mail us  |  mail this page

contact us
training  | 
tech stuff  | 

Appendix E: Samba samba3.schema

This schema is released with a standard Samba 3.x distribution (in FreeBSD /usr/local/share/examples/samba/Ldap/samba.schema). This schema came with the standard FreeBSD port. From reading the documentation it appears some linux distros may have gotten their act together and renamed the schema as samba3.schema. (Note: we hacked out the old commented HISTORICAL Samaba 2.x section to avoid confusion).

##
## schema file for Samba 3.x
## Schema for storing Samba user accounts and group maps in LDAP
## OIDs are owned by the Samba Team
##
## Prerequisite schemas - uid         (cosine.schema)
##                      - displayName (inetorgperson.schema)
##                      - gidNumber   (nis.schema)
##
## 1.3.6.1.4.1.7165.2.1.x - attributetypes
## 1.3.6.1.4.1.7165.2.2.x - objectclasses
##

#######################################################################
##                Attributes used by Samba 3.0 schema                ##
#######################################################################

##
## Password hashes
##
 attributetype ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword'
	DESC 'LanManager Password'
	EQUALITY caseIgnoreIA5Match
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )

 attributetype ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword'
	DESC 'MD4 hash of the unicode password'
	EQUALITY caseIgnoreIA5Match
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )

##
## Account flags in string format ([UWDX     ])
##
 attributetype ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags'
	DESC 'Account Flags'
	EQUALITY caseIgnoreIA5Match
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )

##
## Password timestamps & policies
##
 attributetype ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet'
	DESC 'Timestamp of the last password update'
	EQUALITY integerMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )

 attributetype ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange'
	DESC 'Timestamp of when the user is allowed to update the password'
	EQUALITY integerMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )

 attributetype ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange'
	DESC 'Timestamp of when the password will expire'
	EQUALITY integerMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )

 attributetype ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime'
	DESC 'Timestamp of last logon'
	EQUALITY integerMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )

 attributetype ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime'
	DESC 'Timestamp of last logoff'
	EQUALITY integerMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )

 attributetype ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime'
	DESC 'Timestamp of when the user will be logged off automatically'
	EQUALITY integerMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )

 attributetype ( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount'
	DESC 'Bad password attempt count'
	EQUALITY integerMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )

 attributetype ( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime'
	DESC 'Time of the last bad password attempt'
	EQUALITY integerMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )


##
## string settings
##
 attributetype ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive'
	DESC 'Driver letter of home directory mapping'
	EQUALITY caseIgnoreIA5Match
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )

 attributetype ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript'
	DESC 'Logon script path'
	EQUALITY caseIgnoreMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )

 attributetype ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath'
	DESC 'Roaming profile path'
	EQUALITY caseIgnoreMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )

 attributetype ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations'
	DESC 'List of user workstations the user is allowed to logon to'
	EQUALITY caseIgnoreMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )

 attributetype ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath'
	DESC 'Home directory UNC path'
	EQUALITY caseIgnoreMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )

 attributetype ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName'
	DESC 'Windows NT domain to which the user belongs'
	EQUALITY caseIgnoreMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )

 attributetype ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial'
	DESC ''
	EQUALITY caseExactMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )

##
## SID, of any type
##

 attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID'
	DESC 'Security ID'
	EQUALITY caseIgnoreIA5Match
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )


##
## Primary group SID, compatible with ntSid
##

 attributetype ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID'
	DESC 'Primary Group Security ID'
	EQUALITY caseIgnoreIA5Match
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )

 attributetype ( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList'
	DESC 'Security ID List'
	EQUALITY caseIgnoreIA5Match
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} )

##
## group mapping attributes
##
 attributetype ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType'
	DESC 'NT Group Type'
	EQUALITY integerMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )

##
## Store info on the domain
##

 attributetype ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid'
	DESC 'Next NT rid to give our for users'
	EQUALITY integerMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )

 attributetype ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid'
	DESC 'Next NT rid to give out for groups'
	EQUALITY integerMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )

 attributetype ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid'
	DESC 'Next NT rid to give out for anything'
	EQUALITY integerMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )

 attributetype ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase'
	DESC 'Base at which the samba RID generation algorithm should operate'
	EQUALITY integerMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )


#######################################################################
##              objectClasses used by Samba 3.0 schema               ##
#######################################################################

## The X.500 data model (and therefore LDAPv3) says that each entry can
## only have one structural objectclass.  OpenLDAP 2.0 does not enforce
## this currently but will in v2.1

##
## added new objectclass (and OID) for 3.0 to help us deal with backwards
## compatibility with 2.2 installations (e.g. ldapsam_compat)  --jerry
##
 objectclass ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY
  DESC 'Samba 3.0 Auxilary SAM Account'
  MUST ( uid $ sambaSID )
  MAY  ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $
     sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $
     sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $
     displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $
     sambaProfilePath $ description $ sambaUserWorkstations $
     sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $
     sambaBadPasswordCount $ sambaBadPasswordTime))

##
## Group mapping info
##
 objectclass ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY
  DESC 'Samba Group Mapping'
  MUST ( gidNumber $ sambaSID $ sambaGroupType )
  MAY  ( displayName $ description $ sambaSIDList ))

##
## Whole-of-domain info
##
 objectclass ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL
  DESC 'Samba Domain Information'
  MUST ( sambaDomainName $ sambaSID ) 
  MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $
    sambaAlgorithmicRidBase ) )

## used for idmap_ldap module
 objectclass ( 1.3.6.1.4.1.7165.1.2.2.7 NAME 'sambaUnixIdPool' SUP top AUXILIARY
  DESC 'Pool for allocating UNIX uids/gids'
  MUST ( uidNumber $ gidNumber ) )


 objectclass ( 1.3.6.1.4.1.7165.1.2.2.8 NAME 'sambaIdmapEntry' SUP top AUXILIARY
  DESC 'Mapping from a SID to an ID'
  MUST ( sambaSID )
  MAY ( uidNumber $ gidNumber ) )

 objectclass ( 1.3.6.1.4.1.7165.1.2.2.9 NAME 'sambaSidEntry' SUP top STRUCTURAL
  DESC 'Structural Class for a SID'
  MUST ( sambaSID ) )


Problems, comments, suggestions, corrections (including broken links) or something to add? Please take the time from a busy life to 'mail us' (at top of screen), the webmaster (below) or info-support at zytrax. You will have a warm inner glow for the rest of the day.

Contents

tech info
guides home
intro
contents
1 objectives
big picture
2 concepts
3 ldap objects
quickstart
4 install ldap
5 samples
6 configuration
7 replica & refer
reference
8 ldif
9 protocol
10 ldap api
operations
11 howtos
12 trouble
13 performance
14 ldap tools
security
15 security
appendices
notes & info
ldap resources
rfc's & x.500
glossary
ldap objects
change log

Creative Commons License
This work is licensed under a Creative Commons License.

If you are happy it's OK - but your browser is giving a less than optimal experience on our site. You could, at no charge, upgrade to a W3C STANDARDS COMPLIANT browser such as Firefox

Search

web zytrax.com

Share

Icons made by Icomoon from www.flaticon.com is licensed by CC 3.0 BY
share page via facebook tweet this page

Page

email us Send to a friend feature print this page Display full width page Decrease font size Increase font size

Resources

Systems

FreeBSD
NetBSD
OpenBSD
DragonFlyBSD
Linux.org
Debian Linux

Software

LibreOffice
OpenOffice
Mozilla
GitHub
GNU-Free SW Foundation
get-dns

Organizations

Open Source Initiative
Creative Commons

Misc.

Ibiblio - Library
Open Book Project
Open Directory
Wikipedia

Site

CSS Technology SPF Record Conformant Domain
Copyright © 1994 - 2017 ZyTrax, Inc.
All rights reserved. Legal and Privacy
site by zytrax
Hosted by super.net.sg
web-master at zytrax
Page modified: October 21 2015.