From 93d48cfc60b7e62d2de05ca13e3a0ef6522c38d5 Mon Sep 17 00:00:00 2001
From: "Todd C. Miller" <Todd.Miller@courtesan.com>
Date: Mon, 14 Jun 2010 10:20:41 -0400
Subject: [PATCH] Updates from Alain Roy to provide better examples for
 importing the schema and to fix problems caused by Windows validating
 attributes which have not yet been added before committing the changes.

---
 doc/schema.ActiveDirectory | 367 ++++++++++++++++++++-----------------
 1 file changed, 195 insertions(+), 172 deletions(-)

diff --git a/doc/schema.ActiveDirectory b/doc/schema.ActiveDirectory
index 60f70bc1c..4b87e054e 100644
--- a/doc/schema.ActiveDirectory
+++ b/doc/schema.ActiveDirectory
@@ -1,172 +1,195 @@
-#
-# Active Directory Schema for sudo configuration (sudoers)
-#
-# To extend your Active Directory schema, run the following command
-# on your Windows DC:
-#
-#  ldifde -i -f schema.ActiveDirectory -c dc=X dc=YOURDOMAIN,DC=COM
-#
-
-dn: CN=sudoUser,CN=Schema,CN=Configuration,DC=X
-changetype: add
-objectClass: top
-objectClass: attributeSchema
-cn: sudoUser
-distinguishedName: CN=sudoUser,CN=Schema,CN=Configuration,DC=X
-instanceType: 4
-attributeID: 1.3.6.1.4.1.15953.9.1.1
-attributeSyntax: 2.5.5.5
-isSingleValued: FALSE
-showInAdvancedViewOnly: TRUE
-adminDisplayName: sudoUser
-adminDescription: User(s) who may run sudo
-oMSyntax: 22
-searchFlags: 1
-lDAPDisplayName: sudoUser
-name: sudoUser
-schemaIDGUID:: JrGcaKpnoU+0s+HgeFjAbg==
-objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
-
-dn: CN=sudoHost,CN=Schema,CN=Configuration,DC=X
-changetype: add
-objectClass: top
-objectClass: attributeSchema
-cn: sudoHost
-distinguishedName: CN=sudoHost,CN=Schema,CN=Configuration,DC=X
-instanceType: 4
-attributeID: 1.3.6.1.4.1.15953.9.1.2
-attributeSyntax: 2.5.5.5
-isSingleValued: FALSE
-showInAdvancedViewOnly: TRUE
-adminDisplayName: sudoHost
-adminDescription: Host(s) who may run sudo
-oMSyntax: 22
-lDAPDisplayName: sudoHost
-name: sudoHost
-schemaIDGUID:: d0TTjg+Y6U28g/Y+ns2k4w==
-objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
-
-dn: CN=sudoCommand,CN=Schema,CN=Configuration,DC=X
-changetype: add
-objectClass: top
-objectClass: attributeSchema
-cn: sudoCommand
-distinguishedName: CN=sudoCommand,CN=Schema,CN=Configuration,DC=X
-instanceType: 4
-attributeID: 1.3.6.1.4.1.15953.9.1.3
-attributeSyntax: 2.5.5.5
-isSingleValued: FALSE
-showInAdvancedViewOnly: TRUE
-adminDisplayName: sudoCommand
-adminDescription: Command(s) to be executed by sudo
-oMSyntax: 22
-lDAPDisplayName: sudoCommand
-name: sudoCommand
-schemaIDGUID:: D6QR4P5UyUen3RGYJCHCPg==
-objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
-
-dn: CN=sudoRunAs,CN=Schema,CN=Configuration,DC=X
-changetype: add
-objectClass: top
-objectClass: attributeSchema
-cn: sudoRunAs
-distinguishedName: CN=sudoRunAs,CN=Schema,CN=Configuration,DC=X
-instanceType: 4
-attributeID: 1.3.6.1.4.1.15953.9.1.4
-attributeSyntax: 2.5.5.5
-isSingleValued: FALSE
-showInAdvancedViewOnly: TRUE
-adminDisplayName: sudoRunAs
-adminDescription: User(s) impersonated by sudo (deprecated)
-oMSyntax: 22
-lDAPDisplayName: sudoRunAs
-name: sudoRunAs
-schemaIDGUID:: CP98mCQTyUKKxGrQeM80hQ==
-objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
-
-dn: CN=sudoOption,CN=Schema,CN=Configuration,DC=X
-changetype: add
-objectClass: top
-objectClass: attributeSchema
-cn: sudoOption
