Manual Pages for UNIX Darwin command on man DirectoryServiceAttributes

DirectoryServiceA... BSD Miscellaneous Information Manual DirectoryServiceA...

NAME

DDiirreeccttoorryySSeerrvviicceeAAttttrriibbuutteess The following standard attribute types are defined in

DESCRIPTION

This document contains well known attribute and record type constants. They can be used with dsDataNodeAllocateString() to create a data node to pass to a Directory Services API call. Legend: eDS1xxxxxx Single Valued Attribute

eDSNxxxxxx Multi-Valued Attribute

NOTE: Access controls may prevent any particular client from read-

ing/writting various attributes. In addition some attributes may not be

stored at all and could represent "real-time" data generated by the

directory node plug-in.

NOTE #2: Attributes in the model are available for records & directory

nodes. TTyyppee SSttrriinngg AAllll RReeccoorrddss kDSRecordsAll "dsRecordsAll" kDSRecordsStandardAll "dsRecordsStandardAll" kDSRecordsNativeAll "dsRecordsNativeAll" AAllll AAttttrriibbuutteess kDSAttributesAll "dsAttributesAll" kDSAttributesStandardAll "dsAttributesStandardAll" kDSAttributesNativeAll "dsAttributesNativeAll" WWeellll KKnnoowwnn RReeccoorrdd TTyyppeess kDSStdRecordTypePrefix "dsRecTypeStandard:" kDSNativeRecordTypePrefix "dsRecTypeNative:" kDSStdRecordTypeUsers "dsRecTypeStandard:Users" kDSStdRecordTypeGroups "dsRecTypeStandard:Groups" kDSStdRecordTypeMachines "dsRecTypeStandard:Machines" kDSStdRecordTypeAliases "dsRecTypeStandard:Aliases" kDSStdRecordTypeHosts "dsRecTypeStandard:Hosts" kDSStdRecordTypePrinters "dsRecTypeStandard:Printers" kDSStdRecordTypeNetworks "dsRecTypeStandard:Networks" kDSStdRecordTypeServices "dsRecTypeStandard:Services" kDSStdRecordTypeServer "dsRecTypeStandard:Server" kDSStdRecordTypProtocols "dsRecTypeStandard:Protocols" kDSStdRecordTypeProtocols "dsRecTypeStandard:Protocols" kDSStdRecordTypRPC "dsRecTypeStandard:RPC" kDSStdRecordTypeRPC "dsRecTypeStandard:RPC" kDSStdRecordTypePrintService "dsRecTypeStandard:PrintService" kDSStdRecordTypeConfig "dsRecTypeStandard:Config" kDSStdRecordTypeAFPServer "dsRecTypeStandard:AFPServer" kDSStdRecordTypeSMBServer "dsRecTypeStandard:SMBServer" kDSStdRecordTypeFTPServer "dsRecTypeStandard:FTPServer" kDSStdRecordTypeNFS "dsRecTypeStandard:NFS" kDSStdRecordTypeWebServer "dsRecTypeStandard:WebServer" kDSStdRecordTypeLDAPServer "dsRecTypeStandard:LDAPServer" kDSStdRecordTypeQTSServer "dsRecTypeStandard:QTSServer" kDSStdRecordTypMounts "dsRecTypeStandard:Mounts" kDSStdRecordTypeMounts "dsRecTypeStandard:Mounts"

kDSStdRecordTypeComputerGroups "dsRecTypeStandard:Computer-

Groups" kDSStdRecordTypeComputers "dsRecTypeStandard:Computers" kDSStdRecordTypeComputerLists "dsRecTypeStandard:ComputerLists" kDSStdRecordTypePresetUsers "dsRecTypeStandard:PresetUsers" kDSStdRecordTypePresetGroups "dsRecTypeStandard:PresetGroups" kDSStdRecordTypePresetComputers "dsRecTypeStandard:PresetComputers"

kDSStdRecordTypePresetComputerGroups "dsRecTypeStandard:PresetComput-

erGroups"

kDSStdRecordTypePresetComputerLists "dsRecTypeStandard:PresetComput-

erLists" kkDDSSSSttddRReeccoorrddTTyyppeeAAuuttooSSeerrvveerrSSeettuupp DDiissccuussssiioonn:: Used to discover automated server setup information.

kDSStdRecordTypeAutoServerSetup "dsRecTypeStandard:AutoServer-

Setup" kkDDSSSSttddRReeccoorrddTTyyppeePPaasssswwoorrddSSeerrvveerr DDiissccuussssiioonn:: Used to discover password servers via Bonjour.

kDSStdRecordTypePasswordServer "dsRecTypeStandard:Password-

Server" kkDDSSSSttddRReeccoorrddTTyyppeePPeeooppllee DDiissccuussssiioonn:: Record type that contains "People" records used for contact information. kDSStdRecordTypePeople "dsRecTypeStandard:People" kkDDSSSSttddRReeccoorrddTTyyppeeSShhaarreePPooiinnttss DDiissccuussssiioonn:: Share point record type. kDSStdRecordTypeSharePoints "dsRecTypeStandard:SharePoints" kkDDSSSSttddRReeccoorrddTTyyppeePPrriinnttSSeerrvviicceeUUsseerr DDiissccuussssiioonn:: Record in the local node for storing quota usage for a user.

