mirror of
https://gitlab2.federez.net/re2o/re2o
synced 2024-12-23 15:33:45 +00:00
Cleanup of LDAP installer
This commit rewrites LDAP installer with the following changes : - LDIF file now ends with the correct extension ".ldif", - Rather than dumping an old LDAP schema, now only samba and freeradius schema are added. This improves future proofness with freeradius schema evolving, - LDIF files now have licence header according to where it was taken, - install_re2o.sh no longer dump the new database with slapadd but uses generic LDAP commands to populate the new database, - install_re2o.sh no longer restart slapd service and installs all needed dependencies. Compared to the old method, nothing should be different after the install (other than creation date and uuid). Needed for further development with openldap in a Docker container.
This commit is contained in:
parent
064ec73cbc
commit
1d4ea12f2b
6 changed files with 416 additions and 1398 deletions
|
@ -6,8 +6,9 @@ SETTINGS_EXAMPLE_FILE='re2o/settings_local.example.py'
|
||||||
APT_REQ_FILE="apt_requirements.txt"
|
APT_REQ_FILE="apt_requirements.txt"
|
||||||
PIP_REQ_FILE="pip_requirements.txt"
|
PIP_REQ_FILE="pip_requirements.txt"
|
||||||
|
|
||||||
LDIF_DB_FILE="install_utils/db.ldiff"
|
LDIF_DB_FILE="install_utils/ldap/db.ldif"
|
||||||
LDIF_SCHEMA_FILE="install_utils/schema.ldiff"
|
LDIF_SCHEMA_RADIUS_FILE="install_utils/ldap/schema_radius.ldif"
|
||||||
|
LDIF_SCHEMA_SAMBA_FILE="install_utils/ldap/schema_samba.ldif"
|
||||||
|
|
||||||
|
|
||||||
VALUE= # global value used to return values by some functions
|
VALUE= # global value used to return values by some functions
|
||||||
|
@ -155,7 +156,7 @@ install_database() {
|
||||||
|
|
||||||
|
|
||||||
install_ldap() {
|
install_ldap() {
|
||||||
### Usage: install_ldap <local_setup> <password> <domain>
|
### Usage: install_ldap <local_setup> <password> <domain> <extension>
|
||||||
#
|
#
|
||||||
# This function will install the LDAP
|
# This function will install the LDAP
|
||||||
#
|
#
|
||||||
|
@ -172,44 +173,32 @@ install_ldap() {
|
||||||
local_setup="$1"
|
local_setup="$1"
|
||||||
password="$2"
|
password="$2"
|
||||||
domain="$3"
|
domain="$3"
|
||||||
|
extension_locale="$4"
|
||||||
|
|
||||||
if [ "$local_setup" == 1 ]; then
|
if [ "$local_setup" == 1 ]; then
|
||||||
|
|
||||||
echo "Installing slapd package ..."
|
echo "Preconfiguring slapd package ..."
|
||||||
apt-get -y install slapd
|
echo slapd slapd/domain string $extension_locale | debconf-set-selections -v
|
||||||
echo "Installing slapd package: Done"
|
echo slapd slapd/password1 password $password | debconf-set-selections -v
|
||||||
|
echo slapd slapd/password2 password $password | debconf-set-selections -v
|
||||||
|
echo "Preconfiguring slapd package: Done"
|
||||||
|
|
||||||
echo "Hashing the LDAP password ..."
|
echo "Installing openldap packages ..."
|
||||||
hashed_ldap_passwd="$(slappasswd -s $password)"
|
DEBIAN_FRONTEND=noninteractive apt-get -y install slapd ldap-utils
|
||||||
echo "Hash of the password: $hashed_ldap_passwd"
|
echo "Installing openldap packages: Done"
|
||||||
|
|
||||||
echo "Building the LDAP config files ..."
|
echo "Building the LDAP config files ..."
|
||||||
sed 's|dc=example,dc=net|'"$domain"'|g' $LDIF_DB_FILE | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/db
|
sed 's|dc=example,dc=net|'"$domain"'|g' $LDIF_DB_FILE | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/db
|
||||||
sed 's|dc=example,dc=net|'"$domain"'|g' $LDIF_SCHEMA_FILE | sed 's|FILL_IT|'"$hashed_ldap_passwd"'|g' > /tmp/schema
|
|
||||||
echo "Building the LDAP config files: Done"
|
echo "Building the LDAP config files: Done"
|
||||||
|
|
||||||
echo "Stopping slapd service ..."
|
echo "Adding freeradius and samba schema to LDAP ..."
|
||||||
service slapd stop
|
ldapadd -Y EXTERNAL -H ldapi:/// -f "$LDIF_SCHEMA_RADIUS_FILE"
|
||||||
echo "Stopping slapd service: Done"
|
ldapadd -Y EXTERNAL -H ldapi:/// -f "$LDIF_SCHEMA_SAMBA_FILE"
|
||||||
|
echo "Adding freeradius and samba schema to LDAP: Done"
|
||||||
|
|
||||||
echo "Deleting exisitng LDAP configuration ..."
|
echo "Creating re2o LDAP database ..."
|
||||||
rm -rf /etc/ldap/slapd.d/*
|
ldapadd -H ldap:// -x -D "cn=admin,$domain" -w "$password" -f "/tmp/db"
|
||||||
rm -rf /var/lib/ldap/*
|
echo "Creating re2o LDAP database: Done"
|
||||||
echo "Deleting existing LDAP configuration: Done"
|
|
||||||
|
|
||||||
echo "Setting up the new LDAP configuration ..."
|
|
||||||
slapadd -n 0 -l /tmp/schema -F /etc/ldap/slapd.d/
|
|
||||||
slapadd -n 1 -l /tmp/db
|
|
||||||
echo "Setting up the new LDAP configuration: Done"
|
|
||||||
|
|
||||||
echo "Fixing the LDAP files permissions ..."
|
|
||||||
chown -R openldap:openldap /etc/ldap/slapd.d
|
|
||||||
chown -R openldap:openldap /var/lib/ldap
|
|
||||||
echo "Fixing the LDAP files permissions: Done"
|
|
||||||
|
|
||||||
echo "Starting slapd service ..."
