rubynas 0.1.0.pre.1

data/lib/rubynas/version.rb

@@ -0,0 +1,3 @@
+module Rubynas
+  VERSION = '0.1.0.pre.1'  
+end

data/rubynas.gemspec

@@ -0,0 +1,69 @@
+# coding: utf-8
+lib = File.expand_path('../lib', __FILE__)
+$LOAD_PATH.unshift(lib) unless $LOAD_PATH.include?(lib)
+require 'rubynas/version'
+
+Gem::Specification.new do |spec|
+  spec.name          = "rubynas"
+  spec.version       = Rubynas::VERSION
+  spec.authors       = ["Vincent Landgraf"]
+  spec.email         = ["setcool@gmx.de"]
+  spec.description   = %q{The ruby based nas system}
+  spec.summary       = "Offers an api to configure, install and manage " + 
+                       "essential services for a nas system"
+  spec.homepage      = "https://github.com/rubynas/rubynas"
+  spec.license       = "MIT"
+  spec.required_ruby_version = '>= 1.9.0'
+
+  spec.files         = `git ls-files`.split($/)
+  spec.executables   = spec.files.grep(%r{^bin/}) { |f| File.basename(f) }
+  spec.test_files    = spec.files.grep(%r{^(test|spec|features)/})
+  spec.require_paths = ["lib"]
+
+  spec.add_development_dependency 'bundler', '~> 1.3'
+  spec.add_development_dependency 'rake'
+  spec.add_development_dependency 'rspec'
+  spec.add_development_dependency 'factory_girl', '~> 4.0'
+  spec.add_development_dependency 'bundler-audit'
+  spec.add_development_dependency 'guard-rspec'
+  spec.add_development_dependency 'cane'
+  spec.add_development_dependency 'brakeman'
+  spec.add_development_dependency 'rb-fsevent', '~> 0.9'
+  spec.add_development_dependency 'shoulda-matchers'
+  spec.add_development_dependency 'simplecov'
+  spec.add_development_dependency 'simplecov-rcov-text'
+  spec.add_development_dependency 'rack-test'
+  spec.add_development_dependency 'database_cleaner'
+
+  # Configuration
+  spec.add_runtime_dependency 'inifile'
+
+  # ORM DB
+  spec.add_runtime_dependency 'activerecord', '3.2.13'
+
+  # DB
+  spec.add_runtime_dependency 'sqlite3'
+  
+  # Ldap access layer
+  spec.add_runtime_dependency 'net-ldap'
+  spec.add_runtime_dependency 'activeldap', '~> 3.2.2'
+
+  # AFP / Netatalk
+  spec.add_runtime_dependency 'netatalk-config'
+
+  # Service management
+  spec.add_runtime_dependency 'foreman'
+  spec.add_runtime_dependency 'dnssd'
+  spec.add_runtime_dependency 'puma'
+
+  # Middleware API
+  spec.add_runtime_dependency 'grape'
+  spec.add_runtime_dependency 'grape-entity'
+
+  # System logging
+  spec.add_runtime_dependency 'lumberjack'
+  spec.add_runtime_dependency 'lumberjack_syslog_device'
+
+  # System information
+  spec.add_runtime_dependency 'vmstat'
+end

data/rubynas.ini

@@ -0,0 +1,24 @@
+;
+; This is the configuration file for local development and testing.
+;
+
+; Configuration for the sqlite3 database
+[Database]
+path = rubynas.sqlite3
+timeout = 5000
+pool = 5
+
+; Configuration for the ldap server that is used for authentication, user
+; and group management
+[Ldap]
+host = 127.0.0.1
+port = 10389
+base = "dc=rubynas,dc=com"
+bind_dn = "cn=admin,dc=rubynas,dc=com"
+password = secret
+
+; Server related configuration
+[Server]
+; if syslog set to false it will be logged to stdout
+syslog = true
+; NOTHING HERE YET

data/sandbox/ldap/base.ldif

@@ -0,0 +1,50 @@
+# Based on: https://github.com/cschiewek/devise_ldap_authenticatable/blob/master/spec/ldap/base.ldif
+# ldapadd -x -h localhost -p 10389 -D "cn=admin,dc=rubynas,dc=com" -w secret -f base.ldif
+
+dn: dc=rubynas,dc=com
+objectClass: dcObject
+objectClass: organizationalUnit
+dc: rubynas
+ou: RubyNAS
+
+dn: ou=users,dc=rubynas,dc=com
+objectClass: organizationalUnit
+ou: Users
+
+dn: ou=groups,dc=rubynas,dc=com
+objectClass: organizationalUnit
+ou: Groups
+
+# user@rubynas.com, users, rubynas.com
+dn: cn=user@rubynas.com,ou=users,dc=rubynas,dc=com
+objectClass: inetOrgPerson
+sn: User
+uid: example_user
+mail: user@rubynas.com
+cn: user@rubynas.com
+userPassword:: e1NIQX01ZW42RzZNZXpScm9UM1hLcWtkUE9tWS9CZlE9
+
+# admin@rubynas.com, users, rubynas.com
+dn: cn=admin@rubynas.com,ou=users,dc=rubynas,dc=com
+objectClass: inetOrgPerson
+objectClass: organizationalPerson
+objectClass: person
+objectClass: top
+sn: Admin
+uid: example_admin
+cn: admin@rubynas.com
+userPassword:: e1NIQX01ZW42RzZNZXpScm9UM1hLcWtkUE9tWS9CZlE9
+
+# users, groups, rubynas.com
+dn: cn=users,ou=groups,dc=rubynas,dc=com
+objectClass: groupOfUniqueNames
+objectClass: top
+uniqueMember: cn=user@rubynas.com,ou=users,dc=rubynas,dc=com
+cn: users
+
+# users, groups, rubynas.com
+dn: cn=admins,ou=groups,dc=rubynas,dc=com
+objectClass: groupOfUniqueNames
+objectClass: top
+uniqueMember: cn=admin@rubynas.com,ou=users,dc=rubynas,dc=com
+cn: admins

data/sandbox/ldap/data/dc=rubynas,dc=com.ldif

@@ -0,0 +1,14 @@
+# AUTO-GENERATED FILE - DO NOT EDIT!! Use ldapmodify.
+# CRC32 a8b827f4
+dn: dc=rubynas
+objectClass: dcObject
+objectClass: organizationalUnit
+dc: rubynas
+ou: RubyNAS
+structuralObjectClass: organizationalUnit
+entryUUID: 8b7e538c-e33b-43b9-a7f9-09e167ddc29c
+creatorsName: cn=admin,dc=rubynas,dc=com
+createTimestamp: 20130302174143Z
+entryCSN: 20130302174143.742365Z#000000#000#000000
+modifiersName: cn=admin,dc=rubynas,dc=com
+modifyTimestamp: 20130302174143Z

data/sandbox/ldap/local.schema

@@ -0,0 +1,6 @@
+attributetype ( 1.1.2.2.5 NAME  'authorizationRole' SUP name )
+
+objectclass ( 1.1.2.2.1 NAME 'authorizations'
+        DESC 'mixin authorizations'
+        AUXILIARY
+        MAY authorizationRole )

