[Samba] Properly extending the AD schema
Péter Bertalan Zoltán
bp99 at novin.hu
Sat Oct 24 17:38:27 UTC 2020
Rowland [2020-10-24 12:38:36 +0000]:
>I take it your imap login is probably something like fred at example.org,
>if so, what is wrong with using the 'otherMailbox' attribute?
The IMAP logins are not email addresses, but rather simple login names,
such as ‘fred’. Otherwise we would just use the mail attribute.
>You used [command] twice, unless it was typo.
Typo, sorry.
>Where on the wikipage does it say to use that format?
You are right, thank you. I just assumed that I have to modify the file
in the file that contains schema definitions, since creating the
attribute in Windows puts it there. But
>Never, not ever, attempt to modify the *.ldb files in the sam.ldb.d
>directory directly, use 'sam.ldb', that is what is for.
is duly noted, thanks.
That said, I eagerly attempted to add the attribute and class to sam.ldb
this time, and indeed, samba-ad-dc could restart without failing.
I then proceeded to add the new auxiliary class to the User class using
the schema editor in Windows. (I remember saying Person in my first
email, but I meant User). It also appeared as expected in the SCHEMA
file in sam.ldb.d/. However, when opening a User object in Windows, the
new attribute still does not show on the attributes tab.
Am I still doing something wrong? The wiki page ends with this:
| Test your schema:
| * Modify an object to have your new objectclass additionally listed
| * Modify the same object to add the attribute. Samba currently,
| incorrectly, requires that this be a distinct modification.
I am not sure what this means. I modified User by adding the new
auxiliary class. I also tried making and reversing irrelevant
modifications to both the User schema class and a User instance to no
avail.
Thanks
Bertalan
More information about the samba
mailing list