kDSStdRecordTypePrintServiceUser "dsRecTypeStandard:PrintSer-

viceUser"

kDSStdRecordTypeAFPUserAliases "dsRecTypeStandard:AFPUser-

Aliases" kkDDSSSSttddRReeccoorrddTTyyppeeBBoooottpp DDiissccuussssiioonn:: Record in the local node for storing bootp info. kDSStdRecordTypeBootp "dsRecTypeStandard:Bootp" kkDDSSSSttddRReeccoorrddTTyyppeeNNeettDDoommaaiinnss DDiissccuussssiioonn:: Record in the local node for storing net domains. kDSStdRecordTypeNetDomains "dsRecTypeStandard:NetDomains" kkDDSSSSttddRReeccoorrddTTyyppeeEEtthheerrnneettss DDiissccuussssiioonn:: Record in the local node for storing ethernets. kDSStdRecordTypeEthernets "dsRecTypeStandard:Ethernets" kkDDSSSSttddRReeccoorrddTTyyppeeNNeettGGrroouuppss DDiissccuussssiioonn:: Record in the local node for storing net groups. kDSStdRecordTypeNetGroups "dsRecTypeStandard:NetGroups" kkDDSSSSttddRReeccoorrddTTyyppeeHHoossttSSeerrvviicceess DDiissccuussssiioonn:: Record in the local node for storing host services. kDSStdRecordTypeHostServices "dsRecTypeStandard:HostServices" kDSStdUserNamesMeta "dsRecTypeStandard:MetaUserNames"

kDSStdRecordTypeMeta "dsRecTypeS-

tandard:AppleMetaRecord" Location record type. kDSStdRecordTypeLocations "dsRecTypeStandard:Locations" kkDDSSSSttddRReeccoorrddTTyyppeeNNeeiigghhbboorrhhooooddss DDiissccuussssiioonn:: Neighborhood record type. Describes a list of computers and other neighborhoods, used for network browsing. kDSStdRecordTypeNeighborhoods "dsRecTypeStandard:Neighborhoods" kkDDSSSSttddRReeccoorrddTTyyppeeCCeerrttiiffiiccaatteeAAuutthhoorriittiieess DDiissccuussssiioonn:: Record type that contains certificate authority information.

kDSStdRecordTypeCertificateAuthorities "dsRecTypeStandard:Certifi-

cateAuthorities" kkDDSSSSttddRReeccoorrddTTyyppeeAAcccceessssCCoonnttrroollss DDiissccuussssiioonn:: Record type that contains directory access control directives.

kDSStdRecordTypeAccessControls "dsRecTypeStandard:AccessCon-

trols" FileMaker servers record type. Describes available FileMaker servers used for service discovery. kDSStdRecordTypeFileMakerServers "dsRecTypeStandard:FileMakerServers" Resource record type. kDSStdRecordTypeResources "dsRecTypeStandard:Resources" WWeellll KKnnoowwnn AAttttrriibbuuttee TTyyppeess...... kDSStdAttrTypePrefix "dsAttrTypeStandard:" kDSNativeAttrTypePrefix "dsAttrTypeNative:" kDSAttrNone "dsNone" Authentication Methods kDSStdAuthMethodPrefix "dsAuthMethodStandard:" kDSNativeAuthMethodPrefix "dsAuthMethodNative:"

kDSStdAuthClearText "dsAuthMethodStandard:dsAuth-

ClearText" kkDDSSSSttddAAuutthhCCrryypptt DDiissccuussssiioonn:: Use a crypt password stored in the user record if available to do the authentication. The buffer is packed as follows: 4 byte length of username, username in UTF8 encoding, 4 byte length of password, password in UTF8 encoding

This method may not be supported by all plug-ins or for all users.

kDSStdAuthCrypt "dsAuthMethodStan-

dard:dsAuthCrypt"

kDSStdAuthSetPasswd "dsAuthMethodStandard:dsAuthSet-

Passwd" kkDDSSSSttddAAuutthhCChhaannggeePPaasssswwdd DDiissccuussssiioonn:: Change the password for a user. Does not require prior authentication. The buffer is packed as follows: 4 byte length of username, username in UTF8 encoding, 4 byte length of old password, old password in UTF8 encoding, 4 byte length of new password, new password in UTF8 encoding

kDSStdAuthChangePasswd "dsAuthMethodStan-

dard:dsAuthChangePasswd"

kDSStdAuthSetPasswdAsRoot "dsAuthMethodStandard:dsAuthSetPass-

wdAsRoot" kkDDSSSSttddAAuutthh22WWaayyRRaannddoommCChhaannggeePPaasssswwdd DDiissccuussssiioonn::

Change the password for a user using the two-way random method.

Does not require prior authentication. The buffer is packed as follows: 4 byte length of username, username in UTF8 encoding, 4 byte length of old password encrypted with new (should be 8), old password encrypted with new, 4 byte length of new password encrypted with old (should be 8), new password encrypted with old

kDSStdAuth2WayRandomChangePasswd "dsAuthMethodStandard:dsAuth2WayRan-

domChangePasswd" kDSStdAuthAPOP "dsAuthMethodStandard:dsAuthAPOP"

kDSStdAuth2WayRandom "dsAuthMethodStandard:dsAuth2WayRan-

dom" kkDDSSSSttddAAuutthhNNooddeeNNaattiivveeCClleeaarrTTeexxttOOKK DDiissccuussssiioonn::

The plug-in should determine which specific authentication method to use.

The buffer is packed as follows: 4 byte length of username, username in UTF8 encoding, 4 byte length of password, password in UTF8 encoding

The plug-in may choose to use a cleartext authentication method if neces-

sary.

kDSStdAuthNodeNativeClearTextOK "dsAuthMethodStandard:dsAuthNode-

NativeCanUseClearText" kkDDSSSSttddAAuutthhNNooddeeNNaattiivveeNNooCClleeaarrTTeexxtt DDiissccuussssiioonn::

The plug-in should determine which specific authentication method to use.

The buffer is packed as follows: 4 byte length of username, username in UTF8 encoding, 4 byte length of password, password in UTF8 encoding

The plug-in must not use an authentication method that sends the password

in cleartext.

