summaryrefslogtreecommitdiffstats
path: root/examples/LDAP/samba.schema
Commit message (Collapse)AuthorAgeFilesLines
* Reserve an OID space for external projectsSimo Sorce2013-10-181-0/+4
| | | | | | | | | | | | | | Some external, but somewhat related projects, benefit from being able to use the Samba OID space instead of having to go through IANA. Reserve 1.3.6.1.4.1.7165.655.x for external projects And assign 1.3.6.1.4.1.7165.655.1.x to the GSS-NTLMSSP project. Signed-off-by: Simo Sorce <idra@samba.org> Reviewed-by: Andrew Bartlett <abartlet@samba.org> Autobuild-User(master): Simo Sorce <idra@samba.org> Autobuild-Date(master): Fri Oct 18 05:47:29 CEST 2013 on sn-devel-104
* s3-ldap: Add Posix offset and encryption types to LDAP schemaSumit Bose2011-08-311-1/+11
| | | | Signed-off-by: Günther Deschner <gd@samba.org>
* Fix typos in LDAP schema filesSumit Bose2011-05-171-2/+2
| | | | | | | | | Reported by: John Danks <john.danks@gmail.com> Signed-off-by: Günther Deschner <gd@samba.org> Autobuild-User: Günther Deschner <gd@samba.org> Autobuild-Date: Tue May 17 11:56:08 CEST 2011 on sn-devel-104
* s3-ldap: Add sambaTrustForestTrustInfo to LDAP schemataSumit Bose2011-02-161-1/+7
| | | | Signed-off-by: Günther Deschner <gd@samba.org>
* s3-ldap: Update LDAP schemata to include sambaTrustedDomain.Sumit Bose2011-02-161-0/+49
| | | | Signed-off-by: Günther Deschner <gd@samba.org>
* r25090: Fix a syntax error just introduced into the LDAP schema.Michael Adam2007-10-101-2/+2
| | | | | Michael (This used to be commit 7dc68ce0fb4490761326eaaca516fde3bf642ed5)
* r25088: Change the objectclass sambaTrustedDomainPassword toMichael Adam2007-10-101-1/+13
| | | | | | | | | have the current and possibly the previous trust password stored as clear text passwords. (Previous use of NTPassword was a mistake - this is a hash value.) Michael (This used to be commit 0beae52ff469903adbfefdffd93a34bb7ad7d68d)
* r20979: Fix description, thanks to Michael Adam <ma@sernet.de>Volker Lendecke2007-10-101-1/+1
| | | | (This used to be commit 4610465d7f8b1d145b4923f03bd1559c79ad8e70)
* r20884: patch from Michael Adam <ma@sernet.de> to add new ↵Gerald Carter2007-10-101-0/+9
| | | | | | sambaTrustedDomainPassword object class (This used to be commit a209c3084913c69d1978cb31818f2db99e216c9a)
* r20585: - allocate an OID range for LDB/LDAP extended operationsStefan Metzmacher2007-10-101-0/+1
| | | | | metze (This used to be commit 5373897ef54ba5d04d214cd7a32d2c971059314c)
* r20578: - allocate an OID range for samba4 LDB/LDAP ControlsStefan Metzmacher2007-10-101-0/+2
| | | | | | | - allocate an OID range for conflicting attributes/classes metze (This used to be commit 6fedd69f5e9a647cd50b08dba517e1f27a06a802)
* r17487: Allocate some OID space for Samba4, so we don't trip on each other.Andrew Bartlett2007-10-101-0/+5
| | | | | Andrew Bartlett (This used to be commit 199a33ac80977782869b24ce86dcd51cb16d3851)
* r14451: In order to get pdb_ldap searching for SID_NAME_ALIASGerald Carter2007-10-101-1/+1
| | | | | | | | | | | | | | | groups in the ${MACHINESID} and S_1-5-32 domains correctly, I had to add a substr search on sambaSID. * add substr matching rule to OpenLDAP schema (we need to update the other schema as will since this is a pretty important change). Sites will need to - install the new schema - add 'indea sambaSID sub' to slapd.conf - run slapindex * remove uses of SID_NAME_WKN_GRP in pdb_ldap.c (This used to be commit 2c0a46d73122e9000a900f7e16f9b010ad4b78e3)
* r12452: Fix Bug #3053 to allow esp. older eDirectory releases to load our LDAPGünther Deschner2007-10-101-1/+1
| | | | | | | | | | schema. Maybe "Base64 encoded user parameter string" is not much clearer then "munged dial" - anyone got a better description ? Guenther (This used to be commit 02ccde5f4792e34ad88b7adb5ebaf1747cb8151f)
* r10656: BIG merge from trunk. Features not copied overGerald Carter2007-10-101-13/+63
| | | | | | | | * \PIPE\unixinfo * winbindd's {group,alias}membership new functions * winbindd's lookupsids() functionality * swat (trunk changes to be reverted as per discussion with Deryck) (This used to be commit 939c3cb5d78e3a2236209b296aa8aba8bdce32d3)
* r5060: BUG 2286: fix typoe on sambaConfig oc definitionGerald Carter2007-10-101-1/+1
| | | | (This used to be commit e2ce048654fdb98a50622ac60abae18c6b6ba4d2)
* r4965: comment out some unused attributes and oc'sGerald Carter2007-10-101-10/+11
| | | | (This used to be commit d95c9c4d74ea2fb7e5aac4a58888ab6fbc571dfb)
* r4925: Migrate Account Policies to passdb (esp. replicating ldapsam).Günther Deschner2007-10-101-0/+15
| | | | | | | | | Does automated migration from account_policy.tdb v1 and v2 and offers a pdbedit-Migration interface. Jerry, please feel free to revert that if you have other plans. Guenther (This used to be commit 75af83dfcd8ef365b4b1180453060ae5176389f5)
* r2189: adding some comments to the schema fileGerald Carter2007-10-101-0/+9
| | | | (This used to be commit 1438c2960f1213ddf98e7e874e1d060f2d57089c)
* r1964: more schema fixes syncing between branchesGerald Carter2007-10-101-2/+33
| | | | (This used to be commit 49fba32217d9a9a186a28805011bdb567ac968de)
* r1962: fixing schema file; synching with trunk; trying to prevent this from ↵Gerald Carter2007-10-101-2/+66
| | | | | | happening again (This used to be commit f1a0fae13fa2e6baf66c4c5a51bef87d442d9ba6)
* r1960: sambaPasswordHistory had a duplicate OIDSimo Sorce2007-10-101-1/+1
| | | | | bump up the attribute number to 52 to avoid conflicts (This used to be commit 9368f0c1d2cb9942293cf2429474a1a100339572)
* r1809: Patch from Richard Renard <rrenard@idealx.com> to storeJeremy Allison2007-10-101-1/+6
| | | | | | logon hours attributes in an LDAP database. Jeremy. (This used to be commit ac0fdf9503b34a70eaae5e7cf0764dbaec0263ee)
* r1663: fixing syntax error in OID for sambaUnixIdPool, sambaSidEntry, & ↵Gerald Carter2007-10-101-3/+3
| | | | | | sambaIdmapEntry (This used to be commit 6e4c58b26d19f56162de961ae8338071aeeedde7)
* r1390: Improve description of attribute.Jeremy Allison2007-10-101-1/+1
| | | | | Jeremy. (This used to be commit ff7236a5f20d16069b31383105604a694236ec65)
* r1388: Adding password history code for ldap backend, based on a patch fromJeremy Allison2007-10-101-1/+6
| | | | | | | | | | "Jianliang Lu" <j.lu@tiesse.com>. Multi-string attribute changed to linearised pstring due to ordering issues. A few other changes to fix race conditions. I will add the tdb backend code next. This code compiles but has not yet been tested with password history policy set to greater than zero. Targeted for 3.0.6. Jeremy. (This used to be commit dd54b2a3c45e202e504ad69d170eb798da4e6fc9)
* r119: missed a file in volker patchGerald Carter2007-10-101-1/+6
| | | | (This used to be commit bccee79653a6f5c368bf8d39fccc65fd0e5b7417)
* Add bad password count/time attributesJim McDonough2004-02-221-1/+12
| | | | (This used to be commit 184bef8413b17a0e42d1c5bce3d08ae1533818ca)
* sync OID with HEADGerald Carter2003-12-041-1/+1
| | | | (This used to be commit d463abb035a19dce84902039623275cd72e16edc)
* support munged dial for ldapsam; patch from Aurélien Degrémont; bug 800Gerald Carter2003-12-041-1/+6
| | | | (This used to be commit 1c3c16abc94d197e69e3350de1e5cc1e99be4322)
* fix comments about schema dependenciesGerald Carter2003-08-201-3/+4
| | | | (This used to be commit f72f51d39ff3e6d22dbda8b9c115ca10e93e7022)
* This patch cleans up some of our ldap code, for better behaviour:Andrew Bartlett2003-07-041-4/+21
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | We now always read the Domain SID out of LDAP. If the local secrets.tdb is ever different to LDAP, it is overwritten out of LDAP. We also store the 'algorithmic rid base' into LDAP, and assert if it changes. (This ensures cross-host synchronisation, and allows for possible integration with idmap). If we fail to read/add the domain entry, we just fallback to the old behaviour. We always use an existing DN when adding IDMAP entries to LDAP, unless no suitable entry is available. This means that a user's posixAccount will have a SID added to it, or a user's sambaSamAccount will have a UID added. Where we cannot us an existing DN, we use 'sambaSid=S-x-y-z,....' as the DN. The code now allows modifications to the ID mapping in many cases. Likewise, we now check more carefully when adding new user entires to LDAP, to not duplicate SIDs (for users, at this stage), and to add the sambaSamAccount onto the idmap entry for that user, if it is already established (ensuring we do not duplicate sambaSid entries in the directory). The allocated UID code has been expanded to take into account the space between '1000 - algorithmic rid base'. This much better fits into what an NT4 does - allocating in the bottom part of the RID range. On the code cleanup side of things, we now share as much code as possible between idmap_ldap and pdb_ldap. We also no longer use the race-prone 'enumerate all users' method for finding the next RID to allocate. Instead, we just start at the bottom of the range, and increment again if the user already exists. The first time this is run, it may well take a long time, but next time will just be able to use the next Rid. Thanks to metze and AB for double-checking parts of this. Andrew Bartlett (This used to be commit 9c595c8c2327b92a86901d84c3f2c284dabd597e)
* fix typo in descriptionGerald Carter2003-06-131-1/+1
| | | | (This used to be commit be82b3d9dfef938030731e1021076df4dcfdb443)
* working draft of the idmap_ldap code.Gerald Carter2003-06-051-0/+10
| | | | | | | | | Includes sambaUnixIdPool objectclass Still needs cleaning up wrt to name space. More changes to come, but at least we now have a a working distributed winbindd solution. (This used to be commit 824175854421f7c27d31ad673a8790dd018ae350)
* moving the sambaAccount objectclass to 'historical' to prevent confusion on ↵Gerald Carter2003-05-221-150/+142
| | | | | | which one should be used for new servers. I'll add a note about uncommenting the older items for ldapsam_compat in the release notes (This used to be commit 469c5ad1acfb452617b10653e06ce3b34ec9e146)
* fix group mapping in LDAP under new schemaGerald Carter2003-05-141-1/+1
| | | | (This used to be commit 0714dda7cc4a1df73e1b9d11daae80a1f46583de)
* *****LDAP schema changes*****Gerald Carter2003-05-141-25/+134
| | | | | | | | | | | | | New objectclass named sambaSamAccount which uses attribute prefaced with the phrase 'samba' to prevent future name clashes. Change in functionality of the 'ldap filter' parameter. This always defaults to "(uid=%u)" now and is and'd with the approriate objectclass depending on whether you are using ldapsam_compat or ldapsam conversion script for migrating from sambaAccount to sambaSamAccount will come next. (This used to be commit 998586e65271daa919e47e1206c0007454cbca66)
* As discussed on samba-technical - move to 'primaryGroupSid' insted ofAndrew Bartlett2003-05-111-1/+11
| | | | | | | | | | | primaryGroupID (rid). This is consistant with the move from 'rid' to ntSid for the primary user identifier. Also cope with legacy installations where primaryGroupID might have been stored as 0. Andrew Bartlett (This used to be commit 0e432817cb927b41af7b49fb0b5081ffdb46f85e)
* A new pdb_ldap!Andrew Bartlett2003-04-281-5/+34
| | | | | | | | | | | | | | | | | | | | | | | This patch removes 'non unix account range' (same as idra's change in HEAD), and uses the winbind uid range instead. More importanly, this patch changes the LDAP schema to use 'ntSid' instead of 'rid' as the primary attribute. This makes it in common with the group mapping code, and should allow it to be used closely with a future idmap_ldap. Existing installations can use the existing functionality by using the ldapsam_compat backend, and users who compile with --with-ldapsam will get this by default. More importantly, this patch adds a 'sambaDomain' object to our schema - which contains 2 'next rid' attributes, the domain name and the domain sid. Yes, there are *2* next rid attributes. The problem is that we don't 'own' the entire RID space - we can only allocate RIDs that could be 'algorithmic' RIDs. Therefore, we use the fact that UIDs in 'winbind uid' range will be mapped by IDMAP, not the algorithm. Andrew Bartlett (This used to be commit 3e07406ade81e136f67439d4f8fd7fe1dbb6db14)
* uidPool and gidPool don't use cn anymore (but we don't use thsi anyways)Gerald Carter2003-04-181-2/+2
| | | | (This used to be commit 7f0fd03f699f24094e32a92dbb0ec55d9a602c36)
* Fix schema error not detected by OpenLDAP 2.0.23 but by 2.1.16.Volker Lendecke2003-03-271-1/+1
| | | | | Volker (This used to be commit 5acb9f421c149126370e79d66d3d9ace6be9a695)
* Put group mapping into LDAP.Volker Lendecke2003-03-191-0/+25
| | | | | Volker (This used to be commit da83d97eb50c3c3a67985e22410842100207431f)
* removed idpool from schema file (experimental) to remove the dependencyGerald Carter2003-01-061-6/+6
| | | | | | | on nis.schema. add $(LDFLAGS) to libsmbclient build (This used to be commit cd16064784a5e5fd9d2a67d4dfba605f7d8046ac)
* sync 3_0 branch with HEADJelmer Vernooij2002-08-171-2/+14
| | | | (This used to be commit 19ab776bf9c91cf4e56887fd7a63d3253b7e36ef)
* merge from 2.2Gerald Carter2002-02-111-2/+2
| | | | (This used to be commit bb574aab8f3f4ac2f7ae919790481a419f8173cb)
* fixes from 2,2Gerald Carter2002-02-111-27/+59
| | | | (This used to be commit 46bd77a02a47c26c4981472c8cea09e64c2ef4d2)
* sync up comments with 2.2Gerald Carter2002-01-061-1/+1
| | | | (This used to be commit 3d4adad1501fc02ee0c60c69c01a92bdb16a1711)
* sync with 2.2Gerald Carter2002-01-041-3/+3
| | | | (This used to be commit 9e3b432c57747e6fd876c53a576858ef1227ba8e)
* merge from 2.2Gerald Carter2001-12-281-0/+1
| | | | (This used to be commit 241b5218ea5ad83ecb02a0f838e84abee0672371)
* sync with 2.2Gerald Carter2001-12-261-0/+107
(This used to be commit aca58b0b72d2eb5024b4d5103fde5b281212d714)
generated by cgit (git 2.34.1) at 2024-06-13 13:28:08 +0000