#
# Preliminary Apple OS X Native LDAP Schema
# This file is subject to change.
#
#
# Container structural object class.
#
#objectclass (
# 1.2.840.113556.1.3.23
# NAME 'container'
# SUP top
# STRUCTURAL
# MUST ( cn ) )
#
# Time to live
#
attributetype (
1.3.6.1.4.1.250.1.60
NAME 'ttl'
EQUALITY integerMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )
objectclass (
1.3.6.1.4.1.250.3.18
NAME 'cacheObject'
AUXILIARY
SUP top
DESC 'Auxiliary object class to hold TTL caching information'
MAY ( ttl ) )
#
# User attributes 1.3.6.1.4.1.63.1000.1.1.1.1
#
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.1.6
NAME 'apple-user-homeurl'
DESC 'home directory URL'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.1.7
NAME 'apple-user-class'
DESC 'user class'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.1.8
NAME 'apple-user-homequota'
DESC 'home directory quota'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.1.9
NAME 'apple-user-mailattribute'
DESC 'mail attribute'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.1.10
NAME 'apple-mcxflags'
DESC 'mcx flags'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
#attributetype (
# 1.3.6.1.4.1.63.1000.1.1.1.1.11
# NAME 'apple-mcxsettings'
# DESC 'mcx settings'
# EQUALITY caseExactMatch
# SUBSTR caseExactSubstringsMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.1.16
NAME ( 'apple-mcxsettings' 'apple-mcxsettings2' )
DESC 'mcx settings'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.1.12
NAME 'apple-user-picture'
DESC 'picture'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.1.13
NAME 'apple-user-printattribute'
DESC 'print attribute'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.1.14
NAME 'apple-user-adminlimits'
DESC 'admin limits'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.1.15
NAME 'apple-user-authenticationhint'
DESC 'password hint'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.1.17
NAME 'apple-user-homesoftquota'
DESC 'home directory soft quota'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.1.18
NAME 'apple-user-passwordpolicy'
DESC 'password policy options'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.1.19
NAME ( 'apple-keyword' )
DESC 'keywords'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.1.20
NAME ( 'apple-generateduid' )
DESC 'generated unique ID'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.1.21
NAME ( 'apple-imhandle' )
DESC 'IM handle (service:account name)'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.1.22
NAME ( 'apple-webloguri' )
DESC 'Weblog URI'
EQUALITY caseIgnoreMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.1.23
NAME ( 'apple-mapcoordinates' )
DESC 'Map Coordinates'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.1.24
NAME ( 'apple-postaladdresses' )
DESC 'Postal Addresses'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.1.25
NAME ( 'apple-phonecontacts' )
DESC 'Phone Contacts'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.1.26
NAME ( 'apple-emailcontacts' )
DESC 'EMail Contacts'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.1.27
NAME ( 'apple-birthday' )
DESC 'Birthday'
EQUALITY generalizedTimeMatch
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.1.28
NAME ( 'apple-relationships' )
DESC 'Relationships'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.1.29
NAME ( 'apple-company' )
DESC 'company'
EQUALITY caseIgnoreMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.1.30
NAME ( 'apple-nickname' )
DESC 'nickname'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.1.31
NAME ( 'apple-mapuri' )
DESC 'Map URI'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.1.32
NAME ( 'apple-mapguid' )
DESC 'map GUID'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.1.33
NAME ( 'apple-serviceslocator' )
DESC 'Calendar Principal URI'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.1.34
NAME 'apple-organizationinfo'
DESC 'Originization Info data'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.1.35
NAME ( 'apple-namesuffix' )
DESC 'namesuffix'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.1.36
NAME ( 'apple-primarycomputerlist' )
DESC 'primary computer list'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.1.37
NAME 'apple-user-passwordpolicy-effective'
DESC 'password effective policy options'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
