replaced and deprecated attribute in schema

Andrew Bartlett abartlet at samba.org
Mon Sep 14 11:47:36 MDT 2009 

On Mon, 2009-09-14 at 19:27 +0400, Matthieu Patou wrote:
> On 09/14/2009 05:12 PM, Andrew Bartlett wrote:
> > On Sun, 2009-09-13 at 14:08 +0400, Matthieu Patou wrote:
> >    
> >> Hi andrew,
> >>
> >> While doing stuff on the upgradeprovision script I found some attributes
> >> that disappear or that are changed:
> >>
> >> prefixMap
> >>      
> For this it's quite difficult to say as the content is in binary format 

Binary formats need be no barrier any more.  use the --show-binary
option to ldbsearch!

> ... but as my previous provision was lacking lots of new attributes and 
> class this seems quite logical ... to be updated (example of 
> attributeID: 1.3.6.1.1.1.1.24)
> >> defaultSecurityDescriptor
> >>      
> Default security descriptor for 
> CN=User,CN=Schema,CN=Configuration,DC=smb4,DC=tst has changed
> Default security descriptor for 
> CN=Domain-DNS,CN=Schema,CN=Configuration,DC=smb4,DC=tst has changed
> Default security descriptor for 
> CN=Sam-Domain,CN=Schema,CN=Configuration,DC=smb4,DC=tst has changed
> 
> >> mayContain
> >>      
> Example of change:
> dn= CN=Mail-Recipient,CN=Schema,CN=Configuration,DC=smb4,DC=tst
> old 0 : userSMIMECertificate
> old 0 : secretary
> old 0 : msExchLabeledURI
> old 0 : msExchAssistantName
> old 0 : labeledURI
> new 0 : msDS-PhoneticDisplayName
> new 0 : userSMIMECertificate
> new 0 : secretary
> new 0 : msExchLabeledURI
> new 0 : msExchAssistantName
> new 0 : labeledURI
> 
> userSMIMECertificate was added ...
> 
> >> systemFlags
> >>      
> Modified
> dn= CN=User-SMIME-Certificate,CN=Schema,CN=Configuration,DC=smb4,DC=tst
> old 0 : 0
> new 0 : 16
> or removed:
> dn= CN=departmentNumber,CN=Schema,CN=Configuration,DC=smb4,DC=tst
> old 0 : 0
> 
> 
> 
> >> searchFlags
> >>      
> dn= CN=msNPAllowDialin,CN=Schema,CN=Configuration,DC=smb4,DC=tst searchFlags
> old 0 : 0
> new 0 : 16
> 
> >> systemMayContain
> >>      
> dn= CN=ms-DS-Az-Scope,CN=Schema,CN=Configuration,DC=smb4,DC=tst
> old 0 : msDS-AzApplicationData
> old 0 : description
> new 0 : msDS-AzGenericData
> new 0 : msDS-AzObjectGuid
> new 0 : msDS-AzApplicationData
> new 0 : description
> 
> 
> >> systemOnly
> >>      
> Only 1 change like this
> dn= CN=Schema-Flags-Ex,CN=Schema,CN=Configuration,DC=smb4,DC=tst
> old 0 : FALSE
> new 0 : TRUE
> 
> >> defaultObjectCategory
> >>      
> >    
> Only 1 change like this
> dn= CN=Samba4-Local-Domain,CN=Schema,CN=Configuration,DC=smb4,DC=tst
> old 0 : CN=Builtin-Domain,CN=Schema,CN=Configuration,DC=smb4,DC=tst
> new 0 : CN=Samba4-Local-Domain,CN=Schema,CN=Configuration,DC=smb4,DC=tst

I should really remove Samba4-Local-Domain.  It's not a problem, but
it's not standard and there isn't really a very good excuse for it.

> > What changes here?
> >
> >    
> >> possibleInferiors
> >>      
> > This is now calculated at runtime.
> >
> >    
> >> rangeUpper
> >>      
> Only 1 change like this.
> dn= CN=Title,CN=Schema,CN=Configuration,DC=smb4,DC=tst rangeUpper with 
> flag 2 is not allowed to be changed/removed, I discard this change ...
> old 0 : 64
> new 0 : 128

This is probably just due to the schema changing. 

> > For which attribute is this missing?  It may be a bug in the schema MS
> > has provided to us.
> >
> >    
> >> adminDisplayName
> >> adminDescription
> >>      
> > This is a bug in ms_schema.py or the supplied text-file schemas from MS.
> > We must investigate if they are always equal to the displayName and
> > description, and then provide a default mapping of one to the other in
> > that script.
> >
> >    
> adminDisplayName
> dn= CN=x500uniqueIdentifier,CN=Schema,CN=Configuration,DC=smb4,DC=tst
> old 0 : x500uniqueIdentifier
> adminDescription
> dn= CN=x500uniqueIdentifier,CN=Schema,CN=Configuration,DC=smb4,DC=tst
> old 0 : Used to distinguish between objects when a distinguished name 
> has been reused.  This is a different attribute type from both the "uid" 
> and "uniqueIdentifier" types.
> 
> 
> >> For the first part I'm quite ok to change or removed them but for the
> >> second as I don't know the use or the previous use of this attributes I
> >> am a bit more reluctant to authorize the script to replace or remove
> >> them.
> >>      
> > Indeed, and I'm glad you checked.
> >    
> In fact it looks that most of this change are due to a better source of 
> information for generating the schema.
> Matthieu.

Good.

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20090914/7c78b955/attachment.pgp>

More information about the samba-technical mailing list