Extending Samba 4 schema for OSX GPO support

Aubrey Ekstrom aekstrom at proclivitysystems.com
Tue Nov 23 14:12:06 MST 2010 

Hi Andrew,

Sure. I was looking through the Samba 4 files and docs trying to find the command line utilities to do that. Now that I know what I am looking for I will figure out how to use them and let you know the results.

Cheers,

Aubrey Ekstrom | Systems Administrator | Proclivity Systems
22 West 19th St., Ninth Floor, New York, NY 10011 | 646-237-3727
http://www.proclivitysystems.com 


This message is the property of Proclivity Systems, Inc. and is intended
only for the use of the addressee(s), and may contain material that is
confidential and privileged for the sole use of the intended recipient.  If
you are not the intended recipient, reliance or forwarding without express
permission is strictly prohibited; please contact the sender and delete all
copies.

----- Original Message -----
From: "Andrew Bartlett" <abartlet at samba.org>
To: "Aubrey Ekstrom" <aekstrom at proclivitysystems.com>
Cc: "Kamen Mazdrashki" <kamenim at samba.org>, samba-technical at lists.samba.org
Sent: Tuesday, November 23, 2010 4:03:07 PM
Subject: Re: Extending Samba 4 schema for OSX GPO support

On Tue, 2010-11-23 at 15:46 -0500, Aubrey Ekstrom wrote:
> Hi Karmen,
> 
> Thanks! That worked perfectly for all 36 attributes and they were all added and I see them in the schema :)... but it still failed for the 10 classes and 3 modifies for the Apple classes 8(...

> 
> # ==================================================================
> #  Updating present elements
> # ==================================================================
> 
> 
> I get these errors for all 10 classes:
> 
> Adding... CN=apple-computer,CN=Schema,CN=Configuration,DC=corp,DC=core Failed
> Error code: 21
> Description: Invalid syntax
> 
> and when I click for more details:
> 
> Error
> No such entry: CN=apple-computer,CN=Schema,CN=Configuration,DC=corp,DC=core
> 
> And this on the modify entries at the end:
> 
> LDAP said: Invalid syntax
> Error number: 0x15 (LDAP_INVALID_SYNTAX)
> Description: An invalid attribute value was specified.
> 
> But no specific invalid attribute is mentioned... only the generic error. If you or anyone has any thoughts it is greatly appreciated. All these entries are the one that Apple says you need to import into MS A/D for managing Macs via GPO, and formatted exactly as Apple recommends. It would be great to get this working with Samba 4. I know your priority is to make the Microsoft users happy first, but Apple is definitely making in-roads into Windows dominated corporate networks, and all those administrators would be thrilled to be able to manage their Macs with GPO. Extending MS A/D schema is often something Windows admins don't want to do, but having the option to extend a Samba 4 A/D schema that works in their Windows A/D environment would be a big score for everyone :).

Can you add these with ldbadd or ldbmodify and see if we produce a more
useful error that phpLdapAdmin is loosing?

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
---------
This message is the property of Proclivity Systems, Inc. and is intended
only for the use of the addressee(s), and may contain material that is
confidential and privileged for the sole use of the intended recipient.
If you are not the intended recipient, reliance or forwarding without
express permission is strictly prohibited; please contact the sender and
delete all copies.

More information about the samba-technical mailing list