[PATCH] Add external-schema directory

Alexander Bokovoy ab at samba.org
Mon Apr 30 05:43:43 UTC 2018


Hi,

On ma, 30 huhti 2018, William Brown via samba-technical wrote:
> Hi,
> 
> There are a small number of useful external schemas that we should
> provide. Instead of letting admins pull these from the internel, we
> should ship some useful schema that we know is correct and able to
> extend the directory for broader unix application use.
How would you propose installing them? The patch doesn't address this
part other than README document, so how they would be installed? You'd
need to add bit of bld.INSTALL_WILDCARD() to the
source4/setup/wscript_build

Perhaps, DC=.. parts need to be changed to be consistent with
schema_samba4.ldif which uses ${SCHEMADN}.

Also, it may be good to provide a 'samba-tool' subcommand that plugs
into some of the code in python/samba/provision.

For schemaIDGUID would be good to add a comment above the attribute
definition that has the GUID in a readable form.

> 
> The two schemas in this patch are for ssh public key storage in LDAP,
> and nsUniqueId compatability for migrations from SUN-DS/389 Directory
> Server applications.
> 
> Thanks,
> 
> William

> From e5f71309b6c2aaf4cc395cd86de1161a83e59167 Mon Sep 17 00:00:00 2001
> From: William Brown <william at blackhats.net.au>
> Date: Mon, 30 Apr 2018 15:23:14 +1200
> Subject: [PATCH] source4/setup/external-schema: Add ns compat and sshpubkey
> 
> Add externally provided schema files that can be applied to a domain. This
> prevents admins needing to apply "random ldifs" from the internet. The two
> external schemas are for sshpublic key storage in LDAP, and the second is
> a 389 Directory Server compatability attribute for UUID mapping.
> 
> Signed-off-by: William Brown <william at blackhats.net.au>
> ---
>  source4/setup/external-schema/README         |  6 ++++++
>  source4/setup/external-schema/README.txt     | 11 +++++++++++
>  source4/setup/external-schema/ns.ldif        | 29 ++++++++++++++++++++++++++++
>  source4/setup/external-schema/sshpubkey.ldif | 29 ++++++++++++++++++++++++++++
>  4 files changed, 75 insertions(+)
>  create mode 100644 source4/setup/external-schema/README
>  create mode 100644 source4/setup/external-schema/README.txt
>  create mode 100644 source4/setup/external-schema/ns.ldif
>  create mode 100644 source4/setup/external-schema/sshpubkey.ldif
> 
> diff --git a/source4/setup/external-schema/README b/source4/setup/external-schema/README
> new file mode 100644
> index 00000000000..a8416b94792
> --- /dev/null
> +++ b/source4/setup/external-schema/README
> @@ -0,0 +1,6 @@
> +This is a set of external LDIF schemas that are useful - but not installed
> +by default.
> +
> +They exist so that rather than applying random internet LDIF's we can guide
> +people to use these instead.
> +
> diff --git a/source4/setup/external-schema/README.txt b/source4/setup/external-schema/README.txt
> new file mode 100644
> index 00000000000..844246d4dab
> --- /dev/null
> +++ b/source4/setup/external-schema/README.txt
> @@ -0,0 +1,11 @@
> +This is a set of external LDIF schemas that are useful - but not installed
> +by default.
> +
> +They exist so that rather than applying random internet LDIF's we can guide
> +people to use these instead.
> +
> +To apply these, you need to copy them and replace 'DC=X' with your domain DN.
> +
> +They can then be applied with ldapmodify -f <name>.ldif. You will need to
> +authenticate with an account that is a member of Schema Admins.
> +
> diff --git a/source4/setup/external-schema/ns.ldif b/source4/setup/external-schema/ns.ldif
> new file mode 100644
> index 00000000000..caeb584d206
> --- /dev/null
> +++ b/source4/setup/external-schema/ns.ldif
> @@ -0,0 +1,29 @@
> +
> +dn: CN=nsUniqueId,CN=Schema,CN=Configuration,DC=blackhats,DC=net,DC=au
> +changetype: add
> +objectClass: top
> +objectClass: attributeSchema
> +attributeID: 2.16.840.1.113730.3.1.542
> +cn: nsUniqueId
> +name: nsUniqueId
> +lDAPDisplayName: nsUniqueId
> +description: MANDATORY: nsUniqueId compatability
> +attributeSyntax: 2.5.5.10
> +oMSyntax: 4
> +isSingleValued: TRUE
> +searchFlags: 9
> +
> +dn: CN=nsOrgPerson,CN=Schema,CN=Configuration,DC=blackhats,DC=net,DC=au
> +changetype: add
> +objectClass: top
> +objectClass: classSchema
> +governsID: 2.16.840.1.113730.3.2.334
> +cn: nsOrgPerson
> +name: nsOrgPerson
> +description: MANDATORY: Netscape DS compat person
> +lDAPDisplayName: nsOrgPerson
> +subClassOf: top
> +objectClassCategory: 3
> +defaultObjectCategory: CN=nsOrgPerson,CN=Schema,CN=Configuration,DC=blackhats,DC=net,DC=au
> +mayContain: nsUniqueId
> +
> diff --git a/source4/setup/external-schema/sshpubkey.ldif b/source4/setup/external-schema/sshpubkey.ldif
> new file mode 100644
> index 00000000000..439feda8e1a
> --- /dev/null
> +++ b/source4/setup/external-schema/sshpubkey.ldif
> @@ -0,0 +1,29 @@
> +dn: CN=sshPublicKey,CN=Schema,CN=Configuration,DC=adt,DC=blackhats,DC=net,DC=au
> +changetype: add
> +objectClass: top
> +objectClass: attributeSchema
> +attributeID: 1.3.6.1.4.1.24552.500.1.1.1.13
> +schemaIDGUID:: fHCvUrxcsUSrYRq8nUvw5Q==
> +cn: sshPublicKey
> +name: sshPublicKey
> +lDAPDisplayName: sshPublicKey
> +description: MANDATORY: OpenSSH Public key
> +attributeSyntax: 2.5.5.10
> +oMSyntax: 4
> +isSingleValued: FALSE
> +
> +dn: CN=ldapPublicKey,CN=Schema,CN=Configuration,DC=adt,DC=blackhats,DC=net,DC=au
> +changetype: add
> +objectClass: top
> +objectClass: classSchema
> +governsID: 1.3.6.1.4.1.24552.500.1.1.2.0
> +schemaIDGUID:: yfKd3707f0qnSxgXE9qYeA==
> +cn: ldapPublicKey
> +name: ldapPublicKey
> +description: MANDATORY: OpenSSH LPK objectclass
> +lDAPDisplayName: ldapPublicKey
> +subClassOf: top
> +objectClassCategory: 3
> +defaultObjectCategory: CN=ldapPublicKey,CN=Schema,CN=Configuration,DC=adt,DC=blackhats,DC=net,DC=au
> +mayContain: sshPublicKey
> +
> -- 
> 2.14.3
> 


-- 
/ Alexander Bokovoy



More information about the samba-technical mailing list