kDSStdAuthNodeNativeNoClearText "dsAuthMethodStandard:dsAuthNode-

NativeCannotUseClearText"

kDSStdAuthSMBNTKey "dsAuthMethodStandard:dsAuthSMBN-

TKey"

kDSStdAuthSMBLMKey "dsAuthMethodStandard:dsAuthSM-

BLMKey"

kDSStdAuthCRAMMD5 "dsAuthMethodStandard:dsAuthNode-

CRAM-MD5"

kDSStdAuthDIGESTMD5 "dsAuthMethodStandard:dsAuthN-

odeDIGEST-MD5"

kkDDSSSSttddAAuutthhNNTTLLMMvv22 DDiissccuussssiioonn:: If the NTLMv2 session key is supported, it is returned in the step buffer. The input buffer is packed as follows: 4 byte length of username, username in UTF8 encoding, 4 byte length of samba server challenge, samba server challenge 4 byte length of the NTLMv2 client "blob" the client "blob" which includes 16 bytes of client digest prefixed to the the blob data 4 byte length of the user name used to calculate the digest, the user name used to calculate the digest in UTF8 encoding 4 byte length of the samba domain, the samba domain in UTF8 encoding

kDSStdAuthNTLMv2 "dsAuthMethodStandard:dsAuthN-

odeNTLMv2" KKeerrbbeerriizzeedd SSMMBB SSeerrvveerr sseerrvviicceess DDiissccuussssiioonn:: Related constants for supporting Kerberized SMB Server services. These are only used for dsGetDirNodeInfo requests. They are not attributes that are used otherwise. kDS1AttrKerberosRealm "dsAttrTypeStandard:KerberosRealm" kDS1AttrPrimaryNTDomain "dsAttrTypeStandard:PrimaryNTDomain" kDS1AttrNTDomainComputerAccount "dsAttrTypeStandard:NTDomainComputerAccount" Attribute type for the owner of a record. Typically the value is a LDAP distinguished name. kDS1AttrOwner "dsAttrTypeStandard:Owner" PPDDCCSSMMBBCCoonnssttaannttss DDiissccuussssiioonn:: Related constants for supporting PDC SMB interaction with DS.

kDSStdAuthSMBNTUserSessionKey "dsAuthMethodStan-

dard:dsAuthSMBNTUserSessionKey"

kDSStdAuthSMBWorkstationCredentialSessionKey "dsAuthMethodStan-

dard:dsAuthSMBWorkstationCredentialSessionKey"

kDSStdAuthSetWorkstationPasswd "dsAuthMethodStan-

dard:dsAuthSetWorkstationPasswd"

kDS1AttrSMBRID "dsAttrTypeS-

tandard:smbrid"

kDS1AttrSMBGroupRID "dsAttrTypeS-

tandard:smbgrouprid" kkDDSS11AAttttrrSSMMBBHHoommeeDDrriivvee DDiissccuussssiioonn:: Drive letter for homedirectory mount point. kDS1AttrSMBHomeDrive "dsAttrTypeStandard:SMBHomeDrive" kkDDSS11AAttttrrSSMMBBHHoommee DDiissccuussssiioonn:: UNC address of Windows homedirectory mount point (\server\sharepoint). kDS1AttrSMBHome "dsAttrTypeStandard:SMBHome" kkDDSS11AAttttrrSSMMBBSSccrriippttPPaatthh DDiissccuussssiioonn:: Login script path. kDS1AttrSMBScriptPath "dsAttrTypeStandard:SMBScriptPath" kkDDSS11AAttttrrSSMMBBPPrrooffiilleePPaatthh DDiissccuussssiioonn:: Desktop management info (dock, desktop links, etc). kDS1AttrSMBProfilePath "dsAttrTypeStandard:SMBProfilePath" kkDDSS11AAttttrrSSMMBBUUsseerrWWoorrkkssttaattiioonnss DDiissccuussssiioonn:: List of workstations user can login from (machine account names). kDS1AttrSMBUserWorkstations "dsAttrTypeStandard:SMBUserWorkstations" AAccccoouunnttCCoonnttrroollFFllaaggss DDiissccuussssiioonn:: Set of account control flags. kDS1AttrSMBAcctFlags "dsAttrTypeStandard:SMBAccountFlags"

kDS1AttrSMBPWDLastSet "dsAttrTypeStandard:SMBPasswordLast-

Set" kDS1AttrSMBLogonTime "dsAttrTypeStandard:SMBLogonTime" kDS1AttrSMBLogoffTime "dsAttrTypeStandard:SMBLogoffTime" kDS1AttrSMBKickoffTime "dsAttrTypeStandard:SMBKickoffTime" kkDDSS11AAttttrrSSMMBBSSIIDD DDiissccuussssiioonn:: SMB Security ID, stored as a string attribute of up to 64 bytes. Found

in user, group, and computer records (kDSStdRecordTypeUsers, kDSSt-

dRecordTypeGroups, kDSStdRecordTypeComputers). kDS1AttrSMBSID "dsAttrTypeStandard:SMBSID" kkDDSS11AAttttrrSSMMBBPPrriimmaarryyGGrroouuppSSIIDD DDiissccuussssiioonn:: SMB Primary Group Security ID, stored as a string attribute of up to 64 bytes. Found in user, group, and computer records (kDSStdRecordTypeUsers, kDSStdRecordTypeGroups, kDSStdRecordTypeComputers).

kDS1AttrSMBPrimaryGroupSID "dsAttrTypeStandard:SMBPrimaryGroup-

SID" kkDDSS11AAttttrrPPaasssswwoorrddSSeerrvveerrLLiisstt DDiissccuussssiioonn:: Represents the attribute for storing the password server's replication information. kDS1AttrPasswordServerList "dsAttrTypeStandard:PasswordServerList" kkDDSS11AAttttrrAAlltteerrnnaatteeDDaattaassttoorreeLLooccaattiioonn DDiissccuussssiioonn:: Unix path used for determining where a user's email is stored.

kDS1AttrAlternateDatastoreLocation "dsAttrTypeStandard:Alternate-

DatastoreLocation" kkDDSSSSttddAAuutthhMMSSCCHHAAPP22 DDiissccuussssiioonn::

MS-CHAP2 is a mutual authentication method. The plug-in will generate the

data to send back to the client and put it in the step buffer. The input buffer format: 4 byte length, username, 4 byte length, server challenge, 4 byte length, peer challenge, 4 byte length, client's digest, The output buffer format: 4 byte length, return digest for the client's challenge kDSStdAuthMSCHAP2 "dsAuthMethodStandard:dsAuthMSCHAP2"

kDSStdAuthMASKEA "dsAuthMethodStandard:dsAuthMASKE-A"

kDSStdAuthMASKEB "dsAuthMethodStandard:dsAuthMASKE-B"

kkDDSSSSttddAAuutthhWWiitthhAAuutthhoorriizzaattiioonnRReeff DDiissccuussssiioonn:: Allows access to local directories as root with a valid AuthorizationRef. The input buffer format: externalized AuthorizationRef

kDSStdAuthWithAuthorizationRef "dsAuthMethodStandard:dsAuthWith-

AuthorizationRef" kkDDSSSSttddAAuutthhNNeewwUUsseerr DDiissccuussssiioonn:: Create a new user record with the authentication authority The buffer is packed as follows: 4 byte length of authenticator's UserID, authenticator's UserID in UTF8 encoding, 4 byte length of authenticator's password, authenticator's password in UTF8 encoding

4 byte length of new user's short-name,

user's short-name,

4 byte length of new user's password, user's password

kDSStdAuthNewUser "dsAuthMethodStandard:dsAuth-

NewUser" kkDDSSSSttddAAuutthhGGeettPPoolliiccyy DDiissccuussssiioonn::

The plug-in should determine which specific authentication method to use.

