Merge branch 'release-1.5.0' into stable

CHANGELOG.md

@@ -4,8 +4,30 @@ All notable changes to this project will be documented in this file.
 The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
+## [1.5.0] - 2021-02-19
+50M+ docker pulls 🎉🎉🎉 thanks to all contributors 💕
+
+### Added
+  - Allowing own replication via LDAP_REPLICATION=own #535. Thanks to @sistason !
+  - Seeding from internal path is now complete. #361. Thanks to @dbck !
+
+### Changed
+  - Update openldap 2.4.50 to 2.4.57
+  - Upgrade baseimage to light-baseimage:1.3.2. Thanks to @heidemn !
+  - Replace mail.schema for postfix-book.schema #450. Thanks to @vivacarvajalito !
+  - Replace zarafa.schema for kopano.schema
+
+### Removed
+  - mmc schemas (dhcp.schema, dnszone.schema, mail.schema, mmc.schema, quota.schema) and radius.schema
+
+### Fixed
+  - Few small typos #536. Thanks to @timgates42 !
+  - Out of date api in the using-secrets kubernetes yaml #527. Thanks to @joshuacox !
+  - Custom ldap file and schema #481.  Thanks to @Os-carsun !
+
 ## [1.4.0] - 2020-06-15
 30M+ docker pulls 🎉🎉🎉 thanks to all contributors 💕
+
 ### Added
   - Allow setting ports on ldap and ldaps #403. Thanks to @chirauki !
   - Address firewall issues on RHEL in README #394. Thanks to @BirkhoffLee !
@@ -14,7 +36,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
   - Seeding from internal path. #361. Thanks to @dbck !
   - Enable openldap uid/gid to be specified at runtime #336. Thanks to @lj020326 !
 
-### Changes
+### Changed
   - Update openldap 2.4.48 to 2.4.50 
   - LDAP_TLS_PROTOCOL_MIN is deprecated #432. Thanks to @mettacrawler !
   - Better handling of environment variables checks #382. Thanks to @obourdon !
@@ -27,7 +49,7 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Added
   - Multiarch support
 
-### Changes
+### Changed
   - Update openldap 2.4.47 to 2.4.48 #247
   - Upgrade baseimage to light-baseimage:1.2.0 (debian buster)
 
@@ -271,6 +293,7 @@ Environment variable LDAP_REPLICATION_HDB_SYNCPROV changed to LDAP_REPLICATION_D
 ## [0.10.0] - 2015-03-03
 New version initial release, no changelog before this sorry.
 
+[1.5.0]: https://github.com/osixia/docker-openldap/compare/v1.4.0...v1.5.0
 [1.4.0]: https://github.com/osixia/docker-openldap/compare/v1.3.0...v1.4.0
 [1.3.0]: https://github.com/osixia/docker-openldap/compare/v1.2.5...v1.3.0
 [1.2.5]: https://github.com/osixia/docker-openldap/compare/v1.2.4...v1.2.5

Makefile

@@ -1,5 +1,5 @@
 NAME = osixia/openldap
-VERSION = 1.4.0
+VERSION = 1.5.0
 
 .PHONY: build build-nocache test tag-latest push push-latest release git-tag-version
 

README.md

@@ -4,7 +4,7 @@
 [![Docker Stars](https://img.shields.io/docker/stars/osixia/openldap.svg)](https://hub.docker.com/r/osixia/openldap/)
 [![Layers](https://images.microbadger.com/badges/image/osixia/openldap.svg)](https://hub.docker.com/r/osixia/openldap/)
 
-Latest release: 1.4.0 - [OpenLDAP 2.4.50](https://www.openldap.org/software/release/changes.html) -  [Changelog](CHANGELOG.md) | [Docker Hub](https://hub.docker.com/r/osixia/openldap/) 
+Latest release: 1.5.0 - [OpenLDAP 2.4.57](https://www.openldap.org/software/release/changes.html) -  [Changelog](CHANGELOG.md) | [Docker Hub](https://hub.docker.com/r/osixia/openldap/) 
 
 **A docker image to run OpenLDAP.**
 
@@ -39,7 +39,7 @@ Latest release: 1.4.0 - [OpenLDAP 2.4.50](https://www.openldap.org/software/rele
 			- [Docker Secrets](#docker-secrets)
 			- [Make your own image or extend this image](#make-your-own-image-or-extend-this-image)
 	- [Advanced User Guide](#advanced-user-guide)
-		- [Extend osixia/openldap:1.4.0 image](#extend-osixiaopenldap140-image)
+		- [Extend osixia/openldap:1.5.0 image](#extend-osixiaopenldap150-image)
 		- [Make your own openldap image](#make-your-own-openldap-image)
 		- [Tests](#tests)
 		- [Kubernetes](#kubernetes)
@@ -60,13 +60,13 @@ If you find this image useful here's how you can help:
 Run OpenLDAP docker image:
 
 ```sh
-docker run --name my-openldap-container --detach osixia/openldap:1.4.0
+docker run --name my-openldap-container --detach osixia/openldap:1.5.0
 ```
 
 Do not forget to add the port mapping for both port 389 and 636 if you wish to access the ldap server from another machine.
 
 ```sh
-docker run -p 389:389 -p 636:636 --name my-openldap-container --detach osixia/openldap:1.4.0
+docker run -p 389:389 -p 636:636 --name my-openldap-container --detach osixia/openldap:1.5.0
 ```
 
 Either command starts a new container with OpenLDAP running inside. Let's make the first search in our LDAP container:
@@ -109,7 +109,7 @@ docker run \
 	--env LDAP_ORGANISATION="My Company" \
 	--env LDAP_DOMAIN="my-company.com" \
 	--env LDAP_ADMIN_PASSWORD="JonSn0w" \
-	--detach osixia/openldap:1.4.0
+	--detach osixia/openldap:1.5.0
 ```
 
 #### Data persistence
@@ -153,7 +153,7 @@ Do not edit slapd.conf it's not used. To modify your server configuration use ld
 #### Seed ldap database with ldif
 
 This image can load ldif files at startup with either `ldapadd` or `ldapmodify`.
-Mount `.ldif` in `/container/service/slapd/assets/config/bootstrap/ldif` directory if you want to overwrite image default boostrap ldif files or in `/container/service/slapd/assets/config/bootstrap/ldif/custom` (recommended) to extend image config.
+Mount `.ldif` in `/container/service/slapd/assets/config/bootstrap/ldif` directory if you want to overwrite image default bootstrap ldif files or in `/container/service/slapd/assets/config/bootstrap/ldif/custom` (recommended) to extend image config.
 
 Files containing `changeType:` attributes will be loaded with `ldapmodify`.
 
@@ -174,24 +174,24 @@ argument to entrypoint if you don't want to overwrite them.
 # single file example:
 docker run \
 	--volume ./bootstrap.ldif:/container/service/slapd/assets/config/bootstrap/ldif/50-bootstrap.ldif \
-	osixia/openldap:1.4.0 --copy-service
+	osixia/openldap:1.5.0 --copy-service
 
 # directory example:
 docker run \
 	--volume ./ldif:/container/service/slapd/assets/config/bootstrap/ldif/custom \
-	osixia/openldap:1.4.0 --copy-service
+	osixia/openldap:1.5.0 --copy-service
 ```
 
 #### Seed from internal path
 
-This image can load ldif and schema files at startup from an internal path. This is useful if a continuous integration service mounts automatically the working copy (sources) into a docker service, which has a relation to the ci job.
+This image can load ldif and schema files at startup from an internal path. Additionally, certificates can be copied from an internal path. This is useful if a continuous integration service mounts automatically the working copy (sources) into a docker service, which has a relation to the ci job.
 
 For example: Gitlab is not capable of mounting custom paths into docker services of a ci job, but Gitlab automatically mounts the working copy in every service container. So the working copy (sources) are accessible under `/builds` in every services
 of a ci job. The path to the working copy can be obtained via `${CI_PROJECT_DIR}`. See also: https://docs.gitlab.com/runner/executors/docker.html#build-directory-in-service
 
 This may also work with other CI services, if they automatically mount the working directory to the services of a ci job like Gitlab ci does.
 
-In order to seed ldif or schema files from internal path you must set the specific environment variable `LDAP_SEED_INTERNAL_LDIF_PATH` and/or `LDAP_SEED_INTERNAL_SCHEMA_PATH`. If set this will copy any *.ldif or *.schema file into the default seeding
+In order to seed ldif or schema files from internal path you must set the specific environment variable `LDAP_SEED_INTERNAL_LDIF_PATH` and/or `LDAP_SEED_INTERNAL_SCHEMA_PATH`. If set this will copy any files in the specified directory into the default seeding
 directories of this image.
 
 Example variables defined in gitlab-ci.yml:
@@ -202,6 +202,14 @@ variables:
   LDAP_SEED_INTERNAL_SCHEMA_PATH: "${CI_PROJECT_DIR}/docker/openldap/schema"
 ```
 
+Also, certificates can be used by the internal path. The file, specified in a variable, will be copied in the default certificate directory of this image. If desired, you can use these with the LDAP_TLS_CRT_FILENAME, LDAP_TLS_KEY_FILENAME, LDAP_TLS_CA_CRT_FILENAME and LDAP_TLS_DH_PARAM_FILENAME to set a different filename in the default certificate directory of the image.
+
+	variables:
+        LDAP_SEED_INTERNAL_LDAP_TLS_CRT_FILE: "${CI_PROJECT_DIR}/docker/certificates/certs/cert.pem"
+        LDAP_SEED_INTERNAL_LDAP_TLS_KEY_FILE: "${CI_PROJECT_DIR}/docker/certificates/certs/key.pem"
+        LDAP_SEED_INTERNAL_LDAP_TLS_CA_CRT_FILE: "${CI_PROJECT_DIR}/docker/certificates/ca/ca.pem"
+        LDAP_SEED_INTERNAL_LDAP_TLS_DH_PARAM_FILE: "${CI_PROJECT_DIR}/certificates/dhparam.pem"
+
 ### Use an existing ldap database
 
 This can be achieved by mounting host directories as volume.
@@ -213,7 +221,7 @@ simply mount this directories as a volume to `/var/lib/ldap` and `/etc/ldap/slap
 docker run \
 	--volume /data/slapd/database:/var/lib/ldap \
 	--volume /data/slapd/config:/etc/ldap/slapd.d \
-	--detach osixia/openldap:1.4.0
+	--detach osixia/openldap:1.5.0
 ```
 
 You can also use data volume containers. Please refer to:
@@ -235,7 +243,7 @@ If you are looking for a simple solution to administrate your ldap server you ca
 By default, TLS is already configured and enabled, certificate is created using container hostname (it can be set by docker run --hostname option eg: ldap.example.org).
 
 ```sh
-docker run --hostname ldap.my-company.com --detach osixia/openldap:1.4.0
+docker run --hostname ldap.my-company.com --detach osixia/openldap:1.5.0
 ```
 
 #### Use your own certificate
@@ -249,7 +257,7 @@ docker run \
 	--env LDAP_TLS_CRT_FILENAME=my-ldap.crt \
 	--env LDAP_TLS_KEY_FILENAME=my-ldap.key \
 	--env LDAP_TLS_CA_CRT_FILENAME=the-ca.crt \
-	--detach osixia/openldap:1.4.0
+	--detach osixia/openldap:1.5.0
 ```
 
 Other solutions are available please refer to the [Advanced User Guide](#advanced-user-guide)
@@ -257,17 +265,17 @@ Other solutions are available please refer to the [Advanced User Guide](#advance
 #### Disable TLS
 Add --env LDAP_TLS=false to the run command:
 
-	docker run --env LDAP_TLS=false --detach osixia/openldap:1.4.0
+	docker run --env LDAP_TLS=false --detach osixia/openldap:1.5.0
 
 ### Multi master replication
 Quick example, with the default config.
 
 	#Create the first ldap server, save the container id in LDAP_CID and get its IP:
-	LDAP_CID=$(docker run --hostname ldap.example.org --env LDAP_REPLICATION=true --detach osixia/openldap:1.4.0)
+	LDAP_CID=$(docker run --hostname ldap.example.org --env LDAP_REPLICATION=true --detach osixia/openldap:1.5.0)
 	LDAP_IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $LDAP_CID)
 
 	#Create the second ldap server, save the container id in LDAP2_CID and get its IP:
-	LDAP2_CID=$(docker run --hostname ldap2.example.org --env LDAP_REPLICATION=true --detach osixia/openldap:1.4.0)
+	LDAP2_CID=$(docker run --hostname ldap2.example.org --env LDAP_REPLICATION=true --detach osixia/openldap:1.5.0)
 	LDAP2_IP=$(docker inspect -f "{{ .NetworkSettings.IPAddress }}" $LDAP2_CID)
 
 	#Add the pair "ip hostname" to /etc/hosts on each containers,
@@ -303,7 +311,7 @@ You may have some problems with mounted files on some systems. The startup scrip
 
 To fix that run the container with `--copy-service` argument :
 
-		docker run [your options] osixia/openldap:1.4.0 --copy-service
+		docker run [your options] osixia/openldap:1.5.0 --copy-service
 
 ### Debug
 
@@ -313,13 +321,13 @@ Available levels are: `none`, `error`, `warning`, `info`, `debug` and `trace`.
 Example command to run the container in `debug` mode:
 
 ```sh
-docker run --detach osixia/openldap:1.4.0 --loglevel debug
+docker run --detach osixia/openldap:1.5.0 --loglevel debug
 ```
 
 See all command line options:
 
 ```sh
-docker run osixia/openldap:1.4.0 --help
+docker run osixia/openldap:1.5.0 --help
 ```
 
 ## Environment Variables
@@ -372,7 +380,7 @@ TLS options:
 	Help: https://www.openldap.org/doc/admin24/tls.html
 
 Replication options:
-- **LDAP_REPLICATION**: Add openldap replication capabilities. Defaults to `false`
+- **LDAP_REPLICATION**: Add openldap replication capabilities. Possible values : `true`, `false`, `own`. Defaults to `false`. Setting this to `own` allow to provide own replication settings via custom bootstrap ldifs.
 
 - **LDAP_REPLICATION_CONFIG_SYNCPROV**: olcSyncRepl options used for the config database. Without **rid** and **provider** which are automatically added based on LDAP_REPLICATION_HOSTS.  Defaults to `binddn="cn=admin,cn=config" bindmethod=simple credentials=$LDAP_CONFIG_PASSWORD searchbase="cn=config" type=refreshAndPersist retry="60 +" timeout=1 starttls=critical`
 
@@ -386,14 +394,14 @@ Replication options:
 
 	If you want to set this variable at docker run command add the tag `#PYTHON2BASH:` and convert the yaml in python:
 
-		docker run --env LDAP_REPLICATION_HOSTS="#PYTHON2BASH:['ldap://ldap.example.org','ldap://ldap2.example.org']" --detach osixia/openldap:1.4.0
+		docker run --env LDAP_REPLICATION_HOSTS="#PYTHON2BASH:['ldap://ldap.example.org','ldap://ldap2.example.org']" --detach osixia/openldap:1.5.0
 
 	To convert yaml to python online: https://yaml-online-parser.appspot.com/
 
 Other environment variables:
 - **KEEP_EXISTING_CONFIG**: Do not change the ldap config. Defaults to `false`
 	- if set to *true* with an existing database, config will remain unchanged. Image tls and replication config will not be run. The container can be started with LDAP_ADMIN_PASSWORD and LDAP_CONFIG_PASSWORD empty or filled with fake data.
-	- if set to *true* when bootstrapping a new database, bootstap ldif and schema will not be added and tls and replication config will not be run.
+	- if set to *true* when bootstrapping a new database, bootstrap ldif and schema will not be added and tls and replication config will not be run.
 
 - **LDAP_REMOVE_CONFIG_AFTER_SETUP**: delete config folder after setup. Defaults to `true`
 - **LDAP_SSL_HELPER_PREFIX**: ssl-helper environment variables prefix. Defaults to `ldap`, ssl-helper first search config from LDAP_SSL_HELPER_* variables, before SSL_HELPER_* variables.
@@ -413,7 +421,7 @@ docker run \
 	--env LDAP_ORGANISATION="My company" \
 	--env LDAP_DOMAIN="my-company.com" \
 	--env LDAP_ADMIN_PASSWORD="JonSn0w" \
-	--detach osixia/openldap:1.4.0
+	--detach osixia/openldap:1.5.0
 ```
 
 Be aware that environment variable added in command line will be available at any time
@@ -427,7 +435,7 @@ For example if your environment files **my-env.yaml** and **my-env.startup.yaml*
 ```sh
 docker run \
 	--volume /data/ldap/environment:/container/environment/01-custom \
-	--detach osixia/openldap:1.4.0
+	--detach osixia/openldap:1.5.0
 ```
 
 Take care to link your environment files folder to `/container/environment/XX-somedir` (with XX < 99 so they will be processed before default environment files) and not  directly to `/container/environment` because this directory contains predefined baseimage environment files to fix container environment (INITRD, LANG, LANGUAGE and LC_CTYPE).
@@ -437,7 +445,7 @@ Note: the container will try to delete the **\*.startup.yaml** file after the en
 ```sh
 docker run \
 	--volume /data/ldap/environment/my-env.yaml:/container/environment/01-custom/env.yaml \
-	--detach osixia/openldap:1.4.0
+	--detach osixia/openldap:1.5.0
 ```
 
 #### Docker Secrets
@@ -463,14 +471,14 @@ This is the best solution if you have a private registry. Please refer to the [A
 
 ## Advanced User Guide
 
-### Extend osixia/openldap:1.4.0 image
+### Extend osixia/openldap:1.5.0 image
 
 If you need to add your custom TLS certificate, bootstrap config or environment files the easiest way is to extends this image.
 