data/sandbox/ldap/schema/README

@@ -0,0 +1,80 @@
+This directory contains user application schema definitions for use
+with slapd(8).
+
+File                    Description
+----                    -----------
+collective.schema       Collective attributes (experimental)
+corba.schema            Corba Object
+core.schema             OpenLDAP "core"
+cosine.schema           COSINE Pilot
+duaconf.schema          Client Configuration (work in progress)
+dyngroup.schema			Dynamic Group (experimental)
+inetorgperson.schema    InetOrgPerson
+java.schema             Java Object
+misc.schema             Miscellaneous Schema (experimental)
+nadf.schema             North American Directory Forum (obsolete)
+nis.schema              Network Information Service (experimental)
+openldap.schema         OpenLDAP Project (FYI)
+ppolicy.schema          Password Policy Schema (work in progress)
+
+Additional "generally useful" schema definitions can be submitted
+using the OpenLDAP Issue Tracking System <http://www.openldap.org/its/>.
+Submissions should include a stable reference to a mature, open
+technical specification (e.g., an RFC) for the schema.
+
+The core.ldif and openldap.ldif files are equivalent to their
+corresponding .schema files. They have been provided as examples
+for use with the dynamic configuration backend. These example files
+are not actually necessary since slapd will automatically convert any
+included *.schema files into LDIF when converting a slapd.conf file
+to a configuration database, but they serve as a model of how to
+convert schema files in general.
+
+---
+
+This notice applies to all files in this directory.
+
+Copyright 1998-2011 The OpenLDAP Foundation, Redwood City, California, USA
+All rights reserved.
+
+Redistribution and use in source and binary forms, with or without
+modification, are permitted only as authorized by the OpenLDAP
+Public License.  A copy of this license is available at
+http://www.OpenLDAP.org/license.html or in file LICENSE in the
+top-level directory of the distribution.
+
+---
+
+This notice applies to all schema in this directory which are derived
+from RFCs and other IETF documents.
+
+Portions Copyright 1991-2004, The Internet Society.  All Rights Reserved.
+
+This document and translations of it may be copied and furnished
+to others, and derivative works that comment on or otherwise explain
+it or assist in its implementation may be prepared, copied, published
+and distributed, in whole or in part, without restriction of any
+kind, provided that the above copyright notice and this paragraph  
+are included on all such copies and derivative works.  However,
+this document itself may not be modified in any way, such as by      
+removing the copyright notice or references to the Internet Society
+or other Internet organizations, except as needed for the  purpose
+of developing Internet standards in which case the procedures for
+copyrights defined in the Internet Standards process must be
+followed, or as required to translate it into languages other than
+English.
+
+The limited permissions granted above are perpetual and will not
+be revoked by the Internet Society or its successors or assigns.
+
+This document and the information contained herein is provided on
+an "AS IS" basis and THE AUTHORS, THE INTERNET SOCIETY, AND THE
+INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS
+OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE
+OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY       
+IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR
+PURPOSE.
+
+
+---
+$OpenLDAP$