The buffer is packed as follows: 4 byte length of authenticator's UserID, authenticator's UserID in UTF8 encoding, 4 byte length of authenticator's password, authenticator's password in UTF8 encoding 4 byte length of UserID of the account to get policies, UserID of the account to get policies in UTF8 encoding The Password Server does not require authentication for this auth method. The first two fields are to cover us for future policy changes and to keep the buffer format as standardized as possible.

kDSStdAuthGetPolicy "dsAuthMethodStandard:dsAuthGet-

Policy" kkDDSSSSttddAAuutthhSSeettPPoolliiccyy DDiissccuussssiioonn::

The plug-in should determine which specific authentication method to use.

kDSStdAuthSetPolicy "dsAuthMethodStandard:dsAuthSet-

Policy"

kDSStdAuthGetGlobalPolicy "dsAuthMethodStandard:dsAuthGet-

GlobalPolicy"

kDSStdAuthSetGlobalPolicy "dsAuthMethodStandard:dsAuthSet-

GlobalPolicy"

kDSStdAuthGetUserName "dsAuthMethodStandard:dsAuthGe-

tUserName"

kDSStdAuthSetUserName "dsAuthMethodStandard:dsAuthSe-

tUserName"

kDSStdAuthGetUserData "dsAuthMethodStandard:dsAuthGe-

tUserData"

kDSStdAuthSetUserData "dsAuthMethodStandard:dsAuthSe-

tUserData"

kDSStdAuthDeleteUser "dsAuthMethodStandard:dsAuthDele-

teUser" UUsseerrss DDiissttiinngguuiisshheedd oorr RReeaall NNaammee kDS1AttrDistinguishedName "dsAttrTypeStandard:RealName" kDS1AttrFirstName "dsAttrTypeStandard:FirstName" kDS1AttrMiddleName "dsAttrTypeStandard:MiddleName" kDS1AttrLastName "dsAttrTypeStandard:LastName" AAllll ppoossssiibbllee nnaammeess ffoorr aa rreeccoorrdd kDSNAttrAllNames "dsAttrTypeStandard:AllNames" SSeett ppaasssswwoorrdd mmeetthhooddss kDSSetPasswdBestOf "dsSetPasswdBestOf" kkDDSSNNAAttttrrAAuutthheennttiiccaattiioonnAAuutthhoorriittyy DDiissccuussssiioonn:: Determines what mechanism is used to verify or set a user's password. If

multiple values are present, the first attributes returned take prece-

dence. Typically found in User records (kDSStdRecordTypeUsers).

kDSNAttrAuthenticationAuthority "dsAttrTypeStandard:AuthenticationAu-

thority" kDS1AttrPasswordPolicyOptions Discussion: Collection of password policy options in single attribute. Used in user presets record. kDS1AttrPasswordPolicyOptions "dsAttrTypeStandard:PasswordPolicyOptions" kkDDSSVVaalluueeDDeeffaauullttAAuutthhAAuutthhoorriittyy DDiissccuussssiioonn:: The default value to use for the kDSNAttrAuthenticationAuthority attribute. When creating a user record, set this value for authentication authority before setting the password with dsDoDirNodeAuth.

kDSValueAuthAuthorityDefault kDSValueAuthAuthorityShad-

owHash kDSValueAuthAuthorityBasic ";basic;" kDSTagAuthAuthorityBasic "basic" kDSValueAuthAuthorityLocalWindowsHash ";LocalWindowsHash;" kDSTagAuthAuthorityLocalWindowsHash "LocalWindowsHash" kDSValueAuthAuthorityShadowHash ";ShadowHash;" kDSTagAuthAuthorityShadowHash "ShadowHash" kDSTagAuthAuthorityBetterHashOnly "BetterHashOnly" kDSValueAuthAuthorityPasswordServerPrefix ";ApplePasswordServer;" kDSTagAuthAuthorityPasswordServer "ApplePasswordServer" kDSValueAuthAuthorityKerberosv5 ";Kerberosv5;" kDSTagAuthAuthorityKerberosv5 "Kerberosv5" kDSValueAuthAuthorityLocalCachedUser ";LocalCachedUser;" kDSTagAuthAuthorityLocalCachedUser "LocalCachedUser" Single Valued Attribute kDS1AttrPassword "dsAttrTypeStandard:Password" kDS1AttrPasswordPlus "dsAttrTypeStandard:PasswordPlus"

kDS1AttrAuthenticationHint "dsAttrTypeStandard:Authentication-

Hint" kDS1AttrInternetAlias "dsAttrTypeStandard:InetAlias" kDS1AttrNFSHomeDirectory "dsAttrTypeStandard:NFSHomeDirectory" kDS1AttrUniqueID "dsAttrTypeStandard:UniqueID"

