From 27c7342e5746d9f929da450302ad8b427c3eebc4 Mon Sep 17 00:00:00 2001 From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com> Date: Sun, 18 Jan 2026 20:24:35 +0100 Subject: [PATCH 1/2] replace bitnami --> sourcemation --- docker-compose.ldap.yaml | 12 ++++-------- 1 file changed, 4 insertions(+), 8 deletions(-) diff --git a/docker-compose.ldap.yaml b/docker-compose.ldap.yaml index ede52ede12..177ca54c41 100644 --- a/docker-compose.ldap.yaml +++ b/docker-compose.ldap.yaml @@ -15,6 +15,7 @@ services: DEFGUARD_AUTH_SECRET: defguard-auth-secret DEFGUARD_GATEWAY_SECRET: defguard-gateway-secret DEFGUARD_YUBIBRIDGE_SECRET: defguard-yubibridge-secret + DEFGUARD_SECRET_KEY: aa5a506b11d719dd7170f57f5d9947faf8eb0bc2be1325e42aa0237c3dcfd26456e73dff9eef3b12c7bcf8711b45e3e703d8e21ee1c08520f5e12e3f5772da94 DEFGUARD_DB_HOST: db DEFGUARD_DB_PORT: 5432 DEFGUARD_DB_USER: defguard @@ -66,19 +67,14 @@ services: - NET_ADMIN openldap: - image: bitnami/openldap:2.6 + image: sourcemation/openldap:latest user: root restart: unless-stopped environment: - LDAP_EXTRA_SCHEMAS: "cosine,inetorgperson,nis,openssh-lpk_openldap,samba,gnupg-ldap-schema,orion" + LDAP_ADMIN_PASSWORD: "pass123" ports: - - "389:1389" + - "389:389" volumes: - ./ldap-initdb.d:/docker-entrypoint-initdb.d:ro - - ./ldif/gnupg-ldap-schema.ldif:/opt/bitnami/openldap/etc/schema/gnupg-ldap-schema.ldif:ro - - ./ldif/openssh-lpk_openldap.ldif:/opt/bitnami/openldap/etc/schema/openssh-lpk_openldap.ldif:ro - - ./ldif/orion.ldif:/opt/bitnami/openldap/etc/schema/orion.ldif:ro - - ./ldif/samba.ldif:/opt/bitnami/openldap/etc/schema/samba.ldif:ro - ./ldif/init.ldif:/ldifs/init.ldif:ro - ./ldif/custom.ldif:/schema/custom.ldif:ro - - ./.volumes_ldap/openldap:/bitnami/openldap From a7829cdcee15572473a45ceb1a5d13962013a424 Mon Sep 17 00:00:00 2001 From: jakub-tldr <78603704+jakub-tldr@users.noreply.github.com> Date: Mon, 19 Jan 2026 15:34:27 +0100 Subject: [PATCH 2/2] delete docker-compose and ldap dependencies --- docker-compose.ldap.yaml | 80 ------------ ldap-initdb.d/set_access.sh | 18 --- ldif/custom.ldif | 14 --- ldif/gnupg-ldap-schema.ldif | 209 ------------------------------ ldif/init.ldif | 39 ------ ldif/openssh-lpk_openldap.ldif | 9 -- ldif/orion.ldif | 13 -- ldif/samba.ldif | 224 --------------------------------- 8 files changed, 606 deletions(-) delete mode 100644 docker-compose.ldap.yaml delete mode 100755 ldap-initdb.d/set_access.sh delete mode 100644 ldif/custom.ldif delete mode 100644 ldif/gnupg-ldap-schema.ldif delete mode 100644 ldif/init.ldif delete mode 100644 ldif/openssh-lpk_openldap.ldif delete mode 100644 ldif/orion.ldif delete mode 100644 ldif/samba.ldif diff --git a/docker-compose.ldap.yaml b/docker-compose.ldap.yaml deleted file mode 100644 index 177ca54c41..0000000000 --- a/docker-compose.ldap.yaml +++ /dev/null @@ -1,80 +0,0 @@ -version: "3" - -services: - core: - image: ghcr.io/defguard/defguard:latest - build: - context: . - dockerfile: Dockerfile - environment: - DEFGUARD_LDAP_URL: ldap://openldap:1389 - DEFGUARD_LDAP_BIND_USERNAME: cn=user,ou=users,dc=example,dc=org - DEFGUARD_LDAP_BIND_PASSWORD: user - DEFGUARD_LDAP_USER_SEARCH_BASE: "ou=users,dc=example,dc=org" - DEFGUARD_LDAP_GROUP_SEARCH_BASE: "ou=groups,dc=example,dc=org" - DEFGUARD_AUTH_SECRET: defguard-auth-secret - DEFGUARD_GATEWAY_SECRET: defguard-gateway-secret - DEFGUARD_YUBIBRIDGE_SECRET: defguard-yubibridge-secret - DEFGUARD_SECRET_KEY: aa5a506b11d719dd7170f57f5d9947faf8eb0bc2be1325e42aa0237c3dcfd26456e73dff9eef3b12c7bcf8711b45e3e703d8e21ee1c08520f5e12e3f5772da94 - DEFGUARD_DB_HOST: db - DEFGUARD_DB_PORT: 5432 - DEFGUARD_DB_USER: defguard - DEFGUARD_DB_PASSWORD: defguard - DEFGUARD_DB_NAME: defguard - DEFGUARD_URL: http://localhost:3000 - RUST_BACKTRACE: 1 - ports: - # rest api - - "8000:8000" - # grpc - - "50055:50055" - depends_on: - - db - - gateway: - image: ghcr.io/defguard/gateway:latest - environment: - DEFGUARD_GRPC_URL: http://core:50055 - DEFGUARD_STATS_PERIOD: 60 - DEFGUARD_TOKEN: eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJEZWZHdWFyZCIsInN1YiI6IlRlc3ROZXQiLCJjbGllbnRfaWQiOiIiLCJleHAiOjU5NjE3NDcwNzYsIm5iZiI6MTY2Njc3OTc4MSwicm9sZXMiOltdfQ.uEUMnw_gO23W0K2q3N1lToeP0D2zAY1swr8N-84sRHA - RUST_LOG: debug - ports: - # WireGuard endpoint - - "50051:50051/udp" - depends_on: - - core - cap_add: - - NET_ADMIN - - db: - image: postgres:15-alpine - environment: - POSTGRES_DB: defguard - POSTGRES_USER: defguard - POSTGRES_PASSWORD: defguard - volumes: - - ./.volumes/db:/var/lib/postgresql/data - ports: - - "5432:5432" - - device: - build: - dockerfile: Dockerfile.device - context: . - depends_on: - - gateway - cap_add: - - NET_ADMIN - - openldap: - image: sourcemation/openldap:latest - user: root - restart: unless-stopped - environment: - LDAP_ADMIN_PASSWORD: "pass123" - ports: - - "389:389" - volumes: - - ./ldap-initdb.d:/docker-entrypoint-initdb.d:ro - - ./ldif/init.ldif:/ldifs/init.ldif:ro - - ./ldif/custom.ldif:/schema/custom.ldif:ro diff --git a/ldap-initdb.d/set_access.sh b/ldap-initdb.d/set_access.sh deleted file mode 100755 index b499f99464..0000000000 --- a/ldap-initdb.d/set_access.sh +++ /dev/null @@ -1,18 +0,0 @@ -. /opt/bitnami/scripts/libopenldap.sh - -ldap_start_bg - -echo "Setting custom access permissions for ${LDAP_ROOT}" - -cat <*) -# mailsub: (pgpUserID=*<*%s*>*) -# mailend: (pgpUserID=*<*%s>*) -olcAttributeTypes: {8}( - 1.3.6.1.4.1.3401.8.2.16 - NAME 'pgpUserID' - DESC 'User ID(s) associated with the key' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -# The creation time of the primary key. -# Stored in ISO format: "20201231 120000" -olcAttributeTypes: {9}( - 1.3.6.1.4.1.3401.8.2.17 - NAME 'pgpKeyCreateTime' - DESC 'Primary key creation time' - EQUALITY caseIgnoreMatch - ORDERING caseIgnoreOrderingMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 - SINGLE-VALUE ) -# Not used -olcAttributeTypes: {10}( - 1.3.6.1.4.1.3401.8.2.18 - NAME 'pgpSignerID' - DESC 'pgpSignerID attribute for PGP' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -# A value of 1 indicated that the keyblock has been revoked -olcAttributeTypes: {11}( - 1.3.6.1.4.1.3401.8.2.19 - NAME 'pgpRevoked' - DESC 'pgpRevoked attribute for PGP' - EQUALITY caseIgnoreMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 - SINGLE-VALUE ) -olcAttributeTypes: {12}( - 1.3.6.1.4.1.3401.8.2.20 - NAME 'pgpSubKeyID' - DESC 'Sub-key ID(s) of the PGP key.' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -# A hin on the keysize. -olcAttributeTypes: {13}( - 1.3.6.1.4.1.3401.8.2.21 - NAME 'pgpKeySize' - DESC 'pgpKeySize attribute for PGP' - EQUALITY caseIgnoreMatch - ORDERING caseIgnoreOrderingMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -# Expiration time of the primary key. -# Stored in ISO format: "20201231 120000" -olcAttributeTypes: {14}( - 1.3.6.1.4.1.3401.8.2.22 - NAME 'pgpKeyExpireTime' - DESC 'pgpKeyExpireTime attribute for PGP' - EQUALITY caseIgnoreMatch - ORDERING caseIgnoreOrderingMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 - SINGLE-VALUE ) -# -# The hex encoded fingerprint of the primary key. -olcAttributeTypes: {15}( - 1.3.6.1.4.1.11591.2.4.1.1 - NAME 'gpgFingerprint' - DESC 'Fingerprint of the primary key' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 - SINGLE-VALUE ) -# A list of hex encoded fingerprints of the subkeys. -olcAttributeTypes: {16}( - 1.3.6.1.4.1.11591.2.4.1.2 - NAME 'gpgSubFingerprint' - DESC 'Fingerprints of the secondary keys' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -# A list of utf8 encoded addr-spec used instead of mail/rfc822Mailbox -olcAttributeTypes: {17}( - 1.3.6.1.4.1.11591.2.4.1.3 - NAME 'gpgMailbox' - DESC 'The utf8 encoded addr-spec of a mailbox' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -# A list of hex encoded long keyids of all subkeys. -olcAttributeTypes: {18}( - 1.3.6.1.4.1.11591.2.4.1.4 - NAME 'gpgSubCertID' - DESC 'OpenPGP long subkey id' - EQUALITY caseIgnoreMatch - SUBSTR caseIgnoreSubstringsMatch - SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -# -# -# Used by regular LDAP servers to indicate pgp support. -# -olcObjectClasses: {0}( - 1.3.6.1.4.1.3401.8.2.23 - NAME 'pgpServerInfo' - DESC 'An OpenPGP public keyblock store' - SUP top - STRUCTURAL MUST ( cn $ pgpBaseKeySpaceDN ) - MAY ( pgpSoftware $ pgpVersion ) ) -# -# The original PGP key object extended with a few extra attributes. -# All new software should set them but this is not enforced for -# backward compatibility -olcObjectClasses: {1}( - 1.3.6.1.4.1.3401.8.2.24 - NAME 'pgpKeyInfo' - DESC 'An OpenPGP public keyblock' - SUP top - AUXILIARY MUST ( pgpCertID $ pgpKey ) - MAY ( pgpDisabled $ pgpKeyID $ pgpKeyType $ - pgpUserID $ pgpKeyCreateTime $ pgpSignerID $ - pgpRevoked $ pgpSubKeyID $ pgpKeySize $ - pgpKeyExpireTime $ gpgFingerprint $ - gpgSubFingerprint $ gpgSubCertID $ - gpgMailbox ) ) -# -# end-of-file -# diff --git a/ldif/init.ldif b/ldif/init.ldif deleted file mode 100644 index 8223fb3e62..0000000000 --- a/ldif/init.ldif +++ /dev/null @@ -1,39 +0,0 @@ -dn: dc=example,dc=org -objectClass: dcObject -objectClass: organization -dc: example -o: example - -dn: ou=users,dc=example,dc=org -objectClass: organizationalUnit -ou: users - -dn: cn=user,ou=users,dc=example,dc=org -cn: user -givenName: User -sn: Dummy -objectClass: inetOrgPerson -objectClass: ldapPublicKey -objectClass: pgpKeyInfo -objectClass: sambaSamAccount -objectClass: shadowAccount -objectClass: simpleSecurityObject -userPassword: {SSHA}NnpaV9UhNlh0Gd8a2z5h82KL01rpXctZ -uid: user -sambaSID: 0 -sambaNTPassword: 57d583aa46d571502aad4bb7aea09c70 -sshPublicKey: -pgpCertID: - -pgpKey: - -dn: ou=groups,dc=example,dc=org -ou: groups -objectClass: organizationalUnit -objectClass: top - -dn: cn=admin,ou=groups,dc=example,dc=org -objectClass: groupOfUniqueNames -objectClass: top -cn: admin -uniqueMember: cn=admin,dc=example,dc=org -uniqueMember: cn=user,ou=users,dc=example,dc=org diff --git a/ldif/openssh-lpk_openldap.ldif b/ldif/openssh-lpk_openldap.ldif