-distinguishedName: CN=sudoOption,CN=Schema,CN=Configuration,DC=X
-instanceType: 4
-attributeID: 1.3.6.1.4.1.15953.9.1.5
-attributeSyntax: 2.5.5.5
-isSingleValued: FALSE
-showInAdvancedViewOnly: TRUE
-adminDisplayName: sudoOption
-adminDescription: Option(s) followed by sudo
-oMSyntax: 22
-lDAPDisplayName: sudoOption
-name: sudoOption
-schemaIDGUID:: ojaPzBBlAEmsvrHxQctLnA==
-objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
-
-dn: CN=sudoRunAsUser,CN=Schema,CN=Configuration,DC=X
-changetype: add
-objectClass: top
-objectClass: attributeSchema
-cn: sudoRunAsUser
-distinguishedName: CN=sudoRunAsUser,CN=Schema,CN=Configuration,DC=X
-instanceType: 4
-attributeID: 1.3.6.1.4.1.15953.9.1.6
-attributeSyntax: 2.5.5.5
-isSingleValued: FALSE
-showInAdvancedViewOnly: TRUE
-adminDisplayName: sudoRunAsUser
-adminDescription: User(s) impersonated by sudo
-oMSyntax: 22
-lDAPDisplayName: sudoRunAsUser
-name: sudoRunAsUser
-schemaIDGUID:: 9C52yPYd3RG3jMR2VtiVkw==
-objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
-
-dn: CN=sudoRunAsGroup,CN=Schema,CN=Configuration,DC=X
-changetype: add
-objectClass: top
-objectClass: attributeSchema
-cn: sudoRunAsGroup
-distinguishedName: CN=sudoRunAsGroup,CN=Schema,CN=Configuration,DC=X
-instanceType: 4
-attributeID: 1.3.6.1.4.1.15953.9.1.7
-attributeSyntax: 2.5.5.5
-isSingleValued: FALSE
-showInAdvancedViewOnly: TRUE
-adminDisplayName: sudoRunAsGroup
-adminDescription: Groups(s) impersonated by sudo
-oMSyntax: 22
-lDAPDisplayName: sudoRunAsGroup
-name: sudoRunAsGroup
-schemaIDGUID:: xJhSt/Yd3RGJPTB1VtiVkw==
-objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
-
-dn: CN=sudoRole,CN=Schema,CN=Configuration,DC=X
-changetype: add
-objectClass: top
-objectClass: classSchema
-cn: sudoRole
-distinguishedName: CN=sudoRole,CN=Schema,CN=Configuration,DC=X
-instanceType: 4
-possSuperiors: container
-possSuperiors: top
-subClassOf: top
-governsID: 1.3.6.1.4.1.15953.9.2.1
-mayContain: sudoCommand
-mayContain: sudoHost
-mayContain: sudoOption
-mayContain: sudoRunAs
-mayContain: sudoRunAsUser
-mayContain: sudoRunAsGroup
-mayContain: sudoUser
-rDNAttID: cn
-showInAdvancedViewOnly: FALSE
-adminDisplayName: sudoRole
-adminDescription: Sudoer Entries
-objectClassCategory: 1
-lDAPDisplayName: sudoRole
-name: sudoRole
-schemaIDGUID:: SQn432lnZ0+ukbdh3+gN3w==
-systemOnly: FALSE
-objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
-defaultObjectCategory: CN=sudoRole,CN=Schema,CN=Configuration,DC=X
+#
+# Active Directory Schema for sudo configuration (sudoers)
+#
+# To extend your Active Directory schema, run one of the following command
+# on your Windows DC (default port - Active Directory):
+# 
+#  ldifde -i -f schema.ActiveDirectory -c "CN=Schema,CN=Configuration,DC=X" #schemaNamingContext
+#
+# or on your Windows DC if using another port (with Active Directory LightWeight Directory Services / ADAM-Active Directory Application Mode)
+# Port 50000 by example (or any other port specified when defining the ADLDS/ADAM instance
+#
+#  ldifde -i -f schema.ActiveDirectory -t 50000 -c "CN=Schema,CN=Configuration,DC=X" #schemaNamingContext
+#
+# or 
+#
+#  ldifde -i -f schema.ActiveDirectory -s server:port -c "CN=Schema,CN=Configuration,DC=X" #schemaNamingContext
+#
+# Can add username domain and password
+#
+# -b username domain password
+#
+# Can create Log file in current or any directory
+#
+# -j .