data/sandbox/ldap/schema/apple.schema

@@ -0,0 +1,1727 @@
+#
+# Preliminary Apple OS X Native LDAP Schema
+# This file is subject to change.
+#
+
+#
+# Container structural object class.
+#
+#objectclass (
+#	1.2.840.113556.1.3.23
+#	NAME 'container'
+#	SUP top
+#	STRUCTURAL
+#	MUST ( cn ) )
+
+#
+# Time to live
+#
+attributetype (
+	1.3.6.1.4.1.250.1.60
+	NAME 'ttl'
+	EQUALITY integerMatch
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )
+
+objectclass (
+	1.3.6.1.4.1.250.3.18 
+	NAME 'cacheObject' 
+	AUXILIARY 
+	SUP top
+	DESC 'Auxiliary object class to hold TTL caching information'
+	MAY ( ttl ) )
+
+#
+# User attributes 1.3.6.1.4.1.63.1000.1.1.1.1
+#
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.1.6
+	NAME 'apple-user-homeurl'
+	DESC 'home directory URL'
+	EQUALITY caseExactIA5Match
+	SUBSTR caseExactIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.1.7
+	NAME 'apple-user-class'
+	DESC 'user class'
+	EQUALITY caseExactIA5Match
+	SUBSTR caseExactIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.1.8
+	NAME 'apple-user-homequota'
+	DESC 'home directory quota'
+	EQUALITY caseExactIA5Match
+	SUBSTR caseExactIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.1.9
+	NAME 'apple-user-mailattribute'
+	DESC 'mail attribute'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.1.10
+	NAME 'apple-mcxflags'
+	DESC 'mcx flags'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+#attributetype (
+#	1.3.6.1.4.1.63.1000.1.1.1.1.11
+#	NAME 'apple-mcxsettings'
+#	DESC 'mcx settings'
+#	EQUALITY caseExactMatch
+#	SUBSTR caseExactSubstringsMatch
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.1.16
+	NAME ( 'apple-mcxsettings' 'apple-mcxsettings2' )
+	DESC 'mcx settings'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.1.12
+	NAME 'apple-user-picture'
+	DESC 'picture'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.1.13
+	NAME 'apple-user-printattribute'
+	DESC 'print attribute'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.1.14
+	NAME 'apple-user-adminlimits'
+	DESC 'admin limits'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype (
+        1.3.6.1.4.1.63.1000.1.1.1.1.15
+        NAME 'apple-user-authenticationhint'
+        DESC 'password hint'
+        EQUALITY caseExactMatch
+        SUBSTR caseExactSubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.1.17
+	NAME 'apple-user-homesoftquota'
+	DESC 'home directory soft quota'
+	EQUALITY caseExactIA5Match
+	SUBSTR caseExactIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype (
+        1.3.6.1.4.1.63.1000.1.1.1.1.18
+        NAME 'apple-user-passwordpolicy'
+        DESC 'password policy options'
+        EQUALITY caseExactMatch
+        SUBSTR caseExactSubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.1.19
+	NAME ( 'apple-keyword' )
+	DESC 'keywords'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.1.20
+	NAME ( 'apple-generateduid' )
+	DESC 'generated unique ID'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.1.21
+	NAME ( 'apple-imhandle' )
+	DESC 'IM handle (service:account name)'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.1.22
+	NAME ( 'apple-webloguri' )
+	DESC 'Weblog URI'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE)
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.1.23
+	NAME ( 'apple-mapcoordinates' )
+	DESC 'Map Coordinates'
+	EQUALITY caseExactIA5Match
+	SUBSTR caseExactIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.1.24
+	NAME ( 'apple-postaladdresses' )
+	DESC 'Postal Addresses'
+	EQUALITY caseExactIA5Match
+	SUBSTR caseExactIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.1.25
+	NAME ( 'apple-phonecontacts' )
+	DESC 'Phone Contacts'
+	EQUALITY caseExactIA5Match
+	SUBSTR caseExactIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.1.26
+	NAME ( 'apple-emailcontacts' )
+	DESC 'EMail Contacts'
+	EQUALITY caseExactIA5Match
+	SUBSTR caseExactIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.1.27
+	NAME ( 'apple-birthday' )
+	DESC 'Birthday'
+	EQUALITY generalizedTimeMatch
+	SUBSTR caseExactIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.24 SINGLE-VALUE )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.1.28
+	NAME ( 'apple-relationships' )
+	DESC 'Relationships'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.1.29
+	NAME ( 'apple-company' )
+	DESC 'company'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.1.30
+	NAME ( 'apple-nickname' )
+	DESC 'nickname'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.1.31
+	NAME ( 'apple-mapuri' )
+	DESC 'Map URI'
+	EQUALITY caseExactIA5Match
+	SUBSTR caseExactIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.1.32
+	NAME ( 'apple-mapguid' )
+	DESC 'map GUID'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.1.33
+	NAME ( 'apple-serviceslocator' )
+	DESC 'Calendar Principal URI'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.1.34
+	NAME 'apple-organizationinfo'
+	DESC 'Originization Info data'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15  )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.1.35
+	NAME ( 'apple-namesuffix' )
+	DESC 'namesuffix'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.1.36
+	NAME ( 'apple-primarycomputerlist' )
+	DESC 'primary computer list'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype (
+        1.3.6.1.4.1.63.1000.1.1.1.1.37
+        NAME 'apple-user-passwordpolicy-effective'
+        DESC 'password effective policy options'
+        EQUALITY caseExactMatch
+        SUBSTR caseExactSubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+# Alternative to using homeDirectory from RFC 2307.
+#attributetype (
+#        1.3.6.1.4.1.63.1000.1.1.1.1.100
+#        NAME 'apple-user-homeDirectory'
+#        DESC 'The absolute path to the home directory'
+#        EQUALITY caseExactIA5Match
+#        SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+#
+# User object class.
+#
+objectclass (
+	1.3.6.1.4.1.63.1000.1.1.2.1
+	NAME 'apple-user'
+	SUP top
+	AUXILIARY
+	DESC 'apple user account'
+	MAY ( apple-user-homeurl $ apple-user-class $
+		apple-user-homequota $ apple-user-mailattribute $
+		apple-user-printattribute $ apple-mcxflags $
+		apple-mcxsettings $ apple-user-adminlimits $
+		apple-user-picture $ apple-user-authenticationhint $ 
+		apple-user-homesoftquota $ apple-user-passwordpolicy $
+		apple-keyword $ apple-generateduid $ apple-imhandle $ apple-webloguri $
+		authAuthority $ acctFlags $ pwdLastSet $ logonTime $ 
+		logoffTime $ kickoffTime $ homeDrive $ scriptPath $ 
+		profilePath $ userWorkstations $ smbHome $ rid $ 
+		primaryGroupID $ sambaSID $ sambaPrimaryGroupSID $ 
+		userCertificate $ userPKCS12 $ jpegPhoto $ apple-nickname $ apple-namesuffix $
+		apple-birthday $ apple-relationships $ apple-organizationinfo $
+		apple-phonecontacts $ apple-emailcontacts $ apple-postaladdresses $
+		apple-mapcoordinates $ apple-mapuri $ apple-mapguid $ apple-serviceslocator $
+		altSecurityIdentities ) )
+
+#
+# Group attributes 1.3.6.1.4.1.63.1000.1.1.1.14
