Extending Samba 4 schema for OSX GPO support

Kamen Mazdrashki kamenim at samba.org
Tue Nov 23 16:28:30 MST 2010


Hi Aubrey,

I have tested with the ldif you've attached in your first mail (I think)
and here is what I did to make it work (yes, it works)
1. the ldif is in Unicode - I've converted it in utf-8
2. in all classes, rdnAttId, subClassOf etc are denoted by OIDs
  so I just commented the line with the numeric OID and uncommented
  the line after it (the one with the ldapDisplayName)
  (it seems this is a problem only for rdnAttId, but I did for all of
them anyway)
3. replace "changetype: ntdsschemaadd" with "changetype: add"
4. use ldbmodify utility

It worked like charm :)
Good luck!

-- 
CU,
Kamen Mazdrashki
Samba Team                                            http://samba.org
http://gitweb.samba.org/?p=kamenim/samba.git;a=summary


On Wed, Nov 24, 2010 at 01:00, Aubrey Ekstrom
<aekstrom at proclivitysystems.com> wrote:
> Hi Andrew,
>
> I tried with ldbadd and it says it added all 10 classes (records) with no errors, but both ldbadd and ldbmodify report "Added (or Modified) 0 records with 0 failures" for the 3 modifies at the end:
>
>
> # Add the new class to the user object
> dn: CN=User,CN=Schema,CN=Configuration,DC=corp,DC=core
> changetype: modify
> add: auxiliaryClass
> auxiliaryClass: apple-user
> -
>
> # Add the new class to the computer object
> dn: CN=Computer,CN=Schema,CN=Configuration,DC=corp,DC=core
> changetype: modify
> add: auxiliaryClass
> auxiliaryClass: apple-computer
> -
>
> # Add the new class to the group object
> dn: CN=Group,CN=Schema,CN=Configuration,DC=corp,DC=core
> changetype: modify
> add: auxiliaryClass
> auxiliaryClass: apple-group
> -
>
> Also, I can not find the 10 added classes in phpLDAPamin (even after loging out and logging in again). Maybe I used the wrong -H url in ldbadd? But then I should have had errors since I authenticated with the correct admin and password... Don't know.
>
> I am also attaching a .pdf from Apple with their instructions for this. Hopefully it will be useful for you (it wasn't easy to find). After reading that doc, I realized I did not have everything they said you needed (Like OS X Server), so I found an already formatted LDIF file on the internet and modified that, but the one I use meets all the criteria in Apple's instructions.
>
> I have to go home soon, but I'll be back tomorrow :)
>
> Cheers,


More information about the samba-technical mailing list