# Alternative to using homeDirectory from RFC 2307.
#attributetype (
# 1.3.6.1.4.1.63.1000.1.1.1.1.100
# NAME 'apple-user-homeDirectory'
# DESC 'The absolute path to the home directory'
# EQUALITY caseExactIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
#
# User object class.
#
objectclass (
1.3.6.1.4.1.63.1000.1.1.2.1
NAME 'apple-user'
SUP top
AUXILIARY
DESC 'apple user account'
MAY ( apple-user-homeurl $ apple-user-class $
apple-user-homequota $ apple-user-mailattribute $
apple-user-printattribute $ apple-mcxflags $
apple-mcxsettings $ apple-user-adminlimits $
apple-user-picture $ apple-user-authenticationhint $
apple-user-homesoftquota $ apple-user-passwordpolicy $
apple-keyword $ apple-generateduid $ apple-imhandle $ apple-webloguri $
authAuthority $ acctFlags $ pwdLastSet $ logonTime $
logoffTime $ kickoffTime $ homeDrive $ scriptPath $
profilePath $ userWorkstations $ smbHome $ rid $
primaryGroupID $ sambaSID $ sambaPrimaryGroupSID $
userCertificate $ userPKCS12 $ jpegPhoto $ apple-nickname $ apple-namesuffix $
apple-birthday $ apple-relationships $ apple-organizationinfo $
apple-phonecontacts $ apple-emailcontacts $ apple-postaladdresses $
apple-mapcoordinates $ apple-mapuri $ apple-mapguid $ apple-serviceslocator $
altSecurityIdentities ) )
#
# Group attributes 1.3.6.1.4.1.63.1000.1.1.1.14
#
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.14.1
NAME 'apple-group-homeurl'
DESC 'group home url'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.14.2
NAME 'apple-group-homeowner'
DESC 'group home owner settings'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.14.5
NAME 'apple-group-realname'
DESC 'group real name'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.14.6
NAME 'apple-group-nestedgroup'
DESC 'group real name'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.14.7
NAME 'apple-group-memberguid'
DESC 'group real name'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.14.8
NAME 'apple-group-services'
DESC 'group services'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# Alternative to using memberUid from RFC 2307.
#attributetype (
# 1.3.6.1.4.1.63.1000.1.1.1.14.1000
# NAME 'apple-group-memberUid'
# DESC 'group member list'
# EQUALITY caseExactIA5Match
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
# can also use OID 1.3.6.1.4.1.63.1000.1.1.2.1000
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.14.9
NAME ( 'apple-contactguid' )
DESC 'contact GUID'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.14.10
NAME ( 'apple-ownerguid' )
DESC 'owner GUID'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.14.11
NAME ( 'apple-primarycomputerguid' )
DESC 'primary computer GUID'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.14.12
NAME 'apple-group-expandednestedgroup'
DESC 'expanded nested group list'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.14.13
NAME 'apple-selfwrite'
DESC 'selfwrite flag'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.14.14
NAME 'apple-locale-relay'
DESC 'designated locale relay server for replication'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.14.15
NAME 'apple-locale-subnets'
DESC 'subnets associated with a locale'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
#
# Group auxiliary object class.
#
objectclass (
1.3.6.1.4.1.63.1000.1.1.2.14
NAME 'apple-group'
SUP top
AUXILIARY
DESC 'group account'
MAY ( apple-group-homeurl $
apple-group-homeowner $
apple-mcxflags $
apple-mcxsettings $
apple-group-realname $
apple-user-picture $
apple-keyword $
apple-generateduid $
apple-group-nestedgroup $
apple-group-memberguid $
mail $
rid $
sambaSID $
ttl $
jpegPhoto $
apple-group-services $
apple-contactguid $
apple-ownerguid $
labeledURI $
apple-locale-relay $
apple-locale-subnets $
apple-serviceslocator ) )
#
# Machine attributes 1.3.6.1.4.1.63.1000.1.1.1.3
#
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.3.8
NAME 'apple-machine-software'
DESC 'installed system software'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.3.9
NAME 'apple-machine-hardware'
DESC 'system hardware description'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeType (
1.3.6.1.4.1.63.1000.1.1.1.3.10
NAME 'apple-machine-serves'
DESC 'NetInfo Domain Server Binding'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributeType (
1.3.6.1.4.1.63.1000.1.1.1.3.11
NAME 'apple-machine-suffix'
DESC 'DIT suffix'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributeType (
1.3.6.1.4.1.63.1000.1.1.1.3.12
NAME 'apple-machine-contactperson'
DESC 'Name of contact person/owner of this machine'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
#
# for backward compatibility with directory-based schema from Tiger
#
attributeType (
1.3.6.1.4.1.63.1000.1.1.1.22.1
NAME 'attributeTypesConfig'
DESC 'RFC2252: attribute types'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributeType (
1.3.6.1.4.1.63.1000.1.1.1.22.2
NAME 'objectClassesConfig'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
#
# Machine auxiliary object class.
#
objectclass (
1.3.6.1.4.1.63.1000.1.1.2.3
NAME 'apple-machine'
SUP top
AUXILIARY
MAY ( apple-machine-software $
apple-machine-hardware $
apple-machine-serves $
apple-machine-suffix $
apple-machine-contactperson ) )
#
# Mount attributes 1.3.6.1.4.1.63.1000.1.1.1.8
#
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.8.1
NAME 'mountDirectory'
DESC 'mount path'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.8.2
NAME 'mountType'
DESC 'mount VFS type'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.8.3
NAME 'mountOption'
DESC 'mount options'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.8.4
NAME 'mountDumpFrequency'
DESC 'mount dump frequency'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.8.5
NAME 'mountPassNo'
DESC 'mount passno'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
# Alternative to using 'cn' when adding mount record schema to other LDAP servers
#attributetype (
# 1.3.6.1.4.1.63.1000.1.1.1.8.100
# NAME ( 'apple-mount-name' )
# DESC 'mount name'
# SUP name )
#
# Mount object 1.3.6.1.4.1.63.1000.1.1.2.8
#
objectclass (
1.3.6.1.4.1.63.1000.1.1.2.8
NAME 'mount'
SUP top STRUCTURAL
MUST ( cn )
MAY ( mountDirectory $
mountType $
mountOption $
mountDumpFrequency $
mountPassNo ) )
#
# Printer attributes 1.3.6.1.4.1.63.1000.1.1.1.9
#
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.9.1
NAME 'apple-printer-attributes'
DESC 'printer attributes in /etc/printcap format'
EQUALITY caseIgnoreIA5Match
SUBSTR caseIgnoreIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.9.2
NAME 'apple-printer-lprhost'
DESC 'printer LPR host name'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.9.3
NAME 'apple-printer-lprqueue'
DESC 'printer LPR queue'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.9.4
NAME 'apple-printer-type'
DESC 'printer type'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.9.5
NAME 'apple-printer-note'
DESC 'printer note'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
#
# Printer object 1.3.6.1.4.1.63.1000.1.1.2.9
#
objectclass (
1.3.6.1.4.1.63.1000.1.1.2.9
NAME 'apple-printer'
SUP top STRUCTURAL
MUST ( cn )
MAY ( apple-printer-attributes $
apple-printer-lprhost $
apple-printer-lprqueue $
apple-printer-type $
apple-printer-note ) )
#
# Computer attributes 1.3.6.1.4.1.63.1000.1.1.1.10
#
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.10.2
NAME 'apple-realname'
DESC 'real name'
EQUALITY caseIgnoreMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.10.3
NAME 'apple-networkview'
DESC 'Network view for the computer'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.10.4
NAME 'apple-category'
DESC 'Category for the computer or neighborhood'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.10.5
NAME 'apple-srv'
DESC 'List of services to advertize via srv records'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.10.6
NAME 'apple-primary-locale'
DESC 'primary locale for replication'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.10.7
NAME 'apple-parentlocales'
DESC 'parent locale'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.10.8
NAME 'apple-networkinterfaces'
DESC 'list of available network interfaces'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
#
# Computer list attributes 1.3.6.1.4.1.63.1000.1.1.1.11
#
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.11.3
NAME 'apple-computers'
DESC 'computers'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.11.4
NAME 'apple-computer-list-groups'
DESC 'groups'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
#
# XML plist attribute 1.3.6.1.4.1.63.1000.1.1.1.17.1
#
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.17.1
NAME 'apple-xmlplist'
DESC 'XML plist data'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
#
# Service URL attributes 1.3.6.1.4.1.63.1000.1.1.1.19.2
#
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.19.2
