Samba4 loading schema.ldif (Was: What is the origin of dsdb_syntax dsdb_syntaxes[] in source4/dsdb/schema/schema_syntax.c?)

Gémes Géza geza at kzsdabas.hu
Thu Apr 12 08:50:21 MDT 2012 

2012-04-12 02:36 keltezéssel, Matthieu Patou írta:
> On 04/11/2012 01:28 PM, Gémes Géza wrote:
>> Hi,
>>
>> After successful generation of ldif file from the OpenLDAP schema using
>> the patch developed by Matthieu for oLschema2ldif I'm stuck now with
>> loading it to Samba4.
>> If I ad it by local ldbedit (cat schema.ldif | ldbedit -H
>> /usr/local/samba/private/....) it gets added, but Active Directory
>> Schema MMC gets the impression, that the Samba4 domain controller (the
>> only in this domain/forest so far) is not available. I reverted back to
>> backups.
>
> As I said any attribute that has a DN syntax will just destroy your
> schema, you need to fix the oLschema2ldif so that it generate the
> oMObjectClass or your schema will be waxed.
In the meantime I've did my homework and found:
http://lists.samba.org/archive/samba-technical/2011-May/077537.html
Does that mean, that we don't know the exact meaning of oMObjectClass
attribute and need to ad it based on the object syntax attribute?
looking at my schema partition with ldbsearch -H
/usr/local/samba/private/sam.ldb.d/CN\=SCHEMA\,CN\=CONFIGURATION\,DC\=KZSDABAS\,DC\=HU.ldb
| grep ^oMObjectClass | sort | uniq I've found, that the possible values
are:
oMObjectClass:: KoZIhvcUAQEBBg==
oMObjectClass:: KoZIhvcUAQEBCw==
oMObjectClass:: KoZIhvcUAQEBDA==
oMObjectClass:: KwwCh3McAIVc
oMObjectClass:: KwwCh3McAIVK
Unfortunately a base64 decoding of them (I've used the base64 module of
python) gives just binary data, so it is still not clear to me what do
they represent.
>> If I allow schema updates (dsdb: schema update allowed = yes in
>> smb.conf) then it still seems to be not enabled from a Win7 client
>> (loged in as a member of Schema Admins group):
>>> ldifde -i -f c:\dhcp.ldf -v
>> Connecting to "samba4.kzsdabas.hu"
>> Logging in as current user using SSPI
>> Importing directory from file "c:\dhcp.ldf"
>> Lazy commit support not available on the server, lazy commit will be
>> disabled.
>> Loading entries
>> 1: CN=dhcpPrimaryDN,CN=Schema,CN=Configuration,DC=kzsdabas,DC=hu
>>
>> Add error on entry starting on line 1: Unwilling To Perform
>> The server side error is: 0x2035 The server is unwilling to process the
>> request.
>>
>> The extended server error is:
>> 00002035: schema_data_add: updates are not allowed: reject request
> Did you restart samba after changing the smb.conf ?
>
>
>
> Matthieu.
>
Cheers

Geza

More information about the samba-technical mailing list