Samba4 loading schema.ldif
Matthieu Patou
mat at samba.org
Sun May 6 19:12:36 MDT 2012
On 04/24/2012 03:04 PM, Gémes Géza wrote:
> 2012-04-23 22:45 keltezéssel, Gémes Géza írta:
>> Hello Matthieu,
>>> On 04/23/2012 12:00 PM, Gémes Géza wrote:
>>>> Hello Mat,
>>>>>> Hello Geza,
>>>>>>
>>>>>>>>> I've seen, that your patches were merged in master, however
>>>>>>>>> trying to
>>>>>>>>> load the attached ldif (generated with patched oLschema2ldif with
>>>>>>>>> X-NDS_CONTAINMENT mods) still waxes the schema. Looking at the
>>>>>>>>> modified
>>>>>>>>> schema ldb it seems, that it still misses the oMObjectClass
>>>>>>>>> attributes.
>>>>>>>>> BTW I've overcome the name collision by applying the following
>>>>>>>>> ldif:
>>>>>>>>>
>>>>>>>>> dn: CN=DHCP-Class,CN=Schema,CN=Configuration,DC=kzsdabas,DC=hu
>>>>>>>>> changetype: modify
>>>>>>>>> replace: lDAPDisplayName
>>>>>>>>> lDAPDisplayName: msdHCPClass
>>>>>>>>>
>>>>>>>>> dn: CN=dhcp-Options,CN=Schema,CN=Configuration,DC=kzsdabas,DC=hu
>>>>>>>>> changetype: modify
>>>>>>>>> replace: lDAPDisplayName
>>>>>>>>> lDAPDisplayName: msdhcpOptions
>>>>>>>>>
>>>>>>>>> It probably makes MS DHCP Servers useless in the Domain, but I
>>>>>>>>> do not
>>>>>>>>> intend to have any MS servers anyway.
>>>>>>>> Does this LDIF work against a Windows server?
>>>>>>>>
>>>>>>>> If we allow this in samba, we need to make sure that there are
>>>>>>>> no instances of this classes and attributes in the directory,
>>>>>>>> otherwise we'll get corruption.
>>>>>>>>
>>>>>>>> metze
>>>>>>>>
>>>>>>>>
>>>>>>> Hi,
>>>>>>>
>>>>>>> Before I would propose any inclusion or recommendation I'm going to
>>>>>>> test
>>>>>>> it against a Windows 2008 R2 server.
>>>>>>>
>>>>>>> BTW. I'm not really sure that this rename is needed at all,
>>>>>>> because ISC
>>>>>>> DHCP is looking for the cn attribute, and not the lDAPDisplayName.
>>>>>> But that's not that simple, you can't have two attributes with the
>>>>>> same ldapdisplayname, I'm really unsure that ISC is using just CN.
>>>>>> When it creates and fetch object from the dhcp* classes it will check
>>>>>> for attributes and those attributes have the ldapdisplayname of the
>>>>>> schemaAttributes.
>>>>>> That means that the ldapdisplayname is really important, more
>>>>>> important than the CN in fact.
>>>>>>
>>>>>>
>>>>>>
>>>>>> My patches are at:
>>>>>> http://gitweb.samba.org/?p=mat/samba.git;a=shortlog;h=refs/heads/misc
>>>>>>
>>>>>>
>>>>>> It's not rebased on the latest version of master, I'll try to do it
>>>>>> soon.
>>>>>>
>>>>> I really confirm that my setup with master
>>>>> (5b5b696c1e36dc7f81da24158e0853290084dec8) is really working (once I
>>>>> rename the two ldapdisplayname of MS attributes):
>>>>>
>>>>> ./bin/ldbmodify -H ldap://127.0.0.1 -U administrator%totoTATA123
>>>>> ~/dhcp3.ldif
>>>>> Modified 76 records successfully
>>>>>
>>>>> After loading the schema, I can search the database not only the
>>>>> schema is not toasted but newly created classes are here.
>>>>>
>>>>> ./bin/ldbsearch -H ldap://127.0.0.1 -U administrator%totoTATA123
>>>>> --cross-ncs '(ldapdisplayname=dhcppo*)' dn
>>>>> # record 1
>>>>> dn: CN=dhcpPool6,CN=Schema,CN=Configuration,DC=home,DC=matws,DC=net
>>>>>
>>>>> # record 2
>>>>> dn: CN=dhcpPoolDN,CN=Schema,CN=Configuration,DC=home,DC=matws,DC=net
>>>>>
>>>>> # record 3
>>>>> dn: CN=dhcpPool,CN=Schema,CN=Configuration,DC=home,DC=matws,DC=net
>>>>>
>>>>>
>>>>> I didn't try to do anything useful but I expect this to work.
>>>>>
>>>>> Matthieu.
>>>>>
>>>> Thank you for the hard work you we put into this.
>>>>
>>>> Could you tell me when will your patches be merged to master, or which
>>>> one (981fe20523dd9c0bffa4ffb6037e690b8947b6d6 and
>>>> b5649e6d0f50ec253e20e86fed9fd506716c4209 maybe?) of your unmerged
>>>> patches should I try out.
>>> Well first as I said it works well with master for me so maybe there
>>> is something wrong for you, can you retry with a fresh provision just
>>> to see.
>>> Then you'd better off trying the whole branch as I don't think patches
>>> will apply very well.
>>>
>>> Matthieu.
>>>
>> Will try it with a fresh provision (I was and still am on master (used
>> to rebuild in the evening)) (was on an upgraded samba3). But before that
>> I try to fix oLschema2ldif.
>>
>> Cheers
>>
>> Geza
> Hi,
>
> After some fight against the current master (it wouldn't build) I've
> fixed oLschema2ldif to generate PossSuperiors without apostrophes.
> The patch is attached.
>
> After experimenting with the possibility of rename of lDAPDisplayName's
> to something isc-..., if it goes well I intend to add another option to
> oLschema2ldif, something like --ldapnameprefix=... which would then be
> prepended to the attribute resulting from NAME.
So finally with your patch you are able to load the file right and it
didn't trash your schema ?
Are you able to make something useful out of it ?
Matthieu.
--
Matthieu Patou
Samba Team
http://samba.org
More information about the samba-technical
mailing list