|
|
||||||
service slapd start
|
|
||||||
echo "Starting slapd service: Done"
|
|
||||||
|
|
||||||
else
|
else
|
||||||
|
|
||||||
|
@ -665,7 +654,7 @@ interactive_guide() {
|
||||||
|
|
||||||
install_database "$sql_bdd_type" "$sql_is_local" "$sql_name" "$sql_login" "$sql_password"
|
install_database "$sql_bdd_type" "$sql_is_local" "$sql_name" "$sql_login" "$sql_password"
|
||||||
|
|
||||||
install_ldap "$ldap_is_local" "$ldap_password" "$ldap_dn"
|
install_ldap "$ldap_is_local" "$ldap_password" "$ldap_dn" "$extension_locale"
|
||||||
|
|
||||||
|
|
||||||
write_settings_file "$sql_bdd_type" "$sql_host" "$sql_name" "$sql_login" "$sql_password" \
|
write_settings_file "$sql_bdd_type" "$sql_host" "$sql_name" "$sql_login" "$sql_password" \
|
||||||
|
|
|
@ -1,183 +0,0 @@
|
||||||
dn: dc=example,dc=net
|
|
||||||
o: rezo
|
|
||||||
structuralObjectClass: organization
|
|
||||||
entryUUID: fc97a0fe-514b-1034-9e4d-59675b32507b
|
|
||||||
creatorsName: cn=admin,dc=example,dc=net
|
|
||||||
createTimestamp: 20150225150906Z
|
|
||||||
description: ldap
|
|
||||||
objectClass: top
|
|
||||||
objectClass: dcObject
|
|
||||||
objectClass: organization
|
|
||||||
entryCSN: 20151003212702.245118Z#000000#000#000000
|
|
||||||
modifiersName: cn=admin,dc=example,dc=net
|
|
||||||
modifyTimestamp: 20151003212702Z
|
|
||||||
contextCSN: 20161004233332.689769Z#000000#000#000000
|
|
||||||
|
|
||||||
dn: cn=admin,dc=example,dc=net
|
|
||||||
objectClass: simpleSecurityObject
|
|
||||||
objectClass: organizationalRole
|
|
||||||
cn: admin
|
|
||||||
structuralObjectClass: organizationalRole
|
|
||||||
entryUUID: fc97fa72-514b-1034-9e4e-59675b32507b
|
|
||||||
creatorsName: cn=admin,dc=example,dc=net
|
|
||||||
createTimestamp: 20150225150906Z
|
|
||||||
description:: TERBUCBhZG1pbmlzdHJhdG9yDQo=
|
|
||||||
userPassword: FILL_IT
|
|
||||||
entryCSN: 20160604005945.576566Z#000000#000#000000
|
|
||||||
modifiersName: cn=admin,dc=example,dc=net
|
|
||||||
modifyTimestamp: 20160604005945Z
|
|
||||||
|
|
||||||
dn: cn=Utilisateurs,dc=example,dc=net
|
|
||||||
gidNumber: 500
|
|
||||||
cn: Utilisateurs
|
|
||||||
structuralObjectClass: posixGroup
|
|
||||||
entryUUID: 5d53854e-5204-1034-8c61-8da535cabdfc
|
|
||||||
creatorsName: cn=admin,dc=example,dc=net
|
|
||||||
createTimestamp: 20150226130856Z
|
|
||||||
sambaSID: 500
|
|
||||||
uid: Users
|
|
||||||
objectClass: posixGroup
|
|
||||||
objectClass: top
|
|
||||||
objectClass: sambaSamAccount
|
|
||||||
objectClass: radiusprofile
|
|
||||||
entryCSN: 20150226130950.194154Z#000000#000#000000
|
|
||||||
modifiersName: cn=admin,dc=example,dc=net
|
|
||||||
modifyTimestamp: 20150226130950Z
|
|
||||||
|
|
||||||
dn: ou=groups,dc=example,dc=net
|
|
||||||
objectClass: organizationalUnit
|
|
||||||
description: Groupes d'utilisateurs
|
|
||||||
ou: groups
|
|
||||||
structuralObjectClass: organizationalUnit
|
|
||||||
entryUUID: 986aa1b6-bb86-1035-9a4c-2ff0c800ec24
|
|
||||||
creatorsName: cn=admin,dc=example,dc=net
|
|
||||||
createTimestamp: 20160531142039Z
|
|
||||||
entryCSN: 20160531142039.780151Z#000000#000#000000
|
|
||||||
modifiersName: cn=admin,dc=example,dc=net
|
|
||||||
modifyTimestamp: 20160531142039Z
|
|
||||||
|
|
||||||
dn: ou=services,ou=groups,dc=example,dc=net
|
|
||||||
objectClass: organizationalUnit
|
|
||||||
description: Groupes de comptes techniques
|
|
||||||
ou: services
|
|
||||||
structuralObjectClass: organizationalUnit
|
|
||||||
entryUUID: cbb56904-bc6a-1035-9fbb-3dc3850d88ba
|
|
||||||
creatorsName: cn=admin,dc=example,dc=net
|
|
||||||
createTimestamp: 20160601173411Z
|
|
||||||
entryCSN: 20160601173411.088359Z#000000#000#000000
|
|
||||||
modifiersName: cn=admin,dc=example,dc=net
|
|
||||||
modifyTimestamp: 20160601173411Z
|
|
||||||
|
|
||||||
dn: ou=service-users,dc=example,dc=net
|
|
||||||
objectClass: organizationalUnit
|
|
||||||
description: Utilisateurs techniques de l'annuaire
|
|
||||||
ou: service-users
|
|
||||||
structuralObjectClass: organizationalUnit
|
|
||||||
entryUUID: 0e397270-bc6b-1035-9fbd-3dc3850d88ba
|
|
||||||
creatorsName: cn=admin,dc=example,dc=net
|
|
||||||
createTimestamp: 20160601173602Z
|
|
||||||
entryCSN: 20160601173602.683304Z#000000#000#000000
|
|
||||||
modifiersName: cn=admin,dc=example,dc=net
|
|
||||||
modifyTimestamp: 20160601173602Z
|
|
||||||
|
|
||||||
dn: cn=freeradius,ou=service-users,dc=example,dc=net
|
|
||||||
objectClass: applicationProcess
|
|
||||||
objectClass: simpleSecurityObject
|
|
||||||
cn: freeradius
|
|
||||||
userPassword: FILL_IT
|
|
||||||
structuralObjectClass: applicationProcess
|
|
||||||
entryUUID: 8596e4ec-bc6b-1035-9fbf-3dc3850d88ba
|
|
||||||
creatorsName: cn=admin,dc=example,dc=net
|
|
||||||
createTimestamp: 20160601173922Z
|
|
||||||
entryCSN: 20160601173922.944598Z#000000#000#000000
|
|
||||||
modifiersName: cn=admin,dc=example,dc=net
|
|
||||||
modifyTimestamp: 20160601173922Z
|
|
||||||
|
|
||||||
dn: cn=nssauth,ou=service-users,dc=example,dc=net
|
|
||||||
objectClass: applicationProcess
|
|
||||||
objectClass: simpleSecurityObject
|
|
||||||
cn: nssauth
|
|
||||||
structuralObjectClass: applicationProcess
|
|
||||||
entryUUID: cfbdadc6-bc6b-1035-9fc4-3dc3850d88ba
|
|
||||||
creatorsName: cn=admin,dc=example,dc=net
|
|
||||||
createTimestamp: 20160601174127Z
|
|
||||||
userPassword: FILL_IT
|
|
||||||
