[Samba] core & cosine schema items in Samba AD DC user object?
Kees van Vloten
keesvanvloten at gmail.com
Tue Mar 26 17:06:58 UTC 2024
On 26-03-2024 17:57, Rowland Penny via samba wrote:
> On Tue, 26 Mar 2024 17:13:34 +0100
> Franta Hanzlík <franta at hanzlici.cz> wrote:
>> Yes, that's how I understood it later.
>> But what surprised me is that an object ("user" class in this case)
>> can be assigned any imaginary attribute - I thought that the Samba
>> AD schema strictly limits what objects and with what attributes can
>> be in the AD. But maybe it only limits the types of objects, but
>> not their attributes...
>> (I'm keeping quiet now, I know very little about Samba and AD.
>> Many thanks, Rowland, thanks to you this mailing list is so great)
> No, you cannot add just add any attribute to AD, it has to exist in the
> schema. That isn't to say that you cannot extend the schema, Windows
> has an attribute editor for just this purpose and you can extend it on
> Unix by creating an ldif, see here:
>
> https://wiki.samba.org/index.php/Samba_AD_schema_extensions
>
> But, once you extend the schema, you cannot remove the extension.
>
> Try browsing the schema files that come with Samba, they show all the
> objectclasses and attributes you can use.
>
> Rowland
I guess the OP's confusion is due to the fact that attrs without any
value are not shown on a ldap-object. Whereas, for example, in a sqldb
you always see all columns, empty or not.
More information about the samba
mailing list