Samba4 Full Active Directory Schema Issues?

Ido Mandril ido.mandril at gmail.com
Tue Mar 31 20:56:11 GMT 2009 

Andrew, Thanks for the quick replay.

I hope that the Schema you have now will be the right one for using with
Samba4.
Too bad I can not contributed to this issue, since according to you it is
almost done.

When do you think this will be on the MASTER REPO So I could check it out?
Does this plan for Alpha8? if so is there any estimated date for Alpha8?

Please if you think I can do anything to support this issue I will be
honored.
I might start with updating the Install tutorial which seem out of date.

Regarding your question, I interesting in Samba4 since I wrote a tool as
part of my studies which is similar to Microsoft SMS. This use Windows 2008
Server AD, and run on Linux (Debian in my case). It use the Schema for
some classes and I also add 1 more call for my apps. It could be very cool
to export it to run on Samba4, but for that I need to have a Full Microsoft
Active Directory Schema.


Thanks again for the support and this cool project!

Open Source Rules!
Ido






On 3/31/09, Andrew Bartlett <abartlet at samba.org> wrote:
>
> On Tue, 2009-03-31 at 00:05 +0300, Ido Mandril wrote:
> > Dear Andrew and Samba4 Group Members
> >
> > Does anyone know when Samba4 will include the Full Active Directory
> > Schema?
> > According to Samba4/Andrew and Jelmers Fantasy Page
> > (http://wiki.samba.org/index.php/Samba4/Andrew_and_Jelmers_Fantasy_Page)
> this was plan for 14 March, but due to some issue with Microsoft this was
> postpone to some unknown time frame.
> >
> > My Questions are as follow:
> >
> > 1. What is the cause of the delay?
>
> A few things - a delay in getting the correct, text-format schema from
> Microsoft, the need to handle the generation of possibleInferiors, and
> the need to test the combined result, including with the OpenLDAP
> backend.
>
> > 2. Don't we already have the Microsoft Schema Files? The Windows
> > Server Protocols
> > (http://msdn.microsoft.com/en-us/library/cc964399(PROT.10).aspx) has
> > very well documentation about the Active Directory classes and
> > attributes, So I don't get what is missing?
> > I'm sure you already know this, but aren't documents [MS-ADA1]:
> > [MS-ADA2]: [MS-ADA3]: [MS-ADLS]: [MS-ADSC] enough?
> > The only thing I could think about is that these papers have some
> > errors or mistakes, so this is what keeping us from having a Full
> > Microsoft AD Schema in samba4.
>
> Indeed.  The simple approach of trying to convert these PDF files into
> text files is difficult, because the PDF files include some extra
> information like 'in Win2008, this is ...'.
>
> So, we asked Microsoft for these in text format about 6 months ago.
> Between various delays at both ends, and many, many round trips to
> correct errors in the delivered documentation, it has taken until last
> week to provide a consistent schema.
>
> (I should double-check this latest schema, but I hope it is finally
> correct)
>
> > 3. Googling the Samba4 Mailing List I found number of issues about the
> > AD Schema. I understood that a lot of work was already been done to
> > support the new Samba4 Schema. From what I read the Schema Files that
> > exists in the GIT Master Repository were generated from the PDF files
> > i noted above. However those files  is not yet implemented in
> > the Alpha7 version and have no use at the moment, so I wonder if
> > anyone manage to used them to support what we have so far? (50% of the
> > Full Microsoft Schema, 60%,70% ...?).
>
> The schema in setup/schema.ldif was genrated by a tool 'minschema', that
> tries to construct the minimally required schema for our work in Samba4.
> The plan is to move to the full schema, and early copy of which is
> located in setup/ad-schema once we work out the other issues.
>
> > 4. Andrew has a private branch of the Samba4 development tree that
> > seems to deal with the implementation of the Full AD Schema. I
> > download it, but couldn't figure how to use it to have samba4 with the
> > schema files we have so far. Can someone provide help how to use this
> > with OpenLDAP backed?
>
> The OpenLDAP backend should 'just work', once we get everything else
> sorted out.  Currently it fails because the schema in the wspp-schema
> tree is incorrect.
>
> > My last question is to provide some help to this cool project and to
> > ask if there is anything I can do to speed the Full Microsoft AD
> > Schema support?
>
> At this point Tridge and I have written a tool - possibleinferiors.py in
> the dsdb/samdb/ldb_modules/tests directory.  This shows the required
> behaviour, and we will soon write the ldb module to handle it.
>
> > If so please let me know - I know my ways in openldap, C, C++, perl and
> little bit python.
>
> I don't think it's useful to try and get you up to speed on this
> particular problem at the moment (just because we are converging on the
> solution this week).
>
> That said, what is your interest in Samba4?  If you let me know a little
> more about your background, that might help me find you some of the many
> areas that still need a lot of attention, and are relevant to your
> interests.
>
> Andrew Bartlett
>
> --
> Andrew Bartlett                                http://samba.org/~abartlet/
> Authentication Developer, Samba Team           http://samba.org
> Samba Developer, Red Hat Inc.                  http://redhat.com
>
>
>

More information about the samba-technical mailing list