entryCSN: 20160603093724.770069Z#000000#000#000000
|
|
||||||
modifiersName: cn=admin,dc=example,dc=net
|
|
||||||
modifyTimestamp: 20160603093724Z
|
|
||||||
|
|
||||||
dn: cn=auth,ou=services,ou=groups,dc=example,dc=net
|
|
||||||
objectClass: groupOfNames
|
|
||||||
cn: auth
|
|
||||||
member: cn=nssauth,ou=service-users,dc=example,dc=net
|
|
||||||
structuralObjectClass: groupOfNames
|
|
||||||
entryUUID: 98524836-bc6d-1035-9fc7-3dc3850d88ba
|
|
||||||
creatorsName: cn=admin,dc=example,dc=net
|
|
||||||
createTimestamp: 20160601175413Z
|
|
||||||
entryCSN: 20160620005705.309928Z#000000#000#000000
|
|
||||||
modifiersName: cn=admin,dc=example,dc=net
|
|
||||||
modifyTimestamp: 20160620005705Z
|
|
||||||
|
|
||||||
dn: ou=posix,ou=groups,dc=example,dc=net
|
|
||||||
objectClass: organizationalUnit
|
|
||||||
description: Groupes de comptes POSIX
|
|
||||||
ou: posix
|
|
||||||
structuralObjectClass: organizationalUnit
|
|
||||||
entryUUID: fbd89c4a-bdb5-1035-9045-d5a09894d93e
|
|
||||||
creatorsName: cn=admin,dc=example,dc=net
|
|
||||||
createTimestamp: 20160603090455Z
|
|
||||||
entryCSN: 20160603090455.267192Z#000000#000#000000
|
|
||||||
modifiersName: cn=admin,dc=example,dc=net
|
|
||||||
modifyTimestamp: 20160603090455Z
|
|
||||||
|
|
||||||
dn: cn=wifi,ou=service-users,dc=example,dc=net
|
|
||||||
objectClass: applicationProcess
|
|
||||||
objectClass: simpleSecurityObject
|
|
||||||
cn: wifi
|
|
||||||
structuralObjectClass: applicationProcess
|
|
||||||
entryUUID: 8cc2d1a6-bdc2-1035-9051-d5a09894d93e
|
|
||||||
creatorsName: cn=admin,dc=example,dc=net
|
|
||||||
createTimestamp: 20160603103452Z
|
|
||||||
userPassword: FILL_IT
|
|
||||||
entryCSN: 20160603103638.682210Z#000000#000#000000
|
|
||||||
modifiersName: cn=admin,dc=example,dc=net
|
|
||||||
modifyTimestamp: 20160603103638Z
|
|
||||||
|
|
||||||
dn: cn=usermgmt,ou=services,ou=groups,dc=example,dc=net
|
|
||||||
objectClass: groupOfNames
|
|
||||||
cn: usermgmt
|
|
||||||
structuralObjectClass: groupOfNames
|
|
||||||
entryUUID: ec01e206-bdc2-1035-9054-d5a09894d93e
|
|
||||||
creatorsName: cn=admin,dc=example,dc=net
|
|
||||||
createTimestamp: 20160603103732Z
|
|
||||||
member: cn=wifi,ou=service-users,dc=example,dc=net
|
|
||||||
entryCSN: 20160603103746.897151Z#000000#000#000000
|
|
||||||
modifiersName: cn=admin,dc=example,dc=net
|
|
||||||
modifyTimestamp: 20160603103746Z
|
|
||||||
|
|
||||||
dn: cn=replica,ou=service-users,dc=example,dc=net
|
|
||||||
objectClass: applicationProcess
|
|
||||||
objectClass: simpleSecurityObject
|
|
||||||
cn: replica
|
|
||||||
structuralObjectClass: applicationProcess
|
|
||||||
entryUUID: caef5c54-c0e4-1035-948f-dfe369fe3d4f
|
|
||||||
creatorsName: cn=admin,dc=example,dc=net
|
|
||||||
createTimestamp: 20160607101733Z
|
|
||||||
userPassword: FILL_IT
|
|
||||||
entryCSN: 20160607101829.424643Z#000000#000#000000
|
|
||||||
modifiersName: cn=admin,dc=example,dc=net
|
|
||||||
modifyTimestamp: 20160607101829Z
|
|
||||||
|
|
||||||
dn: cn=readonly,ou=services,ou=groups,dc=example,dc=net
|
|
||||||
objectClass: groupOfNames
|
|
||||||
cn: readonly
|
|
||||||
structuralObjectClass: groupOfNames
|
|
||||||
entryUUID: f6bd2366-c0e4-1035-9492-dfe369fe3d4f
|
|
||||||
creatorsName: cn=admin,dc=example,dc=net
|
|
||||||
createTimestamp: 20160607101846Z
|
|
||||||
member: cn=replica,ou=service-users,dc=example,dc=net
|
|
||||||
member: cn=freeradius,ou=service-users,dc=example,dc=net
|
|
||||||
entryCSN: 20160619214628.287369Z#000000#000#000000
|
|
||||||
modifiersName: cn=admin,dc=example,dc=net
|
|
||||||
modifyTimestamp: 20160619214628Z
|
|
||||||
|
|
94
install_utils/ldap/db.ldif
Normal file
94
install_utils/ldap/db.ldif
Normal file
|
@ -0,0 +1,94 @@
|
||||||
|
# coding:utf-8
|
||||||
|
# Re2o est un logiciel d'administration développé initiallement au rezometz. Il
|
||||||
|
# se veut agnostique au réseau considéré, de manière à être installable en
|
||||||
|
# quelques clics.
|
||||||
|
#
|
||||||
|
# Copyright © 2017 Gabriel Détraz
|
||||||
|
# Copyright © 2018 Maël Kervella
|
||||||
|
#
|
||||||
|
# This program is free software; you can redistribute it and/or modify
|
||||||
|
# it under the terms of the GNU General Public License as published by
|
||||||
|
# the Free Software Foundation; either version 2 of the License, or
|
||||||
|
# (at your option) any later version.
|
||||||
|
#
|
||||||
|
# This program is distributed in the hope that it will be useful,
|
||||||
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||||
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||||
|
# GNU General Public License for more details.
|
||||||
|
#
|
||||||
|
# You should have received a copy of the GNU General Public License along
|
||||||
|
# with this program; if not, write to the Free Software Foundation, Inc.,
|
||||||
|
# 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA.
|
||||||
|
|
||||||
|
# Pré-remplissage
|
||||||
|
|
||||||
|
dn: cn=Utilisateurs,dc=example,dc=net
|
||||||
|
gidNumber: 500
|
||||||
|
cn: Utilisateurs
|
||||||
|
sambaSID: 500
|
||||||
|
uid: Users
|
||||||
|
objectClass: posixGroup
|
||||||
|
objectClass: top
|
||||||
|
objectClass: sambaSamAccount
|
||||||
|
objectClass: radiusprofile
|
||||||
|
|
||||||
|
dn: ou=groups,dc=example,dc=net
|
||||||
|
objectClass: organizationalUnit
|
||||||
|
description: Groupes d'utilisateurs
