' SUP top AUXILIARY + DESC 'A device with a MAC address; device SHOULD be + used as a structural class' + MAY macAddress ) + +objectclass ( 1.3.6.1.1.1.2.12 NAME 'bootableDevice' SUP top AUXILIARY + DESC 'A device with boot parameters; device SHOULD be + used as a structural class' + MAY ( bootFile $ bootParameter ) ) + +objectclass ( 1.3.6.1.1.1.2.14 NAME 'nisKeyObject' SUP top AUXILIARY + DESC 'An object with a public and secret key' + MUST ( cn $ nisPublicKey $ nisSecretKey ) + MAY ( uidNumber $ description ) ) + +objectclass ( 1.3.6.1.1.1.2.15 NAME 'nisDomainObject' SUP top AUXILIARY + DESC 'Associates a NIS domain with a naming context' + MUST nisDomain ) + +objectclass ( 1.3.6.1.1.1.2.16 NAME 'automountMap' SUP top STRUCTURAL + MUST ( automountMapName ) + MAY description ) + +objectclass ( 1.3.6.1.1.1.2.17 NAME 'automount' SUP top STRUCTURAL + DESC 'Automount information' + MUST ( automountKey $ automountInformation ) + MAY description ) +## namedObject is needed for groups without members +objectclass ( 1.3.6.1.4.1.5322.13.1.1 NAME 'namedObject' SUP top + STRUCTURAL MAY cn ) + diff --git a/ldap/files/samba.schema b/ldap/files/samba.schema new file mode 100644 index 0000000..549a708 --- /dev/null +++ b/ldap/files/samba.schema @@ -0,0 +1,554 @@ +## +## schema file for OpenLDAP 2.x +## Schema for storing Samba user accounts and group maps in LDAP +## OIDs are owned by the Samba Team +## +## Prerequisite schemas - uid (cosine.schema) +## - displayName (inetorgperson.schema) +## - gidNumber (nis.schema) +## +## 1.3.6.1.4.1.7165.2.1.x - attributetypes +## 1.3.6.1.4.1.7165.2.2.x - objectclasses +## +## Printer support +## 1.3.6.1.4.1.7165.2.3.1.x - attributetypes +## 1.3.6.1.4.1.7165.2.3.2.x - objectclasses +## +## Samba4 +## 1.3.6.1.4.1.7165.4.1.x - attributetypes +## 1.3.6.1.4.1.7165.4.2.x - objectclasses +## 1.3.6.1.4.1.7165.4.3.x - LDB/LDAP Controls +## 1.3.6.1.4.1.7165.4.4.x - LDB/LDAP Extended Operations +## 1.3.6.1.4.1.7165.4.255.x - mapped OIDs due to conflicts between AD and standards-track +## +## ----- READ THIS WHEN ADDING A NEW ATTRIBUTE OR OBJECT CLASS ------ +## +## Run the 'get_next_oid' bash script in this directory to find the +## next available OID for attribute type and object classes. +## +## $ ./get_next_oid +## attributetype ( 1.3.6.1.4.1.7165.2.1.XX NAME .... +## objectclass ( 1.3.6.1.4.1.7165.2.2.XX NAME .... +## +## Also ensure that new entries adhere to the declaration style +## used throughout this file +## +## ( 1.3.6.1.4.1.7165.2.XX.XX NAME .... +## ^ ^ ^ +## +## The spaces are required for the get_next_oid script (and for +## readability). +## +## ------------------------------------------------------------------ + +# objectIdentifier SambaRoot 1.3.6.1.4.1.7165 +# objectIdentifier Samba3 SambaRoot:2 +# objectIdentifier Samba3Attrib Samba3:1 +# objectIdentifier Samba3ObjectClass Samba3:2 +# objectIdentifier Samba4 SambaRoot:4 + +######################################################################## +## HISTORICAL ## +######################################################################## + +## +## Password hashes +## +#attributetype ( 1.3.6.1.4.1.7165.2.1.1 NAME 'lmPassword' +# DESC 'LanManager Passwd' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.2 NAME 'ntPassword' +# DESC 'NT Passwd' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) + +## +## Account flags in string format ([UWDX ]) +## +#attributetype ( 1.3.6.1.4.1.7165.2.1.4 NAME 'acctFlags' +# DESC 'Account Flags' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE ) + +## +## Password timestamps & policies +## +#attributetype ( 1.3.6.1.4.1.7165.2.1.3 NAME 'pwdLastSet' +# DESC 'NT pwdLastSet' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.5 NAME 'logonTime' +# DESC 'NT logonTime' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.6 NAME 'logoffTime' +# DESC 'NT logoffTime' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.7 NAME 'kickoffTime' +# DESC 'NT kickoffTime' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.8 NAME 'pwdCanChange' +# DESC 'NT pwdCanChange' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.9 NAME 'pwdMustChange' +# DESC 'NT pwdMustChange' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +## +## string settings +## +#attributetype ( 1.3.6.1.4.1.7165.2.1.10 NAME 'homeDrive' +# DESC 'NT homeDrive' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.11 NAME 'scriptPath' +# DESC 'NT scriptPath' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.12 NAME 'profilePath' +# DESC 'NT profilePath' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.13 NAME 'userWorkstations' +# DESC 'userWorkstations' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.17 NAME 'smbHome' +# DESC 'smbHome' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.18 