ADAppleExt < CF

CF Web>Infrastructure>CSCFActiveDirectory>ADUwCampus>ADAppleExt (2024-10-30, MariHassanzada) (raw view)
-- Main.ctucker - 22 Nov 2011 

---+ Windows 2008 R2 Active Directory Apple Schema Extension File (OBSOLETE)

Below is the contents of an LDIF file which we used to implement Apple schema extensions to our Windows Server 2008 R2 Active Directory based Directory Service. These extensions permit the managing of Macintosh client terminals and their users through this directory service. Consistent with the Apple document titled <a href="http://www.sticts.ch/MacWindows/Modifying_the_Active_Directory_Schema.pdf">Modifying the Active Directory Schema to Support Mac Systems</a> - October 2009, the schema extension generates 27 attributes and 6 classes, all carrying the <tt>apple-</tt> prefix.

In the LDIF text, all references to <tt>DC=X</tt> must be substituted with the LDAP DN string for the forest root domain of the Directory Service. In our case, <tt>DC=X</tt> is replaced with <tt>DC=ds,DC=uwaterloo,DC=ca</tt>. Also after the last '<tt>-</tt>' line at the end of the file there must follow a blank line prior to the <tt>EOF</tt>.

With this substitution, the forest schema is then extended using the following Windows command running on domain controller which is the forest's Schema Master. By default, the Schema Master is the first domain controller to be created in the forest root domain. You must have <tt>Schema Admin</tt> or <tt>Enterprise Admin</tt> privileges to implement this extension.

<tt>ldifde /j . /k /i /f apple-mods.ldf /v</tt>

The name <tt>apple-mods.ldf</tt> is the name of the LDIF file containing the Apple schema extensions though any file name will work.

<hr>
<pre>
# ==================================================================
#
#  This file should be imported with the following command:
#    ldifde -i -u -f apple-schma-ext.schema.ldf -s server:port -b username domain password -j . -c "cn=Configuration,dc=X" #configurationNamingContext
#  LDIFDE.EXE from AD/AM V1.0 or above must be used.
#  This LDIF file should be imported into AD or AD/AM. It may not work for other directories.
#
# ==================================================================

# ==================================================================
#  Attributes
# ==================================================================

# Attribute: apple-category
dn: cn=apple-category,cn=Schema,cn=Configuration,dc=X
changetype: add
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.10.4
ldapDisplayName: apple-category
attributeSyntax: 2.5.5.12
adminDescription: Category for the computer or neighborhood
oMSyntax: 64
systemOnly: FALSE

# Attribute: apple-computer-list-groups
dn: cn=apple-computer-list-groups,cn=Schema,cn=Configuration,dc=X
changetype: add
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.11.4
ldapDisplayName: apple-computer-list-groups
attributeSyntax: 2.5.5.12
adminDescription: groups
oMSyntax: 64
systemOnly: FALSE

# Attribute: apple-computers
dn: cn=apple-computers,cn=Schema,cn=Configuration,dc=X
changetype: add
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.11.3
ldapDisplayName: apple-computers
attributeSyntax: 2.5.5.12
adminDescription: computers
oMSyntax: 64
systemOnly: FALSE

# Attribute: apple-data-stamp
dn: cn=apple-data-stamp,cn=Schema,cn=Configuration,dc=X
changetype: add
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.12.2
ldapDisplayName: apple-data-stamp
attributeSyntax: 2.5.5.5
adminDescription: data stamp
oMSyntax: 22
isSingleValued: TRUE
systemOnly: FALSE

# Attribute: apple-group-homeowner
dn: cn=apple-group-homeowner,cn=Schema,cn=Configuration,dc=X
changetype: add
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.14.2
ldapDisplayName: apple-group-homeowner
attributeSyntax: 2.5.5.5
adminDescription: group home owner settings
oMSyntax: 22
isSingleValued: TRUE
systemOnly: FALSE

# Attribute: apple-group-homeurl
dn: cn=apple-group-homeurl,cn=Schema,cn=Configuration,dc=X
changetype: add
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.14.1
ldapDisplayName: apple-group-homeurl
attributeSyntax: 2.5.5.5
adminDescription: group home url
oMSyntax: 22
isSingleValued: TRUE
systemOnly: FALSE

# Attribute: apple-hwuuid
dn: cn=apple-hwuuid,cn=Schema,cn=Configuration,dc=X
changetype: add
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.19.7
ldapDisplayName: apple-hwuuid
attributeSyntax: 2.5.5.12
adminDescription: Hardware uuid of computer
oMSyntax: 64
isSingleValued: TRUE
systemOnly: FALSE

