[Date Prev][Date Next] [Chronological] [Thread] [Top]

Re: AD-style AUX classes

To: Michael Ströder <michael@stroeder.com>
Subject: Re: AD-style AUX classes
From: Andrew Bartlett <abartlet@samba.org>
Date: Mon, 21 Jan 2008 09:36:37 +1100
Cc: openldap-technical <openldap-technical@openldap.org>
In-reply-to: <47908274.3080507@stroeder.com>
References: <1200551266.5772.137.camel@naomi> <478F40E4.7020106@stroeder.com> <1200608171.5772.151.camel@naomi> <47908274.3080507@stroeder.com>

On Fri, 2008-01-18 at 11:41 +0100, Michael StrÃder wrote:
> Andrew Bartlett wrote:
> > 
> > I generate the schema from these 'AD format' LDIF files:
> > 
> > http://samba.org/~abartlet/ol-ad/schema.ldif
> 
> Is this directly dumped from AD without any mangling?

Other than cutting it down (it is a partial schema, based on what we
need at the moment), this is based on what AD presents. 

> > http://samba.org/~abartlet/ol-ad/schema_samba4.ldif
> 
> Is this what you will load in the LDAP server acting as backend? It 
> looks somewhat tweaked to Samba's need.
> 
> But without further processing this would not load since naming 
> attribute 'cn' is missing in the entry:

This loads in Samba4, not into OpenLDAP, and our module chain fixed it
up.  

> dn: cn=privilege,${SCHEMADN}
> objectClass: top
> objectClass: attributeSchema
> lDAPDisplayName: privilege
> isSingleValued: FALSE
> systemFlags: 17
> systemOnly: TRUE
> schemaIDGUID: 7429BC94-CC6A-4481-8B2C-A97E316EB182
> adminDisplayName: Privilege
> attributeID: 1.3.6.1.4.1.7165.4.1.7
> attributeSyntax: 2.5.5.4
> oMSyntax: 20
> 
> Obviously  you have any pre-processing before adding this to OpenLDAP. 
> But do you also add the naming attribute 'cn'?
> 
> > http://samba.org/~abartlet/ol-ad/backend-schema.schema
> 
> I cannot load this schema file in my build of OpenLDAP HEAD. slapd won't 
> start (but unfortunately without error message). Are you sure that every 
> object class referenced by a DIT content rule is really there?

Indeed, this does not load, and that is my issue!

I've updated this one to almost load (needed to exlude memberOf, which
is provided by OpenLDAP's memberOf module), with this error:

/home/data/samba/git/samba/source/st/dc/private/ldap/backend-schema.schema: line 4292 dITContentRule: Content Rule not for STRUCTURAL object class: "1.2.840.113556.1.5.3"
slaptest: bad configuration file!

The problem is that indeed, this dITContentRule is for an AUXILIARY
class.  The other problems occour after I eliminate that rule. 

Andrew Bartlett

-- 
Andrew Bartlett
http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.

Attachment: signature.asc
Description: This is a digitally signed message part

References:
- AD-style AUX classes
  - From: Andrew Bartlett <abartlet@samba.org>
- Re: AD-style AUX classes
  - From: Michael Ströder <michael@stroeder.com>
- Re: AD-style AUX classes
  - From: Andrew Bartlett <abartlet@samba.org>
- Re: AD-style AUX classes
  - From: Michael StrÃder <michael@stroeder.com>

Prev by Date: Re: AD-style AUX classes
Next by Date: Re: AD-style AUX classes
Index(es):
- Chronological
- Thread