[Samba] Schema attributes changes after AD extension
abartlet at samba.org
Mon Jun 2 15:40:06 MDT 2014
On Fri, 2014-05-30 at 12:15 +0100, Bruno Andrade wrote:
> I extend my AD with some new attributes, but I make some mistakes on the
> way and now I'm trying to modify those wrong attributes entries, like
> isSingleValued and oMSyntax.
> I'm following these guide -
> - to make the changes. I go to LDP.exe, connect and bind to LDAP and try
> to make the changes on "schemaUpgradeInProgress" attribute and it
> outputs this:
> ***Call Modify...
> ldap_modify_s(ld, '(null)', attrs);
> Modified "".
> I don't know if the change was really made. If I go to ADSI Editor, I
> change the attributes and then it shows a message saying that I server
> is not available, but it is.
> Does anyone have a similar problem, that can help me?
> Kind Regards,
> Bruno Andrade.
This is not currently implemented, see rootdse.c:
/* FIXME we have to do something in order to relax constraints for DRS
* setting schemaUpgradeInProgress cause the fschemaUpgradeInProgress
* in all LDAP connection (2K3/2K3R2) or in the current connection (2K8
* to be set to true.
/* from 5.113 LDAPConnections in DRSR.pdf
* fschemaUpgradeInProgress: A Boolean that specifies certain
* validations are skipped when adding, updating, or removing directory
* objects on the opened connection. The skipped constraint validations
* are documented in the applicable constraint sections in [MS-ADTS].
(that is, we allow or disallow things no differently if you set this)
Also, we generally prohibit schema changes unless you set:
dsdb:schema update allowed = yes
in the smb.conf
Andrew Bartlett http://samba.org/~abartlet/
Authentication Developer, Samba Team http://samba.org
Samba Developer, Catalyst IT http://catalyst.net.nz/services/samba
More information about the samba