Extending Samba4 schema
Angelos Oikonomopoulos
angelos.oikonomopoulos at fp-commerce.de
Tue Dec 7 03:23:04 MST 2010
On 12/06/2010 04:07 PM, Adam Tauno Williams wrote:
> On Sun, 2010-12-05 at 03:16 +0000, Andris Lismanis wrote:
>> Hi,
>> Following on from
>> 'http://lists.samba.org/archive/samba-technical/2010-November/074786.html' thread, I have come across another problem. I have been playing with Samba4 and Zarafa integration. I have managed to extend most of attributes with exception of few. Samba4 ldb seems to crash when importing the following type of attribute:
>> dn: CN=Zarafa-Send-As,<SchemaContainerDN>
>> changetype: add
>> adminDisplayName: Zarafa-Send-As
>> attributeID: 1.3.6.1.4.1.26278.1.1.2.4
>> attributeSyntax: 2.5.5.1
>> cn: Zarafa-Send-As
>> distinguishedName: CN=Zarafa-Send-As,<SchemaContainerDN>
>> instanceType: 4
>> isSingleValued: FALSE
>> lDAPDisplayName: zarafaSendAsPrivilege
>> name: Zarafa-Send-As
>> objectCategory: CN=Attribute-Schema,<SchemaContainerDN>
>> objectClass: top
>> objectClass: attributeSchema
>> oMSyntax: 127
>> schemaIDGUID:: xpDaV2kqTtOVsFJD/YqQuw==
>> showInAdvancedViewOnly: TRUE
>> searchFlags: 0
>> It looks like samba does not like either oMSyntax: 127 (other syntaxes
>> are fine) or attributeSyntax: 2.5.5.1 (other attributes are fine). I
>> have tested this both on 4.0.0alpha12-GIT-f12756b
>> and 4.0.0alpha14-GIT-929063b
>> Can someone confirm that this is to do with full AD schema issue or is
>> this something else and whether there is any way round this.
>> I'm also attaching the original LDF file that comes with Zarafa.
>> Please note that changetype has been changed to add and
>> <SchemaContainerDN> to CN=Schema,CN=Configuration,DC=example,DC=com
>
> I believe there is some kind of issue regarding creating attributes with
> the 2.5.5.1; even if you can create them they don't appear to be
> usable. I was able to import a scheme definition for radiusProfileDn -
>
> dn:
> CN=Radius-Profile-DN,CN=Schema,CN=Configuration,DC=AD,DC=MORMAIL,DC=COM
> objectClass: top
> objectClass: attributeSchema
> attributeID: 1.3.6.1.4.1.3317.4.3.1.49
> schemaIdGuid:: 73QFH4g40KDiaTjSuh90WQ==
> cn: Radius-Profile-DN
> name: radiusProfileDn
> lDAPDisplayName: radiusProfileDn
> attributeSyntax: 2.5.5.1
> oMSyntax: 127
> isSingleValued: TRUE
>
> but in the "Active Directory Schema" snap-ip the syntax for this
> attribute appears as "Unknown".
>
> In general, the more I play with it, LDB's schema handling / management
> seems extremely fragile.
>
> <http://lists.samba.org/archive/samba-technical/2010-November/074964.html>
> <http://lists.samba.org/archive/samba-technical/2010-December/074974.html>
Yah, this is making me have second thoughts about even /trying/ to
extend the s4 schema. I'm not sure if undoing any changes is going to
affect the AD functionality or if my changes will interfere with
upgradeprovision. Also, the text at
http://wiki.samba.org/index.php/Samba4/LDAP_Backend#Schema_issues speaks
of conflicts between the AD schema and the typical LDAP schema :/ Are
there any plans of adding triggers and stored procedures (hey, python is
a already a dependency) to s4? It could be that support exists and I've
been unable to find it of course, I'm still feeling my way around the
source.
Currently my impression is that the best bet would be setting up a proxy
LDAP server for keeping the additional information, so that I can be
sure that the AD functionality won't be affected. If someone here has
any better suggestions I'd be glad to hear them!
Thanks,
Aggelos
More information about the samba-technical
mailing list