Samba4 Full Active Directory Schema Issues?

Andrew Bartlett abartlet at samba.org
Tue Mar 31 02:56:40 GMT 2009 

On Tue, 2009-03-31 at 00:05 +0300, Ido Mandril wrote:
> Dear Andrew and Samba4 Group Members
>  
> Does anyone know when Samba4 will include the Full Active Directory
> Schema?
> According to Samba4/Andrew and Jelmers Fantasy Page
> (http://wiki.samba.org/index.php/Samba4/Andrew_and_Jelmers_Fantasy_Page) this was plan for 14 March, but due to some issue with Microsoft this was postpone to some unknown time frame.
>  
> My Questions are as follow:
>  
> 1. What is the cause of the delay? 

A few things - a delay in getting the correct, text-format schema from
Microsoft, the need to handle the generation of possibleInferiors, and
the need to test the combined result, including with the OpenLDAP
backend. 

> 2. Don't we already have the Microsoft Schema Files? The Windows
> Server Protocols
> (http://msdn.microsoft.com/en-us/library/cc964399(PROT.10).aspx) has
> very well documentation about the Active Directory classes and
> attributes, So I don't get what is missing? 
> I'm sure you already know this, but aren't documents [MS-ADA1]:
> [MS-ADA2]: [MS-ADA3]: [MS-ADLS]: [MS-ADSC] enough?
> The only thing I could think about is that these papers have some
> errors or mistakes, so this is what keeping us from having a Full
> Microsoft AD Schema in samba4.

Indeed.  The simple approach of trying to convert these PDF files into
text files is difficult, because the PDF files include some extra
information like 'in Win2008, this is ...'.  
 
So, we asked Microsoft for these in text format about 6 months ago.
Between various delays at both ends, and many, many round trips to
correct errors in the delivered documentation, it has taken until last
week to provide a consistent schema.

(I should double-check this latest schema, but I hope it is finally
correct)

> 3. Googling the Samba4 Mailing List I found number of issues about the
> AD Schema. I understood that a lot of work was already been done to
> support the new Samba4 Schema. From what I read the Schema Files that
> exists in the GIT Master Repository were generated from the PDF files
> i noted above. However those files  is not yet implemented in
> the Alpha7 version and have no use at the moment, so I wonder if
> anyone manage to used them to support what we have so far? (50% of the
> Full Microsoft Schema, 60%,70% ...?).

The schema in setup/schema.ldif was genrated by a tool 'minschema', that
tries to construct the minimally required schema for our work in Samba4.
The plan is to move to the full schema, and early copy of which is
located in setup/ad-schema once we work out the other issues.

> 4. Andrew has a private branch of the Samba4 development tree that
> seems to deal with the implementation of the Full AD Schema. I
> download it, but couldn't figure how to use it to have samba4 with the
> schema files we have so far. Can someone provide help how to use this
> with OpenLDAP backed?

The OpenLDAP backend should 'just work', once we get everything else
sorted out.  Currently it fails because the schema in the wspp-schema
tree is incorrect.

> My last question is to provide some help to this cool project and to
> ask if there is anything I can do to speed the Full Microsoft AD
> Schema support?

At this point Tridge and I have written a tool - possibleinferiors.py in
the dsdb/samdb/ldb_modules/tests directory.  This shows the required
behaviour, and we will soon write the ldb module to handle it. 

> If so please let me know - I know my ways in openldap, C, C++, perl and little bit python.

I don't think it's useful to try and get you up to speed on this
particular problem at the moment (just because we are converging on the
solution this week).  

That said, what is your interest in Samba4?  If you let me know a little
more about your background, that might help me find you some of the many
areas that still need a lot of attention, and are relevant to your
interests.

Andrew Bartlett
 
-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.                  http://redhat.com

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20090331/9b60dc82/attachment.bin

More information about the samba-technical mailing list