+#
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.14.1
+	NAME 'apple-group-homeurl'
+	DESC 'group home url'
+	EQUALITY caseExactIA5Match
+	SUBSTR caseExactIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.14.2
+	NAME 'apple-group-homeowner'
+	DESC 'group home owner settings'
+	EQUALITY caseExactIA5Match
+	SUBSTR caseExactIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.14.5
+	NAME 'apple-group-realname'
+	DESC 'group real name'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+	
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.14.6
+	NAME 'apple-group-nestedgroup'
+	DESC 'group real name'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.14.7
+	NAME 'apple-group-memberguid'
+	DESC 'group real name'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.14.8
+	NAME 'apple-group-services'
+	DESC 'group services'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+# Alternative to using memberUid from RFC 2307.
+#attributetype (
+#	1.3.6.1.4.1.63.1000.1.1.1.14.1000
+#	NAME 'apple-group-memberUid'
+#	DESC 'group member list'
+#	EQUALITY caseExactIA5Match
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+# can also use OID 1.3.6.1.4.1.63.1000.1.1.2.1000
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.14.9
+	NAME ( 'apple-contactguid' )
+	DESC 'contact GUID'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.14.10
+	NAME ( 'apple-ownerguid' )
+	DESC 'owner GUID'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.14.11
+	NAME ( 'apple-primarycomputerguid' )
+	DESC 'primary computer GUID'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.14.12
+	NAME 'apple-group-expandednestedgroup'
+	DESC 'expanded nested group list'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.14.13
+	NAME 'apple-selfwrite'
+	DESC 'selfwrite flag'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.14.14
+	NAME 'apple-locale-relay'
+	DESC 'designated locale relay server for replication'
+	EQUALITY caseExactMatch 
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+	
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.14.15
+	NAME 'apple-locale-subnets'
+	DESC 'subnets associated with a locale'
+	EQUALITY caseExactMatch 
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+	
+#
+# Group auxiliary object class.
+#
+objectclass (
+	1.3.6.1.4.1.63.1000.1.1.2.14
+	NAME 'apple-group'
+	SUP top
+	AUXILIARY
+	DESC 'group account'
+	MAY ( apple-group-homeurl $
+	      apple-group-homeowner $
+	      apple-mcxflags $
+	      apple-mcxsettings $
+	      apple-group-realname $
+	      apple-user-picture $
+	      apple-keyword $
+	      apple-generateduid $
+	      apple-group-nestedgroup $
+	      apple-group-memberguid $
+	      mail $
+	      rid $
+	      sambaSID $
+	      ttl $
+	      jpegPhoto $
+	      apple-group-services $
+	      apple-contactguid $
+	      apple-ownerguid $
+	      labeledURI $
+		  apple-locale-relay $
+		  apple-locale-subnets $
+	      apple-serviceslocator ) )
+
+#
+# Machine attributes 1.3.6.1.4.1.63.1000.1.1.1.3
+#
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.3.8
+	NAME 'apple-machine-software'
+	DESC 'installed system software'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.3.9
+	NAME 'apple-machine-hardware'
+	DESC 'system hardware description'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributeType ( 
+	1.3.6.1.4.1.63.1000.1.1.1.3.10
+	NAME 'apple-machine-serves'
+	DESC 'NetInfo Domain Server Binding'
+	EQUALITY caseExactIA5Match
+	SUBSTR caseExactIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributeType ( 
+	1.3.6.1.4.1.63.1000.1.1.1.3.11
+	NAME 'apple-machine-suffix'
+	DESC 'DIT suffix'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributeType ( 
+	1.3.6.1.4.1.63.1000.1.1.1.3.12
+	NAME 'apple-machine-contactperson'
+	DESC 'Name of contact person/owner of this machine'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+#
+# for backward compatibility with directory-based schema from Tiger
+#
+
+attributeType (
+	1.3.6.1.4.1.63.1000.1.1.1.22.1
+	NAME 'attributeTypesConfig'
+	DESC 'RFC2252: attribute types'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+		
+attributeType (
+	1.3.6.1.4.1.63.1000.1.1.1.22.2
+	NAME 'objectClassesConfig'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+#
+# Machine auxiliary object class.
+#
+objectclass (
+	1.3.6.1.4.1.63.1000.1.1.2.3
+	NAME 'apple-machine'
+	SUP top
+	AUXILIARY
+	MAY ( apple-machine-software $
+	      apple-machine-hardware $
+	      apple-machine-serves $
+	      apple-machine-suffix $
+		  apple-machine-contactperson ) )
+
+#
+# Mount attributes 1.3.6.1.4.1.63.1000.1.1.1.8
+#
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.8.1
+	NAME 'mountDirectory'
+	DESC 'mount path'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.8.2
+	NAME 'mountType'
+	DESC 'mount VFS type'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.8.3
+	NAME 'mountOption'
+	DESC 'mount options'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.8.4
+	NAME 'mountDumpFrequency'
+	DESC 'mount dump frequency'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.8.5
+	NAME 'mountPassNo'
+	DESC 'mount passno'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+		
+# Alternative to using 'cn' when adding mount record schema to other LDAP servers
+#attributetype ( 
+#	1.3.6.1.4.1.63.1000.1.1.1.8.100
+#	NAME ( 'apple-mount-name' )
+#	DESC 'mount name'
+#	SUP name )
+
+#
+# Mount object 1.3.6.1.4.1.63.1000.1.1.2.8
+#
+objectclass (
+	1.3.6.1.4.1.63.1000.1.1.2.8
+	NAME 'mount'
+	SUP top STRUCTURAL
+	MUST ( cn )
+	MAY ( mountDirectory $
+	      mountType $
+	      mountOption $
+	      mountDumpFrequency $
+	      mountPassNo ) )
+
+#
+# Printer attributes 1.3.6.1.4.1.63.1000.1.1.1.9
+#
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.9.1
+	NAME 'apple-printer-attributes'
+	DESC 'printer attributes in /etc/printcap format'
+	EQUALITY caseIgnoreIA5Match
+	SUBSTR caseIgnoreIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.9.2
+	NAME 'apple-printer-lprhost'
+	DESC 'printer LPR host name'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.9.3
+	NAME 'apple-printer-lprqueue'
+	DESC 'printer LPR queue'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.9.4
+	NAME 'apple-printer-type'
+	DESC 'printer type'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.9.5
+	NAME 'apple-printer-note'
+	DESC 'printer note'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseIgnoreSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+#
+# Printer object 1.3.6.1.4.1.63.1000.1.1.2.9
+#
+objectclass (
+	1.3.6.1.4.1.63.1000.1.1.2.9
+	NAME 'apple-printer'
+	SUP top STRUCTURAL
+	MUST ( cn )
+	MAY ( apple-printer-attributes $
+	      apple-printer-lprhost $
+              apple-printer-lprqueue $
+              apple-printer-type $
+              apple-printer-note ) )
+
+#
+# Computer attributes 1.3.6.1.4.1.63.1000.1.1.1.10
+#
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.10.2
+	NAME 'apple-realname'
+	DESC 'real name'
