schema/000075500000000000000000000000001223445131100123105ustar00rootroot00000000000000schema/autofs.schema000064400000000000000000000013541223445131100147760ustar00rootroot00000000000000# Depends upon core.schema and cosine.schema # OID Base is 1.3.6.1.4.1.2312.4 # # Attribute types are under 1.3.6.1.4.1.2312.4.1 # Object classes are under 1.3.6.1.4.1.2312.4.2 # Syntaxes are under 1.3.6.1.4.1.2312.4.3 # Attribute Type Definitions attributetype ( 1.3.6.1.1.1.1.25 NAME 'automountInformation' DESC 'Information used by the autofs automounter' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) objectclass ( 1.3.6.1.1.1.1.13 NAME 'automount' SUP top STRUCTURAL DESC 'An entry in an automounter map' MUST ( cn $ automountInformation ) MAY ( description ) ) objectclass ( 1.3.6.1.4.1.2312.4.2.2 NAME 'automountMap' SUP top STRUCTURAL DESC 'An group of related automount objects' MUST ( ou ) ) schema/courier.schema000064400000000000000000000100221223445131100151350ustar00rootroot00000000000000#$Id: authldap.schema,v 1.8 2005/03/20 19:10:30 mrsam Exp $ # # OID prefix: 1.3.6.1.4.1.10018 # # Attributes: 1.3.6.1.4.1.10018.1.1 # # Depends on: nis.schema, which depends on cosine.schema attributetype ( 1.3.6.1.4.1.10018.1.1.1 NAME 'mailbox' DESC 'The absolute path to the mailbox for a mail account in a non-default location' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.10018.1.1.2 NAME 'quota' DESC 'A string that represents the quota on a mailbox' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.10018.1.1.3 NAME 'clearPassword' DESC 'A separate text that stores the mail account password in clear text' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40{128}) attributetype ( 1.3.6.1.4.1.10018.1.1.4 NAME 'maildrop' DESC 'RFC822 Mailbox - mail alias' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) attributetype ( 1.3.6.1.4.1.10018.1.1.5 NAME 'mailsource' DESC 'Message source' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.10018.1.1.6 NAME 'virtualdomain' DESC 'A mail domain that is mapped to a single mail account' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.10018.1.1.7 NAME 'virtualdomainuser' DESC 'Mailbox that receives mail for a mail domain' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.10018.1.1.8 NAME 'defaultdelivery' DESC 'Default mail delivery instructions' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.10018.1.1.9 NAME 'disableimap' DESC 'Set this attribute to 1 to disable IMAP access' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.10018.1.1.10 NAME 'disablepop3' DESC 'Set this attribute to 1 to disable POP3 access' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.10018.1.1.11 NAME 'disablewebmail' DESC 'Set this attribute to 1 to disable IMAP access' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.10018.1.1.12 NAME 'sharedgroup' DESC 'Virtual shared group' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.10018.1.1.13 NAME 'disableshared' DESC 'Set this attribute to 1 to disable shared mailbox usage' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.10018.1.1.14 NAME 'proxymailhost' DESC 'Host to which incoming POP/IMAP connections should be proxied' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # # Objects: 1.3.6.1.4.1.10018.1.2 # objectclass ( 1.3.6.1.4.1.10018.1.2.1 NAME 'CourierMailAccount' SUP top AUXILIARY DESC 'Mail account object as used by the Courier mail server' MUST ( mail $ homeDirectory ) MAY ( uidNumber $ gidNumber $ mailbox $ uid $ cn $ gecos $ description $ loginShell $ quota $ userPassword $ clearPassword $ defaultdelivery $ disableimap $ disablepop3 $ disablewebmail $ sharedgroup $ disableshared $ proxymailhost) ) objectclass ( 1.3.6.1.4.1.10018.1.2.2 NAME 'CourierMailAlias' SUP top AUXILIARY DESC 'Mail aliasing/forwarding entry' MUST ( mail $ maildrop ) MAY ( mailsource $ description ) ) objectclass ( 1.3.6.1.4.1.10018.1.2.3 NAME 'CourierDomainAlias' SUP top AUXILIARY DESC 'Domain mail aliasing/forwarding entry' MUST ( virtualdomain $ virtualdomainuser ) MAY ( mailsource $ description ) ) schema/cron.schema000064400000000000000000000033621223445131100144370ustar00rootroot00000000000000# # cron directory schema v0.6 # # Created: February 17, 2001 # Author: David E. Storey # # This is an experimental schema. # There are no known daemons that support this schema. # (and if there are, please tell me) # attributetype ( 1.3.6.1.4.1.7006.1.3.1.1 NAME 'cronHost' DESC 'host(s) to run crontab' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # # values in a crontab that are seperated by a ',' should map # to multiple values of the corresponding attributetype # in this schema. # attributetype ( 1.3.6.1.4.1.7006.1.3.1.2 NAME 'cronMinute' SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) attributetype ( 1.3.6.1.4.1.7006.1.3.1.3 NAME 'cronHour' SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) attributetype ( 1.3.6.1.4.1.7006.1.3.1.4 NAME 'cronDay' SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) attributetype ( 1.3.6.1.4.1.7006.1.3.1.5 NAME 'cronMonth' SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) attributetype ( 1.3.6.1.4.1.7006.1.3.1.6 NAME 'cronDayOfWeek' SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 ) attributetype ( 1.3.6.1.4.1.7006.1.3.1.7 NAME 'cronCommand' DESC 'Command shell string to be executed' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7006.1.3.1.8 NAME 'cronActive' DESC 'Denotes the active/inactive state of the cron entry' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) # # cronEntry # # what should cron daemons do with an empty cronHost attribute? # # cron[Minute|Hour|Day|Month|DayOfWeek] are optional. # Absence of any of these attributes assumes a value of '*'. # objectclass ( 1.3.6.1.4.1.7006.1.3.2.1 NAME 'cronEntry' SUP top STRUCTURAL MUST ( cn $ cronCommand $ uid ) MAY ( cronHost $ cronMinute $ cronHour $ cronDay $ cronMonth $ cronDayOfWeek $ owner $ description ) ) schema/dns.schema000064400000000000000000000107761223445131100142710ustar00rootroot00000000000000# # dns.schema # # Author: David E. Storey # Created: February 27, 2001 # Updated: March 3rd, 2001 # Version: 0.1.1 # # Product specific extensions can be added by subclassing these objectclasses. # If more global changes are required, use multiple inheritance. # # TODO: loads # # # dnsServer # # Should probably store zones that we serve # objectclass ( oid NAME 'dnsServer' SUP top AUXILIARY MAY member ) # # base RR Objectclass # attributetype ( oid NAME 'dnsTTL' DESC 'Time To Live' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) # # DNS Class Attribute # If not specified, should assume 'IN'. # attributetype ( oid NAME 'dnsClass' DESC 'Class (for example, CHAOS or IN)' SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 SINGLE-VALUE ) # The commonName attribute should be the Fully Qualified Domain Name of the domain we're storing objectclass ( oid NAME 'dnsResourceRecord' DESC 'Abstract objectclass from which all DNS Record Types should subclass' SUP top ABSTRACT MUST cn MAY ( dnsTTL $ dnsClass ) ) # # Start of Authority (SOA) # # # This should not be a DN, but rather the actual name of the host. # If it is not an FQDN, the host name should be taken relative to the zone. # attributetype ( oid NAME 'dnsSOAPrimaryNS' DESC 'Primary nameserver for the zone' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) attributetype ( oid NAME 'dnsSOAHostmasterMail' DESC 'Mailbox for