afornerot/ninedocker
1
0
Fork 0
Code Issues 26 Pull Requests Packages Projects Releases Wiki Activity

svg

Browse Source
This commit is contained in:
Ubuntu
2024-07-24 14:11:40 +00:00
parent 3823cd85a8
commit 9cd1409df3
297 changed files with 1183 additions and 745 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
services/30-openldap/dockercompose/dockercompose.yml Normal file
View File

@ -0,0 +1,18 @@
# Openldap
# Annuaire
# Port interne 1389 & 1636
openldap:
image: docker.io/bitnami/openldap:2
container_name: nine-openldap
restart: unless-stopped
healthcheck:
test: /nine/check.sh
interval: 1s
timeout: 60s
env_file: ./services/30-openldap/env/.env.merge
networks:
- nine-network
volumes:
- './services/30-openldap/volume/data:/bitnami/openldap'
- './services/30-openldap/volume/nine:/nine'

10
services/30-openldap/env/.env vendored Normal file
View File

@ -0,0 +1,10 @@
# == OPENLDAP =============================================================================================================================
LDAP_ROOT=${LDAP_BASEDN}
LDAP_ADMIN_PASSWORD=${LDAP_PASSWORD}
LDAP_ADMIN_DN=${LDAP_USER}
LDAP_USERS="dockernouser"
LDAP_PASSWORDS="dockernouser"
LDAP_CUSTOM_SCHEMA_FILE=/nine/schema/cadoles.ldif

34
services/30-openldap/misc/nine.sh Normal file
View File

@ -0,0 +1,34 @@
#!/bin/bash
function upopenldap {
if [[ $OPENLDAP_ACTIVATE == 1 && $OPENLDAP_LOCAL == 1 ]]
then
Title ${OPENLDAP_SERVICE_NAME^^}
EchoVert "CONTAINER"
mkdir -p ./services/30-openldap/volume/data
chmod a+wr ./services/30-openldap/volume/data
upservice $OPENLDAP_SERVICE_NAME wait
docker-compose exec $OPENLDAP_SERVICE_NAME /nine/init.sh
Echo
fi
}
function destroyopenldap {
if [[ $OPENLDAP_LOCAL == 1 ]]
then
Title "DESTROY $OPENLDAP_SERVICE_NAME"
stop $OPENLDAP_SERVICE_NAME 1
docker-compose rm -s -v -f "$OPENLDAP_SERVICE_NAME"
if [[ -z $1 ]]; then Question_ouinon "Souhaitez-vous supprimer l'annuaire associé à $OPENLDAP_SERVICE_NAME ?";fi
if [[ "$?" = 0 || -z $1 ]]
then
sudo rm -rf ./services/30-openldap/volume/data
fi
echo ""
fi
}

1
services/30-openldap/volume/nine/changepassword.sh Executable file
View File

@ -0,0 +1 @@
ldappasswd -x -H ldap://${LDAP_HOST}:${LDAP_PORT} -D ${LDAP_USER} -w ${LDAP_PASSWORD} -s $2 "uid=$1,ou=users,ou=ninegate,dc=nine,dc=org"

4
services/30-openldap/volume/nine/check.sh Executable file
View File

@ -0,0 +1,4 @@
#!/bin/bash
set -e
ldapsearch -x -H ldap://${LDAP_HOST}:${LDAP_PORT} -D ${LDAP_USER} -b ${LDAP_BASEDN} -w ${LDAP_PASSWORD}
exit 0

24
services/30-openldap/volume/nine/debug/debug.sh Executable file
View File

@ -0,0 +1,24 @@
#!/bin/bash
# shellcheck disable=SC1091
set -o errexit
set -o nounset
set -o pipefail
# Load libraries
. /opt/bitnami/scripts/libos.sh
. /nine/libopenldap.sh
rm -rf /bitnami/openldap/data
rm -rf /bitnami/openldap/slapd.d
# Load LDAP environment variables
eval "$(ldap_env)"
# Ensure Open LDAP environment variables are valid
ldap_validate
# Ensure 'daemon' user exists when running as 'root'
am_i_root && ensure_user_exists "$LDAP_DAEMON_USER" --group "$LDAP_DAEMON_GROUP"
# Ensure Open LDAP server is initialize
ldap_initialize