 Dockerfile example:
 
 ```dockerfile
-FROM osixia/openldap:1.4.0
+FROM osixia/openldap:1.5.0
 LABEL maintainer="Your Name <[email protected]>"
 
 ADD bootstrap /container/service/slapd/assets/config/bootstrap

example/docker-compose.yml

@@ -1,7 +1,7 @@
 version: '2'
 services:
   openldap:
-    image: osixia/openldap:1.4.0
+    image: osixia/openldap:1.5.0
     container_name: openldap
     environment:
       LDAP_LOG_LEVEL: "256"

example/extend-osixia-openldap/Dockerfile

@@ -1,4 +1,4 @@
-FROM osixia/openldap:1.4.0
+FROM osixia/openldap:1.5.0
 MAINTAINER Your Name <[email protected]>
 
 ADD bootstrap /container/service/slapd/assets/config/bootstrap

example/kubernetes/simple/ldap-deployment.yaml

@@ -16,7 +16,7 @@ spec:
     spec:
       containers:
         - name: ldap
-          image: osixia/openldap:1.4.0
+          image: osixia/openldap:1.5.0
           volumeMounts:
             - name: ldap-data
               mountPath: /var/lib/ldap

example/kubernetes/using-secrets/.gitignore

@@ -1 +1,2 @@
 ldap-secret.yaml
+ldap-deployment.yaml

example/kubernetes/using-secrets/Makefile

@@ -5,10 +5,13 @@ ldap-secret.yaml: example
 	ENV_STARTUP_YAML=$(shell ${ENV_DIR}/file-to-base64.sh ${ENV_DIR}/my-env.startup.yaml) \
 	envsubst < ldap-secret.tpl > ldap-secret.yaml
 
-example: environment/my-env.startup.yaml environment/my-env.yaml
+example: environment/my-env.startup.yaml environment/my-env.yaml ldap-deployment.yaml
 
 environment/my-env.startup.yaml:
 	cd environment ; cp my-env.startup.yaml.example my-env.startup.yaml
 
 environment/my-env.yaml:
 	cd environment ; cp my-env.yaml.example my-env.yaml
+
+ldap-deployment.yaml:
+	cp ldap-deployment.yaml.example ldap-deployment.yaml

example/kubernetes/using-secrets/README.md

@@ -1,7 +1,29 @@
+# Helm-chart
+
+After setting the variables you can get strange variables like:
+
+https://github.com/osixia/docker-openldap/issues/342
+
+I have found that using this helm chart does not have those issues:
+
+https://github.com/jp-gouin/helm-openldap.git
+
 # Generating ldap-secret.yaml
 
 `make example`
 
-Then edit the yaml files in the environment directory to have the desired paraneters, and then make the secret file:
+Then edit the yaml files in the environment directory to have the desired parameters, and then make the secret file:
 
 `make ldap-secret.yaml`
+
+And deploy the secret you just made:
+
+`kubectl apply -f ldap-secret.yaml`
+
+Apply the deployment yaml for ldap in k8s:
+
+`kubectl apply -f ldap-deployment.yaml`
+
+Finally apply the service yaml for ldap in k8s:
+
+`kubectl apply -f ldap-service.yaml`

example/kubernetes/using-secrets/gce-statefullset.yaml

@@ -12,7 +12,7 @@ spec:
         spec:
             containers:
             - name: azaldap
-              image: osixia/openldap:1.4.0
+              image: osixia/openldap:1.5.0
               imagePullPolicy: IfNotPresent
               #command: ["/bin/bash","-c","while [ 1 = 1 ] ; do sleep 1; date; done"]
               ports:

example/kubernetes/using-secrets/ldap-deployment.yaml → example/kubernetes/using-secrets/ldap-deployment.yaml.example

@@ -1,10 +1,13 @@
-apiVersion: extensions/v1beta1
+apiVersion: apps/v1
 kind: Deployment
 metadata:
   name: ldap
   labels:
     app: ldap
 spec:
+  selector:
+    matchLabels:
+      app: ldap
   replicas: 1
   template:
     metadata:
@@ -13,7 +16,7 @@ spec:
     spec:
       containers:
         - name: ldap
-          image: osixia/openldap:1.4.0
+          image: osixia/openldap:1.5.0
           args: ["--copy-service"]
           volumeMounts:
             - name: ldap-data
@@ -29,6 +32,8 @@ spec:
           ports:
             - containerPort: 389
               name: openldap
+            - containerPort: 636
+              name: openldapssl
       volumes:
         - name: ldap-data
           hostPath:

example/kubernetes/using-secrets/ldap-service.yaml

@@ -5,7 +5,15 @@ metadata:
     app: ldap
   name: ldap-service
 spec:
-  ports:
-    - port: 389
   selector:
     app: ldap
+  ports:
+    - protocol: TCP 
+      name: ldap
+      port: 389
+      targetPort: 389
+    - protocol: TCP 
+      name: ldapssl
+      port: 636
+      targetPort: 636
+

image/Dockerfile

@@ -1,6 +1,8 @@
 # Use osixia/light-baseimage
 # sources: https://github.com/osixia/docker-light-baseimage
-FROM osixia/light-baseimage:1.2.0
+FROM osixia/light-baseimage:1.3.2
+
+ARG OPENLDAP_PACKAGE_VERSION=2.4.57
 
 ARG LDAP_OPENLDAP_GID
 ARG LDAP_OPENLDAP_UID
@@ -24,7 +26,7 @@ RUN echo "path-include /usr/share/doc/krb5*" >> /etc/dpkg/dpkg.cfg.d/docker && a
     && LC_ALL=C DEBIAN_FRONTEND=noninteractive apt-get -t buster-backports install -y --no-install-recommends \
     ca-certificates \
     curl \
-    ldap-utils \
+    ldap-utils=${OPENLDAP_PACKAGE_VERSION}\* \
     libsasl2-modules \
     libsasl2-modules-db \
     libsasl2-modules-gssapi-mit \
@@ -32,8 +34,8 @@ RUN echo "path-include /usr/share/doc/krb5*" >> /etc/dpkg/dpkg.cfg.d/docker && a
     libsasl2-modules-otp \
     libsasl2-modules-sql \
     openssl \
-    slapd \
-    slapd-contrib \
+    slapd=${OPENLDAP_PACKAGE_VERSION}\* \
+    slapd-contrib=${OPENLDAP_PACKAGE_VERSION}\* \
     krb5-kdc-ldap \
     && curl -o pqchecker.deb -SL http://www.meddeb.net/pub/pqchecker/deb/8/pqchecker_${PQCHECKER_VERSION}_amd64.deb \
     && echo "${PQCHECKER_MD5} *pqchecker.deb" | md5sum -c - \

image/environment/default.startup.yaml

@@ -63,5 +63,9 @@ LDAP_SSL_HELPER_PREFIX: ldap # ssl-helper first search config from LDAP_SSL_HELP
 SSL_HELPER_AUTO_RENEW_SERVICES_IMPACTED: slapd
 
 # Internal seeding. For example, for services in Gitlab CI.
+LDAP_SEED_INTERNAL_LDAP_TLS_CRT_FILE:
+LDAP_SEED_INTERNAL_LDAP_TLS_KEY_FILE:
+LDAP_SEED_INTERNAL_LDAP_TLS_CA_CRT_FILE:
+LDAP_SEED_INTERNAL_LDAP_TLS_DH_PARAM_FILE:
 LDAP_SEED_INTERNAL_LDIF_PATH:
 LDAP_SEED_INTERNAL_SCHEMA_PATH:

image/service/slapd/assets/config/bootstrap/schema/custom/README.md

@@ -0,0 +1,2 @@
+Add your custom schema files here.
+At run time you can also mount a data volume with your ldif files to /container/service/slapd/assets/config/bootstrap/schema/custom

image/service/slapd/assets/config/bootstrap/schema/kopano.schema

@@ -0,0 +1,336 @@
+attributetype ( 1.3.6.1.4.1.47732.1.1.1.1
+	NAME 'kopanoQuotaOverride'
+	DESC 'KOPANO: Override child quota'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.1.2
+	NAME 'kopanoQuotaWarn'
+	DESC 'KOPANO: Warning quota size in MB'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.1.3
+	NAME 'kopanoQuotaSoft'
+	DESC 'KOPANO: Soft quota size in MB'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.1.4
+	NAME 'kopanoQuotaHard'
+	DESC 'KOPANO: Hard quota size in MB'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.1.5
+	NAME 'kopanoUserDefaultQuotaOverride'
+	DESC 'KOPANO: Override User default quota for children'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.1.6
+	NAME 'kopanoUserDefaultQuotaWarn'
+	DESC 'KOPANO: User default warning quota size in MB'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.1.7
+	NAME 'kopanoUserDefaultQuotaSoft'
+	DESC 'KOPANO: User default soft quota size in MB'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.1.8
+	NAME 'kopanoUserDefaultQuotaHard'
+	DESC 'KOPANO: User default hard quota size in MB'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.1
+	NAME 'kopanoAdmin'
+	DESC 'KOPANO: Administrator of kopano'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.2
+	NAME 'kopanoSharedStoreOnly'
+	DESC 'KOPANO: is store a shared store'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.3
+	NAME 'kopanoAccount'
+	DESC 'KOPANO: entry is a part of kopano'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.4
+	NAME 'kopanoSendAsPrivilege'
+	DESC 'KOPANO: Users may directly send email as this user'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.5
+	NAME 'kopanoMrAccept'
+	DESC 'KOPANO: user should auto-accept meeting requests'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.6
+	NAME 'kopanoMrDeclineConflict'
+	DESC 'KOPANO: user should automatically decline conflicting meeting requests'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.7
+	NAME 'kopanoMrDeclineRecurring'
+	DESC 'KOPANO: user should automatically decline recurring meeting requests'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.8
+	NAME 'kopanoId'
+	DESC 'KOPANO: Generic unique ID'
+	EQUALITY octetStringMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.9
+	NAME 'kopanoResourceType'
+	DESC 'KOPANO: for shared stores, resource is type Room or Equipment'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.10
+	NAME 'kopanoResourceCapacity'
+	DESC 'KOPANO: number of rooms or equipment available'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.11
+	NAME 'kopanoHidden'
+	DESC 'KOPANO: This object should be hidden from address book'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.13
+	NAME 'kopanoEnabledFeatures'
+	DESC 'KOPANO: This user has these features explicitly enabled'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.2.14
+	NAME 'kopanoDisabledFeatures'
+	DESC 'KOPANO: This user has these features explicitly disabled'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.44 )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.3.1
+	NAME 'kopanoAliases'
+	DESC 'KOPANO: All other email addresses for this user'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.4.1
+	NAME 'kopanoUserServer'
+	DESC 'KOPANO: Home server for the user'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.6.1
+	NAME 'kopanoUserArchiveServers'
+	DESC 'KOPANO: List of server names that contain an archive store for the user'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype ( 1.3.6.1.4.1.47732.1.1.6.2
+	NAME 'kopanoUserArchiveCouplings'
+	DESC 'KOPANO: List of username:foldername pairs that specify many-to-one archive locations'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+objectclass	( 1.3.6.1.4.1.47732.1.1.0.0
+	NAME 'kopano-user'
+	DESC 'KOPANO: an user of Kopano'
+	SUP top AUXILIARY
+	MUST ( cn )
+	MAY (
+		kopanoQuotaOverride $ kopanoQuotaWarn $ kopanoQuotaSoft $ kopanoSendAsPrivilege $
+		kopanoQuotaHard $ kopanoAdmin $ kopanoSharedStoreOnly $ kopanoResourceType $
+		kopanoResourceCapacity $ kopanoAccount $ kopanoHidden $ kopanoAliases $
+		kopanoUserServer $ kopanoEnabledFeatures $ kopanoDisabledFeatures $
+		kopanoUserArchiveServers $ kopanoUserArchiveCouplings $
+		uidNumber
+		)
+	)
+
+objectclass	( 1.3.6.1.4.1.47732.1.6.0.0
+	NAME 'kopano-contact'
+	DESC 'KOPANO: a contact of Kopano'
+	SUP top AUXILIARY
+	MUST ( cn $ uidNumber )
+	MAY (
+		kopanoSendAsPrivilege $ kopanoHidden $ kopanoAliases $ kopanoAccount
+		)
+	)
+
+
+attributetype ( 1.3.6.1.4.1.47732.1.2.2.1
+	NAME 'kopanoSecurityGroup'
+	DESC 'KOPANO: group has security possibilities'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+objectclass	( 1.3.6.1.4.1.47732.1.2.0.0
+	NAME 'kopano-group'
+	DESC 'KOPANO: a group of Kopano'
+	SUP top	AUXILIARY
+	MUST ( cn )
+	MAY (
+		kopanoAccount $ kopanoHidden $ mail $ kopanoAliases $ kopanoSecurityGroup $ kopanoSendAsPrivilege $
+		gidNumber
+		)
+	)
+
+attributetype ( 1.3.6.1.4.1.47732.1.3.2.4
+	NAME 'kopanoViewPrivilege'
+	DESC 'KOPANO: Companies with view privileges over selected company'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	)
+
+attributetype ( 1.3.6.1.4.1.47732.1.3.2.5
+	NAME 'kopanoAdminPrivilege'
+	DESC 'KOPANO: Users from different companies which are administrator over selected company'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	)
+
+attributetype ( 1.3.6.1.4.1.47732.1.3.2.6
+	NAME 'kopanoSystemAdmin'
+	DESC 'KOPANO: The user who is the system administrator for this company'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE
+	)
+
+attributetype (1.3.6.1.4.1.47732.1.3.1.5
+	NAME 'kopanoQuotaUserWarningRecipients'
+	DESC 'KOPANO: Users who will receive a notification email when a user exceeds his quota'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	)
+
+attributetype (1.3.6.1.4.1.47732.1.3.1.6
+	NAME 'kopanoQuotaCompanyWarningRecipients'
+	DESC 'KOPANO: Users who will receive a notification email when a company exceeds its quota'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+	)
+
+attributetype ( 1.3.6.1.4.1.47732.1.3.4.1
+	NAME 'kopanoCompanyServer'
+	DESC 'KOPANO: Home server for the public folders for a company'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.47732.1.3.0.0
+	NAME 'kopano-company'
+	DESC 'KOPANO: a company of Kopano'
+	SUP top AUXILIARY
+	MUST ( ou )
+	MAY (
+		kopanoAccount $ kopanoHidden $
+		kopanoViewPrivilege $ kopanoAdminPrivilege $ kopanoSystemAdmin $
+		kopanoQuotaOverride $ kopanoQuotaWarn $
+		kopanoUserDefaultQuotaOverride $ kopanoUserDefaultQuotaWarn $ kopanoUserDefaultQuotaSoft $ kopanoUserDefaultQuotaHard $
+		kopanoQuotaUserWarningRecipients $ kopanoQuotaCompanyWarningRecipients $
+		kopanoCompanyServer
+		)
+	)
+
+attributetype (1.3.6.1.4.1.47732.1.4.4.1
+	NAME 'kopanoHttpPort'
+	DESC 'KOPANO: Port for the http connection'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype (1.3.6.1.4.1.47732.1.4.4.2
+	NAME 'kopanoSslPort'
+	DESC 'KOPANO: Port for the ssl connection'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype (1.3.6.1.4.1.47732.1.4.4.3
+	NAME 'kopanoFilePath'
+	DESC 'KOPANO: The Unix socket or named pipe to the server'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype (1.3.6.1.4.1.47732.1.4.4.4
+	NAME 'kopanoContainsPublic'
+	DESC 'KOPANO: This server contains the public store'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype (1.3.6.1.4.1.47732.1.4.4.6
+	NAME 'kopanoProxyURL'
+	DESC 'KOPANO: Full proxy URL for this server'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.47732.1.4.0.0
+	NAME 'kopano-server'
+	DESC 'KOPANO: a Kopano server'
+	SUP top AUXILIARY
+	MUST ( cn )
+	MAY (
+		kopanoAccount $ kopanoHidden $ kopanoHttpPort $ kopanoSslPort $ kopanoFilePath $ kopanoContainsPublic $ kopanoProxyURL
+		)
+	)
+
+attributetype (1.3.6.1.4.1.47732.1.5.5.1
+	NAME 'kopanoFilter'
+	DESC 'KOPANO: LDAP Filter to apply'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype (1.3.6.1.4.1.47732.1.5.5.2
+	NAME 'kopanoBase'
+	DESC 'KOPANO: LDAP Search base to apply'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+objectclass ( 1.3.6.1.4.1.47732.1.5.0.0
+	NAME 'kopano-addresslist'
+	DESC 'KOPANO: a Kopano Addresslist'
+	SUP top STRUCTURAL
+	MUST ( cn )
+    MAY (
+		kopanoAccount $ kopanoHidden $ kopanoFilter $ kopanoBase
+		)
+	)
+
+objectclass ( 1.3.6.1.4.1.47732.1.7.0.0
+	NAME 'kopano-dynamicgroup'
+	DESC 'KOPANO: a Kopano dynamic group'
+	SUP top STRUCTURAL
+	MUST ( cn )
+    MAY (
+		kopanoAccount $ kopanoHidden $ mail $ kopanoAliases $ kopanoFilter $ kopanoBase
+		)
+	)

image/service/slapd/assets/config/bootstrap/schema/mmc/README.md

@@ -1 +0,0 @@
-Mandriva Management Console (MMC) ldap schemas, delete the forlder if not needed ;)

image/service/slapd/assets/config/bootstrap/schema/mmc/dhcp.schema

@@ -1,466 +0,0 @@
-attributetype ( 2.16.840.1.113719.1.203.4.1 
-        NAME 'dhcpPrimaryDN' 
-        EQUALITY distinguishedNameMatch
-        DESC 'The DN of the dhcpServer which is the primary server for the configuration.' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
-
-attributetype ( 2.16.840.1.113719.1.203.4.2 
-        NAME 'dhcpSecondaryDN' 
-        EQUALITY distinguishedNameMatch
-        DESC 'The DN of dhcpServer(s) which provide backup service for the configuration.'
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-
-attributetype ( 2.16.840.1.113719.1.203.4.3 
-        NAME 'dhcpStatements' 
-        EQUALITY caseIgnoreIA5Match
-        DESC 'Flexible storage for specific data depending on what object this exists in. Like conditional statements, server parameters, etc. This allows the standard to evolve without needing to adjust the schema.' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 2.16.840.1.113719.1.203.4.4 
-        NAME 'dhcpRange' 
-        EQUALITY caseIgnoreIA5Match
-        DESC 'The starting & ending IP Addresses in the range (inclusive), separated by a hyphen; if the range only contains one address, then just the address can be specified with no hyphen.  Each range is defined as a separate value.'
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 2.16.840.1.113719.1.203.4.5 
-        NAME 'dhcpPermitList' 
-        EQUALITY caseIgnoreIA5Match
-        DESC 'This attribute contains the permit lists associated with a pool. Each permit list is defined as a separate value.' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 2.16.840.1.113719.1.203.4.6 
-        NAME 'dhcpNetMask' 
-        EQUALITY integerMatch