kDS1AttrPrimaryGroupID "dsAttrTypeStandard:PrimaryComput-

erList" kDS1AttrPrimaryGroupID "dsAttrTypeStandard:PrimaryGroupID" kDS1AttrMailAttribute "dsAttrTypeStandard:MailAttribute" kDS1AttrComment "dsAttrTypeStandard:Comment" kDS1AttrRARA "dsAttrTypeStandard:RARA" kDS1AttrGeneratedUID "dsAttrTypeStandard:GeneratedUID" kDS1AttrAdminStatus "dsAttrTypeStandard:AdminStatus" kDS1AttrPwdAgingPolicy "dsAttrTypeStandard:PwdAgingPolicy" kDS1AttrUserShell "dsAttrTypeStandard:UserShell" kDS1AttrVFSType "dsAttrTypeStandard:VFSType" kDS1AttrVFSPassNo "dsAttrTypeStandard:VFSPassNo" kDS1AttrVFSDumpFreq "dsAttrTypeStandard:VFSDumpFreq" kDS1AttrVFSLinkDir "dsAttrTypeStandard:VFSLinkDir" kDS1AttrChange "dsAttrTypeStandard:Change" kDS1AttrExpire "dsAttrTypeStandard:Expire" kDSNAttrGroupMembership "dsAttrTypeStandard:GroupMembership" kDSNAttrHomeDirectory "dsAttrTypeStandard:HomeDirectory" kDSNAttrKeywords "dsAttrTypeStandard:Keywords" kkDDSS11AAttttrrXXMMLLPPlliisstt DDiissccuussssiioonn:: SA config settings plist. kDS1AttrXMLPlist "dsAttrTypeStandard:XMLPlist" kkDDSS11AAttttrrDDaatteeRReeccoorrddCCrreeaatteedd DDiissccuussssiioonn:: Date of record creation. kDS1AttrDateRecordCreated "dsAttrTypeStandard:DateRecordCreated" kkDDSS11AAttttrrCCrreeaattiioonnTTiimmeessttaammpp DDiissccuussssiioonn:: Attribute showing date/time of record creation. Format is x.208 standard YYYYMMDDHHMMSSZ which we will require as GMT time. kDS1AttrCreationTimestamp "dsAttrTypeStandard:CreationTimestamp" kkDDSS11AAttttrrMMooddiiffiiccaattiioonnTTiimmeessttaammpp DDiissccuussssiioonn:: Attribute showing date/time of record modification. Format is x.208 standard YYYYMMDDHHMMSSZ which we will require as GMT time.

kDS1AttrModificationTimestamp "dsAttrTypeStandard:ModificationTimes-

tamp" kkDDSS11AAttttrrTTiimmeeTTooLLiivvee DDiissccuussssiioonn:: Attribute recommending how long to cache the record's attribute values. Format is an unsigned 32 bit representing seconds. ie. 300 is 5 minutes. kDS1AttrTimeToLive "dsAttrTypeStandard:TimeToLive" kkDDSS11AAttttrrHHoommeeDDiirreeccttoorryyQQuuoottaa DDiissccuussssiioonn:: Represents the allowed usage for a user's home directory in bytes. Found in user records (kDSStdRecordTypeUsers).

kDS1AttrHomeDirectoryQuota "dsAttrTypeStandard:HomeDirecto-

ryQuota"

kDS1AttrHomeDirectorySoftQuota "dsAttrTypeStandard:HomeDirectorySoft-

Quota" kkDDSS11AAttttrrAAddmmiinnLLiimmiittss DDiissccuussssiioonn::

XML plist indicating what an admin user can edit. Found in kDSStdRecord-

TypeUsers records. kDS1AttrAdminLimits "dsAttrTypeStandard:AdminLimits" kkDDSS11AAttttrrPPrreesseettUUsseerrIIssAAddmmiinn DDiissccuussssiioonn::

Flag to indicate whether users created from this preset are administra-

tors by default. Found in kDSStdRecordTypePresetUsers records. kDS1AttrPresetUserIsAdmin "dsAttrTypeStandard:PresetUserIsAdmin" kDS1StandardAttrHomeLocOwnerkDS1AttrHomeLocOwner kkDDSS11AAttttrrHHoommeeLLooccOOwwnneerr DDiissccuussssiioonn:: Represents the owner of a workgroup's shared home directory. Typically found in kDSStdRecordTypeGroups records. kDS1AttrHomeLocOwner "dsAttrTypeStandard:HomeLocOwner" kDSNAttrProtocols "dsAttrTypeStandard:Protocols" kDSNAttrVFSOpts "dsAttrTypeStandard:VFSOpts" kkDDSS11AAttttrrPPaasssswwoorrddSSeerrvveerrLLooccaattiioonn DDiissccuussssiioonn:: Specifies the IP address or domain name of the Password Server associated

with a given directory node. Found in a config record named Password-

Server.

kDS1AttrPasswordServerLocation "dsAttrTypeStandard:PasswordServer-

Location" kkDDSS11AAttttrrPPoorrtt DDiissccuussssiioonn:: Represents the port number a service is available on. Typically found in

service record types including kDSStdRecordTypeAFPServer, kDSStdRecord-

TypeLDAPServer, and kDSStdRecordTypeWebServer. kDS1AttrPort "dsAttrTypeStandard:Port" kkDDSS11AAttttrrLLooccaattiioonn DDiissccuussssiioonn:: Represents the location a service is available from (usually domain

name). Typically found in service record types including kDSStdRecordTy-

peAFPServer, kDSStdRecordTypeLDAPServer, and kDSStdRecordTypeWebServer. kDS1AttrLocation "dsAttrTypeStandard:Location" kkDDSS11AAttttrrSSeerrvviicceeTTyyppee DDiissccuussssiioonn:: Represents the service type for the service. This is the raw service

type of the service. For example a service record type of kDSStdRecord-

TypeWebServer might have a service type of "http" or "https". kDS1AttrServiceType "dsAttrTypeStandard:ServiceType" kkDDSS11AAttttrrPPiiccttuurree DDiissccuussssiioonn:: Represents the path of the picture for each user displayed in the login window. Found in user records (kDSStdRecordTypeUsers). kDS1AttrPicture "dsAttrTypeStandard:Picture" kkDDSSNNAAttttrrJJPPEEGGPPhhoottoo DDiissccuussssiioonn:: Used to store binary picture data in JPEG format. Found in user, people,

and group records (kDSStdRecordTypeUsers, kDSStdRecordTypePeople, kDSSt-

dRecordTypeGroups). kDSNAttrJPEGPhoto "dsAttrTypeStandard:JPEGPhoto" MMuuttiivvaalluueedd mmeettaa aattttrriibbuuttee ddaattaa kDSNAttrMetaNodeLocation "dsAttrTypeStandard:AppleMetaNodeLocation" kDS1AttrAliasData "dsAttrTypeStandard:AppleAliasData"