474
services/30-openldap/volume/nine/debug/libopenldap.sh Normal file
View File

@ -0,0 +1,474 @@
#!/bin/bash
#
# Bitnami OpenLDAP library
# shellcheck disable=SC1091
# Load Generic Libraries
. /opt/bitnami/scripts/libfile.sh
. /opt/bitnami/scripts/libfs.sh
. /opt/bitnami/scripts/liblog.sh
. /opt/bitnami/scripts/libos.sh
. /opt/bitnami/scripts/libservice.sh
. /opt/bitnami/scripts/libvalidations.sh
########################
# Load global variables used on OpenLDAP configuration
# Globals:
# LDAP_*
# Arguments:
# None
# Returns:
# Series of exports to be used as 'eval' arguments
#########################
ldap_env() {
cat << "EOF"
# Paths
export LDAP_BASE_DIR="/opt/bitnami/openldap"
export LDAP_BIN_DIR="${LDAP_BASE_DIR}/bin"
export LDAP_SBIN_DIR="${LDAP_BASE_DIR}/sbin"
export LDAP_CONF_DIR="${LDAP_BASE_DIR}/etc"
export LDAP_SHARE_DIR="${LDAP_BASE_DIR}/share"
export LDAP_VOLUME_DIR="/bitnami/openldap"
export LDAP_DATA_DIR="${LDAP_VOLUME_DIR}/data"
export LDAP_ONLINE_CONF_DIR="${LDAP_VOLUME_DIR}/slapd.d"
export LDAP_PID_FILE="${LDAP_BASE_DIR}/var/run/slapd.pid"
export LDAP_CUSTOM_LDIF_DIR="${LDAP_CUSTOM_LDIF_DIR:-/ldifs}"
export LDAP_CUSTOM_SCHEMA_FILE="${LDAP_CUSTOM_SCHEMA_FILE:-/schema/custom.ldif}"
export PATH="${LDAP_BIN_DIR}:${LDAP_SBIN_DIR}:$PATH"
export LDAP_TLS_CERT_FILE="${LDAP_TLS_CERT_FILE:-}"
export LDAP_TLS_KEY_FILE="${LDAP_TLS_KEY_FILE:-}"
export LDAP_TLS_CA_FILE="${LDAP_TLS_CA_FILE:-}"
export LDAP_TLS_DH_PARAMS_FILE="${LDAP_TLS_DH_PARAMS_FILE:-}"
# Users
export LDAP_DAEMON_USER="slapd"
export LDAP_DAEMON_GROUP="slapd"
# Settings
export LDAP_PORT_NUMBER="${LDAP_PORT_NUMBER:-1389}"
export LDAP_LDAPS_PORT_NUMBER="${LDAP_LDAPS_PORT_NUMBER:-1636}"
export LDAP_ROOT="${LDAP_ROOT:-dc=example,dc=org}"
export LDAP_ADMIN_USERNAME="${LDAP_ADMIN_USERNAME:-admin}"
export LDAP_ADMIN_DN="${LDAP_ADMIN_USERNAME/#/cn=},${LDAP_ROOT}"
export LDAP_ADMIN_PASSWORD="${LDAP_ADMIN_PASSWORD:-adminpassword}"
export LDAP_ENCRYPTED_ADMIN_PASSWORD="$(echo -n $LDAP_ADMIN_PASSWORD | slappasswd -n -T /dev/stdin)"
export LDAP_EXTRA_SCHEMAS="${LDAP_EXTRA_SCHEMAS:-cosine,inetorgperson,nis}"
export LDAP_SKIP_DEFAULT_TREE="${LDAP_SKIP_DEFAULT_TREE:-no}"
export LDAP_USERS="${LDAP_USERS:-user01,user02}"
export LDAP_PASSWORDS="${LDAP_PASSWORDS:-bitnami1,bitnami2}"
export LDAP_USER_DC="${LDAP_USER_DC:-users}"
export LDAP_GROUP="${LDAP_GROUP:-readers}"
export LDAP_ENABLE_TLS="${LDAP_ENABLE_TLS:-no}"
export LDAP_ULIMIT_NOFILES="${LDAP_ULIMIT_NOFILES:-1024}"
EOF
}
########################
# Validate settings in LDAP_* environment variables
# Globals:
# LDAP_*
# Arguments:
# None
# Returns:
# None
#########################
ldap_validate() {
info "Validating settings in LDAP_* env vars"
local error_code=0
# Auxiliary functions
print_validation_error() {
error "$1"
error_code=1
}
check_allowed_port() {
local port_var="${1:?missing port variable}"
local validate_port_args=()
! am_i_root && validate_port_args+=("-unprivileged")
if ! err=$(validate_port "${validate_port_args[@]}" "${!port_var}"); then
print_validation_error "An invalid port was specified in the environment variable ${port_var}: ${err}."
fi
}
for var in LDAP_SKIP_DEFAULT_TREE LDAP_ENABLE_TLS; do