# Attribute: apple-imhandle
dn: cn=apple-imhandle,cn=Schema,cn=Configuration,dc=X
changetype: add
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.1.21
ldapDisplayName: apple-imhandle
attributeSyntax: 2.5.5.12
adminDescription: IM handle (service:account name)
oMSyntax: 64
systemOnly: FALSE

# Attribute: apple-keyword
dn: cn=apple-keyword,cn=Schema,cn=Configuration,dc=X
changetype: add
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.1.19
ldapDisplayName: apple-keyword
attributeSyntax: 2.5.5.12
adminDescription: keywords
oMSyntax: 64
systemOnly: FALSE

# Attribute: apple-mcxflags
dn: cn=apple-mcxflags,cn=Schema,cn=Configuration,dc=X
changetype: add
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.1.10
ldapDisplayName: apple-mcxflags
attributeSyntax: 2.5.5.12
adminDescription: mcx flags
oMSyntax: 64
isSingleValued: TRUE
systemOnly: FALSE

# Attribute: apple-mcxsettings
dn: cn=apple-mcxsettings,cn=Schema,cn=Configuration,dc=X
changetype: add
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.1.16
ldapDisplayName: apple-mcxsettings
attributeSyntax: 2.5.5.12
adminDescription: mcx settings
oMSyntax: 64
systemOnly: FALSE

# Attribute: apple-networkview
dn: cn=apple-networkview,cn=Schema,cn=Configuration,dc=X
changetype: add
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.10.3
ldapDisplayName: apple-networkview
attributeSyntax: 2.5.5.12
adminDescription: Network view for the computer
oMSyntax: 64
systemOnly: FALSE

# Attribute: apple-service-url
dn: cn=apple-service-url,cn=Schema,cn=Configuration,dc=X
changetype: add
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.19.2
ldapDisplayName: apple-service-url
attributeSyntax: 2.5.5.5
adminDescription: URL of service
oMSyntax: 22
systemOnly: FALSE

# Attribute: apple-user-authenticationhint
dn: cn=apple-user-authenticationhint,cn=Schema,cn=Configuration,dc=X
changetype: add
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.1.15
ldapDisplayName: apple-user-authenticationhint
attributeSyntax: 2.5.5.12
adminDescription: password hint
oMSyntax: 64
isSingleValued: TRUE
systemOnly: FALSE

# Attribute: apple-user-class
dn: cn=apple-user-class,cn=Schema,cn=Configuration,dc=X
changetype: add
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.1.7
ldapDisplayName: apple-user-class
attributeSyntax: 2.5.5.5
adminDescription: user class
oMSyntax: 22
isSingleValued: TRUE
systemOnly: FALSE

# Attribute: apple-user-homequota
dn: cn=apple-user-homequota,cn=Schema,cn=Configuration,dc=X
changetype: add
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.1.8
ldapDisplayName: apple-user-homequota
attributeSyntax: 2.5.5.5
adminDescription: home directory quota
oMSyntax: 22
isSingleValued: TRUE
systemOnly: FALSE

# Attribute: apple-user-homesoftquota
dn: cn=apple-user-homesoftquota,cn=Schema,cn=Configuration,dc=X
changetype: add
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.1.17
ldapDisplayName: apple-user-homesoftquota
attributeSyntax: 2.5.5.5
adminDescription: home directory soft quota
oMSyntax: 22
isSingleValued: TRUE
systemOnly: FALSE

# Attribute: apple-user-mailattribute
dn: cn=apple-user-mailattribute,cn=Schema,cn=Configuration,dc=X
changetype: add
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.1.9
ldapDisplayName: apple-user-mailattribute
attributeSyntax: 2.5.5.12
adminDescription: mail attribute
oMSyntax: 64
isSingleValued: TRUE
systemOnly: FALSE

# Attribute: apple-user-picture
dn: cn=apple-user-picture,cn=Schema,cn=Configuration,dc=X
changetype: add
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.1.12
ldapDisplayName: apple-user-picture
attributeSyntax: 2.5.5.12
adminDescription: picture
oMSyntax: 64
isSingleValued: TRUE
systemOnly: FALSE

