Samba4 loading schema.ldif (Was: What is the origin of dsdb_syntax dsdb_syntaxes[] in source4/dsdb/schema/schema_syntax.c?)

Andrew Bartlett abartlet at
Tue Apr 17 05:58:20 MDT 2012

On Tue, 2012-04-17 at 01:03 -0700, Matthieu Patou wrote:
> On 04/15/2012 01:01 PM, Matthieu Patou wrote:
> > On 04/12/2012 07:50 AM, Gémes Géza wrote:
> >> 2012-04-12 02:36 keltezéssel, Matthieu Patou írta:
> >>> On 04/11/2012 01:28 PM, Gémes Géza wrote:
> >>>> Hi,
> >>>>
> >>>> After successful generation of ldif file from the OpenLDAP schema 
> >>>> using
> >>>> the patch developed by Matthieu for oLschema2ldif I'm stuck now with
> >>>> loading it to Samba4.
> >>>> If I ad it by local ldbedit (cat schema.ldif | ldbedit -H
> >>>> /usr/local/samba/private/....) it gets added, but Active Directory
> >>>> Schema MMC gets the impression, that the Samba4 domain controller (the
> >>>> only in this domain/forest so far) is not available. I reverted 
> >>>> back to
> >>>> backups.
> >>> As I said any attribute that has a DN syntax will just destroy your
> >>> schema, you need to fix the oLschema2ldif so that it generate the
> >>> oMObjectClass or your schema will be waxed.
> >> In the meantime I've did my homework and found:
> >>
> >> Does that mean, that we don't know the exact meaning of oMObjectClass
> >> attribute and need to ad it based on the object syntax attribute? 
> >> ctive directory
> > It means that I suspect that windows AD automatically adds it when 
> > it's needed and we don't do it and doing so break our schema because 
> > we expect this on some attributes that's why we made the schema not 
> > modifiable by default.
> So I have patches that allow samba to not trash its schema when trying 
> to load this schema, I have also patches that makes the loading of this 
> schema almost ok, I still have an issue with the loading in just 1 step 
> the solution is to use a ldap URL as the ldap protocol doesn't have a 
> notion of transaction.
> I also think that X-NDS_CONTAINMENT should be implemented in 
> olschema2ldif (as possSuperior I guess).
> The main problem for you is that this schema has a name collision with 
> existing classes (dhcpclass and dhcpoptions).
> So of course you can just rename the classes in your ldif file but then 
> I guess that the DHCP server won't work as expected. Another solution is 
> to defunct the two blocking classes but for the moment it's not 
> completely working in Samba.
> The patches are at: 
> They wait for a small review but you can try them it should be pretty safe.

The issues I have are with the STRING_TO_BLOB (which should be
data_blob_const_string() as discussed), and the major re-indent in;a=commitdiff;h=562b50f92f8a1c521a581a6b986444d52843a9bc

If those were fixed up, I think I'm OK with the general idea.

Andrew Bartlett

Andrew Bartlett                      
Authentication Developer, Samba Team 

More information about the samba-technical mailing list