zone administrator' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) attributetype ( oid NAME 'dnsSOASerial' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( oid NAME 'dnsSOARefresh' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( oid NAME 'dnsSOARetry' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( oid NAME 'dnsSOAExpire' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( oid NAME 'dnsSOAMinimum' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) objectclass ( oid NAME 'dnsSOARecord' DESC 'DNS Start Of Authority Record' SUP dnsResourceRecord AUXILIARY MAY ( dnsSOAPrimaryNS $ dnsSOAHostmasterMail $ dnsSOASerial $ dnsSOARefresh $ dnsSOARetry $ dnsSOAExpire $ dnsSOAMinimum ) ) # # NS # attributetype ( oid NAME 'dnsNSHost' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) objectclass ( oid NAME 'dnsNSRecord' DESC 'DNS Name Server Record' SUP dnsResourceRecord AUXILIARY MUST dnsNSHost ) # # MX # attributetype ( oid NAME 'dnsMXPreference' DESC 'Mail Exchanger Preference' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( oid NAME 'dnsMXHost' DESC 'Mail Exchanger' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) objectclass ( oid NAME 'dnsMXRecord' DESC 'DNS Mail Exchanger Record' SUP dnsResourceRecord AUXILIARY MUST ( dnsMXPreference $ dnsMXHost ) ) # # A # objectclass ( oid NAME 'dnsARecord' SUP dnsResourceRecord AUXILIARY MUST ipHostNumber ) # # CNAME # objectclass ( oid NAME 'dnsCNAMERecord' SUP dnsResourceRecord AUXILIARY ) # # TXT # objectclass ( oid NAME 'dnsTXTRecord' SUP dnsResourceRecord AUXILIARY ) # # PTR # objectclass ( oid NAME 'dnsPTRRecord' SUP dnsResourceRecord AUXILIARY MUST ipHostNumber ) # # SRV # attributetype ( oid NAME 'dnsSRVPriority' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( oid NAME 'dnsSRVWeight' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( oid NAME 'dnsSRVPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( oid NAME 'dnsSRVTarget' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) objectclass ( oid NAME 'dnsSRVRecord' DESC 'Resource Location Record' SUP dnsResourceRecord AUXILIARY MUST ( ipServiceProtocol $ dnsSRVPriority $ dnsSRVWeight $ dnsSRVPort $ dnsSRVTarget ) ) # # HINFO # attributetype ( oid NAME 'dnsHardware' SINGLE-VALUE ) attributetype ( oid NAME 'dnsSoftware' SINGLE-VALUE ) objectclass ( oid NAME 'dnsHINFORecord' DESC 'Host Information Record' MUST ( dnsHardware $ dnsSoftware ) ) # # TKEY # objectclass ( oid NAME 'dnsTKEYRecord' ) # # Generic Resource Record # attributetype ( oid NAME 'dnsRRType' SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 SINGLE-VALUE ) attributetype ( oid NAME 'dnsRRData' SYNTAX 1.3.6.1.4.1.1466.115.121.1.6 SINGLE-VALUE ) objectclass ( oid NAME 'dnsGenericRecord' DESC 'DNS Generic Record Type' SUP dnsResourceRecord AUXILIARY MUST ( dnsRRType $ dnsRRData ) ) # eof dns.schema schema/freeradius.schema000064400000000000000000000327661223445131100156410ustar00rootroot00000000000000# This is a LDAPv3 schema for RADIUS attributes. # Tested on OpenLDAP 2.0.7 # Posted by Javier Fernandez-Sanguino Pena # LDAP v3 version by Jochen Friedrich # Updates by Adrian Pavlykevych ############## attributetype ( 1.3.6.1.4.1.3317.4.3.1.1 NAME 'radiusArapFeatures' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.2 NAME 'radiusArapSecurity' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.3 NAME 'radiusArapZoneAccess' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.44 NAME 'radiusAuthType' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.4 NAME 'radiusCallbackId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.5 NAME 'radiusCallbackNumber' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.6 NAME 'radiusCalledStationId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.7 NAME 'radiusCallingStationId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.8 NAME 'radiusClass' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.45 NAME 'radiusClientIPAddress' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.9 NAME 'radiusFilterId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.10 NAME 'radiusFramedAppleTalkLink' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.11 NAME 'radiusFramedAppleTalkNetwork' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.12 NAME 'radiusFramedAppleTalkZone' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.13 NAME 'radiusFramedCompression' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.14 NAME 'radiusFramedIPAddress' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.15 NAME 'radiusFramedIPNetmask' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.16 NAME 'radiusFramedIPXNetwork' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.17 NAME 'radiusFramedMTU' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.18 NAME 'radiusFramedProtocol' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.19 NAME 'radiusFramedRoute' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.20 NAME 'radiusFramedRouting' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.46 NAME 'radiusGroupName' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.47 NAME 'radiusHint' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.48 NAME 'radiusHuntgroupName' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.21 NAME 'radiusIdleTimeout' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.22 NAME 'radiusLoginIPHost' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.23 NAME 'radiusLoginLATGroup' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.24 NAME 'radiusLoginLATNode' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.25 NAME 'radiusLoginLATPort' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.26 NAME 'radiusLoginLATService' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.27 NAME 'radiusLoginService' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.28 NAME 'radiusLoginTCPPort' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.29 NAME 'radiusPasswordRetry' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.30 NAME 'radiusPortLimit' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.49 NAME 'radiusProfileDn' DESC '' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.31 NAME 'radiusPrompt' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.50 NAME 'radiusProxyToRealm' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.51 NAME 'radiusReplicateToRealm' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.52 NAME 'radiusRealm' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.32 NAME 'radiusServiceType' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.33 NAME 'radiusSessionTimeout' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.34 NAME 'radiusTerminationAction' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.35 NAME 'radiusTunnelAssignmentId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.36 NAME 'radiusTunnelMediumType' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.37 NAME 'radiusTunnelPassword' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.38 NAME 'radiusTunnelPreference' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.39 NAME 'radiusTunnelPrivateGroupId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.40 NAME 'radiusTunnelServerEndpoint' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.41 NAME 'radiusTunnelType' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.42 NAME 'radiusVSA' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.43 