if ! is_yes_no_value "${!var}"; then
print_validation_error "The allowed values for $var are: yes or no"
fi
done
if is_boolean_yes "$LDAP_ENABLE_TLS"; then
if [[ -z "$LDAP_TLS_CERT_FILE" ]]; then
print_validation_error "You must provide a X.509 certificate in order to use TLS"
elif [[ ! -f "$LDAP_TLS_CERT_FILE" ]]; then
print_validation_error "The X.509 certificate file in the specified path ${LDAP_TLS_CERT_FILE} does not exist"
fi
if [[ -z "$LDAP_TLS_KEY_FILE" ]]; then
print_validation_error "You must provide a private key in order to use TLS"
elif [[ ! -f "$LDAP_TLS_KEY_FILE" ]]; then
print_validation_error "The private key file in the specified path ${LDAP_TLS_KEY_FILE} does not exist"
fi
if [[ -z "$LDAP_TLS_CA_FILE" ]]; then
print_validation_error "You must provide a CA X.509 certificate in order to use TLS"
elif [[ ! -f "$LDAP_TLS_CA_FILE" ]]; then
print_validation_error "The CA X.509 certificate file in the specified path ${LDAP_TLS_CA_FILE} does not exist"
fi
fi
read -r -a users <<< "$(tr ',;' ' ' <<< "${LDAP_USERS}")"
read -r -a passwords <<< "$(tr ',;' ' ' <<< "${LDAP_PASSWORDS}")"
if [[ "${#users[@]}" -ne "${#passwords[@]}" ]]; then
print_validation_error "Specify the same number of passwords on LDAP_PASSWORDS as the number of users on LDAP_USERS!"
fi
if [[ -n "$LDAP_PORT_NUMBER" ]] && [[ -n "$LDAP_LDAPS_PORT_NUMBER" ]]; then
if [[ "$LDAP_PORT_NUMBER" -eq "$LDAP_LDAPS_PORT_NUMBER" ]]; then
print_validation_error "LDAP_PORT_NUMBER and LDAP_LDAPS_PORT_NUMBER are bound to the same port!"
fi
fi
[[ -n "$LDAP_PORT_NUMBER" ]] && check_allowed_port LDAP_PORT_NUMBER
[[ -n "$LDAP_LDAPS_PORT_NUMBER" ]] && check_allowed_port LDAP_LDAPS_PORT_NUMBER
[[ "$error_code" -eq 0 ]] || exit "$error_code"
}
########################
# Check if OpenLDAP is running
# Globals:
# LDAP_PID_FILE
# Arguments:
# None
# Returns:
# Whether slapd is running
#########################
is_ldap_running() {
local pid
pid="$(get_pid_from_file "${LDAP_PID_FILE}")"
if [[ -n "${pid}" ]]; then
is_service_running "${pid}"
else
false
fi
}
########################
# Check if OpenLDAP is not running
# Arguments:
# None
# Returns:
# Whether slapd is not running
#########################
is_ldap_not_running() {
! is_ldap_running
}
########################
# Start OpenLDAP server in background
# Arguments:
# None
# Returns:
# None
#########################
ldap_start_bg() {
local -a flags=("-h" "ldap://:${LDAP_PORT_NUMBER}/ ldapi:/// " "-F" "${LDAP_CONF_DIR}/slapd.d")
if is_ldap_not_running; then
info "Starting OpenLDAP server in background"
ulimit -n "$LDAP_ULIMIT_NOFILES"
am_i_root && flags=("-u" "$LDAP_DAEMON_USER" "${flags[@]}")
debug_execute slapd "${flags[@]}"
fi
}
########################
# Stop OpenLDAP server
# Arguments:
# $1 - max retries. Default: 12
# $2 - sleep between retries (in seconds). Default: 1
# Returns:
# None
#########################
ldap_stop() {
local -r retries="${1:-12}"
local -r sleep_time="${2:-1}"
are_db_files_locked() {
local return_value=0
read -r -a db_files <<< "$(find "$LDAP_DATA_DIR" -type f -print0 | xargs -0)"
for f in "${db_files[@]}"; do
debug_execute lsof -w "$f" && return_value=1
done
return $return_value
}
is_ldap_not_running && return
