Samba4 loading schema.ldif (Was: What is the origin of dsdb_syntax dsdb_syntaxes in source4/dsdb/schema/schema_syntax.c?)
abartlet at samba.org
Tue Apr 17 05:58:20 MDT 2012
On Tue, 2012-04-17 at 01:03 -0700, Matthieu Patou wrote:
> On 04/15/2012 01:01 PM, Matthieu Patou wrote:
> > On 04/12/2012 07:50 AM, Gémes Géza wrote:
> >> 2012-04-12 02:36 keltezéssel, Matthieu Patou írta:
> >>> On 04/11/2012 01:28 PM, Gémes Géza wrote:
> >>>> Hi,
> >>>> After successful generation of ldif file from the OpenLDAP schema
> >>>> using
> >>>> the patch developed by Matthieu for oLschema2ldif I'm stuck now with
> >>>> loading it to Samba4.
> >>>> If I ad it by local ldbedit (cat schema.ldif | ldbedit -H
> >>>> /usr/local/samba/private/....) it gets added, but Active Directory
> >>>> Schema MMC gets the impression, that the Samba4 domain controller (the
> >>>> only in this domain/forest so far) is not available. I reverted
> >>>> back to
> >>>> backups.
> >>> As I said any attribute that has a DN syntax will just destroy your
> >>> schema, you need to fix the oLschema2ldif so that it generate the
> >>> oMObjectClass or your schema will be waxed.
> >> In the meantime I've did my homework and found:
> >> http://lists.samba.org/archive/samba-technical/2011-May/077537.html
> >> Does that mean, that we don't know the exact meaning of oMObjectClass
> >> attribute and need to ad it based on the object syntax attribute?
> >> ctive directory
> > It means that I suspect that windows AD automatically adds it when
> > it's needed and we don't do it and doing so break our schema because
> > we expect this on some attributes that's why we made the schema not
> > modifiable by default.
> So I have patches that allow samba to not trash its schema when trying
> to load this schema, I have also patches that makes the loading of this
> schema almost ok, I still have an issue with the loading in just 1 step
> the solution is to use a ldap URL as the ldap protocol doesn't have a
> notion of transaction.
> I also think that X-NDS_CONTAINMENT should be implemented in
> olschema2ldif (as possSuperior I guess).
> The main problem for you is that this schema has a name collision with
> existing classes (dhcpclass and dhcpoptions).
> So of course you can just rename the classes in your ldif file but then
> I guess that the DHCP server won't work as expected. Another solution is
> to defunct the two blocking classes but for the moment it's not
> completely working in Samba.
> The patches are at:
> They wait for a small review but you can try them it should be pretty safe.
The issues I have are with the STRING_TO_BLOB (which should be
data_blob_const_string() as discussed), and the major re-indent in
If those were fixed up, I think I'm OK with the general idea.
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
More information about the samba-technical