[Samba4] Using existing samba3 data from an external LDAP with
abartlet at samba.org
Tue Jan 2 11:50:00 GMT 2007
On Tue, 2006-10-24 at 17:40 +0200, Martin Kühl wrote:
> The following are notes I've taken while trying to connect a samba4
> to the samba3 data contained in the LDAP directory of a UCS system.
> Attempted Solution #2: Schema extension
> 2.1: Use the samba4 schema
> Install the OpenLDAP-formatted samba4 schema on X and make slapd load
> Install the samba4 packages on Y, provision against the LDAP directory
> of X.
> Samba3sam is not used in the process (yet).
> Problems and Workarounds:
> * Some of the OIDs/attributes/objectClasses of the samba4 schema
> conflict with
> the schemas loaded by slapd. (Most of these are duplicates.)
> -> Remove conflicting entries from the samba4 schema.
> * The "person" objectClass is incompatible: a person object "must"
> contain the
> "sn" attribute, which isn't set for any samba4 objects. "Person" here
> includes users, groups and computers.
> -> Make the attribute optional in the "core" schema's "person"
> * Provisioning erases all data from the LDAP directory.
> -> Change the deletion process so that when provisioning against an LDAP
> backend and when the partition to be deleted is the baseDN, erase
> objects that were added by samba4. Determine this property by
> for "objectCategory=*" records.
> * The baseDN record is already present in the LDAP directory but is
> the objectClasses "domainDNS" and "extensibleObject". Adding the
> former is
> forbidden in OpenLDAP because it would change the structural
> objectClass of
> the record.
> -> Add the objectClasses and modify the structuralObjectClass attribute
> * Some other records are already present in the LDAP directory.
> -> Extract these records (cn=users and cn=computers) into their own
> When adding them fails, try to modify the existing records instead
> (as with
> the baseDN).
> The above workarounds (except the first two) are contained in the
> `tp3-ldap.patch'; they fulfill goal (1) but not (2).
I like these changes, so I've applied the patch (with a few changes).
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Red Hat Inc. http://redhat.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20070102/5829ae9d/attachment.bin
More information about the samba-technical