[PATCH] s4 - Mapped AD schema to existing FDS schema.
Endi S. Dewata
edewata at redhat.com
Fri Oct 23 19:09:07 MDT 2009
---
source4/dsdb/samdb/ldb_modules/simple_ldap_map.c | 161 +++++++++++++++++++++-
source4/dsdb/schema/schema_convert_to_ol.c | 8 +
source4/setup/fedorads-samba.ldif | 1 +
source4/setup/fedorads.inf | 5 +
source4/setup/schema-map-fedora-ds-1.0 | 63 +++++++++-
5 files changed, 235 insertions(+), 3 deletions(-)
diff --git a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c
index 248d286..7d551d2 100644
--- a/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c
+++ b/source4/dsdb/samdb/ldb_modules/simple_ldap_map.c
@@ -530,7 +530,7 @@ static const struct ldb_map_attribute nsuniqueid_attributes[] =
.type = MAP_CONVERT,
.u = {
.convert = {
- .remote_name = "groupType",
+ .remote_name = "sambaGroupType",
.convert_local = normalise_to_signed32,
.convert_remote = val_copy,
}
@@ -592,6 +592,123 @@ static const struct ldb_map_attribute nsuniqueid_attributes[] =
}
},
{
+ .local_name = "unixHomeDirectory",
+ .type = MAP_RENAME,
+ .u = {
+ .rename = {
+ .remote_name = "homeDirectory"
+ }
+ }
+ },
+ {
+ .local_name = "pwdLastSet",
+ .type = MAP_RENAME,
+ .u = {
+ .rename = {
+ .remote_name = "sambaPwdLastSet"
+ }
+ }
+ },
+ {
+ .local_name = "lastLogon",
+ .type = MAP_RENAME,
+ .u = {
+ .rename = {
+ .remote_name = "sambaLogonTime"
+ }
+ }
+ },
+ {
+ .local_name = "lastLogoff",
+ .type = MAP_RENAME,
+ .u = {
+ .rename = {
+ .remote_name = "sambaLogoffTime"
+ }
+ }
+ },
+ {
+ .local_name = "badPwdCount",
+ .type = MAP_RENAME,
+ .u = {
+ .rename = {
+ .remote_name = "sambaBadPasswordCount"
+ }
+ }
+ },
+ {
+ .local_name = "logonHours",
+ .type = MAP_RENAME,
+ .u = {
+ .rename = {
+ .remote_name = "sambaLogonHours"
+ }
+ }
+ },
+ {
+ .local_name = "homeDrive",
+ .type = MAP_RENAME,
+ .u = {
+ .rename = {
+ .remote_name = "sambaHomeDrive"
+ }
+ }
+ },
+ {
+ .local_name = "scriptPath",
+ .type = MAP_RENAME,
+ .u = {
+ .rename = {
+ .remote_name = "sambaLogonScript"
+ }
+ }
+ },
+ {
+ .local_name = "profilePath",
+ .type = MAP_RENAME,
+ .u = {
+ .rename = {
+ .remote_name = "sambaProfilePath"
+ }
+ }
+ },
+ {
+ .local_name = "userWorkstations",
+ .type = MAP_RENAME,
+ .u = {
+ .rename = {
+ .remote_name = "sambaUserWorkstations"
+ }
+ }
+ },
+ {
+ .local_name = "homeDirectory",
+ .type = MAP_RENAME,
+ .u = {
+ .rename = {
+ .remote_name = "sambaHomePath"
+ }
+ }
+ },
+ {
+ .local_name = "nextRid",
+ .type = MAP_RENAME,
+ .u = {
+ .rename = {
+ .remote_name = "sambaNextRid"
+ }
+ }
+ },
+ {
+ .local_name = "privilegeDisplayName",
+ .type = MAP_RENAME,
+ .u = {
+ .rename = {
+ .remote_name = "sambaPrivName"
+ }
+ }
+ },
+ {
.local_name = "*",
.type = MAP_KEEP,
},
@@ -600,6 +717,46 @@ static const struct ldb_map_attribute nsuniqueid_attributes[] =
}
};