+	EQUALITY caseIgnoreMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.10.3
+	NAME 'apple-networkview'
+	DESC 'Network view for the computer'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.10.4
+	NAME 'apple-category'
+	DESC 'Category for the computer or neighborhood'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.10.5
+	NAME 'apple-srv'
+	DESC 'List of services to advertize via srv records'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+	
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.10.6
+	NAME 'apple-primary-locale'
+	DESC 'primary locale for replication'
+	EQUALITY caseExactMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )	
+	
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.10.7
+	NAME 'apple-parentlocales'
+	DESC 'parent locale'
+	EQUALITY caseExactMatch 
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+	
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.10.8
+	NAME 'apple-networkinterfaces'
+	DESC 'list of available network interfaces'
+	EQUALITY caseExactMatch 
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )	
+	
+#
+# Computer list attributes 1.3.6.1.4.1.63.1000.1.1.1.11
+#
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.11.3
+	NAME 'apple-computers'
+	DESC 'computers'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype (
+        1.3.6.1.4.1.63.1000.1.1.1.11.4
+        NAME 'apple-computer-list-groups'
+        DESC 'groups'
+        EQUALITY caseExactMatch
+        SUBSTR caseExactSubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+#
+# XML plist attribute 1.3.6.1.4.1.63.1000.1.1.1.17.1
+#
+attributetype (
+        1.3.6.1.4.1.63.1000.1.1.1.17.1
+        NAME 'apple-xmlplist'
+        DESC 'XML plist data'
+        EQUALITY caseExactMatch
+        SUBSTR caseExactSubstringsMatch
+        SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+#
+# Service URL attributes 1.3.6.1.4.1.63.1000.1.1.1.19.2
+#
+attributetype (
+       1.3.6.1.4.1.63.1000.1.1.1.19.2
+       NAME 'apple-service-url'
+       DESC 'URL of service'
+       EQUALITY caseExactIA5Match
+       SUBSTR caseExactIA5SubstringsMatch
+       SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+#
+# Service Info attributes 1.3.6.1.4.1.63.1000.1.1.1.19.6
+#
+attributetype (
+		1.3.6.1.4.1.63.1000.1.1.1.19.6
+		NAME 'apple-serviceinfo'
+		DESC 'service related information'
+		EQUALITY caseExactMatch
+		SUBSTR caseExactSubstringsMatch
+		SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype (
+		1.3.6.1.4.1.63.1000.1.1.1.19.7
+		NAME 'apple-hwuuid'
+		DESC 'Hardware uuid of computer'
+		EQUALITY caseExactMatch
+		SUBSTR caseExactSubstringsMatch
+		SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype (
+		1.3.6.1.4.1.63.1000.1.1.1.19.8
+		NAME 'apple-ldap-serverid'
+		DESC 'ID used by LDAP'
+		EQUALITY integerMatch
+		SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 SINGLE-VALUE )
+
+#
+# Computer object 1.3.6.1.4.1.63.1000.1.1.2.10
+#
+objectclass (
+	1.3.6.1.4.1.63.1000.1.1.2.10
+	NAME 'apple-computer'
+	DESC 'computer'
+	SUP top STRUCTURAL
+	MUST ( cn )
+	MAY ( apple-realname $
+	      description $
+	      macAddress $
+		  apple-category $
+	      apple-computer-list-groups $
+	      apple-keyword $
+	      apple-mcxflags $
+	      apple-mcxsettings $
+		  apple-networkview $
+		  apple-xmlplist $
+		  apple-service-url $
+		  apple-serviceinfo $
+		  apple-serviceslocator $
+  	      apple-primarycomputerlist $
+	      apple-ldap-serverid $
+	      authAuthority $
+		  uidNumber $ gidNumber $ apple-generateduid $ ttl $
+	      acctFlags $ pwdLastSet $ logonTime $
+	      logoffTime $ kickoffTime $ rid $ primaryGroupID $
+		  sambaSID $ sambaPrimaryGroupSID $
+		  owner $ apple-ownerguid $ apple-contactguid $
+		  ipHostNumber $ bootFile $ apple-hwuuid $ apple-srv $ 
+		  apple-primary-locale $ apple-parentlocales $ 
+		  apple-networkinterfaces $ userCertificate $ userPKCS12) )
+
+#
+# Computer list object 1.3.6.1.4.1.63.1000.1.1.2.11
+#
+objectclass (
+	1.3.6.1.4.1.63.1000.1.1.2.11
+	NAME 'apple-computer-list'
+	DESC 'computer list'
+	SUP top STRUCTURAL
+	MUST ( cn )
+	MAY ( apple-mcxflags $
+	      apple-mcxsettings $
+	      apple-computer-list-groups $
+	      apple-computers $
+	      apple-generateduid $
+	      apple-keyword ) )
+
+#
+# Configuration attributes 1.3.6.1.4.1.63.1000.1.1.1.12
+#
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.12.1
+	NAME 'apple-password-server-location'
+	DESC 'password server location'
+	EQUALITY caseExactIA5Match
+	SUBSTR caseExactIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.12.2
+	NAME 'apple-data-stamp'
+	DESC 'data stamp'
+	EQUALITY caseExactIA5Match
+	SUBSTR caseExactIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.12.3
+	NAME 'apple-config-realname'
+	DESC 'config real name'
+	EQUALITY caseExactIA5Match
+	SUBSTR caseExactIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.12.4
+	NAME 'apple-password-server-list'
+	DESC 'password server replication plist'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.12.5
+	NAME 'apple-ldap-replica'
+	DESC 'LDAP replication list'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.12.6
+	NAME 'apple-ldap-writable-replica'
+	DESC 'LDAP writable replication list'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.12.7
+	NAME 'apple-kdc-authkey'
+	DESC 'KDC master key RSA encrypted with realm public key'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.12.8
+	NAME 'apple-kdc-configdata'
+	DESC 'Contents of the kdc.conf file'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.12.9
+	NAME 'apple-last-serverid'
+	DESC 'Last serverID used'
+	EQUALITY integerMatch
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.27'
+	SINGLE-VALUE )
+
+#
+# Configuration object 1.3.6.1.4.1.63.1000.1.1.2.12
+#
+objectclass (
+	1.3.6.1.4.1.63.1000.1.1.2.12
+	NAME 'apple-configuration'
+	DESC 'configuration'
+	SUP top STRUCTURAL 
+	MAY ( cn $ apple-config-realname $ 
+		apple-data-stamp $ apple-password-server-location $
+		apple-password-server-list $ apple-ldap-replica $
+		apple-ldap-writable-replica $ apple-keyword $
+		apple-kdc-authkey $ apple-kdc-configdata $ apple-xmlplist $ ttl $
+		apple-last-serverid ) )
+
+#
+# Preset computer list object class.
+#
+objectclass (
+	1.3.6.1.4.1.63.1000.1.1.2.13
+	NAME 'apple-preset-computer-list'
+	DESC 'preset computer list'
+	SUP top STRUCTURAL
+	MUST ( cn )
+	MAY ( apple-mcxflags $
+	      apple-mcxsettings $
+	      apple-computer-list-groups $
+	      apple-keyword ) )
+#
+# Preset computer object class.
+# 
+
+objectclass (
+	1.3.6.1.4.1.63.1000.1.1.2.25
+	NAME 'apple-preset-computer'
+	DESC 'preset computer'
+	SUP top STRUCTURAL
+	MUST ( cn )
+	MAY ( apple-mcxflags $
+	      apple-mcxsettings $
+		  apple-computer-list-groups $
+	      apple-primarycomputerlist $
+		  description $
+		  apple-networkview $
+	      apple-keyword ) )
+#
+# Preset computer group object class.
+#AttributeTypes: 
+objectclass (
+	1.3.6.1.4.1.63.1000.1.1.2.26