NAME 'radiusTunnelClientEndpoint' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) #need to change asn1.id attributetype ( 1.3.6.1.4.1.3317.4.3.1.53 NAME 'radiusSimultaneousUse' DESC '' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.54 NAME 'radiusLoginTime' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.55 NAME 'radiusUserCategory' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.56 NAME 'radiusStripUserName' DESC '' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.57 NAME 'dialupAccess' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.58 NAME 'radiusExpiration' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.59 NAME 'radiusCheckItem' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.60 NAME 'radiusReplyItem' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.61 NAME 'radiusNASIpAddress' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.3317.4.3.1.62 NAME 'radiusReplyMessage' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) objectclass ( 1.3.6.1.4.1.3317.4.3.2.1 NAME 'radiusprofile' SUP top AUXILIARY DESC '' MUST cn MAY ( radiusArapFeatures $ radiusArapSecurity $ radiusArapZoneAccess $ radiusAuthType $ radiusCallbackId $ radiusCallbackNumber $ radiusCalledStationId $ radiusCallingStationId $ radiusClass $ radiusClientIPAddress $ radiusFilterId $ radiusFramedAppleTalkLink $ radiusFramedAppleTalkNetwork $ radiusFramedAppleTalkZone $ radiusFramedCompression $ radiusFramedIPAddress $ radiusFramedIPNetmask $ radiusFramedIPXNetwork $ radiusFramedMTU $ radiusFramedProtocol $ radiusCheckItem $ radiusReplyItem $ radiusFramedRoute $ radiusFramedRouting $ radiusIdleTimeout $ radiusGroupName $ radiusHint $ radiusHuntgroupName $ radiusLoginIPHost $ radiusLoginLATGroup $ radiusLoginLATNode $ radiusLoginLATPort $ radiusLoginLATService $ radiusLoginService $ radiusLoginTCPPort $ radiusLoginTime $ radiusPasswordRetry $ radiusPortLimit $ radiusPrompt $ radiusProxyToRealm $ radiusRealm $ radiusReplicateToRealm $ radiusServiceType $ radiusSessionTimeout $ radiusStripUserName $ radiusTerminationAction $ radiusTunnelClientEndpoint $ radiusProfileDn $ radiusSimultaneousUse $ radiusTunnelAssignmentId $ radiusTunnelMediumType $ radiusTunnelPassword $ radiusTunnelPreference $ radiusTunnelPrivateGroupId $ radiusTunnelServerEndpoint $ radiusTunnelType $ radiusUserCategory $ radiusVSA $ radiusExpiration $ dialupAccess $ radiusNASIpAddress $ radiusReplyMessage ) ) objectclass ( 1.3.6.1.4.1.3317.4.3.2.2 NAME 'radiusObjectProfile' SUP top STRUCTURAL DESC 'A Container Objectclass to be used for creating radius profile object' MUST cn MAY ( uid $ userPassword $ description ) ) schema/kerberosobject.schema000064400000000000000000000006301223445131100164740ustar00rootroot00000000000000# Depends upon core.schema and cosine.schema # OID Base is 1.3.6.1.4.1.2312.4 # # Attribute types are under 1.3.6.1.4.1.2312.4.1 # Object classes are under 1.3.6.1.4.1.2312.4.2 # Syntaxes are under 1.3.6.1.4.1.2312.4.3 # Attribute Type Definitions objectclass ( 1.3.6.1.4.1.2312.4.2.4 NAME 'kerberosSecurityObject' SUP top AUXILIARY DESC 'A uid with an associated Kerberos principal' MUST ( krbName ) ) schema/mull.schema000064400000000000000000000046761223445131100144600ustar00rootroot00000000000000 # mull.schema (Maaslandse Unix & Linux Laboratorium) # This schema file is experimental and may change # All OID's use the MULL PEN of 7081 as assigned by IANA # Version 20000920 # Thanks for the important imput and improvements goes to: # Laurent ARNAL # Netscape roaming Profiles # Kurt D. Zeilenga # Corrections and general remarks that brought me up to speed # with LDAP and the way OpenLDAP uses schema files and such. # This schema requires that the core schema is loaded # Used to store Netscape Roaming Profile information into OpenLDAP v2. # This stores the actual profile name into the database. attributeType ( 1.3.6.1.4.1.7081.1.1.1 NAME 'nsLIProfileName' DESC 'Store Netscape Roaming Profile name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # Used to store Netscape Roaming Profile information into OpenLDAP v2. attributeType ( 1.3.6.1.4.1.7081.1.1.2 NAME 'nsLIPrefs' DESC 'Store Netscape Roaming Profile preferences' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) # Used to store Netscape Roaming Profile information into OpenLDAP v2. attributeType ( 1.3.6.1.4.1.7081.1.1.3 NAME 'nsLIElementType' DESC '' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # Used to store Netscape Roaming Profile information into OpenLDAP v2. attributeType ( 1.3.6.1.4.1.7081.1.1.4 NAME 'nsLIData' DESC 'Store the actual data blocks' EQUALITY bitStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # Used to store Netscape Roaming Profile information into OpenLDAP v2. attributeType ( 1.3.6.1.4.1.7081.1.1.5 NAME 'nsLIVersion' DESC 'Store Netscape Roaming Profile version' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) # Used to store Netscape Roaming Profile information into OpenLDAP v2. # This is the base holder of the Roaming Profile and must be created before # you try to store information into the LDAP database. objectClass ( 1.3.6.1.4.1.7081.1.2.1 NAME 'nsLIProfile' DESC 'Base holder of the NetScape Roaming Profile' SUP top MUST ( objectClass $ nsLIProfileName ) MAY ( nsLIPrefs $ uid $ owner ) ) # Used to store Netscape Roaming Profile information into OpenLDAP v2. # This object class will store the actual data. objectClass ( 1.3.6.1.4.1.7081.1.2.2 NAME 'nsLIProfileElement' DESC 'Contains the actual Roaming Profile data' SUP top MUST ( objectClass $ nsLIElementType ) MAY ( owner $ nsLIData $ nsLIVersion ) ) # EOF schema/netscape-profile.schema000064400000000000000000000037021223445131100167340ustar00rootroot00000000000000# # An OpenLDAP schema for storing Netscape Roaming Profiles # # Version: 0.1 # Hacked up by: David E. Storey # Created: Sometime in Septmber, 2000 # Last Updated: December 1st, 2000 # # ns-core attributetype ( 2.16.840.1.113730.3.1.70 NAME 'serverRoot' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 2.16.840.1.113730.3.1.76 NAME 'serverHostName' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 2.16.840.1.113730.3.1.280 NAME 'nsServerPort' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) # ns-mcd-li # Attributes attributetype ( 2.16.840.1.113730.3.1.399 NAME 'nsLIPtrURL' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 2.16.840.1.113730.3.1.400 NAME 'nsLIPrefs' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 2.16.840.1.113730.3.1.401 NAME 'nsLIProfileName' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 2.16.840.1.113730.3.1.402 NAME 'nsLIData' SYNTAX 1.3.6.1.4.1.1466.115.121.1.5 ) attributetype ( 2.16.840.1.113730.3.1.403 NAME 'nsLIElementType' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 2.16.840.1.113730.3.1.404 NAME 'nsLIServerType' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 2.16.840.1.113730.3.1.405 NAME 'nsLIVersion' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 ) # Objectclasses objectclass ( 2.16.840.1.113730.3.2.74 NAME 'nsLIPtr' SUP top AUXILIARY MAY ( nsLIPtrURL $ owner ) ) objectclass ( 2.16.840.1.113730.3.2.75 NAME 'nsLIProfile' SUP top STRUCTURAL MUST ( nsLIProfileName ) MAY ( nsLIPrefs $ uid $ owner ) ) objectclass ( 2.16.840.1.113730.3.2.76 NAME 'nsLIProfileElement' SUP top STRUCTURAL MUST ( nsLIElementType ) MAY ( owner $ nsLIData $ nsLIVersion ) ) objectclass ( 2.16.840.1.113730.3.2.77 NAME 'nsLIServer' SUP