[Samba] Samba4: Full schema problems

Andrew Bartlett abartlet at samba.org
Tue May 12 06:37:30 GMT 2009

On Sat, 2009-05-09 at 15:58 +0200, Michael Ströder wrote: 

> Attribute 'subSchemaSubEntry' in the rootDSE correctly points to
> CN=Aggregate,CN=Schema,CN=Configuration,$BASEDN (like on AD) but there
> are no schema descriptions in there.
> Attribute 'subSchemaSubEntry' in all other entries *falsely* points to
> CN=Subschema. I guess that DN generated by OpenLDAP. 

Hmm.  This is unfortunate.  We are going to need a way to block AD
clients from seeing this attribute.  Is there any sane way (an ACI
perhaps?) to prohibit reading this attribute from the OpenLDAP side?  

Otherwise, I'll put in a rule in our 'mapping' table to map all queries
for subSchemaSubEntry to
samba4NeverWantsToHaveSubSchemaSubEntryReturned :-)

Andrew Bartlett
Andrew Bartlett
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Red Hat Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.samba.org/archive/samba-technical/attachments/20090512/aac367c4/attachment.bin

More information about the samba-technical mailing list