Extending Samba 4 schema for OSX GPO support

Kamen Mazdrashki kamenim at samba.org
Mon Nov 29 05:15:47 MST 2010 

Hi Aubrey,

Attached is the moded LDIF I used for testing - the one that worked
like charm :)
I hope it will help you to get your schema prepped as suggested by Apple.


-- 
CU,
Kamen Mazdrashki
Samba Team                                            http://samba.org
http://gitweb.samba.org/?p=kamenim/samba.git;a=summary


On Wed, Nov 24, 2010 at 22:50, Aubrey Ekstrom
<aekstrom at proclivitysystems.com> wrote:
> Hi Karmen,
>
> I get the same errors as below from the command line ldbmodify entering the items line by kine in interactive mode. It also throws a similar error from phpLDAPadmin if I try to add the auxiliaryClass manually there. I get the feeling that for some reason the ldb schema doesn't recognize the Apple auxiliaryClass types... except you said you got it to work: "It worked like charm :)" So I don't know what I'm doing wrong.
>
> Heading out for the long weekend. I'll revisit this on Monday. Happy Thanksgiving to everyone!
>
> Aubrey Ekstrom | Systems Administrator | Proclivity Systems
> 22 West 19th St., Ninth Floor, New York, NY 10011 | 646-237-3727
> http://www.proclivitysystems.com
>
>
> This message is the property of Proclivity Systems, Inc. and is intended
> only for the use of the addressee(s), and may contain material that is
> confidential and privileged for the sole use of the intended recipient.  If
> you are not the intended recipient, reliance or forwarding without express
> permission is strictly prohibited; please contact the sender and delete all
> copies.
>
> ----- Original Message -----
> From: "Aubrey Ekstrom" <aekstrom at proclivitysystems.com>
> To: "Kamen Mazdrashki" <kamenim at samba.org>
> Cc: "Andrew Bartlett" <abartlet at samba.org>, samba-technical at lists.samba.org
> Sent: Wednesday, November 24, 2010 11:30:46 AM
> Subject: Re: Extending Samba 4 schema for OSX GPO support
>
> Hi Karmen,
>
> Thanks again for all your help with this!
>
> Using TextWrangler on a Mac when I look at save options it says it is Unicode (UTF 8 NO BOM) with Unix line breaks. When I change it to Unicode (UTF 8) ldbmodify reads the file, but does nothing with it (0 records modified with 0 failures). When I put it back to it's original format it works (sort of). Anyways, I made the other changes you recommended and it still does not like the last 4 modify changes at the end. I get these errors from ldbmodify:
>
> ERR: (No such object) "No such object (32)" on DN
> ERR: (No such object) "No such object (32)" on DN CN=User,CN=Schema,CN=Configuration,DC=corp,DC=core
> ERR: (No such object) "No such object (32)" on DN CN=Computer,CN=Schema,CN=Configuration,DC=corp,DC=core
> ERR: (No such object) "No such object (32)" on DN CN=Group,CN=Schema,CN=Configuration,DC=corp,DC=core
> Modified 10 records with 4 failures
>
> This for these items at the end of ldif file:
>
> dn:
> changetype: modify
> add: schemaUpdateNow
> schemaUpdateNow: 1
> -
>
> # Add the new class to the user object
> dn: CN=User,CN=Schema,CN=Configuration,DC=corp,DC=core
> changetype: modify
> add: auxiliaryClass
> auxiliaryClass: apple-user
> -
>
> # Add the new class to the computer object
> dn: CN=Computer,CN=Schema,CN=Configuration,DC=corp,DC=core
> changetype: modify
> add: auxiliaryClass
> auxiliaryClass: apple-computer
> -
>
> # Add the new class to the group object
> dn: CN=Group,CN=Schema,CN=Configuration,DC=corp,DC=core
> changetype: modify
> add: auxiliaryClass
> auxiliaryClass: apple-group
> -
>
> Plus, even though it says adds the 10 classes, I still don't see them in phpLDAPadmin (even searching all base DNs). If I try to add them again, it complains that they already exist though, so it puts them somewhere. What am I missing here? Any thoughts? Thanks!
>
> To remind on the environment (just in case):
>
> Debian 5.0.6
> Samba 4 (git version 4.0.0alpha14-GIT-0e95fca)
> phpLDAPadmin 1.1.0.5
>