top AUXILIARY MUST ( serverHostName ) MAY ( description $ cn $ nsServerPort $ nsLIServerType $ serverRoot ) ) schema/qmail.schema000064400000000000000000000225431223445131100146030ustar00rootroot00000000000000# # qmail-ldap (20030901) ldapv3 directory schema # # The offical qmail-ldap OID assigned by IANA is 7914 # # Created by: David E. Storey # Modified and included into qmail-ldap by Andre Oppermann # Schema fixes by Mike Jackson # Schema fixes by Christian Zoffoli (XMerlin) # # # This schema depends on: # - core.schema # - cosine.schema # - nis.schema # # Attribute Type Definitions attributetype ( 1.3.6.1.4.1.7914.1.2.1.1 NAME 'qmailUID' DESC 'UID of the user on the mailsystem' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7914.1.2.1.2 NAME 'qmailGID' DESC 'GID of the user on the mailsystem' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7914.1.2.1.3 NAME 'mailMessageStore' DESC 'Path to the maildir/mbox on the mail system' EQUALITY caseExactIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7914.1.2.1.4 NAME 'mailAlternateAddress' DESC 'Secondary (alias) mailaddresses for the same user' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # # mailQuota format is no longer supported from qmail-ldap 20030901 on, # user mailQuotaSize and mailQuotaCount instead. # #attributetype ( 1.3.6.1.4.1.7914.1.2.1.5 NAME 'mailQuota' # DESC 'The amount of space the user can use until all further messages get bounced.' # SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 SINGLE-VALUE ) # attributetype ( 1.3.6.1.4.1.7914.1.2.1.6 NAME 'mailHost' DESC 'On which qmail server the messagestore of this user is located.' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE) attributetype ( 1.3.6.1.4.1.7914.1.2.1.7 NAME 'mailForwardingAddress' DESC 'Address(es) to forward all incoming messages to.' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) attributetype ( 1.3.6.1.4.1.7914.1.2.1.8 NAME 'deliveryProgramPath' DESC 'Program to execute for all incoming mails.' EQUALITY caseExactIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) attributetype ( 1.3.6.1.4.1.7914.1.2.1.9 NAME 'qmailDotMode' DESC 'Interpretation of .qmail files: both, dotonly, ldaponly, ldapwithprog' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7914.1.2.1.10 NAME 'deliveryMode' DESC 'multi field entries of: nolocal, noforward, noprogram, reply' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} ) attributetype ( 1.3.6.1.4.1.7914.1.2.1.11 NAME 'mailReplyText' DESC 'A reply text for every incoming message' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{4096} SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7914.1.2.1.12 NAME 'accountStatus' DESC 'The status of a user account: active, noaccess, disabled, deleted' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7914.1.2.1.14 NAME 'qmailAccountPurge' DESC 'The earliest date when a mailMessageStore will be purged' EQUALITY numericStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.36 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7914.1.2.1.15 NAME 'mailQuotaSize' DESC 'The size of space the user can have until further messages get bounced.' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7914.1.2.1.16 NAME 'mailQuotaCount' DESC 'The number of messages the user can have until further messages get bounced.' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7914.1.2.1.17 NAME 'mailSizeMax' DESC 'The maximum size of a single messages the user accepts.' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) # # qmailGroup attributes # attributetype ( 1.3.6.1.4.1.7914.1.3.1.1 NAME 'dnmember' DESC 'Group member specified as distinguished name.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributetype ( 1.3.6.1.4.1.7914.1.3.1.2 NAME 'rfc822member' DESC 'Group member specified as normal rf822 email address.' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) attributetype ( 1.3.6.1.4.1.7914.1.3.1.3 NAME 'filtermember' DESC 'Group member specified as ldap search filter.' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} ) attributetype ( 1.3.6.1.4.1.7914.1.3.1.4 NAME 'senderconfirm' DESC 'Sender to Group has to answer confirmation email.' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7914.1.3.1.5 NAME 'membersonly' DESC 'Sender to Group must be group member itself.' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7914.1.3.1.6 NAME 'confirmtext' DESC 'Text that will be sent with sender confirmation email.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{4096} SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7914.1.3.1.7 NAME 'dnmoderator' DESC 'Group moderator specified as Distinguished name.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributetype ( 1.3.6.1.4.1.7914.1.3.1.8 NAME 'rfc822moderator' DESC 'Group moderator specified as normal rfc822 email address.' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) attributetype ( 1.3.6.1.4.1.7914.1.3.1.9 NAME 'moderatortext' DESC 'Text that will be sent with request for moderation email.' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{4096} SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7914.1.3.1.10 NAME 'dnsender' DESC 'Allowed sender specified as distinguished name.' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributetype ( 1.3.6.1.4.1.7914.1.3.1.11 NAME 'rfc822sender' DESC 'Allowed sender specified as normal rf822 email address.' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) attributetype ( 1.3.6.1.4.1.7914.1.3.1.12 NAME 'filtersender' DESC 'Allowed sender specified as ldap search filter.' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{512} ) # # qldapAdmin Attributes # attributetype ( 1.3.6.1.4.1.7914.1.4.1.1 NAME 'qladnmanager' DESC '' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) attributetype ( 1.3.6.1.4.1.7914.1.4.1.2 NAME 'qlaDomainList' DESC '' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) attributetype ( 1.3.6.1.4.1.7914.1.4.1.3 NAME 'qlaUidPrefix' DESC '' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7914.1.4.1.4 NAME 'qlaQmailUid' DESC '' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7914.1.4.1.5 NAME 'qlaQmailGid' DESC '' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7914.1.4.1.6 NAME 'qlaMailMStorePrefix' DESC '' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7914.1.4.1.7 NAME 'qlaMailQuotaSize' DESC '' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7914.1.4.1.8 NAME 'qlaMailQuotaCount' DESC '' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7914.1.4.1.9 NAME 'qlaMailSizeMax' DESC '' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7914.1.4.1.10 NAME 'qlaMailHostList' DESC '' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} ) # Object Class Definitions objectclass ( 1.3.6.1.4.1.7914.1.2.2.1 NAME 'qmailUser' DESC 'QMail-LDAP User' SUP top AUXILIARY MUST ( mail ) MAY ( uid $ mailMessageStore $ homeDirectory $ userPassword $ mailAlternateAddress $ qmailUID $ qmailGID $ mailHost $ mailForwardingAddress $ deliveryProgramPath $ qmailDotMode $ deliveryMode $ mailReplyText $ accountStatus $ qmailAccountPurge $ mailQuotaSize $ mailQuotaCount $ mailSizeMax ) ) objectclass ( 1.3.6.1.4.1.7914.1.3.2.1 NAME 'qmailGroup' DESC 'QMail-LDAP Group' SUP top AUXILIARY MUST ( mail $ mailAlternateAddress $ mailMessageStore ) MAY ( dnmember $ rfc822member $ filtermember $ senderconfirm $ membersonly $ confirmtext $ dnmoderator $ rfc822moderator $ moderatortext $ dnsender $ rfc822sender $ filtersender) ) objectclass ( 1.3.6.1.4.1.7914.1.4.2.1 NAME 'qldapAdmin' DESC 'QMail-LDAP Subtree Admin' SUP top AUXILIARY MUST ( qlaDnManager $ qlaDomainList $ qlaMailMStorePrefix $ qlaMailHostList ) MAY ( qlaUidPrefix $ qlaQmailUid $ qlaQmailGid $ qlaMailQuotaSize $ qlaMailQuotaCount $ qlaMailSizeMax ) ) schema/qmailControl.schema000064400000000000000000000244641223445131100161500ustar00rootroot00000000000000# Attributes that are qmail specific attributetype ( 1.3.6.1.4.1.7006.1.2.1.13 NAME 'badMailFrom' DESC 'Unacceptable envelope sender addresses.