|
||||||
|
ou: groups
|
||||||
|
|
||||||
|
dn: ou=posix,ou=groups,dc=example,dc=net
|
||||||
|
objectClass: organizationalUnit
|
||||||
|
description: Groupes de comptes POSIX
|
||||||
|
ou: posix
|
||||||
|
|
||||||
|
dn: ou=services,ou=groups,dc=example,dc=net
|
||||||
|
objectClass: organizationalUnit
|
||||||
|
description: Groupes de comptes techniques
|
||||||
|
ou: services
|
||||||
|
|
||||||
|
dn: cn=auth,ou=services,ou=groups,dc=example,dc=net
|
||||||
|
objectClass: groupOfNames
|
||||||
|
cn: auth
|
||||||
|
member: cn=nssauth,ou=service-users
|
||||||
|
|
||||||
|
dn: cn=usermgmt,ou=services,ou=groups,dc=example,dc=net
|
||||||
|
objectClass: groupOfNames
|
||||||
|
cn: usermgmt
|
||||||
|
member: cn=wifi,ou=service-users
|
||||||
|
|
||||||
|
dn: cn=readonly,ou=services,ou=groups,dc=example,dc=net
|
||||||
|
objectClass: groupOfNames
|
||||||
|
cn: readonly
|
||||||
|
member: cn=replica,ou=service-users
|
||||||
|
member: cn=freeradius,ou=service-users
|
||||||
|
|
||||||
|
dn: ou=service-users,dc=example,dc=net
|
||||||
|
objectClass: organizationalUnit
|
||||||
|
description: Utilisateurs techniques de l'annuaire
|
||||||
|
ou: service-users
|
||||||
|
|
||||||
|
dn: cn=freeradius,ou=service-users,dc=example,dc=net
|
||||||
|
objectClass: applicationProcess
|
||||||
|
objectClass: simpleSecurityObject
|
||||||
|
cn: freeradius
|
||||||
|
userPassword: FILL_IT
|
||||||
|
|
||||||
|
dn: cn=nssauth,ou=service-users,dc=example,dc=net
|
||||||
|
objectClass: applicationProcess
|
||||||
|
objectClass: simpleSecurityObject
|
||||||
|
cn: nssauth
|
||||||
|
userPassword: FILL_IT
|
||||||
|
|
||||||
|
dn: cn=wifi,ou=service-users,dc=example,dc=net
|
||||||
|
objectClass: applicationProcess
|
||||||
|
objectClass: simpleSecurityObject
|
||||||
|
cn: wifi
|
||||||
|
userPassword: FILL_IT
|
||||||
|
|
||||||
|
dn: cn=replica,ou=service-users,dc=example,dc=net
|
||||||
|
objectClass: applicationProcess
|
||||||
|
objectClass: simpleSecurityObject
|
||||||
|
cn: replica
|
||||||
|
userPassword: FILL_IT
|
||||||
|
|
75
install_utils/ldap/schema_radius.ldif
Normal file
75
install_utils/ldap/schema_radius.ldif
Normal file
|
@ -0,0 +1,75 @@
|
||||||
|
# From : https://github.com/redBorder/freeradius/blob/master/doc/schemas/ldap/openldap.ldif
|
||||||
|
|
||||||
|
dn: cn=radius,cn=schema,cn=config
|
||||||
|
objectClass: olcSchemaConfig
|
||||||
|
cn: radius
|
||||||
|
olcAttributeTypes: {0}( 1.3.6.1.4.1.3317.4.3.1.1 NAME 'radiusArapFeatures' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {1}( 1.3.6.1.4.1.3317.4.3.1.2 NAME 'radiusArapSecurity' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {2}( 1.3.6.1.4.1.3317.4.3.1.3 NAME 'radiusArapZoneAccess' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {3}( 1.3.6.1.4.1.3317.4.3.1.44 NAME 'radiusAuthType' DESC 'controlItem: Auth-Type' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {4}( 1.3.6.1.4.1.3317.4.3.1.4 NAME 'radiusCallbackId' DESC 'replyItem: Callback-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {5}( 1.3.6.1.4.1.3317.4.3.1.5 NAME 'radiusCallbackNumber' DESC 'replyItem: Callback-Number' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {6}( 1.3.6.1.4.1.3317.4.3.1.6 NAME 'radiusCalledStationId' DESC 'controlItem: Called-Station-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {7}( 1.3.6.1.4.1.3317.4.3.1.7 NAME 'radiusCallingStationId' DESC 'controlItem: Calling-Station-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {8}( 1.3.6.1.4.1.3317.4.3.1.8 NAME 'radiusClass' DESC 'replyItem: Class' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||||
|
olcAttributeTypes: {9}( 1.3.6.1.4.1.3317.4.3.1.45 NAME 'radiusClientIPAddress' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {10}( 1.3.6.1.4.1.3317.4.3.1.9 NAME 'radiusFilterId' DESC 'replyItem: Filter-Id' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||||
|
olcAttributeTypes: {11}( 1.3.6.1.4.1.3317.4.3.1.10 NAME 'radiusFramedAppleTalkLink' DESC 'replyItem: Framed-AppleTalk-Link' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {12}( 1.3.6.1.4.1.3317.4.3.1.11 NAME 'radiusFramedAppleTalkNetwork' DESC 'replyItem: Framed-AppleTalk-Network' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||||
|
olcAttributeTypes: {13}( 1.3.6.1.4.1.3317.4.3.1.12 NAME 'radiusFramedAppleTalkZone' DESC 'replyItem: Framed-AppleTalk-Zone' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {14}( 1.3.6.1.4.1.3317.4.3.1.13 NAME 'radiusFramedCompression' DESC 'replyItem: Framed-Compression' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||||
|
olcAttributeTypes: {15}( 1.3.6.1.4.1.3317.4.3.1.14 NAME 'radiusFramedIPAddress' DESC 'replyItem: Framed-IP-Address' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {16}( 1.3.6.1.4.1.3317.4.3.1.15 NAME 'radiusFramedIPNetmask' DESC 'replyItem: Framed-IP-Netmask' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {17}( 1.3.6.1.4.1.3317.4.3.1.16 NAME 'radiusFramedIPXNetwork' DESC 'replyItem: Framed-IPX-Network' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {18}( 1.3.6.1.4.1.3317.4.3.1.17 NAME 'radiusFramedMTU' DESC' replyItem: Framed-MTU' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {19}( 1.3.6.1.4.1.3317.4.3.1.18 NAME 'radiusFramedProtocol'DESC 'replyItem: Framed-Protocol' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {20}( 1.3.6.1.4.1.3317.4.3.1.19 NAME 'radiusFramedRoute' DESC 'replyItem: Framed-Route' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||||
