The SAMBA-LDAP-PDC Howto

22

Revision : 1.24

Annexes

Here you’ll find some sample documentations and config files, used in this HOWTO.

22.1

samba.schema

The Samba schema is shipped with Samba-2.2.4 source code (in example/LDAP/). Please note
that this schema is subject to change (probably in 2.2.5, the ’sambaAccount’ objectClass will
become AUXILLIARY).
For this HOWTO purpose, we commented the ’displayName’ attributetype, as we’re using
inetOrgPerson too (and ’displayName’ is already defined in inetOrgPerson.schema). Here’s
the ’patched’ schema we’ve used :
1
2
3
4
5
6
7
8
9
10
11

##
##
##
##
##
##
##
##
##
##
##

schema file for OpenLDAP 2.0.x
Schema for storing Samba’s smbpasswd file in LDAP
OIDs are owned by the Samba Team
Prerequisite schemas - uid (cosine.schema)
- displayName (inetorgperson.schema)
1.3.6.1.4.1.7165.2.1.x - attributetypes
1.3.6.1.4.1.7165.2.2.x - objectclasses

12
13
14
15
16
17
18
19

##
## Password hashes
##
attributetype ( 1.3.6.1.4.1.7165.2.1.1 NAME ’lmPassword’
DESC ’LanManager Passwd’
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )

20
21
22
23
24

attributetype ( 1.3.6.1.4.1.7165.2.1.2 NAME ’ntPassword’
DESC ’NT Passwd’
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )

25
26
27
28
29
30
31
32

##
## Account flags in string format ([UWDX
])
##
attributetype ( 1.3.6.1.4.1.7165.2.1.4 NAME ’acctFlags’
DESC ’Account Flags’
EQUALITY caseIgnoreIA5Match
SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )

33
34
35
36
37
38
39
40

##
## Password timestamps & policies
##
attributetype ( 1.3.6.1.4.1.7165.2.1.3 NAME ’pwdLastSet’
DESC ’NT pwdLastSet’
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )

41
42
43
44
45

attributetype ( 1.3.6.1.4.1.7165.2.1.5 NAME ’logonTime’
DESC ’NT logonTime’
EQUALITY integerMatch
SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )

page 51/56