Extending Samba4 schema
Adam Tauno Williams
awilliam at whitemice.org
Mon Dec 6 08:07:12 MST 2010
On Sun, 2010-12-05 at 03:16 +0000, Andris Lismanis wrote:
> Hi,
> Following on from
> 'http://lists.samba.org/archive/samba-technical/2010-November/074786.html' thread, I have come across another problem. I have been playing with Samba4 and Zarafa integration. I have managed to extend most of attributes with exception of few. Samba4 ldb seems to crash when importing the following type of attribute:
> dn: CN=Zarafa-Send-As,<SchemaContainerDN>
> changetype: add
> adminDisplayName: Zarafa-Send-As
> attributeID: 1.3.6.1.4.1.26278.1.1.2.4
> attributeSyntax: 2.5.5.1
> cn: Zarafa-Send-As
> distinguishedName: CN=Zarafa-Send-As,<SchemaContainerDN>
> instanceType: 4
> isSingleValued: FALSE
> lDAPDisplayName: zarafaSendAsPrivilege
> name: Zarafa-Send-As
> objectCategory: CN=Attribute-Schema,<SchemaContainerDN>
> objectClass: top
> objectClass: attributeSchema
> oMSyntax: 127
> schemaIDGUID:: xpDaV2kqTtOVsFJD/YqQuw==
> showInAdvancedViewOnly: TRUE
> searchFlags: 0
> It looks like samba does not like either oMSyntax: 127 (other syntaxes
> are fine) or attributeSyntax: 2.5.5.1 (other attributes are fine). I
> have tested this both on 4.0.0alpha12-GIT-f12756b
> and 4.0.0alpha14-GIT-929063b
> Can someone confirm that this is to do with full AD schema issue or is
> this something else and whether there is any way round this.
> I'm also attaching the original LDF file that comes with Zarafa.
> Please note that changetype has been changed to add and
> <SchemaContainerDN> to CN=Schema,CN=Configuration,DC=example,DC=com
I believe there is some kind of issue regarding creating attributes with
the 2.5.5.1; even if you can create them they don't appear to be
usable. I was able to import a scheme definition for radiusProfileDn -
dn:
CN=Radius-Profile-DN,CN=Schema,CN=Configuration,DC=AD,DC=MORMAIL,DC=COM
objectClass: top
objectClass: attributeSchema
attributeID: 1.3.6.1.4.1.3317.4.3.1.49
schemaIdGuid:: 73QFH4g40KDiaTjSuh90WQ==
cn: Radius-Profile-DN
name: radiusProfileDn
lDAPDisplayName: radiusProfileDn
attributeSyntax: 2.5.5.1
oMSyntax: 127
isSingleValued: TRUE
but in the "Active Directory Schema" snap-ip the syntax for this
attribute appears as "Unknown".
In general, the more I play with it, LDB's schema handling / management
seems extremely fragile.
<http://lists.samba.org/archive/samba-technical/2010-November/074964.html>
<http://lists.samba.org/archive/samba-technical/2010-December/074974.html>
More information about the samba-technical
mailing list