+/* This objectClass conflicts with builtin classes on FDS */
+const struct ldb_map_objectclass nsuniqueid_objectclasses[] =
+{
+ {
+ .local_name = "domain",
+ .remote_name = "samba4Domain"
+ },
+ {
+ .local_name = "rFC822LocalPart",
+ .remote_name = "samba4RFC822LocalPart"
+ },
+ {
+ .local_name = "mailRecipient",
+ .remote_name = "samba4MailRecipient"
+ },
+ {
+ .local_name = "nisMap",
+ .remote_name = "samba4NisMap"
+ },
+ {
+ .local_name = "person",
+ .remote_name = "samba4Person"
+ },
+ {
+ .local_name = "organizationalPerson",
+ .remote_name = "samba4OrganizationalPerson"
+ },
+ {
+ .local_name = "residentialPerson",
+ .remote_name = "samba4ResidentialPerson"
+ },
+ {
+ .local_name = "inetOrgPerson",
+ .remote_name = "samba4InetOrgPerson"
+ },
+ {
+ .local_name = NULL
+ }
+};
+
/* These things do not show up in wildcard searches in OpenLDAP, but
* we need them to show up in the AD-like view */
static const char * const nsuniqueid_wildcard_attributes[] = {
@@ -626,7 +783,7 @@ static int entryuuid_init(struct ldb_module *module)
static int nsuniqueid_init(struct ldb_module *module)
{
int ret;
- ret = ldb_map_init(module, nsuniqueid_attributes, NULL, nsuniqueid_wildcard_attributes, "extensibleObject", NULL);
+ ret = ldb_map_init(module, nsuniqueid_attributes, nsuniqueid_objectclasses, nsuniqueid_wildcard_attributes, "extensibleObject", NULL);
if (ret != LDB_SUCCESS)
return ret;
diff --git a/source4/dsdb/schema/schema_convert_to_ol.c b/source4/dsdb/schema/schema_convert_to_ol.c
index c0ab5c2..f858dc3 100644
--- a/source4/dsdb/schema/schema_convert_to_ol.c
+++ b/source4/dsdb/schema/schema_convert_to_ol.c
@@ -91,6 +91,14 @@ static char *print_schema_recursive(char *append_to_string, struct dsdb_schema *
}
}
+ /* We might have been asked to remap this subClassOf, due to a conflict */
+ for (j=0; subClassOf && attr_map && attr_map[j].old_attr; j++) {
+ if (strcasecmp(subClassOf, attr_map[j].old_attr) == 0) {
+ subClassOf = attr_map[j].new_attr;
+ break;
+ }
+ }
+
may = dsdb_full_attribute_list(mem_ctx, schema, &objectclass_name_as_el, DSDB_SCHEMA_ALL_MAY);
for (j=0; may && may[j]; j++) {
diff --git a/source4/setup/fedorads-samba.ldif b/source4/setup/fedorads-samba.ldif
index 2d77ada..cc0faf2 100644
--- a/source4/setup/fedorads-samba.ldif
+++ b/source4/setup/fedorads-samba.ldif
@@ -7,4 +7,5 @@ dn: CN=samba-admin,${SAMBADN}
objectClass: top
objectClass: person
cn: samba-admin
+sn: samba-admin
userPassword: {CLEAR}${LDAPADMINPASS}
diff --git a/source4/setup/fedorads.inf b/source4/setup/fedorads.inf
index e0676c4..9653f50 100644
--- a/source4/setup/fedorads.inf
+++ b/source4/setup/fedorads.inf
@@ -26,6 +26,11 @@ cert_dir= ${LDAPDIR}/slapd-samba4
start_server= 0
install_full_schema= 0
SchemaFile=${LDAPDIR}/99_ad.ldif
+SchemaFile=/etc/dirsrv/schema/10rfc2307.ldif
+SchemaFile=/etc/dirsrv/schema/05rfc4523.ldif
