Extending Samba 4 schema for OSX GPO support

[Aubrey Ekstrom]

Hi Mat,

Thanks for the reply.

Attached is the .ldif file, which when I import it through phpLDAPadmin I get no errors, but no schema is added either. I also tried pasting single entries like this:

dn: CN=apple-category,CN=Schema,CN=Configuration,DC=xxx,DC=xxx
changetype: ntdsschemaadd
objectClass: attributeSchema
attributeId: 1.3.6.1.4.1.63.1000.1.1.1.10.4
ldapDisplayName: apple-category
attributeSyntax: 2.5.5.12
adminDescription: Category for the computer or neighborhood
oMSyntax: 64
systemOnly: FALSE

That is where phpLDAPadmin gives the error:

LDIF text import
Could not add object: CN=apple-category,CN=Schema,CN=Configuration,DC=xxx,DC=xxx
LDAP said: LDAP_NO_SUCH_ATTRIBUTE
That entry does not contain the attribute specified.

Thanks!

Aubrey Ekstrom | Systems Administrator | Proclivity Systems
22 West 19th St., Ninth Floor, New York, NY 10011 | 646-237-3727
http://www.proclivitysystems.com 


This message is the property of Proclivity Systems, Inc. and is intended
only for the use of the addressee(s), and may contain material that is
confidential and privileged for the sole use of the intended recipient.  If
you are not the intended recipient, reliance or forwarding without express
permission is strictly prohibited; please contact the sender and delete all
copies.

----- Original Message -----
From: "Aubrey Ekstrom" <aekstrom at proclivitysystems.com>
To: samba-technical at lists.samba.org
Sent: Monday, November 22, 2010 12:06:27 PM
Subject: Extending Samba 4 schema for OSX GPO support

Hello all,

Great job on Samba 4! We are a tech start up looking to use Samba 4 in our small production site (50 or so users). We have a mixed environment of OS X, Ubuntu and Windows desktops. Windows works fine with Samba 4, as does Likewise Open for Ubuntu. On Ubuntu logging into the domain is all that is needed for now so no issues there. 

For OS X though, we'd like to extend the A/D schema to support Apple MCX extensions so we can apply Group Policy to our Apple machines. Is this possible? After looking through the documentation and searching Samba Wiki and the web, as well as poking through any README files in the git download of Samba 4 I can not find any instructions. I did find the MS-AD schema files in /share/setup/ad-schema/ and ldif files in /share/setup/, but I am not sure which I would use to extend the schema, or if one of those is the correct way to do this. I did try importing the Apple Schema as an .ldf file through the phpLDAPadmin web based tool. But the file import does not appear to make any changes even though it returns no error. If I paste the contents into phpLDAPadmin then it returns an error:

LDIF text import
Could not add object: CN=apple-category,CN=Schema,CN=Configuration,DC=xxx,DC=xxx
LDAP said: LDAP_NO_SUCH_ATTRIBUTE
That entry does not contain the attribute specified.

We are using the git version of Samba: 4.0.0alpha14-GIT-0e95fca
on Debian 5.0.6
and phpLDAPadmin 1.1.0.5

So the basic question is can we extend the schema for OS X, and if yes, what is the best way to do this?

Thanks!


Aubrey Ekstrom | Systems Administrator | Proclivity Systems
22 West 19th St., Ninth Floor, New York, NY 10011 | 646-237-3727
http://www.proclivitysystems.com 


This message is the property of Proclivity Systems, Inc. and is intended
only for the use of the addressee(s), and may contain material that is
confidential and privileged for the sole use of the intended recipient.  If
you are not the intended recipient, reliance or forwarding without express
permission is strictly prohibited; please contact the sender and delete all
copies.

---------
This message is the property of Proclivity Systems, Inc. and is intended
only for the use of the addressee(s), and may contain material that is
confidential and privileged for the sole use of the intended recipient.
If you are not the intended recipient, reliance or forwarding without
express permission is strictly prohibited; please contact the sender and
delete all copies.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: apple-mods.ldif
Type: text/x-ldif
Size: 45030 bytes
Desc: not available
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20101123/eb7b2b4a/attachment.bin>