|
olcAttributeTypes: {21}( 1.3.6.1.4.1.3317.4.3.1.20 NAME 'radiusFramedRouting' DESC 'replyItem: Framed-Routing' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {22}( 1.3.6.1.4.1.3317.4.3.1.46 NAME 'radiusGroupName' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||||
|
olcAttributeTypes: {23}( 1.3.6.1.4.1.3317.4.3.1.47 NAME 'radiusHint' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {24}( 1.3.6.1.4.1.3317.4.3.1.48 NAME 'radiusHuntgroupName' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||||
|
olcAttributeTypes: {25}( 1.3.6.1.4.1.3317.4.3.1.21 NAME 'radiusIdleTimeout' DESC 'replyItem: Idle-Timeout' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {26}( 1.3.6.1.4.1.3317.4.3.1.22 NAME 'radiusLoginIPHost' DESC 'replyItem: Login-IP-Host' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||||
|
olcAttributeTypes: {27}( 1.3.6.1.4.1.3317.4.3.1.23 NAME 'radiusLoginLATGroup' DESC 'replyItem: Login-LAT-Group' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {28}( 1.3.6.1.4.1.3317.4.3.1.24 NAME 'radiusLoginLATNode' DESC 'replyItem: Login-LAT-Node' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {29}( 1.3.6.1.4.1.3317.4.3.1.25 NAME 'radiusLoginLATPort' DESC 'replyItem: Login-LAT-Port' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {30}( 1.3.6.1.4.1.3317.4.3.1.26 NAME 'radiusLoginLATService' DESC 'replyItem: Login-LAT-Service' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {31}( 1.3.6.1.4.1.3317.4.3.1.27 NAME 'radiusLoginService' DESC 'replyItem: Login-Service' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {32}( 1.3.6.1.4.1.3317.4.3.1.28 NAME 'radiusLoginTCPPort' DESC 'replyItem: Login-TCP-Port' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {33}( 1.3.6.1.4.1.3317.4.3.1.29 NAME 'radiusPasswordRetry' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {34}( 1.3.6.1.4.1.3317.4.3.1.30 NAME 'radiusPortLimit' DESC 'replyItem: Port-Limit' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {35}( 1.3.6.1.4.1.3317.4.3.1.49 NAME 'radiusProfileDn' DESC '' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
|
||||||
|
olcAttributeTypes: {36}( 1.3.6.1.4.1.3317.4.3.1.31 NAME 'radiusPrompt' DESC ''EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {37}( 1.3.6.1.4.1.3317.4.3.1.50 NAME 'radiusProxyToRealm' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {38}( 1.3.6.1.4.1.3317.4.3.1.51 NAME 'radiusReplicateToRealm' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {39}( 1.3.6.1.4.1.3317.4.3.1.52 NAME 'radiusRealm' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE)
|
||||||
|
olcAttributeTypes: {40}( 1.3.6.1.4.1.3317.4.3.1.32 NAME 'radiusServiceType' DESC 'replyItem: Service-Type' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {41}( 1.3.6.1.4.1.3317.4.3.1.33 NAME 'radiusSessionTimeout'DESC 'replyItem: Session-Timeout' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {42}( 1.3.6.1.4.1.3317.4.3.1.34 NAME 'radiusTerminationAction' DESC 'replyItem: Termination-Action' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {43}( 1.3.6.1.4.1.3317.4.3.1.35 NAME 'radiusTunnelAssignmentId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
|
||||||
|
olcAttributeTypes: {44}( 1.3.6.1.4.1.3317.4.3.1.36 NAME 'radiusTunnelMediumType' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||||
|
olcAttributeTypes: {45}( 1.3.6.1.4.1.3317.4.3.1.37 NAME 'radiusTunnelPassword' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {46}( 1.3.6.1.4.1.3317.4.3.1.38 NAME 'radiusTunnelPreference' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||||
|
olcAttributeTypes: {47}( 1.3.6.1.4.1.3317.4.3.1.39 NAME 'radiusTunnelPrivateGroupId' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||||
|
olcAttributeTypes: {48}( 1.3.6.1.4.1.3317.4.3.1.40 NAME 'radiusTunnelServerEndpoint' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||||
|
olcAttributeTypes: {49}( 1.3.6.1.4.1.3317.4.3.1.41 NAME 'radiusTunnelType' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||||
|
olcAttributeTypes: {50}( 1.3.6.1.4.1.3317.4.3.1.42 NAME 'radiusVSA' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||||
|
olcAttributeTypes: {51}( 1.3.6.1.4.1.3317.4.3.1.43 NAME 'radiusTunnelClientEndpoint' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||||
|
olcAttributeTypes: {52}( 1.3.6.1.4.1.3317.4.3.1.53 NAME 'radiusSimultaneousUse' DESC 'controlItem: Simultaneous-Use' SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {53}( 1.3.6.1.4.1.3317.4.3.1.54 NAME 'radiusLoginTime' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {54}( 1.3.6.1.4.1.3317.4.3.1.55 NAME 'radiusUserCategory' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {55}( 1.3.6.1.4.1.3317.4.3.1.56 NAME 'radiusStripUserName' DESC '' SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {56}( 1.3.6.1.4.1.3317.4.3.1.57 NAME 'dialupAccess' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {57}( 1.3.6.1.4.1.3317.4.3.1.58 NAME 'radiusExpiration' DESC 'controlItem: Expiration' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {58}( 1.3.6.1.4.1.3317.4.3.1.59 NAME 'radiusAttribute' DESC 'controlItem: $GENERIC$' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||||
|