-        DESC 'The subnet mask length for the subnet.  The mask can be easily computed from this length.' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 2.16.840.1.113719.1.203.4.7 
-        NAME 'dhcpOption' 
-        EQUALITY caseIgnoreIA5Match
-        DESC 'Encoded option values to be sent to clients.  Each value represents a single option and contains (OptionTag, Length, OptionValue) encoded in the format used by DHCP.' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 2.16.840.1.113719.1.203.4.8 
-        NAME 'dhcpClassData' 
-        EQUALITY caseIgnoreIA5Match
-        DESC 'Encoded text string or list of bytes expressed in hexadecimal, separated by colons.  Clients match subclasses based on matching the class data with the results of match or spawn with statements in the class name declarations.' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
-attributetype ( 2.16.840.1.113719.1.203.4.9 
-        NAME 'dhcpOptionsDN' 
-        EQUALITY distinguishedNameMatch
-        DESC 'The distinguished name(s) of the dhcpOption objects containing the configuration options provided by the server.' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-
-attributetype ( 2.16.840.1.113719.1.203.4.10 
-        NAME 'dhcpHostDN' 
-        EQUALITY distinguishedNameMatch
-        DESC 'the distinguished name(s) of the dhcpHost objects.' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 
-
-attributetype ( 2.16.840.1.113719.1.203.4.11 
-        NAME 'dhcpPoolDN' 
-        EQUALITY distinguishedNameMatch
-        DESC 'The distinguished name(s) of pools.' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-
-attributetype ( 2.16.840.1.113719.1.203.4.12 
-        NAME 'dhcpGroupDN' 
-        EQUALITY distinguishedNameMatch
-        DESC 'The distinguished name(s)   of the groups.' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-
-attributetype ( 2.16.840.1.113719.1.203.4.13 
-        NAME 'dhcpSubnetDN' 
-        EQUALITY distinguishedNameMatch
-        DESC 'The distinguished name(s) of the subnets.' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-
-attributetype ( 2.16.840.1.113719.1.203.4.14 
-        NAME 'dhcpLeaseDN' 
-        EQUALITY distinguishedNameMatch
-        DESC 'The distinguished name of a client address.' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE)
-
-attributetype ( 2.16.840.1.113719.1.203.4.15 
-        NAME 'dhcpLeasesDN' 
-        DESC 'The distinguished name(s) client addresses.' 
-        EQUALITY distinguishedNameMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-
-attributetype ( 2.16.840.1.113719.1.203.4.16 
-        NAME 'dhcpClassesDN' 
-        EQUALITY distinguishedNameMatch
-        DESC 'The distinguished name(s) of a class(es) in a subclass.' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-
-attributetype ( 2.16.840.1.113719.1.203.4.17 
-        NAME 'dhcpSubclassesDN' 
-        EQUALITY distinguishedNameMatch
-        DESC 'The distinguished name(s) of subclass(es).' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-
-attributetype ( 2.16.840.1.113719.1.203.4.18 
-        NAME 'dhcpSharedNetworkDN' 
-        EQUALITY distinguishedNameMatch
-        DESC 'The distinguished name(s) of sharedNetworks.' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-
-attributetype ( 2.16.840.1.113719.1.203.4.19 
-        NAME 'dhcpServiceDN' 
-        EQUALITY distinguishedNameMatch
-        DESC 'The DN of dhcpService object(s)which contain the configuration information. Each dhcpServer object has this attribute identifying the DHCP configuration(s) that the server is associated with.' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-
-attributetype ( 2.16.840.1.113719.1.203.4.20 
-        NAME 'dhcpVersion'
-        DESC 'The version attribute of this object.'
-        EQUALITY caseIgnoreIA5Match
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
-attributetype ( 2.16.840.1.113719.1.203.4.21 
-        NAME 'dhcpImplementation' 
-        EQUALITY caseIgnoreIA5Match
-        DESC 'Description of the DHCP Server implementation e.g. DHCP Servers vendor.' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
-attributetype ( 2.16.840.1.113719.1.203.4.22 
-        NAME 'dhcpAddressState' 
-        EQUALITY caseIgnoreIA5Match
-        DESC 'This stores information about the current binding-status of an address.  For dynamic addresses managed by DHCP, the values should be restricted to the following: "FREE", "ACTIVE", "EXPIRED", "RELEASED", "RESET", "ABANDONED", "BACKUP".  For other addresses, it SHOULD be one of the following: "UNKNOWN", "RESERVED" (an address that is managed by DHCP that is reserved for a specific client), "RESERVED-ACTIVE" (same as reserved, but address is currently in use), "ASSIGNED" (assigned manually or by some other mechanism), "UNASSIGNED", "NOTASSIGNABLE".'
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
-attributetype ( 2.16.840.1.113719.1.203.4.23 
-        NAME 'dhcpExpirationTime' 
-        EQUALITY generalizedTimeMatch 
-        DESC 'This is the time the current lease for an address expires.' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
-
-attributetype ( 2.16.840.1.113719.1.203.4.24 
-        NAME 'dhcpStartTimeOfState' 
-        EQUALITY generalizedTimeMatch 
-        DESC 'This is the time of the last state change for a leased address.' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
-
-attributetype ( 2.16.840.1.113719.1.203.4.25 
-        NAME 'dhcpLastTransactionTime' 
-        EQUALITY generalizedTimeMatch 
-        DESC 'This is the last time a valid DHCP packet was received from the client.'
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
-
-attributetype ( 2.16.840.1.113719.1.203.4.26 
-        NAME 'dhcpBootpFlag' 
-        EQUALITY booleanMatch 
-        DESC 'This indicates whether the address was assigned via BOOTP.' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
-
-attributetype ( 2.16.840.1.113719.1.203.4.27 
-        NAME 'dhcpDomainName' 
-        EQUALITY caseIgnoreIA5Match
-        DESC 'This is the name of the domain sent to the client by the server.  It is essentially the same as the value for DHCP option 15 sent to the client, and represents only the domain - not the full FQDN.  To obtain the full FQDN assigned to the client you must prepend the "dhcpAssignedHostName" to this value with a ".".' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
-attributetype ( 2.16.840.1.113719.1.203.4.28 
-        NAME 'dhcpDnsStatus' 
-        EQUALITY integerMatch
-        DESC 'This indicates the status of updating DNS resource records on behalf of the client by the DHCP server for this address.  The value is a 16-bit bitmask.'
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 2.16.840.1.113719.1.203.4.29 
-        NAME 'dhcpRequestedHostName' 
-        EQUALITY caseIgnoreIA5Match
-        DESC 'This is the hostname that was requested by the client.' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
-attributetype ( 2.16.840.1.113719.1.203.4.30 
-        NAME 'dhcpAssignedHostName' 
-        EQUALITY caseIgnoreIA5Match
-        DESC 'This is the actual hostname that was assigned to a client. It may not be the name that was requested by the client.  The fully qualified domain name can be determined by appending the value of "dhcpDomainName" (with a dot separator) to this name.' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
-attributetype ( 2.16.840.1.113719.1.203.4.31 
-        NAME 'dhcpReservedForClient' 
-        EQUALITY distinguishedNameMatch
-        DESC 'The distinguished name of a "dhcpClient" that an address is reserved for.  This may not be the same as the "dhcpAssignedToClient" attribute if the address is being reassigned but the current lease has not yet expired.'
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
-
-attributetype ( 2.16.840.1.113719.1.203.4.32 
-        NAME 'dhcpAssignedToClient' 
-        EQUALITY distinguishedNameMatch
-        DESC 'This is the distinguished name of a "dhcpClient" that an address is currently assigned to.  This attribute is only present in the class when the address is leased.' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 SINGLE-VALUE )
-
-attributetype ( 2.16.840.1.113719.1.203.4.33 
-        NAME 'dhcpRelayAgentInfo' 
-        EQUALITY octetStringMatch
-        DESC 'If the client request was received via a relay agent, this contains information about the relay agent that was available from the DHCP request.  This is a hex-encoded option value.' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
-
-attributetype ( 2.16.840.1.113719.1.203.4.34 
-        NAME 'dhcpHWAddress' 
-        EQUALITY caseIgnoreIA5Match
-        DESC 'The clients hardware address that requested this IP address.' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
-attributetype ( 2.16.840.1.113719.1.203.4.35 
-        NAME 'dhcpHashBucketAssignment' 
-        EQUALITY octetStringMatch
-        DESC 'HashBucketAssignment bit map for the DHCP Server, as defined in DHC Load Balancing Algorithm [RFC 3074].' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
-
-attributetype ( 2.16.840.1.113719.1.203.4.36 
-        NAME 'dhcpDelayedServiceParameter' 
-        EQUALITY integerMatch
-        DESC 'Delay in seconds corresponding to Delayed Service Parameter configuration, as defined in  DHC Load Balancing Algorithm [RFC 3074]. '
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 2.16.840.1.113719.1.203.4.37 
-        NAME 'dhcpMaxClientLeadTime' 
-        EQUALITY integerMatch
-        DESC 'Maximum Client Lead Time configuration in seconds, as defined in DHCP Failover Protocol [FAILOVR]' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 2.16.840.1.113719.1.203.4.38 
-        NAME 'dhcpFailOverEndpointState' 
-        EQUALITY caseIgnoreIA5Match
-        DESC 'Server (Failover Endpoint) state, as defined in DHCP Failover Protocol [FAILOVR]' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
-attributetype ( 2.16.840.1.113719.1.203.4.39 
-        NAME 'dhcpErrorLog' 
-        EQUALITY caseIgnoreIA5Match
-        DESC 'Generic error log attribute that allows logging error conditions within a dhcpService or a dhcpSubnet, like no IP addresses available for lease.'
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
-attributetype ( 2.16.840.1.113719.1.203.4.40 
-        NAME 'dhcpLocatorDN' 
-        EQUALITY distinguishedNameMatch 
-        DESC 'The DN of dhcpLocator object which contain the DNs of all DHCP configuration objects. There will be a single dhcpLocator object in the tree with links to all the DHCP objects in the tree' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-
-attributetype  ( 2.16.840.1.113719.1.203.4.41 
-        NAME 'dhcpKeyAlgorithm' 
-        EQUALITY caseIgnoreIA5Match 
-        DESC 'Algorithm to generate TSIG Key' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
-attributetype  ( 2.16.840.1.113719.1.203.4.42 
-        NAME 'dhcpKeySecret' 
-        EQUALITY octetStringMatch 
-        DESC 'Secret to generate TSIG Key' SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )
-
-attributetype ( 2.16.840.1.113719.1.203.4.43 
-        NAME 'dhcpDnsZoneServer' 
-        EQUALITY caseIgnoreIA5Match 
-        DESC 'Master server of the DNS Zone' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
-attributetype ( 2.16.840.1.113719.1.203.4.44 
-        NAME 'dhcpKeyDN' 
-        EQUALITY distinguishedNameMatch 
-        DESC 'The DNs of TSIG Key to use in secure dynamic updates. In case of locator object, this will be list of TSIG keys.  In case of DHCP Service, Shared Network, Subnet and DNS Zone, it will be a single key.' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
-
-attributetype ( 2.16.840.1.113719.1.203.4.45 
-        NAME 'dhcpZoneDN' 
-        EQUALITY distinguishedNameMatch 
-        DESC 'The DNs of DNS Zone. In case of locator object, this will be list of DNS Zones in the tree. In case of DHCP Service, Shared Network and Subnet, it will be a single DNS Zone.' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12)
-
-attributetype ( 2.16.840.1.113719.1.203.4.46 
-        NAME 'dhcpFailOverRole' 
-        EQUALITY caseIgnoreIA5Match 
-        DESC 'Role of the DHCP Server. Either primary or secondary' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26  )
-
-attributetype ( 2.16.840.1.113719.1.203.4.47 
-        NAME 'dhcpFailOverReceiveAddress' 
-        EQUALITY caseIgnoreIA5Match 
-        DESC 'IP address or DNS  name  on  which the server should listen for connections from its fail over peer' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26  )
-
-attributetype ( 2.16.840.1.113719.1.203.4.48 
-        NAME 'dhcpFailOverPeerAddress' 
-        EQUALITY caseIgnoreIA5Match 
-        DESC 'IP address  or  DNS  name  to which  the  server  should  connect  to  reach  its fail over peer' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26  )
-
-attributetype ( 2.16.840.1.113719.1.203.4.49 
-        NAME 'dhcpFailOverPeerPort' 
-        EQUALITY integerMatch 
-        DESC 'Port to which server should connect to reach its fail over peer' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27  )
-        
-attributetype ( 2.16.840.1.113719.1.203.4.50 
-        NAME 'dhcpFailOverReceivePort' 
-        EQUALITY integerMatch 
-        DESC 'Port on which server should listen for connections from its fail over peer' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27  )
-
-attributetype ( 2.16.840.1.113719.1.203.4.51 
-        NAME 'dhcpFailOverResponseDelay' 
-        EQUALITY integerMatch 
-        DESC 'Maximum response time in seconds, before Server assumes that connection to fail over peer has failed' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27  )
-
-attributetype ( 2.16.840.1.113719.1.203.4.52 
-        NAME 'dhcpFailOverUnpackedUpdates' 
-        EQUALITY integerMatch 
-        DESC 'Number of BNDUPD messages that server can send before it receives BNDACK from its fail over peer' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27  )
-
-attributetype ( 2.16.840.1.113719.1.203.4.53 
-        NAME 'dhcpFailOverSplit' 
-        EQUALITY integerMatch 
-        DESC 'Split between the primary and secondary servers for fail over purpose' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27  )
-
-attributetype ( 2.16.840.1.113719.1.203.4.54 
-        NAME 'dhcpFailOverLoadBalanceTime' 
-        EQUALITY integerMatch 
-        DESC 'Cutoff time in seconds, after which load balance is disabled' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27  )
-
-attributetype ( 2.16.840.1.113719.1.203.4.55 
-        NAME 'dhcpFailOverPeerDN' 
-        EQUALITY distinguishedNameMatch 
-        DESC 'The DNs of Fail over peers. In case of locator object, this will be list of fail over peers in the tree. In case of Subnet and pool, it will be a single Fail Over Peer' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 ) 
-
-#List of all servers in the tree
-attributetype ( 2.16.840.1.113719.1.203.4.56 
-        NAME 'dhcpServerDN' 
-        EQUALITY distinguishedNameMatch 
-        DESC 'List of all  DHCP Servers in the tree. Used by dhcpLocatorObject' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
-
-attributetype ( 2.16.840.1.113719.1.203.4.57 
-        NAME 'dhcpComments' 
-        EQUALITY caseIgnoreIA5Match 
-        DESC 'Generic attribute that allows coments  within any DHCP object' 
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
-# Classes
-
-objectclass ( 2.16.840.1.113719.1.203.6.1 
-        NAME 'dhcpService' 
-        DESC 'Service object that represents the actual DHCP Service configuration. This is a container object.' 
-        SUP top 
-        MUST (cn) 
-        MAY ( dhcpPrimaryDN $ dhcpSecondaryDN $ dhcpServerDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ dhcpGroupDN $ dhcpHostDN $  dhcpClassesDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpKeyDN $ dhcpFailOverPeerDN $ dhcpStatements $dhcpComments $ dhcpOption) )
-
-objectclass ( 2.16.840.1.113719.1.203.6.2 
-        NAME 'dhcpSharedNetwork' 
-        DESC 'This stores configuration information for a shared network.' 
-        SUP top 
-        MUST cn 
-        MAY ( dhcpSubnetDN $ dhcpPoolDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpStatements $dhcpComments $ dhcpOption) X-NDS_CONTAINMENT ('dhcpService' ) )
-
-objectclass ( 2.16.840.1.113719.1.203.6.3 
-        NAME 'dhcpSubnet' 
-        DESC 'This class defines a subnet. This is a container object.' 
-        SUP top 
-        MUST ( cn $ dhcpNetMask ) 
-        MAY ( dhcpRange $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $ dhcpClassesDN $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpZoneDN $ dhcpKeyDN $ dhcpFailOverPeerDN $ dhcpStatements $ dhcpComments $ dhcpOption ) X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork') )