stop_service_using_pid "$LDAP_PID_FILE"
if ! retry_while are_db_files_locked "$retries" "$sleep_time"; then
error "OpenLDAP failed to stop"
return 1
fi
}
########################
# Create LDAP online configuration
# Globals:
# LDAP_*
# Arguments:
# None
# Returns:
# None
#########################
ldap_create_online_configuration() {
info "Creating LDAP online configuration"
! am_i_root && replace_in_file "${LDAP_SHARE_DIR}/slapd.ldif" "uidNumber=0" "uidNumber=$(id -u)"
slapadd -F "$LDAP_ONLINE_CONF_DIR" -n 0 -l "${LDAP_SHARE_DIR}/slapd.ldif"
}
########################
# Configure LDAP credentials for admin user
# Globals:
# LDAP_*
# Arguments:
# None
# Returns:
# None
#########################
ldap_admin_credentials() {
info "Configure LDAP credentials for admin user = $LDAP_ADMIN_DN"
cat > "${LDAP_SHARE_DIR}/admin.ldif" << EOF
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcSuffix
olcSuffix: $LDAP_ROOT
dn: olcDatabase={2}hdb,cn=config
changetype: modify
replace: olcRootDN
olcRootDN: $LDAP_ADMIN_DN
dn: olcDatabase={2}hdb,cn=config
changeType: modify
add: olcRootPW
olcRootPW: $LDAP_ENCRYPTED_ADMIN_PASSWORD
dn: olcDatabase={1}monitor,cn=config
changetype: modify
replace: olcAccess
olcAccess: {0}to * by dn.base="gidNumber=0+uidNumber=0,cn=peercred,cn=external, cn=auth" read by dn.base="${LDAP_ADMIN_DN}" read by * none
EOF
ldapmodify -Y EXTERNAL -H "ldapi:///" -f "${LDAP_SHARE_DIR}/admin.ldif"
}
########################
# Add LDAP schemas
# Globals:
# LDAP_*
# Arguments:
# None
# Returns
# None
#########################
ldap_add_schemas() {
info "Adding LDAP extra schemas === ${LDAP_EXTRA_SCHEMAS}"
read -r -a schemas <<< "$(tr ',;' ' ' <<< "${LDAP_EXTRA_SCHEMAS}")"
for schema in "${schemas[@]}"; do
ldapadd -Y EXTERNAL -H "ldapi:///" -f "${LDAP_CONF_DIR}/schema/${schema}.ldif"
done
}
########################
# Add custom schema
# Globals:
# LDAP_*
# Arguments:
# None
# Returns
# None
#########################
ldap_add_custom_schema() {
info "Adding custom Schema : $LDAP_CUSTOM_SCHEMA_FILE ..."
slapadd -F "$LDAP_ONLINE_CONF_DIR" -n 0 -l "$LDAP_CUSTOM_SCHEMA_FILE"
ldap_stop
while is_ldap_running; do sleep 1; done
ldap_start_bg
}
########################
# Create LDAP tree
# Globals:
# LDAP_*
# Arguments:
# None
# Returns:
# None
#########################
ldap_create_tree() {
info "Creating LDAP default tree"
local dc=""
local o="example"
read -r -a root <<< "$(tr ',;' ' ' <<< "${LDAP_ROOT}")"
for attr in "${root[@]}"; do
if [[ $attr = dc=* ]] && [[ -z "$dc" ]]; then
dc="${attr:3}"
elif [[ $attr = o=* ]] && [[ $o = "example" ]]; then
o="${attr:2}"
fi
done
cat > "${LDAP_SHARE_DIR}/tree.ldif" << EOF
# Root creation
dn: $LDAP_ROOT
objectClass: dcObject
objectClass: organization
dc: $dc
o: $o
dn: ${LDAP_USER_DC/#/ou=},${LDAP_ROOT}
objectClass: organizationalUnit
ou: users
EOF
read -r -a users <<< "$(tr ',;' ' ' <<< "${LDAP_USERS}")"
read -r -a passwords <<< "$(tr ',;' ' ' <<< "${LDAP_PASSWORDS}")"
local index=0
for user in "${users[@]}"; do
cat >> "${LDAP_SHARE_DIR}/tree.ldif" << EOF
# User $user creation
dn: ${user/#/cn=},${LDAP_USER_DC/#/ou=},${LDAP_ROOT}
cn: User$((index + 1 ))
sn: Bar$((index + 1 ))
objectClass: inetOrgPerson
objectClass: posixAccount