olcAttributeTypes: {60}( 1.3.6.1.4.1.3317.4.3.1.61 NAME 'radiusNASIpAddress' DESC '' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {61}( 1.3.6.1.4.1.3317.4.3.1.62 NAME 'radiusReplyMessage' DESC 'replyItem: Reply-Message' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
|
||||||
|
olcObjectClasses: {0}( 1.3.6.1.4.1.3317.4.3.2.1 NAME 'radiusprofile' DESC '' SUP top AUXILIARY MUST cn MAY ( radiusArapFeatures $ radiusArapSecurity $ radiusArapZoneAccess $ radiusAuthType $
|
||||||
|
radiusCallbackId $ radiusCallbackNumber $radiusCalledStationId $ radiusCallingStationId $ radiusClass $ radiusClientIPAddress $ radiusFilterId $ radiusFramedAppleTalkLink $ radiusFramedAppleTalkNetwork $
|
||||||
|
radiusFramedAppleTalkZone $ radiusFramedCompression $ radiusFramedIPAddress $ radiusFramedIPNetmask $ radiusFramedIPXNetwork $ radiusFramedMTU $radiusFramedProtocol $ radiusAttribute $
|
||||||
|
radiusFramedRoute $ radiusFramedRouting $ radiusIdleTimeout $ radiusGroupName $ radiusHint $ radiusHuntgroupName $ radiusLoginIPHost $ radiusLoginLATGroup $ radiusLoginLATNode $ radiusLoginLATPort $
|
||||||
|
radiusLoginLATService $ radiusLoginService $ radiusLoginTCPPort $ radiusLoginTime $ radiusPasswordRetry $ radiusPortLimit $ radiusPrompt $ radiusProxyToRealm $ radiusRealm $ radiusReplicateToRealm $
|
||||||
|
radiusServiceType $ radiusSessionTimeout $ radiusStripUserName $ radiusTerminationAction $ radiusTunnelClientEndpoint $ radiusProfileDn $ radiusSimultaneousUse $ radiusTunnelAssignmentId $
|
||||||
|
radiusTunnelMediumType $ radiusTunnelPassword $ radiusTunnelPreference $ radiusTunnelPrivateGroupId $ radiusTunnelServerEndpoint $ radiusTunnelType $ radiusUserCategory $ radiusVSA $ radiusExpiration $
|
||||||
|
dialupAccess $ radiusNASIpAddress $ radiusReplyMessage ) )
|
||||||
|
olcObjectClasses: {1}( 1.3.6.1.4.1.3317.4.3.2.2 NAME 'radiusObjectProfile' DESC 'A Container Objectclass to be used for creating radius profile object' SUP top STRUCTURAL MUST cn MAY ( uid $ userPassword $ description ) )
|
226
install_utils/ldap/schema_samba.ldif
Normal file
226
install_utils/ldap/schema_samba.ldif
Normal file
|
@ -0,0 +1,226 @@
|
||||||
|
# From samba debian package (/usr/share/doc/samba/examples/LDAP/samba.ldif.gz)
|
||||||
|
|
||||||
|
dn: cn=samba,cn=schema,cn=config
|
||||||
|
objectClass: olcSchemaConfig
|
||||||
|
cn: samba
|
||||||
|
olcAttributeTypes: {0}( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC 'L
|
||||||
|
anManager Password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1
|
||||||
|
21.1.26{32} SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {1}( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC 'M
|
||||||
|
D4 hash of the unicode password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4
|
||||||
|
.1.1466.115.121.1.26{32} SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {2}( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC 'Ac
|
||||||
|
count Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
||||||
|
{16} SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {3}( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' DESC 'T
|
||||||
|
imestamp of the last password update' EQUALITY integerMatch SYNTAX 1.3.6.1.4.
|
||||||
|
1.1466.115.121.1.27 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {4}( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange' DESC
|
||||||
|
'Timestamp of when the user is allowed to update the password' EQUALITY integ
|
||||||
|
erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {5}( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' DESC
|
||||||
|
'Timestamp of when the password will expire' EQUALITY integerMatch SYNTAX 1.
|
||||||
|
3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {6}( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime' DESC 'Ti
|
||||||
|
mestamp of last logon' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.
|
||||||
|
1.27 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {7}( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' DESC 'T
|
||||||
|
imestamp of last logoff' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.12
|
||||||
|
1.1.27 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {8}( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' DESC '
|
||||||
|
Timestamp of when the user will be logged off automatically' EQUALITY integer
|
||||||
|
Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {9}( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount' D
|
||||||
|
ESC 'Bad password attempt count' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.146
|
||||||
|
6.115.121.1.27 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {10}( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime' D
|
||||||
|
ESC 'Time of the last bad password attempt' EQUALITY integerMatch SYNTAX 1.3.
|
||||||
|
6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {11}( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' DESC '
|
||||||
|
Logon Hours' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
|
||||||
|
{42} SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {12}( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' DESC 'D
|
||||||
|
river letter of home directory mapping' EQUALITY caseIgnoreIA5Match SYNTAX 1.
|
||||||
|
3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {13}( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript' DESC
|
||||||
|
'Logon script path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.