-
-objectclass ( 2.16.840.1.113719.1.203.6.4 
-        NAME 'dhcpPool' 
-        DESC 'This stores configuration information about a pool.' 
-        SUP top 
-        MUST ( cn $ dhcpRange ) 
-        MAY ( dhcpClassesDN $ dhcpPermitList $ dhcpLeasesDN $ dhcpOptionsDN $ dhcpZoneDN $dhcpKeyDN $ dhcpStatements $ dhcpComments $ dhcpOption ) 
-        X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpSharedNetwork') )
-
-objectclass ( 2.16.840.1.113719.1.203.6.5 
-        NAME 'dhcpGroup' 
-        DESC 'Group object that lists host DNs and parameters. This is a container object.' 
-        SUP top 
-        MUST cn 
-        MAY ( dhcpHostDN $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption )
-        X-NDS_CONTAINMENT ('dhcpSubnet' 'dhcpService' ) )
-
-objectclass ( 2.16.840.1.113719.1.203.6.6 
-        NAME 'dhcpHost' 
-        DESC 'This represents information about a particular client' 
-        SUP top 
-        MUST cn 
-        MAY  (dhcpLeaseDN $ dhcpHWAddress $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption) 
-        X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' 'dhcpGroup') )
-
-objectclass ( 2.16.840.1.113719.1.203.6.7 
-        NAME 'dhcpClass' 
-        DESC 'Represents information about a collection of related clients.' 
-        SUP top 
-        MUST cn 
-        MAY (dhcpSubClassesDN $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption) 
-        X-NDS_CONTAINMENT ('dhcpService' 'dhcpSubnet' ) )
-
-objectclass ( 2.16.840.1.113719.1.203.6.8 
-        NAME 'dhcpSubClass' 
-        DESC 'Represents information about a collection of related classes.' 
-        SUP top 
-        MUST cn 
-        MAY (dhcpClassData $ dhcpOptionsDN $ dhcpStatements $ dhcpComments $ dhcpOption) X-NDS_CONTAINMENT 'dhcpClass' )
-
-objectclass ( 2.16.840.1.113719.1.203.6.9 
-        NAME 'dhcpOptions' 
-        DESC 'Represents information about a collection of options defined.' 
-        SUP top AUXILIARY
-        MUST cn 
-        MAY ( dhcpOption $ dhcpComments ) 
-        X-NDS_CONTAINMENT  ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet' 'dhcpPool' 'dhcpGroup' 'dhcpHost' 'dhcpClass' ) )
-
-objectclass ( 2.16.840.1.113719.1.203.6.10 
-        NAME 'dhcpLeases' 
-        DESC 'This class represents an IP Address, which may or may not have been leased.' 
-        SUP top 
-        MUST ( cn $ dhcpAddressState ) 
-        MAY ( dhcpExpirationTime $ dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress $ dhcpOption ) 
-        X-NDS_CONTAINMENT ( 'dhcpService' 'dhcpSubnet' 'dhcpPool') )
-
-objectclass ( 2.16.840.1.113719.1.203.6.11 
-        NAME 'dhcpLog' 
-        DESC 'This is the object that holds past information about the IP address. The cn is the time/date stamp when the address was assigned or released, the address state at the time, if the address was assigned or released.' 
-        SUP top 
-        MUST ( cn ) 
-        MAY ( dhcpAddressState $ dhcpExpirationTime $ dhcpStartTimeOfState $ dhcpLastTransactionTime $ dhcpBootpFlag $ dhcpDomainName $ dhcpDnsStatus $ dhcpRequestedHostName $ dhcpAssignedHostName $ dhcpReservedForClient $ dhcpAssignedToClient $ dhcpRelayAgentInfo $ dhcpHWAddress $ dhcpErrorLog) 
-        X-NDS_CONTAINMENT ('dhcpLeases' 'dhcpPool' 'dhcpSubnet' 'dhcpSharedNetwork' 'dhcpService' ) )
-
-objectclass ( 2.16.840.1.113719.1.203.6.12 
-        NAME 'dhcpServer' 
-        DESC 'DHCP Server Object' 
-        SUP top 
-        MUST ( cn ) 
-        MAY (dhcpServiceDN  $ dhcpLocatorDN $ dhcpVersion $ dhcpImplementation $ dhcpHashBucketAssignment $ dhcpDelayedServiceParameter $ dhcpMaxClientLeadTime $ dhcpFailOverEndpointState $ dhcpStatements $ dhcpComments $ dhcpOption) 
-        X-NDS_CONTAINMENT ('organization' 'organizationalunit' 'domain') )
-
-objectclass ( 2.16.840.1.113719.1.203.6.13 
-        NAME 'dhcpTSigKey' 
-        DESC 'TSIG key for secure dynamic updates' 
-        SUP top 
-        MUST (cn $ dhcpKeyAlgorithm $ dhcpKeySecret ) 
-        MAY ( dhcpComments ) 
-        X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
-
-objectclass ( 2.16.840.1.113719.1.203.6.14 
-        NAME 'dhcpDnsZone' 
-        DESC 'DNS Zone for updating leases' 
-        SUP top 
-        MUST (cn $ dhcpDnsZoneServer ) 
-        MAY (dhcpKeyDN $ dhcpComments) 
-        X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
-
-objectclass ( 2.16.840.1.113719.1.203.6.15 
-        NAME 'dhcpFailOverPeer' 
-        DESC 'This class defines the Fail over peer' 
-        SUP top 
-        MUST ( cn $ dhcpFailOverRole $ dhcpFailOverReceiveAddress $ dhcpFailOverPeerAddress $ dhcpFailoverReceivePort $ dhcpFailOverPeerPort ) MAY ( dhcpFailOverResponseDelay  $ dhcpFailOverUnpackedUpdates $ dhcpMaxClientLeadTime $ dhcpFailOverSplit $ dhcpHashBucketAssignment $ dhcpFailOverLoadBalanceTime $ dhcpComments $ dhcpOption) X-NDS_CONTAINMENT ('dhcpService' 'dhcpSharedNetwork' 'dhcpSubnet') )
-
-objectclass ( 2.16.840.1.113719.1.203.6.16 
-        NAME 'dhcpLocator' 
-        DESC 'Locator object for DHCP configuration in the tree. There will be a single dhcpLocator object in the tree with links to all the DHCP objects in the tree' 
-        SUP top 
-        MUST ( cn ) 
-        MAY ( dhcpServiceDN $dhcpServerDN $ dhcpSharedNetworkDN $ dhcpSubnetDN $ dhcpPoolDN $ dhcpGroupDN $ dhcpHostDN $  dhcpClassesDN $ dhcpKeyDN $ dhcpZoneDN $ dhcpFailOverPeerDN $ dhcpOption $ dhcpComments) 
-        X-NDS_CONTAINMENT ('organization' 'organizationalunit' 'domain') )
-

image/service/slapd/assets/config/bootstrap/schema/mmc/dnszone.schema

@@ -1,155 +0,0 @@
-# A schema for storing DNS zones in LDAP
-#
-attributetype ( 1.3.6.1.4.1.2428.20.0.0  NAME 'dNSTTL'
-    DESC 'An integer denoting time to live'
-    EQUALITY integerMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
-
-attributetype ( 1.3.6.1.4.1.2428.20.0.1 NAME 'dNSClass'
-    DESC 'The class of a resource record'
-    EQUALITY caseIgnoreIA5Match
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 1.3.6.1.4.1.2428.20.0.2 NAME 'zoneName'
-    DESC 'The name of a zone, i.e. the name of the highest node in the zone'
-    EQUALITY caseIgnoreIA5Match
-    SUBSTR caseIgnoreIA5SubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 1.3.6.1.4.1.2428.20.0.3 NAME 'relativeDomainName'
-    DESC 'The starting labels of a domain name'
-    EQUALITY caseIgnoreIA5Match
-    SUBSTR caseIgnoreIA5SubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 1.3.6.1.4.1.2428.20.1.12 NAME 'pTRRecord'
-    DESC 'domain name pointer, RFC 1035'
-    EQUALITY caseIgnoreIA5Match
-    SUBSTR caseIgnoreIA5SubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 1.3.6.1.4.1.2428.20.1.13 NAME 'hInfoRecord'
-    DESC 'host information, RFC 1035'
-    EQUALITY caseIgnoreIA5Match
-    SUBSTR caseIgnoreIA5SubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 1.3.6.1.4.1.2428.20.1.14 NAME 'mInfoRecord'
-    DESC 'mailbox or mail list information, RFC 1035'
-    EQUALITY caseIgnoreIA5Match
-    SUBSTR caseIgnoreIA5SubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 1.3.6.1.4.1.2428.20.1.16 NAME 'tXTRecord'
-    DESC 'text string, RFC 1035'
-    EQUALITY caseIgnoreIA5Match
-    SUBSTR caseIgnoreIA5SubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 1.3.6.1.4.1.2428.20.1.18 NAME 'aFSDBRecord'
-    DESC 'for AFS Data Base location, RFC 1183'
-    EQUALITY caseIgnoreIA5Match
-    SUBSTR caseIgnoreIA5SubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 1.3.6.1.4.1.2428.20.1.24 NAME 'SigRecord'
-    DESC 'Signature, RFC 2535'
-    EQUALITY caseIgnoreIA5Match
-    SUBSTR caseIgnoreIA5SubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 1.3.6.1.4.1.2428.20.1.25 NAME 'KeyRecord'
-    DESC 'Key, RFC 2535'
-    EQUALITY caseIgnoreIA5Match
-    SUBSTR caseIgnoreIA5SubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 1.3.6.1.4.1.2428.20.1.28 NAME 'aAAARecord'
-    DESC 'IPv6 address, RFC 1886'
-    EQUALITY caseIgnoreIA5Match
-    SUBSTR caseIgnoreIA5SubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 1.3.6.1.4.1.2428.20.1.29 NAME 'LocRecord'
-    DESC 'Location, RFC 1876'
-    EQUALITY caseIgnoreIA5Match
-    SUBSTR caseIgnoreIA5SubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 1.3.6.1.4.1.2428.20.1.30 NAME 'nXTRecord'
-    DESC 'non-existant, RFC 2535'
-    EQUALITY caseIgnoreIA5Match
-    SUBSTR caseIgnoreIA5SubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 1.3.6.1.4.1.2428.20.1.33 NAME 'sRVRecord'
-    DESC 'service location, RFC 2782'
-    EQUALITY caseIgnoreIA5Match
-    SUBSTR caseIgnoreIA5SubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 1.3.6.1.4.1.2428.20.1.35 NAME 'nAPTRRecord'
-    DESC 'Naming Authority Pointer, RFC 2915'
-    EQUALITY caseIgnoreIA5Match
-    SUBSTR caseIgnoreIA5SubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 1.3.6.1.4.1.2428.20.1.36 NAME 'kXRecord'
-    DESC 'Key Exchange Delegation, RFC 2230'
-    EQUALITY caseIgnoreIA5Match
-    SUBSTR caseIgnoreIA5SubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 1.3.6.1.4.1.2428.20.1.37 NAME 'certRecord'
-    DESC 'certificate, RFC 2538'
-    EQUALITY caseIgnoreIA5Match
-    SUBSTR caseIgnoreIA5SubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 1.3.6.1.4.1.2428.20.1.38 NAME 'a6Record'
-    DESC 'A6 Record Type, RFC 2874'
-    EQUALITY caseIgnoreIA5Match
-    SUBSTR caseIgnoreIA5SubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 1.3.6.1.4.1.2428.20.1.39 NAME 'dNameRecord'
-    DESC 'Non-Terminal DNS Name Redirection, RFC 2672'
-    EQUALITY caseIgnoreIA5Match
-    SUBSTR caseIgnoreIA5SubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 1.3.6.1.4.1.2428.20.1.43 NAME 'dSRecord'
-    DESC 'Delegation Signer, RFC 3658'
-    EQUALITY caseIgnoreIA5Match
-    SUBSTR caseIgnoreIA5SubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 1.3.6.1.4.1.2428.20.1.44 NAME 'sSHFPRecord'
-    DESC 'SSH Key Fingerprint, draft-ietf-secsh-dns-05.txt'
-    EQUALITY caseIgnoreIA5Match
-    SUBSTR caseIgnoreIA5SubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 1.3.6.1.4.1.2428.20.1.46 NAME 'rRSIGRecord'
-    DESC 'RRSIG, RFC 3755'
-    EQUALITY caseIgnoreIA5Match
-    SUBSTR caseIgnoreIA5SubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-attributetype ( 1.3.6.1.4.1.2428.20.1.47 NAME 'nSECRecord'
-    DESC 'NSEC, RFC 3755'
-    EQUALITY caseIgnoreIA5Match
-    SUBSTR caseIgnoreIA5SubstringsMatch
-    SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-objectclass ( 1.3.6.1.4.1.2428.20.3 NAME 'dNSZone'
-        SUP top STRUCTURAL
-    MUST ( zoneName $ relativeDomainName )
-        MAY ( DNSTTL $ DNSClass $
-              ARecord $ MDRecord $ MXRecord $ NSRecord $
-          SOARecord $ CNAMERecord $ PTRRecord $ HINFORecord $
-              MINFORecord $ TXTRecord $ AFSDBRecord $ SIGRecord $
-              KEYRecord $ AAAARecord $ LOCRecord $ NXTRecord $
-              SRVRecord $ NAPTRRecord $ KXRecord $ CERTRecord $
-              A6Record $ DNAMERecord $ DSRecord $ SSHFPRecord $
-              RRSIGRecord $ NSECRecord ) )

image/service/slapd/assets/config/bootstrap/schema/mmc/mail.schema

@@ -1,128 +0,0 @@
-##
-## Needed attributes for MMC Mail Plugin
-##
-## Cédric Delfosse ([email protected])
-## Matthieu Vogelweith ([email protected])
-## Jean-Philippe Braun ([email protected])
-
-# Attributes
-attributetype ( 1.3.6.1.4.1.21103.1.1.13.1
-        NAME 'maildrop'
-        DESC 'Mail addresses where mails are forwarded -- ie forwards'
-        EQUALITY caseIgnoreMatch
-        SUBSTR caseIgnoreSubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512})
-
-attributetype ( 1.3.6.1.4.1.21103.1.1.13.2
-        NAME 'mailalias'
-        DESC 'Mail addresses accepted by this account -- ie aliases'
-        EQUALITY caseIgnoreMatch
-        SUBSTR caseIgnoreSubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512})
-
-attributetype ( 1.3.6.1.4.1.21103.1.1.13.3
-        NAME 'mailenable'
-        DESC 'Mail Account / Virtual alias validity'
-        EQUALITY caseIgnoreMatch
-        SUBSTR caseIgnoreSubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{8})
-
-attributetype ( 1.3.6.1.4.1.21103.1.1.13.4
-        NAME 'mailbox'
-        DESC 'Mailbox path where mails are delivered'
-        EQUALITY caseIgnoreMatch
-        SUBSTR caseIgnoreSubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512})
-
-attributetype ( 1.3.6.1.4.1.21103.1.1.13.5
-        NAME 'virtualdomain'
-        DESC 'A mail domain name'
-        EQUALITY caseIgnoreMatch
-        SUBSTR caseIgnoreSubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512})
-
-attributetype ( 1.3.6.1.4.1.21103.1.1.13.6
-        NAME 'virtualdomaindescription'
-        DESC 'Virtual domain description'
-        EQUALITY caseIgnoreMatch
-        SUBSTR caseIgnoreSubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{512})
-
-attributetype ( 1.3.6.1.4.1.21103.1.1.13.7
-        NAME 'mailuserquota'
-        DESC 'Mailbox quota for a user in kilo-bytes'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.21103.1.1.13.8
-        NAME 'mailhost'
-        DESC 'The mail server IP address or FQDN for a user'
-        EQUALITY caseIgnoreIA5Match
-        SUBSTR caseIgnoreIA5SubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE)
-
-attributetype ( 1.3.6.1.4.1.21103.1.1.13.9
-        NAME 'mailaliasmember'
-        DESC 'Member of a virtual alias'
-        SUP distinguishedName )
-
-attributetype ( 1.3.6.1.4.1.21103.1.1.13.10
-        NAME 'mailproxy'
-        DESC 'Mail proxy'
-        EQUALITY caseIgnoreIA5Match
-        SUBSTR caseIgnoreIA5SubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} SINGLE-VALUE)
-
-attributetype ( 1.3.6.1.4.1.21103.1.1.13.11
-        NAME 'mailhidden'
-        DESC 'Mail Account hidden in address book'
-        EQUALITY caseIgnoreMatch
-        SUBSTR caseIgnoreSubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{8})
-
-# Mail Account Objectclass
-objectclass ( 1.3.6.1.4.1.21103.1.2.13.1
-        NAME 'mailAccount'
-        DESC 'Mail Account'
-        SUP top
-        AUXILIARY
-        MUST (
-            mail
-            )
-        MAY (
-            mailalias $ maildrop $ mailenable $ mailbox $ mailuserquota $
-            mailhost $ mailproxy $ mailhidden
-            )
-        )
-
-# Mail Domain Objectclass
-objectclass ( 1.3.6.1.4.1.21103.1.2.13.2
-        NAME 'mailDomain'
-        DESC 'Domain mail entry'
-        SUP top
-        STRUCTURAL
-        MUST (
-            virtualdomain
-            )
-        MAY (
-            virtualdomaindescription $ mailuserquota
-            )
-        )
-
-# Mail Group Objectclass
-objectclass ( 1.3.6.1.4.1.21103.1.2.13.3
-        NAME 'mailGroup' SUP top AUXILIARY
-        DESC 'Mail Group'
-        MUST ( mail )
-        MAY ( mailhidden )
-        )
-
-# Virtual Alias Objectclass
-objectclass ( 1.3.6.1.4.1.21103.1.2.13.4
-        NAME 'mailAlias'
-        DESC 'Mail Alias'
-        SUP top
-        STRUCTURAL
-        MUST ( mailalias )
-        MAY ( mail $ mailaliasmember $ mailenable )
-        )

image/service/slapd/assets/config/bootstrap/schema/mmc/mmc.schema

@@ -1,31 +0,0 @@
-##
-## Needed attributes for MMC (Mandriva Management Console)
-##
-## Version 01
-##
-## J�r�me Wax ([email protected])
-##
-
-# Attributes
-attributetype ( 1.3.6.1.4.1.40098.1.1.12.1 NAME 'lmcACL'
-        DESC 'LMC acl entry'
-        EQUALITY caseIgnoreMatch
-        SUBSTR caseIgnoreSubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
-
-attributetype ( 1.3.6.1.4.1.40098.1.1.12.2 NAME 'lmcPrefMode'
-        DESC 'LMC user preferences'
-        EQUALITY caseIgnoreMatch
-        SUBSTR caseIgnoreSubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
-
-attributetype ( 1.3.6.1.4.1.40098.1.1.12.3 NAME 'lmcPrinterAllowed'
-        DESC 'LMC a printer where the user has the rights to print'
-        EQUALITY caseIgnoreIA5Match
-        SUBSTR caseIgnoreSubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26)
-
-# Objectclass
-objectclass ( 1.3.6.1.4.1.40098.1.2.1.19.1 NAME 'lmcUserObject' AUXILIARY
-        DESC 'Objectclass for LMC user settings '
-        MAY  ( lmcACL $ lmcPrefMode $ lmcPrinterAllowed ))

image/service/slapd/assets/config/bootstrap/schema/mmc/quota.schema

@@ -1,29 +0,0 @@
-##
-## schema file for Unix Quotas
-## Schema for storing Unix Quotas in LDAP
-## OIDs are owned by Cogent Innovators, LLC
-##
-## 1.3.6.1.4.1.19937.1.1.x - attributetypes
-## 1.3.6.1.4.1.19937.1.2.x - objectclasses
-##
-
-attributetype ( 1.3.6.1.4.1.19937.1.1.1 NAME 'quota'
-        DESC 'Quotas (FileSystem:BlocksSoft,BlocksHard,InodesSoft,InodesHard)'
-        EQUALITY caseIgnoreIA5Match
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} )
