[Samba] Samba4: Full schema problems
Michael Ströder
michael at stroeder.com
Sat May 9 13:58:51 GMT 2009
Marcel Ritter wrote:
>
> However I'm running into some trouble when accessing samba's LDAP
> server with ldap browsers. The error only occurs while browsing the
> schema dn:
> cn=schema,cn=configuration, $BASEDN
Browsing means one-level search and read single entries in this
AD-specific schema container (where attribute 'schemaNamingContext' in
rootDSE points to)? It works just fine with my web2ldap which is based
on python-ldap which in turn is a Python wrapper module around the
OpenLDAP C client libs. I'm using a Samba4 build from GIT synced today.
What does *not* seem to work is reading the LDAPv3 subschema subentry.
So a schema-aware LDAPv3 client does not work correctly at the moment.
Attribute 'subSchemaSubEntry' in the rootDSE correctly points to
CN=Aggregate,CN=Schema,CN=Configuration,$BASEDN (like on AD) but there
are no schema descriptions in there.
Attribute 'subSchemaSubEntry' in all other entries *falsely* points to
CN=Subschema. I guess that DN generated by OpenLDAP. Note that a LDAPv3
compliant schema-aware client is supposed to query attribute
'subSchemaSubEntry' for each part of the DIT since in theory there can
be different subschema administrative areas within a DIT with different
subschema subentries. Not sure what other schema-aware LDAPv3 clients
are doing but my web2ldap asks for 'subSchemaSubEntry' whenever dealing
with an arbitrary entry in the DIT (also maintaining a cache for parsed
subschema information).
> I tried jxplorer and apachedirectorystudio (both work fine with a real
> Active Directory) and this are the errors I get:
Both are Java-based. Maybe for interop testing you could try that with
OpenLDAP's command-line tools?
Ciao, Michael.
More information about the samba-technical
mailing list