+	NAME 'apple-preset-computer-group'
+	DESC 'preset computer group'
+	SUP top STRUCTURAL
+	MUST ( cn )
+	MAY ( gidNumber $
+	      memberUID $
+		  apple-mcxflags $
+	      apple-mcxsettings $
+		  apple-group-nestedgroup $
+		  description $
+	      jpegPhoto $
+	      apple-keyword ) )
+
+#
+# Preset group object 1.3.6.1.4.1.63.1000.1.1.3.14
+#
+objectclass (
+	1.3.6.1.4.1.63.1000.1.1.3.14
+	NAME 'apple-preset-group'
+	DESC 'preset group'
+	SUP top STRUCTURAL
+	MUST ( cn )
+	MAY ( memberUid $
+	      gidNumber $
+	      description $
+	      apple-group-homeurl $
+	      apple-group-homeowner $
+	      apple-mcxflags $
+	      apple-mcxsettings $
+	      apple-group-realname $
+	      apple-keyword $
+	      apple-group-nestedgroup $
+	      apple-group-memberguid $
+	      ttl $
+	      jpegPhoto $
+	      apple-group-services $
+	      labeledURI $
+	      apple-serviceslocator ) )
+
+#
+# Preset user object attributes 1.3.6.1.4.1.63.1000.1.1.1.15
+#
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.15.1
+	NAME 'apple-preset-user-is-admin'
+	DESC 'flag indicating whether the preset user is an administrator'
+	EQUALITY caseExactIA5Match
+	SUBSTR caseExactIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 SINGLE-VALUE )
+
+#
+# Preset user object 1.3.6.1.4.1.63.1000.1.1.2.15
+#
+objectclass (
+	1.3.6.1.4.1.63.1000.1.1.2.15
+	NAME 'apple-preset-user'
+	DESC 'preset user'
+	SUP top STRUCTURAL
+	MUST ( cn )
+	MAY ( uid $
+	      memberUid $
+	      gidNumber $
+	      homeDirectory $
+	      apple-user-homeurl $
+	      apple-user-homequota $
+	      apple-user-homesoftquota $
+	      apple-user-mailattribute $
+	      apple-user-printattribute $
+	      apple-mcxflags $
+	      apple-mcxsettings $
+	      apple-user-adminlimits $
+	      apple-user-passwordpolicy $
+	      userPassword $
+	      apple-user-picture $
+	      apple-keyword $
+	      loginShell $
+	      description $
+	      shadowLastChange $
+	      shadowExpire $
+	      authAuthority $
+	      homeDrive $ scriptPath $ profilePath $ smbHome $
+	      apple-preset-user-is-admin $
+	      jpegPhoto $
+	      apple-relationships $ apple-phonecontacts $ apple-emailcontacts $ apple-postaladdresses $ apple-mapcoordinates $
+	      apple-serviceslocator ) )
+
+#
+# Authentication authority attribute 1.3.6.1.4.1.63.1000.1.1.2.16.1
+#
+#attributetype (
+#	1.3.6.1.4.1.63.1000.1.1.2.16.1
+#	NAME 'authAuthority'
+#	DESC 'password server authentication authority'
+#	EQUALITY caseExactIA5Match
+#	SUBSTR caseExactIA5SubstringsMatch
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+#attributetype (
+#	1.3.6.1.4.1.63.1000.1.1.2.16.2
+#	NAME ( 'authAuthority' 'authAuthority2' )
+#	DESC 'password server authentication authority'
+#	EQUALITY caseExactMatch
+#	SUBSTR caseExactSubstringsMatch
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+#
+# Authentication authority object 1.3.6.1.4.1.63.1000.1.1.2.16
+#
+objectclass (
+	1.3.6.1.4.1.63.1000.1.1.2.16
+	NAME 'authAuthorityObject'
+	SUP top AUXILIARY
+	MAY ( authAuthority ) )
+
+#
+# Server Assistant configuration object 1.3.6.1.4.1.63.1000.1.1.2.17
+#
+objectclass (
+	1.3.6.1.4.1.63.1000.1.1.2.17
+	NAME 'apple-serverassistant-config'
+	SUP top STRUCTURAL
+	MUST ( cn )
+	MAY ( apple-xmlplist ) )
+
+#
+# Location object attributes 1.3.6.1.4.1.63.1000.1.1.1.18
+#
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.18.1
+	NAME 'apple-dns-domain'
+	DESC 'DNS domain'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.18.2
+	NAME 'apple-dns-nameserver'
+	DESC 'DNS name server list'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+#
+# Location object 1.3.6.1.4.1.63.1000.1.1.2.18
+#
+objectclass (
+	1.3.6.1.4.1.63.1000.1.1.2.18
+	NAME 'apple-location'
+	SUP top AUXILIARY
+	MUST ( cn )
+	MAY ( apple-dns-domain $ apple-dns-nameserver ) )
+	
+#
+# Service object attributes 1.3.6.1.4.1.63.1000.1.1.1.19
+#
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.19.1
+	NAME 'apple-service-type'
+	DESC 'type of service'
+	EQUALITY caseExactIA5Match
+	SUBSTR caseExactIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+#attributetype (
+#	1.3.6.1.4.1.63.1000.1.1.1.19.2
+#	NAME 'apple-service-url'
+#	DESC 'URL of service'
+#	EQUALITY caseExactIA5Match
+#	SUBSTR caseExactIA5SubstringsMatch
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.19.3
+	NAME 'apple-service-port'
+	DESC 'Service port number'
+	EQUALITY integerMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.27 )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.19.4
+	NAME 'apple-dnsname'
+	DESC 'DNS name'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+	
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.19.5
+	NAME 'apple-service-location'
+	DESC 'Service location'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+#
+# Service object 1.3.6.1.4.1.63.1000.1.1.2.19
+#
+objectclass (
+	1.3.6.1.4.1.63.1000.1.1.2.19
+	NAME 'apple-service'
+	SUP top STRUCTURAL
+	MUST ( cn $ 
+	       apple-service-type )
+	MAY ( ipHostNumber $ 
+	      description $
+		  apple-service-location $
+		  apple-service-url $
+		  apple-service-port $
+		  apple-dnsname $
+		  apple-keyword ) )
+
+#
+# Neighborhood object attributes 1.3.6.1.4.1.63.1000.1.1.1.20
+#
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.20.1
+	NAME 'apple-nodepathxml'
+	DESC 'XML plist of directory node path'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.20.2
+	NAME 'apple-neighborhoodalias'
+	DESC 'XML plist referring to another neighborhood record'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.20.3
+	NAME 'apple-computeralias'
+	DESC 'XML plist referring to a computer record'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+#
+# Neighborhood object 1.3.6.1.4.1.63.1000.1.1.2.20
+#
+objectclass (
+	1.3.6.1.4.1.63.1000.1.1.2.20
+	NAME 'apple-neighborhood'
+	SUP top STRUCTURAL
+	MUST ( cn )
+	MAY ( description $
+	      apple-generateduid $
+	      apple-category $
+	      apple-nodepathxml $
+	      apple-neighborhoodalias $
+	      apple-computeralias $
+	      apple-keyword $
+	      apple-realname $
+	      apple-xmlplist $
+	      ttl ) )
+
+#
+# ACL object attributes 1.3.6.1.4.1.63.1000.1.1.1.21
+#
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.21.1
+	NAME 'apple-acl-entry'
+	DESC 'acl entry'
+	EQUALITY caseExactMatch
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+
+#
+# ACL object 1.3.6.1.4.1.63.1000.1.1.2.21
+#
+objectclass (
+	1.3.6.1.4.1.63.1000.1.1.2.21
+	NAME 'apple-acl'
+	SUP top STRUCTURAL
+	MUST ( cn $ 
+	       apple-acl-entry ) )
+		   
+#
+# Schema attributes 1.3.6.1.4.1.63.1000.1.1.1.22
+#
+#attributetype (
+#	1.3.6.1.4.1.63.1000.1.1.1.22.1
+#	NAME 'attributeTypesConfig'
+#	DESC 'attribute type configuration'
+#	EQUALITY objectIdentifierFirstComponentMatch
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.3 )
+
+#attributetype (
+#	1.3.6.1.4.1.63.1000.1.1.1.22.2
+#	NAME 'objectClassesConfig'
+#	DESC 'object class configuration'