Single Valued - checksum/meta data

kDS1AttrDataStamp "dsAttrTypeStandard:DataStamp" kDS1AttrTotalSize "dsAttrTypeStandard:TotalSize"

Single Valued - data of Create, Modify, Backup time in UTC

kDS1AttrTimePackage "dsAttrTypeStandard:TimePackage"

Single Valued - alias attribute, contain pointer to another

node/record/attribute kDS1AttrAlias "dsAttrTypeStandard:Alias"

Single valued - used to get a "auth" credential, to be used to authenti-

cate to other Directory nodes. kDS1AttrAuthCredential "dsAttrTypeStandard:AuthCredential"

Single valued - Note attribute. Commonly used in printer records.

kDS1AttrNote "dsAttrTypeStandard:Note"

Single-valued attribute for definition of the Printer Make and Model. An

example Value would be "HP LaserJet 2200". This would be used to deter-

mine the proper PPD file to be used when configuring a printer from the Directory. This attribute is based on the IPP Printing Specification RFC

and IETF IPP-LDAP Printer Record.

kDS1AttrPrinterMakeAndModel "dsAttrTypeStandard:PrinterMakeAndModel"

Single-valued attribute that defines the URI of a printer "ipp://address"

or "smb://server/queue". This is used when configuring a printer. This

attribute is based on the IPP Printing Specification RFC and IETF IPP-

LDAP Printer Record. kDS1AttrPrinterURI "dsAttrTypeStandard:PrinterURI"

Multi-valued attribute that defines additional URIs supported by a

printer. This is used when configuring a printer. This attribute is

based on the IPP Printing Specification RFC and IETF IPP-LDAP Printer

Record. kDSNAttrPrinterXRISupported "dsAttrTypeStandard:PrinterXRISupported"

Single-valued attribute that defines the IEEE 1284 DeviceID of a printer.

This is used when configuring a printer. kDS1AttrPrinter1284DeviceID "dsAttrTypeStandard:Printer1284DeviceID"

Single valued - DNS Resolver domain attribute.

kDS1AttrDNSDomain "dsAttrTypeStandard:DNSDomain"

Single valued - DNS Resolver nameserver attribute.

kDS1AttrDNSNameServer "dsAttrTypeStandard:DNSNameServer" KKDDCC mmaasstteerr kkeeyy RRSSAA eennccrryypptteedd wwiitthh rreeaallmm ppuubblliicc kkeeyy.. kDSNAttrKDCAuthKey "dsAttrTypeStandard:KDCAuthKey" CCoonntteennttss ooff tthhee kkddcc..ccoonnff ffiillee.. kDS1AttrKDCConfigData "dsAttrTypeStandard:KDCConfigData" UUsseedd wwiitthh ddiirreeccttoorryy nnooddeess ssoo tthhaatt cclliieennttss ccaann ddiissccoovveerr tthhee AAPPII ccaappaabbiilliittiieess ffoorr tthhiiss DDiirreeccttoorryy NNooddee.. kkDDSS11AAttttrrUUsseerrCCeerrttiiffiiccaattee DDiissccuussssiioonn:: Attribute containing the binary of the user's certificate. Usually found in user records. The certificate is data which identifies a user. This data is attested to by a known party, and can be independently verified by a third party. kDS1AttrUserCertificate "dsAttrTypeStandard:UserCertificate" kkDDSS11AAttttrrUUsseerrSSMMIIMMEECCeerrttiiffiiccaattee DDiissccuussssiioonn:: Attribute containing the binary

of the user's SMIME certificate. Usually found in user records. The cer-

tificate is data which identifies a user. This data is attested to by a known party, and can be independently verified by a third party. SMIME certificates are often used for signed or encrypted emails.

kDS1AttrUserSMIMECertificate "dsAttrTypeStandard:UserSMIMECertifi-

cate" kkDDSS11AAttttrrUUsseerrPPKKCCSS1122DDaattaa DDiissccuussssiioonn:: Attribute containing binary data in

PKCS #12 format. Usually found in user records. The value can contain

keys, certificates, and other related information and is encrypted with a passphrase. kDS1AttrUserPKCS12Data "dsAttrTypeStandard:UserPKCS12Data" kkDDSS11AAttttrrCCAACCeerrttiiffiiccaattee DDiissccuussssiioonn:: Attribute containing the binary of the certificate of a certificate authority. Its corresponding private key is

used to sign certificates. Usually found in kDSStdRecordTypeCertifi-

cateAuthority records. kDS1AttrCACertificate "dsAttrTypeStandard:CACertificate" kkDDSS11AAttttrrAAuutthhoorriittyyRReevvooccaattiioonnLLiisstt DDiissccuussssiioonn:: Attribute containing the binary of the authority revocation list. A certificate revocation list that defines certificate authority certificates which are no longer trusted. No user certificates are included in this list.Usually found in kDSStdRecordTypeCertificateAuthority records.

kDS1AttrAuthorityRevocationList "dsAttrTypeStandard:AuthorityRe-

vocationList" kkDDSS11AAttttrrCCeerrttiiffiiccaatteeRReevvooccaattiioonnLLiisstt DDiissccuussssiioonn:: Attribute containing the binary of the certificate revocation list. This is a list of certificates

which are no longer trusted. Usually found in kDSStdRecordTypeCertifi-

cateAuthority records.

kDS1AttrCertificateRevocationList "dsAttrTypeStandard:CertificateRevo-

cationList" kkDDSS11AAttttrrCCrroossssCCeerrttiiffiiccaatteePPaaiirr DDiissccuussssiioonn:: Attribute containing the binary of a pair of certificates which verify each other. Both certificates

have the same level of authority. Usually found in kDSStdRecordTypeCer-

tificateAuthority records.

kDS1AttrCrossCertificatePair "dsAttrTypeStandard:Cross-

CertificatePair"

kkDDSSNNAAttttrrAAcccceessssCCoonnttrroollEEnnttrryy DDiissccuussssiioonn:: Attribute type which stores direc-

tory access control directives.