-
-attributetype ( 1.3.6.1.4.1.19937.1.1.2 NAME 'networkquota'
-        DESC 'Network Quotas (network,protocol,bytes)'
-        EQUALITY caseIgnoreIA5Match
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} )
-
-objectclass ( 1.3.6.1.4.1.19937.1.2.1 NAME 'systemQuotas' SUP posixAccount AUXILIARY
-        DESC 'System Quotas'
-        MUST ( uid )
-        MAY  ( quota $ networkquota ))
-
-objectclass ( 1.3.6.1.4.1.19937.1.2.2 NAME 'defaultQuotas'
-        DESC 'Quota defaults to apply to members of a group'
-        SUP top AUXILIARY
-        MUST ( cn )
-        MAY ( quota $ networkquota ))

image/service/slapd/assets/config/bootstrap/schema/mmc/radius.schema

@@ -1,589 +0,0 @@
-# This is a LDAPv3 schema for RADIUS attributes.
-# Tested on OpenLDAP 2.0.7
-# Posted by Javier Fernandez-Sanguino Pena <[email protected]>
-# LDAP v3 version by Jochen Friedrich <[email protected]>
-# Updates by Adrian Pavlykevych <[email protected]>
-##############
-# This version is customized
-# so that the radiusCallingStationId attribute
-# is multi evaluated
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.1
-      NAME 'radiusArapFeatures'
-      DESC ''
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.2
-      NAME 'radiusArapSecurity'
-      DESC ''
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.3
-      NAME 'radiusArapZoneAccess'
-      DESC ''
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.44
-     NAME 'radiusAuthType'
-     DESC 'checkItem: Auth-Type'
-     EQUALITY caseIgnoreIA5Match
-     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-     SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.4
-      NAME 'radiusCallbackId'
-      DESC 'replyItem: Callback-Id'
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.5
-      NAME 'radiusCallbackNumber'
-      DESC 'replyItem: Callback-Number'
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.6
-      NAME 'radiusCalledStationId'
-      DESC 'checkItem: Called-Station-Id'
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.7
-      NAME 'radiusCallingStationId'
-      DESC 'checkItem: Calling-Station-Id'
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.8
-      NAME 'radiusClass'
-      DESC 'replyItem: Class'
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.45
-     NAME 'radiusClientIPAddress'
-     DESC ''
-     EQUALITY caseIgnoreIA5Match
-     SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-     SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.9
-      NAME 'radiusFilterId'
-      DESC 'replyItem: Filter-Id'
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.10
-      NAME 'radiusFramedAppleTalkLink'
-      DESC 'replyItem: Framed-AppleTalk-Link'
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.11
-      NAME 'radiusFramedAppleTalkNetwork'
-      DESC 'replyItem: Framed-AppleTalk-Network'
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.12
-      NAME 'radiusFramedAppleTalkZone'
-      DESC 'replyItem: Framed-AppleTalk-Zone'
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.13
-      NAME 'radiusFramedCompression'
-      DESC 'replyItem: Framed-Compression'
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.14
-      NAME 'radiusFramedIPAddress'
-      DESC 'replyItem: Framed-IP-Address'
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.15
-      NAME 'radiusFramedIPNetmask'
-      DESC 'replyItem: Framed-IP-Netmask'
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.16
-      NAME 'radiusFramedIPXNetwork'
-      DESC 'replyItem: Framed-IPX-Network'
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.17
-      NAME 'radiusFramedMTU'
-      DESC 'replyItem: Framed-MTU'
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.18
-      NAME 'radiusFramedProtocol'
-      DESC 'replyItem: Framed-Protocol'
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.19
-      NAME 'radiusFramedRoute'
-      DESC 'replyItem: Framed-Route'
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.20
-      NAME 'radiusFramedRouting'
-      DESC 'replyItem: Framed-Routing'
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.46
-      NAME 'radiusGroupName'
-      DESC ''
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.47
-      NAME 'radiusHint'
-      DESC ''
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.48
-      NAME 'radiusHuntgroupName'
-      DESC ''
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.21
-      NAME 'radiusIdleTimeout'
-      DESC 'replyItem: Idle-Timeout'
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.22
-      NAME 'radiusLoginIPHost'
-      DESC 'replyItem: Login-IP-Host'
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.23
-      NAME 'radiusLoginLATGroup'
-      DESC 'replyItem: Login-LAT-Group'
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.24
-      NAME 'radiusLoginLATNode'
-      DESC 'replyItem: Login-LAT-Node'
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.25
-      NAME 'radiusLoginLATPort'
-      DESC 'replyItem: Login-LAT-Port'
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.26
-      NAME 'radiusLoginLATService'
-      DESC 'replyItem: Login-LAT-Service'
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.27
-      NAME 'radiusLoginService'
-      DESC 'replyItem: Login-Service'
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.28
-      NAME 'radiusLoginTCPPort'
-      DESC 'replyItem: Login-TCP-Port'
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.29
-      NAME 'radiusPasswordRetry'
-      DESC ''
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.30
-      NAME 'radiusPortLimit'
-      DESC 'replyItem: Port-Limit'
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.49
-      NAME 'radiusProfileDn'
-      DESC ''
-      EQUALITY distinguishedNameMatch
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.12
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.31
-      NAME 'radiusPrompt'
-      DESC ''
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.50
-      NAME 'radiusProxyToRealm'
-      DESC ''
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.51
-      NAME 'radiusReplicateToRealm'
-      DESC ''
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.52
-      NAME 'radiusRealm'
-      DESC ''
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.32
-      NAME 'radiusServiceType'
-      DESC 'replyItem: Service-Type'
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.33
-      NAME 'radiusSessionTimeout'
-      DESC 'replyItem: Session-Timeout'
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.34
-      NAME 'radiusTerminationAction'
-      DESC 'replyItem: Termination-Action'
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.35
-      NAME 'radiusTunnelAssignmentId'
-      DESC ''
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.36
-      NAME 'radiusTunnelMediumType'
-      DESC ''
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.37
-      NAME 'radiusTunnelPassword'
-      DESC ''
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.38
-      NAME 'radiusTunnelPreference'
-      DESC ''
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.39
-      NAME 'radiusTunnelPrivateGroupId'
-      DESC ''
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.40
-      NAME 'radiusTunnelServerEndpoint'
-      DESC ''
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.41
-      NAME 'radiusTunnelType'
-      DESC ''
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.42
-      NAME 'radiusVSA'
-      DESC ''
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.43
-      NAME 'radiusTunnelClientEndpoint'
-      DESC ''
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-   )
-
-
-#need to change asn1.id
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.53
-      NAME 'radiusSimultaneousUse'
-      DESC 'checkItem: Simultaneous-Use'
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.54
-      NAME 'radiusLoginTime'
-      DESC ''
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.55
-      NAME 'radiusUserCategory'
-      DESC ''
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.56
-      NAME 'radiusStripUserName'
-      DESC ''
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.7
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.57
-      NAME 'dialupAccess'
-      DESC ''
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.58
-      NAME 'radiusExpiration'
-      DESC 'checkItem: Expiration'
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.59
-      NAME 'radiusCheckItem'
-      DESC 'checkItem: $GENERIC$'
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.60
-      NAME 'radiusReplyItem'
-      DESC 'replyItem: $GENERIC$'
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.61
-      NAME 'radiusNASIpAddress'
-      DESC ''
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-      SINGLE-VALUE
-   )
-
-attributetype
-   ( 1.3.6.1.4.1.3317.4.3.1.62
-      NAME 'radiusReplyMessage'
-      DESC 'replyItem: Reply-Message'
-      EQUALITY caseIgnoreIA5Match
-      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
-   )
-
-
-objectclass
-   ( 1.3.6.1.4.1.3317.4.3.2.1
-      NAME 'radiusprofile'
-      SUP top AUXILIARY
-      DESC ''
-      MUST cn
-      MAY ( radiusArapFeatures $ radiusArapSecurity $ radiusArapZoneAccess $
-            radiusAuthType $ radiusCallbackId $ radiusCallbackNumber $
-            radiusCalledStationId $ radiusCallingStationId $ radiusClass $
-            radiusClientIPAddress $ radiusFilterId $ radiusFramedAppleTalkLink $
-            radiusFramedAppleTalkNetwork $ radiusFramedAppleTalkZone $
-            radiusFramedCompression $ radiusFramedIPAddress $
-            radiusFramedIPNetmask $ radiusFramedIPXNetwork $
-            radiusFramedMTU $ radiusFramedProtocol $
-       radiusCheckItem $ radiusReplyItem $
-            radiusFramedRoute $ radiusFramedRouting $ radiusIdleTimeout $
-            radiusGroupName $ radiusHint $ radiusHuntgroupName $
-            radiusLoginIPHost $ radiusLoginLATGroup $ radiusLoginLATNode $
-            radiusLoginLATPort $ radiusLoginLATService $ radiusLoginService $
-            radiusLoginTCPPort $ radiusLoginTime $ radiusPasswordRetry $
-            radiusPortLimit $ radiusPrompt $ radiusProxyToRealm $
-            radiusRealm $ radiusReplicateToRealm $ radiusServiceType $
-            radiusSessionTimeout $ radiusStripUserName $
-            radiusTerminationAction $ radiusTunnelClientEndpoint $ radiusProfileDn $
-            radiusSimultaneousUse $ radiusTunnelAssignmentId $
-            radiusTunnelMediumType $ radiusTunnelPassword $ radiusTunnelPreference $
-            radiusTunnelPrivateGroupId $ radiusTunnelServerEndpoint $
-            radiusTunnelType $ radiusUserCategory $ radiusVSA $
-            radiusExpiration $ dialupAccess $ radiusNASIpAddress $
-            radiusReplyMessage )
-   )
-
-objectclass
-  ( 1.3.6.1.4.1.3317.4.3.2.2
-   NAME 'radiusObjectProfile'
-   SUP top STRUCTURAL
-   DESC 'A Container Objectclass to be used for creating radius profile object'
-   MUST cn
-   MAY ( uid $ userPassword $ description )
-  )

image/service/slapd/assets/config/bootstrap/schema/mmc/samba.schema

@@ -1,554 +0,0 @@
-##
-## schema file for OpenLDAP 2.x
-## Schema for storing Samba user accounts and group maps in LDAP
-## OIDs are owned by the Samba Team
-##
-## Prerequisite schemas - uid         (cosine.schema)
-##                      - displayName (inetorgperson.schema)
-##                      - gidNumber   (nis.schema)
-##
-## 1.3.6.1.4.1.7165.2.1.x - attributetypes
-## 1.3.6.1.4.1.7165.2.2.x - objectclasses
-##
-## Printer support
-## 1.3.6.1.4.1.7165.2.3.1.x - attributetypes
-## 1.3.6.1.4.1.7165.2.3.2.x - objectclasses
-##
-## Samba4
-## 1.3.6.1.4.1.7165.4.1.x - attributetypes
-## 1.3.6.1.4.1.7165.4.2.x - objectclasses
-## 1.3.6.1.4.1.7165.4.3.x - LDB/LDAP Controls
-## 1.3.6.1.4.1.7165.4.4.x - LDB/LDAP Extended Operations
-## 1.3.6.1.4.1.7165.4.255.x - mapped OIDs due to conflicts between AD and standards-track
-##
-## ----- READ THIS WHEN ADDING A NEW ATTRIBUTE OR OBJECT CLASS ------
-##
-## Run the 'get_next_oid' bash script in this directory to find the 
-## next available OID for attribute type and object classes.
-##
-##   $ ./get_next_oid
-##   attributetype ( 1.3.6.1.4.1.7165.2.1.XX NAME ....
-##   objectclass ( 1.3.6.1.4.1.7165.2.2.XX NAME ....
-##
-## Also ensure that new entries adhere to the declaration style
-## used throughout this file
-##
-##    <attributetype|objectclass> ( 1.3.6.1.4.1.7165.2.XX.XX NAME ....
-##                               ^ ^                        ^
-##
-## The spaces are required for the get_next_oid script (and for 
-## readability).
-##
-## ------------------------------------------------------------------
-
-# objectIdentifier SambaRoot 1.3.6.1.4.1.7165
-# objectIdentifier Samba3 SambaRoot:2
-# objectIdentifier Samba3Attrib Samba3:1
-# objectIdentifier Samba3ObjectClass Samba3:2
-# objectIdentifier Samba4 SambaRoot:4
-
-########################################################################
-##                            HISTORICAL                              ##
-########################################################################
-
-##
-## Password hashes
-##
-#attributetype ( 1.3.6.1.4.1.7165.2.1.1 NAME 'lmPassword'
-#       DESC 'LanManager Passwd'
-#       EQUALITY caseIgnoreIA5Match
-#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
-
-#attributetype ( 1.3.6.1.4.1.7165.2.1.2 NAME 'ntPassword'
-#       DESC 'NT Passwd'
-#       EQUALITY caseIgnoreIA5Match
-#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
-
-##
-## Account flags in string format ([UWDX     ])
-##
-#attributetype ( 1.3.6.1.4.1.7165.2.1.4 NAME 'acctFlags'
-#       DESC 'Account Flags'
-#       EQUALITY caseIgnoreIA5Match
-#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
-
-##
-## Password timestamps & policies
-##
-#attributetype ( 1.3.6.1.4.1.7165.2.1.3 NAME 'pwdLastSet'
-#       DESC 'NT pwdLastSet'
-#       EQUALITY integerMatch
-#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-#attributetype ( 1.3.6.1.4.1.7165.2.1.5 NAME 'logonTime'
-#       DESC 'NT logonTime'
-#       EQUALITY integerMatch
-#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-#attributetype ( 1.3.6.1.4.1.7165.2.1.6 NAME 'logoffTime'
-#       DESC 'NT logoffTime'
-#       EQUALITY integerMatch
-#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-#attributetype ( 1.3.6.1.4.1.7165.2.1.7 NAME 'kickoffTime'
-#       DESC 'NT kickoffTime'
-#       EQUALITY integerMatch
-#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-#attributetype ( 1.3.6.1.4.1.7165.2.1.8 NAME 'pwdCanChange'
-#       DESC 'NT pwdCanChange'
-#       EQUALITY integerMatch
-#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-#attributetype ( 1.3.6.1.4.1.7165.2.1.9 NAME 'pwdMustChange'
-#       DESC 'NT pwdMustChange'
-#       EQUALITY integerMatch
-#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-##
-## string settings
-##
-#attributetype ( 1.3.6.1.4.1.7165.2.1.10 NAME 'homeDrive'
-#       DESC 'NT homeDrive'
-#       EQUALITY caseIgnoreIA5Match
-#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
-
-#attributetype ( 1.3.6.1.4.1.7165.2.1.11 NAME 'scriptPath'
-#       DESC 'NT scriptPath'
-#       EQUALITY caseIgnoreIA5Match
-#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
-
-#attributetype ( 1.3.6.1.4.1.7165.2.1.12 NAME 'profilePath'
-#       DESC 'NT profilePath'
-#       EQUALITY caseIgnoreIA5Match
-#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
-
-#attributetype ( 1.3.6.1.4.1.7165.2.1.13 NAME 'userWorkstations'
-#       DESC 'userWorkstations'
-#       EQUALITY caseIgnoreIA5Match
-#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
-
-#attributetype ( 1.3.6.1.4.1.7165.2.1.17 NAME 'smbHome'
-#       DESC 'smbHome'
-#       EQUALITY caseIgnoreIA5Match
-#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
-
-#attributetype ( 1.3.6.1.4.1.7165.2.1.18 NAME 'domain'
-#       DESC 'Windows NT domain to which the user belongs'
-#       EQUALITY caseIgnoreIA5Match
-#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
-
-##
-## user and group RID
-##
-#attributetype ( 1.3.6.1.4.1.7165.2.1.14 NAME 'rid'
-#       DESC 'NT rid'
-#       EQUALITY integerMatch
-#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-#attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID'
-#       DESC 'NT Group RID'
-#       EQUALITY integerMatch
-#       SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-##
-## The smbPasswordEntry objectclass has been depreciated in favor of the
-## sambaAccount objectclass
-##
-#objectclass ( 1.3.6.1.4.1.7165.2.2.1 NAME 'smbPasswordEntry' SUP top AUXILIARY
-#        DESC 'Samba smbpasswd entry'