# Attribute: apple-user-printattribute
dn: cn=apple-user-printattribute,cn=Schema,cn=Configuration,dc=X
changetype: add
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.1.13
ldapDisplayName: apple-user-printattribute
attributeSyntax: 2.5.5.12
adminDescription: print attribute
oMSyntax: 64
isSingleValued: TRUE
systemOnly: FALSE

# Attribute: apple-webloguri
dn: cn=apple-webloguri,cn=Schema,cn=Configuration,dc=X
changetype: add
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.1.22
ldapDisplayName: apple-webloguri
attributeSyntax: 2.5.5.12
adminDescription: Weblog URI
oMSyntax: 64
isSingleValued: TRUE
systemOnly: FALSE

# Attribute: apple-xmlplist
dn: cn=apple-xmlplist,cn=Schema,cn=Configuration,dc=X
changetype: add
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.17.1
ldapDisplayName: apple-xmlplist
attributeSyntax: 2.5.5.12
adminDescription: XML plist data
oMSyntax: 64
isSingleValued: TRUE
systemOnly: FALSE

# Attribute: mountDirectory
dn: cn=apple-mountDirectory,cn=Schema,cn=Configuration,dc=X
changetype: add
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.8.1
ldapDisplayName: apple-mountDirectory
attributeSyntax: 2.5.5.12
adminDescription: mount path
oMSyntax: 64
isSingleValued: TRUE
systemOnly: FALSE

# Attribute: mountDumpFrequency
dn: cn=apple-mountDumpFrequency,cn=Schema,cn=Configuration,dc=X
changetype: add
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.8.4
ldapDisplayName: apple-mountDumpFrequency
attributeSyntax: 2.5.5.5
adminDescription: mount dump frequency
oMSyntax: 22
isSingleValued: TRUE
systemOnly: FALSE

# Attribute: mountOption
dn: cn=apple-mountOption,cn=Schema,cn=Configuration,dc=X
changetype: add
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.8.3
ldapDisplayName: apple-mountOption
attributeSyntax: 2.5.5.5
adminDescription: mount options
oMSyntax: 22
systemOnly: FALSE

# Attribute: mountPassNo
dn: cn=apple-mountPassNo,cn=Schema,cn=Configuration,dc=X
changetype: add
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.8.5
ldapDisplayName: apple-mountPassNo
attributeSyntax: 2.5.5.5
adminDescription: mount passno
oMSyntax: 22
isSingleValued: TRUE
systemOnly: FALSE

# Attribute: mountType
dn: cn=apple-mountType,cn=Schema,cn=Configuration,dc=X
changetype: add
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.8.2
ldapDisplayName: apple-mountType
attributeSyntax: 2.5.5.5
adminDescription: mount VFS type
oMSyntax: 22
isSingleValued: TRUE
systemOnly: FALSE

dn:
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-


# ==================================================================
#  Classes
# ==================================================================

# Class: apple-computer
dn: cn=apple-computer,cn=Schema,cn=Configuration,dc=X
changetype: add
objectClass: classSchema
governsID: 1.3.6.1.4.1.63.1000.1.1.2.10
ldapDisplayName: apple-computer
adminDescription: computer
objectClassCategory: 3
systemOnly: FALSE
# subclassOf: top
subclassOf: 2.5.6.0
# mayContain: apple-category
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.10.4
# mayContain: apple-computer-list-groups
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.11.4
# mayContain: apple-hwuuid
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.19.7
# mayContain: apple-keyword
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.19
# mayContain: apple-mcxflags
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.10
# mayContain: apple-mcxsettings
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.16
# mayContain: apple-networkview
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.10.3
# mayContain: apple-service-url
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.19.2
# mayContain: apple-xmlplist
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.17.1
# mayContain: macAddress
mayContain: 1.3.6.1.1.1.1.22

# Class: apple-computer-list
dn: cn=apple-computer-list,cn=Schema,cn=Configuration,dc=X
changetype: add
objectClass: classSchema
governsID: 1.3.6.1.4.1.63.1000.1.1.2.11
ldapDisplayName: apple-computer-list
adminDescription: computer list
objectClassCategory: 1
systemOnly: FALSE
# subclassOf: top
subclassOf: 2.5.6.0
# rdnAttId: cn
rdnAttId: 2.5.4.3
# mayContain: apple-computer-list-groups
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.11.4
# mayContain: apple-computers
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.11.3
# mayContain: apple-keyword
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.19
# mayContain: apple-mcxflags
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.10
# mayContain: apple-mcxsettings
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.16
possSuperiors: organizationalUnit
possSuperiors: container