+#	EQUALITY objectIdentifierFirstComponentMatch
+#	SYNTAX 1.3.6.1.4.1.1466.115.121.1.37 )
+
+#
+# Resource attributes 1.3.6.1.4.1.63.1000.1.1.1.23
+#
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.23.1
+	NAME 'apple-resource-type'
+	DESC 'resource type'
+	EQUALITY caseExactIA5Match
+	SUBSTR caseExactIA5SubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.26 )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.23.2
+	NAME 'apple-resource-info'
+	DESC 'resource info'
+	EQUALITY caseExactMatch 
+	SUBSTR caseExactSubstringsMatch
+	SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+attributetype (
+	1.3.6.1.4.1.63.1000.1.1.1.23.3
+	NAME 'apple-capacity'
+	DESC 'capacity'
+	EQUALITY integerMatch
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.27' SINGLE-VALUE )
+
+#
+# Resource object 1.3.6.1.4.1.63.1000.1.1.2.23
+#
+
+objectclass (
+	1.3.6.1.4.1.63.1000.1.1.2.23
+	NAME 'apple-resource'
+	SUP top STRUCTURAL
+	MUST ( cn )
+	MAY ( 	apple-realname $ description $ jpegPhoto $ apple-keyword $
+			apple-generateduid $ apple-contactguid $ apple-ownerguid $ 
+			apple-resource-info $ apple-resource-type $ apple-capacity $ 	
+			labeledURI $  apple-mapuri $ apple-serviceslocator $ apple-phonecontacts $
+			c $ apple-mapguid $ apple-mapcoordinates $ apple-xmlplist ) )
+
+#
+# Augment object 1.3.6.1.4.1.63.1000.1.1.2.24
+#
+
+objectclass (
+        1.3.6.1.4.1.63.1000.1.1.2.24
+        NAME 'apple-augment'
+        SUP top
+        STRUCTURAL
+        MUST ( cn ) )
+
+attributetype ( 
+			1.3.6.1.1.1.1.31 
+			NAME 'automountMapName'
+            DESC 'automount Map Name'
+            EQUALITY caseExactMatch
+            SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+            SINGLE-VALUE )
+
+attributetype ( 
+			1.3.6.1.1.1.1.32 
+			NAME 'automountKey'
+            DESC 'Automount Key value'
+            EQUALITY caseExactMatch
+            SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+            SINGLE-VALUE )
+
+attributetype ( 
+			1.3.6.1.1.1.1.33 
+			NAME 'automountInformation'
+            DESC 'Automount information'
+            EQUALITY caseExactMatch
+            SYNTAX 1.3.6.1.4.1.1466.115.121.1.15
+            SINGLE-VALUE )
+
+objectclass ( 
+			1.3.6.1.1.1.2.16 
+			NAME 'automountMap' 
+			SUP top STRUCTURAL
+            MUST ( automountMapName )
+            MAY description )
+
+objectclass ( 
+			1.3.6.1.1.1.2.17 
+			NAME 'automount' 
+			SUP top STRUCTURAL
+            DESC 'Automount'
+            MUST ( automountKey $ automountInformation )
+            MAY description )
+
+#
+# Apple User Info object 1.3.6.1.4.1.63.1000.1.1.2.27
+#
+
+objectclass (
+	1.3.6.1.4.1.63.1000.1.1.2.27
+	NAME 'apple-user-info'
+	SUP top STRUCTURAL
+	MAY ( 	apple-namesuffix $ apple-phonecontacts $ apple-emailcontacts $ apple-postaladdresses $
+			telephoneNumber $ mobile $ facsimileTelephoneNumber $ pager $
+			l $ st $ c $ postalCode $ postalAddress $ street $
+			apple-imhandle $ loginShell $ jpegPhoto $ apple-user-picture $ description $ userCertificate $ userPKCS12) )
+
+#
+# Apple Computer Info object 1.3.6.1.4.1.63.1000.1.1.2.31
+#
+
+objectclass (
+	1.3.6.1.4.1.63.1000.1.1.2.31
+	NAME 'apple-computer-info'
+	SUP top STRUCTURAL
+	MAY (   apple-serviceinfo $ apple-serviceslocator $ apple-keyword $ userCertificate $ userPKCS12) )
+
+
+## Schema elements for PWS records in LDAP
+## Proposed schema elements for PWS records in LDAP
+# Last login time.
+attributetype ( 1.3.6.1.1.1.1.35
+  NAME 'lastLoginTime'
+  EQUALITY generalizedTimeMatch
+  SYNTAX '1.3.6.1.4.1.1466.115.121.1.24'
+  SINGLE-VALUE )
+
+# Time of last password change.
+attributetype ( 1.3.6.1.1.1.1.36
+  NAME 'passwordModDate'
+  EQUALITY generalizedTimeMatch
+  SYNTAX '1.3.6.1.4.1.1466.115.121.1.24'
+  SINGLE-VALUE )
+
+# User's authdata GUID, this is essentially the PWS slotid
+attributetype ( 1.3.6.1.1.1.1.37
+  NAME 'authGUID'
+  EQUALITY caseIgnoreMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+# Running tally of login failures.
+attributetype ( 1.3.6.1.1.1.1.38
+  NAME 'loginFailedAttempts'
+  EQUALITY integerMatch
+  SYNTAX '1.3.6.1.4.1.1466.115.121.1.27'
+  SINGLE-VALUE )
+
+# Links the authdata record to the user record
+attributetype ( 1.3.6.1.1.1.1.39
+  NAME 'userLinkage'
+  EQUALITY caseIgnoreMatch
+  SUBSTR caseIgnoreSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 SINGLE-VALUE )
+
+# String containing the reason for disabling.
+attributetype ( 1.3.6.1.1.1.1.40
+  NAME 'disableReason'
+  EQUALITY caseIgnoreMatch
+  SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
+  SINGLE-VALUE )
+
+# The following are attributes storing the secrets for each auth type
+attributetype ( 1.3.6.1.1.1.1.42
+  NAME 'cmusaslsecretSMBNT'
+  EQUALITY octetStringMatch
+  SYNTAX '1.3.6.1.4.1.1466.115.121.1.40'
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.43
+  NAME 'cmusaslsecretSMBLM'
+  EQUALITY octetStringMatch
+  SYNTAX '1.3.6.1.4.1.1466.115.121.1.40'
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.44
+  NAME 'cmusaslsecretDIGEST-MD5'
+  EQUALITY octetStringMatch
+  SYNTAX '1.3.6.1.4.1.1466.115.121.1.40'
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.45
+  NAME 'cmusaslsecretCRAM-MD5'
+  EQUALITY octetStringMatch
+  SYNTAX '1.3.6.1.4.1.1466.115.121.1.40'
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.46
+  NAME 'cmusaslsecretPPS'
+  EQUALITY octetStringMatch
+  SYNTAX '1.3.6.1.4.1.1466.115.121.1.40'
+  SINGLE-VALUE )
+
+# The realm name and principal name are stored in the "secrets" area for
+# the kerberos auth types.  These may be unnecessary after the Heimdal transition.
+attributetype ( 1.3.6.1.1.1.1.47
+  NAME 'KerberosRealmName'
+  EQUALITY caseIgnoreMatch
+  SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.48
+  NAME 'KerberosPrincName'
+  EQUALITY caseIgnoreMatch
+  SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
+  SINGLE-VALUE )
+
+# User password, stored DES encrypted for obfuscation.
+attributetype ( 1.3.6.1.1.1.1.49
+  NAME 'password'
+  EQUALITY octetStringMatch
+  SYNTAX '1.3.6.1.4.1.1466.115.121.1.40'
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.50
+  NAME 'adminGroups'
+  SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
+  SINGLE-VALUE )
+
+# DIGEST-MD5 hash with username, sasl realm, password
+attributetype ( 1.3.6.1.1.1.1.51
+  NAME 'cmusaslsecretDIGEST-UMD5'
+  EQUALITY octetStringMatch
+  SYNTAX '1.3.6.1.4.1.1466.115.121.1.40'
+  SINGLE-VALUE )
+
+# Time the user was created.
+attributetype ( 1.3.6.1.1.1.1.55
+  NAME 'creationDate'
+	EQUALITY generalizedTimeMatch
+  SYNTAX '1.3.6.1.4.1.1466.115.121.1.24'
+  SINGLE-VALUE )
+
+# History data
+attributetype ( 1.3.6.1.1.1.1.56
+  NAME 'historyData'
+  EQUALITY octetStringMatch
+  SYNTAX '1.3.6.1.4.1.1466.115.121.1.40'
+  SINGLE-VALUE )
+
+# Krb schema 
+attributetype ( 1.3.6.1.1.1.1.86
+  NAME 'draft-krbPrincipalName'
+  DESC 'Canonical principal name'
+  EQUALITY caseExactIA5Match