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.14 NAME 'bounceFrom' DESC 'Bounce username' SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.15 NAME 'bounceHost' DESC 'Bounce host' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.16 NAME 'concurrencyLocal' DESC 'Maximum number of simultaneous local delivery attempts.' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.17 NAME 'concurrencyRemote' DESC 'Maximum number of simultaneous remote delivery attempts.' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.18 NAME 'defaultDomain' DESC 'Default domain name.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.19 NAME 'defaultHost' DESC 'Default host name.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.20 NAME 'dataBytes' DESC 'Maximum number of bytes allowed in a message, or 0 for no limit.' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.21 NAME 'doubleBounceHost' DESC 'Double-bounce host.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.22 NAME 'doubleBounceTo' DESC 'User to receive double-bounces.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.23 NAME 'envNoAtHost' DESC 'Presumed domain name for addresses without @ signs.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.24 NAME 'heloHost' DESC 'Host name used to say hello to the remote SMTP server.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.25 NAME 'idHost' DESC 'Host name for Message-IDs.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.26 NAME 'localIpHost' DESC 'Replacement host name for local IP addresses.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.27 NAME 'locals' DESC 'List of domain names that the current host receives mail for.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.28 NAME 'moreRcptHosts' DESC 'Extra allowed RCPT domains.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.29 NAME 'percentHack' DESC 'List of domain names where the percent hack is applied.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.30 NAME 'plusDomain' DESC 'Plus domain name.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.31 NAME 'qmqpServers' DESC 'IP addresses of QMQP servers.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.32 NAME 'queueLifetime' DESC 'Number of seconds a message can stay in the queue.' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.33 NAME 'rcptHosts' DESC 'Allowed RCPT domains.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.34 NAME 'smtpGreeting' DESC 'SMTP greeting message.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.35 NAME 'smtpRoutes' DESC 'Artificial SMTP routes.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.36 NAME 'timeoutConnect' DESC 'Number of seconds qmail-remote will wait for the remote SMTP server to accept a connection.' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.37 NAME 'timeoutRemote' DESC 'Number of seconds qmail-remote will wait for each response from the remote SMTP server.' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.38 NAME 'timeoutSmtpd' DESC 'Timeout for each new buffer of data from the remote SMTP client.' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.39 NAME 'virtualDomains' DESC 'List of virtual users or domains.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) # Attributes from qmail-ldap attributetype ( 1.3.6.1.4.1.7006.1.2.1.40 NAME 'ldapBaseDN' DESC 'The base DN from where the search in the LDAP tree begins.' EQUALITY caseIgnoreIA5Match SUP distinguishedName SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.41 NAME 'ldapLogin' DESC 'Username for the LDAP server connection.' EQUALITY caseIgnoreIA5Match SUP distinguishedName SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.42 NAME 'ldapPassword' DESC 'Password for the LDAP server connection.' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.43 NAME 'ldapLocalDelivery' DESC 'If on do a lookup on the local passwd file.' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.44 NAME 'ldapRebind' DESC 'Use the possibility of rebinding to the ldap-server to compare pop3 and imap passwords.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.45 NAME 'ldapCluster' DESC 'Turn clustering on and off.' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.46 NAME 'ldapDefaultQuota' DESC 'The default amount of disk space the user can use.' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.47 NAME 'ldapDefaultDotMode' DESC 'The default interpretation of .qmail files' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.48 NAME 'ldapMessageStore' DESC 'The default prefix for pathes in mailMessageStore.' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.49 NAME 'ldapUid' DESC 'The default UID used in virtual users environments.' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.50 NAME 'ldapGid' DESC 'The default GID used in virtual users environments.' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.51 NAME 'customBounceText' DESC 'Additional custom text in bounce messages.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.52 NAME 'quotaWarning' DESC 'Custom text in quota warning message.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1024} SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.53 NAME 'tarpitCount' DESC 'Number of RCPT TOs you accept before you start tarpitting.' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.54 NAME 'tarpitDelay' DESC 'Number of seconds of delay to introduce after each subsequent RCPT TO' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.55 NAME 'badRcptTo' DESC 'List of recipient addresses that should be rejected.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.56 NAME 'dirMaker' DESC 'Absolute path to your program/script that creates missing homedirs.' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7006.1.2.1.57 NAME 'ldapServer' DESC 'LDAP Server address.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) # Attributes from TLS attributetype ( 1.3.6.1.4.1.7006.1.2.1.58 NAME 'tlsClients' DESC 'This email-address is logged in the headers.' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) # Support for this have to be coded first #attributetype ( 1.3.6.1.4.1.7006.1.2.1.59 NAME 'certificateFile' # DESC 'Path to the cert.pem file.' # EQUALITY caseExactIA5Match # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) # -> Example: /var/qmail/control/cert.pem # #attributetype ( 1.3.6.1.4.1.7006.1.2.1.60 NAME 'certificateFile' # DESC 'Path to the cert.pem file.' # EQUALITY caseExactIA5Match # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) # -> Example: /var/qmail/control/rsa512.pem # #attributetype ( 1.3.6.1.4.1.7006.1.2.1.61 NAME 'clientCAFile' # DESC 'Path to the certificate CA list file.' # EQUALITY caseExactIA5Match # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) # -> Example: /var/qmail/control/clientca.pem # # Object Class Definitions objectclass ( 1.3.6.1.4.1.7006.1.2.2.2 NAME 'qmailControl' DESC 'QMail-LDAP Server Control Information' SUP top AUXILIARY MUST cn MAY ( badMailFrom $ bounceFrom $ bounceHost $ concurrencyLocal $ concurrencyRemote $ defaultDomain $ defaultHost $ dataBytes $ doubleBounceHost $ doubleBounceTo $ envNoAtHost $ heloHost $ idHost $ localIpHost $ locals $ moreRcptHosts $ percentHack $ plusDomain $ qmqpServers $ queueLifetime $ rcptHosts $ smtpGreeting $ smtpRoutes $ timeoutConnect $ timeoutRemote $ timeoutSmtpd $ virtualDomains $ ldapBaseDN $ ldapLogin $ ldapPassword $ ldapLocalDelivery $ ldapRebind $ ldapCluster $ ldapDefaultQuota $ ldapDefaultDotMode $ ldapMessageStore $ ldapUid $ ldapGid $ customBounceText $ quotaWarning $ tarpitCount $ tarpitDelay $ badRcptTo $ dirMaker $ ldapServer $ tlsClients ) ) schema/rfc822-MailMember.schema000064400000000000000000000006011223445131100165050ustar00rootroot00000000000000attributetype ( 1.3.6.1.4.1.42.2.27.2.1.15 NAME 'rfc822MailMember' DESC 'rfc822 mail address of group member(s)' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) objectclass ( 1.3.6.1.4.1.42.2.27.1.2.5 NAME 'nisMailAlias' SUP top STRUCTURAL DESC 'NIS mail alias' MUST cn MAY rfc822MailMember ) schema/samba2.schema000064400000000000000000000103521223445131100146400ustar00rootroot00000000000000## ## schema file for OpenLDAP 2.0.x ## Schema for storing Samba's smbpasswd file in LDAP ## OIDs are owned by the Samba Team ## ## Prerequisite schemas - uid (cosine.schema) ## - displayName (inetorgperson.schema) ## ## 1.3.6.1.4.1.7165.2.1.x - attributetypes ## 1.3.6.1.4.1.7165.2.2.x - objectclasses ## ## ## Password hashes ## attributetype ( 1.3.6.1.4.1.7165.2.1.1 NAME 'lmPassword' DESC 'LanManager Passwd' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.2 NAME 'ntPassword' DESC 'NT Passwd' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) ## ## Account flags in string format ([UWDX ]) ## attributetype ( 1.3.6.1.4.1.7165.2.1.4 NAME 'acctFlags' DESC 'Account Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE ) ## ## Password timestamps & policies ## attributetype ( 1.3.6.1.4.1.7165.2.1.3 NAME 'pwdLastSet' DESC 'NT pwdLastSet' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.5 NAME 'logonTime' DESC 'NT logonTime' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.6 NAME 'logoffTime' DESC 'NT logoffTime' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.7 NAME 'kickoffTime' DESC 'NT kickoffTime' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.8 NAME 'pwdCanChange' DESC 'NT pwdCanChange' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.9 NAME 'pwdMustChange' DESC 'NT pwdMustChange' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) ## ## string settings ## attributetype ( 1.3.6.1.4.1.7165.2.1.10 NAME 'homeDrive' DESC 'NT homeDrive' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.11 NAME 'scriptPath' DESC 'NT scriptPath' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.12 NAME 'profilePath' DESC 'NT profilePath' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.13 NAME 'userWorkstations' DESC 'userWorkstations' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.17 NAME 'smbHome' DESC 'smbHome' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) attributetype ( 1.3.6.1.4.1.7165.2.1.18 NAME 'domain' DESC 'Windows NT domain to which the user belongs' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) ## ## user and group RID ## attributetype ( 1.3.6.1.4.1.7165.2.1.14 NAME 'rid' DESC 'NT rid' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID' DESC 'NT Group RID' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) ## ## The smbPasswordEntry objectclass has been depreciated in favor of the ## sambaAccount objectclass ## #objectclass ( 1.3.1.5.1.4.1.7165.2.2.1 NAME 'smbPasswordEntry' SUP top AUXILIARY # DESC 'Samba smbpasswd entry' # MUST ( uid $ uidNumber ) # MAY ( lmPassword $ ntPassword $ pwdLastSet $ acctFlags )) objectclass ( 1.3.1.5.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL DESC 'Samba Account' MUST ( uid $ rid ) MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $ logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $ displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $ description $ userWorkstations $ primaryGroupID $ domain )) ## ## Used for Winbind experimentation ## objectclass ( 1.3.1.5.1.4.1.7165.1.2.2.3 NAME 'uidPool' SUP top AUXILIARY DESC 'Pool for allocating UNIX uids' MUST ( uidNumber $ cn ) ) objectclass ( 1.3.1.5.1.4.1.7165.1.2.2.4 NAME 'gidPool' SUP top AUXILIARY DESC 'Pool for allocating UNIX gids' MUST ( gidNumber $ cn ) ) schema/samba3.schema000064400000000000000000000457401223445131100146520ustar00rootroot00000000000000## ## schema file for OpenLDAP 2.x ## Schema for storing Samba user accounts and group maps in LDAP ## OIDs are owned by the Samba Team ## ## Prerequisite schemas - uid (cosine.schema) ## - displayName (inetorgperson.schema) ## - gidNumber (nis.schema) ## ## 1.3.6.1.4.1.7165.2.1.x - attributetypes ## 1.3.6.1.4.1.7165.2.2.x - objectclasses ## ## Printer support ## 1.3.6.1.4.1.7165.2.3.1.x - attributetypes ## 1.3.6.1.4.1.7165.2.3.2.x - objectclasses ## ## Samba4 ## 1.3.6.1.4.1.7165.4.1.x - attributetypes ## 1.3.6.1.4.1.7165.4.2.x - objectclasses ## 1.3.6.1.4.1.7165.4.3.x - LDB/LDAP Controls ## 1.3.6.1.4.1.7165.4.4.x - LDB/LDAP Extended Operations ## 1.3.6.1.4.1.7165.4.255.x - mapped OIDs due to conflicts between AD and standards-track ## ## ----- READ THIS WHEN ADDING A NEW ATTRIBUTE OR OBJECT CLASS ------ ## ## Run the 'get_next_oid' bash script in this directory to find the ## next available OID for attribute type and object classes. ## ## $ ./get_next_oid ## attributetype ( 1.3.6.1.4.1.7165.2.1.XX NAME .... ## objectclass ( 1.3.6.1.4.1.7165.2.2.XX NAME .... ## ## Also ensure that new entries adhere to the declaration style ## used throughout this file ## ## ( 1.3.6.1.4.1.7165.2.XX.XX NAME .... ## ^ ^ ^ ## ## The spaces are required for the get_next_oid script (and for ## readability). ## ## ------------------------------------------------------------------ # objectIdentifier SambaRoot 1.3.6.1.4.1.7165 # objectIdentifier Samba3 SambaRoot:2 # objectIdentifier Samba3Attrib Samba3:1 # objectIdentifier Samba3ObjectClass Samba3:2 # objectIdentifier Samba4 SambaRoot:4 ######################################################################## ## HISTORICAL ## ######################################################################## ## ## Password hashes ## #attributetype ( 1.3.6.1.4.1.7165.2.1.1 NAME 'lmPassword' # DESC 'LanManager Passwd' # EQUALITY caseIgnoreIA5Match # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) #attributetype ( 1.3.6.1.4.1.7165.2.1.2 NAME 'ntPassword' # DESC 'NT Passwd' # EQUALITY caseIgnoreIA5Match # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) ## ## Account flags in string format ([UWDX ]) ## #attributetype ( 1.3.6.1.4.1.7165.2.1.4 NAME 'acctFlags' # DESC 'Account Flags' # EQUALITY caseIgnoreIA5Match # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE ) ## ## Password timestamps & policies ## #attributetype ( 1.3.6.1.4.1.7165.2.1.3 NAME 'pwdLastSet' # DESC 'NT pwdLastSet' # EQUALITY integerMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) #attributetype ( 1.3.6.1.4.1.7165.2.1.5 NAME 'logonTime' # DESC 'NT logonTime' # EQUALITY integerMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) #attributetype ( 1.3.6.1.4.1.7165.2.1.6 NAME 