objectClass: shadowAccount
userPassword: ${passwords[$index]}
uid: $user
uidNumber: $((index + 1000 ))
gidNumber: $((index + 1000 ))
homeDirectory: /home/${user}
EOF
index=$((index + 1 ))
done
cat >> "${LDAP_SHARE_DIR}/tree.ldif" << EOF
# Group creation
dn: ${LDAP_GROUP/#/cn=},${LDAP_USER_DC/#/ou=},${LDAP_ROOT}
cn: $LDAP_GROUP
objectClass: groupOfNames
# User group membership
EOF
for user in "${users[@]}"; do
cat >> "${LDAP_SHARE_DIR}/tree.ldif" << EOF
member: ${user/#/cn=},${LDAP_USER_DC/#/ou=},${LDAP_ROOT}
EOF
done
debug_execute ldapadd -f "${LDAP_SHARE_DIR}/tree.ldif" -H "ldapi:///" -D "$LDAP_ADMIN_DN" -w "$LDAP_ADMIN_PASSWORD"
}
########################
# Add custom LDIF files
# Globals:
# LDAP_*
# Arguments:
# None
# Returns
# None
#########################
ldap_add_custom_ldifs() {
info "Loading custom LDIF files..."
warn "Ignoring LDAP_USERS, LDAP_PASSWORDS, LDAP_USER_DC and LDAP_GROUP environment variables..."
find "$LDAP_CUSTOM_LDIF_DIR" -maxdepth 1 \( -type f -o -type l \) -iname '*.ldif' -print0 | sort -z | xargs --null -I{} bash -c ". /opt/bitnami/scripts/libos.sh && debug_execute ldapadd -f {} -H 'ldapi:///' -D $LDAP_ADMIN_DN -w $LDAP_ADMIN_PASSWORD"
}
########################
# OpenLDAP configure permissions
# Globals:
# LDAP_*
# Arguments:
# None
# Returns:
# None
#########################
ldap_configure_permissions() {
debug "Ensuring expected directories/files exist..."
for dir in "$LDAP_SHARE_DIR" "$LDAP_DATA_DIR" "$LDAP_ONLINE_CONF_DIR"; do
ensure_dir_exists "$dir"
if am_i_root; then
chown -R "$LDAP_DAEMON_USER:$LDAP_DAEMON_GROUP" "$dir"
fi
done
}
########################
# Initialize OpenLDAP server
# Globals:
# LDAP_*
# Arguments:
# None
# Returns:
# None
#########################
ldap_initialize() {
info "Initializing OpenLDAP..."
ldap_configure_permissions
if ! is_dir_empty "$LDAP_DATA_DIR"; then
info "Using persisted data"
else
# Create OpenLDAP online configuration
ldap_create_online_configuration
info "Start BG"
ldap_start_bg
ldap_admin_credentials
if is_boolean_yes "$LDAP_ENABLE_TLS"; then
ldap_configure_tls
fi
if is_boolean_yes "$LDAP_SKIP_DEFAULT_TREE"; then
info "Skipping default schemas/tree structure"
else
# Initialize OpenLDAP with schemas/tree structure
ldap_add_schemas
if [[ -f "$LDAP_CUSTOM_SCHEMA_FILE" ]]; then
ldap_add_custom_schema
fi
if ! is_dir_empty "$LDAP_CUSTOM_LDIF_DIR"; then
ldap_add_custom_ldifs
else
ldap_create_tree
fi
fi
ldap_stop
fi
}
########################
# OpenLDAP configure TLS
# Globals:
# LDAP_*
# Arguments:
# None
# Returns:
# None
#########################
ldap_configure_tls() {
info "Configuring TLS"
cat > "${LDAP_SHARE_DIR}/certs.ldif" << EOF
dn: cn=config
changetype: modify
replace: olcTLSCACertificateFile
olcTLSCACertificateFile: $LDAP_TLS_CA_FILE
-
replace: olcTLSCertificateFile
olcTLSCertificateFile: $LDAP_TLS_CERT_FILE
-
replace: olcTLSCertificateKeyFile
olcTLSCertificateKeyFile: $LDAP_TLS_KEY_FILE
EOF
if [[ -f "$LDAP_TLS_DH_PARAMS_FILE" ]]; then
cat >> "${LDAP_SHARE_DIR}/certs.ldif" << EOF
-
replace: olcTLSDHParamFile
olcTLSDHParamFile: $LDAP_TLS_DH_PARAMS_FILE
EOF
fi
debug_execute ldapmodify -Y EXTERNAL -H "ldapi:///" -f "${LDAP_SHARE_DIR}/certs.ldif"
}