deleted file mode 100644 index e28919f260..0000000000 --- a/ldif/openssh-lpk_openldap.ldif +++ /dev/null @@ -1,9 +0,0 @@ -dn: cn=openssh-lpk_openldap,cn=schema,cn=config -objectClass: olcSchemaConfig -cn: openssh-lpk_openldap -olcAttributeTypes: {0}( 1.3.6.1.4.1.24552.500.1.1.1.13 NAME 'sshPublicKey' DES - C 'MANDATORY: OpenSSH Public key' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4. - 1.1466.115.121.1.40 ) -olcObjectClasses: {0}( 1.3.6.1.4.1.24552.500.1.1.2.0 NAME 'ldapPublicKey' DESC - 'MANDATORY: OpenSSH LPK objectclass' SUP top AUXILIARY MUST ( sshPublicKey $ - uid ) ) diff --git a/ldif/orion.ldif b/ldif/orion.ldif deleted file mode 100644 index c4549261c6..0000000000 --- a/ldif/orion.ldif +++ /dev/null @@ -1,13 +0,0 @@ -dn: cn=orion-device,cn=schema,cn=config -objectClass: olcSchemaConfig -cn: orion-device -olcAttributeTypes: {0}( 1.3.6.1.4.1.24552.500.1.1.1.990 NAME 'deviceName' - DESC 'Orion device name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -olcAttributeTypes: {1}( 1.3.6.1.4.1.24552.500.1.1.1.991 NAME 'deviceId' - DESC 'Orion device identifier' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 ) -olcAttributeTypes: {2}( 1.3.6.1.4.1.24552.500.1.1.1.992 NAME 'wireGuardPublicKey' - DESC 'Wireguard public key' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -olcAttributeTypes: {3}( 1.3.6.1.4.1.24552.500.1.1.1.993 NAME 'wireGuardIp' - DESC 'Wireguard allowed Ip' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 ) -olcObjectClasses: {0}( 1.3.6.1.4.1.24552.500.1.1.2.990 NAME 'orionDevice' - DESC 'Services wireguard' SUP top STRUCTURAL MUST (deviceName $ deviceId $ wireGuardpublickey $ wireGuardIp) ) diff --git a/ldif/samba.ldif b/ldif/samba.ldif deleted file mode 100644 index 5106e5f8c6..0000000000 --- a/ldif/samba.ldif +++ /dev/null @@ -1,224 +0,0 @@ -dn: cn=samba,cn=schema,cn=config -objectClass: olcSchemaConfig -cn: samba -olcAttributeTypes: {0}( 1.3.6.1.4.1.7165.2.1.24 NAME 'sambaLMPassword' DESC 'L - anManager Password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.1 - 21.1.26{32} SINGLE-VALUE ) -olcAttributeTypes: {1}( 1.3.6.1.4.1.7165.2.1.25 NAME 'sambaNTPassword' DESC 'M - D4 hash of the unicode password' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4 - .1.1466.115.121.1.26{32} SINGLE-VALUE ) -olcAttributeTypes: {2}( 1.3.6.1.4.1.7165.2.1.26 NAME 'sambaAcctFlags' DESC 'Ac - count Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - {16} SINGLE-VALUE ) -olcAttributeTypes: {3}( 1.3.6.1.4.1.7165.2.1.27 NAME 'sambaPwdLastSet' DESC 'T - imestamp of the last password update' EQUALITY integerMatch SYNTAX 1.3.6.1.4. - 1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {4}( 1.3.6.1.4.1.7165.2.1.28 NAME 'sambaPwdCanChange' DESC - 'Timestamp of when the user is allowed to update the password' EQUALITY integ - erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {5}( 1.3.6.1.4.1.7165.2.1.29 NAME 'sambaPwdMustChange' DESC - 'Timestamp of when the password will expire' EQUALITY integerMatch SYNTAX 1. - 3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {6}( 1.3.6.1.4.1.7165.2.1.30 NAME 'sambaLogonTime' DESC 'Ti - mestamp of last logon' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121. - 1.27 SINGLE-VALUE ) -olcAttributeTypes: {7}( 1.3.6.1.4.1.7165.2.1.31 NAME 'sambaLogoffTime' DESC 'T - imestamp of last logoff' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.12 - 1.1.27 SINGLE-VALUE ) -olcAttributeTypes: {8}( 1.3.6.1.4.1.7165.2.1.32 NAME 'sambaKickoffTime' DESC ' - Timestamp of when the user will be logged off automatically' EQUALITY integer - Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {9}( 1.3.6.1.4.1.7165.2.1.48 NAME 'sambaBadPasswordCount' D - ESC 'Bad password attempt count' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.146 - 6.