NAME 'domain' +# DESC 'Windows NT domain to which the user belongs' +# EQUALITY caseIgnoreIA5Match +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) + +## +## user and group RID +## +#attributetype ( 1.3.6.1.4.1.7165.2.1.14 NAME 'rid' +# DESC 'NT rid' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +#attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID' +# DESC 'NT Group RID' +# EQUALITY integerMatch +# SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +## +## The smbPasswordEntry objectclass has been depreciated in favor of the +## sambaAccount objectclass +## +#objectclass ( 1.3.6.1.4.1.7165.2.2.1 NAME 'smbPasswordEntry' SUP top AUXILIARY +# DESC 'Samba smbpasswd entry' +# MUST ( uid $ uidNumber ) +# MAY ( lmPassword $ ntPassword $ pwdLastSet $ acctFlags )) + +#objectclass ( 1.3.6.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL +# DESC 'Samba Account' +# MUST ( uid $ rid ) +# MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $ +# logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $ +# displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $ +# description $ userWorkstations $ primaryGroupID $ domain )) + +#objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY +# DESC 'Samba Auxiliary Account' +# MUST ( uid $ rid ) +# MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $ +# logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $ +# displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $ +# description $ userWorkstations $ primaryGroupID $ domain )) + +######################################################################## +## END OF HISTORICAL ## +######################################################################## + +####################################################################### +## Attributes used by Samba 3.0 schema ## +####################################################################### + +## +## Password hashes +## +attributetype ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' + DESC 'LanManager Password' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' + DESC 'MD4 hash of the unicode password' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) + +## +## Account flags in string format ([UWDX ]) +## +attributetype ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' + DESC 'Account Flags' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE ) + +## +## Password timestamps & policies +## +attributetype ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' + DESC 'Timestamp of the last password update' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange' + DESC 'Timestamp of when the user is allowed to update the password' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' + DESC 'Timestamp of when the password will expire' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime' + DESC 'Timestamp of last logon' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' + DESC 'Timestamp of last logoff' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' + DESC 'Timestamp of when the user will be logged off automatically' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount' + DESC 'Bad password attempt count' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime' + DESC 'Time of the last bad password attempt' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' + DESC 'Logon Hours' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42} SINGLE-VALUE ) + +## +## string settings +## +attributetype ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' + DESC 'Driver letter of home directory mapping' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript' + DESC 'Logon script path' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' + DESC 'Roaming profile path' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations' + DESC 'List of user workstations the user is allowed to logon to' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath' + DESC 'Home directory UNC path' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' + DESC 'Windows NT domain to which the user belongs' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' + DESC 'Base64 encoded user parameter string' + EQUALITY caseExactMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' + DESC 'Concatenated MD5 hashes of the salted NT passwords used on this account' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} ) + +## +## SID, of any type +## + +attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' + DESC 'Security ID' + EQUALITY caseIgnoreIA5Match + SUBSTR caseExactIA5SubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) + +## +## Primary group SID, compatible with ntSid +## + +attributetype ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID' + DESC 'Primary