objectClass            file                             sup     
top                    core.schema                              abstract
person                 core.schema                      top     struc
account                cosine.schema                    top     struc
posixAccount           nis.schema                       top     aux
shadowAccount          nis.schema                       top     aux
kerberosSecurityObject redhat/kerberosobject.schema     top     aux
sambaAccount           samba.schema                     top     struc
organizationalPerson   core.schema                      person  struc
inetOrgPerson          inetorgperson.schema             organizationalPerson st

objectclass ( 2.5.6.0 NAME 'top' ABSTRACT
	MUST objectClass )

objectclass ( 2.5.6.6 NAME 'person' SUP top STRUCTURAL
	MUST ( sn $ cn )
	MAY ( userPassword $ telephoneNumber $ seeAlso $ description ) )

objectclass ( 0.9.2342.19200300.100.4.5 NAME 'account'
	SUP top STRUCTURAL
	MUST userid
	MAY ( description $ seeAlso $ localityName $
		organizationName $ organizationalUnitName $ host )
	)

objectclass ( 1.3.6.1.1.1.2.0 NAME 'posixAccount' SUP top AUXILIARY
	DESC 'Abstraction of an account with POSIX attributes'
	MUST ( cn $ uid $ uidNumber $ gidNumber $ homeDirectory )
	MAY ( userPassword $ loginShell $ gecos $ description ) )

objectclass ( 1.3.6.1.1.1.2.1 NAME 'shadowAccount' SUP top AUXILIARY
	DESC 'Additional attributes for shadow passwords'
	MUST uid
	MAY ( userPassword $ shadowLastChange $ shadowMin $
	      shadowMax $ shadowWarning $ shadowInactive $
	      shadowExpire $ shadowFlag $ description ) )

objectclass ( 1.3.6.1.4.1.2312.4.2.4 NAME 'kerberosSecurityObject'
        SUP top AUXILIARY
	DESC 'A uid with an associated Kerberos principal'
	MUST ( krbName ) )

objectclass ( 1.3.1.5.1.4.1.7165.2.2.2 NAME 'sambaAccount' SUP top STRUCTURAL
	DESC 'Samba Account'
	MUST ( uid $ uidNumber ) 
	MAY  ( cn $ gidNumber $ lmPassword $ ntPassword $ pwdLastSet $
               logonTime $ logoffTime $ kickoffTime $ pwdCanChange $
               pwdMustChange $ acctFlags $ 
               smbHome $ homeDrive $ scriptPath $ profilePath $
               description $ userWorkstations $ rid $ primaryGroupID ))

objectclass ( 2.5.6.7 NAME 'organizationalPerson' SUP person STRUCTURAL
	MAY ( title $ x121Address $ registeredAddress $ destinationIndicator $
		preferredDeliveryMethod $ telexNumber $
                teletexTerminalIdentifier $ telephoneNumber $
                internationaliSDNNumber $ facsimileTelephoneNumber $
                street $ postOfficeBox $ postalCode $
		postalAddress $ physicalDeliveryOfficeName $ ou $ st $ l ) )

objectclass ( 2.16.840.1.113730.3.2.2 NAME 'inetOrgPerson'
	DESC 'RFC2798: Internet Organizational Person'
        SUP organizationalPerson
        STRUCTURAL
	MAY (
		audio $ businessCategory $ carLicense $ departmentNumber $
		displayName $ employeeNumber $ employeeType $ givenName $
		homePhone $ homePostalAddress $ initials $ jpegPhoto $
		labeledURI $ mail $ manager $ mobile $ o $ pager $
		photo $ roomNumber $ secretary $ uid $ userCertificate $
		x500uniqueIdentifier $ preferredLanguage $
		userSMIMECertificate $ userPKCS12 )
	)  

# Useful other things from core.shema:
objectclass ( 2.5.6.14 NAME 'device' SUP top STRUCTURAL
	MUST cn
	MAY ( serialNumber $ seeAlso $ owner $ ou $ o $ l $ description ) )

attributetype ( 2.5.4.49 NAME 'distinguishedName'
	EQUALITY distinguishedNameMatch
	SYNTAX 1.3.6.1.4.1.1466.115.121.1.12 )

attributetype ( 2.5.4.31 NAME 'member' SUP distinguishedName )

attributetype ( 2.5.4.32 NAME 'owner' SUP distinguishedName )

attributetype ( 2.5.4.34 NAME 'seeAlso' SUP distinguishedName )