[Samba] Samba4: Full schema problems
Michael Ströder
michael at stroeder.com
Wed May 13 11:29:54 GMT 2009
Andrew Bartlett wrote:
> On Tue, 2009-05-12 at 17:42 +0200, Michael Ströder wrote:
>> I'd assume every
>> LDAPv3 client is an AD client too.
>
> It is very clear to me that this is not the case,
Let me rephrase: A LDAPv3 client which is known to work with original AD
using a specific set of standard LDAPv3 operations is also an AD client
which should be supported by Samba4.
>> MS AD correctly returns attribute 'subSchemaSubEntry' for each entry
>> correctly if explicitly requested pointing to the subschema subentry
>> CN=Aggregate,CN=Schema,CN=Configuration,$BASEDN which a schema-aware
>> LDAPv3-compliant client SHOULD read and parse.
>
> Interesting that this is on every single entry...
LDAPv3 DSAs have to return 'subSchemaSubEntry' for each entry. AD is
simply LDAPv3 compliant in this regard.
>> So your mapping has to map the attribute value "CN=Subschema" to
>> "CN=Aggregate,CN=Schema,CN=Configuration,$BASEDN" for attribute
>> 'subSchemaSubEntry'. The content of the subschema subentry with the
>> above mentioned attributes has to be exactly the same like that of AD
>> including possible schema bugs in AD.
>
> Given that this is on every entry, this should not be hard to do. We
> already have modules to return operational attributes, so this will not
> be hard to add at all.
Well, still "CN=Aggregate,CN=Schema,CN=Configuration,$BASEDN" seems
empty in Samba4 but is available in AD.
Ciao, Michael.
More information about the samba-technical
mailing list