Group Security ID' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList' + DESC 'Security ID List' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} ) + +## +## group mapping attributes +## +attributetype ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' + DESC 'NT Group Type' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +## +## Store info on the domain +## + +attributetype ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid' + DESC 'Next NT rid to give our for users' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid' + DESC 'Next NT rid to give out for groups' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid' + DESC 'Next NT rid to give out for anything' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase' + DESC 'Base at which the samba RID generation algorithm should operate' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName' + DESC 'Share Name' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName' + DESC 'Option Name' + EQUALITY caseIgnoreMatch + SUBSTR caseIgnoreSubstringsMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption' + DESC 'A boolean option' + EQUALITY booleanMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption' + DESC 'An integer option' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption' + DESC 'A string option' + EQUALITY caseExactIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption' + DESC 'A string list option' + EQUALITY caseIgnoreMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) + + +##attributetype ( 1.3.6.1.4.1.7165.2.1.50 NAME 'sambaPrivName' +## SUP name ) + +##attributetype ( 1.3.6.1.4.1.7165.2.1.52 NAME 'sambaPrivilegeList' +## DESC 'Privileges List' +## EQUALITY caseIgnoreIA5Match +## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} ) + +attributetype ( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags' + DESC 'Trust Password Flags' + EQUALITY caseIgnoreIA5Match + SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) + +# "min password length" +attributetype ( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength' + DESC 'Minimal password length (default: 5)' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +# "password history" +attributetype ( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength' + DESC 'Length of Password History Entries (default: 0 => off)' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +# "user must logon to change password" +attributetype ( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd' + DESC 'Force Users to logon for password change (default: 0 => off, 2 => on)' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +# "maximum password age" +attributetype ( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge' + DESC 'Maximum password age, in seconds (default: -1 => never expire passwords)' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +# "minimum password age" +attributetype ( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge' + DESC 'Minimum password age, in seconds (default: 0 => allow immediate password change)' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +# "lockout duration" +attributetype ( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration' + DESC 'Lockout duration in minutes (default: 30, -1 => forever)' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +# "reset count minutes" +attributetype ( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservationWindow' + DESC 'Reset time after lockout in minutes (default: 30)' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +# "bad lockout attempt" +attributetype ( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold' + DESC 'Lockout users after bad logon attempts (default: 0 => off)' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +# "disconnect time" +attributetype ( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff' + DESC 'Disconnect Users outside logon hours (default: -1 => off, 0 => on)' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + +# "refuse machine password change" +attributetype ( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange' + DESC 'Allow Machine Password changes (default: 0 => off)' + EQUALITY integerMatch + SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) + + + + +####################################################################### +## objectClasses used by Samba 3.0 schema ## +####################################################################### + +## The X.500 data model (and therefore LDAPv3) says that each entry can +## only have one structural objectclass. OpenLDAP 2.0 does not enforce +## this currently but will in v2.1 + +## +## added new objectclass (and OID) for 3.0 to help us deal with backwards +## compatibility with 2.2 installations (e.g. ldapsam_compat) --jerry +## +objectclass ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY + DESC 'Samba 3.0 Auxilary SAM Account' + MUST ( uid $ sambaSID ) + MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ + sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $ + sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $ + displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $ + sambaProfilePath $ description $ sambaUserWorkstations $ + sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $ + sambaBadPasswordCount $ sambaBadPasswordTime $ + sambaPasswordHistory $ sambaLogonHours)) + +## +## Group mapping info +## +objectclass ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY + DESC 'Samba Group Mapping' + MUST ( gidNumber $ sambaSID $ sambaGroupType ) + MAY ( displayName $ description $ sambaSIDList )) + +## +## Trust password for trust relationships (any kind) +## +objectclass ( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' SUP top STRUCTURAL + DESC 'Samba Trust Password' + MUST ( sambaDomainName $ sambaNTPassword $ sambaTrustFlags ) + MAY ( sambaSID $ sambaPwdLastSet )) + +## +## Whole-of-domain info +## +objectclass ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL + DESC 'Samba Domain Information' + MUST ( sambaDomainName $ + sambaSID ) + MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ + sambaAlgorithmicRidBase $ + sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd $ + sambaMaxPwdAge $ sambaMinPwdAge $ + sambaLockoutDuration $ sambaLockoutObservationWindow $ sambaLockoutThreshold $ + sambaForceLogoff $ sambaRefuseMachinePwdChange )) + +## +## used for idmap_ldap module +## +objectclass ( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' SUP top AUXILIARY + DESC 'Pool for allocating UNIX uids/gids' + MUST ( uidNumber $ gidNumber ) ) + + +objectclass ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' SUP top AUXILIARY + DESC 'Mapping from a SID to an ID' + MUST ( sambaSID ) + MAY ( uidNumber $ gidNumber ) ) + +objectclass ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' SUP top STRUCTURAL + DESC 'Structural Class for a SID' + MUST ( sambaSID ) ) + +objectclass ( 1.3.6.1.4.1.7165.2.2.10 NAME 'sambaConfig' SUP top AUXILIARY + DESC 'Samba Configuration Section' + MAY ( description ) ) + +objectclass ( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' SUP top STRUCTURAL + DESC 'Samba Share Section' + MUST ( sambaShareName ) + MAY ( description ) ) + +objectclass ( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' SUP top STRUCTURAL + DESC 'Samba Configuration Option' + MUST ( sambaOptionName ) + MAY ( sambaBoolOption $ sambaIntegerOption $ sambaStringOption $ + sambaStringListoption $ description ) ) + + +## retired during privilege rewrite +##objectclass ( 1.3.6.1.4.1.7165.2.2.13 NAME 'sambaPrivilege' SUP top AUXILIARY +## DESC 'Samba Privilege' +## MUST ( sambaSID ) +## MAY ( sambaPrivilegeList ) ) diff --git a/ldap/manifests/init.pp b/ldap/manifests/init.pp index cdebbea..d61a95d 100644 --- a/ldap/manifests/init.pp +++ b/ldap/manifests/init.pp @@ -58,3 +58,79 @@ class ldap::client::ruby inherits ldap::client { } } + + +# Install OpenLDAP server. +# +class ldap::server { + + package { [ "openldap-servers", "openldap-servers-overlays", ]: + ensure => installed, + } + + service { "ldap": + ensure => running, + enable => true, + require => Package["openldap-servers"], + } + + file { "/etc/openldap/slapd.conf": + ensure => present, + source => [ "puppet:///files/ldap/slapd.conf.${fqdn}", + "puppet:///files/ldap/slapd.conf", ], + mode => 0640, + owner => root, + group => ldap, + notify => Service["ldap"], + require => Package["openldap-servers"], + } + + file { "/var/lib/ldap/DB_CONFIG": + ensure => present, + source => [ "puppet:///files/ldap/DB_CONFIG.${fqdn}", + "puppet:///files/ldap/DB_CONFIG", + "puppet:///ldap/DB_CONFIG", ], + mode => 0644, + owner => root, + group => root, + require => Package["openldap-servers"], + } + + ldap::server::schema { "apple-auth": } + ldap::server::schema { "apple": } + ldap::server::schema { "autofs": } + ldap::server::schema { "dnszone": } + ldap::server::schema { "hdb": } + ldap::server::schema { "openssh-lpk": } + ldap::server::schema { "rfc2307bis": } + ldap::server::schema { "samba": } + +} + + +# Install custom schema to OpenLDAP. +# +# === Parameters +# +# $name: +# Schema name. +# +# === Sample usage +# +# ldap::server::schema { "samba": } +# +define ldap::server::schema() { + + include ldap::server + + file { "/etc/openldap/schema/${name}.schema": + ensure => present, + source => [ "puppet:///files/ldap/${name}.schema", + "puppet:///ldap/${name}.schema", ], + mode => 0644, + owner => root, + group => root, + require => Package["openldap-servers"], + } + +}