'logoffTime' # DESC 'NT logoffTime' # EQUALITY integerMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) #attributetype ( 1.3.6.1.4.1.7165.2.1.7 NAME 'kickoffTime' # DESC 'NT kickoffTime' # EQUALITY integerMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) #attributetype ( 1.3.6.1.4.1.7165.2.1.8 NAME 'pwdCanChange' # DESC 'NT pwdCanChange' # EQUALITY integerMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) #attributetype ( 1.3.6.1.4.1.7165.2.1.9 NAME 'pwdMustChange' # DESC 'NT pwdMustChange' # EQUALITY integerMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) ## ## string settings ## #attributetype ( 1.3.6.1.4.1.7165.2.1.10 NAME 'homeDrive' # DESC 'NT homeDrive' # EQUALITY caseIgnoreIA5Match # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE ) #attributetype ( 1.3.6.1.4.1.7165.2.1.11 NAME 'scriptPath' # DESC 'NT scriptPath' # EQUALITY caseIgnoreIA5Match # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE ) #attributetype ( 1.3.6.1.4.1.7165.2.1.12 NAME 'profilePath' # DESC 'NT profilePath' # EQUALITY caseIgnoreIA5Match # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE ) #attributetype ( 1.3.6.1.4.1.7165.2.1.13 NAME 'userWorkstations' # DESC 'userWorkstations' # EQUALITY caseIgnoreIA5Match # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE ) #attributetype ( 1.3.6.1.4.1.7165.2.1.17 NAME 'smbHome' # DESC 'smbHome' # EQUALITY caseIgnoreIA5Match # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) #attributetype ( 1.3.6.1.4.1.7165.2.1.18 NAME 'domain' # DESC 'Windows NT domain to which the user belongs' # EQUALITY caseIgnoreIA5Match # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} ) ## ## user and group RID ## #attributetype ( 1.3.6.1.4.1.7165.2.1.14 NAME 'rid' # DESC 'NT rid' # EQUALITY integerMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) #attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID' # DESC 'NT Group RID' # EQUALITY integerMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) ## ## The smbPasswordEntry objectclass has been depreciated in favor of the ## sambaAccount objectclass ## #objectclass ( 1.3.6.1.4.1.7165.2.2.1 NAME 'smbPasswordEntry' SUP top AUXILIARY # DESC 'Samba smbpasswd entry' # MUST ( uid $ uidNumber ) # MAY ( lmPassword $ ntPassword $ pwdLastSet $ acctFlags )) #objectclass ( 1.3.6.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL # DESC 'Samba Account' # MUST ( uid $ rid ) # MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $ # logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $ # displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $ # description $ userWorkstations $ primaryGroupID $ domain )) #objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY # DESC 'Samba Auxiliary Account' # MUST ( uid $ rid ) # MAY ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $ # logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $ # displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $ # description $ userWorkstations $ primaryGroupID $ domain )) ######################################################################## ## END OF HISTORICAL ## ######################################################################## ####################################################################### ## Attributes used by Samba 3.0 schema ## ####################################################################### ## ## Password hashes ## attributetype ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC 'LanManager Password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC 'MD4 hash of the unicode password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE ) ## ## Account flags in string format ([UWDX ]) ## attributetype ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC 'Account Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE ) ## ## Password timestamps & policies ## attributetype ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' DESC 'Timestamp of the last password update' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange' DESC 'Timestamp of when the user is allowed to update the password' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' DESC 'Timestamp of when the password will expire' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime' DESC 'Timestamp of last logon' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' DESC 'Timestamp of last logoff' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' DESC 'Timestamp of when the user will be logged off automatically' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount' DESC 'Bad password attempt count' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime' DESC 'Time of the last bad password attempt' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' DESC 'Logon Hours' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42} SINGLE-VALUE ) ## ## string settings ## attributetype ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' DESC 'Driver letter of home directory mapping' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript' DESC 'Logon script path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' DESC 'Roaming profile path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations' DESC 'List of user workstations the user is allowed to logon to' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath' DESC 'Home directory UNC path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) attributetype ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' DESC 'Windows NT domain to which the user belongs' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) attributetype ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' DESC 'Base64 encoded user parameter string' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) attributetype ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' DESC 'Concatenated MD5 hashes of the salted NT passwords used on this account' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} ) ## ## SID, of any type ## attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Security ID' EQUALITY caseIgnoreIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) ## ## Primary group SID, compatible with ntSid ## attributetype ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID' DESC 'Primary Group Security ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList' DESC 'Security ID List' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} ) ## ## group mapping attributes ## attributetype ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' DESC 'NT Group Type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) ## ## Store info on the domain ## attributetype ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid' DESC 'Next NT rid to give our for users' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid' DESC 'Next NT rid to give out for groups' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid' DESC 'Next NT rid to give out for anything' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase' DESC 'Base at which the samba RID generation algorithm should operate' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName' DESC 'Share Name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName' DESC 'Option Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} ) attributetype ( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption' DESC 'A boolean option' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption' DESC 'An integer option' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption' DESC 'A string option' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption' DESC 'A string list option' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) ##attributetype ( 1.3.6.1.4.1.7165.2.1.50 NAME 'sambaPrivName' ## SUP name ) ##attributetype ( 1.3.6.1.4.1.7165.2.1.52 NAME 'sambaPrivilegeList' ## DESC 'Privileges List' ## EQUALITY caseIgnoreIA5Match ## SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} ) attributetype ( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags' DESC 'Trust Password Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) # "min password length" attributetype ( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength' DESC 'Minimal password length (default: 5)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) # "password history" attributetype ( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength' DESC 'Length of Password History Entries (default: 0 => off)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) # "user must logon to change password" attributetype ( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd' DESC 'Force Users to logon for password change (default: 0 => off, 2 => on)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) # "maximum password age" attributetype ( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge' DESC 'Maximum password age, in seconds (default: -1 => never expire passwords)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) # "minimum password age" attributetype ( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge' DESC 'Minimum password age, in seconds (default: 0 => allow immediate password change)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) # "lockout duration" attributetype ( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration' DESC 'Lockout duration in minutes (default: 30, -1 => forever)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) # "reset count minutes" attributetype ( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservationWindow' DESC 'Reset time after lockout in minutes (default: 30)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) # "bad lockout attempt" attributetype ( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold' DESC 'Lockout users after bad logon attempts (default: 0 => off)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) # "disconnect time" attributetype ( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff' DESC 'Disconnect Users outside logon hours (default: -1 => off, 0 => on)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) # "refuse machine password change" attributetype ( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange' DESC 'Allow Machine Password changes (default: 0 => off)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) ####################################################################### ## objectClasses used by Samba 3.0 schema ## ####################################################################### ## The X.500 data model (and therefore LDAPv3) says that each entry can ## only have one structural objectclass. OpenLDAP 2.0 does not enforce ## this currently but will in v2.1 ## ## added new objectclass (and OID) for 3.0 to help us deal with backwards ## compatibility with 2.2 installations (e.g. ldapsam_compat) --jerry ## objectclass ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY DESC 'Samba 3.0 Auxilary SAM Account' MUST ( uid $ sambaSID ) MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $ displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $ sambaProfilePath $ description $ sambaUserWorkstations $ sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $ sambaBadPasswordCount $ sambaBadPasswordTime $ sambaPasswordHistory $ sambaLogonHours)) ## ## Group mapping info ## objectclass ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY DESC 'Samba Group Mapping' MUST ( gidNumber $ sambaSID $ sambaGroupType ) MAY ( displayName $ description $ sambaSIDList )) ## ## Trust password for trust relationships (any kind) ## objectclass ( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' SUP top STRUCTURAL DESC 'Samba Trust Password' MUST ( sambaDomainName $ sambaNTPassword $ sambaTrustFlags ) MAY ( sambaSID $ sambaPwdLastSet )) ## ## Whole-of-domain info ## objectclass ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL DESC 'Samba Domain Information' MUST ( sambaDomainName $ sambaSID ) MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithmicRidBase $ sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd $ sambaMaxPwdAge $ sambaMinPwdAge $ sambaLockoutDuration $ sambaLockoutObservationWindow $ sambaLockoutThreshold $ sambaForceLogoff $ sambaRefuseMachinePwdChange )) ## ## used for idmap_ldap module ## objectclass ( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' SUP top AUXILIARY DESC 'Pool for allocating UNIX uids/gids' MUST ( uidNumber $ gidNumber ) ) objectclass ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' SUP top AUXILIARY DESC 'Mapping from a SID to an ID' MUST ( sambaSID ) MAY ( uidNumber $ gidNumber ) ) objectclass ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' SUP top STRUCTURAL DESC 'Structural Class for a SID' MUST ( sambaSID ) ) objectclass ( 1.3.6.1.4.1.7165.2.2.10 NAME 'sambaConfig' SUP top AUXILIARY DESC 'Samba Configuration Section' MAY ( description ) ) objectclass ( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' SUP top STRUCTURAL DESC 'Samba Share Section' MUST ( sambaShareName ) MAY ( description ) ) objectclass ( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' SUP top STRUCTURAL DESC 'Samba Configuration Option' MUST ( sambaOptionName ) MAY ( sambaBoolOption $ sambaIntegerOption $ sambaStringOption $ sambaStringListoption $ description ) ) ## retired during privilege rewrite ##objectclass ( 1.3.6.1.4.1.7165.2.2.13 NAME 'sambaPrivilege' SUP top AUXILIARY ## DESC 'Samba Privilege' ## MUST ( sambaSID ) ## MAY ( sambaPrivilegeList ) ) schema/trust.schema000064400000000000000000000014341223445131100146550ustar00rootroot00000000000000# this file goes into /etc/openldap/schema or into your schema directory for your LDAP v3 server # make sure you have it, otherwise, Directory administrator will complain when changing user accounts # unless you don't do schema checking attributetype ( 5.3.6.1.1.1.1.0 NAME 'trustModel' DESC 'Access scheme' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 5.3.6.1.1.1.1.1 NAME 'accessTo' DESC 'Access to which servers user is allowed' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) objectclass ( 5.3.6.1.1.1.2.0 NAME 'trustAccount' SUP top AUXILIARY DESC 'Sets trust accounts information' MUST ( trustModel ) MAY ( accessTo ) ) schema/turbo.schema000064400000000000000000000011771223445131100146330ustar00rootroot00000000000000attributetype ( 1.3.6.1.4.1.8767.1.1.1 NAME 'clearTextPassword' DESC 'Password in cleartext format' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) # ----------------------------------------- objectclass ( 1.3.6.1.4.1.8767.2.1.1 NAME 'extraPosixAccount' DESC 'Extra account information' MAY clearTextPassword ) objectclass ( 1.3.6.1.4.1.8767.2.1.2 NAME 'mailRecipient' DESC 'Internet local mail recipient' MAY ( mail $ mailHost $ mailForwardingAddress $ mailAlternateAddress $ mailQuota $ deliveryMode $ deliveryProgramPath $ mailReplyText $ accountStatus $ mailMessageStore ) )