> I will keep poking around too and let you all know if I figure it out on my own.
>
> Cheers,
>
> Aubrey Ekstrom | Systems Administrator | Proclivity Systems
> 22 West 19th St., Ninth Floor, New York, NY 10011 | 646-237-3727
> http://www.proclivitysystems.com
>
>
> This message is the property of Proclivity Systems, Inc. and is intended
> only for the use of the addressee(s), and may contain material that is
> confidential and privileged for the sole use of the intended recipient.  If
> you are not the intended recipient, reliance or forwarding without express
> permission is strictly prohibited; please contact the sender and delete all
> copies.
>
> ----- Original Message -----
> From: "Kamen Mazdrashki" <kamenim at samba.org>
> To: "Aubrey Ekstrom" <aekstrom at proclivitysystems.com>
> Cc: "Andrew Bartlett" <abartlet at samba.org>, samba-technical at lists.samba.org
> Sent: Tuesday, November 23, 2010 6:28:30 PM
> Subject: Re: Extending Samba 4 schema for OSX GPO support
>
> Hi Aubrey,
>
> I have tested with the ldif you've attached in your first mail (I think)
> and here is what I did to make it work (yes, it works)
> 1. the ldif is in Unicode - I've converted it in utf-8
> 2. in all classes, rdnAttId, subClassOf etc are denoted by OIDs
>  so I just commented the line with the numeric OID and uncommented
>  the line after it (the one with the ldapDisplayName)
>  (it seems this is a problem only for rdnAttId, but I did for all of
> them anyway)
> 3. replace "changetype: ntdsschemaadd" with "changetype: add"
> 4. use ldbmodify utility
>
> It worked like charm :)
> Good luck!
>
> --
> CU,
> Kamen Mazdrashki
> Samba Team                                            http://samba.org
> http://gitweb.samba.org/?p=kamenim/samba.git;a=summary
>
>
> On Wed, Nov 24, 2010 at 01:00, Aubrey Ekstrom
> <aekstrom at proclivitysystems.com> wrote:
>> Hi Andrew,
>>
>> I tried with ldbadd and it says it added all 10 classes (records) with no errors, but both ldbadd and ldbmodify report "Added (or Modified) 0 records with 0 failures" for the 3 modifies at the end:
>>
>>
>> # Add the new class to the user object
>> dn: CN=User,CN=Schema,CN=Configuration,DC=corp,DC=core
>> changetype: modify
>> add: auxiliaryClass
>> auxiliaryClass: apple-user
>> -
>>
>> # Add the new class to the computer object
>> dn: CN=Computer,CN=Schema,CN=Configuration,DC=corp,DC=core
>> changetype: modify
>> add: auxiliaryClass
>> auxiliaryClass: apple-computer
>> -
>>
>> # Add the new class to the group object
>> dn: CN=Group,CN=Schema,CN=Configuration,DC=corp,DC=core
>> changetype: modify
>> add: auxiliaryClass
>> auxiliaryClass: apple-group
>> -
>>
>> Also, I can not find the 10 added classes in phpLDAPamin (even after loging out and logging in again). Maybe I used the wrong -H url in ldbadd? But then I should have had errors since I authenticated with the correct admin and password... Don't know.
>>
>> I am also attaching a .pdf from Apple with their instructions for this. Hopefully it will be useful for you (it wasn't easy to find). After reading that doc, I realized I did not have everything they said you needed (Like OS X Server), so I found an already formatted LDIF file on the internet and modified that, but the one I use meets all the criteria in Apple's instructions.
>>
>> I have to go home soon, but I'll be back tomorrow :)
>>
>> Cheers,
> ---------
> This message is the property of Proclivity Systems, Inc. and is intended
> only for the use of the addressee(s), and may contain material that is
> confidential and privileged for the sole use of the intended recipient.
> If you are not the intended recipient, reliance or forwarding without
> express permission is strictly prohibited; please contact the sender and
> delete all copies.
>
>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: apple-mods-1.ldif
Type: application/octet-stream
Size: 21943 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20101129/e18a9129/attachment.obj>

More information about the samba-technical mailing list