|
||||||
|
1.15{255} SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {14}( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' DESC
|
||||||
|
'Roaming profile path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.1
|
||||||
|
21.1.15{255} SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {15}( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations'
|
||||||
|
DESC 'List of user workstations the user is allowed to logon to' EQUALITY cas
|
||||||
|
eIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {16}( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath' DESC 'Ho
|
||||||
|
me directory UNC path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.1
|
||||||
|
21.1.15{128} )
|
||||||
|
olcAttributeTypes: {17}( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' DESC '
|
||||||
|
Windows NT domain to which the user belongs' EQUALITY caseIgnoreMatch SYNTAX
|
||||||
|
1.3.6.1.4.1.1466.115.121.1.15{128} )
|
||||||
|
olcAttributeTypes: {18}( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' DESC '
|
||||||
|
Base64 encoded user parameter string' EQUALITY caseExactMatch SYNTAX 1.3.6.1.
|
||||||
|
4.1.1466.115.121.1.15{1050} )
|
||||||
|
olcAttributeTypes: {19}( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' D
|
||||||
|
ESC 'Concatenated MD5 hashes of the salted NT passwords used on this account'
|
||||||
|
EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} )
|
||||||
|
olcAttributeTypes: {20}( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Securit
|
||||||
|
y ID' EQUALITY caseIgnoreIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1
|
||||||
|
.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {21}( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID' D
|
||||||
|
ESC 'Primary Group Security ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.
|
||||||
|
1.1466.115.121.1.26{64} SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {22}( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList' DESC 'Sec
|
||||||
|
urity ID List' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.
|
||||||
|
26{64} )
|
||||||
|
olcAttributeTypes: {23}( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' DESC 'N
|
||||||
|
T Group Type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING
|
||||||
|
LE-VALUE )
|
||||||
|
olcAttributeTypes: {24}( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid' DESC
|
||||||
|
'Next NT rid to give our for users' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.
|
||||||
|
1466.115.121.1.27 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {25}( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid' DESC
|
||||||
|
'Next NT rid to give out for groups' EQUALITY integerMatch SYNTAX 1.3.6.1.4.
|
||||||
|
1.1466.115.121.1.27 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {26}( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid' DESC 'Nex
|
||||||
|
t NT rid to give out for anything' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1
|
||||||
|
466.115.121.1.27 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {27}( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase
|
||||||
|
' DESC 'Base at which the samba RID generation algorithm should operate' EQUA
|
||||||
|
LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {28}( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName' DESC 'S
|
||||||
|
hare Name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SING
|
||||||
|
LE-VALUE )
|
||||||
|
olcAttributeTypes: {29}( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName' DESC '
|
||||||
|
Option Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
|
||||||
|
1.3.6.1.4.1.1466.115.121.1.15{256} )
|
||||||
|
olcAttributeTypes: {30}( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption' DESC '
|
||||||
|
A boolean option' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 S
|
||||||
|
INGLE-VALUE )
|
||||||
|
olcAttributeTypes: {31}( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption' DES
|
||||||
|
C 'An integer option' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1
|
||||||
|
.27 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {32}( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption' DESC
|
||||||
|
'A string option' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121
|
||||||
|
.1.26 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {33}( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption'
|
||||||
|
DESC 'A string list option' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.
|
||||||
|
115.121.1.15 )
|
||||||
|
olcAttributeTypes: {34}( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags' DESC '
|
||||||
|
Trust Password Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115
|
||||||
|
.121.1.26 )
|
||||||
|
olcAttributeTypes: {35}( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength' DESC
|
||||||
|
'Minimal password length (default: 5)' EQUALITY integerMatch SYNTAX 1.3.6.1.
|
||||||
|
4.1.1466.115.121.1.27 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {36}( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength'
|
||||||
|
DESC 'Length of Password History Entries (default: 0 => off)' EQUALITY intege
|
||||||
|
rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {37}( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd' DES
|
||||||
|
C 'Force Users to logon for password change (default: 0 => off, 2 => on)' EQU
|
||||||
|
ALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {38}( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge' DESC 'M
|
||||||
|
aximum password age, in seconds (default: -1 => never expire passwords)' EQUA
|
||||||
|
LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {39}( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge' DESC 'M
|
||||||
|
inimum password age, in seconds (default: 0 => allow immediate password chang
|
||||||
|
e)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {40}( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration' D
|
||||||
|
ESC 'Lockout duration in minutes (default: 30, -1 => forever)' EQUALITY integ
|
||||||
|
erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {41}( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservation
|
||||||
|
Window' DESC 'Reset time after lockout in minutes (default: 30)' EQUALITY int
|
||||||
|
egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {42}( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold'
|
||||||
|
DESC 'Lockout users after bad logon attempts (default: 0 => off)' EQUALITY in
|
||||||
|
tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {43}( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff' DESC
|
||||||
|
'Disconnect Users outside logon hours (default: -1 => off, 0 => on)' EQUALITY
|
||||||
|
integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {44}( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdCh
|
||||||
|
ange' DESC 'Allow Machine Password changes (default: 0 => off)' EQUALITY inte
|
||||||
|
gerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {45}( 1.3.6.1.4.1.7165.2.1.68 NAME 'sambaClearTextPassword'
|
||||||
|
DESC 'Clear text password (used for trusted domain passwords)' EQUALITY octe
|
||||||
|
tStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
|
||||||
|
olcAttributeTypes: {46}( 1.3.6.1.4.1.7165.2.1.69 NAME 'sambaPreviousClearTextP
|
||||||
|
assword' DESC 'Previous clear text password (used for trusted domain password
|
||||||
|
s)' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
|
||||||
|
olcAttributeTypes: {47}( 1.3.6.1.4.1.7165.2.1.70 NAME 'sambaTrustType' DESC 'T
|
||||||
|
ype of trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING
|
||||||
|
LE-VALUE )
|
||||||
|
olcAttributeTypes: {48}( 1.3.6.1.4.1.7165.2.1.71 NAME 'sambaTrustAttributes' D
|
||||||
|
ESC 'Trust attributes for a trusted domain' EQUALITY integerMatch SYNTAX 1.3.
|
||||||
|
6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {49}( 1.3.6.1.4.1.7165.2.1.72 NAME 'sambaTrustDirection' DE
|
||||||
|
SC 'Direction of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.1
|
||||||
|
21.1.27 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {50}( 1.3.6.1.4.1.7165.2.1.73 NAME 'sambaTrustPartner' DESC
|
||||||
|
'Fully qualified name of the domain with which a trust exists' EQUALITY case
|
||||||
|
IgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
|
||||||
|
olcAttributeTypes: {51}( 1.3.6.1.4.1.7165.2.1.74 NAME 'sambaFlatName' DESC 'Ne
|
||||||
|
tBIOS name of a domain' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.
