Extending Samba 4 schema for OSX GPO support

Tue Nov 23 14:24:37 MST 2010

Hi Andrew,

LDIFDE.exe is a utility that is in the additional tools that ship on CD 2 with Server 2003:

http://technet.microsoft.com/en-us/library/bb727091.aspx 

That is the same tool Apple says to use. I have a Server 2003 CD that I keep forgetting to bring into work to try that with Samba 4...  but I was guessing it wouldn't work anyways... ;)

Aubrey Ekstrom | Systems Administrator | Proclivity Systems
22 West 19th St., Ninth Floor, New York, NY 10011 | 646-237-3727
http://www.proclivitysystems.com 

This message is the property of Proclivity Systems, Inc. and is intended
only for the use of the addressee(s), and may contain material that is
confidential and privileged for the sole use of the intended recipient.  If
you are not the intended recipient, reliance or forwarding without express
permission is strictly prohibited; please contact the sender and delete all
copies.

----- Original Message -----
From: "Andrew Bartlett" <abartlet at samba.org>
To: "Aubrey Ekstrom" <aekstrom at proclivitysystems.com>
Cc: "Kamen Mazdrashki" <kamenim at samba.org>, samba-technical at lists.samba.org
Sent: Tuesday, November 23, 2010 4:18:07 PM
Subject: Re: Extending Samba 4 schema for OSX GPO support

On Tue, 2010-11-23 at 16:09 -0500, Aubrey Ekstrom wrote:
> Hi Andrew,
> 
> I saw your comments to Karmen on my post. The ldif file I am using is the schema Apple recommends for extending MS A/D schema to support OS X with GPO, and is exported out of Apple's OS X Server Open Directory. It is in the exact format Apple says to use. I don't mind modifying it to get it working, and I am happy to share anything I discover or figure out or just share my success, but that is the answer to your question. I have not tested importing that file into an actual MS Active Directory however, but there are plenty of posts on both Apple's and Microsoft's web sites (and elsewhere) of people who have successfully done just that. Hope that helps!

What exact process is expected to be used to add these schema elements
to Microsoft's AD?

Andrew Bartlett

-- 
Andrew Bartlett                                http://samba.org/~abartlet/
Authentication Developer, Samba Team           http://samba.org
Samba Developer, Cisco Inc.
---------
This message is the property of Proclivity Systems, Inc. and is intended
only for the use of the addressee(s), and may contain material that is
confidential and privileged for the sole use of the intended recipient.
If you are not the intended recipient, reliance or forwarding without
express permission is strictly prohibited; please contact the sender and
delete all copies.