# Class: apple-configuration
dn: cn=apple-configuration,cn=Schema,cn=Configuration,dc=X
changetype: add
objectClass: classSchema
governsID: 1.3.6.1.4.1.63.1000.1.1.2.12
ldapDisplayName: apple-configuration
adminDescription: configuration
objectClassCategory: 1
systemOnly: FALSE
# subclassOf: top
subclassOf: 2.5.6.0
# rdnAttId: cn
rdnAttId: 2.5.4.3
# mayContain: apple-data-stamp
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.12.2
# mayContain: apple-keyword
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.19
# mayContain: apple-xmlplist
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.17.1
possSuperiors: organizationalUnit
possSuperiors: container

# Class: apple-group
dn: cn=apple-group,cn=Schema,cn=Configuration,dc=X
changetype: add
objectClass: classSchema
governsID: 1.3.6.1.4.1.63.1000.1.1.2.14
ldapDisplayName: apple-group
adminDescription: group account
objectClassCategory: 3
systemOnly: FALSE
# subclassOf: top
subclassOf: 2.5.6.0
# rdnAttId: cn
rdnAttId: 2.5.4.3
# mayContain: apple-group-homeowner
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.14.2
# mayContain: apple-group-homeurl
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.14.1
# mayContain: apple-keyword
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.19
# mayContain: apple-mcxflags
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.10
# mayContain: apple-mcxsettings
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.16
# mayContain: apple-user-picture
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.12

# Class: apple-user
dn: cn=apple-user,cn=Schema,cn=Configuration,dc=X
changetype: add
objectClass: classSchema
governsID: 1.3.6.1.4.1.63.1000.1.1.2.1
ldapDisplayName: apple-user
adminDescription: apple user account
objectClassCategory: 3
systemOnly: FALSE
# subclassOf: top
subclassOf: 2.5.6.0
# rdnAttId: cn
rdnAttId: 2.5.4.3
# mayContain: apple-imhandle
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.21
# mayContain: apple-keyword
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.19
# mayContain: apple-mcxflags
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.10
# mayContain: apple-mcxsettings
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.16
# mayContain: apple-user-authenticationhint
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.15
# mayContain: apple-user-class
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.7
# mayContain: apple-user-homequota
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.8
# mayContain: apple-user-homesoftquota
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.17
# mayContain: apple-user-mailattribute
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.9
# mayContain: apple-user-picture
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.12
# mayContain: apple-user-printattribute
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.13
# mayContain: apple-webloguri
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.1.22

# Class: mount
dn: cn=apple-mount,cn=Schema,cn=Configuration,dc=X
changetype: add
objectClass: classSchema
governsID: 1.3.6.1.4.1.63.1000.1.1.2.8
ldapDisplayName: apple-mount
objectClassCategory: 1
systemOnly: FALSE
# subclassOf: top
subclassOf: 2.5.6.0
# rdnAttId: cn
rdnAttId: 2.5.4.3
# mayContain: mountDirectory
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.8.1
# mayContain: mountDumpFrequency
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.8.4
# mayContain: mountOption
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.8.3
# mayContain: mountPassNo
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.8.5
# mayContain: mountType
mayContain: 1.3.6.1.4.1.63.1000.1.1.1.8.2
possSuperiors: organizationalUnit
possSuperiors: container

dn:
changetype: modify
add: schemaUpdateNow
schemaUpdateNow: 1
-


# ==================================================================
#  Updating present elements
# ==================================================================


# Add the new class to the user object
dn: CN=User,CN=Schema,CN=Configuration,DC=X
changetype: modify
add: auxiliaryClass
auxiliaryClass: apple-user
-

# Add the new class to the computer object
dn: CN=Computer,CN=Schema,CN=Configuration,DC=X
changetype: modify
add: auxiliaryClass
auxiliaryClass: apple-computer
-

# Add the new class to the group object
dn: CN=Group,CN=Schema,CN=Configuration,DC=X
changetype: modify
add: auxiliaryClass
auxiliaryClass: apple-group 
-

</pre>
<hr>
Topic revision: r4 - 2024-10-30 - MariHassanzada
Information in this area is meant for use by CSCF staff and is not official documentation, but anybody who is interested is welcome to use it if they find it useful.
Other Webs
My links
- People
- CERAS
- WatForm
- Tetherless lab
- Ubuntu Main.HowTo
- eDocs
- RGG NE notes
- RGG
- CS infrastructure
- Grad images
Edit