kDSNAttrAccessControlEntry "dsAttrTypeStandard:AccessCon-

trolsEntry" kDS1AttrCapabilities "dsAttrTypeStandard:Capabilities" kkDDSS11AAttttrrCCaatteeggoorryy DDiissccuussssiioonn:: The category of an item used for browsing. kDS1AttrCategory "dsAttrTypeStandard:Category" can be found using dsGetDirNodeInfo and will return one of ReadOnly, ReadWrite, or WriteOnly strings note that ReadWrite does not imply fully readable or writable kDS1AttrReadOnlyNode "dsAttrTypeStandard:ReadOnlyNode" used with Search Node to "discover" the search path for this node kDS1AttrSearchPath "dsAttrTypeStandard:SearchPath" kDSNAttrSearchPath "dsAttrTypeStandard:SearchPath" used with Search Node to "discover" the search policy for this node kDS1AttrSearchPolicy "dsAttrTypeStandard:SearchPolicy" used with Search Node to "discover" the possible search paths for this node kDS1AttrNSPSearchPath "dsAttrTypeStandard:NSPSearchPath" kDSNAttrNSPSearchPath "dsAttrTypeStandard:NSPSearchPath" kDS1AttrLSPSearchPath "dsAttrTypeStandard:LSPSearchPath" kDSNAttrLSPSearchPath "dsAttrTypeStandard:LSPSearchPath" kDS1AttrCSPSearchPath "dsAttrTypeStandard:CSPSearchPath" kDSNAttrCSPSearchPath "dsAttrTypeStandard:CSPSearchPath" ffoorrccee tthhee ddiirreeccttoorryy sseerrvviiccee ttoo ggeenneerraattee aa bbiinnaarryy iimmaaggee ooff tthhee rreeccoorrdd aanndd aallll iitt''ss aattttrriibbuutteess.. kDS1AttrRecordImage "dsAttrTypeStandard:RecordImage"

Information (version, signature, about, credits..ect.) about the plug-in

that is actually servicing a particular directory node. kDSNAttrPlugInInfo "dsAttrTypeStandard:PlugInInfo" Multivalued Attribute, list of names/keys for this record kDSNAttrRecordName "dsAttrTypeStandard:RecordName"

Multivalued - list of attribute types

kDSNAttrSchema "dsAttrTypeStandard:Scheama"

Single Valued for a Record, Multi-valued for a Directory Node

kDSNAttrRecordType "dsAttrTypeStandard:RecordType" kDSNAttrNodePath "dsAttrTypeStandard:NodePath" kDSNAttrAuthMethod "dsAttrTypeStandard:AuthMethod" kDSNAttrSetPasswdMethod "dsAttrTypeStandard:SetPasswdMethod"

// Multivalued - list of group records

kDSNAttrGroup "dsAttrTypeStandard:Group"

Multivalued - list of member records

kDSNAttrMember "dsAttrTypeStandard:Member" kkDDSSNNAAttttrrNNeesstteeddGGrroouuppss DDiissccuussssiioonn:: Attribute type in group records for the list of GUID values for nested groups. kDSNAttrNestedGroups "dsAttrTypeStandard:NestedGroups"

kkDDSSNNAAttttrrGGrroouuppMMeemmbbeerrss DDiissccuussssiioonn:: Attribute type in group records contain-

ing lists of GUID values for members other than groups. kDSNAttrGroupMembers "dsAttrTypeStandard:GroupMembers" kDSNAttrURL "dsAttrTypeStandard:URL" data contained in this attribute type is a fully qualified MIME Type. kDSNAttrMIME "dsAttrTypeStandard:MIME" kDSNAttrHTML "dsAttrTypeStandard:HTML" kDSNAttrNBPEntry "dsAttrTypeStandard:NBPEntry" kDSNAttrDNSName "dsAttrTypeStandard:DNSName" kDSNAttrIPAddress "dsAttrTypeStandard:IPAddress" kDSNAttrIPv6Address "dsAttrTypeStandard:IPv6Address" kkDDSS11AAttttrrEENNeettAAddddrreessss DDiissccuussssiioonn::

Single-valued attribute for hardware Ethernet address (MAC address).

Found in machine records (kDSStdRecordTypeMachines) and computer records (kDSStdRecordTypeComputers). kDS1AttrENetAddress "dsAttrTypeStandard:ENetAddress" kkDDSS11AAttttrrBBoooottFFiillee DDiissccuussssiioonn:: Attribute type in host or machine records for the name of the kernel that this machine will use by default when NetBooting. kDS1AttrBootFile "dsAttrTypeStandard:BootFile" kkDDSSNNAAttttrrBBoooottPPaarraammss DDiissccuussssiioonn:: Attribute type in host or machine records for storing boot params. kDSNAttrBootParams "dsAttrTypeStandard:BootParams" kkDDSS11AAttttrrCCoonnttaaccttPPeerrssoonn DDiissccuussssiioonn:: Attribute type for the contact person of the machine. Found in host or machine records. kDS1AttrContactPerson "dsAttrTypeStandard:ContactPerson" kkDDSSNNAAttttrrMMaacchhiinneeSSeerrvveess DDiissccuussssiioonn Attribute type in host or machine records for storing NetInfo domains served. kDSNAttrMachineServes "dsAttrTypeStandard:MachineServes" kkDDSSNNAAttttrrNNeettGGrroouuppss DDiissccuussssiioonn:: Attribute type that indicates which netgroups its record is a member of. Found in user, host, and netdomain records. kDSNAttrNetGroups "dsAttrTypeStandard:NetGroups" kDSNAttrPGPPublicKey "dsAttrTypeStandard:PGPPublicKey" kDSNAttrEMailAddress "dsAttrTypeStandard:EMailAddress" kDSNAttrAreaCode "dsAttrTypeStandard:AreaCode" kDSNAttrPhoneNumber "dsAttrTypeStandard:PhoneNumber" kDSNAttrHomePhoneNumber "dsAttrTypeStandard:HomePhoneNumber" kDSNAttrPostalAddress "dsAttrTypeStandard:PostalAddress" kDSNAttrOrganizationName "dsAttrTypeStandard:OrganizationName" kDSNAttrAddressLine1 "dsAttrTypeStandard:AddressLine1" kDSNAttrAddressLine2 "dsAttrTypeStandard:AddressLine2" kDSNAttrAddressLine3 "dsAttrTypeStandard:AddressLine3" kDSNAttrCity "dsAttrTypeStandard:City" kDSNAttrState "dsAttrTypeStandard:State" kDSNAttrPostalCode "dsAttrTypeStandard:PostalCode" used for Setup Assistant automatic population kDS1AttrSetupOccupation "dsAttrTypeStandard:Occupation" kDS1AttrSetupLocation "dsAttrTypeStandard:SetupAssistantLocation" kDS1AttrSetupAdvertising "dsAttrTypeStandard:SetupAssistantAdvertising"

kDS1AttrSetupAutoRegister "dsAttrTypeStandard:SetupAssistantAutoReg-

ister" kDS1AttrMCXSettings "dsAttrTypeStandard:MCXSettings" kDSNAttrMCXSettings "dsAttrTypeStandard:MCXSettings" kDS1AttrMCXFlags "dsAttrTypeStandard:MCXFlags" kDSNAttrComputers "dsAttrTypeStandard:Computers" Print

kDS1AttrPrintServiceInfoXML "dsAttrTypeStandard:PrintServiceIn-

foXML" kDS1AttrPrintServiceInfoText "dsAttrTypeStandard:PrintServiceInfoText" kkDDSS11AAttttrrPPrriinnttSSeerrvviicceeUUsseerrDDaattaa DDiissccuussssiioonn::

Single-valued attribute for print quota configuration or statistics (XML

data). Found in user records (kDSStdRecordTypeUsers) or print service statistics records (kDSStdRecordTypePrintServiceUser). kDS1AttrPrintServiceUserData "dsAttrTypeStandard:PrintServiceUserData" kkDDSS11AAttttrrNNeeiigghhbboorrhhooooddTTyyppee DDiissccuussssiioonn:: Attribute type in Neighborhood records describing their function. kDS1AttrNeighborhoodType "dsAttrTypeStandard:NeighborhoodType" kkDDSS11AAttttrrNNeettwwoorrkkVViieeww DDiissccuussssiioonn:: The name of the managed network view a computer should use for browsing. kDS1AttrNetworkView "dsAttrTypeStandard:NetworkView" kkDDSSNNAAttttrrNNeeiigghhbboorrhhooooddAAlliiaass DDiissccuussssiioonn:: Attribute type in Neighborhood

records describing sub-neighborhood records.

kDSNAttrNeighborhoodAlias "dsAttrTypeStandard:NeighborhoodAlias" kkDDSSNNAAttttrrCCoommppuutteerrAAlliiaass DDiissccuussssiioonn:: Attribute type in Neighborhood records describing computer records pointed to by this neighborhood. kDSNAttrComputerAlias "dsAttrTypeStandard:ComputerAlias"

kkDDSS11AAttttrrWWeebbllooggUURRII DDiissccuussssiioonn:: Single-valued attribute that defines the

URI of a user's weblog. Usually found in user or person records (kDSSt-

dRecordTypeUsers, kDSStdRecordTypePeople). Example: http://exam-

ple.com/blog/jsmith kDS1AttrWeblogURI "dsAttrTypeStandard:WeblogURI" kkDDSSNNAAttttrrNNooddeePPaatthhXXMMLLPPlliisstt DDiissccuussssiioonn:: Attribute type in Neighborhood records describing the DS Node to search while looking up aliases in this neighborhood. kDSNAttrNodePathXMLPlist "dsAttrTypeStandard:NodePathXMLPlist"

kkDDSSVVaalluueeNNSSLLTTooppLLeevveellNNeeiigghhbboorrhhooooddTTyyppee DDiissccuussssiioonn:: Value type of Neighbor-

hood record

kDSValueNSLTopLevelNeighborhoodType "NSLTopLevelNeighborhood-

Type" kkDDSSVVaalluueeNNSSLLSSttaattiiccNNeeiigghhbboorrhhooooddTTyyppee DDiissccuussssiioonn:: Value type of Neighborhood record kDSValueNSLStaticNeighborhoodType "NSLStaticNeighborhoodType" kkDDSSVVaalluueeNNSSLLDDyynnaammiiccNNeeiigghhbboorrhhooooddTTyyppee DDiissccuussssiioonn:: Value type of Neighborhood record kDSValueNSLDynamicNeighborhoodType "NSLDynamicNeighborhoodType" kkDDSSVVaalluueeNNSSLLLLooccaallNNeeiigghhbboorrhhooooddTTyyppee DDiissccuussssiioonn:: Value type of Neighborhood record kDSValueNSLLocalNeighborhoodType "NSLLocalNeighborhoodType" kDS1AttrBirthday "dsAttrTypeStandard:Birthday" kDS1AttrCapacity "dsAttrTypeStandard:Capacity" kDS1AttrContactGUID "dsAttrTypeStandard:ContactGUID" kDS1AttrOwnerGUID "dsAttrTypeStandard:OwnerGUID" kDSNAttrCompany "dsAttrTypeStandard:Company" kDSNAttrEMailContacts "dsAttrTypeStandard:EMailContacts" kDSNAttrGroupServices "dsAttrTypeStandard:GroupServices" kDSNAttrMapCoordinates "dsAttrTypeStandard:MapCoordinates" kDS1AttrMapGUID "dsAttrTypeStandard:MapGUID" kDSNAttrMapURI "dsAttrTypeStandard:MapURI" kDSNAttrPhoneContacts "dsAttrTypeStandard:PhoneContacts" kDSNAttrPostalAddressContacts "dsAttrTypeStandard:PostalAddressContacts" kDSNAttrRelationships "dsAttrTypeStandard:Relationships" kDSNAttrResourceInfo "dsAttrTypeStandard:ResourceInfo" kDSNAttrResourceType "dsAttrTypeStandard:ResourceType" kDSNAttrServicesLocator "dsAttrTypeStandard:ServicesLocator" kDSNAttrOrganizationInfo "dsAttrTypeStandard:OrganizationInfo"