Samba4 loading schema.ldif (Was: What is the origin of dsdb_syntax dsdb_syntaxes[] in source4/dsdb/schema/schema_syntax.c?)

Matthieu Patou mat at
Tue Apr 17 02:03:38 MDT 2012

On 04/15/2012 01:01 PM, Matthieu Patou wrote:
> On 04/12/2012 07:50 AM, Gémes Géza wrote:
>> 2012-04-12 02:36 keltezéssel, Matthieu Patou írta:
>>> On 04/11/2012 01:28 PM, Gémes Géza wrote:
>>>> Hi,
>>>> After successful generation of ldif file from the OpenLDAP schema 
>>>> using
>>>> the patch developed by Matthieu for oLschema2ldif I'm stuck now with
>>>> loading it to Samba4.
>>>> If I ad it by local ldbedit (cat schema.ldif | ldbedit -H
>>>> /usr/local/samba/private/....) it gets added, but Active Directory
>>>> Schema MMC gets the impression, that the Samba4 domain controller (the
>>>> only in this domain/forest so far) is not available. I reverted 
>>>> back to
>>>> backups.
>>> As I said any attribute that has a DN syntax will just destroy your
>>> schema, you need to fix the oLschema2ldif so that it generate the
>>> oMObjectClass or your schema will be waxed.
>> In the meantime I've did my homework and found:
>> Does that mean, that we don't know the exact meaning of oMObjectClass
>> attribute and need to ad it based on the object syntax attribute? 
>> ctive directory
> It means that I suspect that windows AD automatically adds it when 
> it's needed and we don't do it and doing so break our schema because 
> we expect this on some attributes that's why we made the schema not 
> modifiable by default.
So I have patches that allow samba to not trash its schema when trying 
to load this schema, I have also patches that makes the loading of this 
schema almost ok, I still have an issue with the loading in just 1 step 
the solution is to use a ldap URL as the ldap protocol doesn't have a 
notion of transaction.

I also think that X-NDS_CONTAINMENT should be implemented in 
olschema2ldif (as possSuperior I guess).

The main problem for you is that this schema has a name collision with 
existing classes (dhcpclass and dhcpoptions).
So of course you can just rename the classes in your ldif file but then 
I guess that the DHCP server won't work as expected. Another solution is 
to defunct the two blocking classes but for the moment it's not 
completely working in Samba.

The patches are at:;a=shortlog;h=refs/heads/misc

They wait for a small review but you can try them it should be pretty safe.

Matthieu Patou
Samba Team

More information about the samba-technical mailing list