18
services/30-openldap/volume/nine/init.sh Executable file
View File

@ -0,0 +1,18 @@
#!/bin/bash
if [[ ! -f /bitnami/openldap/.isinit ]]
then
echo ""
echo "Initialisation annuaire"
echo ""
# Suppression de l'entrée users généré automatiquement par l'image docker bitnami/openldap
ldapdelete ou=users,${LDAP_BASEDN} -r -H ldap://${LDAP_HOST}:${LDAP_PORT} -D ${LDAP_USER} -w ${LDAP_PASSWORD} 2>/dev/null
# Integration du ldif de base
ldapadd -H ldap://${LDAP_HOST}:${LDAP_PORT} -D ${LDAP_USER} -w ${LDAP_PASSWORD} -f '/nine/ldif/cadoles.ldif' 2>/dev/null
/nine/changepassword.sh admin ${ADMIN_PASSWORD}
touch /bitnami/openldap/.isinit
fi

66
services/30-openldap/volume/nine/ldif/cadoles.ldif Executable file
View File

@ -0,0 +1,66 @@
# Entrée 3: ou=ninegate,dc=nine,dc=org
dn: ou=ninegate,dc=nine,dc=org
objectclass: organizationalUnit
objectclass: top
ou: ninegate
# Entrée 4: ou=niveau01,ou=ninegate,dc=nine,dc=org
dn: ou=niveau01,ou=ninegate,dc=nine,dc=org
objectclass: organizationalUnit
objectclass: top
ou: niveau01
# Entrée 5: cn=nine,ou=niveau01,ou=ninegate,dc=nine,dc=org
dn: cn=nine,ou=niveau01,ou=ninegate,dc=nine,dc=org
objectclass: posixGroup
objectclass: top
objectclass: sambaGroupMapping
objectclass: cadolesGroup
objectclass: cadolesSiren
cn: nine
gidnumber: 1
memberuid: admin
cadolesMember: uid=admin,ou=users,ou=ninegate,dc=nine,dc=org
sambagrouptype: 2
sambasid: 1
siren: Ninegate
# Entrée 6: ou=niveau02,ou=ninegate,dc=nine,dc=org
dn: ou=niveau02,ou=ninegate,dc=nine,dc=org
objectclass: organizationalUnit
objectclass: top
ou: niveau02
# Entrée 7: ou=groups,ou=ninegate,dc=nine,dc=org
dn: ou=groups,ou=ninegate,dc=nine,dc=org
objectclass: organizationalUnit
objectclass: top
ou: groups
# Entrée 8: ou=users,ou=ninegate,dc=nine,dc=org
dn: ou=users,ou=ninegate,dc=nine,dc=org
objectclass: organizationalUnit
objectclass: top
ou: users
# Entrée 9: uid=admin,ou=users,ou=ninegate,dc=nine,dc=org
dn: uid=admin,ou=users,ou=ninegate,dc=nine,dc=org
objectclass: top
objectclass: person
objectclass: organizationalPerson
objectclass: inetOrgPerson
objectclass: cadolesPerson
objectclass: cadolesSiren
objectclass: cadolesSiret
authlevel: simple
uid: admin
cn: nine
sn: nine
displayname: Administrateur nine
givenname: Administrateur
mail: admin@no-reply.fr
siren: 0000000A
niveau01: nine
userpassword: {SSHA}JYfvUM9Hf/v/NbWR5zgUkt4E5lBRGuR2

