#ident $Id: apple.schema,v 1.20 2003/09/17 00:19:46 jtownsen Exp $ # # Preliminary Apple OS X Native LDAP Schema # This file is subject to change. # # # Container structural object class. # objectclass ( 1.2.840.113556.1.3.23 NAME 'container' SUP top STRUCTURAL MUST ( cn ) ) # # User attributes 1.3.6.1.4.1.63.1000.1.1.1.1 # attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.6 NAME 'apple-user-homeurl' DESC 'home directory URL' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.7 NAME 'apple-user-class' DESC 'user class' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.8 NAME 'apple-user-homequota' DESC 'home directory quota' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.9 NAME 'apple-user-mailattribute' DESC 'mail attribute' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.10 NAME 'apple-mcxflags' DESC 'mcx flags' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) #attributetype ( # 1.3.6.1.4.1.63.1000.1.1.1.1.11 # NAME 'apple-mcxsettings' # DESC 'mcx settings' # EQUALITY caseExactMatch # SUBSTR caseExactSubstringsMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.16 NAME ( 'apple-mcxsettings' 'apple-mcxsettings2' ) DESC 'mcx settings' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.12 NAME 'apple-user-picture' DESC 'picture' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.13 NAME 'apple-user-printattribute' DESC 'print attribute' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.14 NAME 'apple-user-adminlimits' DESC 'admin limits' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.15 NAME 'apple-user-authenticationhint' DESC 'password hint' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.17 NAME 'apple-user-homesoftquota' DESC 'home directory soft quota' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.18 NAME 'apple-user-passwordpolicy' DESC 'password policy options' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.19 NAME ( 'apple-keyword' ) DESC 'keywords' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.1.20 NAME ( 'apple-generateduid' ) DESC 'generated unique ID' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # Alternative to using homeDirectory from RFC 2307. #attributetype ( # 1.3.6.1.4.1.63.1000.1.1.1.1.100 # NAME 'apple-user-homeDirectory' # DESC 'The absolute path to the home directory' # EQUALITY caseExactIA5Match # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) # # User object class. # objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.1 NAME 'apple-user' SUP top AUXILIARY DESC 'apple user account' MAY ( apple-user-homeurl $ apple-user-class $ apple-user-homequota $ apple-user-mailattribute $ apple-user-printattribute $ apple-mcxflags $ apple-mcxsettings $ apple-user-adminlimits $ apple-user-picture $ apple-user-authenticationhint $ apple-user-homesoftquota $ apple-user-passwordpolicy $ apple-keyword $ apple-generateduid $ authAuthority $ acctFlags $ pwdLastSet $ logonTime $ logoffTime $ kickoffTime $ homeDrive $ scriptPath $ profilePath $ userWorkstations $ smbHome $ rid $ primaryGroupID ) ) # # Group attributes 1.3.6.1.4.1.63.1000.1.1.1.14 # attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.14.1 NAME 'apple-group-homeurl' DESC 'group home url' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.14.2 NAME 'apple-group-homeowner' DESC 'group home owner settings' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.14.5 NAME 'apple-group-realname' DESC 'group real name' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # Alternative to using memberUid from RFC 2307. #attributetype ( # 1.3.6.1.4.1.63.1000.1.1.1.14.1000 # NAME 'apple-group-memberUid' # DESC 'group member list' # EQUALITY caseExactIA5Match # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) # can also use OID 1.3.6.1.4.1.63.1000.1.1.2.1000 # # Group auxiliary object class. # objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.14 NAME 'apple-group' SUP top AUXILIARY DESC 'group account' MAY ( apple-group-homeurl $ apple-group-homeowner $ apple-mcxflags $ apple-mcxsettings $ apple-group-realname $ apple-user-picture $ apple-keyword $ apple-generateduid ) ) # # Machine attributes 1.3.6.1.4.1.63.1000.1.1.1.3 # attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.3.8 NAME 'apple-machine-software' DESC 'installed system software' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.3.9 