NAME 'apple-service-url'
DESC 'URL of service'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
#
# Service Info attributes 1.3.6.1.4.1.63.1000.1.1.1.19.6
#
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.19.6
NAME 'apple-serviceinfo'
DESC 'service related information'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.19.7
NAME 'apple-hwuuid'
DESC 'Hardware uuid of computer'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.19.8
NAME 'apple-ldap-serverid'
DESC 'ID used by LDAP'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
#
# Computer object 1.3.6.1.4.1.63.1000.1.1.2.10
#
objectclass (
1.3.6.1.4.1.63.1000.1.1.2.10
NAME 'apple-computer'
DESC 'computer'
SUP top STRUCTURAL
MUST ( cn )
MAY ( apple-realname $
description $
macAddress $
apple-category $
apple-computer-list-groups $
apple-keyword $
apple-mcxflags $
apple-mcxsettings $
apple-networkview $
apple-xmlplist $
apple-service-url $
apple-serviceinfo $
apple-serviceslocator $
apple-primarycomputerlist $
apple-ldap-serverid $
authAuthority $
uidNumber $ gidNumber $ apple-generateduid $ ttl $
acctFlags $ pwdLastSet $ logonTime $
logoffTime $ kickoffTime $ rid $ primaryGroupID $
sambaSID $ sambaPrimaryGroupSID $
owner $ apple-ownerguid $ apple-contactguid $
ipHostNumber $ bootFile $ apple-hwuuid $ apple-srv $
apple-primary-locale $ apple-parentlocales $
apple-networkinterfaces $ userCertificate $ userPKCS12) )
#
# Computer list object 1.3.6.1.4.1.63.1000.1.1.2.11
#
objectclass (
1.3.6.1.4.1.63.1000.1.1.2.11
NAME 'apple-computer-list'
DESC 'computer list'
SUP top STRUCTURAL
MUST ( cn )
MAY ( apple-mcxflags $
apple-mcxsettings $
apple-computer-list-groups $
apple-computers $
apple-generateduid $
apple-keyword ) )
#
# Configuration attributes 1.3.6.1.4.1.63.1000.1.1.1.12
#
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.12.1
NAME 'apple-password-server-location'
DESC 'password server location'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.12.2
NAME 'apple-data-stamp'
DESC 'data stamp'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.12.3
NAME 'apple-config-realname'
DESC 'config real name'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.12.4
NAME 'apple-password-server-list'
DESC 'password server replication plist'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.12.5
NAME 'apple-ldap-replica'
DESC 'LDAP replication list'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.12.6
NAME 'apple-ldap-writable-replica'
DESC 'LDAP writable replication list'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.12.7
NAME 'apple-kdc-authkey'
DESC 'KDC master key RSA encrypted with realm public key'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.12.8
NAME 'apple-kdc-configdata'
DESC 'Contents of the kdc.conf file'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.12.9
NAME 'apple-last-serverid'
DESC 'Last serverID used'
EQUALITY integerMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.27'
SINGLE-VALUE )
#
# Configuration object 1.3.6.1.4.1.63.1000.1.1.2.12
#
objectclass (
1.3.6.1.4.1.63.1000.1.1.2.12
NAME 'apple-configuration'
DESC 'configuration'
SUP top STRUCTURAL
MAY ( cn $ apple-config-realname $
apple-data-stamp $ apple-password-server-location $
apple-password-server-list $ apple-ldap-replica $
apple-ldap-writable-replica $ apple-keyword $
apple-kdc-authkey $ apple-kdc-configdata $ apple-xmlplist $ ttl $
apple-last-serverid ) )
#
# Preset computer list object class.
#
objectclass (
1.3.6.1.4.1.63.1000.1.1.2.13
NAME 'apple-preset-computer-list'
DESC 'preset computer list'
SUP top STRUCTURAL
MUST ( cn )
MAY ( apple-mcxflags $
apple-mcxsettings $
apple-computer-list-groups $
apple-keyword ) )
#
# Preset computer object class.
#
objectclass (
1.3.6.1.4.1.63.1000.1.1.2.25
NAME 'apple-preset-computer'
DESC 'preset computer'
SUP top STRUCTURAL
MUST ( cn )
MAY ( apple-mcxflags $
apple-mcxsettings $
apple-computer-list-groups $
apple-primarycomputerlist $
description $
apple-networkview $
apple-keyword ) )
