[Samba] core & cosine schema items in Samba AD DC user object?
Rowland Penny
rpenny at samba.org
Tue Mar 26 16:57:26 UTC 2024
On Tue, 26 Mar 2024 17:13:34 +0100
Franta Hanzlík <franta at hanzlici.cz> wrote:
>
> Yes, that's how I understood it later.
> But what surprised me is that an object ("user" class in this case)
> can be assigned any imaginary attribute - I thought that the Samba
> AD schema strictly limits what objects and with what attributes can
> be in the AD. But maybe it only limits the types of objects, but
> not their attributes...
> (I'm keeping quiet now, I know very little about Samba and AD.
> Many thanks, Rowland, thanks to you this mailing list is so great)
No, you cannot add just add any attribute to AD, it has to exist in the
schema. That isn't to say that you cannot extend the schema, Windows
has an attribute editor for just this purpose and you can extend it on
Unix by creating an ldif, see here:
https://wiki.samba.org/index.php/Samba_AD_schema_extensions
But, once you extend the schema, you cannot remove the extension.
Try browsing the schema files that come with Samba, they show all the
objectclasses and attributes you can use.
Rowland
More information about the samba
mailing list