|
||||||
|
121.1.15{128} )
|
||||||
|
olcAttributeTypes: {52}( 1.3.6.1.4.1.7165.2.1.75 NAME 'sambaTrustAuthOutgoing'
|
||||||
|
DESC 'Authentication information for the outgoing portion of a trust' EQUALIT
|
||||||
|
Y caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
|
||||||
|
olcAttributeTypes: {53}( 1.3.6.1.4.1.7165.2.1.76 NAME 'sambaTrustAuthIncoming'
|
||||||
|
DESC 'Authentication information for the incoming portion of a trust' EQUALIT
|
||||||
|
Y caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
|
||||||
|
olcAttributeTypes: {54}( 1.3.6.1.4.1.7165.2.1.77 NAME 'sambaSecurityIdentifier
|
||||||
|
' DESC 'SID of a trusted domain' EQUALITY caseIgnoreIA5Match SUBSTR caseExact
|
||||||
|
IA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {55}( 1.3.6.1.4.1.7165.2.1.78 NAME 'sambaTrustForestTrustIn
|
||||||
|
fo' DESC 'Forest trust information for a trusted domain object' EQUALITY case
|
||||||
|
ExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
|
||||||
|
olcAttributeTypes: {56}( 1.3.6.1.4.1.7165.2.1.79 NAME 'sambaTrustPosixOffset'
|
||||||
|
DESC 'POSIX offset of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.
|
||||||
|
115.121.1.27 SINGLE-VALUE )
|
||||||
|
olcAttributeTypes: {57}( 1.3.6.1.4.1.7165.2.1.80 NAME 'sambaSupportedEncryptio
|
||||||
|
nTypes' DESC 'Supported encryption types of a trust' EQUALITY integerMatch SY
|
||||||
|
NTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
|
||||||
|
olcObjectClasses: {0}( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' DESC 'Sam
|
||||||
|
ba 3.0 Auxilary SAM Account' SUP top AUXILIARY MUST ( uid $ sambaSID ) MAY (
|
||||||
|
cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ sambaLogonTime $ s
|
||||||
|
ambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $ sambaPwdMustChange $
|
||||||
|
sambaAcctFlags $ displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScr
|
||||||
|
ipt $ sambaProfilePath $ description $ sambaUserWorkstations $ sambaPrimaryGr
|
||||||
|
oupSID $ sambaDomainName $ sambaMungedDial $ sambaBadPasswordCount $ sambaBad
|
||||||
|
PasswordTime $ sambaPasswordHistory $ sambaLogonHours ) )
|
||||||
|
olcObjectClasses: {1}( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' DESC 'S
|
||||||
|
amba Group Mapping' SUP top AUXILIARY MUST ( gidNumber $ sambaSID $ sambaGrou
|
||||||
|
pType ) MAY ( displayName $ description $ sambaSIDList ) )
|
||||||
|
olcObjectClasses: {2}( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' DESC
|
||||||
|
'Samba Trust Password' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaNTPas
|
||||||
|
sword $ sambaTrustFlags ) MAY ( sambaSID $ sambaPwdLastSet ) )
|
||||||
|
olcObjectClasses: {3}( 1.3.6.1.4.1.7165.2.2.15 NAME 'sambaTrustedDomainPasswor
|
||||||
|
d' DESC 'Samba Trusted Domain Password' SUP top STRUCTURAL MUST ( sambaDomain
|
||||||
|
Name $ sambaSID $ sambaClearTextPassword $ sambaPwdLastSet ) MAY sambaPreviou
|
||||||
|
sClearTextPassword )
|
||||||
|
olcObjectClasses: {4}( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' DESC 'Samba D
|
||||||
|
omain Information' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaSID ) MAY
|
||||||
|
( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithmicRidB
|
||||||
|
ase $ sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd $ sambaM
|
||||||
|
axPwdAge $ sambaMinPwdAge $ sambaLockoutDuration $ sambaLockoutObservationWin
|
||||||
|
dow $ sambaLockoutThreshold $ sambaForceLogoff $ sambaRefuseMachinePwdChange
|
||||||
|
) )
|
||||||
|
olcObjectClasses: {5}( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' DESC 'Poo
|
||||||
|
l for allocating UNIX uids/gids' SUP top AUXILIARY MUST ( uidNumber $ gidNumb
|
||||||
|
er ) )
|
||||||
|
olcObjectClasses: {6}( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' DESC 'Map
|
||||||
|
ping from a SID to an ID' SUP top AUXILIARY MUST sambaSID MAY ( uidNumber $ g
|
||||||
|
idNumber ) )
|
||||||
|
olcObjectClasses: {7}( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' DESC 'Struc
|
||||||
|
tural Class for a SID' SUP top STRUCTURAL MUST sambaSID )
|
||||||
|
olcObjectClasses: {8}( 1.3.6.1.4.1.7165.2.2.10 NAME 'sambaConfig' DESC 'Samba
|
||||||
|
Configuration Section' SUP top AUXILIARY MAY description )
|
||||||
|
olcObjectClasses: {9}( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' DESC 'Samba S
|
||||||
|
hare Section' SUP top STRUCTURAL MUST sambaShareName MAY description )
|
||||||
|
olcObjectClasses: {10}( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' DESC
|
||||||
|
'Samba Configuration Option' SUP top STRUCTURAL MUST sambaOptionName MAY ( sa
|
||||||
|
mbaBoolOption $ sambaIntegerOption $ sambaStringOption $ sambaStringListoptio
|
||||||
|
n $ description ) )
|
||||||
|
olcObjectClasses: {11}( 1.3.6.1.4.1.7165.2.2.16 NAME 'sambaTrustedDomain' DESC
|
||||||
|
'Samba Trusted Domain Object' SUP top STRUCTURAL MUST cn MAY ( sambaTrustTyp
|
||||||
|
e $ sambaTrustAttributes $ sambaTrustDirection $ sambaTrustPartner $ sambaFla
|
||||||
|
tName $ sambaTrustAuthOutgoing $ sambaTrustAuthIncoming $ sambaSecurityIdenti
|
||||||
|
fier $ sambaTrustForestTrustInfo $ sambaTrustPosixOffset $ sambaSupportedEncr
|
||||||
|
yptionTypes) )
|
File diff suppressed because it is too large
Load diff
Loading…
Reference in a new issue