#
# Preset computer group object class.
#AttributeTypes:
objectclass (
1.3.6.1.4.1.63.1000.1.1.2.26
NAME 'apple-preset-computer-group'
DESC 'preset computer group'
SUP top STRUCTURAL
MUST ( cn )
MAY ( gidNumber $
memberUID $
apple-mcxflags $
apple-mcxsettings $
apple-group-nestedgroup $
description $
jpegPhoto $
apple-keyword ) )
#
# Preset group object 1.3.6.1.4.1.63.1000.1.1.3.14
#
objectclass (
1.3.6.1.4.1.63.1000.1.1.3.14
NAME 'apple-preset-group'
DESC 'preset group'
SUP top STRUCTURAL
MUST ( cn )
MAY ( memberUid $
gidNumber $
description $
apple-group-homeurl $
apple-group-homeowner $
apple-mcxflags $
apple-mcxsettings $
apple-group-realname $
apple-keyword $
apple-group-nestedgroup $
apple-group-memberguid $
ttl $
jpegPhoto $
apple-group-services $
labeledURI $
apple-serviceslocator ) )
#
# Preset user object attributes 1.3.6.1.4.1.63.1000.1.1.1.15
#
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.15.1
NAME 'apple-preset-user-is-admin'
DESC 'flag indicating whether the preset user is an administrator'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
#
# Preset user object 1.3.6.1.4.1.63.1000.1.1.2.15
#
objectclass (
1.3.6.1.4.1.63.1000.1.1.2.15
NAME 'apple-preset-user'
DESC 'preset user'
SUP top STRUCTURAL
MUST ( cn )
MAY ( uid $
memberUid $
gidNumber $
homeDirectory $
apple-user-homeurl $
apple-user-homequota $
apple-user-homesoftquota $
apple-user-mailattribute $
apple-user-printattribute $
apple-mcxflags $
apple-mcxsettings $
apple-user-adminlimits $
apple-user-passwordpolicy $
userPassword $
apple-user-picture $
apple-keyword $
loginShell $
description $
shadowLastChange $
shadowExpire $
authAuthority $
homeDrive $ scriptPath $ profilePath $ smbHome $
apple-preset-user-is-admin $
jpegPhoto $
apple-relationships $ apple-phonecontacts $ apple-emailcontacts $ apple-postaladdresses $ apple-mapcoordinates $
apple-serviceslocator ) )
#
# Authentication authority attribute 1.3.6.1.4.1.63.1000.1.1.2.16.1
#
#attributetype (
# 1.3.6.1.4.1.63.1000.1.1.2.16.1
# NAME 'authAuthority'
# DESC 'password server authentication authority'
# EQUALITY caseExactIA5Match
# SUBSTR caseExactIA5SubstringsMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
#attributetype (
# 1.3.6.1.4.1.63.1000.1.1.2.16.2
# NAME ( 'authAuthority' 'authAuthority2' )
# DESC 'password server authentication authority'
# EQUALITY caseExactMatch
# SUBSTR caseExactSubstringsMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
#
# Authentication authority object 1.3.6.1.4.1.63.1000.1.1.2.16
#
objectclass (
1.3.6.1.4.1.63.1000.1.1.2.16
NAME 'authAuthorityObject'
SUP top AUXILIARY
MAY ( authAuthority ) )
#
# Server Assistant configuration object 1.3.6.1.4.1.63.1000.1.1.2.17
#
objectclass (
1.3.6.1.4.1.63.1000.1.1.2.17
NAME 'apple-serverassistant-config'
SUP top STRUCTURAL
MUST ( cn )
MAY ( apple-xmlplist ) )
#
# Location object attributes 1.3.6.1.4.1.63.1000.1.1.1.18
#
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.18.1
NAME 'apple-dns-domain'
DESC 'DNS domain'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.18.2
NAME 'apple-dns-nameserver'
DESC 'DNS name server list'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
#
# Location object 1.3.6.1.4.1.63.1000.1.1.2.18
#
objectclass (
1.3.6.1.4.1.63.1000.1.1.2.18
NAME 'apple-location'
SUP top AUXILIARY
MUST ( cn )
MAY ( apple-dns-domain $ apple-dns-nameserver ) )
#
# Service object attributes 1.3.6.1.4.1.63.1000.1.1.1.19
#
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.19.1
NAME 'apple-service-type'
DESC 'type of service'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
#attributetype (
# 1.3.6.1.4.1.63.1000.1.1.1.19.2
# NAME 'apple-service-url'
# DESC 'URL of service'
# EQUALITY caseExactIA5Match
# SUBSTR caseExactIA5SubstringsMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.19.3
NAME 'apple-service-port'
DESC 'Service port number'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.19.4
NAME 'apple-dnsname'
DESC 'DNS name'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.19.5
NAME 'apple-service-location'
DESC 'Service location'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
#
# Service object 1.3.6.1.4.1.63.1000.1.1.2.19
#
objectclass (
1.3.6.1.4.1.63.1000.1.1.2.19
NAME 'apple-service'
SUP top STRUCTURAL
MUST ( cn $
apple-service-type )
MAY ( ipHostNumber $
description $
apple-service-location $
