Extending Samba 4 schema for OSX GPO support

Aubrey Ekstrom aekstrom at proclivitysystems.com
Mon Nov 29 08:35:48 MST 2010


Hi Karmen,

Thanks again for of your help. I hope everyone had a great holiday and/or weekend.

I have no problem with adding the attributes or classes from Apple, but the 3 auxiliaryClass modify statements at the very end of the file still return errors exactly the same as before (even in the file you gave me).

When I try any of these:

dn: CN=User,CN=Schema,CN=Configuration,DC=xxx,DC=xxx
changetype: modify
add: auxiliaryClass
auxiliaryClass: apple-user

I get this:

ERR: (No such object) "No such object (32)" on DN CN=User,CN=Schema,CN=Configuration,DC=xxx,DC=xxx

Could it be a bug in the git version of Samba 4 that I am using? What version are you using?

I am using: Version 4.0.0alpha14-GIT-0e95fca on Debian 5.0.6

Thanks again!

Cheers,


Aubrey Ekstrom | Systems Administrator | Proclivity Systems
22 West 19th St., Ninth Floor, New York, NY 10011 | 646-237-3727
http://www.proclivitysystems.com 


This message is the property of Proclivity Systems, Inc. and is intended
only for the use of the addressee(s), and may contain material that is
confidential and privileged for the sole use of the intended recipient.  If
you are not the intended recipient, reliance or forwarding without express
permission is strictly prohibited; please contact the sender and delete all
copies.

----- Original Message -----
From: "Kamen Mazdrashki" <kamenim at samba.org>
To: "Aubrey Ekstrom" <aekstrom at proclivitysystems.com>
Cc: "Andrew Bartlett" <abartlet at samba.org>, samba-technical at lists.samba.org
Sent: Monday, November 29, 2010 7:15:47 AM
Subject: Re: Extending Samba 4 schema for OSX GPO support

Hi Aubrey,

Attached is the moded LDIF I used for testing - the one that worked
like charm :)
I hope it will help you to get your schema prepped as suggested by Apple.


-- 
CU,
Kamen Mazdrashki
Samba Team                                            http://samba.org
http://gitweb.samba.org/?p=kamenim/samba.git;a=summary