96
services/30-openldap/volume/nine/schema/cadoles.ldif Normal file
View File

@ -0,0 +1,96 @@
dn: cn=cadoles,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: cadoles
olcAttributeTypes: ( 2.16.840.1.113732.3.1.101 NAME 'givensName' DESC 'Prénoms Agent' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: ( 2.16.840.1.113732.3.1.102 NAME 'usualname' DESC 'Nom Usage' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: ( 2.16.840.1.113732.3.1.103 NAME 'birthdate' DESC 'Date de Naissance' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: ( 2.16.840.1.113732.3.1.104 NAME 'birthcountry' DESC 'Code INSEE Pays de Naissance' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: ( 2.16.840.1.113732.3.1.105 NAME 'birthplace' DESC 'Code INSEE Lieu de Naissance' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: ( 2.16.840.1.113732.3.1.106 NAME 'gender' DESC 'Sexe de la Personne' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: ( 2.16.840.1.113732.3.1.107 NAME 'job' DESC 'Métier' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: ( 2.16.840.1.113732.3.1.108 NAME 'position' DESC 'Fonction relative à Unité Organisationnelle' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: ( 2.16.840.1.113732.3.1.109 NAME 'belongingpopulation' DESC 'Population Appartenance' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: ( 2.16.840.1.113732.3.1.110 NAME 'authlevel' DESC 'Niveau Authentification Demandé' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: ( 2.16.840.1.113732.3.1.111 NAME 'siren' DESC 'Identifiant Entreprise' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: ( 2.16.840.1.113732.3.1.112 NAME 'siret' DESC 'Identifiant Etablissement' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: ( 2.16.840.1.113732.3.1.113 NAME 'cadolesMember' DESC 'Membres du groupe' EQUALITY distinguishedNameMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )
olcAttributeTypes: ( 2.16.840.1.113732.3.1.114 NAME 'niveau01' DESC 'Label Entreprise' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: ( 2.16.840.1.113732.3.1.115 NAME 'niveau02' DESC 'Label Etablissement' SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcObjectClasses: ( 2.16.840.1.113732.3.1.1 NAME 'cadolesPerson' DESC 'Description Personne Cadoles' SUP top AUXILIARY MAY ( givensName $ usualname $ birthdate $ birthcountry $ birthplace $ gender $ job $ position $ belongingpopulation $ authlevel ) )
olcObjectClasses: ( 2.16.840.1.113732.3.1.2 NAME 'cadolesSiren' DESC 'Siren' SUP top AUXILIARY MAY ( siren $ niveau01 ) )
olcObjectClasses: ( 2.16.840.1.113732.3.1.3 NAME 'cadolesSiret' DESC 'Siret' SUP top AUXILIARY MAY ( siret $ postalAddress $ niveau02 ) )
olcObjectClasses: ( 2.16.840.1.113732.3.1.4 NAME 'cadolesGroup' DESC 'Descirption Groupe Cadoles' SUP top AUXILIARY MAY ( cadolesMember $ mail ) )
dn: cn=samba,cn=schema,cn=config
objectClass: olcSchemaConfig
cn: samba
olcAttributeTypes: {0}( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC 'LanManager Password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
olcAttributeTypes: {1}( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC 'MD4 hash of the unicode password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} SINGLE-VALUE )
olcAttributeTypes: {2}( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC 'Account Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{16} SINGLE-VALUE )
olcAttributeTypes: {3}( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' DESC 'Timestamp of the last password update' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {4}( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange' DESC 'Timestamp of when the user is allowed to update the password' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {5}( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' DESC 'Timestamp of when the password will expire' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {6}( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime' DESC 'Timestamp of last logon' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {7}( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' DESC 'Timestamp of last logoff' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {8}( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' DESC 'Timestamp of when the user will be logged off automatically' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {9}( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount' DESC 'Bad password attempt count' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {10}( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime' DESC 'Time of the last bad password attempt' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {11}( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' DESC 'Logon Hours' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{42} SINGLE-VALUE )
olcAttributeTypes: {12}( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' DESC 'Driver letter of home directory mapping' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
olcAttributeTypes: {13}( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript' DESC 'Logon script path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
olcAttributeTypes: {14}( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' DESC 'Roaming profile path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
olcAttributeTypes: {15}( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations' DESC 'List of user workstations the user is allowed to logon to' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
olcAttributeTypes: {16}( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath' DESC 'Home directory UNC path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
olcAttributeTypes: {17}( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' DESC 'Windows NT domain to which the user belongs' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
olcAttributeTypes: {18}( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' DESC 'Base64 encoded user parameter string' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
olcAttributeTypes: {19}( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' DESC 'Concatenated MD5 hashes of the salted NT passwords used on this account' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} )
olcAttributeTypes: {20}( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Security ID' EQUALITY caseIgnoreIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
olcAttributeTypes: {21}( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID' DESC 'Primary Group Security ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
olcAttributeTypes: {22}( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList' DESC 'Security ID List' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} )
olcAttributeTypes: {23}( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' DESC 'NT Group Type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {24}( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid' DESC 'Next NT rid to give our for users' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {25}( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid' DESC 'Next NT rid to give out for groups' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {26}( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid' DESC 'Next NT rid to give out for anything' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {27}( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase' DESC 'Base at which the samba RID generation algorithm should operate' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {28}( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName' DESC 'Share Name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
olcAttributeTypes: {29}( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName' DESC 'Option Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{256} )
olcAttributeTypes: {30}( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption' DESC 'A boolean option' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 SINGLE-VALUE )
olcAttributeTypes: {31}( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption' DESC 'An integer option' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {32}( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption' DESC 'A string option' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
olcAttributeTypes: {33}( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption' DESC 'A string list option' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
olcAttributeTypes: {34}( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags' DESC 'Trust Password Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
olcAttributeTypes: {35}( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength' DESC 'Minimal password length (default: 5)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {36}( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength' DESC 'Length of Password History Entries (default: 0 => off)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {37}( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd' DESC 'Force Users to logon for password change (default: 0 => off, 2 => on)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {38}( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge' DESC 'Maximum password age, in seconds (default: -1 => never expire passwords)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {39}( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge' DESC 'Minimum password age, in seconds (default: 0 => allow immediate password change)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {40}( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration' DESC 'Lockout duration in minutes (default: 30, -1 => forever)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {41}( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservationWindow' DESC 'Reset time after lockout in minutes (default: 30)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {42}( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold' DESC 'Lockout users after bad logon attempts (default: 0 => off)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {43}( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff' DESC 'Disconnect Users outside logon hours (default: -1 => off, 0 => on)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {44}( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdChange' DESC 'Allow Machine Password changes (default: 0 => off)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {45}( 1.3.6.1.4.1.7165.2.1.68 NAME 'sambaClearTextPassword' DESC 'Clear text password (used for trusted domain passwords)' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
olcAttributeTypes: {46}( 1.3.6.1.4.1.7165.2.1.69 NAME 'sambaPreviousClearTextPassword' DESC 'Previous clear text password (used for trusted domain passwords)' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
olcAttributeTypes: {47}( 1.3.6.1.4.1.7165.2.1.70 NAME 'sambaTrustType' DESC 'Type of trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {48}( 1.3.6.1.4.1.7165.2.1.71 NAME 'sambaTrustAttributes' DESC 'Trust attributes for a trusted domain' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {49}( 1.3.6.1.4.1.7165.2.1.72 NAME 'sambaTrustDirection' DESC 'Direction of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {50}( 1.3.6.1.4.1.7165.2.1.73 NAME 'sambaTrustPartner' DESC 'Fully qualified name of the domain with which a trust exists' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
olcAttributeTypes: {51}( 1.3.6.1.4.1.7165.2.1.74 NAME 'sambaFlatName' DESC 'NetBIOS name of a domain' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
olcAttributeTypes: {52}( 1.3.6.1.4.1.7165.2.1.75 NAME 'sambaTrustAuthOutgoing'DESC 'Authentication information for the outgoing portion of a trust' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
olcAttributeTypes: {53}( 1.3.6.1.4.1.7165.2.1.76 NAME 'sambaTrustAuthIncoming'DESC 'Authentication information for the incoming portion of a trust' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
olcAttributeTypes: {54}( 1.3.6.1.4.1.7165.2.1.77 NAME 'sambaSecurityIdentifier' DESC 'SID of a trusted domain' EQUALITY caseIgnoreIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
olcAttributeTypes: {55}( 1.3.6.1.4.1.7165.2.1.78 NAME 'sambaTrustForestTrustInfo' DESC 'Forest trust information for a trusted domain object' EQUALITY caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
olcAttributeTypes: {56}( 1.3.6.1.4.1.7165.2.1.79 NAME 'sambaTrustPosixOffset'DESC 'POSIX offset of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcAttributeTypes: {57}( 1.3.6.1.4.1.7165.2.1.80 NAME 'sambaSupportedEncryptionTypes' DESC 'Supported encryption types of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
olcObjectClasses: {0}( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' DESC 'Samba 3.0 Auxilary SAM Account' SUP top AUXILIARY MUST ( uid $ sambaSID ) MAY ( cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ sambaLogonTime $ sambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $ sambaPwdMustChange $ sambaAcctFlags $ displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScript $ sambaProfilePath $ description $ sambaUserWorkstations $ sambaPrimaryGroupSID $ sambaDomainName $ sambaMungedDial $ sambaBadPasswordCount $ sambaBadPasswordTime $ sambaPasswordHistory $ sambaLogonHours ) )
olcObjectClasses: {1}( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' DESC 'Samba Group Mapping' SUP top AUXILIARY MUST ( gidNumber $ sambaSID $ sambaGroupType ) MAY ( displayName $ description $ sambaSIDList ) )
olcObjectClasses: {2}( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' DESC 'Samba Trust Password' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaNTPassword $ sambaTrustFlags ) MAY ( sambaSID $ sambaPwdLastSet ) )
olcObjectClasses: {3}( 1.3.6.1.4.1.7165.2.2.15 NAME 'sambaTrustedDomainPassword' DESC 'Samba Trusted Domain Password' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaSID $ sambaClearTextPassword $ sambaPwdLastSet ) MAY sambaPreviousClearTextPassword )
olcObjectClasses: {4}( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' DESC 'Samba Domain Information' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaSID ) MAY ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithmicRidBase $ sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd $ sambaMaxPwdAge $ sambaMinPwdAge $ sambaLockoutDuration $ sambaLockoutObservationWindow $ sambaLockoutThreshold $ sambaForceLogoff $ sambaRefuseMachinePwdChange ) )
olcObjectClasses: {5}( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' DESC 'Pool for allocating UNIX uids/gids' SUP top AUXILIARY MUST ( uidNumber $ gidNumber ) )
olcObjectClasses: {6}( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' DESC 'Mapping from a SID to an ID' SUP top AUXILIARY MUST sambaSID MAY ( uidNumber $ gidNumber ) )
olcObjectClasses: {7}( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' DESC 'Structural Class for a SID' SUP top STRUCTURAL MUST sambaSID )
olcObjectClasses: {8}( 1.3.6.1.4.1.7165.2.2.10 NAME 'sambaConfig' DESC 'Samba Configuration Section' SUP top AUXILIARY MAY description )
olcObjectClasses: {9}( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' DESC 'Samba Share Section' SUP top STRUCTURAL MUST sambaShareName MAY description )
olcObjectClasses: {10}( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' DESC 'Samba Configuration Option' SUP top STRUCTURAL MUST sambaOptionName MAY ( sambaBoolOption $ sambaIntegerOption $ sambaStringOption $ sambaStringListoption $ description ) )
olcObjectClasses: {11}( 1.3.6.1.4.1.7165.2.2.16 NAME 'sambaTrustedDomain' DESC 'Samba Trusted Domain Object' SUP top STRUCTURAL MUST cn MAY ( sambaTrustType $ sambaTrustAttributes $ sambaTrustDirection $ sambaTrustPartner $ sambaFlatName $ sambaTrustAuthOutgoing $ sambaTrustAuthIncoming $ sambaSecurityIdentifier $ sambaTrustForestTrustInfo $ sambaTrustPosixOffset $ sambaSupportedEncryptionTypes) )