NAME 'apple-machine-hardware' DESC 'system hardware description' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeType ( 1.3.6.1.4.1.63.1000.1.1.1.3.10 NAME 'apple-machine-serves' DESC 'NetInfo Domain Server Binding' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributeType ( 1.3.6.1.4.1.63.1000.1.1.1.3.11 NAME 'apple-machine-suffix' DESC 'DIT suffix' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # # Machine auxiliary object class. # objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.3 NAME 'apple-machine' SUP top AUXILIARY MAY ( apple-machine-software $ apple-machine-hardware $ apple-machine-serves $ apple-machine-suffix ) ) # # Mount attributes 1.3.6.1.4.1.63.1000.1.1.1.8 # attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.8.1 NAME 'mountDirectory' DESC 'mount path' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.8.2 NAME 'mountType' DESC 'mount VFS type' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.8.3 NAME 'mountOption' DESC 'mount options' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.8.4 NAME 'mountDumpFrequency' DESC 'mount dump frequency' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.8.5 NAME 'mountPassNo' DESC 'mount passno' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) # # Mount object 1.3.6.1.4.1.63.1000.1.1.2.8 # objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.8 NAME 'mount' SUP top STRUCTURAL MUST ( cn ) MAY ( mountDirectory $ mountType $ mountOption $ mountDumpFrequency $ mountPassNo ) ) # # Printer attributes 1.3.6.1.4.1.63.1000.1.1.1.9 # attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.9.1 NAME 'apple-printer-attributes' DESC 'printer attributes in /etc/printcap format' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.9.2 NAME 'apple-printer-lprhost' DESC 'printer LPR host name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.9.3 NAME 'apple-printer-lprqueue' DESC 'printer LPR queue' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.9.4 NAME 'apple-printer-type' DESC 'printer type' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.9.5 NAME 'apple-printer-note' DESC 'printer note' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # # Printer object 1.3.6.1.4.1.63.1000.1.1.2.9 # objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.9 NAME 'apple-printer' SUP top STRUCTURAL MUST ( cn ) MAY ( apple-printer-attributes $ apple-printer-lprhost $ apple-printer-lprqueue $ apple-printer-type $ apple-printer-note ) ) # # Computer attributes 1.3.6.1.4.1.63.1000.1.1.1.10 # attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.10.2 NAME 'apple-realname' DESC 'real name' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # # Computer list attributes 1.3.6.1.4.1.63.1000.1.1.1.11 # attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.11.3 NAME 'apple-computers' DESC 'computers' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.11.4 NAME 'apple-computer-list-groups' DESC 'groups' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # # XML plist attribute 1.3.6.1.4.1.63.1000.1.1.1.17.1 # attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.17.1 NAME 'apple-xmlplist' DESC 'XML plist data' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # # Computer object 1.3.6.1.4.1.63.1000.1.1.2.10 # objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.10 NAME 'apple-computer' DESC 'computer' SUP top STRUCTURAL MUST ( cn ) MAY ( apple-realname $ description $ macAddress $ apple-computer-list-groups $ apple-mcxflags $ apple-mcxsettings $ apple-xmlplist $ authAuthority $ uidNumber $ gidNumber $ apple-generateduid $ acctFlags $ pwdLastSet $ logonTime $ logoffTime $ kickoffTime $ rid $ primaryGroupID ) ) # # Computer list object 1.3.6.1.4.1.63.1000.1.1.2.11 # objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.11 NAME 'apple-computer-list' DESC 'computer list' SUP top STRUCTURAL MUST ( cn ) MAY ( apple-mcxflags $ apple-mcxsettings $ apple-computer-list-groups $ apple-computers $ apple-keyword ) ) # # Configuration attributes 1.3.6.1.4.1.63.1000.1.1.1.12 # attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.12.1 NAME 'apple-password-server-location' DESC 'password server location' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.12.2 NAME 'apple-data-stamp' DESC 'data stamp' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.12.3 