Re: AD-style AUX classes

[Michael StrÃder <michael@stroeder.com>]

Andrew Bartlett wrote:
> I generate the schema from these 'AD format' LDIF files:
>
> http://samba.org/~abartlet/ol-ad/schema.ldif

Is this directly dumped from AD without any mangling?

> http://samba.org/~abartlet/ol-ad/schema_samba4.ldif

Is this what you will load in the LDAP server acting as backend? It 
looks somewhat tweaked to Samba's need.

But without further processing this would not load since naming 
attribute 'cn' is missing in the entry:

dn: cn=privilege,${SCHEMADN}
objectClass: top
objectClass: attributeSchema
lDAPDisplayName: privilege
isSingleValued: FALSE
systemFlags: 17
systemOnly: TRUE
schemaIDGUID: 7429BC94-CC6A-4481-8B2C-A97E316EB182
adminDisplayName: Privilege
attributeID: 1.3.6.1.4.1.7165.4.1.7
attributeSyntax: 2.5.5.4
oMSyntax: 20

Obviously  you have any pre-processing before adding this to OpenLDAP. 
But do you also add the naming attribute 'cn'?

> http://samba.org/~abartlet/ol-ad/backend-schema.schema

I cannot load this schema file in my build of OpenLDAP HEAD. slapd won't 
start (but unfortunately without error message). Are you sure that every 
object class referenced by a DIT content rule is really there?

Ciao, Michael.