Extending Samba 4 schema for OSX GPO support

Andrew Bartlett abartlet at samba.org
Tue Nov 23 14:03:07 MST 2010


On Tue, 2010-11-23 at 15:46 -0500, Aubrey Ekstrom wrote:
> Hi Karmen,
> 
> Thanks! That worked perfectly for all 36 attributes and they were all added and I see them in the schema :)... but it still failed for the 10 classes and 3 modifies for the Apple classes 8(...

> 
> # ==================================================================
> #  Updating present elements
> # ==================================================================
> 
> 
> I get these errors for all 10 classes:
> 
> Adding... CN=apple-computer,CN=Schema,CN=Configuration,DC=corp,DC=core Failed
> Error code: 21
> Description: Invalid syntax
> 
> and when I click for more details:
> 
> Error
> No such entry: CN=apple-computer,CN=Schema,CN=Configuration,DC=corp,DC=core
> 
> And this on the modify entries at the end:
> 
> LDAP said: Invalid syntax
> Error number: 0x15 (LDAP_INVALID_SYNTAX)
> Description: An invalid attribute value was specified.
> 
> But no specific invalid attribute is mentioned... only the generic error. If you or anyone has any thoughts it is greatly appreciated. All these entries are the one that Apple says you need to import into MS A/D for managing Macs via GPO, and formatted exactly as Apple recommends. It would be great to get this working with Samba 4. I know your priority is to make the Microsoft users happy first, but Apple is definitely making in-roads into Windows dominated corporate networks, and all those administrators would be thrilled to be able to manage their Macs with GPO. Extending MS A/D schema is often something Windows admins don't want to do, but having the option to extend a Samba 4 A/D schema that works in their Windows A/D environment would be a big score for everyone :).

Can you add these with ldbadd or ldbmodify and see if we produce a more
useful error that phpLdapAdmin is loosing?

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 190 bytes
Desc: This is a digitally signed message part
URL: <http://lists.samba.org/pipermail/samba-technical/attachments/20101124/a1257475/attachment.pgp>


More information about the samba-technical mailing list