-#        MUST ( uid $ uidNumber )
-#        MAY  ( lmPassword $ ntPassword $ pwdLastSet $ acctFlags ))
-
-#objectclass ( 1.3.6.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
-#       DESC 'Samba Account'
-#       MUST ( uid $ rid )
-#       MAY  ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
-#               logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
-#               displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
-#               description $ userWorkstations $ primaryGroupID $ domain ))
-
-#objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY
-#       DESC 'Samba Auxiliary Account'
-#       MUST ( uid $ rid )
-#       MAY  ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
-#              logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
-#              displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
-#              description $ userWorkstations $ primaryGroupID $ domain ))
-
-########################################################################
-##                        END OF HISTORICAL                           ##
-########################################################################
-
-#######################################################################
-##                Attributes used by Samba 3.0 schema                ##
-#######################################################################
-
-##
-## Password hashes
-##
-attributetype ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword'
-        DESC 'LanManager Password'
-        EQUALITY caseIgnoreIA5Match
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword'
-        DESC 'MD4 hash of the unicode password'
-        EQUALITY caseIgnoreIA5Match
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
-
-##
-## Account flags in string format ([UWDX     ])
-##
-attributetype ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags'
-        DESC 'Account Flags'
-        EQUALITY caseIgnoreIA5Match
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
-
-##
-## Password timestamps & policies
-##
-attributetype ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet'
-        DESC 'Timestamp of the last password update'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange'
-        DESC 'Timestamp of when the user is allowed to update the password'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange'
-        DESC 'Timestamp of when the password will expire'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime'
-        DESC 'Timestamp of last logon'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime'
-        DESC 'Timestamp of last logoff'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime'
-        DESC 'Timestamp of when the user will be logged off automatically'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount'
-        DESC 'Bad password attempt count'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime'
-        DESC 'Time of the last bad password attempt'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours'
-        DESC 'Logon Hours'
-        EQUALITY caseIgnoreIA5Match
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42} SINGLE-VALUE )
-
-##
-## string settings
-##
-attributetype ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive'
-        DESC 'Driver letter of home directory mapping'
-        EQUALITY caseIgnoreIA5Match
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript'
-        DESC 'Logon script path'
-        EQUALITY caseIgnoreMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath'
-        DESC 'Roaming profile path'
-        EQUALITY caseIgnoreMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations'
-        DESC 'List of user workstations the user is allowed to logon to'
-        EQUALITY caseIgnoreMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath'
-        DESC 'Home directory UNC path'
-        EQUALITY caseIgnoreMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName'
-        DESC 'Windows NT domain to which the user belongs'
-        EQUALITY caseIgnoreMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial'
-        DESC 'Base64 encoded user parameter string'
-        EQUALITY caseExactMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory'
-        DESC 'Concatenated MD5 hashes of the salted NT passwords used on this account'
-        EQUALITY caseIgnoreIA5Match
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} )
-
-##
-## SID, of any type
-##
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID'
-        DESC 'Security ID'
-        EQUALITY caseIgnoreIA5Match
-        SUBSTR caseExactIA5SubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
-
-##
-## Primary group SID, compatible with ntSid
-##
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID'
-        DESC 'Primary Group Security ID'
-        EQUALITY caseIgnoreIA5Match
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList'
-        DESC 'Security ID List'
-        EQUALITY caseIgnoreIA5Match
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} )
-
-##
-## group mapping attributes
-##
-attributetype ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType'
-        DESC 'NT Group Type'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-##
-## Store info on the domain
-##
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid'
-        DESC 'Next NT rid to give our for users'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid'
-        DESC 'Next NT rid to give out for groups'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid'
-        DESC 'Next NT rid to give out for anything'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase'
-        DESC 'Base at which the samba RID generation algorithm should operate'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName'
-        DESC 'Share Name'
-        EQUALITY caseIgnoreMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName'
-        DESC 'Option Name'
-        EQUALITY caseIgnoreMatch
-        SUBSTR caseIgnoreSubstringsMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption'
-        DESC 'A boolean option'
-        EQUALITY booleanMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption'
-        DESC 'An integer option'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption'
-        DESC 'A string option'
-        EQUALITY caseExactIA5Match
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption'
-        DESC 'A string list option'
-        EQUALITY caseIgnoreMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
-
-##attributetype ( 1.3.6.1.4.1.7165.2.1.50 NAME 'sambaPrivName' 
-##      SUP name )
-
-##attributetype ( 1.3.6.1.4.1.7165.2.1.52 NAME 'sambaPrivilegeList'
-##      DESC 'Privileges List'
-##      EQUALITY caseIgnoreIA5Match
-##      SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} )
-
-attributetype ( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags'
-        DESC 'Trust Password Flags'
-        EQUALITY caseIgnoreIA5Match
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
-
-# "min password length"
-attributetype ( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength'
-        DESC 'Minimal password length (default: 5)'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-# "password history"
-attributetype ( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength'
-        DESC 'Length of Password History Entries (default: 0 => off)'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-# "user must logon to change password"
-attributetype ( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd'
-        DESC 'Force Users to logon for password change (default: 0 => off, 2 => on)'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-# "maximum password age"
-attributetype ( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge'
-        DESC 'Maximum password age, in seconds (default: -1 => never expire passwords)'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-# "minimum password age"
-attributetype ( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge'
-        DESC 'Minimum password age, in seconds (default: 0 => allow immediate password change)'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-# "lockout duration"
-attributetype ( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration'
-        DESC 'Lockout duration in minutes (default: 30, -1 => forever)'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-# "reset count minutes"
-attributetype ( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservationWindow'
-        DESC 'Reset time after lockout in minutes (default: 30)'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-# "bad lockout attempt"
-attributetype ( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold'
-        DESC 'Lockout users after bad logon attempts (default: 0 => off)'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-# "disconnect time"
-attributetype ( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff'
-        DESC 'Disconnect Users outside logon hours (default: -1 => off, 0 => on)'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-# "refuse machine password change"
-attributetype ( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange'
-        DESC 'Allow Machine Password changes (default: 0 => off)'
-        EQUALITY integerMatch
-        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-
-
-
-#######################################################################
-##              objectClasses used by Samba 3.0 schema               ##
-#######################################################################
-
-## The X.500 data model (and therefore LDAPv3) says that each entry can
-## only have one structural objectclass.  OpenLDAP 2.0 does not enforce
-## this currently but will in v2.1
-
-##
-## added new objectclass (and OID) for 3.0 to help us deal with backwards
-## compatibility with 2.2 installations (e.g. ldapsam_compat)  --jerry
-##
-objectclass ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY
-        DESC 'Samba 3.0 Auxilary SAM Account'
-        MUST ( uid $ sambaSID )
-        MAY  ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $
-               sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $
-               sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $
-               displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $
-               sambaProfilePath $ description $ sambaUserWorkstations $
-               sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $
-               sambaBadPasswordCount $ sambaBadPasswordTime $
-               sambaPasswordHistory $ sambaLogonHours))
-
-##
-## Group mapping info
-##
-objectclass ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY
-        DESC 'Samba Group Mapping'
-        MUST ( gidNumber $ sambaSID $ sambaGroupType )
-        MAY  ( displayName $ description $ sambaSIDList ))
-
-##
-## Trust password for trust relationships (any kind)
-##
-objectclass ( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' SUP top STRUCTURAL
-        DESC 'Samba Trust Password'
-        MUST ( sambaDomainName $ sambaNTPassword $ sambaTrustFlags )
-        MAY ( sambaSID $ sambaPwdLastSet ))
-
-##
-## Whole-of-domain info
-##
-objectclass ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL
-        DESC 'Samba Domain Information'
-        MUST ( sambaDomainName $ 
-               sambaSID ) 
-        MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $
-              sambaAlgorithmicRidBase $ 
-              sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd $
-              sambaMaxPwdAge $ sambaMinPwdAge $
-              sambaLockoutDuration $ sambaLockoutObservationWindow $ sambaLockoutThreshold $
-              sambaForceLogoff $ sambaRefuseMachinePwdChange ))
-
-##
-## used for idmap_ldap module
-##
-objectclass ( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' SUP top AUXILIARY
-        DESC 'Pool for allocating UNIX uids/gids'
-        MUST ( uidNumber $ gidNumber ) )
-
-
-objectclass ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' SUP top AUXILIARY
-        DESC 'Mapping from a SID to an ID'
-        MUST ( sambaSID )
-        MAY ( uidNumber $ gidNumber ) )
-
-objectclass ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' SUP top STRUCTURAL
-        DESC 'Structural Class for a SID'
-        MUST ( sambaSID ) )
-
-objectclass ( 1.3.6.1.4.1.7165.2.2.10 NAME 'sambaConfig' SUP top AUXILIARY
-        DESC 'Samba Configuration Section'
-        MAY ( description ) )
-
-objectclass ( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' SUP top STRUCTURAL
-        DESC 'Samba Share Section'
-        MUST ( sambaShareName )
-        MAY ( description ) )
-
-objectclass ( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' SUP top STRUCTURAL
-        DESC 'Samba Configuration Option'
-        MUST ( sambaOptionName )
-        MAY ( sambaBoolOption $ sambaIntegerOption $ sambaStringOption $ 
-              sambaStringListoption $ description ) )
-
-
-## retired during privilege rewrite
-##objectclass ( 1.3.6.1.4.1.7165.2.2.13 NAME 'sambaPrivilege' SUP top AUXILIARY
-##      DESC 'Samba Privilege'
-##      MUST ( sambaSID )
-##      MAY ( sambaPrivilegeList ) )

image/service/slapd/assets/config/bootstrap/schema/mmc/zarafa.schema

@@ -1,300 +0,0 @@
-attributetype ( 1.3.6.1.4.1.26278.1.1.1.1
-	NAME 'zarafaQuotaOverride'
-	DESC 'ZARAFA: Override child quota'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.26278.1.1.1.2
-	NAME 'zarafaQuotaWarn'
-	DESC 'ZARAFA: Warning quota size in MB'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.26278.1.1.1.3
-	NAME 'zarafaQuotaSoft'
-	DESC 'ZARAFA: Soft quota size in MB'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.26278.1.1.1.4
-	NAME 'zarafaQuotaHard'
-	DESC 'ZARAFA: Hard quota size in MB'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
-
-attributetype ( 1.3.6.1.4.1.26278.1.1.1.5
-	NAME 'zarafaUserDefaultQuotaOverride'
-	DESC 'ZARAFA: Override User default quota for children'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.26278.1.1.1.6
-	NAME 'zarafaUserDefaultQuotaWarn'
-	DESC 'ZARAFA: User default warning quota size in MB'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.26278.1.1.1.7
-	NAME 'zarafaUserDefaultQuotaSoft'
-	DESC 'ZARAFA: User default soft quota size in MB'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.26278.1.1.1.8
-	NAME 'zarafaUserDefaultQuotaHard'
-	DESC 'ZARAFA: User default hard quota size in MB'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
-
-attributetype ( 1.3.6.1.4.1.26278.1.1.2.1
-	NAME 'zarafaAdmin'
-	DESC 'ZARAFA: Administrator of zarafa'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
-
-attributetype ( 1.3.6.1.4.1.26278.1.1.2.2
-	NAME 'zarafaSharedStoreOnly'
-	DESC 'ZARAFA: is store a shared store'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
-
-attributetype ( 1.3.6.1.4.1.26278.1.1.2.3
-	NAME 'zarafaAccount'
-	DESC 'ZARAFA: entry is a part of zarafa'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
-
-attributetype ( 1.3.6.1.4.1.26278.1.1.2.4
-	NAME 'zarafaSendAsPrivilege'
-	DESC 'ZARAFA: Users may directly send email as this user'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
-attributetype ( 1.3.6.1.4.1.26278.1.1.2.5
-	NAME 'zarafaMrAccept'
-	DESC 'ZARAFA: user should auto-accept meeting requests'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
-
-attributetype ( 1.3.6.1.4.1.26278.1.1.2.6
-	NAME 'zarafaMrDeclineConflict'
-	DESC 'ZARAFA: user should automatically decline conflicting meeting requests'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
-
-attributetype ( 1.3.6.1.4.1.26278.1.1.2.7
-	NAME 'zarafaMrDeclineRecurring'
-	DESC 'ZARAFA: user should automatically decline recurring meeting requests'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
-	
-attributetype ( 1.3.6.1.4.1.26278.1.1.2.8
-	NAME 'zarafaId'
-	DESC 'ZARAFA: Generic unique ID'
-	EQUALITY octetStringMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 SINGLE-VALUE )	
-	
-attributetype ( 1.3.6.1.4.1.26278.1.1.2.9
-	NAME 'zarafaResourceType'
-	DESC 'ZARAFA: for shared stores, resource is type Room or Equipment'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )	
-
-attributetype ( 1.3.6.1.4.1.26278.1.1.2.10
-	NAME 'zarafaResourceCapacity'
-	DESC 'ZARAFA: number of rooms or equipment available'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )	
-
-attributetype ( 1.3.6.1.4.1.26278.1.1.2.11
-	NAME 'zarafaHidden'
-	DESC 'ZARAFA: This object should be hidden from address book'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype ( 1.3.6.1.4.1.26278.1.1.3.1
-	NAME 'zarafaAliases'