NAME 'apple-config-realname' DESC 'config real name' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.12.4 NAME 'apple-password-server-list' DESC 'password server replication plist' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.12.5 NAME 'apple-ldap-replica' DESC 'LDAP replication list' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.12.6 NAME 'apple-ldap-writable-replica' DESC 'LDAP writable replication list' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.12.7 NAME 'apple-kdc-authkey' DESC 'KDC master key RSA encrypted with realm public key' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.12.8 NAME 'apple-kdc-configdata' DESC 'Contents of the kdc.conf file' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE ) # # Configuration object 1.3.6.1.4.1.63.1000.1.1.2.12 # objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.12 NAME 'apple-configuration' DESC 'configuration' SUP top STRUCTURAL MAY ( cn $ apple-config-realname $ apple-data-stamp $ apple-password-server-location $ apple-password-server-list $ apple-ldap-replica $ apple-ldap-writable-replica $ apple-keyword $ apple-kdc-authkey $ apple-kdc-configdata $ apple-xmlplist ) ) # # Preset computer list object class. # objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.13 NAME 'apple-preset-computer-list' DESC 'preset computer list' SUP top STRUCTURAL MUST ( cn ) MAY ( apple-mcxflags $ apple-mcxsettings $ apple-computer-list-groups $ apple-keyword ) ) # # Preset group object 1.3.6.1.4.1.63.1000.1.1.3.14 # objectclass ( 1.3.6.1.4.1.63.1000.1.1.3.14 NAME 'apple-preset-group' DESC 'preset group' SUP top STRUCTURAL MUST ( cn ) MAY ( memberUid $ gidNumber $ apple-group-homeurl $ apple-group-homeowner $ apple-mcxflags $ apple-mcxsettings $ apple-group-realname $ apple-keyword ) ) # # Preset user object attributes 1.3.6.1.4.1.63.1000.1.1.1.15 # attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.15.1 NAME 'apple-preset-user-is-admin' DESC 'flag indicating whether the preset user is an administrator' EQUALITY caseExactIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE ) # # Preset user object 1.3.6.1.4.1.63.1000.1.1.2.15 # objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.15 NAME 'apple-preset-user' DESC 'preset user' SUP top STRUCTURAL MUST ( cn ) MAY ( uid $ memberUid $ gidNumber $ homeDirectory $ apple-user-homeurl $ apple-user-homequota $ apple-user-homesoftquota $ apple-user-mailattribute $ apple-user-printattribute $ apple-mcxflags $ apple-mcxsettings $ apple-user-adminlimits $ apple-user-passwordpolicy $ userPassword $ apple-user-picture $ apple-keyword $ loginShell $ description $ shadowLastChange $ shadowExpire $ authAuthority $ apple-preset-user-is-admin ) ) # # Authentication authority attribute 1.3.6.1.4.1.63.1000.1.1.2.16.1 # #attributetype ( # 1.3.6.1.4.1.63.1000.1.1.2.16.1 # NAME 'authAuthority' # DESC 'password server authentication authority' # EQUALITY caseExactIA5Match # SUBSTR caseExactIA5SubstringsMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) #attributetype ( # 1.3.6.1.4.1.63.1000.1.1.2.16.2 # NAME ( 'authAuthority' 'authAuthority2' ) # DESC 'password server authentication authority' # EQUALITY caseExactMatch # SUBSTR caseExactSubstringsMatch # SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # # Authentication authority object 1.3.6.1.4.1.63.1000.1.1.2.16 # objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.16 NAME 'authAuthorityObject' SUP top AUXILIARY MAY ( authAuthority ) ) # # Server Assistant configuration object 1.3.6.1.4.1.63.1000.1.1.2.17 # objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.17 NAME 'apple-serverassistant-config' SUP top AUXILIARY MUST ( cn ) MAY ( apple-xmlplist ) ) # # Location object attributes 1.3.6.1.4.1.63.1000.1.1.1.18 # attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.18.1 NAME 'apple-dns-domain' DESC 'DNS domain' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) attributetype ( 1.3.6.1.4.1.63.1000.1.1.1.18.2 NAME 'apple-dns-nameserver' DESC 'DNS name server list' EQUALITY caseExactMatch SUBSTR caseExactSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) # # Location object 1.3.6.1.4.1.63.1000.1.1.2.18 # objectclass ( 1.3.6.1.4.1.63.1000.1.1.2.18 NAME 'apple-location' SUP top AUXILIARY MUST ( cn ) MAY ( apple-dns-domain $ apple-dns-nameserver ) )