+SchemaFile=/etc/dirsrv/schema/05rfc4524.ldif
+SchemaFile=/etc/dirsrv/schema/06inetorgperson.ldif
+SchemaFile=/usr/share/dirsrv/data/60samba3.ldif
ConfigFile = ${LDAPDIR}/fedorads-partitions.ldif
ConfigFile = ${LDAPDIR}/fedorads-sasl.ldif
ConfigFile = ${LDAPDIR}/fedorads-pam.ldif
diff --git a/source4/setup/schema-map-fedora-ds-1.0 b/source4/setup/schema-map-fedora-ds-1.0
index aac585b..9298f38 100644
--- a/source4/setup/schema-map-fedora-ds-1.0
+++ b/source4/setup/schema-map-fedora-ds-1.0
@@ -1,4 +1,4 @@
-#Standard OpenLDAP attributes
+#Standard Fedora DS attributes
name
objectClasses
createTimeStamp
@@ -12,6 +12,14 @@ description
cn
dITContentRules
top
+homePostalAddress
+info
+displayName
+employeeNumber
+employeeType
+personalTitle
+co
+userSMIMECertificate
#This should be provided by the LDAP server, only in our schema to permit provision
aci
#Skip ObjectClasses
@@ -37,3 +45,56 @@ aci
1.2.840.113556.1.4.904:1.3.6.1.4.1.1466.115.121.1.15
#Presentation Address as Directory String
1.3.6.1.4.1.1466.115.121.1.43:1.3.6.1.4.1.1466.115.121.1.15
+
+#Remap into existing schema
+unixHomeDirectory
+unixHomeDirectory:homeDirectory
+pwdLastSet
+pwdLastSet:sambaPwdLastSet
+lastLogon
+lastLogon:sambaLogonTime
+lastLogoff
+lastLogoff:sambaLogoffTime
+badPwdCount
+badPwdCount:sambaBadPasswordCount
+logonHours
+logonHours:sambaLogonHours
+homeDrive
+homeDrive:sambaHomeDrive
+scriptPath
+scriptPath:sambaLogonScript
+profilePath
+profilePath:sambaProfilePath
+userWorkstations
+userWorkstations:sambaUserWorkstations
+homeDirectory
+homeDirectory:sambaHomePath
+groupType
+groupType:sambaGroupType
+nextRid
+nextRid:sambaNextRid
+privilegeDisplayName
+privilegeDisplayName:sambaPrivName
+
+#Resolve conflicting attributes
+1.2.840.113556.1.4.484:fRSDirectoryFilter-oid
+1.2.840.113556.1.4.483:fRSFileFilter-oid
+1.2.840.113556.1.4.485:fRSUpdateTimeout-oid
+2.16.840.1.113730.3.1.36:thumbnailLogo-oid
+2.16.840.1.113730.3.1.35:thumbnailPhoto-oid
+1.2.840.113556.1.4.481:schemaUpdate-oid
+
+#Resolve conflicting object classes
+domain:samba4Domain
+rFC822LocalPart:samba4RFC822LocalPart
+mailRecipient:samba4MailRecipient
+nisMap:samba4NisMap
+0.9.2342.19200300.100.4.14:samba4RFC822LocalPart-oid
+person:samba4Person
+2.5.6.6:samba4Person-oid
+organizationalPerson:samba4OrganizationalPerson
+2.5.6.7:samba4OrganizationalPerson-oid
+residentialPerson:samba4ResidentialPerson
+2.5.6.10:samba4ResidentialPerson-oid
+inetOrgPerson:samba4InetOrgPerson
+2.16.840.1.113730.3.2.2:samba4InetOrgPerson-oid
--
1.6.0.6
------=_Part_34259_479272898.1256360789300
Content-Type: application/mbox;
name=0003-s4-dsdb-Store-SID-as-string-in-FDS.patch
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment;
filename=0003-s4-dsdb-Store-SID-as-string-in-FDS.patch
More information about the samba-technical
mailing list