apple-service-url $
apple-service-port $
apple-dnsname $
apple-keyword ) )
#
# Neighborhood object attributes 1.3.6.1.4.1.63.1000.1.1.1.20
#
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.20.1
NAME 'apple-nodepathxml'
DESC 'XML plist of directory node path'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.20.2
NAME 'apple-neighborhoodalias'
DESC 'XML plist referring to another neighborhood record'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.20.3
NAME 'apple-computeralias'
DESC 'XML plist referring to a computer record'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
#
# Neighborhood object 1.3.6.1.4.1.63.1000.1.1.2.20
#
objectclass (
1.3.6.1.4.1.63.1000.1.1.2.20
NAME 'apple-neighborhood'
SUP top STRUCTURAL
MUST ( cn )
MAY ( description $
apple-generateduid $
apple-category $
apple-nodepathxml $
apple-neighborhoodalias $
apple-computeralias $
apple-keyword $
apple-realname $
apple-xmlplist $
ttl ) )
#
# ACL object attributes 1.3.6.1.4.1.63.1000.1.1.1.21
#
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.21.1
NAME 'apple-acl-entry'
DESC 'acl entry'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
#
# ACL object 1.3.6.1.4.1.63.1000.1.1.2.21
#
objectclass (
1.3.6.1.4.1.63.1000.1.1.2.21
NAME 'apple-acl'
SUP top STRUCTURAL
MUST ( cn $
apple-acl-entry ) )
#
# Schema attributes 1.3.6.1.4.1.63.1000.1.1.1.22
#
#attributetype (
# 1.3.6.1.4.1.63.1000.1.1.1.22.1
# NAME 'attributeTypesConfig'
# DESC 'attribute type configuration'
# EQUALITY objectIdentifierFirstComponentMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 )
#attributetype (
# 1.3.6.1.4.1.63.1000.1.1.1.22.2
# NAME 'objectClassesConfig'
# DESC 'object class configuration'
# EQUALITY objectIdentifierFirstComponentMatch
# SYNTAX 1.3.6.1.4.1.1466.115.121.1.37 )
#
# Resource attributes 1.3.6.1.4.1.63.1000.1.1.1.23
#
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.23.1
NAME 'apple-resource-type'
DESC 'resource type'
EQUALITY caseExactIA5Match
SUBSTR caseExactIA5SubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.23.2
NAME 'apple-resource-info'
DESC 'resource info'
EQUALITY caseExactMatch
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
attributetype (
1.3.6.1.4.1.63.1000.1.1.1.23.3
NAME 'apple-capacity'
DESC 'capacity'
EQUALITY integerMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )
#
# Resource object 1.3.6.1.4.1.63.1000.1.1.2.23
#
objectclass (
1.3.6.1.4.1.63.1000.1.1.2.23
NAME 'apple-resource'
SUP top STRUCTURAL
MUST ( cn )
MAY ( apple-realname $ description $ jpegPhoto $ apple-keyword $
apple-generateduid $ apple-contactguid $ apple-ownerguid $
apple-resource-info $ apple-resource-type $ apple-capacity $
labeledURI $ apple-mapuri $ apple-serviceslocator $ apple-phonecontacts $
c $ apple-mapguid $ apple-mapcoordinates $ apple-xmlplist ) )
#
# Augment object 1.3.6.1.4.1.63.1000.1.1.2.24
#
objectclass (
1.3.6.1.4.1.63.1000.1.1.2.24
NAME 'apple-augment'
SUP top
STRUCTURAL
MUST ( cn ) )
attributetype (
1.3.6.1.1.1.1.31
NAME 'automountMapName'
DESC 'automount Map Name'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributetype (
1.3.6.1.1.1.1.32
NAME 'automountKey'
DESC 'Automount Key value'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
attributetype (
1.3.6.1.1.1.1.33
NAME 'automountInformation'
DESC 'Automount information'
EQUALITY caseExactMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
SINGLE-VALUE )
objectclass (
1.3.6.1.1.1.2.16
NAME 'automountMap'
SUP top STRUCTURAL
MUST ( automountMapName )
MAY description )
objectclass (
1.3.6.1.1.1.2.17
NAME 'automount'
SUP top STRUCTURAL
DESC 'Automount'
MUST ( automountKey $ automountInformation )
MAY description )
#
# Apple User Info object 1.3.6.1.4.1.63.1000.1.1.2.27
#
objectclass (
1.3.6.1.4.1.63.1000.1.1.2.27
NAME 'apple-user-info'
SUP top STRUCTURAL
MAY ( apple-namesuffix $ apple-phonecontacts $ apple-emailcontacts $ apple-postaladdresses $
telephoneNumber $ mobile $ facsimileTelephoneNumber $ pager $
l $ st $ c $ postalCode $ postalAddress $ street $
apple-imhandle $ loginShell $ jpegPhoto $ apple-user-picture $ description $ userCertificate $ userPKCS12) )
#
# Apple Computer Info object 1.3.6.1.4.1.63.1000.1.1.2.31
#
objectclass (
1.3.6.1.4.1.63.1000.1.1.2.31
NAME 'apple-computer-info'
SUP top STRUCTURAL
MAY ( apple-serviceinfo $ apple-serviceslocator $ apple-keyword $ userCertificate $ userPKCS12) )