-	DESC 'ZARAFA: All other email addresses for this user'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
-
-attributetype ( 1.3.6.1.4.1.26278.1.1.4.1
-	NAME 'zarafaUserServer'
-	DESC 'ZARAFA: Home server for the user'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
-
-objectclass	( 1.3.6.1.4.1.26278.1.1.0.0
-	NAME 'zarafa-user'
-	DESC 'Zarafa: an user of Zarafa'
-	SUP top AUXILIARY
-	MUST ( cn )
-	MAY (
-		zarafaQuotaOverride $ zarafaQuotaWarn $ zarafaQuotaSoft $ zarafaSendAsPrivilege $
-		zarafaQuotaHard $ zarafaAdmin $ zarafaSharedStoreOnly $ zarafaResourceType $
-		zarafaResourceCapacity $ zarafaAccount $ zarafaHidden $ zarafaAliases $
-		zarafaUserServer
-		)
-	)
-
-objectclass	( 1.3.6.1.4.1.26278.1.6.0.0
-	NAME 'zarafa-contact'
-	DESC 'Zarafa: a contact of Zarafa'
-	SUP top AUXILIARY
-	MUST ( cn $ uidNumber )
-	MAY (
-		zarafaSendAsPrivilege $ zarafaHidden $ zarafaAliases
-		)
-	)
-
-
-attributetype ( 1.3.6.1.4.1.26278.1.2.2.1
-	NAME 'zarafaSecurityGroup'
-	DESC 'ZARAFA: group has security possibilities'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-objectclass	( 1.3.6.1.4.1.26278.1.2.0.0
-	NAME 'zarafa-group'
-	DESC 'Zarafa: a group of Zarafa'
-	SUP top	AUXILIARY
-	MUST ( cn )
-	MAY (
-		zarafaAccount $ zarafaHidden $ mail $ zarafaAliases $ zarafaSecurityGroup
-		)
-	)
-	
-attributetype ( 1.3.6.1.4.1.26278.1.3.2.4
-	NAME 'zarafaViewPrivilege'
-	DESC 'ZARAFA: Companies with view privileges over selected company'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	)
-
-attributetype ( 1.3.6.1.4.1.26278.1.3.2.5
-	NAME 'zarafaAdminPrivilege'
-	DESC 'ZARAFA: Users from different companies which are administrator over selected company'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	)
-
-attributetype ( 1.3.6.1.4.1.26278.1.3.2.6
-	NAME 'zarafaSystemAdmin'
-	DESC 'ZARAFA: The user who is the system administrator for this company'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE
-	)
-
-attributetype (1.3.6.1.4.1.26278.1.3.1.5
-	NAME 'zarafaQuotaUserWarningRecipients'
-	DESC 'ZARAFA: Users who will recieve a notification email when a user exceeds his quota'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	)
-
-attributetype (1.3.6.1.4.1.26278.1.3.1.6
-	NAME 'zarafaQuotaCompanyWarningRecipients'
-	DESC 'ZARAFA: Users who will recieve a notification email when a company exceeds its quota'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
-	)
-	
-attributetype ( 1.3.6.1.4.1.26278.1.3.4.1
-	NAME 'zarafaCompanyServer'
-	DESC 'ZARAFA: Home server for the user'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
-
-objectclass ( 1.3.6.1.4.1.26278.1.3.0.0
-	NAME 'zarafa-company'
-	DESC 'ZARAFA: a company of Zarafa' 
-	SUP top AUXILIARY
-	MUST ( cn )
-	MAY (
-		zarafaAccount $ zarafaHidden $
-		zarafaViewPrivilege $ zarafaAdminPrivilege $ zarafaSystemAdmin $
-		zarafaQuotaOverride $ zarafaQuotaWarn $
-		zarafaUserDefaultQuotaOverride $ zarafaUserDefaultQuotaWarn $ zarafaUserDefaultQuotaSoft $ zarafaUserDefaultQuotaHard $
-		zarafaQuotaUserWarningRecipients $ zarafaQuotaCompanyWarningRecipients $
-		zarafaCompanyServer
-		)
-	)
-
-attributetype (1.3.6.1.4.1.26278.1.4.4.1
-	NAME 'zarafaHttpPort'
-	DESC 'ZARAFA: Port for the http connection'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype (1.3.6.1.4.1.26278.1.4.4.2
-	NAME 'zarafaSslPort'
-	DESC 'ZARAFA: Port for the ssl connection'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-attributetype (1.3.6.1.4.1.26278.1.4.4.3
-	NAME 'zarafaFilePath'
-	DESC 'ZARAFA: The unix socket or named pipe to the server'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
-	
-attributetype (1.3.6.1.4.1.26278.1.4.4.4
-	NAME 'zarafaContainsPublic'
-	DESC 'ZARAFA: This server contains the public store'
-	EQUALITY integerMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
-
-objectclass ( 1.3.6.1.4.1.26278.1.4.0.0
-	NAME 'zarafa-server'
-	DESC 'ZARAFA: a Zarafa server'
-	SUP top AUXILIARY
-	MUST ( cn )
-	MAY (
-		zarafaAccount $ zarafaHidden $ zarafaHttpPort $ zarafaSslPort $ zarafaFilePath $ zarafaContainsPublic
-		)
-	)
-
-attributetype (1.3.6.1.4.1.26278.1.5.5.1
-	NAME 'zarafaFilter'
-	DESC 'ZARAFA: LDAP Filter to apply'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
-
-attributetype (1.3.6.1.4.1.26278.1.5.5.2
-	NAME 'zarafaBase'
-	DESC 'ZARAFA: LDAP Search base to apply'
-	EQUALITY caseIgnoreMatch
-	SUBSTR caseIgnoreSubstringsMatch
-	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
-
-objectclass ( 1.3.6.1.4.1.26278.1.5.0.0
-	NAME 'zarafa-addresslist'
-	DESC 'ZARAFA: a Zarafa Addresslist'
-	SUP top STRUCTURAL
-	MUST ( cn )
-    MAY (
-		zarafaAccount $ zarafaHidden $ zarafaFilter $ zarafaBase
-		)
-	)
-
-objectclass ( 1.3.6.1.4.1.26278.1.7.0.0
-	NAME 'zarafa-dynamicgroup'
-	DESC 'ZARAFA: a Zarafa dynamic group'
-	SUP top STRUCTURAL
-	MUST ( cn )
-    MAY (
-		zarafaAccount $ zarafaHidden $ mail $ zarafaAliases $ zarafaFilter $ zarafaBase
-		)
-	)

image/service/slapd/assets/config/bootstrap/schema/postfix-book.schema

@@ -0,0 +1,78 @@
+# $Id$
+#
+# State of Mind
+# Private Enterprise Number: 29426
+#
+# OID prefix: 1.3.6.1.4.1.29426
+#
+# Attributes: 1.3.6.1.4.1.29426.1.10.x
+#
+
+
+attributetype ( 1.3.6.1.4.1.29426.1.10.1 NAME 'mailHomeDirectory'
+	DESC 'The absolute path to the mail user home directory'
+        EQUALITY caseExactIA5Match
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.29426.1.10.2 NAME 'mailAlias'
+        DESC 'RFC822 Mailbox - mail alias'
+        EQUALITY caseIgnoreIA5Match
+        SUBSTR caseIgnoreIA5SubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{256} )
+
+attributetype ( 1.3.6.1.4.1.29426.1.10.3 NAME 'mailUidNumber'
+        DESC 'UID required to access the mailbox'
+        EQUALITY integerMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.29426.1.10.4 NAME 'mailGidNumber'
+        DESC 'GID required to access the mailbox'
+        EQUALITY integerMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.29426.1.10.5 NAME 'mailEnabled'
+	DESC 'TRUE to enable, FALSE to disable account'
+        EQUALITY booleanMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.29426.1.10.6 NAME 'mailGroupMember'
+	DESC 'Name of a mail distribution list'
+        EQUALITY caseExactIA5Match
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.29426.1.10.7 NAME 'mailQuota'
+	DESC 'Mail quota limit in kilobytes'
+        EQUALITY caseExactIA5Match
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype ( 1.3.6.1.4.1.29426.1.10.8 NAME 'mailStorageDirectory'
+	DESC 'The absolute path to the mail users mailbox'
+        EQUALITY caseExactIA5Match
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.29426.1.10.9 NAME ( 'mailSieveRuleSource' )
+	DESC 'Sun ONE Messaging Server defined attribute'
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26  X-ORIGIN 'Sun ONE Messaging Server' )
+
+attributetype ( 1.3.6.1.4.1.29426.1.10.10 NAME 'mailForwardingAddress'
+        DESC 'Address(es) to forward all incoming messages to.'
+        EQUALITY caseIgnoreIA5Match
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{320} )
+
+#
+# Objects: 1.3.6.1.4.1.29426.1.2.2.x
+#
+
+objectclass ( 1.3.6.1.4.1.29426.1.2.2.1 NAME 'PostfixBookMailAccount'
+        SUP top AUXILIARY
+	DESC 'Mail account used in Postfix Book'
+	MUST ( mail )
+        MAY ( mailHomeDirectory $ mailAlias $ mailGroupMember
+		$ mailUidNumber $ mailGidNumber $ mailEnabled
+		$ mailQuota $mailStorageDirectory $mailSieveRuleSource ) )
+
+objectclass ( 1.3.6.1.4.1.29426.1.2.2.2 NAME 'PostfixBookMailForward'
+        SUP top AUXILIARY
+	DESC 'Mail forward used in Postfix Book'
+	MUST ( mail $ mailAlias )
+	MAY ( mailForwardingAddress ))

image/service/slapd/assets/config/bootstrap/schema/samba.schema

@@ -0,0 +1,644 @@
+##
+## schema file for OpenLDAP 2.x
+## Schema for storing Samba user accounts and group maps in LDAP
+## OIDs are owned by the Samba Team
+##
+## Prerequisite schemas - uid         (cosine.schema)
+##                      - displayName (inetorgperson.schema)
+##                      - gidNumber   (nis.schema)
+##
+## 1.3.6.1.4.1.7165.2.1.x - attributetypes
+## 1.3.6.1.4.1.7165.2.2.x - objectclasses
+##
+## Printer support
+## 1.3.6.1.4.1.7165.2.3.1.x - attributetypes
+## 1.3.6.1.4.1.7165.2.3.2.x - objectclasses
+##
+## Samba4
+## 1.3.6.1.4.1.7165.4.1.x - attributetypes
+## 1.3.6.1.4.1.7165.4.2.x - objectclasses
+## 1.3.6.1.4.1.7165.4.3.x - LDB/LDAP Controls
+## 1.3.6.1.4.1.7165.4.4.x - LDB/LDAP Extended Operations
+## 1.3.6.1.4.1.7165.4.255.x - mapped OIDs due to conflicts between AD and standards-track
+##
+## External projects
+## 1.3.6.1.4.1.7165.655.x
+## 1.3.6.1.4.1.7165.655.1.x - GSS-NTLMSSP
+##
+## ----- READ THIS WHEN ADDING A NEW ATTRIBUTE OR OBJECT CLASS ------
+##
+## Run the 'get_next_oid' bash script in this directory to find the 
+## next available OID for attribute type and object classes.
+##
+##   $ ./get_next_oid
+##   attributetype ( 1.3.6.1.4.1.7165.2.1.XX NAME ....
+##   objectclass ( 1.3.6.1.4.1.7165.2.2.XX NAME ....
+##
+## Also ensure that new entries adhere to the declaration style
+## used throughout this file
+##
+##    <attributetype|objectclass> ( 1.3.6.1.4.1.7165.2.XX.XX NAME ....
+##                               ^ ^                        ^
+##
+## The spaces are required for the get_next_oid script (and for 
+## readability).
+##
+## ------------------------------------------------------------------
+
+# objectIdentifier SambaRoot 1.3.6.1.4.1.7165
+# objectIdentifier Samba3 SambaRoot:2
+# objectIdentifier Samba3Attrib Samba3:1
+# objectIdentifier Samba3ObjectClass Samba3:2
+# objectIdentifier Samba4 SambaRoot:4
+
+########################################################################
+##                            HISTORICAL                              ##
+########################################################################
+
+##
+## Password hashes
+##
+#attributetype ( 1.3.6.1.4.1.7165.2.1.1 NAME 'lmPassword'
+#	DESC 'LanManager Passwd'
+#	EQUALITY caseIgnoreIA5Match
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.2 NAME 'ntPassword'
+#	DESC 'NT Passwd'
+#	EQUALITY caseIgnoreIA5Match
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
+
+##
+## Account flags in string format ([UWDX     ])
+##
+#attributetype ( 1.3.6.1.4.1.7165.2.1.4 NAME 'acctFlags'
+#	DESC 'Account Flags'
+#	EQUALITY caseIgnoreIA5Match
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
+
+##
+## Password timestamps & policies
+##
+#attributetype ( 1.3.6.1.4.1.7165.2.1.3 NAME 'pwdLastSet'
+#	DESC 'NT pwdLastSet'
+#	EQUALITY integerMatch
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.5 NAME 'logonTime'
+#	DESC 'NT logonTime'
+#	EQUALITY integerMatch
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.6 NAME 'logoffTime'
+#	DESC 'NT logoffTime'
+#	EQUALITY integerMatch
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.7 NAME 'kickoffTime'
+#	DESC 'NT kickoffTime'
+#	EQUALITY integerMatch
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.8 NAME 'pwdCanChange'
+#	DESC 'NT pwdCanChange'
+#	EQUALITY integerMatch
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.9 NAME 'pwdMustChange'
+#	DESC 'NT pwdMustChange'
+#	EQUALITY integerMatch
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+##
+## string settings
+##
+#attributetype ( 1.3.6.1.4.1.7165.2.1.10 NAME 'homeDrive'
+#	DESC 'NT homeDrive'
+#	EQUALITY caseIgnoreIA5Match
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.11 NAME 'scriptPath'
+#	DESC 'NT scriptPath'
+#	EQUALITY caseIgnoreIA5Match
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.12 NAME 'profilePath'
+#	DESC 'NT profilePath'
+#	EQUALITY caseIgnoreIA5Match
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.13 NAME 'userWorkstations'
+#	DESC 'userWorkstations'
+#	EQUALITY caseIgnoreIA5Match
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{255} SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.17 NAME 'smbHome'
+#	DESC 'smbHome'
+#	EQUALITY caseIgnoreIA5Match
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.18 NAME 'domain'
+#	DESC 'Windows NT domain to which the user belongs'
+#	EQUALITY caseIgnoreIA5Match
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{128} )
+
+##
+## user and group RID
+##
+#attributetype ( 1.3.6.1.4.1.7165.2.1.14 NAME 'rid'
+#	DESC 'NT rid'
+#	EQUALITY integerMatch
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+#attributetype ( 1.3.6.1.4.1.7165.2.1.15 NAME 'primaryGroupID'
+#	DESC 'NT Group RID'
+#	EQUALITY integerMatch
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+##
+## The smbPasswordEntry objectclass has been depreciated in favor of the
+## sambaAccount objectclass
+##
+#objectclass ( 1.3.6.1.4.1.7165.2.2.1 NAME 'smbPasswordEntry' SUP top AUXILIARY
+#        DESC 'Samba smbpasswd entry'
+#        MUST ( uid $ uidNumber )
+#        MAY  ( lmPassword $ ntPassword $ pwdLastSet $ acctFlags ))
+
+#objectclass ( 1.3.6.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
+#	DESC 'Samba Account'
+#	MUST ( uid $ rid )
+#	MAY  ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
+#               logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
+#               displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
+#               description $ userWorkstations $ primaryGroupID $ domain ))
+
+#objectclass ( 1.3.6.1.4.1.7165.2.2.3 NAME 'sambaAccount' SUP top AUXILIARY
+#	DESC 'Samba Auxiliary Account'
+#	MUST ( uid $ rid )
+#	MAY  ( cn $ lmPassword $ ntPassword $ pwdLastSet $ logonTime $
+#              logoffTime $ kickoffTime $ pwdCanChange $ pwdMustChange $ acctFlags $
+#              displayName $ smbHome $ homeDrive $ scriptPath $ profilePath $
+#              description $ userWorkstations $ primaryGroupID $ domain ))
+
+########################################################################
+##                        END OF HISTORICAL                           ##
+########################################################################
+
+#######################################################################
+##                Attributes used by Samba 3.0 schema                ##
+#######################################################################
+
+##
+## Password hashes
+##
+attributetype ( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword'
+	DESC 'LanManager Password'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword'
+	DESC 'MD4 hash of the unicode password'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
+
+##
+## Account flags in string format ([UWDX     ])
+##
+attributetype ( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags'
+	DESC 'Account Flags'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
+
+##
+## Password timestamps & policies
+##
+attributetype ( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet'
+	DESC 'Timestamp of the last password update'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange'
+	DESC 'Timestamp of when the user is allowed to update the password'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange'
+	DESC 'Timestamp of when the password will expire'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime'
+	DESC 'Timestamp of last logon'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime'
+	DESC 'Timestamp of last logoff'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime'
+	DESC 'Timestamp of when the user will be logged off automatically'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount'
+	DESC 'Bad password attempt count'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime'
+	DESC 'Time of the last bad password attempt'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours'
+	DESC 'Logon Hours'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42} SINGLE-VALUE )
+
+##
+## string settings
+##
+attributetype ( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive'
+	DESC 'Driver letter of home directory mapping'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript'
+	DESC 'Logon script path'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath'
+	DESC 'Roaming profile path'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations'
+	DESC 'List of user workstations the user is allowed to logon to'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath'
+	DESC 'Home directory UNC path'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName'
+	DESC 'Windows NT domain to which the user belongs'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial'
+	DESC 'Base64 encoded user parameter string'
+	EQUALITY caseExactMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory'
+	DESC 'Concatenated MD5 hashes of the salted NT passwords used on this account'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} )
+
+##
+## SID, of any type
+##
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID'