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {10}( 1.3.6.1.4.1.7165.2.1.49 NAME 'sambaBadPasswordTime' D - ESC 'Time of the last bad password attempt' EQUALITY integerMatch SYNTAX 1.3. - 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {11}( 1.3.6.1.4.1.7165.2.1.55 NAME 'sambaLogonHours' DESC ' - Logon Hours' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 - {42} SINGLE-VALUE ) -olcAttributeTypes: {12}( 1.3.6.1.4.1.7165.2.1.33 NAME 'sambaHomeDrive' DESC 'D - river letter of home directory mapping' EQUALITY caseIgnoreIA5Match SYNTAX 1. - 3.6.1.4.1.1466.115.121.1.26{4} SINGLE-VALUE ) -olcAttributeTypes: {13}( 1.3.6.1.4.1.7165.2.1.34 NAME 'sambaLogonScript' DESC - 'Logon script path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121. - 1.15{255} SINGLE-VALUE ) -olcAttributeTypes: {14}( 1.3.6.1.4.1.7165.2.1.35 NAME 'sambaProfilePath' DESC - 'Roaming profile path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.1 - 21.1.15{255} SINGLE-VALUE ) -olcAttributeTypes: {15}( 1.3.6.1.4.1.7165.2.1.36 NAME 'sambaUserWorkstations' - DESC 'List of user workstations the user is allowed to logon to' EQUALITY cas - eIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{255} SINGLE-VALUE ) -olcAttributeTypes: {16}( 1.3.6.1.4.1.7165.2.1.37 NAME 'sambaHomePath' DESC 'Ho - me directory UNC path' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.1 - 21.1.15{128} ) -olcAttributeTypes: {17}( 1.3.6.1.4.1.7165.2.1.38 NAME 'sambaDomainName' DESC ' - Windows NT domain to which the user belongs' EQUALITY caseIgnoreMatch SYNTAX - 1.3.6.1.4.1.1466.115.121.1.15{128} ) -olcAttributeTypes: {18}( 1.3.6.1.4.1.7165.2.1.47 NAME 'sambaMungedDial' DESC ' - Base64 encoded user parameter string' EQUALITY caseExactMatch SYNTAX 1.3.6.1. - 4.1.1466.115.121.1.15{1050} ) -olcAttributeTypes: {19}( 1.3.6.1.4.1.7165.2.1.54 NAME 'sambaPasswordHistory' D - ESC 'Concatenated MD5 hashes of the salted NT passwords used on this account' - EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{32} ) -olcAttributeTypes: {20}( 1.3.6.1.4.1.7165.2.1.20 NAME 'sambaSID' DESC 'Securit - y ID' EQUALITY caseIgnoreIA5Match SUBSTR caseExactIA5SubstringsMatch SYNTAX 1 - .3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) -olcAttributeTypes: {21}( 1.3.6.1.4.1.7165.2.1.23 NAME 'sambaPrimaryGroupSID' D - ESC 'Primary Group Security ID' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4. - 1.1466.115.121.1.26{64} SINGLE-VALUE ) -olcAttributeTypes: {22}( 1.3.6.1.4.1.7165.2.1.51 NAME 'sambaSIDList' DESC 'Sec - urity ID List' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121.1. - 26{64} ) -olcAttributeTypes: {23}( 1.3.6.1.4.1.7165.2.1.19 NAME 'sambaGroupType' DESC 'N - T Group Type' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING - LE-VALUE ) -olcAttributeTypes: {24}( 1.3.6.1.4.1.7165.2.1.21 NAME 'sambaNextUserRid' DESC - 'Next NT