## Schema elements for PWS records in LDAP
## Proposed schema elements for PWS records in LDAP
# Last login time.
attributetype ( 1.3.6.1.1.1.1.35
NAME 'lastLoginTime'
EQUALITY generalizedTimeMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.24'
SINGLE-VALUE )
# Time of last password change.
attributetype ( 1.3.6.1.1.1.1.36
NAME 'passwordModDate'
EQUALITY generalizedTimeMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.24'
SINGLE-VALUE )
# User's authdata GUID, this is essentially the PWS slotid
attributetype ( 1.3.6.1.1.1.1.37
NAME 'authGUID'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
# Running tally of login failures.
attributetype ( 1.3.6.1.1.1.1.38
NAME 'loginFailedAttempts'
EQUALITY integerMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.27'
SINGLE-VALUE )
# Links the authdata record to the user record
attributetype ( 1.3.6.1.1.1.1.39
NAME 'userLinkage'
EQUALITY caseIgnoreMatch
SUBSTR caseIgnoreSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
# String containing the reason for disabling.
attributetype ( 1.3.6.1.1.1.1.40
NAME 'disableReason'
EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
SINGLE-VALUE )
# The following are attributes storing the secrets for each auth type
attributetype ( 1.3.6.1.1.1.1.42
NAME 'cmusaslsecretSMBNT'
EQUALITY octetStringMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.40'
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.43
NAME 'cmusaslsecretSMBLM'
EQUALITY octetStringMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.40'
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.44
NAME 'cmusaslsecretDIGEST-MD5'
EQUALITY octetStringMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.40'
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.45
NAME 'cmusaslsecretCRAM-MD5'
EQUALITY octetStringMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.40'
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.46
NAME 'cmusaslsecretPPS'
EQUALITY octetStringMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.40'
SINGLE-VALUE )
# The realm name and principal name are stored in the "secrets" area for
# the kerberos auth types. These may be unnecessary after the Heimdal transition.
attributetype ( 1.3.6.1.1.1.1.47
NAME 'KerberosRealmName'
EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.48
NAME 'KerberosPrincName'
EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
SINGLE-VALUE )
# User password, stored DES encrypted for obfuscation.
attributetype ( 1.3.6.1.1.1.1.49
NAME 'password'
EQUALITY octetStringMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.40'
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.50
NAME 'adminGroups'
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
SINGLE-VALUE )
# DIGEST-MD5 hash with username, sasl realm, password
attributetype ( 1.3.6.1.1.1.1.51
NAME 'cmusaslsecretDIGEST-UMD5'
EQUALITY octetStringMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.40'
SINGLE-VALUE )
# Time the user was created.
attributetype ( 1.3.6.1.1.1.1.55
NAME 'creationDate'
EQUALITY generalizedTimeMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.24'
SINGLE-VALUE )
# History data
attributetype ( 1.3.6.1.1.1.1.56
NAME 'historyData'
EQUALITY octetStringMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.40'
SINGLE-VALUE )
# Krb schema
attributetype ( 1.3.6.1.1.1.1.86
NAME 'draft-krbPrincipalName'
DESC 'Canonical principal name'
EQUALITY caseExactIA5Match
SUBSTR caseExactSubstringsMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.87
NAME 'draft-krbRealmName'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
attributetype ( 1.3.6.1.1.1.1.88
NAME 'draft-krbPrincipalAliases'
SUP draft-krbPrincipalName )
attributetype ( 1.3.6.1.1.1.1.89
NAME 'draft-krbTicketMaxLife'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.90
NAME 'draft-krbTicketMaxRenewal'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.91
NAME 'draft-krbEncSaltTypes'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
attributetype ( 1.3.6.1.1.1.1.92
NAME 'draft-krbKeySet'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
attributetype ( 1.3.6.1.1.1.1.93
NAME 'draft-krbKeyVersion'
EQUALITY integerMatch
ORDERING integerOrderingMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.94
NAME 'draft-krbPrincipalRealm'
DESC 'DN of krbRealm entry'
SUP distinguishedName )
attributetype ( 1.3.6.1.1.1.1.95
NAME 'draft-krbTicketPolicy'
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.96
NAME 'draft-krbExtraData'
EQUALITY octetStringMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
attributetype ( 1.3.6.1.1.1.1.98
NAME 'draft-krbPrincipalACL'
EQUALITY integerMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.27'
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.97
NAME 'crschallenge'
EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
SINGLE-VALUE )
# multivalued attribute to store computer account owner GUID.
attributetype ( 1.3.6.1.1.1.1.103
NAME 'ownerGUIDList'
DESC 'computer account owner GUID'