+  SUBSTR caseExactSubstringsMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.26
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.87
+  NAME 'draft-krbRealmName'
+  EQUALITY octetStringMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+  
+attributetype ( 1.3.6.1.1.1.1.88
+  NAME 'draft-krbPrincipalAliases'
+  SUP draft-krbPrincipalName )
+  
+attributetype ( 1.3.6.1.1.1.1.89
+  NAME 'draft-krbTicketMaxLife'
+  EQUALITY integerMatch
+  ORDERING integerOrderingMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE )
+  
+attributetype ( 1.3.6.1.1.1.1.90
+  NAME 'draft-krbTicketMaxRenewal'
+  EQUALITY integerMatch
+  ORDERING integerOrderingMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE )
+  
+attributetype ( 1.3.6.1.1.1.1.91
+  NAME 'draft-krbEncSaltTypes'
+  EQUALITY caseIgnoreMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+	
+attributetype ( 1.3.6.1.1.1.1.92
+  NAME 'draft-krbKeySet'
+  EQUALITY octetStringMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 ) 
+
+attributetype ( 1.3.6.1.1.1.1.93
+  NAME 'draft-krbKeyVersion'
+  EQUALITY integerMatch
+  ORDERING integerOrderingMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE )
+  
+attributetype ( 1.3.6.1.1.1.1.94
+  NAME 'draft-krbPrincipalRealm'
+  DESC 'DN of krbRealm entry'
+  SUP distinguishedName )
+
+attributetype ( 1.3.6.1.1.1.1.95
+  NAME 'draft-krbTicketPolicy'
+  EQUALITY integerMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.27
+  SINGLE-VALUE )
+  
+attributetype ( 1.3.6.1.1.1.1.96
+  NAME 'draft-krbExtraData'
+  EQUALITY octetStringMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.40 )
+
+attributetype ( 1.3.6.1.1.1.1.98
+  NAME 'draft-krbPrincipalACL'
+  EQUALITY integerMatch
+  SYNTAX '1.3.6.1.4.1.1466.115.121.1.27'
+  SINGLE-VALUE )
+  
+attributetype ( 1.3.6.1.1.1.1.97
+  NAME 'crschallenge'
+  EQUALITY caseIgnoreMatch
+  SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
+  SINGLE-VALUE )
+  
+#  multivalued attribute to store computer account owner GUID.
+attributetype ( 1.3.6.1.1.1.1.103
+  NAME 'ownerGUIDList'
+  DESC 'computer account owner GUID'
+  EQUALITY caseIgnoreMatch
+  SYNTAX 1.3.6.1.4.1.1466.115.121.1.15 )
+   
+# objectclass representing a user/slot.
+# uid is the shortname of the user as stored in PWS.
+# apple-generateduid is intended to match the user's UID.  Currently unpopulated
+objectclass (
+	1.3.6.1.4.1.63.1000.1.1.2.28
+  NAME 'pwsAuthdata'
+  STRUCTURAL
+  MUST ( authGUID )
+  MAY ( uid $ authGUID $ passwordModDate $ lastLoginTime $ loginFailedAttempts $
+        disableReason $ apple-user-passwordpolicy $ adminGroups $ cmusaslsecretSMBNT $
+		 cmusaslsecretSMBLM $ cmusaslsecretDIGEST-MD5 $ cmusaslsecretCRAM-MD5 $ cmusaslsecretPPS $
+		 KerberosRealmName $ KerberosPrincName $ password $ creationDate $ historyData $
+		 draft-krbPrincipalName $ draft-krbRealmName $ draft-krbPrincipalAliases $
+		 draft-krbTicketMaxLife $ draft-krbTicketMaxRenewal $ draft-krbEncSaltTypes $
+		 draft-krbKeySet $ draft-krbKeyVersion $ draft-krbPrincipalRealm $ draft-krbTicketPolicy $ 
+         draft-krbExtraData $ draft-krbPrincipalACL $ crschallenge $ userLinkage $
+		 cmusaslsecretDIGEST-UMD5 $ ownerGUIDList ) )
+
+# Multi valued attribute to store the names of auth methods considered "weak"
+# "weak" auth methods are not allowed to be used for some privileged operations
+attributetype ( 1.3.6.1.1.1.1.76
+      NAME 'weakAuthMethod'
+      EQUALITY caseIgnoreMatch
+      SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+# object class storing global policy and weak auth methods.
+objectclass (
+	1.3.6.1.4.1.63.1000.1.1.2.29
+  NAME 'pwPolicy'
+  STRUCTURAL
+  MUST ( cn )
+  MAY ( apple-user-passwordpolicy $ weakAuthMethod ) )
+
+# PWS' private key.  Stored in authdata container for security.
+attributetype ( 1.3.6.1.1.1.1.77
+  NAME 'PWSPrivateKey'
+  EQUALITY octetStringMatch
+  SYNTAX '1.3.6.1.4.1.1466.115.121.1.40'
+  SINGLE-VALUE )
+
+attributetype ( 1.3.6.1.1.1.1.78
+   NAME 'PWSPublicKey'
+   EQUALITY caseIgnoreMatch
+   SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
+   SINGLE-VALUE )
+
+# Allow storing the PWS private key in the root of the container, cn=config style
+objectclass (
+	1.3.6.1.4.1.63.1000.1.1.2.30
+  NAME 'pwAuthData'
+  SUP container
+  MAY ( PWSPrivateKey $ PWSPublicKey ) )
+
+
+# Allow storing certificate request information
+
+attributetype (	1.3.6.1.1.1.1.79
+	NAME 'apple-transactionID'
+	EQUALITY caseIgnoreMatch
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
+	SINGLE-VALUE )
+
+attributetype (	1.3.6.1.1.1.1.80
+	NAME 'apple-pkiStatus'
+	EQUALITY integerMatch
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.27'
+	SINGLE-VALUE )
+
+attributetype (	1.3.6.1.1.1.1.81
+	NAME 'apple-failInfo'
+	EQUALITY integerMatch
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.27'
+	SINGLE-VALUE )
+
+attributetype (	1.3.6.1.1.1.1.82
+	NAME 'apple-certificateSigningRequest'
+	EQUALITY certificateExactMatch
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.8'
+	SINGLE-VALUE )
+
+attributetype (	1.3.6.1.1.1.1.83
+	NAME 'apple-device-guid'
+	EQUALITY caseIgnoreMatch
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
+	SINGLE-VALUE )
+
+attributetype (	1.3.6.1.1.1.1.84
+	NAME 'apple-issuer'
+	EQUALITY caseIgnoreMatch
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
+	SINGLE-VALUE )
+
+attributetype (	1.3.6.1.1.1.1.85
+	NAME 'apple-serialNumber'
+	EQUALITY caseIgnoreMatch
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15'
+	SINGLE-VALUE )
+	
+attributetype (	1.3.6.1.1.1.1.99
+	NAME 'apple-revocationReason'
+	EQUALITY integerMatch
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.27'
+	SINGLE-VALUE )
+
+attributetype (	1.3.6.1.1.1.1.100
+	NAME 'apple-revocationDate'
+	EQUALITY generalizedTimeMatch
+        SYNTAX '1.3.6.1.4.1.1466.115.121.1.24'
+        SINGLE-VALUE )
+
+attributetype (	1.3.6.1.1.1.1.101
+	NAME 'apple-validNotBefore'
+	EQUALITY generalizedTimeMatch
+        SYNTAX '1.3.6.1.4.1.1466.115.121.1.24'
+        SINGLE-VALUE )
+
+attributetype (	1.3.6.1.1.1.1.102
+	NAME 'apple-validNotAfter'
+	EQUALITY generalizedTimeMatch
+        SYNTAX '1.3.6.1.4.1.1466.115.121.1.24'
+        SINGLE-VALUE )
+
+objectclass (
+	1.3.6.1.4.1.63.1000.1.1.2.33
+	NAME 'apple-certificateRequestInfo'
+	SUP top STRUCTURAL
+	MUST ( apple-transactionID $ apple-pkiStatus )
+	MAY ( apple-failInfo $ apple-issuer $ apple-serialNumber $ 
+              userCertificate $ apple-certificateSigningRequest $ apple-device-guid $ 
+              apple-xmlplist $ apple-revocationReason $ apple-revocationDate $
+              apple-validNotBefore $ apple-validNotAfter ) )
+
+attributetype (	1.3.6.1.1.1.1.104
+	NAME 'apple-enabled-auth-mech'
+	DESC 'Enabled auth mechs'
+	EQUALITY caseIgnoreMatch
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )
+
+attributetype (	1.3.6.1.1.1.1.105
+	NAME 'apple-disabled-auth-mech'
+	DESC 'Disabled auth mechs'
+	EQUALITY caseIgnoreMatch
+	SYNTAX '1.3.6.1.4.1.1466.115.121.1.15' )