+	DESC 'Security ID'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseExactIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
+
+##
+## Primary group SID, compatible with ntSid
+##
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID'
+	DESC 'Primary Group Security ID'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList'
+	DESC 'Security ID List'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} )
+
+##
+## group mapping attributes
+##
+attributetype ( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType'
+	DESC 'NT Group Type'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+##
+## Store info on the domain
+##
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid'
+	DESC 'Next NT rid to give our for users'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid'
+	DESC 'Next NT rid to give out for groups'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid'
+	DESC 'Next NT rid to give out for anything'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase'
+	DESC 'Base at which the samba RID generation algorithm should operate'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName'
+	DESC 'Share Name'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName'
+	DESC 'Option Name'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption'
+	DESC 'A boolean option'
+	EQUALITY booleanMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption'
+	DESC 'An integer option'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption'
+	DESC 'A string option'
+	EQUALITY caseExactIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption'
+	DESC 'A string list option'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+
+##attributetype ( 1.3.6.1.4.1.7165.2.1.50 NAME 'sambaPrivName' 
+##	SUP name )
+
+##attributetype ( 1.3.6.1.4.1.7165.2.1.52 NAME 'sambaPrivilegeList'
+##	DESC 'Privileges List'
+##	EQUALITY caseIgnoreIA5Match
+##	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags'
+	DESC 'Trust Password Flags'
+	EQUALITY caseIgnoreIA5Match
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+# "min password length"
+attributetype ( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength'
+	DESC 'Minimal password length (default: 5)'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# "password history"
+attributetype ( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength'
+	DESC 'Length of Password History Entries (default: 0 => off)'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# "user must logon to change password"
+attributetype ( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd'
+	DESC 'Force Users to logon for password change (default: 0 => off, 2 => on)'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# "maximum password age"
+attributetype ( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge'
+	DESC 'Maximum password age, in seconds (default: -1 => never expire passwords)'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# "minimum password age"
+attributetype ( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge'
+	DESC 'Minimum password age, in seconds (default: 0 => allow immediate password change)'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# "lockout duration"
+attributetype ( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration'
+	DESC 'Lockout duration in minutes (default: 30, -1 => forever)'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# "reset count minutes"
+attributetype ( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservationWindow'
+	DESC 'Reset time after lockout in minutes (default: 30)'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# "bad lockout attempt"
+attributetype ( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold'
+	DESC 'Lockout users after bad logon attempts (default: 0 => off)'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# "disconnect time"
+attributetype ( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff'
+	DESC 'Disconnect Users outside logon hours (default: -1 => off, 0 => on)'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+# "refuse machine password change"
+attributetype ( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange'
+	DESC 'Allow Machine Password changes (default: 0 => off)'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+#
+attributetype ( 1.3.6.1.4.1.7165.2.1.68 NAME 'sambaClearTextPassword'
+	DESC 'Clear text password (used for trusted domain passwords)'
+	EQUALITY octetStringMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+
+#
+attributetype ( 1.3.6.1.4.1.7165.2.1.69 NAME 'sambaPreviousClearTextPassword'
+	DESC 'Previous clear text password (used for trusted domain passwords)'
+	EQUALITY octetStringMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.70 NAME 'sambaTrustType'
+	DESC 'Type of trust'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.71 NAME 'sambaTrustAttributes'
+	DESC 'Trust attributes for a trusted domain'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.72 NAME 'sambaTrustDirection'
+	DESC 'Direction of a trust'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.73 NAME 'sambaTrustPartner'
+	DESC 'Fully qualified name of the domain with which a trust exists'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.74 NAME 'sambaFlatName'
+	DESC 'NetBIOS name of a domain'
+	EQUALITY caseIgnoreMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.75 NAME 'sambaTrustAuthOutgoing'
+	DESC 'Authentication information for the outgoing portion of a trust'
+	EQUALITY caseExactMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.76 NAME 'sambaTrustAuthIncoming'
+	DESC 'Authentication information for the incoming portion of a trust'
+	EQUALITY caseExactMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.77 NAME 'sambaSecurityIdentifier'
+	DESC 'SID of a trusted domain'
+	EQUALITY caseIgnoreIA5Match SUBSTR caseExactIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.78 NAME 'sambaTrustForestTrustInfo'
+	DESC 'Forest trust information for a trusted domain object'
+	EQUALITY caseExactMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.79 NAME 'sambaTrustPosixOffset'
+	DESC 'POSIX offset of a trust'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.4.1.7165.2.1.80 NAME 'sambaSupportedEncryptionTypes'
+	DESC 'Supported encryption types of a trust'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+#######################################################################
+##              objectClasses used by Samba 3.0 schema               ##
+#######################################################################
+
+## The X.500 data model (and therefore LDAPv3) says that each entry can
+## only have one structural objectclass.  OpenLDAP 2.0 does not enforce
+## this currently but will in v2.1
+
+##
+## added new objectclass (and OID) for 3.0 to help us deal with backwards
+## compatibility with 2.2 installations (e.g. ldapsam_compat)  --jerry
+##
+objectclass ( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' SUP top AUXILIARY
+	DESC 'Samba 3.0 Auxilary SAM Account'
+	MUST ( uid $ sambaSID )
+	MAY  ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $
+	       sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $
+	       sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $
+               displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $
+	       sambaProfilePath $ description $ sambaUserWorkstations $
+	       sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $
+	       sambaBadPasswordCount $ sambaBadPasswordTime $
+	       sambaPasswordHistory $ sambaLogonHours))
+
+##
+## Group mapping info
+##
+objectclass ( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' SUP top AUXILIARY
+	DESC 'Samba Group Mapping'
+	MUST ( gidNumber $ sambaSID $ sambaGroupType )
+	MAY  ( displayName $ description $ sambaSIDList ))
+
+##
+## Trust password for trust relationships (any kind)
+##
+objectclass ( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' SUP top STRUCTURAL
+	DESC 'Samba Trust Password'
+	MUST ( sambaDomainName $ sambaNTPassword $ sambaTrustFlags )
+	MAY ( sambaSID $ sambaPwdLastSet ))
+
+##
+## Trust password for trusted domains
+## (to be stored beneath the trusting sambaDomain object in the DIT)
+##
+objectclass ( 1.3.6.1.4.1.7165.2.2.15 NAME 'sambaTrustedDomainPassword' SUP top STRUCTURAL
+	DESC 'Samba Trusted Domain Password'
+	MUST ( sambaDomainName $ sambaSID $
+	       sambaClearTextPassword $ sambaPwdLastSet )
+	MAY  ( sambaPreviousClearTextPassword ))
+
+##
+## Whole-of-domain info
+##
+objectclass ( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' SUP top STRUCTURAL
+	DESC 'Samba Domain Information'
+	MUST ( sambaDomainName $ 
+	       sambaSID ) 
+	MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $
+	      sambaAlgorithmicRidBase $ 
+	      sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd $
+	      sambaMaxPwdAge $ sambaMinPwdAge $
+	      sambaLockoutDuration $ sambaLockoutObservationWindow $ sambaLockoutThreshold $
+	      sambaForceLogoff $ sambaRefuseMachinePwdChange ))
+
+##
+## used for idmap_ldap module
+##
+objectclass ( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' SUP top AUXILIARY
+        DESC 'Pool for allocating UNIX uids/gids'
+        MUST ( uidNumber $ gidNumber ) )
+
+
+objectclass ( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' SUP top AUXILIARY
+        DESC 'Mapping from a SID to an ID'
+        MUST ( sambaSID )
+	MAY ( uidNumber $ gidNumber ) )
+
+objectclass ( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' SUP top STRUCTURAL
+	DESC 'Structural Class for a SID'
+	MUST ( sambaSID ) )
+
+objectclass ( 1.3.6.1.4.1.7165.2.2.10 NAME 'sambaConfig' SUP top AUXILIARY
+	DESC 'Samba Configuration Section'
+	MAY ( description ) )
+
+objectclass ( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' SUP top STRUCTURAL
+	DESC 'Samba Share Section'
+	MUST ( sambaShareName )
+	MAY ( description ) )
+
+objectclass ( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' SUP top STRUCTURAL
+	DESC 'Samba Configuration Option'
+	MUST ( sambaOptionName )
+	MAY ( sambaBoolOption $ sambaIntegerOption $ sambaStringOption $ 
+	      sambaStringListoption $ description ) )
+
+
+## retired during privilege rewrite
+##objectclass ( 1.3.6.1.4.1.7165.2.2.13 NAME 'sambaPrivilege' SUP top AUXILIARY
+##	DESC 'Samba Privilege'
+##	MUST ( sambaSID )
+##	MAY ( sambaPrivilegeList ) )
+
+##
+## used for IPA_ldapsam
+##
+objectclass ( 1.3.6.1.4.1.7165.2.2.16 NAME 'sambaTrustedDomain' SUP top STRUCTURAL
+	DESC 'Samba Trusted Domain Object'
+	MUST ( cn )
+	MAY ( sambaTrustType $ sambaTrustAttributes $ sambaTrustDirection $
+	      sambaTrustPartner $ sambaFlatName $ sambaTrustAuthOutgoing $
+	      sambaTrustAuthIncoming $ sambaSecurityIdentifier $
+	      sambaTrustForestTrustInfo $ sambaTrustPosixOffset $
+	      sambaSupportedEncryptionTypes) )

image/service/slapd/startup.sh

@@ -38,20 +38,6 @@ file_env 'LDAP_ADMIN_PASSWORD'
 file_env 'LDAP_CONFIG_PASSWORD'
 file_env 'LDAP_READONLY_USER_PASSWORD'
 
-# Seed ldif from internal path if specified
-file_env 'LDAP_SEED_INTERNAL_LDIF_PATH'
-if [ ! -z "${LDAP_SEED_INTERNAL_LDIF_PATH}" ]; then
-  mkdir -p /container/service/slapd/assets/config/bootstrap/ldif/custom/
-  cp -R ${LDAP_SEED_INTERNAL_LDIF_PATH}/*.ldif /container/service/slapd/assets/config/bootstrap/ldif/custom/
-fi
-
-# Seed schema from internal path if specified
-file_env 'LDAP_SEED_INTERNAL_SCHEMA_PATH'
-if [ ! -z "${LDAP_SEED_INTERNAL_SCHEMA_PATH}" ]; then
-  mkdir -p /container/service/slapd/assets/config/bootstrap/schema/custom/
-  cp -R ${LDAP_SEED_INTERNAL_SCHEMA_PATH}/*.schema /container/service/slapd/assets/config/bootstrap/schema/custom/
-fi
-
 # create dir if they not already exists
 [ -d /var/lib/ldap ] || mkdir -p /var/lib/ldap
 [ -d /etc/ldap/slapd.d ] || mkdir -p /etc/ldap/slapd.d
@@ -104,6 +90,28 @@ LDAP_TLS_CRT_PATH="${CONTAINER_SERVICE_DIR}/slapd/assets/certs/$LDAP_TLS_CRT_FIL
 LDAP_TLS_KEY_PATH="${CONTAINER_SERVICE_DIR}/slapd/assets/certs/$LDAP_TLS_KEY_FILENAME"
 LDAP_TLS_DH_PARAM_PATH="${CONTAINER_SERVICE_DIR}/slapd/assets/certs/$LDAP_TLS_DH_PARAM_FILENAME"
 
+copy_internal_seed_if_exists() {
+  local src=$1
+  local dest=$2
+  if [ ! -z "${src}" ]; then
+    echo  -e "Copy from internal path ${src} to ${dest}"
+    cp -R ${src} ${dest}
+  fi
+}
+
+# Copy seed files from internal path if specified
+file_env 'LDAP_SEED_INTERNAL_LDAP_TLS_CRT_FILE'
+copy_internal_seed_if_exists "${LDAP_SEED_INTERNAL_LDAP_TLS_CRT_FILE}" "${LDAP_TLS_CRT_PATH}"
+file_env 'LDAP_SEED_INTERNAL_LDAP_TLS_KEY_FILE'
+copy_internal_seed_if_exists "${LDAP_SEED_INTERNAL_LDAP_TLS_KEY_FILE}" "${LDAP_TLS_KEY_PATH}"
+file_env 'LDAP_SEED_INTERNAL_LDAP_TLS_CA_CRT_FILE'
+copy_internal_seed_if_exists "${LDAP_SEED_INTERNAL_LDAP_TLS_CA_CRT_FILE}" "${LDAP_TLS_CA_CRT_PATH}"
+file_env 'LDAP_SEED_INTERNAL_LDAP_TLS_DH_PARAM_FILE'
+copy_internal_seed_if_exists "${LDAP_SEED_INTERNAL_LDAP_TLS_DH_PARAM_FILE}" "${LDAP_TLS_DH_PARAM_PATH}"
+file_env 'LDAP_SEED_INTERNAL_SCHEMA_PATH'
+copy_internal_seed_if_exists "${LDAP_SEED_INTERNAL_SCHEMA_PATH}" "${CONTAINER_SERVICE_DIR}/slapd/assets/config/bootstrap/schema/custom"
+file_env 'LDAP_SEED_INTERNAL_LDIF_PATH'
+copy_internal_seed_if_exists "${LDAP_SEED_INTERNAL_LDIF_PATH}" "${CONTAINER_SERVICE_DIR}/slapd/assets/config/bootstrap/ldif/custom"
 
 # CONTAINER_SERVICE_DIR and CONTAINER_STATE_DIR variables are set by
 # the baseimage run tool more info : https://github.com/osixia/docker-light-baseimage
@@ -482,6 +490,13 @@ EOF
       [[ -f "$WAS_STARTED_WITH_REPLICATION" ]] && rm -f "$WAS_STARTED_WITH_REPLICATION"
       echo "export PREVIOUS_HOSTNAME=${HOSTNAME}" > $WAS_STARTED_WITH_REPLICATION
 
+    elif [ "${LDAP_REPLICATION,,}" == "own" ]; then
+
+      log-helper info "Not touching replication config..."
+
+      [[ -f "$WAS_STARTED_WITH_REPLICATION" ]] && rm -f "$WAS_STARTED_WITH_REPLICATION"
+      echo "export PREVIOUS_HOSTNAME=${HOSTNAME}" > $WAS_STARTED_WITH_REPLICATION
+
     else
 
       log-helper info "Disable replication config..."
@@ -493,17 +508,17 @@ EOF
       get_ldap_base_dn
       LDAP_CONFIG_PASSWORD_ENCRYPTED=$(slappasswd -s "$LDAP_CONFIG_PASSWORD")
       LDAP_ADMIN_PASSWORD_ENCRYPTED=$(slappasswd -s "$LDAP_ADMIN_PASSWORD")
-      sed -i "s|{{ LDAP_CONFIG_PASSWORD_ENCRYPTED }}|${LDAP_CONFIG_PASSWORD_ENCRYPTED}|g" ${CONTAINER_SERVICE_DIR}/slapd/assets/config/admin-pw/ldif/06-root-pw-change.ldif
-      sed -i "s|{{ LDAP_ADMIN_PASSWORD_ENCRYPTED }}|${LDAP_ADMIN_PASSWORD_ENCRYPTED}|g" ${CONTAINER_SERVICE_DIR}/slapd/assets/config/admin-pw/ldif/06-root-pw-change.ldif
-      sed -i "s|{{ LDAP_BACKEND }}|${LDAP_BACKEND}|g" ${CONTAINER_SERVICE_DIR}/slapd/assets/config/admin-pw/ldif/06-root-pw-change.ldif
-      sed -i "s|{{ LDAP_ADMIN_PASSWORD_ENCRYPTED }}|${LDAP_ADMIN_PASSWORD_ENCRYPTED}|g" ${CONTAINER_SERVICE_DIR}/slapd/assets/config/admin-pw/ldif/07-admin-pw-change.ldif
-      sed -i "s|{{ LDAP_BASE_DN }}|${LDAP_BASE_DN}|g" ${CONTAINER_SERVICE_DIR}/slapd/assets/config/admin-pw/ldif/07-admin-pw-change.ldif
+      sed -i "s|{{ LDAP_CONFIG_PASSWORD_ENCRYPTED }}|${LDAP_CONFIG_PASSWORD_ENCRYPTED}|g" ${CONTAINER_SERVICE_DIR}/slapd/assets/config/admin/root-password-change.ldif
+      sed -i "s|{{ LDAP_ADMIN_PASSWORD_ENCRYPTED }}|${LDAP_ADMIN_PASSWORD_ENCRYPTED}|g" ${CONTAINER_SERVICE_DIR}/slapd/assets/config/admin/root-password-change.ldif
+      sed -i "s|{{ LDAP_BACKEND }}|${LDAP_BACKEND}|g" ${CONTAINER_SERVICE_DIR}/slapd/assets/config/admin/root-password-change.ldif
+      sed -i "s|{{ LDAP_ADMIN_PASSWORD_ENCRYPTED }}|${LDAP_ADMIN_PASSWORD_ENCRYPTED}|g" ${CONTAINER_SERVICE_DIR}/slapd/assets/config/admin/admin-password-change.ldif
+      sed -i "s|{{ LDAP_BASE_DN }}|${LDAP_BASE_DN}|g" ${CONTAINER_SERVICE_DIR}/slapd/assets/config/admin/admin-password-change.ldif
+
+      ldap_add_or_modify "${CONTAINER_SERVICE_DIR}/slapd/assets/config/admin/root-password-change.ldif"
+      ldap_add_or_modify "${CONTAINER_SERVICE_DIR}/slapd/assets/config/admin/admin-password-change.ldif" | log-helper debug || true
 
-      for f in $(find ${CONTAINER_SERVICE_DIR}/slapd/assets/config/admin-pw/ldif -type f -name \*.ldif  | sort); do
-        ldap_add_or_modify "$f"
-      done
     else
-       touch "$WAS_ADMIN_PASSWORD_SET"
+        touch "$WAS_ADMIN_PASSWORD_SET"
     fi
 
     #

test/test.bats

@@ -94,10 +94,10 @@ load test_helper
   sleep 5
 
   run docker exec $LDAP_CID ldapsearch -x -h ldap.example.org -b dc=example,dc=org -D "cn=admin,dc=example,dc=org" -w admin
-  run docker exec $LDAP_CID chown -R $UID:$UID /var/lib/ldap /etc/ldap/slapd.d
+  docker exec $LDAP_CID chown -R $UID:$UID /var/lib/ldap /etc/ldap/slapd.d
   docker kill $LDAP_CID
-  rm -rf VOLUMES
   clear_containers_by_cid $LDAP_CID
+  rm -rf VOLUMES
 
   [ "$status" -eq 0 ]