EQUALITY caseIgnoreMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
# objectclass representing a user/slot.
# uid is the shortname of the user as stored in PWS.
# apple-generateduid is intended to match the user's UID. Currently unpopulated
objectclass (
1.3.6.1.4.1.63.1000.1.1.2.28
NAME 'pwsAuthdata'
STRUCTURAL
MUST ( authGUID )
MAY ( uid $ authGUID $ passwordModDate $ lastLoginTime $ loginFailedAttempts $
disableReason $ apple-user-passwordpolicy $ adminGroups $ cmusaslsecretSMBNT $
cmusaslsecretSMBLM $ cmusaslsecretDIGEST-MD5 $ cmusaslsecretCRAM-MD5 $ cmusaslsecretPPS $
KerberosRealmName $ KerberosPrincName $ password $ creationDate $ historyData $
draft-krbPrincipalName $ draft-krbRealmName $ draft-krbPrincipalAliases $
draft-krbTicketMaxLife $ draft-krbTicketMaxRenewal $ draft-krbEncSaltTypes $
draft-krbKeySet $ draft-krbKeyVersion $ draft-krbPrincipalRealm $ draft-krbTicketPolicy $
draft-krbExtraData $ draft-krbPrincipalACL $ crschallenge $ userLinkage $
cmusaslsecretDIGEST-UMD5 $ ownerGUIDList ) )
# Multi valued attribute to store the names of auth methods considered "weak"
# "weak" auth methods are not allowed to be used for some privileged operations
attributetype ( 1.3.6.1.1.1.1.76
NAME 'weakAuthMethod'
EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
# object class storing global policy and weak auth methods.
objectclass (
1.3.6.1.4.1.63.1000.1.1.2.29
NAME 'pwPolicy'
STRUCTURAL
MUST ( cn )
MAY ( apple-user-passwordpolicy $ weakAuthMethod ) )
# PWS' private key. Stored in authdata container for security.
attributetype ( 1.3.6.1.1.1.1.77
NAME 'PWSPrivateKey'
EQUALITY octetStringMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.40'
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.78
NAME 'PWSPublicKey'
EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
SINGLE-VALUE )
# Allow storing the PWS private key in the root of the container, cn=config style
objectclass (
1.3.6.1.4.1.63.1000.1.1.2.30
NAME 'pwAuthData'
SUP container
MAY ( PWSPrivateKey $ PWSPublicKey ) )
# Allow storing certificate request information
attributetype ( 1.3.6.1.1.1.1.79
NAME 'apple-transactionID'
EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.80
NAME 'apple-pkiStatus'
EQUALITY integerMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.27'
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.81
NAME 'apple-failInfo'
EQUALITY integerMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.27'
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.82
NAME 'apple-certificateSigningRequest'
EQUALITY certificateExactMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.8'
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.83
NAME 'apple-device-guid'
EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.84
NAME 'apple-issuer'
EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.85
NAME 'apple-serialNumber'
EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.99
NAME 'apple-revocationReason'
EQUALITY integerMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.27'
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.100
NAME 'apple-revocationDate'
EQUALITY generalizedTimeMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.24'
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.101
NAME 'apple-validNotBefore'
EQUALITY generalizedTimeMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.24'
SINGLE-VALUE )
attributetype ( 1.3.6.1.1.1.1.102
NAME 'apple-validNotAfter'
EQUALITY generalizedTimeMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.24'
SINGLE-VALUE )
objectclass (
1.3.6.1.4.1.63.1000.1.1.2.33
NAME 'apple-certificateRequestInfo'
SUP top STRUCTURAL
MUST ( apple-transactionID $ apple-pkiStatus )
MAY ( apple-failInfo $ apple-issuer $ apple-serialNumber $
userCertificate $ apple-certificateSigningRequest $ apple-device-guid $
apple-xmlplist $ apple-revocationReason $ apple-revocationDate $
apple-validNotBefore $ apple-validNotAfter ) )
attributetype ( 1.3.6.1.1.1.1.104
NAME 'apple-enabled-auth-mech'
DESC 'Enabled auth mechs'
EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
attributetype ( 1.3.6.1.1.1.1.105
NAME 'apple-disabled-auth-mech'
DESC 'Disabled auth mechs'
EQUALITY caseIgnoreMatch
SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )