summaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--acl-updater/plugin/interface.c20
-rw-r--r--acl-updater/plugin/plugin.cpp3
-rw-r--r--confskel/openldap/ldif/core.ldif11
-rw-r--r--confskel/openldap/ldif/cosine.ldif11
-rw-r--r--confskel/openldap/ldif/inetorgperson.ldif13
-rw-r--r--confskel/openldap/ldif/olcDatabase.ldif23
-rw-r--r--confskel/openldap/ldif/ppolicy.ldif11
-rw-r--r--confskel/openldap/ldif/rfc2307bis.ldif11
-rw-r--r--confskel/openldap/ldif/rfc2739.ldif11
-rw-r--r--confskel/openldap/ldif/samba.ldif224
-rw-r--r--confskel/openldap/ldif/tde-core.ldif12
-rw-r--r--src/ldapcontroller.cpp2
12 files changed, 283 insertions, 69 deletions
diff --git a/acl-updater/plugin/interface.c b/acl-updater/plugin/interface.c
index f73e0c0..d3ca381 100644
--- a/acl-updater/plugin/interface.c
+++ b/acl-updater/plugin/interface.c
@@ -1,3 +1,23 @@
+/***************************************************************************
+ * Copyright (C) 2012 by Timothy Pearson *
+ * kb9vqf@pearsoncomputing.net *
+ * *
+ * This program is free software; you can redistribute it and/or modify *
+ * it under the terms of the GNU General Public License as published by *
+ * the Free Software Foundation; either version 2 of the License, or *
+ * (at your option) any later version. *
+ * *
+ * This program is distributed in the hope that it will be useful, *
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of *
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the *
+ * GNU General Public License for more details. *
+ * *
+ * You should have received a copy of the GNU General Public License *
+ * along with this program; if not, write to the *
+ * Free Software Foundation, Inc., *
+ * 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. *
+ ***************************************************************************/
+
#ifdef HAVE_SLAPI_PLUGIN_H
#include <slapi-plugin.h>
#else
diff --git a/acl-updater/plugin/plugin.cpp b/acl-updater/plugin/plugin.cpp
index e458ee6..a2ac3b2 100644
--- a/acl-updater/plugin/plugin.cpp
+++ b/acl-updater/plugin/plugin.cpp
@@ -49,8 +49,7 @@ void log_plugin (const char* msg, ...)
{
va_list ap;
va_start (ap, msg);
-// FIXME
-// log_msg_va (SLAPI_LOG_PLUGIN, msg, ap);
+ vprintf(msg, ap);
va_end (ap);
}
diff --git a/confskel/openldap/ldif/core.ldif b/confskel/openldap/ldif/core.ldif
index 5731e68..48b6d65 100644
--- a/confskel/openldap/ldif/core.ldif
+++ b/confskel/openldap/ldif/core.ldif
@@ -1,6 +1,6 @@
-dn: cn={0}core
+dn: cn={@@@LDIFSCHEMANUMBER@@@}core
objectClass: olcSchemaConfig
-cn: {0}core
+cn: {@@@LDIFSCHEMANUMBER@@@}core
olcAttributeTypes: {0}( 2.5.4.2 NAME 'knowledgeInformation' DESC 'RFC2256: kno
wledge information' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.
1.15{32768} )
@@ -232,10 +232,3 @@ olcObjectClasses: {25}( 1.3.6.1.4.1.1466.344 NAME 'dcObject' DESC 'RFC2247: do
main component object' SUP top AUXILIARY MUST dc )
olcObjectClasses: {26}( 1.3.6.1.1.3.1 NAME 'uidObject' DESC 'RFC2377: uid obje
ct' SUP top AUXILIARY MUST uid )
-structuralObjectClass: olcSchemaConfig
-entryUUID: e8a15002-4066-1031-8092-837354960754
-creatorsName: cn=config
-createTimestamp: 20120601185406Z
-entryCSN: 20120601185406.754918Z#000000#000#000000
-modifiersName: cn=config
-modifyTimestamp: 20120601185406Z
diff --git a/confskel/openldap/ldif/cosine.ldif b/confskel/openldap/ldif/cosine.ldif
index 0b46c38..62143c7 100644
--- a/confskel/openldap/ldif/cosine.ldif
+++ b/confskel/openldap/ldif/cosine.ldif
@@ -1,6 +1,6 @@
-dn: cn={1}cosine
+dn: cn={@@@LDIFSCHEMANUMBER@@@}cosine
objectClass: olcSchemaConfig
-cn: {1}cosine
+cn: {@@@LDIFSCHEMANUMBER@@@}cosine
olcAttributeTypes: {0}( 0.9.2342.19200300.100.1.2 NAME 'textEncodedORAddress'
EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.
1466.115.121.1.15{256} )
@@ -166,10 +166,3 @@ olcObjectClasses: {11}( 0.9.2342.19200300.100.4.21 NAME 'pilotDSA' SUP dsa STR
olcObjectClasses: {12}( 0.9.2342.19200300.100.4.22 NAME 'qualityLabelledData'
SUP top AUXILIARY MUST dsaQuality MAY ( subtreeMinimumQuality $ subtreeMaximu
mQuality ) )
-structuralObjectClass: olcSchemaConfig
-entryUUID: e8aaf06c-4066-1031-8093-837354960754
-creatorsName: cn=config
-createTimestamp: 20120601185406Z
-entryCSN: 20120601185406.818009Z#000000#000#000000
-modifiersName: cn=config
-modifyTimestamp: 20120601185406Z
diff --git a/confskel/openldap/ldif/inetorgperson.ldif b/confskel/openldap/ldif/inetorgperson.ldif
index f9ffbb0..3e484ab 100644
--- a/confskel/openldap/ldif/inetorgperson.ldif
+++ b/confskel/openldap/ldif/inetorgperson.ldif
@@ -1,6 +1,6 @@
-dn: cn={3}inetorgperson
+dn: cn={@@@LDIFSCHEMANUMBER@@@}inetorgperson
objectClass: olcSchemaConfig
-cn: {3}inetorgperson
+cn: {@@@LDIFSCHEMANUMBER@@@}inetorgperson
olcAttributeTypes: {0}( 2.16.840.1.113730.3.1.1 NAME 'carLicense' DESC 'RFC279
8: vehicle license or registration plate' EQUALITY caseIgnoreMatch SUBSTR cas
eIgnoreSubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
@@ -36,11 +36,4 @@ olcObjectClasses: {0}( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson' DESC 'RFC2
ployeeNumber $ employeeType $ givenName $ homePhone $ homePostalAddress $ ini
tials $ jpegPhoto $ labeledURI $ mail $ manager $ mobile $ o $ pager $ photo
$ roomNumber $ secretary $ uid $ userCertificate $ x500uniqueIdentifier $ pre
- ferredLanguage $ userSMIMECertificate $ userPKCS12 ) )
-structuralObjectClass: olcSchemaConfig
-entryUUID: e8b2e5c4-4066-1031-8095-837354960754
-creatorsName: cn=config
-createTimestamp: 20120601185406Z
-entryCSN: 20120601185406.870168Z#000000#000#000000
-modifiersName: cn=config
-modifyTimestamp: 20120601185406Z
+ ferredLanguage $ userSMIMECertificate $ userPKCS12 ) ) \ No newline at end of file
diff --git a/confskel/openldap/ldif/olcDatabase.ldif b/confskel/openldap/ldif/olcDatabase.ldif
index 409051b..945ccce 100644
--- a/confskel/openldap/ldif/olcDatabase.ldif
+++ b/confskel/openldap/ldif/olcDatabase.ldif
@@ -4,15 +4,20 @@ objectClass: olcHdbConfig
olcDatabase: {@@@LDIFSCHEMANUMBER@@@}hdb
olcDbDirectory: /var/lib/ldap
olcSuffix: @@@REALM_DCNAME@@@
-olcAccess: {0}to attrs=userPassword,shadowLastChange,krb5Key,krb5PrincipalName
- ,krb5KeyVersionNumber,krb5MaxLife,krb5MaxRenew,krb5KDCFlags by dn.base="uid=
- @@@ADMINUSER@@@,ou=users,ou=core,ou=realm,@@@REALM_DCNAME@@@" write by sock
- url.regex="^ldapi:///$" write by anonymous auth by self write by * none
-olcAccess: {1}to dn.base="" by * read
-olcAccess: {2}to * by dn.base="uid=@@@ADMINUSER@@@,ou=users,ou=core,ou=realm
- ,@@@REALM_DCNAME@@@" write by sockurl.regex="^ldapi:///$" write by dynacl/ac
- i write by group/groupOfNames/member.exact="cn=@@@ADMINGROUP@@@,ou=groups,ou
- =core,ou=realm,@@@REALM_DCNAME@@@" write
+olcAccess: {0}to attrs=userPassword,shadowLastChange,krb5Key,krb5PrincipalName,krb5KeyVersionNumber,krb5MaxLife,krb5MaxRenew,krb5KDCFlags
+ by group/groupOfNames/member.exact="cn=@@@ADMINGROUP@@@,ou=groups,ou=core,ou=realm,@@@REALM_DCNAME@@@" write
+ by dn.base="uid=@@@ADMINUSER@@@,ou=users,ou=core,ou=realm,@@@REALM_DCNAME@@@"
+ by sockurl.regex="^ldapi:///$" write
+ by anonymous auth
+ by self write
+ by * none
+olcAccess: {1}to dn.base=""
+ by * read
+olcAccess: {2}to *
+ by group/groupOfNames/member.exact="cn=@@@ADMINGROUP@@@,ou=groups,ou=core,ou=realm,@@@REALM_DCNAME@@@" write
+ by dn.base="uid=@@@ADMINUSER@@@,ou=users,ou=core,ou=realm,@@@REALM_DCNAME@@@" write
+ by sockurl.regex="^ldapi:///$" write
+ by dynacl/aci write
olcAddContentAcl: FALSE
olcLastMod: TRUE
olcMaxDerefDepth: 15
diff --git a/confskel/openldap/ldif/ppolicy.ldif b/confskel/openldap/ldif/ppolicy.ldif
index 9d90995..89f49b0 100644
--- a/confskel/openldap/ldif/ppolicy.ldif
+++ b/confskel/openldap/ldif/ppolicy.ldif
@@ -1,6 +1,6 @@
-dn: cn={4}ppolicy
+dn: cn={@@@LDIFSCHEMANUMBER@@@}ppolicy
objectClass: olcSchemaConfig
-cn: {4}ppolicy
+cn: {@@@LDIFSCHEMANUMBER@@@}ppolicy
olcAttributeTypes: {0}( 1.3.6.1.4.1.42.2.27.8.1.1 NAME 'pwdAttribute' EQUALITY
objectIdentifierMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.38 )
olcAttributeTypes: {1}( 1.3.6.1.4.1.42.2.27.8.1.2 NAME 'pwdMinAge' EQUALITY in
@@ -42,10 +42,3 @@ olcObjectClasses: {1}( 1.3.6.1.4.1.42.2.27.8.2.1 NAME 'pwdPolicy' SUP top AUXI
Quality $ pwdMinLength $ pwdExpireWarning $ pwdGraceAuthNLimit $ pwdLockout $
pwdLockoutDuration $ pwdMaxFailure $ pwdFailureCountInterval $ pwdMustChange
$ pwdAllowUserChange $ pwdSafeModify ) )
-structuralObjectClass: olcSchemaConfig
-entryUUID: 00fa0c52-412f-1031-97a0-fdab9e8f5273
-creatorsName: cn=config
-createTimestamp: 20120602184626Z
-entryCSN: 20120602184626.866315Z#000000#000#000000
-modifiersName: cn=config
-modifyTimestamp: 20120602184626Z
diff --git a/confskel/openldap/ldif/rfc2307bis.ldif b/confskel/openldap/ldif/rfc2307bis.ldif
index c34bd71..f6a4fe4 100644
--- a/confskel/openldap/ldif/rfc2307bis.ldif
+++ b/confskel/openldap/ldif/rfc2307bis.ldif
@@ -1,6 +1,6 @@
-dn: cn={3}rfc2307bis
+dn: cn={@@@LDIFSCHEMANUMBER@@@}rfc2307bis
objectClass: olcSchemaConfig
-cn: {3}rfc2307bis
+cn: {@@@LDIFSCHEMANUMBER@@@}rfc2307bis
olcAttributeTypes: {0}( 1.3.6.1.1.1.1.2 NAME 'gecos' DESC 'The GECOS field; th
e common name' EQUALITY caseIgnoreIA5Match SUBSTR caseIgnoreIA5SubstringsMatc
h SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
@@ -142,10 +142,3 @@ olcObjectClasses: {16}( 1.3.6.1.1.1.2.17 NAME 'automount' DESC 'Automount info
description )
olcObjectClasses: {17}( 1.3.6.1.4.1.5322.13.1.1 NAME 'namedObject' SUP top STR
UCTURAL MAY cn )
-structuralObjectClass: olcSchemaConfig
-entryUUID: 752af920-6b39-102e-98e0-f97852689cd6
-creatorsName: cn=config
-createTimestamp: 20091121223212Z
-entryCSN: 20091121223212.643020Z#000000#000#000000
-modifiersName: cn=config
-modifyTimestamp: 20091121223212Z
diff --git a/confskel/openldap/ldif/rfc2739.ldif b/confskel/openldap/ldif/rfc2739.ldif
index 5043be5..b15d9f6 100644
--- a/confskel/openldap/ldif/rfc2739.ldif
+++ b/confskel/openldap/ldif/rfc2739.ldif
@@ -1,6 +1,6 @@
-dn: cn={4}rfc2739
+dn: cn={@@@LDIFSCHEMANUMBER@@@}rfc2739
objectClass: olcSchemaConfig
-cn: {4}rfc2739
+cn: {@@@LDIFSCHEMANUMBER@@@}rfc2739
olcAttributeTypes: {0}( 1.2.840.113556.1.4.478 NAME 'calCalURI' DESC 'Snapshot
of users entire default calendar' EQUALITY caseIgnoreIA5Match SUBSTR caseIgn
oreIA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
@@ -30,10 +30,3 @@ olcObjectClasses: {0}( 1.2.840.113556.1.5.87 NAME 'calEntry' DESC 'Calendering
and Free Busy information' SUP top AUXILIARY MAY ( calCalURI $ calFBURL $ ca
lCAPURI $ calCalAdrURI $ calOtherCalURIs $ calOtherFBURLs $ calOtherCAPURIs $
calOtherCalAdrURIs ) )
-structuralObjectClass: olcSchemaConfig
-entryUUID: 752b38a4-6b39-102e-98e1-f97852689cd6
-creatorsName: cn=config
-createTimestamp: 20091121223212Z
-entryCSN: 20091121223212.643020Z#000000#000#000000
-modifiersName: cn=config
-modifyTimestamp: 20091121223212Z
diff --git a/confskel/openldap/ldif/samba.ldif b/confskel/openldap/ldif/samba.ldif
new file mode 100644
index 0000000..be6fec7
--- /dev/null
+++ b/confskel/openldap/ldif/samba.ldif
@@ -0,0 +1,224 @@
+dn: cn={@@@LDIFSCHEMANUMBER@@@}samba
+objectClass: olcSchemaConfig
+cn: {@@@LDIFSCHEMANUMBER@@@}samba
+olcAttributeTypes: {0}( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC 'L
+ anManager Password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1
+ 21.1.26{32} SINGLE-VALUE )
+olcAttributeTypes: {1}( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC 'M
+ D4 hash of the unicode password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4
+ .1.1466.115.121.1.26{32} SINGLE-VALUE )
+olcAttributeTypes: {2}( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC 'Ac
+ count Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ {16} SINGLE-VALUE )
+olcAttributeTypes: {3}( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' DESC 'T
+ imestamp of the last password update' EQUALITY integerMatch SYNTAX 1.3.6.1.4.
+ 1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {4}( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange' DESC
+ 'Timestamp of when the user is allowed to update the password' EQUALITY integ
+ erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {5}( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' DESC
+ 'Timestamp of when the password will expire' EQUALITY integerMatch SYNTAX 1.
+ 3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {6}( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime' DESC 'Ti
+ mestamp of last logon' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.
+ 1.27 SINGLE-VALUE )
+olcAttributeTypes: {7}( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' DESC 'T
+ imestamp of last logoff' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.12
+ 1.1.27 SINGLE-VALUE )
+olcAttributeTypes: {8}( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' DESC '
+ Timestamp of when the user will be logged off automatically' EQUALITY integer
+ Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {9}( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount' D
+ ESC 'Bad password attempt count' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.146
+ 6.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {10}( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime' D
+ ESC 'Time of the last bad password attempt' EQUALITY integerMatch SYNTAX 1.3.
+ 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {11}( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' DESC '
+ Logon Hours' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+ {42} SINGLE-VALUE )
+olcAttributeTypes: {12}( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' DESC 'D
+ river letter of home directory mapping' EQUALITY caseIgnoreIA5Match SYNTAX 1.
+ 3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE )
+olcAttributeTypes: {13}( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript' DESC
+ 'Logon script path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.
+ 1.15{255} SINGLE-VALUE )
+olcAttributeTypes: {14}( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' DESC
+ 'Roaming profile path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.1
+ 21.1.15{255} SINGLE-VALUE )
+olcAttributeTypes: {15}( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations'
+ DESC 'List of user workstations the user is allowed to logon to' EQUALITY cas
+ eIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE )
+olcAttributeTypes: {16}( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath' DESC 'Ho
+ me directory UNC path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.1
+ 21.1.15{128} )
+olcAttributeTypes: {17}( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' DESC '
+ Windows NT domain to which the user belongs' EQUALITY caseIgnoreMatch SYNTAX
+ 1.3.6.1.4.1.1466.115.121.1.15{128} )
+olcAttributeTypes: {18}( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' DESC '
+ Base64 encoded user parameter string' EQUALITY caseExactMatch SYNTAX 1.3.6.1.
+ 4.1.1466.115.121.1.15{1050} )
+olcAttributeTypes: {19}( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' D
+ ESC 'Concatenated MD5 hashes of the salted NT passwords used on this account'
+ EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} )
+olcAttributeTypes: {20}( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Securit
+ y ID' EQUALITY caseIgnoreIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1
+ .3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
+olcAttributeTypes: {21}( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID' D
+ ESC 'Primary Group Security ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.
+ 1.1466.115.121.1.26{64} SINGLE-VALUE )
+olcAttributeTypes: {22}( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList' DESC 'Sec
+ urity ID List' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.
+ 26{64} )
+olcAttributeTypes: {23}( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' DESC 'N
+ T Group Type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING
+ LE-VALUE )
+olcAttributeTypes: {24}( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid' DESC
+ 'Next NT rid to give our for users' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.
+ 1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {25}( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid' DESC
+ 'Next NT rid to give out for groups' EQUALITY integerMatch SYNTAX 1.3.6.1.4.
+ 1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {26}( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid' DESC 'Nex
+ t NT rid to give out for anything' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1
+ 466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {27}( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase
+ ' DESC 'Base at which the samba RID generation algorithm should operate' EQUA
+ LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {28}( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName' DESC 'S
+ hare Name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SING
+ LE-VALUE )
+olcAttributeTypes: {29}( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName' DESC '
+ Option Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX
+ 1.3.6.1.4.1.1466.115.121.1.15{256} )
+olcAttributeTypes: {30}( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption' DESC '
+ A boolean option' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 S
+ INGLE-VALUE )
+olcAttributeTypes: {31}( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption' DES
+ C 'An integer option' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1
+ .27 SINGLE-VALUE )
+olcAttributeTypes: {32}( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption' DESC
+ 'A string option' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121
+ .1.26 SINGLE-VALUE )
+olcAttributeTypes: {33}( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption'
+ DESC 'A string list option' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.
+ 115.121.1.15 )
+olcAttributeTypes: {34}( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags' DESC '
+ Trust Password Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115
+ .121.1.26 )
+olcAttributeTypes: {35}( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength' DESC
+ 'Minimal password length (default: 5)' EQUALITY integerMatch SYNTAX 1.3.6.1.
+ 4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {36}( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength'
+ DESC 'Length of Password History Entries (default: 0 => off)' EQUALITY intege
+ rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {37}( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd' DES
+ C 'Force Users to logon for password change (default: 0 => off, 2 => on)' EQU
+ ALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {38}( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge' DESC 'M
+ aximum password age, in seconds (default: -1 => never expire passwords)' EQUA
+ LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {39}( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge' DESC 'M
+ inimum password age, in seconds (default: 0 => allow immediate password chang
+ e)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {40}( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration' D
+ ESC 'Lockout duration in minutes (default: 30, -1 => forever)' EQUALITY integ
+ erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {41}( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservation
+ Window' DESC 'Reset time after lockout in minutes (default: 30)' EQUALITY int
+ egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {42}( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold'
+ DESC 'Lockout users after bad logon attempts (default: 0 => off)' EQUALITY in
+ tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {43}( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff' DESC
+ 'Disconnect Users outside logon hours (default: -1 => off, 0 => on)' EQUALITY
+ integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {44}( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdCh
+ ange' DESC 'Allow Machine Password changes (default: 0 => off)' EQUALITY inte
+ gerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {45}( 1.3.6.1.4.1.7165.2.1.68 NAME 'sambaClearTextPassword'
+ DESC 'Clear text password (used for trusted domain passwords)' EQUALITY octe
+ tStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+olcAttributeTypes: {46}( 1.3.6.1.4.1.7165.2.1.69 NAME 'sambaPreviousClearTextP
+ assword' DESC 'Previous clear text password (used for trusted domain password
+ s)' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+olcAttributeTypes: {47}( 1.3.6.1.4.1.7165.2.1.70 NAME 'sambaTrustType' DESC 'T
+ ype of trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING
+ LE-VALUE )
+olcAttributeTypes: {48}( 1.3.6.1.4.1.7165.2.1.71 NAME 'sambaTrustAttributes' D
+ ESC 'Trust attributes for a trusted domain' EQUALITY integerMatch SYNTAX 1.3.
+ 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {49}( 1.3.6.1.4.1.7165.2.1.72 NAME 'sambaTrustDirection' DE
+ SC 'Direction of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.1
+ 21.1.27 SINGLE-VALUE )
+olcAttributeTypes: {50}( 1.3.6.1.4.1.7165.2.1.73 NAME 'sambaTrustPartner' DESC
+ 'Fully qualified name of the domain with which a trust exists' EQUALITY case
+ IgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} )
+olcAttributeTypes: {51}( 1.3.6.1.4.1.7165.2.1.74 NAME 'sambaFlatName' DESC 'Ne
+ tBIOS name of a domain' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.
+ 121.1.15{128} )
+olcAttributeTypes: {52}( 1.3.6.1.4.1.7165.2.1.75 NAME 'sambaTrustAuthOutgoing'
+ DESC 'Authentication information for the outgoing portion of a trust' EQUALIT
+ Y caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
+olcAttributeTypes: {53}( 1.3.6.1.4.1.7165.2.1.76 NAME 'sambaTrustAuthIncoming'
+ DESC 'Authentication information for the incoming portion of a trust' EQUALIT
+ Y caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
+olcAttributeTypes: {54}( 1.3.6.1.4.1.7165.2.1.77 NAME 'sambaSecurityIdentifier
+ ' DESC 'SID of a trusted domain' EQUALITY caseIgnoreIA5Match SUBSTR caseExact
+ IA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE )
+olcAttributeTypes: {55}( 1.3.6.1.4.1.7165.2.1.78 NAME 'sambaTrustForestTrustIn
+ fo' DESC 'Forest trust information for a trusted domain object' EQUALITY case
+ ExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} )
+olcAttributeTypes: {56}( 1.3.6.1.4.1.7165.2.1.79 NAME 'sambaTrustPosixOffset'
+ DESC 'POSIX offset of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.
+ 115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {57}( 1.3.6.1.4.1.7165.2.1.80 NAME 'sambaSupportedEncryptio
+ nTypes' DESC 'Supported encryption types of a trust' EQUALITY integerMatch SY
+ NTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcObjectClasses: {0}( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' DESC 'Sam
+ ba 3.0 Auxilary SAM Account' SUP top AUXILIARY MUST ( uid $ sambaSID ) MAY (
+ cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ sambaLogonTime $ s
+ ambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $ sambaPwdMustChange $
+ sambaAcctFlags $ displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScr
+ ipt $ sambaProfilePath $ description $ sambaUserWorkstations $ sambaPrimaryGr
+ oupSID $ sambaDomainName $ sambaMungedDial $ sambaBadPasswordCount $ sambaBad
+ PasswordTime $ sambaPasswordHistory $ sambaLogonHours ) )
+olcObjectClasses: {1}( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' DESC 'S
+ amba Group Mapping' SUP top AUXILIARY MUST ( gidNumber $ sambaSID $ sambaGrou
+ pType ) MAY ( displayName $ description $ sambaSIDList ) )
+olcObjectClasses: {2}( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' DESC
+ 'Samba Trust Password' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaNTPas
+ sword $ sambaTrustFlags ) MAY ( sambaSID $ sambaPwdLastSet ) )
+olcObjectClasses: {3}( 1.3.6.1.4.1.7165.2.2.15 NAME 'sambaTrustedDomainPasswor
+ d' DESC 'Samba Trusted Domain Password' SUP top STRUCTURAL MUST ( sambaDomain
+ Name $ sambaSID $ sambaClearTextPassword $ sambaPwdLastSet ) MAY sambaPreviou
+ sClearTextPassword )
+olcObjectClasses: {4}( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' DESC 'Samba D
+ omain Information' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaSID ) MAY
+ ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithmicRidB
+ ase $ sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd $ sambaM
+ axPwdAge $ sambaMinPwdAge $ sambaLockoutDuration $ sambaLockoutObservationWin
+ dow $ sambaLockoutThreshold $ sambaForceLogoff $ sambaRefuseMachinePwdChange
+ ) )
+olcObjectClasses: {5}( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' DESC 'Poo
+ l for allocating UNIX uids/gids' SUP top AUXILIARY MUST ( uidNumber $ gidNumb
+ er ) )
+olcObjectClasses: {6}( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' DESC 'Map
+ ping from a SID to an ID' SUP top AUXILIARY MUST sambaSID MAY ( uidNumber $ g
+ idNumber ) )
+olcObjectClasses: {7}( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' DESC 'Struc
+ tural Class for a SID' SUP top STRUCTURAL MUST sambaSID )
+olcObjectClasses: {8}( 1.3.6.1.4.1.7165.2.2.10 NAME 'sambaConfig' DESC 'Samba
+ Configuration Section' SUP top AUXILIARY MAY description )
+olcObjectClasses: {9}( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' DESC 'Samba S
+ hare Section' SUP top STRUCTURAL MUST sambaShareName MAY description )
+olcObjectClasses: {10}( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' DESC
+ 'Samba Configuration Option' SUP top STRUCTURAL MUST sambaOptionName MAY ( sa
+ mbaBoolOption $ sambaIntegerOption $ sambaStringOption $ sambaStringListoptio
+ n $ description ) )
+olcObjectClasses: {11}( 1.3.6.1.4.1.7165.2.2.16 NAME 'sambaTrustedDomain' DESC
+ 'Samba Trusted Domain Object' SUP top STRUCTURAL MUST cn MAY ( sambaTrustTyp
+ e $ sambaTrustAttributes $ sambaTrustDirection $ sambaTrustPartner $ sambaFla
+ tName $ sambaTrustAuthOutgoing $ sambaTrustAuthIncoming $ sambaSecurityIdenti
+ fier $ sambaTrustForestTrustInfo $ sambaTrustPosixOffset $ sambaSupportedEncr
+ yptionTypes) ) \ No newline at end of file
diff --git a/confskel/openldap/ldif/tde-core.ldif b/confskel/openldap/ldif/tde-core.ldif
index caf9919..52f7a80 100644
--- a/confskel/openldap/ldif/tde-core.ldif
+++ b/confskel/openldap/ldif/tde-core.ldif
@@ -9,6 +9,12 @@ olcAttributeTypes: {4}( 1.3.6.1.4.1.99999.1.1.5 NAME 'preferredDelivery' DESC 'P
olcAttributeTypes: {5}( 1.3.6.1.4.1.99999.1.1.6 NAME 'locallyUniqueID' DESC 'Locally unique identifier' SUP name )
olcAttributeTypes: {6}( 1.3.6.1.4.1.99999.1.1.7 NAME 'notes' DESC 'Account notes' SUP name )
olcAttributeTypes: {7} ( 1.3.6.1.4.1.99999.1.1.8 NAME 'tdeBuiltinAccount' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 )
-olcObjectClasses: {0}( 1.3.6.1.4.1.99999.1.2.1 NAME 'tdeExtendedUserData' SUP top AUXILIARY MAY ( website
- URL $ managerName $ secretaryName $ teletexId $ preferredDelivery $ locallyUniqueID $ notes ) )
-olcObjectClasses: {1}( 1.3.6.1.4.1.99999.1.2.2 NAME 'tdeAccountObject' SUP top AUXILIARY MAY tdeBuiltinAccount ) \ No newline at end of file
+# Type names defined in lib/kadm5/ad.c and lib/hdb/hdb-ldap.c
+olcAttributeTypes: {8} ( 1.3.6.1.4.1.99999.1.1.9 NAME 'pwdLastSet' DESC 'Timestamp of the last password update' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {9} ( 1.3.6.1.4.1.99999.1.1.10 NAME 'badPwdCount' DESC 'Bad password attempt count' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {10} ( 1.3.6.1.4.1.99999.1.1.11 NAME 'badPasswordTime' DESC 'Time of the last bad password attempt' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {11} ( 1.3.6.1.4.1.99999.1.1.12 NAME 'lastLogon' DESC 'Timestamp of last logon' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcAttributeTypes: {12} ( 1.3.6.1.4.1.99999.1.1.13 NAME 'lastLogoff' DESC 'Timestamp of last logoff' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+olcObjectClasses: {0} ( 1.3.6.1.4.1.99999.1.2.1 NAME 'tdeExtendedUserData' SUP top AUXILIARY MAY ( website
+ URL $ managerName $ secretaryName $ teletexId $ preferredDelivery $ locallyUniqueID $ notes $ pwdLastSet $ badPwdCount $ badPasswordTime $ lastLogon $ lastLogoff ) )
+olcObjectClasses: {1} ( 1.3.6.1.4.1.99999.1.2.2 NAME 'tdeAccountObject' SUP top AUXILIARY MAY tdeBuiltinAccount ) \ No newline at end of file
diff --git a/src/ldapcontroller.cpp b/src/ldapcontroller.cpp
index 03cd5a4..a345db3 100644
--- a/src/ldapcontroller.cpp
+++ b/src/ldapcontroller.cpp
@@ -848,6 +848,8 @@ configTempDir.setAutoDelete(false); // RAJA DEBUG ONLY FIXME
replacePlaceholdersInFile(templateDir + "openldap/ldif/hdb.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}hdb.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
ldifSchemaNumber = 8;
replacePlaceholdersInFile(templateDir + "openldap/ldif/tde-core.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}tde-core.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
+// ldifSchemaNumber = 9;
+// replacePlaceholdersInFile(templateDir + "openldap/ldif/samba.ldif", destDir + "ldap/slapd.d/cn=config/cn=schema/" + TQString("cn={%1}samba.ldif").arg(ldifSchemaNumber), realmconfig, adminUserName, adminGroupName, machineAdminGroupName, adminPassword, rootUserName, rootPassword, ldifSchemaNumber, slapd_uid, slapd_gid);
// Set permissions
chmod(TQString(HEIMDAL_DEFAULT_FILE).ascii(), S_IRUSR|S_IWUSR|S_IRGRP);