Samba4 loading schema.ldif

geza at kzsdabas.hu geza at kzsdabas.hu
Mon Apr 23 06:41:22 MDT 2012 

> Am 22.04.2012 11:20, schrieb Gémes Géza:
>> Hi Mat,
>>> So I have patches that allow samba to not trash its schema when trying
>>> to load this schema, I have also patches that makes the loading of
>>> this schema almost ok, I still have an issue with the loading in just
>>> 1 step the solution is to use a ldap URL as the ldap protocol doesn't
>>> have a notion of transaction.
>>>
>>> I also think that X-NDS_CONTAINMENT should be implemented in
>>> olschema2ldif (as possSuperior I guess).
>>>
>>> The main problem for you is that this schema has a name collision with
>>> existing classes (dhcpclass and dhcpoptions).
>>> So of course you can just rename the classes in your ldif file but
>>> then I guess that the DHCP server won't work as expected. Another
>>> solution is to defunct the two blocking classes but for the moment
>>> it's not completely working in Samba.
>>>
>>> The patches are at:
>>> http://gitweb.samba.org/?p=mat/samba.git;a=shortlog;h=refs/heads/misc
>>>
>>> They wait for a small review but you can try them it should be pretty
>>> safe.
>>>
>> I've seen, that your patches were merged in master, however trying to
>> load the attached ldif (generated with patched oLschema2ldif with
>> X-NDS_CONTAINMENT mods) still waxes the schema. Looking at the modified
>> schema ldb it seems, that it still misses the oMObjectClass attributes.
>> BTW I've overcome the name collision by applying the following ldif:
>>
>> dn: CN=DHCP-Class,CN=Schema,CN=Configuration,DC=kzsdabas,DC=hu
>> changetype: modify
>> replace: lDAPDisplayName
>> lDAPDisplayName: msdHCPClass
>>
>> dn: CN=dhcp-Options,CN=Schema,CN=Configuration,DC=kzsdabas,DC=hu
>> changetype: modify
>> replace: lDAPDisplayName
>> lDAPDisplayName: msdhcpOptions
>>
>> It probably makes MS DHCP Servers useless in the Domain, but I do not
>> intend to have any MS servers anyway.
>
> Does this LDIF work against a Windows server?
>
> If we allow this in samba, we need to make sure that there are
> no instances of this classes and attributes in the directory,
> otherwise we'll get corruption.
>
> metze
>
>
Hi,

Before I would propose any inclusion or recommendation I'm going to test
it against a Windows 2008 R2 server.

BTW. I'm not really sure that this rename is needed at all, because ISC
DHCP is looking for the cn attribute, and not the lDAPDisplayName.

Cheers

Geza

More information about the samba-technical mailing list