rid to give our for users' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1. - 1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {25}( 1.3.6.1.4.1.7165.2.1.22 NAME 'sambaNextGroupRid' DESC - 'Next NT rid to give out for groups' EQUALITY integerMatch SYNTAX 1.3.6.1.4. - 1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {26}( 1.3.6.1.4.1.7165.2.1.39 NAME 'sambaNextRid' DESC 'Nex - t NT rid to give out for anything' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1 - 466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {27}( 1.3.6.1.4.1.7165.2.1.40 NAME 'sambaAlgorithmicRidBase - ' DESC 'Base at which the samba RID generation algorithm should operate' EQUA - LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {28}( 1.3.6.1.4.1.7165.2.1.41 NAME 'sambaShareName' DESC 'S - hare Name' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SING - LE-VALUE ) -olcAttributeTypes: {29}( 1.3.6.1.4.1.7165.2.1.42 NAME 'sambaOptionName' DESC ' - Option Name' EQUALITY caseIgnoreMatch SUBSTR caseIgnoreSubstringsMatch SYNTAX - 1.3.6.1.4.1.1466.115.121.1.15{256} ) -olcAttributeTypes: {30}( 1.3.6.1.4.1.7165.2.1.43 NAME 'sambaBoolOption' DESC ' - A boolean option' EQUALITY booleanMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.7 S - INGLE-VALUE ) -olcAttributeTypes: {31}( 1.3.6.1.4.1.7165.2.1.44 NAME 'sambaIntegerOption' DES - C 'An integer option' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1 - .27 SINGLE-VALUE ) -olcAttributeTypes: {32}( 1.3.6.1.4.1.7165.2.1.45 NAME 'sambaStringOption' DESC - 'A string option' EQUALITY caseExactIA5Match SYNTAX 1.3.6.1.4.1.1466.115.121 - .1.26 SINGLE-VALUE ) -olcAttributeTypes: {33}( 1.3.6.1.4.1.7165.2.1.46 NAME 'sambaStringListOption' - DESC 'A string list option' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466. - 115.121.1.15 ) -olcAttributeTypes: {34}( 1.3.6.1.4.1.7165.2.1.53 NAME 'sambaTrustFlags' DESC ' - Trust Password Flags' EQUALITY caseIgnoreIA5Match SYNTAX 1.3.6.1.4.1.1466.115 - .121.1.26 ) -olcAttributeTypes: {35}( 1.3.6.1.4.1.7165.2.1.58 NAME 'sambaMinPwdLength' DESC - 'Minimal password length (default: 5)' EQUALITY integerMatch SYNTAX 1.3.6.1. - 4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {36}( 1.3.6.1.4.1.7165.2.1.59 NAME 'sambaPwdHistoryLength' - DESC 'Length of Password History Entries (default: 0 => off)' EQUALITY intege - rMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {37}( 1.3.6.1.4.1.7165.2.1.60 NAME 'sambaLogonToChgPwd' DES - C 'Force Users to logon for password change (default: 0 => off, 2 => on)' EQU - ALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {38}( 1.3.6.1.4.1.7165.2.1.61 NAME 'sambaMaxPwdAge' DESC 'M - aximum password age, in seconds (default: -1 => never expire passwords)' EQUA - LITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {39}( 1.3.6.1.4.1.7165.2.1.62 NAME 'sambaMinPwdAge' DESC 'M - inimum password age, in seconds (default: 0 => allow immediate password chang - e)' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {40}( 1.3.6.1.4.1.7165.2.1.63 NAME 'sambaLockoutDuration' D - ESC 'Lockout duration in minutes (default: 30, -1 => forever)' EQUALITY integ - erMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {41}( 1.3.6.1.4.1.7165.2.1.64 NAME 'sambaLockoutObservation - Window' DESC 'Reset time after lockout in minutes (default: 30)' EQUALITY int - egerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {42}( 1.3.6.1.4.1.7165.2.1.65 NAME 'sambaLockoutThreshold' - DESC 'Lockout users after bad logon attempts (default: 0 => off)' EQUALITY in - tegerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {43}( 1.3.6.1.4.1.7165.2.1.66 NAME 'sambaForceLogoff' DESC - 'Disconnect Users outside logon hours (default: -1 => off, 0 => on)' EQUALITY - integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {44}( 1.3.6.1.4.1.7165.2.1.67 NAME 'sambaRefuseMachinePwdCh - ange' DESC 'Allow Machine Password changes (default: 0 => off)' EQUALITY inte - gerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {45}( 1.3.6.1.4.1.7165.2.1.68 NAME 'sambaClearTextPassword' - DESC 'Clear text password (used for trusted domain passwords)' EQUALITY octe - tStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) -olcAttributeTypes: {46}( 1.3.6.1.4.1.7165.2.1.69 NAME 'sambaPreviousClearTextP - assword' DESC 'Previous clear text password (used for trusted domain password - s)' EQUALITY octetStringMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) -olcAttributeTypes: {47}( 1.3.6.1.4.1.7165.2.1.70 NAME 'sambaTrustType' DESC 'T - ype of trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SING - LE-VALUE ) -olcAttributeTypes: {48}( 1.3.6.1.4.1.7165.2.1.71 NAME 'sambaTrustAttributes' D - ESC 'Trust attributes for a trusted domain' EQUALITY integerMatch SYNTAX 1.3. - 6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {49}( 1.3.6.1.4.1.7165.2.1.72 NAME 'sambaTrustDirection' DE - SC 'Direction of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466.115.1 - 21.1.27 SINGLE-VALUE ) -olcAttributeTypes: {50}( 1.3.6.1.4.1.7165.2.1.73 NAME 'sambaTrustPartner' DESC - 'Fully qualified name of the domain with which a trust exists' EQUALITY case - IgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{128} ) -olcAttributeTypes: {51}( 1.3.6.1.4.1.7165.2.1.74 NAME 'sambaFlatName' DESC 'Ne - tBIOS name of a domain' EQUALITY caseIgnoreMatch SYNTAX 1.3.6.1.4.1.1466.115. - 121.1.15{128} ) -olcAttributeTypes: {52}( 1.3.6.1.4.1.7165.2.1.75 NAME 'sambaTrustAuthOutgoing' - DESC 'Authentication information for the outgoing portion of a trust' EQUALIT - Y caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) -olcAttributeTypes: {53}( 1.3.6.1.4.1.7165.2.1.76 NAME 'sambaTrustAuthIncoming' - DESC 'Authentication information for the incoming portion of a trust' EQUALIT - Y caseExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) -olcAttributeTypes: {54}( 1.3.6.1.4.1.7165.2.1.77 NAME 'sambaSecurityIdentifier - ' DESC 'SID of a trusted domain' EQUALITY caseIgnoreIA5Match SUBSTR caseExact - IA5SubstringsMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.26{64} SINGLE-VALUE ) -olcAttributeTypes: {55}( 1.3.6.1.4.1.7165.2.1.78 NAME 'sambaTrustForestTrustIn - fo' DESC 'Forest trust information for a trusted domain object' EQUALITY case - ExactMatch SYNTAX 1.3.6.1.4.1.1466.115.121.1.15{1050} ) -olcAttributeTypes: {56}( 1.3.6.1.4.1.7165.2.1.79 NAME 'sambaTrustPosixOffset' - DESC 'POSIX offset of a trust' EQUALITY integerMatch SYNTAX 1.3.6.1.4.1.1466. - 115.121.1.27 SINGLE-VALUE ) -olcAttributeTypes: {57}( 1.3.6.1.4.1.7165.2.1.80 NAME 'sambaSupportedEncryptio - nTypes' DESC 'Supported encryption types of a trust' EQUALITY integerMatch SY - NTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE ) -olcObjectClasses: {0}( 1.3.6.1.4.1.7165.2.2.6 NAME 'sambaSamAccount' DESC 'Sam - ba 3.0 Auxilary SAM Account' SUP top AUXILIARY MUST ( uid $ sambaSID ) MAY ( - cn $ sambaLMPassword $ sambaNTPassword $ sambaPwdLastSet $ sambaLogonTime $ s - ambaLogoffTime $ sambaKickoffTime $ sambaPwdCanChange $ sambaPwdMustChange $ - sambaAcctFlags $ displayName $ sambaHomePath $ sambaHomeDrive $ sambaLogonScr - ipt $ sambaProfilePath $ description $ sambaUserWorkstations $ sambaPrimaryGr - oupSID $ sambaDomainName $ sambaMungedDial $ sambaBadPasswordCount $ sambaBad - PasswordTime $ sambaPasswordHistory $ sambaLogonHours ) ) -olcObjectClasses: {1}( 1.3.6.1.4.1.7165.2.2.4 NAME 'sambaGroupMapping' DESC 'S - amba Group Mapping' SUP top AUXILIARY MUST ( gidNumber $ sambaSID $ sambaGrou - pType ) MAY ( displayName $ description $ sambaSIDList ) ) -olcObjectClasses: {2}( 1.3.6.1.4.1.7165.2.2.14 NAME 'sambaTrustPassword' DESC - 'Samba Trust Password' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaNTPas - sword $ sambaTrustFlags ) MAY ( sambaSID $ sambaPwdLastSet ) ) -olcObjectClasses: {3}( 1.3.6.1.4.1.7165.2.2.15 NAME 'sambaTrustedDomainPasswor - d' DESC 'Samba Trusted Domain Password' SUP top STRUCTURAL MUST ( sambaDomain - Name $ sambaSID $ sambaClearTextPassword $ sambaPwdLastSet ) MAY sambaPreviou - sClearTextPassword ) -olcObjectClasses: {4}( 1.3.6.1.4.1.7165.2.2.5 NAME 'sambaDomain' DESC 'Samba D - omain Information' SUP top STRUCTURAL MUST ( sambaDomainName $ sambaSID ) MAY - ( sambaNextRid $ sambaNextGroupRid $ sambaNextUserRid $ sambaAlgorithmicRidB - ase $ sambaMinPwdLength $ sambaPwdHistoryLength $ sambaLogonToChgPwd $ sambaM - axPwdAge $ sambaMinPwdAge $ sambaLockoutDuration $ sambaLockoutObservationWin - dow $ sambaLockoutThreshold $ sambaForceLogoff $ sambaRefuseMachinePwdChange - ) ) -olcObjectClasses: {5}( 1.3.6.1.4.1.7165.2.2.7 NAME 'sambaUnixIdPool' DESC 'Poo - l for allocating UNIX uids/gids' SUP top AUXILIARY MUST ( uidNumber $ gidNumb - er ) ) -olcObjectClasses: {6}( 1.3.6.1.4.1.7165.2.2.8 NAME 'sambaIdmapEntry' DESC 'Map - ping from a SID to an ID' SUP top AUXILIARY MUST sambaSID MAY ( uidNumber $ g - idNumber ) ) -olcObjectClasses: {7}( 1.3.6.1.4.1.7165.2.2.9 NAME 'sambaSidEntry' DESC 'Struc - tural Class for a SID' SUP top STRUCTURAL MUST sambaSID ) -olcObjectClasses: {8}( 1.3.6.1.4.1.7165.2.2.10 NAME 'sambaConfig' DESC 'Samba - Configuration Section' SUP top AUXILIARY MAY description ) -olcObjectClasses: {9}( 1.3.6.1.4.1.7165.2.2.11 NAME 'sambaShare' DESC 'Samba S - hare Section' SUP top STRUCTURAL MUST sambaShareName MAY description ) -olcObjectClasses: {10}( 1.3.6.1.4.1.7165.2.2.12 NAME 'sambaConfigOption' DESC - 'Samba Configuration Option' SUP top STRUCTURAL MUST sambaOptionName MAY ( sa - mbaBoolOption $ sambaIntegerOption $ sambaStringOption $ sambaStringListoptio - n $ description ) ) -olcObjectClasses: {11}( 1.3.6.1.4.1.7165.2.2.16 NAME 'sambaTrustedDomain' DESC - 'Samba Trusted Domain Object' SUP top STRUCTURAL MUST cn MAY ( sambaTrustTyp - e $ sambaTrustAttributes $ sambaTrustDirection $ sambaTrustPartner $ sambaFla - tName $ sambaTrustAuthOutgoing $ sambaTrustAuthIncoming $ sambaSecurityIdenti - fier $ sambaTrustForestTrustInfo $ sambaTrustPosixOffset $ sambaSupportedEncr - yptionTypes) )