+#
+
+dn: CN=sudoUser,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: sudoUser
+distinguishedName: CN=sudoUser,CN=Schema,CN=Configuration,DC=X
+instanceType: 4
+attributeID: 1.3.6.1.4.1.15953.9.1.1
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: sudoUser
+adminDescription: User(s) who may run sudo
+oMSyntax: 22
+searchFlags: 1
+lDAPDisplayName: sudoUser
+name: sudoUser
+schemaIDGUID:: JrGcaKpnoU+0s+HgeFjAbg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=sudoHost,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: sudoHost
+distinguishedName: CN=sudoHost,CN=Schema,CN=Configuration,DC=X
+instanceType: 4
+attributeID: 1.3.6.1.4.1.15953.9.1.2
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: sudoHost
+adminDescription: Host(s) who may run sudo
+oMSyntax: 22
+lDAPDisplayName: sudoHost
+name: sudoHost
+schemaIDGUID:: d0TTjg+Y6U28g/Y+ns2k4w==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=sudoCommand,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: sudoCommand
+distinguishedName: CN=sudoCommand,CN=Schema,CN=Configuration,DC=X
+instanceType: 4
+attributeID: 1.3.6.1.4.1.15953.9.1.3
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: sudoCommand
+adminDescription: Command(s) to be executed by sudo
+oMSyntax: 22
+lDAPDisplayName: sudoCommand
+name: sudoCommand
+schemaIDGUID:: D6QR4P5UyUen3RGYJCHCPg==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=sudoRunAs,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: sudoRunAs
+distinguishedName: CN=sudoRunAs,CN=Schema,CN=Configuration,DC=X
+instanceType: 4
+attributeID: 1.3.6.1.4.1.15953.9.1.4
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: sudoRunAs
+adminDescription: User(s) impersonated by sudo (deprecated)
+oMSyntax: 22
+lDAPDisplayName: sudoRunAs
+name: sudoRunAs
+schemaIDGUID:: CP98mCQTyUKKxGrQeM80hQ==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=sudoOption,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: sudoOption
+distinguishedName: CN=sudoOption,CN=Schema,CN=Configuration,DC=X
+instanceType: 4
+attributeID: 1.3.6.1.4.1.15953.9.1.5
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: sudoOption
+adminDescription: Option(s) followed by sudo
+oMSyntax: 22
+lDAPDisplayName: sudoOption
+name: sudoOption
+schemaIDGUID:: ojaPzBBlAEmsvrHxQctLnA==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=sudoRunAsUser,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: sudoRunAsUser
+distinguishedName: CN=sudoRunAsUser,CN=Schema,CN=Configuration,DC=X
+instanceType: 4
+attributeID: 1.3.6.1.4.1.15953.9.1.6
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: sudoRunAsUser
+adminDescription: User(s) impersonated by sudo
+oMSyntax: 22
+lDAPDisplayName: sudoRunAsUser
+name: sudoRunAsUser
+schemaIDGUID:: 9C52yPYd3RG3jMR2VtiVkw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn: CN=sudoRunAsGroup,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: attributeSchema
+cn: sudoRunAsGroup
+distinguishedName: CN=sudoRunAsGroup,CN=Schema,CN=Configuration,DC=X
+instanceType: 4
+attributeID: 1.3.6.1.4.1.15953.9.1.7
+attributeSyntax: 2.5.5.5
+isSingleValued: FALSE
+showInAdvancedViewOnly: TRUE
+adminDisplayName: sudoRunAsGroup
+adminDescription: Groups(s) impersonated by sudo
+oMSyntax: 22
+lDAPDisplayName: sudoRunAsGroup
+name: sudoRunAsGroup
+schemaIDGUID:: xJhSt/Yd3RGJPTB1VtiVkw==
+objectCategory: CN=Attribute-Schema,CN=Schema,CN=Configuration,DC=X
+
+dn:
+changetype: modify
+add: schemaUpdateNow
+schemaUpdateNow: 1
+-
+
+dn: CN=sudoRole,CN=Schema,CN=Configuration,DC=X
+changetype: add
+objectClass: top
+objectClass: classSchema
+cn: sudoRole
+distinguishedName: CN=sudoRole,CN=Schema,CN=Configuration,DC=X
+instanceType: 4
+possSuperiors: container
+possSuperiors: top
+subClassOf: top
+governsID: 1.3.6.1.4.1.15953.9.2.1
+mayContain: sudoCommand
+mayContain: sudoHost
+mayContain: sudoOption
+mayContain: sudoRunAs
+mayContain: sudoRunAsUser
+mayContain: sudoRunAsGroup
+mayContain: sudoUser
+rDNAttID: cn
+showInAdvancedViewOnly: FALSE
+adminDisplayName: sudoRole
+adminDescription: Sudoer Entries
+objectClassCategory: 1
+lDAPDisplayName: sudoRole
+name: sudoRole
+schemaIDGUID:: SQn432lnZ0+ukbdh3+gN3w==
+systemOnly: FALSE
+objectCategory: CN=Class-Schema,CN=Schema,CN=Configuration,DC=X
+defaultObjectCategory: CN=sudoRole,CN=Schema,CN=Configuration,DC=X
-- 
2.40.0