On Wed, Nov 24, 2010 at 22:50, Aubrey Ekstrom
<aekstrom at proclivitysystems.com> wrote:
> Hi Karmen,
>
> I get the same errors as below from the command line ldbmodify entering the items line by kine in interactive mode. It also throws a similar error from phpLDAPadmin if I try to add the auxiliaryClass manually there. I get the feeling that for some reason the ldb schema doesn't recognize the Apple auxiliaryClass types... except you said you got it to work: "It worked like charm :)" So I don't know what I'm doing wrong.
>
> Heading out for the long weekend. I'll revisit this on Monday. Happy Thanksgiving to everyone!
>
> Aubrey Ekstrom | Systems Administrator | Proclivity Systems
> 22 West 19th St., Ninth Floor, New York, NY 10011 | 646-237-3727
> http://www.proclivitysystems.com
>
>
> This message is the property of Proclivity Systems, Inc. and is intended
> only for the use of the addressee(s), and may contain material that is
> confidential and privileged for the sole use of the intended recipient.  If
> you are not the intended recipient, reliance or forwarding without express
> permission is strictly prohibited; please contact the sender and delete all
> copies.
>
> ----- Original Message -----
> From: "Aubrey Ekstrom" <aekstrom at proclivitysystems.com>
> To: "Kamen Mazdrashki" <kamenim at samba.org>
> Cc: "Andrew Bartlett" <abartlet at samba.org>, samba-technical at lists.samba.org
> Sent: Wednesday, November 24, 2010 11:30:46 AM
> Subject: Re: Extending Samba 4 schema for OSX GPO support
>
> Hi Karmen,
>
> Thanks again for all your help with this!
>
> Using TextWrangler on a Mac when I look at save options it says it is Unicode (UTF 8 NO BOM) with Unix line breaks. When I change it to Unicode (UTF 8) ldbmodify reads the file, but does nothing with it (0 records modified with 0 failures). When I put it back to it's original format it works (sort of). Anyways, I made the other changes you recommended and it still does not like the last 4 modify changes at the end. I get these errors from ldbmodify:
>
> ERR: (No such object) "No such object (32)" on DN
> ERR: (No such object) "No such object (32)" on DN CN=User,CN=Schema,CN=Configuration,DC=corp,DC=core
> ERR: (No such object) "No such object (32)" on DN CN=Computer,CN=Schema,CN=Configuration,DC=corp,DC=core
> ERR: (No such object) "No such object (32)" on DN CN=Group,CN=Schema,CN=Configuration,DC=corp,DC=core
> Modified 10 records with 4 failures
>
> This for these items at the end of ldif file:
>
> dn:
> changetype: modify
> add: schemaUpdateNow
> schemaUpdateNow: 1
> -
>
> # Add the new class to the user object
> dn: CN=User,CN=Schema,CN=Configuration,DC=corp,DC=core
> changetype: modify
> add: auxiliaryClass
> auxiliaryClass: apple-user
> -
>
> # Add the new class to the computer object
> dn: CN=Computer,CN=Schema,CN=Configuration,DC=corp,DC=core
> changetype: modify
> add: auxiliaryClass
> auxiliaryClass: apple-computer
> -
>
> # Add the new class to the group object
> dn: CN=Group,CN=Schema,CN=Configuration,DC=corp,DC=core
> changetype: modify
> add: auxiliaryClass
> auxiliaryClass: apple-group
> -
>
> Plus, even though it says adds the 10 classes, I still don't see them in phpLDAPadmin (even searching all base DNs). If I try to add them again, it complains that they already exist though, so it puts them somewhere. What am I missing here? Any thoughts? Thanks!
>
> To remind on the environment (just in case):
>
> Debian 5.0.6
> Samba 4 (git version 4.0.0alpha14-GIT-0e95fca)
> phpLDAPadmin 1.1.0.5
>
> I will keep poking around too and let you all know if I figure it out on my own.
>
> Cheers,
>
> Aubrey Ekstrom | Systems Administrator | Proclivity Systems
> 22 West 19th St., Ninth Floor, New York, NY 10011 | 646-237-3727
> http://www.proclivitysystems.com
>
>
> This message is the property of Proclivity Systems, Inc. and is intended
> only for the use of the addressee(s), and may contain material that is
> confidential and privileged for the sole use of the intended recipient.  If
> you are not the intended recipient, reliance or forwarding without express
> permission is strictly prohibited; please contact the sender and delete all
> copies.
>
> ----- Original Message -----
> From: "Kamen Mazdrashki" <kamenim at samba.org>
> To: "Aubrey Ekstrom" <aekstrom at proclivitysystems.com>
> Cc: "Andrew Bartlett" <abartlet at samba.org>, samba-technical at lists.samba.org
> Sent: Tuesday, November 23, 2010 6:28:30 PM
> Subject: Re: Extending Samba 4 schema for OSX GPO support
>
> Hi Aubrey,
>
> I have tested with the ldif you've attached in your first mail (I think)
> and here is what I did to make it work (yes, it works)
> 1. the ldif is in Unicode - I've converted it in utf-8
> 2. in all classes, rdnAttId, subClassOf etc are denoted by OIDs
>  so I just commented the line with the numeric OID and uncommented
>  the line after it (the one with the ldapDisplayName)
>  (it seems this is a problem only for rdnAttId, but I did for all of
> them anyway)
> 3. replace "changetype: ntdsschemaadd" with "changetype: add"
> 4. use ldbmodify utility
>
> It worked like charm :)
> Good luck!
>
> --
> CU,
> Kamen Mazdrashki
> Samba Team                                            http://samba.org
> http://gitweb.samba.org/?p=kamenim/samba.git;a=summary
>
>
> On Wed, Nov 24, 2010 at 01:00, Aubrey Ekstrom
> <aekstrom at proclivitysystems.com> wrote:
>> Hi Andrew,
>>
>> I tried with ldbadd and it says it added all 10 classes (records) with no errors, but both ldbadd and ldbmodify report "Added (or Modified) 0 records with 0 failures" for the 3 modifies at the end:
>>
>>
>> # Add the new class to the user object
>> dn: CN=User,CN=Schema,CN=Configuration,DC=corp,DC=core
>> changetype: modify
>> add: auxiliaryClass
>> auxiliaryClass: apple-user
>> -
>>
>> # Add the new class to the computer object
>> dn: CN=Computer,CN=Schema,CN=Configuration,DC=corp,DC=core
>> changetype: modify
>> add: auxiliaryClass
>> auxiliaryClass: apple-computer
>> -
>>
>> # Add the new class to the group object
>> dn: CN=Group,CN=Schema,CN=Configuration,DC=corp,DC=core
>> changetype: modify
>> add: auxiliaryClass
>> auxiliaryClass: apple-group
>> -
>>
>> Also, I can not find the 10 added classes in phpLDAPamin (even after loging out and logging in again). Maybe I used the wrong -H url in ldbadd? But then I should have had errors since I authenticated with the correct admin and password... Don't know.
>>
>> I am also attaching a .pdf from Apple with their instructions for this. Hopefully it will be useful for you (it wasn't easy to find). After reading that doc, I realized I did not have everything they said you needed (Like OS X Server), so I found an already formatted LDIF file on the internet and modified that, but the one I use meets all the criteria in Apple's instructions.
>>
>> I have to go home soon, but I'll be back tomorrow :)
>>
>> Cheers,
> ---------
> This message is the property of Proclivity Systems, Inc. and is intended
> only for the use of the addressee(s), and may contain material that is
> confidential and privileged for the sole use of the intended recipient.
> If you are not the intended recipient, reliance or forwarding without
> express permission is strictly prohibited; please contact the sender and
> delete all copies.
>
>
---------
This message is the property of Proclivity Systems, Inc. and is intended
only for the use of the addressee(s), and may contain material that is
confidential and privileged for the sole use of the intended recipient.
If you are not the intended recipient, reliance or forwarding without
express permission is strictly prohibited; please contact the sender and
delete all copies.



More information about the samba-technical mailing list